[j-nsp] Q-in-Q with VSTP

Ross Halliday ross.halliday at wtccommunications.ca
Tue Jul 21 17:22:14 EDT 2015 

> I'm bashing away at a conundrum here. I'm trying to lab a setup for a multi-VLAN subscriber over some GPON gear. The setup is:
>
> MX104 --2x--> OLT --> ONT --> subscriber
>
> The ONT is able to strip the outer VLAN tag facing the subscriber, so the CE can hit all of the inner VLANs directly. The OLT presents frames with both outer  and inner
> tags to the MX, so I must strip the outer in order to work with the subscriber's services. Link bundling/aggregation between the MX and OLT are not an option, so I
> need to use spanning tree.
>
> So, I am trying to create a bridge domain with VSTP enabled for VLANs that aren't accessible with a simple "vlan-id-list" or "vlan-id".
>
> I cannot get this to work. I've tried "vlan-tags outer 9 inner 9" with separate units per inner VLAN, as well as sending everything into a vswitch like detailed here
> http://www.juniper.net/techpubs/en_US/junos14.2/topics/topic-map/layer-2-services-stp-vstp-on-trunk-port-with-tagged-traffic-example.html ...but the STP
> instance just doesn't seem to recognize the interface, and my CE doesn't see any BPDUs on that VLAN.
>
> I can't even find if this feature is supported - my searches on Juniper's site don't show anything with spanning tree and Q-in-Q or double-tags or inner tags etc on the
> same page.
>
> Is anybody else trying to do this? Or suggested solution? If the MX supported Redundant Trunk Groups (like Cisco FlexLink) this would be so much easier.


Figured I should follow up on this in case someone tries similar in the future.

What ended up working was to run spanning tree on the outer VLAN. What I find odd, being a Cisco graduate, is that the outer VLAN doesn't technically exist as a bridge domain... just as something VSTP uses.

protocols {
	vstp {
		vlan 2090 {
			bridge-priority 4k;
			interface ge-1/0/2;
			interface ge-1/1/2;
		}
	}
}
interfaces {
	ge-1/0/2 {
		description "GPON Card 1";
		flexible-vlan-tagging;
		encapsulation flexible-ethernet-services;
		unit 2090 {
			description "Q-in-Q to subscriber";
			vlan-id 2090;
			family bridge {
				interface-mode trunk;
				inner-vlan-id-list [ 100 200 300 ];
			}
		}
	}
	ge-1/1/2 {
		description "GPON Card 12";
		flexible-vlan-tagging;
		encapsulation flexible-ethernet-services;
		unit 2090 {
			description "Q-in-Q to subscriber";
			vlan-id 2090;
			family bridge {
				interface-mode trunk;
				inner-vlan-id-list [ 100 200 300 ];
			}
		}
	}
}
bridge-domains {
	Jimbob-Phones {
		description "Jimbob's IP phones";
		vlan-id 100;
		routing-interface irb.100;
	}
	Jimbob-Internet {
		description "Jimbob's Internet access";
		vlan-id 200;
		routing-interface irb.200;
	}
	Jimbob-TLS {
		description "Jimbob's L3VPN to remote offices";
		vlan-id 300;
		routing-interface irb.300;
	}
}

Works great. VSTP on 2090 prevents loops between the MX and GPON access gear, and since the access gear strips the outer tag going to the subscriber the CE doesn't even know it's there. STP not required on the inner VLANs like I had originally tried.

Hope this helps someone.

Cheers
Ross

More information about the juniper-nsp mailing list