Re: [j-nsp] RVSP signaled L3VPN and RRs

[raf]

Le 18/08/2016 à 18:42, Olivier Benghozi a écrit :

As the design is currently broken, it should be fixed anyway ; and if your 
loopbacks are already in the IGP, it should just work.



I finally take the courage to fix my RRs configuration and (surprise) 
all is working fine by now.


--
Raphael Mazelier

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] RVSP signaled L3VPN and RRs

[Olivier Benghozi]

As the design is currently broken, it should be fixed anyway ; and if your 
loopbacks are already in the IGP, it should just work.

> Le 18 août 2016 à 18:20, raf  a écrit :
> 
> Le 18/08/2016 à 18:00, Olivier Benghozi a écrit :
>> One must not use NHS for all routes on an RR, but only for external routes :)
> 
> Agreed but what if I don't have the opportunity/time/spunk to change this 
> behavior ?

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] RVSP signaled L3VPN and RRs

[raf]

Le 18/08/2016 à 18:00, Hugo Slabbert a écrit :

On Thu 2016-Aug-18 17:13:09 +0200, raf  wrote:





Picking the Ps are RRs seems weird.  Generally your Ps would just be in
the IGP but be BGP free.  There's nothing "wrong" with it per se, it's
just an odd choice as generally you want your Ps to be lightweight and
just label-switch without carrying heavy tables, whereas making them RRs
means a bunch of RE utilization, which is the opposite of that objective.


Completely agree. If I had to restart from scratch I will certainly 
separate Ps and use virtual RRs.


The NHS choice on the RRs is also an odd one.  Again, it's not
necessarily "wrong" but it's not a standard choice and could lead to
interesting behaviours.  That your saying you couldn't easily take off
NHS from the RRs makes me wonder what the constraints are there.





If this were my environment, I'd want to take a step back and consider
why I'm doing in-path RRs on P routers when I also appear to have
constraints on that choice (not being able to toggle NHS easily) that
could make my life more difficult.



Also agree, but unfortunately I do not have much time left on this 
network...


--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] RVSP signaled L3VPN and RRs

[raf]

Le 18/08/2016 à 18:00, Olivier Benghozi a écrit :

One must not use NHS for all routes on an RR, but only for external routes :)

policy-statement next-hop-self {
term iBGP {
from {
protocol bgp;
route-type internal;
}
then next policy;
}
term default {
then {
next-hop self;
}
}
}




Agreed but what if I don't have the opportunity/time/spunk to change 
this behavior ?



--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] RVSP signaled L3VPN and RRs

[Olivier Benghozi]

One must not use NHS for all routes on an RR, but only for external routes :)

policy-statement next-hop-self {
term iBGP {
from {
protocol bgp;
route-type internal;
}
then next policy;
}
term default {
then {
next-hop self;
}
}
}


> Le 18 août 2016 à 17:46, raf  a écrit :
> 
> Hum my RRs do NHS, and I don't think I could easily change this.
> Without NHS this is effectively not needed as I already have the loopbacks of 
> all my PEs in inet.3 populated via RSVP.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] RVSP signaled L3VPN and RRs

[Hugo Slabbert]

On Thu 2016-Aug-18 17:13:09 +0200, raf  wrote:


Hello list,

I know this topic has already discussed here but I got some trouble 
in getting these working properly.


I got a simple topology consisting of 4 PE routers, and 2 P routers 
acting as in-path RRs.


Picking the Ps are RRs seems weird.  Generally your Ps would just be in the 
IGP but be BGP free.  There's nothing "wrong" with it per se, it's just an 
odd choice as generally you want your Ps to be lightweight and just 
label-switch without carrying heavy tables, whereas making them RRs means a 
bunch of RE utilization, which is the opposite of that objective.


The NHS choice on the RRs is also an odd one.  Again, it's not necessarily 
"wrong" but it's not a standard choice and could lead to interesting 
behaviours.  That your saying you couldn't easily take off NHS from the RRs 
makes me wonder what the constraints are there.


If this were my environment, I'd want to take a step back and consider why 
I'm doing in-path RRs on P routers when I also appear to have constraints 
on that choice (not being able to toggle NHS easily) that could make my 
life more difficult.



For whatever reason I want to use RSVP as LSP signaling protocol.
I configured a full mesh of LSPs between PE only.

So there is a problem in resolving route of my L3vpn as there is no 
route in inet.3 for my RRs.


I've changed resolution of bgp.inet.0 to inet.0 on RRs and PEs.
(I ve read this is not the only method, but I don't to deploy LDP or 
to make LSPs between P and PEs).


It help and I can see all routing tables populated.

However I ve got strange issues resulting in data path being broken, 
but not on all VRFs ?! and lot of logs like this "Couldn't find MPLS 
tunnel for NH id"


What I've missed ?

--
Raphael Mazelier


--
Hugo Slabbert   | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E   | also on Signal



signature.asc
Description: Digital signature
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] RVSP signaled L3VPN and RRs

[Daniel Verlouw]

On Thu, Aug 18, 2016 at 5:46 PM, raf  wrote:
> Hum my RRs do NHS, and I don't think I could easily change this.

if your RRs do NHS for l3vpn routes, it will break the fowarding path;
- in your scenario, your PEs don't have RSVP LSPs towards your RRs
- and even if they would (for example if you run LDP on your RRs):
your RRs don't have VRFs, so the inner VPN label lookup would fail

> Without NHS this is effectively not needed as I already have the loopbacks
> of all my PEs in inet.3 populated via RSVP.

PEs have inet.3 populated via RSVP in your case, the RRs don't. That's
why you change the RIB resolution for bgp.l3vpn.0 on the RRs, so it
can correctly resolve and reflect the l3vpn routes. You don't change
the resolution on the PEs, because you want them to use the RSVP LSPs
in inet.3

  --Daniel.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] RVSP signaled L3VPN and RRs

[raf]

Le 18/08/2016 à 17:35, Daniel Verlouw a écrit :

Hi,

you only need to do this on your RRs, not on your PEs. And make sure
your RRs don't set NHS.



Hum my RRs do NHS, and I don't think I could easily change this.
Without NHS this is effectively not needed as I already have the 
loopbacks of all my PEs in inet.3 populated via RSVP.


--
Raphael Mazelier


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] RVSP signaled L3VPN and RRs

[Daniel Verlouw]

Hi,

On Thu, Aug 18, 2016 at 5:13 PM, raf  wrote:
> I've changed resolution of bgp.inet.0 to inet.0 on RRs and PEs.

you only need to do this on your RRs, not on your PEs. And make sure
your RRs don't set NHS.

  --Daniel.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] RVSP signaled L3VPN and RRs

[raf]

Le 18/08/2016 à 17:16, Olivier Benghozi a écrit :

Did you set protocols mpls traffic-engineering mpls-forwarding ?



Not yet. I will try.
I understand that this option is for install LSPs in inet.0 for 
forwarding only (and not for route resolution).

This is good, but why it is needed ?

--
Raphael Mazelier



___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] RVSP signaled L3VPN and RRs

[Olivier Benghozi]

Did you set protocols mpls traffic-engineering mpls-forwarding ?

> Le 18 août 2016 à 17:13, raf  a écrit :
> 
> So there is a problem in resolving route of my L3vpn as there is no route in 
> inet.3 for my RRs.

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] RVSP signaled L3VPN and RRs

[raf]

Hello list,

I know this topic has already discussed here but I got some trouble in 
getting these working properly.


I got a simple topology consisting of 4 PE routers, and 2 P routers 
acting as in-path RRs.


For whatever reason I want to use RSVP as LSP signaling protocol.
I configured a full mesh of LSPs between PE only.

So there is a problem in resolving route of my L3vpn as there is no 
route in inet.3 for my RRs.


I've changed resolution of bgp.inet.0 to inet.0 on RRs and PEs.
(I ve read this is not the only method, but I don't to deploy LDP or to 
make LSPs between P and PEs).


It help and I can see all routing tables populated.

However I ve got strange issues resulting in data path being broken, but 
not on all VRFs ?! and lot of logs like this "Couldn't find MPLS tunnel 
for NH id"


What I've missed ?

--
Raphael Mazelier
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp