Routing

Expand all | Collapse all

MX104 vpls in logical system

Jump to Best Answer
  • 1.  MX104 vpls in logical system

    Posted 02-14-2018 07:10

    Hello everyone!

    I`m trying to set up vpls connection between two sites in my lab environment.

    I got 4 logical systems set up like this:

    lab.png

     

    PE1 {
    interfaces { ge-0/1/8 { unit 700 { encapsulation vlan-vpls; vlan-id 700; } } lt-0/2/0 { unit 0 { description PE1>PE2; encapsulation ethernet; peer-unit 1; family inet { address 192.168.0.1/30; } family mpls; } unit 3 { encapsulation ethernet; peer-unit 4; family inet { address 192.168.0.5/30; } family mpls; } } lo0 { unit 1 { family inet { address 1.1.1.1/32 { primary; preferred; } } } unit 100 { family inet { address 192.168.100.1/24; } } } } protocols { rsvp { interface lt-0/2/0.0; interface lt-0/2/0.3; } mpls { no-propagate-ttl; label-switched-path PE1-PE2 { from 1.1.1.1; to 2.2.2.2; } label-switched-path PE1-PE4 { from 1.1.1.1; to 4.4.4.4; } interface lt-0/2/0.0; interface lt-0/2/0.3; interface lo0.1; } bgp { group IBGP { type internal; local-address 1.1.1.1; family inet { unicast; } family inet-vpn { unicast; } family l2vpn { signaling; } family evpn { signaling; } peer-as 65000; neighbor 3.3.3.3; } } ospf { traffic-engineering; area 0.0.0.0 { interface lo0.1; interface lt-0/2/0.0 { interface-type p2p; } interface lo0.2; interface lt-0/2/0.3 { interface-type p2p; } } } } policy-options { community L2VPNA members target:65000:200; } routing-instances { L2VPNA { instance-type vpls; interface ge-0/1/8.700; route-distinguisher 1.1.1.1:200; vrf-target target:65000:200; protocols { vpls { site-range 3; no-tunnel-services; site L2VPNA_PE1 { site-identifier 2; } } } } L3VPNA { instance-type vrf; interface lo0.100; route-distinguisher 65000:100; vrf-import VPNA-IMPORT; vrf-export VPNA-EXPORT; vrf-target { import target:65000:100; export target:65000:100; } vrf-table-label; } } routing-options { router-id 1.1.1.1; autonomous-system 65000; resolution; } } PE2 { interfaces { lt-0/2/0 { unit 1 { description PE2>PE1; encapsulation ethernet; peer-unit 0; family inet { address 192.168.0.2/30; } family mpls; } unit 5 { encapsulation ethernet; peer-unit 6; family inet { address 192.168.0.9/30; } family mpls; } } lo0 { unit 2 { family inet { address 2.2.2.2/32 { primary; preferred; } } } unit 102 { family inet { address 192.168.150.1/24; } } } } protocols { rsvp { interface lt-0/2/0.1; interface lt-0/2/0.5; } mpls { no-propagate-ttl; label-switched-path PE2-PE1 { from 2.2.2.2; to 1.1.1.1; } label-switched-path PE2-PE4 { from 2.2.2.2; to 4.4.4.4; } path PE2-PE4-long { 1.1.1.1 strict; } interface lt-0/2/0.1; interface lt-0/2/0.5; interface lo0.2; } bgp { group IBGP { type internal; local-address 2.2.2.2; family inet { unicast; } family inet-vpn { unicast; } family l2vpn { signaling; } family evpn { signaling; } peer-as 65000; neighbor 3.3.3.3; } } ospf { traffic-engineering; area 0.0.0.0 { interface lt-0/2/0.1 { interface-type p2p; } interface lo0.2; interface lt-0/2/0.5 { interface-type p2p; } } } } routing-options { router-id 2.2.2.2; autonomous-system 65000; resolution; } } PE4 { interfaces { ge-0/0/0 { unit 0 { family inet { address 192.168.4.1/24; } } } ge-0/1/9 { unit 600 { encapsulation vlan-vpls; vlan-id 600; } } lt-0/2/0 { unit 8 { encapsulation ethernet; peer-unit 7; family inet { address 192.168.0.14/30; } family mpls; } } lo0 { unit 4 { family inet { address 4.4.4.4/32; } } unit 101 { family inet { address 192.168.200.1/24; } } } } protocols { rsvp { interface lt-0/2/0.8; } mpls { no-propagate-ttl; label-switched-path PE4-PE2 { from 4.4.4.4; to 2.2.2.2; } label-switched-path PE4-PE1 { from 4.4.4.4; to 1.1.1.1; } interface lt-0/2/0.8; interface lo0.4; } bgp { group IBGP { type internal; family inet { unicast; } family inet-vpn { unicast; } family l2vpn { signaling; } family evpn { signaling; } export EXPORT-BGP; neighbor 3.3.3.3 { local-address 4.4.4.4; } } } ospf { traffic-engineering; area 0.0.0.0 { interface lo0.4; interface lt-0/2/0.8 { interface-type p2p; } } } } policy-options { policy-statement EXPORT-BGP { from { route-filter 192.168.4.0/24 exact; } then { next-hop self; accept; } } community L2VPNA members target:65000:200; } routing-instances { L2VPNA { instance-type vpls; interface ge-0/1/9.600; route-distinguisher 4.4.4.4:200; vrf-target target:65000:200; protocols { vpls { site-range 3; no-tunnel-services; site L2VPNA_PE4 { site-identifier 1; } } } } routing-options { router-id 4.4.4.4; autonomous-system 65000; } } RR { interfaces { lt-0/2/0 { unit 4 { encapsulation ethernet; peer-unit 3; family inet { address 192.168.0.6/30; } family mpls; } unit 6 { encapsulation ethernet; peer-unit 5; family inet { address 192.168.0.10/30; } family mpls; } unit 7 { encapsulation ethernet; peer-unit 8; family inet { address 192.168.0.13/30; } family mpls; } } lo0 { unit 3 { family inet { address 3.3.3.3/32; } } } } protocols { rsvp { interface lt-0/2/0.4; interface lt-0/2/0.6; interface lt-0/2/0.7; } mpls { no-propagate-ttl;
    label-switched-path RR-PE4 {
    from 3.3.3.3;
    to 4.4.4.4;
    }
    label-switched-path RR-PE2 {
    from 3.3.3.3;
    to 2.2.2.2;
    }
    label-switched-path RR-PE1 {
    from 3.3.3.3;
    to 1.1.1.1;
    } interface lt-0/2/0.7; interface lt-0/2/0.6; interface lo0.3; interface lt-0/2/0.4; } bgp { group IBGP { type internal; local-address 3.3.3.3; family inet { unicast; } family inet-vpn { unicast; } family l2vpn { signaling; } family evpn { signaling; } cluster 0.0.0.1; multipath; neighbor 1.1.1.1; neighbor 2.2.2.2; neighbor 4.4.4.4; } } ospf { traffic-engineering; area 0.0.0.0 { interface lt-0/2/0.4 { interface-type p2p; } interface lo0.3; interface lt-0/2/0.6 { interface-type p2p; } interface lt-0/2/0.7 { interface-type p2p; } } } } routing-options { router-id 3.3.3.3; autonomous-system 65000; resolution; } }

