SRX Services Gateway
SRX Services Gateway

L2 channel errors

‎09-19-2019 10:44 PM

Hi all,

 

Topology briefly:

Ex VC-----------------------ge-0/0/2 SRX-----------------

 

1-) Any idea why L2 channel errors occur?

2-) How it is possible MTU is 1518 as in Junos environemnt it is 1514Byte by default.

 

Physical interface: ge-0/0/2, Enabled, Physical link is Up
Link-level type: Ethernet, MTU: 1518, LAN-PHY mode, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None,
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 29, L3 incompletes: 0, L2 channel errors: 1944, L2 mismatch timeouts: 0,
Logical interface ge-0/0/2.71 (Index 78) (SNMP ifIndex 526) (Generation 143)
Incoming NAT errors: 0
User authentication errors: 0
Logical interface ge-0/0/2.74 (Index 79) (SNMP ifIndex 531) (Generation 144)
Incoming NAT errors: 0
User authentication errors: 0
Logical interface ge-0/0/2.86 (Index 80) (SNMP ifIndex 532) (Generation 145)
Incoming NAT errors: 0
User authentication errors: 0
Logical interface ge-0/0/2.87 (Index 81) (SNMP ifIndex 524) (Generation 146)
Incoming NAT errors: 0
User authentication errors: 0
Logical interface ge-0/0/2.32767 (Index 82) (SNMP ifIndex 533) (Generation 147)
Incoming NAT errors: 0
User authentication errors: 0

-------------------------------------------------------------------------------------------

>show configuration interfaces ge-0/0/2 | display set

set interfaces ge-0/0/2 vlan-tagging
set interfaces ge-0/0/2 unit 71 vlan-id 71
set interfaces ge-0/0/2 unit 71 family inet address XXXX/30

set interfaces ge-0/0/2 unit 74 vlan-id 74
set interfaces ge-0/0/2 unit 74 family inet filter input FWFilter-VirR-netaccess
set interfaces ge-0/0/2 unit 74 family inet filter output FWfilter-lim-download
set interfaces ge-0/0/2 unit 74 family inet address YYYY/28

set interfaces ge-0/0/2 unit 86 vlan-id 86
set interfaces ge-0/0/2 unit 86 family inet filter input FWFilter-lim-upload
set interfaces ge-0/0/2 unit 86 family inet address MMMM/28

set interfaces ge-0/0/2 unit 87 vlan-id 87
set interfaces ge-0/0/2 unit 87 family inet address KKKK/29

 

4 REPLIES 4
SRX Services Gateway

Re: L2 channel errors

‎09-19-2019 11:01 PM

Hi Arix ,

 

Since you have used the keyword "vlan-taggin" under the interface the MTU changes from default 1514 to 1518 .

 

[edit]
labroot@test-re0# run show interfaces ge-3/0/0 extensive |match mtu
Link-level type: Ethernet, MTU: 1514, MRU: 0, LAN-PHY mode, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,

 

after adding the "vlan-tagging"

 

[edit]
labroot@test-re0# show interfaces ge-3/0/0
vlan-tagging;

 

[edit]
labroot@test-re0# run show interfaces ge-3/0/0 extensive |match mtu
Link-level type: Ethernet, MTU: 1518, MRU: 0, LAN-PHY mode, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,

HTH

 

BR,

Avinash

'Please Mark My Solution Accepted if it Helped, Kudos are also welcome'

 

SRX Services Gateway

Re: L2 channel errors

‎09-19-2019 11:04 PM

Hi Arix ,

 

Regarding the L2 channel errros this might happen due to bad SFP , Fiber or some corruption in the packet received so check if you can identify and narrow it down accordingly .

 

HTH

 

BR,

Avinash

'Please Mark My Solution Accepted if it Helped, Kudos are also welcome'

SRX Services Gateway

Re: L2 channel errors

‎09-19-2019 11:13 PM

Hi Arix,

 

Regarding the MTU size, as Avinash explained, it is because of the vlan-tagging which adds 4 bytes to the L2 frame.

 

"L2 Channel errors arise due to the following reasons:

  • An untagged interface on the SRX receiving VLAN tagged packets


  • An interface on the SRX, which is tagged with the VLAN id (for example, 'x'), receives packets with some other VLAN id's or tags. This usually happens when the SRX interface is configured as an access port; but the interface of the switch connected to it, if any, is configured as a Trunk.

    • STP runs on the interface of the device connected to the interface of the SRX

    Specifically, this counter increases when the Junos software cannot find a valid logical interface (that is, something like ge-0/0/1.0) for an incoming frame. Conversely, the packet is dropped.

    In such scenarios, it is recommended to obtain Wireshark packet captures on the device, which is connected to SRX. This will facilitate deep inspection of the packets being sent to SRX.  Any such packet will be isolated and can be removed from the flow."

     

    This issue is due to Junos software not being able to find an entry for the layer 2 circuit identifier, which is receiving a frame with a given VLAN tag, when the VLAN is not configured on the corresponding interface. An external connected device has trunked VLANS; of which the interface on the SRX is unaware.

     

    Thanks,
    Pradeep
    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

     

    SRX Services Gateway

    Re: L2 channel errors

    ‎09-19-2019 11:14 PM

    Hi Arix ,

     

    Some additional reasons for L2 channel errors could be linked to received vlan tagged packet other than what is configured on the interface .

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB24550

     

    HTH

     

    BR,

    Avinash

    'Please Mark My Solution Accepted if it Helped, Kudos are also welcome'