Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
I've a strange behaviour on one of my customer.
Currently in place two types of Virtaul-chassis with two members:
POD1 = 2 x QFX mixed (QFX5110 master routing engine + QFX5100 line card)
POD2 = 2 x QFX mixed but the first two member are equivalent (QFX5110 master routing engine + QFX5110 backup routing engine when we'll add the third member it will be QFX5100)
Each POD is connected with two different AE to two different MX over VPLS (multihomed active passive), loops are managed via VPLS multihoming feature and RSTP over the trunks.
On POD there is Layer2, Layer3 and systems connected speaking OSPF with MX.
What happens ?
During testing phase once we try a failover of the trunks POD to MX we see DDOS protection mechanism triggered on MX only for POD1 and never for POD2.
Depending on the quantity of traffic we also see VRRP failover, BFD flaps, etc on MX
Trunks MX to POD are on the two different members, which is:
for POD1 Master RE-trunk to MX1 and Backup RE-trunk to MX2
for POD2 Master RE-trunk to MX1 and linecard-trunk to MX2
The questions: what can cause the issue ? syncronization Master RE to lincard create a loop ? a storm ? why not happens in the POD2 scenario where we have Master and backup routing engine only ?
Thanks in advance for your help
I can't remember the exact errors but this reminds me of a similar upgrade process on MX where the issue was a significant difference between the running active configuration and the saved rescue configuration.The solution for clean upgrade was to create a new updated rescue configuration immediately prior to running the upgrade.