    So far so good.

    But ping from CE1 to CE2 fails.

    i`ve checked pseudo-wire both on PE1 and PE4 - it`s ok

     run show vpls connections logical-system PE1
    Layer-2 VPN connections:
    
    Legend for connection status (St)
    EI -- encapsulation invalid      NC -- interface encapsulation not CCC/TCC/VPLS
    EM -- encapsulation mismatch     WE -- interface and instance encaps not same
    VC-Dn -- Virtual circuit down    NP -- interface hardware not present
    CM -- control-word mismatch      -> -- only outbound connection is up
    CN -- circuit not provisioned    <- -- only inbound connection is up
    OR -- out of range               Up -- operational
    OL -- no outgoing label          Dn -- down
    LD -- local site signaled down   CF -- call admission control failure
    RD -- remote site signaled down  SC -- local and remote site ID collision
    LN -- local site not designated  LM -- local site ID not minimum designated
    RN -- remote site not designated RM -- remote site ID not minimum designated
    XX -- unknown connection status  IL -- no incoming label
    MM -- MTU mismatch               MI -- Mesh-Group ID not available
    BK -- Backup connection          ST -- Standby connection
    PF -- Profile parse failure      PB -- Profile busy
    RS -- remote site standby        SN -- Static Neighbor
    LB -- Local site not best-site   RB -- Remote site not best-site
    VM -- VLAN ID mismatch           HS -- Hot-standby Connection
    
    Legend for interface status
    Up -- operational
    Dn -- down
    
    Instance: L2VPNA
    Edge protection: Not-Primary
      Local site: L2VPNA_PE1 (2)
        connection-site           Type  St     Time last up          # Up trans
        1                         rmt   Up     Jan  7 13:28:14 2010           1
          Remote PE: 4.4.4.4, Negotiated control-word: No
          Incoming label: 262145, Outgoing label: 262162
          Local interface: lsi.17826048, Status: Up, Encapsulation: VPLS
            Description: Intf - vpls L2VPNA local site 2 remote site 1
    
    run show vpls connections logical-system PE4
    Layer-2 VPN connections:
    
    Legend for connection status (St)
    EI -- encapsulation invalid      NC -- interface encapsulation not CCC/TCC/VPLS
    EM -- encapsulation mismatch     WE -- interface and instance encaps not same
    VC-Dn -- Virtual circuit down    NP -- interface hardware not present
    CM -- control-word mismatch      -> -- only outbound connection is up
    CN -- circuit not provisioned    <- -- only inbound connection is up
    OR -- out of range               Up -- operational
    OL -- no outgoing label          Dn -- down
    LD -- local site signaled down   CF -- call admission control failure
    RD -- remote site signaled down  SC -- local and remote site ID collision
    LN -- local site not designated  LM -- local site ID not minimum designated
    RN -- remote site not designated RM -- remote site ID not minimum designated
    XX -- unknown connection status  IL -- no incoming label
    MM -- MTU mismatch               MI -- Mesh-Group ID not available
    BK -- Backup connection          ST -- Standby connection
    PF -- Profile parse failure      PB -- Profile busy
    RS -- remote site standby        SN -- Static Neighbor
    LB -- Local site not best-site   RB -- Remote site not best-site
    VM -- VLAN ID mismatch           HS -- Hot-standby Connection
    
    Legend for interface status
    Up -- operational
    Dn -- down
    
    Instance: L2VPNA
    Edge protection: Not-Primary
      Local site: L2VPNA_PE4 (1)
        connection-site           Type  St     Time last up          # Up trans
        2                         rmt   Up     Jan  7 13:28:14 2010           1
          Remote PE: 1.1.1.1, Negotiated control-word: No
          Incoming label: 262162, Outgoing label: 262145
          Local interface: lsi.51380480, Status: Up, Encapsulation: VPLS
            Description: Intf - vpls L2VPNA local site 1 remote site 2
    
    [edit]
    

    Both mac addresses are flooded

    run show vpls mac-table logical-system PE1
    
    MAC flags       (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
        O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)
    
    Logical system   : PE1
    Routing instance : L2VPNA
     Bridging domain : __L2VPNA__, VLAN : NA
       MAC                 MAC      Logical          NH     RTR
       addresssss          flags    interface        Index  ID
       54:ab:3a:5f:11:a9   D        ge-0/1/8.700
       b8:70:f4:ae:6b:ec   D        lsi.17826048
    
    run show vpls mac-table logical-system PE4
    
    MAC flags       (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
        O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)
    
    Logical system   : PE4
    Routing instance : L2VPNA
     Bridging domain : __L2VPNA__, VLAN : NA
       MAC                 MAC      Logical          NH     RTR
       addresssss          flags    interface        Index  ID
       54:ab:3a:5f:11:a9   D        lsi.51380480
       b8:70:f4:ae:6b:ec   D        ge-0/1/9.600
    
    

    And both are in forwarding table:

    run show route forwarding-table family vpls
    Logical system: PE1
    Routing table: L2VPNA.vpls
    VPLS:
    Destination        Type RtRef Next hop           Type Index    NhRef Netif
    default            perm     0                    dscd      539     1
    lsi.17826048       intf     0                    indr  1048577     5
                                  192.168.0.6       Push 262162, Push 299808(top)      942     2 lt-0/2/0.3
    54:ab:3a:5f:11:a9/48 user     0                  ucst      917     5 ge-0/1/8.700
    0x30006/51         user     0                    comp      952     2
    b8:70:f4:ae:6b:ec/48 user     0                  indr  1048577     5
                                  192.168.0.6       Push 262162, Push 299808(top)      942     2 lt-0/2/0.3
    ge-0/1/8.700       intf     0                    ucst      917     5 ge-0/1/8.700
    0x30003/51         user     0                    comp      933     2
    0x30001/51         user     0                    comp      932     2
    
    Logical system: PE4
    Routing table: L2VPNA.vpls
    VPLS:
    Destination        Type RtRef Next hop           Type Index    NhRef Netif
    default            perm     0                    dscd      551     1
    lsi.51380480       intf     0                    indr  1048574     5
                                  192.168.0.13      Push 262145, Push 299824(top)      937     2 lt-0/2/0.8
    54:ab:3a:5f:11:a9/48 user     0                  indr  1048574     5
                                  192.168.0.13      Push 262145, Push 299824(top)      937     2 lt-0/2/0.8
    0x30005/51         user     0                    comp      946     2
    b8:70:f4:ae:6b:ec/48 user     0                  ucst      918     5 ge-0/1/9.600
    ge-0/1/9.600       intf     0                    ucst      918     5 ge-0/1/9.600
    0x30004/51         user     0                    comp      936     2
    0x30002/51         user     0                    comp      935     2
    

