Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Examples: Tunneling Q-in-Q Traffic in an EVPN-VXLAN Overlay Network

The tunneling of Q-in-Q packets in an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) overlay network is supported as follows:

  • Starting with Junos OS Release 17.2R1, QFX5100 switches that function as Layer 2 VXLAN tunnel endpoints (VTEPs) can tunnel single- and double-tagged Q-in-Q packets in an EVPN-VXLAN bridged overlay or centrally-routed bridging (CRB) overlay (EVPN-VXLAN network with a two-layer IP fabric).

  • Starting with Junos OS Release 18.2R1, QFX5110, QFX5200, and EX4600 switches that function as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets in a bridged overlay or CRB overlay.

  • Starting with Junos OS Release 18.3R1, QFX10002 (except QFX10002-60C), QFX10008, and QFX10016 switches that function as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets using service-provider style interface configuration in a bridged overlay or CRB overlay.

  • QFX5120 switches that function as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets in a bridged overlay or CRB overlay as follows:

    • QFX5120-48Y: Starting in Junos OS Release 18.4R2

    • QFX5120-32C: Starting in Junos OS Release 19.1R1

    • QFX5120-48T: Starting in Junos OS Release 20.2R1

    • QFX5120-48YM: Starting in Junos OS Release 20.2R1

  • Starting with Junos OS Evolved Release 21.2R1, QFX5130-32CD switches operating as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets using the service-provider style interface configuration in an edge-routed bridging (ERB) overlay.

  • Starting with Junos OS Evolved Release 21.3R1, PTX10001-36MR, PTX10004, PTX10008, and PTX10016 routers operating as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets using the service-provider style interface configuration.

  • Starting with Junos OS Evolved Release 22.1R1, ACX7100 routers operating as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets using the service-provider style interface configuration.

Note:

Please refer to Feature Explorer for a complete list of the products that support this feature.

In addition to tunneling Q-in-Q packets, the ingress and egress VTEPs can perform the following Q-in-Q actions:

  • Delete, or pop, an outer service VLAN (S-VLAN) tag from an incoming packet.

  • Add, or push, an outer S-VLAN tag onto an outgoing packet.

  • Map a configured range of customer VLAN (C-VLAN) IDs to an S-VLAN.

    Note:

    The QFX Series and EX4600 switches support the pop and push actions only with a specified VLAN. The switches do not support the pop and push actions with a configured range of VLANs.

The ingress and egress VTEPs support the tunneling of Q-in-Q packets and the Q-in-Q actions in the context of the traffic patterns described in this topic. Support on EX4600, QFX5100, QFX5110, QFX5200, and QFX5120 switches is limited to these traffic patterns. Other platforms that support this feature can also handle other Q-in-Q traffic patterns.

Note:

This topic describes and shows how to configure the VXLAN tunneling of Q-in-Q packets for each traffic pattern. One or more of the traffic patterns might apply to your environment. Perform only those configurations that apply to your environment.

The ingress and egress VTEPs can also map a single- or double-tagged packet to a specified VLAN or to any VLAN specified in a configured list, and further map the VLAN to a VXLAN network identifier (VNI).

To enable the tunneling of Q-in-Q packets, you must configure a flexible VLAN tagging interface that can transmit 802.1Q VLAN single- and double-tagged packets on ingress and egress VTEPs.

Also, Q-in-Q packets must retain the inner C-VLAN tag while tunneling between ingress and egress VTEPs. Therefore, on each VTEP:

  • You need to include the encapsulate-inner-vlan configuration statement at the [edit vlans vlan-name vxlan] hierarchy level, which retains the inner tag during packet encapsulation.

    Note:

    Starting in Junos OS release 23.2R2, you cannot configure the encapsulate-inner-vlan statement in an EVPN MAC-VRF routing instance if the vlan has an IRB interface associated with it.

    Note:

    Preserving the original VLAN tag is implicit with VLAN bundle services. As a result, in an EVPN-VXLAN environment, you don't need to configure the encapsulate-inner-vlan option with EVPN MAC-VRF instances that use the vlan-bundle service type. Explicitly configure this option with other service types.

  • On most platforms you also need to configure the decapsulate-accept-inner-vlan statement at the [edit protocols l2-learning] hierarchy level, which retains the inner tag during packet de-encapsulation.

    You don't need to configure the decapsulate-accept-inner-vlan option with the following devices:

    • QFX10002, QFX10008, or QFX10016 switches.

    • ACX7100 routers.

      These routers don't drop the tagged packets, and can process the packets whether you configure the decapsulate-accept-inner-vlan option or not.

Requirements

These examples use the following hardware and software components:

  • Two QFX5100 switches. One switch functions as the ingress VTEP; and the other as the egress VTEP.

  • Junos OS Release 17.2R1 or later.

Overview and Topology

This section describes the traffic patterns in which the VXLAN tunneling of Q-in-Q traffic is supported in a EVPN-VXLAN overlay network.

This topic describes and shows how to configure the VXLAN tunneling of Q-in-Q packets for each traffic pattern. One or more of the traffic patterns might apply to your environment. Perform only those configurations that apply to your environment.

The example configurations for these use cases include service provider style interface configuration with encapsulation extended-vlan-bridge at the set interfaces interface-name hierarchy level.

Note:

PTX10001-36MR, PTX10004, PTX10008, PTX10016, QFX10002-32Q, QFX10002-72Q, QFX10008, and QFX10016 devices support Q-in-Q tunneling using only service-provider style interface configurations. QFX10002-60C switches don't support service provider style interface configuration, so they don't support Q-in-Q tunneling.

Note:

On ACX7100 routers, you can alternatively use the flexible Ethernet services encapsulation type (encapsulation flexible-ethernet-services) in these examples if you need to enable the physical interface to support both service provider style and enterprise style interface configurations. See Flexible Ethernet Services Encapsulation for more on either of these encapsulation options.

Understanding Traffic Pattern 1: Popping an S-VLAN Tag

Figure 1 shows Q-in-Q traffic flowing from one dispersed C-VLAN 200 site to another by way of S-VLAN 100.

Figure 1: Popping an S-VLAN TagPopping an S-VLAN Tag

When a packet flows from C-VLAN 200 to S-VLAN 100 to C-VLAN 200, the ingress VTEP:

  • Receives a packet with two tags—an inner C-VLAN tag of 200 and an outer S-VLAN tag of 100.

  • Takes note of S-VLAN tag 100, which is mapped to VNI 1001, and then pops the tag.

  • Encapsulates the packet with a VXLAN header that includes VNI 1001, and sends the packet with inner C-VLAN tag 200 and the VXLAN header.

After the packet is tunneled over the Layer 3 underlay network, the egress VTEP:

  • Removes the VXLAN header from the packet.

  • Maps VNI 1001 back to S-VLAN 100.

  • Sends the packet with C-VLAN tag 200.

Understanding Traffic Pattern 2: Mapping a Range of C-VLANs to an S-VLAN, and Pushing an S-VLAN Tag

Figure 2 shows Q-in-Q traffic flowing from one dispersed C-VLAN 200 site to another by way of S-VLAN 100.

Figure 2: Mapping a Range of C-VLANs to an S-VLANMapping a Range of C-VLANs to an S-VLAN

When a single-tagged packet flows from C-VLAN 200 to S-VLAN 100 to C-VLAN 200, the ingress VTEP:

  • Receives a packet with a C-VLAN tag of 200.

  • Takes note of C-VLAN tag 200, which is in a configured VLAN ID range 100 through 200 that is mapped to S-VLAN 100 and VNI 1001.

  • Encapsulates the packet with a VXLAN header that includes VNI 1001 and sends the packet with C-VLAN tag 200 and VNI 1001.

After the packet is tunneled over the Layer 3 underlay network, the egress VTEP:

  • De-encapsulates the packet.

  • Maps the packet to S-VLAN 100 through its association with VNI 1001.

  • Pushes S-VLAN tag 100 on the packet, and sends the packet with inner C-VLAN tag 200 and outer S-VLAN tag 100.

Understanding Traffic Pattern 3: Retaining S-VLAN and C-VLAN Tags

Figure 3 shows the following Q-in-Q traffic flows:

  • Double-tagged packets from C-VLAN 200 to S-VLAN 100 to C-VLAN 200.

  • Single-tagged packets from C-VLAN 201 to S-VLAN 201 to C-VLAN 201.

Figure 3: Retaining S-VLAN and C-VLAN TagsRetaining S-VLAN and C-VLAN Tags

When a packet flows from either C-VLAN 200 or C-VLAN 201, the ingress VTEP:

  • Receives a packet—either a double-tagged packet with an inner C-VLAN tag of 200 and an outer S-VLAN tag of 100 or a single-tagged packet with a C-VLAN tag of 201.

  • Takes note of outer S-VLAN tag 100, which is mapped to VNI 1001, for the double-tagged packet. For the single-tagged packet, the ingress VTEP takes note of C-VLAN tag 201, which is mapped to VNI 1002.

  • Encapsulates the packet with a VXLAN header that includes VNI 1001 for the double-tagged packet and VNI 1002 for the single-tagged packet. In addition to the VXLAN header, the ingress VTEP sends the double-tagged packet with inner C-VLAN tag 200 and outer S-VLAN tag 100, and the single-tagged packet with C-VLAN tag 201.

After the packet is tunneled over the Layer 3 underlay network, the egress VTEP:

  • Removes the VXLAN header from the packet.

  • For the double-tagged packet, maps VNI 1001 back to S-VLAN 100, and for the single-tagged packet, maps VNI 1002 back to C-VLAN 201.

  • Sends the double-tagged packet with inner C-VLAN tag 200 and outer S-VLAN tag 100 and the single-tagged packet with C-VLAN tag 201.

Understanding Traffic Pattern 4: Popping and Later Pushing an S-VLAN Tag

Figure 4 shows Q-in-Q traffic flowing from one dispersed C-VLAN 200 site to another by way of S-VLAN 100.

Figure 4: Popping and Later Pushing an S-VLAN TagPopping and Later Pushing an S-VLAN Tag

When a packet flows from C-VLAN 200 to S-VLAN 100 to C-VLAN 200, the ingress VTEP:

  • Receives a packet with two tags—an inner C-VLAN tag of 200 and an outer S-VLAN tag of 100.

  • Takes note of S-VLAN tag 100, which is mapped to VNI 1001, then pops the tag.

  • Encapsulates the packet with a VXLAN header that includes VNI 1001 and sends the packet with inner C-VLAN tag 200 and the VXLAN header.

After the packet is tunneled over the Layer 3 underlay network, the egress VTEP:

  • De-encapsulates the packet.

  • Maps the packet back to S-VLAN 100 through its association with VNI 1001.

  • Pushes S-VLAN tag 100 on the packet, and sends the packet with inner C-VLAN tag 200 and outer S-VLAN tag 100.

Configuring Traffic Pattern 1: Popping an S-VLAN Tag

Requirements

Introduction

For this traffic pattern, the ingress and egress VTEPs in an EVPN-VXLAN overlay network must handle double-tagged Q-in-Q traffic. The ingress VTEP retains the inner C-VLAN tag and removes, or pops, the outer S-VLAN tag. The egress VTEP also retains the inner C-VLAN tag but does not reinstate the outer S-VLAN tag.

Note:

QFX Series and EX4600 switches support this traffic pattern on both aggregated Ethernet and non-aggregated Ethernet interfaces.

Note:

This configuration focuses on traffic pattern 1 only. It does not provide the configuration for EVPN and all aspects of VXLAN. For a more comprehensive EVPN-VXLAN configuration for a centrally-routed bridging overlay, see Example: Configure an EVPN-VXLAN Centrally-Routed Bridging Fabric.

Ingress VTEP Configuration for Traffic Pattern 1

CLI Quick Configuration

To quickly configure the ingress VTEP, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Note:

To configure QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers to retain the inner C-VLAN tag while tunneling Q-in-Q packets, you must include the encapsulate-inner-vlan configuration statement at the [edit vlans vlan-name vxlan] hierarchy level (for service types other than VLAN bundle). You do not need to include the decapsulate-accept-inner-vlan configuration statement at the [edit protocols l2-learning] hierarchy level.

Procedure

Step-by-Step Procedure

To configure the ingress VTEP for traffic pattern 1:

  1. On all supported Juniper Networks switches except QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers, configure the VTEP to retain the inner C-VLAN tag while de-encapsulating a packet.

    Note:

    To support the tunneling of Q-in-Q packets, you must configure both ingress and egress VTEP to retain the inner C-VLAN tag while de-encapsulating a packet.

