Switching

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  MC LAG ex4600 - Setup problems

    Posted 01-16-2017 23:48

    Hi

     

    Im having issues setting up MC LAG on a pair of ex4600 with the recommended release code D40.

     

    I have the following topology:

    MC LAG.jpg

     

    link xe-0/0/23 is used exclusively for the ICCP traffic

    and ae0 is the ICL for the data plane.

     

    from ex4600 PE1 on left side
    
    [ multi-chassis ]
    multi-chassis-protection 10.1.1.2 {
        interface ae0;
    }
    
    [interfaces irb ]
    arp-l2-validate;
    unit 3999 {
        family inet {
            address 10.1.1.1/30;
        }
    }
    
    [interfaces ae0]
    description "EtherChannel between ex4600 ICL";
    mtu 9216;
    aggregated-ether-options {
        link-speed 10g;
    }
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members [ 10-16 18 20 30 40 50-51 55 60-65 70 80-83 90-91 100 111 114 117 120 123 150-151 279 350 1000 ];
            }
        }
    }
    
    [ interfaces xe-0/0/23 ]
    description "ICCP Link to ex4600 xe-0/0/23";
    mtu 9216;
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members ICCP-Vlan;
            }
        }
    }
    [edit interfaces ae6]
    description "EtherChannel to vca-l2oob-02";
    mtu 9216;
    aggregated-ether-options {
    lacp {
    active;
    periodic fast;
    system-id 00:00:00:00:00:06;
    admin-key 6;
    }
    mc-ae {
    mc-ae-id 6;
    chassis-id 0;
    mode active-active;
    status-control active;
    }
    }
    unit 0 {
    family ethernet-switching {
    interface-mode trunk;
    vlan {
    members [ 10-16 18 20 30 40 50-51 55 60-65 70 80-83 90-91 100 111 114 117 120 123 150-151 279 350 999-1000 ];
    }
    }
    }

    I originally had the multi-chassis protection link as xe-0/0/23.

     

    When I connect the client with both links, everything looks ok but I am getting traffic looping.

     

    the iccp is established and the show interface mc-ae showed the ae6 up-up on both peers

     

    and errors like:

    Jan 17 00:21:19  rtaggtmp01 l2ald[1735]: L2ALD_FREE_MAC_FAILED: ERROR:FwdE:0x9bffd00 EFlag:0x1802101f RGID:0001  AEID:0006  SERVICE-ID:01 UNIT:00 PEERID:16843018MAC: 08:5b:0e:72:4d:ae moved: already in RMAC List
    Jan 17 00:21:21  rtaggtmp01 l2ald[1735]: L2ALD_FREE_MAC_FAILED: ERROR:FwdE:0x9c22000 EFlag:0x1802101f RGID:0001  AEID:0006  SERVICE-ID:01 UNIT:00 PEERID:16843018MAC: 08:5b:0e:78:23:bc moved: already in RMAC List
    Jan 17 00:21:40  rtaggtmp01 l2ald[1735]: L2ALD_FREE_MAC_FAILED: ERROR:FwdE:0x9c1c100 EFlag:0x1802101f RGID:0001  AEID:0006  SERVICE-ID:01 UNIT:00 PEERID:16843018MAC: 08:5b:0e:72:4d:ae moved: already in RMAC List

    Reading docs last night it states that the protection link should be the ICL, Which I understand to be the ae0 interface.

    thus indicated in the code above.

     

    I shutdown the interface on second ex4600 towards the client

    then enabled mc-ae on the ae6 on primary ex4600.

     

    the first ex4600 complains that protection link is not configured.

     

    so questions are:

     

    1.  Which link should be the multi-chassis protection link, the ICCP link xe-0/0/23 or the ICL ae0?

    2.  As this client is not ONLY attached to the ex4600 pair , there are other devices connected in and there is currently RSTP running correctly in the network, what if anything needs to be done?  I saw some comments about having to set the bridge ID to be the same on both mc-lag boxes.

    3.  Is anything else wrong with the config?

     

    thanks

     

     



  • 2.  RE: MC LAG ex4600 - Setup problems

     
    Posted 01-17-2017 04:21

    Hello

     

    The multi-chassis-protection should point to the ICL link i.e ae0.

     

    • The service-id statement in the [edit switch-options] hierarchy is required in the ELS CLI.

    set switch-options service-id 10

     

    • Since your network topology requires RSTP or VSTP to prevent loops we should config MC-LAG nodes with same

     

    Spanning Tree Protocol (STP) virtual root ID

    set protocols rstp bridge-priority 0
    set protocols rstp system-identifier 00:11:22:33:44:55

    Can you also please provide all the config related to mclag from both the PEs ?

     

    -Sunny



  • 3.  RE: MC LAG ex4600 - Setup problems

     
    Posted 01-17-2017 05:55
    Despite Juniper 'best practice' documentation I would suggest you just move both ICL and ICCP to AE0. This is fully supported and may make you life easier. Then the multi-chassis link protection is associate with this one AE.

    As for RSTP, you do know that any form of STP must be disable on any MC-AE - your AE6. Also LACP MUST be enabled on this MC-AE, and therefore also on the edge switch or device. Based upon some of your wording I am guessing your MC-AE is to a device/server vs a switch. In either case, that connection must also support LACP. For this portion of the configuration the LACP system-id and admin key should be the same. Not so sure about any form of STP.

    An additional comment is that there are LOTS (way to many) Juniper MC-LAG documents. A google search will probably still return 20+ links. Many of these links are old docs which may very well not contain latest enhancements to MC-LAG and will also have inaccuracies (mistake). I would recommend not using any MC-LAG doc that does not have a publish date in 2016.

    Good luck.


  • 4.  RE: MC LAG ex4600 - Setup problems

    Posted 01-18-2017 01:53

    Hi

     

    so majority of issues "solved".

    I migrated both the ICCP and ICL to the ae0 interface ( with 2 links ) 

     

    notes and questions:

     

    not all the attached devices are homed to both nodes ( ie they are single-homed )

     

    I have had to leave RSTP on for my ae0 inter-ex4600 link otherwise get a loop when connecting a dual homed client.

     

    I also seem to have an issue when configuring the "vlan members all" statement on client facing mc-ae interfaces.

    I need to specifiy each vlan id to carry and then its fine.

     

    I have pending setting the RSTP system-ID to be the same on both nodes.

     

     

     

    [interface ae6]
    mtu 9216;
    aggregated-ether-options {
        lacp {
            active;
            periodic fast;
            system-id 00:00:00:00:00:06;
            admin-key 6;
        }
        mc-ae {
            mc-ae-id 6;
            chassis-id 1;
            mode active-active;
            status-control standby;
        }
    }
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members [ a b c ];
            }
        }
    }
    
    [protocol rstp]
    bridge-priority 8k;
    interface ae0 {
        mode point-to-point;
    }
    interface ae6 {
        mode point-to-point;
        no-root-port;
    }
    bpdu-block-on-edge

    >show interface mc-ae
    Member Link : ae6
    Current State Machine's State: mcae active state
    Local Status : active
    Local State : up
    Peer Status : active
    Peer State : up
    Logical Interface : ae6.0
    Topology Type : bridge
    Local State : up
    Peer State : up
    Peer Ip/MCP/State : 10.1.1.1 ae0.0 up

    > show iccp

    Redundancy Group Information for peer 10.1.1.1
    TCP Connection : Established
    Liveliness Detection : Up

    Client Application: l2ald_iccpd_client

    Client Application: lacpd

    > show spanning-tree interface ae0
    Interface Port ID Designated Designated Port State Role
    port ID bridge ID Cost
    ae0 128:3 128:3 4096.2c2131f14502 1000 FWD ROOT

    > show spanning-tree interface ae6

    Interface Port ID Designated Designated Port State Role
    port ID bridge ID Cost
    ae6 128:9 128:9 8192.2c2131ee5802 1000 FWD DESG

    question 1:

    regarding removing spanning-tree from the client mc-ae interface:

     

    The documentation I have seen and Ive looked at many.... doesnt really mention xSTP.

    most of the docs dont mention the configuration of it, just that mc lag removes the need for it.

    and others state that STP needs to be off on the ICL and on towards the clients.

     

    so as far as I can tell from the replies:

    I need to:

    • set the rstp system-id to be the same
    • set the rsp priority to be the same
    • remove stp on the ae0 ( ICL Link )
    • remove stp on any mc-ae interfaces
    • any other normal interfaces still get stp

    my clients are down stream switches with other sub connected switches.

    so if the mc-lag pair is not participating in STP, whats the impact for these downstream nodes?

     

     

    Question 2:

    I have an irb interface which I want to use for inline management.

    I seem to only have access to one of the IP addresses, I assume this is because of the status control/ownership.

     

    Does anyone know what to do to get in-band management to both nodes all the time, apart from mgmt ports?

     

    thanks

     

     

     

     


    #EX4600
    #rstp
    #mclag


  • 5.  RE: MC LAG ex4600 - Setup problems

    Posted 01-19-2017 07:00

    Update:

     

    I did the following in one commit operation:

     

    • set the rsp priority to be the same
    • remove stp on the ae0 ( ICL Link )
    • remove stp on any mc-ae interfaces
    • any other normal interfaces still get stp

    thank god for "commit confirmed 1"

     

    melt down occured.

     



  • 6.  RE: MC LAG ex4600 - Setup problems

     
    Posted 01-19-2017 16:46

    What code version are you running?  VLAN member all was fixed to work along time ago for ELS products and SW.

     

    At this point you probably need to send config for both switches.  If you can send show configuration | more and put into text doc, and also send (for both) show configuration | display set | more and also put that in text doc - easier to manipuate through.

     

    BTW, have you open a TAC case and asked them to review your config??



  • 7.  RE: MC LAG ex4600 - Setup problems

    Posted 02-09-2017 15:35

    Hi 

     

    Just to let you know that I gave up on the mc-lag setup on this platform for this code release.

    I had Juniper docs for this and went through it dozens of times.  nothing looked out of place.

     

    As this is in the core of the network, everytime I tried something I would get a network meltdown.

    absolute nightmare.

     

    I have since moved to a basic RSTP primary/secondary root bridge setup and things have calmed down.

    and now I have notcied that one of my downstream VC stacks may have an issue.

    this VC stack was had an AE to each MC LAG member.  with AE source ports on different VC members.

     

    I have now seen that one of the VC members isnt sending STP messages properly as it is on other members of the same VC.

    thus all these loop issues could have been caused by the VC.