[j-nsp] SRX & MPLS

Phil Mayers p.mayers at imperial.ac.uk
Wed Aug 15 12:07:35 EDT 2012


On 15/08/12 16:50, GIULIANO (WZTECH) wrote:
> Phill,
>
> Could ou please share some juniper links or configurations on how about
> to configure SRX boxes with MPLS in a RING topology ?

Sure.

I'm assuming you have a basic Juniper layer3 provider core configured. 
In particular, you'll want an IGP (OSPF, IS-IS) and BGP configured, as 
well as basic addressing. In other words, something like this:

interfaces {
     ge-0/0/0 {
         description "faces other routers";
         mtu 2000;
         unit 0 {
             family inet {
                 address 192.0.2.1/31;
             }
         }
     }
     lo0 {
         unit 0 {
             family inet {
                 address 192.0.2.100/32;
             }
         }
     }
}
routing-options {
     router-id 192.0.2.100;
}

protocols {
     bgp {
         local-as 65000;
         group Core {
             type internal;
             family inet {
                 any;
             }
             peer-as 65000;
             neighbor 192.0.2.101;
             neighbor ...;
             neighbor 192.0.2.102;
         }
     }
     ospf {
         area 0.0.0.0 {
             interface ge-0/0/0.0 {
                 interface-type p2p;
             }
             interface lo0.0 {
                 passive;
             }
         }
     }
}

You then need to add MPLS:

interfaces {
     ge-0/0/0 {
         unit 0 {
             family mpls;
         }
     }
}
protocols {
     mpls {
         interface ge-0/0/0.0;
     }
     ldp {
         interface ge-0/0/0.0;
     }
     bgp {
         group Core {
             family inet-vpn {
                 any;
             }
         }
     }
}

Finally, on the SRX you need to enable packet mode:

security {
     zones {
         security-zone zone_default {
             host-inbound-traffic {
                 system-services {
                     all;
                 }
             }
             interfaces {
                 all;
             }
         }
     }
     forwarding-options {
         family {
             inet6 {
                 mode packet-based;
             }
             mpls {
                 mode packet-based;
             }
         }
     }
}

...and reboot. Once that's done, you can add a layer 3 VPN:

interfaces {
     ge-0/0/1 {
         vlan-tagging;
         unit 100 {
             vlan-id 100;
             family inet {
                 address 192.168.1.1/24;
             }
         }
     }
}
routing-instances {
     PROD {
         instance-type vrf;
         interface ge-0/0/1.100;
         route-distinguisher 65000:1;
         vrf-target target:65000:1;
         vrf-table-label;
     }
}

>
> Are you using L3 MPLS VPN or L2 VPLS or EoMPLS ?

We use L3VPN. I've tested EoMPLS, but I don't have a configuration to hand.

I haven't tested VPLS on the SRX.


More information about the juniper-nsp mailing list