Re: [j-nsp] RES: RES: QFX 5100 and Q-in-Q
Chuck, The way that are you doing works well (I call it as dot1q tagging services), The way that I need to use, L2TP doesn't works. (QinQ services) Due the limited "QinQ", I need to keep CPE at customers to deal with QinQ/L2TP services. Att. AŁexandre De: Chuck Anderson Enviado: sábado, 25 de março 09:28 Assunto: Re: [j-nsp] RES: RES: QFX 5100 and Q-in-Q Para: juniper-nsp@puck.nether.net I'm using Q-in-Q as a tap aggregation function. Port mirrors and/or optical taps from other devices are connected to QFX5100 ports which encapsulate the foreign traffic with Q-in-Q, then flood the traffic to all ports in the same outer VLAN. Analyzers are connected to the output ports. It may be that L2 protocols like PVST+ are not passing through, but that doesn't matter much for my use case: set interfaces xe-0/0/0 description "MIRROR1 INPUT from device foo" set interfaces xe-0/0/0 flexible-vlan-tagging set interfaces xe-0/0/0 native-vlan-id 2 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 encapsulation extended-vlan-bridge set interfaces xe-0/0/0 unit 2 vlan-id-list 1-4094 set interfaces xe-0/0/0 unit 2 input-vlan-map push set interfaces xe-0/0/0 unit 2 input-vlan-map vlan-id 2 set interfaces xe-0/0/0 unit 2 output-vlan-map pop set interfaces xe-0/0/0 unit 2 family ethernet-switching filter output DISCARD set interfaces xe-0/0/24 description "MIRROR1 OUTPUT to analyzer bar" set interfaces xe-0/0/24 flexible-vlan-tagging set interfaces xe-0/0/24 mtu 9216 set interfaces xe-0/0/24 encapsulation extended-vlan-bridge set interfaces xe-0/0/24 unit 2 vlan-id-list 1-4094 set interfaces xe-0/0/24 unit 2 input-vlan-map push set interfaces xe-0/0/24 unit 2 input-vlan-map vlan-id 2 set interfaces xe-0/0/24 unit 2 output-vlan-map pop set interfaces xe-0/0/24 unit 2 family ethernet-switching filter input DISCARD set vlans MIRROR1 interface xe-0/0/0.2 set vlans MIRROR1 interface xe-0/0/24.2 set vlans MIRROR1 switch-options no-mac-learning On Sat, Mar 25, 2017 at 12:22:40AM +, Alexandre Guimaraes wrote: > Chuck, > > > Could you please share portion of your QinQ configuration? In my tests, facing customer side, used: > > set vlans S-VLAN-200 vlan-id 200 > set vlans S-VLAN-200 interface ge-0/0/14.200 > > set interfaces ge-0/0/14 flexible-vlan-tagging > set interfaces ge-0/0/14 native-vlan-id 200 > set interfaces ge-0/0/14 mtu 6000 > set interfaces ge-0/0/14 encapsulation extended-vlan-bridge > set interfaces ge-0/0/14 unit 200 vlan-id-list 10-30 > set interfaces ge-0/0/14 unit 200 input-vlan-map push > set interfaces ge-0/0/14 unit 200 output-vlan-map pop > > > Even you can encapsulates customer vlan inside a service vlan, all layer 2 protocols will not pass. > > > > > De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Chuck Anderson [c...@wpi.edu] > Enviado: sexta-feira, 24 de março de 2017 18:33 > Para: juniper-nsp@puck.nether.net > Assunto: Re: [j-nsp] RES: QFX 5100 and Q-in-Q > > I had to load 14.1X53-D40 to have a basic working Q-in-Q config. D35 > was broken in some fundamental way. > > On Fri, Mar 24, 2017 at 04:31:56PM +, Alexandre Guimaraes wrote: > > Alain, > > > > As far i know, QinQ - L2TP does not work at QFX5100. > > > > Att., > > Alexandre > > > > > > De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Alain Hebert [aheb...@pubnix.net] > > Enviado: sexta-feira, 24 de março de 2017 13:07 > > Para: juniper-nsp@puck.nether.net > > Assunto: [j-nsp] QFX 5100 and Q-in-Q > > > > Well, > > > > We're having all sort of massive failure making Q-in-Q works in our > > QFX5100 in standard and VCF mode... and that with 14.x, 15x, 16.x, 17.x > > > > Such a simple thing should not take 1 week of back & forth with JTAC. > > > > Anyone have some experience to share on that subject? > > > > Thank. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] problem with advertise ipv6 default route
Default BGP policy doesn't imply that static routes are spontaneously allowed anyway, so removing it is useless. Your bgp export policy is probably fucked up but unfortunately you didn't show it. > On 25 march 2017 at 16:23, Pedro wrote : > > On MX router i'm tring advertise ::/0 to v6 peers. I have active, static > default route into my upstream direction. Other v6 routes are advertised to > my client but not ::/0 > I removed bgp6 export policy but still no success ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] problem with advertise ipv6 default route
Hello,
On MX router i'm tring advertise ::/0 to v6 peers. I have active,
static default route into my upstream direction. Other v6 routes are
advertised to my client but not ::/0
I removed bgp6 export policy but still no success
any help will be appreciated
thanks,
Pedro
My output
# show protocols bgp group EXTERNAL_UPSTREAM_IPV6
type external;
local-address 2a00:::1::42;
import import_IPV6;
export export_IPV6;
peer-as 4;
neighbor 2a00:::1::41;
# show protocols bgp group CLIENT_1_EXTERNAL_IPV6
type external;
local-address 2a03::0:bb50::1;
peer-as 911;
neighbor 2a03::0:::6 {
multihop;
family inet6 {
unicast;
}
}
# show routing-options rib inet6.0
static {
route ::/0 next-hop 2a00:::1::41;
}
# run show route ::/0
::/0 *[Static/5] 2d 04:14:47
> to 2a00:::1::41 via xe-1/1/0.0
[OSPF3/176] 4d 20:44:51, metric 200, tag 0
> to fe80::121e:12ff:147a:a517 via xe-2/0/0.0
# run show route ::/0 detail
inet6.0: 36801 destinations, 49894 routes (36801 active, 0 holddown, 0
hidden)
::/0 (2 entries, 1 announced)
*Static Preference: 5
Next hop type: Router, Next hop index: 572
Address: 0x1145f90
Next-hop reference count: 72736
Next hop: 2a00:::1::41 via xe-1/1/0.0, selected
Session Id: 0x66dc
State:
Age: 2d 3:32:14
Validation State: unverified
Task: RT
Announcement bits (3): 0-KRT 3-Resolve tree 3 6-RT
AS path: I
AS path: Recorded
# run show route advertising-protocol bgp 2a03::0:::6 | match ::/0
[gives nothing]
thanks for any help
Pedro
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] RES: RES: QFX 5100 and Q-in-Q
I'm using Q-in-Q as a tap aggregation function. Port mirrors and/or optical taps from other devices are connected to QFX5100 ports which encapsulate the foreign traffic with Q-in-Q, then flood the traffic to all ports in the same outer VLAN. Analyzers are connected to the output ports. It may be that L2 protocols like PVST+ are not passing through, but that doesn't matter much for my use case: set interfaces xe-0/0/0 description "MIRROR1 INPUT from device foo" set interfaces xe-0/0/0 flexible-vlan-tagging set interfaces xe-0/0/0 native-vlan-id 2 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 encapsulation extended-vlan-bridge set interfaces xe-0/0/0 unit 2 vlan-id-list 1-4094 set interfaces xe-0/0/0 unit 2 input-vlan-map push set interfaces xe-0/0/0 unit 2 input-vlan-map vlan-id 2 set interfaces xe-0/0/0 unit 2 output-vlan-map pop set interfaces xe-0/0/0 unit 2 family ethernet-switching filter output DISCARD set interfaces xe-0/0/24 description "MIRROR1 OUTPUT to analyzer bar" set interfaces xe-0/0/24 flexible-vlan-tagging set interfaces xe-0/0/24 mtu 9216 set interfaces xe-0/0/24 encapsulation extended-vlan-bridge set interfaces xe-0/0/24 unit 2 vlan-id-list 1-4094 set interfaces xe-0/0/24 unit 2 input-vlan-map push set interfaces xe-0/0/24 unit 2 input-vlan-map vlan-id 2 set interfaces xe-0/0/24 unit 2 output-vlan-map pop set interfaces xe-0/0/24 unit 2 family ethernet-switching filter input DISCARD set vlans MIRROR1 interface xe-0/0/0.2 set vlans MIRROR1 interface xe-0/0/24.2 set vlans MIRROR1 switch-options no-mac-learning On Sat, Mar 25, 2017 at 12:22:40AM +, Alexandre Guimaraes wrote: > Chuck, > > >Could you please share portion of your QinQ configuration? In my tests, > facing customer side, used: > > set vlans S-VLAN-200 vlan-id 200 > set vlans S-VLAN-200 interface ge-0/0/14.200 > > set interfaces ge-0/0/14 flexible-vlan-tagging > set interfaces ge-0/0/14 native-vlan-id 200 > set interfaces ge-0/0/14 mtu 6000 > set interfaces ge-0/0/14 encapsulation extended-vlan-bridge > set interfaces ge-0/0/14 unit 200 vlan-id-list 10-30 > set interfaces ge-0/0/14 unit 200 input-vlan-map push > set interfaces ge-0/0/14 unit 200 output-vlan-map pop > > > Even you can encapsulates customer vlan inside a service vlan, all layer 2 > protocols will not pass. > > > > > De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Chuck > Anderson [c...@wpi.edu] > Enviado: sexta-feira, 24 de março de 2017 18:33 > Para: juniper-nsp@puck.nether.net > Assunto: Re: [j-nsp] RES: QFX 5100 and Q-in-Q > > I had to load 14.1X53-D40 to have a basic working Q-in-Q config. D35 > was broken in some fundamental way. > > On Fri, Mar 24, 2017 at 04:31:56PM +, Alexandre Guimaraes wrote: > > Alain, > > > > As far i know, QinQ - L2TP does not work at QFX5100. > > > > Att., > > Alexandre > > > > > > De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Alain > > Hebert [aheb...@pubnix.net] > > Enviado: sexta-feira, 24 de março de 2017 13:07 > > Para: juniper-nsp@puck.nether.net > > Assunto: [j-nsp] QFX 5100 and Q-in-Q > > > > Well, > > > > We're having all sort of massive failure making Q-in-Q works in our > > QFX5100 in standard and VCF mode... and that with 14.x, 15x, 16.x, 17.x > > > > Such a simple thing should not take 1 week of back & forth with JTAC. > > > > Anyone have some experience to share on that subject? > > > > Thank. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
