Knowledge Search


×
 

SRX branch cannot learn MAC address from local VPLS network when global mode is switching

  [KB34184] Show Article Properties


Summary:

SRX branch cannot learn MAC address from local VPLS network when global mode is configured as 'switching'.

Symptoms:

Topology

SRX240(ge-0/0/3) --- (ge-0/0/7)SRX345(ge-0/0/0)--Provider_Network

SRX345 configuration

security {
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
            mpls {
                mode packet-based;
            }
            iso {
                mode packet-based;
            }
        }
    }
}
interfaces {
    ge-0/0/6 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/7 {
        vlan-tagging;
        encapsulation vlan-vpls;
        unit 1021 {
            encapsulation vlan-vpls;
            vlan-id 1021;
            family vpls;
        }
        unit 2044 {
            encapsulation vlan-vpls;
            vlan-id 2044;
            family vpls;
        }
    }
}

routing-instances {
    test1 {
        interface ge-0/0/7.2044;
        instance-type vpls;
        vlan-id 2044;
    }
    test2 {
        interface ge-0/0/7.1021;
        instance-type vpls;
        vlan-id 1021;
    }
}


SRX240 configuration:

root@jtac-SRX240H2-r006# show interfaces
ge-0/0/3 {
    vlan-tagging;
    unit 1021 {
        vlan-id 1021;
        family inet {
            address 1.1.1.1/24;
        }
    }
    unit 2044 {
        vlan-id 2044;
        family inet {
            address 3.3.3.1/24;
        }
    }
}

 

Test Steps

  • SRX345 global mode is switching based on ge-0/0/6.0 requirement for use as L2 switching interface using family ethernet-switching.
[edit]
root@jtac-SRX345-r015# run show ethernet-switching global-information
Global Configuration:

MAC aging interval    : 300
MAC learning          : Enabled
MAC statistics        : Disabled
MAC limit Count       : 16383
MAC limit hit         : Disabled
MAC packet action drop: Disabled
MAC+IP aging interval : IPv4 - 1200 seconds
                        IPv6 - 1200 seconds
MAC+IP limit Count    : 393215
MAC+IP limit reached  : No
LE  aging time        : 1200
LE  VLAN aging time   : 1200
Global Mode           : Switching    <----
RE state              : Master

 
  • On SRX240, ge-0/0/3 MAC address is ec:3e:f7:7e:25:15.
root@jtac-SRX240H2-r006# run show interfaces ge-0/0/3 | grep hardware
  Current address: ec:3e:f7:7e:25:15, Hardware address: ec:3e:f7:7e:25:15
 
  • Generate traffic on SRX240 towards VPLS network.
[edit]
root@jtac-SRX240H2-r006# run ping 1.1.1.2
PING 1.1.1.2 (1.1.1.2): 56 data bytes
^C
--- 1.1.1.2 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

[edit]
root@jtac-SRX240H2-r006# run ping 3.3.3.3
PING 3.3.3.3 (3.3.3.3): 56 data bytes
^C
--- 3.3.3.3 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
 
  • Unable to locate learned MAC address ec:3e:f7:7e:25:15 in VPLS forwarding table on SRX345.
[edit]
root@jtac-SRX345-r015# run show route forwarding-table family vpls
Routing table: test1.vpls
VPLS:
Enabled protocols: Single VLAN, ACKed by all peers,
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    dscd     1322     1
ge-0/0/7.2044      intf     0                    ucst     1330     3 ge-0/0/7.2044
0x30004/51         user     0                    comp     1338     2
0x30005/51         user     0                    comp     1337     2

Routing table: test2.vpls
VPLS:
Enabled protocols: Single VLAN, ACKed by all peers,
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    dscd     1326     1
ge-0/0/7.1021      intf     0                    ucst     1335     3 ge-0/0/7.1021
0x30007/51         user     0                    comp     1352     2
0x30006/51         user     0                    comp     1351     2
Cause:

On SRX devices, L2 Ethernet-switching mode and VPLS processing cannot be used concurrently at the same time.

Solution:

Remove interfaces using L2 ethernet-switching to disable switching mode.

  1. Delete interface ge-0/0/6 and reboot SRX345. This will make sure SRX345 is not working in switching mode.

    [edit]
    root@jtac-SRX345-r015# delete interfaces ge-0/0/6

    [edit]
    root@jtac-SRX345-r015# commit
    commit complete

    [edit]
    root@jtac-SRX345-r015# run request system reboot
    Reboot the system ? [yes,no] (no) yes

    Shutdown NOW!
  2. After SRX345 boot up, check its configuration and global mode.

    root@jtac-SRX345-r015> show configuration interfaces
    ge-0/0/7 {
        vlan-tagging;
        encapsulation vlan-vpls;
        unit 1021 {
            encapsulation vlan-vpls;
            vlan-id 1021;
            family vpls;
        }
        unit 2044 {
            encapsulation vlan-vpls;
            vlan-id 2044;
            family vpls;
        }
    }

    root@jtac-SRX345-r015> show ethernet-switching global-information
    Global Configuration:

    MAC aging interval    : 300
    MAC learning          : Enabled
    MAC statistics        : Disabled
    MAC limit Count       : 16383
    MAC limit hit         : Disabled
    MAC packet action drop: Disabled
    MAC+IP aging interval : IPv4 - 1200 seconds
                            IPv6 - 1200 seconds
    MAC+IP limit Count    : 393215
    MAC+IP limit reached  : No
    LE  aging time        : 1200
    LE  VLAN aging time   : 1200
    Global Mode           : Not set  <---
    RE state              : Master
  3. Test traffic on SRX240 again.

    root@jtac-SRX240H2-r006# run ping 1.1.1.2 PING 1.1.1.2 (1.1.1.2): 56 data bytes
    ^C
    --- 1.1.1.2 ping statistics ---
    2 packets transmitted, 0 packets received, 100% packet loss

    [edit]
    root@jtac-SRX240H2-r006# run ping 3.3.3.3
    PING 3.3.3.3 (3.3.3.3): 56 data bytes
    ^C
    --- 3.3.3.3 ping statistics ---
    2 packets transmitted, 0 packets received, 100% packet loss
  4. SRX345 is able to learn MAC address and updated in forwarding table:

    root@jtac-SRX345-r015> show route forwarding-table family vpls
    Routing table: test1.vpls
    VPLS:
    Enabled protocols: Single VLAN, ACKed by all peers,
    Destination        Type RtRef Next hop           Type Index    NhRef Netif
    default            perm     0                    dscd     1303     1
    ge-0/0/7.2044      user     0                    comp     1347     2
    ec:3e:f7:7e:25:15/48 dynm     0                  ucst     1343     3 ge-0/0/7.2044   <---

    Routing table: test2.vpls
    VPLS:
    Enabled protocols: Single VLAN, ACKed by all peers,
    Destination        Type RtRef Next hop           Type Index    NhRef Netif
    default            perm     0                    dscd     1307     1
    ge-0/0/7.1021      user     0                    comp     1345     2
    ec:3e:f7:7e:25:15/48 dynm     0                   ucst     1342     3 ge-0/0/7.1021   <---
Related Links: