[j-nsp] MX: bridge-domains and l2circuit
Jonas Frey (Probe Networks)
jf at probe-networks.de
Thu Aug 18 14:26:27 EDT 2011
Thanks to all who replied, i got this working the way Chris described
(via lt tunnels).
I also tried the new iw0 interfaces as per juniper documentation but it
didnt work. Bridge-domains wont let me add a iw0.x interface to the
bridge and i was unable to find anymore information on howto correctly
configure this (probably because its pretty new).
Best regards,
Jonas
Am Donnerstag, den 18.08.2011, 07:37 -0500 schrieb OBrien, Will:
> To implement tagged interfaces with bridge domains, I use irb interfaces. This is directly from my production box with a little scrubbing.
>
> xe-0/0/0 {
> description "blah uplink";
> per-unit-scheduler;
> flexible-vlan-tagging;
> encapsulation flexible-ethernet-services;
> unit 200 {
> encapsulation vlan-bridge;
> vlan-id 200;
> }
> unit 201 {
> encapsulation vlan-bridge;
> vlan-id 201;
> }
> }
>
> irb {
> unit 200 {
> family inet {
> inactive: filter {
> input I2Inbound;
> output I2Outbound;
> }
> service {
> input {
> service-set i2-napt service-filter i2-nat-in;
> }
> output {
> service-set i2-napt service-filter i2-nat-out;
> }
> }
> address x.x.x.x/30;
> }
> }
> unit 201 {
> family inet {
> filter {
> input PolicerIn;
> output PolicerOut;
> }
> service {
> input {
> service-set i1-napt service-filter i1-nat-in;
> }
> output {
> service-set i1-napt service-filter i1-nat-out;
> }
> }
> address x.x.x.x/30;
> }
> }
> }
>
> show configuration bridge-domains
>
> vlan-200 {
> domain-type bridge;
> vlan-id 200;
> interface xe-0/0/0.200;
> routing-interface irb.200;
> }
> vlan-201 {
> domain-type bridge;
> vlan-id 201;
> interface xe-0/0/0.201;
> routing-interface irb.201;
> }
>
>
>
> On Aug 18, 2011, at 1:54 AM, Chris Kawchuk wrote:
>
> > Ahh, slightly different issue then.
> >
> > First off, once you use that flexible-ethernet-services, you should be declaring each vlan separately and manually add them into the bridge-domain config (i.e. bridge-domain VLAN20 interface xe-1/0/0.x). Anyways, that's not what we're attempting to do here. =)
> >
> > What you're looking for is to stitch an l2circuit into a bridge-domain (not pick off a VLAN off an interface and turn that into a CCC/L2circuit - different solution). Perhaps a logical-tunnel here may help. (i.e. lt-x/x/x.x interface). I have stitched l2circuits/ccc's into VPLS domains before; I assume the same theory holds true.
> >
> > Have a look at using the tunnel-services on your MX DPC card. Apologies in advance as I'm writing this in pseudo-code from memory (i.e. un-tested, more of a general idea as to a direction to explore):
> >
> > chassis {
> > fpc 1 {
> > pic 3 {
> > tunnel-services {
> > bandwidth 1g;
> > }
> > }
> > }
> > }
> >
> > interfaces {
> > lt-1/3/10 {
> > unit 1 {
> > encapsulation vlan-ccc;
> > peer-unit 2;
> > }
> > unit 2 {
> > encapsulation vlan-bridge;
> > peer-unit 1;
> > }
> > }
> >
> > bridge-domains {
> > VL20 {
> > domain-type bridge;
> > vlan-id 20;
> > interface lt-1/3/10.2;
> > .....other access interfaces go here;
> > }
> > }
> >
> > neighbor xxx {
> > interface lt-1/3/10.1 {
> > virtual-circuit-id 20;
> > ...
> > ...
> > }
> > }
> >
> > - Chris.
> >
> >
> > On 2011-08-18, at 4:37 PM, Jonas Frey (Probe Networks) wrote:
> >
> >> Hi Chris,
> >>
> >> that does not work...
