ON THIS PAGE
Example: Prevention of Loops in Bridge Domains by Enabling the MAC Pinnning Feature on Access Interfaces
This example shows how to avoid loops in bridge domains by enabling the MAC pinning feature on access interfaces.
Requirements
This example uses the following hardware and software components:
MX Series 5G Universal Routing Platforms
Junos OS Release 16.1 running on the routers
Overview
A MAC move occurs when a MAC address frequently appears on a different physical interface than the one it was learned on. Frequent MAC moves indicate the presence of loops. Loops can occur in Layer 2 bridges and in VPLS networks. To avoid loops, you can enable the MAC pinning feature on the interfaces. The MAC pinning feature is applicable only when dynamic learning of MAC addresses over interfaces is enabled.
This example shows how to enable MAC pinning on two access interfaces in a bridge domain.
Topology
In this example, you configure the interfaces ge-4/0/6 and xe-4/2/0 on the MX Series router as access interfaces.
Access interfaces accept both untagged and tagged packets and forward
the packets within a specified bridge domain, bd1. Specify 1 as the VLAN ID for the interfaces and the bridge
domain. When an untagged or a tagged packet is received on any of
the access interfaces, the packet is accepted, the VLAN ID is added
to the packet, and the packet is forwarded within the bridge domain
that is configured with the matching ID.
In the bridge domain, after specifying the VLAN ID, specify 131071 as the maximum number of MAC addresses that can be learned on the access interfaces and specify 1048575 as the size of the MAC address table for the bridge domain or VLAN.
In this topology, frequent MAC moves can occur, which can result
in loops. To prevent these loops, you can configure MAC pinning. When
you configure MAC pinning on an interface, the MAC address learned
on the interface cannot be learned on another interface in the same
bridge domain. For example, configure MAC pinning on the access interface ge-4/0/6. When a packet is received on this interface, the
packet is accepted, the VLAN ID is added and the packet is forwarded
within the bridge domain with the matching ID. However, if a packet
with the same MAC address is received on any other access interface,
say xe-4/2/0, the packet is discarded or dropped as that
MAC address is pinned to the access interface ge-4/0/6 .
This behavior is common to all access interfaces configured on the
router, regardless of whether access pinning is enabled on the access
interface or not.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set interfaces ge-4/0/6 encapsulation ethernet-bridge set interfaces ge-4/0/6 unit 0 family bridge interface-mode access set interfaces ge-4/0/6 unit 0 family bridge vlan-id 1 set interfaces xe-4/2/0 encapsulation ethernet-bridge set interfaces xe-4/2/0 unit 0 family bridge interface-mode access set interfaces xe-4/2/0 unit 0 family bridge vlan-id 1 set bridge-domains bd1 vlan-id 1 set bridge-domains bd1 bridge-options mac-table-size 1048575 set bridge-domains bd1 bridge-options interface ge-4/0/6.0 interface-mac-limit 131071 set bridge-domains bd1 bridge-options interface ge-4/0/6.0 mac-pinning set bridge-domains bd1 bridge-options interface xe-4/2/0.0 interface-mac-limit 131071 set bridge-domains bd1 bridge-options interface xe-4/2/0.0 mac-pinning
Procedure
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode
To configure MAC pinning on access interfaces in bridge domains:
Configure both the interfaces as access interfaces and specify the VLAN ID.
[edit interfaces] user@host#
set interfaces ge-4/0/6 encapsulation ethernet-bridgeuser@host#set interfaces ge-4/0/6 unit 0 family bridge interface-mode accessuser@host#set interfaces ge-4/0/6 unit 0 family bridge vlan-id 1user@host#set interfaces xe-4/2/0 encapsulation ethernet-bridgeuser@host#set interfaces xe-4/2/0 unit 0 family bridge interface-mode accessuser@host#set interfaces xe-4/2/0 unit 0 family bridge vlan-id 1Specify the name of the bridge domain.
[edit bridge-domains] user@host#
set bridge-domains bd1 vlan-id 1Specify the size of the MAC address table for the bridge domain.
[edit bridge-domains] user@host#
set bridge-domains bd1 bridge-options mac-table-size 1048575Specify the maximum number of MAC addresses that can be learned on both the access interfaces.
[edit bridge-domains] user@host#
set bridge-domains bd1 bridge-options interface ge-4/0/6.0 interface-mac-limit 131071user@host#set bridge-domains bd1 bridge-options interface xe-4/2/0.0 interface-mac-limit 131071Configure MAC pinning on both the access interfaces.
[edit bridge-domains] user@host#
set bridge-domains bd1 bridge-options interface ge-4/0/6.0 mac-pinninguser@host#set bridge-domains bd1 bridge-options interface xe-4/2/0.0 mac-pinning
Results
From configuration mode, confirm your configuration
by entering show interfaces and show bridge-domains commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
user@host#show interfacesge-4/0/6 { encapsulation ethernet-bridge; unit 0 { family bridge { interface-mode access; vlan-id 1; } } } xe-4/2/0 { encapsulation ethernet-bridge; unit 0 { family bridge { interface-mode access; vlan-id 1; } } } user@host#show bridge-domainsbridge-domains { bd1 { vlan-id 1; bridge-options { mac-table-size { 1048575; } interface ge-4/0/6.0 { interface-mac-limit { 131071; } mac-pinning; } interface xe-4/2/0.0 { interface-mac-limit { 131071; } mac-pinning; } } } }
If you have completed configuring the device, enter commit from the configuration mode.
Verification
Verifying That MAC Pinning Is Configured Correctly
Purpose
Ensure that MAC pinning has been enabled on the access interfaces.
Action
From operational mode, enter the show l2-learning
interface command.
user@host> show l2-learning interface
Routing Instance Name : default-switch
Logical Interface flags (DL -disable learning, AD -packet action drop,
LH - MAC limit hit, DN - Interface Down, MP - MAC Pinning)
Logical BD MAC STP Logical
Interface Name Limit State Interface flags
xe-4/0/6.0 131000 MP
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
Routing Instance Name : default-switch
Logical Interface flags (DL -disable learning, AD -packet action drop,
LH - MAC limit hit, DN - Interface Down, MP - MAC Pinning)
Logical BD MAC STP Logical
Interface Name Limit State Interface flags
xe-4/2/0.0 131000 MP
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
Meaning
The Interface flags field indicates the
interfaces that have MAC pinning enabled.