Routing

 View Only
last person joined: 16 hours ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  J-6350 MPLS Support

    Posted 04-15-2009 19:51

    Hello all,

     

    I'm working with a J-6350 running JunOS 9.4R1.8 (ES) and I have a question regarding MPLS capabilities. Can the four integrated 10/100/1000 ports be used in L2 circuits? Specifically, do those ports support configurations for multiple VLAN CCC to multiple other locations?

     

     I can get the OSPF, LDP, and the L2 circuit to come online and working correctly; however, frames tagged with the proper VLAN (600) do not traverse the environment for some reason. After a couple days of troubleshooting, the best thing I've come up with is that the ports themselves can't perform the function. So I'm grasping at straws (if you couldn't already tell!).

     

    And help or direction is greatly appreciated!

     

    -brad

     

    Here's the config that I have setup in our lab:

     

    interfaces {
         ge-0/0/0 {
             description "Uplink to Core";
             enable;
             unit 0 {
                 family inet {
                     address 164.113.192.130/30;
                 }
                 family mpls;
             }
         }
         ge-0/0/1 {
             description "MPLS-enabled Drop Port -- to CE";
             vlan-tagging;
             encapsulation vlan-ccc;
             unit 10 {
                 encapsulation vlan-ccc;
                 vlan-id 600;
             }
         }
         lo0 {
             description loopback;
             unit 0 {
                 family inet {
                     address 164.113.199.108/32;
                 }
             }
         }
    }
    protocols {
         mpls {
             interface all;
         }
         ospf {
             traceoptions {
                 file ospf;
             }
             traffic-engineering;
             area 0.0.0.0 {
                 interface ge-0/0/0.0;
                 interface lo0.0;
                 interface ge-0/0/1.10 {
                     disable;
                 }
             }
         }
         ldp {
             interface ge-0/0/0.0;
             interface ge-0/0/1.10 {
                 disable;
             }
             interface all;
         }
         l2circuit {
             neighbor 164.113.199.103 {
                 interface ge-0/0/1.10 {
                     virtual-circuit-id 2;
                 }
             }
         }
    }
    security {
         zones {
             security-zone trust {
                 interfaces {
                     all {
                         host-inbound-traffic {
                             system-services {
                                 all;
                             }
                             protocols {
                                 ospf;
                                 all;
                             }
                         }
                     }
                 }
             }
         }
         policies {
             default-policy {
                 permit-all;
             }
         }
    }

     



  • 2.  RE: J-6350 MPLS Support
    Best Answer

    Posted 04-27-2009 06:52

    The source of the issue was Junos Enhanced Services and a missing configuration parameter.

     

    I needed to set the following:


    set security forwarding-options family mpls mode packet-based

     

     That makes sense now that I know its there. If anyone from the Juniper Family is lurking, please add this to either the documentation for Junos MPLS config or to the J-Series specific docs!


    #JunosES
    #MPLS
    #6350


  • 3.  RE: J-6350 MPLS Support

    Posted 04-27-2009 21:40

    Before enabling mpls packet-based mode, know that there is a consequence for IPv4 forwarding:

     

    dbackman@jsr2320# commit

    [edit security]
      'policies'
        security policies not allowed when [security forwarding-options family mpls mode] is packet-based
    [edit security forwarding-options family]
      'mpls'
        MPLS mode packet-based not allowed when [security policies] are configured.
    error: commit failed: (statements constraint check failed)

     

    Enabling this command will revert IPv4 packet forwarding to packet-based as well, which means that the JSR will behave like the classic stateless J series.  Since it is no longer flow-based, the [ edit security ] section cannot be used.

     

    In packet-based mode stateless firewall filters, those configured in [ edit firewall ] will still work, but the stateful firewall policies and screening will no longer work.



  • 4.  RE: J-6350 MPLS Support

    Posted 09-30-2009 02:38

    a) Will it be possbile to comboine flow based forwarding for IPv4 and packet based for MPLS in the future?

    b) WIll MPLS ever be flow based? (in some sense at least)

    c) And, if a) is implemented, will it be possible to revert IPv4 to packet based if that is wanted?

     



  • 5.  RE: J-6350 MPLS Support

    Posted 10-06-2009 05:43

    Dear Backman,

    how are you?

    i have a little query regarding your post at juniper forum.

     

    a) does the Junos-ES firewall filters support Stateless or Statefull firewalling after enabling the "packet-mode" MPLS, in security hireachy.

     

    b) Is there any option or work-around that i can work with both security policies & MPLS ?

     

     

    If you have any document from juniper related to this issue, can u please share ?



  • 6.  RE: J-6350 MPLS Support

    Posted 01-19-2011 22:30

    Junos-Security in packet-mode acts like a traditional router, thus you are able to use firewall filters.

     

    I would recommend the Junos Security book for further details:

     

    http://www.juniper.net/us/en/training/jnbooks/junos_security.html