  2. Configure the physical interface to support the simultaneous transmission of 802.1Q VLAN single-tagged and double-tagged packets on its logical interfaces and to accept packets carrying Tag Protocol Identifier (TPID) 0x8100.

  3. On physical interface xe-0/0/0, create logical interface 100, and associate it with S-VLAN 100. Also, assuming that the ingress VTEP receives a double-tagged packet as described in this traffic pattern, specify that the outer S-VLAN tag is popped on incoming packets.

    Note:

    If you include the pop configuration statement at the [edit interfaces unit input-vlan-map] hierarchy level, you must also include the push or swap-push configuration statement at the [edit interfaces unit output-vlan-map] hierarchy level to prevent an error when committing the configuration.

  4. Create a VLAN named vlan_1, and map it to logical interface xe-0/0/0.100 and VNI 1001. Also specify that the logical interface retains the inner C-VLAN tag while encapsulating a packet.

    Note:

    Preserving the original VLAN tag is implicit with VLAN bundle services. As a result, in an EVPN-VXLAN environment, you don't need to configure this option with EVPN MAC-VRF instance vlan-bundle service type configurations. Explicitly configure this option with other service types.

Egress VTEP Configuration for Traffic Pattern 1

CLI Quick Configuration

To quickly configure the egress VTEP, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Note:

To configure QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers to retain the inner C-VLAN tag while tunneling Q-in-Q packets, you must include the encapsulate-inner-vlan configuration statement at the [edit vlans vlan-name vxlan] hierarchy level (for service types other than VLAN bundle). You do not need to include the decapsulate-accept-inner-vlan configuration statement at the [edit protocols l2-learning] hierarchy level.

Procedure

Step-by-Step Procedure

To configure the egress VTEP for traffic pattern 1:

  1. On all Juniper Networks devices except QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers, configure the VTEP to retain the inner VLAN tag while de-encapsulating a packet.

  2. Configure the physical interface to support the simultaneous transmission of 802.1Q VLAN single-tagged and double-tagged packets on its logical interfaces and to accept packets carrying TPID 0x8100. Also, configure logical interface 100, and associate it with VLAN 100.

  3. Create a VLAN named vlan_1, and map it to logical interface xe-0/0/0.100 and VNI 1001. Also specify that the logical interface retains the inner C-VLAN tag while encapsulating a packet.

    Note:

    Preserving the original VLAN tag is implicit with VLAN bundle services. As a result, in an EVPN-VXLAN environment, you don't need to configure this option with EVPN MAC-VRF instance vlan-bundle service type configurations. Explicitly configure this option with other service types.

    Note:

    To support the tunneling of Q-in-Q packets, you must configure both ingress and egress VTEPs to retain the inner C-VLAN tag while encapsulating a packet.

Configuring Traffic Pattern 2: Mapping a Range of C-VLANs to an S-VLAN, and Pushing an S-VLAN Tag

Requirements

Introduction

For this traffic pattern, the ingress VTEP in an EVPN-VXLAN overlay network receives a packet tagged with a C-VLAN ID, one of which is included in a configured range of C-VLAN IDs that are mapped to a particular S-VLAN. After the packet is tunneled over the Layer 3 network, the egress VTEP retains the C-VLAN tag and pushes an outer tag for that particular S-VLAN on the packet.

Note:

QFX10002, QFX10008, and QFX10016 switches support this traffic pattern on aggregated Ethernet and non-aggregated Ethernet interfaces. The remaining QFX Series and EX4600 switches support this traffic pattern only on non-aggregated Ethernet interfaces.

Note:

QFX Series and EX4600 switches do not support the pop and push actions with a configured range of VLANs.

Ingress VTEP Configuration for Traffic Pattern 2

Note:

This configuration focuses on traffic pattern 2 only. It does not provide the configuration for EVPN and all aspects of VXLAN. For a more comprehensive EVPN-VXLAN configuration for a centrally-routed bridging overlay, see Example: Configure an EVPN-VXLAN Centrally-Routed Bridging Fabric.

CLI Quick Configuration

To quickly configure the ingress VTEP, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Note:

To configure QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers to retain the inner C-VLAN tag while tunneling Q-in-Q packets, you must include the encapsulate-inner-vlan configuration statement at the [edit vlans vlan-name vxlan] hierarchy level (for service types other than VLAN bundle). You do not need to include the decapsulate-accept-inner-vlan configuration statement at the [edit protocols l2-learning] hierarchy level.

Procedure

Step-by-Step Procedure

To configure the ingress VTEP for traffic pattern 2:

  1. On all supported Juniper Networks switches except QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers, configure the VTEP to retain the inner VLAN tag while de-encapsulating a packet.

    Note:

    To support the tunneling of Q-in-Q packets, you must configure both ingress and egress VTEPs to retain the inner C-VLAN tag while de-encapsulating a packet.

  2. Configure the physical interface to support the simultaneous transmission of 802.1Q VLAN single-tagged and double-tagged packets on its logical interfaces and to accept packets carrying TPID 0x8100. Also, for the physical interface, configure logical interface 100 and map it to C-VLANs 100 through 200.

  3. Create a VLAN named vlan_range1, and map it to logical interface 100 and VNI 1001. Also specify that the logical interface retains the inner VLAN tag while encapsulating a packet.

    Note:

    Preserving the original VLAN tag is implicit with VLAN bundle services. As a result, in an EVPN-VXLAN environment, you don't need to configure this option with EVPN MAC-VRF instance vlan-bundle service type configurations. Explicitly configure this option with other service types.

Egress VTEP Configuration for Traffic Pattern 2

CLI Quick Configuration

To quickly configure the egress VTEP, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Note:

To configure QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers to retain the inner C-VLAN tag while tunneling Q-in-Q packets, you must include only the encapsulate-inner-vlan configuration statement at the [edit vlans vlan-name vxlan] hierarchy level (for service types other than VLAN bundle). You do not need to include the decapsulate-accept-inner-vlan configuration statement at the [edit protocols l2-learning] hierarchy level.

Procedure

Step-by-Step Procedure

To configure the egress VTEP for traffic pattern 2:

  1. On all supported Juniper Networks switches except QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers, configure the VTEP to retain the inner VLAN tag while de-encapsulating a packet.

  2. Configure the physical interface to support the simultaneous transmission of 802.1Q VLAN single-tagged and double-tagged packets on its logical interfaces and to accept packets carrying TPID 0x8100.

  3. Create logical interface 100, and associate it with S-VLAN 100. Also, specify that when logical interface 100 receives a packet without an outer S-VLAN tag, the interface pushes outer S-VLAN tag 100 on the outgoing packet.

    Note:

    If you include the push configuration statement at the [edit interfaces unit output-vlan-map] hierarchy level, you must also include the pop configuration statement at the [edit interfaces unit input-vlan-map] hierarchy level to prevent an error when committing the configuration.

  4. Create a VLAN named v100, and map it to logical interface 100 and VNI 1001. Also specify that the logical interface retains the inner VLAN tag while encapsulating a packet.

    Note:

    Preserving the original VLAN tag is implicit with VLAN bundle services. As a result, in an EVPN-VXLAN environment, you don't need to configure this option with EVPN MAC-VRF instance vlan-bundle service type configurations. Explicitly configure this option with other service types.

    Note:

    To support the tunneling of Q-in-Q packets, you must configure both ingress and egress VTEPs to retain the inner C-VLAN tag while encapsulating a packet.

Configuring Traffic Pattern 3: Retaining S-VLAN and C-VLAN Tags

Requirements

Introduction

For this traffic pattern, the ingress and egress VTEPs in an EVPN-VXLAN overlay network must handle Q-in-Q data packets that are single- or double-tagged. For both single- and double-tagged packets, the ingress and egress VTEPs encapsulate and de-encapsulate the packets without making any changes to the tag(s).

Note:

QFX Series and EX4600 switches support this traffic pattern on both aggregated Ethernet and non-aggregated Ethernet interfaces.

Ingress and Egress VTEP Configuration for Traffic Pattern 3

Note:

This configuration focuses on traffic pattern 3 only. It does not provide the configuration for EVPN and all aspects of VXLAN. For a more comprehensive EVPN-VXLAN configuration for a centrally-routed bridging overlay, see Example: Configure an EVPN-VXLAN Centrally-Routed Bridging Fabric.

CLI Quick Configuration

To quickly configure the ingress and egress VTEPs, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Note:

To configure QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers to retain the inner C-VLAN tag while tunneling Q-in-Q packets, you must include only the encapsulate-inner-vlan configuration statement at the [edit vlans vlan-name vxlan] hierarchy level (for service types other than VLAN bundle). You do not need to include the decapsulate-accept-inner-vlan configuration statement at the [edit protocols l2-learning] hierarchy level.

Procedure

Step-by-Step Procedure

To configure the ingress and egress VTEP for traffic pattern 3:

  1. On all supported Juniper Networks switches except QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers, configure the VTEPs to retain the inner VLAN tag while de-encapsulating a packet.

    Note:

    To support the tunneling of Q-in-Q packets, you must configure both ingress and egress VTEPs to retain the inner C-VLAN tag while de-encapsulating a packet.

  2. Configure the physical interface to support the simultaneous transmission of 802.1Q VLAN single- and double-tagged packets on its logical interfaces and to accept packets carrying TPID 0x8100. Also, on the physical interface, create logical interfaces 100 and 201, and associate them with S-VLAN 100 and C-VLAN 201, respectively.

  3. Create a VLAN named vlan_100, and map it to logical interface 100 and VNI 1001. Also create a VLAN named vlan_201, and map it to logical interface 201 and VNI 1002. Also specify that the logical interfaces retain the inner VLAN tag while encapsulating a packet.

    Note:

    Preserving the original VLAN tag is implicit with VLAN bundle services. As a result, in an EVPN-VXLAN environment, you don't need to configure this option with EVPN MAC-VRF instance vlan-bundle service type configurations. Explicitly configure this option with other service types.

    Note:

    To support the tunneling of Q-in-Q packets, you must configure both ingress and egress VTEPs to retain the inner C-VLAN tag while encapsulating a packet.

Configuring Traffic Pattern 4: Popping and Later Pushing an S-VLAN Tag

Requirements

Introduction

For this traffic pattern, the ingress and egress VTEPs in an EVPN-VXLAN overlay network must handle double-tagged Q-in-Q traffic. The ingress VTEP retains the inner C-VLAN tag and removes, or pops, the outer S-VLAN tag. After the packets are tunneled over the Layer 3 network, the egress VTEP pushes the S-VLAN tag back on the packet.

Note:

QFX Series and EX4600 switches support this traffic patterns on both aggregated Ethernet and non-aggregated Ethernet interfaces.

Note:

This configuration focuses on traffic pattern 4 only. It does not provide the configuration for EVPN and all aspects of VXLAN. For a more comprehensive EVPN-VXLAN configuration for a centrally-routed bridging overlay, see Example: Configure an EVPN-VXLAN Centrally-Routed Bridging Fabric.

Configuration for Ingress VTEP for Traffic Pattern 4

CLI Quick Configuration

To quickly configure the ingress VTEP, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Note:

To configure QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers to retain the inner C-VLAN tag while tunneling Q-in-Q packets, you must include only the encapsulate-inner-vlan configuration statement at the [edit vlans vlan-name vxlan] hierarchy level (for service types other than VLAN bundle). You do not need to include the decapsulate-accept-inner-vlan configuration statement at the [edit protocols l2-learning] hierarchy level.

Procedure

Step-by-Step Procedure

To configure the ingress VTEP for traffic pattern 4:

  1. On all supported Juniper Networks switches except QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers, configure the VTEP to retain the inner C-VLAN tag while de-encapsulating a packet.

    Note:

    To support the VXLAN tunneling of Q-in-Q packets, you must configure both ingress and egress VTEP to retain the inner C-VLAN tag while de-encapsulating a packet.

  2. Configure the physical interface to support the simultaneous transmission of 802.1Q VLAN single-tagged and double-tagged packets on its logical interfaces and to accept packets carrying TPID 0x8100.

  3. On physical interface xe-0/0/0, create logical interface 100, and associate it with S-VLAN 100. Also, assuming that the ingress VTEP receives a double-tagged packet as described in this traffic pattern, specify that the outer S-VLAN tag is popped on incoming packets. To accommodate a scenario in which the traffic flow is reversed, and the VTEP functions as an egress VTEP that receives a single-tagged packet from C-VLAN 200, you can optionally specify that an outer S-VLAN tag is added, or pushed, on outgoing packets.

  4. Create a VLAN named vlan_1, and map it to logical interface 100 and VNI 1001. Also specify that the logical interface retains the inner VLAN tag while encapsulating a packet.

    Note:

    Preserving the original VLAN tag is implicit with VLAN bundle services. As a result, in an EVPN-VXLAN environment, you don't need to configure this option with EVPN MAC-VRF instance vlan-bundle service type configurations. Explicitly configure this option with other service types.

Configuration for Egress VTEP for Traffic Pattern 4

CLI Quick Configuration

To quickly configure the egress VTEP, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Note:

To configure QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers to retain the inner C-VLAN tag while tunneling Q-in-Q packets, you must include only the encapsulate-inner-vlan configuration statement at the [edit vlans vlan-name vxlan] hierarchy level (for service types other than VLAN bundle). You do not need to include the decapsulate-accept-inner-vlan configuration statement at the [edit protocols l2-learning] hierarchy level.

Procedure

Step-by-Step Procedure

To configure the egress VTEP for traffic pattern 4:

  1. On all supported Juniper Networks switches except QFX10002, QFX10008, and QFX10016 switches or ACX7100 routers, configure the VTEP to retain the inner VLAN tag while de-encapsulating a packet.

  2. Configure the physical interface to support the simultaneous transmission of 802.1Q VLAN single-tagged and double-tagged packets on its logical interfaces and to accept packets carrying TPID 0x8100.

  3. Create logical interface 100, and associate it with S-VLAN 100. Also, specify that when logical interface 100 receives a packet without an outer S-VLAN tag, the interface pushes outer S-VLAN tag 100 on the outgoing packet.

    Note:

    If you include the push configuration statement at the [edit interfaces unit output-vlan-map] hierarchy level, you must also include the pop configuration statement at the [edit interfaces unit input-vlan-map] hierarchy level to prevent an error when committing the configuration.

  4. Create a VLAN named vlan_1, and map it to logical interface 100 and VNI 1001. Also specify that the logical interface retains the inner VLAN tag while encapsulating a packet.

    Note:

    Preserving the original VLAN tag is implicit with VLAN bundle services. As a result, in an EVPN-VXLAN environment, you don't need to configure this option with EVPN MAC-VRF instance vlan-bundle service type configurations. Explicitly configure this option with other service types.

    Note:

    To support the tunneling of Q-in-Q packets, you must configure both ingress and egress VTEPs to retain the inner C-VLAN tag while encapsulating a packet.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
22.1R1EVO
Starting with Junos OS Evolved Release 22.1R1, ACX7100 routers operating as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets in an ERB overlay.
21.3R1EVO
Starting with Junos OS Evolved Release 21.3R1, PTX10001-36MR, PTX10004, PTX10008, and PTX10016 routers operating as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets using the service-provider style interface configuration.
21.2R1EVO
Starting with Junos OS Evolved Release 21.2R1, QFX5130-32CD switches operating as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets using service-provider style interface configuration in an ERB overlay.
20.2R1
Starting with Junos OS Release 20.2R1, QFX5120-48T switches that function as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets in a bridged overlay or CRB overlay.
20.2R1
Starting with Junos OS Release 20.2R1, QFX5120-48YM switches that function as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets in a bridged overlay or CRB overlay.
19.1R1
Starting with Junos OS Release 19.1R1, QFX5120-32C switches that function as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets in a bridged overlay or CRB overlay.
18.4R2
Starting with Junos OS Release 18.4R2, QFX5120-48Y switches that function as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets in a bridged overlay or CRB overlay.
18.3R1
Starting with Junos OS Release 18.3R1, QFX10002 (except QFX10002-60C), QFX10008, and QFX10016 switches that function as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets using service-provider style interface configuration in a bridged overlay or CRB overlay.
18.2R1
Starting with Junos OS Release 18.2R1, QFX5110, QFX5200, and EX4600 switches that function as Layer 2 VTEPs can tunnel single- and double-tagged Q-in-Q packets in a bridged overlay or CRB overlay.
17.2R1
Starting with Junos OS Release 17.2R1, QFX5100 switches that function as Layer 2 VXLAN tunnel endpoints (VTEPs) can tunnel single- and double-tagged Q-in-Q packets in an EVPN-VXLAN bridged overlay or CRB overlay.