Junos Fusion – Part IV – Satellite policies and uplink failure detection
This is the fourth part of the Junos Fusion series and these are the topics covered:
This is the Junos Fusion setup. It is the same used in Part 3:
FPC75 is an EX4300 and all the other FPCs are EX3400.
You might remember that in part 1, I said that each type of SD has a default set of interfaces that act as uplink ports and that the clusters have also a default set of interfaces that act as clustering interfaces. The default list of of interfaces can be changed using uplink port policies.
Let’s suppose that a device is attached to FPC66 using a 40G link:
Because FPC66 is an EX3400, it means that PIC1 is capable of 2*40G and PIC2 is capable of 4*1/10G. We are already using PIC2 for uplink/clustering ports.
In case of EX3400, the 40G ports defaults to uplink/clustering ports.
FPC66 has a QSFP in PIC1:
[edit] root@EX9200-1# run show chassis hardware satellite fpc-slot 66 Hardware inventory: Item Version Part number Serial number Description FPC 66 REV 19 650-059877 NW0217500252 EX3400-24P PIC 0 REV 19 BUILTIN BUILTIN 24x 10/100/1000 Base-T PIC 1 REV 19 BUILTIN BUILTIN 2x 40GE QSFP+ Xcvr 0 REV 01 740-032986 QE513579 QSFP+-40G-SR4 PIC 2 REV 19 BUILTIN BUILTIN 4x 1G/10G SFP/SFP+ Xcvr 0 REV 01 740-031980 CF07KN0TF SFP+-10G-SR Xcvr 2 REV 01 740-021308 03DZ06A00923 SFP+-10G-SR Power Supply 0 REV 04 640-060602 1EDX747050J JPSU-600W-AC-AFO Fan Tray 0 EX3400 Fan Tray 0, Front to Back Airflow - AFO Fan Tray 1 EX3400 Fan Tray 1, Front to Back Airflow - AFO [edit] root@EX9200-1#
The interface on FPC66 will become et-66/1/0:
[edit] root@EX9200-1# show interfaces et-66/1/0 unit 0 { family ethernet-switching { vlan { members v1016; } } } [edit] root@EX9200-1# run show interfaces terse et-66/1/0 Interface Admin Link Proto Local Remote et-66/1/0 up up et-66/1/0.0 up up eth-switch [edit] root@EX9200-1#
Let’s try to ping from the newly connected device to the VRRP VIP:
{master:0}[edit] root@qfx5200# show interfaces et-0/0/0 unit 0 { family inet { address 192.168.16.104/32; } } {master:0}[edit] root@qfx5200# run ping 192.168.16.1 count 2 PING 192.168.16.1 (192.168.16.1): 56 data bytes --- 192.168.16.1 ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss {master:0}[edit] root@qfx5200#
The interface is up on AD, but there is no MAC learnt:
[edit] root@EX9200-1# run show ethernet-switching table interface et-66/1/0.0 MAC database for interface et-66/1/0.0 [edit] root@EX9200-1#
This is because, as I said, the 40G defaults to uplink/cluster port, not revenue port.
You can see this here:
[edit] root@EX9200-1# run show chassis satellite extended-port Legend for interface types: * -- Uplink interface + -- Clustering interface Rx Tx Admin/Op IFD Name State Request State Request State State Idx PCID et-66/1/0+ AddComplete None Ready Up/Up 370 179 et-75/1/0* AddComplete None Ready Up/Up 201 155 xe-65/2/0* AddComplete None Ready Up/Up 287 111 xe-65/2/2+ AddComplete None Ready Up/Up 288 113 xe-66/2/0+ AddComplete None Ready Up/Up 260 175 xe-66/2/2+ AddComplete None Ready Up/Up 261 177 xe-67/2/0+ AddComplete None Ready Up/Up 365 119 xe-67/2/2+ AddComplete None Ready Up/Up 366 121 xe-68/2/0* AddComplete None Ready Up/Up 314 175 xe-68/2/2+ AddComplete None Ready Up/Up 315 177
To change this, you need create a port group that will contain only the uplink/cluster ports. Then you need to configure that port group as uplink port group:
[edit] root@EX9200-1# show policy-options satellite-policies { port-group-alias CLUSTERING_UPLINK_PORTS { pic 2 port [ 0 2 ]; } candidate-uplink-port-policy CLUSTER_LEFT { uplink-port-group CLUSTERING_UPLINK_PORTS; } } [edit] root@EX9200-1#
The last thing is to attach the policy to the cluster:
[edit] root@EX9200-1# show chassis satellite-management cluster LEFT cluster-policy cluster-policy CLUSTER_LEFT; [edit] root@EX9200-1#
As always, this type of configuration must be applied on both ADs.
Now, you can see that et-66/1/0 is not an uplink/clustering interface anymore:
[edit] root@EX9200-1# run show chassis satellite extended-port Legend for interface types: * -- Uplink interface + -- Clustering interface Rx Tx Admin/Op IFD Name State Request State Request State State Idx PCID et-66/1/0 AddComplete None Ready Up/Up 370 179 xe-65/2/0* AddComplete None Ready Up/Up 287 111 xe-65/2/2+ AddComplete None Ready Up/Up 288 113 xe-66/2/0+ AddComplete None Ready Up/Up 260 175 xe-66/2/2+ AddComplete None Ready Up/Up 261 177 xe-67/2/0+ AddComplete None Ready Up/Up 365 119 xe-67/2/2+ AddComplete None Ready Up/Up 366 121 xe-68/2/0* AddComplete None Ready Up/Up 314 175 xe-68/2/2+ AddComplete None Ready Up/Up 315 177
Now, the ping should be successful:
{master:0} root@qfx5200> ping 192.168.16.1 count 1 PING 192.168.16.1 (192.168.16.1): 56 data bytes 64 bytes from 192.168.16.1: icmp_seq=0 ttl=64 time=1.261 ms --- 192.168.16.1 ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.261/1.261/1.261/0.000 ms {master:0} root@qfx5200>
And the MAC is learnt on AD:
[edit] root@EX9200-1# run show ethernet-switching table interface et-66/1/0.0 MAC database for interface et-66/1/0.0 MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static, C - Control MAC SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC) Ethernet switching table : 1 entries, 1 learned Routing instance : default-switch Vlan MAC MAC Age Logical NH RTR name address flags interface Index ID v1016 ec:13:db:29:3d:03 DR - et-66/1/0.0 0 0 [edit] root@EX9200-1#
FPC75 is an EX4300 and the uplink ports are 40G links.
Uplink Failure Detection(UFD) allows the satellite to bring down the extended ports in case specific conditions related to uplink ports are not met. For instance, you can bring down all the extended ports when there are less than two uplink ports.
This is the status of FPC75, it has two uplink ports. We will configure the Junos Fusion to bring down all the extended ports if there are less than two uplink ports.
FPC75 has two extended ports that are up:
root@sd75:~# ip -s neighbor list 10.33.48.5 dev et-0-1-1c lladdr dc:38:e1:15:5b:5a ref 1 used 318/0/317 probes 0 REACHABLE 10.18.32.5 dev et-0-1-0c lladdr 08:81:f4:97:05:cd ref 1 used 1006/0/1006 probes 4 REACHABLE root@sd75:~# ifconfig | grep "\-0\-" et-0-1-0 Link encap:Ethernet HWaddr 4c:96:14:e6:2c:5a et-0-1-1 Link encap:Ethernet HWaddr 4c:96:14:e6:2c:5b et-0-1-0c Link encap:Ethernet HWaddr 4c:96:14:e6:2c:5a et-0-1-1c Link encap:Ethernet HWaddr 4c:96:14:e6:2c:5b ge-0-0-0 Link encap:Ethernet HWaddr 4c:96:14:e6:2c:32 ge-0-0-6 Link encap:Ethernet HWaddr 4c:96:14:e6:2c:38 ge-0-0-0c Link encap:Ethernet HWaddr 4c:96:14:e6:2c:32 ge-0-0-6c Link encap:Ethernet HWaddr 4c:96:14:e6:2c:38 root@sd75:~#
To configure UFD, you need to configure the port group that will define the uplink ports and then specify link the port group to the uplink port policy like this. You have granularity and you can specify what is the minimum number of links to trigger the policy to take effect or for which product.
[edit] root@EX9200-1# show policy-options satellite-policies { port-group-alias UPLINK_EX4300 { pic 1 port [ 0 1 ]; } candidate-uplink-port-policy UFD { term FOR_EX4300 { from { product-model EX4300*; uplink-port-group UPLINK_EX4300; minimum-links 2; } } } } [edit] root@EX9200-1#
Then the policy is configured under satellite-management:
[edit] root@EX9200-1# show chassis satellite-management uplink-failure-detection { candidate-uplink-policy UFD; } [edit] root@EX9200-1#
As always, the feature must be configured on both ADs.
The cascade port on EX9200-1 was disabled which caused UFD to take effect:
[edit] root@EX9200-1# run show chassis satellite extensive fpc-slot 75 Device Cascade Port Extended Alias Slot State Ports State Ports _sd75 75 UFDDown et-4/2/1 down 50/1 ae0* online When Event Action Jul 26 19:43:52.87 SD notifying UFD failure detected (min-uplinks not UP)
And on the second AD:
[edit] root@EX9200-2# run show chassis satellite extensive fpc-slot 75 Device Cascade Port Extended Alias Slot State Ports State Ports _sd75 75 UFDDown et-2/3/1 online 50/1
On satellite, no extended port is up:
root@sd75:~# ip -s neighbor list 10.33.48.5 dev et-0-1-1c lladdr dc:38:e1:15:5b:5a ref 1 used 442/0/441 probes 0 REACHABLE root@sd75:~# ifconfig | grep "\-0\-" et-0-1-1 Link encap:Ethernet HWaddr 4c:96:14:e6:2c:5b et-0-1-1c Link encap:Ethernet HWaddr 4c:96:14:e6:2c:5b root@sd75:~#
This would be pretty much for this part and finishes the Junos Fusion series.
Throughout the four parts of the series we discussed the benefits and the concepts of Junos Fusion, we saw what is required to bring up a Junos Fusion and finally we discussed about satellite policies.
I hope you found this part and the series useful.
Paris ARAU
Latest posts by Paris ARAU (see all)
- Junos Fusion – Part IV – Satellite policies and uplink failure detection - 30 July 2018
- Junos Fusion – Part III – Satellite commands and traffic forwarding - 16 July 2018
- Junos Fusion – Part II – Configuration, Administration and Operation - 16 July 2018
- Junos Fusion – Part I – Overview, Components, Ports and Software - 11 July 2018
- Vagrant – Part IV – Network topology using Juniper and Cumulus - 26 April 2018
Comments
So empty here ... leave a comment!