Re: [j-nsp] Understanding DPC Cards
Richard, Martin, Nilesh... thank you for the all the feedback. We got the box online and starting to function ;) Our goal with this box is to migrate everything off a 7606 that's currently performing a variety of tasks at layer2/layer3 including BGP etc... once we get some other boxes online, this box will start migrating into our new MPLS network in the meantime I'm waiting for J-Care to kick in so I can stop bugging this list so much with silly questions...hehe it's only been two months almost waiting on J-Care to get assigned (anyone else seeing major delays in getting J-Care?). Further to the points on the linecards - we did purchase -R cards as our Juniper reps told us to pretty much stay away from -X cards if we wanted to really utilize the box of course:) Appreciate everything folks - have some BGP community questions coming up though... Cheers, Paul -Original Message- From: Richard A Steenbergen [mailto:r...@e-gerbil.net] Sent: Tuesday, May 04, 2010 7:21 PM To: Paul Stewart Cc: 'jnsp' Subject: Re: [j-nsp] Understanding DPC Cards On Tue, May 04, 2010 at 05:05:04PM -0400, Paul Stewart wrote: Can someone give me in simple terms what the differences are between chassis network-services Ethernet and chassis network-services IP? When Juniper came out with the MX they had two large potential customer bases with two different uses for the platform, and wanted to create a differentiated price point so they could compete with both groups. To do this, they made a chassis network-services mode, and sold a -X and -R version of the same card at different prices. If you configure network-services ethernet both -X and -R cards will work, but if you configure network-services ip any -X cards in the chassis will shut down. The ethernet mode lets you use the box for L2, or have just enough IP to use as a signaling for l3vpns, but not enough IP to do actual routing (i.e. bgp will not exchange inet/unicast afi/safi's, etc). If you want to do full routing, you need the -R cards, and you need to configure the chassis for network-services ip. On the MX it seems this is quite different? I have the following: IMHO using an MX for L2 is blasphemy, and you should have your head examined if you actually want to use it this way. This is the networking version of buying a GT-R and then only driving it on sundays down 25mph side streets. :) I'm sure this isn't correct J This is what I created after reading some of the Juniper docs with a lack of understanding what flexible-ethernet-services actually refers too.. Flexible ethernet services is a mode that lets you mix and match multiple types of L2 and L3 encapsulations under a single physical interface, in any way you'd like. This is different from earlier generations of Juniper hardware, which had very specific requirements and restricted ranges of what you could configure. For example, back in the day if you wanted to have one subinterface do family inet and another subinterface do vlan-ccc (say for example as an l2circuit endpoint), you had to do the ip on vlan IDs 512 and the vlan-ccc on vlan IDs 512-1024. With flexible ethernet services you can do it however you'd like. That it is even a configuration option at all and not just default is a holdover from the days when it wasn't supported on every kind of interface. All MX interfaces support it now, so it's probably what you want to use if for no other reason than it saves you a flap if you ever need to turn it on later. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Understanding DPC Cards
I don't have time to get all of it but very quickly the command you mentioned:
set chassis network-services ip;
refers to if you want this MX to be a L2 or L3 box. Changing this
requires a reset AFAIK. When in network-services ethernet mode you
can only use the DPC-X cards which are priced cheaper and have limited
L3 functionality. Chances are you want to keep this in IP mode since
you are using an R card (I assume they are both R cards, and not X
cards).
Also, comparing EX vs MX configs should be viewed like comparing cisco
ios to ios-xr. AFAIK, these are separate codebases. You need to
compare to J, T, or M series configs.
-J Scott
On Tue, May 4, 2010 at 2:05 PM, Paul Stewart p...@paulstewart.org wrote:
Hi there..
I'm not sure if I'm asking this right . again, as I mentioned earlier - I'm
a Cisco guy jumping into the JunOS world so pardon me if I've missed this
somewhere in the docs. my translation between the two worlds is slow but
steady..
Working on an MX480 that has a pair of DPC cards (DPCE 20x 1GE + 2x 10GE R).
Some questions ;)
Can someone give me in simple terms what the differences are between
chassis network-services Ethernet and chassis network-services IP?
Secondly, on EX switches (which I'm just getting used too) we can do:
ge-0/0/12 {
description xxx;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ ]
On the MX it seems this is quite different? I have the following:
ge-5/0/2 {
description ;
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 61;
}
}
I'm sure this isn't correct J This is what I created after reading some of
the Juniper docs with a lack of understanding what
flexible-ethernet-services actually refers too..
My goal is to have a dot1q trunk come in with a dozen or so VLAN's on it and
then create layer3 RVI's for them. The RVI configuration I have is this
(which again I know is wrong):
vlan {
unit 61 {
family inet {
address xxx.xx.235.34/24;
}
family inet6 {
address xxx:xxx:235::34/64;
}
}
Any assistance is much appreciated - thanks again to those folks who helped
earlier with my BGP questions.
Paul
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Understanding DPC Cards
I'll try to help... We also run MX and EX.
So, first off. MX and EX are not even remotely related in respect to
what they can and can not do. The MX is a L3 box with L2 capabilities,
the EX is a L2 box with L3 capabilities.
So, vlans in an MX are not global (at least not necessarily). This means
you can have the same vlan id on different ports without them being the
same service (this may be a bit unclear, I apologize if that is the case)
Encapsulation flexible-ethernet-services gives you the opportunity to
use different encapsulation on different units (i.e vlan, mpls, vpls and
so forth).
vlan-tagging enables support for reception of singel tagged ethernet
frames. If you want double-tagged it's stacked-vlan-tagging or if you
want the option of doing both on the same physical port it's
flexible-vlan-tagging.
If you intend solely to terminate a vlan in a L3 interface you would
simply state it like this.
ge-0/0/0 {
encapsulation flexible-ethernet-services;
vlan-tagging;
unit 0 {
vlan-id z;
family inet {
address xx.xx.xx.xx/yy;
}
}
If you want the option of bridging several interfaces together and
simultaneously have a routable interface enabled it get's a bit more
complicated. Basicly you have to set up a bridge-domain and then an
routing-interface (interface irb) on it.
//Martin
On 2010-05-04 23:05, Paul Stewart wrote:
Hi there..
I'm not sure if I'm asking this right . again, as I mentioned earlier - I'm
a Cisco guy jumping into the JunOS world so pardon me if I've missed this
somewhere in the docs. my translation between the two worlds is slow but
steady..
Working on an MX480 that has a pair of DPC cards (DPCE 20x 1GE + 2x 10GE R).
Some questions ;)
Can someone give me in simple terms what the differences are between
chassis network-services Ethernet and chassis network-services IP?
Secondly, on EX switches (which I'm just getting used too) we can do:
ge-0/0/12 {
description xxx;
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ ]
On the MX it seems this is quite different? I have the following:
ge-5/0/2 {
description ;
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 61;
}
}
I'm sure this isn't correct J This is what I created after reading some of
the Juniper docs with a lack of understanding what
flexible-ethernet-services actually refers too..
My goal is to have a dot1q trunk come in with a dozen or so VLAN's on it and
then create layer3 RVI's for them. The RVI configuration I have is this
(which again I know is wrong):
vlan {
unit 61 {
family inet {
address xxx.xx.235.34/24;
}
family inet6 {
address xxx:xxx:235::34/64;
}
}
Any assistance is much appreciated - thanks again to those folks who helped
earlier with my BGP questions.
Paul
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Understanding DPC Cards
On Tue, May 04, 2010 at 05:05:04PM -0400, Paul Stewart wrote: Can someone give me in simple terms what the differences are between chassis network-services Ethernet and chassis network-services IP? When Juniper came out with the MX they had two large potential customer bases with two different uses for the platform, and wanted to create a differentiated price point so they could compete with both groups. To do this, they made a chassis network-services mode, and sold a -X and -R version of the same card at different prices. If you configure network-services ethernet both -X and -R cards will work, but if you configure network-services ip any -X cards in the chassis will shut down. The ethernet mode lets you use the box for L2, or have just enough IP to use as a signaling for l3vpns, but not enough IP to do actual routing (i.e. bgp will not exchange inet/unicast afi/safi's, etc). If you want to do full routing, you need the -R cards, and you need to configure the chassis for network-services ip. On the MX it seems this is quite different? I have the following: IMHO using an MX for L2 is blasphemy, and you should have your head examined if you actually want to use it this way. This is the networking version of buying a GT-R and then only driving it on sundays down 25mph side streets. :) I'm sure this isn't correct J This is what I created after reading some of the Juniper docs with a lack of understanding what flexible-ethernet-services actually refers too.. Flexible ethernet services is a mode that lets you mix and match multiple types of L2 and L3 encapsulations under a single physical interface, in any way you'd like. This is different from earlier generations of Juniper hardware, which had very specific requirements and restricted ranges of what you could configure. For example, back in the day if you wanted to have one subinterface do family inet and another subinterface do vlan-ccc (say for example as an l2circuit endpoint), you had to do the ip on vlan IDs 512 and the vlan-ccc on vlan IDs 512-1024. With flexible ethernet services you can do it however you'd like. That it is even a configuration option at all and not just default is a holdover from the days when it wasn't supported on every kind of interface. All MX interfaces support it now, so it's probably what you want to use if for no other reason than it saves you a flap if you ever need to turn it on later. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Understanding DPC Cards
On MX, you can create access-ports connected to the hosts using
interface-mode access with a unique vlan id assigned to the port. This is
conceptually similar to switchport mode access on Cisco.
With either interface-mode access you do not need to explicitly assign the
logical unit to the bridge-domain. It automatically gets assigned to the
bridge-domain configured with same vlan-id. For.e.g.
[edit]
l...@re0-mx960# show interfaces ge-1/1/1
unit 0 {
family bridge {
interface-mode access;
vlan-id 61;
}
}
[edit]
l...@re0-mx960# show bridge-domains vlan-61
domain-type bridge;
vlan-id 61;
[edit]
l...@re0-mx960#
With this configuration, ge-1/1/1.0 is automatically part of bridge domain
vlan-61. Now if you want to enable routing on this bridge (RVI in Cisco),
you can configure IRB interface and assign this irb logical unit to this
bridge-domain.
[edit]
l...@re0-mx960# show interfaces irb unit 61
family inet {
address 1.2.3.4/24;
}
[edit]
l...@re0-mx960#
[edit]
l...@re0-mx960# show bridge-domains vlan-61
domain-type bridge;
vlan-id 61;
routing-interface irb.61;
[edit]
l...@re0-mx960#
[edit]
l...@re0-mx960# run show bridge domain bridge-domain vlan-61
Routing instanceBridge domainVLAN ID Interfaces
default-switch vlan-61 61
ge-1/1/1.0
[edit]
l...@re0-mx960#
If you add more interfaces to vlan 61 as access ports, they will get
assigned to the same bridge-domain. It will do a switching between the ports
in the same bridge-domain and will do routing to destinations outside
bridge-domain via irb interface.
When you create a trunk carrying the same vlan id 61, it will also become
part of the same bridge domain.
[edit]
l...@re0-mx960# show interfaces ge-1/1/2
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list [ 61 62 ];
}
}
[edit]
l...@re0-mx960#
[edit]
l...@re0-mx960# run show bridge domain bridge-domain vlan-61
Routing instanceBridge domainVLAN ID Interfaces
default-switch vlan-61 61
ge-1/1/1.0
ge-1/1/2.0
[edit]
l...@re0-mx960#
You will need a bridge-domain configuration for the vlan-ids configured on
the trunk port to instantiate the switching of that vlans in the forwarding
table. In the above configuration, vlan id 62 does not yet have the
bridge-domain associated with it, so the trunk is not yet enabled to carry
its traffic.
[edit]
l...@re0-mx960# run show bridge domain bridge-domain vlan-62
[edit]
l...@re0-mx960# set bridge-domains vlan-62 domain-type bridge
[edit]
l...@re0-mx960# set bridge-domains vlan-62 vlan-id 62
[edit]
l...@re0-mx960# commit
commit complete
[edit]
l...@re0-mx960# run show bridge domain bridge-domain vlan-62
Routing instanceBridge domainVLAN ID Interfaces
default-switch vlan-62 62
ge-1/1/2.0
[edit]
l...@re0-mx960#
An access port can technically receive both tagged and untagged packets from
the host but it will only send untagged packets to the host connected to
port. A tagged port can send and receive only tagged packets. You can
configure a tagged port with a native-vlan-id for it enable receiving
untagged packets. It is somewhat similar to Cisco, where all untagged
traffic is assigned to vlan 1 by default and can be configured to a
different vlan if needed. When you configure native-vlan-id, all the
untagged traffic is treated as being received over the vlan configured as
native vlan.
[edit]
l...@re0-mx960# show interfaces ge-1/1/2
native-vlan-id 62;
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list [ 61 62 ];
}
}
[edit]
l...@re0-mx960#
Hope this helps. I have seen other replies providing the information about
XDPC and RDPCs as well as flexible-ethernet-services so do not want to
repeat it here.
Thanks,
Nilesh.
On 5/4/10 4:01 PM, Martin Levin martin.le...@molndal.se wrote:
I'll try to help... We also run MX and EX.
So, first off. MX and EX are not even remotely related in respect to
what they can and can not do. The MX is a L3 box with L2 capabilities,
the EX is a L2 box with L3 capabilities.
So, vlans in an MX are not global (at least not necessarily). This means
you can have the same vlan id on different ports without them being the
same service (this may be a bit unclear, I apologize if that is the case)
Encapsulation flexible-ethernet-services gives you the opportunity to
use different encapsulation on different units (i.e vlan, mpls, vpls and
so forth).
vlan-tagging enables support for reception of singel tagged ethernet
frames. If you want double-tagged it's stacked-vlan-tagging or if you
want the option of doing both on the
