RE

A
SH
Junos Service Provider Switching

T
NO
14.a

DO
—
Student Guide
Volume 1
LY
ON
E
US

Worldwide Education Services

AL

1133 Innovation Way

Sunnyvale, CA 94089
USA
RN

408-745-2000
www.juniper.net

Course Number: EDU-JUN-JSPX

TE
IN
 RE
This document is produced by Juniper Networks, Inc.
This document or any part thereof may not be reproduced or transmitted in any form under penalty of law, without the prior written permission of Juniper Networks Education
Services.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The
Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service

A
marks are the property of their respective owners.
Junos Service Provider Switching Student Guide, Revision 14.a
Copyright © 2015, Juniper Networks, Inc.

SH
All rights reserved. Printed in USA.
Revision History:
Revision 10.a—May 2010
Revision 11.a—December 2011
Revision 12.a—May 2013

T
Revision 12.b—June 2015
The information in this document is current as of the date listed above.

NO
The information in this document has been carefully verified and is believed to be accurate for software Release 14.2R3.8. Juniper Networks assumes no responsibilities for
any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary, incidental or consequential damages
resulting from any defect or omission in this document, even if advised of the possibility of such damages.

DO
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has no known
time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
—
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an agreement
executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and agree to be bound by its
license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper Networks software, may contain
prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should consult the software license for further details.
LY
ON
E
US
AL
RN
TE
IN
 Contents

RE
Chapter 1: Course Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

A
SH
Chapter 2: Ethernet Switching and Virtual LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Ethernet LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Configuring and Monitoring VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18
Automating VLAN Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-31

T
Configuring and Monitoring IRB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-43
Layer 2 Address Learning and Forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-48

NO
Layer 2 Firewall Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-54
Ethernet Switching and VLANs Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-65

Chapter 3: Virtual Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

DO
Routing Instances Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Configuring and Monitoring Virtual Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8
Interconnecting Routing Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16
Logical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
Virtual Switches Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33
—
Chapter 4: Provider Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Expanding the Bridged Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
LY

Provider Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

Configuring and Monitoring Provider Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16
Provider Bridging Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
ON
E
US
AL
RN
TE
IN

www.juniper.net Contents • iii

 RE
A
SH
T
NO
DO
—
LY
ON
E
US
AL
RN
TE
IN

iv • Contents www.juniper.net
Course Overview

RE
This two-day course is designed to provide students with intermediate switching knowledge and configuration examples.
The course includes an overview of switching concepts such as LANs, Layer 2 address learning, bridging, virtual LANs
(VLANs), provider bridging, VLAN translation, spanning-tree protocols, and Ethernet Operation, Administration, and

A
Maintenance (OAM). This course also covers Junos operating system-specific implementations of integrated routing and
bridging (IRB) interfaces, routing instances, virtual switches, load balancing, and port mirroring. Furthermore, this course

SH
covers the basics of Multiple VLAN Registration Protocol (MVRP), link aggregation groups (LAG), and multichassis LAG
(MC-LAG). This course is based on the Junos OS Release 14.2R3.8.
Through demonstrations and hands-on labs, students will gain experience in configuring and monitoring the Junos OS
and in device operations.

T
Objectives

NO
After successfully completing this course, you should be able to:
• Describe carrier Ethernet.
• Describe the different Ethernet standards organizations.
• Describe the Layer 2 services that are available on the MX Series 3D Ethernet Universal Edge Routers.

DO
• Describe the function of an Ethernet LAN.
• Describe learning and forwarding in a bridging environment.
• Describe Ethernet frame filtering.
• Implement VLAN tagging. —
• Describe and implement MVRP.
• Implement IRB.
LY

• Implement a Layer 2 firewall filter.

• Describe the usage of a routing instance.
• Describe the function of a virtual router.
ON

• Describe the function of a virtual switch.

• Describe the usage of logical systems.
• Implement a virtual switch.
• Describe interconnecting routing instances.
E

• Describe the different Institute of Electrical and Electronics Engineers (IEEE) VLAN stacking models.
US

• Describe the components of provider bridging.

• Configure and monitor provider bridging.
• Explain the purpose of the Spanning Tree Protocol (STP).
AL

• Describe the basic operation of the STP, the Rapid Spanning Tree Protocol (RSTP), the Multiple Spanning
Tree Protocol (MSTP), and the VLAN Spanning Tree Protocol (VSTP)
• Configure and monitor the STP, the RSTP, the MSTP, and the VSTP.
RN

• Explain the purpose of bridge protocol data unit (BPDU), loop, and root protection.
• Explain typical OAM features.
• Describe the basic operation of link fault management (LFM).
TE

• Describe the basic operation of connectivity fault management (CFM).

• Configure and monitor Ethernet OAM.
• Describe the basic operation of Ethernet Ring Protection (ERP).
IN

• Configure and monitor ERP.

www.juniper.net Course Overview • v

 • Describe the basic operation of LAGs and MC-LAGs.

RE
• Configure and monitor a LAG and MC-LAGs.
• Describe the basic functionality of MX Series Virtual Chassis.
• Describe a basic troubleshooting method.

A
• List common issues that disrupt network operations.

SH
• Identify tools used in network troubleshooting.
• Use available tools to resolve network issues.
Intended Audience
This course benefits individuals responsible for configuring and monitoring devices running the Junos OS.

T
Course Level

NO
Junos Service Provider Switching is an intermediate-level course.
Prerequisites
Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI)
model and the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS)

DO
and Junos Routing Essentials (JRE) courses prior to attending this class.

—
LY
ON
E
US
AL
RN
TE
IN

vi • Course Overview www.juniper.net

Course Agenda

RE
Day 1
Chapter 1: Course Introduction

A
Chapter 2: Ethernet Switching and Virtual LANs

SH
Ethernet Switching and VLANs Lab
Chapter 3: Virtual Switches
Virtual Switches Lab
Chapter 4: Provider Bridging

T
Provider Bridging Lab

NO
Day 2
Chapter 5: Spanning-Tree Protocols
MSTP Lab
Chapter 6: Ethernet OAM

DO
Ethernet OAM Lab
Chapter 7: High Availability and Network Optimization
High Availability and Network Optimization Lab
Chapter 8: Troubleshooting and Monitoring
—
Troubleshooting and Monitoring Lab
LY
ON
E
US
AL
RN
TE
IN

www.juniper.net Course Agenda • vii

 Document Conventions

RE
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI) or a graphical user

A
interface (GUI). To make the language of these documents easier to read, we distinguish GUI and CLI text from chapter
text according to the following table.

SH
Style Description Usage Example

Franklin Gothic Normal text. Most of what you read in the Lab Guide
and Student Guide.

T
Courier New Console text:
commit complete
• Screen captures

NO
• Noncommand-related Exiting configuration mode
syntax
GUI text elements:
Select File > Open, and then click
• Menu names Configuration.conf in the

DO
Filename text box.
• Text field entry

Input Text Versus Output Text

You will also frequently see cases where you must enter input text yourself. Often these instances will be shown in the
—
context of where you must enter them. We use bold style to distinguish text that is input versus text that is simply
displayed.

Style Description Usage Example

LY

Normal CLI No distinguishing variant. Physical interface:fxp0,

Enabled
Normal GUI
View configuration history by clicking
ON

Configuration > History.

CLI Input Text that you must enter. lab@San_Jose> show route
GUI Input Select File > Save, and type
config.ini in the Filename field.
E

Defined and Undefined Syntax Variables

US

Finally, this course distinguishes between regular text and syntax variables, and it also distinguishes between syntax
variables where the value is already assigned (defined variables) and syntax variables where you must assign the value
(undefined variables). Note that these styles can be combined with the input style as well.
AL

Style Description Usage Example

CLI Variable Text where variable value is already policy my-peers

assigned.
GUI Variable Click my-peers in the dialog.
RN

CLI Undefined Text where the variable’s value is Type set policy policy-name.
the user’s discretion or text where
ping 10.0.x.y
the variable’s value as shown in
GUI Undefined the lab guide might differ from the Select File > Save, and type
TE

value the user must input filename in the Filename field.

according to the lab topology.
IN

viii • Document Conventions www.juniper.net

Additional Information

RE
Education Services Offerings
You can obtain information on the latest Education Services offerings, course dates, and class locations from the World

A
Wide Web by pointing your Web browser to: http://www.juniper.net/training/education/.
About This Publication

SH
The Junos Service Provider Switching Student Guide was developed and tested using software Release 14.2R3.8.
Previous and later versions of software might behave differently so you should always consult the documentation and
release notes for the version of code you are running before reporting errors.
This document is written and maintained by the Juniper Networks Education Services development team. Please send

T
questions and suggestions for improvement to [email protected].

NO
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats:
• Go to http://www.juniper.net/techpubs/.
• Locate the specific software or hardware release and title you need, and choose the format in which you

DO
want to view or print the document.
Documentation sets and CDs are available through your local Juniper Networks sales office or account representative.
Juniper Networks Support
For technical support, contact Juniper Networks at http://www.juniper.net/customers/support/, or at 1-888-314-JTAC
—
(within the United States) or 408-745-2121 (from outside the United States).
LY
ON
E
US
AL
RN
TE
IN

www.juniper.net Additional Information • ix

 A RE
SH
T
NO
DO
—
LY
ON
E
US
AL
RN
TE
IN

x • Additional Information www.juniper.net

 RE
A
SH
Junos Service Provider Switching

T
NO
Chapter 1: Course Introduction

DO
—
LY
ON
E
US
AL
RN
TE
IN
Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

We Will Discuss:
• Objectives and course content information;
E

• Additional Juniper Networks, Inc. courses; and

• The Juniper Networks Certification Program.
US
AL
RN
TE
IN

Chapter 1–2 • Course Introduction www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Introductions
The slide asks several questions for you to answer during class introductions.
E
US
AL
RN
TE
IN

www.juniper.net Course Introduction • Chapter 1–3

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Course Contents
The slide lists the topics we discuss in this course.
E
US
AL
RN
TE
IN

Chapter 1–4 • Course Introduction www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Prerequisites
The slide lists the prerequisites for this course.
E
US
AL
RN
TE
IN

www.juniper.net Course Introduction • Chapter 1–5

Junos Service Provider Switching

RE
A
SH
T
NO
DO
—
LY
ON

General Course Administration

The slide documents general aspects of classroom administration.
E
US
AL
RN
TE
IN

Chapter 1–6 • Course Introduction www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Training and Study Materials

The slide describes Education Services materials that are available for reference both in the classroom and online.
E
US
AL
RN
TE
IN

www.juniper.net Course Introduction • Chapter 1–7

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Additional Resources
The slide provides links to additional resources available to assist you in the installation, configuration, and operation of
Juniper Networks products.
E
US
AL
RN
TE
IN

