[f-nsp] Double-switched (looped) traffic on Netiron MLX

i3D.net - Martijn Schmidt martijnschmidt at i3d.net
Tue Mar 1 03:59:02 EST 2016 

The MLX platform is not a layer2 switch by default, so there are two
ways to solve this problem:

a) Use a VLL-local to bridge VLAN 999 from the firewall, through the
MLX, to the ICX2. Then the MLX does not even learn the MAC addresses of
the packets which are passing through.

b) Perform a "no route-only" on all the interfaces which are involved in
layer2 switching.

On 03/01/2016 09:57 AM, Valeri Streltsov wrote:
> Hi
>
> Looks like you have "route-only" globally or on physical port applied. Try to do "no route-only" on physical port first.
>
> Valeri Streltsov
>
> -----Original Message-----
> From: foundry-nsp [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Franz Georg Kohler
> Sent: Tuesday, March 1, 2016 11:53 AM
> To: foundry-nsp at puck.nether.net
> Subject: [f-nsp] Double-switched (looped) traffic on Netiron MLX
>
> Hello,
>
> I am currently seing traffic being blocked on a MLX setup where there are two VLANS:
> First vlan (10 in this example) is a vlan with layer-3 ve interface.
> Traffic is first sent via the internal VLAN to a firewall device.
> Then it is switched using the external VLAN and finally being routed.
> This is to make the traffic pass the firewall and not to switch it directly to the server, bypassing the firewall.
>
> With this setup, MLX does not switch the traffic correctly until i set transparent-hw-flooding on the internal VLAN. ARP works but IP packets do not get forwarded.
>
> Does anybody know why this is the case and if ther is any solution apart from setting transparent-hw-flooding?
>
>
>
>                            +-------+
>                            |       |               +-----------+
>                            | ICX2  +---------------+  Server   |
>               +------------+       |               +-----------+
>               |            +-------+
>               |
>     +-------+ |
>     |       +-+
>     |  MLX  | VLAN 999
>     |       +------------------+
>     +-------+                  |
> VLAN10/ve10                   |
>         |                  +---+-------+
>         |                  |           |
>         |                  | firewall  |
>         +------------------+           |
>                            +-----------+
>
>
>
> Best regards,
>
> Franz Georg Köhler
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

-- 
Met vriendelijke groet / Kindest regards,
Martijn Schmidt


i3D.net performance hosting 	
*Martijn Schmidt | Network Architect*
Email: martijnschmidt at i3d.net <mailto://martijnschmidt@i3d.net> | Tel:
+31 10 8900070

*i3D.net B.V. | Global Backbone AS49544*
Van Nelleweg 1, 3044 BC Rotterdam, The Netherlands
VAT: NL 8202.63.886.B01

Website
<http://www.i3d.net/?utm_source=emailsignature&utm_medium=email&utm_campaign=home>
| Case Studies
<http://www.i3d.net/partners/?utm_source=emailsignature&utm_medium=email&utm_campaign=case-studies>
| LinkedIn <https://www.linkedin.com/company/i3d-net>
	

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20160301/301597bf/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: i3Dlogo-email.png
Type: image/png
Size: 1685 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20160301/301597bf/attachment.png>

More information about the foundry-nsp mailing list