[j-nsp] SRX240 | VLAN RVI IP Connectivity

[Bill Blackford]

SRX240   [12.1X44-D20.3]

Packet mode. (set security forwarding-options family mpls mode packet-based)
All relative interfaces have 'family mpls' (including the RVI)

I have several blocks bound to ISP first-hop device. IOW, the ISP router is
the GW for each block. I created a VLAN to simulate a feed switch that
included the upstream interface and each device bound to it's respected
block. One of these blocks, a /30,  I also bound to the SRX RVI for that
same vlan. I hope this is clear so far.

All devices including the SRX itself can communicate in and out bound to
Internet destinations. They cannot communicate with each other (ping). At
first evaluation, this seems it could be a routing issue on the ISP router
(GW). I unlink my upstream interface and relink it. Now, from the SRX,  I
cannot even ping the GW - the other end of that /30 I bound to my RVI, but
other devices on that vlan can communicate outbound. Just the IP on the RVI
quit working. I migrate the IP from the RVI to an physical interface and I
can ping again.

Strange. It was working on the RVI but when I reconnected, with no other
changes, it stopped.

I will work with the ISP to tackle the routing issues. Even with a dumb
switch at the handoff, I'm still not able to communicate between my blocks.
However, the RVI behavior has me puzzled. Are there known issues with SRX
using RVI's? I may be too close to the problem to be seeing the obvious.

Thank you,


-- 
Bill Blackford

Logged into reality and abusing my sudo privileges.....