[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Juniper MX - Routed pseudowire using LDP - VPWS or VPLS

Absolutely!  I'm running a eBGP session over this ATM.  We are going to try
to backhaul our customers through a Dell whitebox running IPI OcNOS
configured with an  'LDP fabric' to a core MX.

To use an IRB as a L3 endpoint you have to use VPLS on the MX (Junos
version 15.1R6.7).  I was missing a couple of key commands highlighted in

show configuration interfaces irb.997 | display set
set interfaces irb unit 997 description
set interfaces irb unit 997 bandwidth 10g
set interfaces irb unit 997 family inet mtu 9178
set interfaces irb unit 997 family inet address

show configuration routing-instances VPLS-LAB-0997 | display set
set routing-instances VPLS-LAB-0997 instance-type vpls
set routing-instances VPLS-LAB-0997 vlan-id 997
set routing-instances VPLS-LAB-0997 routing-interface irb.997
set routing-instances VPLS-LAB-0997 protocols vpls encapsulation-type
set routing-instances VPLS-LAB-0997 protocols vpls no-tunnel-services
set routing-instances VPLS-LAB-0997 protocols vpls vpls-id 997
set routing-instances VPLS-LAB-0997 protocols vpls mtu 9100
set routing-instances VPLS-LAB-0997 protocols vpls neighbor
set routing-instances VPLS-LAB-0997 protocols vpls connectivity-type irb

show vpls connections extensive
Layer-2 VPN connections:

Legend for connection status (St)
EI -- encapsulation invalid      NC -- interface encapsulation not
EM -- encapsulation mismatch     WE -- interface and instance encaps not
VC-Dn -- Virtual circuit down    NP -- interface hardware not present
CM -- control-word mismatch      -> -- only outbound connection is up
CN -- circuit not provisioned    <- -- only inbound connection is up
OR -- out of range               Up -- operational
OL -- no outgoing label          Dn -- down
LD -- local site signaled down   CF -- call admission control failure
RD -- remote site signaled down  SC -- local and remote site ID collision
LN -- local site not designated  LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status  IL -- no incoming label
MM -- MTU mismatch               MI -- Mesh-Group ID not available
BK -- Backup connection          ST -- Standby connection
PF -- Profile parse failure      PB -- Profile busy
RS -- remote site standby        SN -- Static Neighbor
LB -- Local site not best-site   RB -- Remote site not best-site
VM -- VLAN ID mismatch           HS -- Hot-standby Connection

Legend for interface status
Up -- operational
Dn -- down

Instance: VPLS-LAB-0997
  VPLS-id: 997
    Number of local interfaces: 0
    Number of local interfaces up: 0
    lsi.1048592                   Intf - vpls VPLS-LAB-0997 neighbor vpls-id 997
    Neighbor                  Type  St     Time last up          # Up trans 997)  rmt   Up     Mar 19 10:25:38 2018           1
      Remote PE:, Negotiated control-word: No
      Incoming label: 262148, Outgoing label: 52786
      Negotiated PW status TLV: No
      Local interface: lsi.1048592, Status: Up, Encapsulation: VLAN
        Description: Intf - vpls VPLS-LAB-0997 neighbor vpls-id
      Flow Label Transmit: No, Flow Label Receive: No
    Connection History:
        Mar 19 10:25:38 2018  status update timer
        Mar 19 10:25:38 2018  PE route changed
        Mar 19 10:25:38 2018  Out lbl Update                     52786
        Mar 19 10:25:38 2018  In lbl Update                     262148
        Mar 19 10:25:38 2018  loc intf up                  lsi.1048592

The other end of my VPLS circuit is a Dell S4048-ON running IP Infusion
OcNOS (it is very Cisco IOS-ish) v1.3.3:

sh run mpls
mpls vpls VPLS-LAB-0997 997
 redundancy-role primary
 signaling ldp
  vpls-type vlan
router ldp
 targeted-peer ipv4
 transport-address ipv4

sh run int xe4
interface xe4
 description XE4->POD1-3550-S1_GI0/2
 speed 1g
 load-interval 30
 mtu 9100
 mpls-vpls VPLS-LAB-0997 vlan 997
    ac-admin-status up

And the CE is just a simple L3 VLAN.  We are using an old Cisco 3550
running 12.2(46)SE IPSERVICESK9 that we found laying around:

POD1-3550-S1#sh run int gi0/2
Building configuration...

Current configuration : 219 bytes
interface GigabitEthernet0/2
 description GI0/2->POD3-4048-S1_XE4
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 997
 switchport mode trunk
 load-interval 30
 speed nonegotiate

POD1-3550-S1#sh run int vlan 997
Building configuration...

Current configuration : 115 bytes
interface Vlan997
 ip address

Hope this helps.  My head hurts from banging it my desk for the last couple
of weeks.  :)


On Mon, Mar 19, 2018 at 3:25 PM, Chuck Anderson <cra at wpi.edu> wrote:

> Would you mind sharing the solution(s)?  I've stiched a L2 PW using
> lt-interfaces.
> Thanks.
> On Mon, Mar 19, 2018 at 11:51:36AM -0500, Ben Bartsch wrote:
> > I want to thank everyone who contacted me on and off list on this
> request.
> > I now have two methods to land a layer 3 endpoint on a layer 2 circuit
> to a
> > remote PE.  I very much appreciate the input, feedback, and assistance.
> I
> > hope I personally get to meet all of you that reached out to me at a
> future
> > NANOG meeting.  Thanks again!
> >
> > -ben
> >
> > On Sat, Mar 17, 2018 at 9:25 AM, Ben Bartsch <uwcableguy at gmail.com>
> wrote:
> >
> > > When we had Cisco ASR 920/903 and  ASR9k, I could attach a layer 2
> > > pseudowire endpoint on that device to a layer 3 BDI/BVI.  I'm trying
> to do
> > > the same thing on a Juniper MX 480/960 and it does not appear to be
> > > supported (for LDP at least - MP-BGP might be supported).  We could do
> > > either VPWS or VPLS on the PE device handoff to the CE (layer 2 only).
> > > JTAC has somewhat confirmed this is not supported for LDP, but they
> only do
> > > break/fix, not new config.  We do not have professional services (we
> are
> > > broke).
> > >
> > > Any Juniper routerheads out there that have seen this done using LDP
> > > without having to hairpin on the MX?
> > >
> > > Thanks, y'all.
> > >
> > > -ben