Configuring Single Tag Translation on Cumulus Linux

In the previous article, we shared you an example of configuring double tag translation. This time, we are going to do single tag translation. Single tag translation is about where you map QinQ packets of a customer to a VNI of VxLAN and preserve the service as an inner VLAN inside a VXLAN packet. The customer-facing interface is a QinQ access port with the outer S-tag. The S-tag is then translated to a VXLAN VNI. Single tag translation leverages VLAN-aware Linux bridge mode with the use of the 802.1ad VLAN protocol (the only supported protocol at the time of writing). Hence, it is more scalable.

Note: you need to have Cumulus Linux 3.3.1 at least and QinQ metapackage installed. The steps of doing this is mentioned in the previous article about doing double tag translation.

Network Connectivity

As you can see the above network connectivity, VLAN 40, 50 and 60 are C-Tag. We allow them on trunk port on both Juniper EX2200 and Cisco switch. Port swp3 of both iNET9-CL01 and 02 will be in access mode and map to VLAN 200 which is considered as S-Tag. VLAN 200 will then map to VNI 1000.

Configuration

1. iNET9-CL01

vi /etc/network/interfaces

auto swp2
iface swp2
link-speed 10000
address 200.0.0.1/30

auto swp3
iface swp3
link-speed 1000
bridge-access 200

auto vni-1000
iface vni-1000
vxlan-local-tunnelip 200.0.0.1
vxlan-remoteip 200.0.0.2
bridge-access 200
vxlan-id 1000

auto bridge
iface bridge
bridge-ports swp3 vni-1000
bridge-vlan-aware yes
bridge-vlan-protocol 802.1ad

Save the interfaces file then do ifreload -a to get interface configuration to take effect.

2. iNET9-CL02

vi /etc/network/interfaces

auto swp2
iface swp2
link-speed 10000
address 200.0.0.2/30

auto swp3
iface swp3
link-speed 1000
bridge-access 200

auto vni-1000
iface vni-1000
vxlan-local-tunnelip 200.0.0.2
vxlan-remoteip 200.0.0.1
bridge-access 200
vxlan-id 1000

auto bridge
iface bridge
bridge-ports swp3 vni-1000
bridge-vlan-aware yes
bridge-vlan-protocol 802.1ad

Save the interfaces file then do ifreload -a to get interface configuration to take effect.

3. iNET9-EX2200

set vlans VLAN40 vlan-id 40
set vlans VLAN40 l3-interface vlan.40
set vlans VLAN50 vlan-id 50
set vlans VLAN50 l3-interface vlan.50
set vlans VLAN60 vlan-id 60
set vlans VLAN60 l3-interface vlan.60

set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN40
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN50
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN60

set interfaces vlan unit 40 family inet address 40.40.40.1/24
set interfaces vlan unit 50 family inet address 50.50.50.1/24
set interfaces vlan unit 60 family inet address 60.60.60.1/24

4. iNET9-Cisco Switch

vlan 40
name VLAN40
!
vlan 50
name VLAN50
!
vlan 60
name VLAN60
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 40,50,60
switchport mode trunk
!
interface Vlan40
ip address 40.40.40.2 255.255.255.0
!
interface Vlan50
ip address 50.50.50.2 255.255.255.0
!
interface Vlan60
ip address 60.60.60.2 255.255.255.0
!

Verification

You can use command net show bridge vlan to verify VLAN mapping. Also, to verify that the bridge is configured for QinQ, run ip -d link show bridge and look for vlan_protocol 802.1ad in the output. Last but not least, we can use ping command to verify reachability between Juniper and Cisco switch for each VLAN.

[email protected]> show interfaces terse vlan
Interface Admin Link Proto Local Remote
vlan.40 up up inet 40.40.40.1/24
vlan.50 up up inet 50.50.50.1/24
vlan.60 up up inet 60.60.60.1/24

[email protected]> ping 40.40.40.2
PING 40.40.40.2 (40.40.40.2): 56 data bytes
64 bytes from 40.40.40.2: icmp_seq=0 ttl=255 time=4.498 ms
64 bytes from 40.40.40.2: icmp_seq=1 ttl=255 time=3.285 ms
64 bytes from 40.40.40.2: icmp_seq=2 ttl=255 time=2.643 ms
64 bytes from 40.40.40.2: icmp_seq=3 ttl=255 time=3.305 ms
64 bytes from 40.40.40.2: icmp_seq=4 ttl=255 time=2.615 ms
64 bytes from 40.40.40.2: icmp_seq=5 ttl=255 time=2.521 ms
^C
— 40.40.40.2 ping statistics —
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.521/3.145/4.498/0.683 ms

[email protected]> ping 50.50.50.2
PING 50.50.50.2 (50.50.50.2): 56 data bytes
64 bytes from 50.50.50.2: icmp_seq=0 ttl=255 time=3.861 ms
64 bytes from 50.50.50.2: icmp_seq=1 ttl=255 time=2.786 ms
64 bytes from 50.50.50.2: icmp_seq=2 ttl=255 time=2.742 ms
^C
— 50.50.50.2 ping statistics —
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.742/3.130/3.861/0.517 ms

[email protected]> ping 60.60.60.2
PING 60.60.60.2 (60.60.60.2): 56 data bytes
64 bytes from 60.60.60.2: icmp_seq=0 ttl=255 time=3.553 ms
64 bytes from 60.60.60.2: icmp_seq=1 ttl=255 time=2.347 ms
64 bytes from 60.60.60.2: icmp_seq=2 ttl=255 time=3.324 ms
64 bytes from 60.60.60.2: icmp_seq=3 ttl=255 time=2.330 ms
^C
— 60.60.60.2 ping statistics —
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.330/2.889/3.553/0.556 ms

[email protected]> show ethernet-switching table
Ethernet-switching table: 9 entries, 3 learned, 0 persistent entries
VLAN MAC address Type Age Interfaces
VLAN40 * Flood – All-members
VLAN40 10:8c:cf:48:89:42 Learn 1:11 ge-0/0/1.0
VLAN40 64:64:9b:10:61:c1 Static – Router
VLAN50 * Flood – All-members
VLAN50 10:8c:cf:48:89:43 Learn 0 ge-0/0/1.0
VLAN50 64:64:9b:10:61:c1 Static – Router
VLAN60 * Flood – All-members
VLAN60 10:8c:cf:48:89:44 Learn 0 ge-0/0/1.0
VLAN60 64:64:9b:10:61:c1 Static – Router

[email protected]> show arp
MAC Address Address Name Interface Flags
10:8c:cf:48:89:42 40.40.40.2 40.40.40.2 vlan.40 none
10:8c:cf:48:89:43 50.50.50.2 50.50.50.2 vlan.50 none
3c:8a:b0:ac:bb:88 22.0.0.1 22.0.0.1 me0.0 none
10:8c:cf:48:89:44 60.60.60.2 60.60.60.2 vlan.60 none
Total entries: 4

One Reply to “Configuring Single Tag Translation on Cumulus Linux”

Leave a Reply

Your email address will not be published. Required fields are marked *