[j-nsp] Juniper BGP signaled VPLS interoperability, site-id issue

Misak Khachatryan m.khachatryan at gnc.am
Thu Nov 10 06:09:24 EST 2016


Small correction:

After more thorough examination site 5 seems not working, instead site
17. So it seems site ID's 1-15 not working, like first label block.

Best regards,
Misak Khachatryan,
Network Administration and
Monitoring Department Manager,

GNC- ALFA CJSC
1 Khaghaghutyan str., Abovyan, 2201 Armenia
Tel: +374 60 46 99 70 (9670),
Mob.: +374 55 19 98 40
URL:    www.rtarmenia.am


On Thu, Nov 10, 2016 at 2:50 PM, Misak Khachatryan <m.khachatryan at gnc.am> wrote:
> Hello,
>
> we have MPLS network solely built on Juniper MX routers. We have 2
> route reflectors, 16 PE routers, and of course lot of VPLS configured.
> Recently we decided to try Mikrotik for some non critical and low
> bandwidth sites. Statically configured VPLS connected to Juniper VPLS
> via mesh groups works OK, but we hit some limitations, especially that
> there can be only 14 mesh-group per vpls.
>
> Then we decided to try BGP signaled VPLS and hit this strange problem.
> 8 of our Juniper PEs recognizing the Mikrotik site and establishing
> pseudowires with no problem, other 8 see site but not establishing any
> connection, having site status of OL, which means no outgoing label.
>
> Tried RouterOS 6.36.4, 6.37.1, and latest 6.38rc25, same result.
>
> Mikrotik site ID is 41
>
> Working site IDs are - 5,20,22,24,25,28,33,35
>
> These site IDs not working 1,3,6,8,10,12,14,15
>
> LDP seems OK.
>
>
> Mikrotik config:
> # nov/10/2016 13:28:11 by RouterOS 6.36.4
> # software id = 7LGJ-TXAC
> #
> /interface bridge
> add name=Loopback0 protocol-mode=none
> add name=Test_VPLS protocol-mode=none
> /interface ethernet
> set [ find default-name=ether1 ] l2mtu=2000
> mac-address=6C:3B:6B:09:60:D2 mtu=1972 name=Up_Link
> set [ find default-name=ether3 ] arp=disabled l2mtu=1500
> mac-address=6C:3B:6B:09:60:D4
> /routing bgp instance
> set default as=65500 client-to-client-reflection=no router-id=10.255.255.41
> /routing ospf instance
> set [ find default=yes ] router-id=10.255.255.41
> /interface bridge port
> add bridge=Test_VPLS interface=ether3
> /interface vpls bgp-vpls
> add bridge=Test_VPLS bridge-cost=0 bridge-horizon=1
> export-route-targets=65500:5000 import-route-targets=65500:5000
> name=Test \
>     route-distinguisher=10.255.255.41:5000 site-id=41 use-control-word=no
> /ip address
> add address=10.255.255.41 interface=Loopback0 network=10.255.255.41
> add address=10.255.25.10/30 interface=Up_Link network=10.255.25.8
> /mpls
> set propagate-ttl=no
> /mpls interface
> set [ find default=yes ] mpls-mtu=2000
> /mpls ldp
> set enabled=yes lsr-id=10.255.255.41 transport-address=10.255.255.41
> /mpls ldp interface
> add interface=Up_Link
> add interface=Loopback0
> /routing bgp peer
> add address-families=l2vpn name=Abovyan remote-address=10.255.255.6
> remote-as=65500 ttl=default update-source=Loopback0
> add address-families=l2vpn name=Vanadzor remote-address=10.255.255.3
> remote-as=65500 ttl=default update-source=Loopback0
> /routing ospf interface
> add interface=Loopback0 network-type=point-to-point
> add disabled=yes interface=Management-Bridge network-type=broadcast
> add cost=100 interface=Up_Link network-type=broadcast
> /routing ospf network
> add area=backbone network=10.255.255.41/32
> add area=backbone network=10.255.25.8/30
>
>
> Juniper PE VPLS config:
>
> show routing-instances Mikrotik_VPLS
> instance-type vpls;
> interface ae2.3;
> route-distinguisher 10.255.255.1:5000;
> vrf-target target:65500:5000;
> protocols {
>     vpls {
>         no-tunnel-services;
>         site yerevan {
>             site-identifier 1;
>             interface ae2.3;
>         }
>         connectivity-type permanent;
>     }
> }
>
>
> Juniper output on connection status:
>
> [code]show vpls connections instance Mikrotik_VPLS extensive
> Layer-2 VPN connections:
>
> Legend for connection status (St)
> EI -- encapsulation invalid      NC -- interface encapsulation not CCC/TCC/VPLS
> EM -- encapsulation mismatch     WE -- interface and instance encaps not same
> VC-Dn -- Virtual circuit down    NP -- interface hardware not present
> CM -- control-word mismatch      -> -- only outbound connection is up
> CN -- circuit not provisioned    <- -- only inbound connection is up
> OR -- out of range               Up -- operational
> OL -- no outgoing label          Dn -- down
> LD -- local site signaled down   CF -- call admission control failure
> RD -- remote site signaled down  SC -- local and remote site ID collision
> LN -- local site not designated  LM -- local site ID not minimum designated
> RN -- remote site not designated RM -- remote site ID not minimum designated
> XX -- unknown connection status  IL -- no incoming label
> MM -- MTU mismatch               MI -- Mesh-Group ID not available
> BK -- Backup connection          ST -- Standby connection
> PF -- Profile parse failure      PB -- Profile busy
> RS -- remote site standby        SN -- Static Neighbor
> LB -- Local site not best-site   RB -- Remote site not best-site
> VM -- VLAN ID mismatch
>
> Legend for interface status
> Up -- operational
> Dn -- down
>
> Instance: Mikrotik_VPLS
> Edge protection: Not-Primary
>   Local site: yerevan (1)
>     Number of local interfaces: 1
>     Number of local interfaces up: 1
>     IRB interface present: no
>     ae2.3
>     Label-base        Offset     Size  Range     Preference
>     329680            1          8      8         100
>     Label-base        Offset     Size  Range     Preference
>     328928            41         8      1         100
>     connection-site           Type  St     Time last up          # Up trans
>     41                        rmt   OL
>
> But when i change site-id on Juniper lets say to 25 from working list
> or 125 in this example, everything seems to work.
>
> show vpls connections instance Mikrotik_VPLS
> Layer-2 VPN connections:
>
> Legend for connection status (St)
> EI -- encapsulation invalid      NC -- interface encapsulation not CCC/TCC/VPLS
> EM -- encapsulation mismatch     WE -- interface and instance encaps not same
> VC-Dn -- Virtual circuit down    NP -- interface hardware not present
> CM -- control-word mismatch      -> -- only outbound connection is up
> CN -- circuit not provisioned    <- -- only inbound connection is up
> OR -- out of range               Up -- operational
> OL -- no outgoing label          Dn -- down
> LD -- local site signaled down   CF -- call admission control failure
> RD -- remote site signaled down  SC -- local and remote site ID collision
> LN -- local site not designated  LM -- local site ID not minimum designated
> RN -- remote site not designated RM -- remote site ID not minimum designated
> XX -- unknown connection status  IL -- no incoming label
> MM -- MTU mismatch               MI -- Mesh-Group ID not available
> BK -- Backup connection          ST -- Standby connection
> PF -- Profile parse failure      PB -- Profile busy
> RS -- remote site standby        SN -- Static Neighbor
> LB -- Local site not best-site   RB -- Remote site not best-site
> VM -- VLAN ID mismatch
>
> Legend for interface status
> Up -- operational
> Dn -- down
>
> Instance: Mikrotik_VPLS
> Edge protection: Not-Primary
>   Local site: yerevan (125)
>     connection-site           Type  St     Time last up          # Up trans
>     41                        rmt   Up     Nov 10 12:24:34 2016           1
>       Remote PE: 10.255.255.41, Negotiated control-word: No
>       Incoming label: 329680, Outgoing label: 9162
>       Local interface: lsi.1638426, Status: Up, Encapsulation: VPLS
>         Description: Intf - vpls Mikrotik_VPLS local site 125 remote site 41
>
>
>
> I've noticed that label block sizes are different for Juniper and
> Mikrotik, here is the BGP table from Route Reflector:
>
> show route table bgp.l2vpn.0 community target:*:5000 detail
>
> bgp.l2vpn.0: 9870 destinations, 9870 routes (9870 active, 0 holddown, 0 hidden)
>  10.255.255.1:5000:125:41/96 (1 entry, 1 announced)
>         *BGP    Preference: 170/-101
>                 Route Distinguisher: 10.255.255.1:5000
>                 Next hop type: Indirect
>                 Address: 0x418e29f0
>                 Next-hop reference count: 3621
>                 Source: 10.255.255.1
>                 Protocol next hop: 10.255.255.1
>                 Indirect next hop: 0x2 no-forward INH Session ID: 0x0
>                 State: <Active Int Ext>
>                 Local AS: 65500 Peer AS: 65500
>                 Age: 1:20:53    Metric2: 1
>                 Validation State: unverified
>                 Task: BGP_65500.10.255.255.1+179
>                 Announcement bits (1): 0-BGP_RT_Background
>                 AS path: I
>                 Communities: target:65500:5000 Layer2-info: encaps:
> VPLS, control flags:[0x0] , mtu: 0, site preference: 100
>                 Accepted
>                 Label-base: 329680, range: 8, offset: 41
>                 Localpref: 100
>                 Router ID: 10.255.255.1
>
>  10.255.255.1:5000:125:121/96 (1 entry, 1 announced)
>         *BGP    Preference: 170/-101
>                 Route Distinguisher: 10.255.255.1:5000
>                 Next hop type: Indirect
>                 Address: 0x418e29f0
>                 Next-hop reference count: 3621
>                 Source: 10.255.255.1
>                 Protocol next hop: 10.255.255.1
>                 Indirect next hop: 0x2 no-forward INH Session ID: 0x0
>                 State: <Active Int Ext>
>                 Local AS: 65500 Peer AS: 65500
>                 Age: 1:20:54    Metric2: 1
>                 Validation State: unverified
>                 Task: BGP_65500.10.255.255.1+179
>                 Announcement bits (1): 0-BGP_RT_Background
>                 AS path: I
>                 Communities: target:65500:5000 Layer2-info: encaps:
> VPLS, control flags:[0x0] , mtu: 0, site preference: 100
>                 Accepted
>                 Label-base: 328928, range: 8, offset: 121
>                 Localpref: 100
>                 Router ID: 10.255.255.1
>
>  10.255.255.41:5000:41:0/96 (1 entry, 1 announced)
>         *BGP    Preference: 170/-101
>                 Route Distinguisher: 10.255.255.41:5000
>                 Next hop type: Indirect
>                 Address: 0x4561eea0
>                 Next-hop reference count: 4
>                 Source: 10.255.255.41
>                 Protocol next hop: 10.255.255.41
>                 Indirect next hop: 0x2 no-forward INH Session ID: 0x0
>                 State: <Active Int Ext>
>                 Local AS: 65500 Peer AS: 65500
>                 Age: 1:37:02    Metric2: 1
>                 Validation State: unverified
>                 Task: BGP_65500.10.255.255.41+179
>                 Announcement bits (1): 0-BGP_RT_Background
>                 AS path: ?
>                 Communities: target:65500:5000 Layer2-info: encaps:
> VPLS, control flags:[0x0] , mtu: 1500
>                 Accepted
>                 Label-base: 9117, range: 16, offset: 0
>                 Localpref: 100
>                 Router ID: 10.255.255.41
>
>  10.255.255.41:5000:41:16/96 (1 entry, 1 announced)
>         *BGP    Preference: 170/-101
>                 Route Distinguisher: 10.255.255.41:5000
>                 Next hop type: Indirect
>                 Address: 0x4561eea0
>                 Next-hop reference count: 4
>                 Source: 10.255.255.41
>                 Protocol next hop: 10.255.255.41
>                 Indirect next hop: 0x2 no-forward INH Session ID: 0x0
>                 State: <Active Int Ext>
>                 Local AS: 65500 Peer AS: 65500
>                 Age: 1:27:36    Metric2: 1
>                 Validation State: unverified
>                 Task: BGP_65500.10.255.255.41+179
>                 Announcement bits (1): 0-BGP_RT_Background
>                 AS path: ?
>                 Communities: target:65500:5000 Layer2-info: encaps:
> VPLS, control flags:[0x0] , mtu: 1500
>                 Accepted
>                 Label-base: 9133, range: 16, offset: 16
>                 Localpref: 100
>                 Router ID: 10.255.255.41
>
>  10.255.255.41:5000:41:32/96 (1 entry, 1 announced)
>         *BGP    Preference: 170/-101
>                 Route Distinguisher: 10.255.255.41:5000
>                 Next hop type: Indirect
>                 Address: 0x4561eea0
>                 Next-hop reference count: 4
>                 Source: 10.255.255.41
>                 Protocol next hop: 10.255.255.41
>                 Indirect next hop: 0x2 no-forward INH Session ID: 0x0
>                 State: <Active Int Ext>
>                 Local AS: 65500 Peer AS: 65500
>                 Age: 1:38:39    Metric2: 1
>                 Validation State: unverified
>                 Task: BGP_65500.10.255.255.41+179
>                 Announcement bits (1): 0-BGP_RT_Background
>                 AS path: ?
>                 Communities: target:65500:5000 Layer2-info: encaps:
> VPLS, control flags:[0x0] , mtu: 1500
>                 Accepted
>                 Label-base: 9101, range: 16, offset: 32
>                 Localpref: 100
>                 Router ID: 10.255.255.41
>
>  10.255.255.41:5000:41:112/96 (1 entry, 1 announced)
>         *BGP    Preference: 170/-101
>                 Route Distinguisher: 10.255.255.41:5000
>                 Next hop type: Indirect
>                 Address: 0x4561eea0
>                 Next-hop reference count: 4
>                 Source: 10.255.255.41
>                 Protocol next hop: 10.255.255.41
>                 Indirect next hop: 0x2 no-forward INH Session ID: 0x0
>                 State: <Active Int Ext>
>                 Local AS: 65500 Peer AS: 65500
>                 Age: 1:20:52    Metric2: 1
>                 Validation State: unverified
>                 Task: BGP_65500.10.255.255.41+179
>                 Announcement bits (1): 0-BGP_RT_Background
>                 AS path: ?
>                 Communities: target:65500:5000 Layer2-info: encaps:
> VPLS, control flags:[0x0] , mtu: 1500
>                 Accepted
>                 Label-base: 9149, range: 16, offset: 112
>                 Localpref: 100
>                 Router ID: 10.255.255.41
>
>
>
> Mikrotik uses base 16, while Juniper - 8. But changing
> label-block-size on Juniper config doesn't help.
>
> So, is there something I'm missing? Any help appreciated.
>
>
> Best regards,
> Misak Khachatryan,
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list