SRX Services Gateway
SRX cluster seems to cause VLAN flap .Strange!

‎02-04-2014 03:29 AM

We have  SRX1400 cluster which has a reth1.0 interface with interface ge-0/0/1 as member interface from node0 and node1.Ge0/0/1 from node0 connects to Ciscoswitch1(Ge0/0/1) below node0 and Ge0/0/1 from node1 connects to Ciscoswitch2(Ge0/0/1).both switches are connected through a 802.1Q trunk.Suppose both the interface are a member of VLAN 100 and Cisco Switch is configured in Layer3 mode with IP address 10.5 on interface vlan100 on CiscoSwitch1 and IP address 10.6 on interface vlan100 on CiscoSwitch2.HSRP(VRRP)is also running on the same VLAN100 with 10.1 as Virtual IP.There are other VLANs on the switch as well.Among the two control and fab interface of SRX1400 one control and fab link also goes through the same  switches in a seperate VLAN each for control and fab.(node0 and node1 are at a distance from each other.)

The problem we see is when we enable VLAN100 on the trunk between the two switches.Ciscoswitch2 sees a Flap(same mac on two diff ports) for the mac of Ciscoswitch1 VLAN100 interface between trunk (correct place to learn this mac) and Ge0/0/1 node1 (which is currently secondary).This causes cpu fever and switch stops forwarding traffic until we restrict VLAN100 on the trunk between CiscoSwitch1 and CiscoSwitch2.
this is strange how come a passive interface forwards a packet sourced from CiscoSwitch1 Vlan100 interface which is comming in all the way from node0 Ge0/0/1 through cluster

