[j-nsp] MX5-T VPLS fowarding problem
Mathias Sundman
mathias at nilings.se
Fri Mar 29 08:02:55 EDT 2013
Hi,
I got an off-list message from Diogo saying that the logical interface
(VLAN ID) on each side must be the same, unless you do some
pop/push/swap magic. Changing that did solve the problem! I still don't
see why though. I only use the VLAN locally on each site to separate the
traffic between multiple customers in the access switches, so the VLAN
tag should never be included in the actual frames forwarded between the
routers.
With that solved, yes, I could then put the chassis fpc 0 pic 0
tunnel-services back and remove no-tunnel-services from the vpls config
and it still rocks :)
If I have a 10G backbone, and would like to able to transport a number
of 1G VPLS circuits, should I set tunnel-services bandwidth to 10G, or
does that have a big negative performance impact on something else?
Thanks both to Diogo and Caillin for your replies.
On 03/29/2013 12:40 PM, Caillin Bathern wrote:
> Hi Mathias,
>
> First try adding "set chassis fpc <XX> pic <XX> tunnel-services
> bandwidth <1g|10G>". You then have tunnel services on the MX80. Can't
> remember if this has any caveats on being done to a live system though..
>
> Also check "show route forwarding-table table vpls70134 extensive" to
> check for forwarding entries.
>
> Cheers,
> Caillin
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Mathias
> Sundman
> Sent: Friday, 29 March 2013 9:11 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] MX5-T VPLS fowarding problem
>
> I've just built a new MPLS network consisting of 6 MX5-T routers using
> RSVP signaled LSPs where all routers work a combined P/PE routers.
>
> The core network has been running fine for several weeks. L3VPN works
> fine.
>
> Now I try to establish a VPLS Point-to-Point tunnel between two adjacent
> routers called solir1 and solir2. Outside of xe-0/0/3 of each router
> there is access switch called solis1 and solis2, where I for the testing
> purpose has configured an IP in the same subnet on each of the switches:
>
> solis1 config:
> interface Vlan1144
> ip address 10.155.9.1 255.255.255.0
> !
> interface TenGigabitEthernet1/49
> description type=core,subtype=isc,peer=solir1,peerint=xe-0/0/3
> switchport mode trunk
> !
>
>
> solis2 config:
> interface Vlan1244
> ip address 10.155.9.2 255.255.255.0
> !
> interface TenGigabitEthernet1/49
> description type=core,subtype=isc,peer=solir2,peerint=xe-0/0/3
> switchport mode trunk
> !
>
>
> solir1 config:
> masun at solir1> show configuration groups | find vpls70134
> vpls70134 {
> interfaces {
> xe-0/0/3 {
> unit 1144 {
> description "vpls70134 Test VPLS solir1-solir2";
> encapsulation vlan-vpls;
> vlan-id 1144;
> family vpls {
> policer {
> input vpls70134-100m;
> output vpls70134-100m;
> }
> }
> }
> }
> }
> firewall {
> policer vpls70134-100m {
> if-exceeding {
> bandwidth-limit 100m;
> burst-size-limit 1m;
> }
> then discard;
> }
> }
> routing-instances {
> vpls70134 {
> instance-type vpls;
> interface xe-0/0/3.1144;
> route-distinguisher 49079:70134;
> vrf-target target:49079:70134;
> protocols {
> vpls {
> site-range 10;
> mac-table-size {
> 1024;
> }
> mac-statistics;
> no-tunnel-services;
> site solis1-vpls70134 {
> site-identifier 1;
> interface xe-0/0/3.1144;
> }
> }
> }
> }
> }
> }
>
> masun at solir1> show configuration interfaces xe-0/0/3 description
> type=core,subtype=isc,peer=solis1,peerint=Te1/49;
> enable;
> traps;
> vlan-tagging;
> mtu 2000;
> encapsulation flexible-ethernet-services;
>
>
> masun at solir2> show configuration groups | find vpls70134
> vpls70134 {
> interfaces {
> xe-0/0/3 {
> unit 1244 {
> description "vpls70134 Test VPLS solir1-solir2";
> encapsulation vlan-vpls;
> vlan-id 1244;
> family vpls {
> policer {
> input vpls70134-100m;
> output vpls70134-100m;
> }
> }
> }
> }
> }
> firewall {
> policer vpls70134-100m {
> if-exceeding {
> bandwidth-limit 100m;
> burst-size-limit 1m;
> }
> then discard;
> }
> }
> routing-instances {
> vpls70134 {
> instance-type vpls;
> interface xe-0/0/3.1244;
> route-distinguisher 49079:70134;
> vrf-target target:49079:70134;
> protocols {
> vpls {
> site-range 10;
> mac-table-size {
> 1024;
> }
> mac-statistics;
> no-tunnel-services;
> site solis2-vpls70134 {
> site-identifier 2;
> interface xe-0/0/3.1244;
> }
> }
> }
> }
> }
> }
>
> masun at solir2> show configuration interfaces xe-0/0/3 description
> type=core,subtype=isc,peer=solis2,peerint=Te1/49;
> enable;
> traps;
> vlan-tagging;
> mtu 2000;
> encapsulation flexible-ethernet-services;
>
>
> The VPLS connection is up on each side:
> masun at solir2> show vpls connections
> ...
> Instance: vpls70134
> Local site: solis2-vpls70134 (2)
> connection-site Type St Time last up # Up
> trans
> 1 rmt Up Mar 28 16:11:30 2013
> 1
> Remote PE: 89.107.216.238, Negotiated control-word: No
> Incoming label: 262145, Outgoing label: 262146
> Local interface: lsi.1048832, Status: Up, Encapsulation: VPLS
> Description: Intf - vpls vpls70134 local site 2 remote site 1
>
> And the MAC address of my test switches are learned by each PE router:
> masun at solir2> show vpls mac-table
>
> MAC flags (S -static MAC, D -dynamic MAC, L -locally learned
> SE -Statistics enabled, NM -Non configured MAC, R -Remote PE
> MAC)
>
> Routing instance : vpls70134
> Bridging domain : __vpls70134__, VLAN : NA
> MAC MAC Logical
> address flags interface
> e0:2f:6d:d4:75:70 D,SE xe-0/0/3.1244
> e0:2f:6d:d4:75:7f D,SE xe-0/0/3.1244
> e0:2f:6d:d4:7d:30 D,SE lsi.1048832
> e0:2f:6d:d4:7d:3f D,SE lsi.1048832
>
>
> BUT, I'm not able to ping between the two switches. No MACs are learned
> on the trunk port in the switches, so the ARP request sent be the source
> switch must be reaching the dest PE router (as that one learns the
> source switch mac), but does not seem to be forwarded out on the dest
> interface on the dest PE router as the dest switch is not learning any
> macs on the trunk if.
>
> Help please?
>
>
>
> I initially did not have no-tunnel-services configured with the same
> result, but was then told that the MX5-T lacks a tunnel-services PIC so
> I need to use the no-tunnel-services keyword.
>
> masun at solir1> show version
> Hostname: solir1
> Model: mx5-t
> JUNOS Base OS boot [11.4R7.5]
> JUNOS Base OS Software Suite [11.4R7.5]
> JUNOS Kernel Software Suite [11.4R7.5]
> JUNOS Crypto Software Suite [11.4R7.5]
> JUNOS Packet Forwarding Engine Support (MX80) [11.4R7.5] JUNOS Online
> Documentation [11.4R7.5] JUNOS Routing Software Suite [11.4R7.5]
>
>
> masun at solir1> show system license
> License usage:
> Licenses Licenses Licenses
> Expiry
> Feature name used installed needed
> scale-subscriber 0 1000 0 permanent
> scale-l2tp 0 1000 0 permanent
> scale-mobile-ip 0 1000 0 permanent
>
> Licenses installed: none
>
>
> - Mat
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> --
> Message protected by MailGuard: e-mail anti-virus, anti-spam and
> content filtering.http://www.mailguard.com.au/mg
>
More information about the juniper-nsp
mailing list