Routing

Any suggestions on getting Tagged AND UnTagged bridging going on ONE physical interface in BOTH directions on an MX using service provider style configuration (rather than enterprise style configuration)?

End goal is customer supplied device using ONE physical interface with untagged traffic (assumed to be in vlan 100 and sent out elsewhere on a trunk) and tagged traffic (vlan 200 TPID 0x8100 tag 200).

For a simple testing LAB consider 2 MX routers  r3  and r5 set up as follows, (ge-0/0/0 on r3 connects to ge-1/1/0 on r5)

1) customer trunk carrying tagged vlan-ids 100 & 200 to r3 (an MX running Junos 21.2)

 2) r3 carries untagged 100 traffic and tagged 200 traffic to r5 (another MX)

3) r5 interface carrying tagged vlan-ids 100 & 200 in a trunk to different node

If I can get the configs working in this simple test lab, I'll have what I need.

Here is what I have tried: explicit popping of tags, native-vlan-id, and encapsulation DIX, all to no avail when it comes to bidirectional tagged and untagged on one physical interface.

Here is one set of configs as a starting point, but where everything is trunked:

On R1

Interfaces:

ge-0/0/0 {

# to R5
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-0/0/1 {

# to customer
    vlan-tagging;
    encapsulation extended-vlan-bridge;
    unit 100 {
        vlan-id 100;
    }
    unit 200 {
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    domain-type bridge;
    vlan-id none;
    interface ge-0/0/1.100;
    interface ge-0/0/0.0;
}
V200 {
    domain-type bridge;
    vlan-id 200;
    interface ge-0/0/0.200;
    interface ge-0/0/1.200;
}

On R5

Interfaces:

ge-1/1/0 {

# to R3
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-1/1/1 {

# to another node
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    vlan-id none;
    interface ge-1/1/1.0;
    interface ge-1/1/0.0;
}
V200 {
    vlan-id 200;
    interface ge-1/1/0.200;
    interface ge-1/1/1.200;
}

Hi John, 

From my mind, statement "vlan-tagging" on customer-faced interface desn't allow you to pass untagged frames.

Try in this way:

dmx@PE-1> show configuration interfaces ge-0/0/7                            
description to_Network;
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 100 {
    encapsulation vlan-bridge;
    vlan-id 100;
}
unit 200 {
    encapsulation vlan-bridge;
    vlan-id 200;
}

dmx@PE-1> show configuration interfaces ge-0/0/8    
description "to_Customer#1";
flexible-vlan-tagging;
native-vlan-id 100;
mtu 1522;
encapsulation extended-vlan-bridge;
unit 100 {
    vlan-id 100;
    family bridge;
}
unit 200 {
    vlan-id 200;
    family bridge;
}

dmx@PE-1> show configuration bridge-domains                               
Vl100 {
    vlan-id 100;
    interface ge-0/0/7.100;
    interface ge-0/0/8.100;
}
Vl200 {
    vlan-id 200;
    interface ge-0/0/7.200;
    interface ge-0/0/8.200;
}

WBW, 

Dmitry 

Any suggestions on getting Tagged AND UnTagged bridging going on ONE physical interface in BOTH directions on an MX using service provider style configuration (rather than enterprise style configuration)?

End goal is customer supplied device using ONE physical interface with untagged traffic (assumed to be in vlan 100 and sent out elsewhere on a trunk) and tagged traffic (vlan 200 TPID 0x8100 tag 200).

For a simple testing LAB consider 2 MX routers  r3  and r5 set up as follows, (ge-0/0/0 on r3 connects to ge-1/1/0 on r5)

1) customer trunk carrying tagged vlan-ids 100 & 200 to r3 (an MX running Junos 21.2)

 2) r3 carries untagged 100 traffic and tagged 200 traffic to r5 (another MX)

3) r5 interface carrying tagged vlan-ids 100 & 200 in a trunk to different node

If I can get the configs working in this simple test lab, I'll have what I need.

Here is what I have tried: explicit popping of tags, native-vlan-id, and encapsulation DIX, all to no avail when it comes to bidirectional tagged and untagged on one physical interface.

