Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX] Adding a second IRB to an AE and removing it causes the first IRB to stop working on EX4300 running Junos OS 17.3R3.10+

0

0

Article ID: KB34070 KB Last Updated: 17 Apr 2019Version: 1.0
Summary:

An EX4300 device that is running Junos OS 17.3R3.10 or later has a 10G AE trunk with one IRB in it that is up and running. When a second IRB is added to the trunk and the changes are committed, everything works as expected. However, when a rollback is applied to remove the second IRB, the first IRB across the AE no longer works.

Note: This issue is observed in Junos OS 17.3R3.10 and later.

This article indicates the Junos OS release in which the fix is available, and gives a couple workarounds to use in the meantime to recover from the issue.

 

Symptoms:

A lab reproduction of the problem is as follows:

  • The EX4300 interface configuration is as follows:   

root@LAB-EX4300> show configuration | match "ae0|254" | display set          
set interfaces xe-0/2/0 ether-options 802.3ad ae0
set interfaces xe-0/2/1 ether-options 802.3ad ae0
set interfaces ae0 aggregated-ether-options minimum-links 1
set interfaces ae0 aggregated-ether-options link-speed 10g
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members mgmt
set interfaces ae0 unit 0 family ethernet-switching vlan members prod
set interfaces irb unit 254 family inet address 10.10.254.2/24
set vlans mgmt vlan-id 254
set vlans mgmt l3-interface irb.254
  • The remote side configuration is as follows:

set interfaces xe-0/0/22 ether-options 802.3ad ae0
set interfaces xe-0/0/23 ether-options 802.3ad ae0
set interfaces ae0 aggregated-ether-options minimum-links 1
set interfaces ae0 aggregated-ether-options link-speed 10g
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members mgmt
set interfaces ae0 unit 0 family ethernet-switching vlan members prod
set interfaces irb unit 254 family inet address 10.10.254.1/24
set vlans mgmt vlan-id 254
set vlans mgmt l3-interface irb.254
  • Connectivity is verified from EX4300 to the remote side. Note that connection is working properly.

root@LAB-EX4300# run ping 10.10.254.1 
PING 10.10.254.1 (10.10.254.1): 56 data bytes
64 bytes from 10.10.254.1: icmp_seq=0 ttl=64 time=18.175 ms
64 bytes from 10.10.254.1: icmp_seq=1 ttl=64 time=12.156 ms
64 bytes from 10.10.254.1: icmp_seq=2 ttl=64 time=5.179 ms
^C
--- 10.10.254.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 5.179/11.837/18.175/5.310 ms
  • Configuration is applied to the second IRB and the changes are committed. Note that connectivity is not impacted.

root@LAB-EX4300# load set terminal       
[Type ^D at a new line to end input]
set vlans V666 vlan-id 666
set vlans V666 l3-interface irb.666
set interfaces irb.666 family inet address 15.15.15.2/30
set interfaces ae0 unit 0 family ethernet-switching vlan members V666
load complete
{master:0}[edit]
root@LAB-EX4300# show | compare 
[edit interfaces ae0 unit 0 family ethernet-switching vlan]
-       members [ mgmt prod ];
+       members [ mgmt prod V666 ];
[edit interfaces irb]
+    unit 666 {
+        family inet {
+            address 15.15.15.2/30;
+        }
+    }
[edit vlans]
+   V666 {
+       vlan-id 666;
+       l3-interface irb.666;
+   }
{master:0}[edit]
root@core-4300-VC# commit 
commit complete

root@LAB-EX4300# run ping 10.10.254.1    
PING 10.10.254.1 (10.10.254.1): 56 data bytes
64 bytes from 10.10.254.1: icmp_seq=0 ttl=64 time=7.623 ms
64 bytes from 10.10.254.1: icmp_seq=1 ttl=64 time=10.184 ms
^C
--- 10.10.254.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 7.623/8.903/10.184/1.281 ms
  • When the configuration is rolled back, the first IRB no longer works.

root@LAB-EX4300# rollback 1 
load complete

{master:0}[edit]
root@LAB-EX4300# show | compare 
[edit interfaces ae0 unit 0 family ethernet-switching vlan]
-       members [ mgmt prod V666 ];
+       members [ mgmt prod ];
[edit interfaces irb]
-    unit 666 {
-        family inet {
-            address 15.15.15.2/30;
-        }
-    }
[edit vlans]
-   V666 {
-       vlan-id 666;
-       l3-interface irb.666;
-   }
{master:0}[edit]
root@LAB-EX4300# commit 
commit complete

{master:0}[edit]
root@LAB-EX4300# run ping 10.10.254.1    
PING 10.10.254.1 (10.10.254.1): 56 data bytes
^C
--- 10.10.254.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

{master:0}[edit]
root@LAB-EX4300# run show interfaces ae0 terse 
Interface               Admin Link Proto    Local                 Remote
ae0                     up    up
ae0.0                   up    up   eth-switch

 

Solution:

The problem has been resolved in Junos OS release 17.3R4 and later.

Meanwhile, a couple of workarounds recover from this state are follows:

  1. Reboot the EX4300 device. For more information, refer to KB11356 - [EX Series] How to reboot (restart), halt, or shut down the EX Series switch.

OR

  1. Add the second IRB back. For more information, refer to Integrated Routing and Bridging.

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search