In the previous article, we shared you an example of configuring double tag translation. This time, we are going to do single tag translation. Single tag translation is about where you map QinQ packets of a customer to a VNI of VxLAN and preserve the service as an inner VLAN inside a VXLAN packet. The customer-facing interface is a QinQ access port with the outer S-tag. The S-tag is then translated to a VXLAN VNI. Single tag translation leverages VLAN-aware Linux bridge mode with the use of the 802.1ad VLAN protocol (the only supported protocol at the time of writing). Hence, it is more scalable.
Note: you need to have Cumulus Linux 3.3.1 at least and QinQ metapackage installed. The steps of doing this is mentioned in the previous article about doing double tag translation.
Network Connectivity
As you can see the above network connectivity, VLAN 40, 50 and 60 are C-Tag. We allow them on trunk port on both Juniper EX2200 and Cisco switch. Port swp3 of both iNET9-CL01 and 02 will be in access mode and map to VLAN 200 which is considered as S-Tag. VLAN 200 will then map to VNI 1000.
Configuration
1. iNET9-CL01 vi /etc/network/interfaces auto swp2 iface swp2 link-speed 10000 address 200.0.0.1/30 auto swp3 iface swp3 link-speed 1000 bridge-access 200 auto vni-1000 iface vni-1000 vxlan-local-tunnelip 200.0.0.1 vxlan-remoteip 200.0.0.2 bridge-access 200 vxlan-id 1000 auto bridge iface bridge bridge-ports swp3 vni-1000 bridge-vlan-aware yes bridge-vlan-protocol 802.1ad Save the interfaces file then do ifreload -a to get interface configuration to take effect. 2. iNET9-CL02 vi /etc/network/interfaces auto swp2 iface swp2 link-speed 10000 address 200.0.0.2/30 auto swp3 iface swp3 link-speed 1000 bridge-access 200 auto vni-1000 iface vni-1000 vxlan-local-tunnelip 200.0.0.2 vxlan-remoteip 200.0.0.1 bridge-access 200 vxlan-id 1000 auto bridge iface bridge bridge-ports swp3 vni-1000 bridge-vlan-aware yes bridge-vlan-protocol 802.1ad Save the interfaces file then do ifreload -a to get interface configuration to take effect. 3. iNET9-EX2200 set vlans VLAN40 vlan-id 40 set vlans VLAN40 l3-interface vlan.40 set vlans VLAN50 vlan-id 50 set vlans VLAN50 l3-interface vlan.50 set vlans VLAN60 vlan-id 60 set vlans VLAN60 l3-interface vlan.60 set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN40 set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN50 set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN60 set interfaces vlan unit 40 family inet address 40.40.40.1/24 set interfaces vlan unit 50 family inet address 50.50.50.1/24 set interfaces vlan unit 60 family inet address 60.60.60.1/24 4. iNET9-Cisco Switch vlan 40 name VLAN40 ! vlan 50 name VLAN50 ! vlan 60 name VLAN60 ! interface GigabitEthernet0/2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 40,50,60 switchport mode trunk ! interface Vlan40 ip address 40.40.40.2 255.255.255.0 ! interface Vlan50 ip address 50.50.50.2 255.255.255.0 ! interface Vlan60 ip address 60.60.60.2 255.255.255.0 !Verification
You can use command net show bridge vlan to verify VLAN mapping. Also, to verify that the bridge is configured for QinQ, run ip -d link show bridge and look for vlan_protocol 802.1ad in the output. Last but not least, we can use ping command to verify reachability between Juniper and Cisco switch for each VLAN.
root@iNET9-EX2200> show interfaces terse vlan Interface Admin Link Proto Local Remote vlan.40 up up inet 40.40.40.1/24 vlan.50 up up inet 50.50.50.1/24 vlan.60 up up inet 60.60.60.1/24
root@iNET9-EX2200> ping 40.40.40.2 PING 40.40.40.2 (40.40.40.2): 56 data bytes 64 bytes from 40.40.40.2: icmp_seq=0 ttl=255 time=4.498 ms 64 bytes from 40.40.40.2: icmp_seq=1 ttl=255 time=3.285 ms 64 bytes from 40.40.40.2: icmp_seq=2 ttl=255 time=2.643 ms 64 bytes from 40.40.40.2: icmp_seq=3 ttl=255 time=3.305 ms 64 bytes from 40.40.40.2: icmp_seq=4 ttl=255 time=2.615 ms 64 bytes from 40.40.40.2: icmp_seq=5 ttl=255 time=2.521 ms ^C — 40.40.40.2 ping statistics — 6 packets transmitted, 6 packets received, 0% packet loss round-trip min/avg/max/stddev = 2.521/3.145/4.498/0.683 ms
root@iNET9-EX2200> ping 50.50.50.2 PING 50.50.50.2 (50.50.50.2): 56 data bytes 64 bytes from 50.50.50.2: icmp_seq=0 ttl=255 time=3.861 ms 64 bytes from 50.50.50.2: icmp_seq=1 ttl=255 time=2.786 ms 64 bytes from 50.50.50.2: icmp_seq=2 ttl=255 time=2.742 ms ^C — 50.50.50.2 ping statistics — 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 2.742/3.130/3.861/0.517 ms
root@iNET9-EX2200> ping 60.60.60.2 PING 60.60.60.2 (60.60.60.2): 56 data bytes 64 bytes from 60.60.60.2: icmp_seq=0 ttl=255 time=3.553 ms 64 bytes from 60.60.60.2: icmp_seq=1 ttl=255 time=2.347 ms 64 bytes from 60.60.60.2: icmp_seq=2 ttl=255 time=3.324 ms 64 bytes from 60.60.60.2: icmp_seq=3 ttl=255 time=2.330 ms ^C — 60.60.60.2 ping statistics — 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/stddev = 2.330/2.889/3.553/0.556 ms
root@iNET9-EX2200> show ethernet-switching table Ethernet-switching table: 9 entries, 3 learned, 0 persistent entries VLAN MAC address Type Age Interfaces VLAN40 * Flood – All-members VLAN40 10:8c:cf:48:89:42 Learn 1:11 ge-0/0/1.0 VLAN40 64:64:9b:10:61:c1 Static – Router VLAN50 * Flood – All-members VLAN50 10:8c:cf:48:89:43 Learn 0 ge-0/0/1.0 VLAN50 64:64:9b:10:61:c1 Static – Router VLAN60 * Flood – All-members VLAN60 10:8c:cf:48:89:44 Learn 0 ge-0/0/1.0 VLAN60 64:64:9b:10:61:c1 Static – Router
root@iNET9-EX2200> show arp MAC Address Address Name Interface Flags 10:8c:cf:48:89:42 40.40.40.2 40.40.40.2 vlan.40 none 10:8c:cf:48:89:43 50.50.50.2 50.50.50.2 vlan.50 none 3c:8a:b0:ac:bb:88 22.0.0.1 22.0.0.1 me0.0 none 10:8c:cf:48:89:44 60.60.60.2 60.60.60.2 vlan.60 none Total entries: 4
One Reply to “Configuring Single Tag Translation on Cumulus Linux”