Chapter 1–8 • Course Introduction www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Satisfaction Feedback
Juniper Networks uses an electronic survey system to collect and analyze your comments and feedback. Depending on the
class you are taking, please complete the survey at the end of the class, or be sure to look for an e-mail about two weeks
E

from class completion that directs you to complete an online survey form. (Be sure to provide us with your current e-mail
address.)
US

Submitting your feedback entitles you to a certificate of class completion. We thank you in advance for taking the time to
help us improve our educational offerings.
AL
RN
TE
IN

www.juniper.net Course Introduction • Chapter 1–9

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Juniper Networks Education Services Curriculum

Juniper Networks Education Services can help ensure that you have the knowledge and skills to deploy and maintain
cost-effective, high-performance networks for both enterprise and service provider environments. We have expert training
E

staff with deep technical and industry knowledge, providing you with instructor-led hands-on courses in the classroom and
online, as well as convenient, self-paced eLearning courses.
US

Courses
You can access the latest Education Services offerings covering a wide range of platforms at 
http://www.juniper.net/training/technical_education/.
AL
RN
TE
IN

Chapter 1–10 • Course Introduction www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Juniper Networks Certification Program

A Juniper Networks certification is the benchmark of skills and competence on Juniper Networks technologies.
E
US
AL
RN
TE
IN

www.juniper.net Course Introduction • Chapter 1–11

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Juniper Networks Certification Program Overview

The Juniper Networks Certification Program (JNCP) consists of platform-specific, multitiered tracks that enable participants
to demonstrate competence with Juniper Networks technology through a combination of written proficiency exams and
E

hands-on configuration and troubleshooting exams. Successful candidates demonstrate thorough understanding of Internet
and security technologies and Juniper Networks platform configuration and troubleshooting skills.
US

The JNCP offers the following features:

• Multiple tracks;
• Multiple certification levels;
AL

• Written proficiency exams; and

• Hands-on configuration and troubleshooting exams.
Each JNCP track has one to four certification levels—Associate-level, Specialist-level, Professional-level, and Expert-level.
RN

Associate-level and Specialist-level exams are computer-based exams composed of multiple choice questions administered
at Prometric testing centers worldwide.
Professional-level and Expert-level exams are composed of hands-on lab exercises administered at select Juniper Networks
testing centers. Professional-level and Expert-level exams require that you first obtain the next lower certification in the track.
TE

Please visit the JNCP Web site at 

http://www.juniper.net/certification for detailed exam information, exam pricing, and exam registration.
IN

Chapter 1–12 • Course Introduction www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Preparing and Studying

The slide lists some options for those interested in preparing for Juniper Networks certification.
E
US
AL
RN
TE
IN

www.juniper.net Course Introduction • Chapter 1–13

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Junos Genius
The Junos Genius application takes certification exam preparation to a new level. With Junos Genius you can practice for
your exam with flashcards, simulate a live exam in a timed challenge, and even build a virtual network with device
E

achievements earned by challenging Juniper instructors. Download the app now and Unlock your Genius today!
US
AL
RN
TE
IN

Chapter 1–14 • Course Introduction www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Find Us Online
The slide lists some online resources to learn and share information about Juniper Networks.
E
US
AL
RN
TE
IN

www.juniper.net Course Introduction • Chapter 1–15

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Any Questions?
If you have any questions or concerns about the class you are attending, we suggest that you voice them now so that your
instructor can best address your needs during class.
E

This chapter contains no review questions.

US
AL
RN
TE
IN

Chapter 1–16 • Course Introduction www.juniper.net

 A RE
SH
Junos Service Provider Switching

T
NO
Chapter 2: Ethernet Switching and Virtual LANs

DO
—
LY
ON
E
US
AL
RN
TE
IN
Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

We Will Discuss:
• The functions of an Ethernet LAN;
E

• Learning and forwarding in a bridging environment;

• Implementation of virtual LAN (VLAN) tagging;
US

• Automation of VLAN administration through Multiple VLAN Registration Protocol (MVRP);

• Implementation of integrated routing and bridging (IRB);
• Implementation of Layer 2 address learning and forwarding; and
AL

• Implementation of Layer 2 firewall filters.

RN
TE
IN

Chapter 2–2 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Ethernet LANs
The slide lists the topics we will discuss. We discuss the highlighted topic first.
E
US
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–3

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Ethernet Defined
Ethernet is a family of LAN specifications defined in the Institute of Electrical and Electronics Engineers (IEEE) 802.3
standard. The slide lists some common examples, including the 802.3i, 802.3u, and 802.3ab specifications. Each Ethernet
E

implementation uses a unique wiring and signaling standard—typically a copper-based medium or fiber optics—for the
Physical Layer. Although the various implementations of Ethernet can use various wiring and signaling standards, they all
US

use a common addressing format.

Ethernet is a Data Link Layer technology, as defined by Layer 2 of the Open Systems Interconnection (OSI) model of
communications. An Ethernet LAN consists of a shared medium that encompasses a single broadcast and collision domain.
Network devices, referred to as nodes, on the Ethernet LAN transmit data in bundles that are generally referred to as frames.
AL

Each node on a LAN has a unique identifier so that it can be unambiguously located on the network. Ethernet uses the Layer
2 media access control (MAC) address for this purpose. MAC addresses are 48-bit hardware addresses programmed into the
Ethernet processor of each node.
Ethernet uses the carrier-sense multiple access with collision detection (CSMA/CD) protocol to avoid and manage frame
RN

collisions.
TE
IN

Chapter 2–4 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Ethernet LANs: Part 1

Ethernet LANs consist of a shared medium that defines a single collision domain. As previously mentioned, Ethernet uses
the CSMA/CD protocol to help avoid and manage frame collisions. The sample topology on the slide shows a series of nodes
E

connected through a hub using a copper-based physical medium. This type of implementation allows only a single stream of
data at a time. All nodes participating in this shared Ethernet LAN listen to verify that the line is idle before transmitting. If
US

the line is idle, the nodes begin transmitting data frames. If multiple nodes listen and detect that the line is idle and then
begin transmitting data frames simultaneously, a collision occurs. When collisions occur, an error is generated and travels
back to the transmitting devices. When a node receives a collision error message, it stops transmitting immediately and
waits for a period of time before trying to send the frame again. If the node continues to detect collisions, it progressively
increases the time between retransmissions in an attempt to find a time when no other data is being transmitted on the
AL

LAN. The node uses a backoff algorithm to calculate the increasing retransmission time intervals. When a node does
successfully transmit traffic, that traffic replicates out all ports on the hub and all other nodes on the shared Ethernet
segment see it. This traffic-flooding approach, coupled with collisions, consumes network resources.
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–5

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Ethernet LANs: Part 2

Ethernet LANs were originally implemented for small, simple networks. Over time, LANs have become larger and more
complex. As an Ethernet LAN grows, the likelihood of collisions on that LAN also grows. As more users join a shared Ethernet
E

segment, each participating node receives an increase of traffic from all other participating nodes for which it is not the
actual destination. This unwanted consumption of network resources, along with an increase of collisions, inevitably
US

decreases the overall efficiency on the LAN.

AL
RN
TE
IN

Chapter 2–6 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Bridging
The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–7

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Bridging Defined
Defined in the IEEE 802.1D-2004 standard, bridging addresses some of the inherent problems of large, shared Ethernet
LANs. Bridging uses microsegmentation to divide a single-collision domain into multiple, smaller, bridged collision domains.
E

Reducing the size of a collision domain effectively reduces the likelihood that collisions might occur. This approach also
enhances performance by allowing multiple streams of data to flow through the switch within a common LAN or broadcast
US

domain.
Bridging allows a mixed collection of interface types and speeds to be logically grouped within the same bridged LAN. The
ability to logically group dissimilar interfaces in a bridged LAN environment provides design flexibility not found in a shared
Ethernet LAN environment.
AL

Bridging builds and maintains a forwarding table, known as a bridge table, for all destinations within the bridged LAN. The
bridge table is based on the source MAC addresses for all devices participating in the bridged LAN. The bridge table can aid
in intelligent forwarding decisions. This approach reduces unnecessary traffic on the LAN.
RN
TE
IN

Chapter 2–8 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Bridging Mechanics
The transparent bridging protocol allows a switch to learn information about all nodes on the LAN. The switch uses this
information to create the address-lookup tables, referred to as bridge tables, that it consults when forwarding traffic to (or
E

toward) a destination on the LAN.

US

When a switch first connects to an Ethernet LAN or VLAN, it has no information about other nodes on the network. Learning
is a process the switch uses to obtain the MAC addresses of all the nodes on the network. It stores these addresses in a
bridge table. To learn MAC addresses, the switch reads all frames that it detects on the LAN or on the local VLAN, looking for
MAC addresses of sending nodes. It places these addresses into its bridge table, along with two other pieces of information—
the interface (or port) on which the traffic was received and the time it learned the address.
AL

The switch uses the forwarding mechanism to deliver traffic, passing it from an incoming interface to an outgoing interface
that leads to (or toward) the destination. To forward frames, the switch consults the bridge table to determine whether the
table contains the MAC address corresponding to the destination of the frames. If the bridge table contains an entry for the
desired destination address, the switch sends the traffic out the interface associated with the MAC address. The switch also
RN

consults the bridge table in the same way when transmitting frames that originate on devices connected directly to the
switch.
Continued on the next page.
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–9

Junos Service Provider Switching
Bridging Mechanics (contd.)

RE
Flooding is a transparent mechanism used to deliver packets to unknown MAC addresses. If the bridging table has no entry
for a particular destination MAC address, or if the packet received is a broadcast or multicast packet, the switch floods the
traffic out all interfaces except the interface on which it was received. (If traffic originates on the switch, the switch floods
that traffic out all interfaces.) When the unknown destination host responds to traffic that has been flooded through a

A
switch, the switch learns the MAC address of that node and updates its bridge table with the source MAC address of the host
and ingress port.

SH
The filtering mechanism limits traffic to its associated network segment or VLAN. As the number of entries in the bridge table
grows, the switch pieces together an increasingly complete picture of the individual network segments—the picture clarifies
which nodes belong to which network. The switch uses this information to filter traffic. Filtering prevents the switch from
forwarding traffic from one network segment to another.

T
Finally, the switch uses aging to ensure that only active MAC address entries are in the bridge table. For each MAC address
in the bridge table, the switch records a timestamp of when it learned the information about the network node. Each time

NO
the switch detects traffic from a MAC address, it updates the timestamp. A timer on the switch periodically checks the
timestamp; if the timestamp is older than the global-mac-table-aging-time value (discussed later in this chapter),
the switch removes the node’s MAC address from the bridge table.

DO
—
LY
ON
E
US
AL
RN
TE
IN

Chapter 2–10 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

MAC Address Learning

The slide illustrates a basic view of the MAC address learning process. In this example, each switch port connects to a hub
and the individual hubs have multiple connected nodes. As each node sends traffic toward the other nodes on the bridged
E

LAN, the switch reviews that traffic and creates a MAC address table (a bridge table) based on the source address of the
sender along with the switch port on which it received the traffic. In this example, we see that the MAC addresses for A1 and
US

A2 are associated with port ge-0/0/0, whereas the MAC addresses for B1 and B2 are associated with port ge-0/0/1.
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–11

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Forwarding Known Unicast Frames: Part 1

In the example on the slide, A1 sends a frame to B2. The frame is repeated out all ports on the attached hub, which results
in frames traveling to both A2 as well as the switch shown in the middle of the illustration. A2 receives the frame and detects
E

that the destination MAC address does not match its own MAC address, at which time A2 discards the frame. The switch
receives the frame, checks the MAC address table for a matching entry, and forwards the frame out the associated port
US

based on the lookup results. Ultimately, B2 receives and processes the frame while B1 receives and discards the frame.
AL
RN
TE
IN

Chapter 2–12 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Forwarding Known Unicast Frames: Part 2

In this example, A1 sends a frame to A2. The attached hub receives the frame and sends it out all ports, which results in
duplicate frames sent to A2 as well as to the switch. A2 receives the frame and detects that the destination MAC address
E

matches its own MAC address, at which time A2 processes the frame. The switch receives the frame and checks the MAC
address table for a matching entry. The entry in the MAC address table shows the egress port, which, in this example, is the
US

same port on which the switch received the frame. Because the egress port in the MAC address table is the same port on
which the frame was received, the switch filters the frame.
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–13

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Flooding Frames
Flooding is used to learn a MAC address not recorded in the bridge table. This mechanism is also used when sending
broadcast and, in many cases, multicast frames. The example on the slide shows A1 sending a broadcast frame with a
E

destination MAC address of FFFF.FFFF.FFFF to the LAN. The attached hub sends the frame out all ports. The switch floods
the broadcast frame out all ports associated with the LAN, except for the port on which it received the frame. The slide shows
US

that, ultimately, all nodes on the LAN receive the frame.

AL
RN
TE
IN

Chapter 2–14 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Viewing the MAC Address Table

Use the show bridge mac-table command to view all entries within the MAC address table. This command generates
a list of learned MAC addresses along with the corresponding VLANs and interfaces. All entries are organized based on their
E

associated VLANs.
US
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–15

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Clearing MAC Address Table Entries

Use the clear bridge mac-table command to clear all entries within the MAC address table. Optionally, you can use
the interface option to clear only those MAC table entries learned through the specified interface. The following example
E

highlights the use of the interface option:

US

user@switch> show bridge mac-table

MAC flags (S -static MAC, D -dynamic MAC,
SE -Statistics enabled, NM -Non configured MAC)

Routing instance : default-switch

AL

Bridging domain : vlan_100, VLAN : 100

MAC MAC Logical
address flags interface
00:21:59:ab:8a:95 D ge-1/0/0.0
RN

00:21:59:ab:8a:99 D ge-1/0/3.0
...
Routing instance : default-switch
Bridging domain : vlan_200, VLAN : 200
MAC MAC Logical
TE

address flags interface

00:21:59:ab:8a:97 D ge-1/0/2.0
00:21:59:ab:8a:99 D ge-1/0/3.0
IN

Continued on the next page.

Chapter 2–16 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching
Clearing MAC Address Table Entries (contd.)

RE
user@switch> clear bridge mac-table interface ge-1/0/3.0

user@switch> show bridge mac-table

A
MAC flags (S -static MAC, D -dynamic MAC,
SE -Statistics enabled, NM -Non configured MAC)

SH
Routing instance : default-switch
Bridging domain : vlan_100, VLAN : 100
MAC MAC Logical
address flags interface

T
00:21:59:ab:8a:95 D ge-1/0/0.0

NO
MAC flags (S -static MAC, D -dynamic MAC,
SE -Statistics enabled, NM -Non configured MAC)

Routing instance : default-switch

DO
Bridging domain : vlan_200, VLAN : 200
MAC MAC Logical
address flags interface
00:21:59:ab:8a:97 D ge-1/0/2.0

—
LY
ON
E
US
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–17

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Configuring and Monitoring VLANs

The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN

Chapter 2–18 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

VLANs Defined
A VLAN is a collection of network nodes that are logically grouped together to form separate broadcast domains. A VLAN has
the same general attributes as a physical LAN, but it allows all nodes for a particular VLAN to be grouped together, regardless
E

of physical location. One advantage of using VLANs is design flexibility. VLANs allow grouping of individual users based on
business needs. You can establish and maintain connectivity within a VLAN through software configuration, which makes
US

VLANs such a dynamic and flexible option in today’s networking environments.

AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–19

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Switch Port Modes

Switch ports operate in either access mode or trunk mode.
E

An access port connects to network devices such as desktop computers, IP phones, printers, or file servers. Access ports
typically belong to a single VLAN and transmit and receive untagged Ethernet frames.
US

A trunk port typically connects to another switch or to a customer edge router. Interfaces configured for trunk mode handle
traffic for multiple VLANs, multiplexing the traffic for all configured VLANs over the same physical connection, and separating
the traffic by tagging it with the appropriate VLAN ID. Trunk ports can also carry untagged traffic when configured with the
native-vlan-id statement. Furthermore, trunk ports send control traffic untagged.
AL
RN
TE
IN

Chapter 2–20 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

802.1Q—Ethernet Frame
To consistently associate traffic with a particular VLAN, the individual frames must be tagged as they pass throughout a
network. The slide illustrates an 802.1Q-tagged Ethernet frame along with the key components of the tag:
E

• Tag Protocol Identifier (TPID);

US

• Priority;
• Canonical Format Indicator (CFI); and
• Unique VLAN identifier (VID).
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–21

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

802.1Q Trunk Links

A trunk is a single Ethernet link used to carry traffic for multiple VLANs. A trunk link typically interconnects multiple switches
or a switch with a customer edge router. As shown on the slide, interfaces configured as trunk ports handle traffic for
E

multiple VLANs, multiplexing the traffic for all configured VLANs over a single physical connection rather than using separate
physical links for each configured VLAN.
US
AL
RN
TE
IN

Chapter 2–22 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Define a Bridge Domain

To allow an MX Series 3D Ethernet Universal Edge Router to act as a switch and build a MAC address table, you must first
specify the particular VLAN IDs that it will use for the purpose of switching. To do so, specify the appropriate VLAN ID as part
E

of a named bridge domain. This method requires that you configure each VLAN as part of a single bridge domain. On a
subsequent slide, we cover how we can specify several VLANs within a single bridge domain using the vlan-id-list
US

statement.
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–23

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Assign an Interface to a Bridge Domain

To allow an interface to act as an access port for a particular VLAN, you must specify its interface mode as access and you
must specify the VLAN to which it belongs. For access ports, you must use 0 as the unit number.
E
US
AL
RN
TE
IN

Chapter 2–24 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

802.1Q Trunk Configuration Example

The slide illustrates an 802.1Q trunk configuration example. In this case, the interface is configured as a trunk port and is
associate with the vlan_100 and vlan_200 bridge domains. The partnering switch would have a similar configuration for
E

the interface functioning as a trunk.

US

The slide also illustrates the usage of the native-vlan-id statement. This configuration statement does two things.
First, if interface ge-1/0/3 receives any untagged frames, it associates those frames to VLAN 100. Second, if interface ge-1/
0/3 transmits any outgoing frames that associate with VLAN 100, they transmit as untagged frames.
Notice the vlan-id-list statement. It specifies the VLANs to which the interface will be a member. The following
statements are examples of how you can use the vlan-id-list statement:
AL

• vlan-id-list [100]: VLAN 100 only;

• vlan-id-list [100-200]: All VLANs between 100 and 200, inclusive;
RN

• vlan-id-list [100-109 111-200]: All VLANs between 100 and 200, except VLAN 110; or
• vlan-id-list [100-109 111 113-200]: All VLANs between 100 and 200, except VLAN 110 and 112.
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–25

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Dealing with Many VLANs

As opposed to configuring individual bridge domains for each VLAN used for switching, the Junos operating system allows for
the configuration of many VLANs within a single bridge domain. The slide shows that instead of using the vlan-id
E

statement, you would use the vlan-id-list statement. The usage of this statement is similar to the usage described on
the previous page. When using the vlan-id-list statement, the switch automatically configures the appropriate bridge
US

domains, which have names that take the form prefix-vlan-number, where the prefix is the configured bridge
domain name.
AL
RN
TE
IN

Chapter 2–26 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Monitoring VLAN Assignments

The slide shows some key commands used to monitor VLAN assignments. In this example, the 
ge-1/0/3 interface belongs to the bridge domain named vlan_100, which has an 802.1Q tag of 100. Because this
E

interface is configured as an access port, it receives and transmits only untagged frames. If a trunk port were also
configured to pass traffic for the vlan_100 bridge domain, it would add and remove the 802.1Q tag value of 100 for all
US

traffic for the vlan_100 bridge domain. We look at a trunk port configuration and monitoring example next.
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–27

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Monitoring 802.1Q Trunks: Part 1

The show interfaces command shows that the ge-1/0/3 interface is configured for trunk mode, meaning it will transmit
VLAN tags.
E
US
AL
RN
TE
IN

Chapter 2–28 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Monitoring 802.1Q Trunks: Part 2

The show bridge domain command shows the interfaces and their VLAN assignments.
E
US
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–29

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Monitor Bridge Statistics

The show bridge statistics command displays traffic statistics and MAC count information related to each logical
interface of the switch.
E
US
AL
RN
TE
IN

Chapter 2–30 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Automating VLAN Administration

The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–31

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Test Your Knowledge: Part 1

This slide and the next are designed to test your understanding of basic bridging operations in an environment with multiple
VLANs. As the slide indicates, all switches are configured to support all VLANs on their respective trunk ports (the ports
E

interconnecting the switches). Because of this configuration, all broadcast and unknown unicast traffic sourced and
destined within a given VLAN should be flooded throughout the entire Layer 2 network passing through all access and
US

distribution switches.
AL
RN
TE
IN

Chapter 2–32 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Test Your Knowledge: Part 2

The scenario illustrated in this slide builds on the details covered on the previous slide. In this example, the end-user device
named Host-I, which is connected to the AS-3 switch, is no longer active (meaning that AS-3 no longer has any active access
E

ports for VLAN 10). Even though AS-3 no longer has active end-user devices participating in VLAN 10, it still receives all
broadcast and unknown unicast traffic associated with VLAN 10 because of the current configurations on the connected
US

switches.
In order to stop this unwanted traffic from being flooded on to AS-3, you must modify the configurations on the connected
distribution switches (DS-1 and DS-2) so that their trunk ports, which connect to AS-3, no longer service VLAN 10.
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–33

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Introducing MVRP
To simplify VLAN management, you can enable MVRP on your EX Series Ethernet Switches. MVRP dynamically manages
VLAN registration in a LAN. MVRP helps reduce administration and network overhead by dynamically pruning VLAN
E

information when a switch no longer has active access ports for a configured VLAN. In addition to the pruning functionality,
MVRP can also be used to dynamically create VLANs in switching networks.
US

MVRP is an application protocol of the Multiple Registration Protocol (MRP) and is defined in the IEEE 802.1ak standard.
MRP and MVRP were designed by IEEE to perform the same functions as Generic Attribute Registration Protocol (GARP) and
GARP VLAN Registration Protocol (GVRP). MRP and MVRP overcome some GARP and GVRP limitations, in particular
limitations involving bandwidth usage and convergence time in large networks with large numbers of VLANs.
AL

MVRP was created by IEEE as a replacement application for GVRP. MX Series switches support MVRP. We do not cover GVRP
in this course.
RN
TE
IN

Chapter 2–34 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Exchanging VLAN Membership Information

MVRP uses protocol data units (PDUs) to send VLAN registration information which includes the current VLAN membership
details of the sending switch. The VLAN membership information is used to communicate which switches are members of
E

which VLANs and which switch interfaces are in which VLAN. MVRP shares all information in the PDU with all switches
participating in MVRP in the switching network.
US

MVRP stays synchronized using these PDUs. The MVRP PDUs are sent to other switches on the network only when an MVRP
state change occurs. Switches participating in MVRP receive these PDUs during state changes and update their MVRP states
accordingly. MVRP timers dictate when PDUs can be sent and when switches receiving MVRP PDUs can update their MVRP
information.
AL

MVRP registration and updates are controlled by timers that are part of the MRP protocol. These timers are set on a
per-interface basis and define when MVRP PDUs can be sent and when MVRP information can be updated on a switch. The
following timers are used to control MVRP operations:
RN

• Join: Controls the interval for the next MVRP PDU transmit opportunity.
• Leave: Controls the period of time that an interface on the switch waits in the Leave state before changing to
the unregistered state.
• LeaveAll: Controls the frequency with which the interface generates LeaveAll messages.
TE

Continued on the next page.

IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–35

Junos Service Provider Switching
Exchanging VLAN Membership Information (contd.)

RE
VLAN information is distributed as part of the MVRP message exchange process and can be used to dynamically create
VLANs, which are VLANs created on one switch and propagated to other switches as part of the MVRP message exchange
process. Dynamic VLAN creation using MVRP is enabled by default but can be disabled.
MVRP uses MRP messages to register and declare MVRP states for a switch and to inform the switching network of state

A
changes. These messages are included in the PDUs and communicate state information to the other switches in the
network. The following messages are communicated for MVRP:

SH
• Empty: VLAN information is not being declared and is not registered.
• In: VLAN information is not being declared but is registered.
• JoinEmpty: VLAN information is being declared but not registered.

T
• JoinIn: VLAN information is being declared and is registered.

NO
• Leave: VLAN information that was previously registered is being withdrawn.
• LeaveAll: All registrations will be de-registered. Participants that want to participate in MVRP must
re-register.
• New: VLAN information is new and possibly not previously registered.

DO
To ensure VLAN membership information is current, MVRP uses the MRP messages to remove switches and interfaces that
are no longer available from the VLAN information. Pruning VLAN information limits the network VLAN configuration to active
participants only, reducing network overhead. Pruning VLAN information also targets the scope of broadcast, unicast with
unknown destination, and multicast (BUM) traffic to interested devices only.
MVRP is disabled by default on all MX Series devices. You can configure MVRP on MX Series device interfaces to participate
—
in MVRP for the switching network. MVRP can only be enabled on trunk interfaces, and dynamic VLAN configuration through
MVRP is enabled by default when MVRP is enabled. We cover MVRP configuration on a subsequent slide. Note that MVRP
does not support all spanning tree protocols. Currently, MVRP does not support the VLAN Spanning Tree Protocol (VSTP).
LY
ON
E
US
AL
RN
TE
IN

Chapter 2–36 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

A Starting Point
When implementing MVRP, you should ensure that all required VLANs are configured on the access switches and that the
access ports are associated with their respective VLANs. We illustrate a basic starting point configuration for the AS-1 switch
E

on the slide. Note that the sample configuration is trimmed for brevity and that the AS-2 switch requires a similar
configuration.
US

Also worth noting is that none of the trunk ports, on any of the participating switches, should be associated with the
configured VLANs. The trunk ports must still be configured under the 
[edit interfaces] hierarchy level as trunk ports, but they will not be manually associated with VLANs. MVRP will make
the needed associations once it is enabled.
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–37

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Enabling MVRP
This slide illustrates the required configuration used to enable MVRP. Note that MVRP is only enabled on the trunk ports of
all participating switches. Once MVRP is enabled, dynamic VLAN configuration information will be shared and created on
E

participating switches. You can disable dynamic VLAN configuration using the following no-dynamic-vlan statement:
US

[edit protocols]
user@AS-1# show
mvrp {
no-dynamic-vlan;
interface ge-0/0/14.0;
AL

}
Continued on the next page.
RN
TE
IN

Chapter 2–38 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching
Enabling MVRP (contd.)

RE
Remember that MVRP registration and updates are controlled by timers, which are part of MRP. These timers are set on a
per-interface basis and define when MVRP PDUs can be sent and when MVRP information can be updated. If needed, you
can adjust the timers as shown here:

A
[edit protocols]
user@AS-1# set mvrp interface ge-0/0/14 ?

SH
Possible completions:
<[Enter]> Execute this command
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
join-timer Join timer interval (100..500 milliseconds)
leave-timer Leave timer interval (300..1000 milliseconds)

T
leaveall-timer Leaveall timer interval (10..60 seconds)

NO
point-to-point Port is point to point
registration Registration mode
| Pipe through a command
The default MVRP timer values are 200 ms for the join timer, 800 ms for the leave timer, and 10,000 ms for the leaveall
timer. Unless there is a compelling reason to make a change, we recommend you use the default timer settings. Modifying
timers to inappropriate values might cause an imbalance in MVRP operations.

DO
—
LY
ON
E
US
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–39

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Monitoring MVRP: Part 1

This slide and the two that follow highlight some key monitoring commands used when verifying MVRP operations. This slide
illustrates the use of the show mvrp command, which is used to monitor MVRP status along with message and timer
E

information on a per-interface basis.

US
AL
RN
TE
IN

Chapter 2–40 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Monitoring MVRP: Part 2

This slide illustrates the show mvrp dynamic-vlan-memberships command, which is used to view dynamic VLAN
membership information.
E
US
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–41

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Monitoring MVRP: Part 3

This slide illustrates the show mvrp statistics command, which is used to view MVRP statistics on a per-interface
basis.
E
US
AL
RN
TE
IN

Chapter 2–42 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Configuring and Monitoring IRB

The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–43

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

IRB Allows for Bridging and Routing

If you use a Layer 2-only Ethernet switch (no Layer 3 functionality), then you must add a separate router to your environment
to provide routing between the subnets shown on the slide. However, an MX Series router can act as both a Layer 2 Ethernet
E

switch and a router at the same time. An integrated routing and bridging (IRB) interface is a logical Layer 3 interface used as
an IP gateway for a VLAN. The following slides provide configuration and monitoring examples for an IRB interface.
US
AL
RN
TE
IN

Chapter 2–44 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

IRB Configuration Example

The slide provides a configuration example for an IRB interface. In this example, the switch performs a Layer 3 lookup when
it receives traffic with a destination MAC address that matches its own MAC address. For the switch to perform this routing
E

operation, the attached devices must have configured gateway addresses that match the IP address associated with the
corresponding IRB interface.
US
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–45

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Monitoring IRB
The slide lists a key command used to monitor an IRB interface, and shows the output from the show interfaces
terse command. This command shows the state and IP address information for an IRB interface. As indicated on the slide,
E

at least one active port must associate with the bridge domain for the IRB interface to be administratively up.
US
AL
RN
TE
IN

Chapter 2–46 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Verifying Routing
As with any router, when you configure an IP address for an interface on that router, routes are automatically added to the
routing table. In the Junos OS, for each configured IP interface, two routes are added to the routing table. One route is a host
E

route (32-bit mask) that is used to forward traffic to the Routing Engine (RE) when locally destined packets arrive. The other
route is a route to the network subnet to which that interface belongs. This route allows the router to route packets to other
US

hosts on that same subnet. The slide shows that four routes were added to the inet.0 table as a result of configuring two IRB
interfaces.
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–47

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Layer 2 Address Learning and Forwarding

The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN

Chapter 2–48 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

MAC Address Learning and Forwarding

As we discussed previously in this chapter, a switch learns MAC addresses from incoming frames as well as from the flooding
process. The Junos OS allows you to override the default MAC learning behavior. The slide lists the things that you can
E

change as well as where the changes can apply to a switch. The following list provides configurable values for each of the
MAC learning properties:
US

• MAC timeout interval: 10s–1,000,000s (300s is the default);

• MAC statistics: Can be enabled (disabled by default);
• Global MAC limit: 20–1,048,575 (393215 is the default);
AL

• Switch MAC limit: 16–1,048,575 (5120 is the default);

• Bridge domain MAC limit: 16–1,048,575 (5120 is the default); and
• Interface MAC limit: 1–131,071 (1024 is the default).
RN

To view MAC statistics once you enable the feature, issue the show bridge mac-table extensive command.
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–49

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Global Level Settings

Global level settings apply to all virtual switches (discussed in a later chapter) and all bridge domains.
E

Switch Level Settings

US

Switch level settings apply to all bridge domains associated with a virtual switch.
AL
RN
TE
IN

Chapter 2–50 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Bridge Domain Level Settings

Settings at this level affect all interfaces associated with the bridge domain.
E

Interface Level
US

Settings at this level affect only the interface specified in the configuration.
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–51

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Layer 2 Learning Example

The example on the slide shows that the MAC table size limit for the bridge domain changed from the default of 5120 to
4000. By default, when the bridge domain MAC learning limit is reached, the device does not learn any more MAC addresses
E

but still forwards or floods traffic in the case of unknown destinations. The slide shows that this default behavior was
overridden so that Ethernet frames with unknown destinations will drop when the configured limit is reached.
US
AL
RN
TE
IN

Chapter 2–52 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Layer 2 Learning and Forwarding Status

The slide shows some of the commands that you can use to view the Layer 2 learning and forwarding status for the switch.
E
US
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–53

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Layer 2 Firewall Filtering

The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN

Chapter 2–54 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Actions
You can use filters to control the frames destined to the RE as well as control frames passing through the router.
E

Accept or Discard
US

You can define input filters that affect only inbound traffic and output filters that affect only outbound traffic. Filters can
accept or discard frames based on the contents of the frame’s address fields, protocol type, VLAN ID, or even the 802.1p bit
field in the frame header.
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–55

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Syntax
A Junos OS filter consists of one or more named terms, similar to a policy statement. Each term has a set of match
conditions preceded by the keyword from, and a set of actions or action modifiers preceded by the keyword then.
E

Hierarchy Level
US

Layer 2 firewall filters are defined under the [edit firewall family bridge] section of the configuration hierarchy.

One or More Terms

AL

Firewall filter terms (at least one term is necessary) are processed sequentially. If no from condition is present, then all
frames match. If no frames match any term, the default action is to discard the frame silently! Take care to ensure that
wanted frames are not discarded. Use the command-line interface (CLI) insert, copy, and rename functions to assist in
the management of your multiterm firewall filters.
RN

Actions and Modifiers

A filter can accept a frame for normal forwarding or discard a frame silently. You can modify these actions by applying a
modifier. For example, you can apply the count modifier to increment a counter. We discuss other modifiers on the following
TE

slides.
IN

Chapter 2–56 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Applying Layer 2 Firewall Filters

Once you configure a firewall filter, you must apply it to one or more interfaces. You can accomplish this task in several
different ways. The easiest way to apply a firewall filter to an individual Layer 2 interface is to specify the filter as an input or
E

output filter at the [edit interface interface interface-name unit number family bridge filter]
level of the configuration hierarchy. To apply a filter to all interfaces that belong to a particular bridge domain, you can apply
US

a firewall filter at the [edit bridge-domain name forwarding-options filter] level of the configuration
hierarchy. If firewall filters are applied as input filters to both the interface and bridge-domain levels, the Junos OS logically
concatenates the bridge- domain-level filter to the end of the interface-level filter.
Note that you cannot use bridge-domain-level filters when the vlan-id-list statement was used to create the bridge
AL

domain.
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–57

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Single Terms
When a firewall filter consists of a single term, the filter is evaluated as follows: if the frame matches all the conditions, the
device takes the action in the then statement; if the frame does not match all the conditions, the device discards it.
E

Multiple Terms
US

When a firewall filter consists of more than one term, the filter is evaluated sequentially. First, the frame is evaluated against
the conditions in the from statement in the first term. If the frame matches, the device takes the action in the then
statement. If it does not match, it is evaluated against the conditions in the from statement in the second term. This
process continues until either the frame matches the from condition in one of the subsequent terms or until no more terms
AL

remain.
If a frame passes through all the terms in the filter without matching any of them, the device discards it.
If a term does not contain a from statement, the frame is considered to match, and the device takes the action in the term’s
RN

then statement.
If a term does not contain a then statement, or if you do not configure an action in the then statement (that is, the frame
is just counted), and if the frame matches the conditions in the term’s from statement, the device accepts the frame.
TE

Filter Lists
Instead of applying a single filter to an interface using filter input or filter output, you can apply a list of up to 16 filters. You
perform this action with the input-list and output-list keywords.
IN

Chapter 2–58 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Match Conditions: Part 1

The slide shows some of the many match conditions that you can use in a Layer 2 firewall filter.
E
US
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–59

Junos Service Provider Switching

ARE
SH
T
NO
DO
—
LY
ON

Match Conditions: Part 2

The slide shows some of the many match conditions that you can use in a Layer 2 firewall filter.
E
US
AL
RN
TE
IN

Chapter 2–60 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Match Actions
accept and discard are the actions that you can apply to a frame. However, you can apply modifiers to the frames as
well:
E

• count: This modifier counts the number of matches that occur to a named counter. See the current totals by
US

issuing the show firewall command.

• forwarding-class: This modifier is used for multifield classification for class of service (CoS). Essentially,
this setting specifies the queue in which this frame should be placed.
• loss-priority: This modifier allows you to change the packet loss priority bit of the IP packet in the payload
AL

of the Ethernet frame.

• next: This modifier allows the frame to be evaluated by the next term in the filter.
• next-hop-group: This modifier specifies which next-hop group will be applied.
RN

• policer: This modifier applies a rate-limiting policer to the matching frames.

port-mirror: This modifier allows copies of the frame to be sent to an outbound interface for analysis. The original frame
forwards as normal.
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–61

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Example Filter
• The slide shows an example of configuring, applying, and viewing the effects of a firewall filter named
myFilterName. To clear the counters, use the clear firewall command.
E
US
AL
RN
TE
IN

Chapter 2–62 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

We Discussed:
• The functions of an Ethernet LAN;
E

• Learning and forwarding in a bridging environment;

• Implementation of VLAN tagging;
US

• Automation of VLAN administration through MVRP;

• Implementation of IRB;
• Implementation of Layer 2 address learning and forwarding; and
AL

• Implementation of Layer 2 firewall filters.

RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–63

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Review Questions
1.
E

2.
US

3.
AL

4.
RN
TE
IN

Chapter 2–64 • Ethernet Switching and Virtual LANs www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Ethernet Switching and VLANs Lab

The slide provides the objectives for this lab.
E
US
AL
RN
TE
IN

www.juniper.net Ethernet Switching and Virtual LANs • Chapter 2–65

Junos Service Provider Switching
Answers to Review Questions

RE
1.
A bridge domain allows you to specify which VLANs will be used for Layer 2 switching.
2.

A
A bridge generally forwards multicast frames out of every interface except for the one from which they were received.

SH
3.
A IRB interface eliminates the need for an external router to route between VLANs. It acts as an IP gateway for the hosts attached to a
VLAN.
4.

T
The match condition used in a Layer 2 firewall filter to match on 802.1p priority bits is learn-vlan-1p-priority.

NO
DO
—
LY
ON
E
US
AL
RN
TE
IN

Chapter 2–66 • Ethernet Switching and Virtual LANs www.juniper.net

 A RE
SH
Junos Service Provider Switching

T
NO
Chapter 3: Virtual Switches

DO
—
LY
ON
E
US
AL
RN
TE
IN
Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

We Will Discuss:
• The use of a routing instance;
E

• The function of a virtual router;

• The function of a virtual switch;
US

• Implementation of a virtual switch;

• Interconnection of local routing instances; and
• The use of logical systems.
AL
RN
TE
IN

Chapter 3–2 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Routing Instances Overview

The slide lists the topics we will discuss. We discuss the highlighted topic first.
E
US
AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–3

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Routing Instance Types

The Junos operating system provides several different routing-instance types with which to work. In this course we work with
two types of routing-instances: virtual-router and virtual-switch. Essentially, these two routing-instance types
E

allow your single chassis to appear as either more than one router or more than one switch, respectively. Each virtual router
acts as a standalone router. For example, each virtual router has its own routing table, routing protocols, interfaces, and just
US

about everything that encompasses the typical things that comprise a router. Similarly, each configured virtual switch has its
own MAC tables, virtual LAN (VLAN) ID space, bridge domains, spanning-tree domains, and so forth. A Juniper Networks MX
Series 3D Universal Edge Router uses two default routing instances. For routing, it uses the default virtual router (inet.0 is
its routing table). For switching, it uses the default-switch virtual switch.
AL
RN
TE
IN

Chapter 3–4 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Routing Instance and Interface Default Relationship

The slide shows a very simplistic view of the default relationship of interfaces to the routing and MAC tables of an MX Series
router. Keep in mind that we have left out discussion of the Packet Forwarding Engine (PFE) and the associated forwarding
E

tables. When troubleshooting virtual routers and switches, you generally can spend your time focused on the Routing
Engine’s (RE’s) copy of the routing and MAC tables, while trusting that equivalent copies appear as forwarding tables in the
US

PFEs of your switch. To view the PFE forwarding tables, both for routing and switching, use the show route
forwarding-table command.
In a routing-only environment, configured interfaces and their associated local and direct routes appear in the default virtual
router’s routing table, inet.0. In a mixed Layer 2 and Layer 3 environment, Layer 3 interfaces continue to work as
AL

described, whereas Layer 2 interfaces, having been associated with a bridge domain at the [edit bridge-domains]
hierarchy, associate with the default virtual switch’s MAC tables. Because IRB interfaces are Layer 3 interfaces, their
associated local and direct routes appear in inet.0 as well.
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–5

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Assign Interfaces to a Virtual Router

By default, once you configure an interface with properties at the [edit interfaces interface-name unit
number family inet] level of the hierarchy, that interface’s local and direct routes are placed in the inet.0 routing
E

table. To override that behavior, you simply list the interface at the [edit routing-instances instance-name]
level of the hierarchy. The local and direct routes now appear in the instance-name.inet.0 routing table (the virtual
US

router’s routing table.)

AL
RN
TE
IN

Chapter 3–6 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Virtual Switch
The slide shows the routing and MAC table relationships when using virtual switches. Each virtual switch, including the
default switch, has interfaces assigned for bridging. Also, you can configure integrated routing and bridging (IRB) interfaces
E

for each virtual switch. The local and direct routes for all IRB interfaces in all virtual switches are placed in inet.0, by
default. However, you can also place them in a virtual router’s routing table by listing the IRB interfaces at the [edit
US

routing-instances instance-name] level of the hierarchy. The following slides cover the process of configuring a
virtual switch.
AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–7

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Configuring and Monitoring Virtual Switches

The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN

Chapter 3–8 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Virtual-Switch Routing Instance

The configuration on the slide creates a virtual-sw-1 routing instance and allows for VLAN IDs 100 and 200 to be used
for the purpose of Layer 2 switching. MAC tables for these new bridge domains will not be used for learning and forwarding
E

until you assign at least one interface to the virtual switch.

US
AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–9

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Virtual-Switch Access Port

You configure the interface properties for an access port using the exact same process as when defining it for the default
switch. In fact, if you were to commit the configuration, the ge-1/0/5.0 interface would be placed in the default switch. Be
E

careful not to commit the configuration as it stands, because you might introduce a loop into your switched network. One of
the following slides shows how to place the interface in the virtual switch. We highly recommend that you perform that step
US

before committing the configuration.

AL
RN
TE
IN

Chapter 3–10 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Configure a Trunk Port

You configure the interface properties for a trunk port using the exact same process as when defining it for the default
switch. In fact, if you were to commit the configuration on the slide, the ge-1/1/4.0 interface would be placed in the default
E

switch. Be careful not to commit the configuration as it stands, because you might introduce a loop into your switched
network. One of the following slides shows how to place the interface in the virtual switch. We highly recommended that you
US

perform that step before committing the configuration.

AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–11

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Configure an IRB Interface

You configure the interface properties for an IRB interface using the exact same process as when defining it for the default
switch. In fact, if you were to commit the configuration on the slide, the irb.1 interface would be placed in the default
E

switch. Be careful not to commit the configuration as it stands, because you might introduce a loop into your switched
network. The following slide shows how to place the interface in the virtual switch. We recommended that you perform that
US

step before committing the configuration.

AL
RN
TE
IN

Chapter 3–12 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Add the Interfaces to the Virtual Switch

After configuring the access and trunk ports as shown on the previous slides, you simply need to list the interface at the
[edit routing-instances instance-name] level of the hierarchy. The irb.1 interface should be listed as the
E

routing-interface for the appropriate bridge domain.

US
AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–13

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Verify Settings
Looking at the output on the slide, you can see that the ge-1/1/4.0 interface is now bound to the virtual-sw-1
routing instance and the bridge domains vlan_100 and vlan_200. Also, ge-1/0/5.0 is bound to the appropriate
E

routing instance and bridge domain.

US
AL
RN
TE
IN

Chapter 3–14 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

IRB Routes
The local and direct routes that associate with the IRB interface should be in the inet.0 table. Use the show route
command to verify that the routes were added properly.
E
US
AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–15

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Interconnecting Routing Instances

The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN

Chapter 3–16 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Supported Methods of Interconnecting Routing Instances

As mentioned previously, to the outside world virtual routers and virtual switches appear as individual routers and switches.
At some point you might want to interconnect the virtual routers and virtual switches that are local to a single chassis. For
E

virtual routers, you can accomplish this task using either a logical tunnel interface or by looping two interfaces together with
a single cable. For virtual switches, this process works only using the external cable method. The reason why spanning tree
US

protocols do not function properly between virtual switches is because all virtual switches use the same MAC address as
part of their bridge ID in the bridge protocol data units (BPDUs). Unfortunately, you cannot change a virtual switch’s MAC
address.
AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–17

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Tunnel Services
Anytime you need to use layer tunneling, you must enable tunnel services on the MX Series router. For example, you must
enable tunnel services for a generic routing encapsulation (GRE) tunnel, an IP over IP (IP-IP) tunnel, Physical Interface
E

Module (PIM) encapsulation or decapsulation of register messages, and for our case, using logical tunnel interfaces. Each
Dense Port Concentrator (DPC) on a switch has either 40 Gigabit Ethernet ports (10 ports per PFE) or 4 10-Gigabit Ethernet
US

ports (1 port per PFE.) Each PFE on an MX Series DPC can provide tunneling services but you must enable it. The slide shows
how to enable tunnel services on the first PFE (serving ge-1/0/0 through ge-1/0/9) on the 40 1-Gigabit Ethernet DPC in slot
number 1. Once you enable this feature, you will notice that you have several tunnel type interfaces that become available
for your use. Notice that the tunnel interfaces use the logical PIC port number of 10 (normally PIC port numbers stop at 9.)
When enabling tunnel services on a PFE of a 4-port 10 Gigabit Ethernet DPC, the Ethernet interface for that PFE is removed
AL

from service and is no longer visible in the command-line interface (CLI).

RN
TE
IN

Chapter 3–18 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Configure and Assign Logical Tunnel Interfaces

You configure the logical tunnel interfaces similar to how you would for any other Layer 3 interface. You configure each
logical tunnel Layer 3 interface as a logical unit. To map one logical unit to another, use the peer-unit statement. By
E

default, logical tunnel interfaces are placed in the default virtual router. To place a logical tunnel interface in a virtual router,
specify the logical tunnel interface at the [edit routing instance instance-name] level of the hierarchy.
US
AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–19

Junos Service Provider Switching

RE
A
SH
T
NO
DO
—
LY
ON

Configure and Assign Physical Interfaces

The slide shows how to configure and assign Layer 2 interfaces to virtual switches.
E
US
AL
RN
TE
IN

Chapter 3–20 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Verify Settings
Looking at the output on the slide, you can see that the ge-1/1/4.0 interface is now bound to the virtual-sw-1
routing instance and the bridge domains vlan_100 and vlan_200, whereas ge-1/0/4.0 belongs to the default switch.
E
US
AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–21

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Logical Systems
The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN

Chapter 3–22 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Logical Systems
In addition to routing instances, logical systems (LSYSs) provide another method by which to partition a device. LSYSs differ
from routing instances in that each LSYS has its own discrete administrative domain, logical interfaces, routing instances,
E

security policies, and other routing and security features. As shown on the right side of the slide, a set of logical systems
within a single router can handle the functions previously performed by several small routers.
US
AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–23

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

LSYS Abilities and Limitations

There are several abilities and limitations to keep in mind when working with logical systems. These include, but are not
limited to:
E

• A maximum of 15 logical systems can be configured.

US

[edit logical-systems lsys-16]

user@switch# commit
error: Cannot configure more than 15 logical systems
error: configuration check-out failed
AL

• Logical systems offer routing and management separation. That is, each logical system contains its own routing
tables and can contain routing instances of its own. Furthermore, management separation means multiple user
access can be configured.
RN

• Supported protocols include, but are not limited to: Open Shortest Path First (OSPF), Intermediate
System-to-Intermediate System (IS-IS), Routing Information Protocol (RIP), RIP next generation (RIPng), Border
Gateway Protocol (BGP), static routes, Internet Protocol version 4 (IPv4) and version 6 (IPv6) are supported at
the [edit logical-systems logical-system-name protocols] hierarchy level.
TE

• Some High Availability (HA) features are not supported: Non-stop routing (NSR), non-stop bridging (NSB), and
unified in-service software upgrade (ISSU). However, graceful restart is supported at the [edit
logical-systems logical-system-name routing-options] hierarchy level.
IN

Chapter 3–24 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

LSYS Configuration: Acess Port

You configure access port interfaces for logical systems much like . That is, simply add the interface under the [edit
logical-systems logical-system-name] hierarchy. However, interface properties such as MAC address or
E

encapsulation types, for a given interface, are configured within the main [edit interfaces interface-name]
hierarchy level.
US

In the example, interface ge-1/0/5 has been added to the lsys-1 logical system with a static MAC address configured.
Note that the static MAC address was configured on the interface at the [edit interfaces ge-1/0/5] hierarchy level
and not at the [edit logical-systems lsys-1 interfaces ge-1/0/5] hierarchy level.
AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–25

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

LSYS Configuration: Trunk Port

Logical system trunk ports are configured using the same methods as with access ports. That is, define the interface
properties at the [edit interfaces interface-name] hierarchy and then configure the interface at the [edit
E

logical-systems logical-system-name interfaces] hierarchy level.

US
AL
RN
TE
IN

Chapter 3–26 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

LSYS Configuration: Bridge Domains

Bridge domains are configured under the [edit logical-systems logical-system-name] hierarchy level. You
can use the show bridge domain logical-system logical-system-name command to view the bridge
E

domains. In the slide example, note the routing instance name of Default even though we’ve specified the lsys-2 logical
system. This demonstrates the wholly separate partitioning that logical systems achieve versus that of routing instances.
US
AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–27

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

LSYS Interconnection Methods

Logical systems can be interconnected using the same methods as routing instance:
E

• Logical tunnel interfaces

• Physically looped interfaces
US

The slide shows a basic configuration using looped interfaces to configure a trunk between two logical systems. Note the use
of the show bridge domain logical-systems all command to view bridge domain information for all configured
logical systems.
AL
RN
TE
IN

Chapter 3–28 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

LSYS Administration: Part 1

One of the differences between logical systems and routing instances is you can “log” into a logical system. There are two
methods by which you can accomplish this:
E

• From the CLI using the set cli logical-system logical-system-name command.
US

• Configuring a login class to log directly into a logical system.

Once you are logged into a particular logical system, you can configure the router as you would a normal router. That is, you
do not have to specify any logical system. As far as the Junos OS is concerned, you are logged into a separate router. For
instance, to configure a protocol such as OSPF, you would simply type edit protocols ospf and not edit
AL

logical-systems logical-system-name protocols ospf. If, after setting the CLI to a particular logical system,
you want to return to the main context, use the clear cli logical-system command.
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–29

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

LSYS Administration: Part 2

The master administrator of the device can assign one or more users to each logical system. Logical users are confined to
the context of the logical system to which they are assigned. This means that logical users cannot access any global
E

configuration statements. This also means that command output is restricted to the context to which the logical users are
assigned.
US

Configuring a user account for each logical system helps in navigating the CLI. This enables you to log in to each logical
system and be positioned within the root of that logical system as if you were in the root of a physical router. Note that if you
access a logical system using this direct-login method, you cannot clear out of it as shown on the previous slide. As
mentioned previously, as far as the Junos OS is concerned, you are logged into a separate router and must log out of it as
AL

you would normally do.

RN
TE
IN

Chapter 3–30 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

We Discussed:
• The use of a routing instance;
E

• The function of a virtual router;

• The function of a virtual switch;
US

• Implementation of a virtual switch;

• Interconnection of local routing instances; and
• The use of logical systems.
AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–31

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Review Questions
1.
E

2.
US

3.
AL
RN
TE
IN

Chapter 3–32 • Virtual Switches www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Virtual Switches Lab

The slide provides the objectives for this lab.
E
US
AL
RN
TE
IN

www.juniper.net Virtual Switches • Chapter 3–33

Junos Service Provider Switching
Answers to Review Questions

RE
1.
For multiple routers, you can configure virtual-router routing instances. For multiple switches, you can configure virtual-switch routing
instances.

A
2.
You must list the interface at the [edit routing-instances vs1] level of the hierarchy to ensure that it appears as part of

SH
the vs1 virtual switch.
3.
By default, you can find the routes associated with IRB interfaces in the inet.0 routing table.

T
NO
DO
—
LY
ON
E
US
AL
RN
TE
IN

Chapter 3–34 • Virtual Switches www.juniper.net

 RE
A
SH
Junos Service Provider Switching

T
NO
Chapter 4: Provider Bridging

DO
—
LY
ON
E
US
AL
RN
TE
IN
Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

We Will Discuss:
• Institute of Electrical and Electronics Engineers (IEEE) virtual LAN (VLAN) stacking models;
E

• The components of provider bridging; and

• Configuration of provider bridging.
US
AL
RN
TE
IN

Chapter 4–2 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Expanding the Bridged Network

The slide lists the topics we will discuss. We discuss the highlighted topic first.
E
US
AL
RN
TE
IN

www.juniper.net Provider Bridging • Chapter 4–3

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Scaling Customer Bridged Networks

IEEE 802.1Q VLAN tagging makes it possible for a customer’s bridged network to scale. Instead of needing to add more
bridging equipment to a growing network, VLAN tagging allows for the logical separation of a bridged network into many
E

broadcast domains (or VLANs). With a 12-bit length VLAN ID, 4094 VLANs are available for use on a single physical Ethernet
network.
US

Ethernet from Service Providers

Because of its simple nature, service provider customers generally understand Ethernet. For a long time, service providers
have searched for ways to deliver Ethernet Virtual Circuits (EVCs) to the customer premises. To a customer, an EVC between
AL

two sites should appear as a simple Ethernet link or VLAN through the service provider’s network. IEEE 802.1Q VLAN tagging
does not provide the scalability (in the service provider network) for a service provider to deliver that type of service.
From the service provider’s point of view, the following is a list of some of the scaling issues that might arise:
RN

• Because only one VLAN tag field exists in an 802.1Q frame, customers and the service provider need to
coordinate the use of VLAN ID space. Considering that a service provider might have thousands of customers,
this coordination would be an overly extreme effort.
• To pass Ethernet frames between customer sites, the service provider bridges must learn customer MAC
TE

addresses.
• To provide redundant links between customers and the service provider, running a form of the Spanning Tree
Protocol (STP), which is generally not a viable solution, might be necessary. The STPs of today cannot scale to
IN

support all service provider and customer bridges of the world in a single spanning-tree domain.

Chapter 4–4 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

IEEE 802.1ad
IEEE 802.1ad, also known as Q-in-Q tunneling, has standardized the methodology of stacking VLAN tags. The slide shows the
frame format that the standard introduced. The standard gives a new name to the 802.1Q VLAN tag: the Customer VLAN
E

(C-VLAN) tag (C-TAG). It also introduces a new tag named the Service VLAN (S-VLAN) tag (S-TAG). By adding the S-TAG to the
frame, much less coordination is necessary between the customer and the service provider. At the customer site, the
US

customer can continue to use 802.1Q tagging using C-VLAN IDs that are relevant only to their network (not the service
provider’s network). As 802.1Q-tagged frames arrive at the edge of the service provider’s bridged network, the provider edge
bridge (PEB) adds an S-TAG to the frame. The S-TAG, using a single S-VLAN ID, can carry any or all of the 4094 C-VLANs that
are possibly in use by the customer. In the simplest case, a service provider can allocate a single S-VLAN ID to represent
each of its individual customers, which allows the service provider to potentially support up to 4094 customers. IEEE
AL

802.1ad also allows for the translating of S-VLAN IDs at the edge of a service provider’s bridged network, which helps in the
coordination of VLAN ID usage between service providers.

Scaling Issues
RN

Although IEEE 802.1ad helps to solve the issue of the limited VLAN ID space that we discussed in relation to IEEE 802.1Q
tagging, it does not solve the MAC learning problem. That is, for frames to be forwarded between bridges in the service
provider’s network, the bridges each must learn and store MAC addresses learned from the customer networks. A service
provider can help alleviate this problem by limiting the number of learned MAC addresses or charging the customer more for
TE

the EVC service if they exceed the MAC address limit.

IN

www.juniper.net Provider Bridging • Chapter 4–5

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Provider Bridging
The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN

Chapter 4–6 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Provider Bridging
Provider bridging is defined under IEEE 802.1ad. It was developed to allow a service provider to provide a more scalable EVC
service to its customers. A typical provider bridged network (PBN) provides for C-VLAN tagging and forwarding at the edge of
E

the network using the ports that face the customer. For all ports that face the core of the PBN, the provider bridges forward
based only on the S-VLAN tag.
US
AL
RN
TE
IN

www.juniper.net Provider Bridging • Chapter 4–7

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

IEEE 802.1ad TAG Formats

The slide shows the S-TAG and C-TAG formats defined under IEEE 802.1ad. Note that the C-TAG remains identical to the IEEE
802.1Q VLAN tag. The S-TAG is similar but a few fields have been redefined. For example, because the canonical format
E

indicator (CFI) field in the C-TAG is rarely used (for use in token ring networks), it has been redefined in the S-TAG to represent
a frame’s eligibility to be dropped. The Drop Eligibility Indicator (DEI) is used for class of service, which we do not discuss in
US

this course. Also, IEEE 802.1ad has reserved a Tag Protocol Identifier (TPID) of 0x88A8 for the S-TAG, however, the Junos
operating system default behavior is to set the TPID equal to 0x8100.
AL
RN
TE
IN

Chapter 4–8 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

PBN Terms
The following terms are used in a PBN network:
E

• PBN: A network of provider bridges that provide for transparent EVC service to the service provider’s customers.
• Provider Bridge: A bridge in the service provider’s network that performs IEEE 802.1ad VLAN tagging and
US

forwarding. These bridges learn and store the MAC addresses of the service provider’s customers.
• Provider Edge Bridge (PEB): Accepts and forwards IEEE 802.1Q frames to and from customers. PEBs also
encapsulate the received customer frames using the IEEE 802.1ad format to forward customer frames across
the PBN.
AL

• S-VLAN Bridge: A nonedge provider bridge that forwards frames based only on the S-VLAN tag.
• Provider Network Port: A port on a provider bridge that forwards frames based on the S-VLAN tag.
• Customer Edge Port: A port on a PEB that connects to customer equipment that receives and transmits C-VLAN
RN

tagged frames.
• Customer Network Port: A port on a PEB that receives and transmits S-VLAN tagged frames.
TE
IN

www.juniper.net Provider Bridging • Chapter 4–9

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

VLAN Tag Operations

The slide shows all of the possible operations that a provider bridge can perform on C-tagged frames and S-tagged frames
that a port receives and transmits.
E
US
AL
RN
TE
IN

Chapter 4–10 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Service Provider Provides EVC Service to the Customer

In the example, the service provider delivers an Ethernet circuit to each of the customer premises. To provide connectivity
between Customer Bridge 1 and Customer Bridge 2, the customer must enable an IEEE 802.1Q VLAN using VLAN ID 100 on
E

the service provider-facing ports. The service provider has allocated an S-VLAN tag of 200 to transparently forward the
customer’s frames across the PBN. This allocation is performed by configuring a bridge domain on each provider bridge
US

specifically for the customer specifying an S-VLAN ID of 200, and by configuring all possible inbound and outbound
interfaces to support the appropriate VLAN tagging for the customer’s bridge domain. For example, on Bridge A, the service
provider would need to configure a Bridge Domain that accepts C-tagged frames on the customer-facing interface and
S-tagged frames (VLAN ID 200) on the core-facing interfaces. Over the next several slides we look at the frame processing
steps for traffic traversing a Q-in-Q tunnel.
AL
RN
TE
IN

www.juniper.net Provider Bridging • Chapter 4–11

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

PEB Processing of Incoming Frames

When C-VLAN-tagged frames arrive at Bridge A (a PEB), Bridge A performs a MAC-table lookup based on the customer’s
bridge domain. If Bridge A has previously learned the destination MAC address of the frame, it forwards the frame to the
E

appropriate outbound interface (ge-1/0/4.1 in this case) and the interface adds an S-VLAN of 200 on to the frame before
sending the frame to the next bridge. The act of adding an outer tag to the frame is known as a push operation.
US

Note that if Bridge A did not previously learn the destination MAC address of the frames, it floods the frame out of every
other interface associated with the customer’s bridge domain except for the one that originally received the frame.
AL
RN
TE
IN

Chapter 4–12 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Bridge C Processes the Frame

When S-VLAN-tagged frames arrive at Bridge C (an S-VLAN bridge), it performs a MAC-table lookup based on the customer’s
bridge domain. If Bridge C has previously learned the destination MAC address of the frame, it forwards the frame to the
E

appropriate outbound interface (ge-1/0/6.1 in this case) and the interface sends the frame unchanged to the next bridge.
US

Note that a few ways exist to configure the VLAN operations on an S-VLAN bridge. The inbound interface on Bridge C can
possibly also pop the S-VLAN tag on reception and then the outbound interface can push S-VLAN of 200 on transmittal.
AL
RN
TE
IN

www.juniper.net Provider Bridging • Chapter 4–13

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Bridge D Processes the Frame

When S-VLAN-tagged frames arrive at Bridge D (PEB), the inbound interface pops the S-VLAN tag and Bridge D performs a
MAC-table lookup based on the customer’s bridge domain. If Bridge D has previously learned the destination MAC address of
E

the frame, it forwards the frame to the appropriate outbound interface (ge-1/0/6.100 in this case) and the interface sends
the C-tagged frame to the customer bridge.
US
AL
RN
TE
IN

Chapter 4–14 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Remote Customer Site

The slide shows the frame format of the Ethernet frame as it arrives at Customer Bridge 2. Note that the frame looks exactly
as it did when Customer Bridge 1 transmitted it. At this point, Customer Bridge 2 will perform its own MAC-table lookup and
E

forward the frame on to their intended destination, if known. If the destination MAC address is unknown, Customer Bridge 2
will flood frame out all other interfaces associated with VLAN-ID 100.
US
AL
RN
TE
IN

www.juniper.net Provider Bridging • Chapter 4–15

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Configuring and Monitoring Provider Bridging

The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN

Chapter 4–16 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Junos OS Interface Terminology

Shorthand methods of describing the Junos OS interfaces are common. A physical interface refers to a physical port. A
logical interface refers to an individual logical unit. An interface family refers to an individual protocol family. Multiple logical
E

interfaces can be configured for each physical interface. Multiple interface families can be configured for each logical
interface. In regards to bridging, understanding how a configuration affects the number of logical interfaces on an MX Series
US

3D Ethernet Universal Edge Router (64 K maximum) is important.

Bridge Domain Modes

So far, we discussed configuring bridge domains in independent VLAN learning mode (IVL). In this mode, MAC learning
AL

occurs on a per VLAN basis. That means, broadcast, unicast with unknown destination, and multicast (BUM) traffic flooded
on interfaces is associated with a single VLAN. However, another bridge domain mode exists named shared VLAN learning
mode (SVL). This allows for VLANs to share MAC learning. That means, the BUM traffic floods on all interfaces and all VLANs
associated with a bridge domain. The following slides show examples of each mode of operation.
RN
TE
IN

www.juniper.net Provider Bridging • Chapter 4–17

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Dual-Stacked VLAN Configuration

The example on the slide shows the configuration necessary to create dual-stacked VLAN subinterfaces. To configure the
outer VLAN, specify a vlan-id at the unit level. To specify one or more inner VLAN IDs, use the inner-vlan-id-list
E

command at the family bridge level of the hierarchy.

US
AL
RN
TE
IN

Chapter 4–18 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

S-VLAN Bridge Configuration

The easiest configuration for supporting provider bridging is on an S-VLAN bridge similar to the core (middle) switch on the
slide. Because the switch processes only S-VLAN tags, you can configure the bridge domain using the vlan-id number
E

statement. We expect only S-tagged frames to arrive on each trunk interface, so you can configure them for a single
vlan-id-list statement as well. To allow the interfaces to support two VLAN tags, include the
US

stacked-vlan-tagging statement or the flexible-vlan-tagging statement.

AL
RN
TE
IN

www.juniper.net Provider Bridging • Chapter 4–19

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Tunnel All C-VLANs

The method shown on the slide is the easiest and most elegant method of tunneling all customer C-VLANs across the core of
a PBN. The interface and bridge domain configuration require only that you specify the outer S-VLAN ID. To allow
E

single-tagged frames to enter the customer-facing interface, you must specify the interface-mode access statement.
US

You will see on the next few slides that each configuration method results in some combination of one of the following:
1. A bridge domain mode (IVL or SVL).
2. Customer-facing logical interface usage.
3. Bridge domain usage.
AL

4. Virtual switch usage.

The solution on this slide is so elegant because to support each customer it requires the use of one logical interface, one
bridge domain, and also, you can place each customer in the same virtual switch.
RN
TE
IN

Chapter 4–20 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Range of C-VLANs: Part 1

Allowing only certain C-VLANs to be tunneled across the core might be necessary. Few solutions will allow this tactic. In this
solution, the bridge domain references the C-VLAN IDs to be tunneled. Because of this reference, you must add each
E

customer to its own virtual switch (in the case of overlapping C-VLAN space).
US
AL
RN
TE
IN

www.juniper.net Provider Bridging • Chapter 4–21

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Range of C-VLANs: Part 2

The slide shows the first example of SVL as well as an example of VLAN normalization (translation). The best way to describe
how this solution works is to discuss what happens to a customer frame as it traverses the PBN:
E

1. A frame with C-VLAN ID 112 arrives on ge-1/0/0.112 destined for a MAC address that exists on the remote side
US

of the network.
2. Because the bridge domain is configured for vlan-id none, the C-VLAN tag pops before the MAC-table
lookup.
3. If the destination MAC address is unknown, then the frame is flooded out of all interfaces that associate with
AL

the bridge domain, including the subinterfaces of ge-1/0/0 (because of SVL). If the destination MAC is known,
the frame is forwarded out of the ge-1/0/4.0 interface with a C-VLAN of 111 (normalization) and an S-VLAN of
200.
4. Upon arriving at the remote PEB, assuming the bridge domain is configured for vlan-id none, the S-VLAN
RN

and the C-VLAN tags are popped before the MAC-table lookup.
If the destination MAC address is unknown, then the frame is flooded out of all interfaces that associate with the bridge
domain, including the subinterfaces of customer-facing interfaces (because of SVL). If the destination MAC address is
known, the frame is forwarded out of the appropriate subinterface using the encapsulation specified on the interface.
TE
IN

Chapter 4–22 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Explicit Configuration of Tag Operations

The slide shows an example of explicitly configuring the VLAN tag operations to be performed on an interface.
E
US
AL
RN
TE
IN

www.juniper.net Provider Bridging • Chapter 4–23

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

PBN Network-to-Network Interface

5. On the slide, two service providers provide an EVC to a single customer. To allow for the interconnection of the
two customer sites, the two service providers must exchange S-VLAN-tagged frames between one another.
E

However, the case might be that each service provider is using a different S-TAG to provide the EVC. In the
example, PBN 1 uses S-VLAN 200 and PBN 2 uses S-VLAN 300. IEEE 802.1ad provides the ability to perform
US

S-VLAN translation between service providers. The slide shows the configuration necessary for the S-VLAN
bridge in PBN 1 to perform VLAN translation.
AL
RN
TE
IN

Chapter 4–24 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

View Tag Operation Settings

To view the expected VLAN tag operations that an interface will perform, issue the show interfaces command. The
VLAN-tag field shows the VLAN IDs for which the interface was specifically configured. The In and Out fields show the
E

VLAN operations that the interface will perform.

US
AL
RN
TE
IN

www.juniper.net Provider Bridging • Chapter 4–25

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

An Alternative to Q-in-Q Tunneling

Q-in-Q tunneling has some drawbacks:
E

• Because there are 4096 unique VLANs, the number of customers can be severely limited.
• If there is a network failure, Ethernet’s STP can take tens of seconds to find an alternate path. Even the new
US

Rapid Spanning Tree Protocol (RSTP) can take multiple seconds in most situations, and convergence time
increases as the network grows.
An alternative to Q-in-Q tunneling that can be provided to the customer is virtual private LAN service (VPLS). VPLS delivers an
Ethernet service that can span one or more metro areas and that provides connectivity between multiple sites as if these
AL

sites were attached to the same Ethernet LAN. To the customer, a VPLS appears to be a single LAN segment. In fact, it
appears to act similarly to a learning bridge. That is, when the destination media access control (MAC) address is not known,
an Ethernet frame is sent to all remote sites. If the destination MAC address is known, it is sent directly to the site that owns
it. VPLS requires a strong background in MPLS as well as other routing protocols. A full discussion on VPLS is outside the
RN

scope of this course.

TE
IN

Chapter 4–26 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

We Discussed:
• IEEE VLAN stacking models;
E

• The components of provider bridging; and

• Configuration of provider bridging.
US
AL
RN
TE
IN

www.juniper.net Provider Bridging • Chapter 4–27

Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Review Questions
1.
E

2.
US

3.
AL
RN
TE
IN

Chapter 4–28 • Provider Bridging www.juniper.net

 Junos Service Provider Switching

A RE
SH
T
NO
DO
—
LY
ON

Provider Bridging Lab

The slide provides the objective for this lab.
E
US
AL
RN
TE
IN

www.juniper.net Provider Bridging • Chapter 4–29

Junos Service Provider Switching
Answers to Review Questions

RE
1.
The service provider and potentially thousands of customers must share a limited number of VLAN IDs when a service provider uses
IEEE 802.1Q VLANs to provide LAN service. Also, each service provider switch must learn the MAC addresses of its customers.

A
2.
Three VLAN tag operations that a switch can perform on a frame are pop, push, and swap.

SH
3.
The two modes are independent VLAN learning mode (IVL) and shared VLAN learning mode (SVL).

T
NO
DO
—
LY
ON
E
US
AL
RN
TE
IN

Chapter 4–30 • Provider Bridging www.juniper.net

 Acronym List

RE
AE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . aggregated Ethernet

A
AIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .alarm indication signal
APS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Automatic Protection Switching

SH
ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Address Resolution Protocol
ATM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Asynchronous Transfer Mode
BCB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . backbone core bridge
BDI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Backward Defect Indicator
BEB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . backbone edge bridge

T
BID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Bridge ID
BPDU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bridge protocol data unit

NO
B-TAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Backbone VLAN tag
BUM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . broadcast, unicast with unknown destination, and multicast
B-VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Backbone VLAN
CBP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Customer Backbone Port
CC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . continuity check
CCM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . centralized configuration management

DO
CE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . customer edge
CFI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Canonical Format Indicator
CFM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .connectivity fault management
CIST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .common and internal spanning tree
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .command-line interface
—
CoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . class of service
CSMA/CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . carrier-sense multiple access with collision detection
CST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . common spanning tree
C-TAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .customer VLAN tag
LY

C-VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . customer VLAN

DEI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Drop Eligibility Indicator
DPC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Dense Port Concentrator
DSAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .destination service access point
ON

E-LAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Ethernet LAN

E-Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ethernet Line
ERP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ethernet Ring Protection
EVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ethernet virtual connection
FDI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Forward Defect Indicator
E

GARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Generic Attribute Registration Protocol

GRE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .generic routing encapsulation
US

GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .graphical user interface

GVRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . GARP VLAN Registration Protocol
ICCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inter-Chassis Control Protocol
ICL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Inter-Chassis Link
ICMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Internet Control Message Protocol
IEEE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Institute of Electrical and Electronics Engineers
AL

IP-IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP over IP
IRB. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .integrated routing and bridging
I-SID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Backbone Service Instance ID
I-TAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Backbone Service Instance tag
RN

ITU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . International Telecommunication Union

ITU-T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .International Telecommunication Union Telecommunication Standardization
JNTCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Juniper Networks Technical Certification Program
IVL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . independent VLAN learning mode
TE

JTAC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Juniper Networks Technical Assistance Center

LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Link Aggregation Control Protocol
LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . link aggregation group
LFM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .link fault management
IN

MAC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . media access control

www.juniper.net Acronym List • ACR–1

 MAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Metropolitan Area Network

RE
MC-LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . multichassis LAG
MEF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Metro Ethernet Forum
MEP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . maintenance association end point
MIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . maintenance association intermediate point
MISTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Multiple Instance STP

A
MPC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Modular Port Concentrator
MRP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Multiple Registration Protocol

SH
MSO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .multiple service operator
MST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . multiple spanning tree
MSTI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . multiple spanning tree instance
MSTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Multiple Spanning Tree Protocol
MVRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Multiple VLAN Registration Protocol

T
NMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .network management system
OAM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Operation, Administration, and Maintenance

NO
OAMPDU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OAM protocol data unit
OSI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Open Systems Interconnection
PBB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . provider backbone bridge
PBN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .provider bridged network
PDU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . protocol data unit

DO
PE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . provider edge
PEB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Power and Ethernet Board
PFE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet Forwarding Engine
PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Physical Interface Module
PIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Provider Instance Port
PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . permanent virtual circuit
—
PVST+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Per-VLAN Spanning Tree Plus
Rapid-PVST+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Rapid Per-VLAN Spanning Tree Plus
R-APS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ring Automatic Protection Switching
RE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routing Engine
LY

RPL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ring protection link

RST BPDU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Rapid Spanning Tree BPDU
RSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Rapid Spanning Tree Protocol
SLA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .service-level agreement
ON

SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Simple Network Management Protocol

S-TAG. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .service VLAN tag
STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Spanning Tree Protocol
SVL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . shared VLAN learning mode
S-VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . service VLAN
E

TCN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . topology change notification

TDM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . time-division multiplexing
US

TLV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . type/length/value
TPID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tag Protocol Identifier
TTL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . time to live
UCA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . User Customer Address
UNI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . user-to-network interface
AL

VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .virtual LAN

VPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . virtual private LAN service
VSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VLAN Spanning Tree Protocol
RN
TE
IN

ACR–2 • Acronym List www.juniper.net