Junos OS

Hello, we are trying to get an MC-LAG configuration to work and seeing some issues. We have a server with 2 25G links to a pair of QFX switches labeled as Leaf1A and Leaf1B. These are stand alone switches directly connect to each other via a LACP link of 2 100G ports (et-0/0/30 and et-0/0/31) using ae100 as the aggregator interface. This ae100 is a trunk that is carrying vlan 50 and vlan 100. leaf1a is configured with iccp address 10.0.0.1 on vlan 50 and switch leaf1b is iccp addressed 10.0.0.2 on vlan 50. We have the server connected to ports et-0/0/0:0 on both switches and the LACP is using ae1. 

ae1 is an access port with vlan 100. The gateway for the server is 10.0.1.254 and mcae is configured on the ae1. 

What we are seeing is pinging from the server to a different irb or l3 interface we get 90% packet loss to switch B. Pinging from the switches to the server sourced from the irb.100 vlan 100 gateway address of 10.0.1.254 about 99% of the time packets make it from switch A but only about 1% of the time does it work from switch B. 

JTAC is telling us that you can not have the same gateway for the server on both switches which would completely negate the LACP function. Also, we can not run this with vrrp as we need active/active, not active/standby.

Running a tap on the links, we can see that the packets are both being sourced from the same mac address and IP, so there should not be any arp or IP conflicts. We have tested this to make sure it is not a server config issue by also connecting a QFX5200 switch as if it is a server doing LACP to the two leaf switches and it exhibits the same behavior ruling out the possibility of it being anything on the server side of things. 

Anyone have any ideas or have a working config that you might be able to share?

Hello Troy,

The following example seems to closely match your topology as  both your test hosts 10.0.1.1 and 10.0.1.3 are in the same subnet:
https://www.juniper.net/documentation/us/en/software/junos/mc-lag/topics/topic-map/examples-mc-lag.html

If for obvious reasons, you'd need your hosts to use the default gateway, in general you might either use VRRP or the same IP on both IRB with MAC synchronization.
Please refer to the following documentation:
https://www.juniper.net/documentation/us/en/software/junos/mc-lag/topics/concept/mc-lag-feature-concepts.html

However, QFX5200 seems to not officially support IRB MAC synchronization, so you're only option would be to run VRRP:
https://apps.juniper.net/feature-explorer/feature/2488?fn=IRB%20MAC%20synchronization%20in%20MC-LAG%20for%20aggregated%20Ethernet

You might request JTAC to provide any reasoning why VRRP is not supported in your scenario.

You may also play with mclag-arpreq-sync (https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/l2-learning-mclag-arpreq-sync.html), however my suggestion would be to start with a simple example provided above and then continue to tweak it according to your needs.

Regards,
Wojciech

Original Message:
Sent: 09-25-2025 18:24
From: TROY BEISIGL
Subject: QFX5200 MC-LAG issues

Hello, we are trying to get an MC-LAG configuration to work and seeing some issues. We have a server with 2 25G links to a pair of QFX switches labeled as Leaf1A and Leaf1B. These are stand alone switches directly connect to each other via a LACP link of 2 100G ports (et-0/0/30 and et-0/0/31) using ae100 as the aggregator interface. This ae100 is a trunk that is carrying vlan 50 and vlan 100. leaf1a is configured with iccp address 10.0.0.1 on vlan 50 and switch leaf1b is iccp addressed 10.0.0.2 on vlan 50. We have the server connected to ports et-0/0/0:0 on both switches and the LACP is using ae1. 

ae1 is an access port with vlan 100. The gateway for the server is 10.0.1.254 and mcae is configured on the ae1. 

What we are seeing is pinging from the server to a different irb or l3 interface we get 90% packet loss to switch B. Pinging from the switches to the server sourced from the irb.100 vlan 100 gateway address of 10.0.1.254 about 99% of the time packets make it from switch A but only about 1% of the time does it work from switch B. 

JTAC is telling us that you can not have the same gateway for the server on both switches which would completely negate the LACP function. Also, we can not run this with vrrp as we need active/active, not active/standby.

Running a tap on the links, we can see that the packets are both being sourced from the same mac address and IP, so there should not be any arp or IP conflicts. We have tested this to make sure it is not a server config issue by also connecting a QFX5200 switch as if it is a server doing LACP to the two leaf switches and it exhibits the same behavior ruling out the possibility of it being anything on the server side of things. 

Anyone have any ideas or have a working config that you might be able to share?

------------------------------
TROY BEISIGL
------------------------------