Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX/QFX] Example - Workaround for using Microsoft network load balancing on EX4300 and QFX5100 switches

0

0

Article ID: KB30135 KB Last Updated: 05 Mar 2017Version: 3.0
Summary:

There is a limitation with EX4300 and QFX5100 switches where more than one Layer 2 interface cannot be configured for static ARP.

Symptoms:

Microsoft network load balancing uses multicast MAC address 03:XX and unicast IP. The ARP entries are not updated with multicast MAC and unicast IP (this goes against RFC 1812). Static ARP (unicast IP to multicast MAC) mapping needs to be created as there is a limitation where you cannot configure more than a single Layer 2 interface for static ARP. 

This limitation in EX4300/QFX5100 switches is shown below:

{master:1}[edit interfaces irb]
root@Switch# show
unit 172 {
 family inet {
   address 172.1.1.1/24 {
    arp 172.1.1.2 l2-interface ge-ae13.0 multicast-mac 03:bf:ac:01:01:02; <== (Note: In the 14.1x version we can commit config without l2-interface but it does not work until you specify the l2-interface)
    }
  }
}

Topology:


Cause:

Solution:

Below are two example workarounds for the network load-balancing issue:

  • Connect a Layer 2 switch between the EX4300 switch and the server.
  • Create a Layer 3 inet interface and loop it back to a Layer 2 VLAN.

Workaround 1: Connect a Layer 2 switch between the EX4300 switch and server

We need to change the setup by introducing a Layer 2 switch between the EX4300 switch and server.

The refined topology would look like this:



This is mentioned in the Microsoft documentation:

"Network hardware switches mediate between a network and computers or other switches, routing packets from the network to the correct computer.
If you connect Network Load Balancing hosts with a switch, the switch must be level-2 rather than level-3 or higher, because all the hosts share the same IP address (the cluster IP address), and level-3 switches direct network packets (incoming client requests) according to the IP address of the destination computer."

See the Microsoft documentation at technet.microsoft.com/en-us/library/cc962174.aspx for more information.

Workaround 2: Create a Layer 3 inet interface and loop it back to the network load-balancing Layer 2 server VLAN

We have to create a separate Layer 3 inet interface using the subnet address that the network load-balancing server will utilize and then connect (loop) this Layer 3 interface to a port on the same VC/switch in the Layer 2 VLAN. This will overcome the limitation of pointing the ARP entry only to one Layer 2 interface and then connecting the server to the Layer 2 VLAN.

A similar setup with the network load-balancing scenario was tested:

 

The example shows the following network load-balancing scenario:

  • Subnet gateway address as 172.1.1.1/24
  • Layer 3 interface as AE0 (this interface will be connected to AE1)
  • Cluster address as 172.1.1.2
  • Multicast MAC as 01:00:5e:7f:5c:d3
  • Layer 2 VLAN as v173
  • Layer 2 LAG as AE1 (this interface will be connected to AE0)
  • Server ports as AE2 (ge-0/0/5) and AE3 (ge-1/0/3)

Configuration

The Layer 3 interface needs to be configured, can be a LAG or single interface. The example is shown with a LAG:

set interfaces ae0 unit 0 family inet address 172.1.1.1/24
set interfaces ae0 unit 0 family inet address 172.1.1.1/24 arp 172.1.1.2 multicast-mac 01:00:5e:7f:5c:d3 publish
<<< use your network load-balancing IP and MAC

set interfaces ge-0/0/2 ether-options 802.3ad ae0
set interfaces ge-1/0/2 ether-options 802.3ad ae0

The Layer 2 VLAN needs to be configured with looped-backed LAG and ports (can be LAGs or single interfaces) going to the network load-balancing servers placed in the same network load-balancing VLAN:

set vlan v173 vlan-id 173
set interfaces ae1 unit 0 family ethernet-switching vlan members v173
set interfaces ge-0/0/4 ether-options 802.3ad ae1
set interfaces ge-1/0/4 ether-options 802.3ad ae1

set interfaces ge-0/0/5 ether-options 802.3ad ae2
set interfaces ge-1/0/3 ether-options 802.3ad ae3


set interfaces ae2 unit 0 family ethernet-switching vlan members v173
set interfaces ae3 unit 0 family ethernet-switching vlan members v173

The LAG number needs to be set:

set chassis aggregated-devices ethernet device-count 10

Caveats:

  • xSTP needs to be disabled on individual ports that are part of the LAGs.
  • The network load-balancing Layer 3 port should not be part of xSTP.
  • Network load-balancing Layer 2 ports can be part of xSTP, depending on your requirements.
  • Multiple network load-balancing ARP-to-multicast MAC entries can be done under the Layer 3 interface.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search