[j-nsp] MX204: 802.3ad LAG 2 x 1 G with a Palo Alto firewall

Antti Ristimäki antti.ristimaki at csc.fi
Thu Mar 18 07:41:50 EDT 2021 

Hi,

I don't know what the current state is, but at least initially LAG was not supported in MX204 interfaces when running them at 1G speed. At least the official documentation states that this holds true still.

Antti

----- On 18 Mar, 2021, at 13:30, Emmanuel Halbwachs Emmanuel.Halbwachs at obspm.fr wrote:

> Hello,
> 
> I'm having hard times moving a 2 x 1 Gb/s LAG with a Palo Alto
> firewall from a MX5 to a MX204. The MX204 is on my side, the firewall
> to the partner side. The firewall have 10G interfaces, but we're stuck
> to 1G because of the MMF underground link between the two campuses.
> 
> The LAG is seen UP on the MX204 but DOWN on the firewall.
> 
> If I put a 10G switch before the MX204, using the same transceivers, I
> can ping the remote side. It worked with a MX5. So there must be
> something with my MX204 configuration.
> 
> If a good soul from here could point me a clue or a direction where to
> dig, it will make my day.
> 
> Here is what seems relevant to me:
> 
> chassis {
>    aggregated-devices {
>	ethernet {
>	    device-count 1;
>	}
>    }
>    fpc 0 {
>	pic 1 {
>	    port 4 {
>		speed 10g;
>	    }
>	    port 5 {
>		speed 10g;
>	    }
>	}
>    }
> }
> interfaces {
>    xe-0/1/4 {
>	description "IAP (LAG 1/2)";
>	gigether-options {
>	    802.3ad ae0;
>	    speed 1g;
>	}
>    }
>    xe-0/1/5 {
>	description "IAP (LAG 2/2)";
>	gigether-options {
>	    802.3ad ae0;
>	    speed 1g;
>	}
>    }
>    ae0 {
>	description "IAP (LAG)";
>	unit 0 {
>	    family bridge {
>		interface-mode access;
>		vlan-id 4000;
>	    }
>	}
>    }
>    irb {
>	unit 4000 {
>	    description IAP-INTERCO-TEST;
>	    family inet {
>		address 145.238.192.9/30;
>	    }
>	}
>    }
> }
> 
> eh-adm at ro-p-coeur> show interfaces xe-0/1/4 terse
> Interface               Admin Link Proto    Local                 Remote
> xe-0/1/4                up    up
> xe-0/1/4.0              up    up   aenet    --> ae0.0
> 
> eh-adm at ro-p-coeur> show interfaces xe-0/1/5 terse
> Interface               Admin Link Proto    Local                 Remote
> xe-0/1/5                up    up
> xe-0/1/5.0              up    up   aenet    --> ae0.0
> 
> eh-adm at ro-p-coeur> show interfaces ae0 terse
> Interface               Admin Link Proto    Local                 Remote
> ae0                     up    up
> ae0.0                   up    up   bridge
> 
> eh-adm at ro-p-coeur> show interfaces xe-0/1/4 brief
> Physical interface: xe-0/1/4, Enabled, Physical link is Up
>  Link-level type: Ethernet, MTU: 1514, MRU: 1522, LAN-PHY mode, Speed: 10Gbps,
>  Loopback: None, Source filtering: Disabled,
>  Flow control: Disabled, Speed Configuration: 1G
>  Device flags   : Present Running
>  Interface flags: SNMP-Traps Internal: 0x4000
>  Link flags     : None
> 
>  Logical interface xe-0/1/4.0
>    Flags: Up SNMP-Traps 0x24024000 Encapsulation: Ethernet-Bridge
>    aenet
> 
> eh-adm at ro-p-coeur> show interfaces xe-0/1/5 brief
> Physical interface: xe-0/1/5, Enabled, Physical link is Up
>  Link-level type: Ethernet, MTU: 1514, MRU: 1522, LAN-PHY mode, Speed: 10Gbps,
>  Loopback: None, Source filtering: Disabled,
>  Flow control: Disabled, Speed Configuration: 1G
>  Device flags   : Present Running
>  Interface flags: SNMP-Traps Internal: 0x4000
>  Link flags     : None
> 
>  Logical interface xe-0/1/5.0
>    Flags: Up SNMP-Traps 0x24024000 Encapsulation: Ethernet-Bridge
>    aenet
> 
> eh-adm at ro-p-coeur> show interfaces ae0 brief
> Physical interface: ae0, Enabled, Physical link is Up
>  Link-level type: Ethernet, MTU: 1514, Speed: 20Gbps, Loopback: Disabled, Source
>  filtering: Disabled, Flow control: Disabled
>  Device flags   : Present Running
>  Interface flags: SNMP-Traps Internal: 0x4000
> 
>  Logical interface ae0.0
>    Flags: Up SNMP-Traps 0x24024000 Encapsulation: Ethernet-Bridge
>    bridge
> 
> eh-adm at ro-p-coeur> ping firewall-iap-test
> PING firewall-iap-test.obspm.fr (145.238.192.10): 56 data bytes
> ^C
> --- firewall-iap-test.obspm.fr ping statistics ---
> 3 packets transmitted, 0 packets received, 100% packet loss
> 
> --
> Emmanuel Halbwachs                  DIO/CASTORS/Resp. Réseau,Sécurité
> Observatoire de Paris                             ✆ +33 1 45 07 75 54
> Campus Paris  : 61 av. de l'Observatoire   F 75014 PARIS
> Campus Meudon : 11 av. Marcellin Berthelot F 92190 MEUDON
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> 
> --

More information about the juniper-nsp mailing list