[j-nsp] MX: bridge-domains and l2circuit
Jonas Frey (Probe Networks)
jf at probe-networks.de
Thu Oct 13 16:25:23 EDT 2011
Hello Ivan,
as Humair already pointed out you need to have encapsulation vlan-bridge
and vlan-ccc on one of each of the lt- interfaces.
Best regards,
Jonas
Am Donnerstag, den 13.10.2011, 22:20 +0300 schrieb Ivan Ivanov:
> Hello Jonas,
>
>
> Could you share with us working configuration? Because when I try to
> stitch both units of lt- interface I got error 'encapsulation
> mismatch'.
>
>
> Thanks!
>
> On Thu, Aug 18, 2011 at 21:26, Jonas Frey (Probe Networks)
> <jf at probe-networks.de> wrote:
> Thanks to all who replied, i got this working the way Chris
> described
> (via lt tunnels).
>
> I also tried the new iw0 interfaces as per juniper
> documentation but it
> didnt work. Bridge-domains wont let me add a iw0.x interface
> to the
> bridge and i was unable to find anymore information on howto
> correctly
> configure this (probably because its pretty new).
>
> Best regards,
> Jonas
>
> Am Donnerstag, den 18.08.2011, 07:37 -0500 schrieb OBrien,
> Will:
>
> > To implement tagged interfaces with bridge domains, I use
> irb interfaces. This is directly from my production box with a
> little scrubbing.
> >
> > xe-0/0/0 {
> > description "blah uplink";
> > per-unit-scheduler;
> > flexible-vlan-tagging;
> > encapsulation flexible-ethernet-services;
> > unit 200 {
> > encapsulation vlan-bridge;
> > vlan-id 200;
> > }
> > unit 201 {
> > encapsulation vlan-bridge;
> > vlan-id 201;
> > }
> > }
> >
> > irb {
> > unit 200 {
> > family inet {
> > inactive: filter {
> > input I2Inbound;
> > output I2Outbound;
> > }
> > service {
> > input {
> > service-set i2-napt service-filter
> i2-nat-in;
> > }
> > output {
> > service-set i2-napt service-filter
> i2-nat-out;
> > }
> > }
> > address x.x.x.x/30;
> > }
> > }
> > unit 201 {
> > family inet {
> > filter {
> > input PolicerIn;
> > output PolicerOut;
> > }
> > service {
> > input {
> > service-set i1-napt service-filter
> i1-nat-in;
> > }
> > output {
> > service-set i1-napt service-filter
> i1-nat-out;
> > }
> > }
> > address x.x.x.x/30;
> > }
> > }
> > }
> >
> > show configuration bridge-domains
> >
> > vlan-200 {
> > domain-type bridge;
> > vlan-id 200;
> > interface xe-0/0/0.200;
> > routing-interface irb.200;
> > }
> > vlan-201 {
> > domain-type bridge;
> > vlan-id 201;
> > interface xe-0/0/0.201;
> > routing-interface irb.201;
> > }
> >
> >
> >
> > On Aug 18, 2011, at 1:54 AM, Chris Kawchuk wrote:
> >
> > > Ahh, slightly different issue then.
> > >
> > > First off, once you use that flexible-ethernet-services,
> you should be declaring each vlan separately and manually add
> them into the bridge-domain config (i.e. bridge-domain VLAN20
> interface xe-1/0/0.x). Anyways, that's not what we're
> attempting to do here. =)
> > >
> > > What you're looking for is to stitch an l2circuit into a
> bridge-domain (not pick off a VLAN off an interface and turn
> that into a CCC/L2circuit - different solution). Perhaps a
> logical-tunnel here may help. (i.e. lt-x/x/x.x interface). I
> have stitched l2circuits/ccc's into VPLS domains before; I
> assume the same theory holds true.
> > >
> > > Have a look at using the tunnel-services on your MX DPC
> card. Apologies in advance as I'm writing this in pseudo-code
> from memory (i.e. un-tested, more of a general idea as to a
> direction to explore):
> > >
> > > chassis {
> > > fpc 1 {
> > > pic 3 {
> > > tunnel-services {
> > > bandwidth 1g;
> > > }
> > > }
> > > }
> > > }
> > >
> > > interfaces {
> > > lt-1/3/10 {
> > > unit 1 {
> > > encapsulation vlan-ccc;
> > > peer-unit 2;
> > > }
> > > unit 2 {
> > > encapsulation vlan-bridge;
> > > peer-unit 1;
> > > }
> > > }
> > >
> > > bridge-domains {
> > > VL20 {
> > > domain-type bridge;
> > > vlan-id 20;
> > > interface lt-1/3/10.2;
> > > .....other access interfaces go here;
> > > }
> > > }
> > >
> > > neighbor xxx {
> > > interface lt-1/3/10.1 {
> > > virtual-circuit-id 20;
> > > ...
> > > ...
> > > }
> > > }
> > >
> > > - Chris.
> > >
> > >
> > > On 2011-08-18, at 4:37 PM, Jonas Frey (Probe Networks)
> wrote:
> > >
> > >> Hi Chris,
> > >>
> > >> that does not work...
> > >>
> > >> edge# show interfaces xe-1/0/0
> > >> vlan-tagging;
> > >> encapsulation flexible-ethernet-services;
> > >> unit 0 {
> > >> family bridge {
> > >> interface-mode trunk;
> > >> vlan-id-list [ 20 30 40 ];
> > >> }
> > >> }
> > >> unit 1 {
> > >> encapsulation vlan-ccc;
> > >> vlan-id 20;
> > >> }
> > >>
> > >> If i do commit now, this fails as the vlan 20 is already
> used for the
> > >> bridge on unit 0. If i remove the vlan 20 from unit 0
> then the vlan is
> > >> no longer member of the bridge (show bridge domain). But
> i need it to be
> > >> member of that bridge since that vlan goes out on other
> ports to local
> > >> switches.
> > >>
> > >>
> > >> edge# show bridge-domains testbridge
> > >> domain-type bridge;
> > >> vlan-id 20;
> > >>
> > >> What i need to do is to get the VLAN 20 working locally
> on the bridge
> > >> (various ports) as well as getting it connected to a
> somewhat pseudo
> > >> interface to attached it as a l2circuit.
> > >>
> > >> --
> > >> Mit freundlichen Grüßen / Best regards,
> > >> Jonas Frey
> > >>
> > >>
> ----------------------------------------------------------------
> > >> Probe Networks Jonas Frey e-Mail:
> jf at probe-networks.de
> > >> Auf Strützberg 26 D-66663 Merzig
> > >> Tel: +(49) (0) 180 5959723* Fax: +(49) (0) 180
> 5998480*
> > >> * (14 Ct./min Festnetz, Mobilfunk ggf. abweichende
> Preise)
> > >> Internet: www.probe-networks.de Hotline: 0800 1656531
> > >>
> ----------------------------------------------------------------
> > >>
> > >> Diese E-Mail enthaelt moeglicherweise vertrauliche
> und/oder rechtlich
> > >> geschuetzte Informationen. Wenn Sie nicht der richtige
> Adressat sind
> > >> oder diese E-Mail irrtuemlich erhalten haben, informieren
> Sie bitte
> > >> sofort den Absender und vernichten Sie diese Mail. Das
> unerlaubte
> > >> Kopieren sowie die unbefugte Weitergabe dieser Mail ist
> strengstens
> > >> untersagt.
> > >>
> > >> This e-mail may contain confidential and/or privileged
> information.
> > >> If you are not the intended recipient (or have received
> this e-mail in
> > >> error) please notify the sender immediately and destroy
> this e-mail. Any
> > >> unauthorised copying, disclosure or distribution of the
> contents of this
> > >> e-mail is strictly prohibited.
> > >>
> > >> ------------------------------------------
> > >>
> > >>
> > >> Am Donnerstag, den 18.08.2011, 16:22 +1000 schrieb Chris
> Kawchuk:
> > >>> You'll need to declare your xe- port with
> flexible-ethernet-services, so you can do per-unit
> encapsulations.
> > >>>
> > >>> interfaces {
> > >>> xe-1/0/0 {
> > >>> vlan-tagging;
> > >>> encapsulation flexible-ethernet-services;
> > >>> unit 20 {
> > >>> encapsulation vlan-ccc;
> > >>> vlan-id 20;
> > >>> }
> > >>> unit 100 {
> > >>> encapsulation vlan-bridge;
> > >>> vlan-id 100;
> > >>> }
> > >>> }
> > >>> }
> > >>>
> > >>> neighbor xxx {
> > >>> interface xe-1/0/0.20 {
> > >>> virtual-circuit-id 20;
> > >>> ...
> > >>> ...
> > >>> }
> > >>> }
> > >>>
> > >>>
> > >>>
> > >>> On 2011-08-18, at 4:03 PM, Jonas Frey (Probe Networks)
> wrote:
> > >>>
> > >>>> Hello all,
> > >>>>
> > >>>> i am trying to build a l2circuit on a MX. The problem
> is that the vlan
> > >>>> that needs to be included in the l2circuit comes via
> xe-1/0/0 which is
> > >>>> configured in bridge mode:
> > >>>> unit 0 {
> > >>>> family bridge {
> > >>>> interface-mode trunk;
> > >>>> vlan-id-list [ 20 30 40 ];
> > >>>> }
> > >>>>
> > >>>> I need to build this l2circuit with vlan 20.
> > >>>>
> > >>>> However when configuring the l2circuit i do not have a
> interface to use
> > >>>> as the bridge doesnt create any subinterface for the
> vlan.
> > >>>>
> > >>>> neighbor xxx {
> > >>>> interface ??? {
> > >>>> virtual-circuit-id 20;
> > >>>>
> > >>>>
> > >>>> I cant configure any subinterface on xe-1/0/0 (like
> unit 1....) because
> > >>>> bridge mode prohibits that.
> > >>>>
> > >>>> How can i get this to work?
> > >>>>
> > >>>> Best regards,
> > >>>> Jonas
> > >>>> _______________________________________________
> > >>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> > >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> > >>>
> > >
> > >
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
>
> --
> Best Regards!
>
> Ivan Ivanov
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20111013/6a59f9fd/attachment.pgp>
More information about the juniper-nsp
mailing list