SRX Services Gateway
SRX Services Gateway

Configuring Aggregated Ethernet

[ Edited ]
a week ago

I have 2 SRX devices connected via a leased line, which has a MUX at each end to carve up the bandwidth. At present 1 Ethernet port of each SRX is connected to the MUX, simple. We now have the opportunity to increase our bandwidth by connecting up an additional port at each end, simple?! Am I right in thinking that I need to configure link aggregation on both SRX devices to achieve this? Assuming it is, here is what I have so far:

 

interfaces {
    ge-0/0/0 {
            ether-options {
                802.3ad ae0;
            }
    }
    ge-0/0/1 {
            ether-options {
                802.3ad ae0;
            }
    }
    ae0 {
        aggregated-ether-options {
            lacp {
                active;
            }
        }
    unit 0 {
        family ethernet-switching;
    }
}
vlans {
    vlan-trust {
        vlan-id 1;
        interface {
            ae0.0;
        }
    }
}

 

However, the 2 Juniper articles I have been working from seem to disagree on the ae0 configuration:-

 

https://www.juniper.net/documentation/en_US/junos/topics/example/chassis-cluster-lag-lacp-configurin...

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-interface-config-lacp.ht...

 

Also, neither article shows an IP address assigned to the ae0 interface, which I require.

 

Can anyone assist please?

24 REPLIES 24
SRX Services Gateway

Re: Configuring Aggregated Ethernet

a week ago

Hi, 

 

I am not sure what is the functionality of the MUX but assuming that's an L1 device.

For ae with LACP, LACP msgs are exchanged between 2 LACP peers to form the lag.

If LACP msgs can be transported transparently accross the MUX, LACP lag can be formed between the 2 SRXs.

 

For IP addressing on ae interfaces, those can be configured under a logical unit with or without vlan tags under family inet.

 

Hope this helps.

 

Cheers, 
Ashvin

SRX Services Gateway

Re: Configuring Aggregated Ethernet

a week ago

Hello,

This link shows how to configure Agg Ethernet via JUNOS CLI with IP address on unit 0:

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/link-aggregation-cli.htm...

If You click on "Platform and Release Support", SRX is there :-)

HTH

Thx

Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: Configuring Aggregated Ethernet

[ Edited ]
a week ago

Ok, so keeping things simply and excluding VLAN tagging, which I don't need anyway, is this configuration correct?

 

ge-0/0/1 {
    ether-options {
        802.3ad ae0;
    }
}
ge-0/0/2 {
    ether-options {
        802.3ad ae0;
    }
}
ae0 {
    aggregated-ether-options {
        lacp {
            active;
        }
    }
    unit 0 {
        family ethernet-switching;
	family inet {
                address 192.168.1.1/24;
        }
    }
}

 

Note: Can family ethernet-switching and family inet co-exist as above? 

SRX Services Gateway

Re: Configuring Aggregated Ethernet

a week ago

Hi, 

 

I understand family ethernet-switching and inet are mutually exclusive under the same logical unit.

 

Cheers,

Ashvin

SRX Services Gateway

Re: Configuring Aggregated Ethernet

a week ago

Hello,


@EMTSU wrote:

Ok, so keeping things simply and excluding VLAN tagging, which I don't need anyway, is this configuration correct?

 

No it is not.

1/ Please replace "ether-options" with "gigether-options" under each ge-* member link. "ether-options" is for switching products like EX|QFX.

2/ please remove "family ethernet-switching" from under unit 0. "family ethernet-switching" cannot coexist with any other family under same unit, it won't commit. As a general rule, L2 families cannot be combined with anything else (i.e. "family vpls|bridge|ccc|ethernet-switching" knobs have to be alone under unit), L3 families can be combined ("family inet|inet6|iso|mpls" knobs can coexist under same unit)

3/ if You have existing config under ge-* member link (unit, MTU, family etc), remove it altogether except description. Otherwise config won't commit.

HTH

Thx

Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: Configuring Aggregated Ethernet

[ Edited ]
a week ago

2/ please remove "family ethernet-switching" from under unit 0. "family ethernet-switching" cannot coexist with any other family under same unit, it won't commit. As a general rule, L2 families cannot be combined with anything else (i.e. "family vpls|bridge|ccc|ethernet-switching" knobs have to be alone under unit), L3 families can be combined ("family inet|inet6|iso|mpls" knobs can coexist under same unit)

 

Alex, are you saying that "family ethernet-switching"  is not required anywhere in the config? Therefore giving the following:-

 

ge-0/0/1 {
    gigether-options {
        802.3ad ae0;
    }
}
ge-0/0/2 {
    gigether-options {
        802.3ad ae0;
    }
}
ae0 {
    aggregated-ether-options {
        lacp {
            active;
        }
    }
    unit 0 {
	    family inet {
            address 192.168.1.1/24;
        }
    }
}

 

SRX Services Gateway

Re: Configuring Aggregated Ethernet

a week ago

Hello,

 


@EMTSU wrote:

 

Alex, are you saying that "family ethernet-switching"  is not required anywhere in the config?

 

You did not show us the entire/whole config to give You a definitive answer.

But "family ethernet-switching" is not required under simple untagged L3 LAG interface which as I understand, You are trying to build.

HTH

Thx

Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: Configuring Aggregated Ethernet

[ Edited ]
a week ago

You did not show us the entire/whole config to give You a definitive answer.

But "family ethernet-switching" is not required under simple untagged L3 LAG interface which as I understand, You are


 

What more of the config could I post that might be relevant? I'm not sure the entire config. would be useful.

 

You mention LAG, but I assume LACP will work with the above config as is?

SRX Services Gateway

Re: Configuring Aggregated Ethernet

a week ago

Hello,

 


@EMTSU wrote:

 

What more of the config could I post that might be relevant? I'm not sure the entire config. would be useful.

 

 


 

You asked if "family ethernet-switching" is not required anywhere, have You? I replied that You did not share entire config and the reason is JUNOS perfectly supports having "family ethernet-switching" on one L2 interface/group of L2 interfaces and "family inet" on another, different L3 interface/group of L3 interfaces. Without looking at Your entire config I cannot say if "family ethernet-switching" is required/not required anywhere on Your SRX interfaces.

 


@EMTSU wrote:

 

You mention LAG, but I assume LACP will work with the above config as is?


 

The short answer is yes.

The long answer is that in JUNOS, enabling LAG and LACP together is not mandatory, static LAG without LACP is supported in JUNOS. If You want LACP, You have to specifically enable it which You did under "aggregated-ether-options".

HTH

Thx

Alex 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: Configuring Aggregated Ethernet

a week ago

Thank you for your patience Alex, I appreciate it.

 

family ethernet-switching is not required anywhere else on the devices in question. With this in mind, do you think I'm good to go with the config. above?

SRX Services Gateway

Re: Configuring Aggregated Ethernet

Tuesday

Hello,

 


@EMTSU wrote:

do you think I'm good to go with the config. above?


 

Short answer is "I don't know".

Long answer is as You did not share the entire config, I have no way to find out if:

1/ You have configured "aggregated-devices ethernet" under [edit chassis] at all

2/ You have added/have code ready to put ae0.0 into SRX security zone 

and

3/ You have configured security policies to allow traffic as necessary to/from/through ae0.0

OR

4/ You have put Your SRX in packet-mode in which case [2] and [3] are not necessary.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: Configuring Aggregated Ethernet

[ Edited ]
Wednesday

@aarseniev wrote:

1/ You have configured "aggregated-devices ethernet" under [edit chassis] at all

2/ You have added/have code ready to put ae0.0 into SRX security zone 

and

3/ You have configured security policies to allow traffic as necessary to/from/through ae0.0

OR

4/ You have put Your SRX in packet-mode in which case [2] and [3] are not necessary.

 

1. No, I have not done this. Please can you advise what is required?

2. I can do this bit.

3. I can do this also.

4. NA

 

We're almost there, thank you again.

SRX Services Gateway

Re: Configuring Aggregated Ethernet

[ Edited ]
Wednesday

Hello,

 

Please add this line if You don't have it:

 

set chassis aggregated-devices ethernet device-count 8

 

It allocates memory and creates AE device structures. If You don't have this line, your ae* interfaces are never up. 

If You see a need for >8 ae* interfaces, then increase "device-count" as necessary but don't max out from the start as memory is allocated statically and is not released if You don't utilize the entire "device-count".

As for zones and policies, I'll let You figure out Yourself what to do Smiley Happy

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: Configuring Aggregated Ethernet

Wednesday

Thank you Alex.

 

Is there a reason to set the count to 8 rather than just 2, which is all I require?

SRX Services Gateway

Re: Configuring Aggregated Ethernet

Wednesday

Hello,

 


@EMTSU wrote:

 

Is there a reason to set the count to 8 rather than just 2, which is all I require?


 

There is no big diference in memory allocation betwen 2 and 8.

However, if another person takes over the SRX management role in 1-2 years time and s/he requires >2 LAGs, and s/he is not familiar with this line, then this is going to be a major problem when LAG # 3 does not come up.

Another frequently seen issue when this line matters (not only this line but it is one of such lines) is that when configs are ported between different device models/device roles without proper scrutiny.

Cut Yourself and next guy some slack - configure "device-count 8" and live happily for a few years Smiley Happy

HTH

Thx

Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: Configuring Aggregated Ethernet

Wednesday

I understand, thank you. And on that note, I think I'm ready to go. I'm going to try the resulting config. tomorrow morning and will feedback, but I'm quietly confident!

SRX Services Gateway

Re: Configuring Aggregated Ethernet

[ Edited ]
Thursday

Hi Alex,

 

My confidence was, of course, misplaced, but not entirely.

 

ae0 would not come up with the 'lacp' configuration in place - I tried it with active/active and active/passive. When I removed lacp ae0 came up, however, the link was not stable. From one direction ping responses were almost non-existent and from the other they were present but frequently dropping out, which I thought was odd. ae0 stats did not show any flapping. OSPF is used for routing.

 

Do you think the most likely scenario for the unstable connection is a hardware issue, perhaps with the MUX? If not, do you have any suggestions?

SRX Services Gateway

Re: Configuring Aggregated Ethernet

Thursday

Hi, 

 

Do you have LACP configured on both sides.

If yes, I am assuming LACP frames are not getting through to the other end (bi-directional) which is why ae with lacp configured does not come up.

 

Cheers,

Ashvin

SRX Services Gateway

Re: Configuring Aggregated Ethernet

[ Edited ]
Thursday

@AshvinO wrote:

Do you have LACP configured on both sides.

If yes, I am assuming LACP frames are not getting through to the other end (bi-directional) which is why ae with lacp configured does not come up.


 

Yes LACP was configured on both sides. As above, I removed the config. for it and ae0 came up, but was unstable.