[j-nsp] jdhcpd policer
Does anyone know what is the __jdhcpd_v4_count__ policer and what are the default values? I configured dhcp relay on an MX router and I see the policer counters increasing with an almost constant value of 4pps. Thanks, Mihai ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] ng-mvpn problem
Hello, You are always right :) Everything works as expected now. Thanks, Mihai On Wed, Oct 23, 2013 at 2:04 AM, Antonio Sanchez-Monge amo...@juniper.netwrote: Agreed, that should do the trick too :) On 10/23/13 1:01 AM, Stacy W. Smith st...@acm.org wrote: Agreed. The lt-1/1/10.770 interface which is in VRF mvpn on logical-system x must have PIM enabled (or multicast forwarding enabled). If running PIM, it must be the DR. I wasn't suggesting disabling PIM on the lt-1/1/10.770 interface which is in VRF mvpn on logical-system x, just disabling PIM on the remote end of the a-x link (in logical-system a). --Stacy On Oct 22, 2013, at 4:49 PM, Antonio Sanchez-Monge amo...@juniper.net wrote: You need PIM in the interface towards the source IMHO On 10/23/13 12:47 AM, Stacy W. Smith st...@acm.org wrote: Yes, that would also work, but since logical-system a is really just emulating a multicast source, there's really no need for it to run PIM. A typical multicast source would not be running PIM. --Stacy On Oct 22, 2013, at 4:44 PM, Antonio Sanchez-Monge amo...@juniper.net wrote: Solution would be setting a higher PIM priority in lt-1/1/10.770, so that it becomes the DR On 10/23/13 12:40 AM, Antonio Sanchez-Monge amo...@juniper.net wrote: That's a brilliant analysis Stacy, I think you nailed it (awaiting Mihai's confirmation). On 10/22/13 11:59 PM, Stacy W. Smith st...@acm.org wrote: On Oct 22, 2013, at 2:44 PM, Mihai mihaigabr...@gmail.com wrote: Removing PIM fromlt-1/1/10.770 is not a solution because the PE will not learn about the source and the multicast group. Actually, removing lt-1/1/10.770 from PIM would allow the source and multicast group to be learned, and fix the problem (as long as multicast routing was still enabled on the lt-1/1/10.770 interface). The problem is that there's a PIM neighbor relationship between a and x. Because of your IP addressing, a is the DR for the a-x LAN. Because you are injecting traffic with ping and bypass-routing interface lt-1/1/10.771 logical-system a is NOT the first-hop router. It's simply acting as a multicast source that's pumping traffic with destination IP 225.10.10.10 out the lt-1/1/10.771 interface. Logical-system x instance mvpn receives this traffic on lt-1/1/10.770 and does not forward it because it is not the DR. Therefore, the logical-system x instance mvpn doesn't learn about the active (S,G). Another way to solve this problem is disabling PIM on logical-system a. This will make lt-1/1/10.770 on logical-system x instance mvpn the DR, and cause it to learn about the active S,G (and therefore generate the NG-MVPN Type 5 route). I have mocked up your configuration in the lab and confirmed that removing PIM from logical-system a fixes the issue. --Stacy ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] ng-mvpn problem
Hello, I have a basic setup with 2 PE's (X and Z) , one multicast source attached to X and one receiver attached to Z. I configured a NG-MVPN with rsvp-te between PE's but X doesn't send SA autodiscovery to Z so the traffic is dropped. x show configuration routing-instances mvpn { instance-type vrf; interface lt-1/1/10.770; interface lo0.777; route-distinguisher 1:1; provider-tunnel { rsvp-te { label-switched-path-template { default-template; } } } vrf-target target:1:1; vrf-table-label; protocols { pim { rp { local { address 20.20.20.111; } } interface all; } mvpn; } } z show configuration routing-instances mvpn { instance-type vrf; interface lt-1/1/10.772; route-distinguisher 1:2; provider-tunnel { rsvp-te { label-switched-path-template { default-template; } } } vrf-target target:1:1; vrf-table-label; protocols { pim { interface all; } mvpn; } } x show multicast route instance mvpn extensive Instance: mvpn Family: INET Group: 239.1.1.1 Source: 10.100.1.2/32 Upstream interface: lt-1/1/10.770 Session description: Organisational Local Scope Statistics: 10 kBps, 10 pps, 1291 packets Next-hop ID: 0 Upstream protocol: PIM Route state: Active Forwarding state: Pruned Cache lifetime/timeout: 360 seconds Wrong incoming interface notifications: 0 Uptime: 00:10:37 Instance: mvpn Family: INET6 x show route receive-protocol bgp 20.20.20.2 table mvpn.mvpn.0 mvpn.mvpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) Prefix Nexthop MED LclprefAS path 1:1:2:20.20.20.2/240 * 20.20.20.2 100I z show route receive-protocol bgp 20.20.20.1 table mvpn.mvpn.0 mvpn.mvpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) Prefix Nexthop MED LclprefAS path 1:1:1:20.20.20.1/240 * 20.20.20.1 100I x show mpls lsp p2mp Ingress LSP: 1 sessions P2MP name: 1:1:mvpn:mvpn, P2MP branch count: 1 To FromState Rt P ActivePath LSPname 20.20.20.2 20.20.20.1 Up 0 * 20.20.20.2:1 :1:mvpn:mvpn Total 1 displayed, Up 1, Down 0 Egress LSP: 1 sessions P2MP name: 1:2:mvpn:mvpn, P2MP branch count: 1 To FromState Rt Style Labelin Labelout LSPname 20.20.20.1 20.20.20.2 Up 0 1 SE 16- 20.20.20.1:1:2:mvpn:mvpn Total 1 displayed, Up 1, Down 0 Transit LSP: 0 sessions Total 0 displayed, Up 0, Down 0 Am i doing something wrong? Thanks ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] IGMP problem
You should enable the sap protocol for the group you want to generate join messages. On Tue, Sep 10, 2013 at 2:18 PM, Vladislav Vasilev vladislavavasi...@gmail.com wrote: Robert, Just noticed you actually have ip pim passive under the interface... The ip igmp join-group in Cisco IOS generates IGMP joins (and PIM joins upstream), and packets sent to the group address get sent up to the CPU (the router would reply back to icmp-echo packets sent to the group address - convenient for troubleshooting). On the other hand, the ip igmp static-group in Cisco IOS generates IGMP joins (and PIM joins upstream), but packets sent to the group address do not get sent up to the CPU. As Krasi said, in JunOS, you still have the PIM joins upstream, but no IGMP joins are generated. Regards, Vladislav A. VASILEV On 10 Sep 2013, at 11:24, Krasimir Avramski wrote: Hello, Actually this config generates PIM (*,G) joins upstream to RP. I'm not aware of static igmp joins(generated) or igmp proxies support in junos (excluding junosE) - though there is a feature that translates PIM to IGMP/MLD Krasi On 10 September 2013 12:55, Vladislav Vasilev vladislavavasi...@gmail.com wrote: Hi Robert, What you have below only adds the interface to the OIL for that group. No IGMP joins are generated! Regards, Vladislav A. VASILEV On 10 Sep 2013, at 07:51, Robert Hass wrote: Hi I would like to setup static IGMP joins between Cisco and Juniper. But it's not working. Juniper is not sending IGMP Joins. Same configuration Cisco + Cisco working without issues. Any clues ? Interface configuration for Juniper at Cisco side: interface GigabitEthernet1/1/1 description Juniper no switchport ip address 10.10.10.21 255.255.255.252 ip pim passive ! Here is output of IGMP membership - none :( cisco#sh ip igmp membership | include GigabitEthernet1/1/1 cisco# Here is JunOS configuration: interfaces { ge-0/0/0 { unit 0 { family inet { address 10.10.10.22/30; } } } routing-options { static { route 0.0.0.0/0 next-hop 10.10.10.21; } } protocols { igmp { interface ge-0/0/0.0 { version 2; static { group 231.0.0.3; group 231.0.0.4; } } } pim { rp { static { address 10.10.10.255 { version 2; } } } interface ge-0/0/0.0 { mode sparse; version 2; } join-load-balance; } } Rob ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] data mdt is not created
Hello, I use a simple topology to setup a Rosen 7 multicast vpn like this: S1 - R1 (PE) - R3(P) - R5(PE)-Rec The multicast traffic always stay on the default MDT even though the data MDT is configured. Am I doing something wrong? r1# top show protocols bgp group mvpn { type internal; local-address 172.27.255.1; family inet-vpn { unicast; } family inet-mdt { signaling; } neighbor 172.27.255.5; } r1# top show routing-instances mvpn instance-type vrf; interface ge-1/1/5.360; interface lo0.10; route-distinguisher 1:1; provider-tunnel { pim-ssm { group-address 232.2.2.2; } mdt { threshold { group 224.2.2.2/32 { source 0.0.0.0/0 { rate 10; } } } group-range 225.2.2.0/24; } } vrf-target target:1:1; vrf-table-label; protocols { pim { vpn-tunnel-source 172.27.255.1; mvpn { autodiscovery { inet-mdt; } } rp { local { address 172.27.255.1; } } interface all; } mvpn { autodiscovery-only { intra-as { inclusive; } } } } r1# run show multicast route extensive instance mvpn Instance: mvpn Family: INET Group: 224.2.2.2 Source: 172.27.0.30/32 Upstream interface: ge-1/1/5.360 Downstream interface list: mt-1/1/10.100696064 Session description: Multimedia Conference Calls Statistics: 122 kBps, 80 pps, 1434 packets Next-hop ID: 1048588 Upstream protocol: PIM Route state: Active Forwarding state: Forwarding Cache lifetime/timeout: 360 seconds Wrong incoming interface notifications: 0 Uptime: 00:00:18 r1# run show pim mdt instance mvpn Instance: PIM.mvpn Tunnel direction: Outgoing Tunnel mode: PIM-SSM Default group address: 232.2.2.2 Default source address: 172.27.255.1 Default tunnel interface: mt-1/1/10.100696064 Default tunnel source: 172.27.255.1 Instance: PIM.mvpn Tunnel direction: Incoming Tunnel mode: PIM-SSM Default group address: 232.2.2.2 Default source address: 172.27.255.5 Default tunnel interface: mt-1/1/10.101744640 Default tunnel source: 172.27.255.1 r3# run show multicast route extensive Instance: master Family: INET Group: 232.2.2.2 Source: 172.27.255.1/32 Upstream interface: ge-1/1/7.31 Downstream interface list: ge-1/1/7.35 Session description: Source specific multicast Statistics: 128 kBps, 82 pps, 6199 packets Next-hop ID: 1048580 Upstream protocol: PIM Route state: Active Forwarding state: Forwarding Cache lifetime/timeout: forever Wrong incoming interface notifications: 0 Uptime: 00:01:25 Group: 232.2.2.2 Source: 172.27.255.5/32 Upstream interface: ge-1/1/7.35 Downstream interface list: ge-1/1/7.31 Session description: Source specific multicast Statistics: 0 kBps, 0 pps, 11 packets Next-hop ID: 1048585 Upstream protocol: PIM Route state: Active Forwarding state: Forwarding Cache lifetime/timeout: forever Wrong incoming interface notifications: 0 Uptime: 00:01:24 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] VPLS route reflection
