Hi,

We have replace the virtual chassis member fpc1 with similar junos version and correct cable connection and reboot the VC but still FPC1 status is --> Not present.

The FPC1 serial no. showing in below output is old one(1 (FPC 1) NotPrsnt TG4519050201). we could not see new serial no. even we connect the new switch(Sr. no. TG4519067234)

Please suggest how to fix it.

{master:0}
VC-ROOT> show virtual-chassis mode
fpc0:
--------------------------------------------------------------------------
Current mode : Virtual Chassis with similar devices
Future mode after reboot : Virtual Chassis with similar devices

fpc2:
--------------------------------------------------------------------------
Current mode : Virtual Chassis with similar devices
Future mode after reboot : Virtual Chassis with similar devices
=====================================================================================================

VC-ROOT> show virtual-chassis status

Virtual Chassis ID: df06.dd57.82B8
Virtual Chassis Mode: Enabled
Mstr Mixed Route Neighbor List
Member ID Status Serial No Model prio Role Mode Mode ID Interface
0 (FPC 0) Prsnt TG4519100073 ex3400-48p 255 Master* N VC 4 vcp-255/1/0
5 vcp-255/1/1
1 (FPC 1) NotPrsnt TG4519050201
2 (FPC 2) Prsnt TG4519050862 ex3400-48p 128 Linecard N VC 5 vcp-255/1/0
3 vcp-255/1/1
3 (FPC 3) Prsnt TG4519140019 ex3400-48p 128 Linecard N VC 2 vcp-255/1/0
4 vcp-255/1/1
4 (FPC 4) Prsnt TG459050498 ex3400-48p 128 Linecard N VC 3 vcp-255/1/0
0 vcp-255/1/1
5 (FPC 5) Prsnt TG4517280286 ex3400-48p 128 Backup N VC 0 vcp-255/1/0
2 vcp-255/1/1

Member ID for next new member: 6 (FPC 6)
=======================================================================================================
VC-ROOT> show virtual-chassis vc-port
fpc0:
--------------------------------------------------------------------------
Interface Type Trunk Status Speed Neighbor
or ID (mbps) ID Interface
PIC / Port
1/0 Configured -1 Up 40000 4 vcp-255/1/1
1/1 Configured -1 Up 40000 5 vcp-255/1/0

fpc2:
--------------------------------------------------------------------------
Interface Type Trunk Status Speed Neighbor
or ID (mbps) ID Interface
PIC / Port
1/0 Configured -1 Up 40000 5 vcp-255/1/1
1/1 Configured -1 Up 40000 3 vcp-255/1/0

fpc3:
--------------------------------------------------------------------------
Interface Type Trunk Status Speed Neighbor
or ID (mbps) ID Interface
PIC / Port
1/0 Configured -1 Up 40000 2 vcp-255/1/1
1/1 Configured -1 Up 40000 4 vcp-255/1/0

fpc4:
--------------------------------------------------------------------------
Interface Type Trunk Status Speed Neighbor
or ID (mbps) ID Interface
PIC / Port
1/0 Configured -1 Up 40000 3 vcp-255/1/1
1/1 Configured -1 Up 40000 0 vcp-255/1/0

fpc5:
--------------------------------------------------------------------------
Interface Type Trunk Status Speed Neighbor
or ID (mbps) ID Interface
PIC / Port
1/0 Configured -1 Up 40000 0 vcp-255/1/1
1/1 Configured -1 Up 40000 2 vcp-255/1/0
======================================================================================
VC-ROOT> show configuration |display set |match virtual-chassis
set virtual-chassis no-split-detection
set virtual-chassis member 0 mastership-priority 255
set virtual-chassis member 1 mastership-priority 255
set virtual-chassis member 2 mastership-priority 128
set virtual-chassis member 3 mastership-priority 128
set virtual-chassis member 4 mastership-priority 128

Thank you

Hi Everyone,

Im working on a set of QFX 10008s running VRRP over IRB interfaces to provide a gateway for the connected Vlans.  We have an issue where some random traffic is getting dropped.  While troubleshooting with ATAC. We noticed that both nodes seem to respond to arp for the virtual mac address. For instance -- while in a lab if i ssh to the gateway of the network i am on, the node that responds is always the first node it hits via the lag. So if i remove the link to Node1 VRRP MASTER, Node 2 Responds to the ssh request? Im a little fuzzy on how this Active - Active VRRP over IRB config is supposed to work but does that sound right to anyone? 

Also We have more than 255 routed vlans on here and we are limited by vrrp groups up to 255. We have are currently using group 10 for all vrrp config. Is that ok considering they are all in a different broadcast domain?

Thanks for your help!!

Hi,

After upgrading to the new stable version, one of the switches in ex2300 virtual chassis show two Junos version and one is shown as pending. what would be the real reason?

fpc1:
--------------------------------------------------------------------------
Hostname: Kannur-Test
Model: ex2300-48t
Junos: 18.2R3-S2.9
Pending: 18.2R3.4
JUNOS OS Kernel 32-bit [20191022.14c2ad5_builder_stable_11]
JUNOS OS libs [20191022.14c2ad5_builder_stable_11]
JUNOS OS runtime [20191022.14c2ad5_builder_stable_11]
JUNOS OS time zone information [20191022.14c2ad5_builder_stable_11]
JUNOS py extensions [20191115.190104_builder_junos_182_r3_s2]
JUNOS py base [20191115.190104_builder_junos_182_r3_s2]
JUNOS OS crypto [20191022.14c2ad5_builder_stable_11]
JUNOS network stack and utilities [20191115.190104_builder_junos_182_r3_s2]
JUNOS libs [20191115.190104_builder_junos_182_r3_s2]
JUNOS runtime [20191115.190104_builder_junos_182_r3_s2]
JUNOS Web Management Platform Package [20191115.190104_builder_junos_182_r3_s2]
JUNOS ex libs [20191115.190104_builder_junos_182_r3_s2]
JUNOS ex runtime [20191115.190104_builder_junos_182_r3_s2]
JUNOS ex platform support [20191115.190104_builder_junos_182_r3_s2]
JUNOS dcp network modules [20191115.190104_builder_junos_182_r3_s2]
JUNOS modules [20191115.190104_builder_junos_182_r3_s2]
JUNOS ex modules [20191115.190104_builder_junos_182_r3_s2]
JUNOS ex Data Plane Crypto Support [20191115.190104_builder_junos_182_r3_s2]
JUNOS daemons [20191115.190104_builder_junos_182_r3_s2]
JUNOS SDN Software Suite [20191115.190104_builder_junos_182_r3_s2]
JUNOS Extension Toolkit [20191115.190104_builder_junos_182_r3_s2]
JUNOS Phone-home [20191115.190104_builder_junos_182_r3_s2]
JUNOS Packet Forwarding Engine Support (EX34XX) [20191115.190104_builder_junos_182_r3_s2]
JUNOS jdocs ex [20191115.190104_builder_junos_182_r3_s2]
JUNOS jail runtime [20191022.14c2ad5_builder_stable_11]
JUNOS FIPS mode utilities [20191115.190104_builder_junos_182_r3_s2]

Attempting to setup and test for upcoming solution we will implement to pass customer traffic between EX4300 switches.

I have two switches virtual stacked on either side of the link.  The EX4300 connect via LACP on ae1.

On both sides of the link I have two cisco switches connected to ge-0/0/2.

Setup is identical on both sides but I can only pass traffic between the cisco devices if their ports are configured at access ports.

Attempting to get this working as well with the cisco ports being trunk ports is this possible?

One odd thing I have noticed when both cisco devices are setup as trunk ports they still are able to see each other via CDP as I can clear the table and it generates again...

Below is the set I have.

Customer Interface
ge-0/0/2 {
flexible-vlan-tagging;
native-vlan-id 10;
encapsulation extended-vlan-bridge;
unit 10 {
vlan-id 10;
input-vlan-map push;
output-vlan-map pop;
}
}
LACP Interface
ae1 {
flexible-vlan-tagging;
native-vlan-id 10;
encapsulation extended-vlan-bridge;
aggregated-ether-options {
lacp {
active;
periodic fast;
}
}
unit 10 {
vlan-id 10;
}
}
VLAN config
v10 {
interface ae1.10;
interface ge-0/0/2.10;
}

Anyone could share a hint on this?

I had a direct L2 connection between legacy L2-only network and an EVPN VXLAN based newer implementation, described in the drawing below. Everything was working fine until we advanced the deployment to the next phase, which is described in the second diagram. This phase consisted of adding a virtual chassis in between the networks to provide redundancy (Long story short: QFX in EVPN mode drops STP packets, but VC can handle STP to provide redundancy for the legacy side. To VC we can connect via ESI LAG for redundancy on the new side).

Now a standard Windows server in the new network (left side) cannot ping or otherwise access some hosts on the right side with packets larger than 1422 bytes. Some it can, but some not in the same VLAN. Doesn't depend on the hardware, it cannot for example ping a management interface of a random firewall or a VM running on Xenserver. Another VM on Vmware or another Xenserver pools answers just fine. The problem is that it was working just fine before adding the VC and nothing else changed in the old or new network.

I did a packet capture (also below) on a right-side virtual machine running on Xenserver and it does in fact receive the packets just fine and answers them but the return packets are lost. When the ping size is at or below 1422 bytes the return packets do not get lost.

First phase, everything works. Left side host can ping anything in right side:

Second phase: Left side host cannot ping some stuff in the right side network if packet size over 1422:

Packet capture on 172.16.4.2 host. 172.16.4.37 is a physical Windows server on the left side behind EVPN/VXLAN, 172.16.4.2 is right side, a Windows VM on a Xenserver host. First 1400 bytes packets where replies make all the way through, then 1500 bytes which is obviously received and replied but 172.16.4.37 only sees timeout:

C:\Users\Administrator.MGMT>ping -l 1400 172.16.4.2
Pinging 172.16.4.2 with 1400 bytes of data:
Reply from 172.16.4.2: bytes=1400 time=2ms TTL=128
Reply from 172.16.4.2: bytes=1400 time=2ms TTL=128

C:\Users\Administrator.MGMT>ping -l 1500 172.16.4.2
Pinging 172.16.4.2 with 1500 bytes of data:
Request timed out.

However, 172.16.4.37 can ping an another similar Windows VM running on Vmware on right side network just fine:

C:\Users\Administrator.MGMT>ping -l 1500 172.16.4.3
Pinging 172.16.4.3 with 1500 bytes of data:
Reply from 172.16.4.3: bytes=1500 time=11ms TTL=128

Relevant configuration from vc1, leaving mtu definitions out does not change behaviour:

xe-0/2/1 {
    description dc1-Core1-D2;
    mtu 9216;
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members all;
            }
            storm-control default;
            recovery-timeout 900;
        }
    }
}

xe-1/2/1 {
    description dc1-Core2-D2;
    mtu 9216;
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members all;
            }
            storm-control default;
            recovery-timeout 900;
        }
    }
}

ae0 {
    mtu 9216;
    aggregated-ether-options {
        lacp {
            active;
        }
    }
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members all;
            }
            storm-control default;
            recovery-timeout 900;
        }
    }
}

> show configuration vlans 
vlan_12 {
    description xxxxxx;
    vlan-id 12;
}

Leaf1 configuration relevant parts:

### OLD INTERFACE which worked directly connected ###
xe-0/0/47 {
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members VNI_12;
            }
            storm-control default;
            recovery-timeout 3600;
        }
    }

ae0 {
    mtu 9216;
    esi {
        00:00:00:00:00:00:00:00:00:01;
        all-active;
    }
    aggregated-ether-options {
        lacp {
            active;
            system-id 00:00:00:00:00:01;
        }
    }
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members all;
            }
            storm-control default;
            recovery-timeout 3600;
        }
    }
}
}

> show configuration vlans 
VNI_12 {
    vlan-id 12;
    vxlan {
        vni 12;
    }
}
VNI_1_DONOTUSE {
    vlan-id 1;
    vxlan {
        vni 1;
    }
}

Now the question is.. How did the situation change when we added the VC in between? Nothing else was changed in either networks or hosts, but the behaviour changed. ESI LAG shouldn't be adding any overhead, neither the VC, so.. what happens then?

Hi There,

My question is a basic one: 

RSTP Instance 1 (Blu): RTG is configured so RSTP disabled for RTG links.

What about the BPDU coming from RSTP Instance 2 (yellow) fro example switch2?

Is the switch1 accepting the BPDU coming from switch 2?

Thanks.

This may be a newbie type question, but we are moving from EX 3300s to 3400s for our access switches in one of our buildings, and I was wondering about the prefferd way to stack (VC) these. The 3400s come with 2 40GbE QSFP+ ports in the back in addition to the 4 SFP+ ports up front.... so I was curious if there are advantages\disadvantages etc in using one or the other. Also, we don't have the switches in hand yet...do they ship with any "stacking cables" ??? 

Thanks all in advance ! 

https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000581-en.pdf

Does anyone know if the EX-SFP-1GE-SX SFP will also support 100MB on the EX4300 ?

Hi everyone,

Please consider the following example:

Traffic -g0/0/1- EXSW-ge0/0/2---IDS

Above we are port mirroring all traffic entering/exiting ge0/0/1 and sending output to ge0/0/2 where IDS is connected.

To avoid all traffic coming back from IDS into ge0/0/2 ( say NIC on IDS is faulty), we can do following:

 Apply a filter inbound on ge0/0/2 that denies all traffic.

In Cisco, we can simply configure the port ge0/0/2 to transmit only thus no filter is needed.

Do we have such funtionaility on EX 4600 SW where EX swicth ge-0/0/2 can only tranmsit.

Thanks and have a good night!!

Does anyone know if the adv 2 license is inclusive of adv 1 features, or must they be bought together? For example:

Hi.

We have a ex4600-vc that at the moment is running 17.3R3.10. We have this configured as a DHCP relay, and for the most part this works as expected. But we have a network with devices that requires that DHCP-Offer to come as a broadcast, and not a unicast. Is this possible to configure on the Juniper DHCP relay?

Best regards,

Johan Christensson

Experts,

We do have Cisco 7911 and QoS set up on Juniper infrastructure so no problems so far on these devices. However, we don have few cisco 8831 which is SIP phone and from time to time I get complains about choppy sound. Dioes the QoS have to be set up differently for SIP phopnes than SCCP phones?  Thank you 

HI, 

I come from the Cisco envinronment and I need a simulator like Packet Tracer (in the Cisco world) to work and train w/ Juniper devices. 

What did the Juniper pros using to train?

Thank you very much, 

Hi guys!

 
has someone faced the issues with sFlow samples sending? Everything worked fine until we'd moved one of our upstreams (SFP+ and optical cable) from Cisco NEXUS 3000 switch to the Juniper QFX10002-36Q (Junos version 18.2R2). Juniper already was connected to one of our ISP and everything worked fine until we had switched the module (that was the only one thing we did before we noticed incorrectness of sFlow traffic gathering). It doesn't look like the sampling isn't working at all, it looks like switch sends samples in a much fewer amount that before but it do this). Reboot and config inspections didn't get any results. How do you think guys is it possible to get malfunction of sFlow by *wrong* SFP module insertion?

We also tried connecting both modules to other ports, but it didn't work.

    Xcvr 16      I2       NON-JNPR     CSQLRH60017       QSFP+-40G-LR4
    Xcvr 19      REV 01   740-032986   G1806082313       QSFP-100GBASE-LR4

19-th is the last one that had been pugged in and 16-th was working well.  sFlow config is a pretty simple:

set protocols sflow agent-id 172.23.0.103
set protocols sflow sample-rate ingress 4096
set protocols sflow source-ip 10.226.2.5
set protocols sflow collector 10.226.2.6
set protocols sflow interfaces et-0/0/16.0
set protocols sflow interfaces et-0/0/19.0
set protocols sflow disable-sw-rate-limiter

Sampling rate is OK, the collector is getting correct packets but in a little amount.

Dear all,

I think normally Switch doest not support to transfer fragmented packet but Router can be possible

Is it corret? however if the switch can support jumbo frame configuring mtu value, then it does not need to consider fragmentation right?

Best Regards,

Masanobu Hiyoshi

Hi all,

On one of my QFX10008, I am seeing CRC and BER errors like below:

Feb 20 20:55:41.907  ablab.czk-re0 fpc4 CCL: 1 CRC errors seen on link PE2-Avg-28nm-link-9-17
Feb 21 03:04:03.213  ablab.czk-re0 fpc5 CCL: 1 CRC errors seen on link PE2-Avg-28nm-link-9-17

When I run fabric-related commands, it shows everything is ok; because these errors are not consistently occurring. I see 4-5 occurrence in a day at random times. 

Also, today I saw that all the SIB's restarted themselves automatically at the same time and I am not sure what triggered the same. Even after this, I see CRC and BER errors getting reported at around 4-5 per day again.

1. How do I proceed further to resolve this or isolate the issue with FPC/SIB?

2. What does link 9-17 mean in the logs? How do we map this to FPC or SIB link?

Appreciate any help understanding this or if there are any documents that can help me.

//Nex

Hi all,

we have a Virtual-Chassis containing 3 EX4300 (no mixed, no multi-gigabit) connected by the QSFP-Ports.

The Virtual-Chassis is preprovisioned. The QSFP-Ports are in default-state, which mean they are all intened to be used for building a VC.

Now we have the 2 issues:

By doing a show system partitions media internal, the system shows a "error: /dev/da0s1a is not a JUNOS snapshot" on the fpc0.

Also when doing a show system storage partitions, the system has mixed up da0s1a and da0s2a:

fpc0:
--------------------------------------------------------------------------
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: active (da0s2a)

JATC recommend to do a format install on fpc0 to get the system back into normal state.

Can you please confirm the follwoing procedure:

1. Shutdown fpc0 and disconnect VC-Cables
2. Boot into loader-promt
3. Do a format-install by usb
4. Boot the fresh installed Switch
5. Check System-Partitions / create a system snapshot
6. Shutdown the switch
7. Reconnect the VC-Cables
8. Power on the Switch
9. After the switch has powered on, it should assign itself backup into the VC

Is this procedure correct ?

BR, Christoph.

Attempting to inherit or even manually remark packets outgoing on ae1.20.

If I send packets through with differing priority it only gets put out as a best effort marking in the outer tag applied for QinQ.

Is it possible to change the outer vlan tag's priority with an EX4300 on an outgoing aggregate logical interface?

My attempt to test but failed below.

I'm able to successfully set incoming traffic to appropriate queue/forwarding-class based on dscp markings via firewall filter.

Confirmed via the member interfaces for ae1 that the packets are transmitted on the appropriate queue as expected depending on dscp marking.

Just need to figure out if I can inherit or remark the outer vlan tag to match the customers inner tag somehow...

