[j-nsp] SRX & MPLS
Phil Mayers
p.mayers at imperial.ac.uk
Wed Aug 15 12:07:35 EDT 2012
On 15/08/12 16:50, GIULIANO (WZTECH) wrote:
> Phill,
>
> Could ou please share some juniper links or configurations on how about
> to configure SRX boxes with MPLS in a RING topology ?
Sure.
I'm assuming you have a basic Juniper layer3 provider core configured.
In particular, you'll want an IGP (OSPF, IS-IS) and BGP configured, as
well as basic addressing. In other words, something like this:
interfaces {
ge-0/0/0 {
description "faces other routers";
mtu 2000;
unit 0 {
family inet {
address 192.0.2.1/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.0.2.100/32;
}
}
}
}
routing-options {
router-id 192.0.2.100;
}
protocols {
bgp {
local-as 65000;
group Core {
type internal;
family inet {
any;
}
peer-as 65000;
neighbor 192.0.2.101;
neighbor ...;
neighbor 192.0.2.102;
}
}
ospf {
area 0.0.0.0 {
interface ge-0/0/0.0 {
interface-type p2p;
}
interface lo0.0 {
passive;
}
}
}
}
You then need to add MPLS:
interfaces {
ge-0/0/0 {
unit 0 {
family mpls;
}
}
}
protocols {
mpls {
interface ge-0/0/0.0;
}
ldp {
interface ge-0/0/0.0;
}
bgp {
group Core {
family inet-vpn {
any;
}
}
}
}
Finally, on the SRX you need to enable packet mode:
security {
zones {
security-zone zone_default {
host-inbound-traffic {
system-services {
all;
}
}
interfaces {
all;
}
}
}
forwarding-options {
family {
inet6 {
mode packet-based;
}
mpls {
mode packet-based;
}
}
}
}
...and reboot. Once that's done, you can add a layer 3 VPN:
interfaces {
ge-0/0/1 {
vlan-tagging;
unit 100 {
vlan-id 100;
family inet {
address 192.168.1.1/24;
}
}
}
}
routing-instances {
PROD {
instance-type vrf;
interface ge-0/0/1.100;
route-distinguisher 65000:1;
vrf-target target:65000:1;
vrf-table-label;
}
}
>
> Are you using L3 MPLS VPN or L2 VPLS or EoMPLS ?
We use L3VPN. I've tested EoMPLS, but I don't have a configuration to hand.
I haven't tested VPLS on the SRX.
More information about the juniper-nsp
mailing list