[j-nsp] MX5-T VPLS fowarding problem
Mathias Sundman
mathias at nilings.se
Fri Mar 29 06:10:45 EDT 2013
I've just built a new MPLS network consisting of 6 MX5-T routers using
RSVP signaled LSPs where all routers work a combined P/PE routers.
The core network has been running fine for several weeks. L3VPN works fine.
Now I try to establish a VPLS Point-to-Point tunnel between two adjacent
routers called solir1 and solir2. Outside of xe-0/0/3 of each router
there is access switch called solis1 and solis2, where I for the testing
purpose has configured an IP in the same subnet on each of the switches:
solis1 config:
interface Vlan1144
ip address 10.155.9.1 255.255.255.0
!
interface TenGigabitEthernet1/49
description type=core,subtype=isc,peer=solir1,peerint=xe-0/0/3
switchport mode trunk
!
solis2 config:
interface Vlan1244
ip address 10.155.9.2 255.255.255.0
!
interface TenGigabitEthernet1/49
description type=core,subtype=isc,peer=solir2,peerint=xe-0/0/3
switchport mode trunk
!
solir1 config:
masun at solir1> show configuration groups | find vpls70134
vpls70134 {
interfaces {
xe-0/0/3 {
unit 1144 {
description "vpls70134 Test VPLS solir1-solir2";
encapsulation vlan-vpls;
vlan-id 1144;
family vpls {
policer {
input vpls70134-100m;
output vpls70134-100m;
}
}
}
}
}
firewall {
policer vpls70134-100m {
if-exceeding {
bandwidth-limit 100m;
burst-size-limit 1m;
}
then discard;
}
}
routing-instances {
vpls70134 {
instance-type vpls;
interface xe-0/0/3.1144;
route-distinguisher 49079:70134;
vrf-target target:49079:70134;
protocols {
vpls {
site-range 10;
mac-table-size {
1024;
}
mac-statistics;
no-tunnel-services;
site solis1-vpls70134 {
site-identifier 1;
interface xe-0/0/3.1144;
}
}
}
}
}
}
masun at solir1> show configuration interfaces xe-0/0/3
description type=core,subtype=isc,peer=solis1,peerint=Te1/49;
enable;
traps;
vlan-tagging;
mtu 2000;
encapsulation flexible-ethernet-services;
masun at solir2> show configuration groups | find vpls70134
vpls70134 {
interfaces {
xe-0/0/3 {
unit 1244 {
description "vpls70134 Test VPLS solir1-solir2";
encapsulation vlan-vpls;
vlan-id 1244;
family vpls {
policer {
input vpls70134-100m;
output vpls70134-100m;
}
}
}
}
}
firewall {
policer vpls70134-100m {
if-exceeding {
bandwidth-limit 100m;
burst-size-limit 1m;
}
then discard;
}
}
routing-instances {
vpls70134 {
instance-type vpls;
interface xe-0/0/3.1244;
route-distinguisher 49079:70134;
vrf-target target:49079:70134;
protocols {
vpls {
site-range 10;
mac-table-size {
1024;
}
mac-statistics;
no-tunnel-services;
site solis2-vpls70134 {
site-identifier 2;
interface xe-0/0/3.1244;
}
}
}
}
}
}
masun at solir2> show configuration interfaces xe-0/0/3
description type=core,subtype=isc,peer=solis2,peerint=Te1/49;
enable;
traps;
vlan-tagging;
mtu 2000;
encapsulation flexible-ethernet-services;
The VPLS connection is up on each side:
masun at solir2> show vpls connections
...
Instance: vpls70134
Local site: solis2-vpls70134 (2)
connection-site Type St Time last up # Up trans
1 rmt Up Mar 28 16:11:30 2013 1
Remote PE: 89.107.216.238, Negotiated control-word: No
Incoming label: 262145, Outgoing label: 262146
Local interface: lsi.1048832, Status: Up, Encapsulation: VPLS
Description: Intf - vpls vpls70134 local site 2 remote site 1
And the MAC address of my test switches are learned by each PE router:
masun at solir2> show vpls mac-table
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned
SE -Statistics enabled, NM -Non configured MAC, R -Remote PE
MAC)
Routing instance : vpls70134
Bridging domain : __vpls70134__, VLAN : NA
MAC MAC Logical
address flags interface
e0:2f:6d:d4:75:70 D,SE xe-0/0/3.1244
e0:2f:6d:d4:75:7f D,SE xe-0/0/3.1244
e0:2f:6d:d4:7d:30 D,SE lsi.1048832
e0:2f:6d:d4:7d:3f D,SE lsi.1048832
BUT, I'm not able to ping between the two switches. No MACs are learned
on the trunk port in the switches, so the ARP request sent be the source
switch must be reaching the dest PE router (as that one learns the
source switch mac), but does not seem to be forwarded out on the dest
interface on the dest PE router as the dest switch is not learning any
macs on the trunk if.
Help please?
I initially did not have no-tunnel-services configured with the same
result, but was then told that the MX5-T lacks a tunnel-services PIC so
I need to use the no-tunnel-services keyword.
masun at solir1> show version
Hostname: solir1
Model: mx5-t
JUNOS Base OS boot [11.4R7.5]
JUNOS Base OS Software Suite [11.4R7.5]
JUNOS Kernel Software Suite [11.4R7.5]
JUNOS Crypto Software Suite [11.4R7.5]
JUNOS Packet Forwarding Engine Support (MX80) [11.4R7.5]
JUNOS Online Documentation [11.4R7.5]
JUNOS Routing Software Suite [11.4R7.5]
masun at solir1> show system license
License usage:
Licenses Licenses Licenses Expiry
Feature name used installed needed
scale-subscriber 0 1000 0 permanent
scale-l2tp 0 1000 0 permanent
scale-mobile-ip 0 1000 0 permanent
Licenses installed: none
- Mat
More information about the juniper-nsp
mailing list