ON THIS PAGE
Example: Loop Detection Using the MAC Move Approach
This example shows how to detect loops using the MAC move approach.
Requirements
This example requires the following hardware and software components:
MX Series 3D Universal Edge Routers
Junos OS Release 13.2 running on all the devices
Overview
When a MAC address appears on a different physical interface or within a different unit of the same physical interface and if this behavior occurs frequently, it is considered a MAC move.
Configuration errors at the network can force traffic into never
ending circular paths. Once there are loops in the Layer 2 network,
one of the symptoms is frequent MAC moves, which can be used for rectification
of the problem. When it is observed that a source MAC address is moving
among the ports, interface is blocked based on the configured action-priority for
the interface. If the action-priority value configured
for interfaces is the same, the last interface for the bridge domain
on which the MAC address move occurred is blocked.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set interfaces ge-1/0/4 vlan-tagging set interfaces ge-1/0/4 encapsulation flexible-ethernet-services set interfaces ge-1/0/4 unit 10 encapsulation vlan-bridge set interfaces ge-1/0/4 unit 10 vlan-id 10 set interfaces ge-1/0/4 unit 11 encapsulation vlan-bridge set interfaces ge-1/0/4 unit 11 vlan-id 11 set interfaces ge-1/0/5 unit 0 family bridge interface-mode trunk set interfaces ge-1/0/5 unit 0 family bridge vlan-id-list 10-12 set interfaces ge-1/0/6 unit 0 family bridge interface-mode trunk set interfaces ge-1/0/6 unit 0 family bridge vlan-id-list 10-12 set bridge-domains bd10 vlan-id 10 set bridge-domains bd10 enable-mac-move-action set bridge-domains bd10 bridge-options interface ge-1/0/5.0 action-priority 1 set bridge-domains bd10 bridge-options interface ge-1/0/6.0 action-priority 5 set bridge-domains bd11 vlan-id 11 set bridge-domains bd11 enable-mac-move-action set bridge-domains bd12 vlan-id 12
In the previous example, all the interfaces, including the trunk interfaces in bd10 and bd11 will be monitored. If there are frequent MAC moves detected within interfaces ge-1/0/5 and ge-1/0/6, interface ge-1/0/5 is blocked. The blocking for trunk interfaces is such that data traffic only for a VLAN (on which the MAC move is detected) will be blocked and not for all the VLANs in the trunk. No action will be taken if a frequent MAC move is observed in bd12.
Configuring Loop Detection Using the MAC Move Approach
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode.
To configure loop detection using the MAC address move approach:
Configure the interfaces.
[edit interfaces] user@host# set ge-1/0/4 vlan-tagging user@host# set ge-1/0/4 encapsulation flexible-ethernet-services user@host# set ge-1/0/4 unit 10 encapsulation vlan-bridge user@host# set ge-1/0/4 unit 10 vlan-id 10 user@host# set ge-1/0/4 unit 11 encapsulation vlan-bridge user@host# set ge-1/0/4 unit 11 vlan-id 11 user@host# set ge-1/0/5 unit 0 family bridge interface-mode trunk user@host# set ge-1/0/5 unit 0 family bridge vlan-id-list 10-12 user@host# set ge-1/0/6 unit 0 family bridge interface-mode trunk user@host# set ge-1/0/6 unit 0 family bridge vlan-id-list 10-12
Configure the bridge domain parameters.
[edit bridge-domains] user@host# set bd10 vlan-id 10 user@host# set bd10 enable-mac-move-action user@host# set bd10 bridge-options interface ge-1/0/5.0 action-priority 1 user@host# set bd10 bridge-options interface ge-1/0/6.0 action-priority 5 user@host# set bd11 vlan-id 11 user@host# set bd11 enable-mac-move-action user@host# set bd12 vlan-id 12
Results
From configuration mode, confirm your configuration by entering show interfaces and show bridge-domains commands.
If the output does not display the intended configuration, repeat
the instructions in this example to correct the configuration.
user@host# show interfaces
ge-1/0/4 {
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 10 {
encapsulation vlan-bridge;
vlan-id 10;
}
unit 11 {
encapsulation vlan-bridge;
vlan-id 11;
}
}
ge-1/0/5 {
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 10-12;
}
}
}
ge-1/0/6 {
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 10-12;
}
}
}
user@host# show bridge-domains
bridge-domains {
bd10 {
vlan-id 10;
bridge-options {
interface ge-1/0/5.0 {
action-priority 1;
}
interface ge-1/0/6.0 {
action-priority 5
}
}
enable-mac-move-action;
}
bd11 {
vlan-id 11;
enable-mac-move-action;
}
bd12 {
vlan-id 12;
}
}
If you are done configuring the device, enter commit from configuration mode.
Verification
Verifying That the Logical Interfaces Blocked Due to MAC Move Are Displayed
Purpose
Ensure that the current set of logical interfaces blocked due to a MAC move, if any, are displayed.
Action
From operational mode, enter the show l2-learning
mac-move-buffer active command.
user@host# show l2-learning mac-move-buffer active
MAC Address: 00:00:00:00:01:01, VLAN Id: 0
Time Rec : 2012-06-25 06:23:41 Bridge Domain: bd10
Prev IFL : ge-1/0/5.0 New IFL: ge-1/0/6.0
IFBD : ge-1/0/6.0:10 Blocked : YES Meaning
As a result of MAC move detection, one of the involved interface bridge domains will be blocked. The output shows that the ge-1/0/6 logical interface is blocked.