Switching

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  MX L2circuit Local-Switching

    Posted 02-12-2021 01:15
      |   view attached
    Hi Community,

    I just found out about this Community and the contribution by everyone here is very interesting and commendable. I am trying to implement a solution for one of my customers and finding it a bit hard to determine how to achieve it.  The scenario is as below.

    My customer has an NNI with my Juniper Mx204. He is sending me Q-in-Q frames on the NNI with and outer tag 4000 and inner tag 1. I need to change the outer and inner tag [outer 4050 and inner 100] and send it back to my customer on the same NNI. To achieve this I have created 2 sub-interfaces and mapped both of them using l2circuit local switching.

    When trying to test this, I can see MAC addresses being learnt end to end. The network looks like in the attachment as I tried replicating this in the lab using Mx5.

    When I apply firewall filters and check firewall Logs I can see traffic in and out. But when I do a ping with larger MTU size I can see incoming traffic 2WLG on ge-1/1/0.55 but cannot see traffic on ge-1/1/0.65 going out using the monitor interface traffic command.

    Configuration:

    set interfaces ge-1/1/0 description "Connected to Mx ge-1/1/0"
    set interfaces ge-1/1/0 flexible-vlan-tagging
    set interfaces ge-1/1/0 mtu 9100
    set interfaces ge-1/1/0 encapsulation flexible-ethernet-services
    set interfaces ge-1/1/0 unit 55 encapsulation vlan-ccc
    set interfaces ge-1/1/0 unit 55 vlan-tags outer 4000
    set interfaces ge-1/1/0 unit 55 vlan-tags inner 55
    set interfaces ge-1/1/0 unit 55 input-vlan-map pop-pop
    set interfaces ge-1/1/0 unit 55 output-vlan-map push-push
    set interfaces ge-1/1/0 unit 55 family ccc filter input icmp-count
    set interfaces ge-1/1/0 unit 65 encapsulation vlan-ccc
    set interfaces ge-1/1/0 unit 65 vlan-tags outer 4050
    set interfaces ge-1/1/0 unit 65 vlan-tags inner 65
    set interfaces ge-1/1/0 unit 65 input-vlan-map pop-pop
    set interfaces ge-1/1/0 unit 65 output-vlan-map push-push
    set protocols l2circuit local-switching interface ge-1/1/0.55 end-interface interface ge-1/1/0.65

    Checks:

    set firewall family ccc filter icmp-count term count then count icmp-counter
    set firewall family ccc filter icmp-count term count then log
    set firewall family ccc filter icmp-count term count then accept

    ord@pe1.2wlg> show firewall filter icmp-count

    Filter: icmp-count
    Counters:
    Name                           Bytes               Packets
    icmp-counter          2450                 29



    ###  PIng test from Source 17.16.15.1

    # ping 17.16.15.2  count 100
    PING 17.16.15.2 (17.16.15.2): 6000 data bytes
    Request 0 timed out
    Request 1 timed out

    ord@pe1.2wlg> show firewall log
    Log :
    Time Filter Action Interface Protocol Src Addr Dest Addr
    05:42:55 pfe A ge-1/1/0.55 ICMP 17.16.15.1 17.16.15.2
    05:42:53 pfe A ge-1/1/0.55 ICMP 17.16.15.1 17.16.15.2
    05:42:51 pfe A ge-1/1/0.55 ICMP 17.16.15.1 17.16.15.2
    05:42:49 pfe A ge-1/1/0.55 ICMP 17.16.15.1 17.16.15.2

    ord@pe1.2cbt> show firewall log
    Log :
    Time Filter Action Interface Protocol Src Addr Dest Addr
    05:44:12 pfe A ge-1/1/0.65 ICMP 17.16.15.1 17.16.15.2
    05:44:10 pfe A ge-1/1/0.65 ICMP 17.16.15.1 17.16.15.2
    05:44:08 pfe A ge-1/1/0.65 ICMP 17.16.15.1 17.16.15.2
    05:44:06 pfe A ge-1/1/0.65 ICMP 17.16.15.1 17.16.15.2


    ## Ping Test with High Packet size

    # ping 17.16.15.2 packet-size 6000 count 100
    PING 17.16.15.2 (17.16.15.2): 6000 data bytes
    Request 0 timed out
    Request 1 timed out

    pe1.2wlg Seconds: 3 Time: 06:59:00
    Delay: 1/1/5
    Interface: ge-1/1/0.55, Enabled, Link is Up
    Flags: SNMP-Traps 0x4000
    Encapsulation: VLAN-CCC
    VLAN-Tag [ 0x8100.4000 0x8100.55 ]
    Local statistics: Current delta
    Input bytes: 0 [0]
    Output bytes: 0 [0]
    Input packets: 0 [0]
    Output packets: 0 [0]
    Remote statistics:
    Input bytes: 1195268 (24872 bps) [12436]   <<<<<< _----------- Incoming Traffic
    Output bytes: 1044254 (0 bps) [0]

    pe1.2wlg Seconds: 15 Time: 06:58:44
    Delay: 2/1/5
    Interface: ge-1/1/0.65, Enabled, Link is Up
    Flags: SNMP-Traps 0x4000
    Encapsulation: VLAN-CCC
    VLAN-Tag [ 0x8100.4050 0x8100.65 ]
    Local statistics: Current delta
    Input bytes: 0 [0]
    Output bytes: 0 [0]
    Input packets: 0 [0]
    Output packets: 0 [0]
    Remote statistics:
    Input bytes: 1044186 (0 bps) [0]
    Output bytes: 166946 (0 bps) [0]   <<<<<< ------------ No Traffic​​

    ------------------------------
    MUHAMMAD ALI SHAIKH
    ------------------------------


  • 2.  RE: MX L2circuit Local-Switching

    Posted 02-13-2021 06:45
    Hi,

    Configuration seem ok, unless we are both missing something.
    I would suggest you try to use interface-switch instead of l2circuit and see what happens


    Regards
    Basondole

    ------------------------------
    Paul Basondole
    ------------------------------