[j-nsp] MX960 question on bridge domain MTU and regex expression.

Terry Jones terry.jones at war-eagle.me
Fri Jan 25 13:46:03 EST 2013


Greetings all,

 

Two questions.any input is greatly appreciated - 

 

1.      According to Juniper MX series book, "a bridge domain will look at
all of the IFL's in the bridge domain that specifies the routing-interface
of the irb." I've had two separate incidences where a physically down
interface and a administratively disabled interface in with a vlan that is
part of a bridge domain caused an irb at 9000 bytes to be dropped to 1500
bytes (and it severely impacts operations if not at 9000). One issue was
with an xe interface configured under the bridge domain but was physically
down (someone removed the fiber connected to it) as well as a second issue
where an interface in the bridge domain was configured with disable and in
both instances, the irb was dropped to an MTU of 1500bytes. I tried hard
coding the MTU on the irb at 9000bytes, but the irb would still choose
1500bytes. Is there some a knob to override this behavior? And more
importantly is there a reason I wouldn't want this behavior overridden?

 

2.      Is there a way to write a regex expression for the following?

 

set firewall family ethernet-switching filter Block_macs term Block_UT_mac
from destination-mac-address <mac-address> 

            

where I can make a regex for the <mac-address>.ie - 00:ff:ff:[/w]. Basically
I want to block any mac that starts with 00:ff:ff. This is in a lab
environment and I need to block about 1000 macs, so a regex is much easier
than hand-jamming 1000 mac-addresses.

 

Thanks,

Terry 

 



More information about the juniper-nsp mailing list