I'm using Q-in-Q as a tap aggregation function. Port mirrors and/or optical taps from other devices are connected to QFX5100 ports which encapsulate the foreign traffic with Q-in-Q, then flood the traffic to all ports in the same outer VLAN. Analyzers are connected to the output ports. It may be that L2 protocols like PVST+ are not passing through, but that doesn't matter much for my use case:
set interfaces xe-0/0/0 description "MIRROR1 INPUT from device foo" set interfaces xe-0/0/0 flexible-vlan-tagging set interfaces xe-0/0/0 native-vlan-id 2 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 encapsulation extended-vlan-bridge set interfaces xe-0/0/0 unit 2 vlan-id-list 1-4094 set interfaces xe-0/0/0 unit 2 input-vlan-map push set interfaces xe-0/0/0 unit 2 input-vlan-map vlan-id 2 set interfaces xe-0/0/0 unit 2 output-vlan-map pop set interfaces xe-0/0/0 unit 2 family ethernet-switching filter output DISCARD set interfaces xe-0/0/24 description "MIRROR1 OUTPUT to analyzer bar" set interfaces xe-0/0/24 flexible-vlan-tagging set interfaces xe-0/0/24 mtu 9216 set interfaces xe-0/0/24 encapsulation extended-vlan-bridge set interfaces xe-0/0/24 unit 2 vlan-id-list 1-4094 set interfaces xe-0/0/24 unit 2 input-vlan-map push set interfaces xe-0/0/24 unit 2 input-vlan-map vlan-id 2 set interfaces xe-0/0/24 unit 2 output-vlan-map pop set interfaces xe-0/0/24 unit 2 family ethernet-switching filter input DISCARD set vlans MIRROR1 interface xe-0/0/0.2 set vlans MIRROR1 interface xe-0/0/24.2 set vlans MIRROR1 switch-options no-mac-learning On Sat, Mar 25, 2017 at 12:22:40AM +0000, Alexandre Guimaraes wrote: > Chuck, > > > Could you please share portion of your QinQ configuration? In my tests, > facing customer side, used: > > set vlans S-VLAN-200 vlan-id 200 > set vlans S-VLAN-200 interface ge-0/0/14.200 > > set interfaces ge-0/0/14 flexible-vlan-tagging > set interfaces ge-0/0/14 native-vlan-id 200 > set interfaces ge-0/0/14 mtu 6000 > set interfaces ge-0/0/14 encapsulation extended-vlan-bridge > set interfaces ge-0/0/14 unit 200 vlan-id-list 10-30 > set interfaces ge-0/0/14 unit 200 input-vlan-map push > set interfaces ge-0/0/14 unit 200 output-vlan-map pop > > > Even you can encapsulates customer vlan inside a service vlan, all layer 2 > protocols will not pass. > > > > ________________________________________ > De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Chuck > Anderson [c...@wpi.edu] > Enviado: sexta-feira, 24 de março de 2017 18:33 > Para: juniper-nsp@puck.nether.net > Assunto: Re: [j-nsp] RES: QFX 5100 and Q-in-Q > > I had to load 14.1X53-D40 to have a basic working Q-in-Q config. D35 > was broken in some fundamental way. > > On Fri, Mar 24, 2017 at 04:31:56PM +0000, Alexandre Guimaraes wrote: > > Alain, > > > > As far i know, QinQ - L2TP does not work at QFX5100. > > > > Att., > > Alexandre > > > > ________________________________________ > > De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Alain > > Hebert [aheb...@pubnix.net] > > Enviado: sexta-feira, 24 de março de 2017 13:07 > > Para: juniper-nsp@puck.nether.net > > Assunto: [j-nsp] QFX 5100 and Q-in-Q > > > > Well, > > > > We're having all sort of massive failure making Q-in-Q works in our > > QFX5100 in standard and VCF mode... and that with 14.x, 15x, 16.x, 17.x > > > > Such a simple thing should not take 1 week of back & forth with JTAC. > > > > Anyone have some experience to share on that subject? > > > > Thank. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
