Solved

Q-in-Q and SPBM

  • 20 April 2021
  • 8 replies
  • 74 views

We are testing a Q-in-Q link to an internet service provider in our city. I have a few test VLANs at the remote site. The provider’s Q-in-Q tag is stripped on a Juniper ex4600 that connects to one of our VSP7254s. The remote site VLAN gateways are on the VSP7254. I can ping the layer 3 logical interface for each VLAN at the remote site. We also have an SPBM cloud so I’m trying to extend the remote VLANs to our main office (Site-A), but am not having success. I have created the VLANs and mapped them to i-sids on the 7254 and on the 4450 at Site-A. I created an untagged port for one of the test VLANs and connected an edge device to the port and assigned it an IP in one of the test VLANs. At this time I cannot even ping the gateway, but the 7254 does see the MACs. Any thoughts on what could be missing? Here is a basic diagram of the setup plus the out put of the MACs on the 7254.

 

Data-Center-1:1#sh vlan mac-address-entry 2997

===============================================================================
                                    Vlan Fdb
===============================================================================
VLAN                     MAC                                                SMLT                       
ID         STATUS     ADDRESS              INTERFACE      REMOTE   TUNNEL            
----------------------------------------------------------------------------------------------------
2997    learned      c4:00:ad:fe:0f:83    Port-2/2            false           VSP-4450
2997    self            d4:78:56:96:b5:13  Port-cpp            false           -                 
2997    learned      f0:64:26:5f:9c:83    Port-1/1            false            -                

icon

Best answer by Ludovico Stevens 20 April 2021, 19:34

None of those VSPs have a vIST configured ? If yes, the I-SIDs must be configured on both vIST peers.

View original

8 replies

YES! Adding the vlan & i-sid on the other VSP7254 did the trick! :grinning:

Thanks!!

Here is confirmation of the matching i-sids. We have a lot of other sites on our SPBM cloud and they are all working fine.

Data-Center-1:1#sh vlan i-sid | inc 299
2997       102997              
2998       102998              
VSP4450:1#sh vlan i-s | inc 299  
************************************************************************************
                Command Execution Time: Tue Apr 20 12:29:03 2021 CDT
************************************************************************************
2997       102997              
2998       102998      

Here is confirmation of the VLAN configuration & port assignment on the 4450. 

VSP4450:1#show vlan mem 2997
************************************************************************************
                Command Execution Time: Tue Apr 20 12:30:51 2021 CDT
************************************************************************************

===============================================================================
                                   Vlan Port
===============================================================================
VLAN   PORT             ACTIVE             STATIC             NOT_ALLOW         
ID        MEMBER         MEMBER             MEMBER             MEMBER            
----------------------------------------------------------------------------------------------------
2997   1/9                  1/9                                                      

VSP4450:1#sh run | inc 1/9
************************************************************************************
                Command Execution Time: Tue Apr 20 12:32:43 2021 CDT
************************************************************************************
vlan members 2997 1/9 portmember

VSP4450:1#sh run | inc vlan    
************************************************************************************
                Command Execution Time: Tue Apr 20 12:33:41 2021 CDT
************************************************************************************
vlan create 2997 type port-mstprstp 0
vlan members 2997 1/9 portmember
vlan i-sid 2997 102997

Ping results to the layer 3 interfaces at the edge site (192.168.197.15 & 192.168.198.15) and to my edge device (192.168.197.77).

Data-Center-1:1#ping 192.168.197.15
192.168.197.15 is alive
Data-Center-1:1#ping 192.168.198.15
192.168.198.15 is alive
Data-Center-1:1#ping 192.168.197.77
ping: timeout
no answer from 192.168.197.77

I can see my edge device’s MAC on the VSP7254 after I try to ping.

edge-device# sho info

Model Name       : EKI-7712G-4FMPI

System Name      : BENS DESK
System Location  : BENS DESK
MAC Address      : C4:00:AD:FE:0F:83
IP Address       : 192.168.197.77
Subnet Mask      : 255.255.255.0

Data-Center-1:1#sh vlan mac-address-entry 2997

==============================================================================
                                    Vlan Fdb
==============================================================================
VLAN                    MAC                                               SMLT                       
ID        STATUS     ADDRESS              INTERFACE    REMOTE   TUNNEL            
----------------------------------------------------------------------------------------------------
2997   learned      c4:00:ad:fe:0f:83     Port-2/2           false         VSP4450
2997   self            d4:78:56:96:b5:13   Port-cpp           false         -                 
2997   learned      f0:64:26:5f:9c:83     Port-1/1           false         -                

Userlevel 4

yep, good one.

Userlevel 5

None of those VSPs have a vIST configured ? If yes, the I-SIDs must be configured on both vIST peers.

Userlevel 4

-This is the link from the 4450 to my end device right? This is simply an untagged access port in vlan 2997. Not sure of the best command to confirm UNI type though.

 

I assume you configured a platform VLAN and assigned it to the port (CVLAN UNI), but you made sure the ISID numbers are the same for this VLAN 2997 on the VSP7254 and the VSP4450, correct?

 

IS-IS NNI links are up between the VSPs and you have done your fabric configuration properly, correct?

 

Roger

 

 

Also, just to be sure it isn’t the edge device, I confirmed that I can extend another site’s VLAN to it and it works. This site connects to our own fiber so no Q-in-Q, but again, it doesn’t seem like that should matter.

Hi Roger.

*the link between the EX4600 and the VSP7254 is tagged, correct?

-Yes, the link between ex4600 and VSP7254 is tagged.

* VLAN 2997 has a routing interface on the VSP7254 only and not on the VSP4450, correct?

-Yes, the 4450 does not have a layer 3 interface for that VLAN. I did have l3 interface for VLAN 2998 on both which definitely caused that VLAN (2998) to have issues until I fixed it.

*what UNI type are you using on the VSP4450? You are not using transparent UNI, right? (either CVLAN or Flex UNI should work).

-This is the link from the 4450 to my end device right? This is simply an untagged access port in vlan 2997. Not sure of the best command to confirm UNI type though.

* So the QinQ WAN part is not even comming into play in your initial test of pinging the VSP7254 routing interface from the VSP4450, correct?

-Mostly correct. I’m trying to ping the vlan 2997 routing interface on the vsp7254 from an edge device assigned to vlan 2997  that connects to the vsp4450. So, I believe there is no reason Q-in-Q should be a factor in this test, but thought I’d check since I’m fairly new to SPBM & brand new to Q-in-Q.

Userlevel 4

A couple of questions:

  • the link between the EX4600 and the VSP7254 is tagged, correct?
  • what UNI type are you using on the VSP4450? You are not using transparent UNI, right? (either CVLAN or Flex UNI should work).
  • VLAN 2997 has a routing interface on the VSP7254 only and not on the VSP4450, correct?

So the QinQ WAN part is not even comming into play in your initial test of pinging the VSP7254 routing interface from the VSP4450, correct?

Roger

Reply