[j-nsp] VLAN ethernet-ccc between MX80 & EX4200

Matthew Crocker matthew at corp.crocker.com
Wed Sep 26 14:23:09 EDT 2012 


I'm having trouble getting bidirectional packets to flow on this configuration.


<firewall> --[GigE]--> MX80 --[MPLS]--> EX4200-1 --[MPLS]--> EX4200-2 --[GigE]-- SRX

The plan is to have two VLANS coming out of the SRX,  1 VLAN (id:100) is to be terminated on the EX4200 as layer 3 and routed (basic Internet).  The other VLAN (id:101) is to be ccc'ed over MPLS to the MX80 and delivered to a GigE-port to the firewall

VLAN 100 is working fine,  VLAN 101 is getting ARP requests down to the firewall but is not seeing any response.   

the SRX is configured with two VLANs on the GigE interface

unit 100 {
 vlan-id 100
 family inet {
  address A.B.C.174/30
}

unit 101 {
 vlan-id 101
 family inet {
 address Q.W.E.R/30
}


The two vlans are in different routing-instances and I can successfully ping on  VLAN 100

The EX4200.2 has the following configuration

ge-0/0/2 {
    vlan-tagging;
    mtu 9000;
    unit 100 {
        proxy-arp;
        vlan-id 100;
        family inet {
            address A.B.C.173/30;
        }
    }
    unit 101 {
        vlan-id 101;
        family ccc;
    }
}

remote-interface-switch ge-0020-to-mx80 {
    interface ge-0/0/2.101;
    transmit-lsp lsp_to_mx80_corp.crocker.com;
    receive-lsp lsp_to_ex4200_corp.crocker.com;
}

EX4200.1 has basic MPLS configuration, nothing specific to these LSPs or this traffic.   It is transiting other LSPs from EX4200.2 fine but they are full ethernet-cccs not VLAN ccc

MX80 config looks like

ge-1/1/9 {
    description "Link to corporate firewall"
    vlan-tagging;
    encapsulation extended-vlan-ccc;
    unit 101 {
        vlan-id 101;
        family ccc;
    }
}

remote-interface-switch ge-1190-to-ex4200 {
    interface ge-1/1/9.101;
    transmit-lsp lsp_to_ex4200_corp.crocker.com;
    receive-lsp lsp_to_mx80_corp.crocker.com;
}


At the firewall I can see packets from the SRX.  (ARP requests for a test ping).   They are untagged.  The firewall is responding with an ARP reply, also untagged.   The MX80 does not appear to be sending the packets up to the EX4200.

EX4200 -> MX80 looks like it is working
MX80 -> EX4200 appears to be broken.

I'm guessing it is because the packets from the firewall are not tagged so they don't end up in unit 101 for the ccc treatment.

It would be ok if the packets were tagged to & from the firewall,  how do I get the MX80 to send the packets with VLAN 101?



--
Matthew S. Crocker
President
Crocker Communications, Inc.
PO BOX 710
Greenfield, MA 01302-0710

E: matthew at crocker.com
P: (413) 746-2760
F: (413) 746-3704
W: http://www.crocker.com

More information about the juniper-nsp mailing list