04-08-2021 05:12 PM
I have a connection to Microsoft Azure via Megaport.
Megaport asked me a question if my device i.e. 3850 is capable of QnQ tunneling and I know it is capable of QnQ tunneling.
My inner vlan 901
Outer Vlan 999
Switch : 3850
it holds the L3 configuration for vlan 901 and BGP peering with Azure.
How do I configure L2 port where Megaport link terminates to make sure switch rip off the outer tag and allow the inner tag to routing engine so I can get the connection.
Their supoprt team only provide the L3 configuration which is not supported on 3850.
Their L3 configuration is as bleow
12-20-2022 09:15 PM
Nilay
I am not sure if this answers your question but for my current project I am looking to use Megaport for not only Azure Express route public and private connectivity which needs to have QinQ outer and inner tags but also other cloud connectivity which only need a single dot1q tag.
I am looking to use a Cisco ASR 1002X which is going to be decommsioned and needs a new purpose for the next couple of years.
I have done some tests with the following Cisco ASR configuration which takes an input from my Cisco ACI Palo Alto firewall on one interface and connects to Megaport on the other interface. The ASR adds tags, translates tag as needed.
Does this help ? Do you see any issues?
ASR-TEST#show ver
Cisco IOS XE Software, Version 17.08.01a
Cisco IOS Software [Cupertino], ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.8.1a, RELEASE SOFTWARE (fc3)
!
interface GigabitEthernet0/0/1
description ##### FACING PALO-ALTO #########
no ip address
negotiation auto
service instance 10 ethernet
encapsulation dot1q 2400
bridge-domain 10
!
service instance 20 ethernet
encapsulation dot1q 2402
bridge-domain 20
!
service instance 30 ethernet
encapsulation dot1q 50
bridge-domain 30
!
service instance 40 ethernet
encapsulation dot1q 2410
rewrite ingress tag translate 1-to-1 dot1q 2409 symmetric
bridge-domain 40
!
!
interface GigabitEthernet0/0/2
description ##### FACING MEGAPORT #########
no ip address
negotiation auto
service instance 10 ethernet
encapsulation dot1q 40 second-dot1q 2400
rewrite ingress tag pop 1 symmetric
bridge-domain 10
!
service instance 20 ethernet
encapsulation dot1q 40 second-dot1q 2402
rewrite ingress tag pop 1 symmetric
bridge-domain 20
!
service instance 30 ethernet
encapsulation dot1q 50
bridge-domain 30
!
service instance 40 ethernet
encapsulation dot1q 40 second-dot1q 2409
rewrite ingress tag pop 1 symmetric
bridge-domain 40
!
!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide