For providing Layer 2 VPN services across your network,
you might want to configure the ability to push, pop or swap 802.1Q
tags on frames entering and leaving edge routers, allowing you to
use a single VLAN-circuit cross-connect (CCC) [VLAN-CCC] logical interface
to handle both dual-tag and single-tag packets. This feature thus
provides interoperability between Layer 2 services with a distinct
VLAN at the local or remote end or in instances where a Layer 2 service
comes with a certain VLAN, but the remote peer has a different VLAN
or no VLAN.
This feature includes the ability to enable passthrough of certain
Ethertype/DMAC-matched frames over the Layer 2 circuit after successful
VLAN tag operations on the VLAN CCC logical interface.
If you configure this feature, VLAN tags are applied when traffic
is sent to and from the Layer 2 circuit interface. The pop, push,
and swap operations are performed only on the outer tag. The pop VLAN
tag removes the VLAN tag from the top of the VLAN tag stack. The push
VLAN tag adds a new outer VLAN tag, and the swap VLAN tag replaces
the existing outer VLAN tag with the new VLAN tag.
You can configure inet, inet6, or VLAN-CCC connections on a
single Ethernet network interface or an aggregated Ethernet interface,
enabling you to set different forwarding rules for tagged and untagged
traffic on the same interface. For example, you can forward tagged
packets over the Layer 2 circuit and route untagged traffic in native
VLAN mode.
Note: Limitations for this feature on PTX routers are:
VLAN operations on STP and CDP packets are not supported.
You can’t configure the VLAN-CCC logical interface
with the native VLAN ID.
LACP point-to-point connections between PE routers do
not work if you configure l2circuit-control-passthrough. (Static LAG works, however.)
To configure a PE router with a VLAN CCC, an MPLS-based Layer
2 circuit, VLAN pop, push, and swap operations, and enabling passthrough
of certain Ethertype/DMAC-matched frames:
Note: The following procedure uses actual interface names for
the router’s network interfaces instead of the variable interface-name so that you can quickly see their configuration
differences. Remember that you can also configure the feature on aggregated
Ethernet interfaces.
- Configure OSPF on the loopback (or router address) and core
interface:
Note: The routing protocol can be OSPF or IS-IS.
[edit]
user@host# set protocols ospf area 0.0.0.0 interface lo0.0 passive
user@host# set protocols ospf area 0.0.0.0 interface et-0/0/0:0
- Enable traffic engineering for the routing protocol:
[edit]
user@host# set protocols ospf traffic-engineering
- Configure an IP address for the loopback interface and
for the core interface:
[edit]
user@host# set interfaces lo0 unit logical-unit-number family inet address address
user@host# set interfaces et-0/0/0:0 unit 0 family inet address address
- Configure the customer edge interface as a Layer 2 circuit from
the local PE router to the other PE router:
Tip: Use the router address of the other router as the neighbor
address. It is the virtual circuit identifier together with the neighbor
address that provides the unique address for the circuit.
[edit]
user@host# set protocols l2circuit neighbor address interface et-0/0/1:1.0 virtual-circuit-id identifier
- Configure MPLS on the core interfaces:
[edit]
user@host# set protocols mpls interface all
- Configure LDP on the loopback interface and the core interfaces:
[edit]
user@host# set ldp interface lo0.0
user@host# set ldp interface et-0/0/0.0
user@host# set ldp interface all
- Configure
family mpls on the logical unit of
the core interface:[edit]
user@host# set interfaces et-0/0/0:0 unit 0 family mpls
Note: You can enable family mpls on either individual interfaces,
aggregated Ethernet interfaces, or tagged VLAN interfaces.
- Specify the router ID:
[edit]
user@host# set routing-options router-id address
- Enable VLAN tagging on the customer edge interface of
the local PE router:
[edit]
user@host# set interfaces et-0/0/1:1 vlan-tagging
- Configure the customer edge interface to use flexible
Ethernet services encapsulation:
[edit]
user@host# set interfaces et-0/0/1:1 encapsulation flexible-ethernet-services
- Configure the logical unit of the customer edge interface
with a VLAN ID:
[edit]
user@host# set interfaces et-0/0/1:1 unit 0 vlan-id vlan-id
- Configure the logical unit on the customer edge interface
to use VLAN CCC encapsulation:
[edit]
user@host# set interfaces et-0/0/1:1 unit 0 encapsulation vlan-ccc
- Configure the logical unit on the customer edge interface
to pop the tag off the input VLAN and then push the tag to the output
VLAN:
[edit]
user@host# set interfaces et-0/0/1:1 unit 0 input-vlan-map push
[edit]
user@host# set interfaces et-0/0/1:1 unit 0 output-vlan-map pop
- (Optional) Configure Layer 2 circuit traceoptions:
[edit]
user@host# set protocols l2circuit traceoptions file l2ckt.log
user@host# set protocols l2circuit traceoptions flag connections detail
- (Optional) Configure the VLAN CCC logical interface so that
encapsulation mismatches and MTU mismatches between this interface
and the interface on the other PE router are ignored:
[edit]
user@host# set protocolsl2circuit neighbor address interface et-0/0/1:1.0 ignore-encapsulation-mismatch
user@host# set protocolsl2circuit neighbor address interface et-0/0/1:1.0 ignore-mtu-mismatch
- To enable passthrough of certain Ethertype/DMAC-matched
frames, configure Layer 2 circuit control passthrough:
[edit]
user@host# set forwarding-options l2circuit-control-passthrough
