Versions Compared

Old Version 1

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version Current

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Also:     Aggregated Ethernet Links (AE) to for an link aggregation group (LAG)

On EX:

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/link-aggregation-cli.html

Link Aggregation Control Protocol (LACP)  and  Link Aggregation Group ( LAG )

https://www.juniper.net/documentation/en_US/junos/topics/concept/lag-qfx-series-overview.html

...

QFX   

Junos OS Evolved

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/link-aggregation-cli.html

...

titleAE/LAG interface and LACP

...



AE configuration
SRX

AE configuration

Code Block
titleae configuration
set interfaces ae1 aggregated-ether-options link-speed 1g
set interfaces ae1 aggregated-ether-options minimum-links 1
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1.0 family inet address 192.168.210.1/24

set interfaces xe-0/0/2 ether-options 802.3ad ae1
set interfaces xe-1/0/2 ether-options 802.3ad ae1


Security Zone Configuration

Code Block
titlesecurity zones
BMS1 Zone:
set security zones security-zone BMS1Zone host-inbound-traffic system-services all
set security zones security-zone BMS1Zone host-inbound-traffic protocols all
set security zones security-zone BMS1Zone interfaces ae0

DC-GW Zone:
set security zones security-zone DC-GW1 host-inbound-traffic system-services all
set security zones security-zone DC-GW1 host-inbound-traffic protocols all
set security zones security-zone BMS1Zone interfaces ae1


Code Block
titleshow interface and security zone
collapsetrue
root@SRX300-1-RL102> show interfaces ae0 detail | find "Security: Zone:"
    Security: Zone: BMS1Zone
    Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf pgm pim rip router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http https ike netconf ping
    reverse-telnet reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip r2cp webapi-clear-text webapi-ssl tcp-encap sdwan-appqoe
    Flow Statistics :
    Flow Input statistics :
      Self packets :
3900
      7177
0
 ICMP packets :
Output:
35
   7967
0
VPN packets :
7483
              0
Adaptive
Statistics:
 Multicast packets :
Adaptive
Adjusts:
         
0
      Bytes permitted
Adaptive
by
Scans
policy 
:        602868
0
     Connections established :
Adaptive
Updates:
       7174
0
  Flow Output
Link
statistics:
xe-0/0/4.0 
Multicast packets :
Input
:
        0
0
  Bytes permitted by policy :
0
    602868
    Flow error statistics (Packets
0
dropped due to):
      Address spoofing:
0
Output:
       0
6
 Authentication failed:
0
     0
1878
  Incoming NAT errors:
0
xe-1/
0
/4.0

      Invalid zone
Input
received packet:      0
0
Multiple user authentications:     0
0
    Multiple incoming NAT:
0
      0
0
 No parent for a gate:
Output:
          0
51
     No one interested in self packets: 0
      No minor session:
13524
              0
Aggregate
No
member
more
links
sessions:
2
Marker
Statistics:
Marker
Rx
    0
Resp
Tx
Unknown
Rx
No NAT gate:
Illegal
Rx
xe-0/0/4.0
              0
0
   No route present:
0
            0
      No SA for incoming SPI:
0
xe-1/0/4.
0
      No tunnel found:
0
           0
      No session for a gate:
0
            0
Protocol
inet,
MTU:
No
1500
zone or NULL zone binding
Max
nh
cache:
75000,
New
hold
nh
1
limit:
75000,
Curr
nh
cnt:
0,
Curr new hold cnt
Policy denied:
0,
NH
drop
cnt:
0
Generation:
224,
Route
table:
8
Flags: Sendbcast-pkt-to-re, Is-Primary
0
      Security association
Addresses,
not
Flags
active:
Is-Default Is-Preferred Is-Primary
 0
      TCP sequence number
Destination: 192.168.200/24, Local: 192.168.200.1, Broadcast: 192.168.200.255, Generation: 140

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/lacp-cli.html

Code Block
titleLACP config and show commands
collapsetrue
set interfaces ae0 aggregated-ether-options lacp active {master:0} root@QFX5100-1-RL102> show lacp interfaces Aggregated interface: ae0 LACP state
out of window: 0
      Syn-attack protection:             0
      User authentication errors:
Role
 0
Exp
Def
Protocol inet,
Dist
MTU: 1500
Col
Syn
Aggr
Max nh
Timeout
cache: 100000,
Activity
New hold nh limit: 100000, Curr nh
xe-1/0/4 Actor
cnt: 1, Curr new hold cnt: 0, NH drop cnt: 0
No
Generation: 167, Route table:
No
0
Yes
Yes
Yes 
Flags: Sendbcast-pkt-to-re
Yes
Fast
Addresses, Flags: Is-Preferred Is-Primary
Active
xe-1/0/4 Partner No No Yes Yes Yes Yes Fast Passive xe-0/0/4 Actor No No Yes Yes Yes Yes Fast Active xe-0/0/4 Partner No No Yes Yes Yes Yes Fast Passive LACP protocol: Receive State Transmit State Mux State xe-1/0/4 Current Fast periodic Collecting distributing xe-0/0/4 Current Fast periodic Collecting distributing {master:0} root@QFX5100-1-RL102> show lacp statistics interfaces ae0 Aggregated interface: ae0 LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx xe-0/0/4 37 179 0 0 xe-1/0/4 35 180 0 0 {master:0} root@QFX5100-1-RL102> ping routing-instance vr1 192.168.200.2 PING 192.168.200.2 (192.168.200.2): 56 data bytes 64 bytes from 192.168.200.2: icmp_seq=0 ttl=64 time=18.152 ms 64 bytes from 192.168.200.2: icmp_seq=1 ttl=64 time=13.183 ms

Virtual Router

Code Block
titleconfig VR
collapsetrue
set routing-instances vr1 instance-type virtual-router
set routing-instances vr1 interface ae0.0
set routing-instances vr1 interface ae1.0
SRX

AE configuration

Code Block
titleae configuration
set interfaces ae1 aggregated-ether-options link-speed 1g
set interfaces ae1 aggregated-ether-options minimum-links 1
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1.0 family inet address 192.168.210.1/24

set interfaces xe-0/0/2 ether-options 802.3ad ae1
set interfaces xe-1/0/2 ether-options 802.3ad ae1

Virtual Router

Code Block
titleVirtual router
collapsetrue
coming soon

Security Zone Configuration

Code Block
titlesecurity zones
BMS1 Zone:
set security zones security-zone BMS1Zone host-inbound-traffic system-services all
set security zones security-zone BMS1Zone host-inbound-traffic protocols all
set security zones security-zone BMS1Zone interfaces ae0

DC-GW Zone:
set security zones security-zone DC-GW1 host-inbound-traffic system-services all
set security zones security-zone DC-GW1 host-inbound-traffic protocols all
set security zones security-zone BMS1Zone interfaces ae1
Code Block
titleshow interface and security zone
collapsetrue
root@SRX300-1-RL102> show interfaces ae0 detail | find "Security: Zone:" Security: Zone: BMS1Zone Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf pgm pim rip router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http https ike netconf ping reverse-telnet reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip r2cp webapi-clear-text webapi-ssl tcp-encap sdwan-appqoe Flow Statistics : Flow Input statistics : Self packets : 7177 ICMP packets : 7967 VPN packets : 0 Multicast packets : 0 Bytes permitted by policy : 602868 Connections established : 7174 Flow Output statistics: Multicast packets : 0 Bytes permitted by policy : 602868 Flow error statistics (Packets dropped due to): Address spoofing: 0 Authentication failed: 0 Incoming NAT errors: 0 Invalid zone received packet: 0 Multiple user authentications: 0 Multiple incoming NAT: 0 No parent for a gate: 0 No one interested in self packets: 0 No minor session: 0 No more sessions: 0 No NAT gate: 0 No route present: 0 No SA for incoming SPI: 0 No tunnel found: 0 No session for a gate: 0 No zone or NULL zone binding 1 Policy denied: 0 Security association not active: 0 TCP sequence number out of window: 0 Syn-attack protection: 0 User authentication errors: 0 Protocol inet, MTU: 1500 Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 1, Curr new hold cnt: 0, NH drop cnt: 0 Generation: 167, Route table: 0 Flags: Sendbcast-pkt-to-re Addresses, Flags: Is-Preferred Is-Primary
 Destination: 192.168.200/24, Local: 192.168.200.2, Broadcast: 192.168.200.255, Generation: 154

root@SRX300-1-RL102>





Virtual Router


Code Block
titleVirtual router
collapsetrue
coming soon


LACPConfiguration

set interfaces ae0 aggregated-ether-options lacp active    ( at least on side)

set interfaces ae0 aggregated-ether-options lacp passive




show commandsLACP


show lacp timeouts ae0    ( state of the interfaces )

show lacp interfaces

Role Exp Def Dist Col Syn Aggr Timeout Activity

show lacp statistics interfaces ae0


Code Block
titleLACP config and show commands
collapsetrue
{master:0}
jkriker@ex4300-13> show lacp timeouts ae0
Aggregated interface: ae0
    LACP Interfaces  Current state
Destination: 192.168.200/24, Local: 192.168.200.2, Broadcast: 192.168.200.255, Generation: 154 root@SRX300-1-RL102>

LACP configuration

Code Block
titleLACP config and show commands
collapsetrue
set interfaces ae0 aggregated-ether-options lacp passive
 Last timeout
      ge-0/0/11       Collecting distributing  Never



root@SRX300-1-RL102> show lacp interfaces
Aggregated interface: ae0
    LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
      ge-0/0/4       Actor    No    No   Yes  Yes  Yes   Yes     Fast   Passive
      ge-0/0/4     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
      ge-0/0/5       Actor    No    No   Yes  Yes  Yes   Yes     Fast   Passive
      ge-0/0/5     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
    LACP protocol:        Receive State  Transmit State          Mux State
      ge-0/0/4                  Current   Fast periodic Collecting distributing
      ge-0/0/5                  Current   Fast periodic Collecting distributing

root@SRX300-1-RL102> show lacp statistics interfaces ae0
Aggregated interface: ae0
    LACP Statistics:       LACP Rx     LACP Tx   Unknown Rx   Illegal Rx
      ge-0/0/4                 392         392            0            0
      ge-0/0/5                 392         390            0            0

root@SRX300-1-RL102>
MX