Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX/ACX] Unexpected packet drops seen if AE interface is used for PE-CE connection in single-active mode

0

0

Article ID: KB34770 KB Last Updated: 11 Sep 2019Version: 1.0
Summary:

This article demonstrates what happens when one AE interface is used to connect two provider edge (PE) routers in a single-active scenario and recommends the correct design to be used in this case to avoid packet drops and duplicate packets.

Symptoms:

Here is an example of using an AE interface in single-active mode for CE-PE connection:

Topology

                           +--------------+
                           |   ce-1       |
      +--------------------+              +---------------------+
      |                    |              |                     |
      |                    +--------------+                     |
      |                                                         |
      |                                                         |
      |                                                         |
+-----+---------+                                               |
|               |                                      +--------+----+
|     mx-1      |                                      |             |
|               |                                      |  mx-2       |
|               |                                      |             |
+-----+---------+                                      +------+------+
      |                                                       |
      |                                                       |
      |                                                       |
      |                    +--------------+                   |
      |                    |   ce-2       |                   |
      +--------------------+              +-------------------+
                           |              |
                           +--------------+

ce-1 and ce-2 are customer edge (CE) devices, which are multihomed to mx-1 and mx-2.

Configuration on ce-1

labroot@ ce-1 # show interfaces ae7
aggregated-ether-options {
    lacp {
        active;
    }
}
unit 0 {
    family ethernet-switching {
        interface-mode trunk;
        vlan {
            members SW1;
        }
    }
}

{master:0}[edit]
labroot@ ce-1 # show interfaces irb
unit 844 {
    family inet {
        address 10.50.9.241/24;

labroot@ ce-1 # run show interfaces irb         
Physical interface: irb, Enabled, Physical link is Up
  Interface index: 640, SNMP ifIndex: 502
  Type: Ethernet, Link-level type: Ethernet, MTU: 1514
  Device flags  : Present Running
  Interface flags: SNMP-Traps
  Link type     : Full-Duplex
  Link flags    : None
  Current address: c8:e7:f0:a0:7c:61, Hardware address: c8:e7:f0:a0:7c:61
  Last flapped  : Never
    Input packets : 0
    Output packets: 0

Configuration on ce-2

labroot@ ce-2# show interfaces ae8
aggregated-ether-options {
    lacp {
        active;
    }
}
unit 0 {
    family ethernet-switching {
        interface-mode trunk;
        vlan {
            members SW2;
        }
    }
}

{master:0}[edit]
labroot@ ce-2# show interfaces irb
unit 844 {
    family inet {
        address 10.50.9.201/24;
    }
}

labroot@ ce-2# run show interfaces irb
Physical interface: irb, Enabled, Physical link is Up
  Interface index: 641, SNMP ifIndex: 502
  Type: Ethernet, Link-level type: Ethernet, MTU: 1514
  Device flags  : Present Running
  Interface flags: SNMP-Traps
  Link type     : Full-Duplex
  Link flags    : None
  Current address: c8:e7:f0:a0:79:61, Hardware address: c8:e7:f0:a0:79:61
  Last flapped  : Never
    Input packets : 0
Output packets: 0

As shown below, on mx-1 and mx-2, the MAC address is learned correctly:

labroot@mx-1-re1> show evpn database instance SBC-EVPN   
Instance: SBC-EVPN
VLAN  MAC address        Active source                  Timestamp        IP address
844   c8:e7:f0:a0:79:61  00:00:00:00:00:00:02:08:44:02  Jul 03 11:55:35
844   c8:e7:f0:a0:7c:61  00:00:00:00:00:00:02:08:44:01  Jul 03 11:55:35

labroot@mx-1-re1> show bridge mac-table instance SBC-EVPN

MAC flags       (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
    O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)

Routing instance : SBC-EVPN
Bridging domain : SBC-Domain, VLAN : 844
   MAC                 MAC      Logical          NH    RTR
   addresssss          flags    interface        Index ID
   c8:e7:f0:a0:79:61   D       ae8.0          
   c8:e7:f0:a0:7c:61   D       ae7.0    
 

labroot@mx-2-re0> show bridge mac-table instance SBC-EVPN

MAC flags       (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
    O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)

Routing instance : SBC-EVPN
Bridging domain : SBC-Domain, VLAN : 844
   MAC                 MAC      Logical          NH    RTR
   addresssss          flags    interface        Index ID
   c8:e7:f0:a0:79:61   DC                        1048576 1048576
   c8:e7:f0:a0:7c:61   DC                        1048575 1048575

labroot@mx-2-re0> show evpn database instance SBC-EVPN
Instance: SBC-EVPN
VLAN  MAC address        Active source                  Timestamp        IP address
844   c8:e7:f0:a0:79:61  00:00:00:00:00:00:02:08:44:02  Jul 03 11:55:32
844   c8:e7:f0:a0:7c:61  00:00:00:00:00:00:02:08:44:01  Jul 03 11:55:32

However, CE-to-CE ping does not work:

labroot@@ ce-2# run ping 10.50.9.241 source 10.50.9.201   
PING 10.50.9.241 (10.50.9.241): 56 data bytes
^C
--- 10.50.9.241 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

As indicated, unexpected packet drops are seen.

Cause:

It is incorrect design to have one AE interface connecting to two PEs in a single-active scenario.

Refer to the following:

Solution:

As per design, in a single-active scenario, it is recommended that a multihomed CE should have either stand-alone interfaces or different AE interfaces connecting to both PE devices. 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search