QinQ and L2PT on Junos ELS
I recently had to test QinQ on EX4600 along with Layer 2 Protocol Tunneling for Spanning Tree Protocol.
LE: L2PT is supported on EX4600 starting with 17.4R1.
Q-in-Q tunneling and VLAN translation allow service providers to create a Layer 2 Ethernet connection between two customer sites.
Q-in-Q tunneling is useful when customers have overlapping VLAN IDs because customers’ VLAN (C-VLAN) tags are prepended by the service-provider VLAN (S-VLAN) tag, which allows you to preserve each customers’ VLAN IDs without conflict.
Layer 2 protocol tunneling allows Layer 2 protocol data units (PDUs) to be tunneled through a network. The Layer 2 protocols can be Spanning Tree, CDP or VTP.
I’m not going to enter the details of what happens behind the scenes and how the QinQ and L2PT work.
I will provide a working configuration for QinQ and L2PT on EX4600(that is running ELS).
This is our topology:
The customer VLANs are from 100 to 200 and the service provider will use VLAN 10 as service VLAN.
For testing purposes, I configured VLAN 120 on CE devices(which is in the range 100 – 200) and configured an IRB on each one of them so I can test the connectivity inside VLAN 120 between the two CE devices.
The configurations of the PE and CE devices are done in mirror and they are almost identical.
This is the configuration of the PE towards CE:
{master:0}[edit] lab@PE1_EX4600# show interfaces ge-0/0/9 show interfaces ge-0/0/9 flexible-vlan-tagging; native-vlan-id 150; encapsulation extended-vlan-bridge; unit 10 { vlan-id-list 100-200; input-vlan-map push; output-vlan-map pop; } {master:0}[edit] lab@PE1_EX4600#
This is the configuration of the link between the two PEs:
{master:0}[edit] lab@PE1_EX4600# show interfaces ae0 flexible-vlan-tagging; mtu 9000; encapsulation extended-vlan-bridge; aggregated-ether-options { lacp { active; } } unit 10 { vlan-id 10; } {master:0}[edit] lab@PE1_EX4600#
And this is the configuration of the two child links that form the inter-PE link:
{master:0}[edit] lab@PE1_EX4600# show interfaces xe-0/0/0 ether-options { ethernet-switch-profile { tag-protocol-id 0x88a8; } 802.3ad ae0; } {master:0}[edit] lab@PE1_EX4600# show interfaces xe-0/0/2 ether-options { ethernet-switch-profile { tag-protocol-id 0x88a8; } 802.3ad ae0; } {master:0}[edit] lab@PE1_EX4600#
You need the “tag-protocol-id 0x88a8” so that the switch knows about the existence of the inner C-TAG that used the TPID of 0x8100.
As mentioned, for testing purposes, I configured one VLAN for which I configured an IRB on each CE. This is for CE1:
{master:0}[edit] root@CE1# show interfaces ge-0/0/2 unit 0 { family ethernet-switching { interface-mode trunk; vlan { members vlan-120; } storm-control default; } } {master:0}[edit] root@CE1# show vlans vlan-120 { vlan-id 120; l3-interface irb.120; } {master:0}[edit] root@CE1# show interfaces irb.120 family inet { address 120.0.0.1/24; } {master:0}[edit] root@CE1#
These are the MAC addresses allocated to the IRBs:
{master:0}[edit] root@CE1# run show interfaces irb | match "Current address" Current address: 64:64:9b:21:9d:41, Hardware address: 64:64:9b:21:9d:41 {master:0}[edit] root@CE1# {master:0}[edit] root@CE2# run show interfaces irb | match "Current address" Current address: 4c:96:14:e9:12:a1, Hardware address: 4c:96:14:e9:12:a1 {master:0}[edit] root@CE2#
If we are testing the connectivity between the CE devices:
{master:0}[edit]
root@CE1# run ping 120.0.0.2 source 120.0.0.1
PING 120.0.0.2 (120.0.0.2): 56 data bytes
64 bytes from 120.0.0.2: icmp_seq=0 ttl=64 time=2.549 ms
64 bytes from 120.0.0.2: icmp_seq=1 ttl=64 time=3.117 ms
^C
--- 120.0.0.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.549/2.833/3.117/0.284 ms
{master:0}[edit]
root@CE1#
On PE device, we are learning two MAC addresses in SVLAN:
{master:0}[edit] lab@PE1_EX4600# run show ethernet-switching table MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC) Ethernet switching table : 2 entries, 2 learned Routing instance : default-switch Vlan MAC MAC Age Logical name address flags interface v10 4c:96:14:e9:12:a1 D - ae0.10 v10 64:64:9b:21:9d:41 D - ge-0/0/9.10 {master:0}[edit] lab@PE1_EX4600#
Regarding the L2PT configuration, this is what you need to configure so that STP can be transparently transported between the two CE devices:
{master:0}[edit] labroot@PE1_EX4600# show protocols layer2-control mac-rewrite { interface ge-0/0/9 { protocol { stp; } } } {master:0}[edit] labroot@PE1_EX4600#
However, at this time, the L2PT feature is not supported on EX4600, but it can work on other ELS platforms.
I hope you found this post informative and this is how you can configure QinQ and L2PT on ELS based Juniper platforms.
Paris ARAU
Latest posts by Paris ARAU (see all)
- Junos Fusion – Part IV – Satellite policies and uplink failure detection - 30 July 2018
- Junos Fusion – Part III – Satellite commands and traffic forwarding - 16 July 2018
- Junos Fusion – Part II – Configuration, Administration and Operation - 16 July 2018
- Junos Fusion – Part I – Overview, Components, Ports and Software - 11 July 2018
- Vagrant – Part IV – Network topology using Juniper and Cumulus - 26 April 2018
[…] that in the QinQ and L2PT on Junos ELS post we discussed how to configure QinQ and L2PT on EX4600 and how we saw that actually L2PT is not […]