Hi Community,
I just found out about this Community and the contribution by everyone here is very interesting and commendable. I am trying to implement a solution for one of my customers and finding it a bit hard to determine how to achieve it. The scenario is as below.
My customer has an NNI with my Juniper Mx204. He is sending me Q-in-Q frames on the NNI with and outer tag 4000 and inner tag 1. I need to change the outer and inner tag [outer 4050 and inner 100] and send it back to my customer on the same NNI. To achieve this I have created 2 sub-interfaces and mapped both of them using l2circuit local switching.
When trying to test this, I can see MAC addresses being learnt end to end. The network looks like in the attachment as I tried replicating this in the lab using Mx5.
When I apply firewall filters and check firewall Logs I can see traffic in and out. But when I do a ping with larger MTU size I can see incoming traffic 2WLG on ge-1/1/0.55 but cannot see traffic on ge-1/1/0.65 going out using the monitor interface traffic command.
Configuration:
set interfaces ge-1/1/0 description "Connected to Mx ge-1/1/0"
set interfaces ge-1/1/0 flexible-vlan-tagging
set interfaces ge-1/1/0 mtu 9100
set interfaces ge-1/1/0 encapsulation flexible-ethernet-services
set interfaces ge-1/1/0 unit 55 encapsulation vlan-ccc
set interfaces ge-1/1/0 unit 55 vlan-tags outer 4000
set interfaces ge-1/1/0 unit 55 vlan-tags inner 55
set interfaces ge-1/1/0 unit 55 input-vlan-map pop-pop
set interfaces ge-1/1/0 unit 55 output-vlan-map push-push
set interfaces ge-1/1/0 unit 55 family ccc filter input icmp-count
set interfaces ge-1/1/0 unit 65 encapsulation vlan-ccc
set interfaces ge-1/1/0 unit 65 vlan-tags outer 4050
set interfaces ge-1/1/0 unit 65 vlan-tags inner 65
set interfaces ge-1/1/0 unit 65 input-vlan-map pop-pop
set interfaces ge-1/1/0 unit 65 output-vlan-map push-push
set protocols l2circuit local-switching interface ge-1/1/0.55 end-interface interface ge-1/1/0.65
Checks:
set firewall family ccc filter icmp-count term count then count icmp-counter
set firewall family ccc filter icmp-count term count then log
set firewall family ccc filter icmp-count term count then accept
ord@pe1.2wlg> show firewall filter icmp-count
Filter: icmp-count
Counters:
Name Bytes Packets
icmp-counter 2450 29
### PIng test from Source 17.16.15.1
# ping 17.16.15.2 count 100
PING 17.16.15.2 (17.16.15.2): 6000 data bytes
Request 0 timed out
Request 1 timed out
ord@pe1.2wlg> show firewall log
Log :
Time Filter Action Interface Protocol Src Addr Dest Addr
05:42:55 pfe A ge-1/1/0.55 ICMP 17.16.15.1 17.16.15.2
05:42:53 pfe A ge-1/1/0.55 ICMP 17.16.15.1 17.16.15.2
05:42:51 pfe A ge-1/1/0.55 ICMP 17.16.15.1 17.16.15.2
05:42:49 pfe A ge-1/1/0.55 ICMP 17.16.15.1 17.16.15.2
ord@pe1.2cbt> show firewall log
Log :
Time Filter Action Interface Protocol Src Addr Dest Addr
05:44:12 pfe A ge-1/1/0.65 ICMP 17.16.15.1 17.16.15.2
05:44:10 pfe A ge-1/1/0.65 ICMP 17.16.15.1 17.16.15.2
05:44:08 pfe A ge-1/1/0.65 ICMP 17.16.15.1 17.16.15.2
05:44:06 pfe A ge-1/1/0.65 ICMP 17.16.15.1 17.16.15.2
## Ping Test with High Packet size
# ping 17.16.15.2 packet-size 6000 count 100
PING 17.16.15.2 (17.16.15.2): 6000 data bytes
Request 0 timed out
Request 1 timed out
pe1.2wlg Seconds: 3 Time: 06:59:00
Delay: 1/1/5
Interface: ge-1/1/0.55, Enabled, Link is Up
Flags: SNMP-Traps 0x4000
Encapsulation: VLAN-CCC
VLAN-Tag [ 0x8100.4000 0x8100.55 ]
Local statistics: Current delta
Input bytes: 0 [0]
Output bytes: 0 [0]
Input packets: 0 [0]
Output packets: 0 [0]
Remote statistics:
Input bytes: 1195268 (24872 bps) [12436] <<<<<< _----------- Incoming Traffic
Output bytes: 1044254 (0 bps) [0]
pe1.2wlg Seconds: 15 Time: 06:58:44
Delay: 2/1/5
Interface: ge-1/1/0.65, Enabled, Link is Up
Flags: SNMP-Traps 0x4000
Encapsulation: VLAN-CCC
VLAN-Tag [ 0x8100.4050 0x8100.65 ]
Local statistics: Current delta
Input bytes: 0 [0]
Output bytes: 0 [0]
Input packets: 0 [0]
Output packets: 0 [0]
Remote statistics:
Input bytes: 1044186 (0 bps) [0]
Output bytes: 166946 (0 bps) [0] <<<<<< ------------ No Traffic
------------------------------
MUHAMMAD ALI SHAIKH
------------------------------