Supported Platforms
Understanding Layer 2 Protocol Tunneling on EX Series Switches
Layer 2 protocol tunneling (L2PT) allows service providers to send Layer 2 protocol data units (PDUs) across the provider’s cloud and deliver them to Juniper Networks EX Series Ethernet Switches that are not part of the local broadcast domain. This feature is useful when you want to run Layer 2 protocols on a network that includes switches located at remote sites that are connected across a service provider network.
This topic includes:
Layer 2 Protocols Supported by L2PT on EX Series Switches
L2PT on EX Series switches supports the following Layer 2 protocols:
- 802.1X authentication
- 802.3ah Operation, Administration, and Maintenance (OAM)
link fault management (LFM)
Note: If you enable L2PT for untagged OAM LFM (Operation, Administration, and Maintenance of link fault management) packets, do not configure link fault management (LFM) on the corresponding access interface.
- Cisco Discovery Protocol (CDP)
- Ethernet local management interface (E-LMI)
- MVRP VLAN Registration Protocol (MVRP)
- Link Aggregation Control Protocol (LACP)
Note: If you enable L2PT for untagged LACP packets, do not configure Link Aggregation Control Protocol (LACP) on the corresponding access interface.
- Link Layer Discovery Protocol (LLDP)
- Multiple MAC Registration Protocol (MMRP)
- Multiple VLAN Registration Protocol (MVRP)
- Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP)
- Unidirectional Link Detection (UDLD)
- VLAN Spanning Tree Protocol (VSTP)
- VLAN Trunking Protocol (VTP)
| Note: CDP, UDLD, and VTP cannot be configured on EX Series switches. L2PT does, however, tunnel CDP, UDLD, and VTP PDUs. |
How L2PT Works
L2PT works by encapsulating Layer 2 PDUs, tunneling them across a service provider network, and decapsulating them for delivery to their destination switches. L2PT encapsulates Layer 2 PDUs by enabling the ingress provider edge (PE) device to rewrite the PDUs’ destination media access control (MAC) addresses before forwarding them onto the service provider network. The devices in the service provider network treat these encapsulated PDUs as multicast Ethernet packets. Upon receipt of these PDUs, the egress PE devices decapsulate them by replacing the destination MAC addresses with the address of the Layer 2 protocol that is being tunneled before forwarding the PDUs to their destination switches. This process is illustrated in Figure 1.
Figure 1: L2PT Example
L2PT supports tunneling of STP, LLDP, CDP and VTP control PDUs across the service provider network. The PE device identifies the Layer 2 control protocols by their encapsulated MAC address. The destination MAC address used by different protocols is listed in Table 1:
Table 1: Protocol Destination MAC Addresses
Protocol | Ethernet Encapsulation | MAC Address |
|---|---|---|
802.1X | Ether-II | 01:80:C2:00:00:03 |
802.3ah | Ether-II | 01:80:C2:00:00:02 |
Cisco Discovery Protocol (CDP) | SNAP | 01:00:0C:CC:CC:CC |
Ethernet local management interface (E-LMI) | Ether-II | 01:80:C2:00:00:07 |
MVRP VLAN Registration Protocol (MVRP) | Ether-II | 01:80C2:00:00:21 |
Link Aggregation Control Protocol (LACP) | Ether-II | 01:80:C2:00:00:02 |
Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP) | SNAP | 01:80:C2:00:00:21 |
Link Layer Discovery Protocol (LLDP) | Ether-II | 01:80:0C:00:00:0E |
Multiple MAC Registration Protocol (MMRP) | Ether-II | 01:80:C2:00:00:OE |
Unidirectional Link Detection (UDLD) | SNAP | 01:00:0C:CC:CC:CC |
VLAN Spanning Tree Protocol (VSTP) | SNAP | 01:00:0C:CC:CC:CD |
VLAN Trunking Protocol (VTP) | SNAP | 01:00:0C:CC:CC:CC |
When a PE device receives a Layer 2 control PDU from any of the customer PE devices, it changes the destination MAC address to 01:00:0C:CD:CD:D0. The modified packet is then sent to the provider network. All devices on the provider network treat these packets as multicast Ethernet packets and deliver them to all PE devices for the customer. The egress PE devices receive all the control PDUs with the same MAC address (01:00:0C:CD:CD:D0). Then they identify the packet type by doing deeper packet inspection and replace the destination MAC address 01:00:0C:CD:CD:D0 with the appropriate destination address. The modified PDUs are sent out to the customer PE devices, thus ensuring the Layer 2 control PDUs are delivered, in their original state, across the provider network. The L2PT protocol is valid for all types of packets (untagged, tagged, and Q-in-Q tagged).
L2PT Basics on EX Series Switches
L2PT is enabled on a per-VLAN basis. When you enable L2PT on a VLAN, all access interfaces are considered to be customer-facing interfaces, all trunk interfaces are considered to be service provider network-facing interfaces, and the specified Layer 2 protocol is disabled on the access interfaces. L2PT only acts on logical interfaces of the family ethernet-switching. L2PT PDUs are flooded to all trunk and access ports within a given S-VLAN.
| Note: Access interfaces in an L2PT-enabled VLAN should not receive L2PT-tunneled PDUs. If an access interface does receive L2PT-tunneled PDUs, it might mean that there is a loop in the network. As a result, the interface will be shut down. |
L2PT is configured under the [edit vlans vlan-name dot1q-tunneling] hierarchy level, meaning Q-in-Q tunneling is (and must be) enabled. If L2PT is not enabled, Layer 2 PDUs are handled in the same way they were handled before L2PT was enabled.
| Note: If the switch receives untagged or priority-tagged Layer 2 control PDUs to be tunneled, then you must configure the switch to map untagged and priority-tagged packets to an L2PT-enabled VLAN. For more information on assigning untagged and priority-tagged packets to VLANs, see Understanding Q-in-Q Tunneling on EX Series Switches and Configuring Q-in-Q Tunneling (CLI Procedure). |
