- play_arrow Common Configuration for All VPNs
- play_arrow VPNs Overview
- play_arrow Assigning Routing Instances to VPNs
- play_arrow Distributing Routes in VPNs
- play_arrow Distributing VPN Routes with Target Filtering
- Configuring BGP Route Target Filtering for VPNs
- Example: BGP Route Target Filtering for VPNs
- Example: Configuring BGP Route Target Filtering for VPNs
- Configuring Static Route Target Filtering for VPNs
- Understanding Proxy BGP Route Target Filtering for VPNs
- Example: Configuring Proxy BGP Route Target Filtering for VPNs
- Example: Configuring an Export Policy for BGP Route Target Filtering for VPNs
- Reducing Network Resource Use with Static Route Target Filtering for VPNs
- play_arrow Configuring Forwarding Options for VPNs
- play_arrow Configuring Graceful Restart for VPNs
- play_arrow Configuring Class of Service for VPNs
- play_arrow Pinging VPNs
-
- play_arrow Common Configuration for Layer 2 VPNs and VPLS
- play_arrow Overview
- play_arrow Layer 2 VPNs Configuration Overview
- play_arrow Configuring Layer 2 Interfaces
- play_arrow Configuring Path Selection for Layer 2 VPNs and VPLS
- play_arrow Creating Backup Connections with Redundant Pseudowires
- play_arrow Configuring Class of Service for Layer 2 VPNs
- play_arrow Monitoring Layer 2 VPNs
- Configuring BFD for Layer 2 VPN and VPLS
- BFD Support for VCCV for Layer 2 VPNs, Layer 2 Circuits, and VPLS
- Configuring BFD for VCCV for Layer 2 VPNs, Layer 2 Circuits, and VPLS
- Connectivity Fault Management Support for EVPN and Layer 2 VPN Overview
- Configure a MEP to Generate and Respond to CFM Protocol Messages
-
- play_arrow Configuring Group VPNs
- play_arrow Configuring Public Key Infrastructure
- play_arrow Configuring Digital Certificate Validation
- play_arrow Configuring a Device for Certificate Chains
- play_arrow Managing Certificate Revocation
-
- play_arrow Configuring Layer 2 Circuits
- play_arrow Overview
- play_arrow Layer 2 Circuits Configuration Overview
- play_arrow Configuring Class of Service with Layer 2 Circuits
- play_arrow Configuring Pseudowire Redundancy for Layer 2 Circuits
- play_arrow Configuring Load Balancing for Layer 2 Circuits
- play_arrow Configuring Protection Features for Layer 2 Circuits
- Egress Protection LSPs for Layer 2 Circuits
- Configuring Egress Protection Service Mirroring for BGP Signaled Layer 2 Services
- Example: Configuring an Egress Protection LSP for a Layer 2 Circuit
- Example: Configuring Layer 2 Circuit Protect Interfaces
- Example: Configuring Layer 2 Circuit Switching Protection
- play_arrow Monitoring Layer 2 Circuits with BFD
- play_arrow Troubleshooting Layer 2 Circuits
-
- play_arrow Configuring VPWS VPNs
- play_arrow Overview
- play_arrow Configuring VPWS VPNs
- Understanding FEC 129 BGP Autodiscovery for VPWS
- Example: Configuring FEC 129 BGP Autodiscovery for VPWS
- Example: Configuring MPLS Egress Protection Service Mirroring for BGP Signaled Layer 2 Services
- Understanding Multisegment Pseudowire for FEC 129
- Example: Configuring a Multisegment Pseudowire
- Configuring the FAT Flow Label for FEC 128 VPWS Pseudowires for Load-Balancing MPLS Traffic
- Configuring the FAT Flow Label for FEC 129 VPWS Pseudowires for Load-Balancing MPLS Traffic
-
- play_arrow Connecting Layer 2 VPNs and Circuits to Other VPNs
- play_arrow Connecting Layer 2 VPNs to Other VPNs
- play_arrow Connecting Layer 2 Circuits to Other VPNs
- Using the Layer 2 Interworking Interface to Interconnect a Layer 2 Circuit to a Layer 2 VPN
- Applications for Interconnecting a Layer 2 Circuit with a Layer 2 Circuit
- Example: Interconnecting a Layer 2 Circuit with a Layer 2 VPN
- Example: Interconnecting a Layer 2 Circuit with a Layer 2 Circuit
- Applications for Interconnecting a Layer 2 Circuit with a Layer 3 VPN
- Example: Interconnecting a Layer 2 Circuit with a Layer 3 VPN
-
- play_arrow Configuration Statements and Operational Commands
ON THIS PAGE
Example: Prevention of Loops in Bridge Domains by Enabling the MAC Pinnning Feature on Trunk Interfaces
This example shows how to avoid loops in bridge domains by enabling the MAC pinning feature on trunk interfaces.
Requirements
This example uses the following hardware and software components:
MX Series 5G Universal Routing Platforms
Junos OS Release 16.1 running on the routers
Overview
A MAC move occurs when a MAC address frequently appears on a different physical interface than the one it was learned on. Frequent MAC moves indicate the presence of loops. Loops can occur in Layer 2 bridges and in VPLS networks. To avoid loops, you can enable the MAC pinning feature on the interfaces. The MAC pinning feature is applicable only when dynamic learning of MAC addresses over interfaces is enabled.
This example shows how to enable MAC pinning on three aggregated trunk interfaces in a bridge domain.
Topology
In this example, you configure the interfaces xe-0/1/1 and xe-0/3/1 on the MX Series router as an aggregated
Ethernet interface, ae1. You can configure the other four
interfaces, ge-4/0/6, ge-4/1/6, xe-4/2/0, and xe-4/3/0, as aggregated Ethernet interfaces, ae2 and ae3. Each of these aggregated Ethernet interfaces
are configured as trunk interfaces. Trunk interfaces accept only tagged
packets and forward the packets within a specified bridge domain, BD_Trunk_all. Specify the list of VLAN IDs for the interfaces
and the bridge domain. When a tagged packet is received on any of
the aggregated trunk interfaces, the packet is accepted, and the packet
is forwarded within the bridge domain that is configured with the
matching ID.
In the bridge domain, after specifying the VLAN ID, specify 131000 as the maximum number of MAC addresses that can be learned on each of the aggregated Ethernet trunk interfaces and specify 1048575 as the size of the MAC address table for the bridge domain or VLAN.
In this topology, frequent MAC moves can occur, which can result
in loops. To prevent these loops, you can configure MAC pinning. When
you configure MAC pinning on an interface, the MAC address learned
on the interface cannot be learned on another interface in the same
bridge domain. For example, configure MAC pinning on the aggregated
Ethernet interface ae1. When a packet is received on this
interface, the packet is accepted, and the packet is forwarded within
the bridge domain with the matching ID. However, if a packet with
the same MAC address is received on any other trunk interface, say ae2, the packet is discarded or dropped as that MAC address
is pinned to the trunk interface ae1. This behavior is
common to all trunk interfaces configured on the router, regardless
of whether access pinning is enabled on the trunk interface or not.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set interfaces xe-0/1/1 gigether-options 802.3ad ae1 set interfaces xe-0/3/1 gigether-options 802.3ad ae1 set interfaces ge-4/0/6 gigether-options 802.3ad ae3 set interfaces ge-4/1/6 gigether-options 802.3ad ae3 set interfaces xe-4/2/0 gigether-options 802.3ad ae2 set interfaces xe-4/3/0 gigether-options 802.3ad ae2 set interfaces ae1 flexible-vlan-tagging set interfaces ae1 encapsulation flexible-ethernet-services set interfaces ae1 unit 0 family bridge interface-mode trunk set interfaces ae1 unit 0 family bridge vlan-id-list 1-5 set interfaces ae2 flexible-vlan-tagging set interfaces ae2 encapsulation flexible-ethernet-services set interfaces ae2 unit 0 family bridge interface-mode trunk set interfaces ae2 unit 0 family bridge vlan-id-list 1-5 set interfaces ae3 flexible-vlan-tagging set interfaces ae3 encapsulation flexible-ethernet-services set interfaces ae3 unit 0 family bridge interface-mode trunk set interfaces ae3 unit 0 family bridge vlan-id-list 1-5 set bridge-domains BD_Trunk_all vlan-id-list 1-5 set bridge-domains BD_Trunk_all bridge-options mac-table-size 1048575 set bridge-domains BD_Trunk_all bridge-options interface ae1.0 interface-mac-limit 131000 set bridge-domains BD_Trunk_all bridge-options interface ae2.0 interface-mac-limit 131000 set bridge-domains BD_Trunk_all bridge-options interface ae3.0 interface-mac-limit 131000 set switch-options interface ae1.0 interface-mac-limit 131000 set switch-options interface ae1.0 mac-pinning set switch-options interface ae2.0 interface-mac-limit 131000 set switch-options interface ae2.0 mac-pinning set switch-options interface ae3.0 interface-mac-limit 131000 set switch-options interface ae3.0 mac-pinning
Procedure
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode
To configure MAC pinning on trunk interfaces in bridge domains:
Configure the interfaces as member aggregated Ethernet interfaces.
content_copy zoom_out_map[edit interfaces] user@host#
set interfaces xe-0/1/1 gigether-options 802.3ad ae1user@host#set interfaces xe-0/3/1 gigether-options 802.3ad ae1user@host#set interfaces ge-4/0/6 gigether-options 802.3ad ae3user@host#set interfaces ge-4/1/6 gigether-options 802.3ad ae3user@host#set interfaces xe-4/2/0 gigether-options 802.3ad ae2user@host#set interfaces xe-4/3/0 gigether-options 802.3ad ae2Configure the aggregated Ethernet interfaces as trunk interfaces and specify the list of VLAN IDs.
content_copy zoom_out_mapuser@host#
set interfaces ae1 flexible-vlan-tagginguser@host#set interfaces ae1 encapsulation flexible-ethernet-servicesuser@host#set interfaces ae1 unit 0 family bridge interface-mode trunkuser@host#set interfaces ae1 unit 0 family bridge vlan-id-list 1-5user@host#set interfaces ae2 flexible-vlan-tagginguser@host#set interfaces ae2 encapsulation flexible-ethernet-servicesuser@host#set interfaces ae2 unit 0 family bridge interface-mode trunkuser@host#set interfaces ae2 unit 0 family bridge vlan-id-list 1-5user@host#set interfaces ae3 flexible-vlan-tagginguser@host#set interfaces ae3 encapsulation flexible-ethernet-servicesuser@host#set interfaces ae3 unit 0 family bridge interface-mode trunkuser@host#set interfaces ae3 unit 0 family bridge vlan-id-list 1-5Specify the name of the bridge domain.
content_copy zoom_out_map[edit bridge-domains] user@host#
set bridge-domains BD_Trunk_all vlan-id-list 1-5Specify the size of the MAC address table for the bridge domain.
content_copy zoom_out_mapuser@host#
set bridge-domains BD_Trunk_all bridge-options mac-table-size 1048575Specify the maximum number of MAC addresses that can be learned on all three trunk interfaces.
content_copy zoom_out_mapuser@host#
set bridge-domains BD_Trunk_all bridge-options interface ae1.0 interface-mac-limit 131000user@host#set bridge-domains BD_Trunk_all bridge-options interface ae2.0 interface-mac-limit 131000user@host#set bridge-domains BD_Trunk_all bridge-options interface ae3.0 interface-mac-limit 131000Configure MAC pinning on each of the aggregated Ethernet interfaces at the [
edit switch-options] hierarchy level.content_copy zoom_out_map[edit switch-options] user@host#
set switch-options interface ae1.0 interface-mac-limit 131000user@host#set switch-options interface ae1.0 mac-pinninguser@host#set switch-options interface ae2.0 interface-mac-limit 131000user@host#set switch-options interface ae2.0 mac-pinninguser@host#set switch-options interface ae3.0 interface-mac-limit 131000user@host#set switch-options interface ae3.0 mac-pinning
Results
From configuration mode, confirm your configuration
by entering show interfaces and show bridge-domains commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
user@host#show interfacesinterfaces { xe-0/0/0 { flexible-vlan-tagging; encapsulation flexible-ethernet-services; unit 0 { family bridge { interface-mode trunk; vlan-id-list 1-5; } } } xe-0/1/1 { gigether-options { 802.3ad ae1; } } xe-0/3/1 { gigether-options { 802.3ad ae1; } } ge-4/0/6 { gigether-options { 802.3ad ae3; } } ge-4/1/6 { gigether-options { 802.3ad ae3; } } xe-4/2/0 { gigether-options { 802.3ad ae2; } } xe-4/3/0 { gigether-options { 802.3ad ae2; } } ae1 { flexible-vlan-tagging; encapsulation flexible-ethernet-services; unit 0 { family bridge { interface-mode trunk; vlan-id-list 1-5; } } } ae2 { flexible-vlan-tagging; encapsulation flexible-ethernet-services; unit 0 { family bridge { interface-mode trunk; vlan-id-list 1-5; } } } ae3 { flexible-vlan-tagging; encapsulation flexible-ethernet-services; unit 0 { family bridge { interface-mode trunk; vlan-id-list 1-5; } } } } user@host#show bridge-domainsbridge-domains { BD_Trunk_all { vlan-id-list 1-5; bridge-options { mac-table-size { 1048575; } interface ae1.0 { interface-mac-limit { 131000; } } interface ae2.0 { interface-mac-limit { 131000; } } interface ae3.0 { interface-mac-limit { 131000; } } } } } user@host#show switch-optionsswitch-options { interface ae1.0 { interface-mac-limit { 131000; } mac-pinning; } interface ae2.0 { interface-mac-limit { 131000; } mac-pinning; } interface ae3.0 { interface-mac-limit { 131000; } mac-pinning; } }
If you have completed configuring the device, enter commit from the configuration mode.
Verification
Verifying that MAC Pinning Is Configured Correctly
Purpose
Ensure that MAC pinning is enabled on the trunk interfaces.
Action
From operational mode, enter the show l2-learning
interface command.
user@host> show l2-learning interface
Routing Instance Name : default-switch
Logical Interface flags (DL -disable learning, AD -packet action drop,
LH - MAC limit hit, DN - Interface Down, MP - MAC Pinning)
Logical BD MAC STP Logical
Interface Name Limit State Interface flags
xe-0/0/0.0 8192
BD_Tru.. 1024 Forwarding
BD_Tru.. 1024 Forwarding
BD_Tru.. 1024 Forwarding
BD_Tru.. 1024 Forwarding
BD_Tru.. 1024 Forwarding
Routing Instance Name : default-switch
Logical Interface flags (DL -disable learning, AD -packet action drop,
LH - MAC limit hit, DN - Interface Down, MP - MAC Pinning)
Logical BD MAC STP Logical
Interface Name Limit State Interface flags
ae1.0 131000 MP
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
Routing Instance Name : default-switch
Logical Interface flags (DL -disable learning, AD -packet action drop,
LH - MAC limit hit, DN - Interface Down, MP - MAC Pinning)
Logical BD MAC STP Logical
Interface Name Limit State Interface flags
ae2.0 131000 MP
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
Routing Instance Name : default-switch
Logical Interface flags (DL -disable learning, AD -packet action drop,
LH - MAC limit hit, DN - Interface Down, MP - MAC Pinning)
Logical BD MAC STP Logical
Interface Name Limit State Interface flags
ae3.0 131000 MP
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
BD_Tru.. 131000 Forwarding
Meaning
The Interface flags field indicates the
interfaces that have MAC pinning enabled.
