Tag Archives: layer2

Juniper EX Virtual Chassis Part 2

I’ve already written a post on how to create a Virtual Chassis by using the 1/10GB uplink modules. If you have a switch in production and want to add another switch for additional ports or redundancy, you can easily create a virtual chassis. This time I’ll be using the dedicated VC ports and cables and adding a new switch to a production switch.

I’ll be using the preprovisioned method, and before I do any virtual chassis configuration I’ll need to add some features to the master member to minimize failover times:

set system commit synchronize
set chassis redundancy graceful-switchover
set routing-options nonstop-routing
set ethernet-switching-options nonstop-bridging

Having added these features, we can now configure preprovisioned virtual chassis onto the master switch, which will become member 0. Because this is only a 2 member VC, I’ve added the no-split-detection command as recommended by Juniper, and to help with the failover times fast-failover on all ports ge/xe that have been enabled.

set virtual-chassis preprovisioned
set virtual-chassis no-split-detection
set virtual-chassis member 0 role routing-engine
set virtual-chassis member 0 serial-number BP0214340104
set virtual-chassis member 1 role routing-engine
set virtual-chassis member 1 serial-number BP0215090120
set virtual-chassis fast-failover ge
set virtual-chassis fast-failover xe

For now, that’s everything on the master member. On the new switch (member 1), you need to clear all config from the switch and set the root password to allow you to commit your changes:

root> edit 
Entering configuration mode
 
{master:0}[edit]
root# delete 
This will delete the entire configuration
Delete everything under this level? [yes,no] (no) yes 
{master:0}[edit]
root# set system root-authentication plain-text-password    
New password:
Retype new password:
root# commit 
configuration check succeeds
commit complete

You need to ensure there are no past virtual chassis configurations, and you can do this by entering the shell cli of the switch and removing anything in the vchassis folder:

root> start shell 
[email protected]:RE:0% rm -rf /config/vchassis/*
[email protected]:RE:0% cd /config/vchassis/
[email protected]:RE:0% ls -la
total 8
drwxr-xr-x  2 root  wheel  512 Sep 13 07:26 .
drwxr-xr-x  5 root  wheel  512 Sep 13 06:57 ..
[email protected]:RE:0% exit
exit

Now you will need to power off the backup member for at least a minute, to ensure that the other switch is elected as master.

After the minute, patch the VC-cable into the dedicated VCP-Ports at the back of the chassis and power on the backup switch. Once member 1 has booted you will be able to verify the new member by running: show virtual-chassis status

[email protected]> show virtual-chassis status     
 
Preprovisioned Virtual Chassis
Virtual Chassis ID: f1a1.ca8e.bbba
Virtual Chassis Mode: Enabled
                                           Mstr           Mixed Neighbor List
Member ID  Status   Serial No    Model     prio  Role      Mode ID  Interface
0 (FPC 0)  Prsnt    BP0214340104 ex4200-48t 129  Master*      N  1  vcp-0      
                                                                 1  vcp-1      
1 (FPC 1)  Prsnt    BP0215090120 ex4200-48t 129  Backup       N  0  vcp-0      
                                                                 0  vcp-1  

And you can verify the health of the VCP ports by running: show virtual-chassis vc-port

[email protected]> show virtual-chassis vc-port    
fpc0:
--------------------------------------------------------------------------
Interface   Type              Trunk  Status       Speed        Neighbor
or                             ID                 (mbps)       ID  Interface
PIC / Port
vcp-0       Dedicated           1    Up           32000        1   vcp-0  
vcp-1       Dedicated           2    Up           32000        1   vcp-1  
 
fpc1:
--------------------------------------------------------------------------
Interface   Type              Trunk  Status       Speed        Neighbor
or                             ID                 (mbps)       ID  Interface
PIC / Port
vcp-0       Dedicated           1    Up           32000        0   vcp-0  
vcp-1       Dedicated           2    Up           32000        0   vcp-1  
Share this:
Share

Configuring a 802.3ad Bonded Interface Ubuntu (NIC Teaming)

Messing about in the lab configuring 802.3ad LACP bundled interfaces between switches and I wanted to see how easy (or hard) it would be to create a bonded interface on a server. I’ve got an Ubuntu 14.04LTS VM and 3 NICs available, so eth1 and eth2 were told they will become one 😀

NOTE
Please make sure you are either doing this via ILO/KVM or have a management interface I like have, as you are making network changes and you could lock yourself out of your server, if it goes horribly wrong!

Let’s get cracking!

Firstly, I configured the switch as 802.3ad LACP aggregated interface and set the interfaces to apart of the aggregated interface:

{master:0}[edit interfaces]
[email protected]# show  
ge-0/0/2 {
    description "km-vm1 1GB";
    enable;
    ether-options {
        802.3ad ae1;
    }
}
ge-0/0/3 {
    description "km-vm1 eth2 1GB";
    enable;
    ether-options {
        802.3ad ae1;
    }
}
ae1 {
    aggregated-ether-options {
        lacp {
            active;                     
            periodic fast;
        }
    }
    unit 0 {
        family ethernet-switching {
            port-mode access;
            vlan {
                members v10;
            }
        }
    }
}

Server wise, check that the NICs can be configured as an 802.3ad bond, as when I’m using LACP method of bonding, you need to ensure that the NICs support ethtool.

By running ethtool {interface} , if a link is detected then you’re good to go:

[email protected]:~$ ethtool eth1
Settings for eth1:
	Supported ports: [ TP ]
	Supported link modes:   1000baseT/Full 
	                        10000baseT/Full 
	Supported pause frame use: No
	Supports auto-negotiation: No
	Advertised link modes:  Not reported
	Advertised pause frame use: No
	Advertised auto-negotiation: No
	Speed: 10000Mb/s
	Duplex: Full
	Port: Twisted Pair
	PHYAD: 0
	Transceiver: internal
	Auto-negotiation: off
	MDI-X: Unknown
Cannot get wake-on-lan settings: Operation not permitted
	Link detected: yes

[email protected]:~$ ethtool eth2
Settings for eth2:
	Supported ports: [ TP ]
	Supported link modes:   1000baseT/Full 
	                        10000baseT/Full 
	Supported pause frame use: No
	Supports auto-negotiation: No
	Advertised link modes:  Not reported
	Advertised pause frame use: No
	Advertised auto-negotiation: No
	Speed: 10000Mb/s
	Duplex: Full
	Port: Twisted Pair
	PHYAD: 0
	Transceiver: internal
	Auto-negotiation: off
	MDI-X: Unknown
Cannot get wake-on-lan settings: Operation not permitted
	Link detected: yes

I needed to install ifenslave package, as this package is used to attach and detach NICs to a bonding interface

sudo apt-get install ifenslave

Once that has been installed, the kernel module file needs to be edited to include bonding before creating a bonded interface:

sudo nano /etc/modules

# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
# Parameters can be specified after the module name.

lp
rtc
bonding

Once that is saved, manually load the module:

sudo modprobe bonding

Next edit the interfaces into a bond sudo nano /etc/network/interfaces

auto eth1
iface eth1 inet manual
    bond-master bond0

auto eth2
iface eth2 inet manual
    bond-master bond0

auto bond0
iface bond0 inet static
    # For jumbo frames, change mtu to 9000
    mtu 1500
    address 192.31.1.2
    netmask 255.255.255.0
    network 192.31.1.0
    broadcast 192.31.1.255
    gateway 192.31.1.1
    bond-miimon 100
    bond-downdelay 200 
    bond-updelay 200 
    bond-mode 4
    bond-slaves none
Bond Configuration Details
Bond-MiimonBond-DowndelayBond-UpdelayBond-ModeBond-Slaves
Specifies the MII link monitoring frequency in milliseconds. This determines how often the link state of each slave is inspected for link failures
Specifies the time, in milliseconds, to wait before disabling a slave after a link failure has been detected.
Specifies the time, in milliseconds, to wait before enabling a slave after a link recovery has been detected.
Specifies what mode of NIC bonding configured. There’s 7 mode:

  • Mode 0 – balance-rr
  • Mode 1 – active-backup
  • Mode 2 – balance-xor
  • Mode 3 – broadcast
  • Mode 4 – 802.3ad
  • Mode 5 – balance-tlb
  • Mode 6 – balance-alb

For more in-depth details on bonding modes and Linux Ethernet Bonding visit Kernel.org white paper documentation

Defines all the interfaces that will be in the bond. My example has none because I had defined them with bond-master

Save and Exit, then you need to do network restart or reboot the server for the change to take effect.

Once the reboot/restart has completed you should be sorted. You can check this by running the commands ifconfig

[email protected]:~$ ifconfig 
bond0     Link encap:Ethernet  HWaddr 00:0c:29:4f:26:c5  
          inet addr:192.31.1.2  Bcast:192.31.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe4f:26c5/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:150 errors:0 dropped:5 overruns:0 frame:0
          TX packets:446 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:14381 (14.3 KB)  TX bytes:53888 (53.8 KB)

eth0      Link encap:Ethernet  HWaddr 00:0c:29:4f:26:bb  
          inet addr:10.1.0.137  Bcast:10.1.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe4f:26bb/64 Scope:Link
          inet6 addr: 2001:41c1:4:8040:20c:29ff:fe4f:26bb/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:304 errors:0 dropped:0 overruns:0 frame:0
          TX packets:127 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:26921 (26.9 KB)  TX bytes:24900 (24.9 KB)

eth1      Link encap:Ethernet  HWaddr 00:0c:29:4f:26:c5  
          inet6 addr: fe80::20c:29ff:fe4f:26c5/64 Scope:Link
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:24 errors:0 dropped:1 overruns:0 frame:0
          TX packets:216 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4155 (4.1 KB)  TX bytes:26653 (26.6 KB)

eth2      Link encap:Ethernet  HWaddr 00:0c:29:4f:26:c5  
          inet6 addr: fe80::20c:29ff:fe4f:26c5/64 Scope:Link
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:126 errors:0 dropped:4 overruns:0 frame:0
          TX packets:230 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:10226 (10.2 KB)  TX bytes:27235 (27.2 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:64 errors:0 dropped:0 overruns:0 frame:0
          TX packets:64 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5696 (5.6 KB)  TX bytes:5696 (5.6 KB)

or cat /proc/net/bonding/bond0

[email protected]:~$ cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 0
Up Delay (ms): 0
Down Delay (ms): 0

802.3ad info
LACP rate: slow
Min links: 0
Aggregator selection policy (ad_select): stable
Active Aggregator Info:
	Aggregator ID: 1
	Number of ports: 2
	Actor Key: 33
	Partner Key: 2
	Partner Mac Address: cc:e1:7f:2b:82:80

Slave Interface: eth1
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:4f:26:c5
Aggregator ID: 1
Slave queue ID: 0

Slave Interface: eth2
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:4f:26:cf
Aggregator ID: 1
Slave queue ID: 0

By using cat /proc/net/bonding/bond0 you can also check if a link in the bond has failed as the Link Failure Count would increase.

And thats how you can configure 802.3ad Bonded Interface 🙂

Share this:
Share

Configuring Virtual Private LAN Service

As normal on a Friday, it’s a bit of slow day at work 😐 but it does give me the chance to mess about in the lab! We were talking about the VPLS instances that we have going at in the office and I had never configured it up for myself, so I thought this would be the perfect time to set something up and give it a punt!

This post is just about how to configure a VPLS instance. I will write another post going into the inner working of VPLS, however right now I know and understand how it VPLS works but couldn’t explain it!

