Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX/QFX] Which MAC address should be used for ZTP?

0

0

Article ID: KB36846 KB Last Updated: 17 Sep 2021Version: 1.0
Summary:

The current address and hardware address of management interfaces for 'fresh out-of-the-box' chassis are always different.  This should be a consideration for ZTP because the ZTP process is based on DHCP and the ZTP/ DHCP server needs the MAC address of the chassis to be provisioned.

Symptoms:

When QFX or EX is fresh out of the box/zeroized, the current MAC address and the hardware MAC are always different for the management interface.

The following command shows the MAC addresses of an em0 interface for a zeroized or a new EX/ QFX chassis:

root@QFX5200> show interfaces extensive em0 | match Hardware 
  Current address: e8:b6:c2:84:ae:81, Hardware address: e8:b6:c2:84:b3:78

This 'current address' is same as the MAC of VME interface, but it is not the same as the 'Hardware address'.

The following command shows the MAC addresses of the VME interface for the same zeroized chassis. The 'Hardware address' is the same as 'Current address':

root@QFX5200> show interfaces extensive vme | match Hardware 
  Current address: e8:b6:c2:84:ae:81, Hardware address: e8:b6:c2:84:ae:81
Cause:

By default, management interfaces have no configs while VME interfaces do.  The em0 interface will change the MAC address once it is configured with any information, such as IP/description etc.

{master:0}
root> show configuration interfaces em0
{master:0}
root> show configuration interfaces
vme
unit 0 {
family inet {
dhcp {
vendor-id Juniper:qfx5100-96s-8q:VB3715300242;
}
}

family inet6 {
dhcpv6-client {
client-type stateful;
client-ia-type ia-na;
client-identifier duid-type duid-ll;
vendor-id Juniper:qfx5100-96s-8q:VB3715300242;
}
}
}

As soon as config is added to em0, the current hardware address becomes the same as its own hardware address.

root# set interfaces em0.0 family inet address 1.1.1.1/24
root# commit

root# run show interfaces extensive em0 | match Hard
Current address: e8:b6:c2:84:b3:78, Hardware address: e8:b6:c2:84:b3:78

This can be verified by running a pcap on em0 (or me0) interface on a zeroized system and comparing it with the pcap when em0 (or me0) has some config:

Example output of pcap when an EX chassis was zeroized:

      monitor traffic interface me0 no-resolve size 500
      17:13:46.483349 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from e8:b6:c2:84:ae:81 (oui Unknown), length 298

The above example shows that the ZTP (DHCP) packets that are being originated by em0 have the source MAC of VME interface. This is taken when there is no configuration on me0 as of now.

Then me0 interface was configured with just dhcp vendor-id. (The behavior will be the same irrespective of config, for example, users can add IPV4 address of only the description and still see the same behavior.)

set interface me0.0 family inet dhcp vendor-id TEST
commit
           
monitor traffic interface me0 no-resolve size 500

17:15:47.483349 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from e8:b6:c2:84:b3:78 (oui Unknown), length 298

The same interface is now using its own hardware address for DHCP.

Solution:

This behavior is by design because Juniper L2 platforms support Virtual chassis.  This should be factored in while using ZTP for provisioning.  It is recommended to use a VME MAC address for ZTP if the management port is used.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search