[j-nsp] MX5-T VPLS fowarding problem
Caillin Bathern
caillinb at commtelns.com
Fri Mar 29 07:40:37 EDT 2013
Hi Mathias,
First try adding "set chassis fpc <XX> pic <XX> tunnel-services
bandwidth <1g|10G>". You then have tunnel services on the MX80. Can't
remember if this has any caveats on being done to a live system though..
Also check "show route forwarding-table table vpls70134 extensive" to
check for forwarding entries.
Cheers,
Caillin
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Mathias
Sundman
Sent: Friday, 29 March 2013 9:11 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] MX5-T VPLS fowarding problem
I've just built a new MPLS network consisting of 6 MX5-T routers using
RSVP signaled LSPs where all routers work a combined P/PE routers.
The core network has been running fine for several weeks. L3VPN works
fine.
Now I try to establish a VPLS Point-to-Point tunnel between two adjacent
routers called solir1 and solir2. Outside of xe-0/0/3 of each router
there is access switch called solis1 and solis2, where I for the testing
purpose has configured an IP in the same subnet on each of the switches:
solis1 config:
interface Vlan1144
ip address 10.155.9.1 255.255.255.0
!
interface TenGigabitEthernet1/49
description type=core,subtype=isc,peer=solir1,peerint=xe-0/0/3
switchport mode trunk
!
solis2 config:
interface Vlan1244
ip address 10.155.9.2 255.255.255.0
!
interface TenGigabitEthernet1/49
description type=core,subtype=isc,peer=solir2,peerint=xe-0/0/3
switchport mode trunk
!
solir1 config:
masun at solir1> show configuration groups | find vpls70134
vpls70134 {
interfaces {
xe-0/0/3 {
unit 1144 {
description "vpls70134 Test VPLS solir1-solir2";
encapsulation vlan-vpls;
vlan-id 1144;
family vpls {
policer {
input vpls70134-100m;
output vpls70134-100m;
}
}
}
}
}
firewall {
policer vpls70134-100m {
if-exceeding {
bandwidth-limit 100m;
burst-size-limit 1m;
}
then discard;
}
}
routing-instances {
vpls70134 {
instance-type vpls;
interface xe-0/0/3.1144;
route-distinguisher 49079:70134;
vrf-target target:49079:70134;
protocols {
vpls {
site-range 10;
mac-table-size {
1024;
}
mac-statistics;
no-tunnel-services;
site solis1-vpls70134 {
site-identifier 1;
interface xe-0/0/3.1144;
}
}
}
}
}
}
masun at solir1> show configuration interfaces xe-0/0/3 description
type=core,subtype=isc,peer=solis1,peerint=Te1/49;
enable;
traps;
vlan-tagging;
mtu 2000;
encapsulation flexible-ethernet-services;
masun at solir2> show configuration groups | find vpls70134
vpls70134 {
interfaces {
xe-0/0/3 {
unit 1244 {
description "vpls70134 Test VPLS solir1-solir2";
encapsulation vlan-vpls;
vlan-id 1244;
family vpls {
policer {
input vpls70134-100m;
output vpls70134-100m;
}
}
}
}
}
firewall {
policer vpls70134-100m {
if-exceeding {
bandwidth-limit 100m;
burst-size-limit 1m;
}
then discard;
}
}
routing-instances {
vpls70134 {
instance-type vpls;
interface xe-0/0/3.1244;
route-distinguisher 49079:70134;
vrf-target target:49079:70134;
protocols {
vpls {
site-range 10;
mac-table-size {
1024;
}
mac-statistics;
no-tunnel-services;
site solis2-vpls70134 {
site-identifier 2;
interface xe-0/0/3.1244;
}
}
}
}
}
}
masun at solir2> show configuration interfaces xe-0/0/3 description
type=core,subtype=isc,peer=solis2,peerint=Te1/49;
enable;
traps;
vlan-tagging;
mtu 2000;
encapsulation flexible-ethernet-services;
The VPLS connection is up on each side:
masun at solir2> show vpls connections
...
Instance: vpls70134
Local site: solis2-vpls70134 (2)
connection-site Type St Time last up # Up
trans
1 rmt Up Mar 28 16:11:30 2013
1
Remote PE: 89.107.216.238, Negotiated control-word: No
Incoming label: 262145, Outgoing label: 262146
Local interface: lsi.1048832, Status: Up, Encapsulation: VPLS
Description: Intf - vpls vpls70134 local site 2 remote site 1
And the MAC address of my test switches are learned by each PE router:
masun at solir2> show vpls mac-table
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned
SE -Statistics enabled, NM -Non configured MAC, R -Remote PE
MAC)
Routing instance : vpls70134
Bridging domain : __vpls70134__, VLAN : NA
MAC MAC Logical
address flags interface
e0:2f:6d:d4:75:70 D,SE xe-0/0/3.1244
e0:2f:6d:d4:75:7f D,SE xe-0/0/3.1244
e0:2f:6d:d4:7d:30 D,SE lsi.1048832
e0:2f:6d:d4:7d:3f D,SE lsi.1048832
BUT, I'm not able to ping between the two switches. No MACs are learned
on the trunk port in the switches, so the ARP request sent be the source
switch must be reaching the dest PE router (as that one learns the
source switch mac), but does not seem to be forwarded out on the dest
interface on the dest PE router as the dest switch is not learning any
macs on the trunk if.
Help please?
I initially did not have no-tunnel-services configured with the same
result, but was then told that the MX5-T lacks a tunnel-services PIC so
I need to use the no-tunnel-services keyword.
masun at solir1> show version
Hostname: solir1
Model: mx5-t
JUNOS Base OS boot [11.4R7.5]
JUNOS Base OS Software Suite [11.4R7.5]
JUNOS Kernel Software Suite [11.4R7.5]
JUNOS Crypto Software Suite [11.4R7.5]
JUNOS Packet Forwarding Engine Support (MX80) [11.4R7.5] JUNOS Online
Documentation [11.4R7.5] JUNOS Routing Software Suite [11.4R7.5]
masun at solir1> show system license
License usage:
Licenses Licenses Licenses
Expiry
Feature name used installed needed
scale-subscriber 0 1000 0 permanent
scale-l2tp 0 1000 0 permanent
scale-mobile-ip 0 1000 0 permanent
Licenses installed: none
- Mat
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Message protected by MailGuard: e-mail anti-virus, anti-spam and
content filtering.http://www.mailguard.com.au/mg
More information about the juniper-nsp
mailing list