SRX Services Gateway
Reply
Contributor
SpacemanSpiff
Posts: 18
Registered: ‎09-24-2010
0

LLDP and Reth Interfaces

Equipment:

 

EX4200 - JunOS 10.4R9

 

2 x SRX240H in Active/Passive HA - JunOS 11.2R6.3

 

On both devices... LLDP enabled via:

 

set protocols lldp interface all

 

On the SRX cluster, the reth2 interface has a child on each SRX, the reth interface is in the trust zone, host-inbound-traffic set to allow all protocols and system-services.

 

Problem:

 

The EX4200 shows the SRX connected when I run show LLDP neighbors... when I run it on the SRX cluster however, no neighbors are shown.

 

My inclination is that I should add the two children to the trust zone as well.

*********************************
If something I said has two meanings and one of them pisses you off, I meant the other one.
Visitor
wagnerflo
Posts: 7
Registered: ‎07-07-2011
0

Re: LLDP and Reth Interfaces

I've noticed that, too. Though I think I was on 11.4. During a case JTAC revealed that on SRX and J-Series LLDP is not supported over aggregated interface (and redundant ethernet interfaces are more or less the same). This limitation is listed in the release notes for 10.4 but was forgotten in later release notes. JTAC did file a request for correction of the documentation but I do not know if this has been honored. As such, that the limitation is also missing in the 12.1 notes could either mean that it has been lifted or that the documentation is still wrong. If you happen to try 12.1, I'd be interested in your results.
Distinguished Expert
keithr
Posts: 979
Registered: ‎09-10-2009
0

Re: LLDP and Reth Interfaces

With support in newer releases for family ethernet-switching in clusters / reth interfaces, perhaps L2 protocol support is no longer unsupported and this is simply a bug?

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Distinguished Expert
muttbarker
Posts: 2,389
Registered: ‎01-29-2008
0

Re: LLDP and Reth Interfaces

Hey Keith - I wonder if you have any more information on the status of LLDP and SRX. Poking around it appears that there are still issues with LLDP. I found a PR that says LLDP does not work on anything but unit.0 IF's. 

 

Curious if you had anything more to add on this one. 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Distinguished Expert
keithr
Posts: 979
Registered: ‎09-10-2009
0

Re: LLDP and Reth Interfaces


muttbarker wrote:

Hey Keith - I wonder if you have any more information on the status of LLDP and SRX. Poking around it appears that there are still issues with LLDP. I found a PR that says LLDP does not work on anything but unit.0 IF's. 

 

Curious if you had anything more to add on this one. 


Kevin, I haven't looked at it in a long time...

 

I don't think I ever tried to use LLDP across a RVI... seems kinda chicken-and-eggy to me.  I see LLDP/CDP as a layer 1.5 kind of thing...  my physical port can only be connected to one other physical port.  Running LLDP across a VLAN / virtual port seems... well...  silly?

 

I don't have a test environment where I can easily bang on this right now...  but I think we have a SRX240 and some switches in the lab that aren't being used for anything.  If I can free up some gear and mess with it, I'll see what I come up with.

 

Can you link the PR that you mentioned?

 

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Contributor
ed_gpc
Posts: 196
Registered: ‎09-21-2010
0

Re: LLDP and Reth Interfaces

Mr Barker -

 

I've got an SRX240 cluster connected to EX2200 at the moment, LLDP is not functioning over the RETH child interfaces

 

Signed 

 

Your pal

Regular Visitor
nbouchard
Posts: 8
Registered: ‎08-31-2011
0

Re: LLDP and Reth Interfaces

Hi,

 

Following this kb : http://kb.juniper.net/InfoCenter/index?page=content&id=KB25750&actp=RSS

LLDP is working only with untagged VLAN interfaces.

 

In a srx cluster, you must enable LLDP on the physical interfaces, not on the reth interface.

 

xxx@xxx> show lldp local-information

LLDP Local Information details

Chassis ID   : xxxx
System name  : xxx
System descr : Juniper Networks, Inc. srx240h , version 12.1X44-D25.5 Build date: 2013-10-24 22:02:11 UTC

System Capabilities
    Supported       : Bridge Router
    Enabled         : Router

Interface name    Parent Interface  SNMP Index      Interface description    Status    Tunneling
ge-0/0/2.0        -                 520             ge-0/0/2.0               Up        Disabled
ge-0/0/15.0       -                 542             ge-0/0/15.0              Up        Disabled
ge-5/0/2.0        -                 0               ge-5/0/2.0               Up        Disabled
ge-5/0/15.0       -                 0               ge-5/0/15.0              Up        Disabled

 

In addition, there is a bad behavior with a Cisco device on the other side :

http://forums.juniper.net/t5/Ethernet-Switching/LLDP-between-Cisco-and-Juniper-switches-Cisco-switch...

 

"Cisco IOS always sends LLDP on VLAN 1, whether trunked or not.  If the native VLAN ID is not 1, the frames are sent 802.1Q tagged with VLAN ID 1, even if the VLAN is not configured on the trunk. "

 

Like the srx LLDP is only working with untagged frames, in a configuration with an SRX connected to a Cisco Switch :

- SRX will not show the Cisco Switch as an LLDP neighbors.

- Cisco Switch will show the SRX as an LLDP neighbors.

 

Br,

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.