[j-nsp] L2 VPNs configuration

Eugeniu Patrascu eugeniu.patrascu at gmail.com
Fri Nov 9 06:04:43 EST 2007 

Hi,

I'm the process of learning MPLS and so far I figured out how L3 VPNs 
work, but I got stuck on L2 VPNs.
I have a lab that consists of 2 CE devices (in form of netscreen SSGs) 
and 4 routers (2 of them as PE and two of them as P).
the diagram is pretty stright forward:

ce-1 --- pe-1 --- m7i-1 --- m7i-2 --- pe-2 --- ce-2

PE routers are J4350 running JunOS 8.4R1.13 and the P routers are M7i 
running JunOS 8.4R2.3.
The CE are SSG20 and SSG5 both running ScreenOS 6 and their policy is to 
allow anything.

The IGP for the MPLS core is IS-IS and it's working OK for L3.

On each of the PE routers I defined the following:

On PE-1:

root at pe-1> show configuration routing-instances VPN-B
instance-type l2vpn;
interface ge-0/0/1.0;
route-distinguisher 65102:100;
vrf-target target:65102:100;
protocols {
    l2vpn {
        encapsulation-type ethernet;
        site to-pe2 {
            site-identifier 1;
            interface ge-0/0/1.0;
        }
    }
}

root at pe-1> show configuration interfaces ge-0/0/1            
encapsulation ethernet-ccc;
unit 0 {
    family ccc;
}

root at pe-1> show configuration protocols bgp
group internal {
    type internal;
    local-address 172.16.201.1;
    family inet-vpn {
        unicast;
    }
    family l2vpn {
        signaling;
    }
    local-as 65102;
    neighbor 172.21.202.2;
}

and for PE-2:

root at pe-2> show configuration routing-instances VPN-B
instance-type l2vpn;
interface ge-0/0/1.0;
route-distinguisher 65102:100;
vrf-target target:65102:100;
protocols {
    l2vpn {
        encapsulation-type ethernet;
        site to-pe1 {
            site-identifier 2;
            interface ge-0/0/1.0;
        }
    }
}

root at pe-2> show configuration interfaces ge-0/0/1 
encapsulation ethernet-ccc;
unit 0 {
    family ccc;
}

root at pe-2> show configuration protocols bgp
group internal {
    type internal;
    local-address 172.21.202.2;
    family inet-vpn {
        unicast;
    }
    family l2vpn {
        signaling;
    }
    local-as 65102;
    neighbor 172.16.201.1;
}

If I do a show l2vpn connections, it says that they are Up, as in the 
following output:

Instance: VPN-B
Local site: to-pe2 (1)
    connection-site           Type  St     Time last up          # Up trans
    2                         rmt   Up     Nov  9 00:28:51 2007           1
      Local interface: ge-0/0/1.0, Status: Up, Encapsulation: ETHERNET
      Remote PE: 172.21.202.2, Negotiated control-word: Yes (Null)
      Incoming label: 800007, Outgoing label: 800006


On ce-1 I set the IP address of 192.168.20.1/24 and on ce-2 I set the IP 
address of 192.168.20.2/24.

As you might have guessed it, I cannot ping 192.168.20.2 from 192.168.20.1.

The question is: what am I doing wrong here ?

Thank you,

Eugeniu Patrascu

More information about the juniper-nsp mailing list