[j-nsp] MX: bridge-domains and l2circuit
Ivan Ivanov
ivanov.ivan at gmail.com
Thu Oct 13 16:44:48 EDT 2011
Thank you,
It seams that the problem is that I am trying to stitch from one side
'encapsulation vlan-bridge' and from the other 'encapsulation vlan-vpls'.
vlan-vpls on both ends again returns 'encapsulation mismatch'
Maybe this is not supported between two bridge domains.
Thank you again!
On Thu, Oct 13, 2011 at 23:25, Jonas Frey (Probe Networks) <
jf at probe-networks.de> wrote:
> Hello Ivan,
>
> as Humair already pointed out you need to have encapsulation vlan-bridge
> and vlan-ccc on one of each of the lt- interfaces.
>
> Best regards,
> Jonas
>
> Am Donnerstag, den 13.10.2011, 22:20 +0300 schrieb Ivan Ivanov:
> > Hello Jonas,
> >
> >
> > Could you share with us working configuration? Because when I try to
> > stitch both units of lt- interface I got error 'encapsulation
> > mismatch'.
> >
> >
> > Thanks!
> >
> > On Thu, Aug 18, 2011 at 21:26, Jonas Frey (Probe Networks)
> > <jf at probe-networks.de> wrote:
> > Thanks to all who replied, i got this working the way Chris
> > described
> > (via lt tunnels).
> >
> > I also tried the new iw0 interfaces as per juniper
> > documentation but it
> > didnt work. Bridge-domains wont let me add a iw0.x interface
> > to the
> > bridge and i was unable to find anymore information on howto
> > correctly
> > configure this (probably because its pretty new).
> >
> > Best regards,
> > Jonas
> >
> > Am Donnerstag, den 18.08.2011, 07:37 -0500 schrieb OBrien,
> > Will:
> >
> > > To implement tagged interfaces with bridge domains, I use
> > irb interfaces. This is directly from my production box with a
> > little scrubbing.
> > >
> > > xe-0/0/0 {
> > > description "blah uplink";
> > > per-unit-scheduler;
> > > flexible-vlan-tagging;
> > > encapsulation flexible-ethernet-services;
> > > unit 200 {
> > > encapsulation vlan-bridge;
> > > vlan-id 200;
> > > }
> > > unit 201 {
> > > encapsulation vlan-bridge;
> > > vlan-id 201;
> > > }
> > > }
> > >
> > > irb {
> > > unit 200 {
> > > family inet {
> > > inactive: filter {
> > > input I2Inbound;
> > > output I2Outbound;
> > > }
> > > service {
> > > input {
> > > service-set i2-napt service-filter
> > i2-nat-in;
> > > }
> > > output {
> > > service-set i2-napt service-filter
> > i2-nat-out;
> > > }
> > > }
> > > address x.x.x.x/30;
> > > }
> > > }
> > > unit 201 {
> > > family inet {
> > > filter {
> > > input PolicerIn;
> > > output PolicerOut;
> > > }
> > > service {
> > > input {
> > > service-set i1-napt service-filter
> > i1-nat-in;
> > > }
> > > output {
> > > service-set i1-napt service-filter
> > i1-nat-out;
> > > }
> > > }
> > > address x.x.x.x/30;
> > > }
> > > }
> > > }
> > >
> > > show configuration bridge-domains
> > >
> > > vlan-200 {
> > > domain-type bridge;
> > > vlan-id 200;
> > > interface xe-0/0/0.200;
> > > routing-interface irb.200;
> > > }
> > > vlan-201 {
> > > domain-type bridge;
> > > vlan-id 201;
> > > interface xe-0/0/0.201;
> > > routing-interface irb.201;
> > > }
> > >
> > >
> > >
> > > On Aug 18, 2011, at 1:54 AM, Chris Kawchuk wrote:
> > >
> > > > Ahh, slightly different issue then.
> > > >
> > > > First off, once you use that flexible-ethernet-services,
> > you should be declaring each vlan separately and manually add
> > them into the bridge-domain config (i.e. bridge-domain VLAN20
> > interface xe-1/0/0.x). Anyways, that's not what we're
> > attempting to do here. =)
> > > >
> > > > What you're looking for is to stitch an l2circuit into a
> > bridge-domain (not pick off a VLAN off an interface and turn
> > that into a CCC/L2circuit - different solution). Perhaps a
> > logical-tunnel here may help. (i.e. lt-x/x/x.x interface). I
> > have stitched l2circuits/ccc's into VPLS domains before; I
> > assume the same theory holds true.
> > > >
> > > > Have a look at using the tunnel-services on your MX DPC
> > card. Apologies in advance as I'm writing this in pseudo-code
> > from memory (i.e. un-tested, more of a general idea as to a
> > direction to explore):
> > > >
> > > > chassis {
> > > > fpc 1 {
> > > > pic 3 {
> > > > tunnel-services {
> > > > bandwidth 1g;
> > > > }
> > > > }
> > > > }
> > > > }
> > > >
> > > > interfaces {
> > > > lt-1/3/10 {
> > > > unit 1 {
> > > > encapsulation vlan-ccc;
> > > > peer-unit 2;
> > > > }
> > > > unit 2 {
> > > > encapsulation vlan-bridge;
> > > > peer-unit 1;
> > > > }
> > > > }
> > > >
> > > > bridge-domains {
> > > > VL20 {
> > > > domain-type bridge;
> > > > vlan-id 20;
> > > > interface lt-1/3/10.2;
> > > > .....other access interfaces go here;
> > > > }
> > > > }
> > > >
> > > > neighbor xxx {
> > > > interface lt-1/3/10.1 {
> > > > virtual-circuit-id 20;
> > > > ...
> > > > ...
> > > > }
> > > > }
> > > >
> > > > - Chris.
> > > >
> > > >
> > > > On 2011-08-18, at 4:37 PM, Jonas Frey (Probe Networks)
> > wrote:
> > > >
> > > >> Hi Chris,
> > > >>
> > > >> that does not work...
> > > >>
> > > >> edge# show interfaces xe-1/0/0
> > > >> vlan-tagging;
> > > >> encapsulation flexible-ethernet-services;
> > > >> unit 0 {
> > > >> family bridge {
> > > >> interface-mode trunk;
> > > >> vlan-id-list [ 20 30 40 ];
> > > >> }
> > > >> }
> > > >> unit 1 {
> > > >> encapsulation vlan-ccc;
> > > >> vlan-id 20;
> > > >> }
> > > >>
> > > >> If i do commit now, this fails as the vlan 20 is already
> > used for the
> > > >> bridge on unit 0. If i remove the vlan 20 from unit 0
> > then the vlan is
> > > >> no longer member of the bridge (show bridge domain). But
> > i need it to be
> > > >> member of that bridge since that vlan goes out on other
> > ports to local
> > > >> switches.
> > > >>
> > > >>
> > > >> edge# show bridge-domains testbridge
> > > >> domain-type bridge;
> > > >> vlan-id 20;
> > > >>
> > > >> What i need to do is to get the VLAN 20 working locally
> > on the bridge
> > > >> (various ports) as well as getting it connected to a
> > somewhat pseudo
> > > >> interface to attached it as a l2circuit.
> > > >>
> > > >> --
> > > >> Mit freundlichen Grüßen / Best regards,
> > > >> Jonas Frey
> > > >>
> > > >>
> > ----------------------------------------------------------------
> > > >> Probe Networks Jonas Frey e-Mail:
> > jf at probe-networks.de
> > > >> Auf Strützberg 26 D-66663 Merzig
> > > >> Tel: +(49) (0) 180 5959723* Fax: +(49) (0) 180
> > 5998480*
> > > >> * (14 Ct./min Festnetz, Mobilfunk ggf. abweichende
> > Preise)
> > > >> Internet: www.probe-networks.de Hotline: 0800 1656531
> > > >>
> > ----------------------------------------------------------------
> > > >>
> > > >> Diese E-Mail enthaelt moeglicherweise vertrauliche
> > und/oder rechtlich
> > > >> geschuetzte Informationen. Wenn Sie nicht der richtige
> > Adressat sind
> > > >> oder diese E-Mail irrtuemlich erhalten haben, informieren
> > Sie bitte
> > > >> sofort den Absender und vernichten Sie diese Mail. Das
> > unerlaubte
> > > >> Kopieren sowie die unbefugte Weitergabe dieser Mail ist
> > strengstens
> > > >> untersagt.
> > > >>
> > > >> This e-mail may contain confidential and/or privileged
> > information.
> > > >> If you are not the intended recipient (or have received
> > this e-mail in
> > > >> error) please notify the sender immediately and destroy
> > this e-mail. Any
> > > >> unauthorised copying, disclosure or distribution of the
> > contents of this
> > > >> e-mail is strictly prohibited.
> > > >>
> > > >> ------------------------------------------
> > > >>
> > > >>
> > > >> Am Donnerstag, den 18.08.2011, 16:22 +1000 schrieb Chris
> > Kawchuk:
> > > >>> You'll need to declare your xe- port with
> > flexible-ethernet-services, so you can do per-unit
> > encapsulations.
> > > >>>
> > > >>> interfaces {
> > > >>> xe-1/0/0 {
> > > >>> vlan-tagging;
> > > >>> encapsulation flexible-ethernet-services;
> > > >>> unit 20 {
> > > >>> encapsulation vlan-ccc;
> > > >>> vlan-id 20;
> > > >>> }
> > > >>> unit 100 {
> > > >>> encapsulation vlan-bridge;
> > > >>> vlan-id 100;
> > > >>> }
> > > >>> }
> > > >>> }
> > > >>>
> > > >>> neighbor xxx {
> > > >>> interface xe-1/0/0.20 {
> > > >>> virtual-circuit-id 20;
> > > >>> ...
> > > >>> ...
> > > >>> }
> > > >>> }
> > > >>>
> > > >>>
> > > >>>
> > > >>> On 2011-08-18, at 4:03 PM, Jonas Frey (Probe Networks)
> > wrote:
> > > >>>
> > > >>>> Hello all,
> > > >>>>
> > > >>>> i am trying to build a l2circuit on a MX. The problem
> > is that the vlan
> > > >>>> that needs to be included in the l2circuit comes via
> > xe-1/0/0 which is
> > > >>>> configured in bridge mode:
> > > >>>> unit 0 {
> > > >>>> family bridge {
> > > >>>> interface-mode trunk;
> > > >>>> vlan-id-list [ 20 30 40 ];
> > > >>>> }
> > > >>>>
> > > >>>> I need to build this l2circuit with vlan 20.
> > > >>>>
> > > >>>> However when configuring the l2circuit i do not have a
> > interface to use
> > > >>>> as the bridge doesnt create any subinterface for the
> > vlan.
> > > >>>>
> > > >>>> neighbor xxx {
> > > >>>> interface ??? {
> > > >>>> virtual-circuit-id 20;
> > > >>>>
> > > >>>>
> > > >>>> I cant configure any subinterface on xe-1/0/0 (like
> > unit 1....) because
> > > >>>> bridge mode prohibits that.
> > > >>>>
> > > >>>> How can i get this to work?
> > > >>>>
> > > >>>> Best regards,
> > > >>>> Jonas
> > > >>>> _______________________________________________
> > > >>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> > > >>>
> > > >
> > > >
> > > > _______________________________________________
> > > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > >
> > >
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> >
> >
> > --
> > Best Regards!
> >
> > Ivan Ivanov
> >
>
--
Best Regards!
Ivan Ivanov
More information about the juniper-nsp
mailing list