Hello,
Can you try to configure MTU 1518 on both sides of your link between MX and EX? You had MTU mismatch, which may very well be the root cause of your problem.
Best regards,
Sergii
-------------------------------------------------------------------
Please accept the solution if your problem is resolved 
-------------------------------------------------------------------
Thanks for reply...
Any idea or why there is no associate arp entries?
Hi,
Most probably no arp replies.
You can check using:
monitor traffic interface <interface> matching arp
Cheers,
Ashvin
hi,
When doing monitor traffic below, concurrently doing also >show route forwarding-table | match hold | match 10.10.100.10
Yes there is no in traffic, isn't it?
>monitor traffic interface irb.130 matching "host 10.10.100.10 and arp" no-resolve verbose output suppressed, use <detail> or <extensive> for full protocol decode Address resolution is OFF. Listening on irb.130, capture size 96 bytes 21:46:17.219282 Out arp who-has 10.10.100.10 tell 10.10.100.5 21:46:18.119254 Out arp who-has 10.10.100.10 tell 10.10.100.5 21:46:18.719293 Out arp who-has 10.10.100.10 tell 10.10.100.5 21:46:19.776738 Out arp who-has 10.10.100.10 tell 10.10.100.5 21:46:20.419334 Out arp who-has 10.10.100.10 tell 10.10.100.5 21:46:21.019280 Out arp who-has 10.10.100.10 tell 10.10.100.5 21:46:21.719281 Out arp who-has 10.10.100.10 tell 10.10.100.5 21:46:22.419280 Out arp who-has 10.10.100.10 tell 10.10.100.5 21:46:27.788773 Out arp who-has 10.10.100.10 tell 10.10.100.5 21:46:28.619252 Out arp who-has 10.10.100.10 tell 10.10.100.5
Hi,
Looks like no arp replies.
You can try configuring a static arp to test and if you know the mac details of the host.
You would also need a bridge-domain/switching static mac address configured, since this is an irb interface for reachability.
Cheers,
Ashvin
I have already read a ton of literature about "size MTU at EX switches".
Like:
https://lists.gt.net/nsp/juniper/25466
https://packet-expert.org/2016/09/23/junos-mtu-handling-on-access-trunk-ports/
In all source say:
"
Obviously its creating confusion, if trunk interface is showing MTU value of 1514 then how it will receive packet with 1500 bytes payload + 18 bytes header . But the matter of the fact is , this interface will receive payload size of 1500 bytes and header size of 18 bytes even with MTU value displayed in CLI as 1514 .
Conclusion
"
On the other hand, I have a other connection from this MX480 to the switch QFX1002:
admin@QFX10002-nl-1> show interfaces ae1
Physical interface: ae1 (MC-AE-1, active), Enabled, Physical link is Up
Interface index: 149, SNMP ifIndex: 531
Description: uplink to MX480
Link-level type: Ethernet, MTU: 1514, Speed: 100Gbps, BPDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Minimum links needed: 1,
Minimum bandwidth needed: 1bps
Device flags : Present Running
No issue.
I have other POP. Other MX480 connected to QFX5100-VC. No issue.
admin@P23> show interfaces ae0 Physical interface: ae0, Enabled, Physical link is Up Interface index: 695, SNMP ifIndex: 607 Description: to MX480 Link-level type: Ethernet, MTU: 1514, Speed: 180Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Minimum links needed: 1, Minimum bandwidth needed: 1bps Device flags : Present Running
P.S. Of course I try at EX4550:
admin# set interfaces ae1 mtu 1518
{master:2}[edit]
admin# commit synchronize
fpc2:
configuration check succeeds
fpc3:
commit complete
fpc2:
commit complete
{master:2}[edit]
Not solved.
root@ubuntu:~# wget -O /dev/null https://mirror.leaseweb.com/speedtest/10000mb.bin --2019-10-11 06:01:46-- https://mirror.leaseweb.com/speedtest/10000mb.bin Resolving mirror.leaseweb.com (mirror.leaseweb.com)... 37.58.58.140, 2a00:c98:2030:a034::21 Connecting to mirror.leaseweb.com (mirror.leaseweb.com)|37.58.58.140|:443... connected.
P.P.S.
admin# run show ethernet-switching interfaces ae1 detail
Interface: ae1.0, Index: 126, State: up, Port mode: Trunk
Native vlan: native
Ether type for the interface: 0x8100
VLAN membership:
native, 802.1Q Tag: 1, untagged, msti-id: 0, unblocked
vlan_300, 802.1Q Tag: 300, tagged, msti-id: 0, unblocked
vlan_350, 802.1Q Tag: 350, tagged, msti-id: 0, unblocked
vlan_400, 802.1Q Tag: 400, tagged, msti-id: 0, unblocked
vlan_450, 802.1Q Tag: 450, tagged, msti-id: 0, unblocked
vlan_500, 802.1Q Tag: 500, tagged, msti-id: 0, unblocked
vlan_550, 802.1Q Tag: 550, tagged, msti-id: 0, unblocked
vlan_800, 802.1Q Tag: 800, tagged, msti-id: 0, unblocked
Number of MACs learned on IFL: 24
{master:2}[edit]
admin# show interfaces xe-2/0/13
unit 0 {
family ethernet-switching {
vlan {
members vlan_550;
}
filter {
input 2g;
}
}
}
ll try later on...thanks for help
In my opinion, your configuration on both MX and EX should include properly calculated MTU, regardless of the behavior you described. More detailed description of this behavior can be found here:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB23906&smlogin=true
It boils down to the fact that MRU is always bigger then MTU on EX switches. However, even if MRU allows you to receive slightly bigger (e.g. tagged packets), MTU configuration should control whether such frames can be sent out of the interface.
When you say there is a QFX connected to the same MX, and "there is no issue" - did you test using the same steps (wget on the directly connected to QFX server)?
Is MX in your topology the default gateway, and EX VC is a pure L2 switch? If yes, you should be able to use ping with DF bit set to identify the actual maximum MTU between MX and the server.
Best regards,
Sergii
-------------------------------------------------------------------
Please accept the solution if your problem is resolved
-------------------------------------------------------------------
1) yes .. same test
QFX: always success
root@ubuntu:~# ifconfig p6p1 | grep MTU
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
root@ubuntu:~# wget -O /dev/null https://mirror.leaseweb.com/speedtest/10000mb.bin
--2019-10-11 16:51:54-- https://mirror.leaseweb.com/speedtest/10000mb.bin
Resolving mirror.leaseweb.com (mirror.leaseweb.com)... 5.79.108.33, 2001:1af8:4700:b210::33
Connecting to mirror.leaseweb.com (mirror.leaseweb.com)|5.79.108.33|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 10000000000 (9.3G) [application/octet-stream]
Saving to: ‘/dev/null’
5% [=========> ] 558,767,760 381MB/s ^C
root@ubuntu:~# wget -O /dev/null https://mirror.leaseweb.com/speedtest/10000mb.bin
--2019-10-11 16:51:58-- https://mirror.leaseweb.com/speedtest/10000mb.bin
Resolving mirror.leaseweb.com (mirror.leaseweb.com)... 5.79.108.33, 2001:1af8:4700:b210::33
Connecting to mirror.leaseweb.com (mirror.leaseweb.com)|5.79.108.33|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 10000000000 (9.3G) [application/octet-stream]
Saving to: ‘/dev/null’
3% [=====> ] 322,117,264 307MB/s ^C
root@ubuntu:~# wget -O /dev/null https://mirror.leaseweb.com/speedtest/10000mb.bin
--2019-10-11 16:52:01-- https://mirror.leaseweb.com/speedtest/10000mb.bin
Resolving mirror.leaseweb.com (mirror.leaseweb.com)... 5.79.108.33, 2001:1af8:4700:b210::33
Connecting to mirror.leaseweb.com (mirror.leaseweb.com)|5.79.108.33|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 10000000000 (9.3G) [application/octet-stream]
Saving to: ‘/dev/null’
4% [=======> 2)
Correct. L3 border - MX480. EX/QFX - L2.
To server behind (after) EX:
ping -s $((1500 - 28)) -D xx.220.40.214 -c 1 PING xx.220.40.214 (xx.220.40.214) 1472(1500) bytes of data. ^C --- xx.220.40.214 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms
To server behind (after) QFX:
ping -s $((1500 - 28)) -D xx.191.126.216 -c 1 PING xx.191.126.216 (xx.191.126.216) 1472(1500) bytes of data. [1570805684.140263] 1480 bytes from xx.191.126.216: icmp_req=1 ttl=56 time=49.2 ms --- xx.191.126.216 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 49.267/49.267/49.267/0.000 ms
From internet. From one place. I checked the network path matches, only different interfaces on the last inch (Mx480 to EX subnet or MX480 to QFX subnet). The path from the Internet to the router is the same.
P.S.
EX server root@ubuntu:~# ifconfig | grep mtu enp13s0f1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 lxcbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
MTU ping -s $((1500 - 32)) -D xx.220.40.214 -c 1 PING xx.220.40.214 (xx.220.40.214) 1468(1496) bytes of data. [1570806644.226991] 1476 bytes from xx.220.40.214: icmp_req=1 ttl=56 time=51.5 ms --- xx.220.40.214 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms
It looks like the problem is solved.
The problem was at the level of L1/L2 between EX switch and MX480.
it turned out there was not a dark fiber, but some interfaces went through the switch of service provider ..
Thanks for the discussion - experiments with ping prompted the right thought.
Hello,
How do I find the Config of cpu, memory and disk model in qfx3500?
show chassis hardware extensive show details but don't show cpu type/cores, ram and disk is ssd ?
Thanks
Hi Fiber9,
You can get more details from the following commands:
Any ideas regarding to my previous post?
Hi there,
On Cisco, each interface is assigned a set number of pools for different frame sizes. These pools provide queing buffers for the interface
How does it work on EX 4600 ? Do we fixed/shared pool for each frame sizes for each port?
Back ground:
We are planning to use two EX 4600 switches for our storage. This will will be dediacted switched network just for storage.
We are looking into using jumbo frames.
Thanks and have a good weekend!!
The queues are shared for all frame sizes in the particular class. The buffers can be set per queue.
Hi,
Is that a family inet or family ethernet-switching interface.
If ethernet-switching the firewall filter will be a slightly different.
Cheers,
Ashvin
hi there...Thanks for replies...
What you mean slightly different?
CAn you provide workable config for both ethernet-swithing and family inet? Is it possible?
Hi,
I think that might depend on the junos version. Sometimes, the match conditions can be different, e.g ip-source-address instead of source-address.
ethernet-switching:
set firewall family ethernet-switching<name> term <term> from ip-source-address x.x.x.x
inet:
set firewall family inet<name> term <term> from source-address x.x.x.x
Cheers,
Ashvin
Hello,
After a long break I wanted to change the port configuration on my EX3300 based Virtual Chassis.
To my surprise, the switch has returned an error (as below). I didn't change any rstp related configuration lines, only the port description.
What I tried already in order to solve that:
- run 'commit synchronize force'
- login to member 1 and run 'mgd -i' and 'commit' from master again
VC is a three member stack with JUNOS Base OS boot 12.3R3.4.
fpc0: configuration check succeeds fpc1: /var/tmp/juniper.conf+.gz:1786:(8) syntax error: rstp /var/tmp/juniper.conf+.gz:1794:(5) error recovery ignores input until this point: } /var/tmp/juniper.conf+.gz:1797:(5) error recovery ignores input until this point: } /var/tmp/juniper.conf+.gz:1800:(5) error recovery ignores input until this point: } /var/tmp/juniper.conf+.gz:1815:(1) error recovery ignores input until this point: } /var/tmp/juniper.conf+.gz:1904:(1) error recovery ignores input until this point: } /var/tmp/juniper.conf+.gz:1907:(1) error recovery ignores input until this point: } /var/tmp/juniper.conf+.gz:1915:(1) error recovery ignores input until this point: } error: remote load-configuration failed on fpc1 /config/juniper.conf:1786:(8) syntax error: rstp /config/juniper.conf:1794:(5) error recovery ignores input until this point: } /config/juniper.conf:1797:(5) error recovery ignores input until this point: } /config/juniper.conf:1800:(5) error recovery ignores input until this point: } /config/juniper.conf:1815:(1) error recovery ignores input until this point: } /config/juniper.conf:1904:(1) error recovery ignores input until this point: } /config/juniper.conf:1907:(1) error recovery ignores input until this point: } /config/juniper.conf:1915:(1) error recovery ignores input until this point: } fpc0: error: remote unlock-configuration failed on fpc1
Dawid