Junos Fusion – Part IV – Satellite policies and uplink failure detection

This is the fourth part of the Junos Fusion series and these are the topics covered:

Diagram and the initial state

Uplink Port Policy

Uplink Failure Detection

Conclusion

 

Diagram and initial state

This is the Junos Fusion setup. It is the same used in Part 3:

FPC75 is an EX4300 and all the other FPCs are EX3400.

Uplink Port Policy

You might remember that in part 1, I said that each type of SD has a default set of interfaces that act as uplink ports and that the clusters have also a default set of interfaces that act as clustering interfaces. The default list of of interfaces can be changed using uplink port policies.

Let’s suppose that a device is attached to FPC66 using a 40G link:

Because FPC66 is an EX3400, it means that PIC1 is capable of 2*40G and PIC2 is capable of 4*1/10G. We are already using PIC2 for uplink/clustering ports.

In case of EX3400, the 40G ports defaults to uplink/clustering ports.

FPC66 has a QSFP in PIC1:

[edit]
root@EX9200-1# run show chassis hardware satellite fpc-slot 66
Hardware inventory:
Item             Version  Part number  Serial number     Description
FPC 66           REV 19   650-059877   NW0217500252      EX3400-24P
  PIC 0          REV 19   BUILTIN      BUILTIN           24x 10/100/1000 Base-T
  PIC 1          REV 19   BUILTIN      BUILTIN           2x 40GE QSFP+
    Xcvr 0       REV 01   740-032986   QE513579          QSFP+-40G-SR4
  PIC 2          REV 19   BUILTIN      BUILTIN           4x 1G/10G SFP/SFP+
    Xcvr 0       REV 01   740-031980   CF07KN0TF         SFP+-10G-SR
    Xcvr 2       REV 01   740-021308   03DZ06A00923      SFP+-10G-SR
Power Supply 0   REV 04   640-060602   1EDX747050J       JPSU-600W-AC-AFO
Fan Tray 0                                               EX3400 Fan Tray 0, Front to Back Airflow - AFO
Fan Tray 1                                               EX3400 Fan Tray 1, Front to Back Airflow - AFO

[edit]
root@EX9200-1#

The interface on FPC66 will become et-66/1/0:

[edit]
root@EX9200-1# show interfaces et-66/1/0
unit 0 {
    family ethernet-switching {
        vlan {
            members v1016;
        }
    }
}

[edit]
root@EX9200-1# run show interfaces terse et-66/1/0
Interface               Admin Link Proto    Local                 Remote
et-66/1/0               up    up
et-66/1/0.0             up    up   eth-switch

[edit]
root@EX9200-1#

Let’s try to ping from the newly connected device to the VRRP VIP:

{master:0}[edit]
root@qfx5200# show interfaces et-0/0/0
unit 0 {
    family inet {
        address 192.168.16.104/32;
    }
}

{master:0}[edit]
root@qfx5200# run ping 192.168.16.1 count 2
PING 192.168.16.1 (192.168.16.1): 56 data bytes

--- 192.168.16.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

{master:0}[edit]
root@qfx5200#

The interface is up on AD, but there is no MAC learnt:

[edit]
root@EX9200-1# run show ethernet-switching table interface et-66/1/0.0

MAC database for interface et-66/1/0.0

[edit]
root@EX9200-1#

This is because, as I said, the 40G defaults to uplink/cluster port, not revenue port.

You can see this here:

[edit]
root@EX9200-1# run show chassis satellite extended-port
Legend for interface types:
   * -- Uplink interface
   + -- Clustering interface
			      Rx 	    Tx            Admin/Op IFD
Name           State          Request State Request State State    Idx   PCID
et-66/1/0+     AddComplete    None          Ready         Up/Up    370   179
et-75/1/0*     AddComplete    None          Ready         Up/Up    201   155
xe-65/2/0*     AddComplete    None          Ready         Up/Up    287   111
xe-65/2/2+     AddComplete    None          Ready         Up/Up    288   113
xe-66/2/0+     AddComplete    None          Ready         Up/Up    260   175
xe-66/2/2+     AddComplete    None          Ready         Up/Up    261   177
xe-67/2/0+     AddComplete    None          Ready         Up/Up    365   119
xe-67/2/2+     AddComplete    None          Ready         Up/Up    366   121
xe-68/2/0*     AddComplete    None          Ready         Up/Up    314   175
xe-68/2/2+     AddComplete    None          Ready         Up/Up    315   177

To change this, you need create a port group that will contain only the uplink/cluster ports. Then you need to configure that port group as uplink port group:

[edit]
root@EX9200-1# show policy-options
satellite-policies {
    port-group-alias CLUSTERING_UPLINK_PORTS {
        pic 2 port [ 0 2 ];
    }
    candidate-uplink-port-policy CLUSTER_LEFT {
        uplink-port-group CLUSTERING_UPLINK_PORTS;
    }
}

[edit]
root@EX9200-1#

The last thing is to attach the policy to the cluster:

[edit]
root@EX9200-1# show chassis satellite-management cluster LEFT cluster-policy
cluster-policy CLUSTER_LEFT;

[edit]
root@EX9200-1#

As always, this type of configuration must be applied on both ADs.

Now, you can see that et-66/1/0 is not an uplink/clustering interface anymore:

[edit]
root@EX9200-1# run show chassis satellite extended-port
Legend for interface types:
   * -- Uplink interface
   + -- Clustering interface
			      Rx 	    Tx            Admin/Op IFD
Name           State          Request State Request State State    Idx   PCID
et-66/1/0      AddComplete    None          Ready         Up/Up    370   179
xe-65/2/0*     AddComplete    None          Ready         Up/Up    287   111
xe-65/2/2+     AddComplete    None          Ready         Up/Up    288   113
xe-66/2/0+     AddComplete    None          Ready         Up/Up    260   175
xe-66/2/2+     AddComplete    None          Ready         Up/Up    261   177
xe-67/2/0+     AddComplete    None          Ready         Up/Up    365   119
xe-67/2/2+     AddComplete    None          Ready         Up/Up    366   121
xe-68/2/0*     AddComplete    None          Ready         Up/Up    314   175
xe-68/2/2+     AddComplete    None          Ready         Up/Up    315   177

Now, the ping should be successful:

{master:0}
root@qfx5200> ping 192.168.16.1 count 1
PING 192.168.16.1 (192.168.16.1): 56 data bytes
64 bytes from 192.168.16.1: icmp_seq=0 ttl=64 time=1.261 ms

--- 192.168.16.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.261/1.261/1.261/0.000 ms

{master:0}
root@qfx5200>

And the MAC is learnt on AD:

[edit]
root@EX9200-1# run show ethernet-switching table interface et-66/1/0.0

MAC database for interface et-66/1/0.0

MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static, C - Control MAC
           SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)


Ethernet switching table : 1 entries, 1 learned
Routing instance : default-switch
    Vlan                MAC                 MAC         Age    Logical                NH        RTR
    name                address             flags              interface              Index     ID
    v1016               ec:13:db:29:3d:03   DR            -   et-66/1/0.0            0         0

[edit]
root@EX9200-1#

 

Uplink Failure Detection

FPC75 is an EX4300 and the uplink ports are 40G links.

Uplink Failure Detection(UFD) allows the satellite to bring down the extended ports in case specific conditions related to uplink ports are not met. For instance, you can bring down all the extended ports when there are less than two uplink ports.

This is the status of FPC75, it has two uplink ports. We will configure the Junos Fusion to bring down all the extended ports if there are less than two uplink ports.

FPC75 has two extended ports that are up:

root@sd75:~# ip -s neighbor list
10.33.48.5 dev et-0-1-1c lladdr dc:38:e1:15:5b:5a ref 1 used 318/0/317 probes 0 REACHABLE
10.18.32.5 dev et-0-1-0c lladdr 08:81:f4:97:05:cd ref 1 used 1006/0/1006 probes 4 REACHABLE
root@sd75:~# ifconfig | grep "\-0\-"
et-0-1-0  Link encap:Ethernet  HWaddr 4c:96:14:e6:2c:5a
et-0-1-1  Link encap:Ethernet  HWaddr 4c:96:14:e6:2c:5b
et-0-1-0c Link encap:Ethernet  HWaddr 4c:96:14:e6:2c:5a
et-0-1-1c Link encap:Ethernet  HWaddr 4c:96:14:e6:2c:5b
ge-0-0-0  Link encap:Ethernet  HWaddr 4c:96:14:e6:2c:32
ge-0-0-6  Link encap:Ethernet  HWaddr 4c:96:14:e6:2c:38
ge-0-0-0c Link encap:Ethernet  HWaddr 4c:96:14:e6:2c:32
ge-0-0-6c Link encap:Ethernet  HWaddr 4c:96:14:e6:2c:38
root@sd75:~#

To configure UFD, you need to configure the port group that will define the uplink ports and then specify link the port group to the uplink port policy like this. You have granularity and you can specify what is the minimum number of links to trigger the policy to take effect or for which product.

[edit]
root@EX9200-1# show policy-options
satellite-policies {
    port-group-alias UPLINK_EX4300 {
        pic 1 port [ 0 1 ];
    }
    candidate-uplink-port-policy UFD {
        term FOR_EX4300 {
            from {
                product-model EX4300*;
                uplink-port-group UPLINK_EX4300;
                minimum-links 2;
            }
        }
    }
}

[edit]
root@EX9200-1#

Then the policy is configured under satellite-management:

[edit]
root@EX9200-1# show chassis satellite-management
uplink-failure-detection {
    candidate-uplink-policy UFD;
}

[edit]
root@EX9200-1#

As always, the feature must be configured on both ADs.

The cascade port on EX9200-1 was disabled which caused UFD to take effect:

[edit]
root@EX9200-1# run show chassis satellite extensive fpc-slot 75
	                Device          Cascade      Port       Extended
Alias            Slot   State           Ports        State      Ports
_sd75            75     UFDDown         et-4/2/1     down       50/1
                                        ae0*         online

When                 Event                         Action
Jul 26 19:43:52.87   SD notifying UFD failure detected (min-uplinks not UP)

And on the second AD:

[edit]
root@EX9200-2# run show chassis satellite extensive fpc-slot 75
	                Device          Cascade      Port       Extended
Alias            Slot   State           Ports        State      Ports
_sd75            75     UFDDown         et-2/3/1     online     50/1

On satellite, no extended port is up:

root@sd75:~# ip -s neighbor list
10.33.48.5 dev et-0-1-1c lladdr dc:38:e1:15:5b:5a ref 1 used 442/0/441 probes 0 REACHABLE
root@sd75:~# ifconfig | grep "\-0\-"
et-0-1-1  Link encap:Ethernet  HWaddr 4c:96:14:e6:2c:5b
et-0-1-1c Link encap:Ethernet  HWaddr 4c:96:14:e6:2c:5b
root@sd75:~#

 

Conclusion

This would be pretty much for this part and finishes the Junos Fusion series.

Throughout the four parts of the series we discussed the benefits and the concepts of Junos Fusion, we saw what is required to bring up a Junos Fusion and finally we discussed about satellite policies.

I hope you found this part and the series useful.

The following two tabs change content below.

Paris ARAU

Paris ARAU is a networking professional with strong background on routing and switching technologies. He is a holder of CCIE R&S and dual JNCIE(SP and ENT). The day to day work allows him to dive deeply in networking technologies. Part of the continuously training, he is focusing on Software Defined Network and cloud computing.

Comments

So empty here ... leave a comment!

Leave a Reply

Your email address will not be published. Required fields are marked *

Sidebar



%d bloggers like this: