Mailing List Archive

Hi Aaron,

It's not clear from your explanation where l2circuits with ospf are
connected and how they are related to this irb/vlan.
Do you really need a querier in this case? IIRC, querier is needed when
only hosts are present on LAN and a switch has to send igmp queries. In
your case, you have a router with irb interface that should work as igmp
querier by default. Not sure if it helps though.

Kind regards,
Andrey

Aaron Gould via juniper-nsp ?????(?) 2024-01-31 14:54:

> I'm having an issue where igmp snooping layer 2 querier breaks ospf in
> other devices which are in l2circuits
>
> Has anyone ever come across this issue, and have a work-around for it?
>
> I have the following configured and devices in vlan 100 can join
> multicast just fine. But there are other unrelated l2circuits that
> carry traffic for devices in other vlans and inside this l2circuit is
> ospf hellos that seem to be getting broken by this configuration
>
> set interfaces irb unit 100 family inet address 10.100.4.1/27
> set protocols ospf area 0.0.0.1 interface irb.100 passive
> set protocols igmp interface irb.100 version 3
> set protocols pim interface irb.100
> set protocols igmp-snooping vlan vlan100 l2-querier source-address
> 10.100.4.1
>
> Model: acx5048
> Junos: 17.4R2-S11

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

does this help?

ACX5048
- port ge-0/0/4 - vlan 100 - multicast listener/client
- port ge-0/0/5 - vlan 100 - multicast listener/client
- port ge-0/0/6 - vlan 100 - multicast listener/client
- irb.100 routes that vlan - runs pim/igmp/igmp-snooping l2-querier
- xe-0/0/0 - an uplink port running pim to route ssm multicast joins to
the multicast sender
- port ge-0/0/2 is mapped to an l2circuit over mpls to some remote location
--- i don't see ge-0/0/2 related at all to the vlan 100 where i run
multicast

-Aaron

On 2/1/2024 8:19 AM, Andrey Kostin wrote:
> Hi Aaron,
>
> It's not clear from your explanation where l2circuits with ospf are
> connected and how they are related to this irb/vlan.
> Do you really need a querier in this case? IIRC, querier is needed
> when only hosts are present on LAN and a switch has to send igmp
> queries. In your case, you have a router with irb interface that
> should work as igmp querier by default. Not sure if it helps though.
>
> Kind regards,
> Andrey
>
> Aaron Gould via juniper-nsp ?????(?) 2024-01-31 14:54:
>
>> I'm having an issue where igmp snooping layer 2 querier breaks ospf in
>> other devices which are in l2circuits
>>
>> Has anyone ever come across this issue, and have a work-around for it?
>>
>> I have the following configured and devices in vlan 100 can join
>> multicast just fine.  But there are other unrelated l2circuits that
>> carry traffic for devices in other vlans and inside this l2circuit is
>> ospf hellos that seem to be getting broken by this configuration
>>
>> set interfaces irb unit 100 family inet address 10.100.4.1/27
>> set protocols ospf area 0.0.0.1 interface irb.100 passive
>> set protocols igmp interface irb.100 version 3
>> set protocols pim interface irb.100
>> set protocols igmp-snooping vlan vlan100 l2-querier source-address
>> 10.100.4.1
>>
>> Model: acx5048
>> Junos: 17.4R2-S11
>
--
-Aaron

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Hi Aaron,

as you're using a 3,5 years old junos, is it possible to upgrade and check if
the problem is fixed in a newer version?
The latest is from March 2022, but I would still expect some bug fixing.
Maybe there is something wrong in the programming of the hardware...

Kind regards
Karsten

Am Donnerstag, 1. Februar 2024, 19:41:12 CET schrieb Aaron Gould via juniper-
nsp:
> does this help?
>
> ACX5048
> - port ge-0/0/4 - vlan 100 - multicast listener/client
> - port ge-0/0/5 - vlan 100 - multicast listener/client
> - port ge-0/0/6 - vlan 100 - multicast listener/client
> - irb.100 routes that vlan - runs pim/igmp/igmp-snooping l2-querier
> - xe-0/0/0 - an uplink port running pim to route ssm multicast joins to
> the multicast sender
> - port ge-0/0/2 is mapped to an l2circuit over mpls to some remote location
> --- i don't see ge-0/0/2 related at all to the vlan 100 where i run
> multicast
>
> -Aaron
>
> On 2/1/2024 8:19 AM, Andrey Kostin wrote:
> > Hi Aaron,
> >
> > It's not clear from your explanation where l2circuits with ospf are
> > connected and how they are related to this irb/vlan.
> > Do you really need a querier in this case? IIRC, querier is needed
> > when only hosts are present on LAN and a switch has to send igmp
> > queries. In your case, you have a router with irb interface that
> > should work as igmp querier by default. Not sure if it helps though.
> >
> > Kind regards,
> > Andrey
> >
> > Aaron Gould via juniper-nsp ?????(?) 2024-01-31 14:54:
> >> I'm having an issue where igmp snooping layer 2 querier breaks ospf in
> >> other devices which are in l2circuits
> >>
> >> Has anyone ever come across this issue, and have a work-around for it?
> >>
> >> I have the following configured and devices in vlan 100 can join
> >> multicast just fine. But there are other unrelated l2circuits that
> >> carry traffic for devices in other vlans and inside this l2circuit is
> >> ospf hellos that seem to be getting broken by this configuration
> >>
> >> set interfaces irb unit 100 family inet address 10.100.4.1/27
> >> set protocols ospf area 0.0.0.1 interface irb.100 passive
> >> set protocols igmp interface irb.100 version 3
> >> set protocols pim interface irb.100
> >> set protocols igmp-snooping vlan vlan100 l2-querier source-address
> >> 10.100.4.1
> >>
> >> Model: acx5048
> >> Junos: 17.4R2-S11




_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

thanks and yes, working on it....

i've done my best to recreate this scenario in my lab...

21.2R3-S4.8 - in lab - problem not seen
20.2R3-S7.3 - in lab - downgraded an hour ago - problem not seen
19.2R3-S6.1 - in lab - downgrading now... will let you know... if good,
will continue
18.3R3-S6.1 - will move to this if problem not seen in 19.2
17.4R2-S11  - will move to this if problem not seen in 18.3...this 17.4
is what is in the field


-Aaron


On 2/1/2024 3:15 PM, Karsten Thomann wrote:
> Hi Aaron,
>
> as you're using a 3,5 years old junos, is it possible to upgrade and check if
> the problem is fixed in a newer version?
> The latest is from March 2022, but I would still expect some bug fixing.
> Maybe there is something wrong in the programming of the hardware...
>
> Kind regards
> Karsten
>
> Am Donnerstag, 1. Februar 2024, 19:41:12 CET schrieb Aaron Gould via juniper-
> nsp:
>> does this help?
>>
>> ACX5048
>> - port ge-0/0/4 - vlan 100 - multicast listener/client
>> - port ge-0/0/5 - vlan 100 - multicast listener/client
>> - port ge-0/0/6 - vlan 100 - multicast listener/client
>> - irb.100 routes that vlan - runs pim/igmp/igmp-snooping l2-querier
>> - xe-0/0/0 - an uplink port running pim to route ssm multicast joins to
>> the multicast sender
>> - port ge-0/0/2 is mapped to an l2circuit over mpls to some remote location
>> --- i don't see ge-0/0/2 related at all to the vlan 100 where i run
>> multicast
>>
>> -Aaron
>>
>> On 2/1/2024 8:19 AM, Andrey Kostin wrote:
>>> Hi Aaron,
>>>
>>> It's not clear from your explanation where l2circuits with ospf are
>>> connected and how they are related to this irb/vlan.
>>> Do you really need a querier in this case? IIRC, querier is needed
>>> when only hosts are present on LAN and a switch has to send igmp
>>> queries. In your case, you have a router with irb interface that
>>> should work as igmp querier by default. Not sure if it helps though.
>>>
>>> Kind regards,
>>> Andrey
>>>
>>> Aaron Gould via juniper-nsp ?????(?) 2024-01-31 14:54:
>>>> I'm having an issue where igmp snooping layer 2 querier breaks ospf in
>>>> other devices which are in l2circuits
>>>>
>>>> Has anyone ever come across this issue, and have a work-around for it?
>>>>
>>>> I have the following configured and devices in vlan 100 can join
>>>> multicast just fine. But there are other unrelated l2circuits that
>>>> carry traffic for devices in other vlans and inside this l2circuit is
>>>> ospf hellos that seem to be getting broken by this configuration
>>>>
>>>> set interfaces irb unit 100 family inet address 10.100.4.1/27
>>>> set protocols ospf area 0.0.0.1 interface irb.100 passive
>>>> set protocols igmp interface irb.100 version 3
>>>> set protocols pim interface irb.100
>>>> set protocols igmp-snooping vlan vlan100 l2-querier source-address
>>>> 10.100.4.1
>>>>
>>>> Model: acx5048
>>>> Junos: 17.4R2-S11
>
>
>
--
-Aaron

