Example: Configuring Loop Prevention in VPLS Network Due to MAC Moves
MAC Moves Loop Prevention in VPLS Network Overview
Starting in Junos OS 14.2, you can configure the router to prevent a loop in a VPLS network. In a virtual private LAN service (VPLS) deployment, when a previously learned media access control (MAC) address appears on a different physical interface, for example, local interfaces (Gigabit Ethernet interfaces) or label switched Interfaces (LSIs), or within a different unit of the same physical interface and if this behavior occurs frequently, then it is considered a MAC move.
You can configure the router to report a MAC address move based on the following parameters:
Number of times a MAC address move occurs
Specified period of time over which the MAC address move occurs
Configuration errors at the network can force traffic into never ending circular paths or loops. These loops in the VPLS network cause frequent MAC moves between different interfaces which can be used to rectify the problem by disabling such an interface in the network. The following two approaches can be used to disable the interface causing the loop:
Base learning interface (base IFL) approach algorithm- This is the primary approach used to disable the looped interface. Base interface information is maintained for every MAC in the routing instance. If the MAC stays at the interface it was first learned for 300 seconds, then the interface-MAC association is considered to be stable and this interface is considered as the base interface of the MAC. If the MAC move happens frequently between the local interface and the LSI interface while the base interface of the MAC is an LSI, then the local interface is considered to be looped and has to be disabled.
Statistical approach algorithm– This is the secondary approach used to disable the looped interface. If the MAC has not been learned for over 300 seconds at an interface, then it does not have a base interface and hence the statistical approach is used.
If the MAC that has no base interface information( Base Learning interface is null) starts moving, then the statistics of such MAC moves between different interfaces is learned. If the statistics show MAC moves from LSI to local interface or from local interface to local interface, then the local interface is considered to be looped and is disabled.
There are certain MACs that can move between different interfaces, for example, mastership change in the Virtual Router Redundancy Protocol (VRRP). The base interface of such MAC moves cannot be maintained as this leads to the assumption of a loop creation. Hence, such MACs should be configured as virtual MACs. Example of virtual MACs are 00:00:5e:00:01:xx for VRRP, 00:00:0c:07:ac:xx for hot standby router protocol (HSRP) , 00:07:b4:00:01:xx for global server load balancing (GSLB), and 02:bf:xx:xx:xx:xx for VMotion.
Starting with Junos OS Release 17.4R1, the global-mac-move statement replaces the vpls-mac-move statement. The following timers under the global-mac-move statement help in monitoring the disabled interfaces:
Cooloff time — The cooloff time starts when the interface gets disabled. During this time any MAC move happening in the routing instance is ignored. This ensures that only one interface is blocked at a given time on a routing instance, and blocking of another interface happens only after the expiration of the cooloff timer provided the given MAC moves are still observed. By default, the cooloff time is 30 seconds.
Interface recovery time — When an interface gets disabled , it is disabled permanently. Configuring the interface recovery time ensures that the interface gets enabled on completion of the interface recovery time duration. We recommend that you configure an interface recovery time of more than 300 seconds.
Statistical approach wait time — The time when the statistics are collected after MAC moves are observed to determine the existence of a loop when there is no base IFL for the MAC address. . By default, the statistical approach wait timer is 30 seconds.
Before the base learning interface of a MAC address is established, the statistical approach algorithm is used in MAC move loop prevention. When a statistical approach algorithm is used, the offending MAC address is shown with a MAC address of 00:00:00:00:00:00. Until the base learning interface of MAC addresses are established, this may cause interfaces with routing loops to be misidentified.
See also
Configuring VPLS Loop Prevention Due to MAC Moves
In a virtual private LAN service (VPLS) deployment, when a previously learned media access control (MAC) address appears on a different physical interface, for example, local interfaces (Gigabit Ethernet interfaces) or label switched Interfaces (LSIs), or within a different unit of the same physical interface and if this behavior occurs frequently, then it is considered a MAC move. The router reports a MAC address move based on the number of times a MAC address move occurs and the specified period of time over which the MAC address move occurs. Configuration errors at the VPLS network can lead to loops that cause frequent MAC moves between different interfaces. These moves can be used to rectify the problem by disabling such interface in the network. The following two approaches can be used to disable the interface:
Base learning interface (base IFL) approach algorithm — This is the primary approach used to disable the looped local interface.
Statistical approach algorithm — This is the secondary approach used to disable the looped local interface.
Some virtual MACs can genuinely move between different interfaces and such MACs can be configured to ignore the moves. The cooloff time and the statistical approach wait time are used internally to find out the looped interface. The interface recovery time can be configured to auto-enable the interface that gets disabled due to a loop in the network.
Before you begin to configure loop prevention in a VPLS network:
Configure the VPLS topology.
Configure the VPLS routing instances.
Enable VPLS MAC move action on a VPLS instance.
Configure the routing and signaling protocols.
The following uses the global-mac-move command, which replaced the vpls-mac-move command starting with Junos OS Release 17.4R1.
To configure loop prevention in a VPLS network:
- Configure the threshold time and the threshold count to
detect MAC moves.[edit protocols l2-learning global-mac-move]user@host# set threshold-time secondsuser@host# set threshold-count seconds
For example, configure the threshold time as 30 and the threshold count as 4 to detect MAC moves.
[edit protocols l2-learning global-mac-move]user@host# set threshold-time 30user@host# set threshold-count 4Note If the threshold time and threshold count are not configured, then the default values are used. The default value of threshold time is 1 second, and default value of threshold count is 50.
- (Optional) Configure a cooloff time to ensure that no
other interface gets disabled once an interface, for a routing instance,
is disabled during this time period.[edit protocols l2-learning global-mac-move]user@host# set cooloff-time seconds
- (Optional) Configure the statistical approach wait time
to determine the existence of a loop based on the statistics collected
after MAC moves are observed when there is no base IFL for the MAC
address.[edit protocols l2-learning global-mac-move]user@host# set statistical-approach-wait-time seconds
- (Optional) Configure the interface recovery time to ensure
that the disabled interface gets enabled on completion of the interface
recovery time duration.[edit protocols l2-learning global-mac-move]user@host# set interface-recovery-time seconds
- (Optional) Configure the virtual MAC address to ignore
the MAC moves as this leads to the assumption of loop creation.[edit protocols l2-learning global-mac-move]user@host# set virtual-mac mac-address
- Configure the VPLS routing instance of an interface.[edit routing-instances instance-name]user@host# set instance-type vplsuser@host# set interface interface
- Enable MAC move action on the interface for the VPLS instance,
and configure the VPLS neighbor.[edit routing-instances instance-name]user@host# set protocols vpls enable-mac-move-actionuser@host# set protocols vpls no-tunnel-servicesuser@host# set protocols vpls vpls-id vpls-iduser@host# set protocols vpls neighbor IP-address
See also
Example: Configuring Loop Prevention in VPLS Network Due to MAC Moves
This example shows how to prevent a loop in the VPLS network due to MAC moves between different physical interfaces.
When a MAC move is detected in the VPLS network, Junos OS allows the prevention of the loop in the network by disabling the interface using a base IFL or statistical approach algorithm.
Requirements
This example uses the following hardware and software components:
Four MX Series 5G Universal Routing Platforms
Junos OS Release 14.2 or later running on all devices
Before you begin:
Configure the VPLS topology.
Configure the VPLS routing instances.
Enable VPLS MAC move action on a VPLS instance.
Configure the routing and signaling protocols.
Overview
Starting with Junos OS Release 14.2, the loop creation in the VPLS network due to frequent MAC moves between different physical interfaces can be prevented by identifying and disabling such interfaces using the base IFL approach or statistical approach algorithm.
The base IFL approach algorithm is the primary approach. Base interface information is maintained for every MAC in the routing instance. If the MAC stays at the interface it was first learned for 300 seconds, then the interface-MAC association is considered to be stable, and this interface is considered as the base interface of the MAC. If the MAC move happens frequently between the local interface and the LSI interface while the base interface of the MAC is an LSI, then the local interface is considered to be looped and has to be disabled.
The statistical approach algorithm is the secondary approach used to disable the looped interface. If the MAC has not been learned for over 300 seconds at an interface, then it does not have a base interface and hence the statistical approach is used. If the MAC that has no base interface information( Base Learning interface is null) starts moving then the statistics of such MAC moves between different interfaces is learned. If the statistics show MAC moves from LSI to local interface or from local interface to local interface then the local interface is considered to be looped and is disabled.
Topology
In the topology shown in Figure 1, a loop was detected on Device PE1 in the VPLS network.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
This example uses the global-mac-move command, which replaced the vpls-mac-move command starting with Junos OS Release 17.4R1.
PE0
PE1
PE2
PE3
Configuring Device PE1
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure Device PE1:
Repeat this procedure for Routers PE0, PE2, and PE3 after modifying the appropriate interface names, addresses, and any other parameters for the router.
- Configure the interfaces.[edit interfaces]user@PE1# set ge-0/0/3 unit 0 family inet address 198.51.100.2/24user@PE1# set ge-0/0/3 unit 0 family mplsuser@PE1# set xe-1/2/0 unit 0 family inet address 198.51.100.5/24user@PE1# set xe-1/2/0 unit 0 family mplsuser@PE1# set xe-1/2/1 unit 0 family inet address 198.51.100.3/24user@PE1# set xe-1/2/1 unit 0 family mplsuser@PE1# set xe-1/3/1 vlan-tagginguser@PE1# set xe-1/3/1 encapsulation vlan-vplsuser@PE1# set xe-1/3/1 unit 600 encapsulation vlan-vplsuser@PE1# set xe-1/3/1 unit 600 vlan-id 600user@PE1# set lo0 unit 0 family inet address 192.0.2.2/24
- Configure the routing options.[edit routing-options]user@PE1# set router-id 192.0.2.2user@PE1# set autonomous-system 701
- Configure the MPLS protocol on the interface.[edit protocols mpls]user@PE1# set interface fxp0.0 disableuser@PE1# set interface ge-0/0/3.0user@PE1# set interface xe-1/2/1.0user@PE1# set interface xe-1/2/0.0
- Configure the OSPF protocol.[edit protocols ospf]user@PE1# set area 0.0.0.0 interface lo0.0 passiveuser@PE1# set area 0.0.0.0 interface fxp0.0 disableuser@PE1# set area 0.0.0.0 interface ge-0/0/3.0 interface-type p2puser@PE1# set area 0.0.0.0 interface ge-0/0/3.0 metric 10user@PE1# set area 0.0.0.0 interface xe-1/2/1.0 interface-type p2puser@PE1# set area 0.0.0.0 interface xe-1/2/1.0 metric 10user@PE1# set area 0.0.0.0 interface xe-1/2/0.0 interface-type p2puser@PE1# set area 0.0.0.0 interface xe-1/2/0.0 metric 10
- Configure the LDP protocols on the interfaces.[edit protocols ldp]user@PE1# set interface ge-0/0/3.0user@PE1# set interface xe-1/2/0.0user@PE1# set interface xe-1/2/1.0user@PE1# set interface fxp0.0 disableuser@PE1# set interface lo0.0
- Configure the threshold time and the threshold count to
detect MAC moves.[edit protocols l2-learning global-mac-move]user@PE1# set threshold-time 30user@PE1# set threshold-count 4
- Configure VPLS MAC move parameters like cooloff time,
statistical approach wait time, interface recovery time, and virtual
MAC.[edit protocols l2-learning global-mac-move]user@PE1# set cooloff-time 10user@PE1# set statistical-approach-wait-time 10user@PE1# set interface-recovery-time 10user@PE1# set virtual-mac 00:00:5e:00:01:00/40
- Enable MAC move action on the interface for the VPLS instance
vpls_1.[edit routing-instances vpls_1]user@PE1# set instance-type vplsuser@PE1# set interface xe-1/3/1.600user@PE1# set protocols vpls enable-mac-move-actionuser@PE1# set protocols vpls no-tunnel-servicesuser@PE1# set protocols vpls vpls-id 100user@PE1# set protocols vpls neighbor 192.0.2.1
Results
From configuration mode, confirm your configuration by entering the show interfaces, show protocols, show routing-options, and show routing-instances commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
If you are done configuring the device, enter commit from configuration mode.
Verification
Verify that the configuration is working properly.
Verifying the VPLS MAC Table for the Base IFL Approach Algorithm
Verifying the VPLS MAC Table for the Statistical Approach Algorithm
Verifying the MAC Move in a VPLS Network
Purpose
Verify that the MAC move is observed in a VPLS network.
Action
From operational mode, run the show vpls mac-move-action command for Device PE1.
user@PE1> show vpls mac-move-actionInstance: vpls_1
Local interface: xe-1/3/1.600, Index: 341
Algorithm used : Base IFL
Time rec : 02:30:35
Recovery timer : Yes
Meaning
The output shows Instance name, Local interface and Algorithm used indicating that VPLS MAC Move is observed in a VPLS network.
Verifying the MAC Move in a VPLS Instance
Purpose
Verify that the MAC move is observed in a VPLS instance.
Action
From operational mode, run the show vpls mac-move-action instance instance-name command for Device PE1.
user@PE1> show vpls mac-move-action instance vpls_1
Instance: vpls_1
Local interface: xe-1/3/1.600, Index: 341
Algorithm used : Base IFL
Time rec : 02:29:35
Recovery timer : Yes
Meaning
The output shows Local interface, and Algorithm used indicating that VPLS MAC move has been observed in a VPLS instance.
Verifying the MAC Move Buffer in a VPLS Network
Purpose
Verify the MAC move buffer to monitor the MAC moves that are occurring in the VPLS network.
Action
From operational mode, run the show l2-learning mac-move-buffer command for Device PE1.
user@PE1> show l2-learning mac-move-bufferMAC Time Bridge Address Rec. Domain 00:10:00:01:00:09 03:26:00 __vpls_1__ 00:10:00:01:00:05 03:26:00 __vpls_1__ 00:10:00:01:00:03 03:26:00 __vpls_1__ 00:10:00:01:00:05 03:26:00 __vpls_1__ 00:10:00:01:00:08 03:26:00 __vpls_1__ 00:10:00:01:00:01 03:26:00 __vpls_1__ 00:10:00:01:00:03 03:26:00 __vpls_1__ 00:10:00:01:00:01 03:26:00 __vpls_1__ 00:10:00:01:00:00 03:26:00 __vpls_1__ 00:10:00:01:00:01 03:26:01 __vpls_1__ 00:10:00:01:00:06 03:26:01 __vpls_1__ 00:10:00:01:00:02 03:26:01 __vpls_1__ 00:10:00:01:00:08 03:26:01 __vpls_1__ 00:10:00:01:00:00 03:26:01 __vpls_1__ 00:10:00:01:00:01 03:26:01 __vpls_1__ 00:10:00:01:00:09 03:26:01 __vpls_1__
Verifying the VPLS MAC Table for the Base IFL Approach Algorithm
Purpose
Verify the base learning interfaces for the MAC addresses. .
