[j-nsp] l2circuit between QFX-5110 & MX204 - one way traffic

Philippe Girard philippe.girard at metrooptic.com
Thu Jul 18 13:24:55 EDT 2019 

Hello

Some important information:

Top level encapsulation flex-eth and flex-vlan-tagging is not supported on QFabric (QFX family) devices. That means you can't use a port that does ccc with any other type of encap, i.e. vlan-bridge, ext-vlan-br, or set family inet on a unit. Only MX with trio chipset can do that. If you did at *any other point* configure some other units on there with different encaps, traffic will remain one way. There is also a PR on the use of flex stuff on QFX that states that at some points labels are not getting programmed properly and circuit will stop working.

You don't need family ccc in the unit, only encap vlan-ccc

You should remove and RSVP-TE and static LSP config that you have to start fresh and make it work only with LDP, then add complexity.

The pop/push operation on the unit is there to get a pure ethernet frame to slap the LDP tag onto and possibly deliver untagged on the other side. It's not necessary if you also deliver on a simple tagged unit on the other side. The difference in the core network will be between ETHERNET-CCC and VLAN-CCC. You don't need to force the encasulation type in config, this is automatic from what you set on both sides.

Also, don't do ignore-mtu, but set the mtu to what you want as a value lower than the physical interface mtu, the same on both sides.

I don't think QFX supports control-word.

Examples of what works:

Xe-X
vlan-tagging;
mtu 9216;
encapsulation vlan-ccc;
unit 538 {
    encapsulation vlan-ccc;
    no-traps;
    vlan-id 538;
    input-vlan-map pop;
    output-vlan-map push;
}

interface xe-0/0/36.538 {
    virtual-circuit-id 13911065;
    no-control-word;
    mtu 9000;
}

If you do use pop/push on the unit, make sure it's there on both sides. You can also deliver untagged on the other side by doing something like this. It will push the frame out untagged since you removed it accepting the packet initially. Keep in mind this dedicates the port to that service.

mtu 9216;
encapsulation ethernet-ccc;
unit 0 {
    no-traps;
    family ccc;
}

interface xe-0/0/12.0 {
    virtual-circuit-id 1385956;
    no-control-word;
    mtu 9000;
}

MX can have top flex-ethernet and flex-vlan tagging and mix and match stuff. For the rest, config must stay the same.

Keep your stuff simple, leave as much as you can to the system to figure out unless you absolutely need to force.

Cheers.

-----Original Message-----
From: juniper-nsp <juniper-nsp-bounces at puck.nether.net> On Behalf Of Liam Farr
Sent: July 18, 2019 11:26 AM
To: Heng Chai, Tan <hc.tan at sg.gs>
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] l2circuit between QFX-5110 & MX204 - one way traffic

Hi,

Tried as follows;

liam at NA-QFX5110-1# show interfaces xe-0/0/9 description "Temp Link to Arista"; vlan-tagging; mtu 9216; encapsulation flexible-ethernet-services; unit 123 {
    encapsulation vlan-ccc;
    vlan-id 123;
    input-vlan-map pop;
    output-vlan-map push;
    family ccc;
}

liam at NA-QFX5110-1# show protocols l2circuit neighbor 192.168.68.3 {
    interface xe-0/0/9.123 {
        virtual-circuit-id 123;
        no-control-word;
        ignore-mtu-mismatch;
        pseudowire-status-tlv;
    }
}

liam at WN-MX204-1# show interfaces xe-0/1/3 description "ISPCO-WN-PVE-1 C0/F3 enp6s0f1"; flexible-vlan-tagging; mtu 9216; encapsulation flexible-ethernet-services; unit 123 {
    encapsulation vlan-ccc;
    vlan-id 123;
    input-vlan-map push;
    output-vlan-map pop;
    family ccc;
}

liam at WN-MX204-1# show protocols l2circuit neighbor 192.168.68.5 {
    interface xe-0/1/3.123 {
        virtual-circuit-id 123;
        no-control-word;
        ignore-mtu-mismatch;
        pseudowire-status-tlv;
    }
}

When I removed the l2circuit encapsulation altogether from both ends I got an EM -- encapsulation mismatch on the l2circuit

I also tried encapsulation internetworking / ethernet-vlan / ethernet


At some point I did get mac learning both ways in that at the QFX end I could see mac from the MX end, but haven't successfully managed to pass icmp / ping.


NA-ARISTA#show mac address-table vlan 123
          Mac Address Table
------------------------------------------------------------------

Vlan    Mac Address       Type        Ports      Moves   Last Move
----    -----------       ----        -----      -----   ---------
 123    3606.b737.b463    DYNAMIC     Et9        1       0:18:11 ago
 123    6c3b.6bf0.9b0f    DYNAMIC     Et4        1       8:55:37 ago
Total Mac Addresses for this criterion: 2


          Multicast Mac Address Table
------------------------------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       ----        -----
Total Mac Addresses for this criterion: 0



I've got an option to borrow a QFX-5110 tomorrow and set it up in a bit better of a LAB config with a MX I have locally, where I can break things a bit more without affecting prod traffic. That might be the go and rebuild some l2circuits from scratch.


https://www.juniper.net/documentation/en_US/junos/topics/reference/general/mpls-limitations-qfx-series.html





*(QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600) When VLAN bridge encapsulation is enabled on a CE connected interface, the switch drops packets if both flexible Ethernet services and VLAN CCC encapsulations are configured on the same logical interface. Only one can be configured, not both. For example:set interfaces xe-0/0/18 encapsulation flexible-ethernet-services, or set interfaces xe-0/0/18 encapsulation
vlan-ccc.*


As mentioned the above might be causing me issues, as I did have some sub interfaces running vlan-bridge alongside the vlan-ccc interface on xe-0/0/9.



On Fri, 19 Jul 2019 at 02:20, Heng Chai, Tan <hc.tan at sg.gs> wrote:

> Try Alain's recommendation. I completely forgot about the input/output 
> vlan part. You should have it on the MX as well, so that VLAN 123 
> would be transmitted over the l2circuit.
>
> xe-<snip> {
>     description <snip>
>     flexible-vlan-tagging;
>     mtu 9216;
>     encapsulation flexible-ethernet-services;
>     unit 123 {
>         description <snip>
>         encapsulation vlan-ccc;
>         no-traps;
>         vlan-id 123;
>         input-vlan-map pop;
>         output-vlan-map push;
>     }
>
>
> Heng Chai, Tan
>
>
>
--
Kind Regards


Liam Farr

Maxum Data
+64-9-950-5302
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list