[j-nsp] MX240/SRX240 vpls loop problem

Andreas Lund andreas.lund at oikt.no
Mon Jul 25 04:36:06 EDT 2011 

 

We have a core network with three MX240 routers. Most WAN sites are connected either via an EX8208 switch or via SRX240 routers. We have a mixed environment where new client zones are distributed using L3VPN, old vlans are distributed using VPLS.

 

Unfortunately, we are having problems with VPLS on the SRX240 routers. When a site is connected, we see MAC FLAP messages on the MX240s and "show l2-learning mac-move-buffer" shows that hosts are flapping between their appropriate ports and the LSI interfaces on SRX240 routers where they do not belong. This is confirmed by examining the MAC address tables on MX240 using "show vpls mac-table". 

 

Obviously, communication is very unreliable (~50% packet loss, lots of duplicates.) All sites use Cisco 2950 and 2960 switches locally and there are no physical loops; the problem appears even when connecting a site with only a single access port on the relevant vlan, connected directly to the client host.

 

We have so far been unable to reproduce the problem in a test environment with a handful of SRX240 routers and Cisco switches. This may suggest an interop/signalling issue between MX240 and SRX240.

 

1. Has anyone else successfully deployed something similar?

2. Is there any way to show the MAC address table for a VPLS instance on the SRX240?

 

 

oikt at RARUSK-GW-01> show configuration interfaces ge-0/0/6  

description "TRUNK to RABUBO";

vlan-tagging;

encapsulation flexible-ethernet-services;

unit 10 {

    description "RABUBO Site_Management";

    vlan-id 10;

    family inet {

        address x.x.x.x/x;

    }

}

unit 32 {

    description "RABUBO Intern Klientsone";

    vlan-id 32;

    family inet {

        address x.x.x.x/x;

    }

}

unit 56 {

    description "RABUBO Sikret Klientsone";

    vlan-id 56;

    family inet {

        address x.x.x.x/x;

    }

}

unit 158 {

    description LEGACY_158_IpTelefoni;

    encapsulation vlan-vpls;

    vlan-id 158;

}

 

 

oikt at RARUSK-GW-01> show configuration routing-instances VPLS-LEGACY_158_IP-telefoni 

instance-type vpls;

interface ge-0/0/6.158;

route-distinguisher x.x.x.x:00158;

vrf-target target:65100:158;

protocols {

    vpls {

        site-range 25;

        no-tunnel-services;

        site RARUSK {

            site-identifier 13;

        }

    }

}

 

 

--

Regards,

 

Andreas Lund

(storage/backup/network/databases)

Øyeren IKT -- http://www.oikt.no <http://www.oikt.no> 

Servicedesk: 6383 5200

Direkte: tlf.6383 5287, mob.900 77 162

More information about the juniper-nsp mailing list