[f-nsp] Double-switched (looped) traffic on Netiron MLX

Franz Georg Koehler lists at openunix.de
Tue Mar 1 05:12:05 EST 2016


On Tue, Mar 01, 2016 at 09:59:02AM +0100, i3D.net - Martijn Schmidt wrote:
> The MLX platform is not a layer2 switch by default, so there are two
> ways to solve this problem:
> 
> a) Use a VLL-local to bridge VLAN 999 from the firewall, through the
> MLX, to the ICX2. Then the MLX does not even learn the MAC addresses of
> the packets which are passing through.
> 
> b) Perform a "no route-only" on all the interfaces which are involved in
> layer2 switching.

There is already no route-only set on the interfaces in question (I forgot to
mention that). The device is acting as switch & router.  Otherwise, the
internal VLAN would not be switched with transparent-hw-flooding set as well.

I see that the switching does not work until transparent-hw-flooding is set. I
wonder if this is related to the same mac address showing up in two different
VLANs or some kind of loop detection. If transparent-hw-flooding is set, the
device just floods all the traffic without analyzing it.



Best regards,

Franz Georg Köhler


More information about the foundry-nsp mailing list