Junos OS

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

Untaggad towards customer, Q-in-Q on uplink

  • 1.  Untaggad towards customer, Q-in-Q on uplink

    Posted 09-16-2021 16:11
    Hello,

    This is my first post and i'm total novice when it comes to Juniper. Right now i'm trying to evaluate  ex2300-c if it will fit the purpose.

    What i would like to achieve is following

    customer untagged traffic ---->ge-0/0/0 -- ex2300-C--xe-0/1/0 -----> customer dubbel-tagged

    Is it possibel? how would i go about?

    Thanks!

    Dejan


  • 2.  RE: Untaggad towards customer, Q-in-Q on uplink

     
    Posted 09-16-2021 22:49

    Hi Dejan,

     

    You should be able to configure the customer port with C-VLAN config and use native-vlan-id for untagged traffic.  Please refer this link:

     

    https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/topic-map/q-in-q.html#id-configuring-q-in-q-tunneling-on-ex-series-switches-with-els-support

     

    The EX2300-C should have a similar feature parity as EX2300 for this purpose:

    https://apps.juniper.net/feature-explorer/feature-info.html?fKey=1215&fn=Q-in-Q

     

    There's one caveat though, you'll need to use Junos 18.3R3 and higher, because prior to that (say on 15.1) the EX would send a single-tag towards the core while forwarding untagged traffic from customer.

     

    Example:

    Topology + behavior:
     
               ge-0/0/1     ge-0/0/2
    +--------+      +----------+      +----------+
    |        |      |          |      |          |
    |  User  +------+  EX2300  +------+   Core   |
    |        | UNI  |          | NNI  |          |
    +--------+      +----------+      +----------+
      +------------>           +------------->
       Untagged traffic         Double tagged
                                Outer: 3205
                                Inner: 1
    Configuration:
    interfaces {
        ge-0/0/1 {
            description User;
            flexible-vlan-tagging;
            native-vlan-id 1;
            mtu 1600;
            encapsulation extended-vlan-bridge;
            unit 3205 {
                vlan-id-list 1-4094;
                input-vlan-map push;
                output-vlan-map pop;
            }
        }
        ge-0/0/2 {
            description Core;
            flexible-vlan-tagging;
            mtu 1600;
            encapsulation extended-vlan-bridge;
            ether-options {
                ethernet-switch-profile {
                    tag-protocol-id 0x8100;
                }
            }
            unit 876 {
                vlan-id 876;
            }
            unit 3205 {
                vlan-id 3205;
            }
        }
     
    vlans {
        CPE-TEST-INTERNET {
            interface ge-0/0/1.3205;
            interface ge-0/0/2.3205;
            interface ge-0/0/0.3205;
        }
        MGMT {
            vlan-id 876;
            interface ge-0/0/2.876;
            interface ge-0/0/0.876;
            l3-interface irb.876;
        }
    }
     
    In 15.1X53 with the same configuration frames on NNI are only tagged with single tag 3205
     
    Problem is replicated in the lab.
    Lab topology:
               ge-0/0/1     ge-0/0/2
    +--------+      +----------+      +----------+
    |        |      | EX2300   |      |          |
    |  User1 +------+          +------+          |
    |        | UNI  | 15.1X53  | NNI  |          |
    +--------+      +----------+      |          |
                                      |          |
               ge-0/0/1     ge-0/0/2  |   Core   |
    +--------+      +----------+      |          |
    |        |      | EX2300   |      |          |
    |  User2 +------+          +------+          |
    |        | UNI  | 18.1R3.3 | NNI  |          |
    +--------+      +----------+      +----------+

     

     

    Hope this helps.

     

    Regards,

    -r.

     

    --------------------------------------------------

     

    If this solves your problem, please mark this post as "Accepted Solution."

    Kudos are always appreciated :).

     

     

    Sent from Mail for Windows

     


    Juniper Business Use Only






  • 3.  RE: Untaggad towards customer, Q-in-Q on uplink

    Posted 09-17-2021 10:32
    Thank you for this extensive answer.  It is very helpful.

    I'll give it a try but i see that i might have to upgrade Junos version first.

    regards

    ------------------------------
    DEJAN TEPIC
    ------------------------------



  • 4.  RE: Untaggad towards customer, Q-in-Q on uplink

    Posted 09-17-2021 10:32

    Bonjour Dejean.

    Yes you can and mriyaz's answer is quite complete.

    QinQ with 2300-C is what we use here to dived 250 various sites into 20 groups so each group have access to vlans 1-4094. Everything works fine and is reliable.

     

    I'll just add to mriyaz's answer the solution we came with when confronted with a particular issue.

    3  groups have traffic going through their designated QinQ tags (3925,3926,3927) , but there was a requirement that they share a particular common vlan for ip phones because all 3 groups shared the same iphone server owned by one group.

    After implementing mriaz solution, we changed it to "extract" vlan 3492 by changing the encapsulation from encapsulation extended vlan-bridge to flexible ethernet service on every switch needing access.

     

    So config for port 0 went

    **********from ************

    set interfaces ge-0/0/0 flexible-vlan-tagging

    set interfaces ge-0/0/0 encapsulation extended-vlan-bridge

    set interfaces ge-0/0/0 unit 3925 vlan-id-list 1-4094

    set interfaces ge-0/0/0 unit 3925 input-vlan-map push

    **********to **************

    set interfaces ge-0/0/0 flexible-vlan-tagging

    set interfaces ge-0/0/0 encapsulation flexible-ethernet-services

    set interfaces ge-0/0/0 unit 3492 vlan-id 3492

    set interfaces ge-0/0/0 unit 3925 encapsulation vlan-bridge

    set interfaces ge-0/0/0 unit 3925 vlan-id-list 1-3491

    set interfaces ge-0/0/0 unit 3925 vlan-id-list 3493-4094

    set interfaces ge-0/0/0 unit 3925 input-vlan-map push

    set interfaces ge-0/0/0 unit 3925 output-vlan-map pop

    ================================================================

     

    config port 11 (my port ge-0/0/11 = your port xe-0/1/0) went

    **********from*****************

    set interfaces ge-0/0/11 vlan-tagging

    set interfaces ge-0/0/11 mtu 1538

    set interfaces ge-0/0/11 unit 3925 vlan-id 3925

    **********to ******************

    set interfaces ge-0/0/11 vlan-tagging

    set interfaces ge-0/0/11 mtu 1538

    set interfaces ge-0/0/11 unit 3925 vlan-id 3925

    set interfaces ge-0/0/11 unit 3492 vlan-id 3492

    ========================================================

    and Vlans went

    *********** from *************

    set vlans QinQ-3925 interface ge-0/0/0.3925

    set vlans QinQ-3925 interface ge-0/0/11.3925

     

    *********to ***********

    set vlans QinQ-3925 interface ge-0/0/0.3925

    set vlans QinQ-3925 interface ge-0/0/11.3925

    set vlans Telephonie-3492 interface ge-0/0/0.3492

    set vlans Telephonie-3492 interface ge-0/0/11.3492

     

    when trying the same thing  and keeping encapsulation to extended-vlan-bridge, the configuration would commit, but no traffic would go through on 3492.

    Please also note that we changed the mtu only on the interface carrying the double tagged frames.

    Challenge was to implement ithe whole QinQ design on an existing network without affecting traffic. Coup;e of tricks had to be done. J

    Also note that the show Ethernet-switching table  will only show you the QnQ vlans, not the inside tag. Basically, you loose the vision of the client vlans going into QinQ.

    It is not shown here, but  I suggest you keep the storm-control default on all interface.

    Good luck , and have fun !

    __________________________________________

    Michel Lapointe