[j-nsp] l2circuit between QFX-5110 & MX204 - one way traffic

Colton Conor colton.conor at gmail.com
Sat Jan 4 20:09:17 EST 2020 

Liam,

Did you ever get this worked out?

On Thu, Jul 18, 2019 at 12:25 PM Philippe Girard <
philippe.girard at metrooptic.com> wrote:

> Hello
>
> Some important information:
>
> Top level encapsulation flex-eth and flex-vlan-tagging is not supported on
> QFabric (QFX family) devices. That means you can't use a port that does ccc
> with any other type of encap, i.e. vlan-bridge, ext-vlan-br, or set family
> inet on a unit. Only MX with trio chipset can do that. If you did at *any
> other point* configure some other units on there with different encaps,
> traffic will remain one way. There is also a PR on the use of flex stuff on
> QFX that states that at some points labels are not getting programmed
> properly and circuit will stop working.
>
> You don't need family ccc in the unit, only encap vlan-ccc
>
> You should remove and RSVP-TE and static LSP config that you have to start
> fresh and make it work only with LDP, then add complexity.
>
> The pop/push operation on the unit is there to get a pure ethernet frame
> to slap the LDP tag onto and possibly deliver untagged on the other side.
> It's not necessary if you also deliver on a simple tagged unit on the other
> side. The difference in the core network will be between ETHERNET-CCC and
> VLAN-CCC. You don't need to force the encasulation type in config, this is
> automatic from what you set on both sides.
>
> Also, don't do ignore-mtu, but set the mtu to what you want as a value
> lower than the physical interface mtu, the same on both sides.
>
> I don't think QFX supports control-word.
>
> Examples of what works:
>
> Xe-X
> vlan-tagging;
> mtu 9216;
> encapsulation vlan-ccc;
> unit 538 {
>     encapsulation vlan-ccc;
>     no-traps;
>     vlan-id 538;
>     input-vlan-map pop;
>     output-vlan-map push;
> }
>
> interface xe-0/0/36.538 {
>     virtual-circuit-id 13911065;
>     no-control-word;
>     mtu 9000;
> }
>
> If you do use pop/push on the unit, make sure it's there on both sides.
> You can also deliver untagged on the other side by doing something like
> this. It will push the frame out untagged since you removed it accepting
> the packet initially. Keep in mind this dedicates the port to that service.
>
> mtu 9216;
> encapsulation ethernet-ccc;
> unit 0 {
>     no-traps;
>     family ccc;
> }
>
> interface xe-0/0/12.0 {
>     virtual-circuit-id 1385956;
>     no-control-word;
>     mtu 9000;
> }
>
> MX can have top flex-ethernet and flex-vlan tagging and mix and match
> stuff. For the rest, config must stay the same.
>
> Keep your stuff simple, leave as much as you can to the system to figure
> out unless you absolutely need to force.
>
> Cheers.
>
> -----Original Message-----
> From: juniper-nsp <juniper-nsp-bounces at puck.nether.net> On Behalf Of Liam
> Farr
> Sent: July 18, 2019 11:26 AM
> To: Heng Chai, Tan <hc.tan at sg.gs>
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] l2circuit between QFX-5110 & MX204 - one way traffic
>
> Hi,
>
> Tried as follows;
>
> liam at NA-QFX5110-1# show interfaces xe-0/0/9 description "Temp Link to
> Arista"; vlan-tagging; mtu 9216; encapsulation flexible-ethernet-services;
> unit 123 {
>     encapsulation vlan-ccc;
>     vlan-id 123;
>     input-vlan-map pop;
>     output-vlan-map push;
>     family ccc;
> }
>
> liam at NA-QFX5110-1# show protocols l2circuit neighbor 192.168.68.3 {
>     interface xe-0/0/9.123 {
>         virtual-circuit-id 123;
>         no-control-word;
>         ignore-mtu-mismatch;
>         pseudowire-status-tlv;
>     }
> }
>
> liam at WN-MX204-1# show interfaces xe-0/1/3 description "ISPCO-WN-PVE-1
> C0/F3 enp6s0f1"; flexible-vlan-tagging; mtu 9216; encapsulation
> flexible-ethernet-services; unit 123 {
>     encapsulation vlan-ccc;
>     vlan-id 123;
>     input-vlan-map push;
>     output-vlan-map pop;
>     family ccc;
> }
>
> liam at WN-MX204-1# show protocols l2circuit neighbor 192.168.68.5 {
>     interface xe-0/1/3.123 {
>         virtual-circuit-id 123;
>         no-control-word;
>         ignore-mtu-mismatch;
>         pseudowire-status-tlv;
>     }
> }
>
> When I removed the l2circuit encapsulation altogether from both ends I got
> an EM -- encapsulation mismatch on the l2circuit
>
> I also tried encapsulation internetworking / ethernet-vlan / ethernet
>
>
> At some point I did get mac learning both ways in that at the QFX end I
> could see mac from the MX end, but haven't successfully managed to pass
> icmp / ping.
>
>
> NA-ARISTA#show mac address-table vlan 123
>           Mac Address Table
> ------------------------------------------------------------------
>
> Vlan    Mac Address       Type        Ports      Moves   Last Move
> ----    -----------       ----        -----      -----   ---------
>  123    3606.b737.b463    DYNAMIC     Et9        1       0:18:11 ago
>  123    6c3b.6bf0.9b0f    DYNAMIC     Et4        1       8:55:37 ago
> Total Mac Addresses for this criterion: 2
>
>
>           Multicast Mac Address Table
> ------------------------------------------------------------------
>
> Vlan    Mac Address       Type        Ports
> ----    -----------       ----        -----
> Total Mac Addresses for this criterion: 0
>
>
>
> I've got an option to borrow a QFX-5110 tomorrow and set it up in a bit
> better of a LAB config with a MX I have locally, where I can break things a
> bit more without affecting prod traffic. That might be the go and rebuild
> some l2circuits from scratch.
>
>
>
> https://www.juniper.net/documentation/en_US/junos/topics/reference/general/mpls-limitations-qfx-series.html
>
>
>
>
>
> *(QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600) When VLAN bridge
> encapsulation is enabled on a CE connected interface, the switch drops
> packets if both flexible Ethernet services and VLAN CCC encapsulations are
> configured on the same logical interface. Only one can be configured, not
> both. For example:set interfaces xe-0/0/18 encapsulation
> flexible-ethernet-services, or set interfaces xe-0/0/18 encapsulation
> vlan-ccc.*
>
>
> As mentioned the above might be causing me issues, as I did have some sub
> interfaces running vlan-bridge alongside the vlan-ccc interface on xe-0/0/9.
>
>
>
> On Fri, 19 Jul 2019 at 02:20, Heng Chai, Tan <hc.tan at sg.gs> wrote:
>
> > Try Alain's recommendation. I completely forgot about the input/output
> > vlan part. You should have it on the MX as well, so that VLAN 123
> > would be transmitted over the l2circuit.
> >
> > xe-<snip> {
> >     description <snip>
> >     flexible-vlan-tagging;
> >     mtu 9216;
> >     encapsulation flexible-ethernet-services;
> >     unit 123 {
> >         description <snip>
> >         encapsulation vlan-ccc;
> >         no-traps;
> >         vlan-id 123;
> >         input-vlan-map pop;
> >         output-vlan-map push;
> >     }
> >
> >
> > Heng Chai, Tan
> >
> >
> >
> --
> Kind Regards
>
>
> Liam Farr
>
> Maxum Data
> +64-9-950-5302
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list