Re: [j-nsp] Juniper EX/QFX vlan-id-list limitation

[Olivier Benghozi]

Our QinQ usage model is many UNIs toward one NNI, therefore we never have 
several QinQ stuff per UNI. Maybe it's the difference between your usage and 
ours ?
If you need to have several QinQ svlans on one UNI port, I guess you'll be 
bitten again by the number of IDs limit (but maybe several ranges are 
possible?).


Anyway, here are the QinQ configs we use on EX4600 (so: ELS style):


NNI interface (also using real vlans on unit 0, completely independent of QinQ 
ones – this mix works only on 4600, not on smaller switches):

    ae0 {
        flexible-vlan-tagging;
        mtu 9216;
        encapsulation flexible-ethernet-services;
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ some vlan we use as real vlans, having nothing to 
do with QinQ ];
                }
            }
        }
        unit 3000 {
            description "Q-in-Q My Customer 1";
            encapsulation vlan-bridge;
            vlan-id 3000;
        }
        unit 3001 {
            description "Q-in-Q  My Customer 2";
            encapsulation vlan-bridge;
            vlan-id 3001;
        }
    }



UNI interfaces:

    ae3 {
        description "My Customer 1";
        flexible-vlan-tagging;
        mtu 9216;
        encapsulation extended-vlan-bridge;
        unit 3000 {
            description "Q-in-Q My Customer 1";
            vlan-id-list 2-4094;
            input-vlan-map push;
            output-vlan-map pop;
        }
    }
    ae4 {
        description "My Customer 2";
        flexible-vlan-tagging;
        native-vlan-id 1;
        mtu 9216;
        encapsulation extended-vlan-bridge;
        unit 3001 {
            description "Q-in-Q My Customer 2";
            vlan-id-list 1-4094;        
            input-vlan-map push;
            output-vlan-map pop;
        }
    }


QinQ vlans:

vlans {
    qinq-3000 {
        description "Q-in-Q My Customer 1";
        interface ae0.3000;
        interface ae3.3000;
        switch-options {
            no-mac-learning;
        }
    }
    qinq-3001 {
        description "Q-in-Q My Customer 2";
        interface ae0.3001;
        interface ae4.3001;
        switch-options {
            no-mac-learning;
        }
    }
}


> Le 13 août 2020 à 23:04, Robin Williams <robin.willi...@tnp.net.uk> a écrit :
> 
> Hi Olivier,
> 
> Thanks for the reply - it does seem rather odd that I can't do on a new high 
> end EX or QFX switch, what I used to be able to do on a bottom end EX2200 
> with the dot1q-tunnelling stanza.
> 
> Regarding your workaround - were you running this config on the same physical 
> interface?  As that won't commit in this scenario (as it presumably doesn't 
> know which vlans to push into which outer..)
> 
> flexible-vlan-tagging;
> encapsulation extended-vlan-bridge;
> unit 3104 {
>    vlan-id-list 1-4094;
>    input-vlan-map push;
>    output-vlan-map pop;
> }
> unit 3107 {
>    vlan-id-list 1-4094;
>    input-vlan-map push;
>    output-vlan-map pop;
> }
> 
> {master:0}[edit interfaces ge-0/0/1]
> # commit check
> [edit interfaces ge-0/0/1]
>  'unit 3107'
>    duplicate VLAN-ID on interface
> error: configuration check-out failed
> 
> Cheers,
> Rob
> 
> 
> 
> 
> 
> -----Original Message-----
> From: juniper-nsp <juniper-nsp-boun...@puck.nether.net> On Behalf Of Olivier 
> Benghozi
> Sent: 12 August 2020 19:12
> To: juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] Juniper EX/QFX vlan-id-list limitation
> 
> Hi,
> 
> We miraculously found this doc before implementing such QinQ conf on EX4600 
> (that are low end QFX5100).
> So we didn't try to test the switch with this case, and we directly used such 
> config: instead of vlan-id-list [some ids], we (nearly) always use the same 
> one everywhere: vlan-id-list 2-4094. Problem fixed before it appeared.
> 
> Sometimes we use vlan-id-list 1-4094 and native-vlan 1, when some untagged 
> traffic must be carried too – in this case the untagged traffic is 
> double-tagged on the NNI port with dot1q tag 1 as cvlan – there's a thread 
> about that in this mailing-list by the way.
> 
> 
>> Le 12 août 2020 à 18:18, Robin Williams via juniper-nsp 
>> <juniper-nsp@puck.nether.net> a écrit :
>> 
>> Has anyone come across PR1395312 before?
>> 
>> “On ACX/EX/QFX platforms, if VLAN ID lists are configured under a single 
>> physical interface, Q-in-Q might stop working for certain VLAN ID lists”.
>> 
>> [...]
>> 
>> interfaces {
>>   xe-0/1/0 {
>>       flexible-vlan-tagging;
>>       encapsulation extended-vlan-bridge;
>>       unit 3104 {
>>           vlan-id-list [ 1102 1128 1150 1172 4000 4001 4002 4003];
>>           input-vlan-map push;
>>           output-vlan-map pop;
>>       }
>> 
>> The docs page for ‘vlan-id-lists’ does mention:
>> https://www.juniper.net/documentation/en_US/junos/topics/reference/con
>> figuration-statement/vlan-id-list-edit-bridge-domains.html
>> 
>> “WARNING On some EX and QFX Series switches, if VLAN identifier list 
>> (vlan-id-list) is used for Q-in-Q tunnelling, you can apply no more than 
>> eight VLAN identifier lists to a physical interface.”

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp