Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SRX branch cannot learn MAC address from local VPLS network when global mode is switching

0

0

Article ID: KB34184 KB Last Updated: 03 May 2019Version: 1.0
Summary:

SRX branch cannot learn MAC address from local VPLS network when global mode is configured as 'switching'.

Symptoms:

Topology

SRX240(ge-0/0/3) --- (ge-0/0/7)SRX345(ge-0/0/0)--Provider_Network

SRX345 configuration

security {
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
            mpls {
                mode packet-based;
            }
            iso {
                mode packet-based;
            }
        }
    }
}
interfaces {
    ge-0/0/6 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/7 {
        vlan-tagging;
        encapsulation vlan-vpls;
        unit 1021 {
            encapsulation vlan-vpls;
            vlan-id 1021;
            family vpls;
        }
        unit 2044 {
            encapsulation vlan-vpls;
            vlan-id 2044;
            family vpls;
        }
    }
}

routing-instances {
    test1 {
        interface ge-0/0/7.2044;
        instance-type vpls;
        vlan-id 2044;
    }
    test2 {
        interface ge-0/0/7.1021;
        instance-type vpls;
        vlan-id 1021;
    }
}


SRX240 configuration:

root@jtac-SRX240H2-r006# show interfaces
ge-0/0/3 {
    vlan-tagging;
    unit 1021 {
        vlan-id 1021;
        family inet {
            address 1.1.1.1/24;
        }
    }
    unit 2044 {
        vlan-id 2044;
        family inet {
            address 3.3.3.1/24;
        }
    }
}

 

Test Steps

  • SRX345 global mode is switching based on ge-0/0/6.0 requirement for use as L2 switching interface using family ethernet-switching.
[edit]
root@jtac-SRX345-r015# run show ethernet-switching global-information
Global Configuration:

MAC aging interval    : 300
MAC learning          : Enabled
MAC statistics        : Disabled
MAC limit Count       : 16383
MAC limit hit         : Disabled
MAC packet action drop: Disabled
MAC+IP aging interval : IPv4 - 1200 seconds
                        IPv6 - 1200 seconds
MAC+IP limit Count    : 393215
MAC+IP limit reached  : No
LE  aging time        : 1200
LE  VLAN aging time   : 1200
Global Mode           : Switching    <----
RE state              : Master

 
  • On SRX240, ge-0/0/3 MAC address is ec:3e:f7:7e:25:15.
root@jtac-SRX240H2-r006# run show interfaces ge-0/0/3 | grep hardware
  Current address: ec:3e:f7:7e:25:15, Hardware address: ec:3e:f7:7e:25:15
 
  • Generate traffic on SRX240 towards VPLS network.
[edit]
root@jtac-SRX240H2-r006# run ping 1.1.1.2
PING 1.1.1.2 (1.1.1.2): 56 data bytes
^C
--- 1.1.1.2 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

[edit]
root@jtac-SRX240H2-r006# run ping 3.3.3.3
PING 3.3.3.3 (3.3.3.3): 56 data bytes
^C
--- 3.3.3.3 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
 
  • Unable to locate learned MAC address ec:3e:f7:7e:25:15 in VPLS forwarding table on SRX345.
[edit]
root@jtac-SRX345-r015# run show route forwarding-table family vpls
Routing table: test1.vpls
VPLS:
Enabled protocols: Single VLAN, ACKed by all peers,
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    dscd     1322     1
ge-0/0/7.2044      intf     0                    ucst     1330     3 ge-0/0/7.2044
0x30004/51         user     0                    comp     1338     2
0x30005/51         user     0                    comp     1337     2

Routing table: test2.vpls
VPLS:
Enabled protocols: Single VLAN, ACKed by all peers,
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    dscd     1326     1
ge-0/0/7.1021      intf     0                    ucst     1335     3 ge-0/0/7.1021
0x30007/51         user     0                    comp     1352     2
0x30006/51         user     0                    comp     1351     2
Cause:

On SRX devices, L2 Ethernet-switching mode and VPLS processing cannot be used concurrently at the same time.

Solution:

Remove interfaces using L2 ethernet-switching to disable switching mode.

  1. Delete interface ge-0/0/6 and reboot SRX345. This will make sure SRX345 is not working in switching mode.

    [edit]
    root@jtac-SRX345-r015# delete interfaces ge-0/0/6

    [edit]
    root@jtac-SRX345-r015# commit
    commit complete

    [edit]
    root@jtac-SRX345-r015# run request system reboot
    Reboot the system ? [yes,no] (no) yes

    Shutdown NOW!
  2. After SRX345 boot up, check its configuration and global mode.

    root@jtac-SRX345-r015> show configuration interfaces
    ge-0/0/7 {
        vlan-tagging;
        encapsulation vlan-vpls;
        unit 1021 {
            encapsulation vlan-vpls;
            vlan-id 1021;
            family vpls;
        }
        unit 2044 {
            encapsulation vlan-vpls;
            vlan-id 2044;
            family vpls;
        }
    }

    root@jtac-SRX345-r015> show ethernet-switching global-information
    Global Configuration:

    MAC aging interval    : 300
    MAC learning          : Enabled
    MAC statistics        : Disabled
    MAC limit Count       : 16383
    MAC limit hit         : Disabled
    MAC packet action drop: Disabled
    MAC+IP aging interval : IPv4 - 1200 seconds
                            IPv6 - 1200 seconds
    MAC+IP limit Count    : 393215
    MAC+IP limit reached  : No
    LE  aging time        : 1200
    LE  VLAN aging time   : 1200
    Global Mode           : Not set  <---
    RE state              : Master
  3. Test traffic on SRX240 again.

    root@jtac-SRX240H2-r006# run ping 1.1.1.2 PING 1.1.1.2 (1.1.1.2): 56 data bytes
    ^C
    --- 1.1.1.2 ping statistics ---
    2 packets transmitted, 0 packets received, 100% packet loss

    [edit]
    root@jtac-SRX240H2-r006# run ping 3.3.3.3
    PING 3.3.3.3 (3.3.3.3): 56 data bytes
    ^C
    --- 3.3.3.3 ping statistics ---
    2 packets transmitted, 0 packets received, 100% packet loss
  4. SRX345 is able to learn MAC address and updated in forwarding table:

    root@jtac-SRX345-r015> show route forwarding-table family vpls
    Routing table: test1.vpls
    VPLS:
    Enabled protocols: Single VLAN, ACKed by all peers,
    Destination        Type RtRef Next hop           Type Index    NhRef Netif
    default            perm     0                    dscd     1303     1
    ge-0/0/7.2044      user     0                    comp     1347     2
    ec:3e:f7:7e:25:15/48 dynm     0                  ucst     1343     3 ge-0/0/7.2044   <---

    Routing table: test2.vpls
    VPLS:
    Enabled protocols: Single VLAN, ACKed by all peers,
    Destination        Type RtRef Next hop           Type Index    NhRef Netif
    default            perm     0                    dscd     1307     1
    ge-0/0/7.1021      user     0                    comp     1345     2
    ec:3e:f7:7e:25:15/48 dynm     0                   ucst     1342     3 ge-0/0/7.1021   <---
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search