Labs

Hi, 

I'm currently studdying for JNCIP-SP exam, and I'm also pretty new with all L2/L3 VPN stuff....  

For my studdy I'm using Juniper V-lab, for the current lab I used the lab named "BGP - Multi-AS with Dual Route Reflectors".  (I have attached the configuration  and diagram with my own configuration.

I used vMX4 and vMX6 as customer network device, they there interface configured as bridge interface in VLAN 500 in access mode on either side.  Both router has IRB.0 set as routing interface for vlan 500 and set respectively to 192.168.3.4/24 and 1492.168.3.6/24.

If I configure vMX1 and vMX2 facing interface to vMX4 and vMX6 with ip address 192.168.3.4/24 and 192.168.3.6/24 I can successfully ping the attached router IRB.  (So vMX2 can ping vMX6 irb.0 and vMX1 can ping vMX4 irb.0)  Making my bridge domain configuration on either vMX4 and 6 be validated.

After to have reconfigured ge-0/0/2.0 on vMX1 and ge-0/0/3.0 with the only configuration "encapsulation ethernet-ccc" and IP address been removed.  I was expecting to be able to ping 192.168.3.6 from vMX4 sourcing ping request from 192.168.3.4.  but it doesn't work.

I would like to understand why.  

The router VMX5 in this configuration is not not involved yet.  And the path redundancy over VMX3 is not supposed to work as well.  Vmx1 and 2 do not have direct BGP relationship, the NLRI information is transmitted via the RR1 and RR2.

I also enable some traceoptions on both router vMX1&2 for the L2VPN.  I have cleared tboth of them and power cycle vmx2 to make sure that you get clean traceoptions log.

I'm seeing the L2VPN connection on either vmx (1 & 2) as in UP state...

In your configs, I'm not seeing the remote-site-id configured under the L2VPN on either side, but your output shows the L2VPN up, so maybe you have added this since?

Try changing the config on VMX4 and VMX6 so that the CE-PE interfaces are L3 with family inet, rather than using an irb and family bridge.  This will rule out any issues with the bridge configuration on the CE side.

------------------------------
BEN DALE

Original Message:
Sent: 11-10-2025 23:06
From: xine32
Subject: L2VPN not working, what I'm doing wrong

Hi, 

I'm currently studdying for JNCIP-SP exam, and I'm also pretty new with all L2/L3 VPN stuff....  

For my studdy I'm using Juniper V-lab, for the current lab I used the lab named "BGP - Multi-AS with Dual Route Reflectors".  (I have attached the configuration  and diagram with my own configuration.

I used vMX4 and vMX6 as customer network device, they there interface configured as bridge interface in VLAN 500 in access mode on either side.  Both router has IRB.0 set as routing interface for vlan 500 and set respectively to 192.168.3.4/24 and 1492.168.3.6/24.

If I configure vMX1 and vMX2 facing interface to vMX4 and vMX6 with ip address 192.168.3.4/24 and 192.168.3.6/24 I can successfully ping the attached router IRB.  (So vMX2 can ping vMX6 irb.0 and vMX1 can ping vMX4 irb.0)  Making my bridge domain configuration on either vMX4 and 6 be validated.

After to have reconfigured ge-0/0/2.0 on vMX1 and ge-0/0/3.0 with the only configuration "encapsulation ethernet-ccc" and IP address been removed.  I was expecting to be able to ping 192.168.3.6 from vMX4 sourcing ping request from 192.168.3.4.  but it doesn't work.

I would like to understand why.  

The router VMX5 in this configuration is not not involved yet.  And the path redundancy over VMX3 is not supposed to work as well.  Vmx1 and 2 do not have direct BGP relationship, the NLRI information is transmitted via the RR1 and RR2.

I also enable some traceoptions on both router vMX1&2 for the L2VPN.  I have cleared tboth of them and power cycle vmx2 to make sure that you get clean traceoptions log.

I'm seeing the L2VPN connection on either vmx (1 & 2) as in UP state...

------------------------------
Xine
------------------------------

Hi Ben, 

the configuration is completed as posted, the VPN was up.  About the site configuration, do you talk about these line on VMX2

set routing-instances L2VPN_CUSTOM1 instance-type l2vpn
set routing-instances L2VPN_CUSTOM1 protocols l2vpn site TWO interface ge-0/0/3.0
set routing-instances L2VPN_CUSTOM1 protocols l2vpn site TWO site-identifier 2

and theses on vMX1 

set routing-instances L2VPN_CUSTOM1 instance-type l2vpn
set routing-instances L2VPN_CUSTOM1 protocols l2vpn site ONE interface ge-0/0/2.0
set routing-instances L2VPN_CUSTOM1 protocols l2vpn site ONE site-identifier 1

because theses are in the file I put in the initial post, if you are talking about something else it could be explain why my setup is not working as I expect.

I just tried your proposal and use L3 on VMX4 & VMX6.  Here I'have done:

on VMX4 under ge-0/0/2.0, I delete everything, setup IP address 192.168.4.4/24

and commit

------------------------------
Xine

Original Message:
Sent: 11-11-2025 17:21
From: BEN DALE
Subject: L2VPN not working, what I'm doing wrong

In your configs, I'm not seeing the remote-site-id configured under the L2VPN on either side, but your output shows the L2VPN up, so maybe you have added this since?

Try changing the config on VMX4 and VMX6 so that the CE-PE interfaces are L3 with family inet, rather than using an irb and family bridge.  This will rule out any issues with the bridge configuration on the CE side.

------------------------------
BEN DALE

Original Message:
Sent: 11-10-2025 23:06
From: xine32
Subject: L2VPN not working, what I'm doing wrong

Hi, 

I'm currently studdying for JNCIP-SP exam, and I'm also pretty new with all L2/L3 VPN stuff....  

For my studdy I'm using Juniper V-lab, for the current lab I used the lab named "BGP - Multi-AS with Dual Route Reflectors".  (I have attached the configuration  and diagram with my own configuration.

I used vMX4 and vMX6 as customer network device, they there interface configured as bridge interface in VLAN 500 in access mode on either side.  Both router has IRB.0 set as routing interface for vlan 500 and set respectively to 192.168.3.4/24 and 1492.168.3.6/24.

If I configure vMX1 and vMX2 facing interface to vMX4 and vMX6 with ip address 192.168.3.4/24 and 192.168.3.6/24 I can successfully ping the attached router IRB.  (So vMX2 can ping vMX6 irb.0 and vMX1 can ping vMX4 irb.0)  Making my bridge domain configuration on either vMX4 and 6 be validated.

After to have reconfigured ge-0/0/2.0 on vMX1 and ge-0/0/3.0 with the only configuration "encapsulation ethernet-ccc" and IP address been removed.  I was expecting to be able to ping 192.168.3.6 from vMX4 sourcing ping request from 192.168.3.4.  but it doesn't work.

I would like to understand why.  

The router VMX5 in this configuration is not not involved yet.  And the path redundancy over VMX3 is not supposed to work as well.  Vmx1 and 2 do not have direct BGP relationship, the NLRI information is transmitted via the RR1 and RR2.

I also enable some traceoptions on both router vMX1&2 for the L2VPN.  I have cleared tboth of them and power cycle vmx2 to make sure that you get clean traceoptions log.

I'm seeing the L2VPN connection on either vmx (1 & 2) as in UP state...

------------------------------
Xine
------------------------------

There is nothing in your configuration to link the two L2VPN interface endpoints together.  To do this you need to use the remote-site-id:

VMX1:

set routing-instances L2VPN_CUSTOM1 protocols l2vpn site ONE interface ge-0/0/2.0 remote-side-id 2

VMX2:

set routing-instances L2VPN_CUSTOM1 protocols l2vpn site TWO interface ge-0/0/3.0 remote-site-id 1

Also, you have both RSVP and LDP configured on your interfaces, but you have not configured any RSVP LSPs between your nodes.  

To fix this, add the following:

VMX1:

set protocols mpls label-switched-path VMX1->VMX2 to 192.168.12.2

VMX2:

set protocols mpls label-switched-path VMX2->VMX1 to 192.168.12.1

There is also an error in your RR2 config - you have family l2vpn signalling configured under the wrong BGP group:

set protocols bgp group RR family l2vpn signaling

should be:

set protocols bgp group ISP-NET family l2vpn signaling

this shouldn't affect the L2VPN (because RR1 is configured correctly), but will stop it from working if RR1 goes offline.

------------------------------
BEN DALE

Original Message:
Sent: 11-11-2025 19:29
From: xine32
Subject: L2VPN not working, what I'm doing wrong

Hi Ben, 

the configuration is completed as posted, the VPN was up.  About the site configuration, do you talk about these line on VMX2

set routing-instances L2VPN_CUSTOM1 instance-type l2vpn
set routing-instances L2VPN_CUSTOM1 protocols l2vpn site TWO interface ge-0/0/3.0
set routing-instances L2VPN_CUSTOM1 protocols l2vpn site TWO site-identifier 2

and theses on vMX1 

set routing-instances L2VPN_CUSTOM1 instance-type l2vpn
set routing-instances L2VPN_CUSTOM1 protocols l2vpn site ONE interface ge-0/0/2.0
set routing-instances L2VPN_CUSTOM1 protocols l2vpn site ONE site-identifier 1

because theses are in the file I put in the initial post, if you are talking about something else it could be explain why my setup is not working as I expect.

I just tried your proposal and use L3 on VMX4 & VMX6.  Here I'have done:

on VMX4 under ge-0/0/2.0, I delete everything, setup IP address 192.168.4.4/24

and commit

------------------------------
Xine

Original Message:
Sent: 11-11-2025 17:21
From: BEN DALE
Subject: L2VPN not working, what I'm doing wrong

In your configs, I'm not seeing the remote-site-id configured under the L2VPN on either side, but your output shows the L2VPN up, so maybe you have added this since?

Try changing the config on VMX4 and VMX6 so that the CE-PE interfaces are L3 with family inet, rather than using an irb and family bridge.  This will rule out any issues with the bridge configuration on the CE side.

------------------------------
BEN DALE

Original Message:
Sent: 11-10-2025 23:06
From: xine32
Subject: L2VPN not working, what I'm doing wrong

Hi, 

I'm currently studdying for JNCIP-SP exam, and I'm also pretty new with all L2/L3 VPN stuff....  

For my studdy I'm using Juniper V-lab, for the current lab I used the lab named "BGP - Multi-AS with Dual Route Reflectors".  (I have attached the configuration  and diagram with my own configuration.

I used vMX4 and vMX6 as customer network device, they there interface configured as bridge interface in VLAN 500 in access mode on either side.  Both router has IRB.0 set as routing interface for vlan 500 and set respectively to 192.168.3.4/24 and 1492.168.3.6/24.

If I configure vMX1 and vMX2 facing interface to vMX4 and vMX6 with ip address 192.168.3.4/24 and 192.168.3.6/24 I can successfully ping the attached router IRB.  (So vMX2 can ping vMX6 irb.0 and vMX1 can ping vMX4 irb.0)  Making my bridge domain configuration on either vMX4 and 6 be validated.

After to have reconfigured ge-0/0/2.0 on vMX1 and ge-0/0/3.0 with the only configuration "encapsulation ethernet-ccc" and IP address been removed.  I was expecting to be able to ping 192.168.3.6 from vMX4 sourcing ping request from 192.168.3.4.  but it doesn't work.

I would like to understand why.  

The router VMX5 in this configuration is not not involved yet.  And the path redundancy over VMX3 is not supposed to work as well.  Vmx1 and 2 do not have direct BGP relationship, the NLRI information is transmitted via the RR1 and RR2.

I also enable some traceoptions on both router vMX1&2 for the L2VPN.  I have cleared tboth of them and power cycle vmx2 to make sure that you get clean traceoptions log.

I'm seeing the L2VPN connection on either vmx (1 & 2) as in UP state...

------------------------------
Xine
------------------------------