SRX

Hi Team,

I manage two branch sites where I've set up an L2VPN using OSPF as the IGP and BGP protocol (SRX 320). I can successfully conduct layer-2 pings between these two sites. However, these branches are connected by two WAN links (1st Dedicated Fiber & 2nd ISP). When I break the fiber link, my traffic switches back to the ISP link. The issue arises when the fiber link is restored; the L2 traffic between these sites doesn't automatically revert back to its primary path(Fiber link). To get the traffic back on the primary path (fiber link), we either have to clear the OSPF database or physically remove the ISP link. Interestingly, I have different subnet traffic between these two sites, and that reverts back to the primary path (fiber link) automatically. The non-revertive behavior is specific to L2 traffic.

Could you please guide me on how to configure L2VPN with dual WAN links and with preemption/revertive capability?

------------------------------
vishal agavane
------------------------------

For reverting back to the primary path after a failover event you would configure the revert timer value.  This would be how long the original path is back online before the switchover occurs to prevent flapping.

Assuming you have an LSP under the vpn this would be the documentation.

https://www.juniper.net/documentation/us/en/software/junos/mpls/topics/topic-map/primary-secondary-static-lsp-configuration.html#id-21798

------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
------------------------------

Original Message:
Sent: 11-21-2023 11:26
From: vishal agavane
Subject: L2VPN doesn't revert back traffic back to primary IGP path automatically

Hi Team,

I manage two branch sites where I've set up an L2VPN using OSPF as the IGP and BGP protocol (SRX 320). I can successfully conduct layer-2 pings between these two sites. However, these branches are connected by two WAN links (1st Dedicated Fiber & 2nd ISP). When I break the fiber link, my traffic switches back to the ISP link. The issue arises when the fiber link is restored; the L2 traffic between these sites doesn't automatically revert back to its primary path(Fiber link). To get the traffic back on the primary path (fiber link), we either have to clear the OSPF database or physically remove the ISP link. Interestingly, I have different subnet traffic between these two sites, and that reverts back to the primary path (fiber link) automatically. The non-revertive behavior is specific to L2 traffic.

Could you please guide me on how to configure L2VPN with dual WAN links and with preemption/revertive capability?

------------------------------
vishal agavane
------------------------------

Hi Steve,

Thank you for your response. Currently, I have implemented an RPM probe to deactivate and reactivate the secondary link (ge-0/0/0) using below mentioned command. If feasible, please review my configuration and recommend appropriate adjustments to achieve the same outcome without relying on the RPM probe.

-----------

set security forwarding-options family mpls mode packet-based

set interfaces ge-0/0/0 unit 0 family mpls -- Secondary Link

set interfaces ge-0/0/1 unit 0 family mpls -- Primary link

set interfaces lo0 unit 0 family mpls

------L2 interface)------

set interfaces ge-0/0/2 encapsulation ethernet-ccc
set interfaces ge-0/0/2 unit 0 family ccc

set interfaces ge-0/0/3 encapsulation ethernet-ccc
set interfaces ge-0/0/3 unit 0 family ccc

------

set interfaces lo0 unit 0 family inet address 2.2.2.2/32

---------- (below configuration applied for ge-0/0/3)-----

set routing-instances L2VPN protocols l2vpn site LAN-A interface ge-0/0/2.0 remote-site-id 1
set routing-instances L2VPN protocols l2vpn site LAN-A site-identifier 2
set routing-instances L2VPN protocols l2vpn site LAN-A ignore-encapsulation-mismatch
set routing-instances L2VPN protocols l2vpn site LAN-A mtu 65535
set routing-instances L2VPN protocols l2vpn site LAN-A ignore-mtu-mismatch
set routing-instances L2VPN protocols l2vpn encapsulation-type ethernet
set routing-instances L2VPN interface ge-0/0/2.0
set routing-instances L2VPN instance-type l2vpn
set routing-instances L2VPN route-distinguisher 2.2.2.2:100
set routing-instances L2VPN vrf-target target:65000:100

-----------(End)-------

set protocols ospf traffic-engineering

set protocols bgp family l2vpn signaling
set protocols bgp group L2VPN-IN type internal
set protocols bgp group L2VPN-IN local-address 2.2.2.2
set protocols bgp group L2VPN-IN neighbor 1.1.1.1
set protocols mpls label-switched-path TO-LAN-B to 1.1.1.1

------------
set protocols mpls interface ge-0/0/1.0
set protocols mpls interface lo0.0
set protocols rsvp interface lo0.0
set protocols rsvp interface ge-0/0/1.0
set routing-options autonomous-system 65000

------------(End)--------

========(rpm Probe configuration to disable & enable secondary link)==========

set services rpm probe LL-Failover test LL-Failover target address 172.16.205.1 -------(reachable via primary fiber-link)
set services rpm probe LL-Failover test LL-Failover probe-count 5
set services rpm probe LL-Failover test LL-Failover probe-interval 5
set services rpm probe LL-Failover test LL-Failover test-interval 3
set services rpm probe LL-Failover test LL-Failover thresholds successive-loss 5
set services rpm probe LL-Failover test LL-Failover destination-interface ge-0/0/1.0 ------ (Fiber link connected)
set services rpm probe LL-Failover test LL-Failover hardware-timestamp
set services rpm probe LL-Failover test LL-Failover next-hop 172.16.205.1
set services ip-monitoring policy LL-Failover match rpm-probe LL-Failover
set services ip-monitoring policy LL-Failover then interface ge-0/0/0 enable

========(End)=========

------------------------------
vishal agavane
------------------------------

Original Message:
Sent: 11-22-2023 06:07
From: spuluka
Subject: L2VPN doesn't revert back traffic back to primary IGP path automatically

For reverting back to the primary path after a failover event you would configure the revert timer value.  This would be how long the original path is back online before the switchover occurs to prevent flapping.

Assuming you have an LSP under the vpn this would be the documentation.

https://www.juniper.net/documentation/us/en/software/junos/mpls/topics/topic-map/primary-secondary-static-lsp-configuration.html#id-21798

------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home

Original Message:
Sent: 11-21-2023 11:26
From: vishal agavane
Subject: L2VPN doesn't revert back traffic back to primary IGP path automatically

Hi Team,

I manage two branch sites where I've set up an L2VPN using OSPF as the IGP and BGP protocol (SRX 320). I can successfully conduct layer-2 pings between these two sites. However, these branches are connected by two WAN links (1st Dedicated Fiber & 2nd ISP). When I break the fiber link, my traffic switches back to the ISP link. The issue arises when the fiber link is restored; the L2 traffic between these sites doesn't automatically revert back to its primary path(Fiber link). To get the traffic back on the primary path (fiber link), we either have to clear the OSPF database or physically remove the ISP link. Interestingly, I have different subnet traffic between these two sites, and that reverts back to the primary path (fiber link) automatically. The non-revertive behavior is specific to L2 traffic.

Could you please guide me on how to configure L2VPN with dual WAN links and with preemption/revertive capability?

------------------------------
vishal agavane
------------------------------