Re: [j-nsp] SRX MPLS
I saw the following exceptions for SRX-series: VPLS multihoming, which allows connecting a CE device to multiple PE routers to provide redundant connectivity, is not supported on J Series or SRX Series devices I'm going to have two SRX's on each site and using vrrp between them, will I hit this exception then? Regards Johan On Wed, Aug 15, 2012 at 5:11 PM, Phil Mayers p.may...@imperial.ac.ukwrote: On 15/08/12 15:29, Johan Borch wrote: Hi, I have a design question regarding MPLS. I'm planning to create a MPLS rings with 4-8 SRX240 devices in packet mode and the main purpose is L3VPN/VPLS p1-p2-p3-p4-p5-p1 (p5 connects back to p1) My budget is low for this and the srx240 is cheap, we will push max 1Gbps. That should be ok. I've had hundreds of megabits of MPLS out of the SRX210. For example in some sites there will be two SRX and the plan is to use these two as P/PE and use VRRP for customer equipment. At the same time they will be P routers for other sites. Example site: P1P3-P4--P5 \ / (vrrp) Customer equipment Do I make any sense? Will this work? :) Should do. We use them in similar (but not identical) configurations. I've never tested VRRP on them, however. __**_ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/**mailman/listinfo/juniper-nsphttps://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX MPLS
Err VPLS Implies Layer 2 only. Where is the VRP runninng in-between? Are you doing vlan-id inside the VPLS instance for normalization, then binding an irb.x into it? I dont think that works in SRX/J either. (l3 within VPLS). - CK. On 2012-08-23, at 6:39 PM, Johan Borch wrote: VPLS multihoming, which allows connecting a CE device to multiple PE routers to provide redundant connectivity, is not supported on J Series or SRX Series devices I'm going to have two SRX's on each site and using vrrp between them, will I hit this exception then? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX MPLS
Your'e right of course :) My question was more how the VPLS multihoming will affect this setup. Regards Johan On Thu, Aug 23, 2012 at 11:21 AM, Chris Kawchuk juniperd...@gmail.comwrote: Err VPLS Implies Layer 2 only. Where is the VRP runninng in-between? Are you doing vlan-id inside the VPLS instance for normalization, then binding an irb.x into it? I dont think that works in SRX/J either. (l3 within VPLS). - CK. On 2012-08-23, at 6:39 PM, Johan Borch wrote: VPLS multihoming, which allows connecting a CE device to multiple PE routers to provide redundant connectivity, is not supported on J Series or SRX Series devices I'm going to have two SRX's on each site and using vrrp between them, will I hit this exception then? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX MPLS
Shouldn't affect it in the classical BGP active./backup sense; only 1 'vrf' is active in a multi-homing BGP setup. However, since the SRX/J doesn't do that, both will end up being active - You'll need a way to suppress one of them from getting any traffic. Perhaps think about using an EX4200 underneath using an RTG to each SRX at layer 2 to prevent the loop. Should have zero effect on vrrp/layer-3 stuff. - CK. On 23/08/2012, at 7:47 PM, Johan Borch johan.bo...@gmail.com wrote: Your'e right of course :) My question was more how the VPLS multihoming will affect this setup. Regards Johan On Thu, Aug 23, 2012 at 11:21 AM, Chris Kawchuk juniperd...@gmail.com wrote: Err VPLS Implies Layer 2 only. Where is the VRP runninng in-between? Are you doing vlan-id inside the VPLS instance for normalization, then binding an irb.x into it? I dont think that works in SRX/J either. (l3 within VPLS). - CK. On 2012-08-23, at 6:39 PM, Johan Borch wrote: VPLS multihoming, which allows connecting a CE device to multiple PE routers to provide redundant connectivity, is not supported on J Series or SRX Series devices I'm going to have two SRX's on each site and using vrrp between them, will I hit this exception then? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX MPLS
Hi, I have a design question regarding MPLS. I'm planning to create a MPLS rings with 4-8 SRX240 devices in packet mode and the main purpose is L3VPN/VPLS p1-p2-p3-p4-p5-p1 (p5 connects back to p1) My budget is low for this and the srx240 is cheap, we will push max 1Gbps. For example in some sites there will be two SRX and the plan is to use these two as P/PE and use VRRP for customer equipment. At the same time they will be P routers for other sites. Example site: P1P3-P4--P5 \ / (vrrp) Customer equipment Do I make any sense? Will this work? :) Regards Johan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX MPLS
On 15/08/12 15:29, Johan Borch wrote: Hi, I have a design question regarding MPLS. I'm planning to create a MPLS rings with 4-8 SRX240 devices in packet mode and the main purpose is L3VPN/VPLS p1-p2-p3-p4-p5-p1 (p5 connects back to p1) My budget is low for this and the srx240 is cheap, we will push max 1Gbps. That should be ok. I've had hundreds of megabits of MPLS out of the SRX210. For example in some sites there will be two SRX and the plan is to use these two as P/PE and use VRRP for customer equipment. At the same time they will be P routers for other sites. Example site: P1P3-P4--P5 \ / (vrrp) Customer equipment Do I make any sense? Will this work? :) Should do. We use them in similar (but not identical) configurations. I've never tested VRRP on them, however. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX MPLS
Phill, Could ou please share some juniper links or configurations on how about to configure SRX boxes with MPLS in a RING topology ? Are you using L3 MPLS VPN or L2 VPLS or EoMPLS ? Is it possible to share some configurations or links ? Thanks a lot, Giuliano On 15/08/12 15:29, Johan Borch wrote: Hi, I have a design question regarding MPLS. I'm planning to create a MPLS rings with 4-8 SRX240 devices in packet mode and the main purpose is L3VPN/VPLS p1-p2-p3-p4-p5-p1 (p5 connects back to p1) My budget is low for this and the srx240 is cheap, we will push max 1Gbps. That should be ok. I've had hundreds of megabits of MPLS out of the SRX210. For example in some sites there will be two SRX and the plan is to use these two as P/PE and use VRRP for customer equipment. At the same time they will be P routers for other sites. Example site: P1P3-P4--P5 \ / (vrrp) Customer equipment Do I make any sense? Will this work? :) Should do. We use them in similar (but not identical) configurations. I've never tested VRRP on them, however. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX MPLS
On 15/08/12 16:50, GIULIANO (WZTECH) wrote:
Phill,
Could ou please share some juniper links or configurations on how about
to configure SRX boxes with MPLS in a RING topology ?
Sure.
I'm assuming you have a basic Juniper layer3 provider core configured.
In particular, you'll want an IGP (OSPF, IS-IS) and BGP configured, as
well as basic addressing. In other words, something like this:
interfaces {
ge-0/0/0 {
description faces other routers;
mtu 2000;
unit 0 {
family inet {
address 192.0.2.1/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.0.2.100/32;
}
}
}
}
routing-options {
router-id 192.0.2.100;
}
protocols {
bgp {
local-as 65000;
group Core {
type internal;
family inet {
any;
}
peer-as 65000;
neighbor 192.0.2.101;
neighbor ...;
neighbor 192.0.2.102;
}
}
ospf {
area 0.0.0.0 {
interface ge-0/0/0.0 {
interface-type p2p;
}
interface lo0.0 {
passive;
}
}
}
}
You then need to add MPLS:
interfaces {
ge-0/0/0 {
unit 0 {
family mpls;
}
}
}
protocols {
mpls {
interface ge-0/0/0.0;
}
ldp {
interface ge-0/0/0.0;
}
bgp {
group Core {
family inet-vpn {
any;
}
}
}
}
Finally, on the SRX you need to enable packet mode:
security {
zones {
security-zone zone_default {
host-inbound-traffic {
system-services {
all;
}
}
interfaces {
all;
}
}
}
forwarding-options {
family {
inet6 {
mode packet-based;
}
mpls {
mode packet-based;
}
}
}
}
...and reboot. Once that's done, you can add a layer 3 VPN:
interfaces {
ge-0/0/1 {
vlan-tagging;
unit 100 {
vlan-id 100;
family inet {
address 192.168.1.1/24;
}
}
}
}
routing-instances {
PROD {
instance-type vrf;
interface ge-0/0/1.100;
route-distinguisher 65000:1;
vrf-target target:65000:1;
vrf-table-label;
}
}
Are you using L3 MPLS VPN or L2 VPLS or EoMPLS ?
We use L3VPN. I've tested EoMPLS, but I don't have a configuration to hand.
I haven't tested VPLS on the SRX.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX MPLS
Johan, You might want to know that VRRPv6 isn't supported on the branch SRX so if you need IPv6 resiliency, you're out of luck. If you need both v4 and v6 node resiliency, the only way to do it now is clustering which is a whole different beast altogether. On Aug 15, 2012, at 10:29 PM, Johan Borch wrote: Hi, I have a design question regarding MPLS. I'm planning to create a MPLS rings with 4-8 SRX240 devices in packet mode and the main purpose is L3VPN/VPLS p1-p2-p3-p4-p5-p1 (p5 connects back to p1) My budget is low for this and the srx240 is cheap, we will push max 1Gbps. For example in some sites there will be two SRX and the plan is to use these two as P/PE and use VRRP for customer equipment. At the same time they will be P routers for other sites. Example site: P1P3-P4--P5 \ / (vrrp) Customer equipment Do I make any sense? Will this work? :) Regards Johan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
