[j-nsp] MC-LAG to EVPN migration triggering filter config bug?
Per Westerlund
p1 at westerlund.se
Thu Feb 20 19:32:46 UTC 2025
Status update:
Running a scaled down version in JCL (Juniper Cloud Labs) we recreated the problem, which is the reason I wrote the initial port.
However, later we redid the lab with a modified set of steps, and did NOT encounter the same issue. Everything behaved the way we expected.
Next week we will retry the setup in the customer environment, with the modified procedure. I will report back on the outcome.
I still believe there is a bug here. On the other hand, this is ”uncharted waters”. The procedure we are performing is obviously not verified/sanctioned, and it is probably also very uncommon. If we in the end succeed, I will promptly drop this matter as unimportant. I will probably not repeat this procedure ever.
/Per
On 19 Feb 2025, at 23:16, Roger Wiklund wrote:
> Hi
>
> Are you allowing UDP/4789 for VXLAN traffic in your RE filter?
> Can you enable logging on the deny term for the RE firewall filter in order
> to see what's being dropped?
>
> /Roger
More information about the juniper-nsp
mailing list