[j-nsp] MX: bridge-domains and l2circuit
OBrien, Will
ObrienH at missouri.edu
Thu Aug 18 08:37:58 EDT 2011
To implement tagged interfaces with bridge domains, I use irb interfaces. This is directly from my production box with a little scrubbing.
xe-0/0/0 {
description "blah uplink";
per-unit-scheduler;
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 200 {
encapsulation vlan-bridge;
vlan-id 200;
}
unit 201 {
encapsulation vlan-bridge;
vlan-id 201;
}
}
irb {
unit 200 {
family inet {
inactive: filter {
input I2Inbound;
output I2Outbound;
}
service {
input {
service-set i2-napt service-filter i2-nat-in;
}
output {
service-set i2-napt service-filter i2-nat-out;
}
}
address x.x.x.x/30;
}
}
unit 201 {
family inet {
filter {
input PolicerIn;
output PolicerOut;
}
service {
input {
service-set i1-napt service-filter i1-nat-in;
}
output {
service-set i1-napt service-filter i1-nat-out;
}
}
address x.x.x.x/30;
}
}
}
show configuration bridge-domains
vlan-200 {
domain-type bridge;
vlan-id 200;
interface xe-0/0/0.200;
routing-interface irb.200;
}
vlan-201 {
domain-type bridge;
vlan-id 201;
interface xe-0/0/0.201;
routing-interface irb.201;
}
On Aug 18, 2011, at 1:54 AM, Chris Kawchuk wrote:
> Ahh, slightly different issue then.
>
> First off, once you use that flexible-ethernet-services, you should be declaring each vlan separately and manually add them into the bridge-domain config (i.e. bridge-domain VLAN20 interface xe-1/0/0.x). Anyways, that's not what we're attempting to do here. =)
>
> What you're looking for is to stitch an l2circuit into a bridge-domain (not pick off a VLAN off an interface and turn that into a CCC/L2circuit - different solution). Perhaps a logical-tunnel here may help. (i.e. lt-x/x/x.x interface). I have stitched l2circuits/ccc's into VPLS domains before; I assume the same theory holds true.
>
> Have a look at using the tunnel-services on your MX DPC card. Apologies in advance as I'm writing this in pseudo-code from memory (i.e. un-tested, more of a general idea as to a direction to explore):
>
> chassis {
> fpc 1 {
> pic 3 {
> tunnel-services {
> bandwidth 1g;
> }
> }
> }
> }
>
> interfaces {
> lt-1/3/10 {
> unit 1 {
> encapsulation vlan-ccc;
> peer-unit 2;
> }
> unit 2 {
> encapsulation vlan-bridge;
> peer-unit 1;
> }
> }
>
> bridge-domains {
> VL20 {
> domain-type bridge;
> vlan-id 20;
> interface lt-1/3/10.2;
> .....other access interfaces go here;
> }
> }
>
> neighbor xxx {
> interface lt-1/3/10.1 {
> virtual-circuit-id 20;
> ...
> ...
> }
> }
>
> - Chris.
>
>
> On 2011-08-18, at 4:37 PM, Jonas Frey (Probe Networks) wrote:
>
>> Hi Chris,
>>
>> that does not work...
>>
>> edge# show interfaces xe-1/0/0
>> vlan-tagging;
>> encapsulation flexible-ethernet-services;
>> unit 0 {
>> family bridge {
>> interface-mode trunk;
>> vlan-id-list [ 20 30 40 ];
>> }
>> }
>> unit 1 {
>> encapsulation vlan-ccc;
>> vlan-id 20;
>> }
>>
>> If i do commit now, this fails as the vlan 20 is already used for the
>> bridge on unit 0. If i remove the vlan 20 from unit 0 then the vlan is
>> no longer member of the bridge (show bridge domain). But i need it to be
>> member of that bridge since that vlan goes out on other ports to local
>> switches.
>>
>>
>> edge# show bridge-domains testbridge
>> domain-type bridge;
>> vlan-id 20;
>>
>> What i need to do is to get the VLAN 20 working locally on the bridge
>> (various ports) as well as getting it connected to a somewhat pseudo
>> interface to attached it as a l2circuit.
>>
>> --
>> Mit freundlichen Grüßen / Best regards,
>> Jonas Frey
>>
>> ----------------------------------------------------------------
>> Probe Networks Jonas Frey e-Mail: jf at probe-networks.de
>> Auf Strützberg 26 D-66663 Merzig
>> Tel: +(49) (0) 180 5959723* Fax: +(49) (0) 180 5998480*
>> * (14 Ct./min Festnetz, Mobilfunk ggf. abweichende Preise)
>> Internet: www.probe-networks.de Hotline: 0800 1656531
>> ----------------------------------------------------------------
>>
>> Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder rechtlich
>> geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind
>> oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte
>> sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
>> Kopieren sowie die unbefugte Weitergabe dieser Mail ist strengstens
>> untersagt.
>>
>> This e-mail may contain confidential and/or privileged information.
>> If you are not the intended recipient (or have received this e-mail in
>> error) please notify the sender immediately and destroy this e-mail. Any
>> unauthorised copying, disclosure or distribution of the contents of this
>> e-mail is strictly prohibited.
>>
>> ------------------------------------------
>>
>>
>> Am Donnerstag, den 18.08.2011, 16:22 +1000 schrieb Chris Kawchuk:
>>> You'll need to declare your xe- port with flexible-ethernet-services, so you can do per-unit encapsulations.
>>>
>>> interfaces {
>>> xe-1/0/0 {
>>> vlan-tagging;
>>> encapsulation flexible-ethernet-services;
>>> unit 20 {
>>> encapsulation vlan-ccc;
>>> vlan-id 20;
>>> }
>>> unit 100 {
>>> encapsulation vlan-bridge;
>>> vlan-id 100;
>>> }
>>> }
>>> }
>>>
>>> neighbor xxx {
>>> interface xe-1/0/0.20 {
>>> virtual-circuit-id 20;
>>> ...
>>> ...
>>> }
>>> }
>>>
>>>
>>>
>>> On 2011-08-18, at 4:03 PM, Jonas Frey (Probe Networks) wrote:
>>>
>>>> Hello all,
>>>>
>>>> i am trying to build a l2circuit on a MX. The problem is that the vlan
>>>> that needs to be included in the l2circuit comes via xe-1/0/0 which is
>>>> configured in bridge mode:
>>>> unit 0 {
>>>> family bridge {
>>>> interface-mode trunk;
>>>> vlan-id-list [ 20 30 40 ];
>>>> }
>>>>
>>>> I need to build this l2circuit with vlan 20.
>>>>
>>>> However when configuring the l2circuit i do not have a interface to use
>>>> as the bridge doesnt create any subinterface for the vlan.
>>>>
>>>> neighbor xxx {
>>>> interface ??? {
>>>> virtual-circuit-id 20;
>>>>
>>>>
>>>> I cant configure any subinterface on xe-1/0/0 (like unit 1....) because
>>>> bridge mode prohibits that.
>>>>
>>>> How can i get this to work?
>>>>
>>>> Best regards,
>>>> Jonas
>>>> _______________________________________________
>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list