[a-nsp] Terminating a Q-in-Q L3 interface?

Bryan Holloway bryan at shout.net
Fri May 10 13:31:09 EDT 2024 

Well, that was easy. Can we just delete this thread? :)


On 5/10/24 18:51, Bryan Holloway via arista-nsp wrote:
> Interesting. Lemme dig into that. Thank you, Tyler!
> 
> 
> On 5/10/24 18:31, Tyler Conrad wrote:
>> Hey Bryan,
>>
>> Have you already looked through the flexencap TOI?
>>
>> https://www.arista.com/en/support/toi/eos-4-24-2f/14551-flexible-interface-encapsulation-flexencap <https://www.arista.com/en/support/toi/eos-4-24-2f/14551-flexible-interface-encapsulation-flexencap>
>>
>>
>> On Fri, May 10, 2024 at 09:19 Bryan Holloway via arista-nsp 
>> <arista-nsp at puck.nether.net <mailto:arista-nsp at puck.nether.net>> wrote:
>>
>>     So in Cisco (IOSXR)-land, it's trivial to terminate double-tagged
>>     traffic on an SVI like so:
>>
>>     interface Bundle-Ether3.900
>>        ipv4 address 10.11.12.13 255.255.255.252
>>        encapsulation dot1q 900 second-dot1q 100
>>
>>     ... where 900 is the outer-tag, and 100 is the inner-tag.
>>
>>     I've been trying to figure out a way to do this on Arista.
>>
>>     Since there's no built-in way to do it on standard SVIs, I thought 
>> I'd
>>     take a look at their double-tag VLAN translation feature, which looks
>>     like it'll do the trick.
>>
>>     So I created the following:
>>
>>     interface Ethernet49/1
>>          switchport trunk allowed vlan 900
>>          switchport mode trunk
>>          switchport vlan translation 900 inner 100 200
>>
>>     ... which purports to dump double-tagged 900:100 traffic into the 
>> VLAN
>>     200 bridge domain.
>>
>>     To wit:
>>
>>     "On ingress, specified double-tagged packets are mapped to the 
>> bridging
>>     VLAN, and on egress packets with the ID of the bridging VLAN are 
>> double
>>     tagged as specified."
>>
>>     So I created VLAN 200 and an SVI:
>>
>>     interface Vlan200
>>          ip address *MailScanner warning: numerical links are often
>>     malicious:* 10.11.12.14/30 <http://10.11.12.14/30>
>>
>>     But it doesn't work. Notably, the SVI doesn't even come up because
>>     there
>>     are no interfaces using VLAN 200.
>>
>>     Fine ... so I added 200 to another unrelated trunk, which caused my
>>     VLAN200 interface to come up.
>>
>>     But still no joy. I know this is a bit kludge-y, but shouldn't it 
>> work
>>     as advertised?
>>
>>     Has anyone succeeded in something like this? I'm open to suggestions,
>>     thank you!
>>
>>                      - bryan
>>
>>     P.S.: Running 4.25.4M on the Arista, which is admittedly a little 
>> long
>>     in the tooth.
>>     --     arista-nsp mailing list
>>     arista-nsp at puck.nether.net <mailto:arista-nsp at puck.nether.net>
>>     https://puck.nether.net/mailman/listinfo/arista-nsp
>>     <https://puck.nether.net/mailman/listinfo/arista-nsp>
>>

More information about the arista-nsp mailing list