Imagine constructing a layer 2 service from SRX A to SRX B. Instead of a conventional VPLS setup, the links would be point-to-point between each SSR, forming a triangular connection.
SSR A would be peered with SSR B and only that peering another: SSR A peers with B, and vice versa.
For adjacency setup, only one adjacency on the A and B SSR would be configured to establish a peer path.
If transit traffic within the transport network must pass through an SSR to reach its destination, akin to internet routing, what would the configuration entail?
Original Message:
Sent: 06-04-2024 14:46
From: Jenna
Subject: SSR Ethernet Over SVR Configuration Help
Hi Jacob,
These instructions on how to configure EoSVR from the GUI may help to fill in any potential gaps:
Ensure that you configure the EoSVR bridge on both peer routers that will be sending EoSVR traffic to one another.
Configure EoSVR bridge on router 1:
1. From the `Authority` menu of the GUI, select a router, then select a node.
2. Scroll down to `Device Interfaces` and select the LAN device interface that connects to the peer Session Smart Router.
3. Scroll down to `Network Interfaces` and select the LAN network interface that connects to the peer Session Smart Router.
4. If you want traffic to be marked as belonging to a particular tenant when it hits this interface, be sure to select the appropriate tenant in the `Tenant` field.
5. Click the `Ethernet-Over-SVR Bridge` tile.
6. Enter a name for the bridge and set `Enabled` to `true`.
•"If set to `true` – all traffic is treated as a single session within the broadcast domain. Kind of like a tunnel. Hurts performance on the device.
•If set to `false` – Any Layer 3 traffic will be treated as a unique session, which enhances device performance, as it enables the spreading of traffic load across sessions. This is the recommended setting." This requires additional Service configuration for the layer 3 traffic to be sent.
7. Click `ADD` in the `Peer Info` section, then enter the LAN `IP Address` of the corresponding peer Session Smart Router (router 2) that is on the far end of the bridge (this IP address is simply to indicate the SSR on the far end of the bridge).
8. In the `Name` field, select the name of the peer router (router 2).
Now repeat this same process on the peer router (router 2), using the same name for the bridge and adding the appropriate peer name and peer IP address (Router 1's info).
You must configure a service for each of the routers involved for Layer 2 traffic.
Configure EoSVR service for Router 1:
1. From the `Authority` menu of the GUI, click `ADD` in the `Services` section.
2. Name the service.
3. In the `Service Applies To` section of the service configuration, click `ADD` and select `router` from the dropdown list.
4. In the `Router Name` section, select the router name from the dropdown.
5. Return to the `Service` and add a `Service Transport` of `UDP`.
6. In the `Service Transport: UDP` window, under `Port Ranges`, set the `Start Port` to 1281.
7. Return to the `Service` and add a `Service Address`. Enter the IP address of the EthOverSVR interface (the LAN interface for the router for which you are currently configuring the service).
8. In the `Access Policy` section of the `Service`, be sure to indicate any tenants that you want to allow or deny access to the service.
You now need to create another service, this time for router 2.
Next, configure a service route on each of the peer routers so that they can send traffic to each other using EoSVR.
Configure a service route for Router 1:
1.On the `Authority` menu of the GUI, select the first router configured for EoSVR.
2.Scroll down to the `Service Routes` section and click `ADD`.
3.Name the `Service Route`.
4.In the `Service Name` field, select the EoSVR service you created for the OTHER router (router 2). This steers this service route toward the peer.
5.On the `Service Route Type` drop down list, scroll down and select `Eosvr Bridge`.
6.In the `To EoSVR Bridge` field, select the EoSVR Bridge you configured earlier.
Repeat the procedure for the second router (router 2) configured for EoSVR and be sure to commit your configuration when done.
Hope this helps!
------------------------------
Jenna Ramos
Information Development Engineer II
Original Message:
Sent: 05-31-2024 16:09
From: JACOB SLAGLE
Subject: SSR Ethernet Over SVR Configuration Help
I hope you're all doing well. I'm currently working on setting up an Ethernet over Secure Vector Routing (EoSVR) bridge between two Juniper SSRs, and I've hit a bit of a snag. I have two SSR connected to each other via a /30 link.
Connected to each SSR is an EX-switch and off each switch is a laptop configured an IP in subnet 192.168.77.0/24
Laptop A - 192.168.77.24
|
|
EX SW
|
|
SSR-A
|.1
| <---- 172.20.0.0/30
|.2
SSR-B
|
|
EX SW
|
|
Laptop B - 192.168.77.2/24
SSR A and B use interface ge-0/0/4 for the EthOverSVR bridge
SSR A int ge-0/0/4 has an IP of 1.1.1.0/31 default gw of 1.1.1.1
SSR B int ge-0/0/4 has an IP of 1.1.1.1/31 default gw of 1.1.1.0
I created the service L2-A-B with a service address of 1.1.1.0/31
I created the service L2-B-A with a service address of 1.1.1.1/31
I created the services routes for the EthOverSVR bridge on each SSR.
I attached a packet capture from one of my laptops. I can see traffic coming into the EthOverSVR bridge from the conductor but the ICMP ping messages on laptop B and A are failing. Laptop A reports the ping timed out and Laptop B reports destination host unreachable.
What else could I be missing?
------------------------------
JACOB SLAGLE
------------------------------