[j-nsp] MX: bridge-domains and l2circuit
Humair Ali
humair.s.ali at gmail.com
Thu Oct 13 15:31:13 EDT 2011
> Would something like this work ?
>
> lt-0/0/0 {
>
> unit 0 {
>
> encapsulation vlan-ccc;
>
> vlan-id 100;
>
> peer-unit 1;
>
> }
>
> unit 1 {
>
> encapsulation vlan-bridge;
>
> vlan-id 100;
>
> peer-unit 0;
>
> }
>
> }
>
> ge-0/1/5 {
>
> flexible-vlan-tagging;
>
> encapsulation flexible-ethernet-services;
>
> unit 100 {
>
> encapsulation vlan-bridge;
>
> vlan-id 100;
>
> }
>
> }
>
> ge-0/2/5 {
>
> flexible-vlan-tagging;
>
> encapsulation flexible-ethernet-services;
>
> unit 100 {
>
> encapsulation vlan-bridge;
>
> vlan-id 100;
>
> }
>
> }
>
> l2circuit {
>
> neighbor 10.1.1.1 {
>
> interface lt-0/0/0.0 {
>
> virtual-circuit-id 10;
> /////
>
> bridge-domains {
>
> bridge-l2cct {
>
> domain-type bridge;
>
> interface ge-0/1/5.100;
>
> interface ge-0/2/5.100;
>
> interface lt-0/0/0.1;
>
> }
>
>
> On 13 October 2011 20:20, Ivan Ivanov <ivanov.ivan at gmail.com> wrote:
>
>> Hello Jonas,
>>
>> Could you share with us working configuration? Because when I try to
>> stitch
>> both units of lt- interface I got error 'encapsulation mismatch'.
>>
>> Thanks!
>>
>> On Thu, Aug 18, 2011 at 21:26, Jonas Frey (Probe Networks) <
>> jf at probe-networks.de> wrote:
>>
>> > Thanks to all who replied, i got this working the way Chris described
>> > (via lt tunnels).
>> >
>> > I also tried the new iw0 interfaces as per juniper documentation but it
>> > didnt work. Bridge-domains wont let me add a iw0.x interface to the
>> > bridge and i was unable to find anymore information on howto correctly
>> > configure this (probably because its pretty new).
>> >
>> > Best regards,
>> > Jonas
>> >
>> > Am Donnerstag, den 18.08.2011, 07:37 -0500 schrieb OBrien, Will:
>> > > To implement tagged interfaces with bridge domains, I use irb
>> interfaces.
>> > This is directly from my production box with a little scrubbing.
>> > >
>> > > xe-0/0/0 {
>> > > description "blah uplink";
>> > > per-unit-scheduler;
>> > > flexible-vlan-tagging;
>> > > encapsulation flexible-ethernet-services;
>> > > unit 200 {
>> > > encapsulation vlan-bridge;
>> > > vlan-id 200;
>> > > }
>> > > unit 201 {
>> > > encapsulation vlan-bridge;
>> > > vlan-id 201;
>> > > }
>> > > }
>> > >
>> > > irb {
>> > > unit 200 {
>> > > family inet {
>> > > inactive: filter {
>> > > input I2Inbound;
>> > > output I2Outbound;
>> > > }
>> > > service {
>> > > input {
>> > > service-set i2-napt service-filter i2-nat-in;
>> > > }
>> > > output {
>> > > service-set i2-napt service-filter i2-nat-out;
>> > > }
>> > > }
>> > > address x.x.x.x/30;
>> > > }
>> > > }
>> > > unit 201 {
>> > > family inet {
>> > > filter {
>> > > input PolicerIn;
>> > > output PolicerOut;
>> > > }
>> > > service {
>> > > input {
>> > > service-set i1-napt service-filter i1-nat-in;
>> > > }
>> > > output {
>> > > service-set i1-napt service-filter i1-nat-out;
>> > > }
>> > > }
>> > > address x.x.x.x/30;
>> > > }
>> > > }
>> > > }
>> > >
>> > > show configuration bridge-domains
>> > >
>> > > vlan-200 {
>> > > domain-type bridge;
>> > > vlan-id 200;
>> > > interface xe-0/0/0.200;
>> > > routing-interface irb.200;
>> > > }
>> > > vlan-201 {
>> > > domain-type bridge;
>> > > vlan-id 201;
>> > > interface xe-0/0/0.201;
>> > > routing-interface irb.201;
>> > > }
>> > >
>> > >
>> > >
>> > > On Aug 18, 2011, at 1:54 AM, Chris Kawchuk wrote:
>> > >
>> > > > Ahh, slightly different issue then.
>> > > >
>> > > > First off, once you use that flexible-ethernet-services, you should
>> be
>> > declaring each vlan separately and manually add them into the
>> bridge-domain
>> > config (i.e. bridge-domain VLAN20 interface xe-1/0/0.x). Anyways, that's
>> not
>> > what we're attempting to do here. =)
>> > > >
>> > > > What you're looking for is to stitch an l2circuit into a
>> bridge-domain
>> > (not pick off a VLAN off an interface and turn that into a CCC/L2circuit
>> -
>> > different solution). Perhaps a logical-tunnel here may help. (i.e.
>> > lt-x/x/x.x interface). I have stitched l2circuits/ccc's into VPLS
>> domains
>> > before; I assume the same theory holds true.
>> > > >
>> > > > Have a look at using the tunnel-services on your MX DPC card.
>> Apologies
>> > in advance as I'm writing this in pseudo-code from memory (i.e.
>> un-tested,
>> > more of a general idea as to a direction to explore):
>> > > >
>> > > > chassis {
>> > > > fpc 1 {
>> > > > pic 3 {
>> > > > tunnel-services {
>> > > > bandwidth 1g;
>> > > > }
>> > > > }
>> > > > }
>> > > > }
>> > > >
>> > > > interfaces {
>> > > > lt-1/3/10 {
>> > > > unit 1 {
>> > > > encapsulation vlan-ccc;
>> > > > peer-unit 2;
>> > > > }
>> > > > unit 2 {
>> > > > encapsulation vlan-bridge;
>> > > > peer-unit 1;
>> > > > }
>> > > > }
>> > > >
>> > > > bridge-domains {
>> > > > VL20 {
>> > > > domain-type bridge;
>> > > > vlan-id 20;
>> > > > interface lt-1/3/10.2;
>> > > > .....other access interfaces go here;
>> > > > }
>> > > > }
>> > > >
>> > > > neighbor xxx {
>> > > > interface lt-1/3/10.1 {
>> > > > virtual-circuit-id 20;
>> > > > ...
>> > > > ...
>> > > > }
>> > > > }
>> > > >
>> > > > - Chris.
>> > > >
>> > > >
>> > > > On 2011-08-18, at 4:37 PM, Jonas Frey (Probe Networks) wrote:
>> > > >
>> > > >> Hi Chris,
>> > > >>
>> > > >> that does not work...
>> > > >>
>> > > >> edge# show interfaces xe-1/0/0
>> > > >> vlan-tagging;
>> > > >> encapsulation flexible-ethernet-services;
>> > > >> unit 0 {
>> > > >> family bridge {
>> > > >> interface-mode trunk;
>> > > >> vlan-id-list [ 20 30 40 ];
>> > > >> }
>> > > >> }
>> > > >> unit 1 {
>> > > >> encapsulation vlan-ccc;
>> > > >> vlan-id 20;
>> > > >> }
>> > > >>
>> > > >> If i do commit now, this fails as the vlan 20 is already used for
>> the
>> > > >> bridge on unit 0. If i remove the vlan 20 from unit 0 then the vlan
>> is
>> > > >> no longer member of the bridge (show bridge domain). But i need it
>> to
>> > be
>> > > >> member of that bridge since that vlan goes out on other ports to
>> local
>> > > >> switches.
>> > > >>
>> > > >>
>> > > >> edge# show bridge-domains testbridge
>> > > >> domain-type bridge;
>> > > >> vlan-id 20;
>> > > >>
>> > > >> What i need to do is to get the VLAN 20 working locally on the
>> bridge
>> > > >> (various ports) as well as getting it connected to a somewhat
>> pseudo
>> > > >> interface to attached it as a l2circuit.
>> > > >>
>> > > >> --
>> > > >> Mit freundlichen Grüßen / Best regards,
>> > > >> Jonas Frey
>> > > >>
>> > > >> ----------------------------------------------------------------
>> > > >> Probe Networks Jonas Frey e-Mail: jf at probe-networks.de
>> > > >> Auf Strützberg 26 D-66663 Merzig
>> > > >> Tel: +(49) (0) 180 5959723* Fax: +(49) (0) 180 5998480*
>> > > >> * (14 Ct./min Festnetz, Mobilfunk ggf. abweichende Preise)
>> > > >> Internet: www.probe-networks.de Hotline: 0800 1656531
>> > > >> ----------------------------------------------------------------
>> > > >>
>> > > >> Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder
>> rechtlich
>> > > >> geschuetzte Informationen. Wenn Sie nicht der richtige Adressat
>> sind
>> > > >> oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte
>> > > >> sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
>> > > >> Kopieren sowie die unbefugte Weitergabe dieser Mail ist strengstens
>> > > >> untersagt.
>> > > >>
>> > > >> This e-mail may contain confidential and/or privileged information.
>> > > >> If you are not the intended recipient (or have received this e-mail
>> in
>> > > >> error) please notify the sender immediately and destroy this
>> e-mail.
>> > Any
>> > > >> unauthorised copying, disclosure or distribution of the contents of
>> > this
>> > > >> e-mail is strictly prohibited.
>> > > >>
>> > > >> ------------------------------------------
>> > > >>
>> > > >>
>> > > >> Am Donnerstag, den 18.08.2011, 16:22 +1000 schrieb Chris Kawchuk:
>> > > >>> You'll need to declare your xe- port with
>> flexible-ethernet-services,
>> > so you can do per-unit encapsulations.
>> > > >>>
>> > > >>> interfaces {
>> > > >>> xe-1/0/0 {
>> > > >>> vlan-tagging;
>> > > >>> encapsulation flexible-ethernet-services;
>> > > >>> unit 20 {
>> > > >>> encapsulation vlan-ccc;
>> > > >>> vlan-id 20;
>> > > >>> }
>> > > >>> unit 100 {
>> > > >>> encapsulation vlan-bridge;
>> > > >>> vlan-id 100;
>> > > >>> }
>> > > >>> }
>> > > >>> }
>> > > >>>
>> > > >>> neighbor xxx {
>> > > >>> interface xe-1/0/0.20 {
>> > > >>> virtual-circuit-id 20;
>> > > >>> ...
>> > > >>> ...
>> > > >>> }
>> > > >>> }
>> > > >>>
>> > > >>>
>> > > >>>
>> > > >>> On 2011-08-18, at 4:03 PM, Jonas Frey (Probe Networks) wrote:
>> > > >>>
>> > > >>>> Hello all,
>> > > >>>>
>> > > >>>> i am trying to build a l2circuit on a MX. The problem is that the
>> > vlan
>> > > >>>> that needs to be included in the l2circuit comes via xe-1/0/0
>> which
>> > is
>> > > >>>> configured in bridge mode:
>> > > >>>> unit 0 {
>> > > >>>> family bridge {
>> > > >>>> interface-mode trunk;
>> > > >>>> vlan-id-list [ 20 30 40 ];
>> > > >>>> }
>> > > >>>>
>> > > >>>> I need to build this l2circuit with vlan 20.
>> > > >>>>
>> > > >>>> However when configuring the l2circuit i do not have a interface
>> to
>> > use
>> > > >>>> as the bridge doesnt create any subinterface for the vlan.
>> > > >>>>
>> > > >>>> neighbor xxx {
>> > > >>>> interface ??? {
>> > > >>>> virtual-circuit-id 20;
>> > > >>>>
>> > > >>>>
>> > > >>>> I cant configure any subinterface on xe-1/0/0 (like unit 1....)
>> > because
>> > > >>>> bridge mode prohibits that.
>> > > >>>>
>> > > >>>> How can i get this to work?
>> > > >>>>
>> > > >>>> Best regards,
>> > > >>>> Jonas
>> > > >>>> _______________________________________________
>> > > >>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > > >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> > > >>>
>> > > >
>> > > >
>> > > > _______________________________________________
>> > > > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > > > https://puck.nether.net/mailman/listinfo/juniper-nsp
>> > >
>> > >
>> > > _______________________________________________
>> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>> > _______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>>
>>
>>
>> --
>> Best Regards!
>>
>> Ivan Ivanov
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
> Humair
>
>
--
Humair
More information about the juniper-nsp
mailing list