Push a SVLAN onto ingress CVLANs for a CCC l2circuit... whilst picking off a mgmt VLAN to go to another CCC l2circuit

View Only

last person joined: yesterday

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

Back to discussions

Expand all | Collapse all

Push a SVLAN onto ingress CVLANs for a CCC l2circuit... whilst picking off a mgmt VLAN to go to another CCC l2circuit

1. Push a SVLAN onto ingress CVLANs for a CCC l2circuit... whilst picking off a mgmt VLAN to go to another CCC l2circuit

Recommend
STEVEN MADDOX
Posted 12-16-2024 10:46
Edited by Jodi Meier 12-16-2024 10:45

Reply Reply Privately
Best explained with a diagram... (the port shown here is on a QFX 5100)

Single-tagged VLANS 2-513,1000 ingress | | | \_/ ----------------- | | | ge-0/0/6    | | | ----------------- | | | | if VLAN if VLAN 2-513 then 1000 swap push outer that to be VLAN 1234 VLAN 42 | | | | send CVLAN send single & SVLAN tagged VLAN inside a 42 inside l2circuit a l2circuit | | | | ----------- ----------- | | | | | vc id 5 | | vc id 9 | | | | | ----------- -----------

These virtual circuits are encapsulated as circuit cross-connect (CCC) l2circuits and connect to logical-tunnel units on an MX960 (which are peered with another unit that then pops them into two different VPLS routing instances)

Example config...

QFX side...

[...]
interfaces {
[...]
ge-0/0/6 {
flexible-vlan-tagging;
mtu 1800;
encapsulation flexible-ethernet-services;
unit 2 {
description "Test NNI - CCC for customer VLANs";
encapsulation vlan-ccc;
vlan-id-list 2-513;
input-vlan-map {
push;
vlan-id 1234;
}
output-vlan-map pop;
}
unit 1000 {
description "Test NNI - CCC for management";
encapsulation vlan-ccc;
vlan-id 1000;
input-vlan-map {
swap;
vlan-id 42;
}
output-vlan-map swap;
}
}
[...]
}
[...]
protocols {
l2circuit {
neighbor 192.168.0.1 {
[...]
interface ge-0/0/6.2 {
virtual-circuit-id 5;
description "Test NNI - CCC for customer VLANs";
mtu 1800;
}
interface ge-0/0/6.1000 {
virtual-circuit-id 9;
description "Test NNI - CCC for management";
mtu 1800;
}
[...]
}
[...]
}
[...]
}
[...]

MX side...

[...]
interfaces {
[...]
lt-1/1/0 {
logical-tunnel-options {
per-unit-mac-disable;
}
[...]
unit 1102 {
description "Test NNI - CCC for customer VLANs";
encapsulation vlan-ccc;
mtu 1800;
vlan-id 1234;
peer-unit 1101;
family ccc;
}
unit 1101 {
description "Test NNI - CCC for customer VLANs";
encapsulation vlan-vpls;
mtu 1800;
vlan-id 1234;
peer-unit 1102;
family vpls;
}
}
[...]
lt-1/3/0 {
logical-tunnel-options {
per-unit-mac-disable;
}
[...]
unit 1202 {
description "Test NNI - CCC for management";
encapsulation vlan-ccc;
mtu 1800;
vlan-id 42;
peer-unit 1201;
}
unit 1201 {
description "Test NNI - CCC for management";
encapsulation vlan-vpls;
mtu 1800;
vlan-id 42;
peer-unit 1202;
}
}
[...]
}
[...]
protocols {
[...]
l2circuit {
neighbor 192.168.0.2 {
[...]
interface lt-1/3/0.1202 {
virtual-circuit-id 9;
description "Test NNI - CCC for management";
mtu 1800;
}
interface lt-1/1/0.1102 {
virtual-circuit-id 5;
description "Test NNI - CCC for customer VLANs";
mtu 1800;
}
[...]
}
[...]
}
[...]
routing-instances {
[...]
management-vpls {
instance-type vpls;
vlan-id all;
interface lt-1/1/0.1201;
[...]
route-distinguisher 192.168.0.1:65002;
vrf-target target:65002:0;
protocols {
vpls {
no-tunnel-services;
site MX960 {
automatic-site-id;
}
connectivity-type permanent;
}
}
}
[...]
customer-vpls {
instance-type vpls;
vlan-id all;
interface lt-1/1/0.1101;
[...]
route-distinguisher 192.168.0.1:65001;
vrf-target target:65001:0;
protocols {
vpls {
no-tunnel-services;
site MX960 {
automatic-site-id;
}
connectivity-type permanent;
}
}
}
[...]
}
[...]

No matter which way we've tried to configure this, we always find that the CVLAN data (VLANs 2-513 inside SVLAN 1059) never make it through. But the management data (VLAN 1000 swapped to VLAN 41) works fine.

So we think it's something to do with the vlan-id-list being used.

We've also tried connecting virtual circuit 5 to a port on another QFX instead (just so we can easily examine the traffic coming out of it) and nothing seems to come through.

Yet the status of these virtual circuits is up, no issues are shown there.

Our guess is that we're mixing switch-chip functions with non-switch-chip functions which won't work... can anyone propose an alternative way of doing this?

Short of using two physical ports connected directly together... or asking the upstream (that we've taken an NNI from) for a second link, just for management!
2. RE: Push a SVLAN onto ingress CVLANs for a CCC l2circuit... whilst picking off a mgmt VLAN to go to another CCC l2circuit

Recommend
MFB
Posted 12-17-2024 15:44

Reply Reply Privately
Hi Steven,

It seems the L2 circuit extends to your switches is that correct or do you stitch between your switch and MX or do you have a trunk from the QFX carrying only conventional or traditional L2 from the switch to the routers and then gets placed into the CCC ? We have had some limitations with the QFX5100 due to chip functions but the use cased were a bit deferent from your setup.

Original Message
3. RE: Push a SVLAN onto ingress CVLANs for a CCC l2circuit... whilst picking off a mgmt VLAN to go to another CCC l2circuit

Recommend
STEVEN MADDOX
Posted 05-12-2025 08:29
Edited by STEVEN MADDOX 05-12-2025 08:31

Reply Reply Privately
@MFB I think I'm having trouble understanding what exactly your question is, if there is one? All the information needed about the scenario should be above already.

In the end, the only way we could make this work... was to use 'encapsulation vlan-bridge' on BOTH the units along with using another two physical ports and a DAC that connected them together.

When we tried only doing 'encapsulation vlan-bridge' on unit 2 alone... then we'd find management wouldn't pass data on unit 1000. So we had to do it to both!

We'd still like to know of a better way than this! If anyone reads this,... even years from now!

**REVISED** QFX side... (using vlan-bridge)

[...] interfaces { [...] ge-0/0/6 { flexible-vlan-tagging; mtu 1800; encapsulation flexible-ethernet-services; unit 2 { description "Test NNI - CCC for customer VLANs"; encapsulation vlan-bridge; vlan-id-list 2-513; input-vlan-map { push; vlan-id 1234; } output-vlan-map pop; } unit 1000 { description "Test NNI - CCC for management"; encapsulation vlan-bridge; vlan-id 1000; input-vlan-map { swap; vlan-id 42; } output-vlan-map swap; } } [...] et-0/0/48 { flexible-vlan-tagging; mtu 1800; encapsulation flexible-ethernet-services; unit 42 { encapsulation vlan-bridge; vlan-id 42; } unit 2 { encapsulation vlan-bridge; vlan-id 1234; } } [...] et-0/0/49 { flexible-vlan-tagging; mtu 1800; encapsulation flexible-ethernet-services; unit 42 { encapsulation vlan-ccc; vlan-id 42; } unit 2 { encapsulation vlan-ccc; vlan-id 1234; } } [...] } [...] protocols { l2circuit { neighbor 192.168.0.1 { [...] interface et-0/0/48.2 { virtual-circuit-id 5; description "Test NNI - CCC for customer VLANs"; mtu 1800; } interface et-0/0/48.42 { virtual-circuit-id 9; description "Test NNI - CCC for management"; mtu 1800; } [...] } [...] } [...] } vlans { mgmt42 { interface ge-0/0/6.1000; interface et-0/0/48.42; } qinq2 { interface ge-0/0/6.2; interface et-0/0/48.2; } [...]
4. RE: Push a SVLAN onto ingress CVLANs for a CCC l2circuit... whilst picking off a mgmt VLAN to go to another CCC l2circuit

Recommend
Dmitriy
Posted 05-13-2025 04:18

Reply Reply Privately
Hi Steven,

Try to check with this config:

QFX

ge-0/0/6 {
flexible-vlan-tagging;

native-vlan-id 1234; # S-VLAN added at the top

input-native-vlan-push enable; # (Optional) try without this statement at first

mtu 1800;
encapsulation flexible-ethernet-services;
unit 2 {
description "Test NNI - CCC for customer VLANs";
encapsulation vlan-ccc;
vlan-id-list 2-513; # C-VLANS numbers

input-vlan-map push;
output-vlan-map pop;

unit 1000 {
description "Test NNI - CCC for management";
encapsulation vlan-ccc;
vlan-id 1000;
input-vlan-map {
swap;
vlan-id 42;
}
output-vlan-map swap;

Afaik that config doesn't add vlan 1234 as a S-Tag at the top:

input-vlan-map {
push;
vlan-id 1234;
}

# set unit 2 input-vlan-map push ?
Possible completions:
<[Enter]> Execute this command
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
inner-vlan-id VLAN ID to rewrite for inner tag (0..4094)
vlan-id VLAN ID to rewrite (0..4094)
| Pipe through a command

------------------------------
WBW,
Dmitriy
------------------------------

Original Message
5. RE: Push a SVLAN onto ingress CVLANs for a CCC l2circuit... whilst picking off a mgmt VLAN to go to another CCC l2circuit

Recommend
STEVEN MADDOX
Posted 05-15-2025 10:14

Reply Reply Privately
Wouldn't that take VLAN 1000, swap it to VLAN 42 and push VLAN 1234 on to it ? so SVLAN 1234 and CVLAN 42 ?

That's not the goal.

The goal is to only double tag the stuff on unit 2

------------------------------
STEVEN MADDOX
------------------------------

Original Message

Switching

Push a SVLAN onto ingress CVLANs for a CCC l2circuit... whilst picking off a mgmt VLAN to go to another CCC l2circuit

STEVEN MADDOX12-16-2024 10:46

MFB12-17-2024 15:44

STEVEN MADDOX05-12-2025 08:29

Dmitriy05-13-2025 04:18

STEVEN MADDOX05-15-2025 10:14

1. Push a SVLAN onto ingress CVLANs for a CCC l2circuit... whilst picking off a mgmt VLAN to go to another CCC l2circuit

2. RE: Push a SVLAN onto ingress CVLANs for a CCC l2circuit... whilst picking off a mgmt VLAN to go to another CCC l2circuit

3. RE: Push a SVLAN onto ingress CVLANs for a CCC l2circuit... whilst picking off a mgmt VLAN to go to another CCC l2circuit

4. RE: Push a SVLAN onto ingress CVLANs for a CCC l2circuit... whilst picking off a mgmt VLAN to go to another CCC l2circuit

5. RE: Push a SVLAN onto ingress CVLANs for a CCC l2circuit... whilst picking off a mgmt VLAN to go to another CCC l2circuit