[f-nsp] Double-switched (looped) traffic on Netiron MLX
Valeri Streltsov
v.streltsov at tiera.org
Tue Mar 1 03:57:41 EST 2016
Hi
Looks like you have "route-only" globally or on physical port applied. Try to do "no route-only" on physical port first.
Valeri Streltsov
-----Original Message-----
From: foundry-nsp [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Franz Georg Kohler
Sent: Tuesday, March 1, 2016 11:53 AM
To: foundry-nsp at puck.nether.net
Subject: [f-nsp] Double-switched (looped) traffic on Netiron MLX
Hello,
I am currently seing traffic being blocked on a MLX setup where there are two VLANS:
First vlan (10 in this example) is a vlan with layer-3 ve interface.
Traffic is first sent via the internal VLAN to a firewall device.
Then it is switched using the external VLAN and finally being routed.
This is to make the traffic pass the firewall and not to switch it directly to the server, bypassing the firewall.
With this setup, MLX does not switch the traffic correctly until i set transparent-hw-flooding on the internal VLAN. ARP works but IP packets do not get forwarded.
Does anybody know why this is the case and if ther is any solution apart from setting transparent-hw-flooding?
+-------+
| | +-----------+
| ICX2 +---------------+ Server |
+------------+ | +-----------+
| +-------+
|
+-------+ |
| +-+
| MLX | VLAN 999
| +------------------+
+-------+ |
VLAN10/ve10 |
| +---+-------+
| | |
| | firewall |
+------------------+ |
+-----------+
Best regards,
Franz Georg Köhler
_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
More information about the foundry-nsp
mailing list