[j-nsp] Juniper MPLS VPN using PE-P and P-PE LSPs !
Dear All I am working on a requirement to enable the MPLS Backbone with MPLS TE in such a way that I have LSPs running from PE-P routers and P-PE routers to avoid full mesh of LSPs. I can not make it working with RSVP as I think I need to enable LDP on the RSVP TE Tunnel but unable to find a way to do so..The MPLS Backbone has separate dedicated VPNv4 RRs . On RRs and PEs I have used a Discard Default Route under inet.3 which helps to reflect the vpnv4 routes from RR and accept them on PEs. Even I tried to announce the LSP into IGP but that did not work and I have to instead manually configure static route under inet.3. I understand this is because the tunnels were PE-P and not PE-PE.. Now how can I solve the issue of passing MPLS VPN Traffic across broken LSPs in the backbone.. Setup is as below RR1 ! ! --LSP1--Core1-LSP2- CE1-PE1MPLS TE-OSPF Area 0 PE2-CE2 --LSP3--Core2-LSP4- ! ! RR2 -- Regards Vaibhava Varma ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper MPLS VPN using PE-P and P-PE LSPs !
On Sunday, December 25, 2011 06:22:18 PM vaibhava varma wrote: I am working on a requirement to enable the MPLS Backbone with MPLS TE in such a way that I have LSPs running from PE-P routers and P-PE routers to avoid full mesh of LSPs. So you mean H-LSP's (RFC's 4206, 6107) I can not make it working with RSVP as I think I need to enable LDP on the RSVP TE Tunnel but unable to find a way to do so.. You mean LDPoRSVP (LDP Tunneling, in Juniper speak): tinka@lab# show groups mpls-group protocols { mpls { icmp-tunneling; label-switched-path * { ldp-tunneling; least-fill; node-link-protection; adaptive; } interface xe-*; interface ge-*; interface ae*; } } {master}[edit] tinka@lab# You're interested in the 'ldp-tunneling' command as noted above. The MPLS Backbone has separate dedicated VPNv4 RRs . On RRs and PEs I have used a Discard Default Route under inet.3 which helps to reflect the vpnv4 routes from RR and accept them on PEs. Why don't you consider the installation of the IGP routes toward the BGP next-hops into 'inet.3' and 'inet6.3' instead? We do the same (as we don't run MPLS on our dedicated route reflectors) as below (you're interested in the 'rib-group' piece mostly): tinka@lab# show groups isis-group protocols { isis { lsp-lifetime 65535; ignore-attached-bit; rib-group inet IGP-RIB; topologies ipv6-unicast; overload; level 1 disable; level 2 { authentication-key hidden; ## SECRET-DATA authentication-type md5; wide-metrics-only; } interface lo0.0 { passive; } interface ge-*; } } {master}[edit] tinka@lab# tinka@lab# show routing-options rib-groups IGP-RIB { import-rib [ inet.0 inet.3 inet6.3 ]; } {master}[edit] tinka@lab# That should sort you out on the route reflectors so you don't have to hassle with static default routes. Now how can I solve the issue of passing MPLS VPN Traffic across broken LSPs in the backbone.. Just a question - have you not considered just running LDP, or RSVP-TE a must? Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper MPLS VPN using PE-P and P-PE LSPs !
HI Mark Thanks a lot for your response..I have everything working fine withLDP without any issues..I just wanted to deploy RSVP-TE for fasterfailover in the backbone..And there I got stuck up with the full-meshof TE among PEs or using Broken Static LSPs between PE-P and P-PE.. Thanks for sharing the rib-import methodology to get rid of staticroutes for inet.3 resolution for BGP-Next Hops.. Just a clarification on the ldp-tunneling part..Do I need to applythis at all the PE/P routers to run LDP over broken LSPs between PEs..Is there a provision in Junos without using LDP Tunneling to passtraffic between PEs when using broken LSPs ? On Sun, Dec 25, 2011 at 6:32 PM, Mark Tinka mti...@globaltransit.net wrote: On Sunday, December 25, 2011 06:22:18 PM vaibhava varma wrote: I am working on a requirement to enable the MPLS Backbone with MPLS TE in such a way that I have LSPs running from PE-P routers and P-PE routers to avoid full mesh of LSPs. So you mean H-LSP's (RFC's 4206, 6107) I can not make it working with RSVP as I think I need to enable LDP on the RSVP TE Tunnel but unable to find a way to do so.. You mean LDPoRSVP (LDP Tunneling, in Juniper speak): tinka@lab# show groups mpls-group protocols { mpls { icmp-tunneling; label-switched-path * { ldp-tunneling; least-fill; node-link-protection; adaptive; } interface xe-*; interface ge-*; interface ae*; } } {master}[edit] tinka@lab# You're interested in the 'ldp-tunneling' command as noted above. The MPLS Backbone has separate dedicated VPNv4 RRs . On RRs and PEs I have used a Discard Default Route under inet.3 which helps to reflect the vpnv4 routes from RR and accept them on PEs. Why don't you consider the installation of the IGP routes toward the BGP next-hops into 'inet.3' and 'inet6.3' instead? We do the same (as we don't run MPLS on our dedicated route reflectors) as below (you're interested in the 'rib-group' piece mostly): tinka@lab# show groups isis-group protocols { isis { lsp-lifetime 65535; ignore-attached-bit; rib-group inet IGP-RIB; topologies ipv6-unicast; overload; level 1 disable; level 2 { authentication-key hidden; ## SECRET-DATA authentication-type md5; wide-metrics-only; } interface lo0.0 { passive; } interface ge-*; } } {master}[edit] tinka@lab# tinka@lab# show routing-options rib-groups IGP-RIB { import-rib [ inet.0 inet.3 inet6.3 ]; } {master}[edit] tinka@lab# That should sort you out on the route reflectors so you don't have to hassle with static default routes. Now how can I solve the issue of passing MPLS VPN Traffic across broken LSPs in the backbone.. Just a question - have you not considered just running LDP, or RSVP-TE a must? Cheers, Mark. -- Regards Vaibhava Varma ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Logical tunnel encapsulation
-Original Message- From: Rafael Rodriguez [mailto:packetjoc...@gmail.com] Sent: Friday, December 23, 2011 4:37 PM To: Eric Van Tol Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Logical tunnel encapsulation If my memory is correct, 11.x supports IPv6 with lt. Sent from my iPhone Thanks to all for the responses. I'd hate to have to upgrade to 11.x just for this. Anyone have a suggestion for a stable version of 11.x? My only foray into this version on MX caused me to downgrade because of an snmpd bug. Thanks, evt ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos 11.2R4.3 on MX
On 12/21/11 12:20 , Brendan Mannella wrote: Just wondering if anyone has been brave enough to run Junos 11.2R4.3 yet on a MX960? We are currently on the latest 10.4, but would really like to upgrade to get “trunk style” config on Trio line cards. I also noticed during a previous ISSU that the Trio based line cards aren’t compatible yet with ISSU and had to be rebooted during a software upgrade. This feature is also available in 11.2. We had several fixes that were available there and after labbing 11.2R4.3 for about a week we put it in production and so far we've been doing ok... Also issu did work from 11.2.r3.3 to r4.3 Our configuration is pretty basic, Layer2, BGP, OSPF, nothing fancy. Any info would be appreciated. Thanks, Brendan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper MPLS VPN using PE-P and P-PE LSPs !
Hi Mark Thanks for the help so far..I tried to use ldp-tunneling under RSVP TEs from PE-P to P-PE but it does not works as I do not have LDP enabled anywhere to tunnel it via RSVP.. My setup is as below: CE1-PE1--RSVP-LSP1--P1--RSVP-LSP2--PE2--CE2 How can I make the traffic flow from CE1 to CE2 in the MPLS VPN under this setup..I am really confused on this and not getting any solution..I am seeing all the routes and required lables for CE2 routes at PE1 but no traffic flow is happening lab@edge1.pop1# run show route table CE1A.inet.0 172.16.251.1 extensive CE1A.inet.0: 6 destinations, 8 routes (6 active, 0 holddown, 0 hidden) 172.16.251.1/32 (2 entries, 1 announced) TSI: KRT in-kernel 172.16.251.1/32 - {indirect(131071)} Page 0 idx 1 Type 1 val 8f0d594 Nexthop: Self AS path: [64513] 64513 I Communities: target:64513:100 Path 172.16.251.1 from 10.0.2.1 Vector len 4. Val: 1 *BGPPreference: 170/-101 Route Distinguisher: 64513:1 Next hop type: Indirect Next-hop reference count: 10 Source: 10.0.2.1 Next hop type: Router, Next hop index: 131070 Next hop: 10.0.10.2 via ge-0/0/0.0, selected Label operation: Push 16 Next hop: 10.0.10.10 via ge-0/0/1.0 Label operation: Push 16 Protocol next hop: 10.0.6.1 Push 16 Indirect next hop: 8ffc000 131071 State: Secondary Active Int Ext Local AS: 64513 Peer AS: 64513 Age: 30:55 Metric: 0 Metric2: 2 Task: BGP_64513.10.0.2.1+63485 Announcement bits (2): 0-KRT 1-BGP RT Background AS path: 64514 I (Originator) Cluster list: 10.0.2.1 AS path: Originator ID: 10.0.6.1 Communities: target:64513:100 Import Accepted VPN Label: 16 Localpref: 100 Router ID: 10.0.2.1 Primary Routing Table bgp.l3vpn.0 Indirect next hops: 1 Protocol next hop: 10.0.6.1 Metric: 2 Push 16 Indirect next hop: 8ffc000 131071 Indirect path forwarding next hops: 2 Next hop type: Router Next hop: 10.0.10.2 via ge-0/0/0.0 Next hop: 10.0.10.10 via ge-0/0/1.0 10.0.6.1/32 Originating RIB: inet.3 Metric: 2 Node path count: 1 Forwarding nexthops: 2 Nexthop: 10.0.10.2 via ge-0/0/0.0 Nexthop: 10.0.10.10 via ge-0/0/1.0 BGPPreference: 170/-101 Route Distinguisher: 64513:1 Next hop type: Indirect Next-hop reference count: 10 Source: 10.0.5.1 Next hop type: Router, Next hop index: 131070 Next hop: 10.0.10.2 via ge-0/0/0.0, selected Label operation: Push 16 Next hop: 10.0.10.10 via ge-0/0/1.0 Label operation: Push 16 Protocol next hop: 10.0.6.1 Push 16 Indirect next hop: 8ffc000 131071 State: Secondary NotBest Int Ext Inactive reason: Not Best in its group - Update source Local AS: 64513 Peer AS: 64513 Age: 30:55 Metric: 0 Metric2: 2 Task: BGP_64513.10.0.5.1+56350 AS path: 64514 I (Originator) Cluster list: 10.0.5.1 AS path: Originator ID: 10.0.6.1 Communities: target:64513:100 Import Accepted VPN Label: 16 Localpref: 100 Router ID: 10.0.5.1 Primary Routing Table bgp.l3vpn.0 Indirect next hops: 1 Protocol next hop: 10.0.6.1 Metric: 2 Push 16 Indirect next hop: 8ffc000 131071 Indirect path forwarding next hops: 2 Next hop type: Router Next hop: 10.0.10.2 via ge-0/0/0.0 Next hop: 10.0.10.10 via ge-0/0/1.0 10.0.6.1/32 Originating RIB: inet.3 Metric: 2 Node path count: 1 Forwarding nexthops: 2 Nexthop: 10.0.10.2 via ge-0/0/0.0 Nexthop: 10.0.10.10 via ge-0/0/1.0 I have the Label for the Next-Hop 10.0.6.1 on the Core Router but on PE1 its just OSPF route..I think thats the problem here but how can I get label for remote PE loopback with broken LSPs..LDP