Routing

Dear all,

 

After search a lot on web for this problem,  I still couldn't find a reasonable solution for it. Hope someone can help me here. 🙂

 

I have the following config (that works!) on both my VPLS PEs:

 

PE1 - "PIT" router:

set routing-instances VPLS_VLAN_2008 instance-type vpls
set routing-instances VPLS_VLAN_2008 vlan-id 3566
set routing-instances VPLS_VLAN_2008 interface ae0.2008
set routing-instances VPLS_VLAN_2008 routing-interface irb.3566
set routing-instances VPLS_VLAN_2008 protocols vpls no-tunnel-services
set routing-instances VPLS_VLAN_2008 protocols vpls vpls-id 2008
set routing-instances VPLS_VLAN_2008 protocols vpls mtu 9198
set routing-instances VPLS_VLAN_2008 protocols vpls neighbor 2.2.2.2

 

PE2 - "BRO" router:

set routing-instances VPLS_VLAN_2008 instance-type vpls
set routing-instances VPLS_VLAN_2008 vlan-id 3566
set routing-instances VPLS_VLAN_2008 interface ae0.2008
set routing-instances VPLS_VLAN_2008 routing-interface irb.3566
set routing-instances VPLS_VLAN_2008 protocols vpls no-tunnel-services
set routing-instances VPLS_VLAN_2008 protocols vpls vpls-id 2008
set routing-instances VPLS_VLAN_2008 protocols vpls mtu 9198
set routing-instances VPLS_VLAN_2008 protocols vpls neighbor 5.5.5.5

 

It happens that both my neighbors IDs are also the router-ids from PE1 and PE2. This router-id is also a lo0 interface in area 0, but since I need to have some other VPLS connections with IPs that are not  in OSPF area 0, I'm having problems to come up with a config that works.

 

I already tried:

- Include a new IP on lo0, this time associated with OSPF area 72 and use it as the neighbor:

 

root@BRO# show | display set | match ospf
set protocols ospf area 0.0.0.0 interface ae1.4094
set protocols ospf area 0.0.0.0 interface 2.2.2.2
set protocols ospf area 0.0.0.72 interface 10.10.10.72
set protocols ospf area 0.0.0.72 interface ae0.4094

 

root@BRO# show | display set | match lo0
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set interfaces lo0 unit 0 family inet address 10.10.10.72/32
set protocols ldp interface lo0.0

 

Or even use interface ae0.4094, that also is associated with OSPF area 72.

 

VPLS is always "not ougoing label" when I try this:

 

Instance: VPLS_VLAN_2008
VPLS-id: 2008
Neighbor Type St Time last up # Up trans
10.10.10.72(vpls-id 2008) rmt OL

 

This is my topology:

 

 

Thanks lots!!!

Not sure if I misunderstood the question. There’s no special config required for vpls peer in another ospf area.

Here’s my config
PE1:

[edit]
root@PE1_re# show protocols ospf
area 0.0.0.0 {
interface ge-0/0/3.0;
interface lo0.0;
}
area 0.0.0.72 {
interface ge-0/0/4.0;
}

[edit]
root@PE1_re#
root@PE1_re# show interfaces lo0
unit 0 {
family inet {
address 172.16.0.11/32;
}
family iso {
address 49.0000.0172.0016.0011.00;
}
}

[edit]
root@PE1_re#

[edit]
root@PE1_re# show routing-instances
test {
instance-type vpls;
interface ge-0/0/1.0;
protocols {
vpls {
no-tunnel-services;
vpls-id 100;
neighbor 172.16.0.1;
}
}
}

[edit]
root@PE1_re#
root@PE1_re# run show vpls connections
Layer-2 VPN connections:

Legend for connection status (St)
EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down NP -- interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned <- -- only inbound connection is up
OR -- out of range Up -- operational
OL -- no outgoing label Dn -- down
LD -- local site signaled down CF -- call admission control failure
RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
MM -- MTU mismatch MI -- Mesh-Group ID not available
BK -- Backup connection ST -- Standby connection
PF -- Profile parse failure PB -- Profile busy
RS -- remote site standby SN -- Static Neighbor
LB -- Local site not best-site RB -- Remote site not best-site
VM -- VLAN ID mismatch HS -- Hot-standby Connection

Legend for interface status
Up -- operational
Dn -- down

Instance: test
VPLS-id: 100
Neighbor Type St Time last up # Up trans
172.16.0.1(vpls-id 100) rmt Up Oct 6 08:56:57 2018 1
Remote PE: 172.16.0.1, Negotiated control-word: No
Incoming label: 262145, Outgoing label: 262145
Negotiated PW status TLV: No
Local interface: lsi.1048576, Status: Up, Encapsulation: ETHERNET
Description: Intf - vpls test neighbor 172.16.0.1 vpls-id 100
Flow Label Transmit: No, Flow Label Receive: No

[edit]
root@PE1_re#



P1:


[edit]
root@P1_re# show interfaces lo0
unit 0 {
family inet {
address 172.16.0.1/32;
}
family iso {
address 49.0000.0172.0016.0001.00;
}
}

[edit]
root@P1_re#

[edit]
root@P1_re# show protocols ospf
area 0.0.0.72 {
interface lo0.0;
interface ge-0/0/1.0;
}

[edit]
root@P1_re#
[edit]
root@P1_re# show routing-instances
test {
instance-type vpls;
interface ge-0/0/2.0;
protocols {
vpls {
no-tunnel-services;
vpls-id 100;
neighbor 172.16.0.11;
}
}
}

[edit]
root@P1_re#
root@P1_re# run show vpls connections
Layer-2 VPN connections:

Legend for connection status (St)
EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down NP -- interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned <- -- only inbound connection is up
OR -- out of range Up -- operational
OL -- no outgoing label Dn -- down
LD -- local site signaled down CF -- call admission control failure
RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
MM -- MTU mismatch MI -- Mesh-Group ID not available
BK -- Backup connection ST -- Standby connection
PF -- Profile parse failure PB -- Profile busy
RS -- remote site standby SN -- Static Neighbor
LB -- Local site not best-site RB -- Remote site not best-site
VM -- VLAN ID mismatch HS -- Hot-standby Connection

Legend for interface status
Up -- operational
Dn -- down

Instance: test
VPLS-id: 100
Neighbor Type St Time last up # Up trans
172.16.0.11(vpls-id 100) rmt Up Oct 6 08:56:52 2018 1
Remote PE: 172.16.0.11, Negotiated control-word: No
Incoming label: 262145, Outgoing label: 262145
Negotiated PW status TLV: No
Local interface: lsi.1048576, Status: Up, Encapsulation: ETHERNET
Description: Intf - vpls test neighbor 172.16.0.11 vpls-id 100
Flow Label Transmit: No, Flow Label Receive: No

[edit]
root@P1_re#

Hey Kingsman!

 

Thanks for your help on this.

 

I believe we have different scenarios here. Actually I need to have a VPLS tunnel working with links that are inside of OSPF area 72. This is not possible in my config, because my router-id/lo0 is part of OSPF area 0.

 

I saw that in PE1, you have lo0 being part only of OSPF area 0.

 

root@PE1_re# show interfaces lo0
unit 0 {
family inet {
address 172.16.0.11/32;

 

[edit]
root@PE1_re# show protocols ospf
area 0.0.0.0 {
interface ge-0/0/3.0;
interface lo0.0;
}
area 0.0.0.72 {
interface ge-0/0/4.0;
}

Hello,

 

---

@joaosouza wrote:

 

 

root@BRO# show | display set | match ospf
set protocols ospf area 0.0.0.0 interface ae1.4094
set protocols ospf area 0.0.0.0 interface 2.2.2.2
set protocols ospf area 0.0.0.72 interface 10.10.10.72
set protocols ospf area 0.0.0.72 interface ae0.4094

 

 

---

 

AFAIK, this particular config doesn't work for OSPF - only the first line (area 0.0.0.0 interface 2.2.2.2) will make it into OSPF LSDB.

 

---

@joaosouza wrote:

set protocols ospf area 0.0.0.72 interface ae0.4094

 

<skip>

 

Or even use interface ae0.4094, that also is associated with OSPF area 72.

 

VPLS is always "not ougoing label" when I try this:

 

 

---

 This attempt -  forcing the LDP endpoint to be not loopback but revenue interface - does not work for another 2 reasons:

1/ by default, JUNOS assigns LDP label to loopback only. To assign label to ae0.4094 IP, use LDP egress policy on BRO

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/egress-policy-edit-protocols-ldp.html

2/ "psn-tunnel-endpoint" knob is missing on the remote neighbor

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/psn-tunnel-endpoint-edit-protocols-l2circuit.html

Add this knob to remote neighbor (under [edit routing-instances BLAH protocols vpls neighbor XYZ]) to point to ae0.4094 IP address on BRO

HTH

Thx

Alex

Hey aarseniev,

 

Your input definitely help me tshoot this problem. Thanks lots!!

 

 On BRO , I applied ldp export policy as follows:

 

set protocols ldp egress-policy ldp-vpls-export
set protocols ldp interface ae0.4094
set protocols ldp interface lo0.0

set policy-options policy-statement ldp-vpls-export term 1 from protocol local
set policy-options policy-statement ldp-vpls-export term 1 from route-filter 172.16.10.1/32 exact
set policy-options policy-statement ldp-vpls-export term 1 then accept
set policy-options policy-statement ldp-vpls-export term 2 from protocol direct
set policy-options policy-statement ldp-vpls-export term 2 from route-filter 2.2.2.2/32 exact
set policy-options policy-statement ldp-vpls-export term 2 then accept

 

On PIT (remote neighbor), I added psn-tunnel-endpoint 172.16.10.1 = ae0.4094 BRO IP address.

set routing-instances VPLS_VLAN_2008 instance-type vpls
set routing-instances VPLS_VLAN_2008 vlan-id 3566
set routing-instances VPLS_VLAN_2008 interface ae0.2008
set routing-instances VPLS_VLAN_2008 routing-interface irb.3566
set routing-instances VPLS_VLAN_2008 protocols vpls no-tunnel-services
set routing-instances VPLS_VLAN_2008 protocols vpls vpls-id 2008
set routing-instances VPLS_VLAN_2008 protocols vpls mtu 9198
set routing-instances VPLS_VLAN_2008 protocols vpls neighbor 2.2.2.2 psn-tunnel-endpoint 172.16.10.1

 

Let's see the results!

 

on  BRO:
Instance: VPLS_VLAN_2008
VPLS-id: 2008
Neighbor Type St Time last up # Up trans
5.5.5.5(vpls-id 2008) rmt OL

 

Output label database, 2.2.2.2:0--5.5.5.5:0
Label Prefix
3 2.2.2.2/32
299872 4.4.4.4/32
299904 5.5.5.5/32
299888 6.6.6.6/32
3 172.16.10.1/32
262145 L2CKT NoCtrlWord ETHERNET VC 2008 >>> I believe this is the local label

 

on PIT:
Instance: VPLS_VLAN_2008
VPLS-id: 2008
Neighbor Type St Time last up # Up trans
2.2.2.2(vpls-id 2008) rmt VC-Dn Oct 6 18:40:32 2018 1
Remote PE: 2.2.2.2, Negotiated control-word: No
Incoming label: 262150 >>> LOCAL , Outgoing label: 262145 >>> REMOTE 
Negotiated PW status TLV: No
Local interface: lsi.1049089, Status: Up, Encapsulation: ETHERNET
Description: Intf - vpls VPLS_VLAN_2008 neighbor 2.2.2.2 vpls-id 2008
Flow Label Transmit: No, Flow Label Receive: No

 

So, we can see that some labels started to flow on the network already. 

 

I'm trying to investigate why PIT is not send labels to BRO.

Hi team,

 

Spent all day working on this, but  I'm not so confident that we can enable a VPLS session without using a loopback.

 

I'm exporting ae0.4090 on ldp policy +  psn-tunnel-endpoint, but VPLS session is not going up.

Hello,

 

---

@joaosouza wrote:

 

I'm exporting ae0.4090 on ldp policy +  psn-tunnel-endpoint, but VPLS session is not going up.

---

 

 

Please make sure both are known via IGP.

LDP checks IGP for the exact route including netmask and in Your case it's /32 for router-id IP and /32 for ae0.4090 IP You use as "psn-tunnel-endpoint".

If You don't have /32 in the IGP for ae0.4090 IP, the enable LDP longest-match (requires JUNOS 16.1+)

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/longest-match-edit-protocols-ldp.html

HTH

Thx

Alex