Routing

Expand all | Collapse all

L2 VPN site identifier auto provision questions

Jump to Best Answer
  • 1.  L2 VPN site identifier auto provision questions

    Posted 7 days ago
    I am taking  JL2v training. Need some assistance to understand site identifier auto provision
    I understand this. 

    My question is local site identifier must be 1 for auto provision ?

    How does R3 know the remote site identifier in the following ?


    thanks in advance !!





  • 2.  RE: L2 VPN site identifier auto provision questions

    Posted 5 days ago

    Hi, you can check https://tools.ietf.org/html/draft-ietf-l2vpn-signaling-08 for explanation of L2VPN signalling where Section 3.2.2.1 explains BGP-based auto-discovery process:

    In order to use BGP-based auto-discovery, there must be at least one
       globally unique identifier associated with a VPLS, and each such
       identifier must be encodable as an 8-byte Route Distinguisher (RD).
       Any method of assigning one or more unique identifiers to a VPLS and
       encoding each of them as an RD (using the encoding techniques of
       [RFC4364]) will do.


    There is no restriction for site-identifier required for auto-discovery process. This value is simply represents numerical identifier for the Layer 2 VPN site, which can be any number from 1 through 65,534.

    From JL2v materials you can also find the following explanation:

    Each interface listed under the l2vpn portion of a Layer 2 VPN VRF is associated with a remote site. Each subsequent interface inherits by default a site association that is one higher than the previous interface. The default inheritance value is increased by two when an interface's default inheritance would cause it to be associated with the PE router's local site identifier.



    ------------------------------
    Regards,
    Elchin
    ------------------------------



  • 3.  RE: L2 VPN site identifier auto provision questions

    Posted 5 days ago
    I did some lab trying to understand this.  What I do not understand is the following:

    root@PE1# show routing-instances | display set
    set routing-instances CustA instance-type l2vpn
    set routing-instances CustA interface ge-0/0/1.0
    set routing-instances CustA interface ge-0/0/2.521
    set routing-instances CustA interface ge-0/0/2.522
    set routing-instances CustA interface ge-0/0/3.531
    set routing-instances CustA interface ge-0/0/3.532
    set routing-instances CustA route-distinguisher 192.168.100.1:1
    set routing-instances CustA vrf-target target:65100:65100
    set routing-instances CustA protocols l2vpn encapsulation-type ethernet-vlan
    set routing-instances CustA protocols l2vpn site Local-site-1 site-identifier 1
    set routing-instances CustA protocols l2vpn site Local-site-1 interface ge-0/0/2.521
    set routing-instances CustA protocols l2vpn site Local-site-1 interface ge-0/0/2.522
    set routing-instances CustA protocols l2vpn site Local-site-1 interface ge-0/0/3.531
    set routing-instances CustA protocols l2vpn site Local-site-6 site-identifier 6
    set routing-instances CustA protocols l2vpn site Local-site-6 interface ge-0/0/3.532 remote-site-id 7

    Local-site-1 has not remote-site-id configured, it is mapped to remote-site-id 2,3,4. 
    Can Local-site-6 use auto-provision to save the remote-site-id configuration ?  In my lab, if I do not configure remote-site-id, it does not work.  
    Also I remember jl2v training mentioning auto-provision only works for local site-identifier is 1, otherwise, you have to configure remote-site-id, I will double check.

    thanks a lot for your coaching !!



  • 4.  RE: L2 VPN site identifier auto provision questions

     
    Posted 5 days ago
    site CE-B
       site-identifier 2
        interface ge-1/0/4.512    <= mapped to site 1  (starts assigning numbers from 1)
        interface ge-1/0/4.514    <= mapped to site 3  (skips 2 because that is the local site) ​
    site CE-C   
    site-identifier 3​ 
        interface ge-1/0/5.513   <= mapped to site 1
        interface ge-1/0/5.514   <= mapped to site 2

    Regards,

    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 5.  RE: L2 VPN site identifier auto provision questions

    Posted 5 days ago
    thanks so much for your explanation. I got it now.


  • 6.  RE: L2 VPN site identifier auto provision questions

    Posted 4 days ago

    Hi!

    i don't understand some moments
    1) Why does the PE need to associate an interface with a site-id? We've site-id for label computation between remote PE for each instance, so we get the service label

    2)

    What will happen with site id association on R1 on the interface ge-1/0/4.512 (now, ge-1/0/4.512 has association with site 2) if we well be connect another site to R2 with SiteID = 4 and interface with tag 512?

    3) Why order in which interface was added is important in site hierarchy?



    ------------------------------
    ANDREY 
    ------------------------------



  • 7.  RE: L2 VPN site identifier auto provision questions
    Best Answer

     
    Posted 4 days ago
    1) Why does the PE need to associate an interface with a site-id? We've site-id for label computation between remote PE for each instance, so we get the service label? 

    Because these connections are point to point, and each logical interface is associated with a remote site.  In your diagram: 

    interface ge-1/0/4.512 is mapped to remote site 2
    interface ge-1/0/4.513 is mapped to remote site 3 

    NOTE: you can tell by the IP addresses, and BTW the address of CE_C for unit 513 should be 10.0.11.2/24 

    When a packet arrives on interface ge-1/0/4.512 (packet with vlan 512), PE1 will sent it to PE3.  Before sending the packet it will push the label that indicates that this packet is intended for Site 2 (2002 for example), and the label to get to PE3  (LDP label). 
    When a packet arrives on interface ge-1/0/4.513 (packet with vlan 513), PE1 will sent it to PE3. Before sending the packet it will  push the label that indicates that this packet is intended for Site 3 (2003 for example), and the label to get to PE3  (LDP label). 

    And yes, the L3VPN (service) labels to send traffic to SITE 2 and SITE3 are pre-calculated by PE1 based on the information received from PE3 via BGP.  

    2) What will happen with site id association on R1 on the interface ge-1/0/4.512 (now, ge-1/0/4.512 has association with site 2) if we well be connect another site to R2 with SiteID = 4 and interface with tag 512?

    Not sure what you are trying to do here.  But I suppose you meant adding SITE 4 to PE3, like this:  

    If that is the case,  there will be no communication between SITE 1 and SITE 4 unless you add an additional interface on PE1.

    Currently,  your configuration should look similar to this:

    set routing-instances CUSTOMER protocols l2vpn site CEA site-identifier 1
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.512
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.513

    Which is how interface ge-0/0/2.512  is mapped to SITE 2 and interface ge-0/0/2.513  is mapped to SITE 3. 

    You would need to add another interface on PE1, that is mapped to SITE 4 and use a different VLAN ID, and IP subnet. 


    The configuration of PE1 should now look like this:

    set routing-instances CUSTOMER protocols l2vpn site CEA site-identifier 1
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.512
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.513
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.514 
    <= automatically mapped to remote site 4. 

    NOTE: unit number on SITE 4  is still 512; it doesn't matter as long as the vlan-id matches (for your sanity, it is better to make it 514 as well). 

    This brings me to your third question:

    3) Why order in which interface was added is important in site hierarchy?

    Because unless you manually map each interface with the remote site, the order on which the interfaces are configured determines the automatic mappings done by the router. 

    NOTE
    : the mapping starts at 1, but skips the local site id. 

    This configuration:

    set routing-instances CUSTOMER protocols l2vpn site CEA site-identifier 1
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.514 
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.512
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.513


    Would cause the router to map interface ge-0/0/2.514  to site 2, interface ge-0/0/2.512 to site 3, and interface ge-0/0/2.513 to site 4, which is NOT right. 

    So, you want to either be careful with how you enter the interfaces, or manually map to the remote site ids: 

    set routing-instances CUSTOMER protocols l2vpn site CEA site-identifier 1
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.514 remote-site-id 4
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.512 remote-site-id 2
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.513 remote-site-id 3


    Regards, 



    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 8.  RE: L2 VPN site identifier auto provision questions

    Posted 3 days ago
    wow that's  great explanation!! Thank you

    ------------------------------
    ANDREY
    ------------------------------



  • 9.  RE: L2 VPN site identifier auto provision questions

    Posted 3 days ago
    thanks a million !!


  • 10.  RE: L2 VPN site identifier auto provision questions

    Posted yesterday
    Thanks a million for your explanation.  Today I passed JNCIP SP exam. Your clear explanation helps a lot !!


  • 11.  RE: L2 VPN site identifier auto provision questions

     
    Posted yesterday
    OMG !  You are more than welcome! 

    CONGRATULATIONS!!!! 

    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------