nanog mailing list archives

Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS

From: Ben Bartsch <uwcableguy () gmail com>
Date: Mon, 19 Mar 2018 16:15:48 -0500

Absolutely!  I'm running a eBGP session over this ATM.  We are going to try
to backhaul our customers through a Dell whitebox running IPI OcNOS
configured with an  'LDP fabric' to a core MX.


To use an IRB as a L3 endpoint you have to use VPLS on the MX (Junos
version 15.1R6.7).  I was missing a couple of key commands highlighted in
red:

show configuration interfaces irb.997 | display set
set interfaces irb unit 997 description
VLAN-997->PWHE->POD1-3550-S1_VLAN_997
set interfaces irb unit 997 bandwidth 10g
set interfaces irb unit 997 family inet mtu 9178
set interfaces irb unit 997 family inet address 10.240.16.101/30

show configuration routing-instances VPLS-LAB-0997 | display set
set routing-instances VPLS-LAB-0997 instance-type vpls
set routing-instances VPLS-LAB-0997 vlan-id 997
set routing-instances VPLS-LAB-0997 routing-interface irb.997
set routing-instances VPLS-LAB-0997 protocols vpls encapsulation-type
ethernet-vlan
set routing-instances VPLS-LAB-0997 protocols vpls no-tunnel-services
set routing-instances VPLS-LAB-0997 protocols vpls vpls-id 997
set routing-instances VPLS-LAB-0997 protocols vpls mtu 9100
set routing-instances VPLS-LAB-0997 protocols vpls neighbor 10.240.0.73
set routing-instances VPLS-LAB-0997 protocols vpls connectivity-type irb

show vpls connections extensive
Layer-2 VPN connections:

Legend for connection status (St)
EI -- encapsulation invalid      NC -- interface encapsulation not
CCC/TCC/VPLS
EM -- encapsulation mismatch     WE -- interface and instance encaps not
same
VC-Dn -- Virtual circuit down    NP -- interface hardware not present
CM -- control-word mismatch      -> -- only outbound connection is up
CN -- circuit not provisioned    <- -- only inbound connection is up
OR -- out of range               Up -- operational
OL -- no outgoing label          Dn -- down
LD -- local site signaled down   CF -- call admission control failure
RD -- remote site signaled down  SC -- local and remote site ID collision
LN -- local site not designated  LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status  IL -- no incoming label
MM -- MTU mismatch               MI -- Mesh-Group ID not available
BK -- Backup connection          ST -- Standby connection
PF -- Profile parse failure      PB -- Profile busy
RS -- remote site standby        SN -- Static Neighbor
LB -- Local site not best-site   RB -- Remote site not best-site
VM -- VLAN ID mismatch           HS -- Hot-standby Connection

Legend for interface status
Up -- operational
Dn -- down

Instance: VPLS-LAB-0997
  VPLS-id: 997
    Number of local interfaces: 0
    Number of local interfaces up: 0
    lsi.1048592                   Intf - vpls VPLS-LAB-0997 neighbor
10.240.0.73 vpls-id 997
    Neighbor                  Type  St     Time last up          # Up trans
    10.240.0.73(vpls-id 997)  rmt   Up     Mar 19 10:25:38 2018           1
      Remote PE: 10.240.0.73, Negotiated control-word: No
      Incoming label: 262148, Outgoing label: 52786
      Negotiated PW status TLV: No
      Local interface: lsi.1048592, Status: Up, Encapsulation: VLAN
        Description: Intf - vpls VPLS-LAB-0997 neighbor 10.240.0.73 vpls-id
997
      Flow Label Transmit: No, Flow Label Receive: No
    Connection History:
        Mar 19 10:25:38 2018  status update timer
        Mar 19 10:25:38 2018  PE route changed
        Mar 19 10:25:38 2018  Out lbl Update                     52786
        Mar 19 10:25:38 2018  In lbl Update                     262148
        Mar 19 10:25:38 2018  loc intf up                  lsi.1048592




The other end of my VPLS circuit is a Dell S4048-ON running IP Infusion
OcNOS (it is very Cisco IOS-ish) v1.3.3:

sh run mpls
mpls vpls VPLS-LAB-0997 997
 redundancy-role primary
 signaling ldp
  vpls-type vlan
  vpls-peer 10.240.0.11
  exit-signaling
!
router ldp
 router-id 10.240.0.73
 targeted-peer ipv4 10.240.0.11
  exit-targeted-peer-mode
 transport-address ipv4 10.240.0.73

sh run int xe4
!
interface xe4
 description XE4->POD1-3550-S1_GI0/2
 speed 1g
 switchport
 load-interval 30
 mtu 9100
 mpls-vpls VPLS-LAB-0997 vlan 997
    ac-admin-status up
  exit-if-vpls




And the CE is just a simple L3 VLAN.  We are using an old Cisco 3550
running 12.2(46)SE IPSERVICESK9 that we found laying around:

POD1-3550-S1#sh run int gi0/2
Building configuration...

Current configuration : 219 bytes
!
interface GigabitEthernet0/2
 description GI0/2->POD3-4048-S1_XE4
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 997
 switchport mode trunk
 load-interval 30
 speed nonegotiate
end

POD1-3550-S1#sh run int vlan 997
Building configuration...

Current configuration : 115 bytes
!
interface Vlan997
 description VLAN_997_VLAN-BASED-VPWS-ROUTED-PW
 ip address 10.240.16.102 255.255.255.252
end



Hope this helps.  My head hurts from banging it my desk for the last couple
of weeks.  :)

-ben

On Mon, Mar 19, 2018 at 3:25 PM, Chuck Anderson <cra () wpi edu> wrote:

Would you mind sharing the solution(s)?  I've stiched a L2 PW using
lt-interfaces.

Thanks.

On Mon, Mar 19, 2018 at 11:51:36AM -0500, Ben Bartsch wrote:

I want to thank everyone who contacted me on and off list on this

request.

I now have two methods to land a layer 3 endpoint on a layer 2 circuit

to a

remote PE.  I very much appreciate the input, feedback, and assistance.

hope I personally get to meet all of you that reached out to me at a

future

NANOG meeting.  Thanks again!

-ben

On Sat, Mar 17, 2018 at 9:25 AM, Ben Bartsch <uwcableguy () gmail com>

wrote:

When we had Cisco ASR 920/903 and  ASR9k, I could attach a layer 2
pseudowire endpoint on that device to a layer 3 BDI/BVI.  I'm trying

to do

the same thing on a Juniper MX 480/960 and it does not appear to be
supported (for LDP at least - MP-BGP might be supported).  We could do
either VPWS or VPLS on the PE device handoff to the CE (layer 2 only).
JTAC has somewhat confirmed this is not supported for LDP, but they

only do

break/fix, not new config.  We do not have professional services (we

are

broke).

Any Juniper routerheads out there that have seen this done using LDP
without having to hairpin on the MX?

Thanks, y'all.

-ben

Current thread:

Juniper MX - Routed pseudowire using LDP - VPWS or VPLS Ben Bartsch (Mar 17)
- Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS Tim Jackson (Mar 17)
- Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS Ben Bartsch (Mar 19)
  - Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS Chuck Anderson (Mar 19)
    - Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS Ben Bartsch (Mar 19)
    - Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS Ben Bartsch (Mar 19)
    - Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS Ben Bartsch (Mar 22)