[j-nsp] l3vpn help needed

Fri Mar 11 07:35:00 EST 2011

Hi Diogo,

All 3 devices part of the mpls domain are J2320 routers that have only Gig
Eth interfaces.

BR,
Vlad

On Fri, Mar 11, 2011 at 2:26 PM, Diogo Montagner
<diogo.montagner at gmail.com>wrote:

> Hi,
>
> could you please share what is your hardware on the core facing interfaces
> ?
>
> There are some restrictions when using vrf-table-label.
>
>
> http://www.juniper.net/techpubs/en_US/junos10.4/topics/usage-guidelines/vpns-filtering-packets-in-layer-3-vpns-based-on-ip-headers.html
>
> Thanks
>
> ./diogo -montagner
>
>
>
> On Fri, Mar 11, 2011 at 7:45 PM, Vlad Ion <vlad.thoth at gmail.com> wrote:
> > Hi,
> >
> > I'm trying to simplify as much as possible the config I have for a L3 vpn
> > over mpls between 2 sites but it seems that I now have some issues: I
> can't
> > ping interfaces from the other site even though I see the routes.... so
> any
> > help would be greatly appretiated.
> >
> > *Topology:* (ge0/0/3.110 vpn-a 10.10.1.253) PE1 (ge-0/0/1) - (ge0/0/1) P
> > (ge0/0/2) - (ge-0/0/1) PE2 (ge0/0/3.210 vpn-a 10.10.2.253)
> > All the devices are J-series routers.
> >
> > PE1 config (PE2 conf is identical except for the vpn subinterface which
> > changes from 3.110 to 3.210 and the vrrp interface IPs which are are from
> > 10.10.2.0/24):
> > set groups vrrp interfaces ge-0/0/3 unit 110 vlan-id 10
> > set groups vrrp interfaces ge-0/0/3 unit 110 family inet address
> > 10.10.1.253/24 vrrp-group 10 virtual-address 10.10.1.254
> > set groups vrrp interfaces ge-0/0/3 unit 110 family inet address
> > 10.10.1.253/24 vrrp-group 10 priority 104
> > set groups vrrp interfaces ge-0/0/3 unit 110 family inet address
> > 10.10.1.253/24 vrrp-group 10 accept-data
> > set groups vrrp interfaces ge-0/0/3 unit 110 family inet address
> > 10.10.1.253/24 vrrp-group 10 track interface ge-0/0/1 priority-cost 5
> > set groups vrrp interfaces ge-0/0/3 unit 110 family inet address
> > 10.10.1.253/24 vrrp-group 10 track interface ge-0/0/2 priority-cost 5
> >
> > set groups mpls-vpns interfaces ge-0/0/3 unit 110 family inet
> > set groups mpls-vpns routing-options autonomous-system 65000
> > set groups mpls-vpns protocols bgp group internal type internal
> > set groups mpls-vpns protocols bgp group internal local-address 10.1.0.1
> > set groups mpls-vpns protocols bgp group internal mtu-discovery
> > set groups mpls-vpns protocols bgp group internal family inet unicast
> > set groups mpls-vpns protocols bgp group internal family inet-vpn unicast
> > set groups mpls-vpns protocols bgp group internal family inet-vpn any
> > set groups mpls-vpns protocols bgp group internal neighbor 10.2.0.1
> > set groups mpls-vpns policy-options policy-statement vpna-import term 1
> from
> > protocol bgp
> > set groups mpls-vpns policy-options policy-statement vpna-import term 1
> from
> > community vpna-target
> > set groups mpls-vpns policy-options policy-statement vpna-import term 1
> then
> > accept
> > set groups mpls-vpns policy-options policy-statement vpna-import term 2
> then
> > reject
> > set groups mpls-vpns policy-options policy-statement vpna-export term 1
> from
> > protocol ospf
> > set groups mpls-vpns policy-options policy-statement vpna-export term 1
> from
> > protocol direct
> > set groups mpls-vpns policy-options policy-statement vpna-export term 1
> then
> > community add vpna-target
> > set groups mpls-vpns policy-options policy-statement vpna-export term 1
> then
> > accept
> > set groups mpls-vpns policy-options policy-statement vpna-export term 2
> then
> > reject
> > set groups mpls-vpns policy-options policy-statement bgp-to-ospf from
> > protocol bgp
> > set groups mpls-vpns policy-options policy-statement bgp-to-ospf then
> accept
> > set groups mpls-vpns policy-options community vpna-target members
> > target:65000:10
> > set groups mpls-vpns policy-options community vpna-target members
> > target:65000:20
> > set groups mpls-vpns routing-instances vpn-a instance-type vrf
> > set groups mpls-vpns routing-instances vpn-a interface ge-0/0/3.110
> > set groups mpls-vpns routing-instances vpn-a route-distinguisher 65000:10
> > set groups mpls-vpns routing-instances vpn-a vrf-import vpna-import
> > set groups mpls-vpns routing-instances vpn-a vrf-export vpna-export
> > set groups mpls-vpns routing-instances vpn-a vrf-table-label
> > set groups mpls-vpns routing-instances vpn-a routing-options router-id
> > 10.1.0.1
> > set groups mpls-vpns routing-instances vpn-a protocols ospf export
> > bgp-to-ospf
> > set groups mpls-vpns routing-instances vpn-a protocols ospf area 0.0.0.0
> > interface ge-0/0/3.110
> >
> > set interfaces lo0 unit 0 family inet address 10.1.0.1/32
> >
> >
> > 1> show bgp summary
> > Groups: 1 Peers: 3 Down peers: 2
> > Table          Tot Paths  Act Paths Suppressed    History Damp State
> > Pending
> > inet.0                 0          0          0          0
> > 0          0
> > bgp.l3vpn.0            2          2          0          0
> > 0          0
> > bgp.l3vpn.2            0          0          0          0
> > 0          0
> > Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last
> > Up/Dwn State|#Active/Received/Accepted/Damped...
> > 10.0.0.2              65000        726        726       0       0
> > 5:26:43 Establ
> >  inet.0: 0/0/0/0
> >  bgp.l3vpn.0: 2/2/2/0
> >  bgp.l3vpn.2: 0/0/0/0
> >  vpn-a.inet.0: 2/2/2/0
> >
> >> show route table vpn-a.inet.0
> >
> > vpn-a.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
> > + = Active Route, - = Last Active, * = Both
> >
> > 10.10.1.0/24       *[Direct/0] 05:29:15
> >                    > via ge-0/0/3.110
> > 10.10.1.253/32     *[Local/0] 05:29:18
> >                      Local via ge-0/0/3.110
> > 10.10.1.254/32     *[Local/0] 05:29:07
> >                      Local via ge-0/0/3.110
> > 10.10.2.0/24       *[BGP/170] 05:27:25, localpref 100, from 10.2.0.1
> >                      AS path: I
> >                    > to 172.16.150.1 via ge-0/0/1.0, Push 16, Push
> > 299808(top)
> > 224.0.0.5/32       *[OSPF/10] 05:29:43, metric 1
> >                      MultiRecv
> >
> >> ping routing-instance vpn-a 10.10.2.254
> > PING 10.10.2.254 (10.10.2.254): 56 data bytes
> > ^C
> > --- 10.10.2.254 ping statistics ---
> > 6 packets transmitted, 0 packets received, 100% packet loss
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>