[AusNOG] dot1q-tunnel and cisco nexus 5000s

Matt Carter mattc at mansol.net.au
Thu Mar 21 18:14:17 EST 2013

> VPLS can work if you aren't flood too many MACs and you don't want your
> VPLS PE devices to actually read/interpret/manipulate the tags (lots of
> feature gap).

VPLS+RSVP-TE is nice, I'm a huge fan, can build a service in a few lines of config at most and its all 'cookie cut' stuff. *but* at what kind of rates are we talking?? The kind of datacenter rates I'm used to preclude VPLS from being a significant contender due to the cost imposed for the derived benefits, but I guess that depends on how much you can wrangle your $vendor :) 

If we're talking about a substitute for QinQ in the framework of DC aggregation the next generation is PBB/PBT .. That seems to be where Cisco is driving their products, "Next Generation" stuff .. QinQ is really an obsoleted and quite flawed technology in the context of a new flagship type thing, you will find the 7K has a limited QinQ support compared to what we are familiar with.. It's not *that* surprising and the writing has been on the wall for some time and in various documents/cisco visions.

I find it interesting that people still refer to QinQ as providing a "private" solution, which will make for some interesting discussion the day that customer A kills customer B because they used an overlapping virtual MAC due to HSRP or same-vendor VM setup, or wants to tunnel protocol X through and the layer 2 protocol tunnelling features aren't there for that protocol. Eg 4900M won't carry most L2 protocols, 7K has limited QinQ capability, there's a variety of "your mileage may vary" depending on the platform and implementation of QInQ.

IIRC, entry level juniper branch router (SRX) will do single vlan tag mashing using ethernet or vlan vpls provided you use the flexible-ethernet-services port and turn on flexible Ethernet services ??  IIRC, pop/swap/push can be done, you just can't do *double manipulate* tags, pop-pop/pop-swap/swap-push etc  won't fly on a SRX or J series, but in my experience that's pretty rare and you can leverage off the PE to do the heavy lifting... 

The MAC flooding behaviour can also be tuned depending on the platform to a degree and/or mitigated by design at the CE end.

> If you are doing basic tag stacking in a local area that you have complete
> control of and your device does not support q-in-q, you can do the good
> ghetto way and just loop a cable from a trunk/tagged port into an
> access/untagged port (access port will add a second layer of tags inside that
> VLAN if it transmits out a trunk port).

Combined with the above is quite do-able and works quite nicely at the tail end if you need to manipulate some extra tags, slip into the customer domain for diagnostics purposes or mitigate some vpls mac learning :) Always nice to be able to bring up an interface *inside* the VPLS at the CE end if needed :)

More information about the AusNOG mailing list