[j-nsp] mc-lag standby peer not ageing out MAC addresses

Maxwell Cole mcole.mailinglists at gmail.com
Wed Mar 18 14:58:31 EDT 2015


Hi,

Do you have mcae-mac-synchronize enabled in the bridge domain? (If you 
are using them)

On 3/18/15 2:22 PM, Luca Salvatore wrote:
> Hi,
>
> We have multi-chassis enabled for ae0 only, do you have any juniper
> document that mentions it is needed on all mc-lag links?  We speak to ATAC
>   quite a lot a this has never been mentioned to us.
> We use static ARPs on all IRBs where VRRP is running and also for the ICL
> link.
>
> I don't think the redundant path would matter.  irb.6 is used for ICCP and
> there is a static ARP on that IRB set to use AE0.
> MC-LAG as a whole is functionally fine.  Its just the MAC address ageing
> which is the problem.
>
> For example, yesterday I shutdown a VM running off one of the MC-LAG
> interfaces. Core1 aged it out after the standard 5 minutes, but it was
> never aged out of core2.  Its been 20 hours since it was removed from core1
> and core2 still has the MAC in the table.
>
> On Wed, Mar 18, 2015 at 2:04 PM, Syed Iftikhar Ahmed <iahmed at emw-me.com>
> wrote:
>
>>   Hi,
>>
>>   I think iccp is up because you have a redundant path available using
>> ae10 to reach iccp peer. I faced similar issue on a customer site and had
>> to separate iccp link using l3 lag  between chassis.
>> Also please check if you have multi-chassis protection enabled, we enabled
>> it on mc-lag interfaces as well as mc-lag unit0 as well as per Engineering
>> recommendation. Also for arp learning we need to add arp entry for each irb
>> interface to ensure arp is learned over ICL link not via a mc-lag
>> interface.
>> I assume you have rstp disabled already for mc-lag interfaces.
>>
>>
>> Sent from my iPhone
>>
>> On Mar 18, 2015, at 9:35 PM, Luca Salvatore <luca at digitalocean.com> wrote:
>>
>>    here it all is.
>> You'll just have to trust me that the ping works between peers using the
>> ICCP IP.
>> We use public addressing on these and I don't want to post the public IPs
>> here.  I've changed them to 10.1.1.1 and 10.1.1.2 in the output.  I'm able
>> to ping without issue.
>>
>>   Some details
>> ae0 is the iccp / icl link
>> ae10 is a random mc-lag interface
>>
>>   We have been running this config in prod in numerous sites for a while.
>> This particular set of switches has a difference of about 80,000 mac
>> addresses between each core.
>>
>>   core1> show interfaces mc-ae id 10
>>   Member Link                  : ae10
>>   Current State Machine's State: mcae active state
>>   Local Status                 : active
>>   Local State                  : up
>>   Peer Status                  : active
>>   Peer State                   : up
>>       Logical Interface        : ae10.0
>>       Topology Type            : bridge
>>       Local State              : up
>>       Peer State               : up
>>       Peer Ip/MCP/State        : 10.1.1.2 ae0.0 up
>>
>> core1> show configuration interfaces ae0 | display set
>> set interfaces ae0 mtu 1522
>> set interfaces ae0 aggregated-ether-options link-speed 10g
>> set interfaces ae0 aggregated-ether-options lacp active
>> set interfaces ae0 aggregated-ether-options lacp periodic fast
>> set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
>> set interfaces ae0 unit 0 family ethernet-switching vlan members 1010-1050
>>
>>   core1> show configuration interfaces ae10 | display set
>> set interfaces ae10 mtu 1522
>> set interfaces ae10 aggregated-ether-options link-speed 10g
>> set interfaces ae10 aggregated-ether-options lacp active
>> set interfaces ae10 aggregated-ether-options lacp periodic fast
>> set interfaces ae10 aggregated-ether-options lacp system-id
>> 00:00:00:00:00:10
>> set interfaces ae10 aggregated-ether-options lacp admin-key 8888
>> set interfaces ae10 aggregated-ether-options mc-ae mc-ae-id 10
>> set interfaces ae10 aggregated-ether-options mc-ae redundancy-group 3
>> set interfaces ae10 aggregated-ether-options mc-ae chassis-id 0
>> set interfaces ae10 aggregated-ether-options mc-ae mode active-active
>> set interfaces ae10 aggregated-ether-options mc-ae status-control active
>> set interfaces ae10 aggregated-ether-options mc-ae events iccp-peer-down
>> prefer-status-control-active
>> set interfaces ae10 unit 0 family ethernet-switching interface-mode trunk
>> set interfaces ae10 unit 0 family ethernet-switching vlan members 1010-1050
>>
>>
>>   core1> show configuration protocols iccp | display set
>> set protocols iccp local-ip-addr 10.1.1.1
>> set protocols iccp peer 10.1.1.2 redundancy-group-id-list 3
>> set protocols iccp peer 10.1.1.2 liveness-detection minimum-interval 500
>> set protocols iccp peer 10.1.1.2 liveness-detection
>> minimum-receive-interval 500
>> set protocols iccp peer 10.1.1.2 liveness-detection multiplier 2
>> set protocols iccp peer 10.1.1.2 liveness-detection transmit-interval
>> minimum-interval 1000
>> set protocols iccp peer 10.1.1.2 liveness-detection detection-time
>> threshold 2000
>>
>>
>>   core2> show interfaces mc-ae id 10
>>   Member Link                  : ae10
>>   Current State Machine's State: mcae active state
>>   Local Status                 : active
>>   Local State                  : up
>>   Peer Status                  : active
>>   Peer State                   : up
>>       Logical Interface        : ae10.0
>>       Topology Type            : bridge
>>       Local State              : up
>>       Peer State               : up
>>       Peer Ip/MCP/State        : 10.1.1.1 ae0.0 up
>>
>>
>> core2> show configuration interfaces ae0 | display set
>> set interfaces ae0 mtu 1522
>> set interfaces ae0 aggregated-ether-options link-speed 10g
>> set interfaces ae0 aggregated-ether-options lacp active
>> set interfaces ae0 aggregated-ether-options lacp periodic fast
>> set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
>> set interfaces ae0 unit 0 family ethernet-switching vlan members 1010-1050
>>
>>   core2> show configuration interfaces ae10 | display set
>> set interfaces ae10 mtu 1522
>> set interfaces ae10 aggregated-ether-options link-speed 10g
>> set interfaces ae10 aggregated-ether-options lacp active
>> set interfaces ae10 aggregated-ether-options lacp periodic fast
>> set interfaces ae10 aggregated-ether-options lacp system-id
>> 00:00:00:00:00:10
>> set interfaces ae10 aggregated-ether-options lacp admin-key 8888
>> set interfaces ae10 aggregated-ether-options mc-ae mc-ae-id 10
>> set interfaces ae10 aggregated-ether-options mc-ae redundancy-group 3
>> set interfaces ae10 aggregated-ether-options mc-ae chassis-id 1
>> set interfaces ae10 aggregated-ether-options mc-ae mode active-active
>> set interfaces ae10 aggregated-ether-options mc-ae status-control standby
>> set interfaces ae10 aggregated-ether-options mc-ae events iccp-peer-down
>> prefer-status-control-active
>> set interfaces ae10 unit 0 family ethernet-switching interface-mode trunk
>> set interfaces ae10 unit 0 family ethernet-switching vlan members 1010-1050
>>
>>   set protocols iccp local-ip-addr 10.1.1.2
>> set protocols iccp peer 10.1.1.1 redundancy-group-id-list 3
>> set protocols iccp peer 10.1.1.1 liveness-detection minimum-interval 500
>> set protocols iccp peer 10.1.1.1 liveness-detection
>> minimum-receive-interval 500
>> set protocols iccp peer 10.1.1.1 liveness-detection multiplier 2
>> set protocols iccp peer 10.1.1.1 liveness-detection transmit-interval
>> minimum-interval 1000
>> set protocols iccp peer 10.1.1.1 liveness-detection detection-time
>> threshold 2000
>>
>> On Wed, Mar 18, 2015 at 12:13 PM, Syed Iftikhar Ahmed <iahmed at emw-me.com>
>> wrote:
>>
>>>   Sh interface mc-ae id xx
>>> Iccp link configuration.
>>> Ping output between chassis using iccp ips
>>> And any one mc-lag interface config from both chassis
>>>
>>> Sent from my iPhone
>>>
>>> On Mar 18, 2015, at 7:50 PM, Luca Salvatore <luca at digitalocean.com>
>>> wrote:
>>>
>>>    Hi,
>>>
>>>   Yes VRRP is in use.  Running 13.2R5.10, single RE.
>>> Running active-active
>>>
>>>   What config do you want to see?  I don't want to post the whole thing.
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Mar 17, 2015 at 7:09 PM, Syed Iftikhar Ahmed <iahmed at emw-me.com>
>>> wrote:
>>>
>>>> Is it active/ active or active/ standby setup. Config for 9200 is
>>>> different than the One mentioned jn Kb, are you using vrrp as well?
>>>> Please post your config, junos version.
>>>>
>>>> Do you have two RE in chassis or one?
>>>>
>>>> Sent from my iPhone
>>>>
>>>>> On Mar 18, 2015, at 12:39 AM, Luca Salvatore <luca at digitalocean.com>
>>>> wrote:
>>>>> Hi,
>>>>>
>>>>> Anyone seen an issue where the standby mc-lag peer does not age out
>>>> MACs
>>>>> that it has learned from the active peer?
>>>>>
>>>>> i'm seeing a huge difference in the mac address count on two ex9208
>>>> mc-lag
>>>>> peers.  By huge I mean about 75,000 difference.
>>>>>
>>>>> some basic testing shows that when a mac address is aged out of the
>>>> active
>>>>> peer, the standby one just keeps it forever.
>>>>>
>>>>> Thanks
>>>>> Luca.
>>>>   > _______________________________________________
>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>>
>>>   --
>>>      Luca Salvatore
>>> Network Engineer
>>> Cell: +1 (929) 214-7242
>>> Desk: +1 (347) 305-4030
>>>
>>>
>>
>>   --
>>      Luca Salvatore
>> Network Engineer
>> Cell: +1 (929) 214-7242
>> Desk: +1 (347) 305-4030
>>
>>
>



More information about the juniper-nsp mailing list