Here is one set of configs as a starting point, but where everything is trunked:

On R1

Interfaces:

ge-0/0/0 {

# to R5
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-0/0/1 {

# to customer
    vlan-tagging;
    encapsulation extended-vlan-bridge;
    unit 100 {
        vlan-id 100;
    }
    unit 200 {
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    domain-type bridge;
    vlan-id none;
    interface ge-0/0/1.100;
    interface ge-0/0/0.0;
}
V200 {
    domain-type bridge;
    vlan-id 200;
    interface ge-0/0/0.200;
    interface ge-0/0/1.200;
}

On R5

Interfaces:

ge-1/1/0 {

# to R3
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-1/1/1 {

# to another node
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    vlan-id none;
    interface ge-1/1/1.0;
    interface ge-1/1/0.0;
}
V200 {
    vlan-id 200;
    interface ge-1/1/0.200;
    interface ge-1/1/1.200;
}

Hi Dmitriy,

Thanks for your help.

I tried your configuration (including native-vlan-id and mtu changes), but the 100 vlan traffic still moved out tagged. Do you have another suggestion to get the 100 traffic to move untagged in both directions in the presence of tagged 200 traffic? BTW I do appreciate the Service Provider Style  config you gave ( I am not a fan of the implicit Enterprise Style).

Also do you know of an equivalent Juniper KB to KB17419 except that it applies to the MX platform rather than the pre ELS EX platform?

Hi John, 

From my mind, statement "vlan-tagging" on customer-faced interface desn't allow you to pass untagged frames.

Try in this way:

dmx@PE-1> show configuration interfaces ge-0/0/7                            
description to_Network;
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 100 {
    encapsulation vlan-bridge;
    vlan-id 100;
}
unit 200 {
    encapsulation vlan-bridge;
    vlan-id 200;
}

dmx@PE-1> show configuration interfaces ge-0/0/8    
description "to_Customer#1";
flexible-vlan-tagging;
native-vlan-id 100;
mtu 1522;
encapsulation extended-vlan-bridge;
unit 100 {
    vlan-id 100;
    family bridge;
}
unit 200 {
    vlan-id 200;
    family bridge;
}

dmx@PE-1> show configuration bridge-domains                               
Vl100 {
    vlan-id 100;
    interface ge-0/0/7.100;
    interface ge-0/0/8.100;
}
Vl200 {
    vlan-id 200;
    interface ge-0/0/7.200;
    interface ge-0/0/8.200;
}

WBW, 

Dmitry 

Any suggestions on getting Tagged AND UnTagged bridging going on ONE physical interface in BOTH directions on an MX using service provider style configuration (rather than enterprise style configuration)?

End goal is customer supplied device using ONE physical interface with untagged traffic (assumed to be in vlan 100 and sent out elsewhere on a trunk) and tagged traffic (vlan 200 TPID 0x8100 tag 200).

For a simple testing LAB consider 2 MX routers  r3  and r5 set up as follows, (ge-0/0/0 on r3 connects to ge-1/1/0 on r5)

1) customer trunk carrying tagged vlan-ids 100 & 200 to r3 (an MX running Junos 21.2)

 2) r3 carries untagged 100 traffic and tagged 200 traffic to r5 (another MX)

3) r5 interface carrying tagged vlan-ids 100 & 200 in a trunk to different node

If I can get the configs working in this simple test lab, I'll have what I need.

Here is what I have tried: explicit popping of tags, native-vlan-id, and encapsulation DIX, all to no avail when it comes to bidirectional tagged and untagged on one physical interface.

Here is one set of configs as a starting point, but where everything is trunked:

On R1

Interfaces:

ge-0/0/0 {

# to R5
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-0/0/1 {

# to customer
    vlan-tagging;
    encapsulation extended-vlan-bridge;
    unit 100 {
        vlan-id 100;
    }
    unit 200 {
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    domain-type bridge;
    vlan-id none;
    interface ge-0/0/1.100;
    interface ge-0/0/0.0;
}
V200 {
    domain-type bridge;
    vlan-id 200;
    interface ge-0/0/0.200;
    interface ge-0/0/1.200;
}

On R5

Interfaces:

ge-1/1/0 {

# to R3
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-1/1/1 {

# to another node
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    vlan-id none;
    interface ge-1/1/1.0;
    interface ge-1/1/0.0;
}
V200 {
    vlan-id 200;
    interface ge-1/1/0.200;
    interface ge-1/1/1.200;
}

Hi John, 

If you want to have customer frames to be unchanged from start point to end point, you can use some kind of UNI port in terms of Metro Ethernet. 

It calls sometimes "transparent Ethernet" as it passes all types of frames. 

-----untagged + VLAN 200 ----trunk from customer----> |  MX UNI port with encapsulation "ethernet-bridge" for a bridge

or encapsulation "ethernet-ccc" for L2VPN, L2CIRCUIT, VPLS services 

dmx@PE-1> show configuration interfaces ge-0/0/7 
description to_Network;
mtu 9192;
encapsulation ethernet-bridge;
unit 0 {
    family bridge;
}

dmx@PE-1> show configuration interfaces ge-0/0/8    
description to_Customer;
mtu 1522;
encapsulation ethernet-bridge;
unit 0 {
    family bridge;
}

dmx@PE-1> show configuration bridge-domains 
CUST1 {
    interface ge-0/0/7.0;
    interface ge-0/0/8.0;
}

Hi Dmitriy,

Thanks for your help.

I tried your configuration (including native-vlan-id and mtu changes), but the 100 vlan traffic still moved out tagged. Do you have another suggestion to get the 100 traffic to move untagged in both directions in the presence of tagged 200 traffic? BTW I do appreciate the Service Provider Style  config you gave ( I am not a fan of the implicit Enterprise Style).

Also do you know of an equivalent Juniper KB to KB17419 except that it applies to the MX platform rather than the pre ELS EX platform?

Hi John, 

From my mind, statement "vlan-tagging" on customer-faced interface desn't allow you to pass untagged frames.

Try in this way:

dmx@PE-1> show configuration interfaces ge-0/0/7                            
description to_Network;
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 100 {
    encapsulation vlan-bridge;
    vlan-id 100;
}
unit 200 {
    encapsulation vlan-bridge;
    vlan-id 200;
}

dmx@PE-1> show configuration interfaces ge-0/0/8    
description "to_Customer#1";
flexible-vlan-tagging;
native-vlan-id 100;
mtu 1522;
encapsulation extended-vlan-bridge;
unit 100 {
    vlan-id 100;
    family bridge;
}
unit 200 {
    vlan-id 200;
    family bridge;
}

dmx@PE-1> show configuration bridge-domains                               
Vl100 {
    vlan-id 100;
    interface ge-0/0/7.100;
    interface ge-0/0/8.100;
}
Vl200 {
    vlan-id 200;
    interface ge-0/0/7.200;
    interface ge-0/0/8.200;
}

WBW, 

Dmitry 

Any suggestions on getting Tagged AND UnTagged bridging going on ONE physical interface in BOTH directions on an MX using service provider style configuration (rather than enterprise style configuration)?

End goal is customer supplied device using ONE physical interface with untagged traffic (assumed to be in vlan 100 and sent out elsewhere on a trunk) and tagged traffic (vlan 200 TPID 0x8100 tag 200).

For a simple testing LAB consider 2 MX routers  r3  and r5 set up as follows, (ge-0/0/0 on r3 connects to ge-1/1/0 on r5)

1) customer trunk carrying tagged vlan-ids 100 & 200 to r3 (an MX running Junos 21.2)

 2) r3 carries untagged 100 traffic and tagged 200 traffic to r5 (another MX)

3) r5 interface carrying tagged vlan-ids 100 & 200 in a trunk to different node

If I can get the configs working in this simple test lab, I'll have what I need.

Here is what I have tried: explicit popping of tags, native-vlan-id, and encapsulation DIX, all to no avail when it comes to bidirectional tagged and untagged on one physical interface.

Here is one set of configs as a starting point, but where everything is trunked:

On R1

Interfaces:

ge-0/0/0 {

# to R5
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-0/0/1 {

# to customer
    vlan-tagging;
    encapsulation extended-vlan-bridge;
    unit 100 {
        vlan-id 100;
    }
    unit 200 {
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    domain-type bridge;
    vlan-id none;
    interface ge-0/0/1.100;
    interface ge-0/0/0.0;
}
V200 {
    domain-type bridge;
    vlan-id 200;
    interface ge-0/0/0.200;
    interface ge-0/0/1.200;
}

On R5

Interfaces:

ge-1/1/0 {

# to R3
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-1/1/1 {

# to another node
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    vlan-id none;
    interface ge-1/1/1.0;
    interface ge-1/1/0.0;
}
V200 {
    vlan-id 200;
    interface ge-1/1/0.200;
    interface ge-1/1/1.200;
}

Hi John, 

If you want to have customer frames to be unchanged from start point to end point, you can use some kind of UNI port in terms of Metro Ethernet. 

It calls sometimes "transparent Ethernet" as it passes all types of frames. 

-----untagged + VLAN 200 ----trunk from customer----> |  MX UNI port with encapsulation "ethernet-bridge" for a bridge

or encapsulation "ethernet-ccc" for L2VPN, L2CIRCUIT, VPLS services 

dmx@PE-1> show configuration interfaces ge-0/0/7 
description to_Network;
mtu 9192;
encapsulation ethernet-bridge;
unit 0 {
    family bridge;
}

dmx@PE-1> show configuration interfaces ge-0/0/8    
description to_Customer;
mtu 1522;
encapsulation ethernet-bridge;
unit 0 {
    family bridge;
}

dmx@PE-1> show configuration bridge-domains 
CUST1 {
    interface ge-0/0/7.0;
    interface ge-0/0/8.0;
}

Hi Dmitriy,

Thanks for your help.

I tried your configuration (including native-vlan-id and mtu changes), but the 100 vlan traffic still moved out tagged. Do you have another suggestion to get the 100 traffic to move untagged in both directions in the presence of tagged 200 traffic? BTW I do appreciate the Service Provider Style  config you gave ( I am not a fan of the implicit Enterprise Style).

Also do you know of an equivalent Juniper KB to KB17419 except that it applies to the MX platform rather than the pre ELS EX platform?

Hi John, 

From my mind, statement "vlan-tagging" on customer-faced interface desn't allow you to pass untagged frames.

Try in this way:

dmx@PE-1> show configuration interfaces ge-0/0/7                            
description to_Network;
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 100 {
    encapsulation vlan-bridge;
    vlan-id 100;
}
unit 200 {
    encapsulation vlan-bridge;
    vlan-id 200;
}

dmx@PE-1> show configuration interfaces ge-0/0/8    
description "to_Customer#1";
flexible-vlan-tagging;
native-vlan-id 100;
mtu 1522;
encapsulation extended-vlan-bridge;
unit 100 {
    vlan-id 100;
    family bridge;
}
unit 200 {
    vlan-id 200;
    family bridge;
}

dmx@PE-1> show configuration bridge-domains                               
Vl100 {
    vlan-id 100;
    interface ge-0/0/7.100;
    interface ge-0/0/8.100;
}
Vl200 {
    vlan-id 200;
    interface ge-0/0/7.200;
    interface ge-0/0/8.200;
}

WBW, 

Dmitry 

Any suggestions on getting Tagged AND UnTagged bridging going on ONE physical interface in BOTH directions on an MX using service provider style configuration (rather than enterprise style configuration)?

End goal is customer supplied device using ONE physical interface with untagged traffic (assumed to be in vlan 100 and sent out elsewhere on a trunk) and tagged traffic (vlan 200 TPID 0x8100 tag 200).

For a simple testing LAB consider 2 MX routers  r3  and r5 set up as follows, (ge-0/0/0 on r3 connects to ge-1/1/0 on r5)

1) customer trunk carrying tagged vlan-ids 100 & 200 to r3 (an MX running Junos 21.2)

 2) r3 carries untagged 100 traffic and tagged 200 traffic to r5 (another MX)

3) r5 interface carrying tagged vlan-ids 100 & 200 in a trunk to different node

If I can get the configs working in this simple test lab, I'll have what I need.

Here is what I have tried: explicit popping of tags, native-vlan-id, and encapsulation DIX, all to no avail when it comes to bidirectional tagged and untagged on one physical interface.

Here is one set of configs as a starting point, but where everything is trunked:

On R1

Interfaces:

ge-0/0/0 {

# to R5
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-0/0/1 {

# to customer
    vlan-tagging;
    encapsulation extended-vlan-bridge;
    unit 100 {
        vlan-id 100;
    }
    unit 200 {
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    domain-type bridge;
    vlan-id none;
    interface ge-0/0/1.100;
    interface ge-0/0/0.0;
}
V200 {
    domain-type bridge;
    vlan-id 200;
    interface ge-0/0/0.200;
    interface ge-0/0/1.200;
}

On R5

Interfaces:

ge-1/1/0 {

# to R3
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-1/1/1 {

# to another node
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    vlan-id none;
    interface ge-1/1/1.0;
    interface ge-1/1/0.0;
}
V200 {
    vlan-id 200;
    interface ge-1/1/0.200;
    interface ge-1/1/1.200;
}

Hi Dmitriy,

I finished communicating with Juniper JTAC on the untagged/tagged MX interface issue. Here is what I was told.

1) There is no official Juniper MX documentation on this use case. But they are putting together a KB Article to cover this case.

2) There is no MX command to show the untagged facet of the interface like there is on EXes.

One issue I had when I connected an MX240 to an MX104 in my lab to test this configuration was the MX104 had chassis issues and prevented the untagged bridging.

The configuration I received from JTAC to get untagged and tagged traffic on one physical interface was essentially your configuration, but in an enterprise style rather than in your service provider style.  For testing in my lab I used an old EX4550 with a preELS config connected to another MX104. Note when you show counters for untagged and tagged traffic via IFLs on the IFD, untagged traffic looks all like it is tagged traffic. But it does properly carry the untagged and tagged traffic.

MX104 Config:

root@test-r1-mx104> show configuration interfaces ge-0/0/1 | display set
set interfaces ge-0/0/1 flexible-vlan-tagging
set interfaces ge-0/0/1 native-vlan-id 100
set interfaces ge-0/0/1 encapsulation flexible-ethernet-services
set interfaces ge-0/0/1 unit 0 family bridge interface-mode trunk
set interfaces ge-0/0/1 unit 0 family bridge vlan-id-list 200
set interfaces ge-0/0/1 unit 100 family bridge interface-mode trunk
set interfaces ge-0/0/1 unit 100 family bridge vlan-id 100

root@test-r1-mx104> show configuration bridge-domains | display set
set bridge-domains V100 vlan-id 100
set bridge-domains V200 vlan-id 200

EX4550 Config (PreELS):

set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members V200
set interfaces ge-0/0/0 unit 0 family ethernet-switching native-vlan-id 100

MX104 Verification:

root@test-r1-mx104> show interfaces ge-0/0/1.100
  Logical interface ge-0/0/1.100 (Index 336) (SNMP ifIndex 574)
    Flags: Up SNMP-Traps 0x0 Encapsulation: Ethernet-Bridge
    Input packets : 12086 < ---- these are all untagged even though the flag below shows Trunk-Mode
    Output packets: 11476 < ---- these are all untagged even though the flag below shows Trunk-Mode
    Protocol bridge, MTU: 1522
      Flags: Trunk-Mode

EX4550 Verification:

root@test-s1-ex4550> show vlans detail | match "vlan|tagged"
VLAN: V100, 802.1Q Tag: 100, Admin State: Enabled
  Untagged interfaces: ge-0/0/0.0* < ---- the ability to see this is missing on the MX according to JTAC
VLAN: V200, 802.1Q Tag: 200, Admin State: Enabled
  Tagged interfaces: ge-0/0/0.0*

Regards,

John K

Hi John, 

If you want to have customer frames to be unchanged from start point to end point, you can use some kind of UNI port in terms of Metro Ethernet. 

It calls sometimes "transparent Ethernet" as it passes all types of frames. 

-----untagged + VLAN 200 ----trunk from customer----> |  MX UNI port with encapsulation "ethernet-bridge" for a bridge

or encapsulation "ethernet-ccc" for L2VPN, L2CIRCUIT, VPLS services 

dmx@PE-1> show configuration interfaces ge-0/0/7 
description to_Network;
mtu 9192;
encapsulation ethernet-bridge;
unit 0 {
    family bridge;
}

dmx@PE-1> show configuration interfaces ge-0/0/8    
description to_Customer;
mtu 1522;
encapsulation ethernet-bridge;
unit 0 {
    family bridge;
}

dmx@PE-1> show configuration bridge-domains 
CUST1 {
    interface ge-0/0/7.0;
    interface ge-0/0/8.0;
}

Hi Dmitriy,

Thanks for your help.

I tried your configuration (including native-vlan-id and mtu changes), but the 100 vlan traffic still moved out tagged. Do you have another suggestion to get the 100 traffic to move untagged in both directions in the presence of tagged 200 traffic? BTW I do appreciate the Service Provider Style  config you gave ( I am not a fan of the implicit Enterprise Style).

Also do you know of an equivalent Juniper KB to KB17419 except that it applies to the MX platform rather than the pre ELS EX platform?

Hi John, 

From my mind, statement "vlan-tagging" on customer-faced interface desn't allow you to pass untagged frames.

Try in this way:

dmx@PE-1> show configuration interfaces ge-0/0/7                            
description to_Network;
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 100 {
    encapsulation vlan-bridge;
    vlan-id 100;
}
unit 200 {
    encapsulation vlan-bridge;
    vlan-id 200;
}

dmx@PE-1> show configuration interfaces ge-0/0/8    
description "to_Customer#1";
flexible-vlan-tagging;
native-vlan-id 100;
mtu 1522;
encapsulation extended-vlan-bridge;
unit 100 {
    vlan-id 100;
    family bridge;
}
unit 200 {
    vlan-id 200;
    family bridge;
}

dmx@PE-1> show configuration bridge-domains                               
Vl100 {
    vlan-id 100;
    interface ge-0/0/7.100;
    interface ge-0/0/8.100;
}
Vl200 {
    vlan-id 200;
    interface ge-0/0/7.200;
    interface ge-0/0/8.200;
}

WBW, 

Dmitry 

Any suggestions on getting Tagged AND UnTagged bridging going on ONE physical interface in BOTH directions on an MX using service provider style configuration (rather than enterprise style configuration)?

End goal is customer supplied device using ONE physical interface with untagged traffic (assumed to be in vlan 100 and sent out elsewhere on a trunk) and tagged traffic (vlan 200 TPID 0x8100 tag 200).

For a simple testing LAB consider 2 MX routers  r3  and r5 set up as follows, (ge-0/0/0 on r3 connects to ge-1/1/0 on r5)

1) customer trunk carrying tagged vlan-ids 100 & 200 to r3 (an MX running Junos 21.2)

 2) r3 carries untagged 100 traffic and tagged 200 traffic to r5 (another MX)

3) r5 interface carrying tagged vlan-ids 100 & 200 in a trunk to different node

If I can get the configs working in this simple test lab, I'll have what I need.

Here is what I have tried: explicit popping of tags, native-vlan-id, and encapsulation DIX, all to no avail when it comes to bidirectional tagged and untagged on one physical interface.

Here is one set of configs as a starting point, but where everything is trunked:

On R1

Interfaces:

ge-0/0/0 {

# to R5
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-0/0/1 {

# to customer
    vlan-tagging;
    encapsulation extended-vlan-bridge;
    unit 100 {
        vlan-id 100;
    }
    unit 200 {
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    domain-type bridge;
    vlan-id none;
    interface ge-0/0/1.100;
    interface ge-0/0/0.0;
}
V200 {
    domain-type bridge;
    vlan-id 200;
    interface ge-0/0/0.200;
    interface ge-0/0/1.200;
}

On R5

Interfaces:

ge-1/1/0 {

# to R3
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-1/1/1 {

# to another node
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    vlan-id none;
    interface ge-1/1/1.0;
    interface ge-1/1/0.0;
}
V200 {
    vlan-id 200;
    interface ge-1/1/0.200;
    interface ge-1/1/1.200;
}

Hi John, 

Thank you for your sharing.

I'd say on MX104 is more EVPN-style ))

I didn't know that was possible to use several units with family bridge.

set interfaces ge-0/0/1 flexible-vlan-tagging
set interfaces ge-0/0/1 native-vlan-id 100

set interfaces ge-0/0/1 encapsulation flexible-ethernet-services
set interfaces ge-0/0/1 unit 0 family bridge interface-mode trunk
set interfaces ge-0/0/1 unit 0 family bridge vlan-id-list 200
set interfaces ge-0/0/1 unit 100 family bridge interface-mode trunk
set interfaces ge-0/0/1 unit 100 family bridge vlan-id 100

I thought there was only one. Btw I think it must work, if you don't put IFL in a bridge-domain itself. 

set interfaces ge-0/0/1 flexible-vlan-tagging
set interfaces ge-0/0/1 native-vlan-id 100

set interfaces ge-0/0/1 encapsulation flexible-ethernet-services
set interfaces ge-0/0/1 unit 0 family bridge interface-mode trunk
set interfaces ge-0/0/1 unit 0 family bridge vlan-id-list [ 100 200 ]

Nice job!

Hi Dmitriy,

I finished communicating with Juniper JTAC on the untagged/tagged MX interface issue. Here is what I was told.

1) There is no official Juniper MX documentation on this use case. But they are putting together a KB Article to cover this case.

2) There is no MX command to show the untagged facet of the interface like there is on EXes.

One issue I had when I connected an MX240 to an MX104 in my lab to test this configuration was the MX104 had chassis issues and prevented the untagged bridging.

The configuration I received from JTAC to get untagged and tagged traffic on one physical interface was essentially your configuration, but in an enterprise style rather than in your service provider style.  For testing in my lab I used an old EX4550 with a preELS config connected to another MX104. Note when you show counters for untagged and tagged traffic via IFLs on the IFD, untagged traffic looks all like it is tagged traffic. But it does properly carry the untagged and tagged traffic.

MX104 Config:

root@test-r1-mx104> show configuration interfaces ge-0/0/1 | display set
set interfaces ge-0/0/1 flexible-vlan-tagging
set interfaces ge-0/0/1 native-vlan-id 100
set interfaces ge-0/0/1 encapsulation flexible-ethernet-services
set interfaces ge-0/0/1 unit 0 family bridge interface-mode trunk
set interfaces ge-0/0/1 unit 0 family bridge vlan-id-list 200
set interfaces ge-0/0/1 unit 100 family bridge interface-mode trunk
set interfaces ge-0/0/1 unit 100 family bridge vlan-id 100

root@test-r1-mx104> show configuration bridge-domains | display set
set bridge-domains V100 vlan-id 100
set bridge-domains V200 vlan-id 200

EX4550 Config (PreELS):

set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members V200
set interfaces ge-0/0/0 unit 0 family ethernet-switching native-vlan-id 100

MX104 Verification:

root@test-r1-mx104> show interfaces ge-0/0/1.100
  Logical interface ge-0/0/1.100 (Index 336) (SNMP ifIndex 574)
    Flags: Up SNMP-Traps 0x0 Encapsulation: Ethernet-Bridge
    Input packets : 12086 < ---- these are all untagged even though the flag below shows Trunk-Mode
    Output packets: 11476 < ---- these are all untagged even though the flag below shows Trunk-Mode
    Protocol bridge, MTU: 1522
      Flags: Trunk-Mode

EX4550 Verification:

root@test-s1-ex4550> show vlans detail | match "vlan|tagged"
VLAN: V100, 802.1Q Tag: 100, Admin State: Enabled
  Untagged interfaces: ge-0/0/0.0* < ---- the ability to see this is missing on the MX according to JTAC
VLAN: V200, 802.1Q Tag: 200, Admin State: Enabled
  Tagged interfaces: ge-0/0/0.0*

Regards,

John K

Hi John, 

If you want to have customer frames to be unchanged from start point to end point, you can use some kind of UNI port in terms of Metro Ethernet. 

It calls sometimes "transparent Ethernet" as it passes all types of frames. 

-----untagged + VLAN 200 ----trunk from customer----> |  MX UNI port with encapsulation "ethernet-bridge" for a bridge

or encapsulation "ethernet-ccc" for L2VPN, L2CIRCUIT, VPLS services 

dmx@PE-1> show configuration interfaces ge-0/0/7 
description to_Network;
mtu 9192;
encapsulation ethernet-bridge;
unit 0 {
    family bridge;
}

dmx@PE-1> show configuration interfaces ge-0/0/8    
description to_Customer;
mtu 1522;
encapsulation ethernet-bridge;
unit 0 {
    family bridge;
}

dmx@PE-1> show configuration bridge-domains 
CUST1 {
    interface ge-0/0/7.0;
    interface ge-0/0/8.0;
}

Hi Dmitriy,

Thanks for your help.

I tried your configuration (including native-vlan-id and mtu changes), but the 100 vlan traffic still moved out tagged. Do you have another suggestion to get the 100 traffic to move untagged in both directions in the presence of tagged 200 traffic? BTW I do appreciate the Service Provider Style  config you gave ( I am not a fan of the implicit Enterprise Style).

Also do you know of an equivalent Juniper KB to KB17419 except that it applies to the MX platform rather than the pre ELS EX platform?

Hi John, 

From my mind, statement "vlan-tagging" on customer-faced interface desn't allow you to pass untagged frames.

Try in this way:

dmx@PE-1> show configuration interfaces ge-0/0/7                            
description to_Network;
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 100 {
    encapsulation vlan-bridge;
    vlan-id 100;
}
unit 200 {
    encapsulation vlan-bridge;
    vlan-id 200;
}

dmx@PE-1> show configuration interfaces ge-0/0/8    
description "to_Customer#1";
flexible-vlan-tagging;
native-vlan-id 100;
mtu 1522;
encapsulation extended-vlan-bridge;
unit 100 {
    vlan-id 100;
    family bridge;
}
unit 200 {
    vlan-id 200;
    family bridge;
}

dmx@PE-1> show configuration bridge-domains                               
Vl100 {
    vlan-id 100;
    interface ge-0/0/7.100;
    interface ge-0/0/8.100;
}
Vl200 {
    vlan-id 200;
    interface ge-0/0/7.200;
    interface ge-0/0/8.200;
}

WBW, 

Dmitry 

Any suggestions on getting Tagged AND UnTagged bridging going on ONE physical interface in BOTH directions on an MX using service provider style configuration (rather than enterprise style configuration)?

End goal is customer supplied device using ONE physical interface with untagged traffic (assumed to be in vlan 100 and sent out elsewhere on a trunk) and tagged traffic (vlan 200 TPID 0x8100 tag 200).

For a simple testing LAB consider 2 MX routers  r3  and r5 set up as follows, (ge-0/0/0 on r3 connects to ge-1/1/0 on r5)

1) customer trunk carrying tagged vlan-ids 100 & 200 to r3 (an MX running Junos 21.2)

 2) r3 carries untagged 100 traffic and tagged 200 traffic to r5 (another MX)

3) r5 interface carrying tagged vlan-ids 100 & 200 in a trunk to different node

If I can get the configs working in this simple test lab, I'll have what I need.

Here is what I have tried: explicit popping of tags, native-vlan-id, and encapsulation DIX, all to no avail when it comes to bidirectional tagged and untagged on one physical interface.

Here is one set of configs as a starting point, but where everything is trunked:

On R1

Interfaces:

ge-0/0/0 {

# to R5
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-0/0/1 {

# to customer
    vlan-tagging;
    encapsulation extended-vlan-bridge;
    unit 100 {
        vlan-id 100;
    }
    unit 200 {
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    domain-type bridge;
    vlan-id none;
    interface ge-0/0/1.100;
    interface ge-0/0/0.0;
}
V200 {
    domain-type bridge;
    vlan-id 200;
    interface ge-0/0/0.200;
    interface ge-0/0/1.200;
}

On R5

Interfaces:

ge-1/1/0 {

# to R3
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}
ge-1/1/1 {

# to another node
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
    unit 200 {
        encapsulation vlan-bridge;
        vlan-id 200;
    }
}

Bridge Domains:

V100 {
    vlan-id none;
    interface ge-1/1/1.0;
    interface ge-1/1/0.0;
}
V200 {
    vlan-id 200;
    interface ge-1/1/0.200;
    interface ge-1/1/1.200;
}