vMX
Highlighted
vMX

vMX 18.2R1.9 w/ IPSEC/GRE + OSPF/LDP + BGP/VPLS makes P-router vFPC segfault with 200 byte ICMP packets

[ Edited ]
‎05-06-2019 01:54 PM

Hello,
I'm doing a proof of concept with four vMXes for a client. I have four vMX routers that connect to each other using IPSEC with GRE and OSPF/LDP on top. Using the loopbacks I do iBGP for VPLS. I found my configuration to be unstable when I ping from CE to PE-P-PE-CE. It works using regular sized pings, when I increase the ICMP size to 200 bytes the P vMX router vFPC segfaults and restarts. I'm not 100% sure this is a configuration error, lack of feature support or simply a bug.

 

RTR1.ANR3 (PE: site13)<---gr-0/0/10.2 --->RTR1.ANR1 (P)<--- gr-0/0/10.3 --->RTR1.RTM1 (PE: site14)

 

RTR1.ANR3 in real-life connects via DHCP, this is why it has a slightly adjusted IPSEC configuration from RTR1.ANR1.

Control-plane seems OK:

ewald@rtr1.anr1> show vpls connections
[...]
Instance: vr-1001-mdc
Edge protection: Not-Primary
  Local site: anr1 (11)
    connection-site           Type  St     Time last up          # Up trans
    13                        rmt   Up     May  6 22:33:18 2019           1
      Remote PE: 172.20.0.13, Negotiated control-word: Yes (Null)
      Incoming label: 262149, Outgoing label: 262147
      Local interface: lsi.1048576, Status: Up, Encapsulation: VPLS
        Description: Intf - vpls vr-1001-mdc local site 11 remote site 13
      Flow Label Transmit: No, Flow Label Receive: No
    14                        rmt   Up     May  6 22:33:18 2019           1
      Remote PE: 172.20.0.14, Negotiated control-word: Yes (Null)
      Incoming label: 262150, Outgoing label: 262147
      Local interface: lsi.1048577, Status: Up, Encapsulation: VPLS
        Description: Intf - vpls vr-1001-mdc local site 11 remote site 14
      Flow Label Transmit: No, Flow Label Receive: No

When I ping from site 14 to site 13 with 200 bytes. RTR1.ANR3 vFPCs segfaults and restarts. I'm looking for any sort of input. I've attached the 3 relevant routers configuration. I have the setup replicated in an ESXi lab to quickly run tests (replicated the issue). Let me know if you wish different outputs.

 

Yours sincerly,

Ewald van Geffen

 

edit: unable to do attachments: 

https://dump.abcdef.be/juniper/rtr1.anr1.config.txt

https://dump.abcdef.be/juniper/rtr1.anr3.config.txt

https://dump.abcdef.be/juniper/rtr1.rtm1.config.txt