So that is for future, but for the today…. Let’s begin 😀

I will be using 1x EX4200 with routing instances to separate the routing tables and 3x SRX220h2 as the Provider Edge (PE) routers. I will have 3 routing instances on the EX4200, each will represent a different Site location and will have a single VPLS instances across the 3x PE routers. As shown below, Logical Topology that will be used for this VPLS lab will be:

To have create a VPLS instance you will need to have the following configured:

IGP – On all PE and P routers, with traffic-engineering enabled
MPLS – You will need Label Switched Paths (LSPs) configured between the PE routers
BGP – You will need BGP configured between the PE routers (BGP enabling VPLS method)

This is my base configuration for my 3 PE routers

Base configuration
PE Router 1PE router 2PE router 3
[email protected]_SRX> show configuration 
## Last commit: 2015-05-15 15:47:03 UTC by root
version 12.1X44-D45.2;
system {
    host-name Top_SRX;
    root-authentication {
        encrypted-password "$1$n8lY2iyW$5gx34QuELucAjscTH.vTe1"; ## SECRET-DATA
    }
    services {
        ssh {
            protocol-version v2;
        }
    }
}
interfaces {
    ge-0/0/0 {
        description "Other SRX g0/0/0";
        enable;
        unit 0 {
            family inet {
                address 1.1.1.6/31;
        }
    }
    ge-0/0/1 {
        description "Bottom SRX g0/0/1";
        unit 0 {
            family inet {
                address 1.1.1.4/31;
        }        
    }
    ge-0/0/2 {
        description "EX g0/0/2";
    }
    ge-0/0/6 {
        enable;
        unit 0 {
            family inet {
                address 10.1.0.201/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 1.1.1.1/32;
            }                           
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop 10.1.0.1;
            no-readvertise;
        }
    }
    autonomous-system 200;
}
protocols {
    lldp {                              
        interface all;
    }
security {
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
            mpls {
                mode packet-based;
            }
            iso {
                mode packet-based;
            }
        }
    }
}
[email protected]> show configuration 
## Last commit: 2015-05-15 15:56:47 UTC by root
version 12.1X44-D45.2;
system {
    host-name BottomSRX;
    root-authentication {
        encrypted-password "$1$8zJP2rqE$aNbSmTjuldkr99uQIp4J30"; ## SECRET-DATA
    }
    services {
        ssh {
            protocol-version v2;
        }
    }
}
interfaces {
    ge-0/0/0 {
        description "Other SRX g0/0/1";
        unit 0 {
            family inet {
                address 1.1.1.9/31;
            }
    }
    ge-0/0/1 {
        description "Top SRX g0/0/1";
        unit 0 {
            family inet {
                address 1.1.1.5/31;
            }                           
    }
    ge-0/0/2 {
        description "EX g0/0/2";
    }
    ge-0/0/6 {
        enable;
        unit 0 {
            family inet {
                address 10.1.0.202/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 2.2.2.2/32;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop 10.1.0.1;          
            no-readvertise;
        }
    }
}
protocols {
    lldp {                              
        interface all;
    }
}
security {
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }                           
            mpls {
                mode packet-based;
            }
            iso {
                mode packet-based;
            }
        }
    }
}
[email protected]_SRX> show configuration 
## Last commit: 2015-05-15 16:03:13 UTC by root
version 12.1X44-D45.2;
system {
    host-name Single_SRX;
    root-authentication {
        encrypted-password "$1$0pm5C2Ie$5ss3qkj8WZxBFU2bTwlyE."; ## SECRET-DATA
    }
    name-server {
        8.8.8.8;
        8.8.4.4;
    }
    services {
        ssh {
            protocol-version v2;
        }
    }
}
interfaces {
    ge-0/0/0 {
        description "Bottom SRX g0/0/0";
        enable;
        unit 0 {
            family inet {
                address 1.1.1.8/31;
        }
    }
    ge-0/0/1 {
        description "Top SRX g0/0/0";
        enable;
        unit 0 {
            family inet {
                address 1.1.1.7/31;
        }
    }
    ge-0/0/2 {  
    	description "EX SRX g0/0/2";                        
    }
    ge-0/0/7 {
        description "Lab Management";
        enable;
        unit 0 {
            family inet {
                address 10.1.0.207/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 3.3.3.3/32;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop 10.1.0.1;
            no-readvertise;
        }
    }
    autonomous-system 200;
}
protocols {
    lldp {                              
        interface all;
    }
}
security {
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
            mpls {
                mode packet-based;
            }
            iso {
                mode packet-based;
            }
        }
    }
}
routing-instances {
    vpls {
        instance-type vpls;
        interface ge-0/0/2.0;
        protocols {
            vpls {
                no-tunnel-services;
                vpls-id 1;
                neighbor 1.1.1.1;
                neighbor 2.2.2.2;
            }
        }
    }
}

