Re: [j-nsp] Unable to ping all NE when MAC are learned in Bridge group
This was first thought to be a isolated case. after checking the rest of
my network it appears that all MX-5 have the same issue.Devices connected
to a cisco 3550 as and Access device are unable to ping the MX5 irb.
network topology as follows:
NE --C3550--MX-5
The NE is an access port connected to and access port on the 3550.
If the NE becomes a Trunk port the problem goes away. If the Cisco 3550 is
replaced with a Cisco 4006 or an EX4200 the problem also goes away.
Is there anything unique that the 3550 does when building the frame to
egress that could explain the issue??
Jason
On Tue, Apr 30, 2013 at 11:18 AM, Jason Fortier wrote:
> Hey Guys,
>
> We are migrating some NE to new MX-5 LER. I have started with moving mgmt
> to an IRB, IRB is in the bridge domain and in the routing instance. When
> cut over about half the NE are no longer accessible.
>
> When the NE are cut back to old default GW (resides on a c7609 within a
> RI) and pass through the MX as L2 with in the bridge domain only it all
> works fine. Only when cutover to the NE PE does it break on some devices.
>
> All routing appears to be working as some NE with in the subnet
> are accessible. not sure why other are not? any idea would be appreciated.
>
> jfortier@routermx5# show
> description "management irb";
> mtu 1600;
> unit 101 {
> description "Management VLAN101";
> family inet {
> address 10.64.0.1/24;
> }
> }
>
> jfortier@routermx5# show bridge-domains
> 101 {
> description "Management VLAN 101";
> domain-type bridge;
> vlan-id 101;
> interface ge-1/0/1.101;
> interface ge-1/0/2.101;
> interface ae1.101;
> interface ae0.101;
> interface ge-1/0/0.101;
> routing-interface irb.101;
> }
>
> jfortier@routermx5# show routing-instances mgmt_nes
> instance-type vrf;
> interface irb.101;
> interface irb.102;
> route-distinguisher 10.92.6.20:3141;
> vrf-target target:64512:101;
> vrf-table-label;
>
>
> Jason
>
>
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Unable to ping all NE when MAC are learned in Bridge group
The NE have the correct ARP address of the MX5, the MX5 on the other hand
does not have an ARP entry. It does learn a MAC from the NE in the bridge
domain. for what ever reason the RI is unable to put the two together.
For some reason the link between the Bridge and Routing Instance is
missing/broken for some NE and not others.
JTAC has suggested that there are differences between the MX480 and MX5 in
the way it "routes" and is checking internal documentation.
On Tue, Apr 30, 2013 at 1:29 PM, Jason Fortier wrote:
> I have tried clearing arp for most of the devices, I have also moved the
> same config to MX480 PE, All NE become reachable. Below is a simple
> network layout.
>
> NE-MX5-1--MX5-2MX480C7609--MGMTNETWORK
>
> When MX5-1 becomes a PE some of the NE be come unreachable.
>
> One thing of note it that the MX5-1 mpls interface is on LU 2500 on VLAN
> 2500. other then that the same FF are plied on the MX480
>
>
>
> On Tue, Apr 30, 2013 at 11:18 AM, Jason Fortier
> wrote:
>
>> Hey Guys,
>>
>> We are migrating some NE to new MX-5 LER. I have started with moving
>> mgmt to an IRB, IRB is in the bridge domain and in the routing instance.
>> When cut over about half the NE are no longer accessible.
>>
>> When the NE are cut back to old default GW (resides on a c7609 within a
>> RI) and pass through the MX as L2 with in the bridge domain only it all
>> works fine. Only when cutover to the NE PE does it break on some devices.
>>
>> All routing appears to be working as some NE with in the subnet
>> are accessible. not sure why other are not? any idea would be appreciated.
>>
>> jfortier@routermx5# show
>> description "management irb";
>> mtu 1600;
>> unit 101 {
>> description "Management VLAN101";
>> family inet {
>> address 10.64.0.1/24;
>> }
>> }
>>
>> jfortier@routermx5# show bridge-domains
>> 101 {
>> description "Management VLAN 101";
>> domain-type bridge;
>> vlan-id 101;
>> interface ge-1/0/1.101;
>> interface ge-1/0/2.101;
>> interface ae1.101;
>> interface ae0.101;
>> interface ge-1/0/0.101;
>> routing-interface irb.101;
>> }
>>
>> jfortier@routermx5# show routing-instances mgmt_nes
>> instance-type vrf;
>> interface irb.101;
>> interface irb.102;
>> route-distinguisher 10.92.6.20:3141;
>> vrf-target target:64512:101;
>> vrf-table-label;
>>
>>
>> Jason
>>
>>
>>
>>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Unable to ping all NE when MAC are learned in Bridge group
I have tried clearing arp for most of the devices, I have also moved the
same config to MX480 PE, All NE become reachable. Below is a simple
network layout.
NE-MX5-1--MX5-2MX480C7609--MGMTNETWORK
When MX5-1 becomes a PE some of the NE be come unreachable.
One thing of note it that the MX5-1 mpls interface is on LU 2500 on VLAN
2500. other then that the same FF are plied on the MX480
On Tue, Apr 30, 2013 at 11:18 AM, Jason Fortier wrote:
> Hey Guys,
>
> We are migrating some NE to new MX-5 LER. I have started with moving mgmt
> to an IRB, IRB is in the bridge domain and in the routing instance. When
> cut over about half the NE are no longer accessible.
>
> When the NE are cut back to old default GW (resides on a c7609 within a
> RI) and pass through the MX as L2 with in the bridge domain only it all
> works fine. Only when cutover to the NE PE does it break on some devices.
>
> All routing appears to be working as some NE with in the subnet
> are accessible. not sure why other are not? any idea would be appreciated.
>
> jfortier@routermx5# show
> description "management irb";
> mtu 1600;
> unit 101 {
> description "Management VLAN101";
> family inet {
> address 10.64.0.1/24;
> }
> }
>
> jfortier@routermx5# show bridge-domains
> 101 {
> description "Management VLAN 101";
> domain-type bridge;
> vlan-id 101;
> interface ge-1/0/1.101;
> interface ge-1/0/2.101;
> interface ae1.101;
> interface ae0.101;
> interface ge-1/0/0.101;
> routing-interface irb.101;
> }
>
> jfortier@routermx5# show routing-instances mgmt_nes
> instance-type vrf;
> interface irb.101;
> interface irb.102;
> route-distinguisher 10.92.6.20:3141;
> vrf-target target:64512:101;
> vrf-table-label;
>
>
> Jason
>
>
>
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Unable to ping all NE when MAC are learned in Bridge group
gARP is not reliable and Your NE devices' ARP cache still contains old MAC
from old default GW.
You have to revisit them one by one and clear their arp caches, or change
IRB MAC to that of old default GW' MAC.
HTH
Thanks
Alex
- Original Message -
From: "Jason Fortier"
To:
Sent: Tuesday, April 30, 2013 6:18 PM
Subject: [j-nsp] Unable to ping all NE when MAC are learned in Bridge group
Hey Guys,
We are migrating some NE to new MX-5 LER. I have started with moving mgmt
to an IRB, IRB is in the bridge domain and in the routing instance. When
cut over about half the NE are no longer accessible.
When the NE are cut back to old default GW (resides on a c7609 within a
RI)
and pass through the MX as L2 with in the bridge domain only it all works
fine. Only when cutover to the NE PE does it break on some devices.
All routing appears to be working as some NE with in the subnet
are accessible. not sure why other are not? any idea would be
appreciated.
jfortier@routermx5# show
description "management irb";
mtu 1600;
unit 101 {
description "Management VLAN101";
family inet {
address 10.64.0.1/24;
}
}
jfortier@routermx5# show bridge-domains
101 {
description "Management VLAN 101";
domain-type bridge;
vlan-id 101;
interface ge-1/0/1.101;
interface ge-1/0/2.101;
interface ae1.101;
interface ae0.101;
interface ge-1/0/0.101;
routing-interface irb.101;
}
jfortier@routermx5# show routing-instances mgmt_nes
instance-type vrf;
interface irb.101;
interface irb.102;
route-distinguisher 10.92.6.20:3141;
vrf-target target:64512:101;
vrf-table-label;
Jason
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Unable to ping all NE when MAC are learned in Bridge group
Hey Guys,
We are migrating some NE to new MX-5 LER. I have started with moving mgmt
to an IRB, IRB is in the bridge domain and in the routing instance. When
cut over about half the NE are no longer accessible.
When the NE are cut back to old default GW (resides on a c7609 within a RI)
and pass through the MX as L2 with in the bridge domain only it all works
fine. Only when cutover to the NE PE does it break on some devices.
All routing appears to be working as some NE with in the subnet
are accessible. not sure why other are not? any idea would be appreciated.
jfortier@routermx5# show
description "management irb";
mtu 1600;
unit 101 {
description "Management VLAN101";
family inet {
address 10.64.0.1/24;
}
}
jfortier@routermx5# show bridge-domains
101 {
description "Management VLAN 101";
domain-type bridge;
vlan-id 101;
interface ge-1/0/1.101;
interface ge-1/0/2.101;
interface ae1.101;
interface ae0.101;
interface ge-1/0/0.101;
routing-interface irb.101;
}
jfortier@routermx5# show routing-instances mgmt_nes
instance-type vrf;
interface irb.101;
interface irb.102;
route-distinguisher 10.92.6.20:3141;
vrf-target target:64512:101;
vrf-table-label;
Jason
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
