[j-nsp] RES: RES: QFX 5100 and Q-in-Q

Sat Mar 25 08:13:34 EDT 2017

I'm using Q-in-Q as a tap aggregation function.  Port mirrors and/or
optical taps from other devices are connected to QFX5100 ports which
encapsulate the foreign traffic with Q-in-Q, then flood the traffic to
all ports in the same outer VLAN.  Analyzers are connected to the
output ports.  It may be that L2 protocols like PVST+ are not passing
through, but that doesn't matter much for my use case:

set interfaces xe-0/0/0 description "MIRROR1 INPUT from device foo"
set interfaces xe-0/0/0 flexible-vlan-tagging
set interfaces xe-0/0/0 native-vlan-id 2
set interfaces xe-0/0/0 mtu 9216
set interfaces xe-0/0/0 encapsulation extended-vlan-bridge
set interfaces xe-0/0/0 unit 2 vlan-id-list 1-4094
set interfaces xe-0/0/0 unit 2 input-vlan-map push
set interfaces xe-0/0/0 unit 2 input-vlan-map vlan-id 2
set interfaces xe-0/0/0 unit 2 output-vlan-map pop
set interfaces xe-0/0/0 unit 2 family ethernet-switching filter output DISCARD

set interfaces xe-0/0/24 description "MIRROR1 OUTPUT to analyzer bar"
set interfaces xe-0/0/24 flexible-vlan-tagging
set interfaces xe-0/0/24 mtu 9216
set interfaces xe-0/0/24 encapsulation extended-vlan-bridge
set interfaces xe-0/0/24 unit 2 vlan-id-list 1-4094
set interfaces xe-0/0/24 unit 2 input-vlan-map push
set interfaces xe-0/0/24 unit 2 input-vlan-map vlan-id 2
set interfaces xe-0/0/24 unit 2 output-vlan-map pop
set interfaces xe-0/0/24 unit 2 family ethernet-switching filter input DISCARD

set vlans MIRROR1 interface xe-0/0/0.2
set vlans MIRROR1 interface xe-0/0/24.2
set vlans MIRROR1 switch-options no-mac-learning

On Sat, Mar 25, 2017 at 12:22:40AM +0000, Alexandre Guimaraes wrote:
> Chuck, 
> 
> 
>    Could you please share portion of your QinQ configuration?  In my tests, facing customer side, used:
> 
> set vlans S-VLAN-200 vlan-id 200
> set vlans S-VLAN-200 interface ge-0/0/14.200
>  
> set interfaces ge-0/0/14 flexible-vlan-tagging
> set interfaces ge-0/0/14 native-vlan-id 200
> set interfaces ge-0/0/14 mtu 6000
> set interfaces ge-0/0/14 encapsulation extended-vlan-bridge
> set interfaces ge-0/0/14 unit 200 vlan-id-list 10-30
> set interfaces ge-0/0/14 unit 200 input-vlan-map push
> set interfaces ge-0/0/14 unit 200 output-vlan-map pop
> 
> 
> Even you can encapsulates customer vlan inside a service vlan, all layer 2 protocols will not pass. 
> 
> 
> 
> ________________________________________
> De: juniper-nsp [juniper-nsp-bounces at puck.nether.net] em nome de Chuck Anderson [cra at WPI.EDU]
> Enviado: sexta-feira, 24 de março de 2017 18:33
> Para: juniper-nsp at puck.nether.net
> Assunto: Re: [j-nsp] RES:  QFX 5100 and Q-in-Q
> 
> I had to load 14.1X53-D40 to have a basic working Q-in-Q config.  D35
> was broken in some fundamental way.
> 
> On Fri, Mar 24, 2017 at 04:31:56PM +0000, Alexandre Guimaraes wrote:
> > Alain,
> >
> >       As far i know, QinQ - L2TP does not work at QFX5100.
> >
> > Att.,
> > Alexandre
> >
> > ________________________________________
> > De: juniper-nsp [juniper-nsp-bounces at puck.nether.net] em nome de Alain Hebert [ahebert at pubnix.net]
> > Enviado: sexta-feira, 24 de março de 2017 13:07
> > Para: juniper-nsp at puck.nether.net
> > Assunto: [j-nsp] QFX 5100 and Q-in-Q
> >
> >      Well,
> >
> >      We're having all sort of massive failure making Q-in-Q works in our
> > QFX5100 in standard and VCF mode... and that with 14.x, 15x, 16.x, 17.x
> >
> >      Such a simple thing should not take 1 week of back & forth with JTAC.
> >
> >      Anyone have some experience to share on that subject?
> >
> >      Thank.