[c-nsp] Unable to transmit tagged frames over q-in-q tunnel

Gökhan Gümüş ggumus at gmail.com
Mon Oct 31 05:18:16 EDT 2011 

Hi Keegan,

I am using Martini-draft L2circuit configuration on MPLS core to transmit
frames.
I do not have any issue on MPLS core for sure.
When i checked l2protocol tunnel interfaces on both switches, i can see
that STP packet counters are incremented.

I do not know how i can figure out where the frames are being discarded.

Without l2protocol tunnel configuration, customer switches were configured
in lab and there was no problem.
When i introduce l2protocol tunnel, customer is not able to transmit tagged
frames ....:(

Best regards,
Gokhan

On Fri, Oct 28, 2011 at 5:57 PM, Keegan Holley <keegan.holley at sungard.com>wrote:

> The MTU's aren't consistent but they are big enough to pass the tunneled
> frames.  Are you sure the mpls side is up and working correctly?  Can you
> post your l2vpn config?  Also, can you tell where the frames are being
> discarded?  If you want to rule out customer traffic you could configure a
> vlan1106 interface on your switches.  You should be able to ping end to end.
>
>
> 2011/10/28 Gökhan Gümüş <ggumus at gmail.com>
>
>> Dear all,
>>
>> Thank you very much for your all comments.
>> I would like to give you some additional information.
>> I am using Juniper MX240 routers as a PE router.
>>
>> Please see config details on the links between Customer Edge Switch and
>> PE routers below;
>>
>>
>> Customer Edge Switch A -------------------------------------------------
>> PE router-A
>>
>> A#sh run interface gi0/27
>>
>> Building configuration...
>>
>> Current configuration : 251 bytes
>> !
>> interface GigabitEthernet0/27
>>   description PE router-A
>>
>>  switchport trunk encapsulation dot1q
>>  switchport trunk allowed vlan 1,9,1101,1102,*1106*
>>  switchport mode trunk
>>  switchport nonegotiate
>> end
>>
>>
>> PE router-A> show configuration interfaces ge-2/2/2
>>
>> description "Customer Edge Switch A";
>> flexible-vlan-tagging;
>> mtu 1998;
>> encapsulation flexible-ethernet-services;
>> gigether-options {
>>     no-auto-negotiation;
>> }
>>
>> }
>> unit 1106 {
>>     encapsulation vlan-ccc;
>>     vlan-id 1106;
>>     family ccc;
>>
>>
>>
>> ----------------------------------------------------------------------------------------------------------
>>
>> Customer Edge Switch B -------------------------------------------------
>> PE router-B
>>
>> Customer Edge Switch B#sh run interface gi5/13
>>
>> Building configuration...
>>
>> Current configuration : 298 bytes
>> !
>> interface GigabitEthernet5/13
>>  description PE router-B
>>
>>  mtu 2000
>>  load-interval 30
>>  speed nonegotiate
>>  switchport
>>  switchport trunk encapsulation dot1q
>>  switchport trunk allowed vlan 1101,1102,*1106*
>>  switchport mode trunk
>>  no cdp enable
>> end
>>
>>
>> PE router-B> show configuration interfaces ge-2/3/3
>>
>> description "Customer Edge Switch B";
>> flexible-vlan-tagging;
>> mtu 1998;
>> encapsulation flexible-ethernet-services;
>> gigether-options {
>>     no-auto-negotiation;
>>
>> unit 1106 {
>>     encapsulation vlan-ccc;
>>     vlan-id 1106;
>>     family ccc;
>>
>>
>>
>> Your helps would be really appreciated.
>>
>>
>> Thanks and regards,
>> Gokhan Gumus
>>
>>
>>
>>
>>
>> On Thu, Oct 27, 2011 at 9:14 PM, Ivan <cisco-nsp at itpro.co.nz> wrote:
>>
>>> Hi,
>>>
>>> It would be useful to see your PE configuration and have details of the
>>> hardware and OS versions.
>>>
>>> I recently came across an issue like this when using ASR1001s as PEs. As
>>> far as I could tell the ASRs wouldn't match up a double tagged packet to an
>>> interface defined to match a single tag.  Eventually an IOS upgrade fixed
>>> this problem.  You can easily test by reconfiguring the PE interface to
>>> "encapsulation dot1Q xxx second‐dot1q any" then you may be able to pass the
>>> double tagged traffic but no longer the traffic in the native vlan (single
>>> SVID only).
>>>
>>> asr1000rp1‐advipservicesk9.03.**04.01.S.151‐3.S1.bin fixed the issue
>>> for me.  (I had trouble with asr1000rp1-advipservicesk9.03.**03.01.S.151‐2.S1.bin
>>> and asr1001‐universalk9.03.02.00.**S.151‐1.S.bin
>>>
>>> Ivan
>>>
>>>
>>> On 28/Oct/2011 5:28 a.m., Gökhan Gümüş wrote:
>>>
>>>> Dear folks,
>>>>
>>>> I have an issue with one of our customer service.
>>>>
>>>>                                 Gi0/5
>>>> Gi0/27
>>>> Gi5/13                                      Fa3/13
>>>> Customer SW ---------------- Customer Edge Switch-A ----------------PE1
>>>> ----------MPLS Core --------------PE 2--------------Customer Edge
>>>> Switch-B
>>>> --------------Customer SW
>>>>
>>>> I am using q-in-q tunneling to enable customer traffic. Before, customer
>>>> port on Customer SW facing our edge switch was in ACCESS mode and it was
>>>> working.
>>>> Now they have decided to configure this interface as a TRUNK to transmit
>>>> multiple VLANs over the trunk. But they can not.
>>>> Currently ports are configured as trunk and customer can only transmit
>>>> traffic when they do not tag frames ( native-vlan config )
>>>>
>>>> For note, i am not using " vlan dot1q tag native " command which is also
>>>> double-tagging native vlans.
>>>> MTU is fine and above 1504 bytes.
>>>>
>>>> Please see our configs on Customer Edge Switch below;
>>>>
>>>>
>>>> *Customer Edge Switch A;*
>>>>
>>>> A#sh run interface Gigabit Ethernet0/5
>>>> Building configuration...
>>>>
>>>> Current configuration : 337 bytes
>>>> !
>>>> interface GigabitEthernet0/5
>>>>  switchport access vlan 1106
>>>>  switchport mode dot1q-tunnel
>>>>  switchport nonegotiate
>>>>  load-interval 60
>>>>  speed 100
>>>>  duplex full
>>>>  l2protocol-tunnel cdp
>>>>  l2protocol-tunnel stp
>>>>  l2protocol-tunnel vtp
>>>>  no cdp enable
>>>> end
>>>>
>>>> A#sh run interface GigabitEthernet0/27
>>>> Building configuration...
>>>>
>>>> Current configuration : 251 bytes
>>>> !
>>>> interface GigabitEthernet0/27
>>>>  switchport trunk encapsulation dot1q
>>>>  switchport trunk allowed vlan 1,9,1101,1102,1106
>>>>  switchport mode trunk
>>>>  switchport nonegotiate
>>>> end
>>>>
>>>> ------------------------------**------------------------------**
>>>> ---------------------
>>>>
>>>> *Customer Edge Switch B;*
>>>>
>>>> B#sh run interface fa3/13
>>>> Building configuration...
>>>>
>>>> Current configuration : 366 bytes
>>>> !
>>>> interface FastEthernet3/13
>>>>  mtu 2000
>>>>  load-interval 60
>>>>  switchport
>>>>  switchport access vlan 1106
>>>>  switchport mode dot1q-tunnel
>>>>  switchport nonegotiate
>>>>  l2protocol-tunnel cdp
>>>>  l2protocol-tunnel stp
>>>>  l2protocol-tunnel vtp
>>>>  no cdp enable
>>>>  spanning-tree bpdufilter enable
>>>> end
>>>>
>>>> B#sh run interface gi5/13
>>>> Building configuration...
>>>>
>>>> Current configuration : 298 bytes
>>>> !
>>>> interface GigabitEthernet5/13
>>>>  mtu 2000
>>>>  load-interval 30
>>>>  speed nonegotiate
>>>>  switchport
>>>>  switchport trunk encapsulation dot1q
>>>>  switchport trunk allowed vlan 1101,1102,1106
>>>>  switchport mode trunk
>>>>  no cdp enable
>>>> end
>>>>
>>>>
>>>> Is there anybody who had such issue before?
>>>>
>>>> Thanks and regards,
>>>> Gokhan Gumus
>>>> ______________________________**_________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/**mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
>>>> archive at http://puck.nether.net/**pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/>
>>>>
>>>
>>
>

More information about the cisco-nsp mailing list