Data Center

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about Data Center Architecture and approaches.
  • 1.  strange issue ddos

    Posted 04-28-2023 08:24

    Dear experts<o:p></o:p>

    I've a strange behaviour on one of my customer.<o:p></o:p>

    Currently in place two types of Virtaul-chassis with two members:<o:p></o:p>

    POD1 = 2 x QFX mixed (QFX5110  master routing engine + QFX5100 line card)<o:p></o:p>

    POD2 = 2 x QFX mixed but the first two member are equivalent (QFX5110 master routing engine + QFX5110 backup routing engine when we'll add the third member it will be QFX5100)<o:p></o:p>

    <o:p> </o:p>

    Each POD is connected with two different AE to two different MX over VPLS (multihomed active passive), loops are managed via VPLS multihoming feature and RSTP over the trunks.<o:p></o:p>

    On POD there is Layer2, Layer3 and systems connected speaking OSPF with MX.<o:p></o:p>

    What happens ?<o:p></o:p>

    During testing phase once we try a failover of the trunks POD to MX we see DDOS protection mechanism triggered on MX only for POD1 and never for POD2.<o:p></o:p>

    Depending on the quantity of traffic we also see VRRP failover, BFD flaps, etc on MX<o:p></o:p>

    Trunks MX to POD are on the two different members, which is:<o:p></o:p>

    for POD1 Master RE-trunk to MX1 and Backup RE-trunk to MX2<o:p></o:p>

    for POD2 Master RE-trunk to MX1 and linecard-trunk to MX2<o:p></o:p>

    The questions: what can cause the issue ? syncronization Master RE to lincard create a loop ? a storm ? why not happens in the POD2 scenario where we have Master and backup routing engine only ?<o:p></o:p>

    <o:p> </o:p>

    Thanks in advance for your help<o:p></o:p>


    james lasky

  • 2.  RE: strange issue ddos

    Posted 04-30-2023 16:01

    I can't remember the exact errors but this reminds me of a similar upgrade process on MX where the issue was a significant difference between the running active configuration and the saved rescue configuration.

    The solution for clean upgrade was to create a new updated rescue configuration immediately prior to running the upgrade.

    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)