[j-nsp] EX4200 cluster duplicating traffic or broken mirror?

Abel Alejandro aalejandro at worldnetpr.com
Mon Sep 13 14:54:30 EDT 2010 

Hello,

I have a very strange behavior in my Juniper 4 X EX4200 switch cluster.
I am running version 10.0S1.1.

The problem is that the switch seems to be duplicating packets with a
different vlan (unless the mirror capabilities of the switch are just
broken).

aalejandro at mop-ex4200# show ethernet-switching-options |display set 
set ethernet-switching-options analyzer PRUEBA input ingress interface
all
set ethernet-switching-options analyzer PRUEBA output interface
ge-3/0/6.0

With this configuration, only ingress traffic should be sent to the
mirror port. I do a tcpdump from a specific client ignoring the vlan
2144 (which is the correct vlan for this client).

[root at sniffer ~]# tcpdump -i eth1 -ne "ether host 00:0c:42:59:8c:67 and
not vlan 2144"    
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes

0 packets captured
0 packets received by filter
0 packets dropped by kernel
[root at sniffer ~]#

I do not see any traffic, this is the expected behavior since the mac
address should only be seen on vlan 2144. 
However when I change the configuration to:

aalejandro at mop-ex4200# show ethernet-switching-options |display set 
set ethernet-switching-options analyzer PRUEBA input egress interface
all
set ethernet-switching-options analyzer PRUEBA output interface
ge-3/0/6.0

[root at sniffer ~]# tcpdump -i eth1 -ne "ether host 00:0c:42:59:8c:67 and
not vlan 2144" 
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
14:48:29.619339 00:0c:42:37:0f:46 > 00:0c:42:59:8c:67, ethertype 802.1Q
(0x8100), length 68: vlan 3614, p 0, ethertype IPv4, 0.0.0.0.20561 >
255.255.255.255.20561: UDP, length 22
14:48:29.621832 00:0c:42:59:8c:67 > 00:0c:42:37:0f:46, ethertype 802.1Q
(0x8100), length 68: vlan 2571, p 0, ethertype IPv4, 0.0.0.0.20561 >
255.255.255.255.20561: UDP, length 22
14:48:30.772194 00:0c:42:59:8c:67 > 01:00:5e:00:00:05, ethertype 802.1Q
(0x8100), length 86: vlan 3614, p 0, ethertype IPv4, 10.0.0.17 >
224.0.0.5: OSPFv2, Hello, length 48
14:48:30.772199 00:0c:42:59:8c:67 > 01:00:5e:00:00:05, ethertype 802.1Q
(0x8100), length 86: vlan 2229, p 0, ethertype IPv4, 10.0.0.17 >
224.0.0.5: OSPFv2, Hello, length 48
14:48:30.772205 00:0c:42:59:8c:67 > 01:00:5e:00:00:05, ethertype 802.1Q
(0x8100), length 86: vlan 3375, p 0, ethertype IPv4, 10.0.0.17 >
224.0.0.5: OSPFv2, Hello, length 48
14:48:30.772207 00:0c:42:59:8c:67 > 01:00:5e:00:00:05, ethertype 802.1Q
(0x8100), length 86: vlan 3375, p 0, ethertype IPv4, 10.0.0.17 >
224.0.0.5: OSPFv2, Hello, length 48

This is NOT the expected behavior. The EX is flooding the packets to a
set VLANs that do not even exist in the switch configuration.

aalejandro at mop-ex4200# show vlans |match 3375   

{master:0}[edit]
aalejandro at mop-ex4200# show|display set|match 3375 

{master:0}[edit]
aalejandro at mop-ex4200#

More information about the juniper-nsp mailing list