[j-nsp] Carrier of Carrier VPNs
Georgi Yalamov
georgi.yalamov at btc-net.bg
Wed Jun 20 12:31:07 EDT 2007
Problem was solved.
If it is interesting for someone, there was firewall filter applied on
Lo interface in master routing instance. It permit only definite
neighbours for LDP session.
#show firewall family inet filter Permit-To-RE
term Permited-LDP-Neighbor {
from {
source-prefix-list {
LDP-Neighbor;
LDP-Neighbor-L2-Circ;
}
protocol tcp;
destination-port ldp;
}
then accept;
term Deny-LDP
from {
protocol tcp;
destination-port ldp;
}
then {
count Deny-LDP-Packets;
log;
syslog;
discard;
}
The strange was that there is also another customer configured for CsC
with LDP and it is working perfect from months with this filter. The
reason was that customers IP addresses are lower than mine and in fact
junipers initiate connection to port 646 but deny incoming to LDP port.
:-)
Cheers,
George
>
>
>
> Date: Mon, 18 Jun 2007 22:26:26 +0300
> From: Georgi Yalamov <georgi.yalamov at btc-net.bg>
> Subject: [j-nsp] Carrier of Carrier VPNs
> To: juniper-nsp at puck.nether.net
> Message-ID: <4676DC62.4010402 at btc-net.bg>
> Content-Type: text/plain; charset=windows-1251; format=flowed
>
>
>
>
> Dear fellows,
>
> If anybody can help me or can give me an advice I'll be very grateful.
>
> I had strange problem with Carrier of Carrier VPN using Juniper M320
> provider core with junos 8.1R1.5 and Cisco Catalyst 6506 Sup720+ OSM.
> I'm using LDP and OSPF between CE-PE and PE and the only problem is that
> LDP between cisco and juniper is down. Here is a small scheme:
>
> CE-PE -------------------P-PE-------MPLS
> cloud---------P-PE---------------CE-PE
> MSR11 65-R
> 72-P MSR20
> Cisco M320
> M320 Cisco
>
>
> The unnormal here is that i try this with several ciscos as CE-PE like
> 28xx, 3800 with all kind of configurations for LDP, targeted neighbors
> and etc but the result was the same - no ldp between CE-PE and P-PE.
>
> I'll done all this with another P-PE devices - routers in LAB with
> the same hardware, same protocol protocols and instances
> configurations and it is working. Also it is working when replace
> connection between ciscos with direct VLAN.
>
> I'm sure that the problem is not in MTU and LDP timers but...
>
> Here is some logs if they are interesting for someone.
>
> g_yalamov at Sofia65-R-Edge> show configuration interfaces ge-1/1/0.3656
> vlan-id 3656;
> family inet {
> address 110.0.0.1/29;
> }
> family mpls;
>
> g_yalamov at Sofia65-R-Edge> show configuration routing-instances viva-csc
> instance-type vrf;
> interface ge-1/1/0.3656;
> route-distinguisher 212.39.94.49:7771;
> vrf-import viva-imp;
> vrf-export viva-exp;
> vrf-table-label;
> routing-options {
> auto-export;
> }
> protocols {
> ospf {
> export viva-imp;
> area 0.0.0.0 {
> interface ge-1/1/0.3656;
> }
> }
> ldp {
> egress-policy viva-imp;
> interface ge-1/1/0.3656;
> }
> }
>
> g_yalamov at Sofia65-R-Edge> show configuration policy-options
> policy-statement viva-imp
> term a {
> from {
> protocol bgp;
> community vivatel;
> }
> then {
> metric add 100;
> accept;
> }
> }
> term b {
> then reject;
> }
>
> Remote Interface has this config :
>
> g_yalamov at Sofia72-P-Edge> show configuration interfaces ge-1/1/0.3655
> vlan-id 3655;
> family inet {
> address 110.0.0.17/29;
> }
> family mpls;
>
>
>
> g_yalamov at Sofia65-R-Edge> show configuration policy-options
> policy-statement viva-exp
> term a {
> from protocol [ direct ldp ospf ];
> then {
> community add viva;
> accept;
> }
> }
> term b {
> then reject;
> }
>
> g_yalamov at Sofia65-R-Edge> show configuration policy-options community
> viva
> members target:8866:7771;
>
> g_yalamov at Sofia65-R-Edge> show route table viva-csc-tst.mpls.0 detail
>
> viva-csc-tst.mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0
> hidden)
> 214608 (1 entry, 1 announced)
> *LDP Preference: 9
> Next-hop reference count: 2
> Next hop: via so-0/0/0.0 weight 0x1
> Label operation: Swap 16, Push 438704(top)
> Next hop: via so-0/1/0.0 weight 0x1, selected
> Label operation: Swap 16, Push 352929(top)
> Next hop: via so-0/1/0.0 weight 0x4001
> Label operation: Swap 16, Push 438704, Push 329313(top)
> Next hop: via so-0/0/0.0 weight 0x4001
> Label operation: Swap 16, Push 352929, Push 435184(top)
> Protocol next hop: 212.39.94.114
> Swap 16
> Indirect next hop: 186e5ccc 1049723
> State: <Active Int>
> Age: 5:10:46 Metric: 1 Metric2: 320
> Task: viva-csc-tst-LDP
> Announcement bits (1): 0-KRT
> AS path: I
> Prefixes bound to route: 110.0.0.16/29
> Communities: target:8866:7771
>
>
> 214832 (1 entry, 1 announced)
> *LDP Preference: 9
> Next-hop reference count: 2
> Next hop: via so-0/0/0.0 weight 0x1, selected
> Label operation: Swap 16, Push 438704(top)
> Next hop: via so-0/1/0.0 weight 0x1
> Label operation: Swap 16, Push 352929(top)
> Next hop: via so-0/1/0.0 weight 0x4001
> Label operation: Swap 16, Push 438704, Push 329313(top)
> Next hop: via so-0/0/0.0 weight 0x4001
> Label operation: Swap 16, Push 352929, Push 435184(top)
> Protocol next hop: 212.39.94.114
> Swap 16
> Indirect next hop: 1131d270 1049304
> State: <Active Int>
> Age: 35:26 Metric: 1 Metric2: 320
> Task: viva-csc-tst-LDP
> Announcement bits (1): 0-KRT
> AS path: I
> Prefixes bound to route: 113.0.0.20/32
> Communities: target:8866:7771 rte-type:0.0.0.0:1:0
>
> Here I just only see 2 labels for customer Lo1 and p-top interface
> coming from remote Provider PE
> And there is no LDP adjacency !!!
>
> g_yalamov at Sofia65-R-Edge> show ldp neighbor instance viva-csc
> Address Interface Label space ID Hold time
> 110.0.0.2 ge-1/1/0.3656 113.0.0.11:0 14
>
> g_yalamov at Sofia65-R-Edge> show ldp session instance viva-csc-tst
> Address State Connection Hold time
> 113.0.0.11 Nonexistent Closed 0
>
> g_yalamov at Sofia65-R-Edge> show ldp session instance viva-csc-tst detail
> Address: 113.0.0.11, State: Nonexistent, Connection: Closed, Hold time: 0
> Session ID: 110.0.0.1:0--113.0.0.11:0
> Passive, Maximum PDU: 4096, Hold time: 30, Neighbor count: 1
> Keepalive interval: 10, Connect retry interval: 240
> Last down 00:00:12 ago; Reason: received notification from peer
> Local - Restart: disabled, Helper mode: enabled
> Remote - Restart: disabled, Helper mode: disabled
> Local maximum recovery time: 240000 msec
>
> Configs from cisco side are not special just this:
>
> MSR11#sh run | inc mpls|tdp
> mpls label protocol ldp
> tag-switching tdp holdtime 30
> tag-switching tdp discovery directed-hello holdtime 15
> MSR11#sh run int lo1
> interface Loopback1
> ip address 113.0.0.11 255.255.255.255
> end
>
>
> MSR11#sh run int ge1/1.3656
> interface GE-WAN1/1.3656
> encapsulation dot1Q 3656
> ip address 110.0.0.2 255.255.255.248
> ip ospf mtu-ignore
> mpls label protocol ldp
> tag-switching ip
> mls qos trust dscp
> end
> MSR11#sh run | be r o
> router ospf 1
> router-id 212.39.94.211
> log-adjacency-changes
> network 110.0.0.0 0.0.0.255 area 0
> network 113.0.0.0 0.0.0.255 area 0
>
> MSR11#sh mpl ld neighbor detail
> Peer LDP Ident: 113.0.0.20:0; Local LDP Ident 113.0.0.11:0
> TCP connection: 113.0.0.20.11659 - 113.0.0.11.646
> State: Oper; Msgs sent/rcvd: 475/470; Downstream; Last TIB rev
> sent 328
> Up time: 01:02:49; UID: 17; Peer Id 0;
> LDP discovery sources:
> Targeted Hello 113.0.0.11 -> 113.0.0.20, active, passive;
> holdtime: infinite, hello interval: 1666 ms
> Addresses bound to peer LDP Ident:
> 10.14.14.20 10.0.5.3 10.2.100.1 192.168.5.2
> 150.150.150.5 192.168.7.2 192.168.9.1 172.16.223.1
> 3.3.3.1 1.1.1.6 30.30.30.2 110.0.0.18
> 113.0.0.20
> Peer holdtime: 30000 ms; KA interval: 10000 ms; Peer state: estab
> Clients: Dir Adj Client
> MSR11#sh mpl ld dis
> Local LDP Identifier:
> 113.0.0.11:0
> Discovery Sources:
> Interfaces:
> GE-WAN1/1.3656 (ldp): xmit/recv
> LDP Id: 110.0.0.1:0
> Targeted Hellos:
> 113.0.0.11 -> 113.0.0.20 (ldp): active/passive, xmit/recv
> LDP Id: 113.0.0.20:0
>
>
>
>
> 05:30:41: ldp: ldp Hello from 110.0.0.1 (110.0.0.1:0) to 224.0.0.2,
> opt 0xC
> 05:30:41: ldp: local idb = GE-WAN1/1.3656, holdtime = 15000, peer
> 110.0.0.1 holdtime = 15000
> 05:30:41: ldp: Link intvl min cnt = 2, intvl = 5000, idb = GE-WAN1/1.3656
> 05:30:41: ldp: Send ldp dir hello; no idb, src/dst
> 113.0.0.11/113.0.0.20, inst_id 0
> 05:30:41: ldp: Rcvd ldp dir hello to 113.0.0.11 from 113.0.0.20
> (113.0.0.20:0); GE-WAN1/1.3656; opt 0xF
> 05:30:43: ldp: Send ldp dir hello; no idb, src/dst
> 113.0.0.11/113.0.0.20, inst_id 0
> 05:30:43: ldp: Rcvd ldp dir hello to 113.0.0.11 from 113.0.0.20
> (113.0.0.20:0); GE-WAN1/1.3656; opt 0xF
> 05:30:44: ldp: Send ldp dir hello; no idb, src/dst
> 113.0.0.11/113.0.0.20, inst_id 0
> 05:30:45: ldp: Rcvd ldp dir hello to 113.0.0.11 from 113.0.0.20
> (113.0.0.20:0); GE-WAN1/1.3656; opt 0xF
> 05:30:45: ldp: Rcvd ldp hello; GE-WAN1/1.3656, from 110.0.0.1
> (110.0.0.1:0), intf_id 0, opt 0xC
> 05:30:45: ldp: ldp Hello from 110.0.0.1 (110.0.0.1:0) to 224.0.0.2,
> opt 0xC
> 05:30:45: ldp: local idb = GE-WAN1/1.3656, holdtime = 15000, peer
> 110.0.0.1 holdtime = 15000
> 05:30:45: ldp: Link intvl min cnt = 2, intvl = 5000, idb = GE-WAN1/1.3656
> 05:30:45: ldp: Send ldp hello; GE-WAN1/1.3656, src/dst
> 110.0.0.2/224.0.0.2, inst_id 0
> 05:30:46: ldp: Send ldp dir hello; no idb, src/dst
> 113.0.0.11/113.0.0.20, inst_id 0
> 05:30:46: ldp: Rcvd ldp dir hello to 113.0.0.11 from 113.0.0.20
> (113.0.0.20:0); GE-WAN1/1.3656; opt 0xF
> 05:30:47: ldp: Discovery hold timer expired for adj 0x5055F4B0,
> 110.0.0.1:0, will close conn
> 05:30:47: ldp: Discovery hold timer expired for adj 0x5055F4B0;
> 110.0.0.1:0
> 05:30:47: ldp: adj_addr/adj_xport_addr: 110.0.0.1/110.0.0.1
> 05:30:47: ldp: Sent notif msg to 110.0.0.1 (pp 0x0)
> 05:30:47: ldp: Sent notif msg to 110.0.0.1 (pp 0x0)
> 05:30:47: ldp: LDP ptcl SM; close xport request for adj 0x0
> 05:30:47: ldp: Close LDP transport conn for adj 0x5055F4B0
> 05:30:47: ldp: Closing ldp conn 113.0.0.11:11842 <-> 110.0.0.1:646, adj
> 0x5055F4B0
> 05:30:47: ldp: Adj 0x5055F4B0; state set to closed
>
>
>
> --
>
> George Yalamov
> Bulgarian Telecommunications Company AD
> R&D Core/Metro Technologies
>
> tel: 359 2 949 6844
>
More information about the juniper-nsp
mailing list