As normal on a Friday, it’s a bit of slow day at work 😐 but it does give me the chance to mess about in the lab! We were talking about the VPLS instances that we have going at in the office and I had never configured it up for myself, so I thought this would be the perfect time to set something up and give it a punt!
This post is just about how to configure a VPLS instance. I will write another post going into the inner working of VPLS, however right now I know and understand how it VPLS works but couldn’t explain it!
So that is for future, but for the today…. Let’s begin 😀
I will be using 1x EX4200 with routing instances to separate the routing tables and 3x SRX220h2 as the Provider Edge (PE) routers. I will have 3 routing instances on the EX4200, each will represent a different Site location and will have a single VPLS instances across the 3x PE routers. As shown below, Logical Topology that will be used for this VPLS lab will be:
To have create a VPLS instance you will need to have the following configured:
IGP – On all PE and P routers, with traffic-engineering enabled
MPLS – You will need Label Switched Paths (LSPs) configured between the PE routers
BGP – You will need BGP configured between the PE routers (BGP enabling VPLS method)
This is my base configuration for my 3 PE routers
This is the configuration I have on the EX4200, which will be used as the 3 different locations. I have enabled OSPF at the each of the sites
LDP
Ill be working off PE1, all the other routers have been configured. Once we have PE1 sorted, we will have a VPLS instance with LDP signaling 🙂
Firstly, I will configure the interface that is connected the Customer Edge (CE) device, so that the router knows this is apart of the VPLS. We will need to set the encapsulation to VPLS and set the logical interface.
[email protected]_SRX> show configuration interfaces ge-0/0/2 description "EX g0/0/2"; encapsulation ethernet-vpls; unit 0;
Out of the 3 ways of configuring a VPLS instance using LDP, configuration wise, is the most straightforward. Under the protocols stanza, we will need to make sure all the related protocols are enabled, in addition we will need to make sure the MPLS LSPs correctly configured. It is important to know that, you will only need to set LDP on the loopback address not on any other interfaces that has MPLS configured. This is because the LDP peering with only the other PE and not the interlinks between the routers, this is also why you need to have an IGP configured to get connectivity to the loopback.
protocols { rsvp { interface ge-0/0/0.0; interface ge-0/0/1.0; interface lo0.0; } mpls { no-cspf; label-switched-path to_3.3.3.3 { from 1.1.1.1; to 3.3.3.3; } label-switched-path to_2.2.2.2 { from 1.1.1.1; to 2.2.2.2; } interface ge-0/0/0.0; interface ge-0/0/1.0; } ospf { traffic-engineering; area 0.0.0.0 { interface ge-0/0/0.0; interface ge-0/0/1.0; interface lo0.0; } } ldp { interface lo0.0; }
It is key to remember with all VPNs, their goal is to isolate their routing tables from other networks; this is no different with VPLS. We will need to create an isolated VPLS instance, to allow traffic between Sites A, B and C to be independent from the rest of the network. With this in mind, we will need to configure a Routing-Instance and include statement instance-type vpls
[email protected]_SRX> show configuration routing-instances vpls { instance-type vpls; interface ge-0/0/2.0; protocols { vpls { no-tunnel-services;
We can see everything is working, when I do a show route we can see that all 3 sites have learnt the loopback address via OSPF
SiteA.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 7.7.7.7/32 *[Direct/0] 17:54:17 > via lo0.0 8.8.8.8/32 *[OSPF/10] 01:05:51, metric 1 > to 172.16.1.2 via ge-0/0/0.0 9.9.9.9/32 *[OSPF/10] 01:05:51, metric 1 > to 172.16.1.3 via ge-0/0/0.0 224.0.0.5/32 *[OSPF/10] 17:54:17, metric 1 MultiRecv
SiteB.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 7.7.7.7/32 *[OSPF/10] 01:05:51, metric 1 > to 172.16.1.4 via ge-0/0/1.0 8.8.8.8/32 *[Direct/0] 17:54:17 > via lo0.1 9.9.9.9/32 *[OSPF/10] 01:05:56, metric 1 > to 172.16.1.3 via ge-0/0/1.0 224.0.0.5/32 *[OSPF/10] 17:54:17, metric 1 MultiRecv
SiteC.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 7.7.7.7/32 *[OSPF/10] 01:05:51, metric 1 > to 172.16.1.4 via ge-0/0/2.0 8.8.8.8/32 *[OSPF/10] 01:05:56, metric 1 > to 172.16.1.2 via ge-0/0/2.0 9.9.9.9/32 *[Direct/0] 17:54:17 > via lo0.2 224.0.0.5/32 *[OSPF/10] 17:54:17, metric 1 MultiRecv
BGP
Time to move onto the BGP version of configuration a VPLS. We will keep the same configuration above keep on the all the PEs. Using BGP configuration for VPLS is extremely useful as if more scalable and if you already have BGP running on your network, you don’t need to create any new BGP sessions for the VPLS session!
Firstly we will need to set the autonomous system (AS) number and have our BGP peering session with the other PEs. Note that we have selected the family l2vpn signaling
[edit] [email protected]_SRX# show routing-options autonomous-system 200; [edit] [email protected]_SRX# show protocols bgp group PE-routers { type internal; local-address 1.1.1.1; family l2vpn { signaling; } peer-as 200; neighbor 2.2.2.2; neighbor 3.3.3.3; }
As similar with L3VPNs, under the VPLS routing-instance, we will need to add Route-Target and Route-Distinguisher. This is because unlike with we used LDP, we don’t have defined neighbor under the VPLS stanza. Additionally under the VPLS protocol site-identifiers have to be added.
[edit routing-instances vpls] [email protected]_SRX# show instance-type vpls; interface ge-0/0/2.0; route-distinguisher 200:100; vrf-target target:200:100; protocols { vpls { no-tunnel-services; site SiteC { site-identifier 3; } } }
We can see everything is working, when I do a show route we can see that all 3 sites have learnt the loopback address via OSPF still 😀
SiteA.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 8.8.8.8/32 *[OSPF/10] 00:02:11, metric 1 > to 172.16.1.2 via ge-0/0/0.0 9.9.9.9/32 *[OSPF/10] 00:02:16, metric 1 > to 172.16.1.3 via ge-0/0/0.0 224.0.0.5/32 *[OSPF/10] 22:38:49, metric 1 MultiRecv
SiteB.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 7.7.7.7/32 *[OSPF/10] 00:02:11, metric 1 > to 172.16.1.4 via ge-0/0/1.0 9.9.9.9/32 *[OSPF/10] 00:02:11, metric 1 > to 172.16.1.3 via ge-0/0/1.0 224.0.0.5/32 *[OSPF/10] 22:38:49, metric 1 MultiRecv
SiteC.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 7.7.7.7/32 *[OSPF/10] 00:02:16, metric 1 > to 172.16.1.4 via ge-0/0/2.0 8.8.8.8/32 *[OSPF/10] 00:02:11, metric 1 > to 172.16.1.2 via ge-0/0/2.0 224.0.0.5/32 *[OSPF/10] 22:38:49, metric 1 MultiRecv
LDP & BGP
We are also able to configure a VPLS instance with LDP and BGP. We will use the same configure as above, as we will only need a few changes. We will need to change the family l2vpn stanza in the BGP session from signaling to auto-discovery-only, add l2vpn-id and remove the entire configuration under the protocol vpls (except no-tunnel-services) stanza in VPLS routing instance.
[email protected]_SRX# show protocols bgp group PE-routers { type internal; local-address 1.1.1.1; family l2vpn { auto-discovery-only; } peer-as 200; neighbor 2.2.2.2; neighbor 3.3.3.3; } [email protected]_SRX# show routing-instances vpls instance-type vpls; interface ge-0/0/2.0; route-distinguisher 200:100; l2vpn-id l2vpn-id:200:100; vrf-target target:200:100; protocols { vpls { no-tunnel-services; } }
We can see everything is working, when I do a show route protocol ospf we can see that all 3 sites have learnt the loopback address via OSPF still 😀
SiteA.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 8.8.8.8/32 *[OSPF/10] 00:00:18, metric 1 > to 172.16.1.2 via ge-0/0/0.0 9.9.9.9/32 *[OSPF/10] 00:00:18, metric 1 > to 172.16.1.3 via ge-0/0/0.0 224.0.0.5/32 *[OSPF/10] 23:48:35, metric 1 MultiRecv
SiteB.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 7.7.7.7/32 *[OSPF/10] 00:00:18, metric 1 > to 172.16.1.4 via ge-0/0/1.0 9.9.9.9/32 *[OSPF/10] 00:00:23, metric 1 > to 172.16.1.3 via ge-0/0/1.0 224.0.0.5/32 *[OSPF/10] 23:48:35, metric 1 MultiRecv
SiteC.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 7.7.7.7/32 *[OSPF/10] 00:00:18, metric 1 > to 172.16.1.4 via ge-0/0/2.0 8.8.8.8/32 *[OSPF/10] 00:00:23, metric 1 > to 172.16.1.2 via ge-0/0/2.0 224.0.0.5/32 *[OSPF/10] 23:48:35, metric 1 MultiRecv
You can get indepth detail about VPLS from Juniper Website here