Junosphere – inaccessible VMXes

24 07 2015

Update:  The problem described in this article was logged with JTAC.  It took a while but eventually they informed me they had resolved an issue with provisioning VMX in the Junosphere system.  I have tried it since and the issue does appear to have gone away.  However I am leaving this post up in case it has simply become more intermittent.   Please let me know if you experience a situation like what is described below.

I usually use the ‘experimental’ VMX in my Junosphere topologies because I don’t like the VJX all that much.  The VJX has security code in it, so it’s not quite like an MX really.   Also I’ve seen oddities where it came up in flow mode with a default firewall policy of denying everything, and I was never able to work out why.

So instead I use the VMX for everything – which is better these days because it doesn’t use two VM units for the data and control planes like it used to.  Why VMX is still ‘experimental’ after so long is a mystery to me.

However one thing just keeps cropping up with this that is just a bit annoying.   Every so often I start a topology I know was working, but one or more routers aren’t accessible for some reason.  The problem is usually caused by the way Junosphere has put the management address onto the VM. To get access to the VM you instead need to telnet to it via the console server at 10.233.255.254 using a specific port number

The fxp0 IP address should be created in the group called ‘member0’ but as you can see below it is not:
I am using VMXes from the ‘experimental’ section to create my topology.   The fxp0 IP address should be created in the group called ‘member0’ but as you can see below it is not:

root@M10i> show configuration 
## Last commit: 2015-07-24 04:08:11 PDT by root
version 14.1-20140130_ib_14_1_psd.0;
groups {
    member0 {
        system {
            host-name M10i;
            backup-router 10.233.255.254;
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet;
                }
            }
        }
    }

So I put the IP address in the group, but as you can see, it makes no difference:

root@M10i# ...rfaces fxp0 unit 0 family inet address 10.233.255.184/20       

[edit]
root@M10i# commit and-quit 
commit complete
Exiting configuration mode

root@M10i> show interfaces terse 
Interface               Admin Link Proto    Local                 Remote
ge-0/0/0                up    up
lc-0/0/0                up    up
[… OUTPUT OMITTED …]
cbp0                    up    up
demux0                  up    up
dsc                     up    up
em1                     up    up
em2                     up    up
em3                     up    up        
fxp0                    up    up
fxp0.0                  up    up   inet             <=== Should be an IP here!
gre                     up    up
ipip                    up    up

Instead, Junosphere has put the IP address on em0, which is not (as far as I know) a valid interface on an MX:

root@M10i> show configuration interfaces 
em0 {
    unit 0 {
        family inet {
            address 10.233.255.184/20;
        }
    }
}

root@M10i> edit 
Entering configuration mode

[edit]
root@M10i# delete interfaces em0  

[edit]
root@M10i# commit and-quit 
commit complete
Exiting configuration mode

Once I have done this, I can ping the IP address .184 successfully.   And as you can see, it is present on fxp0 now:

root@M10i> show interfaces terse | match fxp 
fxp0                    up    up
fxp0.0                  up    up   inet     10.233.255.184/20



=========
Update: I’ve logged this as a case with JTAC and they’re going to try to replicate.

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: