Task
In this lab, we will configure and verify Q-in-Q operation.
Step 1: MX5 configured with Access ports, and SW1 & SW2 port are standard access to verify physical connectivity.
MX5
interfaces {
ge-1/0/2 {
unit 0 {
family inet {
address 10.1.1.1/24;
}
}
}
ge-1/1/2 {
unit 0 {
family inet {
address 10.1.1.2/24;
}
}
}
}
protocols {
lldp {
interface all;
}
}
routing-instances {
R2 {
instance-type virtual-router;
interface ge-1/1/2.0;
routing-options {
router-id 10.1.1.2;
}
}
}
SW1
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching;
}
}
}
vlans {
QinQ_Vlan {
description "Test Q-in-Q VLAN";
vlan-id 111;
interface {
ge-0/0/2.0;
}
}
}
SW2
interfaces {
ge-1/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
ge-1/0/2 {
description "TEST to MX5";
unit 0 {
family ethernet-switching;
}
}
}
vlans {
QinQ_Vlan {
description "Test Q-in-Q VLAN";
vlan-id 111;
interface {
ge-1/0/2.0;
}
}
}
Verification:
admin@MX5> ping 10.1.1.2 PING 10.1.1.2 (10.1.1.2): 56 data bytes 64 bytes from 10.1.1.2: icmp_seq=0 ttl=64 time=0.582 ms 64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.530 ms ^C
Step 2: Convert the MX5 interfaces to the Dot1Q
R1 R2 connectivity will break, as the current switch configuration does not support Dot1Q config.
MX5
interfaces {
ge-1/0/2 {
vlan-tagging;
unit 0 {
vlan-id 100;
family inet {
address 10.1.1.1/24;
}
}
}
ge-1/1/2 {
vlan-tagging;
unit 0 {
vlan-id 100;
family inet {
address 10.1.1.2/24;
}
}
}
}
The pings fail as expected, because EX switches do not expected VLAN tagging on Access Ports.
admin@MX5> ping 10.1.1.2 count 5 rapid PING 10.1.1.2 (10.1.1.2): 56 data bytes ..... --- 10.1.1.2 ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss
Step 3: Convert the EX interfaces into a Q-in-Q
{master:0}[edit vlans QinQ_Vlan]
admin@SW1# set dot1q-tunneling customer-vlans 1-4094
{master:0}[edit vlans QinQ_Vlan]
admin@SW1# show
description "Test Q-in-Q VLAN";
vlan-id 111;
interface {
ge-0/0/2.0;
}
dot1q-tunneling {
customer-vlans 1-4094;
}
{master:0}[edit vlans QinQ_Vlan]
admin@SW1# commit
error: Trunk interface <ge-0/0/0.0> can not be memeber of both dot1q-tunneling enabled vlan <QinQ_Vlan>, and a non dot1q-tunneled vlan <TEST_VLAN> when dot1q-tunneling ethernet-type is not
error: configuration check-out failed
admin@SW1# top
{master:0}[edit]
admin@SW1# edit ethernet-switching-options
{master:0}[edit ethernet-switching-options]
admin@SW1# set dot1q-tunneling ether-type 0x
^
'0x' is ambiguous.
Possible completions:
0x8100 Dot1q ether-type value 0x8100
0x88a8 Dot1q ether-type value 0x88a8
0x9100 Dot1q ether-type value 0x9100
{master:0}[edit ethernet-switching-options]
admin@SW1# set dot1q-tunneling ether-type 0x8100
{master:0}[edit ethernet-switching-options]
admin@SW1# commit
Below is full Q-in-Q switch config:
SW1
ethernet-switching-options {
dot1q-tunneling {
ether-type 0x8100;
}
}
vlans {
QinQ_Vlan {
description "Test Q-in-Q VLAN";
vlan-id 111;
interface {
ge-0/0/2.0;
}
dot1q-tunneling {
customer-vlans 1-4094;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching;
}
}
}
SW2
ethernet-switching-options {
dot1q-tunneling {
ether-type 0x8100;
}
}
vlans {
QinQ_Vlan {
description "Test Q-in-Q VLAN";
vlan-id 111;
interface {
ge-1/0/2.0;
}
dot1q-tunneling {
customer-vlans 1-4094;
}
}
}
interfaces {
ge-1/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}
}
ge-1/0/2 {
unit 0 {
family ethernet-switching;
}
}
}
Verification:
admin@MX5> ping 10.1.1.2 count 5 rapid
PING 10.1.1.2 (10.1.1.2): 56 data bytes
!!!!!
--- 10.1.1.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.418/0.689/1.621/0.469 ms
admin@SW1> show configuration vlans
QinQ_Vlan {
description "Test Q-in-Q VLAN";
vlan-id 111;
interface {
ge-0/0/2.0;
}
dot1q-tunneling {
customer-vlans 1-4094;
}
}
admin@SW1> show vlans QinQ_Vlan extensive
VLAN: QinQ_Vlan, Created at: Tue Sep 11 09:20:46 2012
802.1Q Tag: 111, Internal index: 5, Admin State: Enabled, Origin: Static
Description: Test Q-in-Q VLAN
Dot1q Tunneling status: Enabled
Customer VLAN ranges:
1-4094
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 1 (Active = 1), Untagged 1 (Active = 1)
ge-0/0/0.0*, tagged, trunk
ge-0/0/2.0*, untagged, access
Step 5: Change MX5 interfaces to use no tagging interface
This is to test if current Q-in-Q support customer’s native VLAN without a tag.
admin@MX5> ping 10.1.1.2 PING 10.1.1.2 (10.1.1.2): 56 data bytes ^C --- 10.1.1.2 ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss
This confirms that the above Q-in-Q config does not support the native VLAN traffic.
Step 6: Change the Q-in-Q config to support customer native VLAN as well
To support customer untagged traffic, change the VLAN dot1q-tunneling configuration options:
admin@SW1> show configuration vlans QinQ_Vlan
description "Test Q-in-Q VLAN";
vlan-id 111;
interface {
ge-0/0/2.0;
}
dot1q-tunneling {
customer-vlans [ native 1-4094 ];
layer2-protocol-tunneling {
all;
}
}
admin@SW2> show configuration vlans QinQ_Vlan
description "Test Q-in-Q VLAN";
vlan-id 111;
interface {
ge-1/0/2.0;
}
dot1q-tunneling {
customer-vlans [ native 1-4094 ];
layer2-protocol-tunneling {
all;
}
}
admin@MX5> ping 10.1.1.2 count 2
PING 10.1.1.2 (10.1.1.2): 56 data bytes
64 bytes from 10.1.1.2: icmp_seq=0 ttl=64 time=0.604 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.530 ms
--- 10.1.1.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.530/0.567/0.604/0.037 ms
Step 7: Create virtual switches to verify that the Q-in-Q successfully carry the L2 control traffic (such as STP)
admin@MX5> show configuration interfaces
ge-1/0/2 {
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 100;
}
}
}
ge-1/1/2 {
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 100;
}
}
}
admin@MX5> show configuration routing-instances
CSW1 {
description "Virtual SW1";
instance-type virtual-switch;
interface ge-1/0/2.0;
protocols {
rstp {
bridge-priority 4k;
system-identifier a8:11:11:11:11:11;
interface ge-1/0/2;
}
}
}
CSW2 {
description "Virtual SW2";
instance-type virtual-switch;
interface ge-1/1/2.0;
protocols {
rstp {
bridge-priority 8k;
system-identifier a8:22:22:22:22:22;
interface ge-1/1/2;
}
}
}
admin@MX5> show lldp neighbors
Local Interface Chassis Id Port info System Name
ge-1/1/2 a8:d0:e5:55:26:b0 ge-1/0/2 MX5
ge-1/0/2 a8:d0:e5:55:26:b0 ge-1/1/2 MX5
This confirms that LLDP traffic is carried across Q-in-Q
Below show output confirm that RSTP is working across the Q-in-Q circuit. Note that switches agree on the same STP root, and the switch port roles are expected (designated, root).
admin@MX5> show spanning-tree bridge routing-instance CSW2
STP bridge parameters
Routing instance name : CSW2
Context ID : 2
Enabled protocol : RSTP
Root ID : 4096.a8:11:11:11:11:11
Root cost : 20000
Root port : ge-1/1/2
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
Message age : 1
Number of topology changes : 2
Time since last topology change : 1878 seconds
Local parameters
Bridge ID : 8192.a8:22:22:22:22:22
Extended system ID : 0
admin@MX5> show spanning-tree bridge routing-instance CSW1
STP bridge parameters
Routing instance name : CSW1
Context ID : 1
Enabled protocol : RSTP
Root ID : 4096.a8:11:11:11:11:11
Hello time : 2 seconds
Maximum age : 20 seconds
Forward delay : 15 seconds
Message age : 0
Number of topology changes : 3
Time since last topology change : 1938 seconds
Local parameters
Bridge ID : 4096.a8:11:11:11:11:11
Extended system ID : 0
admin@MX5> show spanning-tree interface routing-instance CSW2
Spanning tree interface parameters for instance 0
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-1/1/2 128:53 128:43 4096.a81111111111 20000 FWD ROOT
admin@MX5> show spanning-tree interface routing-instance CSW1
Spanning tree interface parameters for instance 0
Interface Port ID Designated Designated Port State Role
port ID bridge ID Cost
ge-1/0/2 128:43 128:43 4096.a81111111111 20000 FWD DESG
Note:
Note that the “monitor traffic interface” command can not be used to monitor traffic that is switched by EX interfaces, as it is not traffic handled by Routing Engine.
Reference:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB12259
http://www.juniper.net/techpubs/en_US/junos10.2/topics/concept/qinq-tunneling-ex-series.html
Packet Corner 