[f-nsp] MLX with "route-only" port is forwarding VLAN1 BPDUs?

Gerald gerald at ax.tc
Fri Jun 24 18:38:51 EDT 2016


Thx a lot guys so far!!! You had put me in the right direction. I'am
going to check the various approaches against my setup to decide the
best for me.

Gerald

Am 25.06.2016 um 00:19 schrieb Ryan Harden:
> You can look into this as well.
> 
> 'no dual-mode-default-vlan’ 
> 
> As I understand, it turns off the ‘all ports are part of VLAN1’ (or whatever your default VLAN is) ‘feature’.
> 
> /Ryan
> 
> Ryan Harden
> Research and Advanced Networking Architect
> University of Chicago - ASN160
> P: 773.834.5441
> 
> 
> 
> 
>> On Jun 24, 2016, at 5:08 PM, i3D.net - Martijn Schmidt <martijnschmidt at i3d.net> wrote:
>>
>> Hi Gerald,
>>
>> There are more BPDU types than just spanning-tree.. :-) You should apply
>> "no fdp enable" and "no spanning-tree" on the physical interface ethe
>> 1/2, as well as "no ip redirect" and "ipv6 nd suppress-ra" on the VE's
>> which are facing that interface. This should be enough to make the MLXe
>> shut up if "route-only" is also enabled on a global level (though it
>> should be ok with an interface-level "route-only" setting too).
>>
>> Best regards,
>> Martijn Schmidt
>>
>> On 06/24/2016 11:59 PM, Gerald wrote:
>>> Oh, maybe the trick is disabling STP an the port too:
>>>
>>> !
>>> vlan 666 name dummy-layer3-vlan
>>> untag eth 1/2
>>> spanning-tree ethernet 1/2 disable
>>> !
>>>
>>> Am 24.06.2016 um 23:54 schrieb Gerald:
>>>> All right, I've tested this and now the MLX seems to generate VLAN666
>>>> BPDUs by itself on this port. At least I can see that the "BPDU Config
>>>> tx" counter is still rising.
>>>>
>>>> So I can stop flooding VLAN1 BPDUs from other ports but now we have new
>>>> VLAN666 BPDUs on that port transmitted.
>>>>
>>>> From one hell to the other... which one is better :-/
>>>>
>>>>
>>>> Gerald
>>>>
>>>> Am 24.06.2016 um 23:35 schrieb Clement Cavadore:
>>>>> Yes thats it ;)
>>>>>
>>>>> Le 24 juin 2016 23:30:02 GMT+02:00, Gerald <gerald at ax.tc> a écrit :
>>>>>> Oops, need sleep ;-)
>>>>>>
>>>>>> !
>>>>>> int eth 1/2
>>>>>> enable
>>>>>> route-only
>>>>>> ip addres 10.0.0.1/24
>>>>>> !
>>>>>> vlan 666 name dummy-layer3-vlan
>>>>>> untag eth 1/2
>>>>>> !
>>>>>>
>>>>>> Am 24.06.2016 um 23:27 schrieb Gerald:
>>>>>>> Thx Clement for this advice, did you mean something like this:
>>>>>>>
>>>>>>> !
>>>>>>> int eth 1/2
>>>>>>> enable
>>>>>>> route-only
>>>>>>> ip addres 10.0.0.1/14
>>>>>>> !
>>>>>>> vlan 666 name dummy-layer3-vlan
>>>>>>> untag eth 2/12
>>>>>>> !
>>>>>>>
>>>>>>>
>>>>>>> Gerald
>>>>>>>
>>>>>>> Am 24.06.2016 um 21:59 schrieb Clement Cavadore:
>>>>>>>> You should create some "dummy" vlans on route-only ports, to avoid
>>>>>> that. 
>>>>>>>> No problem having untagged vlan on any port with IP/routing
>>>>>> configuration. You even ca do this without any disturbance.
>>>>>>>> Le 24 juin 2016 21:53:08 GMT+02:00, Gerald <gerald at ax.tc> a écrit :
>>>>>>>>> The MLX got a reboot some weeks ago, this seems not to help. I'am
>>>>>>>>> afraid
>>>>>>>>> of your (1) note... :-(.
>>>>>>>>>
>>>>>>>>> Gerald
>>>>>>>>>
>>>>>>>>> Am 24.06.2016 um 21:27 schrieb Steven Raymond:
>>>>>>>>>>> On Jun 24, 2016, at 1:19 PM, Gerald <gerald at ax.tc> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Is there a way to stop this? I would have my "route-only" ports
>>>>>>>>> Layer2
>>>>>>>>>>> free and not disturb other Layer2 systems behind.
>>>>>>>>>> Old old notes I found said basically 1) “bpdus are sent even with
>>>>>>>>> route-only”, and 2) "you should reboot after applying route-only". 
>>>>>>>>>> Both of which may not helpful to you.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> foundry-nsp mailing list
>>>>>>>>> foundry-nsp at puck.nether.net
>>>>>>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>> _______________________________________________
>>> foundry-nsp mailing list
>>> foundry-nsp at puck.nether.net
>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>
>>
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
> 


More information about the foundry-nsp mailing list