Juniper QFX5100 VLAN flood input filter doesn't work
Hello, list (again), I've been trying to use VLAN BUM traffic filter on QFX5100. The configuration on the test VLAN was quite trivial: Model: qfx5100-48s-6q Junos: 17.2R2.8 # show vlans Testvlan vlan-id 4030; forwarding-options { filter { input Testvlan-ingress; } flood { input Testvlan-flood; } } I connected two linux hosts to the test VLAN: # show interfaces ge-0/0/42 unit 0 { family ethernet-switching { vlan { members Testvlan; } } } # show interfaces ge-0/0/43 unit 0 { family ethernet-switching { vlan { members Testvlan; } } } The firewall filter wwas quite simple: # show firewall family ethernet-switching filter Testvlan-ingress term accept { then accept; } The flood input filter I was trying to use. According to the documentation, only Broadcast, Unknown unicast and Multicast (BUM) traffic goes here. The regular unicast traffic should be left intact by it. # show firewall family ethernet-switching filter Testvlan-flood term allow_arp { from { ether-type arp; } then accept; } term allow_ipv6_ns { from { destination-mac-address { 33:33:ff:00:00:00/24; } ether-type 0x86dd; } then accept; } term discard_all { then discard; } I started hosts to ping (and snif) each other.. And I saw only ARP requests/responses. "show ethernet-switching table" displayed that both hosts MAC were successfully learned, thus traffic between them should be considered as regular unicast. However, the last term in Testvlan-flood filter was blocking it. If I replace it with "accept" - traffic begins to flow. Are any Juniper QFX gurus here? I would really appreciate some advice.
participants (1)
-
Stanislaw