12-06-2019 09:00 AM - edited 12-06-2019 10:05 AM
I have a Cat9k that I've connecting into an Azure Express Route circuit via my ISP. They have told me that it is ready to do and that my customer VLAN is 4001. I've setup the VLAN in Azure as 1001. To me, that means that the outer tag is 4001 and the inner tag is 1001. Simple enough. But I'm having issues getting it to work. Not sure if there is an issue on the provider's side or if it is a configuration issue I'm having. I am trying to peer BGP with Azure from an SVI in VLAN 1001 on the switch. Here is my config.
vlan 1001
vlan 4001
interface vlan1001
ip add 10.10.10.1 255.255.255.252
vlan dot1q-tag native
interface te1/1/1
switchport mode dot1q-tunnel
switchport access vlan 4001
With this configuration, VLAN 1001 never comes up. I'm guessing that I'm doing QinQ wrong but it seems to jive with documentation I've read.
The service provider is setup like this:
interface GigabitEthernet0/0/0/17
mtu 9216
transceiver permit pid all
!
interface GigabitEthernet0/0/0/17.4001 l2transport
encapsulation dot1q 4001
rewrite ingress tag pop 1 symmetric
Any thoughts?
Thanks!
Solved! Go to Solution.
12-06-2019 11:46 AM
Hi!
I also don't think you need to use QinQ at all.
Did somebody from ISP or Azure side tell you that you will need to use it?
If not, I think you can just see the link between your Cat9k and Azure as a transit link in VLAN 4001.
You shouldn't have to care about what the ISP is doing.
For you it should appear like a cable going from the Cat9k to the Azure Cloud :)
Tell me what you think.
Best regards
Julian
12-06-2019 09:10 AM
Not Familiar with Azure but why can't you just use vlan tag 4001 on both sides of the connection without any QinQ?
Also, you may want to open a ticket with them as QinQ may not be supported on their side.
HTH
12-06-2019 10:05 AM
The service provider is setup like this:
interface GigabitEthernet0/0/0/17
mtu 9216
transceiver permit pid all
!
interface GigabitEthernet0/0/0/17.4001 l2transport
encapsulation dot1q 4001
rewrite ingress tag pop 1 symmetric
12-06-2019 10:55 AM
Maybe I don't understand your case but the service provider should not have anything to do with your connection to Azure.
The service provider simply hand out a physical connection to you, you connect that to your switch and peer with Azure via BGP or static route. What service provider is doing on their side should be transparent to you.
HTH
12-06-2019 11:22 AM
12-06-2019 11:34 AM
Megaport is the last hop provider into Azure. They are using 4001 with our local service provider.
Megaport should not have anything to do with your peering with Azure. We use AWS the same way and it is BGP between us and AWS We configure a sub-interface on our router (e.g sub-interface 2000) with an IP and than configure the same thing on AWS side (vlan tag 2000).Megaport just hand off a connection to you and you just have to configure Azure on their portal if that is like AWS and than peer it Again, Megaport just provide a connection to you and their config should be transparent to you.
HTH
12-06-2019 11:42 AM
This is usually if you are doing a "port" with megaport witch costs $500 per month for 1 or 10Gig.
Your gateway for connectivity to the clouds, between data centres, and anywhere you want to go on our network.
1Gbps Port
$500 per month
10Gbps Port
$500 per month
Pricing values reflect both USD and AUD, visit portal.megaport.com for accurate pricing in your currency. Excludes taxes and regulatory fees
12-08-2019 10:27 AM - edited 12-09-2019 07:40 AM
Not interested in pricing, this isn’t a marketing forum. No where in my question did I ask what a port was or how much it would cost.
12-06-2019 11:46 AM
Hi!
I also don't think you need to use QinQ at all.
Did somebody from ISP or Azure side tell you that you will need to use it?
If not, I think you can just see the link between your Cat9k and Azure as a transit link in VLAN 4001.
You shouldn't have to care about what the ISP is doing.
For you it should appear like a cable going from the Cat9k to the Azure Cloud :)
Tell me what you think.
Best regards
Julian
12-09-2019 07:41 AM
12-09-2019 07:57 AM
Hi!
Glad to hear that! :)
Let me know if you need anything else.
Have a nice day!
Best regards
Julian
05-18-2020 03:15 AM
Hi All,
Thanks for the explanation - I'm running currently a similar approach with the Azure Expressroute - our device is getting two Vlans 524 (S-TAG) and 321 (Dot1q plain internet) at one port on a Cisco Cat. 6500.
I configured the Port from the Service Provider as a trunk port and created the interface vlan 1108(Azure Internal Vlan) and gave it the needed IP - How does the Vlan nows where to go and where to send the traffic to ?
I'm pretty lost in this topic.
Best Regards
Frederik
10-05-2020 11:11 AM
Hi Nathan,
Trying to setup the same with a provider (not Megapath) on my Cat9300 and was given similar information, the outer vlan ID. I followed QinQ configuration since everything led me to believe that is necessary but this thread makes it seem like it isn't. Wondering what config you ended with in the end. Thanks.
04-03-2023 10:34 AM
@Nathan Farrar How does the configuration look like? We want to land our express route on a stacked pair of Cat9300.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide