Switching

Expand all | Collapse all

Traverse tagged traffic to external device and let it go back on EX?

  • 1.  Traverse tagged traffic to external device and let it go back on EX?

    Posted 12-11-2020 13:52
    Hello,

    I am looking a solution how to pass tagged traffic from the switch for some external processing and let it go back into the same switch for further switching.

    To emulate:
    SWITCH1 ->external-device(bridge)-> SWITCH2

    In one unit:
    SWITCH->external-device(bridge)->back to the same SWITCH

    I prefer to use the one switch because of power, space and budget reasons. Of course I understand that it will process each packet twice and the system load would be doubled.

    For untagged traffic, the solution would be simple: just setup two VLANs.

    However, my traffic is tagged. Is there any solution for EX4550​? Something like instance-type virtual-switch? Maybe private VLANs? QinQ maybe?


    Thank you for any tips.



  • 2.  RE: Traverse tagged traffic to external device and let it go back on EX?

     
    Posted 12-12-2020 14:41
    Hi janrovner,

     Is you traffic moving across VLANs while processing it? Could you provide a description on how traffic will move?

    Virtual-Switch instances are not supported on EX4550s, in case you are looking to change the VLAN tag suggest you reviewing the below KB:

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB16755&actp=METADATA


  • 3.  RE: Traverse tagged traffic to external device and let it go back on EX?

    Posted 12-13-2020 12:27
    Hello and thank you very much for a tip.  I am just trying to split one switch into two.... to put a external device into a packet path.

    The traffic should just enter, then exit and re-enter and re-exit the switch.   The VLAN tags should be preserved. 

    Required setup:
    Required setup
    Should emulate this setup with two switches:





  • 4.  RE: Traverse tagged traffic to external device and let it go back on EX?

     
    Posted 12-15-2020 14:24
    Hi janrovner,

      If using different VLANs, you may try segmenting  the VLANs on  the trunks and configure VSTP to split the STP topology per VLAN instead.

    Example:
    trunk 1: VLAN 10, 30, 50.   
    trunk 2: VLANs 20, 40, 60

    Note: If the same VLANs are used on the two trunks, one of them will be blocked by STP to prevent a loop.

    Hope that helps!


  • 5.  RE: Traverse tagged traffic to external device and let it go back on EX?

    Posted 12-16-2020 05:03
    Hello and thank you very much. I assume STP disabled in all cases... I think that some solution could be some kind of Q-in-Q trick, if possible. 

    For the picture above, blue ports could put be onto one S-VLAN (for example 4001), red ports another (for example 4002).

    Incoming tagged frames would be internally (double)-tagged on ingress (for example 4001), then switched by the "internal outer", and on egress: outer tag would be removed and trasmitted with the original tag . The MAC address table would contain two VLANS 4001 and 4002, four ports and tons of MAC address. 

    Would it be possible to setup the switch like this?


  • 6.  RE: Traverse tagged traffic to external device and let it go back on EX?

     
    Posted 12-16-2020 14:34
    As you are using the same switch, you may need a workaround as explained on the below KB to implement QinQ for a single switch:

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB36077&cat=EX4300_1&actp=LIST

    That KB was built using ELS configuration, so you need to adjust the settings for legacy switches like EX4500s.

    For reference, the following KB explains how to configure standard QinQ between two switches on legacy devices, but you can use it to adapt KB36077 for your setup :

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB12259

    If it clears your concerns, please mark this forum as solved.


  • 7.  RE: Traverse tagged traffic to external device and let it go back on EX?

    Posted 12-17-2020 03:51

    Thank you very much for your help, I am going to study docs you recommend and in case of a success, I'll close this thread.