same IP address on two interfaces

m4rtinm4rtin Member Posts: 170
Am I correct that JUNOS allows one to configure two interfaces with the same IP address? Looks like it's possible to configure this:
[email protected]> show configuration 
## Last commit: 2012-05-31 07:44:58 UTC by root
version 10.4R8.5;
system {
    root-authentication {
        encrypted-password "$1$X62k3nip$rneAWXEDwHxYDo9T6rjL0."; ## SECRET-DATA
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    ge-1/1/0 {
        unit 0 {
            family inet {
                address 10.10.10.1/30;  
            }
        }
    }
    ge-1/2/0 {
        unit 0 {
            family inet {
                address 10.10.10.1/30;
            }
        }
    }
}

[email protected]>

But of course only one of those ports can have the configuration active:
[email protected]> show interfaces ge-1/1/0 terse 
Interface               Admin Link Proto    Local                 Remote
ge-1/1/0                up    up  
ge-1/1/0.0              up    up   inet     10.10.10.1/30   

[email protected]> show interfaces ge-1/2/0 terse    
Interface               Admin Link Proto    Local                 Remote
ge-1/2/0                up    up  
ge-1/2/0.0              up    up   inet    

[email protected]>

Is the configuration actually applied always to the first port? Are there any useful user-cases where ability to configure same IP address to more than one interface comes in handy?

Comments

  • Forsaken_GAForsaken_GA Member Posts: 4,024
    It can be useful in cutover situations, when you need to move the IP from one port to another. Then you just need to down one port, bring the other up, and you're failover time is kept to a minimum
  • m4rtinm4rtin Member Posts: 170
    It can be useful in cutover situations, when you need to move the IP from one port to another. Then you just need to down one port, bring the other up, and you're failover time is kept to a minimum

    That's exactly the user-case I thought, but looks like it does not work. For example if I have a following configuration:
    [email protected]> show configuration interfaces ge-1/1/0    
    unit 0 {
        family inet {
            address 10.10.10.1/30;
        }
    }
    
    [email protected]> show configuration interfaces ge-1/2/0    
    unit 0 {
        family inet {
            address 10.10.10.1/30;
        }
    }
    
    [email protected]>
    

    ..and interface ge-1/1/0 is the one which gets the actual configuration:
    [email protected]> show interfaces ge-1/1/0 terse    
    Interface               Admin Link Proto    Local                 Remote
    ge-1/1/0                up    up  
    ge-1/1/0.0              up    up   inet     10.10.10.1/30   
    
    [email protected]> show interfaces ge-1/2/0 terse    
    Interface               Admin Link Proto    Local                 Remote
    ge-1/2/0                up    up  
    ge-1/2/0.0              up    up   inet    
    
    [email protected]>
    

    ..then it does not "move" configuration from ge-1/1/0 to ge-1/2/0 if I disconnect the cable from ge-1/1/0:
    [email protected]> show interfaces ge-1/1/0 terse            
    Interface               Admin Link Proto    Local                 Remote
    ge-1/1/0                up    down
    ge-1/1/0.0              up    down inet     10.10.10.1/30   
    
    [email protected]> show interfaces ge-1/2/0 terse    
    Interface               Admin Link Proto    Local                 Remote
    ge-1/2/0                up    up  
    ge-1/2/0.0              up    up   inet    
    
    [email protected]>
    


    Even if I pull out the ge-1/1/0 PIC situation remains the same:
    [email protected]> show interfaces ge-1/1/0 terse                       
    error: device ge-1/1/0 not found
    
    [email protected]> show interfaces ge-1/2/0 terse                       
    Interface               Admin Link Proto    Local                 Remote
    ge-1/2/0                up    up  
    ge-1/2/0.0              up    up   inet    
    
    [email protected]>
    

    Any other ideas?
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    admin down ge-1/2/0 to start with

    then admin down ge-1/1/0, move the cable, admin up ge-1/2/0 and see what happens
  • networker050184networker050184 Mod Posts: 11,962 Mod
    At that point its quicker to just move the cable and commit the change for the IP move. One of the nicer things about Juniper when coming from the Ciso side of the house.
    An expert is a man who has made all the mistakes which can be made.
  • ccnxjrccnxjr Member Posts: 304
    Seems like a clever hack.
    I would've used VRRP on 2 routers, but never tried it on the same device using different interfaces...
  • m4rtinm4rtin Member Posts: 170
    admin down ge-1/2/0 to start with

    then admin down ge-1/1/0, move the cable, admin up ge-1/2/0 and see what happens

    If I do as you described, ge-1/2/0 will get the configuration:
    [edit]
    [email protected]# show | compare
    [edit interfaces]
    !    inactive: ge-1/1/0 { ... }
    
    [edit]
    [email protected]# commit and-quit
    commit complete
    Exiting configuration mode
    
    [email protected]> show route
    
    inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    10.10.10.0/30      *[Direct/0] 00:00:02
                        > via ge-1/2/0.0
    10.10.10.1/32      *[Local/0] 00:00:02
                          Local via ge-1/2/0.0
    
    [email protected]>
    

    This is rather obvious because interface ge-1/1/0 transmit state is disabled. I was hoping this to happen automatically(without configuring) in case the cable from ge-1/1/0 is removed and port line protocol goes down :)

    At that point its quicker to just move the cable and commit the change for the IP move. One of the nicer things about Juniper when coming from the Ciso side of the house.

    So in a nutshell configuring multiple interfaces with same configuration allows one to easily activate those preconfigured interfaces later? There are no other advantages or user cases to same IP address on two or more interfaces?
  • MegakazbekMegakazbek Registered Users Posts: 1 ■□□□□□□□□□
    Well, if you are using some virtualization scenario, it's possible that two interfaces are in different routing instances and just happen to have (or intentionally assigned) the same IP address.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    The quickest way to take care of this scenario IMO is to just rename the interface and commit while the cable is being moved. Minimal downtime and you don't have to worry about going through the trouble of trying to configure multiple interfaces with the same IP.
    An expert is a man who has made all the mistakes which can be made.
  • AldurAldur Juniper Moderator Member Posts: 1,460
    The only reason IMO to have the same IP address on different interfaces is some possible virtualization scenarios, like what Megakazbek said. For migrations, like networker has said, it's better to use the rename function.
    "Bribe is such an ugly word. I prefer extortion. The X makes it sound cool."

    -Bender
  • m4rtinm4rtin Member Posts: 170
    The quickest way to take care of this scenario IMO is to just rename the interface and commit while the cable is being moved. Minimal downtime and you don't have to worry about going through the trouble of trying to configure multiple interfaces with the same IP.

    ok. As I understand, "rename" causes all the configuration associated with one interface to move to another interface? If so, it's similar to "replace pattern"(?). Like example here:
    [email protected]> show interfaces ge-1/2/0 terse 
    Interface               Admin Link Proto    Local                 Remote
    ge-1/2/0                up    up  
    ge-1/2/0.0              up    up   inet     10.10.10.1/30   
    
    [email protected]> configure 
    Entering configuration mode
    
    [edit]
    [email protected]# rename interfaces ge-1/2/0 to ge-1/1/0   
    
    [edit]
    [email protected]# commit and-quit 
    commit complete
    Exiting configuration mode
    
    [email protected]i> show interfaces ge-1/2/0 terse    
    Interface               Admin Link Proto    Local                 Remote
    ge-1/2/0                up    up  
    
    [email protected]> show interfaces ge-1/1/0 terse    
    Interface               Admin Link Proto    Local                 Remote
    ge-1/1/0                up    up  
    ge-1/1/0.0              up    up   inet     10.10.10.1/30   
    
    [email protected]> 
    
  • zoidbergzoidberg Member Posts: 365 ■■■■□□□□□□
    Yes, it will causes all the configuration associated with one interface to move to another interface, but only under the interface hierarchy.

    If you do replace pattern from the root level, you have the added advantage that not only do you change the interface configuration but you will change other references to that interface elsewhere in the configuration, such as interfaces assigned to protocols or in VRs or zones.

    Just be sure to carefully review a show | compare if you use replace pattern to make sure your match/replace didn't occur in any extra and unexpected places.
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,799 ■■■■■■■■□□
    Replace pattern is one of the single greatest commands of the CLI, such a simple and effective time-saver it's a wonder it's not standard for other vendors too. I had to replace a bunch if IOCs in one of our clusters a few weeks back with a different type, modules/port numbers/routing-instances/security-zones all changing, a major overhaul by normal standards.... the entire MOP was 6 lines of replace commands.
    Sweet :)
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
Sign In or Register to comment.