[j-nsp] EX Switches - Internet Exchange Points
Jonathan Lassoff
jof at thejof.com
Thu Mar 25 16:26:48 EDT 2010
Excerpts from Paul Stewart's message of Thu Mar 25 13:09:51 -0700 2010:
> Thanks very much for the reply...
>
> The AMS-IX guide I've been through but their Juniper section isn't nearly as
> detailed as the Cisco side... good guide for sure. ;)
>
> The MAC shown in my example below is actually the correct MAC for the layer3
> facing interface ... so you're suggesting to create a filter to only allow
> that MAC to be 'sent out' to the peering switch? We never had to do this in
> the Cisco world using the configurations I sent in my original post hence
> some of my confusion...
Indeed, Cisco is a big global player in the switching market, so many
guides and experience are with Cisco gear.
There's probably some other protocol running that's causing frames from
other source MACs to be sent out of your port facing the peering switch,
either from your Juniper or your Cisco interface.
Maybe implement port security on your downstream interfaces that are on
your peering VLAN/bridge..
If you can track down that protocol and disable it out of the interface
in question, all the better.
I was suggesting an L2 filter since if it's supported, it should give
you the effect you want for the least amount of effort (no packet
tracing, taps, etc.), but it comes at the cost of having to go back and
change the filter if you want to change routers.
Cheers,
jof
More information about the juniper-nsp
mailing list