> >>
> >> edge# show interfaces xe-1/0/0
> >> vlan-tagging;
> >> encapsulation flexible-ethernet-services;
> >> unit 0 {
> >> family bridge {
> >> interface-mode trunk;
> >> vlan-id-list [ 20 30 40 ];
> >> }
> >> }
> >> unit 1 {
> >> encapsulation vlan-ccc;
> >> vlan-id 20;
> >> }
> >>
> >> If i do commit now, this fails as the vlan 20 is already used for the
> >> bridge on unit 0. If i remove the vlan 20 from unit 0 then the vlan is
> >> no longer member of the bridge (show bridge domain). But i need it to be
> >> member of that bridge since that vlan goes out on other ports to local
> >> switches.
> >>
> >>
> >> edge# show bridge-domains testbridge
> >> domain-type bridge;
> >> vlan-id 20;
> >>
> >> What i need to do is to get the VLAN 20 working locally on the bridge
> >> (various ports) as well as getting it connected to a somewhat pseudo
> >> interface to attached it as a l2circuit.
> >>
> >> --
> >> Mit freundlichen Grüßen / Best regards,
> >> Jonas Frey
> >>
> >> ----------------------------------------------------------------
> >> Probe Networks Jonas Frey e-Mail: jf at probe-networks.de
> >> Auf Strützberg 26 D-66663 Merzig
> >> Tel: +(49) (0) 180 5959723* Fax: +(49) (0) 180 5998480*
> >> * (14 Ct./min Festnetz, Mobilfunk ggf. abweichende Preise)
> >> Internet: www.probe-networks.de Hotline: 0800 1656531
> >> ----------------------------------------------------------------
> >>
> >> Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder rechtlich
> >> geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind
> >> oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte
> >> sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
> >> Kopieren sowie die unbefugte Weitergabe dieser Mail ist strengstens
> >> untersagt.
> >>
> >> This e-mail may contain confidential and/or privileged information.
> >> If you are not the intended recipient (or have received this e-mail in
> >> error) please notify the sender immediately and destroy this e-mail. Any
> >> unauthorised copying, disclosure or distribution of the contents of this
> >> e-mail is strictly prohibited.
> >>
> >> ------------------------------------------
> >>
> >>
> >> Am Donnerstag, den 18.08.2011, 16:22 +1000 schrieb Chris Kawchuk:
> >>> You'll need to declare your xe- port with flexible-ethernet-services, so you can do per-unit encapsulations.
> >>>
> >>> interfaces {
> >>> xe-1/0/0 {
> >>> vlan-tagging;
> >>> encapsulation flexible-ethernet-services;
> >>> unit 20 {
> >>> encapsulation vlan-ccc;
> >>> vlan-id 20;
> >>> }
> >>> unit 100 {
> >>> encapsulation vlan-bridge;
> >>> vlan-id 100;
> >>> }
> >>> }
> >>> }
> >>>
> >>> neighbor xxx {
> >>> interface xe-1/0/0.20 {
> >>> virtual-circuit-id 20;
> >>> ...
> >>> ...
> >>> }
> >>> }
> >>>
> >>>
> >>>
> >>> On 2011-08-18, at 4:03 PM, Jonas Frey (Probe Networks) wrote:
> >>>
> >>>> Hello all,
> >>>>
> >>>> i am trying to build a l2circuit on a MX. The problem is that the vlan
> >>>> that needs to be included in the l2circuit comes via xe-1/0/0 which is
> >>>> configured in bridge mode:
> >>>> unit 0 {
> >>>> family bridge {
> >>>> interface-mode trunk;
> >>>> vlan-id-list [ 20 30 40 ];
> >>>> }
> >>>>
> >>>> I need to build this l2circuit with vlan 20.
> >>>>
> >>>> However when configuring the l2circuit i do not have a interface to use
> >>>> as the bridge doesnt create any subinterface for the vlan.
> >>>>
> >>>> neighbor xxx {
> >>>> interface ??? {
> >>>> virtual-circuit-id 20;
> >>>>
> >>>>
> >>>> I cant configure any subinterface on xe-1/0/0 (like unit 1....) because
> >>>> bridge mode prohibits that.
> >>>>
> >>>> How can i get this to work?
> >>>>
> >>>> Best regards,
> >>>> Jonas
> >>>> _______________________________________________
> >>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>>
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20110818/0ea8c69b/attachment.pgp>
More information about the juniper-nsp
mailing list