[j-nsp] MX: bridge-domains and l2circuit

[Jonas Frey (Probe Networks)]

Hello all,

i am trying to build a l2circuit on a MX. The problem is that the vlan
that needs to be included in the l2circuit comes via xe-1/0/0 which is
configured in bridge mode:
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list [ 20 30 40 ];
}

I need to build this l2circuit with vlan 20.

However when configuring the l2circuit i do not have a interface to use
as the bridge doesnt create any subinterface for the vlan.

neighbor xxx {
interface ??? {
virtual-circuit-id 20;

I cant configure any subinterface on xe-1/0/0 (like unit 1....) because
bridge mode prohibits that.

How can i get this to work?

Best regards,
Jonas

[Chris Kawchuk]

You'll need to declare your xe- port with flexible-ethernet-services, so you can do per-unit encapsulations.

interfaces {
xe-1/0/0 {
vlan-tagging;
encapsulation flexible-ethernet-services;
unit 20 {
encapsulation vlan-ccc;
vlan-id 20;
}
unit 100 {
encapsulation vlan-bridge;
vlan-id 100;
}
}
}

neighbor xxx {
interface xe-1/0/0.20 {
virtual-circuit-id 20;
...
...
}
}

> _______________________________________________
> juniper-nsp mailing list junip...@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list junip...@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[Jonas Frey (Probe Networks)]

Hi Chris,

that does not work...

edge# show interfaces xe-1/0/0
vlan-tagging;
encapsulation flexible-ethernet-services;

unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list [ 20 30 40 ];
}
}

unit 1 {
encapsulation vlan-ccc;
vlan-id 20;
}

If i do commit now, this fails as the vlan 20 is already used for the
bridge on unit 0. If i remove the vlan 20 from unit 0 then the vlan is
no longer member of the bridge (show bridge domain). But i need it to be
member of that bridge since that vlan goes out on other ports to local
switches.

edge# show bridge-domains testbridge
domain-type bridge;
vlan-id 20;

What i need to do is to get the VLAN 20 working locally on the bridge
(various ports) as well as getting it connected to a somewhat pseudo
interface to attached it as a l2circuit.

--
Mit freundlichen Grüßen / Best regards,
Jonas Frey

----------------------------------------------------------------
Probe Networks Jonas Frey e-Mail: j...@probe-networks.de
Auf Strützberg 26 D-66663 Merzig
Tel: +(49) (0) 180 5959723* Fax: +(49) (0) 180 5998480*
* (14 Ct./min Festnetz, Mobilfunk ggf. abweichende Preise)
Internet: www.probe-networks.de Hotline: 0800 1656531
----------------------------------------------------------------

Diese E-Mail enthaelt moeglicherweise vertrauliche und/oder rechtlich
geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind
oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte
sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
Kopieren sowie die unbefugte Weitergabe dieser Mail ist strengstens
untersagt.

This e-mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and destroy this e-mail. Any
unauthorised copying, disclosure or distribution of the contents of this
e-mail is strictly prohibited.

------------------------------------------

[Chris Kawchuk]

Ahh, slightly different issue then.

First off, once you use that flexible-ethernet-services, you should be declaring each vlan separately and manually add them into the bridge-domain config (i.e. bridge-domain VLAN20 interface xe-1/0/0.x). Anyways, that's not what we're attempting to do here. =)

What you're looking for is to stitch an l2circuit into a bridge-domain (not pick off a VLAN off an interface and turn that into a CCC/L2circuit - different solution). Perhaps a logical-tunnel here may help. (i.e. lt-x/x/x.x interface). I have stitched l2circuits/ccc's into VPLS domains before; I assume the same theory holds true.

Have a look at using the tunnel-services on your MX DPC card. Apologies in advance as I'm writing this in pseudo-code from memory (i.e. un-tested, more of a general idea as to a direction to explore):

chassis {
fpc 1 {
pic 3 {
tunnel-services {
bandwidth 1g;
}
}
}
}

interfaces {
lt-1/3/10 {
unit 1 {
encapsulation vlan-ccc;
peer-unit 2;
}
unit 2 {
encapsulation vlan-bridge;
peer-unit 1;
}
}

bridge-domains {
VL20 {
domain-type bridge;
vlan-id 20;
interface lt-1/3/10.2;
.....other access interfaces go here;
}
}

neighbor xxx {
interface lt-1/3/10.1 {
virtual-circuit-id 20;
...
...
}
}

- Chris.

[OBrien, Will]

To implement tagged interfaces with bridge domains, I use irb interfaces. This is directly from my production box with a little scrubbing.

xe-0/0/0 {
description "blah uplink";
per-unit-scheduler;
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 200 {
encapsulation vlan-bridge;
vlan-id 200;
}
unit 201 {
encapsulation vlan-bridge;
vlan-id 201;
}
}

irb {
unit 200 {
family inet {
inactive: filter {
input I2Inbound;
output I2Outbound;
}
service {
input {
service-set i2-napt service-filter i2-nat-in;
}
output {
service-set i2-napt service-filter i2-nat-out;
}
}
address x.x.x.x/30;
}
}
unit 201 {
family inet {
filter {
input PolicerIn;
output PolicerOut;
}
service {
input {
service-set i1-napt service-filter i1-nat-in;
}
output {
service-set i1-napt service-filter i1-nat-out;
}
}
address x.x.x.x/30;
}
}
}

show configuration bridge-domains

vlan-200 {
domain-type bridge;
vlan-id 200;
interface xe-0/0/0.200;
routing-interface irb.200;
}
vlan-201 {
domain-type bridge;
vlan-id 201;
interface xe-0/0/0.201;
routing-interface irb.201;

[Jonas Frey (Probe Networks)]

Thanks to all who replied, i got this working the way Chris described
(via lt tunnels).

I also tried the new iw0 interfaces as per juniper documentation but it
didnt work. Bridge-domains wont let me add a iw0.x interface to the
bridge and i was unable to find anymore information on howto correctly
configure this (probably because its pretty new).

Best regards,
Jonas

[Ivan Ivanov]

Hello Jonas,

Could you share with us working configuration? Because when I try to stitch
both units of lt- interface I got error 'encapsulation mismatch'.

Thanks!

--
Best Regards!

Ivan Ivanov

[Humair Ali]

> Would something like this work ?
>
> lt-0/0/0 {
>
> unit 0 {
>
> encapsulation vlan-ccc;
>
> vlan-id 100;
>
> peer-unit 1;
>
> }
>
> unit 1 {
>
> encapsulation vlan-bridge;
>
> vlan-id 100;
>
> peer-unit 0;
>
> }
>
> }
>
> ge-0/1/5 {
>
> flexible-vlan-tagging;
>
> encapsulation flexible-ethernet-services;

>
> unit 100 {
>
> encapsulation vlan-bridge;
>
> vlan-id 100;
>
> }
>
> }
>

> ge-0/2/5 {
>
> flexible-vlan-tagging;
>
> encapsulation flexible-ethernet-services;

>
> unit 100 {
>
> encapsulation vlan-bridge;
>
> vlan-id 100;
>
> }
>
> }
>

> l2circuit {
>
> neighbor 10.1.1.1 {
>
> interface lt-0/0/0.0 {
>
> virtual-circuit-id 10;
> /////
>
> bridge-domains {
>
> bridge-l2cct {
>
> domain-type bridge;
>
> interface ge-0/1/5.100;
>
> interface ge-0/2/5.100;
>
> interface lt-0/0/0.1;

> --
> Humair
>
>

--
Humair

[Jonas Frey (Probe Networks)]

Hello Ivan,

as Humair already pointed out you need to have encapsulation vlan-bridge
and vlan-ccc on one of each of the lt- interfaces.

Best regards,
Jonas

[Ivan Ivanov]

Thank you,

It seams that the problem is that I am trying to stitch from one side
'encapsulation vlan-bridge' and from the other 'encapsulation vlan-vpls'.
vlan-vpls on both ends again returns 'encapsulation mismatch'

Maybe this is not supported between two bridge domains.

Thank you again!

On Thu, Oct 13, 2011 at 23:25, Jonas Frey (Probe Networks) <