we had the server ports set up as MC-LAG at first, but the server team change to SET teaming in the server and that does not do LACP
QFX-a and are connect with AE256 for iccp and icl (ports 30 and 31 on both make the 200G link)
uplink to current Core is from QFX-A
MACs on QFX-B are not learned on QFX-B witch we think is causing a unicast storm, if you ping a VM on the server from a nexus or junos you get the (DUP!) alarms
if we shut the server ports on QFX-A those alarms go away
why are we not learing the MACs on the trunk from QFX a to QFX-b?
is this not suppported topology? (the MClag docs say a standalone should mac learn via the iccp)
There are 2 MC-LAG ports configed and they ARE learing MACS
do we have a config wrong ? unsupported topo ?
Juniper TAC said the L2-learing needed restarted, we tried that, chassis control, interface control, iccp services, and rebooted both boxes and the issue remains.
I admit it could be an issue on the server side, but my job is the Network and I have no access to server. just trying to verify my side of things.
Thoughts, facts and experance you have would be helpful
Server plug into both QFX's 100g, with set teaming configed
we did try to MC-lag from both QFX to our core with nexuss VPC but it kept failing randomly, so did a single L2 link to the core from QFX-A
If your MCLAG (ICL/ICCP) is properly up, MACs should be updated from one member to the other. Does it share MACs sometimes and not at other or doesn't share at all. Try configuring "set interfaces irb arp-l2-validate" on the QFXs if that resolves.
Else please check if this helps:
Hope this helps.
If this solves your problem, please mark this post as "Accepted Solution."Kudos are always appreciated :).
found the reason finally
non MC-lag vlan need there own Trunk link or you have to add them to an MC-lag port
Nice,thanks for sharing. Know that MAC replication on MCLAG is handled by ICCP, and even for single-homed clients it doesn't use datapath learning (like the usual source-MAC learning).
Short of adding a trunk link, I think you can also try to add static MAC on the ICL for such single-homed devices and see if that alleviates the flooding :):
yah that would be a lot of static MAC for us to add, no thanks LOL