    But still i cannot ping CE1 from CE2

     



  • 2.  RE: MX104 vpls in logical system

     
    Posted 02-14-2018 07:54

     

    Since your using logical-system could you try to ping from PE to PE & see how it goes?

    ping vpls instance <name> destination-mac <MAC> source-ip <IpAddr> logical-system <name>

     

     

     

     

     

     

     

     



  • 3.  RE: MX104 vpls in logical system

    Posted 02-15-2018 07:44

    Hello.

    run show vpls mac-table logical-system PE1

    MAC flags       (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
        O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)
    
    Logical system   : PE1
    Routing instance : L2VPNA
     Bridging domain : __L2VPNA__, VLAN : NA
       MAC                 MAC      Logical          NH     RTR
       addresssss          flags    interface        Index  ID
       54:ab:3a:5f:11:a9   D        ge-0/1/8.700
       b8:70:f4:ae:6b:ec   D        lsi.68157697
    

    i got 54:ab:3a:5f:11:a9 connected to PE1 

    and b8:70:f4:ae:6b:ec on the other side

     

    On PE4:

    run show vpls mac-table logical-system PE4
    MAC flags       (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
        O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)
    
    Logical system   : PE4
    Routing instance : L2VPNA
     Bridging domain : __L2VPNA__, VLAN : NA
       MAC                 MAC      Logical          NH     RTR
       addresssss          flags    interface        Index  ID
       54:ab:3a:5f:11:a9   D        lsi.51380481
       b8:70:f4:ae:6b:ec   D        ge-0/1/9.600
    

    Then i ping from PE4

    run ping vpls instance L2VPNA logical-system PE4 destination-mac 54:ab:3a:5f:11:a9 source-ip 4.4.4.4
    ! -> MX-BRAS:L2VPNA:ge-0/1/8.700
    ! -> MX-BRAS:L2VPNA:ge-0/1/8.700
    ! -> MX-BRAS:L2VPNA:ge-0/1/8.700
    

    And from PE1

    run ping vpls instance L2VPNA logical-system PE1 destination-mac b8:70:f4:ae:6b:ec source-ip 1.1.1.1
    ! -> MX-BRAS:L2VPNA:ge-0/1/9.600
    ! -> MX-BRAS:L2VPNA:ge-0/1/9.600
    ! -> MX-BRAS:L2VPNA:ge-0/1/9.600
    ! -> MX-BRAS:L2VPNA:ge-0/1/9.600
    


  • 4.  RE: MX104 vpls in logical system

     
    Posted 02-15-2018 08:36

    Hi,

     

    An exclamation point (!) indicates that an echo reply was received and so that means ping is fine, you basically have end to end reachability. https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/ping-vpls-instance.html

     

    (If the CE is a L2 device, then try pinging from an end system at the site.)

     

     

     



  • 5.  RE: MX104 vpls in logical system

    Posted 02-15-2018 08:55

    The problem that i still cannot ping through the vpls-tunnel.

    I got two CE devices with IP address assigned and still no ping.



  • 6.  RE: MX104 vpls in logical system

     
    Posted 02-15-2018 09:26

    hmm.. could you add the family vpls on the PE-CE facing interfaces.

     

    ge-x/x/x {
        vlan-tagging;
        encapsulation vlan-vpls;
        unit xxx {
            encapsulation vlan-vpls;
            vlan-id xxx;
            family vpls;
        }
    }

     



  • 7.  RE: MX104 vpls in logical system

    Posted 02-15-2018 09:34

    I cannot do this in logical system - only to configure unit.

    But in default instance i got:

     

     top show interfaces
    ge-0/1/8 {
        vlan-tagging;
        encapsulation vlan-vpls;
    }
    ge-0/1/9 {
        vlan-tagging;
        encapsulation vlan-vpls;
    }
    


  • 8.  RE: MX104 vpls in logical system

     
    Posted 02-15-2018 09:36
    Could you attach your full config


  • 9.  RE: MX104 vpls in logical system
    Best Answer

     
    Posted 02-15-2018 09:45

     

    Just noticed vlans are different on PE-CE (PE1 & PE4).

    please configure same vlan at interface and update routing-instance with the correction.

     


    PE4:
            ge-0/1/9 {
                unit 600 {
                    encapsulation vlan-vpls;
                    vlan-id 600;
                }


    PE1:
    interfaces {
            ge-0/1/8 {
                unit 700 {
                    encapsulation vlan-vpls;
                    vlan-id 700;
                }
            }