[j-nsp] Managing MX480 fxp0

Eric Van Tol eric at atlantech.net
Mon Nov 25 12:41:31 EST 2019 

This used to be possible by setting the "net.pfe.transit_re" (or similar) value using sysctl, but I'm not sure if it still works on newer Junos versions:

https://www.kumari.net/index.php/networking/tips-and-tricks/14-

I would not do this on production router, though. If you need to reach your fxp0 from locations outside of your OOB subnet, I think the practice is to either use source NAT on a device that has connectivity to your OOB or you should put fxp0 into a routing-instance using 'management-instance' on Junos 17.x and above (I believe). One caveat to doing the latter is that if you use TACACS (and possibly RADIUS) for authentication and your source address is the router loopback IP in inet.0, your 'mgmt_junos' instance needs to have static routes for the TACACS servers installed:

routing-options {
    static {
        route 0.0.0.0/0 next-hop 172.16.14.1; # Default route for fxp0 network
        route 192.0.2.55/32 next-table inet.0;  # Public lo0.0 IP
        route 10.55.234.90/32 next-table inet.0; # TACACS server
    }
}

In my environment, this was necessary, but YMMV.

-evt

On 11/22/19, 12:02 PM, "juniper-nsp on behalf of Aaron Gould" <juniper-nsp-bounces at puck.nether.net on behalf of aaron1 at gvtc.com> wrote:

    Thanks again (Chris) for solving my vpls/irb/tagging combination problem
    yesterday. we can bridge successfully now. 
    
     
    
    Taking this one step further, we now are trying to route via fxp0 and
    *through* it to the irb.100 interface and are unable to.
    
     
    
    Is it possible to route traffic *through* an fxp0 interface ? (MX204)
    
     
    
    I'm asking since it seems that someone mentioned that it is in fact possible
    with some sort of static routes.  but I'm unsure what they meant exactly.
    
     
    
    If it's definitely not possible to transit an fxp0 interface, I just need to
    know that, and I will seek solutions using a revenue interface instead.
    
     
    
    Resurrecting an old thread(s)..
    
    https://www.mail-archive.com/juniper-nsp@puck.nether.net/msg09809.html   
    
    https://puck.nether.net/pipermail/juniper-nsp/2010-August/017545.html 
    
     
    
    subnet A---------fxp0/mx204/irb.100------------subnet B
    
     
    
    <-------------------is bi-dir comms possible?-------------->
    
     
    
     
    
    -Aaron
    
    _______________________________________________
    juniper-nsp mailing list juniper-nsp at puck.nether.net
    https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list