[j-nsp] L3 VPN on 5.6
Harry Reynolds
harry at juniper.net
Fri Mar 14 11:42:24 EST 2003
May be PR 26381, but this was filed against 5.3. Can you try using
the source switch to ensure that ping is using an address from VRF
and not lo0 address? Also, what about PE-local CE pings?
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net]On Behalf Of Daniel
> Sent: Friday, March 14, 2003 11:25 AM
> To: Josef Buchsteiner
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] L3 VPN on 5.6
>
>
> On Fri, 14 Mar 2003, Daniel wrote:
> Josef, If you were talking about a static route.. i tried
> that too.. and
> it didnt work.. and I dont remember needing it before..
> anyways here are the results.. I even tried with
> ge-2/3/0.0.. and it didnt
> work.. i guess you just can't ping the local CE interface
> on JunOS anymore...Thanks
>
> PE1>VRF1 {
> instance-type vrf;
> interface ge-0/0/0.0;
> route-distinguisher 1:1;
> vrf-import VRFIMP1;
> vrf-export VRFEXP1;
> routing-options {
> static {
> route 10.10.15.2/32 next-hop 10.10.15.2;
> }
> policy-statement VRFEXP1 {
> term a {
> from protocol direct;
> then {
> community add COMM1;
> accept;
> }
> }
> term b {
> from {
> protocol static;
> route-filter 10.10.15.2/32 exact;
> }
> then {
> community add COMM1;
> accept;
> }
> }
> term d {
> then reject;
> }
> }
>
>
> PE2> show route table VRF1
>
> VRF1.inet.0: 4 destinations, 4 routes (4 active, 0
> holddown, 0 hidden)
> + = Active Route, - = Last Active, * = Both
>
> 10.10.15.0/24 *[BGP/170] 00:01:09, localpref 100,
> from 10.10.104.3
> AS path: I
> > via so-2/2/0.0, Push 100003, Push 100001(top)
> 10.10.15.2/32 *[BGP/170] 00:01:09, localpref 100,
> from 10.10.104.3
> AS path: I
> > via so-2/2/0.0, Push 100003, Push 100001(top)
> 10.10.16.0/24 *[Direct/0] 18:41:11
> > via ge-2/3/0.0
> 10.10.16.1/32 *[Local/0] 18:41:12
> Local via ge-2/3/0.0
>
> PE2> ping routing-instance VRF1 10.10.15.2
> PING 10.10.15.2 (10.10.15.2): 56 data bytes
> ^C
> --- 10.10.15.2 ping statistics ---
> 3 packets transmitted, 0 packets received, 100% packet loss
>
> PE2> ping routing-instance VRF1 interface ge-2/3/0.0 10.10.15.2
> PING 10.10.15.2 (10.10.15.2): 56 data bytes
> ^C
> --- 10.10.15.2 ping statistics ---
> 2 packets transmitted, 0 packets received, 100% packet loss
>
>
>
>
> > On Fri, 14 Mar 2003, Josef Buchsteiner wrote:
> >
> > Hi Josef, Thanks but i went over that document and i
> still can't fix this
> > issue. I used the local and vpn-interface with the ping and
> > still nothing (im not sure that this is supported on the
> 5.6 they are not
> > on the help cli) and like i said it's just a directly connected
> > CE so im not supposed to see this routes on bgp.l3 table
> right? just on
> > the VRF1 table..
> > So maybe you can't ping the directly conected interface
> on a VRF anymore?
> > thanks
> >
> > PE1> show route table bgp.l3
> >
> > bgp.l3vpn.0: 1 destinations, 1 routes (1 active, 0
> holddown, 0 hidden)
> > + = Active Route, - = Last Active, * = Both
> >
> > 1:1:10.10.16.0/24
> > *[BGP/170] 17:49:37, localpref 100,
> from 10.10.104.4
> > AS path: I
> > > to 10.10.105.17 via ge-0/1/0.0, Push 100000
> >
> > PE1> show route table VRF1
> >
> > VRF1.inet.0: 3 destinations, 3 routes (3 active, 0
> holddown, 0 hidden)
> > + = Active Route, - = Last Active, * = Both
> >
> > 10.10.15.0/24 *[Direct/0] 17:54:54
> > > via ge-0/0/0.0
> > 10.10.15.1/32 *[Local/0] 17:54:54
> > Local via ge-0/0/0.0
> > 10.10.16.0/24 *[BGP/170] 17:49:44, localpref 100,
> from 10.10.104.4
> > AS path: I
> > > to 10.10.105.17 via ge-0/1/0.0, Push 100000
> >
> > These are the pingss outputs
> >
> >
> > PE1>ping 10.10.16.1 vpn-interface ge-0/0/0 local
> 10.10.15.1 count 3
> > PING 10.10.16.1 (10.10.16.1): 56 data bytes
> >
> > --- 10.10.16.1 ping statistics ---
> > 3 packets transmitted, 0 packets received, 100% packet loss
> >
> >
> > PE1>ping routing-instance VRF1 10.10.16.1 local
> 10.10.15.1 count 3
> > PING 10.10.16.1 (10.10.16.1): 56 data bytes
> >
> > --- 10.10.16.1 ping statistics ---
> > 3 packets transmitted, 0 packets received, 100% packet loss
> >
> > > At 02:43 AM 3/14/2003, Daniel wrote:
> > >
> > > > Hi, I know that there are some changes on L3VPNs
> between 5.6 and 5.5 but
> > > >i thought it was only the part of not running mpls on
> the pe-ce interface.
> > >
> > > you just don't need to configure family mpls on the
> pe-ce interface anymore
> > > as the software does it for you so this is still inherited.
> > >
> > > >I loaded my working config from 5.5 and I can see the
> routes on the PE
> > > >router but i can't ping it I'm using 5.6 rev2.
> > >
> > >
> > > Please look at the troubleshooting guidance and see
> what you need to
> > > do if you want to ping multi-access address on the
> PE-CE connection
> > > and then all will work ;-)
> > >
> > >
> http://www.juniper.net/techpubs/software/junos/junos56/swco
> nfig56-vpns/html/vpnl3-trouble.html
> > >
> > > thanks
> > > Josef
> > >
> > >
> > >
> > >
> > > >PE1-P-PE2
> > > >
> > > >PE1> show route table VRF1
> > > >
> > > >VRF1.inet.0: 3 destinations, 3 routes (3 active, 0
> holddown, 0 hidden)
> > > >+ = Active Route, - = Last Active, * = Both
> > > >
> > > >10.10.15.0/24 *[Direct/0] 00:05:58
> > > > > via ge-0/0/0.0
> > > >10.10.15.1/32 *[Local/0] 00:05:58
> > > > Local via ge-0/0/0.0
> > > >10.10.16.0/24 *[BGP/170] 00:00:48, localpref
> 100, from 10.10.104.4
> > > > AS path: I
> > > > > to 10.10.105.17 via
> ge-0/1/0.0, Push 100000
> > > >
> > > >PE1> ping routing-instance VRF1 10.10.15.1
> > > >PING 10.10.15.1 (10.10.15.1): 56 data bytes
> > > >64 bytes from 10.10.15.1: icmp_seq=0 ttl=255 time=7.853 ms
> > > >64 bytes from 10.10.15.1: icmp_seq=1 ttl=255 time=0.362 ms
> > > >64 bytes from 10.10.15.1: icmp_seq=2 ttl=255 time=0.321 ms
> > > >^C
> > > >--- 10.10.15.1 ping statistics ---
> > > >3 packets transmitted, 3 packets received, 0% packet loss
> > > >round-trip min/avg/max/stddev = 0.321/2.845/7.853/3.541 ms
> > > >
> > > >daniel at m20-2> ping routing-instance VRF1 10.10.16.1
> > > >PING 10.10.16.1 (10.10.16.1): 56 data bytes
> > > >^C
> > > >--- 10.10.16.1 ping statistics ---
> > > >3 packets transmitted, 0 packets received, 100% packet loss
> > > >
> > > >
> > > >
> > > >configs are at the bottom
> > > >
> > > >PE1.---
> > > >
> > > >interfaces {
> > > > ge-0/0/0 {
> > > > unit 0 {
> > > > family inet {
> > > > address 10.10.15.1/24;
> > > > }
> > > > family iso;
> > > > }
> > > > }
> > > > ge-0/1/0 {
> > > > unit 0 {
> > > > family inet {
> > > > address 10.10.105.18/30;
> > > > }
> > > > family iso;
> > > > family mpls;
> > > > }
> > > > }
> > > > lo0 {
> > > > unit 0 {
> > > > family inet {
> > > > address 10.10.104.3/32;
> > > > }
> > > >
> > > >protocols {
> > > > mpls {
> > > > interface ge-0/1/0.0;
> > > > }
> > > > bgp {
> > > > group MVPN {
> > > > type internal;
> > > > local-address 10.10.104.3;
> > > > neighbor 10.10.104.4 {
> > > > family inet-vpn {
> > > > unicast;
> > > > }
> > > > }
> > > > }
> > > > }
> > > > ospf {
> > > > area 0.0.0.0 {
> > > > interface ge-0/1/0.0;
> > > > interface so-1/0/0.0;
> > > > interface lo0.0;
> > > > }
> > > > }
> > > > ldp {
> > > > interface ge-0/1/0.0;
> > > > interface lo0.0;
> > > > }
> > > >
> > > >policy-options {
> > > > policy-statement VRFIMP1 {
> > > > term a {
> > > > from {
> > > > protocol bgp;
> > > > community COMM1;
> > > > }
> > > > then accept;
> > > > }
> > > > term b {
> > > > then reject;
> > > > }
> > > > }
> > > > policy-statement VRFEXP1 {
> > > > term a {
> > > > from protocol direct;
> > > > then {
> > > > community add COMM1;
> > > > accept;
> > > > }
> > > > }
> > > > term b {
> > > > then reject;
> > > > }
> > > > }
> > > >community COMM1 members target:1:1;
> > > >
> > > >routing-instances {
> > > > VRF1 {
> > > > instance-type vrf;
> > > > interface ge-0/0/0.0;
> > > > route-distinguisher 1:1;
> > > > vrf-import VRFIMP1;
> > > > vrf-export VRFEXP1;
> > > > }
> > > >
> > > >
> > > >P
> > > >
> > > >interfaces {
> > > > so-0/1/0
> > > > unit 0 {
> > > > family inet {
> > > > address 10.10.105.42/30;
> > > > }
> > > > family mpls;
> > > > }
> > > > }
> > > > ge-0/2/0 {
> > > > unit 0 {
> > > > family inet {
> > > > address 10.10.105.17/30;
> > > > }
> > > > family mpls;
> > > > }
> > > > }
> > > > lo0 {
> > > > unit 0 {
> > > > family inet {
> > > > address 10.10.104.2/32;
> > > > }
> > > >protocols {
> > > > mpls {
> > > > interface so-0/1/0.0;
> > > > interface ge-0/2/0.0;
> > > > }
> > > > ospf {
> > > > area 0.0.0.0 {
> > > > interface so-0/1/0.0;
> > > > interface ge-0/2/0.0;
> > > > interface lo0.0;
> > > > }
> > > > }
> > > > ldp {
> > > > interface so-0/1/0.0;
> > > > interface ge-0/2/0.0;
> > > > interface lo0.0;
> > > > }
> > > >}
> > > >
> > > >
> > > >PE
> > > >
> > > >interfaces {
> > > > so-2/2/0
> > > > unit 0 {
> > > > family inet {
> > > > address 10.10.105.41/30;
> > > > }
> > > > family mpls;
> > > > }
> > > > }
> > > > ge-2/3/0 {
> > > > unit 0 {
> > > > family inet {
> > > > address 10.10.16.1/24;
> > > > }
> > > > lo0 {
> > > > unit 0 {
> > > > family inet {
> > > > address 10.10.104.4/32;
> > > > }
> > > >protocols {
> > > > mpls {
> > > > interface so-2/2/0.0;
> > > > }
> > > > bgp {
> > > > group MPVN {
> > > > type internal;
> > > > local-address 10.10.104.4;
> > > > neighbor 10.10.104.3 {
> > > > family inet-vpn {
> > > > unicast;
> > > > }
> > > > }
> > > > }
> > > > }
> > > > ospf {
> > > > area 0.0.0.0 {
> > > > interface so-1/2/0.0;
> > > > interface so-2/2/0.0;
> > > > interface lo0.0;
> > > > }
> > > > }
> > > > ldp {
> > > > interface so-2/2/0.0;
> > > > interface lo0.0;
> > > > }
> > > >policy-options {
> > > > policy-statement VRFIMP1 {
> > > > term a {
> > > > from {
> > > > protocol bgp;
> > > > community COMM1;
> > > > }
> > > > then accept;
> > > > }
> > > > term b {
> > > > then reject;
> > > > }
> > > > }
> > > > policy-statement VRFEXP1 {
> > > > term a {
> > > > from protocol [ direct local ];
> > > > then {
> > > > community add COMM1;
> > > > accept;
> > > > }
> > > > }
> > > > term b {
> > > > then reject;
> > > > }
> > > > community COMM1 members target:1:1;
> > > >
> > > >routing-instances {
> > > > VRF1 {
> > > > instance-type vrf;
> > > > interface ge-2/3/0.0;
> > > > route-distinguisher 1:1;
> > > > vrf-import VRFIMP1;
> > > > vrf-export VRFEXP1;
> > > > }
> > > >
> > > >
> > > >
> > > >_______________________________________________
> > > >juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > >http://puck.nether.net/mailman/listinfo/juniper-nsp
> > >
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/juniper-nsp
> > >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list