ON THIS PAGE
Understanding Physical Interfaces for Aggregated Ethernet Interfaces
Example: Associating Physical Interfaces with Aggregated Ethernet Interfaces
Understanding Minimum Links for Aggregated Ethernet Interfaces
Understanding VLAN Tagging for Aggregated Ethernet Interfaces
Understanding Promiscuous Mode for Aggregated Ethernet Interfaces
Configuring Aggregated Ethernet Interfaces
The below topics discuss the overview Aggregated Ethernet (AE) interfaces on security devices, configuration details of AE interfaces, physical interfaces, AE interface link speed, VLAN tagging for aggregated Ethernet interfaces, and deleting an Aggregated Ethernet interface in security devices.
Understanding Aggregated Ethernet Interfaces
Link aggregation of Ethernet interfaces is defined in the IEEE 802.3ad standard. Junos OS implementation of 802.3ad balances traffic across the member links within an aggregated Ethernet bundle based on Layer 3 information carried in the packet, Layer 4 information carried in the packet, or both, or based on session ID data. (The session ID data has higher precedence than the Layer 3 or 4 information.) This implementation uses the same load-balancing algorithm used for per-packet load balancing.
Aggregated Ethernet interfaces can be Layer 3 interfaces (VLAN-tagged or untagged) and Layer 2 interfaces.
This topic is specific to the SRX3000 and SRX5000 line devices. For information about link aggregation for other SRX Series Firewalls, see the Configuring Link Aggregation Control Protocol.
This topic contains the following sections:
LAGs
You can combine multiple physical Ethernet ports to form a logical point-to-point link, known as a link aggregation group (LAG) or bundle, such that a media access control (MAC) client can treat the LAG as if it were a single link. Support for LAGs based on IEEE 802.3ad makes it possible to aggregate physical interface links on your device. LAGs provide increased interface bandwidth and link availability by linking physical ports and load-balancing traffic crossing the combined interface. For the LAG to operate correctly, it is necessary to coordinate the two end systems connected by the LAG, either manually or automatically.
Internally, a LAG is a virtual interface presented on SRX3000 and SRX5000 line devices or on any system (consisting of devices such as routers and switches) supporting 802.3ad link aggregation. Externally, a LAG corresponds to a bundle of physical Ethernet links connected between an SRX3000 or SRX5000 line device and another system capable of link aggregation. This bundle of physical links is a virtual link.
Follow these guidelines for aggregated Ethernet support for the SRX3000 and SRX5000 lines:
The devices support a maximum of 16 physical interfaces per single aggregated Ethernet bundle.
Aggregated Ethernet interfaces can use interfaces from the same or different Flexible PIC Concentrators (FPCs) and PICs.
On the aggregated bundle, capabilities such as MAC accounting, VLAN rewrites, and VLAN queuing are available.
LACP
Junos OS supports the Link Aggregation Control Protocol (LACP), which is a subcomponent of IEEE 802.3ad. LACP provides additional functionality for LAGs.
Starting with Junos OS Release 15.1X49-D40, LACP is supported on Layer 2 transparent mode in addition to existing support on Layer 3 mode. For information about link aggregation for other SRX Series Firewalls, see the Ethernet Switching User Guide.
LACP provides a standardized means for exchanging information between partner (remote or far-end of the link) systems on a link. This exchange allows their link aggregation control instances to reach agreement on the identity of the LAG to which the link belongs, and then to move the link to that LAG. This exchange also enables the transmission and reception processes for the link to function in an orderly manner.
For example, when LACP is not enabled, a local LAG might attempt to transmit packets to a remote individual interface, which causes the communication to fail. (An individual interface is a nonaggregatable interface.) When LACP is enabled, a local LAG cannot transmit packets unless a LAG with LACP is also configured on the remote end of the link.
You configure an aggregated Ethernet virtual link by specifying the link number as a physical device. Then you associate a set of ports that have the same speed and are in full-duplex mode. The physical ports can be 100-megabit Ethernet, 1-Gigabit Ethernet, and 10-Gigabit Ethernet.
When configuring LACP, follow these guidelines:
LACP does not support automatic configuration on SRX3000 and SRX5000 line devices, but partner systems are allowed to perform automatic configuration. When an SRX3000 or SRX5000 line device is connected to a fully 802.3ad-compliant partner system, static configuration of LAGs is initiated on the SRX3000 and SRX5000 line device side, and static configuration is not needed on the partner side.
When an SRX3000 or SRX5000 line device is connected to a Juniper Networks MX Series router, static configuration of LAGs is needed at both the actor (local or near-end of the link) and partner systems.
Although the LACP functions on the SRX3000 and SRX5000 line devices are similar to the LACP features on Juniper Networks MX Series routers, the following LACP features on MX Series routers are not supported on SRX3000 and SRX5000 line devices: link protection, system priority, and port priority for aggregated Ethernet interfaces. Instead, SRX3000 and SRX5000 line devices provide active/standby support with redundant Ethernet interface LAGs in chassis cluster deployments.
LACP is supported in standalone deployments, where aggregated Ethernet interfaces are supported, and in chassis cluster deployments, where aggregated Ethernet interfaces and redundant Ethernet interfaces are supported simultaneously.
Configuring Aggregated Ethernet Interfaces
This topic is specific to the SRX3000 and SRX5000 line devices.
To configure an aggregated Ethernet interface:
- Set the number of aggregated Ethernet interfaces on the device. See Example: Configuring the Number of Aggregated Ethernet Interfaces on a Device.
- Associate a physical interface with the aggregated Ethernet interface. See Example: Associating Physical Interfaces with Aggregated Ethernet Interfaces.
- (Optional) Set the required link speed for all the interfaces included in the bundle. See Example: Configuring Aggregated Ethernet Link Speed.
- (Optional) Configure the minimum number of links that must be up for the bundle as a whole to be labeled as up. See Example: Configuring Aggregated Ethernet Minimum Links.
- (Optional) Enable or disable VLAN tagging. See Understanding VLAN Tagging for Aggregated Ethernet Interfaces.
- (Optional) Enable promiscuous mode. See Understanding Promiscuous Mode for Aggregated Ethernet Interfaces.
See Also
Understanding Physical Interfaces for Aggregated Ethernet Interfaces
You associate a physical interface with an aggregated Ethernet
interface. Doing so associates the physical child links with the logical
aggregated parent interface to form a link aggregation group (LAG).
You must also specify the constituent physical links by including
the 802.3ad configuration statement.
A physical interface can be added to any aggregated Ethernet interface as long as all member links have the same link speed and the maximum number of member links does not exceed 16. The aggregated Ethernet interface instance number aex can be from 0 through 127, for a total of 128 aggregated interfaces.
If you specify (on purpose or accidentally) that a link already associated with an aggregated Ethernet interface be associated with another aggregated Ethernet interface, the link is removed from the previous interface (there is no need for you to explicitly delete it) and it is added to the other one.
On SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550M devices, when you create an aggregated interface with two or more ports and if a link in the bundle goes down, the traffic forwarded through the same link will be rerouted two seconds later. This causes an outage for the traffic being sent to the link until reroute is complete.
Example: Associating Physical Interfaces with Aggregated Ethernet Interfaces
This example shows how to associate physical interfaces with aggregated Ethernet interfaces.
Requirements
Before you begin, set the number of aggregated Ethernet interfaces on the device. See Example: Configuring the Number of Aggregated Ethernet Interfaces on a Device.
Overview
In this example, you associate the physical child link of the ge-1/0/0 and ge-2/0/0 physical interfaces with the logical aggregate parent, ae0, thereby creating a LAG. Similarly, you create a LAG that associate the ge-3/0/0, ge-3/0/1, and ge-4/0/1 physical interfaces with the ae1 aggregated Ethernet interface.
Configuration
Procedure
Step-by-Step Procedure
To associate physical interfaces with aggregated Ethernet interfaces:
Create the first LAG.
[edit] user@host# set interfaces ge-1/0/0 gigether-options 802.3ad ae0 user@host# set interfaces ge-2/0/0 gigether-options 802.3ad ae0
Create the second LAG.
[edit] user@host# set interfaces ge-3/0/0 gigether-options 802.3ad ae1 user@host# set interfaces ge-3/0/1 gigether-options 802.3ad ae1 user@host# set interfaces ge-4/0/0 gigether-options 802.3ad ae1
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Verification
To verify the configuration is working properly,
enter the show interfaces command.
Understanding Aggregated Ethernet Interface Link Speed
On aggregated Ethernet interfaces, you can set the required
link speed for all interfaces included in the bundle. All interfaces
that make up a bundle must be the same speed. If you include in the
aggregated Ethernet interface an individual link that has a speed
different from the speed you specify in the link-speed parameter,
an error message will be logged.
The speed value is specified in bits per second either as a complete decimal number or as a decimal number followed by the abbreviation k (1000), m (1,000,000), or g (1,000,000,000).
Aggregated Ethernet interfaces on SRX3000 and SRX5000 line devices can have one of the following speed values:
100m—Links are 100 Mbps.
10g—Links are 10 Gbps.
1g—Links are 1 Gbps.
Example: Configuring Aggregated Ethernet Link Speed
This example shows how to configure the aggregated Ethernet link speed.
Requirements
Before you begin:
Add the aggregated Ethernet interfaces using the device count. See Example: Configuring the Number of Aggregated Ethernet Interfaces on a Device.
Associate physical interfaces with the aggregated Ethernet Interfaces. See Example: Associating Physical Interfaces with Aggregated Ethernet Interfaces.
Overview
In this example, you set the required link speed for all interfaces included in the bundle to 10 Gbps. All interfaces that make up a bundle must be the same speed.
Configuration
Procedure
Step-by-Step Procedure
To configure the aggregated Ethernet link speed:
Set the link speed.
[edit] user@host# set interfaces ae0 aggregated-ether-options link-speed 10g
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Verification
To verify the configuration is working properly,
enter the show interfaces command.
Understanding Minimum Links for Aggregated Ethernet Interfaces
On aggregated Ethernet interfaces, you can configure the minimum number of links that must be up for the bundle as a whole to be labeled as up. By default, only one link must be up for the bundle to be labeled as up.
On SRX1000, SRX3000, and SRX5000 line devices, the valid range for the minimum links number is 1 through 16. When the maximum value (16) is specified, all configured links of a bundle must be up for the bundle to be labeled as up.
If the number of links configured in an aggregated Ethernet
interface is less than the minimum-links value configured
in the minimum-links statement, the configuration commit
fails and an error message is displayed.
Example: Configuring Aggregated Ethernet Minimum Links
This example shows how to configure the minimum number of links on an aggregated Ethernet interface that must be up for the bundle as a whole to be labeled as up.
Requirements
Before you begin:
Add the aggregated Ethernet interfaces using the device count. See Example: Configuring the Number of Aggregated Ethernet Interfaces on a Device.
Associate physical interfaces with the aggregated Ethernet Interfaces. See Example: Associating Physical Interfaces with Aggregated Ethernet Interfaces.
Configure the aggregated Ethernet link speed. See Example: Configuring Aggregated Ethernet Link Speed.
Overview
In this example, you specify that on interface ae0 at least eight links must be up for the bundle as a whole to be labeled as up.
Configuration
Procedure
Step-by-Step Procedure
To configure the minimum number of links on an aggregated Ethernet interface:
Set the minimum number of links.
[edit] user@host# set interfaces ae0 aggregated-ether-options minimum-links 8
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Verification
To verify the configuration is working properly,
enter the show interfaces command.
Deleting Aggregated Ethernet Interface
You can delete an aggregated Ethernet interface from the interface
configuration. Junos OS removes the configuration statements related
to aex and sets this interface to
the down state. The deleted aggregated Ethernet interface still exists,
but it becomes an empty interface.
Example: Deleting Aggregated Ethernet Interfaces
This example shows how to delete aggregated Ethernet interfaces using the device count.
Requirements
Before you begin, set the number of aggregated Ethernet interfaces on the device. See Example: Configuring the Number of Aggregated Ethernet Interfaces on a Device.
Overview
This example shows how to clean up unused aggregated Ethernet interfaces. In this example, you reduce the number of interfaces from 10 to 6, thereby removing the last 4 interfaces from the interface object list.
Configuration
Procedure
Step-by-Step Procedure
To delete an interface:
Set the number of aggregated Ethernet interfaces.
[edit] user@host# delete chassis aggregated-devices ethernet device-count 6
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Verification
To verify the configuration is working properly,
enter the show chassis aggregated-devices command.
Example: Deleting Aggregated Ethernet Interface Contents
This example shows how to delete the contents of an aggregated Ethernet interface.
Requirements
Before you begin:
Set the number of aggregated Ethernet interfaces on the device. See Example: Configuring the Number of Aggregated Ethernet Interfaces on a Device.
Associate a physical interface with the aggregated Ethernet interface. See Example: Associating Physical Interfaces with Aggregated Ethernet Interfaces.
Set the required link speed for all the interfaces included in the bundle. See Example: Configuring Aggregated Ethernet Link Speed.
Configure the minimum number of links that must be up for the bundle as a whole to be labeled as up. See Example: Configuring Aggregated Ethernet Minimum Links.
Overview
In this example, you delete the contents of the ae4 aggregated Ethernet interface, which sets it to the down state.
Configuration
Procedure
Step-by-Step Procedure
To delete the contents of an aggregated Ethernet interface:
Delete the interface.
[edit] user@host# delete interfaces ae4
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Verification
To verify the configuration is working properly,
enter the show interfaces command.
Understanding VLAN Tagging for Aggregated Ethernet Interfaces
Aggregated Ethernet interfaces can be either VLAN-tagged
or untagged, with LACP enabled or disabled. Aggregated Ethernet interfaces
on the SRX3000 and SRX5000 lines support the configuration of native-vlan-id, which consists of the following configuration
statements:
inner-tag-protocol-idinner-vlan-idpop-poppop-swappush-pushswap-pushswap-swap
Understanding Promiscuous Mode for Aggregated Ethernet Interfaces
You can enable promiscuous mode on aggregated Ethernet interfaces. When promiscuous mode is enabled on a Layer 3 Ethernet interface, all packets received on the interface are sent to the central point or Services Processing Unit (SPU) regardless of the destination MAC address of the packet. If you enable promiscuous mode on an aggregated Ethernet interface, promiscuous mode is then enabled on all member interfaces.
Verifying Aggregated Ethernet Interfaces
- Verifying Aggregated Ethernet Interfaces (terse)
- Verifying Aggregated Ethernet Interfaces (extensive)
Verifying Aggregated Ethernet Interfaces (terse)
Purpose
Display status information in terse (concise) format for aggregated Ethernet interfaces.
Action
From operational mode, enter the show interfaces
ae0 terse command.
user@host> show interfaces ae0 terse
ge-2/0/0.0 up up aenet --> ae0.0
ge-2/0/0.32767 up up aenet --> ae0.32767
ge-2/0/1.0 up up aenet --> ae0.0
ge-2/0/1.32767 up up aenet --> ae0.32767
ae0 up up
ae0.0 up up bridge
ae0.32767 up up multiserviceThe output shows the bundle relationship for the aggregated Ethernet interface and the overall status of the interface, including the following information:
The link aggregation control PDUs run on the .0 child logical interfaces for the untagged aggregated Ethernet interface.
The link aggregation control PDUs run on the .32767 child logical interfaces for the VLAN-tagged aggregated Ethernet interface.
The .32767 logical interface is created for the parent link and all child links.
Verifying Aggregated Ethernet Interfaces (extensive)
Purpose
Display status information and statistics in extensive (detailed) format for aggregated Ethernet interfaces.
Action
From operational mode, enter the show interfaces
ae0 extensive command.
user@host> show interfaces ae0 extensive
Physical interface: ae0, Enabled, Physical link is Up
...
Logical interface ae0.0 (Index 67) (SNMP ifIndex 628) (Generation 134)
...
LACP info: Role System System Port Port Port
priority identifier priority number key
ge-5/0/0.0 Actor 127 00:1f:12:8c:af:c0 127 832 1
ge-5/0/0.0 Partner 127 00:1f:12:8f:d7:c0 127 640 1
ge-5/0/1.0 Actor 127 00:1f:12:8c:af:c0 127 833 1
ge-5/0/1.0 Partner 127 00:1f:12:8f:d7:c0 127 641 1
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
ge-5/0/0.0 12830 7090 0 0
ge-5/0/1.0 10304 4786 0 0
...
Logical interface ae0.32767 (Index 70) (SNMP ifIndex 630) (Generation 135)
...
LACP info: Role System System Port Port Port
priority identifier priority number key
ge-5/0/0.32767 Actor 127 00:1f:12:8c:af:c0 127 832 1
ge-5/0/0.32767 Partner 127 00:1f:12:8f:d7:c0 127 640 1
ge-5/0/1.32767 Actor 127 00:1f:12:8c:af:c0 127 833 1
ge-5/0/1.32767 Partner 127 00:1f:12:8f:d7:c0 127 641 1
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
ge-5/0/0.32767 12830 7090 0 0
ge-5/0/1.32767 10304 4786 0 0
...
The output shows detailed aggregated Ethernet interface information. This portion of the output shows LACP information and LACP statistics for each logical aggregated Ethernet interface.
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.