[j-nsp] migration from cisco VRF+Vrrp to the juniper ACX

A. Camci avciguzeli at gmail.com
Tue Apr 24 04:20:27 EDT 2018 

> Hi Guys,
>
> we are migration the Cisco CISCO7606-S to the  acx5096.
> But we have 1 customer with VRF and VRRP on the same port.
>
> after migration to the ACX has customer no connection from the VRF.
> if we switch back to cisco, everything works fine.
>
> this is a full redundant vrf.
> other side is still cisco and all locations are now running on the backup
> vrf.
>
> if we lower the priotry of the vrrp on the backup vrf we see that the
> primary location becomes master. so the vrrp does work.  after switching
> the vrrp has customer still one way traffic from the acx.  maybe vrf+vrrp
> doesnt work on a ACX.
>
> see below for the config.
>
> CISCO config
>
> vlan 3021
> mtu 1600
> !
> interface Vlan3021
>  mtu 1600
>  ip vrf forwarding CUST_APPIE
>  ip address 172.21.1.251 255.255.255.0
>  vrrp 1 description CUST_APPIE-DC-centraal-pri
>  vrrp 1 ip 172.21.1.250
>  vrrp 1 preempt delay minimum 10
>  vrrp 1 priority 110
> !
>
> interface Te3/4
> switchport trunk allowed vlan add 3021
>
> ip vrf CUST_APPIE
>  rd 10.31.0.61:10006
>  route-target export 65001:10006
>  route-target import 65001:10006
>
>
>  router bgp 65001
>  address-family ipv4 vrf CUST_APPIE
>  no synchronization
>  redistribute static
>  redistribute connected
>  default-information originate
>  exit-address-family
>
> ip route vrf CUST_APPIE 0.0.0.0 0.0.0.0 172.21.1.1
>
>
> JUNIPER CONFIG
> ACX Model: acx5096_ Junos: 15.1X54-D61.6
>
> set interfaces xe-0/0/88 description "*** CUST_APPIE***"
> set interfaces xe-0/0/88 flexible-vlan-tagging
> set interfaces xe-0/0/88 speed 10g
> set interfaces xe-0/0/88 mtu 1622
> set interfaces xe-0/0/88 encapsulation flexible-ethernet-services
> set interfaces xe-0/0/88 ether-options no-auto-negotiation
>
> set interfaces xe-0/0/88 unit 3021 vlan-id 3021
> set interfaces xe-0/0/88 unit 3021 family inet address 172.21.1.251/24
> vrrp-group 1 virtual-address 172.21.1.250
> set interfaces xe-0/0/88 unit 3021 family inet address 172.21.1.251/24
> vrrp-group 1 priority 110
> set interfaces xe-0/0/88 unit 3021 family inet address 172.21.1.251/24
> vrrp-group 1 preempt hold-time 10
> set interfaces xe-0/0/88 unit 3021 family inet address 172.21.1.251/24
> vrrp-group 1 accept-data
>
> set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-export term 1
> from protocol direct
> set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-export term 1
> from protocol static
> set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-export term 1
> then accept
> set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-import term 1
> from protocol bgp
> set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-import term 1
> from route-filter 0.0.0.0/0 exact
> set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-import term 1
> then local-preference 150
> set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-import term 1
> then accept
> set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-import term 2
> from protocol direct
> set policy-options policy-statement ipvpn-CUST_APPIE-ebgp-import term 2
> then accept
>
> set routing-instances CUST_APPIE instance-type vrf
> set routing-instances CUST_APPIE interface xe-0/0/88.3021
> set routing-instances CUST_APPIE route-distinguisher 10.32.0.43:10006
> set routing-instances CUST_APPIE vrf-target import target:65001:10006
> set routing-instances CUST_APPIE vrf-target export target:65001:10006
> set routing-instances CUST_APPIE vrf-table-label
>
> set routing-instances CUST_APPIE routing-options static route 0.0.0.0/0
> next-hop 172.21.1.1
>
> set routing-instances CUST_APPIE forwarding-options dhcp-relay
> server-group CUST_APPIE 172.21.1.1
> set routing-instances CUST_APPIE forwarding-options dhcp-relay
> active-server-group CUST_APPIE
> set routing-instances CUST_APPIE forwarding-options dhcp-relay group
> CUST_APPIE interface xe-0/0/88.3021
> set routing-instances CUST_APPIE protocols bgp group ebgp-CUST_APPIE
> import ipvpn-CUST_APPIE-ebgp-import
> set routing-instances CUST_APPIE protocols bgp group ebgp-CUST_APPIE
> export ipvpn-CUST_APPIE-ebgp-export
>
> set firewall family inet filter re-protect-v4 term accept-customer-vrrp
> from protocol vrrp
> set firewall family inet filter re-protect-v4 term accept-customer-vrrp
> then count accept-vrrp-customer
> set firewall family inet filter re-protect-v4 term accept-customer-vrrp
> then accept
> set firewall family inet filter routing-engine-traffic term mark-vrrp from
> protocol vrrp
> set firewall family inet filter routing-engine-traffic term mark-vrrp then
> count mark-vrrp
> set firewall family inet filter routing-engine-traffic term mark-vrrp then
> forwarding-class NC1
> set firewall family inet filter routing-engine-traffic term mark-vrrp then
> accept
>
> i would really appreciate any help
>
> regards
>
> abdullah
>
>

More information about the juniper-nsp mailing list