[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Juniper MX - Routed pseudowire using LDP - VPWS or VPLS
The other solution is a stitched LT configuration. One LT is the L3
endpoint, the other is the PW endpoint. You use VPWS with this one. I
suppose you might be able to do VPLS instead if you wanted to. I am
running eBGP on this circuit too. It's a bit more complicated for
troubleshooting. I'm not sure what benefit this has over the IRB method.
Again, Junos 15.1R6.7:
show configuration interfaces lt-0/0/10 | display set
set interfaces lt-0/0/10 mtu 9192
set interfaces lt-0/0/10 unit 998 description LT-0/0/0.998->VLAN_998->PW
set interfaces lt-0/0/10 unit 998 encapsulation vlan-ccc
set interfaces lt-0/0/10 unit 998 vlan-id 998
set interfaces lt-0/0/10 unit 998 peer-unit 10998
set interfaces lt-0/0/10 unit 998 family ccc
set interfaces lt-0/0/10 unit 10998 description LT-0/0/0.10998->VLAN_998->L3
set interfaces lt-0/0/10 unit 10998 encapsulation vlan
set interfaces lt-0/0/10 unit 10998 vlan-id 998
set interfaces lt-0/0/10 unit 10998 peer-unit 998
set interfaces lt-0/0/10 unit 10998 family inet address 10.240.16.97/30
show configuration protocols l2circuit | display set
set protocols l2circuit neighbor 10.240.0.73 interface lt-0/0/10.998
virtual-circuit-id 998
set protocols l2circuit neighbor 10.240.0.73 interface lt-0/0/10.998 mtu
9100
show l2circuit connections
Layer-2 Circuit Connections:
Legend for connection status (St)
EI -- encapsulation invalid NP -- interface h/w not present
MM -- mtu mismatch Dn -- down
EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down
CM -- control-word mismatch Up -- operational
VM -- vlan id mismatch CF -- Call admission control failure
OL -- no outgoing label IB -- TDM incompatible bitrate
NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration
BK -- Backup Connection ST -- Standby Connection
CB -- rcvd cell-bundle size bad SP -- Static Pseudowire
LD -- local site signaled down RS -- remote site standby
RD -- remote site signaled down HS -- Hot-standby Connection
XX -- unknown
Legend for interface status
Up -- operational
Dn -- down
Neighbor: 10.240.0.73
Interface Type St Time last up # Up trans
lt-0/0/10.998(vc 998) rmt Up Mar 18 19:14:28 2018 1
Remote PE: 10.240.0.73, Negotiated control-word: No
Incoming label: 347440, Outgoing label: 52785
Negotiated PW status TLV: No
Local interface: lt-0/0/10.998, Status: Up, Encapsulation: VLAN
Flow Label Transmit: No, Flow Label Receive: No
The PE is again a Dell S4048-ON running IPI OcNOS v1.3.3
sh run mpls
!
mpls l2-circuit VLAN_BASED_PW_0998 998 10.240.0.11
!
router ldp
router-id 10.240.0.73
targeted-peer ipv4 10.240.0.11
exit-targeted-peer-mode
transport-address ipv4 10.240.0.73
sh run int xe4
!
interface xe4
description XE4->POD1-3550-S1_GI0/2
speed 1g
switchport
load-interval 30
mtu 9100
mpls-l2-circuit VLAN_BASED_PW_0998 vlan 998 tpid 8100
sh ldp mpls-l2-circuit detail
vcid: 998 type: vlan, local groupid: 0, remote groupid: 0 (vc is up)
destination: 10.240.0.11, Peer LDP Ident: 10.240.0.11
Local label: 52785, remote label: 347440
Access IF: xe4, Network IF: xe2
Local MTU: 9100, Remote MTU: 9100 <--THIS IS SUPER HANDY - IT WILL SHOW
YOUR REMOTE MTU EVEN IF THE CIRCUIT IS DOWN
Local Control Word: disabled, Remote Control Word: disabled, Current use:
disabled
Local PW Status Capability : disabled
Remote PW Status Capability : disabled
Current PW Status TLV : disabled
Local VCCV Capability:
CC-Types: None
CV-Types: None
Remote VCCV Capability:
CC-Types: Type 1 Type 2 Type 3
CV-Types:
LSP ping
BFD IP/UDP-encapsulated, for PW Fault Detection only BFD
PW-ACH-encapsulated, for PW Fault Detection only
sh ldp mpls-l2-circuit
Transport Client VC VC Local Remote
Destination
VC ID Binding State Type VC Label VC Label
Address
998 xe4 UP Ethernet VLAN 52785 347440
10.240.0.11
Finally the CE is the same old Cisco 3550 with a VLAN:
POD1-FREY113-3550-S1#sh run int vlan 998
Building configuration...
Current configuration : 114 bytes
!
interface Vlan998
description VLAN_998_VLAN-BASED-VPWS-ROUTED-PW
ip address 10.240.16.98 255.255.255.252
end
POD1-FREY113-3550-S1#sh run int gi0/2
Building configuration...
Current configuration : 219 bytes
!
interface GigabitEthernet0/2
description GI0/2->POD3-4048-S1_XE4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 998
switchport mode trunk
load-interval 30
speed nonegotiate
end
I also forgot to show y'all what the VPLS circuit show commands look like
on the OcNOS node for the VPLS solution:
sh mpls vpls detail
Virtual Private LAN Service Instance: VPLS-LAB-0997, ID: 997
SIG-Protocol: LDP
Attachment-Circuit :UP
Learning: Enabled
Group ID: 0, VPLS Type: Ethernet VLAN, Configured MTU: 9100
Description: none
service-tpid: dot1.q
Operating mode: Tagged
Svlan Id: 0
Svlan Tpid: 8100
Redundancy admin role: Primary
Redundancy oper role: Primary
Configured interfaces:
Interface: xe4
Vlan Id: 997
oper-state UP
Mesh Peers:
10.240.0.11 (Up), PW Status Local:0 Remote:0
sh mpls vpls mesh
VPLS-ID Peer Addr Tunnel-Label In-Label Network-Intf
Out-Label Lkps/St PW-INDEX SIG-Protocol Status
997 10.240.0.11 52496 52786 xe2
262148 2/Up 7 LDP Active
On Mon, Mar 19, 2018 at 4:15 PM, Ben Bartsch <uwcableguy at gmail.com> wrote:
> Absolutely! I'm running a eBGP session over this ATM. We are going to
> try to backhaul our customers through a Dell whitebox running IPI OcNOS
> configured with an 'LDP fabric' to a core MX.
>
>
> To use an IRB as a L3 endpoint you have to use VPLS on the MX (Junos
> version 15.1R6.7). I was missing a couple of key commands highlighted in
> red:
>
> show configuration interfaces irb.997 | display set
> set interfaces irb unit 997 description VLAN-997->PWHE->POD1-3550-S1_
> VLAN_997
> set interfaces irb unit 997 bandwidth 10g
> set interfaces irb unit 997 family inet mtu 9178
> set interfaces irb unit 997 family inet address 10.240.16.101/30
>
> show configuration routing-instances VPLS-LAB-0997 | display set
> set routing-instances VPLS-LAB-0997 instance-type vpls
> set routing-instances VPLS-LAB-0997 vlan-id 997
> set routing-instances VPLS-LAB-0997 routing-interface irb.997
> set routing-instances VPLS-LAB-0997 protocols vpls encapsulation-type
> ethernet-vlan
> set routing-instances VPLS-LAB-0997 protocols vpls no-tunnel-services
> set routing-instances VPLS-LAB-0997 protocols vpls vpls-id 997
> set routing-instances VPLS-LAB-0997 protocols vpls mtu 9100
> set routing-instances VPLS-LAB-0997 protocols vpls neighbor 10.240.0.73
> set routing-instances VPLS-LAB-0997 protocols vpls connectivity-type irb
>
> show vpls connections extensive
> Layer-2 VPN connections:
>
> Legend for connection status (St)
> EI -- encapsulation invalid NC -- interface encapsulation not
> CCC/TCC/VPLS
> EM -- encapsulation mismatch WE -- interface and instance encaps not
> same
> VC-Dn -- Virtual circuit down NP -- interface hardware not present
> CM -- control-word mismatch -> -- only outbound connection is up
> CN -- circuit not provisioned <- -- only inbound connection is up
> OR -- out of range Up -- operational
> OL -- no outgoing label Dn -- down
> LD -- local site signaled down CF -- call admission control failure
> RD -- remote site signaled down SC -- local and remote site ID collision
> LN -- local site not designated LM -- local site ID not minimum designated
> RN -- remote site not designated RM -- remote site ID not minimum
> designated
> XX -- unknown connection status IL -- no incoming label
> MM -- MTU mismatch MI -- Mesh-Group ID not available
> BK -- Backup connection ST -- Standby connection
> PF -- Profile parse failure PB -- Profile busy
> RS -- remote site standby SN -- Static Neighbor
> LB -- Local site not best-site RB -- Remote site not best-site
> VM -- VLAN ID mismatch HS -- Hot-standby Connection
>
> Legend for interface status
> Up -- operational
> Dn -- down
>
> Instance: VPLS-LAB-0997
> VPLS-id: 997
> Number of local interfaces: 0
> Number of local interfaces up: 0
> lsi.1048592 Intf - vpls VPLS-LAB-0997 neighbor
> 10.240.0.73 vpls-id 997
> Neighbor Type St Time last up # Up trans
> 10.240.0.73(vpls-id 997) rmt Up Mar 19 10:25:38 2018 1
> Remote PE: 10.240.0.73, Negotiated control-word: No
> Incoming label: 262148, Outgoing label: 52786
> Negotiated PW status TLV: No
> Local interface: lsi.1048592, Status: Up, Encapsulation: VLAN
> Description: Intf - vpls VPLS-LAB-0997 neighbor 10.240.0.73
> vpls-id 997
> Flow Label Transmit: No, Flow Label Receive: No
> Connection History:
> Mar 19 10:25:38 2018 status update timer
> Mar 19 10:25:38 2018 PE route changed
> Mar 19 10:25:38 2018 Out lbl Update 52786
> Mar 19 10:25:38 2018 In lbl Update 262148
> Mar 19 10:25:38 2018 loc intf up lsi.1048592
>
>
>
>
> The other end of my VPLS circuit is a Dell S4048-ON running IP Infusion
> OcNOS (it is very Cisco IOS-ish) v1.3.3:
>
> sh run mpls
> mpls vpls VPLS-LAB-0997 997
> redundancy-role primary
> signaling ldp
> vpls-type vlan
> vpls-peer 10.240.0.11
> exit-signaling
> !
> router ldp
> router-id 10.240.0.73
> targeted-peer ipv4 10.240.0.11
> exit-targeted-peer-mode
> transport-address ipv4 10.240.0.73
>
> sh run int xe4
> !
> interface xe4
> description XE4->POD1-3550-S1_GI0/2
> speed 1g
> switchport
> load-interval 30
> mtu 9100
> mpls-vpls VPLS-LAB-0997 vlan 997
> ac-admin-status up
> exit-if-vpls
>
>
>
>
> And the CE is just a simple L3 VLAN. We are using an old Cisco 3550
> running 12.2(46)SE IPSERVICESK9 that we found laying around:
>
> POD1-3550-S1#sh run int gi0/2
> Building configuration...
>
> Current configuration : 219 bytes
> !
> interface GigabitEthernet0/2
> description GI0/2->POD3-4048-S1_XE4
> switchport trunk encapsulation dot1q
> switchport trunk allowed vlan 997
> switchport mode trunk
> load-interval 30
> speed nonegotiate
> end
>
> POD1-3550-S1#sh run int vlan 997
> Building configuration...
>
> Current configuration : 115 bytes
> !
> interface Vlan997
> description VLAN_997_VLAN-BASED-VPWS-ROUTED-PW
> ip address 10.240.16.102 255.255.255.252
> end
>
>
>
> Hope this helps. My head hurts from banging it my desk for the last
> couple of weeks. :)
>
> -ben
>
> On Mon, Mar 19, 2018 at 3:25 PM, Chuck Anderson <cra at wpi.edu> wrote:
>
>> Would you mind sharing the solution(s)? I've stiched a L2 PW using
>> lt-interfaces.
>>
>> Thanks.
>>
>> On Mon, Mar 19, 2018 at 11:51:36AM -0500, Ben Bartsch wrote:
>> > I want to thank everyone who contacted me on and off list on this
>> request.
>> > I now have two methods to land a layer 3 endpoint on a layer 2 circuit
>> to a
>> > remote PE. I very much appreciate the input, feedback, and
>> assistance. I
>> > hope I personally get to meet all of you that reached out to me at a
>> future
>> > NANOG meeting. Thanks again!
>> >
>> > -ben
>> >
>> > On Sat, Mar 17, 2018 at 9:25 AM, Ben Bartsch <uwcableguy at gmail.com>
>> wrote:
>> >
>> > > When we had Cisco ASR 920/903 and ASR9k, I could attach a layer 2
>> > > pseudowire endpoint on that device to a layer 3 BDI/BVI. I'm trying
>> to do
>> > > the same thing on a Juniper MX 480/960 and it does not appear to be
>> > > supported (for LDP at least - MP-BGP might be supported). We could do
>> > > either VPWS or VPLS on the PE device handoff to the CE (layer 2 only).
>> > > JTAC has somewhat confirmed this is not supported for LDP, but they
>> only do
>> > > break/fix, not new config. We do not have professional services (we
>> are
>> > > broke).
>> > >
>> > > Any Juniper routerheads out there that have seen this done using LDP
>> > > without having to hairpin on the MX?
>> > >
>> > > Thanks, y'all.
>> > >
>> > > -ben
>>
>
>