Hi,
I got an off-list message from Diogo saying that the logical interface
(VLAN ID) on each side must be the same, unless you do some
pop/push/swap magic. Changing that did solve the problem! I still don't
see why though. I only use the VLAN locally on each site to separate the
traffic between multiple customers in the access switches, so the VLAN
tag should never be included in the actual frames forwarded between the
routers.
With that solved, yes, I could then put the chassis fpc 0 pic 0
tunnel-services back and remove no-tunnel-services from the vpls config
and it still rocks :)
If I have a 10G backbone, and would like to able to transport a number
of 1G VPLS circuits, should I set tunnel-services bandwidth to 10G, or
does that have a big negative performance impact on something else?
Thanks both to Diogo and Caillin for your replies.
On 03/29/2013 12:40 PM, Caillin Bathern wrote:
Hi Mathias,
First try adding "set chassis fpc <XX> pic <XX> tunnel-services
bandwidth <1g|10G>". You then have tunnel services on the MX80. Can't
remember if this has any caveats on being done to a live system though..
Also check "show route forwarding-table table vpls70134 extensive" to
check for forwarding entries.
Cheers,
Caillin
-----Original Message-----
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Mathias
Sundman
Sent: Friday, 29 March 2013 9:11 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] MX5-T VPLS fowarding problem
I've just built a new MPLS network consisting of 6 MX5-T routers using
RSVP signaled LSPs where all routers work a combined P/PE routers.
The core network has been running fine for several weeks. L3VPN works
fine.
Now I try to establish a VPLS Point-to-Point tunnel between two adjacent
routers called solir1 and solir2. Outside of xe-0/0/3 of each router
there is access switch called solis1 and solis2, where I for the testing
purpose has configured an IP in the same subnet on each of the switches:
solis1 config:
interface Vlan1144
ip address 10.155.9.1 255.255.255.0
!
interface TenGigabitEthernet1/49
description type=core,subtype=isc,peer=solir1,peerint=xe-0/0/3
switchport mode trunk
!
solis2 config:
interface Vlan1244
ip address 10.155.9.2 255.255.255.0
!
interface TenGigabitEthernet1/49
description type=core,subtype=isc,peer=solir2,peerint=xe-0/0/3
switchport mode trunk
!
solir1 config:
masun@solir1> show configuration groups | find vpls70134
vpls70134 {
interfaces {
xe-0/0/3 {
unit 1144 {
description "vpls70134 Test VPLS solir1-solir2";
encapsulation vlan-vpls;
vlan-id 1144;
family vpls {
policer {
input vpls70134-100m;
output vpls70134-100m;
}
}
}
}
}
firewall {
policer vpls70134-100m {
if-exceeding {
bandwidth-limit 100m;
burst-size-limit 1m;
}
then discard;
}
}
routing-instances {
vpls70134 {
instance-type vpls;
interface xe-0/0/3.1144;
route-distinguisher 49079:70134;
vrf-target target:49079:70134;
protocols {
vpls {
site-range 10;
mac-table-size {
1024;
}
mac-statistics;
no-tunnel-services;
site solis1-vpls70134 {
site-identifier 1;
interface xe-0/0/3.1144;
}
}
}
}
}
}
masun@solir1> show configuration interfaces xe-0/0/3 description
type=core,subtype=isc,peer=solis1,peerint=Te1/49;
enable;
traps;
vlan-tagging;
mtu 2000;
encapsulation flexible-ethernet-services;
masun@solir2> show configuration groups | find vpls70134
vpls70134 {
interfaces {
xe-0/0/3 {
unit 1244 {
description "vpls70134 Test VPLS solir1-solir2";
encapsulation vlan-vpls;
vlan-id 1244;
family vpls {
policer {
input vpls70134-100m;
output vpls70134-100m;
}
}
}
}
}
firewall {
policer vpls70134-100m {
if-exceeding {
bandwidth-limit 100m;
burst-size-limit 1m;
}
then discard;
}
}
routing-instances {
vpls70134 {
instance-type vpls;
interface xe-0/0/3.1244;
route-distinguisher 49079:70134;
vrf-target target:49079:70134;
protocols {
vpls {
site-range 10;
mac-table-size {
1024;
}
mac-statistics;
no-tunnel-services;
site solis2-vpls70134 {
site-identifier 2;
interface xe-0/0/3.1244;
}
}
}
}
}
}
masun@solir2> show configuration interfaces xe-0/0/3 description
type=core,subtype=isc,peer=solis2,peerint=Te1/49;
enable;
traps;
vlan-tagging;
mtu 2000;
encapsulation flexible-ethernet-services;
The VPLS connection is up on each side:
masun@solir2> show vpls connections
...
Instance: vpls70134
Local site: solis2-vpls70134 (2)
connection-site Type St Time last up # Up
trans
1 rmt Up Mar 28 16:11:30 2013
1
Remote PE: 89.107.216.238, Negotiated control-word: No
Incoming label: 262145, Outgoing label: 262146
Local interface: lsi.1048832, Status: Up, Encapsulation: VPLS
Description: Intf - vpls vpls70134 local site 2 remote site 1
And the MAC address of my test switches are learned by each PE router:
masun@solir2> show vpls mac-table
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned
SE -Statistics enabled, NM -Non configured MAC, R -Remote PE
MAC)
Routing instance : vpls70134
Bridging domain : __vpls70134__, VLAN : NA
MAC MAC Logical
address flags interface
e0:2f:6d:d4:75:70 D,SE xe-0/0/3.1244
e0:2f:6d:d4:75:7f D,SE xe-0/0/3.1244
e0:2f:6d:d4:7d:30 D,SE lsi.1048832
e0:2f:6d:d4:7d:3f D,SE lsi.1048832
BUT, I'm not able to ping between the two switches. No MACs are learned
on the trunk port in the switches, so the ARP request sent be the source
switch must be reaching the dest PE router (as that one learns the
source switch mac), but does not seem to be forwarded out on the dest
interface on the dest PE router as the dest switch is not learning any
macs on the trunk if.
Help please?
I initially did not have no-tunnel-services configured with the same
result, but was then told that the MX5-T lacks a tunnel-services PIC so
I need to use the no-tunnel-services keyword.
masun@solir1> show version
Hostname: solir1
Model: mx5-t
JUNOS Base OS boot [11.4R7.5]
JUNOS Base OS Software Suite [11.4R7.5]
JUNOS Kernel Software Suite [11.4R7.5]
JUNOS Crypto Software Suite [11.4R7.5]
JUNOS Packet Forwarding Engine Support (MX80) [11.4R7.5] JUNOS Online
Documentation [11.4R7.5] JUNOS Routing Software Suite [11.4R7.5]
masun@solir1> show system license
License usage:
Licenses Licenses Licenses
Expiry
Feature name used installed needed
scale-subscriber 0 1000 0 permanent
scale-l2tp 0 1000 0 permanent
scale-mobile-ip 0 1000 0 permanent
Licenses installed: none
- Mat
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Message protected by MailGuard: e-mail anti-virus, anti-spam and
content filtering.http://www.mailguard.com.au/mg
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
