Routing

Expand all | Collapse all

L2circuit with standby to be stitched into VRF

Jump to Best Answer
  • 1.  L2circuit with standby to be stitched into VRF

    Posted 04-10-2018 06:19
      |   view attached

    Hi,

    I need to setup a scenario where an ACX4000 has L2circuit to two different MX's. One active and one standby by using the "backup-router" feature. The L2circuits should both be stitched into VRF's with L3-interfaces having the same IP address on both MX's. I was thinking of using LT interfaces on the MX's and peer between two LT units (one L2 and one L3 LT unit). The problem is that I think the L3 LT interfaces on both MX's needs to have the same MAC address for it to work properly. Otherwise arp will fail once the standby L2circuit becomes active right?

     

    Anyone have any idea how to solve this? Please see attached solution overview.

     

    thanks 

    Erac



  • 2.  RE: L2circuit with standby to be stitched into VRF

    Posted 04-11-2018 21:00

    Hi,

    It might sound weird, but have you thought about creating a MC-LAG between the MXs, so that ACX4000 treats the uplink towards MXs as single LAG and then you can either use active/standby or active/active mode in that? But for that you may need an ICL link between the MXs to exchange ICCP information.

     

    Other option would be to think if we can use IRB here and configure static MAC on irb for both MXs?

     

    Thanks



  • 3.  RE: L2circuit with standby to be stitched into VRF

    Posted 04-12-2018 23:54

     

    Hi,

    Thanks for your input Sarathirao.

    Even though the MX's are in the same city there are about 10 hops between them in the mpls network (and about 12 ms RTT). They don't have a direct link between each other unfortunately. The interfaces towards the customer also have a lot of other services on them that shouldn't be in LAG so it would be a bit to messy setting up MC-LAG in this case I think.


    Erac



  • 4.  RE: L2circuit with standby to be stitched into VRF

    Posted 04-12-2018 23:55

    Hi, Thanks for your input Sarathirao.

    Even though the MX's are in the same city there are about 10 hops between them in the mpls network (and about 12 ms RTT). They don't have a direct link between each other unfortunately. The interfaces towards the customer also have a lot of other services on them that shouldn't be in LAG so it would be a bit to messy setting up MC-LAG in this case I think.

     

    Erac



  • 5.  RE: L2circuit with standby to be stitched into VRF

     
    Posted 04-11-2018 22:56

    Hi Erac

    ACX4000 supports VRF. If you are concerned about the route scale, we can implement hub and spoke VPN to limit that.

    For l2ciruit active-standby, the solution is to use vrrp on both the aggregation MXs. Even though they dont talk to each other directly, it still serves the purpose of faster convergence.

     

    Thanks
    Shijo

     

     



  • 6.  RE: L2circuit with standby to be stitched into VRF

     
    Posted 04-11-2018 23:05

    Just to clarify further, for the same use case in question, we can use vrrp on the lt interface itself.

     

    Thanks
    Shijo



  • 7.  RE: L2circuit with standby to be stitched into VRF

    Posted 04-12-2018 23:58

    Thanks Shijo! I will look into that to see if I find any good example.

     

    Erac



  • 8.  RE: L2circuit with standby to be stitched into VRF
    Best Answer

    Posted 04-12-2018 02:01

    Hello,

    Here is the sample config for You. Setting MAC on irb unit requires JUNOS 13.3+.

    ACX4K  lo0.0 is 169.254.3.211

    MX-A  lo0.0 is 169.254.0.111

    MX-B lo0.0 is 169.254.0.112

    ACX4000 side - usual L2circuit config:

    set interfaces ge-0/0/7 vlan-tagging
    set interfaces ge-0/0/7 encapsulation extended-vlan-ccc
    set interfaces ge-0/0/7 unit 10 vlan-id 10
    set interfaces ge-0/0/7 unit 10 family ccc
    set protocols l2circuit neighbor 169.254.0.111 interface ge-0/0/7.10 virtual-circuit-id 1010 set protocols l2circuit neighbor 169.254.0.111 interface ge-0/0/7.10 no-control-word set protocols l2circuit neighbor 169.254.0.111 interface ge-0/0/7.10 encapsulation-type ethernet set protocols l2circuit neighbor 169.254.0.111 interface ge-0/0/7.10 backup-neighbor 169.254.0.112

    MX-A side config:

    set interfaces irb unit 10 family inet address 203.0.113.188/24
    set interfaces irb unit 10 mac 02:02:02:02:02:02
    set routing-instances LDP-VPLS instance-type virtual-switch
    set routing-instances LDP-VPLS protocols vpls no-tunnel-services
    set routing-instances LDP-VPLS protocols vpls vpls-id 1010
    set routing-instances LDP-VPLS protocols vpls neighbor 169.254.3.211 encapsulation-type ethernet
    set routing-instances LDP-VPLS protocols vpls connectivity-type permanent
    set routing-instances LDP-VPLS bridge-domains BD10 domain-type bridge
    set routing-instances LDP-VPLS bridge-domains BD10 vlan-id 10
    set routing-instances LDP-VPLS bridge-domains BD10 routing-interface irb.10
    set routing-instances VRF-1 instance-type vrf
    set routing-instances VRF-1 interface irb.10

    MAC-B config:

    set interfaces irb unit 10 family inet address 203.0.113.188/24
    set interfaces irb unit 10 mac 02:02:02:02:02:02
    set routing-instances LDP-VPLS instance-type virtual-switch
    set routing-instances LDP-VPLS protocols vpls no-tunnel-services
    set routing-instances LDP-VPLS protocols vpls vpls-id 1010
    set routing-instances LDP-VPLS protocols vpls neighbor 169.254.3.211 encapsulation-type ethernet
    set routing-instances LDP-VPLS protocols vpls connectivity-type permanent
    set routing-instances LDP-VPLS bridge-domains BD10 domain-type bridge
    set routing-instances LDP-VPLS bridge-domains BD10 vlan-id 10
    set routing-instances LDP-VPLS bridge-domains BD10 routing-interface irb.10
    set routing-instances VRF-1 instance-type vrf
    set routing-instances VRF-1 interface irb.10

    Verification:

    - ACX4K side

    >show l2circuit connections
    Layer-2 Circuit Connections: Legend for connection status (St) EI -- encapsulation invalid NP -- interface h/w not present MM -- mtu mismatch Dn -- down EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down CM -- control-word mismatch Up -- operational VM -- vlan id mismatch CF -- Call admission control failure OL -- no outgoing label IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration BK -- Backup Connection ST -- Standby Connection CB -- rcvd cell-bundle size bad SP -- Static Pseudowire LD -- local site signaled down RS -- remote site standby RD -- remote site signaled down HS -- Hot-standby Connection XX -- unknown Legend for interface status Up -- operational Dn -- down Neighbor: 169.254.0.111 Interface Type St Time last up # Up trans ge-0/0/7.10(vc 1010) rmt Up Apr 12 01:46:49 2018 1 Remote PE: 169.254.0.111, Negotiated control-word: No Incoming label: 300064, Outgoing label: 262145 Negotiated PW status TLV: No Local interface: ge-0/0/7.10, Status: Up, Encapsulation: ETHERNET Flow Label Transmit: No, Flow Label Receive: No Neighbor: 169.254.0.112 Interface Type St Time last up # Up trans ge-0/0/7.10(vc 1010) rmt BK

    - MX-A side:

    >show vpls connections 
    Layer-2 VPN connections:
    
    Legend for connection status (St)   
    EI -- encapsulation invalid      NC -- interface encapsulation not CCC/TCC/VPLS
    EM -- encapsulation mismatch     WE -- interface and instance encaps not same
    VC-Dn -- Virtual circuit down    NP -- interface hardware not present 
    CM -- control-word mismatch      -> -- only outbound connection is up
    CN -- circuit not provisioned    <- -- only inbound connection is up
    OR -- out of range               Up -- operational
    OL -- no outgoing label          Dn -- down                      
    LD -- local site signaled down   CF -- call admission control failure      
    RD -- remote site signaled down  SC -- local and remote site ID collision
    LN -- local site not designated  LM -- local site ID not minimum designated
    RN -- remote site not designated RM -- remote site ID not minimum designated
    XX -- unknown connection status  IL -- no incoming label
    MM -- MTU mismatch               MI -- Mesh-Group ID not available
    BK -- Backup connection          ST -- Standby connection
    PF -- Profile parse failure      PB -- Profile busy
    RS -- remote site standby        SN -- Static Neighbor
    LB -- Local site not best-site   RB -- Remote site not best-site
    VM -- VLAN ID mismatch           HS -- Hot-standby Connection
    
    Legend for interface status 
    Up -- operational           
    Dn -- down
    
    Instance: LDP-VPLS
      VPLS-id: 1010
        Neighbor                  Type  St     Time last up          # Up trans
        169.254.3.211(vpls-id 1010) rmt Up     Apr 12 01:46:58 2018           1
          Remote PE: 169.254.3.211, Negotiated control-word: No
          Incoming label: 262145, Outgoing label: 300064
          Negotiated PW status TLV: No
          Local interface: lsi.1048577, Status: Up, Encapsulation: ETHERNET
            Description: Intf - vpls LDP-VPLS neighbor 169.254.3.211 vpls-id 1010
          Flow Label Transmit: No, Flow Label Receive: No
    > show interfaces irb terse
    show interfaces irb.10       
      Logical interface irb.10 (Index 342) (SNMP ifIndex 552)
        Flags: Up SNMP-Traps 0x4004000 Encapsulation: ENET2
        MAC: 02:02:02:02:02:02
        Bandwidth: 1000mbps
        Routing Instance: LDP-VPLS Bridging Domain: BD10
        Input packets : 0
        Output packets: 0
        Protocol inet, MTU: 1514
        Max nh cache: 75000, New hold nh limit: 75000, Curr nh cnt: 0, Curr new hold cnt: 0, NH drop cnt: 0
          Flags: Sendbcast-pkt-to-re
          Addresses, Flags: Is-Preferred Is-Primary
            Destination: 203.0.113/24, Local: 203.0.113.188, Broadcast: 203.0.113.255
        Protocol multiservice, MTU: 1514

