vMX

 View Only
last person joined: 10 days ago 

Ask questions and share experiences about vMX.
  • 1.  vMX and MC-LAG

    Posted 01-10-2022 14:24
    I have a vMX topology running in active-active mode within EVE-NG.
    Failing either the ICL or the ICCP link to test fail-over shows that my routing adjs to downstream CE devices flap. 
    Not failing either link produces a totally stable environment. Im leaning towards that this being a virtualized environment there is some funkiness behind the scenes that's not working out well.

    Sample Config - PE1 and PE2 are set up similarly.

    set version 18.2R1.9
    set system root-authentication encrypted-password "$6$iSmMsglO$O3sPhhTuGHr/4b5pu/0cxfJOn.3aOfYekXS2ePOoEMcAWjZt/QLmvyxYVfri7rEKG6I8Z3lg0lAZ3Hnyyw6kX."
    set system host-name PE1
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set system processes dhcp-service traceoptions file dhcp_logfile
    set system processes dhcp-service traceoptions file size 10m
    set system processes dhcp-service traceoptions level all
    set system processes dhcp-service traceoptions flag packet
    set chassis aggregated-devices ethernet device-count 4
    set chassis fpc 0 pic 0 inline-services
    set services service-set SS2 nat-rules SNAT
    set services service-set SS2 interface-service service-interface si-0/0/0
    deactivate services service-set SS2
    set services nat pool POOL1 address 69.50.112.0/24
    deactivate services nat pool POOL1
    set services nat rule SNAT match-direction input
    set services nat rule SNAT term 1 from source-address 10.4.1.0/24
    set services nat rule SNAT term 1 then translated source-pool POOL1
    set services nat rule SNAT term 1 then translated translation-type basic-nat44
    deactivate services
    set interfaces ge-0/0/0 unit 0 family inet service input service-set SS2
    set interfaces ge-0/0/0 unit 0 family inet service output service-set SS2
    deactivate interfaces ge-0/0/0 unit 0 family inet service
    set interfaces ge-0/0/0 unit 0 family inet address 10.4.1.1/24
    set interfaces si-0/0/0 unit 0 family inet
    set interfaces ge-0/0/3 ether-options 802.3ad ae1
    set interfaces ge-0/0/5 unit 0 family inet address 199.37.215.1/30
    set interfaces ge-0/0/6 flexible-vlan-tagging
    set interfaces ge-0/0/6 native-vlan-id 3000
    set interfaces ge-0/0/6 encapsulation flexible-ethernet-services
    set interfaces ge-0/0/6 unit 2000 encapsulation vlan-bridge
    set interfaces ge-0/0/6 unit 2000 vlan-id 2000
    set interfaces ge-0/0/6 unit 3000 vlan-id 3000
    set interfaces ge-0/0/6 unit 3000 family inet address 172.29.0.1/24
    set interfaces ge-0/0/7 ether-options 802.3ad ae2
    set interfaces ge-0/0/8 ether-options 802.3ad ae0
    set interfaces ge-0/0/9 unit 0 family bridge interface-mode trunk
    set interfaces ge-0/0/9 unit 0 family bridge vlan-id-list 700-800
    set interfaces ae0 multi-chassis-protection 199.37.215.2 interface ge-0/0/9
    set interfaces ae0 aggregated-ether-options lacp active
    set interfaces ae0 aggregated-ether-options lacp periodic fast
    set interfaces ae0 aggregated-ether-options lacp system-priority 100
    set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:00:00:01
    set interfaces ae0 aggregated-ether-options lacp admin-key 1
    set interfaces ae0 aggregated-ether-options mc-ae mc-ae-id 1
    set interfaces ae0 aggregated-ether-options mc-ae redundancy-group 1
    set interfaces ae0 aggregated-ether-options mc-ae chassis-id 0
    set interfaces ae0 aggregated-ether-options mc-ae mode active-active
    set interfaces ae0 aggregated-ether-options mc-ae status-control active
    set interfaces ae0 aggregated-ether-options mc-ae events iccp-peer-down prefer-status-control-active
    set interfaces ae0 unit 0 family bridge interface-mode trunk
    set interfaces ae0 unit 0 family bridge vlan-id 700
    set interfaces ae1 multi-chassis-protection 199.37.215.2 interface ge-0/0/9
    set interfaces ae1 aggregated-ether-options lacp active
    set interfaces ae1 aggregated-ether-options lacp periodic fast
    set interfaces ae1 aggregated-ether-options lacp system-priority 100
    set interfaces ae1 aggregated-ether-options lacp system-id 00:00:00:00:00:01
    set interfaces ae1 aggregated-ether-options lacp admin-key 1
    set interfaces ae1 aggregated-ether-options mc-ae mc-ae-id 2
    set interfaces ae1 aggregated-ether-options mc-ae redundancy-group 1
    set interfaces ae1 aggregated-ether-options mc-ae chassis-id 0
    set interfaces ae1 aggregated-ether-options mc-ae mode active-active
    set interfaces ae1 aggregated-ether-options mc-ae status-control active
    set interfaces ae1 aggregated-ether-options mc-ae events iccp-peer-down prefer-status-control-active
    set interfaces ae1 unit 0 family bridge interface-mode trunk
    set interfaces ae1 unit 0 family bridge vlan-id 700
    set interfaces ae2 multi-chassis-protection 199.37.215.2 interface ge-0/0/9
    set interfaces ae2 aggregated-ether-options lacp active
    set interfaces ae2 aggregated-ether-options lacp periodic fast
    set interfaces ae2 aggregated-ether-options lacp system-priority 100
    set interfaces ae2 aggregated-ether-options lacp system-id 00:00:00:00:00:01
    set interfaces ae2 aggregated-ether-options lacp admin-key 1
    set interfaces ae2 aggregated-ether-options mc-ae mc-ae-id 3
    set interfaces ae2 aggregated-ether-options mc-ae redundancy-group 1
    set interfaces ae2 aggregated-ether-options mc-ae chassis-id 0
    set interfaces ae2 aggregated-ether-options mc-ae mode active-active
    set interfaces ae2 aggregated-ether-options mc-ae status-control active
    set interfaces ae2 aggregated-ether-options mc-ae events iccp-peer-down prefer-status-control-active
    set interfaces ae2 unit 0 family bridge interface-mode trunk
    set interfaces ae2 unit 0 family bridge vlan-id 800
    set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM61D877FEE8
    set interfaces irb unit 700 family inet address 192.168.77.2/24 vrrp-group 10 virtual-address 192.168.77.1
    set interfaces irb unit 700 family inet address 192.168.77.2/24 vrrp-group 10 priority 200
    set interfaces irb unit 700 family inet address 192.168.77.2/24 vrrp-group 10 preempt
    set interfaces irb unit 700 family inet address 192.168.77.2/24 vrrp-group 10 accept-data
    set interfaces irb unit 800 family inet address 10.255.170.2/24
    set routing-options aggregate route 0.0.0.0/0 policy LAN-A
    set protocols ospf traceoptions file ospf
    set protocols ospf traceoptions flag all
    set protocols ospf export exportDefault
    set protocols ospf area 0.0.0.0 interface irb.700
    set protocols ospf area 0.0.0.0 interface ge-0/0/5.0
    set protocols ospf area 0.0.0.0 interface irb.800
    set protocols iccp local-ip-addr 199.37.215.1
    set protocols iccp peer 199.37.215.2 redundancy-group-id-list 1
    set protocols iccp peer 199.37.215.2 liveness-detection minimum-interval 1000
    set protocols l2-learning mclag-arp-nd-sync
    set protocols rstp bridge-priority 4k
    set protocols rstp force-version stp
    set policy-options policy-statement LAN-A term 1 from protocol direct
    set policy-options policy-statement LAN-A term 1 from route-filter 10.4.1.0/24 exact
    set policy-options policy-statement LAN-A term 1 then accept
    set policy-options policy-statement LAN-A term 2 then reject
    set policy-options policy-statement exportDefault term 1 from protocol aggregate
    set policy-options policy-statement exportDefault term 1 from route-filter 0.0.0.0/0 exact
    set policy-options policy-statement exportDefault term 1 then accept
    set policy-options policy-statement exportDefault term 2 then reject
    set bridge-domains bd3000 vlan-id 3000
    set bridge-domains bd3000 interface ge-0/0/6.2000
    set bridge-domains bd700 vlan-id 700
    set bridge-domains bd700 routing-interface irb.700
    set bridge-domains vl800 vlan-id 800
    set bridge-domains vl800 routing-interface irb.800
    set switch-options service-id 20

    ------------------------------
    MICHAEL MOORE
    ------------------------------


  • 2.  RE: vMX and MC-LAG

    Posted 01-11-2022 16:55
    Hi,
    Try to remove following configuration from mc-ae interfaces
    set interfaces ae0 aggregated-ether-options mc-ae events iccp-peer-down prefer-status-control-active
    set interfaces ae1 aggregated-ether-options mc-ae events iccp-peer-down prefer-status-control-active
    set interfaces ae2 aggregated-ether-options mc-ae events iccp-peer-down prefer-status-control-active​

    According to https://www.juniper.net/documentation/us/en/software/junos/interfaces-ethernet/topics/ref/statement/mc-ae-edit-interfaces.html this statement should only be present on standby device.

    Note:

    The prefer-status-control-active statement can be configured with the status-control standby configuration to prevent the LACP MC-LAG system ID from reverting to the default LACP system ID on ICCP failure. Use this configuration only if you can ensure that ICCP will not go down unless the router or switch is down. You must also configure the hold-time down value (at the [edit interfaces interface-name] hierarchy level) for the interchassis link with the status-control standby configuration to be higher than the ICCP BFD timeout. This configuration prevents data traffic loss by ensuring that when the router or switch with the status-control active configuration goes down, the router or switch with the status-control standby configuration does not go into standby mode.

    To make the prefer-status-control-active configuration work with the status-control standby configuration when an interchassis-link logical interface is configured on aggregate Ethernet interface, you must either configure the lacp periodic interval statement at the [edit interface interface-name aggregated-ether-options] hierarchy level as slow or configure the detection-time threshold statement at the [edit protocols iccp peer liveness-detection] hierarchy level as less than 3 seconds.




    ------------------------------
    MEHMET SUEL
    ------------------------------



  • 3.  RE: vMX and MC-LAG

    Posted 01-12-2022 17:12
    Thanks for the suggestion unfortunately this doesn't seem the help the issue. Let me post a much cleaner config of what I have working on both PE1 and PE2.
    The downstream device is a Cisco switch.
    When I halt PE1, all my OSPF adjs go down and never come back up and I cannot ping any 172.23.0.x address.
    My expectation is if the active node goes down the standby should take over so that includes the control plane as well as the data plane but that doesn't seem to happen.  Are there any extra knobs that can be tweaked to get this working?
    Is it possible mc-lag isn't fully supported on vMX ?

    PE1> show configuration |display set
    set version 18.2R1.9
    set system root-authentication encrypted-password "$6$cjslRwiz$T6ea33.rd50E/8EqLu3tCzC7PTleAYg7jYSYYbQsft2gAi2CUpCTUdLHoI4.p7PhphFONebVK64wnh2ffxiuM."
    set system host-name PE1
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set system processes dhcp-service traceoptions file dhcp_logfile
    set system processes dhcp-service traceoptions file size 10m
    set system processes dhcp-service traceoptions level all
    set system processes dhcp-service traceoptions flag packet
    set chassis aggregated-devices ethernet device-count 5
    set interfaces ge-0/0/0 ether-options 802.3ad ae0
    set interfaces ge-0/0/5 unit 0 family inet address 1.1.1.1/30
    set interfaces ge-0/0/6 unit 0 family bridge interface-mode trunk
    set interfaces ge-0/0/6 unit 0 family bridge vlan-id-list 100-800
    set interfaces ae0 multi-chassis-protection 1.1.1.2 interface ge-0/0/6
    set interfaces ae0 aggregated-ether-options lacp active
    set interfaces ae0 aggregated-ether-options lacp system-priority 100
    set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:00:00:01
    set interfaces ae0 aggregated-ether-options lacp admin-key 1
    set interfaces ae0 aggregated-ether-options mc-ae mc-ae-id 1
    set interfaces ae0 aggregated-ether-options mc-ae redundancy-group 1
    set interfaces ae0 aggregated-ether-options mc-ae chassis-id 0
    set interfaces ae0 aggregated-ether-options mc-ae mode active-active
    set interfaces ae0 aggregated-ether-options mc-ae status-control active
    set interfaces ae0 unit 0 family bridge interface-mode trunk
    set interfaces ae0 unit 0 family bridge vlan-id 800
    set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM61DF43A935
    set interfaces irb unit 800 family inet address 172.23.0.2/24 vrrp-group 10 virtual-address 172.23.0.1
    set interfaces irb unit 800 family inet address 172.23.0.2/24 vrrp-group 10 priority 150
    set interfaces irb unit 800 family inet address 172.23.0.2/24 vrrp-group 10 preempt
    set interfaces irb unit 800 family inet address 172.23.0.2/24 vrrp-group 10 accept-data
    set protocols ospf area 0.0.0.0 interface irb.800
    set protocols iccp local-ip-addr 1.1.1.1
    set protocols iccp peer 1.1.1.2 redundancy-group-id-list 1
    set protocols iccp peer 1.1.1.2 liveness-detection minimum-interval 1000
    set bridge-domains bd800 vlan-id 800
    set bridge-domains bd800 routing-interface irb.800
    set switch-options service-id 10


    PE2> show configuration |display set
    set version 18.2R1.9
    set system root-authentication encrypted-password "$6$zEY8w9KN$xUVol0AhMLQDAzmKA.FiQ1MTcirmSnFwM.uuneTqVoWqFPA17.8wpw90ArSKkx4oF9Mn66YXP4aGxQ/LgQ7s61"
    set system host-name PE2
    set system syslog user * any emergency
    set system syslog file messages any notice
    set system syslog file messages authorization info
    set system syslog file interactive-commands interactive-commands any
    set system processes dhcp-service traceoptions file dhcp_logfile
    set system processes dhcp-service traceoptions file size 10m
    set system processes dhcp-service traceoptions level all
    set system processes dhcp-service traceoptions flag packet
    set chassis aggregated-devices ethernet device-count 5
    set interfaces ge-0/0/0 ether-options 802.3ad ae0
    set interfaces ge-0/0/5 unit 0 family inet address 1.1.1.2/30
    set interfaces ge-0/0/6 unit 0 family bridge interface-mode trunk
    set interfaces ge-0/0/6 unit 0 family bridge vlan-id-list 100-800
    set interfaces ae0 multi-chassis-protection 1.1.1.1 interface ge-0/0/6
    set interfaces ae0 aggregated-ether-options lacp active
    set interfaces ae0 aggregated-ether-options lacp system-priority 100
    set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:00:00:01
    set interfaces ae0 aggregated-ether-options lacp admin-key 1
    set interfaces ae0 aggregated-ether-options mc-ae mc-ae-id 1
    set interfaces ae0 aggregated-ether-options mc-ae redundancy-group 1
    set interfaces ae0 aggregated-ether-options mc-ae chassis-id 1
    set interfaces ae0 aggregated-ether-options mc-ae mode active-active
    set interfaces ae0 aggregated-ether-options mc-ae status-control standby
    set interfaces ae0 aggregated-ether-options mc-ae events iccp-peer-down prefer-status-control-active
    set interfaces ae0 unit 0 family bridge interface-mode trunk
    set interfaces ae0 unit 0 family bridge vlan-id 800
    set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM61DF43A935
    set interfaces irb unit 800 family inet address 172.23.0.3/24 vrrp-group 10 virtual-address 172.23.0.1
    set interfaces irb unit 800 family inet address 172.23.0.3/24 vrrp-group 10 accept-data
    set protocols ospf area 0.0.0.0 interface irb.800
    set protocols iccp local-ip-addr 1.1.1.2
    set protocols iccp peer 1.1.1.1 redundancy-group-id-list 1
    set protocols iccp peer 1.1.1.1 liveness-detection minimum-interval 1000
    set bridge-domains bd800 vlan-id 800
    set bridge-domains bd800 routing-interface irb.800
    set switch-options service-id 10