VPLS with RR works very well for me in a small lab (see the example below). Make sure that your loopbacks are reachable through ldp and mpls is enabled on the interfaces. mx5t# top show logical-systems r1 protocols bgp group rr-client { type internal; local-address 172.27.255.1; family l2vpn { signaling; } neighbor 172.27.255.5; } mx5t# top show logical-systems r2 protocols bgp group rr-client { type internal; local-address 172.27.255.2; family l2vpn { signaling; } neighbor 172.27.255.5; } mx5t# top show logical-systems r5 protocols bgp group rr { type internal; local-address 172.27.255.5; family l2vpn { signaling; } cluster 0.0.0.1; neighbor 172.27.255.1; neighbor 172.27.255.2; } mx5t# run show route protocol bgp logical-system r5 table bgp.l2vpn.0 bgp.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 6L:1:1:1/96 *[BGP/170] 00:09:14, localpref 100, from 172.27.255.1 AS path: I, validation-state: unverified to 172.27.0.26 via ge-1/1/6.53, Push 299808 6L:1:2:1/96 *[BGP/170] 00:09:14, localpref 100, from 172.27.255.2 AS path: I, validation-state: unverified to 172.27.0.21 via ge-1/1/6.54, Push 299888 mx5t# run show route protocol bgp logical-system r1 table bgp.l2vpn.0 bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 6L:1:2:1/96 *[BGP/170] 00:02:49, localpref 100, from 172.27.255.5 AS path: I, validation-state: unverified to 172.27.0.2 via ge-1/1/7.12 mx5t# run show route protocol bgp logical-system r2 table bgp.l2vpn.0 bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 6L:1:1:1/96 *[BGP/170] 00:03:00, localpref 100, from 172.27.255.5 AS path: I, validation-state: unverified to 172.27.0.1 via ge-1/1/6.21 mx5t# run show vpls mac-table logical-system r1 | find Bridging Bridging domain : __vpls-test__, VLAN : NA MAC MAC Logical NH RTR address flagsinterfaceIndex ID 64:87:88:5e:a5:1c Dvt-1/0/10.84934912 64:87:88:5e:a5:1d Dge-1/1/5.555 On Tue, Jul 2, 2013 at 7:07 AM, James Jun ja...@towardex.com wrote: Hey all, So, I've been trying to google for some sample configuration of BGP-signalled VPLS setup using route-reflectors, and having some trouble finding one. All of the sample BGP-signaled examples on Juniper site are using full-mesh iBGP between PE's with no RR's in the middle. A pretty simple and straight-forward iBGP topology like this, that we're all used to in a typical SP network: CE -- PE (rr client) - P (route-reflector) -- P (route-reflector ) - PE (rr client) -- CE So, lacking any config examples, I've just enabled 'family l2vpn signaling;' on existing iBGP sessions that are using the above topology. Unfortunately, the route-reflector / P-router does not reflect the route received from PE and vice versa -- it is behaving like non-RR client peer that wants full mesh. When viewing bgp.l2vpn.0 RIB, routers can only see l2vpn NLRI's received from directly configured / meshed peer, but cannot see thru a route-reflector (i.e. P router cannot see NLRIs from a PE that's attached thru another P serving as route-reflector). Please note that unicast inet.0 and inet6.0 RIBs are also carried by same iBGP session transports across the topology -- and those routes obviously work flawlessly using route-reflectors. Setup looks like this on a P router: bgp { group teh-core { type internal; family inet { unicast; } family inet6 { unicast; } family l2vpn { signaling; } export mp64-ibgp-export-policy; peer-as 64552; neighbor 10.0.0.2 { description core1.lab2; } neighbor 10.0.0.3 { description core1.lab3; } } group PE-edge-routers__RR-clients { type internal; family inet { unicast; } family inet6 { unicast; } family l2vpn { signaling; } export mp64-ibgp-export-policy; cluster 10.0.0.1; peer-as 64552; neighbor 10.0.1.1 { description edge1.lab1; } neighbor 10.0.1.2 { description edge2.lab1; } } } Thanks in advance! james ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net
Re: [j-nsp] Internet access from VRF issue
I don't have the book with me right now to check, but I tried your setup without succes:) A workaround for this would be a generated default route on R4 when 8.8.8.8 exists in customer.inet.0 mihai@mx#run show route table customer.inet.0 0.0.0.0/0 exact customer.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Aggregate/130] 00:06:26 Reject mihai@mx#show routing-instances customer routing-options generate route 0.0.0.0/0 policy if-8.8.8.8-exist; mihai@mx#show policy-options policy-statement if-8.8.8.8-exist term 10 { from { protocol bgp; route-filter 8.8.8.8/32 exact; } then accept; } term 20 { then reject; } mihai@mx#run show route advertising-protocol bgp 172.27.255.3 0.0.0.0/0 bgp.l3vpn.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden) Prefix Nexthop MED LclprefAS path 10:10:0.0.0.0/0 * Self 100I On Tue, Jun 4, 2013 at 11:33 PM, Alexey alexey.saz...@yandex.ru wrote: Mihai, Olivier, thanks for your response, I also suggests that it could be related with IBGP rules, but unfortunately making R4 route-reflector for R3 doesn't resolve the issue: R4@M7i-2# show protocols bgp ... group vpnv4-r3 { type internal; local-address 172.27.255.4; family inet-vpn { unicast; } cluster 0.0.0.1; neighbor 172.27.255.3; } [edit] R4@M7i-2# R4@M7i-2# run show route advertising-protocol bgp 172.27.255.3 bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) Restart Complete Prefix Nexthop MED LclprefAS path 172.27.255.4:100:2.2.2.2/32 * Self 1001 I 172.27.255.4:100:172.27.0.4/30 * Self 100I [edit] R4@M7i-2# Earlier I also try to use rib-group inet0-vrf which imports routes to inet.0 and Customer.inet.0 tables, ospf routes get into Customer.inet.0 but still don't get advertised to R3: R4@M7i-2# show protocols ospf rib-group inet0-vrf; R4@M7i-2# show routing-options rib-groups inet0-vrf { import-rib [ inet.0 Customer.inet.0 ]; } The same ospf route in both tables of R4: R4@M7i-2# run show route protocol ospf 172.27.0.0/30 inet.0: 32 destinations, 37 routes (30 active, 0 holddown, 2 hidden) Restart Complete + = Active Route, - = Last Active, * = Both 172.27.0.0/30 *[OSPF/10] 00:07:35, metric 100 to 172.27.0.10 via ge-1/3/0.41 inet.3: 7 destinations, 11 routes (2 active, 0 holddown, 7 hidden) Restart Complete Customer.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 172.27.0.0/30 *[OSPF/10] 00:07:35, metric 100 to 172.27.0.10 via ge-1/3/0.41 [edit] R4@M7i-2# But still no ospf routes advertised to R3: R4@M7i-2# run show route advertising-protocol bgp 172.27.255.3 bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) Restart Complete Prefix Nexthop MED LclprefAS path 172.27.255.4:100:2.2.2.2/32 * Self 1001 I 172.27.255.4:100:172.27.0.4/30 * Self 100I [edit] R4@M7i-2# -- Alexey S. Leading engineer Network solutions team CCIE RS alexey.saz...@yandex.ru 04.06.2013, 21:09, Mihai mihaigabr...@gmail.com: for R3, sorry :) On 06/04/2013 07:56 PM, Mihai wrote: Hello, Maybe I am wrong, but as long as R1,R3,R4 are internal bgp neighbors, R4 should be route reflector for R4. Regards, Mihai On 06/04/2013 06:44 PM, Alexey wrote: Hi guys, Now I'm preparing for JNCIE-SP certification, and faced with problem providing internet-access for VPN users. I attach my test topology to email. R4 and R3 are PE routers which holds vrf table Customer, R1 router holds ipv4 static route 8.8.8.8/32 to represent Internet routes. Between R4 and R3 there is vpnv4 IBGP session and Between R4 and R1 - ipv4 IBGP. I use rib-group to import IPv4 routes received from R1 also in table Customer.inet.0. Routes are imported as expected and I see 8.8.8.8/32 in vrf Customer: R4# run show route table Customer 8.8.8.8 Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 8.8.8.8/32 *[BGP/170] 00:50:35, localpref 100, from 172.27.255.1 AS path: I to 172.27.0.10 via ge-1/3/0.41, label-switched-path r4-to-r1 [edit] R4@M7i-2# But the problem is that R4 doesn't pass this route from VRF to R3 via MP-BGP. R4@M7i-2# run show route advertising-protocol bgp 172.27.255.3 Customer.inet.0: 4 destinations,
[j-nsp] next-hop self and RR
Hello, Is Juniper's implementation of next-hop self on a RR a violation of RFC1966? In some implementations, modification of the BGP path attribute, NEXT_HOP is possible. For example, there could be a need for a RR to modify NEXT_HOP for EBGP learned routes sent to its internal peers. However, it must not be possible for an RR to set on reflected IBGP routes as this breaks the basic principle of Route Reflection and will result in potential black holeing of traffic. Testing this feature in a topology with 3 routers, r1 (client) - r3 (rr) - r2 (client) , a route originated from r1 and advertised to r2 via it's RR will have a next-hop of RR when an export policy is applied to r2: mihai@mx5t# run show route receive-protocol bgp 10.0.6.1 logical-system r3 192.168.10.0 inet.0: 32 destinations, 33 routes (32 active, 0 holddown, 0 hidden) Prefix Nexthop MED LclprefAS path * 192.168.10.0/24 10.0.6.1 100I mihai@mx5t# show protocols bgp group 65000 neighbor 10.0.6.2 export nh-self; show policy-options policy-statement nh-self from { protocol bgp; neighbor 10.0.6.1; } then { next-hop self; } mihai@mx5t# run show route advertising-protocol bgp 10.0.6.2 logical-system r3 match-prefix 192.168.10.0 inet.0: 32 destinations, 33 routes (32 active, 0 holddown, 0 hidden) Prefix Nexthop MED LclprefAS path * 192.168.10.0/24 Self 100I ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] MX480 : slow pseudo-terminal
Yes I have accounting configured but the deactivation of it doesn't help at all. On Mon, Nov 5, 2012 at 12:41 AM, Ben Dale bd...@comlinx.com.au wrote: On 04/11/2012, at 3:12 AM, Mihai mihaigabr...@gmail.com wrote: Hello, I have an MX480 running 11.4R2.14 with a weird behavior of the pseudo-terminal (always ttyp3) allocated to the first user that login through telnet.After I enter the password I have to press ENTER twice to access the cli, but the cli is useless due to a very slow response. The second user telneting the router always receives ttyp8 and has no problem. A restart of mgd and inetd did’nt solve this issue. Any adice? Check that you don't have system accounting configured but referencing a missing/down server. If so, every command you enter (including login) will be passed back to RADIUS/TACACS, with obligatory timeout and retry intervals. Though if your other terminal is working fine, then this sounds unlikely. Ben ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Layer 2 circuit - Traffic not flowing between Cisco and Juniper with mismatched VLAN ID
I configured something similar (vpls instead vlan-ccc) with something like this on Juniper: Interfaces { ge-1/1/6 { unit 901 { description C-PE2 to S-CE2; encapsulation vlan-vpls; vlan-id 901; input-vlan-map { swap; vlan-id 801; } output-vlan-map swap; } } On Thu, Nov 1, 2012 at 2:26 PM, Arun Kumar narain.a...@gmail.com wrote: i m trying to do VLAN mode. below is the previous config that I tried, nieg@LAB-MX-PE5# show interfaces ge-1/1/0.601 encapsulation vlan-ccc; vlan-id 601 input-vlan-map pop; output-vlan-map push; [edit] nieg@LAB-MX-PE5# show protocols l2circuit neighbor 10.20.0.2 { interface ge-1/1/0.601 { virtual-circuit-id 6012; } } Cisco side: interface GigabitEthernet0/1.610 encapsulation dot1Q 610 xconnect 10.20.0.5 6012 encapsulation mpls end even tried as per the config you asked for but still the same result, VC stays up but no data flowing nieg@LAB-MX-PE5# run show l2circuit connections extensive Neighbor: 10.20.0.2 Interface Type St Time last up # Up trans ge-1/1/0.601(vc 6012) rmt Up Nov 1 17:50:20 2012 1 Remote PE: 10.20.0.2, Negotiated control-word: Yes (Null) Incoming label: 299792, Outgoing label: 40 Negotiated PW status TLV: No Local interface: ge-1/1/0.601, Status: Up, Encapsulation: VLAN Connection History: Nov 1 17:50:20 2012 status update timer Nov 1 17:50:20 2012 PE route changed Nov 1 17:50:20 2012 Out lbl Update40 Nov 1 17:50:20 2012 In lbl Update 299792 Nov 1 17:50:20 2012 loc intf up ge-1/1/0.601 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Layer 2 circuit - Traffic not flowing between Cisco and Juniper with mismatched VLAN ID
Using vlan 610 on Cisco (the configuration is correct) and vlan 601 on Juniper, the Juniper configuration should look like this: vlan-id 601; input-vlan-map { swap; vlan-id 610; } output-vlan-map swap; } On Thu, Nov 1, 2012 at 4:03 PM, Mike Devlin juni...@meeksnet.ca wrote: vlan 610 on Cisco side, VS vlan 601 on Juniper side? Is that my dyslexia, or yours? On Thu, Nov 1, 2012 at 8:49 AM, Mihai Gabriel mihaigabr...@gmail.comwrote: I configured something similar (vpls instead vlan-ccc) with something like this on Juniper: Interfaces { ge-1/1/6 { unit 901 { description C-PE2 to S-CE2; encapsulation vlan-vpls; vlan-id 901; input-vlan-map { swap; vlan-id 801; } output-vlan-map swap; } } On Thu, Nov 1, 2012 at 2:26 PM, Arun Kumar narain.a...@gmail.com wrote: i m trying to do VLAN mode. below is the previous config that I tried, nieg@LAB-MX-PE5# show interfaces ge-1/1/0.601 encapsulation vlan-ccc; vlan-id 601 input-vlan-map pop; output-vlan-map push; [edit] nieg@LAB-MX-PE5# show protocols l2circuit neighbor 10.20.0.2 { interface ge-1/1/0.601 { virtual-circuit-id 6012; } } Cisco side: interface GigabitEthernet0/1.610 encapsulation dot1Q 610 xconnect 10.20.0.5 6012 encapsulation mpls end even tried as per the config you asked for but still the same result, VC stays up but no data flowing nieg@LAB-MX-PE5# run show l2circuit connections extensive Neighbor: 10.20.0.2 Interface Type St Time last up # Up trans ge-1/1/0.601(vc 6012) rmt Up Nov 1 17:50:20 2012 1 Remote PE: 10.20.0.2, Negotiated control-word: Yes (Null) Incoming label: 299792, Outgoing label: 40 Negotiated PW status TLV: No Local interface: ge-1/1/0.601, Status: Up, Encapsulation: VLAN Connection History: Nov 1 17:50:20 2012 status update timer Nov 1 17:50:20 2012 PE route changed Nov 1 17:50:20 2012 Out lbl Update40 Nov 1 17:50:20 2012 In lbl Update 299792 Nov 1 17:50:20 2012 loc intf up ge-1/1/0.601 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Juniper MX5 vs Brocade CER
I replaced some months ago a 7600-SUP32 with one Brocade CER2024 and I was very satisfied about their performance. Some features tested by me: bgp. Ospf, ldp, mpls, vrf, eompls, spanning-tree,ipv6, wire speed 10G ports. The olny feature not supported at that time was ipv6 in vrf,but they promised this will be supported this year. On Mon, Oct 22, 2012 at 5:12 AM, Jerry Jones jjo...@danrj.com wrote: Number of 10G ports just knocked the CER out of consideration for a customer of mine. Also if you want to do any services such as BRAS which many 7200 are used for, then Juniper is a clear winner. On Oct 21, 2012, at 8:55 PM, Skeeve Stevens skeeve+juniper...@eintellego.net wrote: Hey all, I have a customer asking us about upgrading their border routers. They currently use Cisco 7200's. We obviously have been recommending Juniper, but they've been looking around and have come back to us asking us about the Brocade CER200-RT units. By the specs and price, they certainly look good, but they are asking us 'why not' ? So beyond all the website/vendor marketing hype... is there anything that people have had experience with that would help me guide them towards Juniper? Or are these units just too good to beat? ...Skeeve * * *Skeeve Stevens, CEO - *eintellego Pty Ltd ske...@eintellego.net ; www.eintellego.net Phone: 1300 753 383; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellego ; http://twitter.com/networkceoau linkedin.com/in/skeeve twitter.com/networkceoau ; blog: www.network-ceo.net The Experts Who The Experts Call Juniper - Cisco – IBM - Cloud ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 6pe between Cisco and Juniper
and move all the traffic through RR? :) On Tue, Sep 4, 2012 at 4:47 PM, Olivier Benghozi olivier.bengh...@wifirst.fr wrote: Maybe you could try to configure next-hop-self on the Cisco's side, on all AFI? Le 4 sept. 2012 à 13:12, Mihai Gabriel a écrit : You are partially right. The bgp session is established without inet6-unicast capability advertised by Juniper, but as soon as Juniper receives an ipv6 prefix with a native ipv6 next-hop from Cisco, it will immediately close the session . My Cisco router is a route reflector with a lot of clients and some of them are advertising ipv6 prefixes with a native ipv6 next-hop and also ipv4 prefixes.In this setup,closing the session will affect all services.. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] 6pe between Cisco and Juniper
Hello, Did any of you manage to configure a bgp session between Cisco and Juniper using family inet6 labeled-unicast on Juniper? I am trying to configure 6PE but the bgp session does not come up because Juniper does not send ipv6-unicast capabity to Cisco Juniper config: group test { type internal; local-address 10.10.10.10; import pol-reject-any; family inet { unicast; } family inet6 { labeled-unicast { explicit-null; } } export pol-reject-any; neighbor 10.10.10.20; Cisco config: neighbor test peer-group neighbor test remote-as 65500 neighbor test update-group loopback0 address-family ipv4 neighbor test send-community neighbor test send-label neighbor 10.10.10.10 activate address-family ipv6 neighbor test send-community neighbor test send-label neighbor 10.10.10.10 activate and the error: Sep 3 17:33:31 juniper rpd[2115]: bgp_process_caps: mismatch NLRI with 10.10.10.20 (Internal AS 65500): peer: inet-unicast inet6-unicast inet6-labeled-unicast(273) us: inet-unicast inet6-labeled-unicast(257) Any advice? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 6pe between Cisco and Juniper
I thought so,but Juniper doesn't let me : juniper# commit check re0: [edit protocols] 'bgp' Error in neighbor 10.10.10.20 of group test: peer cannot have both inet6 unicast and inet6 labeled-unicast nlri On Mon, Sep 3, 2012 at 6:22 PM, Colby Barth cba...@juniper.net wrote: Mihai- Based on the error message: peer: inet-unicast inet6-unicast inet6-labeled-unicast(273) us: inet-unicast inet6-labeled-unicast(257) You need to enable the unicast address family under ipv6 set protocols bgp group test family inet6 unicast -cb On Sep 3, 2012, at 11:04 AM, Mihai Gabriel wrote: Hello, Did any of you manage to configure a bgp session between Cisco and Juniper using family inet6 labeled-unicast on Juniper? I am trying to configure 6PE but the bgp session does not come up because Juniper does not send ipv6-unicast capabity to Cisco Juniper config: group test { type internal; local-address 10.10.10.10; import pol-reject-any; family inet { unicast; } family inet6 { labeled-unicast { explicit-null; } } export pol-reject-any; neighbor 10.10.10.20; Cisco config: neighbor test peer-group neighbor test remote-as 65500 neighbor test update-group loopback0 address-family ipv4 neighbor test send-community neighbor test send-label neighbor 10.10.10.10 activate address-family ipv6 neighbor test send-community neighbor test send-label neighbor 10.10.10.10 activate and the error: Sep 3 17:33:31 juniper rpd[2115]: bgp_process_caps: mismatch NLRI with 10.10.10.20 (Internal AS 65500): peer: inet-unicast inet6-unicast inet6-labeled-unicast(273) us: inet-unicast inet6-labeled-unicast(257) Any advice? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Problem with L3VPN
vrf-table-label missing? On Thu, Aug 30, 2012 at 10:44 AM, Johan Borch johan.bo...@gmail.com wrote: Hi I have a problem with getting traffic to flow between L3VPN VRF's, I can see LSP's ingress egress, routes are installed in both VRF's but I can't get any traffic got pass if I try to ping from on the VRF to the other. Ideas what this could be? Regards Johan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] bgp regexp
Hello, I am reading the bgp regexp examples on Juniper site ( http://www.juniper.net/techpubs/en_US/junos10.2/topics/usage-guidelines/policy-configuring-as-path-regular-expressions-to-use-as-routing-policy-match-conditions.html) and I cannot understand this sentence: Path whose second AS number might be 56 or 78: dot (56 | 78)? The matching is: 1234 78 39 or 794 78 2 How could this regexp match 1234 78 39 when there is not at least a dot at the end of expression? Regards, ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] mpls node-protection: LSP down
This is the topology: http://img52.imageshack.us/img52/5512/avpn.png Sorry On Fri, Aug 10, 2012 at 11:57 AM, Mihai Gabriel mihaigabr...@gmail.comwrote: Hello, I am trying to test the node-protection feature in a lab using an MX5 router with logical-systems and I can't find the reason why is not working.The topology I use is here: http://imageshack.us/photo/my-images/849/avpn.png/ All routers are configured for mls,rsvp,ospf,link-protection, but when I disable the interface between P1 and PE1, the LSP between PE1 and PE2 goes down and stay that way: Before disabling the interface: mumulox@mx5t show mpls lsp logical-system PE1 extensive Ingress LSP: 1 sessions 192.168.1.2 From: 192.168.1.1, State: Up, ActiveRoute: 0, LSPname: pe1-to-pe2 ActivePath: strict-path (primary) Node/Link protection desired LSPtype: Static Configured LoadBalance: Random Encoding type: Packet, Switching type: Packet, GPID: IPv4 Revert timer: 1 *Primary strict-path State: Up Priorities: 7 0 OptimizeTimer: 1 SmartOptimizeTimer: 2 Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt 20=Node-ID): 192.168.5.1(flag=0x29) 172.22.210.2(flag=9 Label=301600) 192.168.5.2(flag=0x29) 172.22.201.2(flag=9 Label=301472) 192.168.5.3(flag=0x21) 172.22.206.2(flag=1 Label=301200) 192.168.1.2(flag=0x20) 172.22.212.1(Label=3) mumulox@mx5t show mpls path strict-path logical-system PE1 Path nameAddress strict/loose if-id strict-path 172.22.210.2strictempty mumulox@mx5t show rsvp session logical-system PE1 Ingress RSVP: 2 sessions To FromState Rt Style Labelin Labelout LSPname 192.168.1.2 192.168.1.1 Up 0 1 SE - 301600 pe1-to-pe2 192.168.5.2 192.168.1.1 Up 0 1 SE - 301296 Bypass-172.22.210.2-172.22.201.2 Total 2 displayed, Up 2, Down 0 mumulox@mx5t show route table inet.3 logical-system PE1 192.168.1.2 extensive inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) 192.168.1.2/32 (1 entry, 1 announced) State: FlashAll *RSVP Preference: 7/1 Next hop type: Router, Next hop index: 1048577 Address: 0x2c74010 Next-hop reference count: 7 Next hop: 172.22.210.2 via ge-1/1/7.100 weight 0x1, selected Label-switched-path pe1-to-pe2 Label operation: Push 301600 Label TTL action: prop-ttl Next hop: 172.22.211.2 via ge-1/1/7.104 weight 0x8001 Label-switched-path Bypass-172.22.210.2-172.22.201.2 Label operation: Push 301472, Push 301296(top) Label TTL action: prop-ttl, prop-ttl(top) State: Active Int Local AS: 65512 Age: 4:33 Metric: 4 Task: RSVP Announcement bits (1): 1-Resolve tree 1 AS path: I After disabling the interface: mumulox@mx5t show mpls lsp extensive logical-system PE1 Ingress LSP: 1 sessions 192.168.1.2 From: 192.168.1.1, State: Dn, ActiveRoute: 0, LSPname: pe1-to-pe2 ActivePath: (none) Node/Link protection desired LSPtype: Static Configured LoadBalance: Random Encoding type: Packet, Switching type: Packet, GPID: IPv4 Revert timer: 1 Primary strict-path State: Dn Priorities: 7 0 OptimizeTimer: 1 SmartOptimizeTimer: 2 199 Aug 10 12:04:44.607 Deselected as active 198 Aug 10 12:04:44.607 172.22.205.1: Non-RSVP capable router detected 197 Aug 10 12:04:44.607 Link-protection Down 196 Aug 10 12:04:44.606 Session preempted 195 Aug 10 12:04:44.504 172.22.210.1: Tunnel local repaired 194 Aug 10 12:04:44.504 172.22.210.1: Down 198 Aug 10 12:04:44.607 172.22.205.1: Non-RSVP capable router detected seems to be very clear,but it is not, because all routers are rsvp enabled mumulox@mx5t show rsvp neighbor logical-system P2 RSVP neighbor: 3 learned AddressIdle Up/Dn LastChange HelloInt HelloTx/Rx MsgRcvd 172.22.201.1 0 13/12 23:491 84288/84248 2908 172.22.206.2 0 1/0 2d 20:02:201 92707/92707 4944 172.22.205.2 0 1/0 2d 18:30:331 92114/92114 6789 Any advice? Thanks ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] MX5-T logical-routers question
Hello, I am trying to test some features with an MX5-T router with logical-systems but my results are below expectations and I don't understand what's wrong. The topology and the config are very simple: R1 --- R2 ---R3 : mx5t# run show version Hostname: mx5t Model: mx5-t JUNOS Base OS boot [11.4R2.14] JUNOS Base OS Software Suite [11.4R2.14] JUNOS Kernel Software Suite [11.4R2.14] JUNOS Packet Forwarding Engine Support (MX80) [11.4R2.14] JUNOS Online Documentation [11.4R2.14] JUNOS Routing Software Suite [11.4R2.14] mx5t# show chassis fpc 1 { pic 0 { tunnel-services { bandwidth 1g; } inactive: adaptive-services { service-package layer-2; } } pic 1 { tunnel-services { bandwidth 1g; } } } network-services ip; mx5t# show R1 interfaces { lt-1/1/10 { unit 12 { encapsulation ethernet; peer-unit 21; family inet { address 10.10.10.1/24; } family iso; family mpls; } } lo0 { unit 1000 { family inet { address 1.1.1.1/32; } family iso { address 49.0001...00; } } } } protocols { rsvp { interface all; } mpls { label-switched-path mihai { to 3.3.3.3; no-cspf; } interface all; } isis { interface all; } } mx5t# show R2 interfaces { lt-1/1/10 { unit 21 { encapsulation ethernet; peer-unit 12; family inet { address 10.10.10.2/24; } family iso; family mpls; } unit 23 { encapsulation ethernet; peer-unit 32; family inet { address 10.10.20.2/24; } family iso; family mpls; } } lo0 { unit 1001 { family inet { address 2.2.2.2/32; } family iso { address 49.0001...00; } } } } protocols { rsvp { interface all; } mpls { interface all; } isis { interface all; } } mx5t# show R3 interfaces { lt-1/1/10 { unit 32 { encapsulation ethernet; peer-unit 23; family inet { address 10.10.20.3/24; } family iso; family mpls; } } lo0 { unit 1003 { family inet { address 3.3.3.3/24; } family iso { address 49.0001...00; } } } } protocols { rsvp { interface all; } mpls { interface all; } isis { interface all; } } While a ping from R1 loopback to R3 loopback is successful , a traceroute from R1 to R3 doesn't show the transit router R2 (I tried with and without mpls), and a lsp from R1 to R3 is failing to come up. x5t# run show route logical-system R1 inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1.1.1.1/32 *[Direct/0] 01:07:53 via lo0.1000 2.2.2.2/32 *[IS-IS/15] 01:02:44, metric 10 to 10.10.10.2 via lt-1/1/10.12 3.3.3.0/24 *[IS-IS/15] 01:02:20, metric 20 to 10.10.10.2 via lt-1/1/10.12 3.3.3.3/32 *[IS-IS/15] 01:02:20, metric 20 to 10.10.10.2 via lt-1/1/10.12 10.10.10.0/24 *[Direct/0] 01:07:53 via lt-1/1/10.12 10.10.10.1/32 *[Local/0] 01:07:53 Local via lt-1/1/10.12 10.10.20.0/24 *[IS-IS/15] 01:02:44, metric 20 to 10.10.10.2 via lt-1/1/10.12 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 49.0001../56 *[Direct/0] 01:02:59 via lo0.1000 mpls.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0 *[MPLS/0] 01:00:09, metric 1 Receive 1 *[MPLS/0] 01:00:09, metric 1 Receive 2 *[MPLS/0] 01:00:09, metric 1 Receive mx5t# run show route logical-system R2 inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1.1.1.1/32 *[IS-IS/15] 01:03:04, metric 10 to 10.10.10.1 via lt-1/1/10.21 2.2.2.2/32 *[Direct/0] 01:08:13 via lo0.1001 3.3.3.0/24 *[IS-IS/15] 01:02:40, metric 10 to 10.10.20.3 via lt-1/1/10.23 3.3.3.3/32 *[IS-IS/15] 01:02:40,
Re: [j-nsp] MX5-T logical-routers question
Using a physical loop with vlans solved the problem according with your suggestion. Thank you all for help! Regards On Tue, May 22, 2012 at 4:58 PM, Magnus Bergroth bergr...@nordu.net wrote: Juniper has a bug in their LT interface implementation on MX80 in 11.4, that misses to decrement ttl on logical tunnel interfaces. That's why you don't see R2 in the traceroute. They haven't released in which version they are going to fix it yet. Kindly Magnus On 2012-05-22 14:32, Mihai Gabriel wrote: Hello, I am trying to test some features with an MX5-T router with logical-systems but my results are below expectations and I don't understand what's wrong. The topology and the config are very simple: R1 --- R2 ---R3 : mx5t# run show version Hostname: mx5t Model: mx5-t JUNOS Base OS boot [11.4R2.14] JUNOS Base OS Software Suite [11.4R2.14] JUNOS Kernel Software Suite [11.4R2.14] JUNOS Packet Forwarding Engine Support (MX80) [11.4R2.14] JUNOS Online Documentation [11.4R2.14] JUNOS Routing Software Suite [11.4R2.14] mx5t# show chassis fpc 1 { pic 0 { tunnel-services { bandwidth 1g; } inactive: adaptive-services { service-package layer-2; } } pic 1 { tunnel-services { bandwidth 1g; } } } network-services ip; mx5t# show R1 interfaces { lt-1/1/10 { unit 12 { encapsulation ethernet; peer-unit 21; family inet { address 10.10.10.1/24; } family iso; family mpls; } } lo0 { unit 1000 { family inet { address 1.1.1.1/32; } family iso { address 49.0001...00; } } } } protocols { rsvp { interface all; } mpls { label-switched-path mihai { to 3.3.3.3; no-cspf; } interface all; } isis { interface all; } } mx5t# show R2 interfaces { lt-1/1/10 { unit 21 { encapsulation ethernet; peer-unit 12; family inet { address 10.10.10.2/24; } family iso; family mpls; } unit 23 { encapsulation ethernet; peer-unit 32; family inet { address 10.10.20.2/24; } family iso; family mpls; } } lo0 { unit 1001 { family inet { address 2.2.2.2/32; } family iso { address 49.0001...00; } } } } protocols { rsvp { interface all; } mpls { interface all; } isis { interface all; } } mx5t# show R3 interfaces { lt-1/1/10 { unit 32 { encapsulation ethernet; peer-unit 23; family inet { address 10.10.20.3/24; } family iso; family mpls; } } lo0 { unit 1003 { family inet { address 3.3.3.3/24; } family iso { address 49.0001...00; } } } } protocols { rsvp { interface all; } mpls { interface all; } isis { interface all; } } While a ping from R1 loopback to R3 loopback is successful , a traceroute from R1 to R3 doesn't show the transit router R2 (I tried with and without mpls), and a lsp from R1 to R3 is failing to come up. x5t# run show route logical-system R1 inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1.1.1.1/32 *[Direct/0] 01:07:53 via lo0.1000 2.2.2.2/32 *[IS-IS/15] 01:02:44, metric 10 to 10.10.10.2 via lt-1/1/10.12 3.3.3.0/24 *[IS-IS/15] 01:02:20, metric 20 to 10.10.10.2 via lt-1/1/10.12 3.3.3.3/32 *[IS-IS/15] 01:02:20, metric 20 to 10.10.10.2 via lt-1/1/10.12 10.10.10.0/24 *[Direct/0] 01:07:53 via lt-1/1/10.12 10.10.10.1/32 *[Local/0] 01:07:53 Local via lt-1/1/10.12 10.10.20.0/24 *[IS-IS/15] 01:02:44, metric 20 to 10.10.10.2 via lt-1/1/10.12 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 49.0001../56