QinQ and L2PT on Junos ELS

I recently had to test QinQ on EX4600 along with Layer 2 Protocol Tunneling for Spanning Tree Protocol.

LE: L2PT is supported on EX4600 starting with 17.4R1.

Q-in-Q tunneling and VLAN translation allow service providers to create a Layer 2 Ethernet connection between two customer sites.

Q-in-Q tunneling is useful when customers have overlapping VLAN IDs because customers’ VLAN (C-VLAN) tags are prepended by the service-provider VLAN (S-VLAN) tag, which allows you to preserve each customers’ VLAN IDs without conflict.

Layer 2 protocol tunneling allows Layer 2 protocol data units (PDUs) to be tunneled through a network. The Layer 2 protocols can be Spanning Tree, CDP or VTP.

I’m not going to enter the details of what happens behind the scenes and how the QinQ and L2PT work.

I will provide a working configuration for QinQ and L2PT on EX4600(that is running ELS).

This is our topology:

 

qinq-els-1

 

The customer VLANs are from 100 to 200 and the service provider will use VLAN 10 as service VLAN.

For testing purposes, I configured VLAN 120 on CE devices(which is in the range 100 – 200) and configured an IRB on each one of them so I can test the connectivity inside VLAN 120 between the two CE devices.

The configurations of the PE and CE devices are done in mirror and they are almost identical.

This is the configuration of the PE towards CE:

 

{master:0}[edit]
lab@PE1_EX4600# show interfaces ge-0/0/9
show interfaces ge-0/0/9
flexible-vlan-tagging;
native-vlan-id 150;
encapsulation extended-vlan-bridge;
unit 10 {
    vlan-id-list 100-200;
    input-vlan-map push;
    output-vlan-map pop;
}

{master:0}[edit]
lab@PE1_EX4600#

 

This is the configuration of the link between the two PEs:

 

{master:0}[edit]
lab@PE1_EX4600# show interfaces ae0
flexible-vlan-tagging;
mtu 9000;
encapsulation extended-vlan-bridge;
aggregated-ether-options {
    lacp {
        active;
    }
}
unit 10 {
    vlan-id 10;
}

{master:0}[edit]
lab@PE1_EX4600#

 

And this is the configuration of the two child links that form the inter-PE link:

 

{master:0}[edit]
lab@PE1_EX4600# show interfaces xe-0/0/0
ether-options {
    ethernet-switch-profile {
        tag-protocol-id 0x88a8;
    }
    802.3ad ae0;
}

{master:0}[edit]
lab@PE1_EX4600# show interfaces xe-0/0/2
ether-options {
    ethernet-switch-profile {
        tag-protocol-id 0x88a8;
    }
    802.3ad ae0;
}

{master:0}[edit]
lab@PE1_EX4600#

 

You need the “tag-protocol-id 0x88a8” so that the switch knows about the existence of the inner C-TAG that used the TPID of 0x8100.

As mentioned, for testing purposes, I configured one VLAN for which I configured an IRB on each CE. This is for CE1:

 

{master:0}[edit]
root@CE1# show interfaces ge-0/0/2
unit 0 {
    family ethernet-switching {
        interface-mode trunk;
        vlan {
            members vlan-120;
        }
        storm-control default;
    }
}

{master:0}[edit]
root@CE1# show vlans
vlan-120 {
    vlan-id 120;
    l3-interface irb.120;
}

{master:0}[edit]
root@CE1# show interfaces irb.120
family inet {
    address 120.0.0.1/24;
}

{master:0}[edit]
root@CE1#

 

These are the MAC addresses allocated to the IRBs:

 

{master:0}[edit]
root@CE1# run show interfaces irb | match "Current address"
  Current address: 64:64:9b:21:9d:41, Hardware address: 64:64:9b:21:9d:41

{master:0}[edit]
root@CE1#


{master:0}[edit]
root@CE2# run show interfaces irb | match "Current address"
  Current address: 4c:96:14:e9:12:a1, Hardware address: 4c:96:14:e9:12:a1

{master:0}[edit]
root@CE2#

 

If we are testing the connectivity between the CE devices:

 

{master:0}[edit]
root@CE1# run ping 120.0.0.2 source 120.0.0.1
PING 120.0.0.2 (120.0.0.2): 56 data bytes
64 bytes from 120.0.0.2: icmp_seq=0 ttl=64 time=2.549 ms
64 bytes from 120.0.0.2: icmp_seq=1 ttl=64 time=3.117 ms
^C
--- 120.0.0.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.549/2.833/3.117/0.284 ms

{master:0}[edit]
root@CE1#

 

On PE device, we are learning two MAC addresses in SVLAN:

 

{master:0}[edit]
lab@PE1_EX4600# run show ethernet-switching table

MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static
           SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)


Ethernet switching table : 2 entries, 2 learned
Routing instance : default-switch
    Vlan                MAC                 MAC         Age    Logical
    name                address             flags              interface
    v10                 4c:96:14:e9:12:a1   D             -   ae0.10
    v10                 64:64:9b:21:9d:41   D             -   ge-0/0/9.10

{master:0}[edit]
lab@PE1_EX4600#

 

Regarding the L2PT configuration, this is what you need to configure so that STP can be transparently transported between the two CE devices:

 

{master:0}[edit]
labroot@PE1_EX4600# show protocols layer2-control
mac-rewrite {
    interface ge-0/0/9 {
        protocol {
            stp;
        }
    }
}

{master:0}[edit]
labroot@PE1_EX4600#

 

However, at this time, the L2PT feature is not supported on EX4600, but it can work on other ELS platforms.

I hope you found this post informative and this is how you can configure QinQ and L2PT on ELS based Juniper platforms.

 

The following two tabs change content below.

Paris ARAU

Paris ARAU is a networking professional with strong background on routing and switching technologies. He is a holder of CCIE R&S and dual JNCIE(SP and ENT). The day to day work allows him to dive deeply in networking technologies. Part of the continuously training, he is focusing on Software Defined Network and cloud computing.

Comments

This post currently has one response

Leave a Reply

Your email address will not be published. Required fields are marked *

Sidebar



%d bloggers like this: