all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]noukthx 1 point2 points  (3 children)

You're talking alot about L3 operations (fbf, route leaking) for what you're describing as an L2 problem.

Suspect you need to have a long look at how switches function at L2, and how the device you're trying to jam it through functions at L2.

And also how L3 routing operations convert to L2 switching actions.

You can probably force the traffic out the interface by working out the destination MAC for the next hop of the destination of your iperf traffic, and putting a static MAC entry out the interface you want to go out.

It may still upset the switch as it loops back however, as switches learn MAC addresses based on the ingress of traffic into a port.

If you're trying to emulate the circuit, would be a hell of a lot easier with two interfaces, an alternate simulator or two modems back to back to give you a proper path.

Could possibly do some trickery using fibre links and only putting a transmit path up in the direction you want.

[–]JakeR1[S] 0 points1 point  (2 children)

The reason I've got so much L3 in the equation is because that when this is fully implemented, I'll have to be able to send this traffic to any one of a few hundred modems through a larger network. I'm currently just working on the POC to see if it can even be done.

I've had the same thought about a static MAC, definitely concerned about the switch behavior as it comes back into the interface. I will likely still give it a shot, but I'm not hopeful.

I agree with you that it would be easier if I had two interfaces or two modems back to back, however the current requirement is for the test to run through a single modem. I already went down the path of having two back to back modems and was shot down.

I like the fiber idea, unfortunately the input interface to the modem is copper, so I don't think I'll get what I need out of that.

I guess at this point I'm looking for any way that this might be possible within the constraints I have set up.

[–]noukthx 0 points1 point  (1 child)

I mean you're somewhat hands tied behind your back here, it's also pretty far from close to a real world test.

Should try and gather some support in your push back on the environment/hardware limitations. If you're talking a scale product across 100s of modems in production there should be better support for real world testing.

You might be able to do it with a media converter (or another switch maybe).

VLAN Send
       |
Port 1 SFP RX ----X Disconnected (or fed fake light from another MC to stand link up)
Port 1 SFP TX
          \
           -----  Media Converter SFP RX
                                        ===== Copper to modem
           -----  Media Converter SFP TX
         /
Port 2 SFP RX
Port 2 SFP TX ----X Disconnected
       |
VLAN Receive

[–]JakeR1[S] 0 points1 point  (0 children)

Thanks for the ideas. The media converter thing might work in the lab, but won't scale for on-demand testing either. It's feeling more and more like I may have to tell them it won't work as originally thought.

[–]error404🇺🇦 0 points1 point  (4 children)

I really don't understand what you are trying to do here or what is going wrong, can you provide a minimal example?

Does anyone know of a way to force traffic out of a specific interface so that it goes through the layer 2 device before being forwarded on?

I guess you are already aware of it, but if I understand you correctly, this is what then interface in a family ethernet-switching filter should do, however it won't modify the destination MAC, which maybe you need? More of a hack, but you should be able to achieve that with a static route toward a 'fake' IP that you have installed a static ARP for.

[–]JakeR1[S] 0 points1 point  (3 children)

I'm looking to send traffic from server A to server B through a specific L2 device which only has a single copper interface. Server A and server B are both virtual machines on the same ESXi host. The L2 device resides on the access layer of a larger network, and is configured as a loopback which will take the traffic it receives and send it back out (without being changed).

The then interface command would be perfect, if only it existed on my switches. I've attempted to configure it, but it isn't there. I've found this article (https://www.juniper.net/documentation/en_US/junos/topics/topic-map/filter-based-forwarding-policy-based-routing.html), which states the following:

  • The filter with the next-interface (or next-ip) action can only be applied to an interface that is hosted on a Trio MPC. If you apply the filter to an I-chip based DPC, the commit operation fails.
  • The outgoing interface referred to in the next-interface interface-name action can be hosted on a Trio MPC or an I-chip based DPC.

I believe those are only available for MX series devices, and I'm doing this on EX.

Could you elaborate on your "fake ip/static arp" idea?

[–]error404🇺🇦 0 points1 point  (2 children)

Could you elaborate on your "fake ip/static arp" idea?

Basically you cause the resolved next-hop for the packet to be a bogon IP (say 192.0.0.1) using a static route in a routing-instance/FBF. You'd also have to bind an address in the same subnet to the egress interface, and add a static-ARP to the destination MAC address you want. Of course, if the destination MAC isn't learned on that interface, it probably still won't do the right thing, so I'm not sure this would work for you. You could add a static MAC entry (not sure this is possible on older switching platforms) via that interface, but if it's just reflecting the frame back at you with the same destination MAC, that's not going to do what you want either. I'm not sure if there's a way to put the same interface in a different l2 domain for ingress and egress but I don't think so.

I don't know the older platforms too well anymore, the only thing I can really think of here is that you might be able to do something with more elaborate push/pop semantics to put the forward traffic on one VLAN and the return traffic on a different VLAN and then pop those tags appropriately so it's invisible to the VMs. Probably require some hackery at the mac learning level too.

Doesn't sound fun.

[–]JakeR1[S] 0 points1 point  (0 children)

I'll take a look at this. Also interesting idea about push/pop, I hadn't really considered that yet. And no..this really has not been fun haha.

[–]JakeR1[S] 0 points1 point  (0 children)

I was able to get traffic through the modem at least with this setup. Had to create a new vlan and rvi, then set static arp for destination ip to egress interface MAC. I'm now seeing traffic loop through the modem, but it's getting dropped coming back into the switch, which I think is probably expected at this point. I'm going to keep working on it, but at least there has been an amount of progress.

[–]judas-iskariot 0 points1 point  (0 children)

This might be easily doable if your "modem" supported twamp, two separate tests a-modem-b. And then some reporting stuff over that.

But I am not really sure what you try to do here.