Action
From operational mode, run the show vpls mac-table extensive command to obtain extensive information of VPLS MAC table.
user@PE1> show vpls mac-table extensiveMAC address: 00:10:00:01:00:00 Routing instance: vpls_1 Bridging domain: __vpls_1__, VLAN : NA Learning interface: lsi.1049165 Base learning interface: lsi.1049165 Layer 2 flags: in_hash,in_ifd,in_ifl,in_vlan,in_rtt,kernel,in_ifbd Epoch: 0 Sequence number: 1 Learning mask: 0x00000001 MAC address: 00:10:00:01:00:01 Routing instance: vpls_1 Bridging domain: __vpls_1__, VLAN : NA Learning interface: lsi.1049165 Base learning interface: lsi.1049165 Layer 2 flags: in_hash,in_ifd,in_ifl,in_vlan,in_rtt,kernel,in_ifbd Epoch: 0 Sequence number: 1 Learning mask: 0x00000001 MAC address: 00:10:00:01:00:02 Routing instance: vpls_1 Bridging domain: __vpls_1__, VLAN : NA Learning interface: lsi.1049165 Base learning interface: lsi.1049165 Layer 2 flags: in_hash,in_ifd,in_ifl,in_vlan,in_rtt,kernel,in_ifbd Epoch: 0 Sequence number: 1 Learning mask: 0x00000001 MAC address: 00:10:00:01:00:03 Routing instance: vpls_1 Bridging domain: __vpls_1__, VLAN : NA Learning interface: lsi.1049165 Base learning interface: lsi.1049165 Layer 2 flags: in_hash,in_ifd,in_ifl,in_vlan,in_rtt,kernel,in_ifbd Epoch: 0 Sequence number: 1 Learning mask: 0x00000001
Meaning
The output of the command show vpls mac-table extensive shows the base learning interface of the MAC address.
Verifying That the Interface Is Disabled
Purpose
Verify that the base learning interface of the MAC address is disabled.
Action
From operational mode, run the show interfaces interface-name command for Device PE1.
user@PE1> show interfaces xe-1/3/1.600Logical interface xe-1/3/1.600 (Index 341) (SNMP ifIndex 2864) Flags: Up Link-Layer-Down SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.600 ] Encapsulation: VLAN-VPLS Input packets : 2234018970 Output packets: 2234728895 Protocol vpls, MTU: 1518 Flags: Is-Primary
Meaning
The flag link-layer-down in the output indicates that the interface is disabled.
Verifying the VPLS MAC Table for the Statistical Approach Algorithm
Purpose
Verify the VPLS MAC table for the statistical approach algorithm.
Action
From operational mode, run the show vpls mac-table extensive command for Device PE1.
user@PE1> show vpls mac-table extensiveMAC address: 00:10:00:01:00:00 Routing instance: vpls_1 Bridging domain: __vpls_1__, VLAN : NA Learning interface: xe-1/3/1.600 Base learning interface: NULL Layer 2 flags: in_hash,in_ifd,in_ifl,in_vlan,in_rtt,kernel,in_ifbd Epoch: 3 Sequence number: 442 Learning mask: 0x00000002 MAC address: 00:10:00:01:00:01 Routing instance: vpls_1 Bridging domain: __vpls_1__, VLAN : NA Learning interface: xe-1/3/1.600 Base learning interface: NULL Layer 2 flags: in_hash,in_ifd,in_ifl,in_vlan,in_rtt,kernel,in_ifbd Epoch: 3 Sequence number: 442 Learning mask: 0x00000003 MAC address: 00:10:00:01:00:02 Routing instance: vpls_1 Bridging domain: __vpls_1__, VLAN : NA Learning interface: xe-1/3/1.600 Base learning interface: NULL Layer 2 flags: in_hash,in_ifd,in_ifl,in_vlan,in_rtt,kernel,in_ifbd Epoch: 3 Sequence number: 442 Learning mask: 0x00000002 MAC address: 00:10:00:01:00:03 Routing instance: vpls_1 Bridging domain: __vpls_1__, VLAN : NA Learning interface: xe-1/3/1.600 Base learning interface: NULL Layer 2 flags: in_hash,in_ifd,in_ifl,in_vlan,in_rtt,kernel,in_ifbd Epoch: 3 Sequence number: 442 Learning mask: 0x00000002
Meaning
The Base learning interface is null which indicates that the statistical approach is in use.