error: the routing subsystem is not running

If you haven’t seen this error message, you will see one day when you are dealing with SRX chasssis clusters.
It may baffle you having a firewall in which you can’t display routes. It is all because of the fact that chassis cluster considers two nodes as a single data plane and routing functionality is handled on the primary node or let´s say the node having the active routing engine.

{secondary:node1}
root@srx210-2> show route
error: the routing subsystem is not running

First of all this error message is by design. Don’t panic! The question is how we can reach a network that we need to? In this case “backup-router” configuration comes into play. Here is groups configuration from my SRX cluster. With this statement secondary node, can reach network 192.168.103.0/24 via the gateway 10.200.200.3. Can we forward all network ranges to this gateway? We can but according to KB http://kb.juniper.net/KB15580 this is not recommended.

{secondary:node1}
root@srx210-2> show configuration
## Last commit: 2013-02-17 20:33:21 UTC by root
version 11.4R6.6;
groups {
    node0 {
        system {
            host-name srx210-1;
            backup-router 10.200.200.3 destination 192.168.103.0/24;
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet {
                        address 10.200.200.1/24;
                    }
                }
            }
        }
    }
    node1 {
        system {
            host-name srx210-2;
            <strong>backup-router 10.200.200.3 destination 192.168.103.0/24;</strong>
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet {
                        address 10.200.200.2/24;
                    }
                }
            }
        }
    }
}

About: rtoodtoo

Genco has worked for more than 10 years as a Network/Support Engineer. He is also interested in Python, Linux, Security and SD-WAN, currently lives in the Netherlands and works as a Network Support Engineer at Tesla Inc. // JNCIE-SEC #223 / RHCE / PCNSE


You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.