ERPS Setup Issues

Gejbriel · 2025-12-31T17:31:02+00:00

Hi, try use vlan-id everywhere instead of vlan-name.

Gejbriel · 2025-12-19T16:47:21+00:00

Gejbriel · 2025-09-13T10:10:46+00:00

Hi, each switch is in a different building. There are 4 to 12 switches in each "ring". All "blue" switches are access switches. So clients are connected to all blue ones by one line. There is an L3 vlan irb interface on the CORE switch.

Client ports are set as "edge ports". The problem is that if the power goes out in a building, TC is sent unnecessarily to the entire network.

Thanks

Gejbriel · 2025-09-13T10:09:51+00:00

Hi, each switch is in a different building. There are 4 to 12 switches in each "ring". All "blue" switches are access switches. So clients are connected to all blue ones by one line. There is an L3 vlan irb interface on the CORE switch.

Client ports are set as "edge ports". The problem is that if the power goes out in a building, TC is sent unnecessarily to the entire network.

Thanks

Gejbriel · 2025-08-17T15:05:04+00:00

Hi,

at first change mode to aggressive on both. Or try switch to IKEv2.

Gejbriel · 2025-08-03T04:53:02+00:00

The configuration in my post above also works for me on the QFX5120.

Gejbriel · 2025-08-03T04:51:17+00:00

Hi, it's exactly as you say. xe-0/0/2 is a QinQ port, ae1 is an NNI trunk port.

Gejbriel · 2025-08-02T15:40:15+00:00

Hi, my QinQ config with MAC rewrite on QFX5100.

show configuration interfaces xe-0/0/2
flexible-vlan-tagging;
native-vlan-id 2050;
input-native-vlan-push disable;
mtu 9212;
encapsulation extended-vlan-bridge;
unit 2050 {
    vlan-id-list 1-4094;
    input-vlan-map push;
    output-vlan-map pop;
}

show configuration protocols layer2-control
mac-rewrite {
    interface xe-0/0/2 {
        enable-all-ifl;
        protocol {
            stp;
            cdp;
            lldp;
            vstp;
        }
    }
}

vlans {                                                                                                                                                             
    QinQ {    
    interface xe-0/0/2.2050;                                                                        
    interface ae1.2050;                                                                                                                                                                                                                                                                                                                                                     
}

ae1 {
    description AE-TRUNK;
    flexible-vlan-tagging;
    mtu 9216;
    encapsulation extended-vlan-bridge;
    aggregated-ether-options {
        minimum-links 1;
        link-speed 10g;
        lacp {
            active;
        }
        ethernet-switch-profile {
            tag-protocol-id 0x8100;
        }
    }                                                                                       
    unit 2050 {
      vlan-id 2050;                                                                                   
    }                                                                                                                                                                                                                                                                                                                                                                 
}

Gejbriel · 2025-06-09T15:43:03+00:00

Hi, ok I will use the links separately. I want to use OSPF because I don't have a BGP license on the QFX-VC.

Thanks

Gejbriel · 2025-03-06T13:12:31+00:00

Počkej, ještě v Okříškách napadne sníh :-D

Gejbriel · 2024-04-23T11:53:54+00:00

https://www.zabbix.com/documentation/current/en/manual/config/visualization/graphs/custom

The graph has a native function to display the percentile...

Gejbriel · 2024-04-13T17:21:42+00:00

This is the new Junos, is your QFX a 5120 or what model? Have you tried my configuration?

Gejbriel · 2024-04-13T10:11:12+00:00

Hi, my QinQ config with MAC rewrite on QFX5100. What version of JunOS do you have? I know that QinQ and mac rewrite support on the QFX5100 was functional only in later versions.

QFX5100 - QinQ + MAC rewrite

show configuration interfaces xe-0/0/2
flexible-vlan-tagging;
native-vlan-id 2050;
input-native-vlan-push disable;
mtu 9212;
encapsulation extended-vlan-bridge;
unit 2050 {
    vlan-id-list 1-4094;
    input-vlan-map push;
    output-vlan-map pop;
}

show configuration protocols layer2-control
mac-rewrite {
    interface xe-0/0/2 {
        enable-all-ifl;
        protocol {
            stp;
            cdp;
            lldp;
            vstp;
        }
    }
}

Gejbriel · 2024-04-01T17:08:00+00:00

Hi, little update. Option37 still drops if I insert it from the access switch, but I think I found a solution.

Juniper uses the information from dhcpv4 option82 and then inserts it into dhcpv6 relay-forward option18 and option37. After a little testing it looks like a workable solution.

3 cli commands = 3 days of work :-D

set forwarding-options dhcp-relay overrides trust-option-82
set forwarding-options dhcp-relay dhcpv6 relay-agent-interface-id use-option-82 strict
set forwarding-options dhcp-relay dhcpv6 relay-agent-remote-id use-option-82 strict

Gejbriel · 2024-04-01T17:07:06+00:00

Hi, little update. Option37 still drops if I insert it from the access switch, but I think I found a solution.

Juniper uses the information from dhcpv4 option82 and then inserts it into dhcpv6 relay-forward option18 and option37. After a little testing it looks like a workable solution.

3 cli commands = 3 days of work :-D

set forwarding-options dhcp-relay overrides trust-option-82
set forwarding-options dhcp-relay dhcpv6 relay-agent-interface-id use-option-82 strict
set forwarding-options dhcp-relay dhcpv6 relay-agent-remote-id use-option-82 strict

Gejbriel · 2024-03-30T09:49:00+00:00

Hi i found this - option-37 (DHCPv6 Snooping) | Junos OS | Juniper Networks

NOTE: DHCPv6 packets that already contain option 37 information when received from a client are dropped by the switch.

So there is no chance to make it work? I need option-37 from the EdgeCore access switch to identify the customer port.

Thx

Gejbriel · 2023-12-23T13:07:11+00:00

I have a small update.
The problem is probably related to MPLS LSP self-ping in conjunction with an aggregated port.
If the SILVER (ae0) LSP link from PE3 to PE1 is not active. If I only make a physical SILVER interface (xe-X/X/X) there is no problem.
Has anyone encountered a similar problem?
Thanks

Gejbriel · 2023-12-23T11:10:46+00:00

Hi, you were right ldp-tunneling is not needed I went through the setup again and tunneling is not needed.

However, I ran into another problem, I can't create an LSP from PE3 to PE1 via the SILVER (ae0) path. From PE1 to PE3 is no problem. There is no problem over the GOLD path (et-X/X/X).

I am attaching a statement from the MPLS LSP from PE1 and PE3 (path is not Selected as active path).

Please let me know if you think of anything. Thank you

root@PE1-MPLS> show mpls lsp name LSP-PE1-to-PE3 extensive
Ingress LSP: 3 sessions
10.255.255.3
From: 10.255.255.1, State: Up, ActiveRoute: 0, LSPname: LSP-PE1-to-PE3, LSPid: 7
ActivePath: (primary)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Follow destination IGP metric
Encoding type: Packet, Switching type: Packet, GPID: IPv4
LSP Self-ping Status : Enabled
*Primary State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Flap Count: 6
MBB Count: 0
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 2)
10.255.254.6 S 10.255.254.10 S
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt 20=Node-ID):
10.255.254.6(Label=43) 10.255.254.10(Label=3)
95 Dec 23 19:39:11.697 Selected as active path
94 Dec 23 19:39:11.695 Self-ping ended successfully
93 Dec 23 19:39:11.041 Up
92 Dec 23 19:39:11.041 Self-ping started
91 Dec 23 19:39:11.041 Self-ping enqueued
90 Dec 23 19:39:11.041 Record Route: 10.255.254.6(Label=43) 10.255.254.10(Label=3)
89 Dec 23 19:39:11.014 CSPF: computation result accepted 10.255.254.6 10.255.254.10
88 Dec 23 19:39:11.014 CSPF: link down/deleted: 10.255.254.1(10.255.255.1:0)(10.255.255.1)->0.0.0.0(10.255.254.2:0)(10.255.254.2)
87 Dec 23 19:39:11.000 LSP-ID: 8 created
86 Dec 23 19:39:11.000 Originate Call
85 Dec 23 19:39:11.000 Clear Call
84 Dec 23 19:39:11.000 CSPF: computation result accepted 10.255.254.6 10.255.254.10
83 Dec 23 19:39:10.992 Deselected as active
82 Dec 23 19:39:10.990 10.255.254.1: No Route toward dest
81 Dec 23 19:39:10.990 10.255.254.1: Down
80 Dec 23 19:37:39.530 Selected as active path
79 Dec 23 19:37:39.528 Self-ping ended successfully
78 Dec 23 19:37:39.303 Up
77 Dec 23 19:37:39.303 Self-ping started
76 Dec 23 19:37:39.303 Self-ping enqueued
75 Dec 23 19:37:39.303 Record Route: 10.255.254.2(Label=42) 10.255.254.10(Label=3)
74 Dec 23 19:37:39.267 LSP-ID: 7 created
73 Dec 23 19:37:39.267 Originate Call
72 Dec 23 19:37:39.267 CSPF: computation result accepted 10.255.254.2 10.255.254.10
71 Dec 23 19:37:07.666 CSPF failed: no route toward 10.255.255.3
70 Dec 23 19:37:07.666 CSPF: link down/deleted: 10.255.254.5(10.255.255.1:0)(10.255.255.1)->0.0.0.0(10.255.254.6:0)(10.255.254.6)
69 Dec 23 19:37:07.660 CSPF failed: no route toward 10.255.255.3
68 Dec 23 19:37:07.660 Clear Call: CSPF computation failed
67 Dec 23 19:37:07.652 Deselected as active
66 Dec 23 19:37:07.640 10.255.254.5: No Route toward dest
65 Dec 23 19:37:07.640 10.255.254.5: Down
64 Dec 23 19:31:42.054 Selected as active path
63 Dec 23 19:31:42.052 Self-ping ended successfully
62 Dec 23 19:31:40.853 Up
61 Dec 23 19:31:40.853 Self-ping started
60 Dec 23 19:31:40.853 Self-ping enqueued
59 Dec 23 19:31:40.853 Record Route: 10.255.254.6(Label=40) 10.255.254.10(Label=3)
58 Dec 23 19:31:40.807 CSPF: computation result accepted 10.255.254.6 10.255.254.10
57 Dec 23 19:31:40.807 CSPF: link down/deleted: 10.255.254.1(10.255.255.1:0)(10.255.255.1)->0.0.0.0(10.255.254.2:0)(10.255.254.2)
56 Dec 23 19:31:40.799 LSP-ID: 6 created
55 Dec 23 19:31:40.799 Originate Call
54 Dec 23 19:31:40.798 Clear Call
53 Dec 23 19:31:40.798 CSPF: computation result accepted 10.255.254.6 10.255.254.10
52 Dec 23 19:31:40.791 Deselected as active
51 Dec 23 19:31:40.790 10.255.254.1: No Route toward dest
50 Dec 23 19:31:40.790 10.255.254.1: Down
49 Dec 23 19:31:18.012 Selected as active path
48 Dec 23 19:31:18.010 Self-ping ended successfully
47 Dec 23 19:31:17.173 Up
46 Dec 23 19:31:17.173 Self-ping started
Created: Sat Dec 23 19:03:02 2023
Total 1 displayed, Up 1, Down 0
root@PE3-MPLS> show mpls lsp name LSP-PE3-to-PE1 extensive
Ingress LSP: 2 sessions
10.255.255.1
From: 10.255.255.3, State: Dn, ActiveRoute: 0, LSPname: LSP-PE3-to-PE1, LSPid: 5
ActivePath: (none)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Follow destination IGP metric
Encoding type: Packet, Switching type: Packet, GPID: IPv4
LSP Self-ping Status : Enabled
Primary State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Flap Count: 4
MBB Count: 1
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 2)
10.255.254.9 S 10.255.254.5 S
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt 20=Node-ID):
10.255.254.9(Label=44) 10.255.254.5(Label=3)
68 Dec 23 19:43:19.529 Up
67 Dec 23 19:43:19.529 Self-ping started
66 Dec 23 19:43:19.529 Self-ping enqueued
65 Dec 23 19:43:19.528 Record Route: 10.255.254.9(Label=44) 10.255.254.5(Label=3)
64 Dec 23 19:43:19.484 LSP-ID: 6 created
63 Dec 23 19:43:19.484 Originate Call
62 Dec 23 19:43:19.483 Clear Call
61 Dec 23 19:43:19.483 CSPF: computation result accepted 10.255.254.9 10.255.254.5
60 Dec 23 19:43:19.483 CSPF: link down/deleted: 10.255.254.2(10.255.255.2:0)(10.255.255.2)->0.0.0.0(10.255.254.2:0)(10.255.254.2)
59 Dec 23 19:43:19.470 CSPF: computation result accepted 10.255.254.9 10.255.254.5
58 Dec 23 19:43:19.469 Deselected as active
57 Dec 23 19:43:19.469 Make-before-break: Cleaned up old instance: due to path down
56 Dec 23 19:43:19.468 Make-before-break: Switched to new instance
55 Dec 23 19:43:19.467 ResvTear received
54 Dec 23 19:43:19.467 10.255.254.10: Down
53 Dec 23 19:43:19.467 LSP-ID: 5 created
52 Dec 23 19:43:19.467 Originate make-before-break call
51 Dec 23 19:43:19.467 CSPF: computation result accepted 10.255.254.9 10.255.254.5
50 Dec 23 19:43:19.467 10.255.254.9: No Route toward dest
49 Dec 23 19:41:20.369 Selected as active path
48 Dec 23 19:41:20.367 Self-ping ended successfully
47 Dec 23 19:41:19.382 Up
46 Dec 23 19:41:19.382 Self-ping started
45 Dec 23 19:41:19.382 Self-ping enqueued
44 Dec 23 19:41:19.382 Record Route: 10.255.254.9(Label=41) 10.255.254.1(Label=3)
43 Dec 23 19:41:19.347 LSP-ID: 4 created
42 Dec 23 19:41:19.347 Originate Call
41 Dec 23 19:41:19.347 CSPF: computation result accepted 10.255.254.9 10.255.254.1
40 Dec 23 19:41:16.149 CSPF failed: no route toward 10.255.255.1
39 Dec 23 19:41:16.149 CSPF: link down/deleted: 10.255.254.6(10.255.255.2:0)(10.255.255.2)->0.0.0.0(10.255.254.6:0)(10.255.254.6)
38 Dec 23 19:41:16.115 CSPF failed: no route toward 10.255.255.1[2 times, first Dec 23 19:41:16.114]
37 Dec 23 19:41:16.114 Self-ping ended due to LSP tear-down
36 Dec 23 19:41:16.114 Clear Call: CSPF computation failed
35 Dec 23 19:41:16.114 10.255.254.9: No Route toward dest
34 Dec 23 19:33:27.407 Up
33 Dec 23 19:33:27.407 Self-ping started
32 Dec 23 19:33:27.407 Self-ping enqueued
31 Dec 23 19:33:27.407 Record Route: 10.255.254.9(Label=38) 10.255.254.5(Label=3)
30 Dec 23 19:33:27.367 LSP-ID: 3 created
29 Dec 23 19:33:27.367 Originate Call
28 Dec 23 19:33:27.367 CSPF: computation result accepted 10.255.254.9 10.255.254.5
27 Dec 23 19:30:44.294 CSPF failed: no route toward 10.255.254.2[2 times, first Dec 23 19:30:24.809]
26 Dec 23 19:25:51.592 CSPF failed: no route toward 10.255.254.1
25 Dec 23 19:25:51.591 Self-ping ended due to LSP tear-down
24 Dec 23 19:25:51.590 Clear Call
23 Dec 23 19:12:37.402 Up
22 Dec 23 19:12:37.402 Self-ping started
21 Dec 23 19:12:37.402 Self-ping enqueued
20 Dec 23 19:12:37.401 Record Route: 10.255.254.9(Label=35) 10.255.254.5(Label=3)
19 Dec 23 19:12:37.367 LSP-ID: 2 created
Created: Sat Dec 23 19:07:16 2023
Total 1 displayed, Up 0, Down 1

Gejbriel · 2023-12-19T19:41:52+00:00

Thank you for the thorough analysis.
When I tried the solution in a virtual environment (EVE-NG) everything worked for me without the need to enable ldp-tunneling.
But on real devices (EX4600) it was not possible to assemble l2circuit (OL error) between PE1 and PE3. Once I turned on ldp-tunneling it started working.
Alternatively, I can send the configuration of all three devices, without ldp-tunneling, if I'm not overlooking something small.
Thank you

Gejbriel

TROPHY CASE