Hi Guys,
For another team -which has their own network- I need to offer some services in their logical network which can't pass our firewalls as we normally do. In order to do this I created a design where I create a new vrf with ACL's on our core switches (juniper qfx) and give them a layer 3 interface with subintefaces per switch and VRRP. Unfortunately, this isn't working. I'm used to Cisco and I'm pretty new to Juniper, so probably I am just missing something simple:
This is the configuration of the port on the HP (comware) side:
interface Ten-GigabitEthernet3/1/8
port link-mode bridge
description xxx
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 106
port trunk pvid vlan 2
And this is the juniper qfx config (in reality we have much more subinterfaces but we're troubleshooting on 106 at this moment):
set interfaces xe-0/0/5 description "Connection to xxx"
set interfaces xe-0/0/5 vlan-tagging
set interfaces xe-0/0/5 mtu 9216
set interfaces xe-0/0/5 unit 0 vlan-id 2
set interfaces xe-0/0/5 unit 106 vlan-id 106
set interfaces xe-0/0/5 unit 106 family inet address 10.26.253.67/26 vrrp-group 106 virtual-address 10.26.253.65
set interfaces xe-0/0/5 unit 106 family inet address 10.26.253.67/26 vrrp-group 106 priority 200
set interfaces xe-0/0/5 unit 106 family inet address 10.26.253.67/26 vrrp-group 106 accept-data
set policy-options policy-statement MY_VRF_NAME_redistribute_connected term accept-connected from protocol direct
set policy-options policy-statement MY_VRF_NAME_redistribute_connected term accept-connected then accept
set routing-instances MY_VRF_NAME instance-type virtual-router
set routing-instances MY_VRF_NAME interface xe-0/0/5.0
set routing-instances MY_VRF_NAME interface xe-0/0/5.106
set routing-instances MY_VRF_NAME interface irb.134
set routing-instances MY_VRF_NAME protocols ospf export MY_VRF_NAME_redistribute_connected
set routing-instances MY_VRF_NAME protocols ospf area 0.0.0.0 interface irb.134
What I can see is that I am receiving traffic when looking at the interface counters:
admin@exTAP-vc2-leibniz-NEW> show interfaces xe-0/0/5.106
Logical interface xe-0/0/5.106 (Index 604) (SNMP ifIndex 905)
Flags: Up SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.106 ] Encapsulation: ENET2
Input packets : 82855
Output packets: 581289
And they do see my mac address learned in the correct interface. Also, when I send a ping, they see arp requests being broadcasted on their network so outbound traffic appears to be working just fine.
But, when I look at my mac address table, I learn nothing from them (although the input packet count is increasing!)
admin@switch> show ethernet-switching table interface xe-0/0/5
MAC database for interface xe-0/0/5
{master:0}
admin@switch> show ethernet-switching table instance MY_VRP_NAME
{master:0}
admin@switch> show ethernet-switching table interface xe-0/0/5.106
{master:0}
Does anyone know what I am missing here?
I am seeing this error message every commit, which might be related:
Nov 30 17:04:55 xxx l2ald[2075]: L2ALD_DEFAULT_VLAN_DISABLED: Internal vlan "default-switch/default" creation failed. User configured vlan with vlan-id 1 exist!
vlan 2 however does not exist (which I did not wan tto configure but I had to configure unit 0) so the error is somewhat off. I'm not entirely sure if it is related to my configuration but I haven't seen it before (I don't check the logs of this switch often so it could be there for months or even years)
Thanks in advance!
No comments:
Post a Comment