Ingress interface

root@T11# run show class-of-service interface ge-0/0/0
Physical interface: ge-0/0/0, Index: 652
Maximum usable queues: 12, Queues in use: 9
Exclude aggregate overhead bytes: disabled
Logical interface aggregate statistics: disabled
Scheduler map: <default>, Index: 2
Congestion-notification: Disabled

Logical interface: ge-0/0/0.20, Index: 562
Object Name Type Index
Classifier ClassifierTest ieee8021p 57271

Logical interface: ge-0/0/0.32767, Index: 563

root@T11# show interfaces ge-0/0/0
flexible-vlan-tagging;
mtu 9192;
encapsulation extended-vlan-bridge;
unit 20 {
vlan-id-list 1-4094;
input-vlan-map push;
output-vlan-map pop;
family ethernet-switching {
filter {
input Pretender;
}
}
}

Egress

root@T11# run show class-of-service interface ae1
Physical interface: ae1, Index: 640
Maximum usable queues: 12, Queues in use: 9
Exclude aggregate overhead bytes: disabled
Logical interface aggregate statistics: disabled
Scheduler map: MAPSCH, Index: 55825
Congestion-notification: Disabled

Logical interface: ae1.10, Index: 556
Object Name Type Index
Classifier ieee8021p-untrust untrust 16

Logical interface: ae1.20, Index: 557
Object Name Type Index
Rewrite-Output TEST ieee8021p (outer) 61922
Classifier ClassifierTest ieee8021p 57271

Logical interface: ae1.32767, Index: 547

root@T11# show interfaces ae1
flexible-vlan-tagging;
mtu 9192;
encapsulation extended-vlan-bridge;
aggregated-ether-options {
flow-control;
lacp {
active;
periodic fast;
}
}
unit 10 {
vlan-id 10;
}
unit 20 {
vlan-id 20;
}

Class of Service

root@T11# show class-of-service
classifiers {
ieee-802.1 ClassifierTest {
forwarding-class BESTEFFORT {
loss-priority low code-points 000;
}
forwarding-class EXPEDITEDFORWARDING {
loss-priority low code-points 111;
}
}
}
forwarding-classes {
class BESTEFFORT queue-num 0;
class NETWORKCONTROL queue-num 7;
class EXPEDITEDFORWARDING queue-num 1;
class ASSUREDFORWARDING queue-num 2;
}
interfaces {
ge-0/0/0 {
unit 20 {
classifiers {
ieee-802.1 ClassifierTest;
}
}
}
ae1 {
scheduler-map MAPSCH;
unit 20 {
classifiers {
ieee-802.1 ClassifierTest;
}
rewrite-rules {
ieee-802.1 TEST;
}
}
}
}
rewrite-rules {
ieee-802.1 TEST {
forwarding-class BESTEFFORT {
loss-priority low code-point 000;
loss-priority high code-point 000;
}
forwarding-class EXPEDITEDFORWARDING {
loss-priority low code-point 111;
loss-priority high code-point 111;
}
}
}
scheduler-maps {
MAPSCH {
forwarding-class BESTEFFORT scheduler TESTSCHEDULER;
}
}
schedulers {
TESTSCHEDULER {
shaping-rate percent 60;
priority low;
}
}

Firewall

filter Pretender {
term 1 {
from {
dscp be;
}
then {
forwarding-class BESTEFFORT;
loss-priority high;
count BE;
}
}
term 2 {
from {
dscp ef;
}
then {
forwarding-class EXPEDITEDFORWARDING;
loss-priority low;
count EF;
}
}
term 3 {
from {
dscp af11;
}
then {
forwarding-class ASSUREDFORWARDING;
loss-priority low;
count AF;
}
}
term 20 {
then {
forwarding-class BESTEFFORT;
loss-priority high;
count MISS;
}
}

Hi everyone, 

I want to set up my EX2200-C and SRX210 to test VLAN translation. I was told that i need to set up the SRX210 as a Router on a stick (2 routing instances on one interface) and then have 2 VLANS on the EX2200-C interface (trunk to SRX). 

Can I please have some help (any appreciated) on how I can configure this best. I would want to set up a port mirror so I can get a wireshark capture of the VLAN translation taking place (swap). 

Cheers!