Supported Platforms
Example: Configuring Layer 2 Protocol Tunneling on EX Series Switches
Layer 2 protocol tunneling (L2PT) allows service providers to send Layer 2 protocol data units (PDUs) across the provider’s cloud and deliver them to EX Series switches that are not part of the local broadcast domain. This feature is useful when you want to run Layer 2 protocols on a network that includes switches located at remote sites that are connected across a service provider network.
 | Note: L2PT and VLAN translation configured with the mapping statement cannot both be configured on the same VLAN. However, L2PT can be configured on one VLAN on a switch while VLAN translation can be configured on a different VLAN that has no L2PT. |
This example describes how to configure L2PT:
Requirements
This example uses the following hardware and software components:
- Six EX Series switches, with three each at two customer sites, with one of the switches at each site designated as the provider edge (PE) device
- Junos OS Release 10.0 or later for EX Series switches
Overview and Topology
L2PT allows you to send Layer 2 PDUs across a service provider network and deliver them to EX Series switches that are not part of the local broadcast domain.
Figure 1 shows a customer network that includes two sites that are connected across a service provider network. Site 1 contains three switches connected in a Layer 2 network, with Switch A designated as a provider edge (PE) device in the service provider network. Site 2 contains a Layer 2 network with a similar topology to that of Site 1, with Switch D designated as a PE device.
Figure 1: L2PT Topology
When you enable L2PT on a VLAN, Q-in-Q tunneling is also (and must be) enabled. Q-in-Q tunneling ensures that Switches A, B, C, D, E, and F are part of the same broadcast domain.
This example uses STP as the Layer 2 protocol being tunneled, but you could substitute any of the supported protocols for STP. You can also use the all keyword to enable L2PT for all supported Layer 2 protocols.
Tunneled Layer 2 PDUs do not normally arrive at a high rate. If the tunneled Layer 2 PDUs do arrive at a high rate, there might be a problem in the network. Typically, you would want to shut down the interface that is receiving a high rate of tunneled Layer 2 PDUs so that the problem can be isolated. Alternately, if you do not want to completely shut down the interface, you can configure the switch to drop tunneled Layer 2 PDUs that exceed a certain threshold.
The drop-theshold configuration statement allows you to specify the maximum number of Layer 2 PDUs of the specified protocol that can be received per second on the interfaces in a specified VLAN before the switch begins dropping the Layer 2 PDUs. The drop threshold must be less than or equal to the shutdown threshold. If the drop threshold is greater than the shutdown threshold and you try to commit the configuration, the commit will fail.
The shutdown-threshold configuration statement allows you to specify the maximum number of Layer 2 PDUs of the specified protocol that can be received per second on the interfaces in a specified VLAN before the specified interface is disabled. The shutdown threshold must be greater than or equal to the drop threshold. You can specify a drop threshold without specifying a shutdown threshold, and you can specify a shutdown threshold without specifying a drop threshold. If you do not specify these thresholds, then no thresholds are enforced. As a result, the switch tunnels all Layer 2 PDUs regardless of the speed at which they are received, although the number of packets tunneled per second might be limited by other factors.
In this example, we will configure both a drop threshold and a shutdown threshold to show how this is done.
If L2PT-encapsulated packets are received on an access interface, the switch reacts as it does when there is a loop between the service provider network and the customer network and shuts down (disables) the access interface.
Once an interface is disabled, you must explicitly reenable it using the clear ethernet-switching layer2-protocol-tunneling error command or else the interface will remain disabled.
Configuration
To configure L2PT, perform these tasks:
CLI Quick Configuration
To quickly configure L2PT, copy the following commands and paste them into the switch terminal window of each PE device (in Figure 1, Switch A and Switch D are the PE devices):
[edit]
set vlans customer-1 dot1q-tunneling
set vlans customer-1 dot1q-tunneling
layer2-protocol-tunneling stp
set vlans customer-1 dot1q-tunneling layer2-protocol-tunneling stp
drop-threshold 50
set vlans
customer-1 dot1q-tunneling layer2-protocol-tunneling stp shutdown-threshold
100Step-by-Step Procedure
To configure L2PT, perform these tasks on each PE device (in Figure 1, Switch A and Switch D are the PE devices):
- Enable Q-in-Q tunneling on VLAN customer-1:
[edit]
user@switch# set vlans customer-1 dot1q-tunneling - Enable L2PT for STP on VLAN customer-1:
[edit]
user@switch# set vlans customer-1 dot1q-tunneling layer2-protocol-tunneling stp - Configure the drop threshold as 50:
[edit]
user@switch# set vlans customer-1 dot1q-tunneling layer2–protocol-tunneling stp drop-threshold 50 - Configure the shutdown threshold as 100:
[edit]
user@switch# set vlans customer-1 dot1q-tunneling layer2–protocol-tunneling stp shutdown-threshold 100
Results
Check the results of the configuration:
Verification
To verify that L2PT is working correctly, perform this task:
Verify That L2PT Is Working Correctly
Purpose
Verify that Q-in-Q tunneling and L2PT are enabled.
Action
Check to see that Q-in-Q tunneling and L2PT are enabled on each PE device (Switch A and Switch D are the PE devices):
user@switchA> show vlans extensive customer-1VLAN: customer–1, Created at: Thu Jun 25 05:07:38 2009
802.1Q Tag: 100, Internal index: 4, Admin State: Enabled, Origin: Static
Dot1q Tunneling status: Enabled
Layer2 Protocol Tunneling status: Enabled
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged 3 (Active = 0)
ge-0/0/7.0, untagged, access
ge-0/0/8.0, untagged, access
ge-0/0/9.0, untagged, access
Check to see that L2PT is tunneling STP on VLAN customer-1 and that drop-threshold and shutdown-threshold have been configured:
user@switchA> show ethernet-switching layer2-protocol-tunneling vlan customer-1Layer2 Protocol Tunneling VLAN information:
VLAN Protocol Drop Shutdown
Threshold Threshold
customer–1 stp 50 100
Check the state of the interfaces on which L2PT has been enabled, including what kind of operation (encapsulation or decapsulation) they are performing:
Layer2 Protocol Tunneling information: Interface Operation State Description ge-0/0/0.0 Encapsulation Shutdown Shutdown threshold exceeded ge-0/0/1.0 Decapsulation Shutdown Loop detected ge-0/0/2.0 Decapsulation Active
Meaning
The show vlans extensive customer-1 command shows that Q-in-Q tunneling and L2PT have been enabled. The show ethernet-switching layer2-protocol-tunneling vlan customer-1 command shows that L2PT is tunneling STP on VLAN customer-1,the drop threshold is set to 50, and the shutdown threshold is set to 100. The show ethernet-switching layer2-protocol-tunneling interface command shows the type of operation being performed on each interface, the state of each interface and, if the state is Shutdown, the reason why the interface is shut down.