    ------------------------------
    MICHAEL MOORE
    ------------------------------



  • 4.  RE: vMX and MC-LAG

    Posted 01-13-2022 05:32
    One last point. The ICL link seems to be the problem during any type of failover scenario.
    On my standby PE I have configured the following
    set interfaces ae0 aggregated-ether-options mc-ae events iccp-peer-down force-icl-down
    set interfaces ae0 aggregated-ether-options mc-ae events iccp-peer-down prefer-status-control-active


    Once I bring down PE1 which is the active node , PE2 takes over and failover is successful. All destinations are pingable.
    If I bring down PE2, which is the standby node, nothing is pingable and I notice that OSPF adjs go up/down numerous times. The solution to this would be to manually bring down the ICL link by disabling it.

    Seems to reason that a failureof the ICCP link or the failure of the active node the MC-LAG functions as designed.  What the MC-LAG design cant recover from is if the  standby node fails. Total data plane collapse.

    ------------------------------
    MICHAEL MOORE
    ------------------------------



  • 5.  RE: vMX and MC-LAG

    Posted 01-13-2022 13:43
    Hi,

    Did some testing on EVE-NG with VMX 19.1. To simulate the device shutdown, I disable all interfaces.
    ge-0/0/5 interface is used for ICCP and ICL
    Without "set interfaces aeX aggregated-ether-options mc-ae events iccp-peer-down prefer-status-control-active" configuration on both devices, when one of the devices lost, LACP system-id advertised by the MX is changed which caused LACP to flap which caused OSPF to flap.
    [edit]
    root@SRX-1# run show lacp interfaces
    Aggregated interface: ae0
        LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
          ge-0/0/0       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
          ge-0/0/0     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
          ge-0/0/1       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
          ge-0/0/1     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
        LACP protocol:        Receive State  Transmit State          Mux State
          ge-0/0/0                  Current   Fast periodic Collecting distributing
          ge-0/0/1                  Current   Fast periodic Collecting distributing
    
    [edit]
    root@SRX-1# run show interfaces ae0 extensive | find LACP
        LACP info:        Role     System             System       Port     Port    Port
                                 priority         identifier   priority   number     key
          ge-0/0/0.32767    Actor      127 4c:96:14:e5:6f:40        127        1       1
          ge-0/0/0.32767  Partner      127 01:00:00:00:00:11        127        1       1
          ge-0/0/1.32767    Actor      127 4c:96:14:e5:6f:40        127        2       1
          ge-0/0/1.32767  Partner      127 01:00:00:00:00:11        127    32769       1
        LACP Statistics:       LACP Rx     LACP Tx   Unknown Rx   Illegal Rx
          ge-0/0/0.32767          1885       19096            0            0
          ge-0/0/1.32767         18645       19093            0            0
        Marker Statistics:   Marker Rx     Resp Tx   Unknown Rx   Illegal Rx
          ge-0/0/0.32767             0           0            0            0
          ge-0/0/1.32767             0           0            0            0
        Security: Zone: Null
        Flow Statistics :
        Flow Input statistics :
          Self packets :                     0
          ICMP packets :                     0
    
    [edit]
    root@SRX-1# run show lacp interfaces
    Aggregated interface: ae0
        LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
          ge-0/0/0       Actor    No   Yes    No   No   No   Yes     Fast    Active
          ge-0/0/0     Partner    No   Yes    No   No   No   Yes     Fast   Passive
          ge-0/0/1       Actor    No    No    No   No   No   Yes     Fast    Active
          ge-0/0/1     Partner    No    No    No   No  Yes   Yes     Fast    Active
        LACP protocol:        Receive State  Transmit State          Mux State
          ge-0/0/0                Defaulted   Fast periodic           Detached
          ge-0/0/1                  Current   Fast periodic            Waiting
    
    [edit]
    root@SRX-1# run show interfaces ae0 extensive | find LACP
        LACP info:        Role     System             System       Port     Port    Port
                                 priority         identifier   priority   number     key
          ge-0/0/0.32767    Actor      127 4c:96:14:e5:6f:40        127        1       1
          ge-0/0/0.32767  Partner        1 00:00:00:00:00:00          1        1       1
          ge-0/0/1.32767    Actor      127 4c:96:14:e5:6f:40        127        2       1
          ge-0/0/1.32767  Partner      127 2c:6b:f5:2b:72:c0        127    32769       1
        LACP Statistics:       LACP Rx     LACP Tx   Unknown Rx   Illegal Rx
          ge-0/0/0.32767          1973       19187            0            0
          ge-0/0/1.32767         18741       19184            0            0
        Marker Statistics:   Marker Rx     Resp Tx   Unknown Rx   Illegal Rx
          ge-0/0/0.32767             0           0            0            0
          ge-0/0/1.32767             0           0            0            0
        Security: Zone: Null
        Flow Statistics :
        Flow Input statistics :
          Self packets :                     0
          ICMP packets :                     0
    
    [edit]
    root@SRX-1# run show ospf neighbor
    Address          Interface              State           ID               Pri  Dead
    10.10.100.3      ae0.100                2Way            1.1.1.2          128    34
    
    [edit]
    root@SRX-1# run show ospf neighbor
    Address          Interface              State           ID               Pri  Dead
    10.10.100.3      ae0.100                Full            1.1.1.2          128    39
     ​


    When both devices are configured with "set interfaces aeX aggregated-ether-options mc-ae events iccp-peer-down prefer-status-control-active", LACP system-id is preserved in case of a device failure and OSPF didn't flap.

    [edit]
    root@SRX-1# run show lacp interfaces
    Aggregated interface: ae0
        LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
          ge-0/0/0       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
          ge-0/0/0     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
          ge-0/0/1       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
          ge-0/0/1     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
        LACP protocol:        Receive State  Transmit State          Mux State
          ge-0/0/0                  Current   Fast periodic Collecting distributing
          ge-0/0/1                  Current   Fast periodic Collecting distributing
    
    [edit]
    root@SRX-1# run show ospf neighbor
    Address          Interface              State           ID               Pri  Dead
    10.10.100.2      ae0.100                Full            1.1.1.1          128    39
    10.10.100.3      ae0.100                Full            1.1.1.2          128    36
    
    [edit]
    root@SRX-1# run show lacp interfaces
    Aggregated interface: ae0
        LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
          ge-0/0/0       Actor    No   Yes    No   No   No   Yes     Fast    Active
          ge-0/0/0     Partner    No   Yes    No   No   No   Yes     Fast   Passive
          ge-0/0/1       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
          ge-0/0/1     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
        LACP protocol:        Receive State  Transmit State          Mux State
          ge-0/0/0                Defaulted   Fast periodic           Detached
          ge-0/0/1                  Current   Fast periodic Collecting distributing
    
    [edit]
    root@SRX-1# run show ospf neighbor
    Address          Interface              State           ID               Pri  Dead
    10.10.100.2      ae0.100                Full            1.1.1.1          128    24
    10.10.100.3      ae0.100                Full            1.1.1.2          128    31
    
    [edit]
    root@SRX-1# run show ospf neighbor
    Address          Interface              State           ID               Pri  Dead
    10.10.100.2      ae0.100                Full            1.1.1.1          128    19
    10.10.100.3      ae0.100                Full            1.1.1.2          128    35
    
    [edit]
    root@SRX-1# run show ospf neighbor
    Address          Interface              State           ID               Pri  Dead
    10.10.100.2      ae0.100                Full            1.1.1.1          128    15
    10.10.100.3      ae0.100                Full            1.1.1.2          128    31
    
    [edit]
    root@SRX-1# run show ospf neighbor
    Address          Interface              State           ID               Pri  Dead
    10.10.100.2      ae0.100                Full            1.1.1.1          128    11
    10.10.100.3      ae0.100                Full            1.1.1.2          128    36
    
    [edit]
    root@SRX-1# run show ospf neighbor
    Address          Interface              State           ID               Pri  Dead
    10.10.100.2      ae0.100                Full            1.1.1.1          128     2
    10.10.100.3      ae0.100                Full            1.1.1.2          128    35
    
    [edit]
    root@SRX-1# run show ospf neighbor
    Address          Interface              State           ID               Pri  Dead
    10.10.100.3      ae0.100                Full            1.1.1.2          128    31
    
    [edit]
    root@SRX-1# run show interfaces ae0 extensive | find LACP
        LACP info:        Role     System             System       Port     Port    Port
                                 priority         identifier   priority   number     key
          ge-0/0/0.32767    Actor      127 4c:96:14:e5:6f:40        127        1       1
          ge-0/0/0.32767  Partner        1 00:00:00:00:00:00          1        1       1
          ge-0/0/1.32767    Actor      127 4c:96:14:e5:6f:40        127        2       1
          ge-0/0/1.32767  Partner      127 01:00:00:00:00:11        127    32769       1
        LACP Statistics:       LACP Rx     LACP Tx   Unknown Rx   Illegal Rx
          ge-0/0/0.32767          2303       19613            0            0
          ge-0/0/1.32767         19167       19611            0            0
        Marker Statistics:   Marker Rx     Resp Tx   Unknown Rx   Illegal Rx
          ge-0/0/0.32767             0           0            0            0
          ge-0/0/1.32767             0           0            0            0
        Security: Zone: Null
        Flow Statistics :
        Flow Input statistics :
          Self packets :                     0
          ICMP packets :                     0
    
    [edit]
    root@SRX-1# run show lacp interfaces
    Aggregated interface: ae0
        LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
          ge-0/0/0       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
          ge-0/0/0     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
          ge-0/0/1       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
          ge-0/0/1     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
        LACP protocol:        Receive State  Transmit State          Mux State
          ge-0/0/0                  Current   Fast periodic Collecting distributing
          ge-0/0/1                  Current   Fast periodic Collecting distributing
    
    [edit]
    root@SRX-1# run show ospf neighbor
    Address          Interface              State           ID               Pri  Dead
    10.10.100.2      ae0.100                Full            1.1.1.1          128    37
    10.10.100.3      ae0.100                Full            1.1.1.2          128    38
    
    [edit]
    root@SRX-1# run show ospf deta
                              ^
    syntax error, expecting <command>.
    root@SRX-1# run show ospf neighbor detail
    Address          Interface              State           ID               Pri  Dead
    10.10.100.2      ae0.100                Full            1.1.1.1          128    35
      Area 0.0.0.0, opt 0x52, DR 10.10.100.3, BDR 10.10.100.11
      Up 00:00:47, adjacent 00:00:47
    10.10.100.3      ae0.100                Full            1.1.1.2          128    37
      Area 0.0.0.0, opt 0x52, DR 10.10.100.3, BDR 10.10.100.11
      Up 00:08:17, adjacent 00:08:13
    
    [edit]
    root@SRX-1# run show lacp interfaces
    Aggregated interface: ae0
        LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
          ge-0/0/0       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
          ge-0/0/0     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
          ge-0/0/1       Actor    No   Yes    No   No   No   Yes     Fast    Active
          ge-0/0/1     Partner    No   Yes    No   No   No   Yes     Fast   Passive
        LACP protocol:        Receive State  Transmit State          Mux State
          ge-0/0/0                  Current   Fast periodic Collecting distributing
          ge-0/0/1                Defaulted   Fast periodic           Detached
    
    [edit]
    root@SRX-1# run show interfaces ae0 extensive | find LACP
        LACP info:        Role     System             System       Port     Port    Port
                                 priority         identifier   priority   number     key
          ge-0/0/0.32767    Actor      127 4c:96:14:e5:6f:40        127        1       1
          ge-0/0/0.32767  Partner      127 01:00:00:00:00:11        127        1       1
          ge-0/0/1.32767    Actor      127 4c:96:14:e5:6f:40        127        2       1
          ge-0/0/1.32767  Partner        1 00:00:00:00:00:00          1        2       1
        LACP Statistics:       LACP Rx     LACP Tx   Unknown Rx   Illegal Rx
          ge-0/0/0.32767          2396       19799            0            0
          ge-0/0/1.32767         19320       19794            0            0
        Marker Statistics:   Marker Rx     Resp Tx   Unknown Rx   Illegal Rx
          ge-0/0/0.32767             0           0            0            0
          ge-0/0/1.32767             0           0            0            0
        Security: Zone: Null
        Flow Statistics :
        Flow Input statistics :
          Self packets :                     0
          ICMP packets :                     0
    
    [edit]
    root@SRX-1# run show ospf neighbor
    Address          Interface              State           ID               Pri  Dead
    10.10.100.2      ae0.100                Full            1.1.1.1          128    37
    
    [edit]
    root@SRX-1# run show ospf neighbor detail
    Address          Interface              State           ID               Pri  Dead
    10.10.100.2      ae0.100                Full            1.1.1.1          128    34
      Area 0.0.0.0, opt 0x52, DR 10.10.100.11, BDR 10.10.100.2
      Up 00:01:38, adjacent 00:01:38
    


    Without BFD, OSPF takes up to 40 seconds to understand one of the devices down so using BFD with OSPF makes this transaction faster and causes less traffic outage.







    ------------------------------
    MEHMET SUEL
    ------------------------------



  • 6.  RE: vMX and MC-LAG

    Posted 01-15-2022 05:42
    So i found the source of my problem. Its not configuration. It's EVE-NG lab. 
    I am running vMX 18.2R1.9 just to add some color.
    When I create the topology you have with 2x vMX routers functioning as my MC-LAG and a Cisco router, I noticed that OSPF adjs will flap if I shut down one peer. I tried using a Cisco IOS image for the CE device and the same situation would happen. I then switched to using another vMX router as the CE and this time OSPF would not even form an adj with PE2 and if I shut down one peer the lab stops functioning - nothing is pingable.
    I finally switched to using a vQFX running 17.4R1 as the CE device. This worked flawlessly. I was able to test multiple failure scenarios (Node failure, ICCP failure, ICL failure_ and as you suggested adding the keyword "c-ae events iccp-peer-down prefer-status-control-active", " on the ACTIVE node I was able to achieve high availability even if the active peer was down or the ICCP/ICL link was compromised.

    The failure of OSPF adjs to form completely I noticed in another forum here is something that can occur. Switching the interface to p2p mode does resolve the flapping but of course in MC-LAG configuration that fails to bring up the adj on the other peer.

    Finally, what is the purpose of configuring one node as active and another as standby IF you still need to provide extra configuration to ensure high availability? Shouldnt the standby node automatically take over if the active node is no longer seen?


    ------------------------------
    MICHAEL MOORE
    ------------------------------