Re: [j-nsp] 6PE and BGP signaled lsps
Dear All,
First of all thank you for all message on and off list. I think I got this
working now. I have simplified the topology (but it works on the initial
topology as well)
R1 - R2 - R3 - R4 - R5
rsvp full mesh on R1, R2 and R3
ldp full mesh on R3, R4 and R5
we want to establish a bgp signaled lsp from R1 to R5 and use it for 6PE or any
kind of VPN
There were a few points I was missing or at least was not totaly clear about.
1. R3 as a route reflector must have family inet6 enabled on its core facing
interfaces as it terminates 6PE tunnels and receives packets labeled with
implicit ipv6 null label (label 2) and therefore must be able to process ipv6
packets after popping the label
2. You do not need to add the rib-groups knob to the family inet6 labeled
unicast statement it is the rib knob. Unfortunately the statement is hidden
in my version (10.4R8) or at least does not autocomplete so I did not notice my
error right away.
set family inet6 labeled-unicast rib?
Possible completions:
rib-groupRouting table group
= only completion is rib-group
set family inet6 labeled-unicast rib inet.3
= does work and gives us
family inet6 {
labeled-unicast {
rib {
inet.3;
}
explicit-null;
}
}
Also note that it reads rib inet.3 although it places the routes in inet6.3
rib and also is referenced as inet6.3 in the documentation i posted in my first
mail [1]
3. I got the RR to announce the mapped v4 (:::x.x.x..x) prefixes which were
locally generated via labeled bgp to the RR clients. Unfortunately I was not
able to use this next-hops for forwarding (even with nex-hop self policy in the
edges). All Routing and forwarding entries looked fine across all routers but I
could not get traffic across.
What I did instead was assigning an inet6 loopback manually to R1 and R5 and
advertising these loopbacks via inet6 labeled-unicast. In the next step I
applied a policy to change the next hop for all inet6 prefixe to map to this
loopbacks and everything was working fine.
As R1/R5 were (for some reason) not generating the mapped loopback on their own
my guess is that it just does not work in a labeled bgp scenario. Also this is
what is done in the config example in scaling with labeled bgp guide [1]
4. Unfortunately there is no inet6 equivalent to icmp-tunneling for mpls. These
makes troubleshooting a bit hard as you have no clue where a packet might get
stuck while going through the mpls cloud.
So putting it all together i now use the following configuration. With this
configuration i can now use the bgp signaled lsp for plain IP, 6PE and any kind
of VPNs (I have tested L2VPN, L2circuit, L3VPN and VPLS)
## R1/R5
# bgp
group ibgp {
type internal;
local-address R1/R5
import prefer-inet.3;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
family inet6 {
unicast;
labeled-unicast {
rib {
inet.3;
}
explicit-null;
}
}
export [ export-inet3 nhs nhs6 ];
neighbor R3
}
#policy
policy-statement export-inet3 {
term one {
from {
protocol direct;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then accept;
}
term two {
from {
protocol direct;
route-filter ::/0 prefix-length-range /128-/128;
}
then accept;
}
}
policy-statement nhs {
then {
next-hop self;
}
}
policy-statement nhs6 {
from {
family inet6;
rib inet6.0;
}
then {
next-hop inet6_loopback_of_R1/R3
}
}
policy-statement prefer-inet.3 {
term inet {
from {
rib inet.3;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
preference 9;
accept;
}
}
term inet6 {
from {
rib inet6.3;
route-filter ::/0 prefix-length-range /128-/128;
}
then {
preference 9;
accept;
}
}
}
policy-statement only-lo {
term one {
from interface lo0.5;
then accept;
}
term two {
to rib inet.3;
then reject;
}
term three {
to rib inet6.3;
then reject;
}
term four {
to rib inet6.0;
then accept;
}
term five {
to rib inet6.0;
then accept;
}
}
#routing options
interface-routes {
Re: [j-nsp] 6PE and BGP signaled lsps
On 2012-07-24 10:34, Tobias Heister wrote:
Am 24.07.2012 07:21, schrieb Antti Ristimäki:
On 2012-07-23 16:22, Tobias Heister wrote:
The document about scaling with labeled bgp [2] has a section about 6PE but it
does not help much. First of all the method explained to get interface routes
to inet6.3 does not work (at
least on 10.4R9 but I figured out the correct way myself) and then when I try
to follow the instructions and assign a ipv6 loopback manually and try to
advertise it via family inet6
labeled-unicast rib inet6.3 I get the following commit error: BGP: ribgroup inet6.3
is not defined for this address family and nlri
Have you tried to configure a named rib-group where you specify inet6.3 as an
import RIB?
If I understood you correctly you want me to do something like this:
show routing-options rib-groups 6PE
import-rib inet6.3;
show protocols bgp group XXX family inet6
labeled-unicast {
rib-group 6PE;
explicit-null;
}
Unfortunately this gives a similar error: BGP: ribgroup 6PE: inet6.3 not a valid
primary rib for this nlri.
Defining import-rib [inet6.0 inet6.3] would probably pass the commit
check, but that wouldn't probably help in this issue, where the
BGP-learned inet.3 routes are not converted into inet6.3. I thought that
ipv6-tunneling knob would magically convert inet.3 routes into inet6.3
routes but as you said earlier, it seems to do so only for LDP/RSVP
learned routes...
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 6PE and BGP signaled lsps
Am 24.07.2012 07:21, schrieb Antti Ristimäki:
On 2012-07-23 16:22, Tobias Heister wrote:
The document about scaling with labeled bgp [2] has a section about 6PE but
it does not help much. First of all the method explained to get interface
routes to inet6.3 does not work (at
least on 10.4R9 but I figured out the correct way myself) and then when I
try to follow the instructions and assign a ipv6 loopback manually and try
to advertise it via family inet6
labeled-unicast rib inet6.3 I get the following commit error: BGP: ribgroup
inet6.3 is not defined for this address family and nlri
Have you tried to configure a named rib-group where you specify inet6.3 as an
import RIB?
If I understood you correctly you want me to do something like this:
show routing-options rib-groups 6PE
import-rib inet6.3;
show protocols bgp group XXX family inet6
labeled-unicast {
rib-group 6PE;
explicit-null;
}
Unfortunately this gives a similar error: BGP: ribgroup 6PE: inet6.3 not a
valid primary rib for this nlri.
What is funny too is that the document about scaling with labeled bgp [1] does
not mention the explicit-null parameter in the family inet6- labeled-unicast.
But when removing it the router says: Missing mandatory statement:
'explicit-null' Also it states the parameter under labeled-unicast is rib and
not rib-group
I am starting to believe that this guide is for different JunOS Version where
they have changed the syntax and behaviour.
[1] http://www.juniper.net/us/en/local/pdf/design-guides/8020013-en.pdf
regards
Tobias
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 6PE and BGP signaled lsps
Is there any reason why you are not running LDP-tunneling to/from R4/R8 and R10? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 6PE and BGP signaled lsps
Am 23.07.2012 16:14, schrieb Per Granath: Is there any reason why you are not running LDP-tunneling to/from R4/R8 and R10? This woule be a viable solution, but as mentioned per definition it is not allowed (or for a better term wanted) in this scenario to extend ldp beyond 4, 8 and 5 (not even via rsvp tunneling) routers 9, 3 and 10 are not allowed to run ldp on any interface. In a real world network i would probably consider ldp tunneling but this is more a can it be done this way scenario. regards Tobias ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 6PE and BGP signaled lsps
Am 23.07.2012 16:14, schrieb Per Granath: Is there any reason why you are not running LDP-tunneling to/from R4/R8 and R10? This woule be a viable solution, but as mentioned per definition it is not allowed (or for a better term wanted) in this scenario to extend ldp beyond 4, 8 and 5 (not even via rsvp tunneling) routers 9, 3 and 10 are not allowed to run ldp on any interface. In a real world network i would probably consider ldp tunneling but this is more a can it be done this way scenario. R10 would need to run LDP only on lo0 ... ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 6PE and BGP signaled lsps
Am 23.07.2012 16:28, schrieb Per Granath: Am 23.07.2012 16:14, schrieb Per Granath: Is there any reason why you are not running LDP-tunneling to/from R4/R8 and R10? This woule be a viable solution, but as mentioned per definition it is not allowed (or for a better term wanted) in this scenario to extend ldp beyond 4, 8 and 5 (not even via rsvp tunneling) routers 9, 3 and 10 are not allowed to run ldp on any interface. In a real world network i would probably consider ldp tunneling but this is more a can it be done this way scenario. R10 would need to run LDP only on lo0 ... I know, but in this scenario any interface means any interface including lo0 :) or just to put it another way: no ldp process on router 10 regards Tobias ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] 6PE and BGP signaled lsps
On 2012-07-23 16:22, Tobias Heister wrote: The document about scaling with labeled bgp [2] has a section about 6PE but it does not help much. First of all the method explained to get interface routes to inet6.3 does not work (at least on 10.4R9 but I figured out the correct way myself) and then when I try to follow the instructions and assign a ipv6 loopback manually and try to advertise it via family inet6 labeled-unicast rib inet6.3 I get the following commit error: BGP: ribgroup inet6.3 is not defined for this address family and nlri Have you tried to configure a named rib-group where you specify inet6.3 as an import RIB? AR ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
