[j-nsp] migration from cisco VRF+Vrrp to the juniper ACX

A. Camci avciguzeli at gmail.com
Mon Apr 23 12:21:29 EDT 2018 

Hi Guys,

we are migration the Cisco CISCO7606-S to the  acx5096.
But we have 1 customer with VRF and VRRP on the same port.

after migration to the ACX has customer no connection from the VRF.
if we switch back to cisco, everything works fine.

this is a full redundant vrf.
other side is still cisco and all locations are now running on the backup
vrf.

if we lower the priotry of the vrrp on the backup vrf we see that the
primary location becomes master. so the vrrp does work.  after switching
the vrrp has customer still one way traffic from the acx.  maybe vrf+vrrp
doesnt work on a ACX.

see below for the config.

CISCO config

vlan 3021
mtu 1600
!
interface Vlan3021
 mtu 1600
 ip vrf forwarding CUST_APPIE
 ip address 172.21.1.251 255.255.255.0
 vrrp 1 description CUST_APPIE-DC-centraal-pri
 vrrp 1 ip 172.21.1.250
 vrrp 1 preempt delay minimum 10
 vrrp 1 priority 110
!

interface Te3/4
switchport trunk allowed vlan add 3021

ip vrf CUST_APPIE
 rd 10.31.0.61:10006
 route-target export 65001:10006
 route-target import 65001:10006


 router bgp 65001
 address-family ipv4 vrf CUST_APPIE
 no synchronization
 redistribute static
 redistribute connected
 default-information originate
 exit-address-family

ip route vrf CUST_APPIE 0.0.0.0 0.0.0.0 172.21.1.1


JUNIPER CONFIG
ACX Model: acx5096_ Junos: 15.1X54-D61.6

set interfaces xe-0/0/88 description "*** CUST_APPIE***"
set interfaces xe-0/0/88 flexible-vlan-tagging
set interfaces xe-0/0/88 speed 10g
set interfaces xe-0/0/88 mtu 1622
set interfaces xe-0/0/88 encapsulation flexible-ethernet-services
set interfaces xe-0/0/88 ether-options no-auto-negotiation

set interfaces xe-0/0/88 unit 3021 vlan-id 3021
set interfaces xe-0/0/88 unit 3021 family inet address 172.21.1.251/24
vrrp-group 1 virtual-address 172.21.1.250
set interfaces xe-0/0/88 unit 3021 family inet address 172.21.1.251/24
vrrp-group 1 priority 110
set interfaces xe-0/0/88 unit 3021 family inet address 172.21.1.251/24
vrrp-group 1 preempt hold-time 10
set interfaces xe-0/0/88 unit 3021 family inet address 172.21.1.251/24
vrrp-group 1 accept-data

set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-export term 1
from protocol direct
set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-export term 1
from protocol static
set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-export term 1
then accept
set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-import term 1
from protocol bgp
set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-import term 1
from route-filter 0.0.0.0/0 exact
set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-import term 1
then local-preference 150
set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-import term 1
then accept
set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-import term 2
from protocol direct
set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-import term 2
then accept

set routing-instances CUST_APPIE instance-type vrf
set routing-instances CUST_APPIE interface xe-0/0/88.3021
set routing-instances CUST_APPIE route-distinguisher 10.32.0.43:10006
set routing-instances CUST_APPIE vrf-target import target:65001:10006
set routing-instances CUST_APPIE vrf-target export target:65001:10006
set routing-instances CUST_APPIE vrf-table-label

set routing-instances CUST_APPIE routing-options static route 0.0.0.0/0
next-hop 172.21.1.1

set routing-instances CUST_APPIE forwarding-options dhcp-relay server-group
CUST_APPIE 172.21.1.1
set routing-instances CUST_APPIE forwarding-options dhcp-relay
active-server-group CUST_APPIE
set routing-instances CUST_APPIE forwarding-options dhcp-relay group
CUST_APPIE interface xe-0/0/88.3021
set routing-instances CUST_APPIE protocols bgp group ebgp-CUST_APPIE import
ipvpn-CUST_APPIE-ebgp-import
set routing-instances CUST_APPIE protocols bgp group ebgp-CUST_APPIE export
ipvpn-CUST_APPIE-ebgp-export

set firewall family inet filter re-protect-v4 term accept-customer-vrrp
from protocol vrrp
set firewall family inet filter re-protect-v4 term accept-customer-vrrp
then count accept-vrrp-customer
set firewall family inet filter re-protect-v4 term accept-customer-vrrp
then accept
set firewall family inet filter routing-engine-traffic term mark-vrrp from
protocol vrrp
set firewall family inet filter routing-engine-traffic term mark-vrrp then
count mark-vrrp
set firewall family inet filter routing-engine-traffic term mark-vrrp then
forwarding-class NC1
set firewall family inet filter routing-engine-traffic term mark-vrrp then
accept

i would really appreciate any help

regards

abdullah

More information about the juniper-nsp mailing list