[j-nsp] Problem of Forwarding on VPN using vrf-table-label.

Cristian Frizziero cristian.frizziero at iquall.net
Fri Oct 15 13:12:31 EDT 2010 

  Ok Nilesh,

Thank you very much, I had a wrong concept in my head.

I think that David is working with a lab where he has 2 VPNs in PE1, and 
there will be a second PE with VPN-A and VPN-B too.

The issue he is seeing is between the CEs of VPN-A connected to PE1 and PE2.

David, can you confirm this to me?

Thanks

logo impre
Ing. Cristian Frizziero
Padilla 448 -- Buenos Aires
Tel +54.11.5291.9150 (Ext.517)
Cel +54.9.11.6249.1303
cristian.frizziero at iquall.net <mailto:cristian.frizziero at iquall.net>
www.iquall.net <http://www.iquall.net>


El 15/10/2010 13:55, Nilesh Khambal escribió:
> Hi Cristian,
>
> JUNOS does not send label per prefix. It is always one label per vrf.
> vrf-table-label enables special handling for the packets destined to the vrf
> w/ vrf-table-label enabled in the egress PE on its core facing PFEs (PE->P
> link). It avoids the double lookups needed for multi-access segments such as
> Ethernet between PE and CE (one for the VPN label and the second one for ARP
> as you mentioned). It also sends a unique label range to enable this special
> handling.
>
> David: I don't understand. Why both VPN-A and VPN-B are part of same
> logical-system?
>
>>> set logical-systems PE1 routing-instances VPN-A instance-type vrf
>>> set logical-systems PE1 routing-instances VPN-B instance-type vrf
> If you are planning to simulate the two different PE routers, don't you
> think these 2 vrfs should be part of 2 different logical systems?
>
> Thanks,
> Nilesh.
>
> On 10/15/10 5:36 AM, "Cristian Frizziero"<cristian.frizziero at iquall.net>
> wrote:
>
>>    Hy David!!!
>>
>> I understand that the statement vpn-table-label allow PE to announce a
>> different label for every VPN route of a VRF. In this way, in the
>> forwarding plane we can avoid a lookup, which is very useful in the case
>> of multipoint interfaces, such as ETH. The point is that multipoint
>> interfaces normally need a specific lookup for ARP resolution, and only
>> we can perform 3 lookups on the PE.
>>
>> With vpn-table-label, 3 lookups will be enough to reach the final
>> destination.
>>
>> I hope this will help.
>>
>> logo impre
>> Ing. Cristian Frizziero
>> Padilla 448 -- Buenos Aires
>> Tel +54.11.5291.9150 (Ext.517)
>> Cel +54.9.11.6249.1303
>> cristian.frizziero at iquall.net<mailto:cristian.frizziero at iquall.net>
>> www.iquall.net<http://www.iquall.net>
>>
>>
>> El 14/10/2010 21:43, David Lockuan escribió:
>>> Hi guys,
>>>
>>> I have been doing a lab with a MX960 with release 10.0R3.10, I set a
>>> topology with logical-systems, in theory all it is working because I can see
>>> the routes of VRF into table bgp.l3vpn.0 but the forwarding between the CE
>>> is not working. This is the configuration of the routing-instance of PE:
>>>
>>>
> *****************************************************************************>>
> *
>>> set logical-systems PE1 routing-instances VPN-A instance-type vrf
>>> set logical-systems PE1 routing-instances VPN-A interface ge-3/0/0.2400
>>> set logical-systems PE1 routing-instances VPN-A route-distinguisher 100:10
>>> set logical-systems PE1 routing-instances VPN-A vrf-import VPN-A-import
>>> set logical-systems PE1 routing-instances VPN-A vrf-export VPN-A-export
>>> set logical-systems PE1 routing-instances VPN-A vrf-table-label
>>> set logical-systems PE1 routing-instances VPN-A vrf-target target:100:10
>>> set logical-systems PE1 routing-instances VPN-A routing-options static route
>>> 172.20.0.0/24 next-hop 10.10.5.2
>>> set logical-systems PE1 routing-instances VPN-B instance-type vrf
>>> set logical-systems PE1 routing-instances VPN-B interface ge-3/0/0.2402
>>> set logical-systems PE1 routing-instances VPN-B route-distinguisher 100:20
>>> set logical-systems PE1 routing-instances VPN-B vrf-import VPN-B-import
>>> set logical-systems PE1 routing-instances VPN-B vrf-export VPN-B-export
>>> set logical-systems PE1 routing-instances VPN-A vrf-table-label
>>> set logical-systems PE1 routing-instances VPN-B vrf-target target:100:20
>>> set logical-systems PE1 routing-instances VPN-B routing-options static route
>>> 192.168.0.0/24 next-hop 10.10.5.6
>>>
> *****************************************************************************>>
> *
>>> But when I unset the command of vrf-table-label, the forwarding between
>>> CE's, it works correctly.
>>>
>>> Someone know when it is necessary to used the command "vrf-table-label"? The
>>> only diferent that I found it was in the VPN label. When the command
>>> "vrf-table-label" is set, the vpn label is 16 or in the range of 16 - 1023.
>>> And when the command is not set, the vpn label is 300000 or in the range of
>>> 100000 - 1048075.
>>>
>>> Thanks in advance,
>>>
>>> Best regards,
>>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list