Junos
Highlighted
Junos

L2 VPN with QinQ port

‎11-10-2015 03:42 AM

hi,

 

I want to find out about the following scenario and how to set it up.

we will have multiple customers connected an an access switch with a Q-in-Q trunk port heading back to an MX box.

we want to place the customers frames into a single L2 VPN instance depending on the outer Qtag.

The L2VPN will run on Outer Qtag and when end PE receives the L2VPN data, it will handover same VLANS to its CE Switch.

Can this be done and what do I need?

 

thanks JNCIS-M, JNCIS-SEC

4 REPLIES 4
Highlighted
Junos

Re: L2 VPN with QinQ port

‎11-10-2015 05:16 AM

For clarification, each customer-facing port will be configured as a Q-in-Q port and your core-facing port will carry a selection of S-VLANs, each with one or more C-VLANs, correct? Also, when you say "single L2 VPN instance", do you mean each S-VLAN (outer tag) will be put into its own individual L2VPN instance? I would guess that's what you mean, but want to make sure.

 

There shouldn't be any issue with this on MX or even M-Series with IQ2 PICs. Depending on how you have your L2 circuits or VPNs configured, you may need to use VLAN manipulation on the MX port(s) to the switch:

 

https://www.juniper.net/techpubs/en_US/junos-space14.1/topics/concept/layer2-provisioning-vlan-manip...

 

If you're asking about what hardware you'll need, any MX would do, but you'd likely want to get a DPC (not recommended, as it's older kit) or an MPC/MIC combination that supports per-unit scheduling to maintain QoS on each logical unit.

Highlighted
Junos

Re: L2 VPN with QinQ port

‎11-12-2015 10:14 AM

Hi Evt,

 

Yes your understanding is correct. following is example :

 

Customer has 3 vlans (100,110 and 120) they want to communicate with other site same vlan's.

 

My idea is to create a single L2 VPN in two sites to provide these vlans connectivity.

 

i was trying to propose one vlan (vlan 130) which is outer vlan and inner vlans will be 100,110,120. and there will be a single L2VPN on outer vlan between two sites.

 

I wanted to see any sample config for this requirement.

 

 

thanks

Vijay P

Highlighted
Junos

Re: L2 VPN with QinQ port

‎11-12-2015 04:03 PM

Assuming you have LDP or RSVP LSPs configured, this is a typical setup we use on the MX:

 

set interfaces ge-1/1/1 encapsulation flexible-ethernet-services

set interfaces ge-1/1/1 mtu 9192

set interfaces ge-1/1/1 unit 10000 flexible-vlan-tagging

set interfaces ge-1/1/1 unit 10000 encapsulation vlan-ccc
set interfaces ge-1/1/1 unit 10000 vlan-id 130
set interfaces ge-1/1/1 unit 10000 family ccc

set protocols l2circuit neighbor 192.0.2.10 interface ge-1/1/1.10000 virtual-circuit-id 1122
set protocols l2circuit neighbor 192.0.2.10 interface ge-1/1/1.10000 description customer-a
set protocols l2circuit neighbor 192.0.2.10 interface ge-1/1/1.10000 mtu 1600
set protocols l2circuit neighbor 192.0.2.10 interface ge-1/1/1.10000 encapsulation-type ethernet
set protocols l2circuit neighbor 192.0.2.10 interface ge-1/1/1.10000 pseudowire-status-tlv

 

The other end of the pseudowire is exactly the same, just with the opposite end's loopback specified as the neighbor.  There doesn't seem to be a requirement to separate traffic out by C-VLAN, so all C-VLANs would be dumped into this L2circuit unmodified.

 

Now if you happen to have mis-matched VLANs on either side, you would simply perform some VLAN manipulation on either end. Let's say you have S-VLAN 130 configured on the A-side and S-VLAN 250 configured on the Z-side, the configuration would be the same as above with something like the following:

 

set interfaces ge-1/1/1 unit 10000 input-vlan-map pop

set interfaces ge-1/1/1 unit 10000 output-vlan-map push

 

And the same configured on the other side.

Highlighted
Junos

Re: L2 VPN with QinQ port

‎06-26-2018 08:32 PM

Hi Evt

 

If it's interface ae for another side, can I use the configuration you suggest  ?

Or need to modify another encapsulation ?

 

thanks 

Cloud

Feedback