error: the routing subsystem is not running

If you haven’t seen this error message, you will see one day when you are dealing with SRX chasssis clusters.
It may baffle you having a firewall in which you can’t display routes. It is all because of the fact that chassis cluster considers two nodes as a single data plane and routing functionality is handled on the primary node or let´s say the node having the active routing engine.

{secondary:node1}
root@srx210-2> show route
error: the routing subsystem is not running

First of all this error message is by design. Don’t panic! The question is how we can reach a network that we need to? In this case “backup-router” configuration comes into play. Here is groups configuration from my SRX cluster. With this statement secondary node, can reach network 192.168.103.0/24 via the gateway 10.200.200.3. Can we forward all network ranges to this gateway? We can but according to KB http://kb.juniper.net/KB15580 this is not recommended.

{secondary:node1}
root@srx210-2> show configuration
## Last commit: 2013-02-17 20:33:21 UTC by root
version 11.4R6.6;
groups {
    node0 {
        system {
            host-name srx210-1;
            backup-router 10.200.200.3 destination 192.168.103.0/24;
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet {
                        address 10.200.200.1/24;
                    }
                }
            }
        }
    }
    node1 {
        system {
            host-name srx210-2;
            backup-router 10.200.200.3 destination 192.168.103.0/24;
        }
        interfaces {
            fxp0 {
                unit 0 {
                    family inet {
                        address 10.200.200.2/24;
                    }
                }
            }
        }
    }
}

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE


You have a feedback?

Discover more from RtoDto.net

Subscribe now to keep reading and get access to the full archive.

Continue reading