This is the configuration I have on the EX4200, which will be used as the 3 different locations. I have enabled OSPF at the each of the sites

EX4200 Configuration
root> show configuration 
## Last commit: 2015-03-08 18:33:10 UTC by root
version 12.3R9.4;
system {
    root-authentication {
        encrypted-password "$1$kgkXgKFb$plTKQqiKNknDciGKJ8i8V/"; ## SECRET-DATA
    }
    services {
        ssh {
            protocol-version v2;
        }
    }
}
interfaces {
    ge-0/0/0 {
        description "Top SRX";
        unit 0 {
            family inet {
                address 172.16.1.4/24;
            }
        }
    }
    ge-0/0/1 {
        description "Bottom SRX";
        unit 0 {                        
            family inet {               
                address 172.16.1.2/24;
            }
        }
    }
    ge-0/0/2 {
        description "Other SRX";
        unit 0 {
            family inet {
                address 172.16.1.3/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 7.7.7.7/32;
            }
        }
        unit 1 {
            family inet {
                address 8.8.8.8/32;
            }
        }                               
        unit 2 {
            family inet {
                address 9.9.9.9/32;
            }
        }
    }
    me0 {
        unit 0 {
            family inet {
                address 10.1.0.200/24;
            }
        }
    }
}
protocols {
    lldp {
        interface all;
    }
}
routing-instances {
    SiteA {
        instance-type virtual-router;
        interface ge-0/0/0.0;           
        interface lo0.0;
        protocols {
            ospf {
                area 0.0.0.0 {
                    interface ge-0/0/0.0;
                    interface lo0.0;
                }
            }
        }
    }
    SiteB {
        instance-type virtual-router;
        interface ge-0/0/1.0;
        interface lo0.1;
        protocols {
            ospf {
                area 0.0.0.0 {
                    interface ge-0/0/1.0;
                    interface lo0.1;
                }
            }
        }
    }                                   
    SiteC {
        instance-type virtual-router;
        interface ge-0/0/2.0;
        interface lo0.2;
        protocols {
            ospf {
                area 0.0.0.0 {
                    interface lo0.2;
                    interface ge-0/0/2.0;
                }
            }
        }
    }
}

LDP

Ill be working off PE1, all the other routers have been configured. Once we have PE1 sorted, we will have a VPLS instance with LDP signaling 🙂

Firstly, I will configure the interface that is connected the Customer Edge (CE) device, so that the router knows this is apart of the VPLS. We will need to set the encapsulation to VPLS and set the logical interface.

[email protected]_SRX> show configuration interfaces ge-0/0/2                        
description "EX g0/0/2";
encapsulation ethernet-vpls;
unit 0;

Out of the 3 ways of configuring a VPLS instance using LDP, configuration wise, is the most straightforward. Under the protocols stanza, we will need to make sure all the related protocols are enabled, in addition we will need to make sure the MPLS LSPs correctly configured. It is important to know that, you will only need to set LDP on the loopback address not on any other interfaces that has MPLS configured. This is because the LDP peering with only the other PE and not the interlinks between the routers, this is also why you need to have an IGP configured to get connectivity to the loopback.

protocols {
    rsvp {
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
        interface lo0.0;
    }
    mpls {
        no-cspf;
        label-switched-path to_3.3.3.3 {
            from 1.1.1.1;
            to 3.3.3.3;
        }
        label-switched-path to_2.2.2.2 {
            from 1.1.1.1;
            to 2.2.2.2;
        }
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
    }
    ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface ge-0/0/0.0;
            interface ge-0/0/1.0;
            interface lo0.0;
        }                               
    }
    ldp {
        interface lo0.0;
    }

It is key to remember with all VPNs, their goal is to isolate their routing tables from other networks; this is no different with VPLS. We will need to create an isolated VPLS instance, to allow traffic between Sites A, B and C to be independent from the rest of the network. With this in mind, we will need to configure a Routing-Instance and include statement instance-type vpls

[email protected]_SRX> show configuration routing-instances 
vpls {
    instance-type vpls;
    interface ge-0/0/2.0;
    protocols {
        vpls {
            no-tunnel-services;
Note
no-tunnel-services needs to be configured, as device I’m using (SRX220h2) doesn’t have Tunnel Service PIC. This statement creates a label-switched interface (LSI) to provide VPLS functionality. For more information check here

We can see everything is working, when I do a show route we can see that all 3 sites have learnt the loopback address via OSPF

Site A Routing TableSite B Routing TableSite C Routing Table
SiteA.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

7.7.7.7/32         *[Direct/0] 17:54:17
                    > via lo0.0
8.8.8.8/32         *[OSPF/10] 01:05:51, metric 1
                    > to 172.16.1.2 via ge-0/0/0.0
9.9.9.9/32         *[OSPF/10] 01:05:51, metric 1
                    > to 172.16.1.3 via ge-0/0/0.0
224.0.0.5/32       *[OSPF/10] 17:54:17, metric 1
                      MultiRecv
SiteB.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

7.7.7.7/32         *[OSPF/10] 01:05:51, metric 1
                    > to 172.16.1.4 via ge-0/0/1.0
8.8.8.8/32         *[Direct/0] 17:54:17
                    > via lo0.1
9.9.9.9/32         *[OSPF/10] 01:05:56, metric 1
                    > to 172.16.1.3 via ge-0/0/1.0
224.0.0.5/32       *[OSPF/10] 17:54:17, metric 1
                      MultiRecv
SiteC.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

7.7.7.7/32         *[OSPF/10] 01:05:51, metric 1
                    > to 172.16.1.4 via ge-0/0/2.0
8.8.8.8/32         *[OSPF/10] 01:05:56, metric 1
                    > to 172.16.1.2 via ge-0/0/2.0
9.9.9.9/32         *[Direct/0] 17:54:17
                    > via lo0.2
224.0.0.5/32       *[OSPF/10] 17:54:17, metric 1
                      MultiRecv

BGP

Time to move onto the BGP version of configuration a VPLS. We will keep the same configuration above keep on the all the PEs. Using BGP configuration for VPLS is extremely useful as if more scalable and if you already have BGP running on your network, you don’t need to create any new BGP sessions for the VPLS session!

Firstly we will need to set the autonomous system (AS) number and have our BGP peering session with the other PEs. Note that we have selected the family l2vpn signaling

[edit]
[email protected]_SRX# show routing-options autonomous-system 
200;

[edit]
[email protected]_SRX# show protocols bgp 
group PE-routers {
    type internal;
    local-address 1.1.1.1;
    family l2vpn {
        signaling;
    }
    peer-as 200;
    neighbor 2.2.2.2;
    neighbor 3.3.3.3;
}

As similar with L3VPNs, under the VPLS routing-instance, we will need to add Route-Target and Route-Distinguisher. This is because unlike with we used LDP, we don’t have defined neighbor under the VPLS stanza. Additionally under the VPLS protocol site-identifiers have to be added.

