Posts tagged switching

networking: cut through vs. store and forward

posted on 2015-12-12 15:11:35

There are mainly two methods in how switches operate.

Either wait for a full ethernet frame to arrive, do checksumming (and dismiss the frame if it is borked) and then do the forwarding (or other decisions, depending on the switch's functions and configuration), which is called store & forward (duh).

Or just wait for like the first six bytes (in the past, at least) to arrive, to know where to pass the frame on to, without bothering to check the rest. Which is called cut through.

A lot of the functionalities of managed switches (ACL's, dynamic routes, policy-based routing, QoS) are not possible with that technique. Of course, broken frames could be sent on their way, too, when that is the switching method is the used one in your switch, but it is sure faster and provides higher throughput.

Lately i.e. Cisco use an evolved version of cut through, which waits for enough bytes (14 bytes without a 802.1Q / VLAN tag, 18 with one VLAN tag, 22 with double VLAN tagging, ...) so the EtherType of the frame can be discerned without doubt. So if a switch comes with specialized IP functions, and the EtherType identicates an encapsulated IP packet, the switch can keep on reading the frame's IP information and apply its logic and configuration. Whereas if the frame did not encapsulate IP traffic, the packet would then just be forwarded.

Some info on this stuff can be found here.

Juniper: bonding / LACP switchconfig

posted on 2015-12-01 08:28:56

This is a rough copy-paste howto, after having accessed the switch and having changed into configure mode via edit:

activate LACP

set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast

create the virtual bonding interface aeX

set interfaces ae1 unit 0 description <SERVER-NAME>
set interfaces ae1 unit 0 family ethernet-switching vlan members <VLAN-NAME>

unset via delete first, else just map physical nic to virtual interface

# for port 14 / 15
set interfaces ge-0/0/14 ether-options 802.3ad ae1
set interfaces ge-0/0/15 ether-options 802.3ad ae1

This assumes that the only existing ae / "aggregated ethernet" interface was ae0 prior. Thus ae1 was chosen.

amount of aggregated devices

Check how many are already configured:

admin@switch-01# show chassis 
aggregated-devices {
    ethernet {
        device-count 1;
alarm {
    management-ethernet {
        link-down ignore;


There you can see that only one ae interface existed prior.

Increase this counter:

set chassis aggregated-devices ethernet device-count 2

This should be everything, commit and-quit and your config is live.

Don't forget to put the VLAN onto your uplink (ae0?) interface, too, so it can get handed to your core.

Configuring vlan ports on a juniper EX 2200 switch via SSH

posted on 2014-05-05 18:38:13

This will serve as a quick reminder since I don't do that too often.


Over a physical NIC there can run an arbitrary amount of VLAN's. Only requirements are the switch port and your NIC being attached to it being able running VLAN's, and being properly configured. Else only one VLAN can run at once on one port.

Trunking is the possibility to 'tag' packets. If this cannot be done (switch just has not got the functionality), you need a dedicated cable running from switch to switch for EACH VLAN. Via trunk mode the switching cannot be done on just port level, but even across switches, utilizing only a single interconnect.

switchport schemata and config access

ge-X/Y/ZZ.A is a dummy for the following:

X   = the switch number
Y   = backplane number
ZZ  = port number
A   = Unit

Switch number (X) is clear, backplane number (Y) not so. Sometimes you came across switches that are extendable. I.e., you can insert a second panel with a second set of ports into the existing switch. Port number (ZZ) should be clear again. A Unit (A) is a logical NIC. This is needed for layer-3-switching.

If a VLAN is created which spans several subnets, the port has to have logical adresses in both subnets. These are differentiated via the Unit. I.e. the first IP from the first subnet gets Unit '0', the second IP from the second subnet gets '1'... You get the idea. More on this here.


Here all that is ever done happens on layer 2. No layer-3-switching/routing is done, which is why setup is simpler and only Unit 0 is put to use.

After ssh'ing onto the machine with user 'admin', these are your first helpers:

> ?
> help
> help ?

Whenever you do not know what to do, use ?, or append a ? to the line you are typing currently.

> show vlans
> show interfaces
> show interfaces terse
> show interfaces | display set
> show interfaces ge-X/Y/ZZ
> show interfaces ge-X/Y/ZZ.A
> show interfaces ge-X/Y/ZZ terse
> show interfaces ge-X/Y/ZZ unit A family ethernet-switching vlan members 
> show interfaces ge-X/Y/ZZ unit A | display set
> show chassis

From edit / configure` mode:

> run show interfaces descriptions

Some of these commands can be run in regular (non-edit) mode only, some only in edit mode. To get around this restriction, prefix the command in question with run or set, IIRC.

Show who else is editing what and where:

> status

Then the modes for making changes:

> configure
> edit

> configure exclusive
> edit exclusive

Change to the proper position of the directory tree:

> edit interfaces ge-X/Y/ZZ unit A family ethernet-switching
> up
> top

In general, you can hop around the data tree via edit <path>. This serves readability and will save you quite some typing.

Making changes:

> set port-mode 
> set vlan members 
> delete port-mode

Otherwise, you can use the output of show interfaces | display set directly via copy/paste, if changed accordingly. This is also rather helpful, once you got used to it.


> quit

If you want to throwaway your changes prior to committing:

> rollback

This will load the last committed configuration and clear all pending commits.

Check if your changes worked, and apply them:

> show | compare
> commit check
> commit
> commit at
> commit and-quit

That should be about it.

copying setting


show interfaces | display set

And just copy paste the shown configuration lines.


show log ?
show log <logname>

temperature and load

show chassis routing-engine 


By the way, backspace works.
Delete will not, but CTRL-D will.
CTRL-C will not, but CTRL-U and CTRL-K will.


If you really desire a shell: start shell
And you will get into a cozy... /usr/sbin/cli?

sh and (t)csh are also available.

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apache2.4, apachebench, apple, applet, arcconf, arch, architecture, areca, arping, asa, asdm, autoconf, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blockdev, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, configuration management, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fdisk, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, global, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pct, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plasma, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pveam, pvecm, pvesm, pvresize, python, python3, qemu, qemu-img, qm, qmrestore, quicklisp, quickshare, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, ubuntu16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x11vnc, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

Unless otherwise credited all material Creative Commons License by sjas