[j-nsp] Trunking routed vlan interfaces on a Juniper mx960

Brian Fitzgerald FitzgeraldB at camosun.bc.ca
Fri Aug 21 18:31:29 EDT 2009 

Thanks Nilesh, that helps clarify some things that have been nagging at
me.

 We are running 9.3, so the knobs are sort-of there, and we are using
them for ports where we know the mode of operation is consistent (access
or trunk, with the associated bridge normalization - locally connected
machines, equipment, and services).

Good to know they have evolved to support mixed-use support.

Where we use the old-style config is on ports that are mixed services -
multiple layers of tagging, mixed tag values in the same bridge (with
and without normalization or IRB interfaces), sub-interfaces associated
with other bridge routing-instances, VPLS, VRFs and logical routers -
and we really are using the whole gamut on one interface at the same
time.  It also maintains consistency of configuration on multi-service
interfaces with a number of other M-Series routers we have in service.

I guess it depends on what you already have deployed and are comfortable
with, what you are primarily using the box for (switch or router) and
just how complex what you are trying to do is...

Thanks for the update - more than I could find out from the docs ;-)

Brian
-----Original Message-----
From: Nilesh Khambal [mailto:nkhambal at juniper.net] 
Sent: Friday, August 21, 2009 3:09 PM
To: Brian Fitzgerald; Michael Phung
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960

Hi Brian,

Your way of configuring trunks and access ports is what I call an old
style of configuration before the introduction of "interface-mode trunk"
and "interface-mode access" knobs in JUNOS. Old style was a bit painful
to use when you had to configure multiple vlans on trunk interface. With
new style, you don't need to configure trunk interfaces with multiple
logical units and assign each unit to its corresponding bridge-domains.
Interface-mode knob is more user-friendly in that, when you configure it
in access or trunk mode with either vlan-id or vlan-id-list
respectively, the interface is automatically  associated with the
corresponding bridge-domain.

Again, it all depends on user convenience.  You should be able to mix
old-style configuration with new-style configuration, especially in
cases where vlan id normalization is needed.

Thanks,
Nilesh.


On 8/21/09 12:47 PM, "Brian Fitzgerald" <FitzgeraldB at camosun.bc.ca>
wrote:

Hello Michael

An alternate is to use the flexible-services that the MX has available -
leaves you able to use other vlans on the ports for direct routed use,
logical routers, QinQ tagging, VPLS, etc.

HSRP is Cisco specific - the equivalent with everyone else is VRRP -
which most Cisco gear also supports

The VSTP spanning tree protocol used on the MX (essentially PVST+) is
something I tinkered with, but we never implemented, so double-check my
syntax.  As well, it does limit you to using the same vlan tags and a
matching "normalizing" bridge group tag on all interfaces that are part
of the bridge group - a fixed requirement on TCAM based Cisco gear, but
NOT on the MX (which allows you to bridge together dissimilar tags on
each interface that are part of a bridge group, if you aren't using
VSTP)

Example:


interfaces {
    ge-2/0/0 {
        flexible-vlan-tagging;
        encapsulation flexible-ethernet-services;
        unit 200 {
            encapsulation vlan-bridge;
            vlan-id 200;
        }
    }
    ge-2/1/0 {
        flexible-vlan-tagging;
        encapsulation flexible-ethernet-services;
        unit 200 {
            encapsulation vlan-bridge;
            vlan-id 200;
        }
    }
    irb {
        unit 200 {
            family inet {
                address 10.10.10.2/26;
                vrrp-group 1 {
                    virtual-address 10.10.10.1;
                    priority 10;
                }
            }
        }
    }
}
protocols {
    vstp {
        vlan 200 {
             interface ge-2/0/0.200;
             interface ge-2/1/0.200;
        }
    }
}

bridge-domains {
    vlan200 {
        domain-type bridge;
        vlan-id 200;
        interface ge-2/0/0.200;
        interface ge-2/1/0.200;
        routing-interface irb.200
    }
}

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Michael Phung
Sent: Friday, August 21, 2009 9:24 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Trunking routed vlan interfaces on a Juniper mx960

Hello everyone,

I just got my hands on a Juniper mx router and I'm starting the
initial config in preparation to convert from Cisco. As I configure
the interfaces, I can't seem to figure our how to create a routed vlan
interface and have the ability to trunk it down multiple physical
interfaces. I've looked up on the the web but was unable to find
anything that direct describes what I'm trying to achieve.

Below is a sample config from a Cisco;

!
spanning-tree mode pvst
spanning-tree vlan 200 priority 8192
!
interface GigabitEthernet2/1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 200
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet2/10
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 200
 switchport mode trunk
 switchport nonegotiate
!
interface Vlan200
 ip address 10.10.10.2 255.255.255.192
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 standby ip 10.10.10.1
!

Can this be done on a MX router? if so, can a sample config be provided?

Any help would be much appreciated.

Michael
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list