Re: [j-nsp] igmp snooping layer 2 querier breaks ospf in other devices
At this point I opted for a different design. I no longer have the mcast clients gathered into a vlan, which requires igmp snooping. I changed the mcast client ports to be L3. I just assign a /30 to each mcast client interface on the ACX5048. This way there is no need for igmp snooping. A bit more up-front administration of ip subnets, but it's ok, and it's RFC 1918 so I have plenty. JTAC didn't find anything in the rsi and logs to be able to determine a problem, and also told me my Junos is EoL... of course it is. I'll be upgrading soon right around the time I implement IPv6. lol thanks y'all -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] igmp snooping layer 2 querier breaks ospf in other devices
Hi Aaron, since ACX series is based on Broadcom PFE , and based on your description of the issue.. => When you enable igmp-snooping (in Broadcom based PFE devices like EX3400/QFX5100s) there are some associated dynamic filters / IFP/VFP gets created in PFE , and if there are some descrepancies in that it can match some unassociated multicast potentially dropping it . => But if this is a bug in these areas , you should be seeing the same behaviour in your lab with exact configs/topology (in same release) So, in your lab , please try with exact same configuration as in your production device ..Especially ,Pls use the firewall filters configured in the production device and your lab device and make it same (loopback filters ) . -thanks, Nebu, On Friday, 2 February, 2024 at 11:00:40 pm IST, Aaron Gould via juniper-nsp wrote: thanks for this... i think i misunderstood the use of l2-querier from a previous project i worked on, and put it here where i really didn't need it. moving forward i will only use igmp snooping in the vlan, and not the l2-querier option. but with all that said, i still don't understand why ospf inside an l2circuit is affected by my pim/igmp configs ... furthermore, why it breaks in the field and works in the lab -Aaron On 2/2/2024 10:32 AM, Crist Clark wrote: > I thought this was asked, but don’t recall an answer, what’s the point > of turning on a querier if the switch is already a PIM router? You > don’t need an IGMP snooping querier if it’s a multicast router. > > > On Fri, Feb 2, 2024 at 8:21 AM Aaron Gould via juniper-nsp > wrote: > > I tried to recreate the scenario in my lab with no success > > 21.2R3-S4.8 - in lab - problem not seen > 20.2R3-S7.3 - in lab - problem not seen > 19.2R3-S6.1 - in lab - problem not seen > 18.3R3-S6.1 - in lab - problem not seen > 17.4R2-S11 - in lab - problem not seen > > 17.4R2-S11 - in field - problem seen > > > again, the problem is, when i enabled this command... > > set protocols igmp-snooping vlan vlan100 l2-querier source-address > 10.100.4.1 > > ...a customer riding an l2circuit on ge-0/0/2 report to me that their > multicast stops working... ospf goes down and stays in INIT... > > when i remove all pim and igmp, then there OSPF neighbors up and > stabilizes > > i just don't know how running igmp inside vlan 100 with ports > ge-0/0/4, > 5 and 6 would have anything to do with an l2circuit on ge-0/0/2 > > > -Aaron > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] igmp snooping layer 2 querier breaks ospf in other devices
thanks for this... i think i misunderstood the use of l2-querier from a previous project i worked on, and put it here where i really didn't need it. moving forward i will only use igmp snooping in the vlan, and not the l2-querier option. but with all that said, i still don't understand why ospf inside an l2circuit is affected by my pim/igmp configs ... furthermore, why it breaks in the field and works in the lab -Aaron On 2/2/2024 10:32 AM, Crist Clark wrote: I thought this was asked, but don’t recall an answer, what’s the point of turning on a querier if the switch is already a PIM router? You don’t need an IGMP snooping querier if it’s a multicast router. On Fri, Feb 2, 2024 at 8:21 AM Aaron Gould via juniper-nsp wrote: I tried to recreate the scenario in my lab with no success 21.2R3-S4.8 - in lab - problem not seen 20.2R3-S7.3 - in lab - problem not seen 19.2R3-S6.1 - in lab - problem not seen 18.3R3-S6.1 - in lab - problem not seen 17.4R2-S11 - in lab - problem not seen 17.4R2-S11 - in field - problem seen again, the problem is, when i enabled this command... set protocols igmp-snooping vlan vlan100 l2-querier source-address 10.100.4.1 ...a customer riding an l2circuit on ge-0/0/2 report to me that their multicast stops working... ospf goes down and stays in INIT... when i remove all pim and igmp, then there OSPF neighbors up and stabilizes i just don't know how running igmp inside vlan 100 with ports ge-0/0/4, 5 and 6 would have anything to do with an l2circuit on ge-0/0/2 -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] igmp snooping layer 2 querier breaks ospf in other devices
Thanks Aditya, here's my re-creation of this scenario in my lab... but it works with the pim/igmp config that i have, and the ospf neighboring over the l2circuit continues to work. isn't ospf 224 packets "hidden" inside encapsulation over l2circuit? how would pfe in 5048 use 224 routes seen in inet.0 and inet.1 for l2circuits? -Aaron me@lab-5048-2> show route 224/8 inet.0: 846 destinations, 847 routes (846 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 224.0.0.2/32 *[PIM/0] 16:56:50 MultiRecv [LDP/9] 16:56:47, metric 1 MultiRecv 224.0.0.5/32 *[OSPF/10] 16:56:52, metric 1 MultiRecv 224.0.0.13/32 *[PIM/0] 16:56:50 MultiRecv 224.0.0.22/32 *[IGMP/0] 16:55:29 MultiRecv inet.1: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 224.0.0.0/24 *[Multicast/180] 16:56:46 MultiDiscard me@lab-5048-2> show route table l2circuit.0 l2circuit.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both ... 10.123.12.240:NoCtrlWord:5:2056:Local/96 *[L2CKT/7] 16:55:35, metric2 2 > to 10.123.14.9 via xe-0/0/0.0, Push 64741 10.123.12.240:NoCtrlWord:5:2056:Remote/96 *[LDP/9] 16:55:35 Discard On 2/2/2024 10:25 AM, Aditya Mahale wrote: When you enabled pim multicast routes are added to the pfe, this is mostly breaking ospf over l2 ckt because these packets are mostly now matching the default 224 routes added to pfe . Without having any show commands or rtsockmon it’s difficult to debug anything -Aditya Google On Fri, Feb 2, 2024 at 8:21 AM Aaron Gould via juniper-nsp wrote: I tried to recreate the scenario in my lab with no success 21.2R3-S4.8 - in lab - problem not seen 20.2R3-S7.3 - in lab - problem not seen 19.2R3-S6.1 - in lab - problem not seen 18.3R3-S6.1 - in lab - problem not seen 17.4R2-S11 - in lab - problem not seen 17.4R2-S11 - in field - problem seen again, the problem is, when i enabled this command... set protocols igmp-snooping vlan vlan100 l2-querier source-address 10.100.4.1 ...a customer riding an l2circuit on ge-0/0/2 report to me that their multicast stops working... ospf goes down and stays in INIT... when i remove all pim and igmp, then there OSPF neighbors up and stabilizes i just don't know how running igmp inside vlan 100 with ports ge-0/0/4, 5 and 6 would have anything to do with an l2circuit on ge-0/0/2 -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] igmp snooping layer 2 querier breaks ospf in other devices
I thought this was asked, but don’t recall an answer, what’s the point of turning on a querier if the switch is already a PIM router? You don’t need an IGMP snooping querier if it’s a multicast router. On Fri, Feb 2, 2024 at 8:21 AM Aaron Gould via juniper-nsp < juniper-nsp@puck.nether.net> wrote: > I tried to recreate the scenario in my lab with no success > > 21.2R3-S4.8 - in lab - problem not seen > 20.2R3-S7.3 - in lab - problem not seen > 19.2R3-S6.1 - in lab - problem not seen > 18.3R3-S6.1 - in lab - problem not seen > 17.4R2-S11 - in lab - problem not seen > > 17.4R2-S11 - in field - problem seen > > > again, the problem is, when i enabled this command... > > set protocols igmp-snooping vlan vlan100 l2-querier source-address > 10.100.4.1 > > ...a customer riding an l2circuit on ge-0/0/2 report to me that their > multicast stops working... ospf goes down and stays in INIT... > > when i remove all pim and igmp, then there OSPF neighbors up and stabilizes > > i just don't know how running igmp inside vlan 100 with ports ge-0/0/4, > 5 and 6 would have anything to do with an l2circuit on ge-0/0/2 > > > -Aaron > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] igmp snooping layer 2 querier breaks ospf in other devices
When you enabled pim multicast routes are added to the pfe, this is mostly breaking ospf over l2 ckt because these packets are mostly now matching the default 224 routes added to pfe . Without having any show commands or rtsockmon it’s difficult to debug anything -Aditya Google On Fri, Feb 2, 2024 at 8:21 AM Aaron Gould via juniper-nsp < juniper-nsp@puck.nether.net> wrote: > I tried to recreate the scenario in my lab with no success > > 21.2R3-S4.8 - in lab - problem not seen > 20.2R3-S7.3 - in lab - problem not seen > 19.2R3-S6.1 - in lab - problem not seen > 18.3R3-S6.1 - in lab - problem not seen > 17.4R2-S11 - in lab - problem not seen > > 17.4R2-S11 - in field - problem seen > > > again, the problem is, when i enabled this command... > > set protocols igmp-snooping vlan vlan100 l2-querier source-address > 10.100.4.1 > > ...a customer riding an l2circuit on ge-0/0/2 report to me that their > multicast stops working... ospf goes down and stays in INIT... > > when i remove all pim and igmp, then there OSPF neighbors up and stabilizes > > i just don't know how running igmp inside vlan 100 with ports ge-0/0/4, > 5 and 6 would have anything to do with an l2circuit on ge-0/0/2 > > > -Aaron > > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] igmp snooping layer 2 querier breaks ospf in other devices
I tried to recreate the scenario in my lab with no success 21.2R3-S4.8 - in lab - problem not seen 20.2R3-S7.3 - in lab - problem not seen 19.2R3-S6.1 - in lab - problem not seen 18.3R3-S6.1 - in lab - problem not seen 17.4R2-S11 - in lab - problem not seen 17.4R2-S11 - in field - problem seen again, the problem is, when i enabled this command... set protocols igmp-snooping vlan vlan100 l2-querier source-address 10.100.4.1 ...a customer riding an l2circuit on ge-0/0/2 report to me that their multicast stops working... ospf goes down and stays in INIT... when i remove all pim and igmp, then there OSPF neighbors up and stabilizes i just don't know how running igmp inside vlan 100 with ports ge-0/0/4, 5 and 6 would have anything to do with an l2circuit on ge-0/0/2 -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] igmp snooping layer 2 querier breaks ospf in other devices
thanks and yes, working on it i've done my best to recreate this scenario in my lab... 21.2R3-S4.8 - in lab - problem not seen 20.2R3-S7.3 - in lab - downgraded an hour ago - problem not seen 19.2R3-S6.1 - in lab - downgrading now... will let you know... if good, will continue 18.3R3-S6.1 - will move to this if problem not seen in 19.2 17.4R2-S11 - will move to this if problem not seen in 18.3...this 17.4 is what is in the field -Aaron On 2/1/2024 3:15 PM, Karsten Thomann wrote: Hi Aaron, as you're using a 3,5 years old junos, is it possible to upgrade and check if the problem is fixed in a newer version? The latest is from March 2022, but I would still expect some bug fixing. Maybe there is something wrong in the programming of the hardware... Kind regards Karsten Am Donnerstag, 1. Februar 2024, 19:41:12 CET schrieb Aaron Gould via juniper- nsp: does this help? ACX5048 - port ge-0/0/4 - vlan 100 - multicast listener/client - port ge-0/0/5 - vlan 100 - multicast listener/client - port ge-0/0/6 - vlan 100 - multicast listener/client - irb.100 routes that vlan - runs pim/igmp/igmp-snooping l2-querier - xe-0/0/0 - an uplink port running pim to route ssm multicast joins to the multicast sender - port ge-0/0/2 is mapped to an l2circuit over mpls to some remote location --- i don't see ge-0/0/2 related at all to the vlan 100 where i run multicast -Aaron On 2/1/2024 8:19 AM, Andrey Kostin wrote: Hi Aaron, It's not clear from your explanation where l2circuits with ospf are connected and how they are related to this irb/vlan. Do you really need a querier in this case? IIRC, querier is needed when only hosts are present on LAN and a switch has to send igmp queries. In your case, you have a router with irb interface that should work as igmp querier by default. Not sure if it helps though. Kind regards, Andrey Aaron Gould via juniper-nsp писал(а) 2024-01-31 14:54: I'm having an issue where igmp snooping layer 2 querier breaks ospf in other devices which are in l2circuits Has anyone ever come across this issue, and have a work-around for it? I have the following configured and devices in vlan 100 can join multicast just fine. But there are other unrelated l2circuits that carry traffic for devices in other vlans and inside this l2circuit is ospf hellos that seem to be getting broken by this configuration set interfaces irb unit 100 family inet address 10.100.4.1/27 set protocols ospf area 0.0.0.1 interface irb.100 passive set protocols igmp interface irb.100 version 3 set protocols pim interface irb.100 set protocols igmp-snooping vlan vlan100 l2-querier source-address 10.100.4.1 Model: acx5048 Junos: 17.4R2-S11 -- -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] igmp snooping layer 2 querier breaks ospf in other devices
Hi Aaron, as you're using a 3,5 years old junos, is it possible to upgrade and check if the problem is fixed in a newer version? The latest is from March 2022, but I would still expect some bug fixing. Maybe there is something wrong in the programming of the hardware... Kind regards Karsten Am Donnerstag, 1. Februar 2024, 19:41:12 CET schrieb Aaron Gould via juniper- nsp: > does this help? > > ACX5048 > - port ge-0/0/4 - vlan 100 - multicast listener/client > - port ge-0/0/5 - vlan 100 - multicast listener/client > - port ge-0/0/6 - vlan 100 - multicast listener/client > - irb.100 routes that vlan - runs pim/igmp/igmp-snooping l2-querier > - xe-0/0/0 - an uplink port running pim to route ssm multicast joins to > the multicast sender > - port ge-0/0/2 is mapped to an l2circuit over mpls to some remote location > --- i don't see ge-0/0/2 related at all to the vlan 100 where i run > multicast > > -Aaron > > On 2/1/2024 8:19 AM, Andrey Kostin wrote: > > Hi Aaron, > > > > It's not clear from your explanation where l2circuits with ospf are > > connected and how they are related to this irb/vlan. > > Do you really need a querier in this case? IIRC, querier is needed > > when only hosts are present on LAN and a switch has to send igmp > > queries. In your case, you have a router with irb interface that > > should work as igmp querier by default. Not sure if it helps though. > > > > Kind regards, > > Andrey > > > > Aaron Gould via juniper-nsp писал(а) 2024-01-31 14:54: > >> I'm having an issue where igmp snooping layer 2 querier breaks ospf in > >> other devices which are in l2circuits > >> > >> Has anyone ever come across this issue, and have a work-around for it? > >> > >> I have the following configured and devices in vlan 100 can join > >> multicast just fine. But there are other unrelated l2circuits that > >> carry traffic for devices in other vlans and inside this l2circuit is > >> ospf hellos that seem to be getting broken by this configuration > >> > >> set interfaces irb unit 100 family inet address 10.100.4.1/27 > >> set protocols ospf area 0.0.0.1 interface irb.100 passive > >> set protocols igmp interface irb.100 version 3 > >> set protocols pim interface irb.100 > >> set protocols igmp-snooping vlan vlan100 l2-querier source-address > >> 10.100.4.1 > >> > >> Model: acx5048 > >> Junos: 17.4R2-S11 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] igmp snooping layer 2 querier breaks ospf in other devices
does this help? ACX5048 - port ge-0/0/4 - vlan 100 - multicast listener/client - port ge-0/0/5 - vlan 100 - multicast listener/client - port ge-0/0/6 - vlan 100 - multicast listener/client - irb.100 routes that vlan - runs pim/igmp/igmp-snooping l2-querier - xe-0/0/0 - an uplink port running pim to route ssm multicast joins to the multicast sender - port ge-0/0/2 is mapped to an l2circuit over mpls to some remote location --- i don't see ge-0/0/2 related at all to the vlan 100 where i run multicast -Aaron On 2/1/2024 8:19 AM, Andrey Kostin wrote: Hi Aaron, It's not clear from your explanation where l2circuits with ospf are connected and how they are related to this irb/vlan. Do you really need a querier in this case? IIRC, querier is needed when only hosts are present on LAN and a switch has to send igmp queries. In your case, you have a router with irb interface that should work as igmp querier by default. Not sure if it helps though. Kind regards, Andrey Aaron Gould via juniper-nsp писал(а) 2024-01-31 14:54: I'm having an issue where igmp snooping layer 2 querier breaks ospf in other devices which are in l2circuits Has anyone ever come across this issue, and have a work-around for it? I have the following configured and devices in vlan 100 can join multicast just fine. But there are other unrelated l2circuits that carry traffic for devices in other vlans and inside this l2circuit is ospf hellos that seem to be getting broken by this configuration set interfaces irb unit 100 family inet address 10.100.4.1/27 set protocols ospf area 0.0.0.1 interface irb.100 passive set protocols igmp interface irb.100 version 3 set protocols pim interface irb.100 set protocols igmp-snooping vlan vlan100 l2-querier source-address 10.100.4.1 Model: acx5048 Junos: 17.4R2-S11 -- -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] igmp snooping layer 2 querier breaks ospf in other devices
Hi Aaron, It's not clear from your explanation where l2circuits with ospf are connected and how they are related to this irb/vlan. Do you really need a querier in this case? IIRC, querier is needed when only hosts are present on LAN and a switch has to send igmp queries. In your case, you have a router with irb interface that should work as igmp querier by default. Not sure if it helps though. Kind regards, Andrey Aaron Gould via juniper-nsp писал(а) 2024-01-31 14:54: I'm having an issue where igmp snooping layer 2 querier breaks ospf in other devices which are in l2circuits Has anyone ever come across this issue, and have a work-around for it? I have the following configured and devices in vlan 100 can join multicast just fine. But there are other unrelated l2circuits that carry traffic for devices in other vlans and inside this l2circuit is ospf hellos that seem to be getting broken by this configuration set interfaces irb unit 100 family inet address 10.100.4.1/27 set protocols ospf area 0.0.0.1 interface irb.100 passive set protocols igmp interface irb.100 version 3 set protocols pim interface irb.100 set protocols igmp-snooping vlan vlan100 l2-querier source-address 10.100.4.1 Model: acx5048 Junos: 17.4R2-S11 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
