[j-nsp] Juniper EX/QFX vlan-id-list limitation
Olivier Benghozi
olivier.benghozi at wifirst.fr
Thu Aug 13 17:32:11 EDT 2020
Our QinQ usage model is many UNIs toward one NNI, therefore we never have several QinQ stuff per UNI. Maybe it's the difference between your usage and ours ?
If you need to have several QinQ svlans on one UNI port, I guess you'll be bitten again by the number of IDs limit (but maybe several ranges are possible?).
Anyway, here are the QinQ configs we use on EX4600 (so: ELS style):
NNI interface (also using real vlans on unit 0, completely independent of QinQ ones – this mix works only on 4600, not on smaller switches):
ae0 {
flexible-vlan-tagging;
mtu 9216;
encapsulation flexible-ethernet-services;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ some vlan we use as real vlans, having nothing to do with QinQ ];
}
}
}
unit 3000 {
description "Q-in-Q My Customer 1";
encapsulation vlan-bridge;
vlan-id 3000;
}
unit 3001 {
description "Q-in-Q My Customer 2";
encapsulation vlan-bridge;
vlan-id 3001;
}
}
UNI interfaces:
ae3 {
description "My Customer 1";
flexible-vlan-tagging;
mtu 9216;
encapsulation extended-vlan-bridge;
unit 3000 {
description "Q-in-Q My Customer 1";
vlan-id-list 2-4094;
input-vlan-map push;
output-vlan-map pop;
}
}
ae4 {
description "My Customer 2";
flexible-vlan-tagging;
native-vlan-id 1;
mtu 9216;
encapsulation extended-vlan-bridge;
unit 3001 {
description "Q-in-Q My Customer 2";
vlan-id-list 1-4094;
input-vlan-map push;
output-vlan-map pop;
}
}
QinQ vlans:
vlans {
qinq-3000 {
description "Q-in-Q My Customer 1";
interface ae0.3000;
interface ae3.3000;
switch-options {
no-mac-learning;
}
}
qinq-3001 {
description "Q-in-Q My Customer 2";
interface ae0.3001;
interface ae4.3001;
switch-options {
no-mac-learning;
}
}
}
> Le 13 août 2020 à 23:04, Robin Williams <robin.williams at tnp.net.uk> a écrit :
>
> Hi Olivier,
>
> Thanks for the reply - it does seem rather odd that I can't do on a new high end EX or QFX switch, what I used to be able to do on a bottom end EX2200 with the dot1q-tunnelling stanza.
>
> Regarding your workaround - were you running this config on the same physical interface? As that won't commit in this scenario (as it presumably doesn't know which vlans to push into which outer..)
>
> flexible-vlan-tagging;
> encapsulation extended-vlan-bridge;
> unit 3104 {
> vlan-id-list 1-4094;
> input-vlan-map push;
> output-vlan-map pop;
> }
> unit 3107 {
> vlan-id-list 1-4094;
> input-vlan-map push;
> output-vlan-map pop;
> }
>
> {master:0}[edit interfaces ge-0/0/1]
> # commit check
> [edit interfaces ge-0/0/1]
> 'unit 3107'
> duplicate VLAN-ID on interface
> error: configuration check-out failed
>
> Cheers,
> Rob
>
>
>
>
>
> -----Original Message-----
> From: juniper-nsp <juniper-nsp-bounces at puck.nether.net> On Behalf Of Olivier Benghozi
> Sent: 12 August 2020 19:12
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Juniper EX/QFX vlan-id-list limitation
>
> Hi,
>
> We miraculously found this doc before implementing such QinQ conf on EX4600 (that are low end QFX5100).
> So we didn't try to test the switch with this case, and we directly used such config: instead of vlan-id-list [some ids], we (nearly) always use the same one everywhere: vlan-id-list 2-4094. Problem fixed before it appeared.
>
> Sometimes we use vlan-id-list 1-4094 and native-vlan 1, when some untagged traffic must be carried too – in this case the untagged traffic is double-tagged on the NNI port with dot1q tag 1 as cvlan – there's a thread about that in this mailing-list by the way.
>
>
>> Le 12 août 2020 à 18:18, Robin Williams via juniper-nsp <juniper-nsp at puck.nether.net> a écrit :
>>
>> Has anyone come across PR1395312 before?
>>
>> “On ACX/EX/QFX platforms, if VLAN ID lists are configured under a single physical interface, Q-in-Q might stop working for certain VLAN ID lists”.
>>
>> [...]
>>
>> interfaces {
>> xe-0/1/0 {
>> flexible-vlan-tagging;
>> encapsulation extended-vlan-bridge;
>> unit 3104 {
>> vlan-id-list [ 1102 1128 1150 1172 4000 4001 4002 4003];
>> input-vlan-map push;
>> output-vlan-map pop;
>> }
>>
>> The docs page for ‘vlan-id-lists’ does mention:
>> https://www.juniper.net/documentation/en_US/junos/topics/reference/con
>> figuration-statement/vlan-id-list-edit-bridge-domains.html
>>
>> “WARNING On some EX and QFX Series switches, if VLAN identifier list (vlan-id-list) is used for Q-in-Q tunnelling, you can apply no more than eight VLAN identifier lists to a physical interface.”
More information about the juniper-nsp
mailing list