Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
Expand all | Collapse all

L2 VPN site identifier auto provision questions

  • 1.  L2 VPN site identifier auto provision questions

    Posted 11-18-2020 12:20
    I am taking  JL2v training. Need some assistance to understand site identifier auto provision
    I understand this. 

    My question is local site identifier must be 1 for auto provision ?

    How does R3 know the remote site identifier in the following ?


    thanks in advance !!





  • 2.  RE: L2 VPN site identifier auto provision questions

    Posted 11-20-2020 06:38

    Hi, you can check https://tools.ietf.org/html/draft-ietf-l2vpn-signaling-08 for explanation of L2VPN signalling where Section 3.2.2.1 explains BGP-based auto-discovery process:

    In order to use BGP-based auto-discovery, there must be at least one
       globally unique identifier associated with a VPLS, and each such
       identifier must be encodable as an 8-byte Route Distinguisher (RD).
       Any method of assigning one or more unique identifiers to a VPLS and
       encoding each of them as an RD (using the encoding techniques of
       [RFC4364]) will do.


    There is no restriction for site-identifier required for auto-discovery process. This value is simply represents numerical identifier for the Layer 2 VPN site, which can be any number from 1 through 65,534.

    From JL2v materials you can also find the following explanation:

    Each interface listed under the l2vpn portion of a Layer 2 VPN VRF is associated with a remote site. Each subsequent interface inherits by default a site association that is one higher than the previous interface. The default inheritance value is increased by two when an interface's default inheritance would cause it to be associated with the PE router's local site identifier.



    ------------------------------
    Regards,
    Elchin
    ------------------------------



  • 3.  RE: L2 VPN site identifier auto provision questions

    Posted 11-20-2020 09:38
    I did some lab trying to understand this.  What I do not understand is the following:

    root@PE1# show routing-instances | display set
    set routing-instances CustA instance-type l2vpn
    set routing-instances CustA interface ge-0/0/1.0
    set routing-instances CustA interface ge-0/0/2.521
    set routing-instances CustA interface ge-0/0/2.522
    set routing-instances CustA interface ge-0/0/3.531
    set routing-instances CustA interface ge-0/0/3.532
    set routing-instances CustA route-distinguisher 192.168.100.1:1
    set routing-instances CustA vrf-target target:65100:65100
    set routing-instances CustA protocols l2vpn encapsulation-type ethernet-vlan
    set routing-instances CustA protocols l2vpn site Local-site-1 site-identifier 1
    set routing-instances CustA protocols l2vpn site Local-site-1 interface ge-0/0/2.521
    set routing-instances CustA protocols l2vpn site Local-site-1 interface ge-0/0/2.522
    set routing-instances CustA protocols l2vpn site Local-site-1 interface ge-0/0/3.531
    set routing-instances CustA protocols l2vpn site Local-site-6 site-identifier 6
    set routing-instances CustA protocols l2vpn site Local-site-6 interface ge-0/0/3.532 remote-site-id 7

    Local-site-1 has not remote-site-id configured, it is mapped to remote-site-id 2,3,4. 
    Can Local-site-6 use auto-provision to save the remote-site-id configuration ?  In my lab, if I do not configure remote-site-id, it does not work.  
    Also I remember jl2v training mentioning auto-provision only works for local site-identifier is 1, otherwise, you have to configure remote-site-id, I will double check.

    thanks a lot for your coaching !!



  • 4.  RE: L2 VPN site identifier auto provision questions

    Posted 11-20-2020 09:41
    site CE-B
       site-identifier 2
        interface ge-1/0/4.512    <= mapped to site 1  (starts assigning numbers from 1)
        interface ge-1/0/4.514    <= mapped to site 3  (skips 2 because that is the local site) ​
    site CE-C   
    site-identifier 3​ 
        interface ge-1/0/5.513   <= mapped to site 1
        interface ge-1/0/5.514   <= mapped to site 2

    Regards,


  • 5.  RE: L2 VPN site identifier auto provision questions

    Posted 11-20-2020 10:04
    thanks so much for your explanation. I got it now.


  • 6.  RE: L2 VPN site identifier auto provision questions

    Posted 11-21-2020 15:06
    Edited by ANDREY 11-21-2020 17:26

    Hi!

    i don't understand some moments
    1) Why does the PE need to associate an interface with a site-id? We've site-id for label computation between remote PE for each instance, so we get the service label

    2)

    What will happen with site id association on R1 on the interface ge-1/0/4.512 (now, ge-1/0/4.512 has association with site 2) if we well be connect another site to R2 with SiteID = 4 and interface with tag 512?

    3) Why order in which interface was added is important in site hierarchy?



    ------------------------------
    ANDREY 
    ------------------------------



  • 7.  RE: L2 VPN site identifier auto provision questions
    Best Answer

    Posted 11-21-2020 19:58
    Edited by gongyayu 11-24-2020 22:37
    1) Why does the PE need to associate an interface with a site-id? We've site-id for label computation between remote PE for each instance, so we get the service label? 

    Because these connections are point to point, and each logical interface is associated with a remote site.  In your diagram: 

    interface ge-1/0/4.512 is mapped to remote site 2
    interface ge-1/0/4.513 is mapped to remote site 3 

    NOTE: you can tell by the IP addresses, and BTW the address of CE_C for unit 513 should be 10.0.11.2/24 

    When a packet arrives on interface ge-1/0/4.512 (packet with vlan 512), PE1 will sent it to PE3.  Before sending the packet it will push the label that indicates that this packet is intended for Site 2 (2002 for example), and the label to get to PE3  (LDP label). 
    When a packet arrives on interface ge-1/0/4.513 (packet with vlan 513), PE1 will sent it to PE3. Before sending the packet it will  push the label that indicates that this packet is intended for Site 3 (2003 for example), and the label to get to PE3  (LDP label). 

    And yes, the L3VPN (service) labels to send traffic to SITE 2 and SITE3 are pre-calculated by PE1 based on the information received from PE3 via BGP.  

    2) What will happen with site id association on R1 on the interface ge-1/0/4.512 (now, ge-1/0/4.512 has association with site 2) if we well be connect another site to R2 with SiteID = 4 and interface with tag 512?

    Not sure what you are trying to do here.  But I suppose you meant adding SITE 4 to PE3, like this:  

    If that is the case,  there will be no communication between SITE 1 and SITE 4 unless you add an additional interface on PE1.

    Currently,  your configuration should look similar to this:

    set routing-instances CUSTOMER protocols l2vpn site CEA site-identifier 1
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.512
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.513

    Which is how interface ge-0/0/2.512  is mapped to SITE 2 and interface ge-0/0/2.513  is mapped to SITE 3. 

    You would need to add another interface on PE1, that is mapped to SITE 4 and use a different VLAN ID, and IP subnet. 


    The configuration of PE1 should now look like this:

    set routing-instances CUSTOMER protocols l2vpn site CEA site-identifier 1
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.512
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.513
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.514 
    <= automatically mapped to remote site 4. 

    NOTE: unit number on SITE 4  is still 512; it doesn't matter as long as the vlan-id matches (for your sanity, it is better to make it 514 as well). 

    This brings me to your third question:

    3) Why order in which interface was added is important in site hierarchy?

    Because unless you manually map each interface with the remote site, the order on which the interfaces are configured determines the automatic mappings done by the router. 

    NOTE
    : the mapping starts at 1, but skips the local site id. 

    This configuration:

    set routing-instances CUSTOMER protocols l2vpn site CEA site-identifier 1
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.514 
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.512
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.513


    Would cause the router to map interface ge-0/0/2.514  to site 2, interface ge-0/0/2.512 to site 3, and interface ge-0/0/2.513 to site 4, which is NOT right. 

    So, you want to either be careful with how you enter the interfaces, or manually map to the remote site ids: 

    set routing-instances CUSTOMER protocols l2vpn site CEA site-identifier 1
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.514 remote-site-id 4
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.512 remote-site-id 2
    set routing-instances CUSTOMER protocols l2vpn site CEA interface ge-0/0/2.513 remote-site-id 3


    Regards, 



    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 8.  RE: L2 VPN site identifier auto provision questions

    Posted 11-22-2020 04:23
    wow that's  great explanation!! Thank you

    ------------------------------
    ANDREY
    ------------------------------



  • 9.  RE: L2 VPN site identifier auto provision questions

    Posted 11-22-2020 10:33
    thanks a million !!


  • 10.  RE: L2 VPN site identifier auto provision questions

    Posted 11-24-2020 22:40
    Thanks a million for your explanation.  Today I passed JNCIP SP exam. Your clear explanation helps a lot !!


  • 11.  RE: L2 VPN site identifier auto provision questions

    Posted 11-24-2020 23:01
    OMG !  You are more than welcome! 

    CONGRATULATIONS!!!! 


  • 12.  RE: L2 VPN site identifier auto provision questions

    Posted 12-17-2020 04:56

    Hi 
    i've question about error "out of range" when i set site-identifier 1 on one site and set site-identifier 5 on another site. eg:

    root@PE1> show configuration routing-instances test
    instance-type l2vpn;
    interface ge-0/0/3.992;
    route-distinguisher 10.100.10.1:2205;
    vrf-target target:65500:2205;
    protocols {
        l2vpn {
            encapsulation-type ethernet-vlan;
            site test {
                site-identifier 1;
                interface ge-0/0/3.992;
            }
        }
    }
    
    root@PE2> show configuration routing-instances test
    instance-type l2vpn;
    interface ge-0/0/3.992;
    route-distinguisher 10.100.10.2:2205;
    vrf-target target:65500:2205;
    protocols {
        l2vpn {
            encapsulation-type ethernet-vlan;
            site test {
                site-identifier 5;
                interface ge-0/0/3.992;
            }
        }
    }
    

    output of show l2vpn connections instance test extensive command:

    root@PE1> show l2vpn connections instance test extensive
    Instance: test
      Local site: test (1)
        Number of local interfaces: 1
        Number of local interfaces up: 1
        ge-0/0/3.992        2
            Interface flags: VC-Down
        Label-base        Offset     Size  Range     Preference
        800288            1          2      2         100
          status-vector:  0
        connection-site           Type  St     Time last up          # Up trans
        5                         rmt   OR
    
    root@PE2> show l2vpn connections instance test extensive
    Instance: test
      Local site: test (5)
        Number of local interfaces: 1
        Number of local interfaces up: 1
        ge-0/0/3.992        1
            Interface flags: VC-Down
        Label-base        Offset     Size  Range     Preference
        800020            1          2      1         100
          status-vector:  0
        connection-site           Type  St     Time last up          # Up trans
        1                         rmt   OR
    

    in output shown that PE1 has range 2, PE2 has range 1

    when i'm changing the site-identifier on PE1 from 1 to 3 then range changing to 1

    Instance: test
      Local site: test (3)
        Number of local interfaces: 1
        Number of local interfaces up: 1
        ge-0/0/3.992        1
        Label-base        Offset     Size  Range     Preference
        800290            1          2      1         100
          status-vector:  0
        connection-site           Type  St     Time last up          # Up trans
        5                         rmt   OR
    

    why? i don't understand how it work ? how range calculations does?

    what "out of range" is mean?



    ------------------------------
    ANDREY
    ------------------------------



  • 13.  RE: L2 VPN site identifier auto provision questions

    Posted 12-17-2020 08:57

    Did you try remote-site-id on both sites ?




  • 14.  RE: L2 VPN site identifier auto provision questions

    Posted 12-17-2020 10:00

    no i didn't, what for?  i wanna understand how it works automatically



    ------------------------------
    ANDREY
    ------------------------------



  • 15.  RE: L2 VPN site identifier auto provision questions

    Posted 12-17-2020 10:20

    If you want to use auto provision, the explanation given by Ylara  is the best.  I took Juniper JL2V training and did not understand until I read Ylara's explanations.

    If you do not use auto provision, you need to specify remote-site-id.

    That's my understand.





  • 16.  RE: L2 VPN site identifier auto provision questions

    Posted 12-17-2020 10:32

    my question not about site-id and their calculations.
    how site range calculations does? Why if PE1 has site-identifier 1 has range = 1, but PE2 has site-identifier 5 and has some range as PE1

    if i change site-id on PE1 from 1 to 3, the range also change from 1 to 2,  why 2, why not 3



    ------------------------------
    ANDREY
    ------------------------------