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

I tried to recreate the scenario in my lab with no success

21.2R3-S4.8 - in lab - problem not seen
20.2R3-S7.3 - in lab - problem not seen
19.2R3-S6.1 - in lab - problem not seen
18.3R3-S6.1 - in lab - problem not seen
17.4R2-S11  - in lab - problem not seen

17.4R2-S11  - in field - problem seen


again, the problem is, when i enabled this command...

set protocols igmp-snooping vlan vlan100 l2-querier source-address
10.100.4.1

...a customer riding an l2circuit on ge-0/0/2 report to me that their
multicast stops working... ospf goes down and stays in INIT...

when i remove all pim and igmp, then there OSPF neighbors up and stabilizes

i just don't know how running igmp inside vlan 100 with ports ge-0/0/4,
5 and 6 would have anything to do with an l2circuit on ge-0/0/2


-Aaron

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

When you enabled pim multicast routes are added to the pfe, this is mostly
breaking ospf over l2 ckt because these packets are mostly now matching the
default 224 routes added to pfe . Without having any show commands or
rtsockmon it’s difficult to debug anything

-Aditya
Google

On Fri, Feb 2, 2024 at 8:21?AM Aaron Gould via juniper-nsp <
juniper-nsp@puck.nether.net> wrote:

> I tried to recreate the scenario in my lab with no success
>
> 21.2R3-S4.8 - in lab - problem not seen
> 20.2R3-S7.3 - in lab - problem not seen
> 19.2R3-S6.1 - in lab - problem not seen
> 18.3R3-S6.1 - in lab - problem not seen
> 17.4R2-S11 - in lab - problem not seen
>
> 17.4R2-S11 - in field - problem seen
>
>
> again, the problem is, when i enabled this command...
>
> set protocols igmp-snooping vlan vlan100 l2-querier source-address
> 10.100.4.1
>
> ...a customer riding an l2circuit on ge-0/0/2 report to me that their
> multicast stops working... ospf goes down and stays in INIT...
>
> when i remove all pim and igmp, then there OSPF neighbors up and stabilizes
>
> i just don't know how running igmp inside vlan 100 with ports ge-0/0/4,
> 5 and 6 would have anything to do with an l2circuit on ge-0/0/2
>
>
> -Aaron
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

I thought this was asked, but don’t recall an answer, what’s the point of
turning on a querier if the switch is already a PIM router? You don’t need
an IGMP snooping querier if it’s a multicast router.


On Fri, Feb 2, 2024 at 8:21?AM Aaron Gould via juniper-nsp <
juniper-nsp@puck.nether.net> wrote:

> I tried to recreate the scenario in my lab with no success
>
> 21.2R3-S4.8 - in lab - problem not seen
> 20.2R3-S7.3 - in lab - problem not seen
> 19.2R3-S6.1 - in lab - problem not seen
> 18.3R3-S6.1 - in lab - problem not seen
> 17.4R2-S11 - in lab - problem not seen
>
> 17.4R2-S11 - in field - problem seen
>
>
> again, the problem is, when i enabled this command...
>
> set protocols igmp-snooping vlan vlan100 l2-querier source-address
> 10.100.4.1
>
> ...a customer riding an l2circuit on ge-0/0/2 report to me that their
> multicast stops working... ospf goes down and stays in INIT...
>
> when i remove all pim and igmp, then there OSPF neighbors up and stabilizes
>
> i just don't know how running igmp inside vlan 100 with ports ge-0/0/4,
> 5 and 6 would have anything to do with an l2circuit on ge-0/0/2
>
>
> -Aaron
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Thanks Aditya, here's my re-creation of this scenario in my lab... but
it works with the pim/igmp config that i have, and the ospf neighboring
over the l2circuit continues to work.  isn't ospf 224 packets "hidden"
inside encapsulation over l2circuit?  how would pfe in 5048 use 224
routes seen in inet.0 and inet.1 for l2circuits?


-Aaron


me@lab-5048-2> show route 224/8


inet.0: 846 destinations, 847 routes (846 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

224.0.0.2/32       *[PIM/0] 16:56:50
                      MultiRecv
                    [LDP/9] 16:56:47, metric 1
                      MultiRecv
224.0.0.5/32       *[OSPF/10] 16:56:52, metric 1
                      MultiRecv
224.0.0.13/32      *[PIM/0] 16:56:50
                      MultiRecv
224.0.0.22/32      *[IGMP/0] 16:55:29
                      MultiRecv

inet.1: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

224.0.0.0/24       *[Multicast/180] 16:56:46
                      MultiDiscard

me@lab-5048-2> show route table l2circuit.0

l2circuit.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

...

10.123.12.240:NoCtrlWord:5:2056:Local/96
                   *[L2CKT/7] 16:55:35, metric2 2
                    > to 10.123.14.9 via xe-0/0/0.0, Push 64741

10.123.12.240:NoCtrlWord:5:2056:Remote/96
                   *[LDP/9] 16:55:35
                      Discard







On 2/2/2024 10:25 AM, Aditya Mahale wrote:
> When you enabled pim multicast routes are added to the pfe, this is
> mostly breaking ospf over l2 ckt because these packets are mostly now
> matching the default 224 routes added to pfe . Without having any show
> commands or rtsockmon it’s difficult to debug anything
>
> -Aditya
> Google
>
> On Fri, Feb 2, 2024 at 8:21?AM Aaron Gould via juniper-nsp
> <juniper-nsp@puck.nether.net> wrote:
>
> I tried to recreate the scenario in my lab with no success
>
> 21.2R3-S4.8 - in lab - problem not seen
> 20.2R3-S7.3 - in lab - problem not seen
> 19.2R3-S6.1 - in lab - problem not seen
> 18.3R3-S6.1 - in lab - problem not seen
> 17.4R2-S11  - in lab - problem not seen
>
> 17.4R2-S11  - in field - problem seen
>
>
> again, the problem is, when i enabled this command...
>
> set protocols igmp-snooping vlan vlan100 l2-querier source-address
> 10.100.4.1
>
> ...a customer riding an l2circuit on ge-0/0/2 report to me that their
> multicast stops working... ospf goes down and stays in INIT...
>
> when i remove all pim and igmp, then there OSPF neighbors up and
> stabilizes
>
> i just don't know how running igmp inside vlan 100 with ports
> ge-0/0/4,
> 5 and 6 would have anything to do with an l2circuit on ge-0/0/2
>
>
> -Aaron
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
-Aaron
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

thanks for this... i think i misunderstood the use of l2-querier from a
previous project i worked on, and put it here where i really didn't need
it.  moving forward i will only use igmp snooping in the vlan, and not
the l2-querier option.  but with all that said, i still don't understand
why ospf inside an l2circuit is affected by my pim/igmp configs ...
furthermore, why it breaks in the field and works in the lab


-Aaron


On 2/2/2024 10:32 AM, Crist Clark wrote:
> I thought this was asked, but don’t recall an answer, what’s the point
> of turning on a querier if the switch is already a PIM router? You
> don’t need an IGMP snooping querier if it’s a multicast router.
>
>
> On Fri, Feb 2, 2024 at 8:21?AM Aaron Gould via juniper-nsp
> <juniper-nsp@puck.nether.net> wrote:
>
> I tried to recreate the scenario in my lab with no success
>
> 21.2R3-S4.8 - in lab - problem not seen
> 20.2R3-S7.3 - in lab - problem not seen
> 19.2R3-S6.1 - in lab - problem not seen
> 18.3R3-S6.1 - in lab - problem not seen
> 17.4R2-S11  - in lab - problem not seen
>
> 17.4R2-S11  - in field - problem seen
>
>
> again, the problem is, when i enabled this command...
>
> set protocols igmp-snooping vlan vlan100 l2-querier source-address
> 10.100.4.1
>
> ...a customer riding an l2circuit on ge-0/0/2 report to me that their
> multicast stops working... ospf goes down and stays in INIT...
>
> when i remove all pim and igmp, then there OSPF neighbors up and
> stabilizes
>
> i just don't know how running igmp inside vlan 100 with ports
> ge-0/0/4,
> 5 and 6 would have anything to do with an l2circuit on ge-0/0/2
>
>
> -Aaron
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
-Aaron
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Hi Aaron,
 since ACX series  is based on Broadcom PFE , and based on your description of the issue..


So, in your lab , please try with exact same configuration as in your production device ..Especially ,Pls use the firewall filters configured in the production device and your lab device and make it same   (loopback filters ) .
-thanks, Nebu, 

On Friday, 2 February, 2024 at 11:00:40 pm IST, Aaron Gould via juniper-nsp <juniper-nsp@puck.nether.net> wrote:

thanks for this... i think i misunderstood the use of l2-querier from a
previous project i worked on, and put it here where i really didn't need
it.  moving forward i will only use igmp snooping in the vlan, and not
the l2-querier option.  but with all that said, i still don't understand
why ospf inside an l2circuit is affected by my pim/igmp configs ...
furthermore, why it breaks in the field and works in the lab


-Aaron


On 2/2/2024 10:32 AM, Crist Clark wrote:
> I thought this was asked, but don’t recall an answer, what’s the point
> of turning on a querier if the switch is already a PIM router? You
> don’t need an IGMP snooping querier if it’s a multicast router.
>
>
> On Fri, Feb 2, 2024 at 8:21?AM Aaron Gould via juniper-nsp
> <juniper-nsp@puck.nether.net> wrote:
>
>    I tried to recreate the scenario in my lab with no success
>
>    21.2R3-S4.8 - in lab - problem not seen
>    20.2R3-S7.3 - in lab - problem not seen
>    19.2R3-S6.1 - in lab - problem not seen
>    18.3R3-S6.1 - in lab - problem not seen
>    17.4R2-S11  - in lab - problem not seen
>
>    17.4R2-S11  - in field - problem seen
>
>
>    again, the problem is, when i enabled this command...
>
>    set protocols igmp-snooping vlan vlan100 l2-querier source-address
>    10.100.4.1
>
>    ...a customer riding an l2circuit on ge-0/0/2 report to me that their
>    multicast stops working... ospf goes down and stays in INIT...
>
>    when i remove all pim and igmp, then there OSPF neighbors up and
>    stabilizes
>
>    i just don't know how running igmp inside vlan 100 with ports
>    ge-0/0/4,
>    5 and 6 would have anything to do with an l2circuit on ge-0/0/2
>
>
>    -Aaron
>
>    _______________________________________________
>    juniper-nsp mailing list juniper-nsp@puck.nether.net
>    https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
-Aaron
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

At this point I opted for a different design.  I no longer have the
mcast clients gathered into a vlan, which requires igmp snooping.  I
changed the mcast client ports to be L3.  I just assign a /30 to each
mcast client interface on the ACX5048. This way there is no need for
igmp snooping.  A bit more up-front administration of ip subnets, but
it's ok, and it's RFC 1918 so I have plenty.

JTAC didn't find anything in the rsi and logs to be able to determine a
problem, and also told me my Junos is EoL... of course it is. I'll be
upgrading soon.... right around the time I implement IPv6.  lol

thanks y'all

-Aaron

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp