Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.
  • 1.  MX204 vlan mapping

    Posted 07-25-2022 09:25
    Hi to all,

    I'm new to Juniper and have a question about MX204 and vlan mapping. This is my situation:

    Uplink vs ISP Provider Optica Fiber:
    Cisco Router ----> TRUNK VLANs 20,650-670 ----> Port 1/47 of Cisco Switch 3064X ----> port-channel 20 ----> TRUNK VLAN 20 ----> Juniper MX204 port ae2.20
                                                                                                                                                                                                   ---->  port-channel 30 ----> TRUNK VLANs 650-670 ----> Juniper MX204 port ae4.650

    Downlink vs my infracstruture:
    Juniper MX204 port ae3.800 ----> TRUNK VLAN 800.[650-670] ----> Cisco 9364C ----> TRUNK VLAN 800.[650-670] ----> Hypervisor VLAN 800.[650-670] ----> Virtual Firewall

    I explain what I would like  to achieve....

    From my ISP Provider I receive over a trunk link (cisco 3064X port 1/47) packets whit tags 20, 650-670. From Cisco 3064X , through port channel 20, I deliver packets with tag 20 to my MX204 over port ae2.20, and packets with tags 650-670 to my MX 204 over port ae4.650. For packets with tag 650-670 I need tu push outer vlan tag 800 so these packets became QinQ packets with outer vlan tag 800 and inner vlan tag 650-670. 

    In my "Downlink side" I have a QinQ link between Juniper MX204 port ae3.800 and Cisco 9364C Switch.  On this link I have to deliver the packets incoming from my ISP with vlan tags 650-670 (I reveive them on my MX 204 port ae4.650) but with outer tag 800, so at the end these packets became QinQ packets with outer vlan tag 800 and inner vlan tag 650-670 .

    To recap:
    1. I need to add (push) outer vlan 800 to the packets with tags 650-670 incoming on port ae4.650 and deliver them to Hypervisors through port ae3.800 with outer vlan tag 800 and inner vlan tags 650-670
    2. I need to remove (pop) outer vlan tag 800 from packets incoming from port ae3.800 and deliver them to my IPS through port ae4.650 with only outer vlan tag 650-670.

    I have tried some configurations but without luck...
    My last config for interface ae4:
    description "WAN vs Router 1 ISP";
    flexible-vlan-tagging;
    mtu 9216;
    encapsulation flexible-ethernet-services;
    aggregated-ether-options {
        minimum-links 1;
        lacp {
            active;
            periodic fast;
            force-up;
        }
    }
    unit 650 {
        encapsulation vlan-ccc;
        vlan-id-list 650-670;
        input-vlan-map {
            push;
            tag-protocol-id 0x8100;
            vlan-id 800;
        }
        output-vlan-map pop;
    }
    

    and my last config for ae3:
    description "ae3 vs Cisco Core 9364C";
    flexible-vlan-tagging;
    mtu 9216;
    encapsulation flexible-ethernet-services;
    aggregated-ether-options {
        minimum-links 1;
        lacp {
            active;
            periodic fast;
            force-up;
        }
    }
    unit 800 {
        encapsulation vlan-ccc;
        vlan-tags outer 800 inner-range 0x8100.650-670;
        input-vlan-map pop;
        output-vlan-map push;
    }
    


    This is the output of
    > show interfaces ae4.650
     Logical interface ae4.650 (Index 332) (SNMP ifIndex 574)
        Flags: Up SNMP-Traps Redundancy-Device 0x4000 VLAN-Tag [  650-670 ] In(push 0x8100.800) Out(pop)  Encapsulation: VLAN-CCC
    

    This is the output of
    > show interfaces ae3.800
    Logical interface ae3.800 (Index 337) (SNMP ifIndex 558)
        Flags: Up SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.800 0x8100.650-670 ] In(pop) Out(push 0x0000.800)  Encapsulation: VLAN-CCC
    


    the output of monitor interface ae4.650 :
    Interface: ae4.650, Enabled, Link is Up
    Flags: SNMP-Traps 0x804000
    Encapsulation: VLAN-CCC
    VLAN-Tag [ ]
    Local statistics:                                                Current delta
      Input bytes:                         0                                   [0]
      Output bytes:                        0                                   [0]
      Input packets:                       0                                   [0]
      Output packets:                      0                                   [0]
    Remote statistics:
      Input bytes:                       180 (0 bps)                           [0]
      Output bytes:                        0 (0 bps)                           [0]
      Input packets:                       3 (0 pps)                           [0]
      Output packets:                      0 (0 pps)                           [0]
    Traffic statistics:
      Input bytes:                       180                                   [0]
      Output bytes:                        0                                   [0]
      Input packets:                       3                                   [0]
      Output packets:                      0                                   [0]
    
    ​


    The output of monitor interface ae3.800 :

    Interface: ae3.800, Enabled, Link is Up
    Flags: SNMP-Traps 0x4000
    Encapsulation: VLAN-CCC
    VLAN-Tag [ 0x8100.700 0x8100.600-620 ]
    Local statistics:                                                Current delta
      Input bytes:                         0                                   [0]
      Output bytes:                        0                                   [0]
      Input packets:                       0                                   [0]
      Output packets:                      0                                   [0]
    Remote statistics:
      Input bytes:                       180 (0 bps)                           [0]
      Output bytes:                        0 (0 bps)                           [0]
      Input packets:                       3 (0 pps)                           [0]
      Output packets:                      0 (0 pps)                           [0]
    Traffic statistics:
      Input bytes:                       180                                   [0]
      Output bytes:                        0                                   [0]
      Input packets:                       3                                   [0]
      Output packets:                      0                                   [0]
    
    


    In my test I simply tried to ping the hosts on both sides. As you can see i have inputs packets on the interfaces but no output packets...

    Could someone help me please?

    Thank you

    PS: sorry for my bad English



    ------------------------------
    Michele Apruzzese
    ------------------------------