Loopback detection on Juniper QFX // Blog Notes

Juniper doesn’t have a easy loopback detection feature like Cisco.

But you can use the BPDU block feature to detect a loopback. And also we will use two versions of STP.

In this exmaple, we will use next ports:

...-0/0/[0-47] - 10G/25G edge ports (we want to detect here a loopback)
...-0/0/[48-55] - 100G uplink ports (no need here - evpn fabric)

Lets configure BPDU block feature:

set protocols layer2-control bpdu-block disable-timeout 60
wildcard range set protocols layer2-control bpdu-block interface xe-0/0/[0-47]

Next step - configure RSTP:

set protocols rstp bridge-priority 16k
set protocols rstp bpdu-block-on-edge

wildcard range set protocols rstp interface xe-0/0/[0-47] edge
wildcard range set protocols rstp interface et-0/0/[48-55] disable

And finally, configure VSTP:

I’m use VSTP for loopback detection inside vlans.

In my configuration - in the switches I have connected hypervisors. And time-to-time some people make a mistake and bridge many vlans into single bridge. This is a very bad idea. And I want to detect this situation.

(Have you seen a terrabit packet flood? I have. And it’s not fun.)

set protocols vstp bpdu-block-on-edge
set protocols vstp interface all bpdu-timeout-action block
set protocols vstp interface all bpdu-timeout-action alarm

wildcard range set protocols vstp interface xe-0/0/[0-47] edge
wildcard range set protocols vstp interface et-0/0/[48-55] disable

set protocols vstp vlan-group group services vlan 1000-3999

VSTP requires a vlan-rage. So, I’m using a vlan-group for this.