Re: [j-nsp] RES: RES: QFX 5100 and Q-in-Q
Hi, Yes same configuration. We pretty much received a confirmation from the JTAC about the limitation about PVST+. ( Hopefully a Jman could be clearer on the "why", for the enlightenment of the list ) We deployed those QFX5100 for customers in need of >1Gbps QinQ. l2circuits works perfectly thou. - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 On 03/25/17 14:00, Alexandre Guimaraes wrote: Chuck, The way that are you doing works well (I call it as dot1q tagging services), The way that I need to use, L2TP doesn't works. (QinQ services) Due the limited "QinQ", I need to keep CPE at customers to deal with QinQ/L2TP services. Att. AŁexandre De: Chuck Anderson Enviado: sábado, 25 de março 09:28 Assunto: Re: [j-nsp] RES: RES: QFX 5100 and Q-in-Q Para: juniper-nsp@puck.nether.net I'm using Q-in-Q as a tap aggregation function. Port mirrors and/or optical taps from other devices are connected to QFX5100 ports which encapsulate the foreign traffic with Q-in-Q, then flood the traffic to all ports in the same outer VLAN. Analyzers are connected to the output ports. It may be that L2 protocols like PVST+ are not passing through, but that doesn't matter much for my use case: set interfaces xe-0/0/0 description "MIRROR1 INPUT from device foo" set interfaces xe-0/0/0 flexible-vlan-tagging set interfaces xe-0/0/0 native-vlan-id 2 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 encapsulation extended-vlan-bridge set interfaces xe-0/0/0 unit 2 vlan-id-list 1-4094 set interfaces xe-0/0/0 unit 2 input-vlan-map push set interfaces xe-0/0/0 unit 2 input-vlan-map vlan-id 2 set interfaces xe-0/0/0 unit 2 output-vlan-map pop set interfaces xe-0/0/0 unit 2 family ethernet-switching filter output DISCARD set interfaces xe-0/0/24 description "MIRROR1 OUTPUT to analyzer bar" set interfaces xe-0/0/24 flexible-vlan-tagging set interfaces xe-0/0/24 mtu 9216 set interfaces xe-0/0/24 encapsulation extended-vlan-bridge set interfaces xe-0/0/24 unit 2 vlan-id-list 1-4094 set interfaces xe-0/0/24 unit 2 input-vlan-map push set interfaces xe-0/0/24 unit 2 input-vlan-map vlan-id 2 set interfaces xe-0/0/24 unit 2 output-vlan-map pop set interfaces xe-0/0/24 unit 2 family ethernet-switching filter input DISCARD set vlans MIRROR1 interface xe-0/0/0.2 set vlans MIRROR1 interface xe-0/0/24.2 set vlans MIRROR1 switch-options no-mac-learning On Sat, Mar 25, 2017 at 12:22:40AM +, Alexandre Guimaraes wrote: > Chuck, > > > Could you please share portion of your QinQ configuration? In my tests, facing customer side, used: > > set vlans S-VLAN-200 vlan-id 200 > set vlans S-VLAN-200 interface ge-0/0/14.200 > > set interfaces ge-0/0/14 flexible-vlan-tagging > set interfaces ge-0/0/14 native-vlan-id 200 > set interfaces ge-0/0/14 mtu 6000 > set interfaces ge-0/0/14 encapsulation extended-vlan-bridge > set interfaces ge-0/0/14 unit 200 vlan-id-list 10-30 > set interfaces ge-0/0/14 unit 200 input-vlan-map push > set interfaces ge-0/0/14 unit 200 output-vlan-map pop > > > Even you can encapsulates customer vlan inside a service vlan, all layer 2 protocols will not pass. > > > > > De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Chuck Anderson [c...@wpi.edu] > Enviado: sexta-feira, 24 de março de 2017 18:33 > Para: juniper-nsp@puck.nether.net > Assunto: Re: [j-nsp] RES: QFX 5100 and Q-in-Q > > I had to load 14.1X53-D40 to have a basic working Q-in-Q config. D35 > was broken in some fundamental way. > > On Fri, Mar 24, 2017 at 04:31:56PM +, Alexandre Guimaraes wrote: > > Alain, > > > > As far i know, QinQ - L2TP does not work at QFX5100. > > > > Att., > > Alexandre > > > > > > De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Alain Hebert [aheb...@pubnix.net] > > Enviado: sexta-feira, 24 de março de 2017 13:07 > > Para: juniper-nsp@puck.nether.net > > Assunto: [j-nsp] QFX 5100 and Q-in-Q > > > > Well, > > > > We're having all sort of massive failure making Q-in-Q works in our > > QFX5100 in standard and VCF mode... and that with 14.x, 15x, 16.x, 17.x > > > > Such a simple thing should not take 1 week of back & forth with JTAC. > > > > Anyone have some experience to share on that subject? > > > > Thank. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] RES: RES: QFX 5100 and Q-in-Q
Chuck, The way that are you doing works well (I call it as dot1q tagging services), The way that I need to use, L2TP doesn't works. (QinQ services) Due the limited "QinQ", I need to keep CPE at customers to deal with QinQ/L2TP services. Att. AŁexandre De: Chuck Anderson Enviado: sábado, 25 de março 09:28 Assunto: Re: [j-nsp] RES: RES: QFX 5100 and Q-in-Q Para: juniper-nsp@puck.nether.net I'm using Q-in-Q as a tap aggregation function. Port mirrors and/or optical taps from other devices are connected to QFX5100 ports which encapsulate the foreign traffic with Q-in-Q, then flood the traffic to all ports in the same outer VLAN. Analyzers are connected to the output ports. It may be that L2 protocols like PVST+ are not passing through, but that doesn't matter much for my use case: set interfaces xe-0/0/0 description "MIRROR1 INPUT from device foo" set interfaces xe-0/0/0 flexible-vlan-tagging set interfaces xe-0/0/0 native-vlan-id 2 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 encapsulation extended-vlan-bridge set interfaces xe-0/0/0 unit 2 vlan-id-list 1-4094 set interfaces xe-0/0/0 unit 2 input-vlan-map push set interfaces xe-0/0/0 unit 2 input-vlan-map vlan-id 2 set interfaces xe-0/0/0 unit 2 output-vlan-map pop set interfaces xe-0/0/0 unit 2 family ethernet-switching filter output DISCARD set interfaces xe-0/0/24 description "MIRROR1 OUTPUT to analyzer bar" set interfaces xe-0/0/24 flexible-vlan-tagging set interfaces xe-0/0/24 mtu 9216 set interfaces xe-0/0/24 encapsulation extended-vlan-bridge set interfaces xe-0/0/24 unit 2 vlan-id-list 1-4094 set interfaces xe-0/0/24 unit 2 input-vlan-map push set interfaces xe-0/0/24 unit 2 input-vlan-map vlan-id 2 set interfaces xe-0/0/24 unit 2 output-vlan-map pop set interfaces xe-0/0/24 unit 2 family ethernet-switching filter input DISCARD set vlans MIRROR1 interface xe-0/0/0.2 set vlans MIRROR1 interface xe-0/0/24.2 set vlans MIRROR1 switch-options no-mac-learning On Sat, Mar 25, 2017 at 12:22:40AM +, Alexandre Guimaraes wrote: > Chuck, > > > Could you please share portion of your QinQ configuration? In my tests, facing customer side, used: > > set vlans S-VLAN-200 vlan-id 200 > set vlans S-VLAN-200 interface ge-0/0/14.200 > > set interfaces ge-0/0/14 flexible-vlan-tagging > set interfaces ge-0/0/14 native-vlan-id 200 > set interfaces ge-0/0/14 mtu 6000 > set interfaces ge-0/0/14 encapsulation extended-vlan-bridge > set interfaces ge-0/0/14 unit 200 vlan-id-list 10-30 > set interfaces ge-0/0/14 unit 200 input-vlan-map push > set interfaces ge-0/0/14 unit 200 output-vlan-map pop > > > Even you can encapsulates customer vlan inside a service vlan, all layer 2 protocols will not pass. > > > > > De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Chuck Anderson [c...@wpi.edu] > Enviado: sexta-feira, 24 de março de 2017 18:33 > Para: juniper-nsp@puck.nether.net > Assunto: Re: [j-nsp] RES: QFX 5100 and Q-in-Q > > I had to load 14.1X53-D40 to have a basic working Q-in-Q config. D35 > was broken in some fundamental way. > > On Fri, Mar 24, 2017 at 04:31:56PM +, Alexandre Guimaraes wrote: > > Alain, > > > > As far i know, QinQ - L2TP does not work at QFX5100. > > > > Att., > > Alexandre > > > > > > De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Alain Hebert [aheb...@pubnix.net] > > Enviado: sexta-feira, 24 de março de 2017 13:07 > > Para: juniper-nsp@puck.nether.net > > Assunto: [j-nsp] QFX 5100 and Q-in-Q > > > > Well, > > > > We're having all sort of massive failure making Q-in-Q works in our > > QFX5100 in standard and VCF mode... and that with 14.x, 15x, 16.x, 17.x > > > > Such a simple thing should not take 1 week of back & forth with JTAC. > > > > Anyone have some experience to share on that subject? > > > > Thank. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] RES: RES: QFX 5100 and Q-in-Q
I'm using Q-in-Q as a tap aggregation function. Port mirrors and/or optical taps from other devices are connected to QFX5100 ports which encapsulate the foreign traffic with Q-in-Q, then flood the traffic to all ports in the same outer VLAN. Analyzers are connected to the output ports. It may be that L2 protocols like PVST+ are not passing through, but that doesn't matter much for my use case: set interfaces xe-0/0/0 description "MIRROR1 INPUT from device foo" set interfaces xe-0/0/0 flexible-vlan-tagging set interfaces xe-0/0/0 native-vlan-id 2 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 encapsulation extended-vlan-bridge set interfaces xe-0/0/0 unit 2 vlan-id-list 1-4094 set interfaces xe-0/0/0 unit 2 