[j-nsp] trouble setting up link agg between clustered SRX 550 and Cisco 6509

Andy Litzinger Andy.Litzinger at theplatform.com
Fri Aug 16 11:37:50 EDT 2013 

Hi Per,
  thanks for your suggestion.  I've set it up this way because I'm following this kb: https://kb.juniper.net/InfoCenter/index?page=content&id=KB22474

it's not exactly apples to apples since I'm not connecting to an EX and I'm connecting to two switches instead of one, but I don't think those details matter in this case.

Also, several people have pointed out that in the config I posted I had a difference with the channel mode (active vs passive) on the cisco side between the two ports I'm trying to aggregate.  I apologize- that is just the state I left it in during troubleshooting.  you'll note that the second interface, 8/2, is also actually shutdown in the config I posted.  I have tried setting both to active and both to passive with no luck.

-andy

> -----Original Message-----
> From: Per Westerlund [mailto:p1 at westerlund.se]
> Sent: Friday, August 16, 2013 12:54 AM
> To: Andy Litzinger
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] trouble setting up link agg between clustered SRX 550
> and Cisco 6509
> 
> The components of the SRX RETH-interfaces are not all active at the same
> time, this is a fail-over construct. One active link at the time.
> 
> You should be looking at the AE-interfaces instead, they are proper LACP
> aggregators.
> 
> /Per
> 
> 16 aug 2013 kl. 00:55 skrev Andy Litzinger
> <Andy.Litzinger at theplatform.com>:
> 
> > Has anyone had any difficulty creating a port channel between an SRX
> cluster (in this case, SRX 550s) and Cisco switches (in this case 6509s, non-
> VSS)?
> >
> > When I tried to bring up a second link in the link agg group the cisco side put
> it in state "I" which means:  standalone.  It also logged this message:
> > %EC-SP-5-CANNOT_BUNDLE_LACP: Gi8/2 is not compatible with
> aggregators
> > in channel 10 and cannot attach to them (flow control send of Gi8/2 is
> > on, Gi8/1 is off)
> >
> > I did some googling and found a couple articles that seemed to say that the
> SRX doesn't support flow-control so I tried turning it off on the cisco side.:
> > interface 8/1 flowcontrol send off
> > interface 8/2 flowcontrol send off
> > interface po10 flowconftorl send off
> >
> > This didn't help and when I shut/no shut the port channel on the cisco side
> the whole thing went offline and wouldn't come back until I rebuilt it.
> >
> > any ideas?
> >
> > SRX-A connects to 6509-A with 2 physical links bundled into reth0
> > SRX-B connects to 6509-B with 2 physical links bundled into reth0
> >
> > SRX side config:
> >> show configuration interfaces ge-0/0/4
> > gigether-options {
> >    redundant-parent reth0;
> > }
> >> show configuration interfaces ge-0/0/6
> > gigether-options {
> >    redundant-parent reth0;
> > }
> >> show configuration interfaces ge-9/0/4
> > gigether-options {
> >    redundant-parent reth0;
> > }
> >> show configuration interfaces ge-9/0/6
> > gigether-options {
> >    redundant-parent reth0;
> > }
> >
> >> show configuration interfaces reth0
> > vlan-tagging;
> > redundant-ether-options {
> >    redundancy-group 1;
> >    lacp {
> >        active;
> >        periodic fast;
> >    }
> > }
> > unit x {
> >    vlan-id x;
> >    family inet {
> >        address x.x.x.x/zz;
> >    }
> > }
> > unit y {
> >    vlan-id y;
> >    family inet {
> >        address x.x.x.x/zz;
> >    }
> > }
> >
> >
> > cisco side on 6509-A:
> > interface GigabitEthernet8/1
> > description srx01-g0/4
> > switchport
> > switchport trunk encapsulation dot1q
> > switchport trunk allowed vlan x,y
> > switchport mode trunk
> > switchport nonegotiate
> > spanning-tree portfast edge trunk
> > channel-group 10 mode active
> > end
> >
> > interface GigabitEthernet8/2
> > description srx01-g0/6
> > switchport
> > switchport trunk encapsulation dot1q
> > switchport trunk allowed vlan x,y
> > switchport mode trunk
> > switchport nonegotiate
> > shutdown
> > spanning-tree portfast edge trunk
> > channel-group 10 mode passive
> > end
> >
> > interface Port-channel10
> > description srx01-internal
> > switchport
> > switchport trunk encapsulation dot1q
> > switchport trunk allowed vlan x,y
> > switchport mode trunk
> > switchport nonegotiate
> > spanning-tree portfast edge trunk
> > end
> >
> > the 6509-B config is identical
> >
> > thanks!
> > -andy
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list