Re: [j-nsp] Junos 11.2R4.3 on MX
* Johannes Resch j...@xor.at [2011-12-23 12:28]: * Jeff Richmondjeff.richm...@gmail.com [2011-12-21 21:39]: Yes, doing a lab eval on it and it has a nasty mibd leak bug. Running a daily 11.2 build at the moment that fixes it (precursor to R5 coming out in January). So, I would wait for R5 if you plan on doing any SNMP work at all on the box. Same goes for VPLS, wait for 11.2R5, there is a bug which breaks VPLS when you change your config. Would you mind sharing more details on that (PR#, problem symptom and trigger)? We are in the same boat, currently testing 11.2R4.3 for a large scale rollout. So far we did not trigger VPLS issues in that code in our setup.. Hi, the PR is not public at the moment. We triggered it while changing config in a VPLS instance (adding vlan-id none to it). After that the VPLS broke (BGP Routes for the VPLS were withdrawn and not readded). Regards Sebastian -- New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos 11.2R4.3 on MX
* Sebastian Wiesinger juniper-...@ml.karotte.org [2011-12-23 12:46]: the PR is not public at the moment. We triggered it while changing config in a VPLS instance (adding vlan-id none to it). After that the VPLS broke (BGP Routes for the VPLS were withdrawn and not readded). Oh and to fix it you have to reset the VPLS BGP sessions. Changing the config back does not help. Regards Sebastian -- New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Logical tunnel encapsulation
Hi all,
Is frame-relay encapsulation not supported on the MX80 logical tunnel
interfaces? I'm on 10.4R8.5 and need to configure IPv6 on an lt- interface:
Interface on the default instance:
# show interfaces lt-0/0/10
unit 1 {
encapsulation frame-relay;
dlci 128;
peer-unit 1;
family inet {
address 192.168.209.201/30;
}
family inet6 {
address 2001:db8::d1c9/64;
}
}
Interface on my logical-system:
# show interfaces lt-0/0/10
unit 1 {
encapsulation frame-relay;
dlci 128;
peer-unit 0;
family inet {
address 192.168.209.202/30;
}
family inet6 {
address 2001:db8::d1ca/64;
}
}
Interface shows 'up' and no flags are set to indicate a problem. However,
pinging doesn't work and this shows up in my logs:
Dec 23 07:57:12 r1 tfeb0 HALP-trinity_nh_ucast_installnh(690) encaps-install
failed: unsupported option
Dec 23 07:57:12 r1 tfeb0 Failed to create platform state, unsupported option
Dec 23 07:57:12 r1 /kernel: RT_PFE: NH IPC op 1 (ADD NEXTHOP) failed, err 1
(Unknown) peer_class 0, peer_index 0 peer_type 17
Dec 23 07:57:12 r1 /kernel: RT_PFE: NH details: idx 690 type 2 ifl 80
Dec 23 07:57:12 r1 tfeb0 Failed to install in platform, unsupported option
Dec 23 07:57:12 r1 tfeb0 Type specific Add failed unsupported option nh-id:690
Dec 23 07:57:12 r1 /kernel: RT_PFE: NH IPC op 2 (CHANGE NEXTHOP) failed, err 1
(Unknown) peer_class 0, peer_index 0 peer_type 17
Dec 23 07:57:12 r1 l2cp[1186]: Read acess profile () config
Dec 23 07:57:12 r1 /kernel: RT_PFE: NH IPC op 1 (ADD NEXTHOP) failed, err 1
(Unknown) peer_class 0, peer_index 0 peer_type 17
Dec 23 07:57:12 r1 /kernel: RT_PFE: NH details: idx 692 type 2 ifl 81
Dec 23 07:57:13 r1 tfeb0 HALP-trinity_nh_ucast_installnh(690) encaps-install
failed: unsupported option
Dec 23 07:57:13 r1 tfeb0 Failed to create platform state, unsupported option
Dec 23 07:57:13 r1 tfeb0 Failed to install in platform, unsupported option
Dec 23 07:57:13 r1 tfeb0 Type specific Add failed unsupported option nh-id:690
Dec 23 07:57:13 r1 tfeb0 Failed to instantiate new copy for NH(690)
Dec 23 07:57:13 r1 tfeb0 Failed to change state
Dec 23 07:57:13 r1 tfeb0 HALP-trinity_nh_ucast_installnh(692) encaps-install
failed: unsupported option
Dec 23 07:57:14 r1 tfeb0 Failed to create platform state, unsupported option
Dec 23 07:57:14 r1 tfeb0 Failed to install in platform, unsupported option
Dec 23 07:57:14 r1 tfeb0 Type specific Add failed unsupported option nh-id:692
Also, this all works if I remove 'family inet6' and change encapsulation to
'ethernet'.
If frame-relay encapsulation isn't supported, how does one use IPv6 on the lt-
interfaces?
Thanks in advance,
evt
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX VPLS Trunk with VLAN rewriting
hi Sebastian, did you try to remove the vlan-id statement at all (I mean, no vlan-id none but no vlan-id at all)? Massimo. On Thu, Dec 22, 2011 at 10:20 PM, Sebastian Wiesinger juniper-...@ml.karotte.org wrote: * Serge Vautour sergevaut...@yahoo.ca [2011-12-22 17:28]: Hello, Have you tried building this up from a very simple setup that works and adding complexity as you go? I've done something like this with the vlan-id all before but not with the VLAN tag manipulations at the same time. Hi, yes I begun with a simple setup where I just connected two sites with one vlan on each site and vlan-id none. The VLAN manipulation is the only thing that doesn't seem to work. The first thing that looks odd to me is the input-vlan map. Why do you need it? Swap on egress should be enough. Another thing I'm not sure about is both sub-interfaces in the same site. I'd put them in separate sites. I need the input-vlan-map to rewrite the vlan tag so that it is the same in the vpls instance on both sites. The subinterfaces are on the same L2 switch, why should I put them in different sites? What if I have 100 subinterfaces, I can't (or don't want to) make 100 sites for that on every PE. Try making this work by using the same VLAN on both ends, then add the VLAN manipulation. I've got something that looks almost exactly the same as this in my lab and it works: If I have the same VLAN on both sites it works, but I don't have that in the production setup so that's not an option. :( Regards Sebastian -- New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX VPLS Trunk with VLAN rewriting
It's coming.
On 12/22/11 8:04 AM, Derick Winkworth dwinkwo...@att.net wrote:
I don't have the answer immediately for you, so I apologize.
But I wanted to chime in with a THIS IS WHAT I'M TALKING ABOUT comment.
The MX is super flexible and has loads of features with respect to
VLANs/BRIDGING/VPLS/PBB etc, but its confusing as shit and the
documentation is not the greatest.
There really ought to be an entire book *just* about this topic. Written
in a tutorial fashion. Covering Q-in-Q, VPLS, PBB, VLAN tag
manipulation, bridging features, etc. All on the MX specifically. It
needs to cover the various encapsulation types, family bridge, etc.
The MX solution guide isn't making it happen.
Still, I heart the MX immensely. Especially now that we are finally
seeing quality code on it... or better quality code anyway.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/dwinkworth/
From: Sebastian Wiesinger juniper-...@ml.karotte.org
To: Juniper NSP juniper-nsp@puck.nether.net
Sent: Thursday, December 22, 2011 8:34 AM
Subject: [j-nsp] MX VPLS Trunk with VLAN rewriting
Hi,
I'm trying to setup a VLPS Trunk (many VLANs - one VPLS instance) on
MX960 (Trio MPC) where each site has different local VLAN-IDs which
should be bridged over VPLS.
Example:
Site 1 VPLS Site 2
LAN1: vl100 vl10vl200
LAN2: vl301 vl11vl201
I did the following config:
Site1:
interfaces {
ae2 {
unit 100 {
encapsulation vlan-vpls;
vlan-id 100;
input-vlan-map {
swap;
vlan-id 10;
}
output-vlan-map swap;
}
unit 301 {
encapsulation vlan-vpls;
vlan-id 301;
input-vlan-map {
swap;
vlan-id 11;
}
output-vlan-map swap;
}
}
routing-instances {
test-service {
instance-type vpls;
vlan-id all;
interface ae2.100;
interface ae2.301;
vrf-target target:65000:10003;
protocols {
vpls {
no-tunnel-services;
site local-ce {
site-identifier 1;
interface ae2.100;
interface ae2.301;
}
mac-flush {
any-interface;
}
}
}
}
}
Site2:
interfaces {
ae2 {
unit 200 {
encapsulation vlan-vpls;
vlan-id 200;
input-vlan-map {
swap;
vlan-id 10;
}
output-vlan-map swap;
}
unit 201 {
encapsulation vlan-vpls;
vlan-id 201;
input-vlan-map {
swap;
vlan-id 11;
}
output-vlan-map swap;
}
}
routing-instances {
test-service {
instance-type vpls;
vlan-id all;
interface ae2.200;
interface ae2.201;
vrf-target target:65000:10003;
protocols {
vpls {
no-tunnel-services;
site local-ce {
site-identifier 2;
interface ae2.200;
interface ae2.201;
}
mac-flush {
any-interface;
}
}
}
}
}
When I try to commit this config I get an error:
[edit routing-instances test-service interface]
'ae2.100'
interface with input/output vlan-maps cannot be added to a
routing-instance with a vlan-id/vlan-tags configured
JunOS version is 11.2R4
When I remove vlan-id all from the VPLS instance the config commits
but no bridge is formed, the clients on each site cannot reach each
other.
Any idea what to do? Our Juniper consultant said it would be possible
to do this.
Regards
Sebastian
--
New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0
B9CE)
Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE
SCYTHE.
-- Terry Pratchett, The Fifth Elephant
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX VPLS Trunk with VLAN rewriting
Sebastian,
you should be able to achieve what you want by using Virtual Switch Routing
instance instead of VPLS routing instance.
you can confirgure a Virtual Switch instance with protocol VPLS in it , and
create a bridge-domains to allow all vlans , that should allow you to be
able to create a trunk in VPLS, and allowing all vlans
HTH
On 23 December 2011 15:18, Doug Hanks dha...@juniper.net wrote:
It's coming.
On 12/22/11 8:04 AM, Derick Winkworth dwinkwo...@att.net wrote:
I don't have the answer immediately for you, so I apologize.
But I wanted to chime in with a THIS IS WHAT I'M TALKING ABOUT comment.
The MX is super flexible and has loads of features with respect to
VLANs/BRIDGING/VPLS/PBB etc, but its confusing as shit and the
documentation is not the greatest.
There really ought to be an entire book *just* about this topic. Written
in a tutorial fashion. Covering Q-in-Q, VPLS, PBB, VLAN tag
manipulation, bridging features, etc. All on the MX specifically. It
needs to cover the various encapsulation types, family bridge, etc.
The MX solution guide isn't making it happen.
Still, I heart the MX immensely. Especially now that we are finally
seeing quality code on it... or better quality code anyway.
Derick Winkworth
CCIE #15672 (RS, SP), JNCIE-M #721
http://packetpushers.net/author/dwinkworth/
From: Sebastian Wiesinger juniper-...@ml.karotte.org
To: Juniper NSP juniper-nsp@puck.nether.net
Sent: Thursday, December 22, 2011 8:34 AM
Subject: [j-nsp] MX VPLS Trunk with VLAN rewriting
Hi,
I'm trying to setup a VLPS Trunk (many VLANs - one VPLS instance) on
MX960 (Trio MPC) where each site has different local VLAN-IDs which
should be bridged over VPLS.
Example:
Site 1 VPLS Site 2
LAN1: vl100 vl10vl200
LAN2: vl301 vl11vl201
I did the following config:
Site1:
interfaces {
ae2 {
unit 100 {
encapsulation vlan-vpls;
vlan-id 100;
input-vlan-map {
swap;
vlan-id 10;
}
output-vlan-map swap;
}
unit 301 {
encapsulation vlan-vpls;
vlan-id 301;
input-vlan-map {
swap;
vlan-id 11;
}
output-vlan-map swap;
}
}
routing-instances {
test-service {
instance-type vpls;
vlan-id all;
interface ae2.100;
interface ae2.301;
vrf-target target:65000:10003;
protocols {
vpls {
no-tunnel-services;
site local-ce {
site-identifier 1;
interface ae2.100;
interface ae2.301;
}
mac-flush {
any-interface;
}
}
}
}
}
Site2:
interfaces {
ae2 {
unit 200 {
encapsulation vlan-vpls;
vlan-id 200;
input-vlan-map {
swap;
vlan-id 10;
}
output-vlan-map swap;
}
unit 201 {
encapsulation vlan-vpls;
vlan-id 201;
input-vlan-map {
swap;
vlan-id 11;
}
output-vlan-map swap;
}
}
routing-instances {
test-service {
instance-type vpls;
vlan-id all;
interface ae2.200;
interface ae2.201;
vrf-target target:65000:10003;
protocols {
vpls {
no-tunnel-services;
site local-ce {
site-identifier 2;
interface ae2.200;
interface ae2.201;
}
mac-flush {
any-interface;
}
}
}
}
}
When I try to commit this config I get an error:
[edit routing-instances test-service interface]
'ae2.100'
interface with input/output vlan-maps cannot be added to a
routing-instance with a vlan-id/vlan-tags configured
JunOS version is 11.2R4
When I remove vlan-id all from the VPLS instance the config commits
but no bridge is formed, the clients on each site cannot reach each
other.
Any idea what to do? Our Juniper consultant said it would be possible
to do this.
Regards
Sebastian
--
New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0
B9CE)
Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE
SCYTHE.
-- Terry Pratchett, The Fifth Elephant
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
Re: [j-nsp] Unit ID's and q-in-q
You could stick something in the description of the interface, like some sort of tag, and then just do a show int desc | match tag. Something along the lines of description Customer X [qq=1010.7]; or some such. No scripts or databases to maintain either, infact a script could automatically maintain a DB for you based on this kind of setup. :-) On 22 December 2011 23:26, Derick Winkworth dwinkwo...@att.net wrote: Just do it sequentially and then write an op script that takes the vlan(s) as an argument to show you the interface info you are looking for... Sent from Yahoo! Mail on Android ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX VPLS Trunk with VLAN rewriting
* magno massimo.magn...@gmail.com [2011-12-23 15:27]: hi Sebastian, did you try to remove the vlan-id statement at all (I mean, no vlan-id none but no vlan-id at all)? Hi, yes I have that now and it's not doing anything. I see no mac-adresses in show vpls mac-table. Regards Sebastian -- New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Logical tunnel encapsulation
If my memory is correct, 11.x supports IPv6 with lt.
Sent from my iPhone
On Dec 23, 2011, at 8:14, Eric Van Tol e...@atlantech.net wrote:
Hi all,
Is frame-relay encapsulation not supported on the MX80 logical tunnel
interfaces? I'm on 10.4R8.5 and need to configure IPv6 on an lt- interface:
Interface on the default instance:
# show interfaces lt-0/0/10
unit 1 {
encapsulation frame-relay;
dlci 128;
peer-unit 1;
family inet {
address 192.168.209.201/30;
}
family inet6 {
address 2001:db8::d1c9/64;
}
}
Interface on my logical-system:
# show interfaces lt-0/0/10
unit 1 {
encapsulation frame-relay;
dlci 128;
peer-unit 0;
family inet {
address 192.168.209.202/30;
}
family inet6 {
address 2001:db8::d1ca/64;
}
}
Interface shows 'up' and no flags are set to indicate a problem. However,
pinging doesn't work and this shows up in my logs:
Dec 23 07:57:12 r1 tfeb0 HALP-trinity_nh_ucast_installnh(690) encaps-install
failed: unsupported option
Dec 23 07:57:12 r1 tfeb0 Failed to create platform state, unsupported option
Dec 23 07:57:12 r1 /kernel: RT_PFE: NH IPC op 1 (ADD NEXTHOP) failed, err 1
(Unknown) peer_class 0, peer_index 0 peer_type 17
Dec 23 07:57:12 r1 /kernel: RT_PFE: NH details: idx 690 type 2 ifl 80
Dec 23 07:57:12 r1 tfeb0 Failed to install in platform, unsupported option
Dec 23 07:57:12 r1 tfeb0 Type specific Add failed unsupported option
nh-id:690
Dec 23 07:57:12 r1 /kernel: RT_PFE: NH IPC op 2 (CHANGE NEXTHOP) failed, err
1 (Unknown) peer_class 0, peer_index 0 peer_type 17
Dec 23 07:57:12 r1 l2cp[1186]: Read acess profile () config
Dec 23 07:57:12 r1 /kernel: RT_PFE: NH IPC op 1 (ADD NEXTHOP) failed, err 1
(Unknown) peer_class 0, peer_index 0 peer_type 17
Dec 23 07:57:12 r1 /kernel: RT_PFE: NH details: idx 692 type 2 ifl 81
Dec 23 07:57:13 r1 tfeb0 HALP-trinity_nh_ucast_installnh(690) encaps-install
failed: unsupported option
Dec 23 07:57:13 r1 tfeb0 Failed to create platform state, unsupported option
Dec 23 07:57:13 r1 tfeb0 Failed to install in platform, unsupported option
Dec 23 07:57:13 r1 tfeb0 Type specific Add failed unsupported option
nh-id:690
Dec 23 07:57:13 r1 tfeb0 Failed to instantiate new copy for NH(690)
Dec 23 07:57:13 r1 tfeb0 Failed to change state
Dec 23 07:57:13 r1 tfeb0 HALP-trinity_nh_ucast_installnh(692) encaps-install
failed: unsupported option
Dec 23 07:57:14 r1 tfeb0 Failed to create platform state, unsupported option
Dec 23 07:57:14 r1 tfeb0 Failed to install in platform, unsupported option
Dec 23 07:57:14 r1 tfeb0 Type specific Add failed unsupported option
nh-id:692
Also, this all works if I remove 'family inet6' and change encapsulation to
'ethernet'.
If frame-relay encapsulation isn't supported, how does one use IPv6 on the
lt- interfaces?
Thanks in advance,
evt
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