    - MX-B side:

    >show vpls connections | no-more 
    Layer-2 VPN connections:
    
    Legend for connection status (St)   
    EI -- encapsulation invalid      NC -- interface encapsulation not CCC/TCC/VPLS
    EM -- encapsulation mismatch     WE -- interface and instance encaps not same
    VC-Dn -- Virtual circuit down    NP -- interface hardware not present 
    CM -- control-word mismatch      -> -- only outbound connection is up
    CN -- circuit not provisioned    <- -- only inbound connection is up
    OR -- out of range               Up -- operational
    OL -- no outgoing label          Dn -- down                      
    LD -- local site signaled down   CF -- call admission control failure      
    RD -- remote site signaled down  SC -- local and remote site ID collision
    LN -- local site not designated  LM -- local site ID not minimum designated
    RN -- remote site not designated RM -- remote site ID not minimum designated
    XX -- unknown connection status  IL -- no incoming label
    MM -- MTU mismatch               MI -- Mesh-Group ID not available
    BK -- Backup connection          ST -- Standby connection
    PF -- Profile parse failure      PB -- Profile busy
    RS -- remote site standby        SN -- Static Neighbor
    LB -- Local site not best-site   RB -- Remote site not best-site
    VM -- VLAN ID mismatch           HS -- Hot-standby Connection
    
    Legend for interface status 
    Up -- operational           
    Dn -- down
    
    Instance: LDP-VPLS
      VPLS-id: 1010
        Neighbor                  Type  St     Time last up          # Up trans
        169.254.3.211(vpls-id 1010) rmt OL
    >show interfaces irb.10
    Logical interface irb.10 (Index 340) (SNMP ifIndex 553)
    Flags: Hardware-Down Up SNMP-Traps 0x4004000 Encapsulation: ENET2
    MAC: 02:02:02:02:02:02
    Bandwidth: 1000mbps
    Routing Instance: LDP-VPLS Bridging Domain: BD10
    Input packets : 0
    Output packets: 0
    Protocol inet, MTU: 1514
    Max nh cache: 75000, New hold nh limit: 75000, Curr nh cnt: 0, Curr new hold cnt: 0, NH drop cnt: 0
    Flags: Sendbcast-pkt-to-re
    Addresses, Flags: Dest-route-down Is-Preferred Is-Primary
    Destination: 203.0.113/24, Local: 203.0.113.188, Broadcast: 203.0.113.255
    Protocol multiservice, MTU: 1514

    HTH

    Thx

    Alex



  • 9.  RE: L2circuit with standby to be stitched into VRF

    Posted 04-13-2018 00:00

    Hi Alex,

     

    Your example looks like a good way of doing it. I will try it out in the lab and let you know the results!

     

    Erac

     



  • 10.  RE: L2circuit with standby to be stitched into VRF

    Posted 04-15-2018 05:59

    Hi Alex,

     

    I have set up your example in the lab and it seems to work. However I have another problem. Most traffic  in the VRF - coming from other PE's not in the picture - should go out to the customer on PE2. However the traffic from PE3 should go to the customer via PE1. I'm using a higher local pref on the BGP session on PE2 to make that one generally preferred. But how do I make an exception for traffic from PE3 so that it will go out via PE1? I can skip the pseudowire redundancy setup and run L3VPN directly on PE3 if needed to make a smoother solution to this.

     

    Erac 



  • 11.  RE: L2circuit with standby to be stitched into VRF

    Posted 04-15-2018 23:46

    Hello,

    I am not following Your new requirement, please provide a diagram with required traffic flows.

    Thx

    Alex


     



  • 12.  RE: L2circuit with standby to be stitched into VRF

    Posted 04-16-2018 00:33

    Hi Alex,

     

    I will make a new post on my last question as it is a different problem than the initial one. Thanks a lot for the help on the L2circuit / VPLS setup! It really helped a lot!

     

    Erac



  • 13.  RE: L2circuit with standby to be stitched into VRF

    Posted 08-28-2019 07:29
    Hi Alex,

    Greaat!!!
    I'm solved L2Circuit interoperability issue between IOS and Junos with your config.
    You save my life guy



    BR,
    Ages H.