[j-nsp] 6PE and BGP signaled lsps
Tobias Heister
lists at tobias-heister.de
Mon Jul 30 09:44:38 EDT 2012
Dear All,
First of all thank you for all message on and off list. I think I got this working now. I have simplified the topology (but it works on the initial topology as well)
R1 - R2 - R3 - R4 - R5
rsvp full mesh on R1, R2 and R3
ldp full mesh on R3, R4 and R5
we want to establish a bgp signaled lsp from R1 to R5 and use it for 6PE or any kind of VPN
There were a few points I was missing or at least was not totaly clear about.
1. R3 as a route reflector must have family inet6 enabled on its "core" facing interfaces as it terminates 6PE tunnels and receives packets labeled with implicit ipv6 null label (label 2) and therefore must be able to process ipv6 packets after popping the label
2. You do not need to add the "rib-groups" knob to the family inet6 labeled unicast statement it is the "rib" knob. Unfortunately the statement is hidden in my version (10.4R8) or at least does not autocomplete so I did not notice my error right away.
set family inet6 labeled-unicast rib?
Possible completions:
> rib-group Routing table group
=> only completion is rib-group
set family inet6 labeled-unicast rib inet.3
=> does work and gives us
family inet6 {
labeled-unicast {
rib {
inet.3;
}
explicit-null;
}
}
Also note that it reads "rib inet.3" although it places the routes in inet6.3 rib and also is referenced as inet6.3 in the documentation i posted in my first mail [1]
3. I got the RR to announce the mapped v4 (::ffff:x.x.x..x) prefixes which were locally generated via labeled bgp to the RR clients. Unfortunately I was not able to use this next-hops for forwarding (even with nex-hop self policy in the edges). All Routing and forwarding entries looked fine across all routers but I could not get traffic across.
What I did instead was assigning an inet6 loopback manually to R1 and R5 and advertising these loopbacks via inet6 labeled-unicast. In the next step I applied a policy to change the next hop for all inet6 prefixe to map to this loopbacks and everything was working fine.
As R1/R5 were (for some reason) not generating the mapped loopback on their own my guess is that it just does not work in a labeled bgp scenario. Also this is what is done in the config example in scaling with labeled bgp guide [1]
4. Unfortunately there is no inet6 equivalent to icmp-tunneling for mpls. These makes troubleshooting a bit hard as you have no clue where a packet might get stuck while going through the mpls cloud.
So putting it all together i now use the following configuration. With this configuration i can now use the bgp signaled lsp for plain IP, 6PE and any kind of VPNs (I have tested L2VPN, L2circuit, L3VPN and VPLS)
## R1/R5
# bgp
group ibgp {
type internal;
local-address R1/R5
import prefer-inet.3;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
family inet6 {
unicast;
labeled-unicast {
rib {
inet.3;
}
explicit-null;
}
}
export [ export-inet3 nhs nhs6 ];
neighbor R3
}
#policy
policy-statement export-inet3 {
term one {
from {
protocol direct;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then accept;
}
term two {
from {
protocol direct;
route-filter ::/0 prefix-length-range /128-/128;
}
then accept;
}
}
policy-statement nhs {
then {
next-hop self;
}
}
policy-statement nhs6 {
from {
family inet6;
rib inet6.0;
}
then {
next-hop inet6_loopback_of_R1/R3
}
}
policy-statement prefer-inet.3 {
term inet {
from {
rib inet.3;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
preference 9;
accept;
}
}
term inet6 {
from {
rib inet6.3;
route-filter ::/0 prefix-length-range /128-/128;
}
then {
preference 9;
accept;
}
}
}
policy-statement only-lo {
term one {
from interface lo0.5;
then accept;
}
term two {
to rib inet.3;
then reject;
}
term three {
to rib inet6.3;
then reject;
}
term four {
to rib inet6.0;
then accept;
}
term five {
to rib inet6.0;
then accept;
}
}
#routing options
interface-routes {
rib-group {
inet interfaces;
inet6 v6-interfaces;
}
}
rib-groups {
interfaces {
import-rib [ inet.0 inet.3 ];
import-policy only-lo;
}
v6-interfaces {
import-rib [ inet6.0 inet6.3 ];
import-policy only-lo;
}
}
##R3
#bgp
group ibgp {
type internal;
local-address R3
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
family inet6 {
unicast;
labeled-unicast {
rib {
inet.3;
}
explicit-null;
}
}
export nhs;
cluster R3
neighbor R1
neighbor R5
}
}
#policy
policy-statement nhs {
term one {
from {
rib inet.3;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then {
next-hop self;
accept;
}
}
term two {
from {
rib inet6.3;
route-filter ::/0 prefix-length-range /128-/128;
}
then {
next-hop self;
accept;
}
}
}
##R2/R4
only mpls + igp config no need to add anything ipv6 or bgp related
[1] http://www.juniper.net/us/en/local/pdf/design-guides/8020013-en.pdf
--
Kind Regards
Tobias Heister
More information about the juniper-nsp
mailing list