SRX

 View Only
last person joined: 5 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  L2VPN doesn't revert back traffic back to primary IGP path automatically

    Posted 11-21-2023 17:35

    Hi Team,

    I manage two branch sites where I've set up an L2VPN using OSPF as the IGP and BGP protocol (SRX 320). I can successfully conduct layer-2 pings between these two sites. However, these branches are connected by two WAN links (1st Dedicated Fiber & 2nd ISP). When I break the fiber link, my traffic switches back to the ISP link. The issue arises when the fiber link is restored; the L2 traffic between these sites doesn't automatically revert back to its primary path(Fiber link). To get the traffic back on the primary path (fiber link), we either have to clear the OSPF database or physically remove the ISP link. Interestingly, I have different subnet traffic between these two sites, and that reverts back to the primary path (fiber link) automatically. The non-revertive behavior is specific to L2 traffic.

    Could you please guide me on how to configure L2VPN with dual WAN links and with preemption/revertive capability?



    ------------------------------
    vishal agavane
    ------------------------------



  • 2.  RE: L2VPN doesn't revert back traffic back to primary IGP path automatically

    Posted 11-22-2023 06:07

    For reverting back to the primary path after a failover event you would configure the revert timer value.  This would be how long the original path is back online before the switchover occurs to prevent flapping.

    Assuming you have an LSP under the vpn this would be the documentation.

    https://www.juniper.net/documentation/us/en/software/junos/mpls/topics/topic-map/primary-secondary-static-lsp-configuration.html#id-21798



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: L2VPN doesn't revert back traffic back to primary IGP path automatically

    Posted 11-24-2023 05:36

    Hi Steve,

    Thank you for your response. Currently, I have implemented an RPM probe to deactivate and reactivate the secondary link (ge-0/0/0) using below mentioned command. If feasible, please review my configuration and recommend appropriate adjustments to achieve the same outcome without relying on the RPM probe.

    -----------

    set security forwarding-options family mpls mode packet-based

    set interfaces ge-0/0/0 unit 0 family mpls -- Secondary Link

    set interfaces ge-0/0/1 unit 0 family mpls -- Primary link

    set interfaces lo0 unit 0 family mpls

    ------L2 interface)------

    set interfaces ge-0/0/2 encapsulation ethernet-ccc
    set interfaces ge-0/0/2 unit 0 family ccc


    set interfaces ge-0/0/3 encapsulation ethernet-ccc
    set interfaces ge-0/0/3 unit 0 family ccc

    ------

    set interfaces lo0 unit 0 family inet address 2.2.2.2/32

    ---------- (below configuration applied for ge-0/0/3)-----

    set routing-instances L2VPN protocols l2vpn site LAN-A interface ge-0/0/2.0 remote-site-id 1
    set routing-instances L2VPN protocols l2vpn site LAN-A site-identifier 2
    set routing-instances L2VPN protocols l2vpn site LAN-A ignore-encapsulation-mismatch
    set routing-instances L2VPN protocols l2vpn site LAN-A mtu 65535
    set routing-instances L2VPN protocols l2vpn site LAN-A ignore-mtu-mismatch
    set routing-instances L2VPN protocols l2vpn encapsulation-type ethernet
    set routing-instances L2VPN interface ge-0/0/2.0
    set routing-instances L2VPN instance-type l2vpn
    set routing-instances L2VPN route-distinguisher 2.2.2.2:100
    set routing-instances L2VPN vrf-target target:65000:100

    -----------(End)-------

    set protocols ospf traffic-engineering

    set protocols bgp family l2vpn signaling
    set protocols bgp group L2VPN-IN type internal
    set protocols bgp group L2VPN-IN local-address 2.2.2.2
    set protocols bgp group L2VPN-IN neighbor 1.1.1.1
    set protocols mpls label-switched-path TO-LAN-B to 1.1.1.1

    ------------
    set protocols mpls interface ge-0/0/1.0
    set protocols mpls interface lo0.0
    set protocols rsvp interface lo0.0
    set protocols rsvp interface ge-0/0/1.0
    set routing-options autonomous-system 65000

    ------------(End)--------

    ========(rpm Probe configuration to disable & enable secondary link)==========

    set services rpm probe LL-Failover test LL-Failover target address 172.16.205.1 -------(reachable via primary fiber-link)
    set services rpm probe LL-Failover test LL-Failover probe-count 5
    set services rpm probe LL-Failover test LL-Failover probe-interval 5
    set services rpm probe LL-Failover test LL-Failover test-interval 3
    set services rpm probe LL-Failover test LL-Failover thresholds successive-loss 5
    set services rpm probe LL-Failover test LL-Failover destination-interface ge-0/0/1.0 ------ (Fiber link connected)
    set services rpm probe LL-Failover test LL-Failover hardware-timestamp
    set services rpm probe LL-Failover test LL-Failover next-hop 172.16.205.1
    set services ip-monitoring policy LL-Failover match rpm-probe LL-Failover
    set services ip-monitoring policy LL-Failover then interface ge-0/0/0 enable

    ========(End)=========



    ------------------------------
    vishal agavane
    ------------------------------