SRX branch cannot learn MAC address from local VPLS network when global mode is configured as 'switching'.
Topology
SRX240(ge-0/0/3) --- (ge-0/0/7)SRX345(ge-0/0/0)--Provider_Network
SRX345 configuration
security {
forwarding-options {
family {
inet6 {
mode packet-based;
}
mpls {
mode packet-based;
}
iso {
mode packet-based;
}
}
}
}
interfaces {
ge-0/0/6 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/7 {
vlan-tagging;
encapsulation vlan-vpls;
unit 1021 {
encapsulation vlan-vpls;
vlan-id 1021;
family vpls;
}
unit 2044 {
encapsulation vlan-vpls;
vlan-id 2044;
family vpls;
}
}
}
routing-instances {
test1 {
interface ge-0/0/7.2044;
instance-type vpls;
vlan-id 2044;
}
test2 {
interface ge-0/0/7.1021;
instance-type vpls;
vlan-id 1021;
}
}
SRX240 configuration:
root@jtac-SRX240H2-r006# show interfaces
ge-0/0/3 {
vlan-tagging;
unit 1021 {
vlan-id 1021;
family inet {
address 1.1.1.1/24;
}
}
unit 2044 {
vlan-id 2044;
family inet {
address 3.3.3.1/24;
}
}
}
Test Steps
- SRX345 global mode is switching based on ge-0/0/6.0 requirement for use as L2 switching interface using family ethernet-switching.
[edit]
root@jtac-SRX345-r015# run show ethernet-switching global-information
Global Configuration:
MAC aging interval : 300
MAC learning : Enabled
MAC statistics : Disabled
MAC limit Count : 16383
MAC limit hit : Disabled
MAC packet action drop: Disabled
MAC+IP aging interval : IPv4 - 1200 seconds
IPv6 - 1200 seconds
MAC+IP limit Count : 393215
MAC+IP limit reached : No
LE aging time : 1200
LE VLAN aging time : 1200
Global Mode : Switching <----
RE state : Master
- On SRX240, ge-0/0/3 MAC address is ec:3e:f7:7e:25:15.
root@jtac-SRX240H2-r006# run show interfaces ge-0/0/3 | grep hardware
Current address: ec:3e:f7:7e:25:15, Hardware address: ec:3e:f7:7e:25:15
- Generate traffic on SRX240 towards VPLS network.
[edit]
root@jtac-SRX240H2-r006# run ping 1.1.1.2
PING 1.1.1.2 (1.1.1.2): 56 data bytes
^C
--- 1.1.1.2 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
[edit]
root@jtac-SRX240H2-r006# run ping 3.3.3.3
PING 3.3.3.3 (3.3.3.3): 56 data bytes
^C
--- 3.3.3.3 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
- Unable to locate learned MAC address ec:3e:f7:7e:25:15 in VPLS forwarding table on SRX345.
[edit]
root@jtac-SRX345-r015# run show route forwarding-table family vpls
Routing table: test1.vpls
VPLS:
Enabled protocols: Single VLAN, ACKed by all peers,
Destination Type RtRef Next hop Type Index NhRef Netif
default perm 0 dscd 1322 1
ge-0/0/7.2044 intf 0 ucst 1330 3 ge-0/0/7.2044
0x30004/51 user 0 comp 1338 2
0x30005/51 user 0 comp 1337 2
Routing table: test2.vpls
VPLS:
Enabled protocols: Single VLAN, ACKed by all peers,
Destination Type RtRef Next hop Type Index NhRef Netif
default perm 0 dscd 1326 1
ge-0/0/7.1021 intf 0 ucst 1335 3 ge-0/0/7.1021
0x30007/51 user 0 comp 1352 2
0x30006/51 user 0 comp 1351 2
On SRX devices, L2 Ethernet-switching mode and VPLS processing cannot be used concurrently at the same time.
Remove interfaces using L2 ethernet-switching to disable switching mode.
-
Delete interface ge-0/0/6 and reboot SRX345. This will make sure SRX345 is not working in switching mode.
[edit]
root@jtac-SRX345-r015# delete interfaces ge-0/0/6
[edit]
root@jtac-SRX345-r015# commit
commit complete
[edit]
root@jtac-SRX345-r015# run request system reboot
Reboot the system ? [yes,no] (no) yes
Shutdown NOW!
-
After SRX345 boot up, check its configuration and global mode.
root@jtac-SRX345-r015> show configuration interfaces
ge-0/0/7 {
vlan-tagging;
encapsulation vlan-vpls;
unit 1021 {
encapsulation vlan-vpls;
vlan-id 1021;
family vpls;
}
unit 2044 {
encapsulation vlan-vpls;
vlan-id 2044;
family vpls;
}
}
root@jtac-SRX345-r015> show ethernet-switching global-information
Global Configuration:
MAC aging interval : 300
MAC learning : Enabled
MAC statistics : Disabled
MAC limit Count : 16383
MAC limit hit : Disabled
MAC packet action drop: Disabled
MAC+IP aging interval : IPv4 - 1200 seconds
IPv6 - 1200 seconds
MAC+IP limit Count : 393215
MAC+IP limit reached : No
LE aging time : 1200
LE VLAN aging time : 1200
Global Mode : Not set <---
RE state : Master
-
Test traffic on SRX240 again.
root@jtac-SRX240H2-r006# run ping 1.1.1.2 PING 1.1.1.2 (1.1.1.2): 56 data bytes
^C
--- 1.1.1.2 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
[edit]
root@jtac-SRX240H2-r006# run ping 3.3.3.3
PING 3.3.3.3 (3.3.3.3): 56 data bytes
^C
--- 3.3.3.3 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
-
SRX345 is able to learn MAC address and updated in forwarding table:
root@jtac-SRX345-r015> show route forwarding-table family vpls
Routing table: test1.vpls
VPLS:
Enabled protocols: Single VLAN, ACKed by all peers,
Destination Type RtRef Next hop Type Index NhRef Netif
default perm 0 dscd 1303 1
ge-0/0/7.2044 user 0 comp 1347 2
ec:3e:f7:7e:25:15/48 dynm 0 ucst 1343 3 ge-0/0/7.2044 <---
Routing table: test2.vpls
VPLS:
Enabled protocols: Single VLAN, ACKed by all peers,
Destination Type RtRef Next hop Type Index NhRef Netif
default perm 0 dscd 1307 1
ge-0/0/7.1021 user 0 comp 1345 2
ec:3e:f7:7e:25:15/48 dynm 0 ucst 1342 3 ge-0/0/7.1021 <---