[j-nsp] trouble setting up link agg between clustered SRX 550 and Cisco 6509

Andy Litzinger Andy.Litzinger at theplatform.com
Fri Aug 16 18:08:54 EDT 2013


12.1R1.9

I'll check out the link, thanks!

here's a pretty sparse (only shows the SRX side) config example from the documenation that implies it is possible in 12.1...
https://www.juniper.net/techpubs/en_US/junos12.1/topics/example/chassis-cluster-redundant-ethernet-interface-link-aggregation-group-configuring-cli.html

-andy

> -----Original Message-----
> From: Per Westerlund [mailto:p1 at westerlund.se]
> Sent: Friday, August 16, 2013 3:07 PM
> To: Andy Litzinger
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] trouble setting up link agg between clustered SRX 550
> and Cisco 6509
> 
> What versions are you running?
> 
> Apparently L3 support for this type of config was available before the L2
> version was ready.
> 
> Being lazy, and not having access to equipment where I can set this up, I will
> start with a pointer to someone who did a similar thing a while ago:
> http://cooperlees.com/blog/?p=401
> 
> /Per
> 
> 16 aug 2013 kl. 17:37 skrev Andy Litzinger
> <Andy.Litzinger at theplatform.com>:
> 
> > Hi Per,
> >  thanks for your suggestion.  I've set it up this way because I'm
> > following this kb:
> > https://kb.juniper.net/InfoCenter/index?page=content&id=KB22474
> >
> > it's not exactly apples to apples since I'm not connecting to an EX and I'm
> connecting to two switches instead of one, but I don't think those details
> matter in this case.
> >
> > Also, several people have pointed out that in the config I posted I had a
> difference with the channel mode (active vs passive) on the cisco side
> between the two ports I'm trying to aggregate.  I apologize- that is just the
> state I left it in during troubleshooting.  you'll note that the second interface,
> 8/2, is also actually shutdown in the config I posted.  I have tried setting both
> to active and both to passive with no luck.
> >
> > -andy
> >
> >> -----Original Message-----
> >> From: Per Westerlund [mailto:p1 at westerlund.se]
> >> Sent: Friday, August 16, 2013 12:54 AM
> >> To: Andy Litzinger
> >> Cc: juniper-nsp at puck.nether.net
> >> Subject: Re: [j-nsp] trouble setting up link agg between clustered
> >> SRX 550 and Cisco 6509
> >>
> >> The components of the SRX RETH-interfaces are not all active at the
> >> same time, this is a fail-over construct. One active link at the time.
> >>
> >> You should be looking at the AE-interfaces instead, they are proper
> >> LACP aggregators.
> >>
> >> /Per
> >>
> >> 16 aug 2013 kl. 00:55 skrev Andy Litzinger
> >> <Andy.Litzinger at theplatform.com>:
> >>
> >>> Has anyone had any difficulty creating a port channel between an SRX
> >> cluster (in this case, SRX 550s) and Cisco switches (in this case
> >> 6509s, non- VSS)?
> >>>
> >>> When I tried to bring up a second link in the link agg group the
> >>> cisco side put
> >> it in state "I" which means:  standalone.  It also logged this message:
> >>> %EC-SP-5-CANNOT_BUNDLE_LACP: Gi8/2 is not compatible with
> >> aggregators
> >>> in channel 10 and cannot attach to them (flow control send of Gi8/2
> >>> is on, Gi8/1 is off)
> >>>
> >>> I did some googling and found a couple articles that seemed to say
> >>> that the
> >> SRX doesn't support flow-control so I tried turning it off on the cisco side.:
> >>> interface 8/1 flowcontrol send off
> >>> interface 8/2 flowcontrol send off
> >>> interface po10 flowconftorl send off
> >>>
> >>> This didn't help and when I shut/no shut the port channel on the
> >>> cisco side
> >> the whole thing went offline and wouldn't come back until I rebuilt it.
> >>>
> >>> any ideas?
> >>>
> >>> SRX-A connects to 6509-A with 2 physical links bundled into reth0
> >>> SRX-B connects to 6509-B with 2 physical links bundled into reth0
> >>>
> >>> SRX side config:
> >>>> show configuration interfaces ge-0/0/4
> >>> gigether-options {
> >>>   redundant-parent reth0;
> >>> }
> >>>> show configuration interfaces ge-0/0/6
> >>> gigether-options {
> >>>   redundant-parent reth0;
> >>> }
> >>>> show configuration interfaces ge-9/0/4
> >>> gigether-options {
> >>>   redundant-parent reth0;
> >>> }
> >>>> show configuration interfaces ge-9/0/6
> >>> gigether-options {
> >>>   redundant-parent reth0;
> >>> }
> >>>
> >>>> show configuration interfaces reth0
> >>> vlan-tagging;
> >>> redundant-ether-options {
> >>>   redundancy-group 1;
> >>>   lacp {
> >>>       active;
> >>>       periodic fast;
> >>>   }
> >>> }
> >>> unit x {
> >>>   vlan-id x;
> >>>   family inet {
> >>>       address x.x.x.x/zz;
> >>>   }
> >>> }
> >>> unit y {
> >>>   vlan-id y;
> >>>   family inet {
> >>>       address x.x.x.x/zz;
> >>>   }
> >>> }
> >>>
> >>>
> >>> cisco side on 6509-A:
> >>> interface GigabitEthernet8/1
> >>> description srx01-g0/4
> >>> switchport
> >>> switchport trunk encapsulation dot1q switchport trunk allowed vlan
> >>> x,y switchport mode trunk switchport nonegotiate spanning-tree
> >>> portfast edge trunk channel-group 10 mode active end
> >>>
> >>> interface GigabitEthernet8/2
> >>> description srx01-g0/6
> >>> switchport
> >>> switchport trunk encapsulation dot1q switchport trunk allowed vlan
> >>> x,y switchport mode trunk switchport nonegotiate shutdown
> >>> spanning-tree portfast edge trunk channel-group 10 mode passive end
> >>>
> >>> interface Port-channel10
> >>> description srx01-internal
> >>> switchport
> >>> switchport trunk encapsulation dot1q switchport trunk allowed vlan
> >>> x,y switchport mode trunk switchport nonegotiate spanning-tree
> >>> portfast edge trunk end
> >>>
> >>> the 6509-B config is identical
> >>>
> >>> thanks!
> >>> -andy
> >>>
> >>> _______________________________________________
> >>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >




More information about the juniper-nsp mailing list