Juniper MX - Routed pseudowire using LDP - VPWS or VPLS
When we had Cisco ASR 920/903 and ASR9k, I could attach a layer 2 pseudowire endpoint on that device to a layer 3 BDI/BVI. I'm trying to do the same thing on a Juniper MX 480/960 and it does not appear to be supported (for LDP at least - MP-BGP might be supported). We could do either VPWS or VPLS on the PE device handoff to the CE (layer 2 only). JTAC has somewhat confirmed this is not supported for LDP, but they only do break/fix, not new config. We do not have professional services (we are broke). Any Juniper routerheads out there that have seen this done using LDP without having to hairpin on the MX? Thanks, y'all. -ben
You can either attach the end of the l2circuit to an LT interface, or a PS interface. https://www.google.com/amp/s/tgregory.org/2016/07/10/pseudowire-headend-term... https://www.juniper.net/documentation/en_US/junos/topics/concept/pseudowire-... https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/se... On Sat, Mar 17, 2018, 9:27 AM Ben Bartsch <uwcableguy@gmail.com> wrote:
When we had Cisco ASR 920/903 and ASR9k, I could attach a layer 2 pseudowire endpoint on that device to a layer 3 BDI/BVI. I'm trying to do the same thing on a Juniper MX 480/960 and it does not appear to be supported (for LDP at least - MP-BGP might be supported). We could do either VPWS or VPLS on the PE device handoff to the CE (layer 2 only). JTAC has somewhat confirmed this is not supported for LDP, but they only do break/fix, not new config. We do not have professional services (we are broke).
Any Juniper routerheads out there that have seen this done using LDP without having to hairpin on the MX?
Thanks, y'all.
-ben
I want to thank everyone who contacted me on and off list on this request. I now have two methods to land a layer 3 endpoint on a layer 2 circuit to a remote PE. I very much appreciate the input, feedback, and assistance. I hope I personally get to meet all of you that reached out to me at a future NANOG meeting. Thanks again! -ben On Sat, Mar 17, 2018 at 9:25 AM, Ben Bartsch <uwcableguy@gmail.com> wrote:
When we had Cisco ASR 920/903 and ASR9k, I could attach a layer 2 pseudowire endpoint on that device to a layer 3 BDI/BVI. I'm trying to do the same thing on a Juniper MX 480/960 and it does not appear to be supported (for LDP at least - MP-BGP might be supported). We could do either VPWS or VPLS on the PE device handoff to the CE (layer 2 only). JTAC has somewhat confirmed this is not supported for LDP, but they only do break/fix, not new config. We do not have professional services (we are broke).
Any Juniper routerheads out there that have seen this done using LDP without having to hairpin on the MX?
Thanks, y'all.
-ben
Would you mind sharing the solution(s)? I've stiched a L2 PW using lt-interfaces. Thanks. On Mon, Mar 19, 2018 at 11:51:36AM -0500, Ben Bartsch wrote:
I want to thank everyone who contacted me on and off list on this request. I now have two methods to land a layer 3 endpoint on a layer 2 circuit to a remote PE. I very much appreciate the input, feedback, and assistance. I hope I personally get to meet all of you that reached out to me at a future NANOG meeting. Thanks again!
-ben
On Sat, Mar 17, 2018 at 9:25 AM, Ben Bartsch <uwcableguy@gmail.com> wrote:
When we had Cisco ASR 920/903 and ASR9k, I could attach a layer 2 pseudowire endpoint on that device to a layer 3 BDI/BVI. I'm trying to do the same thing on a Juniper MX 480/960 and it does not appear to be supported (for LDP at least - MP-BGP might be supported). We could do either VPWS or VPLS on the PE device handoff to the CE (layer 2 only). JTAC has somewhat confirmed this is not supported for LDP, but they only do break/fix, not new config. We do not have professional services (we are broke).
Any Juniper routerheads out there that have seen this done using LDP without having to hairpin on the MX?
Thanks, y'all.
-ben
Absolutely! I'm running a eBGP session over this ATM. We are going to try to backhaul our customers through a Dell whitebox running IPI OcNOS configured with an 'LDP fabric' to a core MX. To use an IRB as a L3 endpoint you have to use VPLS on the MX (Junos version 15.1R6.7). I was missing a couple of key commands highlighted in red: show configuration interfaces irb.997 | display set set interfaces irb unit 997 description VLAN-997->PWHE->POD1-3550-S1_VLAN_997 set interfaces irb unit 997 bandwidth 10g set interfaces irb unit 997 family inet mtu 9178 set interfaces irb unit 997 family inet address 10.240.16.101/30 show configuration routing-instances VPLS-LAB-0997 | display set set routing-instances VPLS-LAB-0997 instance-type vpls set routing-instances VPLS-LAB-0997 vlan-id 997 set routing-instances VPLS-LAB-0997 routing-interface irb.997 set routing-instances VPLS-LAB-0997 protocols vpls encapsulation-type ethernet-vlan set routing-instances VPLS-LAB-0997 protocols vpls no-tunnel-services set routing-instances VPLS-LAB-0997 protocols vpls vpls-id 997 set routing-instances VPLS-LAB-0997 protocols vpls mtu 9100 set routing-instances VPLS-LAB-0997 protocols vpls neighbor 10.240.0.73 set routing-instances VPLS-LAB-0997 protocols vpls connectivity-type irb show vpls connections extensive Layer-2 VPN connections: Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS EM -- encapsulation mismatch WE -- interface and instance encaps not same VC-Dn -- Virtual circuit down NP -- interface hardware not present CM -- control-word mismatch -> -- only outbound connection is up CN -- circuit not provisioned <- -- only inbound connection is up OR -- out of range Up -- operational OL -- no outgoing label Dn -- down LD -- local site signaled down CF -- call admission control failure RD -- remote site signaled down SC -- local and remote site ID collision LN -- local site not designated LM -- local site ID not minimum designated RN -- remote site not designated RM -- remote site ID not minimum designated XX -- unknown connection status IL -- no incoming label MM -- MTU mismatch MI -- Mesh-Group ID not available BK -- Backup connection ST -- Standby connection PF -- Profile parse failure PB -- Profile busy RS -- remote site standby SN -- Static Neighbor LB -- Local site not best-site RB -- Remote site not best-site VM -- VLAN ID mismatch HS -- Hot-standby Connection Legend for interface status Up -- operational Dn -- down Instance: VPLS-LAB-0997 VPLS-id: 997 Number of local interfaces: 0 Number of local interfaces up: 0 lsi.1048592 Intf - vpls VPLS-LAB-0997 neighbor 10.240.0.73 vpls-id 997 Neighbor Type St Time last up # Up trans 10.240.0.73(vpls-id 997) rmt Up Mar 19 10:25:38 2018 1 Remote PE: 10.240.0.73, Negotiated control-word: No Incoming label: 262148, Outgoing label: 52786 Negotiated PW status TLV: No Local interface: lsi.1048592, Status: Up, Encapsulation: VLAN Description: Intf - vpls VPLS-LAB-0997 neighbor 10.240.0.73 vpls-id 997 Flow Label Transmit: No, Flow Label Receive: No Connection History: Mar 19 10:25:38 2018 status update timer Mar 19 10:25:38 2018 PE route changed Mar 19 10:25:38 2018 Out lbl Update 52786 Mar 19 10:25:38 2018 In lbl Update 262148 Mar 19 10:25:38 2018 loc intf up lsi.1048592 The other end of my VPLS circuit is a Dell S4048-ON running IP Infusion OcNOS (it is very Cisco IOS-ish) v1.3.3: sh run mpls mpls vpls VPLS-LAB-0997 997 redundancy-role primary signaling ldp vpls-type vlan vpls-peer 10.240.0.11 exit-signaling ! router ldp router-id 10.240.0.73 targeted-peer ipv4 10.240.0.11 exit-targeted-peer-mode transport-address ipv4 10.240.0.73 sh run int xe4 ! interface xe4 description XE4->POD1-3550-S1_GI0/2 speed 1g switchport load-interval 30 mtu 9100 mpls-vpls VPLS-LAB-0997 vlan 997 ac-admin-status up exit-if-vpls And the CE is just a simple L3 VLAN. We are using an old Cisco 3550 running 12.2(46)SE IPSERVICESK9 that we found laying around: POD1-3550-S1#sh run int gi0/2 Building configuration... Current configuration : 219 bytes ! interface GigabitEthernet0/2 description GI0/2->POD3-4048-S1_XE4 switchport trunk encapsulation dot1q switchport trunk allowed vlan 997 switchport mode trunk load-interval 30 speed nonegotiate end POD1-3550-S1#sh run int vlan 997 Building configuration... Current configuration : 115 bytes ! interface Vlan997 description VLAN_997_VLAN-BASED-VPWS-ROUTED-PW ip address 10.240.16.102 255.255.255.252 end Hope this helps. My head hurts from banging it my desk for the last couple of weeks. :) -ben On Mon, Mar 19, 2018 at 3:25 PM, Chuck Anderson <cra@wpi.edu> wrote:
Would you mind sharing the solution(s)? I've stiched a L2 PW using lt-interfaces.
