[j-nsp] l3vpn help needed
Diogo Montagner
diogo.montagner at gmail.com
Fri Mar 11 07:26:17 EST 2011
Hi,
could you please share what is your hardware on the core facing interfaces ?
There are some restrictions when using vrf-table-label.
http://www.juniper.net/techpubs/en_US/junos10.4/topics/usage-guidelines/vpns-filtering-packets-in-layer-3-vpns-based-on-ip-headers.html
Thanks
./diogo -montagner
On Fri, Mar 11, 2011 at 7:45 PM, Vlad Ion <vlad.thoth at gmail.com> wrote:
> Hi,
>
> I'm trying to simplify as much as possible the config I have for a L3 vpn
> over mpls between 2 sites but it seems that I now have some issues: I can't
> ping interfaces from the other site even though I see the routes.... so any
> help would be greatly appretiated.
>
> *Topology:* (ge0/0/3.110 vpn-a 10.10.1.253) PE1 (ge-0/0/1) - (ge0/0/1) P
> (ge0/0/2) - (ge-0/0/1) PE2 (ge0/0/3.210 vpn-a 10.10.2.253)
> All the devices are J-series routers.
>
> PE1 config (PE2 conf is identical except for the vpn subinterface which
> changes from 3.110 to 3.210 and the vrrp interface IPs which are are from
> 10.10.2.0/24):
> set groups vrrp interfaces ge-0/0/3 unit 110 vlan-id 10
> set groups vrrp interfaces ge-0/0/3 unit 110 family inet address
> 10.10.1.253/24 vrrp-group 10 virtual-address 10.10.1.254
> set groups vrrp interfaces ge-0/0/3 unit 110 family inet address
> 10.10.1.253/24 vrrp-group 10 priority 104
> set groups vrrp interfaces ge-0/0/3 unit 110 family inet address
> 10.10.1.253/24 vrrp-group 10 accept-data
> set groups vrrp interfaces ge-0/0/3 unit 110 family inet address
> 10.10.1.253/24 vrrp-group 10 track interface ge-0/0/1 priority-cost 5
> set groups vrrp interfaces ge-0/0/3 unit 110 family inet address
> 10.10.1.253/24 vrrp-group 10 track interface ge-0/0/2 priority-cost 5
>
> set groups mpls-vpns interfaces ge-0/0/3 unit 110 family inet
> set groups mpls-vpns routing-options autonomous-system 65000
> set groups mpls-vpns protocols bgp group internal type internal
> set groups mpls-vpns protocols bgp group internal local-address 10.1.0.1
> set groups mpls-vpns protocols bgp group internal mtu-discovery
> set groups mpls-vpns protocols bgp group internal family inet unicast
> set groups mpls-vpns protocols bgp group internal family inet-vpn unicast
> set groups mpls-vpns protocols bgp group internal family inet-vpn any
> set groups mpls-vpns protocols bgp group internal neighbor 10.2.0.1
> set groups mpls-vpns policy-options policy-statement vpna-import term 1 from
> protocol bgp
> set groups mpls-vpns policy-options policy-statement vpna-import term 1 from
> community vpna-target
> set groups mpls-vpns policy-options policy-statement vpna-import term 1 then
> accept
> set groups mpls-vpns policy-options policy-statement vpna-import term 2 then
> reject
> set groups mpls-vpns policy-options policy-statement vpna-export term 1 from
> protocol ospf
> set groups mpls-vpns policy-options policy-statement vpna-export term 1 from
> protocol direct
> set groups mpls-vpns policy-options policy-statement vpna-export term 1 then
> community add vpna-target
> set groups mpls-vpns policy-options policy-statement vpna-export term 1 then
> accept
> set groups mpls-vpns policy-options policy-statement vpna-export term 2 then
> reject
> set groups mpls-vpns policy-options policy-statement bgp-to-ospf from
> protocol bgp
> set groups mpls-vpns policy-options policy-statement bgp-to-ospf then accept
> set groups mpls-vpns policy-options community vpna-target members
> target:65000:10
> set groups mpls-vpns policy-options community vpna-target members
> target:65000:20
> set groups mpls-vpns routing-instances vpn-a instance-type vrf
> set groups mpls-vpns routing-instances vpn-a interface ge-0/0/3.110
> set groups mpls-vpns routing-instances vpn-a route-distinguisher 65000:10
> set groups mpls-vpns routing-instances vpn-a vrf-import vpna-import
> set groups mpls-vpns routing-instances vpn-a vrf-export vpna-export
> set groups mpls-vpns routing-instances vpn-a vrf-table-label
> set groups mpls-vpns routing-instances vpn-a routing-options router-id
> 10.1.0.1
> set groups mpls-vpns routing-instances vpn-a protocols ospf export
> bgp-to-ospf
> set groups mpls-vpns routing-instances vpn-a protocols ospf area 0.0.0.0
> interface ge-0/0/3.110
>
> set interfaces lo0 unit 0 family inet address 10.1.0.1/32
>
>
> 1> show bgp summary
> Groups: 1 Peers: 3 Down peers: 2
> Table Tot Paths Act Paths Suppressed History Damp State
> Pending
> inet.0 0 0 0 0
> 0 0
> bgp.l3vpn.0 2 2 0 0
> 0 0
> bgp.l3vpn.2 0 0 0 0
> 0 0
> Peer AS InPkt OutPkt OutQ Flaps Last
> Up/Dwn State|#Active/Received/Accepted/Damped...
> 10.0.0.2 65000 726 726 0 0
> 5:26:43 Establ
> inet.0: 0/0/0/0
> bgp.l3vpn.0: 2/2/2/0
> bgp.l3vpn.2: 0/0/0/0
> vpn-a.inet.0: 2/2/2/0
>
>> show route table vpn-a.inet.0
>
> vpn-a.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
> + = Active Route, - = Last Active, * = Both
>
> 10.10.1.0/24 *[Direct/0] 05:29:15
> > via ge-0/0/3.110
> 10.10.1.253/32 *[Local/0] 05:29:18
> Local via ge-0/0/3.110
> 10.10.1.254/32 *[Local/0] 05:29:07
> Local via ge-0/0/3.110
> 10.10.2.0/24 *[BGP/170] 05:27:25, localpref 100, from 10.2.0.1
> AS path: I
> > to 172.16.150.1 via ge-0/0/1.0, Push 16, Push
> 299808(top)
> 224.0.0.5/32 *[OSPF/10] 05:29:43, metric 1
> MultiRecv
>
>> ping routing-instance vpn-a 10.10.2.254
> PING 10.10.2.254 (10.10.2.254): 56 data bytes
> ^C
> --- 10.10.2.254 ping statistics ---
> 6 packets transmitted, 0 packets received, 100% packet loss
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list