input-vlan-map push set interfaces xe-0/0/0 unit 2 input-vlan-map vlan-id 2 set interfaces xe-0/0/0 unit 2 output-vlan-map pop set interfaces xe-0/0/0 unit 2 family ethernet-switching filter output DISCARD set interfaces xe-0/0/24 description "MIRROR1 OUTPUT to analyzer bar" set interfaces xe-0/0/24 flexible-vlan-tagging set interfaces xe-0/0/24 mtu 9216 set interfaces xe-0/0/24 encapsulation extended-vlan-bridge set interfaces xe-0/0/24 unit 2 vlan-id-list 1-4094 set interfaces xe-0/0/24 unit 2 input-vlan-map push set interfaces xe-0/0/24 unit 2 input-vlan-map vlan-id 2 set interfaces xe-0/0/24 unit 2 output-vlan-map pop set interfaces xe-0/0/24 unit 2 family ethernet-switching filter input DISCARD set vlans MIRROR1 interface xe-0/0/0.2 set vlans MIRROR1 interface xe-0/0/24.2 set vlans MIRROR1 switch-options no-mac-learning On Sat, Mar 25, 2017 at 12:22:40AM +, Alexandre Guimaraes wrote: > Chuck, > > >Could you please share portion of your QinQ configuration? In my tests, > facing customer side, used: > > set vlans S-VLAN-200 vlan-id 200 > set vlans S-VLAN-200 interface ge-0/0/14.200 > > set interfaces ge-0/0/14 flexible-vlan-tagging > set interfaces ge-0/0/14 native-vlan-id 200 > set interfaces ge-0/0/14 mtu 6000 > set interfaces ge-0/0/14 encapsulation extended-vlan-bridge > set interfaces ge-0/0/14 unit 200 vlan-id-list 10-30 > set interfaces ge-0/0/14 unit 200 input-vlan-map push > set interfaces ge-0/0/14 unit 200 output-vlan-map pop > > > Even you can encapsulates customer vlan inside a service vlan, all layer 2 > protocols will not pass. > > > > > De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Chuck > Anderson [c...@wpi.edu] > Enviado: sexta-feira, 24 de março de 2017 18:33 > Para: juniper-nsp@puck.nether.net > Assunto: Re: [j-nsp] RES: QFX 5100 and Q-in-Q > > I had to load 14.1X53-D40 to have a basic working Q-in-Q config. D35 > was broken in some fundamental way. > > On Fri, Mar 24, 2017 at 04:31:56PM +, Alexandre Guimaraes wrote: > > Alain, > > > > As far i know, QinQ - L2TP does not work at QFX5100. > > > > Att., > > Alexandre > > > > > > De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Alain > > Hebert [aheb...@pubnix.net] > > Enviado: sexta-feira, 24 de março de 2017 13:07 > > Para: juniper-nsp@puck.nether.net > > Assunto: [j-nsp] QFX 5100 and Q-in-Q > > > > Well, > > > > We're having all sort of massive failure making Q-in-Q works in our > > QFX5100 in standard and VCF mode... and that with 14.x, 15x, 16.x, 17.x > > > > Such a simple thing should not take 1 week of back & forth with JTAC. > > > > Anyone have some experience to share on that subject? > > > > Thank. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] RES: RES: QFX 5100 and Q-in-Q
Chuck, Could you please share portion of your QinQ configuration? In my tests, facing customer side, used: set vlans S-VLAN-200 vlan-id 200 set vlans S-VLAN-200 interface ge-0/0/14.200 set interfaces ge-0/0/14 flexible-vlan-tagging set interfaces ge-0/0/14 native-vlan-id 200 set interfaces ge-0/0/14 mtu 6000 set interfaces ge-0/0/14 encapsulation extended-vlan-bridge set interfaces ge-0/0/14 unit 200 vlan-id-list 10-30 set interfaces ge-0/0/14 unit 200 input-vlan-map push set interfaces ge-0/0/14 unit 200 output-vlan-map pop Even you can encapsulates customer vlan inside a service vlan, all layer 2 protocols will not pass. De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Chuck Anderson [c...@wpi.edu] Enviado: sexta-feira, 24 de março de 2017 18:33 Para: juniper-nsp@puck.nether.net Assunto: Re: [j-nsp] RES: QFX 5100 and Q-in-Q I had to load 14.1X53-D40 to have a basic working Q-in-Q config. D35 was broken in some fundamental way. On Fri, Mar 24, 2017 at 04:31:56PM +, Alexandre Guimaraes wrote: > Alain, > > As far i know, QinQ - L2TP does not work at QFX5100. > > Att., > Alexandre > > > De: juniper-nsp [juniper-nsp-boun...@puck.nether.net] em nome de Alain Hebert > [aheb...@pubnix.net] > Enviado: sexta-feira, 24 de março de 2017 13:07 > Para: juniper-nsp@puck.nether.net > Assunto: [j-nsp] QFX 5100 and Q-in-Q > > Well, > > We're having all sort of massive failure making Q-in-Q works in our > QFX5100 in standard and VCF mode... and that with 14.x, 15x, 16.x, 17.x > > Such a simple thing should not take 1 week of back & forth with JTAC. > > Anyone have some experience to share on that subject? > > Thank. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
