- play_arrow Understanding Layer 2 Networking
- play_arrow Configuring MAC Addresses
- play_arrow Configuring MAC Learning
- play_arrow Configuring MAC Accounting
- play_arrow Configuring MAC Notification
- play_arrow Configuring MAC Table Aging
- play_arrow Configuring Learning and Forwarding
- play_arrow Configuring Bridging and VLANs
- play_arrow Configuring 802.1Q VLANs
- 802.1Q VLANs Overview
- 802.1Q VLAN IDs and Ethernet Interface Types
- Configuring Dynamic 802.1Q VLANs
- Enabling VLAN Tagging
- Configuring Tagged Interface with multiple tagged vlans and native vlan
- Sending Untagged Traffic Without VLAN ID to Remote End
- Configuring Tag Protocol IDs (TPIDs) on QFX Series Switches
- Configuring Flexible VLAN Tagging on PTX Series Packet Transport Routers
- Configuring an MPLS-Based VLAN CCC with Pop, Push, and Swap and Control Passthrough
- Binding VLAN IDs to Logical Interfaces
- Associating VLAN IDs to VLAN Demux Interfaces
- Configuring VLAN and Extended VLAN Encapsulation
- Configuring a Layer 2 VPN Routing Instance on a VLAN-Bundled Logical Interface
- Example: Configuring a Layer 2 VPN Routing Instance on a VLAN-Bundled Logical Interface
- Specifying the Interface Over Which VPN Traffic Travels to the CE Router
- Configuring Access Mode on a Logical Interface
- Configuring a Logical Interface for Trunk Mode
- Configuring the VLAN ID List for a Trunk Interface
- Configuring a Trunk Interface on a Bridge Network
- Configuring a VLAN-Bundled Logical Interface to Support a Layer 2 VPN Routing Instance
- Configuring a VLAN-Bundled Logical Interface to Support a Layer 2 VPN Routing Instance
- Configuring a Layer 2 Circuit on a VLAN-Bundled Logical Interface
- Example: Configuring a Layer 2 Circuit on a VLAN-Bundled Logical Interface
- Guidelines for Configuring VLAN ID List-Bundled Logical Interfaces That Connect CCCs
- Specifying the Interface to Handle Traffic for a CCC
- Specifying the Interface to Handle Traffic for a CCC Connected to the Layer 2 Circuit
- play_arrow Configuring Static ARP Table Entries
- play_arrow Configuring Restricted and Unrestricted Proxy ARP
- play_arrow Configuring Gratuitous ARP
- play_arrow Adjusting the ARP Aging Timer
- play_arrow Configuring Tagged VLANs
- play_arrow Stacking and Rewriting Gigabit Ethernet VLAN Tags
- Stacking and Rewriting Gigabit Ethernet VLAN Tags Overview
- Stacking and Rewriting Gigabit Ethernet VLAN Tags
- Configuring Frames with Particular TPIDs to Be Processed as Tagged Frames
- Configuring Tag Protocol IDs (TPIDs) on PTX Series Packet Transport Routers
- Configuring Stacked VLAN Tagging
- Configuring Dual VLAN Tags
- Configuring Inner and Outer TPIDs and VLAN IDs
- Stacking a VLAN Tag
- Stacking Two VLAN Tags
- Removing a VLAN Tag
- Removing the Outer and Inner VLAN Tags
- Removing the Outer VLAN Tag and Rewriting the Inner VLAN Tag
- Rewriting the VLAN Tag on Tagged Frames
- Rewriting a VLAN Tag on Untagged Frames
- Rewriting a VLAN Tag and Adding a New Tag
- Rewriting the Inner and Outer VLAN Tags
- Examples: Stacking and Rewriting Gigabit Ethernet IQ VLAN Tags
- Understanding Transparent Tag Operations and IEEE 802.1p Inheritance
- Understanding swap-by-poppush
- Configuring IEEE 802.1p Inheritance push and swap from the Transparent Tag
- play_arrow Configuring Private VLANs
- Private VLANs
- Understanding Private VLANs
- Bridge Domains Setup in PVLANs on MX Series Routers
- Bridging Functions With PVLANs
- Flow of Frames on PVLAN Ports Overview
- Guidelines for Configuring PVLANs on MX Series Routers
- Configuring PVLANs on MX Series Routers in Enhanced LAN Mode
- Example: Configuring PVLANs with Secondary VLAN Trunk Ports and Promiscuous Access Ports on a QFX Series Switch
- IRB Interfaces in Private VLANs on MX Series Routers
- Guidelines for Configuring IRB Interfaces in PVLANs on MX Series Routers
- Forwarding of Packets Using IRB Interfaces in PVLANs
- Configuring IRB Interfaces in PVLAN Bridge Domains on MX Series Routers in Enhanced LAN Mode
- Example: Configuring an IRB Interface in a Private VLAN on a Single MX Series Router
- play_arrow Configuring Layer 2 Bridging Interfaces
- play_arrow Configuring Layer 2 Virtual Switch Instances
- play_arrow Configuring Link Layer Discovery Protocol
- play_arrow Configuring Layer 2 Protocol Tunneling
- play_arrow Configuring Virtual Routing Instances
- play_arrow Configuring Layer 3 Logical Interfaces
- play_arrow Configuring Routed VLAN Interfaces
- play_arrow Configuring Integrated Routing and Bridging
- play_arrow Configuring VLANS and VPLS Routing Instances
- play_arrow Configuring Multiple VLAN Registration Protocol (MVRP)
- play_arrow Configuring Ethernet Ring Protection Switching
- play_arrow Configuring Q-in-Q Tunneling and VLAN Translation
- play_arrow Configuring Redundant Trunk Groups
- play_arrow Configuring Proxy ARP
- play_arrow Configuring Layer 2 Interfaces on Security Devices
- play_arrow Configuring Security Zones and Security Policies on Security Devices
- play_arrow Configuring Ethernet Port Switching Modes on Security Devices
- play_arrow Configuring Ethernet Port VLANs in Switching Mode on Security Devices
- play_arrow Configuring Secure Wire on Security Devices
- play_arrow Configuring Edge Virtual Bridging
- play_arrow Troubleshooting Ethernet Switching
- play_arrow Configuration Statements and Operational Commands
Reflective Relay on Switches
Understanding Reflective Relay for Use with VEPA Technology
Virtual Ethernet Port Aggregator (VEPA) technology aggregates packets generated by virtual machines located on the same server and relays them to a physical switch. The physical switch then provides connectivity between the virtual machines located on the server, so the virtual machines do not communicate with one another. Offloading switching activities from a virtual switch to a physical switch reduces the computing overhead on the virtual servers and takes advantage of the security, filtering, and management features of the physical switch. Reflective relay, also known as “hairpin turn,” enables the physical switch to receive aggregated packets from the virtual machines hosted on the server through the VEPA on the downstream port and send those packets out the same downstream port from which the physical switch received them.
Benefits of VEPA and Reflective Relay
Reduces the computing overhead on the virtual servers and takes advantage of the security, filtering, and management features of the physical switch.
Enables the physical switch to receive aggregated packets from the virtual machines hosted on the server through the VEPA on the downstream port and send those packets out the same downstream port from which the physical switch received them.
VEPA
Even though virtual machines are capable of sending packets directly to one another, it is more efficient to pass these aggregated packets from the VEPA to a physical switch. The switch can then send any packets destined for a virtual machine located on the same server to the VEPA.
Reflective Relay
Reflective relay, also known as a “hairpin turn” or “hairpin mode,” returns aggregated packets to the VEPA by using the same downstream port that initially delivered the aggregated packets from the VEPA to the switch. Reflective relay must be configured on the interface located on the physical switch that receives aggregated packets, such as VEPA packets, because some of these packets might need to be sent back to the server if they are destined for another virtual machine on the same server.
Reflective relay only occurs in two situations:
When the destination address of the packet was learned on that downstream port
When the destination has not yet been learned
Reflective relay does not otherwise change the operation of the switch. If the interface to which the virtual machine is connected and the MAC address of the virtual machine packet are not yet included in the Ethernet switching table for the virtual machine’s associated VLAN, an entry is added. If the source MAC address of an incoming packet under the respective VLAN is not yet present in the Ethernet switching table, the switch floods the packet on all the other ports that are members of the same VLAN, including the port on which the packet arrived.
See Also
Configuring Reflective Relay on Switches
Configure reflective relay when a switch port must return packets on a downstream port. For example, configure reflective relay when a switch port receives aggregated virtual machine packets from a technology such as virtual Ethernet port aggregator (VEPA). When these packets are passed through the switch, reflective relay allows the switch to send those packets back on the same interface that was used for delivery.
This task uses Junos OS for QFX3500 and QFX3600 switches that do not support the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs software that supports ELS, see Configuring Reflective Relay on Switches with ELS Support.
Before you begin configuring reflective relay, ensure that you have:
Configured packet aggregation on the server connected to the port. See your server documentation.
Configured the port for all VLANs that could be included in aggregated packets..
To configure reflective relay:
Example: Configuring Reflective Relay for Use with VEPA Technology on QFX Switches
Reflective relay must be configured on a switch that receives virtual machine aggregated packets, such as Virtual Ethernet Port Aggregator (VEPA) packets, because some of these packets might be sent back to the server destined for another virtual machine on the same server. Reflective relay returns those packets to the original device using the same downstream port that delivered the packets to the switch.
This example uses Junos OS for QFX3500 and QFX3600 switches that do not support the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs software that does support ELS, see Example: Configuring Reflective Relay for Use with VEPA Technology on QFX Switches with ELS Support.
This example shows how to configure a switch port interface to return packets sent by VEPA on the downstream interface back to the server using the same downstream interface:
Requirements
This example uses the following hardware and software components:
One QFX3500 switch
One server
Junos OS Release 12.1 or later for the QFX Series
Before you configure reflective relay on a switch port, be sure you have:
Configured a server with six virtual machines, VM 1 through VM 6.
Configured the server with three VLANS named VLAN_Purple, VLAN_Orange, and VLAN_Blue and added two virtual machines to each VLAN.
Configured the same three VLANs named VLAN_Purple, VLAN_Orange, and VLAN_Blue on one interface.
Installed and configured VEPA to aggregate the virtual machine packets.
Overview and Topology
In this example, illustrated in Figure 1, a switch is connected to one server that is hosting six virtual machines and is configured with a VEPA for aggregating packets. The server’s six virtual machines are VM 1 through VM 6, and each virtual machine belongs to one of the three server VLANs, VLAN_Purple, VLAN_Orange, or VLAN_Blue. Instead of the server directly passing packets between virtual machines, packets from any of the three VLANS that are destined for another one of the three VLANs are aggregated using VEPA technology and passed to the switch for processing. You must configure the switch port to accept these aggregated packets on the downstream interface and to return appropriate packets to the server on the same downstream interface after they are processed. Figure 1 shows the topology for this example.
Topology
In this example, you configure the physical Ethernet switch port interface for tagged-access port mode and reflective relay. Configuring tagged-access port mode allows the interface to accept VLAN tagged packets. Configuring reflective relay allows the downstream port to return those packets on the same interface. Table 1 shows the components used in this example.
| Component | Description |
|---|---|
QFX3500 switch | Switch that supports reflective relay. |
xe-0/0/2 | Switch interface to the server. |
Server | Server with virtual machines and VEPA technology. |
Virtual machines | Six virtual machines located on the server: V1, V2, V3, V4, V5, and V6. |
VLANs | Three VLANs: VLAN_Purple, VLAN_Orange, and VLAN_Blue. Each VLAN has two virtual machine members. |
VEPA | Virtual Ethernet port aggregator that aggregates virtual machine packets on the server before the resulting single stream is transmitted to the switch. |
Configuration
To configure reflective relay, perform these tasks:
Configuring Reflective Relay on the Port
CLI Quick Configuration
To quickly configure reflective relay, copy the following commands and paste them into the switch window:
[edit] set interfaces xe-0/0/2 unit 0 family ethernet-switching port-mode tagged-access set interfaces xe-0/0/2 unit 0 family ethernet-switching reflective-relay set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members [VLAN_Blue VLAN_Orange VLAN_Purple]
Step-by-Step Procedure
To configure reflective relay:
Configure the tagged-access port mode on the interface:
Note:Configure the port mode as tagged-access otherwise you will receive an error when you commit the configuration.
content_copy zoom_out_map[edit] user@switch# set interfaces xe-0/0/2 unit 0 family ethernet-switching port-mode tagged-access
Configure reflective relay on the interface to allow it to both accept and send packets:
content_copy zoom_out_map[edit] user@switch# set interfaces xe-0/0/2 unit 0 family ethernet-switching reflective-relay
Configure the interface for the three VLANs on the server:
content_copy zoom_out_map[edit] user@switch# set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members [VLAN_Purple VLAN_Orange VLAN_Blue]
Results
Check the results of the configuration:
[edit interfaces xe-0/0/2]
user@switch# show
unit 0 {
family ethernet-switching {
port-mode tagged-access;
reflective-relay;
vlan {
members [ VLAN_Purple VLAN_Orange VLAN_Blue ];
}
}
}Verification
To confirm that reflective relay is enabled and working correctly, perform these tasks:
Verifying That Reflective Relay Is Enabled and Working Correctly
Purpose
Verify that reflective relay is enabled and working correctly.
Action
Use the show ethernet-switching interfaces detail command to display the reflective relay status:
user@switch> show ethernet-switching interfaces xe-0/0/2 detail
Interface: xe-0/0/2, Index: 66, State: down, Port mode: Tagged-access
Reflective Relay Status: Enabled
Ether type for the interface: 0x8100
VLAN membership:
VLAN_Purple, 802.1Q Tag: 450, tagged, unblocked
VLAN_Orange, 802.1Q Tag: 460, tagged, unblocked
VLAN_Blue, 802.1Q Tag: 470, tagged, unblocked
Number of MACs learned on IFL: 0Confirm that reflective relay is working by sending a Layer 2 broadcast message from one virtual machine to another virtual machine located on the same VLAN. Check the switch to verify that the switch sends the packets back on the same interface on which they were received. One way to check this is to set up port mirroring on the switch interface, connect a traffic generator to the mirrored interface, and use the traffic generator to examine packets.
Alternatively, if you do not have a traffic generator available, you can send traffic between two virtual machines with FTP, Telnet, or SSH, while running the tcpdump utility on the receiver virtual machine port to capture reflected packets.
Meaning
The reflective relay status is Enabled, meaning that interface xe-0/0/2 is configured for the tagged-access port mode, which accepts VLAN-tagged packets, and for reflective relay, which accepts and returns packets on the same interface.
When the traffic generator shows packets arriving at the switch and returning to the server on the same interface, reflective relay is working.
Configuring Reflective Relay on Switches with ELS Support
Configure reflective relay when a switch port must return packets on a downstream port. For example, configure reflective relay when a switch port receives aggregated virtual machine packets from a technology such as virtual Ethernet port aggregator (VEPA). When these packets are passed through the switch, reflective relay allows the switch to send those packets back on the same interface that was used for delivery.
This task uses Junos OS for QFX3500 and QFX3600 switches that supports the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs software that does not support ELS, see Configuring Reflective Relay on Switches.
Before you begin configuring reflective relay, ensure that you have:
Configured packet aggregation on the server connected to the port. See your server documentation.
Configured the port for all VLANs that could be included in aggregated packets..
To configure reflective relay:
Example: Configuring Reflective Relay for Use with VEPA Technology on QFX Switches with ELS Support
Reflective relay must be configured on a switch that receives virtual machine aggregated packets, such as Virtual Ethernet Port Aggregator (VEPA) packets, because some of these packets might be sent back to the server destined for another virtual machine on the same server. Reflective relay returns those packets to the original device using the same downstream port that delivered the packets to the switch.
This example uses Junos OS for QFX3500 and QFX3600 switches with support for the Enhanced Layer 2 Software (ELS) configuration style. If your switch runs software that does not support ELS, see Example: Configuring Reflective Relay for Use with VEPA Technology on QFX Switches. For ELS details, see Using the Enhanced Layer 2 Software CLI.
This example shows how to configure a switch port interface to return packets sent by VEPA on the downstream interface back to the server using the same downstream interface:
Requirements
This example uses the following hardware and software components:
One QFX3500 switch
One server
Junos OS Release 12.1 or later for the QFX Series
Before you configure reflective relay on a switch port, be sure you have:
Configured a server with six virtual machines, VM 1 through VM 6.
Configured the server with three VLANS named VLAN_Purple, VLAN_Orange, and VLAN_Blue and added two virtual machines to each VLAN.
Configured the same three VLANs named VLAN_Purple, VLAN_Orange, and VLAN_Blue on one interface.
Installed and configured VEPA to aggregate the virtual machine packets.
Overview and Topology
In this example, illustrated in Figure 2, a switch is connected to one server that is hosting six virtual machines and is configured with a VEPA for aggregating packets. The server’s six virtual machines are VM 1 through VM 6, and each virtual machine belongs to one of the three server VLANs, VLAN_Purple, VLAN_Orange, or VLAN_Blue. Instead of the server directly passing packets between virtual machines, packets from any of the three VLANS that are destined for another one of the three VLANs are aggregated using VEPA technology and passed to the switch for processing. You must configure the switch port to accept these aggregated packets on the downstream interface and to return appropriate packets to the server on the same downstream interface after they are processed. Figure 2 shows the topology for this example.
Topology
In this example, you configure the physical Ethernet switch port interface for trunk interface mode and reflective relay. Configuring trunk port mode allows the interface to accept VLAN tagged packets. Configuring reflective relay allows the downstream port to return those packets on the same interface. Table 2 shows the components used in this example.
| Component | Description |
|---|---|
QFX3500 switch | Switch that supports reflective relay. . |
xe-0/0/2 | Switch interface to the server. |
Server | Server with virtual machines and VEPA technology. |
Virtual machines | Six virtual machines located on the server: V1, V2, V3, V4, V5, and V6. |
VLANs | Three VLANs: VLAN_Purple, VLAN_Orange, and VLAN_Blue. Each VLAN has two virtual machine members. |
VEPA | Virtual Ethernet port aggregator that aggregates virtual machine packets on the server before the resulting single stream is transmitted to the switch. |
Configuration
To configure reflective relay, perform these tasks:
Configuring Reflective Relay on the Port
CLI Quick Configuration
To quickly configure reflective relay, copy the following commands and paste them into the switch window:
[edit] set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/2 unit 0 family ethernet-switching reflective-relay set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members [VLAN_Blue VLAN_Orange VLAN_Purple]
Step-by-Step Procedure
To configure reflective relay:
Configure the trunk interface mode on the interface:
content_copy zoom_out_map[edit] user@switch# set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk
Configure reflective relay on the interface to allow it to both accept and send packets:
content_copy zoom_out_map[edit] user@switch# set interfaces xe-0/0/2 unit 0 family ethernet-switching reflective-relay
Configure the interface for the three VLANs on the server:
content_copy zoom_out_map[edit] user@switch# set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members [VLAN_Purple VLAN_Orange VLAN_Blue]
Results
Check the results of the configuration:
[edit interfaces xe-0/0/2]
user@switch# show
unit 0 {
family ethernet-switching {
interface-mode trunk;
reflective-relay;
vlan {
members [ VLAN_Purple VLAN_Orange VLAN_Blue ];
}
}
}Verification
To confirm that reflective relay is enabled and working correctly, perform these tasks:
Verifying That Reflective Relay Is Enabled and Working Correctly
Purpose
Verify that reflective relay is enabled and working correctly.
Action
Use the show ethernet-switching interfaces detail command to display the reflective relay status:
user@switch> show ethernet-switching interfaces xe-0/0/2 detail
Interface: xe-0/0/2, Index: 66, State: down, Interface mode: Trunk
Reflective Relay Status: Enabled
Ether type for the interface: 0x8100
VLAN membership:
VLAN_Purple, 802.1Q Tag: 450, tagged, unblocked
VLAN_Orange, 802.1Q Tag: 460, tagged, unblocked
VLAN_Blue, 802.1Q Tag: 470, tagged, unblocked
Number of MACs learned on IFL: 0Confirm that reflective relay is working by sending a Layer 2 broadcast message from one virtual machine to another virtual machine located on the same VLAN. Check the switch to verify that the switch sends the packets back on the same interface on which they were received. One way to check this is to set up port mirroring on the switch interface, connect a traffic generator to the mirrored interface, and use the traffic generator to examine packets.
Alternatively, if you do not have a traffic generator available, you can send traffic between two virtual machines with FTP, Telnet, or SSH, while running the tcpdump utility on the receiver virtual machine port to capture reflected packets.
Meaning
The reflective relay status is Enabled, meaning that interface xe-0/0/2 is configured for the trunk interface mode, which accepts VLAN-tagged packets, and for reflective relay, which accepts and returns packets on the same interface.
When the traffic generator shows packets arriving at the switch and returning to the server on the same interface, reflective relay is working.
