[j-nsp] L3 VPN on 5.6
Daniel
telecom at servidor.unam.mx
Fri Mar 14 14:50:16 EST 2003
On Fri, 14 Mar 2003, Harry Reynolds wrote:
pings from PE to local-CE work... and I tried with the source address..
still didnt work.... I guess this PR is also present in
5.6.. I think last time i tried this was with 5.1 I think..
ps Is there a point to open a JTAC case? I think this is obviously a
bug... thanks anyways
PE1> ping routing-instance VRF1 10.10.15.1
PING 10.10.15.1 (10.10.15.1): 56 data bytes
64 bytes from 10.10.15.1: icmp_seq=0 ttl=255 time=0.596 ms
64 bytes from 10.10.15.1: icmp_seq=1 ttl=255 time=0.338 ms
^C
--- 10.10.15.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.338/0.467/0.596/0.129 ms
PE1> ping routing-instance VRF1 10.10.16.1 source 10.10.15.1
PING 10.10.16.1 (10.10.16.1): 56 data bytes
^C
--- 10.10.16.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
> May be PR 26381, but this was filed against 5.3. Can you try using
> the source switch to ensure that ping is using an address from VRF
> and not lo0 address? Also, what about PE-local CE pings?
>
>
>
> > -----Original Message-----
> > From: juniper-nsp-bounces at puck.nether.net
> > [mailto:juniper-nsp-bounces at puck.nether.net]On Behalf Of Daniel
> > Sent: Friday, March 14, 2003 11:25 AM
> > To: Josef Buchsteiner
> > Cc: juniper-nsp at puck.nether.net
> > Subject: Re: [j-nsp] L3 VPN on 5.6
> >
> >
> > On Fri, 14 Mar 2003, Daniel wrote:
> > Josef, If you were talking about a static route.. i tried
> > that too.. and
> > it didnt work.. and I dont remember needing it before..
> > anyways here are the results.. I even tried with
> > ge-2/3/0.0.. and it didnt
> > work.. i guess you just can't ping the local CE interface
> > on JunOS anymore...Thanks
> >
> > PE1>VRF1 {
> > instance-type vrf;
> > interface ge-0/0/0.0;
> > route-distinguisher 1:1;
> > vrf-import VRFIMP1;
> > vrf-export VRFEXP1;
> > routing-options {
> > static {
> > route 10.10.15.2/32 next-hop 10.10.15.2;
> > }
> > policy-statement VRFEXP1 {
> > term a {
> > from protocol direct;
> > then {
> > community add COMM1;
> > accept;
> > }
> > }
> > term b {
> > from {
> > protocol static;
> > route-filter 10.10.15.2/32 exact;
> > }
> > then {
> > community add COMM1;
> > accept;
> > }
> > }
> > term d {
> > then reject;
> > }
> > }
> >
> >
> > PE2> show route table VRF1
> >
> > VRF1.inet.0: 4 destinations, 4 routes (4 active, 0
> > holddown, 0 hidden)
> > + = Active Route, - = Last Active, * = Both
> >
> > 10.10.15.0/24 *[BGP/170] 00:01:09, localpref 100,
> > from 10.10.104.3
> > AS path: I
> > > via so-2/2/0.0, Push 100003, Push 100001(top)
> > 10.10.15.2/32 *[BGP/170] 00:01:09, localpref 100,
> > from 10.10.104.3
> > AS path: I
> > > via so-2/2/0.0, Push 100003, Push 100001(top)
> > 10.10.16.0/24 *[Direct/0] 18:41:11
> > > via ge-2/3/0.0
> > 10.10.16.1/32 *[Local/0] 18:41:12
> > Local via ge-2/3/0.0
> >
> > PE2> ping routing-instance VRF1 10.10.15.2
> > PING 10.10.15.2 (10.10.15.2): 56 data bytes
> > ^C
> > --- 10.10.15.2 ping statistics ---
> > 3 packets transmitted, 0 packets received, 100% packet loss
> >
> > PE2> ping routing-instance VRF1 interface ge-2/3/0.0 10.10.15.2
> > PING 10.10.15.2 (10.10.15.2): 56 data bytes
> > ^C
> > --- 10.10.15.2 ping statistics ---
> > 2 packets transmitted, 0 packets received, 100% packet loss
> >
> >
> >
> >
> > > On Fri, 14 Mar 2003, Josef Buchsteiner wrote:
> > >
> > > Hi Josef, Thanks but i went over that document and i
> > still can't fix this
> > > issue. I used the local and vpn-interface with the ping and
> > > still nothing (im not sure that this is supported on the
> > 5.6 they are not
> > > on the help cli) and like i said it's just a directly connected
> > > CE so im not supposed to see this routes on bgp.l3 table
> > right? just on
> > > the VRF1 table..
> > > So maybe you can't ping the directly conected interface
> > on a VRF anymore?
> > > thanks
> > >
> > > PE1> show route table bgp.l3
> > >
> > > bgp.l3vpn.0: 1 destinations, 1 routes (1 active, 0
> > holddown, 0 hidden)
> > > + = Active Route, - = Last Active, * = Both
> > >
> > > 1:1:10.10.16.0/24
> > > *[BGP/170] 17:49:37, localpref 100,
> > from 10.10.104.4
> > > AS path: I
> > > > to 10.10.105.17 via ge-0/1/0.0, Push 100000
> > >
> > > PE1> show route table VRF1
> > >
> > > VRF1.inet.0: 3 destinations, 3 routes (3 active, 0
> > holddown, 0 hidden)
> > > + = Active Route, - = Last Active, * = Both
> > >
> > > 10.10.15.0/24 *[Direct/0] 17:54:54
> > > > via ge-0/0/0.0
> > > 10.10.15.1/32 *[Local/0] 17:54:54
> > > Local via ge-0/0/0.0
> > > 10.10.16.0/24 *[BGP/170] 17:49:44, localpref 100,
> > from 10.10.104.4
> > > AS path: I
> > > > to 10.10.105.17 via ge-0/1/0.0, Push 100000
> > >
> > > These are the pingss outputs
> > >
> > >
> > > PE1>ping 10.10.16.1 vpn-interface ge-0/0/0 local
> > 10.10.15.1 count 3
> > > PING 10.10.16.1 (10.10.16.1): 56 data bytes
> > >
> > > --- 10.10.16.1 ping statistics ---
> > > 3 packets transmitted, 0 packets received, 100% packet loss
> > >
> > >
> > > PE1>ping routing-instance VRF1 10.10.16.1 local
> > 10.10.15.1 count 3
> > > PING 10.10.16.1 (10.10.16.1): 56 data bytes
> > >
> > > --- 10.10.16.1 ping statistics ---
> > > 3 packets transmitted, 0 packets received, 100% packet loss
> > >
> > > > At 02:43 AM 3/14/2003, Daniel wrote:
> > > >
> > > > > Hi, I know that there are some changes on L3VPNs
> > between 5.6 and 5.5 but
> > > > >i thought it was only the part of not running mpls on
> > the pe-ce interface.
> > > >
> > > > you just don't need to configure family mpls on the
> > pe-ce interface anymore
> > > > as the software does it for you so this is still inherited.
> > > >
> > > > >I loaded my working config from 5.5 and I can see the
> > routes on the PE
> > > > >router but i can't ping it I'm using 5.6 rev2.
> > > >
> > > >
> > > > Please look at the troubleshooting guidance and see
> > what you need to
> > > > do if you want to ping multi-access address on the
> > PE-CE connection
> > > > and then all will work ;-)
> > > >
> > > >
> > http://www.juniper.net/techpubs/software/junos/junos56/swco
> > nfig56-vpns/html/vpnl3-trouble.html
> > > >
> > > > thanks
> > > > Josef
> > > >
> > > >
> > > >
> > > >
> > > > >PE1-P-PE2
> > > > >
> > > > >PE1> show route table VRF1
> > > > >
> > > > >VRF1.inet.0: 3 destinations, 3 routes (3 active, 0
> > holddown, 0 hidden)
> > > > >+ = Active Route, - = Last Active, * = Both
> > > > >
> > > > >10.10.15.0/24 *[Direct/0] 00:05:58
> > > > > > via ge-0/0/0.0
> > > > >10.10.15.1/32 *[Local/0] 00:05:58
> > > > > Local via ge-0/0/0.0
> > > > >10.10.16.0/24 *[BGP/170] 00:00:48, localpref
> > 100, from 10.10.104.4
> > > > > AS path: I
> > > > > > to 10.10.105.17 via
> > ge-0/1/0.0, Push 100000
> > > > >
> > > > >PE1> ping routing-instance VRF1 10.10.15.1
> > > > >PING 10.10.15.1 (10.10.15.1): 56 data bytes
> > > > >64 bytes from 10.10.15.1: icmp_seq=0 ttl=255 time=7.853 ms
> > > > >64 bytes from 10.10.15.1: icmp_seq=1 ttl=255 time=0.362 ms
> > > > >64 bytes from 10.10.15.1: icmp_seq=2 ttl=255 time=0.321 ms
> > > > >^C
> > > > >--- 10.10.15.1 ping statistics ---
> > > > >3 packets transmitted, 3 packets received, 0% packet loss
> > > > >round-trip min/avg/max/stddev = 0.321/2.845/7.853/3.541 ms
> > > > >
> > > > >daniel at m20-2> ping routing-instance VRF1 10.10.16.1
> > > > >PING 10.10.16.1 (10.10.16.1): 56 data bytes
> > > > >^C
> > > > >--- 10.10.16.1 ping statistics ---
> > > > >3 packets transmitted, 0 packets received, 100% packet loss
> > > > >
> > > > >
> > > > >
> > > > >configs are at the bottom
> > > > >
> > > > >PE1.---
> > > > >
> > > > >interfaces {
> > > > > ge-0/0/0 {
> > > > > unit 0 {
> > > > > family inet {
> > > > > address 10.10.15.1/24;
> > > > > }
> > > > > family iso;
> > > > > }
> > > > > }
> > > > > ge-0/1/0 {
> > > > > unit 0 {
> > > > > family inet {
> > > > > address 10.10.105.18/30;
> > > > > }
> > > > > family iso;
> > > > > family mpls;
> > > > > }
> > > > > }
> > > > > lo0 {
> > > > > unit 0 {
> > > > > family inet {
> > > > > address 10.10.104.3/32;
> > > > > }
> > > > >
> > > > >protocols {
> > > > > mpls {
> > > > > interface ge-0/1/0.0;
> > > > > }
> > > > > bgp {
> > > > > group MVPN {
> > > > > type internal;
> > > > > local-address 10.10.104.3;
> > > > > neighbor 10.10.104.4 {
> > > > > family inet-vpn {
> > > > > unicast;
> > > > > }
> > > > > }
> > > > > }
> > > > > }
> > > > > ospf {
> > > > > area 0.0.0.0 {
> > > > > interface ge-0/1/0.0;
> > > > > interface so-1/0/0.0;
> > > > > interface lo0.0;
> > > > > }
> > > > > }
> > > > > ldp {
> > > > > interface ge-0/1/0.0;
> > > > > interface lo0.0;
> > > > > }
> > > > >
> > > > >policy-options {
> > > > > policy-statement VRFIMP1 {
> > > > > term a {
> > > > > from {
> > > > > protocol bgp;
> > > > > community COMM1;
> > > > > }
> > > > > then accept;
> > > > > }
> > > > > term b {
> > > > > then reject;
> > > > > }
> > > > > }
> > > > > policy-statement VRFEXP1 {
> > > > > term a {
> > > > > from protocol direct;
> > > > > then {
> > > > > community add COMM1;
> > > > > accept;
> > > > > }
> > > > > }
> > > > > term b {
> > > > > then reject;
> > > > > }
> > > > > }
> > > > >community COMM1 members target:1:1;
> > > > >
> > > > >routing-instances {
> > > > > VRF1 {
> > > > > instance-type vrf;
> > > > > interface ge-0/0/0.0;
> > > > > route-distinguisher 1:1;
> > > > > vrf-import VRFIMP1;
> > > > > vrf-export VRFEXP1;
> > > > > }
> > > > >
> > > > >
> > > > >P
> > > > >
> > > > >interfaces {
> > > > > so-0/1/0
> > > > > unit 0 {
> > > > > family inet {
> > > > > address 10.10.105.42/30;
> > > > > }
> > > > > family mpls;
> > > > > }
> > > > > }
> > > > > ge-0/2/0 {
> > > > > unit 0 {
> > > > > family inet {
> > > > > address 10.10.105.17/30;
> > > > > }
> > > > > family mpls;
> > > > > }
> > > > > }
> > > > > lo0 {
> > > > > unit 0 {
> > > > > family inet {
> > > > > address 10.10.104.2/32;
> > > > > }
> > > > >protocols {
> > > > > mpls {
> > > > > interface so-0/1/0.0;
> > > > > interface ge-0/2/0.0;
> > > > > }
> > > > > ospf {
> > > > > area 0.0.0.0 {
> > > > > interface so-0/1/0.0;
> > > > > interface ge-0/2/0.0;
> > > > > interface lo0.0;
> > > > > }
> > > > > }
> > > > > ldp {
> > > > > interface so-0/1/0.0;
> > > > > interface ge-0/2/0.0;
> > > > > interface lo0.0;
> > > > > }
> > > > >}
> > > > >
> > > > >
> > > > >PE
> > > > >
> > > > >interfaces {
> > > > > so-2/2/0
> > > > > unit 0 {
> > > > > family inet {
> > > > > address 10.10.105.41/30;
> > > > > }
> > > > > family mpls;
> > > > > }
> > > > > }
> > > > > ge-2/3/0 {
> > > > > unit 0 {
> > > > > family inet {
> > > > > address 10.10.16.1/24;
> > > > > }
> > > > > lo0 {
> > > > > unit 0 {
> > > > > family inet {
> > > > > address 10.10.104.4/32;
> > > > > }
> > > > >protocols {
> > > > > mpls {
> > > > > interface so-2/2/0.0;
> > > > > }
> > > > > bgp {
> > > > > group MPVN {
> > > > > type internal;
> > > > > local-address 10.10.104.4;
> > > > > neighbor 10.10.104.3 {
> > > > > family inet-vpn {
> > > > > unicast;
> > > > > }
> > > > > }
> > > > > }
> > > > > }
> > > > > ospf {
> > > > > area 0.0.0.0 {
> > > > > interface so-1/2/0.0;
> > > > > interface so-2/2/0.0;
> > > > > interface lo0.0;
> > > > > }
> > > > > }
> > > > > ldp {
> > > > > interface so-2/2/0.0;
> > > > > interface lo0.0;
> > > > > }
> > > > >policy-options {
> > > > > policy-statement VRFIMP1 {
> > > > > term a {
> > > > > from {
> > > > > protocol bgp;
> > > > > community COMM1;
> > > > > }
> > > > > then accept;
> > > > > }
> > > > > term b {
> > > > > then reject;
> > > > > }
> > > > > }
> > > > > policy-statement VRFEXP1 {
> > > > > term a {
> > > > > from protocol [ direct local ];
> > > > > then {
> > > > > community add COMM1;
> > > > > accept;
> > > > > }
> > > > > }
> > > > > term b {
> > > > > then reject;
> > > > > }
> > > > > community COMM1 members target:1:1;
> > > > >
> > > > >routing-instances {
> > > > > VRF1 {
> > > > > instance-type vrf;
> > > > > interface ge-2/3/0.0;
> > > > > route-distinguisher 1:1;
> > > > > vrf-import VRFIMP1;
> > > > > vrf-export VRFEXP1;
> > > > > }
> > > > >
> > > > >
> > > > >
> > > > >_______________________________________________
> > > > >juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > > >http://puck.nether.net/mailman/listinfo/juniper-nsp
> > > >
> > > > _______________________________________________
> > > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > > http://puck.nether.net/mailman/listinfo/juniper-nsp
> > > >
> > >
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/juniper-nsp
> > >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list