[j-nsp] VPLS pass tagged/untagged traffic

Adam Vitkovsky Adam.Vitkovsky at gamma.co.uk
Sun Mar 8 18:19:03 EDT 2015


Hi Kevin,

I'd like to make sure I understand the issue correctly, so tagged frames are passed but untagged frames are not passed? 
Or you can't get any traffic across whatsoever please? 

Juniper implementation of flexible VLAN matching sucks big times.

The cmd "vlan-id-range 1-4096" instructs the IFL to accept only frames with (at least)* one dot1q tag from a range 1-4096
So if you would like to accept also untagged frames you might need to remove this restriction.

Unfortunately it appears there's no simple knob as "encapsulation default" as is in Cisco
And in order to accept tagged and untagged frames under one IFL you have to sacrifice one VLAN ID for this purpose say 4096 and consider it as native on the trunk towards aggregation switch.
So when an untagged frame arrives at the interface it's accepted as IFL 0 assumes it belongs to native VLAN and accepts the frame for further processing.
And the config gets more stupid when there are double-tagged frames to be accepted by other IFLs on the trunk.  

 on the PE1 logical system:
          interfaces {
              ge-1/1/0 {
                  native-vlan-id 4096
                  unit 0 {
                      encapsulation vlan-vpls
                      vlan-id-range 1-4096
                      family vpls; (have tried with and without this)
                  }
              }

(at least)*
-I only assume that is the case as there doesn't seem to be an equivalent of Cisco's "exact" keyword which can be used to only accept frames with exactly 1 or 2 tags 


Otherwise have you checked the mac-address-table of routing instance VPLS1 if you are at least learning the mac addresses of incoming frames?

adam
> -----Original Message-----
> From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf
> Of Kevin Wormington
> Sent: 08 March 2015 13:52
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] VPLS pass tagged/untagged traffic
> 
> Eduardo,
> 
> I have tried the following for encapsulation on the ingress port.  The
> vpls connections are down...one in the LD status and the other in RD.
> PE2 logical system configured identically other than using port ge-1/1/8
> as ingress.
> 
> main instance:
> 
>      ge-1/1/0 {
>          encapsulation flexible-ethernet-services;
>          flexible-vlan-tagging;
>      }
> 
> 
> 
> on the PE1 logical system:
>          interfaces {
>              ge-1/1/0 {
>                  unit 0 {
> 		    encapsulation vlan-vpls
>                      vlan-id-range 1-4096
>                      family vpls; (have tried with and without this)
>                  }
>              }
> 
> then on the routing instance in PE1:
> 
>          routing-instances {
>              VPLS1 {
>                  instance-type vpls;
>                  vlan-id all;
>                  interface ge-1/1/0.0;
>                  route-distinguisher 10.100.0.4:100;
>                  vrf-target target:127:100;
>                  protocols {
>                      vpls {
>                          site-range 4;
>                          site CE1 {
>                              site-identifier 1;
>                          }
>                      }
>                  }
>              }
>          }
> 
> 
> 
> On 03/08/2015 01:37 AM, Eduardo Schoedler wrote:
> > Probably is your encapsulation on ingress port.
> >
> > --
> > Eduardo
> >
> > Em domingo, 8 de março de 2015, Kevin Wormington <kworm at sofnet.com
> > <mailto:kworm at sofnet.com>> escreveu:
> >
> >     Hi,
> >
> >     On MX (Specifically MX80 w/12.3R9.4) is it possible to pass all
> >     customer CE traffic whether it's tagged or untagged from a port on
> >     PE1 to a port on PE2 using VPLS (BGP/RSVP)?
> >
> >     I have a lab system using logical systems with ports looped back and
> >     I can get untagged traffic to work fine, but can't seem to get it to
> >     pass everything through.
> >
> >     Thanks,
> >
> >     Kevin
> >     _________________________________________________
> >     juniper-nsp mailing list juniper-nsp at puck.nether.net
> >     https://puck.nether.net/__mailman/listinfo/juniper-nsp
> >     <https://puck.nether.net/mailman/listinfo/juniper-nsp>
> >
> >
> >
> > --
> > Eduardo Schoedler
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
---------------------------------------------------------------------------------------
 This email has been scanned for email related threats and delivered safely by Mimecast.
 For more information please visit http://www.mimecast.com
---------------------------------------------------------------------------------------


More information about the juniper-nsp mailing list