[a-nsp] Terminating a Q-in-Q L3 interface?

Bryan Holloway bryan at shout.net
Fri May 10 12:51:14 EDT 2024 

Interesting. Lemme dig into that. Thank you, Tyler!


On 5/10/24 18:31, Tyler Conrad wrote:
> Hey Bryan,
> 
> Have you already looked through the flexencap TOI?
> 
> https://www.arista.com/en/support/toi/eos-4-24-2f/14551-flexible-interface-encapsulation-flexencap <https://www.arista.com/en/support/toi/eos-4-24-2f/14551-flexible-interface-encapsulation-flexencap>
> 
> 
> On Fri, May 10, 2024 at 09:19 Bryan Holloway via arista-nsp 
> <arista-nsp at puck.nether.net <mailto:arista-nsp at puck.nether.net>> wrote:
> 
>     So in Cisco (IOSXR)-land, it's trivial to terminate double-tagged
>     traffic on an SVI like so:
> 
>     interface Bundle-Ether3.900
>        ipv4 address 10.11.12.13 255.255.255.252
>        encapsulation dot1q 900 second-dot1q 100
> 
>     ... where 900 is the outer-tag, and 100 is the inner-tag.
> 
>     I've been trying to figure out a way to do this on Arista.
> 
>     Since there's no built-in way to do it on standard SVIs, I thought I'd
>     take a look at their double-tag VLAN translation feature, which looks
>     like it'll do the trick.
> 
>     So I created the following:
> 
>     interface Ethernet49/1
>          switchport trunk allowed vlan 900
>          switchport mode trunk
>          switchport vlan translation 900 inner 100 200
> 
>     ... which purports to dump double-tagged 900:100 traffic into the VLAN
>     200 bridge domain.
> 
>     To wit:
> 
>     "On ingress, specified double-tagged packets are mapped to the bridging
>     VLAN, and on egress packets with the ID of the bridging VLAN are double
>     tagged as specified."
> 
>     So I created VLAN 200 and an SVI:
> 
>     interface Vlan200
>          ip address *MailScanner warning: numerical links are often
>     malicious:* 10.11.12.14/30 <http://10.11.12.14/30>
> 
>     But it doesn't work. Notably, the SVI doesn't even come up because
>     there
>     are no interfaces using VLAN 200.
> 
>     Fine ... so I added 200 to another unrelated trunk, which caused my
>     VLAN200 interface to come up.
> 
>     But still no joy. I know this is a bit kludge-y, but shouldn't it work
>     as advertised?
> 
>     Has anyone succeeded in something like this? I'm open to suggestions,
>     thank you!
> 
>                      - bryan
> 
>     P.S.: Running 4.25.4M on the Arista, which is admittedly a little long
>     in the tooth.
>     -- 
>     arista-nsp mailing list
>     arista-nsp at puck.nether.net <mailto:arista-nsp at puck.nether.net>
>     https://puck.nether.net/mailman/listinfo/arista-nsp
>     <https://puck.nether.net/mailman/listinfo/arista-nsp>
>

More information about the arista-nsp mailing list