Thanks.
On Mon, Mar 19, 2018 at 11:51:36AM -0500, Ben Bartsch wrote:
I want to thank everyone who contacted me on and off list on this request. I now have two methods to land a layer 3 endpoint on a layer 2 circuit to a remote PE. I very much appreciate the input, feedback, and assistance. I hope I personally get to meet all of you that reached out to me at a future NANOG meeting. Thanks again!
-ben
On Sat, Mar 17, 2018 at 9:25 AM, Ben Bartsch <uwcableguy@gmail.com> wrote:
When we had Cisco ASR 920/903 and ASR9k, I could attach a layer 2 pseudowire endpoint on that device to a layer 3 BDI/BVI. I'm trying to do the same thing on a Juniper MX 480/960 and it does not appear to be supported (for LDP at least - MP-BGP might be supported). We could do either VPWS or VPLS on the PE device handoff to the CE (layer 2 only). JTAC has somewhat confirmed this is not supported for LDP, but they only do break/fix, not new config. We do not have professional services (we are broke).
Any Juniper routerheads out there that have seen this done using LDP without having to hairpin on the MX?
Thanks, y'all.
-ben
The other solution is a stitched LT configuration. One LT is the L3 endpoint, the other is the PW endpoint. You use VPWS with this one. I suppose you might be able to do VPLS instead if you wanted to. I am running eBGP on this circuit too. It's a bit more complicated for troubleshooting. I'm not sure what benefit this has over the IRB method. Again, Junos 15.1R6.7: show configuration interfaces lt-0/0/10 | display set set interfaces lt-0/0/10 mtu 9192 set interfaces lt-0/0/10 unit 998 description LT-0/0/0.998->VLAN_998->PW set interfaces lt-0/0/10 unit 998 encapsulation vlan-ccc set interfaces lt-0/0/10 unit 998 vlan-id 998 set interfaces lt-0/0/10 unit 998 peer-unit 10998 set interfaces lt-0/0/10 unit 998 family ccc set interfaces lt-0/0/10 unit 10998 description LT-0/0/0.10998->VLAN_998->L3 set interfaces lt-0/0/10 unit 10998 encapsulation vlan set interfaces lt-0/0/10 unit 10998 vlan-id 998 set interfaces lt-0/0/10 unit 10998 peer-unit 998 set interfaces lt-0/0/10 unit 10998 family inet address 10.240.16.97/30 show configuration protocols l2circuit | display set set protocols l2circuit neighbor 10.240.0.73 interface lt-0/0/10.998 virtual-circuit-id 998 set protocols l2circuit neighbor 10.240.0.73 interface lt-0/0/10.998 mtu 9100 show l2circuit connections Layer-2 Circuit Connections: Legend for connection status (St) EI -- encapsulation invalid NP -- interface h/w not present MM -- mtu mismatch Dn -- down EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down CM -- control-word mismatch Up -- operational VM -- vlan id mismatch CF -- Call admission control failure OL -- no outgoing label IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration BK -- Backup Connection ST -- Standby Connection CB -- rcvd cell-bundle size bad SP -- Static Pseudowire LD -- local site signaled down RS -- remote site standby RD -- remote site signaled down HS -- Hot-standby Connection XX -- unknown Legend for interface status Up -- operational Dn -- down Neighbor: 10.240.0.73 Interface Type St Time last up # Up trans lt-0/0/10.998(vc 998) rmt Up Mar 18 19:14:28 2018 1 Remote PE: 10.240.0.73, Negotiated control-word: No Incoming label: 347440, Outgoing label: 52785 Negotiated PW status TLV: No Local interface: lt-0/0/10.998, Status: Up, Encapsulation: VLAN Flow Label Transmit: No, Flow Label Receive: No The PE is again a Dell S4048-ON running IPI OcNOS v1.3.3 sh run mpls ! mpls l2-circuit VLAN_BASED_PW_0998 998 10.240.0.11 ! router ldp router-id 10.240.0.73 targeted-peer ipv4 10.240.0.11 exit-targeted-peer-mode transport-address ipv4 10.240.0.73 sh run int xe4 ! interface xe4 description XE4->POD1-3550-S1_GI0/2 speed 1g switchport load-interval 30 mtu 9100 mpls-l2-circuit VLAN_BASED_PW_0998 vlan 998 tpid 8100 sh ldp mpls-l2-circuit detail vcid: 998 type: vlan, local groupid: 0, remote groupid: 0 (vc is up) destination: 10.240.0.11, Peer LDP Ident: 10.240.0.11 Local label: 52785, remote label: 347440 Access IF: xe4, Network IF: xe2 Local MTU: 9100, Remote MTU: 9100 <--THIS IS SUPER HANDY - IT WILL SHOW YOUR REMOTE MTU EVEN IF THE CIRCUIT IS DOWN Local Control Word: disabled, Remote Control Word: disabled, Current use: disabled Local PW Status Capability : disabled Remote PW Status Capability : disabled Current PW Status TLV : disabled Local VCCV Capability: CC-Types: None CV-Types: None Remote VCCV Capability: CC-Types: Type 1 Type 2 Type 3 CV-Types: LSP ping BFD IP/UDP-encapsulated, for PW Fault Detection only BFD PW-ACH-encapsulated, for PW Fault Detection only sh ldp mpls-l2-circuit Transport Client VC VC Local Remote Destination VC ID Binding State Type VC Label VC Label Address 998 xe4 UP Ethernet VLAN 52785 347440 10.240.0.11 Finally the CE is the same old Cisco 3550 with a VLAN: POD1-FREY113-3550-S1#sh run int vlan 998 Building configuration... Current configuration : 114 bytes ! interface Vlan998 description VLAN_998_VLAN-BASED-VPWS-ROUTED-PW ip address 10.240.16.98 255.255.255.252 end POD1-FREY113-3550-S1#sh run int gi0/2 Building configuration... Current configuration : 219 bytes ! interface GigabitEthernet0/2 description GI0/2->POD3-4048-S1_XE4 switchport trunk encapsulation dot1q switchport trunk allowed vlan 998 switchport mode trunk load-interval 30 speed nonegotiate end I also forgot to show y'all what the VPLS circuit show commands look like on the OcNOS node for the VPLS solution: sh mpls vpls detail Virtual Private LAN Service Instance: VPLS-LAB-0997, ID: 997 SIG-Protocol: LDP Attachment-Circuit :UP Learning: Enabled Group ID: 0, VPLS Type: Ethernet VLAN, Configured MTU: 9100 Description: none service-tpid: dot1.q Operating mode: Tagged Svlan Id: 0 Svlan Tpid: 8100 Redundancy admin role: Primary Redundancy oper role: Primary Configured interfaces: Interface: xe4 Vlan Id: 997 oper-state UP Mesh Peers: 10.240.0.11 (Up), PW Status Local:0 Remote:0 sh mpls vpls mesh VPLS-ID Peer Addr Tunnel-Label In-Label Network-Intf Out-Label Lkps/St PW-INDEX SIG-Protocol Status 997 10.240.0.11 52496 52786 xe2 262148 2/Up 7 LDP Active On Mon, Mar 19, 2018 at 4:15 PM, Ben Bartsch <uwcableguy@gmail.com> wrote:
Absolutely! I'm running a eBGP session over this ATM. We are going to try to backhaul our customers through a Dell whitebox running IPI OcNOS configured with an 'LDP fabric' to a core MX.
To use an IRB as a L3 endpoint you have to use VPLS on the MX (Junos version 15.1R6.7). I was missing a couple of key commands highlighted in red:
show configuration interfaces irb.997 | display set set interfaces irb unit 997 description VLAN-997->PWHE->POD1-3550-S1_ VLAN_997 set interfaces irb unit 997 bandwidth 10g set interfaces irb unit 997 family inet mtu 9178 set interfaces irb unit 997 family inet address 10.240.16.101/30
show configuration routing-instances VPLS-LAB-0997 | display set set routing-instances VPLS-LAB-0997 instance-type vpls set routing-instances VPLS-LAB-0997 vlan-id 997 set routing-instances VPLS-LAB-0997 routing-interface irb.997 set routing-instances VPLS-LAB-0997 protocols vpls encapsulation-type ethernet-vlan set routing-instances VPLS-LAB-0997 protocols vpls no-tunnel-services set routing-instances VPLS-LAB-0997 protocols vpls vpls-id 997 set routing-instances VPLS-LAB-0997 protocols vpls mtu 9100 set routing-instances VPLS-LAB-0997 protocols vpls neighbor 10.240.0.73 set routing-instances VPLS-LAB-0997 protocols vpls connectivity-type irb
show vpls connections extensive Layer-2 VPN connections:
Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS EM -- encapsulation mismatch WE -- interface and instance encaps not same VC-Dn -- Virtual circuit down NP -- interface hardware not present CM -- control-word mismatch -> -- only outbound connection is up CN -- circuit not provisioned <- -- only inbound connection is up OR -- out of range Up -- operational OL -- no outgoing label Dn -- down LD -- local site signaled down CF -- call admission control failure RD -- remote site signaled down SC -- local and remote site ID collision LN -- local site not designated LM -- local site ID not minimum designated RN -- remote site not designated RM -- remote site ID not minimum designated XX -- unknown connection status IL -- no incoming label MM -- MTU mismatch MI -- Mesh-Group ID not available BK -- Backup connection ST -- Standby connection PF -- Profile parse failure PB -- Profile busy RS -- remote site standby SN -- Static Neighbor LB -- Local site not best-site RB -- Remote site not best-site VM -- VLAN ID mismatch HS -- Hot-standby Connection
Legend for interface status Up -- operational Dn -- down
Instance: VPLS-LAB-0997 VPLS-id: 997 Number of local interfaces: 0 Number of local interfaces up: 0 lsi.1048592 Intf - vpls VPLS-LAB-0997 neighbor 10.240.0.73 vpls-id 997 Neighbor Type St Time last up # Up trans 10.240.0.73(vpls-id 997) rmt Up Mar 19 10:25:38 2018 1 Remote PE: 10.240.0.73, Negotiated control-word: No Incoming label: 262148, Outgoing label: 52786 Negotiated PW status TLV: No Local interface: lsi.1048592, Status: Up, Encapsulation: VLAN Description: Intf - vpls VPLS-LAB-0997 neighbor 10.240.0.73 vpls-id 997 Flow Label Transmit: No, Flow Label Receive: No Connection History: Mar 19 10:25:38 2018 status update timer Mar 19 10:25:38 2018 PE route changed Mar 19 10:25:38 2018 Out lbl Update 52786 Mar 19 10:25:38 2018 In lbl Update 262148 Mar 19 10:25:38 2018 loc intf up lsi.1048592
The other end of my VPLS circuit is a Dell S4048-ON running IP Infusion OcNOS (it is very Cisco IOS-ish) v1.3.3:
sh run mpls mpls vpls VPLS-LAB-0997 997 redundancy-role primary signaling ldp vpls-type vlan vpls-peer 10.240.0.11 exit-signaling ! router ldp router-id 10.240.0.73 targeted-peer ipv4 10.240.0.11 exit-targeted-peer-mode transport-address ipv4 10.240.0.73
sh run int xe4 ! interface xe4 description XE4->POD1-3550-S1_GI0/2 speed 1g switchport load-interval 30 mtu 9100 mpls-vpls VPLS-LAB-0997 vlan 997 ac-admin-status up exit-if-vpls
And the CE is just a simple L3 VLAN. We are using an old Cisco 3550 running 12.2(46)SE IPSERVICESK9 that we found laying around:
POD1-3550-S1#sh run int gi0/2 Building configuration...
Current configuration : 219 bytes ! interface GigabitEthernet0/2 description GI0/2->POD3-4048-S1_XE4 switchport trunk encapsulation dot1q switchport trunk allowed vlan 997 switchport mode trunk load-interval 30 speed nonegotiate end
POD1-3550-S1#sh run int vlan 997 Building configuration...
Current configuration : 115 bytes ! interface Vlan997 description VLAN_997_VLAN-BASED-VPWS-ROUTED-PW ip address 10.240.16.102 255.255.255.252 end
Hope this helps. My head hurts from banging it my desk for the last couple of weeks. :)
-ben
On Mon, Mar 19, 2018 at 3:25 PM, Chuck Anderson <cra@wpi.edu> wrote:
Would you mind sharing the solution(s)? I've stiched a L2 PW using lt-interfaces.
Thanks.
On Mon, Mar 19, 2018 at 11:51:36AM -0500, Ben Bartsch wrote:
I want to thank everyone who contacted me on and off list on this request. I now have two methods to land a layer 3 endpoint on a layer 2 circuit to a remote PE. I very much appreciate the input, feedback, and assistance. I hope I personally get to meet all of you that reached out to me at a future NANOG meeting. Thanks again!
-ben
On Sat, Mar 17, 2018 at 9:25 AM, Ben Bartsch <uwcableguy@gmail.com> wrote:
When we had Cisco ASR 920/903 and ASR9k, I could attach a layer 2 pseudowire endpoint on that device to a layer 3 BDI/BVI. I'm trying to do the same thing on a Juniper MX 480/960 and it does not appear to be supported (for LDP at least - MP-BGP might be supported). We could do either VPWS or VPLS on the PE device handoff to the CE (layer 2 only). JTAC has somewhat confirmed this is not supported for LDP, but they only do break/fix, not new config. We do not have professional services (we are broke).
Any Juniper routerheads out there that have seen this done using LDP without having to hairpin on the MX?
Thanks, y'all.
-ben
I do see one benefit to using the stitched LT VPWS solution - MAC learning. On the VPWS solution, your PE devices are not learning the MAC addresses. I also noticed that Juniper is a bit strange with VPLS attached to the IRB in that you never see the IRB MAC in the VPLS instance. But I think this has more to do with the behavior of IRB in general on Juniper as I don't see any of the IRB MAC addresses present in the table, even for IRBs not used on the VPLS circuit. It's entirely possible I'm using the wrong commands. :) -ben On Mon, Mar 19, 2018 at 4:27 PM, Ben Bartsch <uwcableguy@gmail.com> wrote:
The other solution is a stitched LT configuration. One LT is the L3 endpoint, the other is the PW endpoint. You use VPWS with this one. I suppose you might be able to do VPLS instead if you wanted to. I am running eBGP on this circuit too. It's a bit more complicated for troubleshooting. I'm not sure what benefit this has over the IRB method.
Again, Junos 15.1R6.7:
show configuration interfaces lt-0/0/10 | display set set interfaces lt-0/0/10 mtu 9192 set interfaces lt-0/0/10 unit 998 description LT-0/0/0.998->VLAN_998->PW set interfaces lt-0/0/10 unit 998 encapsulation vlan-ccc set interfaces lt-0/0/10 unit 998 vlan-id 998 set interfaces lt-0/0/10 unit 998 peer-unit 10998 set interfaces lt-0/0/10 unit 998 family ccc set interfaces lt-0/0/10 unit 10998 description LT-0/0/0.10998->VLAN_998->L3 set interfaces lt-0/0/10 unit 10998 encapsulation vlan set interfaces lt-0/0/10 unit 10998 vlan-id 998 set interfaces lt-0/0/10 unit 10998 peer-unit 998 set interfaces lt-0/0/10 unit 10998 family inet address 10.240.16.97/30
show configuration protocols l2circuit | display set set protocols l2circuit neighbor 10.240.0.73 interface lt-0/0/10.998 virtual-circuit-id 998 set protocols l2circuit neighbor 10.240.0.73 interface lt-0/0/10.998 mtu 9100
show l2circuit connections Layer-2 Circuit Connections:
Legend for connection status (St) EI -- encapsulation invalid NP -- interface h/w not present MM -- mtu mismatch Dn -- down EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down CM -- control-word mismatch Up -- operational VM -- vlan id mismatch CF -- Call admission control failure OL -- no outgoing label IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration BK -- Backup Connection ST -- Standby Connection CB -- rcvd cell-bundle size bad SP -- Static Pseudowire LD -- local site signaled down RS -- remote site standby RD -- remote site signaled down HS -- Hot-standby Connection XX -- unknown
Legend for interface status Up -- operational Dn -- down Neighbor: 10.240.0.73 Interface Type St Time last up # Up trans lt-0/0/10.998(vc 998) rmt Up Mar 18 19:14:28 2018 1 Remote PE: 10.240.0.73, Negotiated control-word: No Incoming label: 347440, Outgoing label: 52785 Negotiated PW status TLV: No Local interface: lt-0/0/10.998, Status: Up, Encapsulation: VLAN Flow Label Transmit: No, Flow Label Receive: No
The PE is again a Dell S4048-ON running IPI OcNOS v1.3.3
sh run mpls ! mpls l2-circuit VLAN_BASED_PW_0998 998 10.240.0.11 ! router ldp router-id 10.240.0.73 targeted-peer ipv4 10.240.0.11 exit-targeted-peer-mode transport-address ipv4 10.240.0.73
sh run int xe4 ! interface xe4 description XE4->POD1-3550-S1_GI0/2 speed 1g switchport load-interval 30 mtu 9100 mpls-l2-circuit VLAN_BASED_PW_0998 vlan 998 tpid 8100
sh ldp mpls-l2-circuit detail vcid: 998 type: vlan, local groupid: 0, remote groupid: 0 (vc is up) destination: 10.240.0.11, Peer LDP Ident: 10.240.0.11 Local label: 52785, remote label: 347440 Access IF: xe4, Network IF: xe2 Local MTU: 9100, Remote MTU: 9100 <--THIS IS SUPER HANDY - IT WILL SHOW YOUR REMOTE MTU EVEN IF THE CIRCUIT IS DOWN Local Control Word: disabled, Remote Control Word: disabled, Current use: disabled Local PW Status Capability : disabled Remote PW Status Capability : disabled Current PW Status TLV : disabled Local VCCV Capability: CC-Types: None CV-Types: None Remote VCCV Capability: CC-Types: Type 1 Type 2 Type 3 CV-Types: LSP ping BFD IP/UDP-encapsulated, for PW Fault Detection only BFD PW-ACH-encapsulated, for PW Fault Detection only
sh ldp mpls-l2-circuit Transport Client VC VC Local Remote Destination VC ID Binding State Type VC Label VC Label Address 998 xe4 UP Ethernet VLAN 52785 347440 10.240.0.11
Finally the CE is the same old Cisco 3550 with a VLAN:
POD1-FREY113-3550-S1#sh run int vlan 998 Building configuration...
Current configuration : 114 bytes ! interface Vlan998 description VLAN_998_VLAN-BASED-VPWS-ROUTED-PW ip address 10.240.16.98 255.255.255.252 end
POD1-FREY113-3550-S1#sh run int gi0/2 Building configuration...
Current configuration : 219 bytes ! interface GigabitEthernet0/2 description GI0/2->POD3-4048-S1_XE4 switchport trunk encapsulation dot1q switchport trunk allowed vlan 998 switchport mode trunk load-interval 30 speed nonegotiate end
I also forgot to show y'all what the VPLS circuit show commands look like on the OcNOS node for the VPLS solution:
sh mpls vpls detail Virtual Private LAN Service Instance: VPLS-LAB-0997, ID: 997 SIG-Protocol: LDP Attachment-Circuit :UP Learning: Enabled Group ID: 0, VPLS Type: Ethernet VLAN, Configured MTU: 9100 Description: none service-tpid: dot1.q Operating mode: Tagged Svlan Id: 0 Svlan Tpid: 8100 Redundancy admin role: Primary Redundancy oper role: Primary Configured interfaces: Interface: xe4 Vlan Id: 997 oper-state UP Mesh Peers: 10.240.0.11 (Up), PW Status Local:0 Remote:0
sh mpls vpls mesh VPLS-ID Peer Addr Tunnel-Label In-Label Network-Intf Out-Label Lkps/St PW-INDEX SIG-Protocol Status 997 10.240.0.11 52496 52786 xe2 262148 2/Up 7 LDP Active
On Mon, Mar 19, 2018 at 4:15 PM, Ben Bartsch <uwcableguy@gmail.com> wrote:
Absolutely! I'm running a eBGP session over this ATM. We are going to try to backhaul our customers through a Dell whitebox running IPI OcNOS configured with an 'LDP fabric' to a core MX.
To use an IRB as a L3 endpoint you have to use VPLS on the MX (Junos version 15.1R6.7). I was missing a couple of key commands highlighted in red:
show configuration interfaces irb.997 | display set set interfaces irb unit 997 description VLAN-997->PWHE->POD1-3550-S1_V LAN_997 set interfaces irb unit 997 bandwidth 10g set interfaces irb unit 997 family inet mtu 9178 set interfaces irb unit 997 family inet address 10.240.16.101/30
show configuration routing-instances VPLS-LAB-0997 | display set set routing-instances VPLS-LAB-0997 instance-type vpls set routing-instances VPLS-LAB-0997 vlan-id 997 set routing-instances VPLS-LAB-0997 routing-interface irb.997 set routing-instances VPLS-LAB-0997 protocols vpls encapsulation-type ethernet-vlan set routing-instances VPLS-LAB-0997 protocols vpls no-tunnel-services set routing-instances VPLS-LAB-0997 protocols vpls vpls-id 997 set routing-instances VPLS-LAB-0997 protocols vpls mtu 9100 set routing-instances VPLS-LAB-0997 protocols vpls neighbor 10.240.0.73 set routing-instances VPLS-LAB-0997 protocols vpls connectivity-type irb
show vpls connections extensive Layer-2 VPN connections:
Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS EM -- encapsulation mismatch WE -- interface and instance encaps not same VC-Dn -- Virtual circuit down NP -- interface hardware not present CM -- control-word mismatch -> -- only outbound connection is up CN -- circuit not provisioned <- -- only inbound connection is up OR -- out of range Up -- operational OL -- no outgoing label Dn -- down LD -- local site signaled down CF -- call admission control failure RD -- remote site signaled down SC -- local and remote site ID collision LN -- local site not designated LM -- local site ID not minimum designated RN -- remote site not designated RM -- remote site ID not minimum designated XX -- unknown connection status IL -- no incoming label MM -- MTU mismatch MI -- Mesh-Group ID not available BK -- Backup connection ST -- Standby connection PF -- Profile parse failure PB -- Profile busy RS -- remote site standby SN -- Static Neighbor LB -- Local site not best-site RB -- Remote site not best-site VM -- VLAN ID mismatch HS -- Hot-standby Connection
Legend for interface status Up -- operational Dn -- down
Instance: VPLS-LAB-0997 VPLS-id: 997 Number of local interfaces: 0 Number of local interfaces up: 0 lsi.1048592 Intf - vpls VPLS-LAB-0997 neighbor 10.240.0.73 vpls-id 997 Neighbor Type St Time last up # Up trans 10.240.0.73(vpls-id 997) rmt Up Mar 19 10:25:38 2018 1 Remote PE: 10.240.0.73, Negotiated control-word: No Incoming label: 262148, Outgoing label: 52786 Negotiated PW status TLV: No Local interface: lsi.1048592, Status: Up, Encapsulation: VLAN Description: Intf - vpls VPLS-LAB-0997 neighbor 10.240.0.73 vpls-id 997 Flow Label Transmit: No, Flow Label Receive: No Connection History: Mar 19 10:25:38 2018 status update timer Mar 19 10:25:38 2018 PE route changed Mar 19 10:25:38 2018 Out lbl Update 52786 Mar 19 10:25:38 2018 In lbl Update 262148 Mar 19 10:25:38 2018 loc intf up lsi.1048592
The other end of my VPLS circuit is a Dell S4048-ON running IP Infusion OcNOS (it is very Cisco IOS-ish) v1.3.3:
sh run mpls mpls vpls VPLS-LAB-0997 997 redundancy-role primary signaling ldp vpls-type vlan vpls-peer 10.240.0.11 exit-signaling ! router ldp router-id 10.240.0.73 targeted-peer ipv4 10.240.0.11 exit-targeted-peer-mode transport-address ipv4 10.240.0.73
sh run int xe4 ! interface xe4 description XE4->POD1-3550-S1_GI0/2 speed 1g switchport load-interval 30 mtu 9100 mpls-vpls VPLS-LAB-0997 vlan 997 ac-admin-status up exit-if-vpls
And the CE is just a simple L3 VLAN. We are using an old Cisco 3550 running 12.2(46)SE IPSERVICESK9 that we found laying around:
POD1-3550-S1#sh run int gi0/2 Building configuration...
Current configuration : 219 bytes ! interface GigabitEthernet0/2 description GI0/2->POD3-4048-S1_XE4 switchport trunk encapsulation dot1q switchport trunk allowed vlan 997 switchport mode trunk load-interval 30 speed nonegotiate end
POD1-3550-S1#sh run int vlan 997 Building configuration...
Current configuration : 115 bytes ! interface Vlan997 description VLAN_997_VLAN-BASED-VPWS-ROUTED-PW ip address 10.240.16.102 255.255.255.252 end
Hope this helps. My head hurts from banging it my desk for the last couple of weeks. :)
-ben
On Mon, Mar 19, 2018 at 3:25 PM, Chuck Anderson <cra@wpi.edu> wrote:
Would you mind sharing the solution(s)? I've stiched a L2 PW using lt-interfaces.
Thanks.
On Mon, Mar 19, 2018 at 11:51:36AM -0500, Ben Bartsch wrote:
I want to thank everyone who contacted me on and off list on this request. I now have two methods to land a layer 3 endpoint on a layer 2 circuit to a remote PE. I very much appreciate the input, feedback, and assistance. I hope I personally get to meet all of you that reached out to me at a future NANOG meeting. Thanks again!
-ben
On Sat, Mar 17, 2018 at 9:25 AM, Ben Bartsch <uwcableguy@gmail.com> wrote:
When we had Cisco ASR 920/903 and ASR9k, I could attach a layer 2 pseudowire endpoint on that device to a layer 3 BDI/BVI. I'm trying to do the same thing on a Juniper MX 480/960 and it does not appear to be supported (for LDP at least - MP-BGP might be supported). We could do either VPWS or VPLS on the PE device handoff to the CE (layer 2 only). JTAC has somewhat confirmed this is not supported for LDP, but they only do break/fix, not new config. We do not have professional services (we are broke).
Any Juniper routerheads out there that have seen this done using LDP without having to hairpin on the MX?
Thanks, y'all.
-ben
participants (3)
-
Ben Bartsch
-
Chuck Anderson
-
Tim Jackson