SRX Services Gateway
Highlighted
SRX Services Gateway

VLAN trunking stops working when upgrading to 12.1X46-D35.1

‎10-03-2015 07:19 AM

Hi all,

 

I recently upgraded an SRX650 (with a SRX-GP-24GE card installed) which is connected to a EX4200 VC. This setup has been working flawless for several years. When upgrading the SRX650 from 12.1X44-D45.2 to 12.1X46-D35.1 the unit suddenly isn't reachable. When connecting over console I can see that the arp table is empty, however the neighboring EX4200 has a post in it's arp table for the SRX650. The OSPF between the units are in ExStart, probably due to them receiveing each others' multicasts but unable to enable a unicast session due to the SRX not having the EX in it's ARP table. The units are connected via two aggregate-ethernet interfaces.

After several hours of troubleshooting, turns out vlan tagging seem to be broken somehow (nb. the configuration is the exact same as before the firmware upgrade). The original, working (but non-working after upgrade...) configuration:

SRX650:

root@sto1-fw01# show interfaces ae1
vlan-tagging;
aggregated-ether-options {
    link-speed 1g;
    lacp {
        active;
        periodic fast;
    }
}
unit 0 {
    family inet {
        vlan-id 58;
        address 10.11.13.109/30;
    }
}

EX4200:

gustav@sto1-sw01# show interfaces ae5
aggregated-ether-options {
    link-speed 1g;
    lacp {
        passive;
    }
}
unit 0 {
    family ethernet-switching {
        port-mode trunk
        vlan {
            members sto1-fw01_sto1-sw01_58;
        }
    }
}
gustav@sto1-sw01# show vlans sto1-fw01_sto1-sw01_58
vlan-id 58;
l3-interface vlan.58;

gustav@sto1-sw01# show interfaces vlan unit 58
family inet {
address 10.11.13.110/30;
}

When changed to:

SRX650:

root@sto1-fw01# show interfaces ae1
aggregated-ether-options {
    link-speed 1g;
    lacp {
        active;
        periodic fast;
    }
}
unit 0 {
    family inet {
        address 10.11.13.109/30;
    }
}

EX4200 (only ae5 interface config is changed so I've omitted the other parts):

gustav@sto1-sw01# show interfaces ae5
aggregated-ether-options {
    link-speed 1g;
    lacp {
        passive;
    }
}
unit 0 {
    family ethernet-switching {
        vlan {
            members sto1-fw01_sto1-sw01_58;
        }
    }
}

...it suddenly jumps to life!

 

If it wasn't for the fact that this was actually working in 12.1X44-D45 I'd suspect I was missing something obvious. But since it was fully working before I don't where to look next 😕 I've tried searching the PR database and the forums but no luck.

 

All hints and suggestions are much welcome! 

Feedback