[j-nsp] MX: bridge-domains and l2circuit
Ivan Ivanov
ivanov.ivan at gmail.com
Thu Oct 13 15:20:19 EDT 2011
Hello Jonas,
Could you share with us working configuration? Because when I try to stitch
both units of lt- interface I got error 'encapsulation mismatch'.
Thanks!
On Thu, Aug 18, 2011 at 21:26, Jonas Frey (Probe Networks) <
jf at probe-networks.de> wrote:
> Thanks to all who replied, i got this working the way Chris described
> (via lt tunnels).
>
> I also tried the new iw0 interfaces as per juniper documentation but it
> didnt work. Bridge-domains wont let me add a iw0.x interface to the
> bridge and i was unable to find anymore information on howto correctly
> configure this (probably because its pretty new).
>
> Best regards,
> Jonas
>
> Am Donnerstag, den 18.08.2011, 07:37 -0500 schrieb OBrien, Will:
> > To implement tagged interfaces with bridge domains, I use irb interfaces.
> This is directly from my production box with a little scrubbing.
> >
> > xe-0/0/0 {
> > description "blah uplink";
> > per-unit-scheduler;
> > flexible-vlan-tagging;
> > encapsulation flexible-ethernet-services;
> > unit 200 {
> > encapsulation vlan-bridge;
> > vlan-id 200;
> > }
> > unit 201 {
> > encapsulation vlan-bridge;
> > vlan-id 201;
> > }
> > }
> >
> > irb {
> > unit 200 {
> > family inet {
> > inactive: filter {
> > input I2Inbound;
> > output I2Outbound;
> > }
> > service {
> > input {
> > service-set i2-napt service-filter i2-nat-in;
> > }
> > output {
> > service-set i2-napt service-filter i2-nat-out;
> > }
> > }
> > address x.x.x.x/30;
> > }
> > }
> > unit 201 {
> > family inet {
> > filter {
> > input PolicerIn;
> > output PolicerOut;
> > }
> > service {
> > input {
> > service-set i1-napt service-filter i1-nat-in;
> > }
> > output {
> > service-set i1-napt service-filter i1-nat-out;
> > }
> > }
> > address x.x.x.x/30;
> > }
> > }
> > }
> >
> > show configuration bridge-domains
> >
> > vlan-200 {
> > domain-type bridge;
> > vlan-id 200;
> > interface xe-0/0/0.200;
> > routing-interface irb.200;
> > }
> > vlan-201 {
> > domain-type bridge;
> > vlan-id 201;
> > interface xe-0/0/0.201;
> > routing-interface irb.201;
> > }
> >
> >
> >
> > On Aug 18, 2011, at 1:54 AM, Chris Kawchuk wrote:
> >
> > > Ahh, slightly different issue then.
> > >
> > > First off, once you use that flexible-ethernet-services, you should be
> declaring each vlan separately and manually add them into the bridge-domain
> config (i.e. bridge-domain VLAN20 interface xe-1/0/0.x). Anyways, that's not
> what we're attempting to do here. =)
> > >
> > > What you're looking for is to stitch an l2circuit into a bridge-domain
> (not pick off a VLAN off an interface and turn that into a CCC/L2circuit -
> different solution). Perhaps a logical-tunnel here may help. (i.e.
> lt-x/x/x.x interface). I have stitched l2circuits/ccc's into VPLS domains
> before; I assume the same theory holds true.
> > >
> > > Have a look at using the tunnel-services on your MX DPC card. Apologies
> in advance as I'm writing this in pseudo-code from memory (i.e. un-tested,
> more of a general idea as to a direction to explore):
> > >
> > > chassis {
> > > fpc 1 {
> > > pic 3 {
> > > tunnel-services {
> > > bandwidth 1g;
> > > }
> > > }
> > > }
> > > }
> > >
> > > interfaces {
> > > lt-1/3/10 {
> > > unit 1 {
> > > encapsulation vlan-ccc;
> > > peer-unit 2;
> > > }
> > > unit 2 {
> > > encapsulation vlan-bridge;
> > > peer-unit 1;
> > > }
> > > }
> > >
> > > bridge-domains {
> > > VL20 {
> > > domain-type bridge;
> > > vlan-id 20;
> > > interface lt-1/3/10.2;
> > > .....other access interfaces go here;
> > > }
> > > }
> > >
> > > neighbor xxx {
> > > interface lt-1/3/10.1 {
> > > virtual-circuit-id 20;
> > > ...
> > > ...
> > > }
> > > }
> > >
> > > - Chris.
> > >
> > >
> > > On 2011-08-18, at 4:37 PM, Jonas Frey (Probe Networks) wrote:
> > >
> > >> Hi Chris,
> > >>
> > >> that does not work...
> > >>
> > >> edge# show interfaces xe-1/0/0
> > >> vlan-tagging;
> > >> encapsulation flexible-ethernet-services;
> > >> unit 0 {
> > >> family bridge {
> > >> interface-mode trunk;
> > >> vlan-id-list [ 20 30 40 ];
> > >> }
> > >> }
> > >> unit 1 {
> > >> encapsulation vlan-ccc;
> > >> vlan-id 20;
> > >> }
> > >>
> > >> If i do commit now, this fails as the vlan 20 is already used for the
> > >> bridge on unit 0. If i remove the vlan 20 from unit 0 then the vlan is
> > >> no longer member of the bridge (show bridge domain). But i need it to
> be
> > >> member of that bridge since that vlan goes out on other ports to local
> > >> switches.
> > >>
> > >>
> > >> edge# show bridge-domains testbridge
> > >> domain-type bridge;
> > >> vlan-id 20;
> > >>
> > >> What i need to do is to get the VLAN 20 working locally on the bridge
> > >> (various ports) as well as getting it connected to a somewhat pseudo
> > >> interface to attached it as a l2circuit.
> > >>
> > >> --
> > >> Mit freundlichen Grüßen / Best regards,
> > >> Jonas Frey
> > >>
> > >> ----------------------------------------------------------------
> > >> Probe Networks Jonas Frey e-Mail: jf at probe-networks.de
> > >> Auf Strützberg 26 D-66663 Merzig
> > >> Tel: +(49) (0) 180 5959723* Fax: +(49) (0) 180 5998480*
> > >> * (14 Ct./min Festnetz, Mobilfunk ggf. abweichende Preise)
> > >> Internet: www.probe-networks.de Hotline: 0800 1656531
> > >> ----------------------------------------------------------------
> > >>
> > >> Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder rechtlich
> > >> geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind
> > >> oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte
> > >> sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
> > >> Kopieren sowie die unbefugte Weitergabe dieser Mail ist strengstens
> > >> untersagt.
> > >>
> > >> This e-mail may contain confidential and/or privileged information.
> > >> If you are not the intended recipient (or have received this e-mail in
> > >> error) please notify the sender immediately and destroy this e-mail.
> Any
> > >> unauthorised copying, disclosure or distribution of the contents of
> this
> > >> e-mail is strictly prohibited.
> > >>
> > >> ------------------------------------------
> > >>
> > >>
> > >> Am Donnerstag, den 18.08.2011, 16:22 +1000 schrieb Chris Kawchuk:
> > >>> You'll need to declare your xe- port with flexible-ethernet-services,
> so you can do per-unit encapsulations.
> > >>>
> > >>> interfaces {
> > >>> xe-1/0/0 {
> > >>> vlan-tagging;
> > >>> encapsulation flexible-ethernet-services;
> > >>> unit 20 {
> > >>> encapsulation vlan-ccc;
> > >>> vlan-id 20;
> > >>> }
> > >>> unit 100 {
> > >>> encapsulation vlan-bridge;
> > >>> vlan-id 100;
> > >>> }
> > >>> }
> > >>> }
> > >>>
> > >>> neighbor xxx {
> > >>> interface xe-1/0/0.20 {
> > >>> virtual-circuit-id 20;
> > >>> ...
> > >>> ...
> > >>> }
> > >>> }
> > >>>
> > >>>
> > >>>
> > >>> On 2011-08-18, at 4:03 PM, Jonas Frey (Probe Networks) wrote:
> > >>>
> > >>>> Hello all,
> > >>>>
> > >>>> i am trying to build a l2circuit on a MX. The problem is that the
> vlan
> > >>>> that needs to be included in the l2circuit comes via xe-1/0/0 which
> is
> > >>>> configured in bridge mode:
> > >>>> unit 0 {
> > >>>> family bridge {
> > >>>> interface-mode trunk;
> > >>>> vlan-id-list [ 20 30 40 ];
> > >>>> }
> > >>>>
> > >>>> I need to build this l2circuit with vlan 20.
> > >>>>
> > >>>> However when configuring the l2circuit i do not have a interface to
> use
> > >>>> as the bridge doesnt create any subinterface for the vlan.
> > >>>>
> > >>>> neighbor xxx {
> > >>>> interface ??? {
> > >>>> virtual-circuit-id 20;
> > >>>>
> > >>>>
> > >>>> I cant configure any subinterface on xe-1/0/0 (like unit 1....)
> because
> > >>>> bridge mode prohibits that.
> > >>>>
> > >>>> How can i get this to work?
> > >>>>
> > >>>> Best regards,
> > >>>> Jonas
> > >>>> _______________________________________________
> > >>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> > >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> > >>>
> > >
> > >
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Best Regards!
Ivan Ivanov
More information about the juniper-nsp
mailing list