Hello Jonas, Could you share with us working configuration? Because when I try to stitch both units of lt- interface I got error 'encapsulation mismatch'.
Thanks! On Thu, Aug 18, 2011 at 21:26, Jonas Frey (Probe Networks) < j...@probe-networks.de> wrote: > Thanks to all who replied, i got this working the way Chris described > (via lt tunnels). > > I also tried the new iw0 interfaces as per juniper documentation but it > didnt work. Bridge-domains wont let me add a iw0.x interface to the > bridge and i was unable to find anymore information on howto correctly > configure this (probably because its pretty new). > > Best regards, > Jonas > > Am Donnerstag, den 18.08.2011, 07:37 -0500 schrieb OBrien, Will: > > To implement tagged interfaces with bridge domains, I use irb interfaces. > This is directly from my production box with a little scrubbing. > > > > xe-0/0/0 { > > description "blah uplink"; > > per-unit-scheduler; > > flexible-vlan-tagging; > > encapsulation flexible-ethernet-services; > > unit 200 { > > encapsulation vlan-bridge; > > vlan-id 200; > > } > > unit 201 { > > encapsulation vlan-bridge; > > vlan-id 201; > > } > > } > > > > irb { > > unit 200 { > > family inet { > > inactive: filter { > > input I2Inbound; > > output I2Outbound; > > } > > service { > > input { > > service-set i2-napt service-filter i2-nat-in; > > } > > output { > > service-set i2-napt service-filter i2-nat-out; > > } > > } > > address x.x.x.x/30; > > } > > } > > unit 201 { > > family inet { > > filter { > > input PolicerIn; > > output PolicerOut; > > } > > service { > > input { > > service-set i1-napt service-filter i1-nat-in; > > } > > output { > > service-set i1-napt service-filter i1-nat-out; > > } > > } > > address x.x.x.x/30; > > } > > } > > } > > > > show configuration bridge-domains > > > > vlan-200 { > > domain-type bridge; > > vlan-id 200; > > interface xe-0/0/0.200; > > routing-interface irb.200; > > } > > vlan-201 { > > domain-type bridge; > > vlan-id 201; > > interface xe-0/0/0.201; > > routing-interface irb.201; > > } > > > > > > > > On Aug 18, 2011, at 1:54 AM, Chris Kawchuk wrote: > > > > > Ahh, slightly different issue then. > > > > > > First off, once you use that flexible-ethernet-services, you should be > declaring each vlan separately and manually add them into the bridge-domain > config (i.e. bridge-domain VLAN20 interface xe-1/0/0.x). Anyways, that's not > what we're attempting to do here. =) > > > > > > What you're looking for is to stitch an l2circuit into a bridge-domain > (not pick off a VLAN off an interface and turn that into a CCC/L2circuit - > different solution). Perhaps a logical-tunnel here may help. (i.e. > lt-x/x/x.x interface). I have stitched l2circuits/ccc's into VPLS domains > before; I assume the same theory holds true. > > > > > > Have a look at using the tunnel-services on your MX DPC card. Apologies > in advance as I'm writing this in pseudo-code from memory (i.e. un-tested, > more of a general idea as to a direction to explore): > > > > > > chassis { > > > fpc 1 { > > > pic 3 { > > > tunnel-services { > > > bandwidth 1g; > > > } > > > } > > > } > > > } > > > > > > interfaces { > > > lt-1/3/10 { > > > unit 1 { > > > encapsulation vlan-ccc; > > > peer-unit 2; > > > } > > > unit 2 { > > > encapsulation vlan-bridge; > > > peer-unit 1; > > > } > > > } > > > > > > bridge-domains { > > > VL20 { > > > domain-type bridge; > > > vlan-id 20; > > > interface lt-1/3/10.2; > > > .....other access interfaces go here; > > > } > > > } > > > > > > neighbor xxx { > > > interface lt-1/3/10.1 { > > > virtual-circuit-id 20; > > > ... > > > ... > > > } > > > } > > > > > > - Chris. > > > > > > > > > On 2011-08-18, at 4:37 PM, Jonas Frey (Probe Networks) wrote: > > > > > >> Hi Chris, > > >> > > >> that does not work... > > >> > > >> edge# show interfaces xe-1/0/0 > > >> vlan-tagging; > > >> encapsulation flexible-ethernet-services; > > >> unit 0 { > > >> family bridge { > > >> interface-mode trunk; > > >> vlan-id-list [ 20 30 40 ]; > > >> } > > >> } > > >> unit 1 { > > >> encapsulation vlan-ccc; > > >> vlan-id 20; > > >> } > > >> > > >> If i do commit now, this fails as the vlan 20 is already used for the > > >> bridge on unit 0. If i remove the vlan 20 from unit 0 then the vlan is > > >> no longer member of the bridge (show bridge domain). But i need it to > be > > >> member of that bridge since that vlan goes out on other ports to local > > >> switches. > > >> > > >> > > >> edge# show bridge-domains testbridge > > >> domain-type bridge; > > >> vlan-id 20; > > >> > > >> What i need to do is to get the VLAN 20 working locally on the bridge > > >> (various ports) as well as getting it connected to a somewhat pseudo > > >> interface to attached it as a l2circuit. > > >> > > >> -- > > >> Mit freundlichen Grüßen / Best regards, > > >> Jonas Frey > > >> > > >> ---------------------------------------------------------------- > > >> Probe Networks Jonas Frey e-Mail: j...@probe-networks.de > > >> Auf Strützberg 26 D-66663 Merzig > > >> Tel: +(49) (0) 180 5959723* Fax: +(49) (0) 180 5998480* > > >> * (14 Ct./min Festnetz, Mobilfunk ggf. abweichende Preise) > > >> Internet: www.probe-networks.de Hotline: 0800 1656531 > > >> ---------------------------------------------------------------- > > >> > > >> Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder rechtlich > > >> geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind > > >> oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte > > >> sofort den Absender und vernichten Sie diese Mail. Das unerlaubte > > >> Kopieren sowie die unbefugte Weitergabe dieser Mail ist strengstens > > >> untersagt. > > >> > > >> This e-mail may contain confidential and/or privileged information. > > >> If you are not the intended recipient (or have received this e-mail in > > >> error) please notify the sender immediately and destroy this e-mail. > Any > > >> unauthorised copying, disclosure or distribution of the contents of > this > > >> e-mail is strictly prohibited. > > >> > > >> ------------------------------------------ > > >> > > >> > > >> Am Donnerstag, den 18.08.2011, 16:22 +1000 schrieb Chris Kawchuk: > > >>> You'll need to declare your xe- port with flexible-ethernet-services, > so you can do per-unit encapsulations. > > >>> > > >>> interfaces { > > >>> xe-1/0/0 { > > >>> vlan-tagging; > > >>> encapsulation flexible-ethernet-services; > > >>> unit 20 { > > >>> encapsulation vlan-ccc; > > >>> vlan-id 20; > > >>> } > > >>> unit 100 { > > >>> encapsulation vlan-bridge; > > >>> vlan-id 100; > > >>> } > > >>> } > > >>> } > > >>> > > >>> neighbor xxx { > > >>> interface xe-1/0/0.20 { > > >>> virtual-circuit-id 20; > > >>> ... > > >>> ... > > >>> } > > >>> } > > >>> > > >>> > > >>> > > >>> On 2011-08-18, at 4:03 PM, Jonas Frey (Probe Networks) wrote: > > >>> > > >>>> Hello all, > > >>>> > > >>>> i am trying to build a l2circuit on a MX. The problem is that the > vlan > > >>>> that needs to be included in the l2circuit comes via xe-1/0/0 which > is > > >>>> configured in bridge mode: > > >>>> unit 0 { > > >>>> family bridge { > > >>>> interface-mode trunk; > > >>>> vlan-id-list [ 20 30 40 ]; > > >>>> } > > >>>> > > >>>> I need to build this l2circuit with vlan 20. > > >>>> > > >>>> However when configuring the l2circuit i do not have a interface to > use > > >>>> as the bridge doesnt create any subinterface for the vlan. > > >>>> > > >>>> neighbor xxx { > > >>>> interface ??? { > > >>>> virtual-circuit-id 20; > > >>>> > > >>>> > > >>>> I cant configure any subinterface on xe-1/0/0 (like unit 1....) > because > > >>>> bridge mode prohibits that. > > >>>> > > >>>> How can i get this to work? > > >>>> > > >>>> Best regards, > > >>>> Jonas > > >>>> _______________________________________________ > > >>>> juniper-nsp mailing list juniper-nsp@puck.nether.net > > >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp > > >>> > > > > > > > > > _______________________________________________ > > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > > > _______________________________________________ > > juniper-nsp mailing list juniper-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/juniper-nsp > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- Best Regards! Ivan Ivanov _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp