Re: [j-nsp] Juniper EX/QFX vlan-id-list limitation

[Robin Williams via juniper-nsp]

--- Begin Message ---
Hi Olivier,

Thanks for the reply - it does seem rather odd that I can't do on a new high 
end EX or QFX switch, what I used to be able to do on a bottom end EX2200 with 
the dot1q-tunnelling stanza.

Regarding your workaround - were you running this config on the same physical 
interface?  As that won't commit in this scenario (as it presumably doesn't 
know which vlans to push into which outer..)

flexible-vlan-tagging;
encapsulation extended-vlan-bridge;
unit 3104 {
vlan-id-list 1-4094;
input-vlan-map push;
output-vlan-map pop;
}
unit 3107 {
vlan-id-list 1-4094;
input-vlan-map push;
output-vlan-map pop;
}

{master:0}[edit interfaces ge-0/0/1]
# commit check
[edit interfaces ge-0/0/1]
  'unit 3107'
duplicate VLAN-ID on interface
error: configuration check-out failed

Cheers,
Rob





-Original Message-
From: juniper-nsp  On Behalf Of Olivier 
Benghozi
Sent: 12 August 2020 19:12
To: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Juniper EX/QFX vlan-id-list limitation

Hi,

We miraculously found this doc before implementing such QinQ conf on EX4600 
(that are low end QFX5100).
So we didn't try to test the switch with this case, and we directly used such 
config: instead of vlan-id-list [some ids], we (nearly) always use the same one 
everywhere: vlan-id-list 2-4094. Problem fixed before it appeared.

Sometimes we use vlan-id-list 1-4094 and native-vlan 1, when some untagged 
traffic must be carried too – in this case the untagged traffic is 
double-tagged on the NNI port with dot1q tag 1 as cvlan – there's a thread 
about that in this mailing-list by the way.


> Le 12 août 2020 à 18:18, Robin Williams via juniper-nsp 
>  a écrit :
>
> Has anyone come across PR1395312 before?
>
> “On ACX/EX/QFX platforms, if VLAN ID lists are configured under a single 
> physical interface, Q-in-Q might stop working for certain VLAN ID lists”.
>
> [...]
>
> interfaces {
>xe-0/1/0 {
>flexible-vlan-tagging;
>encapsulation extended-vlan-bridge;
>unit 3104 {
>vlan-id-list [ 1102 1128 1150 1172 4000 4001 4002 4003];
>input-vlan-map push;
>output-vlan-map pop;
>}
>
> The docs page for ‘vlan-id-lists’ does mention:
> https://www.juniper.net/documentation/en_US/junos/topics/reference/con
> figuration-statement/vlan-id-list-edit-bridge-domains.html
>
> “WARNING On some EX and QFX Series switches, if VLAN identifier list 
> (vlan-id-list) is used for Q-in-Q tunnelling, you can apply no more than 
> eight VLAN identifier lists to a physical interface.”

___
juniper-nsp mailing list juniper-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/juniper-nsp


The Networking People (TNP) Limited. Registered office: Network House, Caton 
Rd, Lancaster, LA1 3PE. Registered in England & Wales with company number: 
07667393

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. If you are not the intended recipient you are 
notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.
--- End Message ---
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Juniper EX/QFX vlan-id-list limitation

[Robin Williams via juniper-nsp]

--- Begin Message ---
Hi all,

Has anyone come across PR1395312 before?

“On ACX/EX/QFX platforms, if VLAN ID lists are configured under a single 
physical interface, Q-in-Q might stop working for certain VLAN ID lists”.

Very vague.

If our testing, if we go above 7 VLANs (even if it’s within the same 
vlan-id-list) on the same port, we see the following errors in the logs and the 
switch goes haywire or stops passing traffic;

fpc0 LBCM-L2,pfe_bcm_l2_ing_vlanid_list_xlat_program(),931:ING vlan-xlat 
hw-program failed for ifl idx(563),match-vid(4002:4002), vlan-token(3), 
error(Table full)

config example;

interfaces {
xe-0/1/0 {
flexible-vlan-tagging;
encapsulation extended-vlan-bridge;
unit 3104 {
vlan-id-list [ 1102 1128 1150 1172 4000 4001 4002 4003];
input-vlan-map push;
output-vlan-map pop;
}

(so, pushing a vlan-id-list into an outer tag - a fairly standard metro 
operation)

The docs page for ‘vlan-id-lists’ does mention:
https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/vlan-id-list-edit-bridge-domains.html

“WARNING On some EX and QFX Series switches, if VLAN identifier list 
(vlan-id-list) is used for Q-in-Q tunnelling, you can apply no more than eight 
VLAN identifier lists to a physical interface.”

Again, very vague “Some switches”.   “No more than eight”. WHICH SWITCHES!

In my mind, the above configuration classes as a single vlan-id-list, but TAC 
say not - they are classing that as 8.  I can however do a range of say, 1-100 
and that does only class as a single entry, strangely.  In my mind, the wording 
of the documentation is incorrect.

TAC are saying there is no plans for a fix, so I’m assuming it’s a hardware 
limitation of the units running ELS code or trident chips (as the older EX 
platforms could cope with it fine).

Has anyone else seen this before, or come up with a workaround?  Strangely 
version 15 isn't listed on the PR, but I assume that's just a mistake (yet to 
test).

Cheers,
Robin.




The Networking People (TNP) Limited. Registered office: Network House, Caton 
Rd, Lancaster, LA1 3PE. Registered in England & Wales with company number: 
07667393

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. If you are not the intended recipient you are 
notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.
--- End Message ---
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] EX2300 Code

[Robin Williams via juniper-nsp]

--- Begin Message ---
We've been going through JTAC recommended releases for months with the 
management crash bug mentioned in this thread (PR1442376) and none of them have 
fixed it on our OOB switches (certainly NOT fixed in 18.2R3-S1.7, the previous 
recommended).

JTAC say it's finally fixed in 18.2R3-S2.9, which came out a couple of weeks 
ago and has now been updated on the JTAC recommended page.  Time will tell, as 
it can take some weeks to occur (most annoying when the switch is remote).

Cheers,
Rob



-Original Message-
From: juniper-nsp  On Behalf Of Brian 
Johnson
Sent: 12 December 2019 01:31
To: William 
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] EX2300 Code

Always use the JTAC recommends version unless you have a specific feature you 
need that is not supported in that version.

https://kb.juniper.net/InfoCenter/index?page=content=KB21476 


Thus... 15.1X53-D591 or 18.2R3-S2 should be good to go.

- Brian

> On Dec 9, 2019, at 5:15 AM, William  wrote:
>
> Hi,
>
> I am in the process of getting our first stack of EX2300s ready for
> production, can anyone recommend any specific versions of junos to run
> on them?
>
> I'm not taking advantage of any advance features, just after something
> stable :)
>
> Cheers,
>
> William
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/juniper-nsp


The Networking People (TNP) Limited. Registered office: Network House, Caton 
Rd, Lancaster, LA1 3PE. Registered in England & Wales with company number: 
07667393

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. If you are not the intended recipient you are 
notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.
--- End Message ---
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp