[f-nsp] Double-switched (looped) traffic on Netiron MLX
Franz Georg Köhler
lists at openunix.de
Tue Mar 1 03:52:41 EST 2016
Hello,
I am currently seing traffic being blocked on a MLX setup where there
are two VLANS:
First vlan (10 in this example) is a vlan with layer-3 ve interface.
Traffic is first sent via the internal VLAN to a firewall device.
Then it is switched using the external VLAN and finally being routed.
This is to make the traffic pass the firewall and not to switch it
directly to the server, bypassing the firewall.
With this setup, MLX does not switch the traffic correctly until i set
transparent-hw-flooding on the internal VLAN. ARP works but IP packets
do not get forwarded.
Does anybody know why this is the case and if ther is any solution apart
from setting transparent-hw-flooding?
+-------+
| | +-----------+
| ICX2 +---------------+ Server |
+------------+ | +-----------+
| +-------+
|
+-------+ |
| +-+
| MLX | VLAN 999
| +------------------+
+-------+ |
VLAN10/ve10 |
| +---+-------+
| | |
| | firewall |
+------------------+ |
+-----------+
Best regards,
Franz Georg Köhler
More information about the foundry-nsp
mailing list