Hello
Some important information:
Top level encapsulation flex-eth and flex-vlan-tagging is not supported on
QFabric (QFX family) devices. That means you can't use a port that does ccc
with any other type of encap, i.e. vlan-bridge, ext-vlan-br, or set family inet
on a unit. Only MX with trio chipset can do that. If you did at *any other
point* configure some other units on there with different encaps, traffic will
remain one way. There is also a PR on the use of flex stuff on QFX that states
that at some points labels are not getting programmed properly and circuit will
stop working.
You don't need family ccc in the unit, only encap vlan-ccc
You should remove and RSVP-TE and static LSP config that you have to start
fresh and make it work only with LDP, then add complexity.
The pop/push operation on the unit is there to get a pure ethernet frame to
slap the LDP tag onto and possibly deliver untagged on the other side. It's not
necessary if you also deliver on a simple tagged unit on the other side. The
difference in the core network will be between ETHERNET-CCC and VLAN-CCC. You
don't need to force the encasulation type in config, this is automatic from
what you set on both sides.
Also, don't do ignore-mtu, but set the mtu to what you want as a value lower
than the physical interface mtu, the same on both sides.
I don't think QFX supports control-word.
Examples of what works:
Xe-X
vlan-tagging;
mtu 9216;
encapsulation vlan-ccc;
unit 538 {
encapsulation vlan-ccc;
no-traps;
vlan-id 538;
input-vlan-map pop;
output-vlan-map push;
}
interface xe-0/0/36.538 {
virtual-circuit-id 13911065;
no-control-word;
mtu 9000;
}
If you do use pop/push on the unit, make sure it's there on both sides. You can
also deliver untagged on the other side by doing something like this. It will
push the frame out untagged since you removed it accepting the packet
initially. Keep in mind this dedicates the port to that service.
mtu 9216;
encapsulation ethernet-ccc;
unit 0 {
no-traps;
family ccc;
}
interface xe-0/0/12.0 {
virtual-circuit-id 1385956;
no-control-word;
mtu 9000;
}
MX can have top flex-ethernet and flex-vlan tagging and mix and match stuff.
For the rest, config must stay the same.
Keep your stuff simple, leave as much as you can to the system to figure out
unless you absolutely need to force.
Cheers.
-----Original Message-----
From: juniper-nsp <[email protected]> On Behalf Of Liam Farr
Sent: July 18, 2019 11:26 AM
To: Heng Chai, Tan <[email protected]>
Cc: [email protected]
Subject: Re: [j-nsp] l2circuit between QFX-5110 & MX204 - one way traffic
Hi,
Tried as follows;
liam@NA-QFX5110-1# show interfaces xe-0/0/9 description "Temp Link to Arista";
vlan-tagging; mtu 9216; encapsulation flexible-ethernet-services; unit 123 {
encapsulation vlan-ccc;
vlan-id 123;
input-vlan-map pop;
output-vlan-map push;
family ccc;
}
liam@NA-QFX5110-1# show protocols l2circuit neighbor 192.168.68.3 {
interface xe-0/0/9.123 {
virtual-circuit-id 123;
no-control-word;
ignore-mtu-mismatch;
pseudowire-status-tlv;
}
}
liam@WN-MX204-1# show interfaces xe-0/1/3 description "ISPCO-WN-PVE-1 C0/F3
enp6s0f1"; flexible-vlan-tagging; mtu 9216; encapsulation
flexible-ethernet-services; unit 123 {
encapsulation vlan-ccc;
vlan-id 123;
input-vlan-map push;
output-vlan-map pop;
family ccc;
}
liam@WN-MX204-1# show protocols l2circuit neighbor 192.168.68.5 {
interface xe-0/1/3.123 {
virtual-circuit-id 123;
no-control-word;
ignore-mtu-mismatch;
pseudowire-status-tlv;
}
}
When I removed the l2circuit encapsulation altogether from both ends I got an
EM -- encapsulation mismatch on the l2circuit
I also tried encapsulation internetworking / ethernet-vlan / ethernet
At some point I did get mac learning both ways in that at the QFX end I could
see mac from the MX end, but haven't successfully managed to pass icmp / ping.
NA-ARISTA#show mac address-table vlan 123
Mac Address Table
------------------------------------------------------------------
Vlan Mac Address Type Ports Moves Last Move
---- ----------- ---- ----- ----- ---------
123 3606.b737.b463 DYNAMIC Et9 1 0:18:11 ago
123 6c3b.6bf0.9b0f DYNAMIC Et4 1 8:55:37 ago
Total Mac Addresses for this criterion: 2
Multicast Mac Address Table
------------------------------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
Total Mac Addresses for this criterion: 0
I've got an option to borrow a QFX-5110 tomorrow and set it up in a bit better
of a LAB config with a MX I have locally, where I can break things a bit more
without affecting prod traffic. That might be the go and rebuild some
l2circuits from scratch.
https://www.juniper.net/documentation/en_US/junos/topics/reference/general/mpls-limitations-qfx-series.html
*(QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600) When VLAN bridge
encapsulation is enabled on a CE connected interface, the switch drops packets
if both flexible Ethernet services and VLAN CCC encapsulations are configured
on the same logical interface. Only one can be configured, not both. For
example:set interfaces xe-0/0/18 encapsulation flexible-ethernet-services, or
set interfaces xe-0/0/18 encapsulation
vlan-ccc.*
As mentioned the above might be causing me issues, as I did have some sub
interfaces running vlan-bridge alongside the vlan-ccc interface on xe-0/0/9.
On Fri, 19 Jul 2019 at 02:20, Heng Chai, Tan <[email protected]> wrote:
> Try Alain's recommendation. I completely forgot about the input/output
> vlan part. You should have it on the MX as well, so that VLAN 123
> would be transmitted over the l2circuit.
>
> xe-<snip> {
> description <snip>
> flexible-vlan-tagging;
> mtu 9216;
> encapsulation flexible-ethernet-services;
> unit 123 {
> description <snip>
> encapsulation vlan-ccc;
> no-traps;
> vlan-id 123;
> input-vlan-map pop;
> output-vlan-map push;
> }
>
>
> Heng Chai, Tan
>
>
>
--
Kind Regards
Liam Farr
Maxum Data
+64-9-950-5302
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
