I have two words for this. Anycast, broadcast.
In an environment that untagged traffic is not
working, you must consider the long run. We
all assume that ipv4 broadcast kills us off the
bat. Yes, that's true. But we don't think to
question anycast. Well I got news for you.
I call it the calm before the storm. Anycast
will operate half wittedly when reaching
the gold at the end of the rainbow. But
ipv6 forwarding will usually/always make
sure this doesn't happen. Dual stack, hmm.
So your arp is most likely killing you. That is
if untagged traffic is THE problem.
------------------------------
Adrian Aguinaga
B.S.C.M. I.T.T. Tech
(Construction Management)
A.A.S. I.T.T. Tech
(Drafting & Design)
------------------------------
Original Message:
Sent: 05-14-2024 05:47
From: Askold Lushko
Subject: Problems with untagged traffic using flexible-vlan-tagging SRX1500
Hello. Help me please to understand what my probaly wrong in that config?
}
xe-0/0/18 {
gigether-options {
802.3ad ae1;
}
}
xe-0/0/19 {
gigether-options {
802.3ad ae1;
}
}
ae1 {
flexible-vlan-tagging;
native-vlan-id 2840;
aggregated-ether-options {
lacp {
active;
link-protection;
}
}
unit 9 {
vlan-id 9;
family inet {
address 100.64.0.2/29;
}
}
unit 117 {
vlan-id 117;
family inet {
address 192.168.145.253/24;
}
}
unit 2840 {
vlan-id 2840;
family inet {
address 10.10.101.254/23 {
arp 10.10.101.101 mac 5c:ed:8c:b3:e3:80;
arp 10.10.101.102 mac 98:f2:b3:36:94:68;
arp 10.10.100.1 mac 52:54:00:55:83:27;
arp 10.10.100.2 mac 52:54:00:e8:9d:6b;
arp 10.10.100.3 mac 52:54:00:37:1c:9b;
arp 10.10.100.4 mac 52:54:00:ca:52:74;
arp 10.10.100.5 mac 52:54:00:48:9f:ac;
arp 10.10.100.6 mac 52:54:00:fe:1a:cd;
arp 10.10.100.7 mac 52:54:00:f6:fa:f4;
arp 10.10.100.8 mac 52:54:00:0c:37:5d;
arp 10.10.100.9 mac 52:54:00:01:be:02;
arp 10.10.100.10 mac 52:54:00:c1:3b:a0;
arp 10.10.101.1 mac 1a:f8:bd:d7:9f:f7;
arp 10.10.101.103 mac c8:4b:d6:82:99:3c;
arp 10.10.101.3 mac 78:ac:44:35:a9:34;
arp 10.10.100.23 mac 00:50:56:9c:e8:0a;
}
}
}
}
I have a problem: when the MAC address lifetime expires on the CPX router, the router sends a broadcast request to vlan 2840 and the traffic is tagged. This can be seen both on the router itself in the traffic dump and on the target host. At this time, connectivity between the host and router is lost. This continues until the host itself starts sending a broadcast request to the router. In this case, the router responds to the host in vlan 2840, but the traffic is no longer tagged and communication is restored. Is I made static arp records than I neve not any problems.
For example. Traffic dump on one of the hosts
09:46:40.430335 44:f4:77:d2:a1:c0 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 2840, p 0, ethertype ARP (0x0806), Request who-has 10.10.101.200 tell 10.10.101.254, length 42
09:46:41.032562 44:f4:77:d2:a1:c0 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 2840, p 0, ethertype ARP (0x0806), Request who-has 10.10.101.200 tell 10.10.101.254, length 42
09:46:41.932677 44:f4:77:d2:a1:c0 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 60: vlan 2840, p 0, ethertype ARP (0x0806), Request who-has 10.10.101.200 tell 10.10.101.254, length 42
Dump from SRX1500
------------------------------
Askold Lushko
------------------------------