Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Also:     Aggregated Ethernet Links (AE) to for an link aggregation group (LAG)

...

https://www.juniper.net/documentation/en_US/junos/topics/concept/lag-qfx-series-overview.html




EX


QFX   

Junos OS Evolved

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/link-aggregation-cli.html

Code Block
titleAE/LAG interface and LACP
set chassis aggregated-devices ethernet device-count 2
set interfaces ae0 aggregated-ether-options link-speed 1g
set interfaces xe-0/0/4 ether-options 802.3ad ae0
set interfaces ae0.0 family inet address 192.168.200.1/24
set interfaces xe-1/0/4 ether-options 802.3ad ae0
set interfaces ae0 aggregated-ether-options minimum-links 1



{master:0}
root@QFX5100-1-RL102> show interfaces ae0 detail | find "Logical interface ae0.0"
  Logical interface ae0.0 (Index 656) (SNMP ifIndex 720) (HW Token 4095) (Generation 247)
    Flags: Up SNMP-Traps 0x4004000 Encapsulation: ENET2
    Statistics        Packets        pps         Bytes          bps
    Bundle:
        Input :            13          0          3900            0
        Output:            35          0          7483            0
    Adaptive Statistics:
        Adaptive Adjusts:          0
        Adaptive Scans  :          0
        Adaptive Updates:          0
    Link:
      xe-0/0/4.0
        Input :             0          0             0            0
        Output:             6          0          1878            0
      xe-1/0/4.0
        Input :             0          0             0            0
        Output:            51          0         13524            0


    Aggregate member links: 2

    Marker Statistics:   Marker Rx     Resp Tx   Unknown Rx   Illegal Rx
      xe-0/0/4.0                 0           0            0            0
      xe-1/0/4.0                 0           0            0            0
    Protocol inet, MTU: 1500
    Max nh cache: 75000, New hold nh limit: 75000, Curr nh cnt: 0, Curr new hold cnt: 0, NH drop cnt: 0
    Generation: 224, Route table: 8
      Flags: Sendbcast-pkt-to-re, Is-Primary
      Addresses, Flags: Is-Default Is-Preferred Is-Primary
        Destination: 192.168.200/24, Local: 192.168.200.1, Broadcast: 192.168.200.255, Generation: 140



https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/lacp-cli.html


Code Block
titleLACP configuration
SRX

AE configuration

Security Zone Configuration

Code Block
titlesecurity zones
BMS1 Zone:
set security zones security-zone BMS1Zone host-inbound-traffic system-services all
set security zones security-zone BMS1Zone host-inbound-traffic protocols all
set security zones security-zone BMS1Zone interfaces ae0

DC-GW Zone:
set security zones security-zone DC-GW1 host-inbound-traffic system-services all
set security zones security-zone DC-GW1 host-inbound-traffic protocols all
set security zones security-zone DC-GW1 interfaces ge-0/0/2.0
set security zones security-zone DC-GW1 interfaces ge-0/0/3.0
root@SRX300-1-RL102> show interfaces ae0 detail | find "Security: Zone:" Security: Zone: BMS1Zone Allowed host-inbound traffic : bfd bgp dvmrp igmp ldp msdp nhrp ospf pgm pim rip router-discovery rsvp sap vrrp Flow Statistics : Flow Input statistics : Self packets
Code Block
titleshow interface and security zone
collapsetrue
config and show commands
collapsetrue
set interfaces ae0 aggregated-ether-options lacp active


{master:0}
root@QFX5100-1-RL102> show lacp interfaces
Aggregated interface: ae0
    LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
      xe-1/0/4       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
      xe-1/0/4     Partner    No    No   Yes  Yes  Yes   Yes     Fast   Passive
      xe-0/0/4       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
      xe-0/0/4     Partner    No    No   Yes  Yes  Yes   Yes     Fast   Passive
    LACP protocol:        Receive State  Transmit State          Mux State
      xe-1/0/4                  Current   Fast periodic Collecting distributing
      xe-0/0/4                  Current   Fast periodic Collecting distributing


{master:0}
root@QFX5100-1-RL102> show lacp statistics interfaces ae0
Aggregated interface: ae0
    LACP Statistics:       LACP Rx     LACP Tx   Unknown Rx   Illegal Rx
      xe-0/0/4                  37         179            0            0
      xe-1/0/4                  35         180            0            0



{master:0}
root@QFX5100-1-RL102> ping routing-instance vr1 192.168.200.2
PING 192.168.200.2 (192.168.200.2): 56 data bytes
64 bytes from 192.168.200.2: icmp_seq=0 ttl=64 time=18.152 ms
64 bytes from 192.168.200.2: icmp_seq=1 ttl=64 time=13.183 ms




Virtual Router

Code Block
titleconfig VR
collapsetrue
set routing-instances vr1 instance-type virtual-router
set routing-instances vr1 interface ae0.0
set routing-instances vr1 interface ae1.0



SRX

AE configuration

Code Block
titleae configuration
set interfaces ae1 aggregated-ether-options link-speed 1g
set interfaces ae1 aggregated-ether-options minimum-links 1
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1.0 family inet address 192.168.210.1/24

set interfaces xe-0/0/2 ether-options 802.3ad ae1
set interfaces xe-1/0/2 ether-options 802.3ad ae1


Virtual Router

Code Block
titleVirtual router
collapsetrue
coming soon


Security Zone Configuration

Code Block
titlesecurity zones
BMS1 Zone:
set security zones security-zone BMS1Zone host-inbound-traffic system-services all
set security zones security-zone BMS1Zone host-inbound-traffic protocols all
set security zones security-zone BMS1Zone interfaces ae0

DC-GW Zone:
set security zones security-zone DC-GW1 host-inbound-traffic system-services all
set security zones security-zone DC-GW1 host-inbound-traffic protocols all
set security zones security-zone BMS1Zone interfaces ae1


Code Block
titleshow interface and security zone
collapsetrue
root@SRX300-1-RL102> show interfaces ae0 detail | find "Security: Zone:"
    Security: Zone: BMS1Zone
    Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf pgm pim rip router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http https ike netconf ping
    reverse-telnet reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip r2cp webapi-clear-text webapi-ssl tcp-encap sdwan-appqoe
    Flow Statistics :
    Flow Input statistics :
      Self packets :                     7177
      ICMP packets :                     7967
      VPN packets :                      0
      Multicast packets :                0
      Bytes permitted by policy :        602868
      Connections established :          7174
    Flow Output statistics:
      Multicast packets :                0
      Bytes permitted by policy :        602868
    Flow error statistics (Packets dropped due to):
      Address spoofing:                  0
      Authentication failed:             0
      Incoming NAT errors:               0
      Invalid zone received packet:      0
      Multiple user authentications:     0
      Multiple incoming NAT:             0
      No parent for a gate:              0
      No one interested in self packets: 0
      No minor session:                  0
      No more sessions:                  0
      No NAT gate:                       0
      No route present:                  0
  2    No SA for ICMPincoming packets SPI:            0
      No tunnel 3found:       VPN packets :          0
      No session for a gate: 0       Multicast packets :   0
      No zone or NULL zone binding 0      1
Bytes permitted by policy :  Policy denied:     168       Connections established :       0
  0    Security Flowassociation Outputnot statisticsactive:   0
   Multicast packets : TCP sequence number out of window: 0
      Syn-attack protection: 0       Bytes permitted by policy : 0
      168User authentication errors:   Flow error statistics (Packets dropped due to): 0
    Protocol Addressinet, spoofingMTU: 1500
    Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 01, Curr new hold cnt: 0, NH Authenticationdrop failedcnt: 0
    Generation: 167, Route    table: 0
      Incoming NAT errors:Flags: Sendbcast-pkt-to-re
      Addresses, Flags: Is-Preferred Is-Primary
     0   Destination: 192.168.200/24, Local:  Invalid zone received packet:      0
      Multiple user authentications:     0
      Multiple incoming NAT192.168.200.2, Broadcast: 192.168.200.255, Generation: 154

root@SRX300-1-RL102>




LACP configuration

Code Block
titleLACP config and show commands
collapsetrue
set interfaces ae0 aggregated-ether-options lacp passive


root@SRX300-1-RL102> show lacp interfaces
Aggregated interface: ae0
    LACP state:       Role   Exp   0Def  Dist  Col  Syn No parentAggr for aTimeout gate: Activity
      ge-0/0/4      0 Actor    No  No one interestedNo in self packets:Yes 0 Yes  Yes   Yes No minor session:  Fast   Passive
      ge-0/0/4     Partner 0   No    No more sessions: Yes  Yes  Yes   Yes     Fast    Active
0      ge-0/0/5 No NAT gate:    Actor    No    No   Yes  Yes  Yes   Yes 0    Fast   NoPassive
route present:     ge-0/0/5     Partner    No    0No   Yes  Yes  NoYes SA for incomingYes SPI:    Fast    Active
   0 LACP protocol:     No tunnel found: Receive State  Transmit State          Mux State
  0    ge-0/0/4   No session for a gate:           Current  0 Fast periodic Collecting distributing
  No zone or NULL zone binding ge-0/0/5        1       Policy denied:  Current   Fast periodic Collecting distributing

root@SRX300-1-RL102> show lacp statistics interfaces ae0
Aggregated interface: ae0
  0  LACP Statistics:    Security association not active:LACP Rx  0   LACP Tx   TCPUnknown sequenceRx number out ofIllegal window:Rx
0       Syn-attack protection: ge-0/0/4             0       User392 authentication errors:       392 0     Protocol inet, MTU: 1500   0  Max nh cache: 100000, New hold nh limit: 100000, Curr nh0
cnt: 1, Curr new hold cnt: 0, NH drop cnt: 0ge-0/0/5          Generation: 167, Route table: 0   392    Flags: Sendbcast-pkt-to-re     390     Addresses, Flags: Is-Preferred Is-Primary    0     Destination: 192.168.200/24, Local: 192.168.200.2, Broadcast: 192.168.200.255, Generation: 1540

LACP configuration
root@SRX300-1-RL102>




MX