Note
The Route-Target and Route-Distinguisher on all the PEs in the VPLS instance have to be same
[edit routing-instances vpls]
[email protected]_SRX# show 
instance-type vpls;
interface ge-0/0/2.0;
route-distinguisher 200:100;
vrf-target target:200:100;
protocols {
    vpls {
        no-tunnel-services;
        site SiteC {
            site-identifier 3;
        }
    }
}

We can see everything is working, when I do a show route we can see that all 3 sites have learnt the loopback address via OSPF still 😀

Site A Routing TableSite B Routing TableSite C Routing Table
SiteA.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

8.8.8.8/32         *[OSPF/10] 00:02:11, metric 1
                    > to 172.16.1.2 via ge-0/0/0.0
9.9.9.9/32         *[OSPF/10] 00:02:16, metric 1
                    > to 172.16.1.3 via ge-0/0/0.0
224.0.0.5/32       *[OSPF/10] 22:38:49, metric 1
                      MultiRecv
SiteB.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

7.7.7.7/32         *[OSPF/10] 00:02:11, metric 1
                    > to 172.16.1.4 via ge-0/0/1.0
9.9.9.9/32         *[OSPF/10] 00:02:11, metric 1
                    > to 172.16.1.3 via ge-0/0/1.0
224.0.0.5/32       *[OSPF/10] 22:38:49, metric 1
                      MultiRecv
SiteC.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

7.7.7.7/32         *[OSPF/10] 00:02:16, metric 1
                    > to 172.16.1.4 via ge-0/0/2.0
8.8.8.8/32         *[OSPF/10] 00:02:11, metric 1
                    > to 172.16.1.2 via ge-0/0/2.0
224.0.0.5/32       *[OSPF/10] 22:38:49, metric 1
                      MultiRecv

LDP & BGP

We are also able to configure a VPLS instance with LDP and BGP. We will use the same configure as above, as we will only need a few changes. We will need to change the family l2vpn stanza in the BGP session from signaling to auto-discovery-only, add l2vpn-id and remove the entire configuration under the protocol vpls (except no-tunnel-services) stanza in VPLS routing instance.

[email protected]_SRX# show protocols bgp  
group PE-routers {
    type internal;
    local-address 1.1.1.1;
    family l2vpn {
        auto-discovery-only;
    }
    peer-as 200;
    neighbor 2.2.2.2;
    neighbor 3.3.3.3;
}


[email protected]_SRX# show routing-instances vpls 
instance-type vpls;
interface ge-0/0/2.0;
route-distinguisher 200:100;
l2vpn-id l2vpn-id:200:100;
vrf-target target:200:100;
protocols {
    vpls {
        no-tunnel-services;
    }
}

We can see everything is working, when I do a show route protocol ospf we can see that all 3 sites have learnt the loopback address via OSPF still 😀

Site A OSPF Routing TableSite B OSPF Routing TableSite C OSPF Routing Table
SiteA.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

8.8.8.8/32         *[OSPF/10] 00:00:18, metric 1
                    > to 172.16.1.2 via ge-0/0/0.0
9.9.9.9/32         *[OSPF/10] 00:00:18, metric 1
                    > to 172.16.1.3 via ge-0/0/0.0
224.0.0.5/32       *[OSPF/10] 23:48:35, metric 1
                      MultiRecv
SiteB.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

7.7.7.7/32         *[OSPF/10] 00:00:18, metric 1
                    > to 172.16.1.4 via ge-0/0/1.0
9.9.9.9/32         *[OSPF/10] 00:00:23, metric 1
                    > to 172.16.1.3 via ge-0/0/1.0
224.0.0.5/32       *[OSPF/10] 23:48:35, metric 1
                      MultiRecv
SiteC.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

7.7.7.7/32         *[OSPF/10] 00:00:18, metric 1
                    > to 172.16.1.4 via ge-0/0/2.0
8.8.8.8/32         *[OSPF/10] 00:00:23, metric 1
                    > to 172.16.1.2 via ge-0/0/2.0
224.0.0.5/32       *[OSPF/10] 23:48:35, metric 1
                      MultiRecv

You can get indepth detail about VPLS from Juniper Website here

Share this:
Share