[j-nsp] EX 8200 deployment

Richard A Steenbergen ras at e-gerbil.net
Mon Mar 22 15:16:36 EDT 2010 

On Mon, Mar 22, 2010 at 05:31:38PM +0300, Alexandre Snarskii wrote:
> I suppose you can use good old "hairpin cable" trick to have both
> egress policers (converted to ingress ones on "switched" side of
> hairpin) and counters on Vlan's (actually on subinterfaces on "routed"
> side).  Not checked with ex-82xx, but it works for ex-[34]200.

I'm trying to picture the exact configuration you're talking about, but
I'm not sure I get it. If you hairpined a trunk port, wouldn't you still
have to configure the layer 2 vlans on the other side to do anything
with them, and wouldn't they then be the same vlans as the originals? 

I was waiting on some more lab EX's to show up before I started playing
with this further, but I suppose I might as well ask here and see if
someone else wants to test it... What happens when you configure the
same vlan-id under two different interfaces? For example, we know that
the counters for multiple subinterfaces work correctly like this:

interface xe-1/0/0 {
    vlan-tagging;
    unit 101 {
        vlan-id 101;
        family inet {
            address 1.2.3.4/24;
        }
    }
}

But what happens when you do:

interface xe-1/0/0 {
    vlan-tagging;
    unit 101 {
        vlan-id 101;
        family inet {
            address 1.2.3.4/24;
        }
    }
}

interface xe-2/0/0 {
    vlan-tagging;
    unit 101 {
        vlan-id 101;
        family inet {
            address 2.3.4.5/24;
        }
    }
}

Commit check doesn't error on it at any rate, but does this share 
packets within a vlan 101 space automatically, or not? Or were you 
saying that when you do a subinterface style it doesn't actually use the 
vlan chassis-wide like it would if you did this subinterface style 
config on a 6509 for example, and you were proposing this:

interface xe-1/0/0 {
    vlan-tagging;
    unit 101 {
        vlan-id 101;
        family inet {
            address 1.2.3.4/24;
        }
    }
}

interface xe-2/0/0 {
    unit 0 {
        family ethernet-switching {
            port-mode trunk;
            vlan {
                members VLAN101;
            }
        }
    }
}

vlans {
    VLAN101 {
        vlan-id 101;
    }
}

With a hairpin between xe-1/0/0 and xe-2/0/0, and then you could use 
VLAN101 in whatever other configuration you wanted while still using 
xe-1/0/0.101 for the counting?

And if the above is true, can someone test as an alternative to family 
ethernet-switching:

interface xe-1/0/0 {
    vlan-tagging;
    unit 101 {
        family ccc;
    }
}

interface xe-1/0/1 {
    vlan-tagging;
    unit 101 {
        family ccc;
    }
}

protocols {
    connections {
        interface-switch test {
            interface xe-1/0/0.101;
            interface xe-1/0/1.101;
        }
    }
}

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

More information about the juniper-nsp mailing list