[j-nsp] Double-tagging on EX
Hi, We need to double-tag packets on an EX4200, i.e., untagged packets come in on one interface, and packets with two VLAN tags come out of another interface. So far, everything we tried has failed. Has anyone figured out how to do this? Juniper documentation is useless, as always. Thanks! Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Double-tagging on EX
Hi, Are you really wanting to double tag (like QinQ?) Yes, QinQ. What exactly are you trying to accomplish? We have a L2VPN service from an ISP. Packets come out of their NTE tagged (depending on which remote site they're from), and we'd like to tag multiple VLANs to the same site. Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Double-tagging on EX
Den 22.02.2012 14:46, skrev Alexander Frolkin:
Hi,
Are you really wanting to double tag (like QinQ?)
Yes, QinQ.
What exactly are you trying to accomplish?
We have a L2VPN service from an ISP. Packets come out of their NTE
tagged (depending on which remote site they're from), and we'd like to
tag multiple VLANs to the same site.
Maybe this could work?
interfaces {
ge-0/0/0 {
description upstream;
mtu 9192;
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/2 {
description customer;
mtu 9192;
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
}
vlans {
my-vlan {
description QinQ;
vlan-id 7;
interface {
ge-0/0/0.0;
ge-0/0/2.0;
}
dot1q-tunneling;
}
}
--
Bjørn Tore
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Double-tagging on EX
You're out of luck. There's no way I've found to come in untagged and leave double-tagged; due to the EX's inability to handle 2 label operations per port. Same reason you can't support LDP MPLS L2CKT's (double-label) Martini CCCs, but you can support RSVP MPLS (single label) Kopella CCC's on the EX. (Someone pls. correct me here if I'm wrong!) The only way is to come in untagged on ge-0/0/0, leave (single) tagged on ge-0/0/1, to a loopback/wrap-around cable connected back into ge-0/0/2 (which is now an incoming single tag), and leaving ge-0/0/3 (double tagged) by using the QinQ access-port option on ge-0/0/2 access - ge-0/0/3 trunk. Fun times. Your mileage may vary on the EX8xxx series, since I believe those devices do support 2-label operations on a port. - CK. On 2012-02-22, at 11:20 PM, Alexander Frolkin wrote: Hi, We need to double-tag packets on an EX4200, i.e., untagged packets come in on one interface, and packets with two VLAN tags come out of another interface. So far, everything we tried has failed. Has anyone figured out how to do this? Juniper documentation is useless, as always. Thanks! Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Double-tagging on EX
Since I'm running 100+ EX32/4200 with QinQ I thought I'd pitch in here... AFAIK no EX (not 82xx either) can do multiple tag operations in one operation. We use an MX for this. For this to work you need to put an extra EX between (or several loopback cables) your normal network which has one port for each remote site where you ingress single-tagged packets. Or you could use selective QinQ and decide which inner VLAN tag goes where. Not to mention that your provider need to have an MTU that accepts larger packets than standard, and in itself doesn't filter QinQ packets for some reason. --- Martin Levin IT-strategy planning Mölndals stad Från:Chris Kawchuk juniperd...@gmail.com Till:Alexander Frolkin a...@eldamar.org.uk Kopia:juniper-nsp@puck.nether.net Datum:2012-02-22 17:14 Ärende:Re: [j-nsp] Double-tagging on EX You're out of luck. There's no way I've found to come in untagged and leave double-tagged; due to the EX's inability to handle 2 label operations per port. Same reason you can't support LDP MPLS L2CKT's (double-label) Martini CCCs, but you can support RSVP MPLS (single label) Kopella CCC's on the EX. (Someone pls. correct me here if I'm wrong!) The only way is to come in untagged on ge-0/0/0, leave (single) tagged on ge-0/0/1, to a loopback/wrap-around cable connected back into ge-0/0/2 (which is now an incoming single tag), and leaving ge-0/0/3 (double tagged) by using the QinQ access-port option on ge-0/0/2 access - ge-0/0/3 trunk. Fun times. Your mileage may vary on the EX8xxx series, since I believe those devices do support 2-label operations on a port. - CK. On 2012-02-22, at 11:20 PM, Alexander Frolkin wrote: Hi, We need to double-tag packets on an EX4200, i.e., untagged packets come in on one interface, and packets with two VLAN tags come out of another interface. So far, everything we tried has failed. Has anyone figured out how to do this? Juniper documentation is useless, as always. Thanks! Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Double-tagging on EX
Like others have said, it's not going to happen on any EX switch without using loopback cables or another switch. A somewhat cheap solution is to get an Ethernet NID like an Accedian or Adva box which are pretty good at VLAN manipulation, but it's another box to manage. Phil On 2/22/12 7:20 AM, Alexander Frolkin a...@eldamar.org.uk wrote: Hi, We need to double-tag packets on an EX4200, i.e., untagged packets come in on one interface, and packets with two VLAN tags come out of another interface. So far, everything we tried has failed. Has anyone figured out how to do this? Juniper documentation is useless, as always. Thanks! Alex ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Double-tagging on EX
I have never tried this in a q-in-q application, but what if you put
native-vlan-id on the access ports...will that add the inner tag when it goes
out a trunk port? Might be worth a shot if you haven't tried it.
Kevin
On 02/22/2012 11:44 AM, Alexander Frolkin wrote:
On Wed, Feb 22, 2012 at 03:39:12PM +0100, Bjørn Tore wrote:
interfaces {
ge-0/0/0 {
description upstream;
mtu 9192;
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/2 {
description customer;
mtu 9192;
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
}
vlans {
my-vlan {
description QinQ;
vlan-id 7;
interface {
ge-0/0/0.0;
ge-0/0/2.0;
}
dot1q-tunneling;
}
}
I think this assumes that the frames arrive on ge-0/0/2 tagged. Our
frames come in to the switch untagged, this is the whole problem.
Alex
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Double-tagging on EX
On Wed, Feb 22, 2012 at 03:39:12PM +0100, Bjørn Tore wrote:
interfaces {
ge-0/0/0 {
description upstream;
mtu 9192;
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/2 {
description customer;
mtu 9192;
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
}
vlans {
my-vlan {
description QinQ;
vlan-id 7;
interface {
ge-0/0/0.0;
ge-0/0/2.0;
}
dot1q-tunneling;
}
}
I think this assumes that the frames arrive on ge-0/0/2 tagged. Our
frames come in to the switch untagged, this is the whole problem.
Alex
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Double-tagging on EX
Whoa. Good idea...! /me scurries off to the lab to try it. although I don't know if you can even say native-vlan-id on a QinQ access port (or if it assumes that everything is native anyways). Worth a shot tho - even if it is a Dodgy Hack. =) - Chris. On 2012-02-23, at 5:04 AM, Kevin Wormington wrote: I have never tried this in a q-in-q application, but what if you put native-vlan-id on the access ports...will that add the inner tag when it goes out a trunk port? Might be worth a shot if you haven't tried it. Kevin ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Double-tagging on EX
Dang.
No dice on the native-vlan-id option. Makes sense, as an access port (even
though it's for a QinQ access port) isn't expecting tagged vs untagged(native)
- It just grabs everything (tags or not)
configgy:
ge-0/0/11 {
description TEST Input of QinQ Tagging using native-vlan-id to somehow
double-tag an incoming untagged packet as S:4000 C:100;
mtu 9192;
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members 4000;
}
native-vlan-id 100;
}
}
}
ge-0/0/12 {
description TEST - DoubleTagged output of QinQ test for V4000/V100;
mtu 9192;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members 4000;
}
}
}
}
vlans {
V100 {
vlan-id 100;
}
V4000 {
vlan-id 4000;
dot1q-tunneling;
}
}
me@ex4200#commit check
[edit interfaces ge-0/0/11 unit 0 family]
'ethernet-switching'
Access interface ge-0/0/11.0 cannot have native-vlan-id
error: configuration check-out failed
show version
fpc0:
--
Model: ex4200-24t
JUNOS Base OS Software Suite [10.4R8.5]
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
