[j-nsp] Juniper MPLS VPN using PE-P and P-PE LSPs !
Dear All I am working on a requirement to enable the MPLS Backbone with MPLS TE in such a way that I have LSPs running from PE-P routers and P-PE routers to avoid full mesh of LSPs. I can not make it working with RSVP as I think I need to enable LDP on the RSVP TE Tunnel but unable to find a way to do so..The MPLS Backbone has separate dedicated VPNv4 RRs . On RRs and PEs I have used a Discard Default Route under inet.3 which helps to reflect the vpnv4 routes from RR and accept them on PEs. Even I tried to announce the LSP into IGP but that did not work and I have to instead manually configure static route under inet.3. I understand this is because the tunnels were PE-P and not PE-PE.. Now how can I solve the issue of passing MPLS VPN Traffic across broken LSPs in the backbone.. Setup is as below RR1 ! ! --LSP1--Core1-LSP2- CE1-PE1MPLS TE-OSPF Area 0 PE2-CE2 --LSP3--Core2-LSP4- ! ! RR2 -- Regards Vaibhava Varma ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper MPLS VPN using PE-P and P-PE LSPs !
On Sunday, December 25, 2011 06:22:18 PM vaibhava varma
wrote:
I am working on a requirement to enable the MPLS Backbone
with MPLS TE in such a way that I have LSPs running from
PE-P routers and P-PE routers to avoid full mesh of
LSPs.
So you mean H-LSP's (RFC's 4206, 6107)
I can not make it working with RSVP as I think I need to
enable LDP on the RSVP TE Tunnel but unable to find a
way to do so..
You mean LDPoRSVP (LDP Tunneling, in Juniper speak):
tinka@lab# show groups mpls-group
protocols {
mpls {
icmp-tunneling;
label-switched-path * {
ldp-tunneling;
least-fill;
node-link-protection;
adaptive;
}
interface xe-*;
interface ge-*;
interface ae*;
}
}
{master}[edit]
tinka@lab#
You're interested in the 'ldp-tunneling' command as noted
above.
The MPLS Backbone has separate dedicated
VPNv4 RRs . On RRs and PEs I have used a Discard Default
Route under inet.3 which helps to reflect the vpnv4
routes from RR and accept them on PEs.
Why don't you consider the installation of the IGP routes
toward the BGP next-hops into 'inet.3' and 'inet6.3'
instead? We do the same (as we don't run MPLS on our
dedicated route reflectors) as below (you're interested in
the 'rib-group' piece mostly):
tinka@lab# show groups isis-group
protocols {
isis {
lsp-lifetime 65535;
ignore-attached-bit;
rib-group inet IGP-RIB;
topologies ipv6-unicast;
overload;
level 1 disable;
level 2 {
authentication-key hidden; ## SECRET-DATA
authentication-type md5;
wide-metrics-only;
}
interface lo0.0 {
passive;
}
interface ge-*;
}
}
{master}[edit]
tinka@lab#
tinka@lab# show routing-options rib-groups
IGP-RIB {
import-rib [ inet.0 inet.3 inet6.3 ];
}
{master}[edit]
tinka@lab#
That should sort you out on the route reflectors so you
don't have to hassle with static default routes.
Now how can I solve the issue of passing MPLS VPN Traffic
across broken LSPs in the backbone..
Just a question - have you not considered just running LDP,
or RSVP-TE a must?
Cheers,
Mark.
signature.asc
Description: This is a digitally signed message part.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper MPLS VPN using PE-P and P-PE LSPs !
HI Mark
Thanks a lot for your response..I have everything working fine withLDP
without any issues..I just wanted to deploy RSVP-TE for fasterfailover
in the backbone..And there I got stuck up with the full-meshof TE
among PEs or using Broken Static LSPs between PE-P and P-PE..
Thanks for sharing the rib-import methodology to get rid of
staticroutes for inet.3 resolution for BGP-Next Hops..
Just a clarification on the ldp-tunneling part..Do I need to
applythis at all the PE/P routers to run LDP over broken LSPs between
PEs..Is there a provision in Junos without using LDP Tunneling to
passtraffic between PEs when using broken LSPs ?
On Sun, Dec 25, 2011 at 6:32 PM, Mark Tinka mti...@globaltransit.net wrote:
On Sunday, December 25, 2011 06:22:18 PM vaibhava varma
wrote:
I am working on a requirement to enable the MPLS Backbone
with MPLS TE in such a way that I have LSPs running from
PE-P routers and P-PE routers to avoid full mesh of
LSPs.
So you mean H-LSP's (RFC's 4206, 6107)
I can not make it working with RSVP as I think I need to
enable LDP on the RSVP TE Tunnel but unable to find a
way to do so..
You mean LDPoRSVP (LDP Tunneling, in Juniper speak):
tinka@lab# show groups mpls-group
protocols {
mpls {
icmp-tunneling;
label-switched-path * {
ldp-tunneling;
least-fill;
node-link-protection;
adaptive;
}
interface xe-*;
interface ge-*;
interface ae*;
}
}
{master}[edit]
tinka@lab#
You're interested in the 'ldp-tunneling' command as noted
above.
The MPLS Backbone has separate dedicated
VPNv4 RRs . On RRs and PEs I have used a Discard Default
Route under inet.3 which helps to reflect the vpnv4
routes from RR and accept them on PEs.
Why don't you consider the installation of the IGP routes
toward the BGP next-hops into 'inet.3' and 'inet6.3'
instead? We do the same (as we don't run MPLS on our
dedicated route reflectors) as below (you're interested in
the 'rib-group' piece mostly):
tinka@lab# show groups isis-group
protocols {
isis {
lsp-lifetime 65535;
ignore-attached-bit;
rib-group inet IGP-RIB;
topologies ipv6-unicast;
overload;
level 1 disable;
level 2 {
authentication-key hidden; ## SECRET-DATA
authentication-type md5;
wide-metrics-only;
}
interface lo0.0 {
passive;
}
interface ge-*;
}
}
{master}[edit]
tinka@lab#
tinka@lab# show routing-options rib-groups
IGP-RIB {
import-rib [ inet.0 inet.3 inet6.3 ];
}
{master}[edit]
tinka@lab#
That should sort you out on the route reflectors so you
don't have to hassle with static default routes.
Now how can I solve the issue of passing MPLS VPN Traffic
across broken LSPs in the backbone..
Just a question - have you not considered just running LDP,
or RSVP-TE a must?
Cheers,
Mark.
--
Regards
Vaibhava Varma
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Logical tunnel encapsulation
-Original Message- From: Rafael Rodriguez [mailto:packetjoc...@gmail.com] Sent: Friday, December 23, 2011 4:37 PM To: Eric Van Tol Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Logical tunnel encapsulation If my memory is correct, 11.x supports IPv6 with lt. Sent from my iPhone Thanks to all for the responses. I'd hate to have to upgrade to 11.x just for this. Anyone have a suggestion for a stable version of 11.x? My only foray into this version on MX caused me to downgrade because of an snmpd bug. Thanks, evt ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos 11.2R4.3 on MX
On 12/21/11 12:20 , Brendan Mannella wrote: Just wondering if anyone has been brave enough to run Junos 11.2R4.3 yet on a MX960? We are currently on the latest 10.4, but would really like to upgrade to get “trunk style” config on Trio line cards. I also noticed during a previous ISSU that the Trio based line cards aren’t compatible yet with ISSU and had to be rebooted during a software upgrade. This feature is also available in 11.2. We had several fixes that were available there and after labbing 11.2R4.3 for about a week we put it in production and so far we've been doing ok... Also issu did work from 11.2.r3.3 to r4.3 Our configuration is pretty basic, Layer2, BGP, OSPF, nothing fancy. Any info would be appreciated. Thanks, Brendan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper MPLS VPN using PE-P and P-PE LSPs !
Hi Mark
Thanks for the help so far..I tried to use ldp-tunneling under RSVP
TEs from PE-P to P-PE but it does not works as I do not have LDP
enabled anywhere to tunnel it via RSVP..
My setup is as below:
CE1-PE1--RSVP-LSP1--P1--RSVP-LSP2--PE2--CE2
How can I make the traffic flow from CE1 to CE2 in the MPLS VPN under
this setup..I am really confused on this and not getting any
solution..I am seeing all the routes and required lables for CE2
routes at PE1 but no traffic flow is happening
lab@edge1.pop1# run show route table CE1A.inet.0 172.16.251.1 extensive
CE1A.inet.0: 6 destinations, 8 routes (6 active, 0 holddown, 0 hidden)
172.16.251.1/32 (2 entries, 1 announced)
TSI:
KRT in-kernel 172.16.251.1/32 - {indirect(131071)}
Page 0 idx 1 Type 1 val 8f0d594
Nexthop: Self
AS path: [64513] 64513 I
Communities: target:64513:100
Path 172.16.251.1 from 10.0.2.1 Vector len 4. Val: 1
*BGPPreference: 170/-101
Route Distinguisher: 64513:1
Next hop type: Indirect
Next-hop reference count: 10
Source: 10.0.2.1
Next hop type: Router, Next hop index: 131070
Next hop: 10.0.10.2 via ge-0/0/0.0, selected
Label operation: Push 16
Next hop: 10.0.10.10 via ge-0/0/1.0
Label operation: Push 16
Protocol next hop: 10.0.6.1
Push 16
Indirect next hop: 8ffc000 131071
State: Secondary Active Int Ext
Local AS: 64513 Peer AS: 64513
Age: 30:55 Metric: 0 Metric2: 2
Task: BGP_64513.10.0.2.1+63485
Announcement bits (2): 0-KRT 1-BGP RT Background
AS path: 64514 I (Originator) Cluster list: 10.0.2.1
AS path: Originator ID: 10.0.6.1
Communities: target:64513:100
Import Accepted
VPN Label: 16
Localpref: 100
Router ID: 10.0.2.1
Primary Routing Table bgp.l3vpn.0
Indirect next hops: 1
Protocol next hop: 10.0.6.1 Metric: 2
Push 16
Indirect next hop: 8ffc000 131071
Indirect path forwarding next hops: 2
Next hop type: Router
Next hop: 10.0.10.2 via ge-0/0/0.0
Next hop: 10.0.10.10 via ge-0/0/1.0
10.0.6.1/32 Originating RIB: inet.3
Metric: 2 Node path count: 1
Forwarding nexthops: 2
Nexthop: 10.0.10.2 via ge-0/0/0.0
Nexthop: 10.0.10.10 via ge-0/0/1.0
BGPPreference: 170/-101
Route Distinguisher: 64513:1
Next hop type: Indirect
Next-hop reference count: 10
Source: 10.0.5.1
Next hop type: Router, Next hop index: 131070
Next hop: 10.0.10.2 via ge-0/0/0.0, selected
Label operation: Push 16
Next hop: 10.0.10.10 via ge-0/0/1.0
Label operation: Push 16
Protocol next hop: 10.0.6.1
Push 16
Indirect next hop: 8ffc000 131071
State: Secondary NotBest Int Ext
Inactive reason: Not Best in its group - Update source
Local AS: 64513 Peer AS: 64513
Age: 30:55 Metric: 0 Metric2: 2
Task: BGP_64513.10.0.5.1+56350
AS path: 64514 I (Originator) Cluster list: 10.0.5.1
AS path: Originator ID: 10.0.6.1
Communities: target:64513:100
Import Accepted
VPN Label: 16
Localpref: 100
Router ID: 10.0.5.1
Primary Routing Table bgp.l3vpn.0
Indirect next hops: 1
Protocol next hop: 10.0.6.1 Metric: 2
Push 16
Indirect next hop: 8ffc000 131071
Indirect path forwarding next hops: 2
Next hop type: Router
Next hop: 10.0.10.2 via ge-0/0/0.0
Next hop: 10.0.10.10 via ge-0/0/1.0
10.0.6.1/32 Originating RIB: inet.3
Metric: 2 Node path count: 1
Forwarding nexthops: 2
Nexthop: 10.0.10.2 via ge-0/0/0.0
Nexthop: 10.0.10.10 via ge-0/0/1.0
I have the Label for the Next-Hop 10.0.6.1 on the Core Router but on
PE1 its just OSPF route..I think thats the problem here but how can I
get label for remote PE loopback with broken LSPs..LDP
