View Only
last person joined: 21 hours ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  strange issue ddos

    Posted 04-28-2023 10:46

    Dear experts

    I've a strange behaviour on one of my customer.

    Currently in place two types of Virtaul-chassis with two members:

    POD1 = 2 x QFX mixed (QFX5110  master routing engine + QFX5100 line card)

    POD2 = 2 x QFX mixed but the first two member are equivalent (QFX5110 master routing engine + QFX5110 backup routing engine when we'll add the third member it will be QFX5100)

    Each POD is connected with two different AE to two different MX over VPLS (multihomed active passive), loops are managed via VPLS multihoming feature and RSTP over the trunks.

    On POD there is Layer2, Layer3 and systems connected speaking OSPF with MX.

    What happens ?

    During testing phase once we try a failover of the trunks POD to MX we see DDOS protection mechanism triggered on MX only for POD1 and never for POD2.

    Depending on the quantity of traffic we also see VRRP failover, BFD flaps, etc on MX

    Trunks MX to POD are on the two different members, which is:

    for POD1 Master RE-trunk to MX1 and Backup RE-trunk to MX2

    for POD2 Master RE-trunk to MX1 and linecard-trunk to MX2

    The questions: what can cause the issue ? syncronization Master RE to lincard create a loop ? a storm ? why not happens in the POD2 scenario where we have Master and backup routing engine only ?

    Thanks in advance for your help


    james lasky

  • 2.  RE: strange issue ddos

    Posted 04-30-2023 16:00

    I can't remember the exact errors but this reminds me of a similar upgrade process on MX where the issue was a significant difference between the running active configuration and the saved rescue configuration.

    The solution for clean upgrade was to create a new updated rescue configuration immediately prior to running the upgrade.

    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)

  • 3.  RE: strange issue ddos

    Posted 05-02-2023 03:10

    The failover I meant is about uplink (QFX VC to MX), not about routing engine.
    I'm not sure why you're talking about configuration sync.

    james lasky