Mailing List Archive

Does QinQ work with VPLS on Juniper300?
Dear Juniper NSP,

We are trying to get QinQ working with VPLS on Juniper SRX300 but the
configuration of QinQ seems limited with VPLS as we cannot insert full QinQ
commands.
a. Below is my QinQ Configuration is working fine on Juniper SRX300 without
having any VPLS
set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 encapsulation extended-vlan-bridge
set interfaces ge-0/0/0 unit 467 vlan-id-list 1-4094
set interfaces ge-0/0/0 unit 467 input-vlan-map push
set interfaces ge-0/0/0 unit 467 output-vlan-map pop
set interfaces ge-0/0/0 unit 467 family ethernet-switching vlan members
VL467-TEST

b. Below is VPLS and QinQ configuration are not working
set routing-instances VLAN467 instance-type vpls
set routing-instances VLAN467 interface ge-0/0/0.467
set routing-instances VLAN467 protocols vpls encapsulation-type
ethernet-vlan
set routing-instances VLAN467 protocols vpls no-tunnel-services
set routing-instances VLAN467 protocols vpls vpls-id 467
set routing-instances VLAN467 protocols vpls ignore-mtu-mismatch
set routing-instances VLAN467 protocols vpls ignore-encapsulation-mismatch
set routing-instances VLAN467 protocols vpls neighbor 1.1.1.1

set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 encapsulation extended-vlan-bridge
set interfaces ge-0/0/0 unit 467 vlan-id-list 1-4094
set interfaces ge-0/0/0 unit 467 input-vlan-map push
set interfaces ge-0/0/0 unit 467 output-vlan-map pop
set interfaces ge-0/0/0 unit 467 family ethernet-switching vlan members
VL467-TEST (when apply this command, juniper srx300 does not allow us to
commit)

Does anyone here used to experience this issue? Could you please help to
advise how to get QinQ work with VPLS on Juniper 300? Many thanks for your
help in advance...

Kind regards,
Try Chhay
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: Does QinQ work with VPLS on Juniper300? [ In reply to ]
That's interesting. According to this page QinQ is not supported on
SRX300/320, not sure if that has anything to do with it?

Configuring Q-in-Q Tunneling on Security Devices - TechLibrary - Juniper
Networks
<https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/layer2-security-qinq-tunneling-srx-series-els.html>

NOTE Q-in-Q VLAN tagging is supported only on SRX340, SRX345, SRX550M, and
SRX1500 devices.

NOTE VLAN translation is supported on SRX300 and SRX320 devices and these
devices do not support Q-in-Q tunneling.

On Thu, Jan 28, 2021 at 6:11 AM Try Chhay <try.chhay@gmail.com> wrote:

> Dear Juniper NSP,
>
> We are trying to get QinQ working with VPLS on Juniper SRX300 but the
> configuration of QinQ seems limited with VPLS as we cannot insert full QinQ
> commands.
> a. Below is my QinQ Configuration is working fine on Juniper SRX300 without
> having any VPLS
> set interfaces ge-0/0/0 flexible-vlan-tagging
> set interfaces ge-0/0/0 encapsulation extended-vlan-bridge
> set interfaces ge-0/0/0 unit 467 vlan-id-list 1-4094
> set interfaces ge-0/0/0 unit 467 input-vlan-map push
> set interfaces ge-0/0/0 unit 467 output-vlan-map pop
> set interfaces ge-0/0/0 unit 467 family ethernet-switching vlan members
> VL467-TEST
>
> b. Below is VPLS and QinQ configuration are not working
> set routing-instances VLAN467 instance-type vpls
> set routing-instances VLAN467 interface ge-0/0/0.467
> set routing-instances VLAN467 protocols vpls encapsulation-type
> ethernet-vlan
> set routing-instances VLAN467 protocols vpls no-tunnel-services
> set routing-instances VLAN467 protocols vpls vpls-id 467
> set routing-instances VLAN467 protocols vpls ignore-mtu-mismatch
> set routing-instances VLAN467 protocols vpls ignore-encapsulation-mismatch
> set routing-instances VLAN467 protocols vpls neighbor 1.1.1.1
>
> set interfaces ge-0/0/0 flexible-vlan-tagging
> set interfaces ge-0/0/0 encapsulation extended-vlan-bridge
> set interfaces ge-0/0/0 unit 467 vlan-id-list 1-4094
> set interfaces ge-0/0/0 unit 467 input-vlan-map push
> set interfaces ge-0/0/0 unit 467 output-vlan-map pop
> set interfaces ge-0/0/0 unit 467 family ethernet-switching vlan members
> VL467-TEST (when apply this command, juniper srx300 does not allow us to
> commit)
>
> Does anyone here used to experience this issue? Could you please help to
> advise how to get QinQ work with VPLS on Juniper 300? Many thanks for your
> help in advance...
>
> Kind regards,
> Try Chhay
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: Does QinQ work with VPLS on Juniper300? [ In reply to ]
Dear Roger,

Many thanks for advising and sharing the link as the reference.

Kind regards,
Try Chhay

On Tue, Feb 2, 2021 at 3:09 AM Roger Wiklund <roger.wiklund@gmail.com>
wrote:

> That's interesting. According to this page QinQ is not supported on
> SRX300/320, not sure if that has anything to do with it?
>
> Configuring Q-in-Q Tunneling on Security Devices - TechLibrary - Juniper
> Networks
> <https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/layer2-security-qinq-tunneling-srx-series-els.html>
>
> NOTE Q-in-Q VLAN tagging is supported only on SRX340, SRX345, SRX550M,
> and SRX1500 devices.
>
> NOTE VLAN translation is supported on SRX300 and SRX320 devices and these
> devices do not support Q-in-Q tunneling.
>
> On Thu, Jan 28, 2021 at 6:11 AM Try Chhay <try.chhay@gmail.com> wrote:
>
>> Dear Juniper NSP,
>>
>> We are trying to get QinQ working with VPLS on Juniper SRX300 but the
>> configuration of QinQ seems limited with VPLS as we cannot insert full
>> QinQ
>> commands.
>> a. Below is my QinQ Configuration is working fine on Juniper SRX300
>> without
>> having any VPLS
>> set interfaces ge-0/0/0 flexible-vlan-tagging
>> set interfaces ge-0/0/0 encapsulation extended-vlan-bridge
>> set interfaces ge-0/0/0 unit 467 vlan-id-list 1-4094
>> set interfaces ge-0/0/0 unit 467 input-vlan-map push
>> set interfaces ge-0/0/0 unit 467 output-vlan-map pop
>> set interfaces ge-0/0/0 unit 467 family ethernet-switching vlan members
>> VL467-TEST
>>
>> b. Below is VPLS and QinQ configuration are not working
>> set routing-instances VLAN467 instance-type vpls
>> set routing-instances VLAN467 interface ge-0/0/0.467
>> set routing-instances VLAN467 protocols vpls encapsulation-type
>> ethernet-vlan
>> set routing-instances VLAN467 protocols vpls no-tunnel-services
>> set routing-instances VLAN467 protocols vpls vpls-id 467
>> set routing-instances VLAN467 protocols vpls ignore-mtu-mismatch
>> set routing-instances VLAN467 protocols vpls ignore-encapsulation-mismatch
>> set routing-instances VLAN467 protocols vpls neighbor 1.1.1.1
>>
>> set interfaces ge-0/0/0 flexible-vlan-tagging
>> set interfaces ge-0/0/0 encapsulation extended-vlan-bridge
>> set interfaces ge-0/0/0 unit 467 vlan-id-list 1-4094
>> set interfaces ge-0/0/0 unit 467 input-vlan-map push
>> set interfaces ge-0/0/0 unit 467 output-vlan-map pop
>> set interfaces ge-0/0/0 unit 467 family ethernet-switching vlan members
>> VL467-TEST (when apply this command, juniper srx300 does not allow us to
>> commit)
>>
>> Does anyone here used to experience this issue? Could you please help to
>> advise how to get QinQ work with VPLS on Juniper 300? Many thanks for your
>> help in advance...
>>
>> Kind regards,
>> Try Chhay
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: Does QinQ work with VPLS on Juniper300? [ In reply to ]
Roger Wiklund <roger.wiklund@gmail.com> writes:

> That's interesting. According to this page QinQ is not supported on
> SRX300/320, not sure if that has anything to do with it?

Just a little comment in case someone else needs QinQ on small SRXs:

Layer 3 termination of QinQ does work on SRX, even if VPLS does
not. That is unlikely to help the original poster, but others might find
it useful.

I.e. you can do this kind of thing on a plain SRX300:

ge-0/0/5 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 20 {
vlan-tags outer 0x8100.300 inner 0x8100.20;
family inet {
address 198.18.1.2/30;
}
}
}

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp