[j-nsp] Juniper and Cisco - BGP MPLS L2VPN VPLS interoperability

Aaron aaron1 at gvtc.com
Mon Nov 23 14:58:14 EST 2015


Thanks folks, 

Maybe you all weren't aware of what happened ....

What happened was , I brought up two juniper PE's (acx5048 and mx104) into my bgp environment... actually 5048 and 104 were already part of the bgp environment , and participating nicely in vpnv4 (l3vpn).

I then enabled bgp mpls l2vpn, and BAMMO !  now listen closely... this brought down about 20 other bgp neighbor sessions with 20 different cisco me3600's all over my network .  now please, listen closely again, we aren't talking about an initial bgp session renegotiation, from this point forward the ME3600's were not able to reestablish their bgp sessions at all !

This resulted in about a 30 or 45 minute network wide outage to all of those me3600's.

I did "rollback 1" on the juniper 5048 and 104 and finally the me3600's were able to settle down and establish bgp neighboring with the dual RR core and all is well.

Aaron

p.s. besides, bringing up l2vpn AF on the 5048 and 104 , as I understand it, SHOULD NOT, cause any other PE's to renegotiate capabilities and AF's on their bgp neighbor sessions with the RR.


-----Original Message-----
From: Adam Vitkovsky [mailto:Adam.Vitkovsky at gamma.co.uk] 
Sent: Monday, November 23, 2015 5:48 AM
To: Aaron; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] Juniper and Cisco - BGP MPLS L2VPN VPLS interoperability

Hi Aaron,

Capabilities are advertised in the OPEN message which is sent during the session initialization so naturally when you enable new capability on an existing session the session needs to be reset for the OPEN messages to be exchanged again.
Unfortunately BGP does not support dynamic capability negotiation yet (dynamic-cap  was first proposed in 2002 and ceased in 2012).

Anyways this is why it is very important to run a separate session for each RR in the "cluster" (or a separate RR infrastructure per service/set of services vMX/XRv) So that when you need to introduce a new feature you can do that gradually and don't need to have a flag day on a particular PE.

Other important by-product of this design is resistance to BGP malfunction (especially sessions carrying internet routes are susceptible).
Though BGP enhanced error handling in modern code should "hopefully" prevent BGP sessions resetting network wide due to unknown BGP msg type passing by, but if they do for some reason at least they don't bring down other services (AFs) running over the common BGP session.


adam
>

        Adam Vitkovsky
        IP Engineer

T:      0333 006 5936
E:      Adam.Vitkovsky at gamma.co.uk
W:      www.gamma.co.uk

This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of this email are confidential to the ordinary user of the email address to which it was addressed. This email is not intended to create any legal relationship. No one else may place any reliance upon it, or copy or forward all or any of it in any form (unless otherwise notified). If you receive this email in error, please accept our apologies, we would be obliged if you would telephone our postmaster on +44 (0) 808 178 9652 or email postmaster at gamma.co.uk

Gamma Telecom Limited, a company incorporated in England and Wales, with limited liability, with registered number 04340834, and whose registered office is at 5 Fleet Place London EC4M 7RD and whose principal place of business is at Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.


-----Original Message-----
> From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On 
> Behalf Of Aaron
> Sent: Friday, November 20, 2015 6:08 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Juniper and Cisco - BGP MPLS L2VPN VPLS 
> interoperability
>
> Can anyone share any experiences with interoperating Cisco and Juniper 
> BGP MPLS L2VPN's ?
>
>
>
> Yesterday I fired up L2VPN configs in my ACX5048 and MX104 in my lab 
> and brought up BGP L2VPN address family and got some bad results
>
>
>
> It caused all of my Cisco ME3600's in my network to send BGP 
> Notifications and drop their MP-BGP neighbor sessions to the Route 
> Reflector core and purge all their vpnv4, vpnv6 and l2vpn topology tables !
>
>
>
> Bad customer impact. lots of trouble.
>
>
>
> "Rollback 1" on ACX and MX and all is well
>
>
>
> Anyway have trouble in this area ?
>
>
>
> Aaron
>
>
>
> P.S. for a couple weeks those same ACX and MX were running just fine 
> with my route reflector core (dual asr9k's) and running fine with BGP 
> MPLS L3VPN's (layer 3) routing-instances. able to talk to the rest of 
> the routing domains, etc.  all that seemed fine.  It was just this 
> L2VPN stuff yesterday was bad.
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp




More information about the juniper-nsp mailing list