[j-nsp] Juniper BGP signaled VPLS interoperability, site-id issue
Misak Khachatryan
m.khachatryan at gnc.am
Wed Nov 23 04:32:35 EST 2016
The problem was that Mikrotiks announce label offsets 0, where
Junipers 1 for first BGP VPLS label block. Juniper treat that as
error, also site ID can't be 0 in RFC 4761 implementation by Juniper.
I din't found anything in RFC4761 about that. Does anybody have more
knowledge on this topic?
Best regards,
Misak Khachatryan,
Network Administration and
Monitoring Department Manager,
GNC- ALFA CJSC
1 Khaghaghutyan str., Abovyan, 2201 Armenia
Tel: +374 60 46 99 70 (9670),
Mob.: +374 55 19 98 40
URL: www.rtarmenia.am
On Thu, Nov 10, 2016 at 6:03 PM, Misak Khachatryan <m.khachatryan at gnc.am> wrote:
> Hello,
>
> Yes, site range set to 100, but I'm planning to remove it, as default is 64K.
>
>
> Best regards,
> Misak Khachatryan,
> Network Administration and
> Monitoring Department Manager,
>
> GNC- ALFA CJSC
> 1 Khaghaghutyan str., Abovyan, 2201 Armenia
> Tel: +374 60 46 99 70 (9670),
> Mob.: +374 55 19 98 40
> URL: www.rtarmenia.am
>
>
> On Thu, Nov 10, 2016 at 5:50 PM, Eduardo Barrios
> <Eduardo.Barrios at lcra.org> wrote:
>> On your Junipers have you set the site-range? I believe it defaults to 8.
>>
>>
>> On Nov 10, 2016 4:50 AM, Misak Khachatryan <m.khachatryan at gnc.am> wrote:
>>
>> **Message received from an external source**
>>
>>
>> Hello,
>>
>> we have MPLS network solely built on Juniper MX routers. We have 2
>> route reflectors, 16 PE routers, and of course lot of VPLS configured.
>> Recently we decided to try Mikrotik for some non critical and low
>> bandwidth sites. Statically configured VPLS connected to Juniper VPLS
>> via mesh groups works OK, but we hit some limitations, especially that
>> there can be only 14 mesh-group per vpls.
>>
>> Then we decided to try BGP signaled VPLS and hit this strange problem.
>> 8 of our Juniper PEs recognizing the Mikrotik site and establishing
>> pseudowires with no problem, other 8 see site but not establishing any
>> connection, having site status of OL, which means no outgoing label.
>>
>> Tried RouterOS 6.36.4, 6.37.1, and latest 6.38rc25, same result.
>>
>> Mikrotik site ID is 41
>>
>> Working site IDs are - 5,20,22,24,25,28,33,35
>>
>> These site IDs not working 1,3,6,8,10,12,14,15
>>
>> LDP seems OK.
>>
>>
>> Mikrotik config:
>> # nov/10/2016 13:28:11 by RouterOS 6.36.4
>> # software id = 7LGJ-TXAC
>> #
>> /interface bridge
>> add name=Loopback0 protocol-mode=none
>> add name=Test_VPLS protocol-mode=none
>> /interface ethernet
>> set [ find default-name=ether1 ] l2mtu=2000
>> mac-address=6C:3B:6B:09:60:D2 mtu=1972 name=Up_Link
>> set [ find default-name=ether3 ] arp=disabled l2mtu=1500
>> mac-address=6C:3B:6B:09:60:D4
>> /routing bgp instance
>> set default as=65500 client-to-client-reflection=no router-id=10.255.255.41
>> /routing ospf instance
>> set [ find default=yes ] router-id=10.255.255.41
>> /interface bridge port
>> add bridge=Test_VPLS interface=ether3
>> /interface vpls bgp-vpls
>> add bridge=Test_VPLS bridge-cost=0 bridge-horizon=1
>> export-route-targets=65500:5000 import-route-targets=65500:5000
>> name=Test \
>> route-distinguisher=10.255.255.41:5000 site-id=41 use-control-word=no
>> /ip address
>> add address=10.255.255.41 interface=Loopback0 network=10.255.255.41
>> add address=10.255.25.10/30 interface=Up_Link network=10.255.25.8
>> /mpls
>> set propagate-ttl=no
>> /mpls interface
>> set [ find default=yes ] mpls-mtu=2000
>> /mpls ldp
>> set enabled=yes lsr-id=10.255.255.41 transport-address=10.255.255.41
>> /mpls ldp interface
>> add interface=Up_Link
>> add interface=Loopback0
>> /routing bgp peer
>> add address-families=l2vpn name=Abovyan remote-address=10.255.255.6
>> remote-as=65500 ttl=default update-source=Loopback0
>> add address-families=l2vpn name=Vanadzor remote-address=10.255.255.3
>> remote-as=65500 ttl=default update-source=Loopback0
>> /routing ospf interface
>> add interface=Loopback0 network-type=point-to-point
>> add disabled=yes interface=Management-Bridge network-type=broadcast
>> add cost=100 interface=Up_Link network-type=broadcast
>> /routing ospf network
>> add area=backbone network=10.255.255.41/32
>> add area=backbone network=10.255.25.8/30
>>
>>
>> Juniper PE VPLS config:
>>
>> show routing-instances Mikrotik_VPLS
>> instance-type vpls;
>> interface ae2.3;
>> route-distinguisher 10.255.255.1:5000;
>> vrf-target target:65500:5000;
>> protocols {
>> vpls {
>> no-tunnel-services;
>> site yerevan {
>> site-identifier 1;
>> interface ae2.3;
>> }
>> connectivity-type permanent;
>> }
>> }
>>
>>
>> Juniper output on connection status:
>>
>> [code]show vpls connections instance Mikrotik_VPLS extensive
>> Layer-2 VPN connections:
>>
>> Legend for connection status (St)
>> EI -- encapsulation invalid NC -- interface encapsulation not
>> CCC/TCC/VPLS
>> EM -- encapsulation mismatch WE -- interface and instance encaps not
>> same
>> VC-Dn -- Virtual circuit down NP -- interface hardware not present
>> CM -- control-word mismatch -> -- only outbound connection is up
>> CN -- circuit not provisioned <- -- only inbound connection is up
>> OR -- out of range Up -- operational
>> OL -- no outgoing label Dn -- down
>> LD -- local site signaled down CF -- call admission control failure
>> RD -- remote site signaled down SC -- local and remote site ID collision
>> LN -- local site not designated LM -- local site ID not minimum designated
>> RN -- remote site not designated RM -- remote site ID not minimum designated
>> XX -- unknown connection status IL -- no incoming label
>> MM -- MTU mismatch MI -- Mesh-Group ID not available
>> BK -- Backup connection ST -- Standby connection
>> PF -- Profile parse failure PB -- Profile busy
>> RS -- remote site standby SN -- Static Neighbor
>> LB -- Local site not best-site RB -- Remote site not best-site
>> VM -- VLAN ID mismatch
>>
>> Legend for interface status
>> Up -- operational
>> Dn -- down
>>
>> Instance: Mikrotik_VPLS
>> Edge protection: Not-Primary
>> Local site: yerevan (1)
>> Number of local interfaces: 1
>> Number of local interfaces up: 1
>> IRB interface present: no
>> ae2.3
>> Label-base Offset Size Range Preference
>> 329680 1 8 8 100
>> Label-base Offset Size Range Preference
>> 328928 41 8 1 100
>> connection-site Type St Time last up # Up trans
>> 41 rmt OL
>>
>> But when i change site-id on Juniper lets say to 25 from working list
>> or 125 in this example, everything seems to work.
>>
>> show vpls connections instance Mikrotik_VPLS
>> Layer-2 VPN connections:
>>
>> Legend for connection status (St)
>> EI -- encapsulation invalid NC -- interface encapsulation not
>> CCC/TCC/VPLS
>> EM -- encapsulation mismatch WE -- interface and instance encaps not
>> same
>> VC-Dn -- Virtual circuit down NP -- interface hardware not present
>> CM -- control-word mismatch -> -- only outbound connection is up
>> CN -- circuit not provisioned <- -- only inbound connection is up
>> OR -- out of range Up -- operational
>> OL -- no outgoing label Dn -- down
>> LD -- local site signaled down CF -- call admission control failure
>> RD -- remote site signaled down SC -- local and remote site ID collision
>> LN -- local site not designated LM -- local site ID not minimum designated
>> RN -- remote site not designated RM -- remote site ID not minimum designated
>> XX -- unknown connection status IL -- no incoming label
>> MM -- MTU mismatch MI -- Mesh-Group ID not available
>> BK -- Backup connection ST -- Standby connection
>> PF -- Profile parse failure PB -- Profile busy
>> RS -- remote site standby SN -- Static Neighbor
>> LB -- Local site not best-site RB -- Remote site not best-site
>> VM -- VLAN ID mismatch
>>
>> Legend for interface status
>> Up -- operational
>> Dn -- down
>>
>> Instance: Mikrotik_VPLS
>> Edge protection: Not-Primary
>> Local site: yerevan (125)
>> connection-site Type St Time last up # Up trans
>> 41 rmt Up Nov 10 12:24:34 2016 1
>> Remote PE: 10.255.255.41, Negotiated control-word: No
>> Incoming label: 329680, Outgoing label: 9162
>> Local interface: lsi.1638426, Status: Up, Encapsulation: VPLS
>> Description: Intf - vpls Mikrotik_VPLS local site 125 remote site 41
>>
>>
>>
>> I've noticed that label block sizes are different for Juniper and
>> Mikrotik, here is the BGP table from Route Reflector:
>>
>> show route table bgp.l2vpn.0 community target:*:5000 detail
>>
>> bgp.l2vpn.0: 9870 destinations, 9870 routes (9870 active, 0 holddown, 0
>> hidden)
>> 10.255.255.1:5000:125:41/96 (1 entry, 1 announced)
>> *BGP Preference: 170/-101
>> Route Distinguisher: 10.255.255.1:5000
>> Next hop type: Indirect
>> Address: 0x418e29f0
>> Next-hop reference count: 3621
>> Source: 10.255.255.1
>> Protocol next hop: 10.255.255.1
>> Indirect next hop: 0x2 no-forward INH Session ID: 0x0
>> State: <Active Int Ext>
>> Local AS: 65500 Peer AS: 65500
>> Age: 1:20:53 Metric2: 1
>> Validation State: unverified
>> Task: BGP_65500.10.255.255.1+179
>> Announcement bits (1): 0-BGP_RT_Background
>> AS path: I
>> Communities: target:65500:5000 Layer2-info: encaps:
>> VPLS, control flags:[0x0] , mtu: 0, site preference: 100
>> Accepted
>> Label-base: 329680, range: 8, offset: 41
>> Localpref: 100
>> Router ID: 10.255.255.1
>>
>> 10.255.255.1:5000:125:121/96 (1 entry, 1 announced)
>> *BGP Preference: 170/-101
>> Route Distinguisher: 10.255.255.1:5000
>> Next hop type: Indirect
>> Address: 0x418e29f0
>> Next-hop reference count: 3621
>> Source: 10.255.255.1
>> Protocol next hop: 10.255.255.1
>> Indirect next hop: 0x2 no-forward INH Session ID: 0x0
>> State: <Active Int Ext>
>> Local AS: 65500 Peer AS: 65500
>> Age: 1:20:54 Metric2: 1
>> Validation State: unverified
>> Task: BGP_65500.10.255.255.1+179
>> Announcement bits (1): 0-BGP_RT_Background
>> AS path: I
>> Communities: target:65500:5000 Layer2-info: encaps:
>> VPLS, control flags:[0x0] , mtu: 0, site preference: 100
>> Accepted
>> Label-base: 328928, range: 8, offset: 121
>> Localpref: 100
>> Router ID: 10.255.255.1
>>
>> 10.255.255.41:5000:41:0/96 (1 entry, 1 announced)
>> *BGP Preference: 170/-101
>> Route Distinguisher: 10.255.255.41:5000
>> Next hop type: Indirect
>> Address: 0x4561eea0
>> Next-hop reference count: 4
>> Source: 10.255.255.41
>> Protocol next hop: 10.255.255.41
>> Indirect next hop: 0x2 no-forward INH Session ID: 0x0
>> State: <Active Int Ext>
>> Local AS: 65500 Peer AS: 65500
>> Age: 1:37:02 Metric2: 1
>> Validation State: unverified
>> Task: BGP_65500.10.255.255.41+179
>> Announcement bits (1): 0-BGP_RT_Background
>> AS path: ?
>> Communities: target:65500:5000 Layer2-info: encaps:
>> VPLS, control flags:[0x0] , mtu: 1500
>> Accepted
>> Label-base: 9117, range: 16, offset: 0
>> Localpref: 100
>> Router ID: 10.255.255.41
>>
>> 10.255.255.41:5000:41:16/96 (1 entry, 1 announced)
>> *BGP Preference: 170/-101
>> Route Distinguisher: 10.255.255.41:5000
>> Next hop type: Indirect
>> Address: 0x4561eea0
>> Next-hop reference count: 4
>> Source: 10.255.255.41
>> Protocol next hop: 10.255.255.41
>> Indirect next hop: 0x2 no-forward INH Session ID: 0x0
>> State: <Active Int Ext>
>> Local AS: 65500 Peer AS: 65500
>> Age: 1:27:36 Metric2: 1
>> Validation State: unverified
>> Task: BGP_65500.10.255.255.41+179
>> Announcement bits (1): 0-BGP_RT_Background
>> AS path: ?
>> Communities: target:65500:5000 Layer2-info: encaps:
>> VPLS, control flags:[0x0] , mtu: 1500
>> Accepted
>> Label-base: 9133, range: 16, offset: 16
>> Localpref: 100
>> Router ID: 10.255.255.41
>>
>> 10.255.255.41:5000:41:32/96 (1 entry, 1 announced)
>> *BGP Preference: 170/-101
>> Route Distinguisher: 10.255.255.41:5000
>> Next hop type: Indirect
>> Address: 0x4561eea0
>> Next-hop reference count: 4
>> Source: 10.255.255.41
>> Protocol next hop: 10.255.255.41
>> Indirect next hop: 0x2 no-forward INH Session ID: 0x0
>> State: <Active Int Ext>
>> Local AS: 65500 Peer AS: 65500
>> Age: 1:38:39 Metric2: 1
>> Validation State: unverified
>> Task: BGP_65500.10.255.255.41+179
>> Announcement bits (1): 0-BGP_RT_Background
>> AS path: ?
>> Communities: target:65500:5000 Layer2-info: encaps:
>> VPLS, control flags:[0x0] , mtu: 1500
>> Accepted
>> Label-base: 9101, range: 16, offset: 32
>> Localpref: 100
>> Router ID: 10.255.255.41
>>
>> 10.255.255.41:5000:41:112/96 (1 entry, 1 announced)
>> *BGP Preference: 170/-101
>> Route Distinguisher: 10.255.255.41:5000
>> Next hop type: Indirect
>> Address: 0x4561eea0
>> Next-hop reference count: 4
>> Source: 10.255.255.41
>> Protocol next hop: 10.255.255.41
>> Indirect next hop: 0x2 no-forward INH Session ID: 0x0
>> State: <Active Int Ext>
>> Local AS: 65500 Peer AS: 65500
>> Age: 1:20:52 Metric2: 1
>> Validation State: unverified
>> Task: BGP_65500.10.255.255.41+179
>> Announcement bits (1): 0-BGP_RT_Background
>> AS path: ?
>> Communities: target:65500:5000 Layer2-info: encaps:
>> VPLS, control flags:[0x0] , mtu: 1500
>> Accepted
>> Label-base: 9149, range: 16, offset: 112
>> Localpref: 100
>> Router ID: 10.255.255.41
>>
>>
>>
>> Mikrotik uses base 16, while Juniper - 8. But changing
>> label-block-size on Juniper config doesn't help.
>>
>> So, is there something I'm missing? Any help appreciated.
>>
>>
>> Best regards,
>> Misak Khachatryan,
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list