Ethernet Switching
Ethernet Switching

RSTP protocol did not work on Juniper EX2300 ....

[ Edited ]
‎07-15-2019 12:38 AM

 

set chassis redundancy graceful-switchover
set chassis aggregated-devices ethernet device-count 1
set interfaces interface-range VLAN26 member-range ge-0/0/0 to ge-0/0/47
set interfaces interface-range VLAN26 member-range ge-1/0/1 to ge-1/0/46
set interfaces interface-range VLAN26 unit 0 family ethernet-switching interface-mode access
set interfaces interface-range VLAN26 unit 0 family ethernet-switching vlan members 26
set interfaces xe-0/1/0 ether-options 802.3ad ae0
set interfaces xe-1/1/0 ether-options 802.3ad ae0
set interfaces xe-1/1/1 unit 0 family ethernet-switching storm-control default
set interfaces ae0 aggregated-ether-options minimum-links 1
set interfaces ae0 aggregated-ether-options link-speed 10g
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members 7
set interfaces ae0 unit 0 family ethernet-switching vlan members 21-26
set interfaces ae0 unit 0 family ethernet-switching vlan members 100-101
set interfaces ae0 unit 0 family ethernet-switching vlan members 212
set interfaces ae0 unit 0 family ethernet-switching vlan members 2028
set interfaces irb unit 21 family inet address 192.168.21.21/24
set forwarding-options storm-control-profiles default all
set routing-options nonstop-routing
set routing-options static route 0.0.0.0/0 next-hop 192.168.21.1
set protocols lldp interface all
set protocols lldp-med interface all
set protocols igmp-snooping vlan USERS-26
set protocols layer2-control nonstop-bridging
set protocols rstp interface all
set switch-options interface-mac-limit 10
set switch-options interface-mac-limit packet-action drop-and-log
set switch-options interface ae0.0 interface-mac-limit 16383
set switch-options interface ae0.0 interface-mac-limit disable
set virtual-chassis no-split-detection
set virtual-chassis member 0 mastership-priority 255
set virtual-chassis member 1 mastership-priority 250
set vlans USERS-26 vlan-id 26
set vlans default vlan-id 1

Have this configuration on Juniper EX2300

After connecting an unmanaged switch to port ge-1/0/20, the EX2300 switch became unavailable remotely. Through the console in place you could see the following logs

Jan  1 04:00:14  ex2300 l2ald[4656]: L2ALD_MAC_LIMIT_EXCEEDED_IF: Limit on learned MAC addresses exceeded for ge-1/0/20.0; current count is 10 DROPPING THE PACKET with mac address: 1c:1b:0d:5b:7f:a7
Jan  1 04:00:14  ex2300 l2ald[4656]: L2ALD_MAC_LIMIT_EXCEEDED_IF: Limit on learned MAC addresses exceeded for ge-1/0/20.0; current count is 10 DROPPING THE PACKET with mac address: 54:a0:50:79:c2:ac
Jan  1 04:00:14  ex2300 l2ald[4656]: L2ALD_MAC_LIMIT_EXCEEDED_IF: Limit on learned MAC addresses exceeded for ge-1/0/20.0; current count is 10 DROPPING THE PACKET with mac address: 94:de:80:ad:68:43
Jan  1 04:00:14 ex2300 l2ald[4656]: L2ALD_MAC_LIMIT_EXCEEDED_IF: Limit on learned MAC addresses exceeded for ge-1/0/20.0; current count is 10 DROPPING THE PACKET with mac address: e0:d5:5e:03:73:88
EX2300> show spanning-tree statistics interface detail


Interface     BPDUs       BPDUs        Next BPDU       TCs        Proposal    Agreement
              Sent        Received     Transmission    Tx/Rx      Tx/Rx       Tx/Rx
ae0           1617      163374             0           0/0         0/0         0/0
ge-0/0/0    165592           0             1           0/0         0/0         0/0
ge-0/0/1    165591           0             1           0/0         0/0         0/0
ge-0/0/2    165623           0             0           0/0         0/0         0/0
ge-0/0/3    165581           0             1           0/0         0/0         0/0
ge-0/0/4    165598           0             1           0/0         0/0         0/0
ge-0/0/5    165597           0             0           0/0         0/0         0/0
ge-0/0/6         0           0             0           0/0         0/0         0/0
ge-0/0/7         0           0             0           0/0         0/0         0/0
ge-0/0/8    165604           0             0           0/0         0/0         0/0
ge-0/0/9         0           0             0           0/0         0/0         0/0
ge-0/0/10   165586           0             1           0/0         0/0         0/0
ge-0/0/11   165443           0             1           0/0         0/0         0/0
ge-0/0/12   165565           0             1           0/0         0/0         0/0
ge-0/0/13   165586           0             0           0/0         0/0         0/0
ge-0/0/14   165553           0             0           0/0         0/0         0/0
ge-0/0/15        0           0             0           0/0         0/0         0/0
ge-0/0/16        0           0             0           0/0         0/0         0/0
ge-0/0/17        0           0             0           0/0         0/0         0/0
ge-0/0/18        0           0             0           0/0         0/0         0/0
ge-0/0/19   165612           0             0           0/0         0/0         0/0
ge-0/0/20        0           0             0           0/0         0/0         0/0
ge-0/0/21        0           0             0           0/0         0/0         0/0
ge-0/0/22        0           0             0           0/0         0/0         0/0
ge-0/0/23        0           0             0           0/0         0/0         0/0
ge-0/0/24   165614           0             1           0/0         0/0         0/0
ge-0/0/25   165609           0             1           0/0         0/0         0/0
ge-0/0/26   165623           0             1           0/0         0/0         0/0
ge-0/0/27   165590           0             0           0/0         0/0         0/0
ge-0/0/28   165602           0             0           0/0         0/0         0/0
ge-0/0/29   165613           0             0           0/0         0/0         0/0
ge-0/0/30   165635           0             0           0/0         0/0         0/0
ge-0/0/31   165589           0             1           0/0         0/0         0/0
ge-0/0/32   165592           0             0           0/0         0/0         0/0
ge-0/0/33   165575           0             1           0/0         0/0         0/0
ge-0/0/34   165609           0             0           0/0         0/0         0/0
ge-0/0/35        0           0             0           0/0         0/0         0/0
ge-0/0/36   165572           0             0           0/0         0/0         0/0
ge-0/0/37   165629           0             1           0/0         0/0         0/0
ge-0/0/38   165497           0             0           0/0         0/0         0/0
ge-0/0/39   165605           0             0           0/0         0/0         0/0
ge-0/0/40        0           0             0           0/0         0/0         0/0
ge-0/0/41        0           0             0           0/0         0/0         0/0
ge-0/0/42        0           0             0           0/0         0/0         0/0
ge-0/0/43   165607           0             1           0/0         0/0         0/0
ge-0/0/44   165610           0             0           0/0         0/0         0/0
ge-0/0/45        0           0             0           0/0         0/0         0/0
ge-0/0/46   165609           0             1           0/0         0/0         0/0
ge-0/0/47   165615           0             1           0/0         0/0         0/0
ge-1/0/0         0           0             1           0/0         0/0         0/0
ge-1/0/1         0           0             1           0/0         0/0         0/0
ge-1/0/2         0           0             1           0/0         0/0         0/0
ge-1/0/3         0           0             1           0/0         0/0         0/0
ge-1/0/4    165680           0             0           0/0         0/0         0/0
ge-1/0/5         0           0             0           0/0         0/0         0/0
ge-1/0/6         0           0             0           0/0         0/0         0/0
ge-1/0/7         0           0             0           0/0         0/0         0/0
ge-1/0/8    165655           0             1           0/0         0/0         0/0
ge-1/0/9    165689           0             1           0/0         0/0         0/0
ge-1/0/10        0           0             1           0/0         0/0         0/0
ge-1/0/11   143830           0             1           0/0         0/0         0/0
ge-1/0/12   165678           0             1           0/0         0/0         0/0
ge-1/0/13        0           0             1           0/0         0/0         0/0
ge-1/0/14        0           0             1           0/0         0/0         0/0
ge-1/0/15        0           0             1           0/0         0/0         0/0
ge-1/0/16        0           0             1           0/0         0/0         0/0
ge-1/0/17   165660           0             1           0/0         0/0         0/0
ge-1/0/18   165681           0             1           0/0         0/0         0/0
ge-1/0/19        0           0             1           0/0         0/0         0/0
ge-1/0/20   205827     2099073             1           0/0         0/0         0/0
ge-1/0/21   138185           0             1           0/0         0/0         0/0
ge-1/0/22   165648           0             0           0/0         0/0         0/0
ge-1/0/23    48073           0             1           0/0         0/0         0/0
ge-1/0/24   165690           0             0           0/0         0/0         0/0
ge-1/0/25        0           0             0           0/0         0/0         0/0
ge-1/0/26   165652           0             1           0/0         0/0         0/0
ge-1/0/27   165692           0             0           0/0         0/0         0/0
ge-1/0/28        0           0             0           0/0         0/0         0/0
ge-1/0/29   165677           0             1           0/0         0/0         0/0
ge-1/0/30   165636           0             1           0/0         0/0         0/0
ge-1/0/31   165666           0             1           0/0         0/0         0/0
ge-1/0/32   165691           0             0           0/0         0/0         0/0
ge-1/0/33   165691           0             1           0/0         0/0         0/0
ge-1/0/34        0           0             1           0/0         0/0         0/0
ge-1/0/35        0           0             1           0/0         0/0         0/0
ge-1/0/36        0           0             1           0/0         0/0         0/0
ge-1/0/37   165671           0             1           0/0         0/0         0/0
ge-1/0/38        0           0             1           0/0         0/0         0/0
ge-1/0/39        0           0             1           0/0         0/0         0/0
ge-1/0/40        0           0             1           0/0         0/0         0/0
ge-1/0/41        0           0             1           0/0         0/0         0/0
ge-1/0/42        0           0             1           0/0         0/0         0/0
ge-1/0/43        0           0             1           0/0         0/0         0/0
ge-1/0/44        0           0             1           0/0         0/0         0/0
ge-1/0/45        0           0             1           0/0         0/0         0/0
ge-1/0/46        0           0             1           0/0         0/0         0/0
ge-1/0/47        0           0             1           0/0         0/0         0/0

What could be the reason for not shutting down the port ge-1/0/20 on the EX2300?

9 REPLIES 9
Ethernet Switching

Re: RSTP protocol did not work on Juniper EX2300 ....

‎07-15-2019 01:06 AM

Hello,

 


@Dmitriy MT wrote:

What could be the reason for not shutting down the port ge-1/0/20 on the EX2300?


 

So, You wanted RSTP to shut down the interface for You? It cannot do that, sorry.

To bring interface down when BPDU is received, You need to enable BPDU block

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/spanning-tree-bpdu-protection.htm...

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/bpdu-bloc...

Having just RSTP enabled on the port is not the way for the port to be disabled when incident like this strikes.

Spanning Tree protocols can put interface into "listening", "learning", "forwarding" or (recent) "blocked" mode but not "disabled".

Stats You posted indicate ge-1/0/20 received BPDU so having "bpdu-block" on this port would have stopped this incident from happening.

HTH

Thx

Akex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Ethernet Switching

Re: RSTP protocol did not work on Juniper EX2300 ....

[ Edited ]
‎07-15-2019 02:03 AM

Hello, aarseniev !

Well, but why then was this port not blocked by RSTP? Why did not see the ring?

Ethernet Switching

Re: RSTP protocol did not work on Juniper EX2300 ....

‎07-15-2019 02:49 AM

Hello,

Well, I'd ask was there a L2 loop in the 1st place? You said "unmanaged switch" was connected to single port on EX2300 - unless this switch has a physical cable loop between its ports _AND_ it does not run any kind of Spanning Tree, then I would say it is unclear whether the L2 loop was the reason for losing inband access to that EX2300.

Your logs only show that masses of MACs coming into ge-1/0/20 overwhelming the mac-limit on that port, and nothing else.

Please share with us the STP logs from the time of incident to let us have more clues.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Ethernet Switching

Re: RSTP protocol did not work on Juniper EX2300 ....

‎07-15-2019 04:28 AM

Ok, I attached the logs.

Attachments

Ethernet Switching

Re: RSTP protocol did not work on Juniper EX2300 ....

[ Edited ]
‎07-15-2019 11:18 AM

Hello,

There is nothing sinister in the logs provided :

1/ this switch has become root 4 times, presumably because it was too busy and could not process BPDUs coming on ae0.

2/ There is nothing in the logs about STP state of ge-1/0/20.

I could think of only one plausible explanation: the "unmanaged switch" somehow was looping traffic back into EX2300 ge-1/0/20 port including BPDUs from EX2300 itself. And the EX2300 was ignoring them as expected. The BPDU stats for ge-1/0/20 show 10x difference between send and received BPDUs which is highly unusual since universal default BPDU transmission interval is 2 secs on every switch I know of but such difference can be easily explained by L2 loop in the "unmanaged switch" or downstream of it.

 Therefore, with only 1 connecton between EX2300 and "unmanaged switch" there is nothing RSTP or Spanning Tree in general can do if it receives own BPDUs on the same port it sends them out. To protect from such occurence, You need to have BPDU-block feature enabled.

HTH

Thx
Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Ethernet Switching

Re: RSTP protocol did not work on Juniper EX2300 ....

‎07-15-2019 01:41 PM

Hi there,

 

apart from all arseniev said, which i agree with everything when you connected that switch the 10 mac address limit that you have set there got activated and started dropping all other mac addresses after the 10th one,it is possible it got non reachable because of that.

RSTP I dont see it doing anything and as aarseniev said you woud need to create a loop for RSTP to transition one interface to blocking. maybe try removing the MAC limit and test again.

I help you, you help me... please share a Kudos or accepted solution whenever you feel I have helped with your problem! Smiley Happy
Ethernet Switching

Re: RSTP protocol did not work on Juniper EX2300 ....

‎07-15-2019 09:48 PM

Hello again,

Another thing is I don't see storm-control being enabled on ge-1/0/20.

It would have helped a lot as well.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Ethernet Switching

Re: RSTP protocol did not work on Juniper EX2300 ....

‎07-15-2019 10:12 PM

Does the shared file  contains logs during the time frame when the switch was unreachable? I do see that ex2300 was root bridge and later it changed to some other switch. May be this network topology change caused issue? Please check what is this new root bridge and how it is connected your network.

 

Jan 1 04:01:48 ex2300 l2cpd[4666]: Root bridge in routing-instance 'default' changed from 32768:f4:a7:39:ce:81:69 to 4096:44:aa:50:0e:56:02

 

{master:0}
center@ex2300> show spanning-tree bridge detail
STP bridge parameters
Routing instance name : GLOBAL
Context ID : 0
Enabled protocol : RSTP
Root ID : 4096.44:aa:50:0e:56:02
Root cost : 1000
Root port : ae0
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
Message age : 1
Number of topology changes : 56
Time since last topology change : 329012 seconds
Local parameters
Bridge ID : 32768.f4:a7:39:ce:81:69
Extended system ID : 0
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
Path cost method : 32 bit

 

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
Ethernet Switching

Re: RSTP protocol did not work on Juniper EX2300 ....

‎07-15-2019 10:53 PM

Hello,

 


@Nellikka wrote:

 I do see that ex2300 was root bridge and later it changed to some other switch. May be this network topology change caused issue?

 


 

That could happen if this EX2300 stopped seeing BPDUs from 4096.44:aa:50:0e:56:02, due to this EX2300' RE CPU being too busy with traffic received over ge-1/0/20 due to a L2 loop downstream, in the "unmanaged switch".

Anyway, relying only on RSTP to fix DOWNSTREAM L2 loops is not  a good idea in my view. Other tools like BPDU-block and storm-control are way more effective. E-OAM can be used as well.

HTH

Thx

Alex 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !