Posting a Juniper VPLS how-to on a couple of J-series routers. Have been pretty SDN focused lately so wanted to get some real stuff in for a post. Docs on JunOS VPLS can be shaky so nothing like a couple real configs to plugin your address in the lab if having problems with L2 VPNs. This includes MPLS VPLS configuration with Juniper JunOS.
The two PE routers build MPLS/BGP adjacencies to one another to exchange label information and build the LSPs for the two VRFs. VRF Blue is the VPLS virtual circuit and VRF red is a simple L3 VPN you can use to test MP-BGP to test MP-BGP populating it with loopbacks (or phy ints). VPLS can be multipoint while draft-Martini/Kompella are p2p one being LDP (Martini) to signal the label and the other being BGP (Kompella) signalled.
Feel free to hit me up with any questions. I can do more JunOS stuff if anyone needs a hand with particulars. It’s a bit different than IOS starting out but is an elegant structured OS once you get used to it.
Figure 1. Orange line is the pseudowire or VPLS circuit going through the provider edge nodes to the customer edge nodes.
root@J1# show
## Last changed:
version 10.0R3.10;
system {
host-name J1;
root-authentication {
encrypted-password ## SECRET-DATA
}
services {
ftp;
web-management {
http {
interface [ ge-0/0/0.0 ge-0/0/1.0 ge-0/0/2.0 ge-0/0/3.0 ];
}
}
}
syslog {
file logs {
any any;
}
}
}
ge-1/0/1 {
unit 0 {
family inet {
address 10.1.1.1/24;
}
family mpls;
}
}
ge-1/0/2 {
encapsulation ethernet-vpls;
unit 0;
}
lo0 {
unit 0 {
family inet {
address 1.1.1.1/32;
}
}
unit 10 {
family inet {
address 11.11.11.11/32;
}
}
}
}
routing-options {
autonomous-system 65001;
}
protocols {
mpls {
interface lo0.0;
interface ge-1/0/0.10;
}
bgp {
group ibgp {
type internal;
local-address 1.1.1.1;
family inet {
unicast;
}
family inet-vpn {
unicast;
}
family l2vpn {
signaling;
}
local-as 65001;
neighbor 2.2.2.2;
}
}
ospf {
area 0.0.0.0 {
interface lo0.0;
interface ge-1/0/1.0;
}
}
ldp {
interface ge-1/0/1.0;
}
}
policy-options {
policy-statement direct-int {
from protocol direct;
then accept;
}
policy-statement r2-peer {
term loop1 {
from {
route-filter 192.168.250.1/32 exact;
route-filter 192.168.252.1/32 exact;
}
then accept;
}
term exp-deny {
then reject;
}
}
}
security {
forwarding-options {
family {
mpls {
mode packet-based;
}
}
}
flow {
tcp-session {
no-syn-check;
no-syn-check-in-tunnel;
}
}
}
routing-instances {
blue {
instance-type vpls;
interface ge-1/0/2.0;
route-distinguisher 65001:12;
vrf-target target:65001:15;
protocols {
vpls {
interface ge-1/0/2.0;
no-tunnel-services;
site blue1 {
site-identifier 1;
}
vpls-id 101;
neighbor 2.2.2.2;
}
}
}
red {
instance-type vrf;
interface lo0.10;
route-distinguisher 65001:2;
vrf-target target:65001:1;
}
}
root@J2# show
## Last changed:
version 10.0R3.10;
system {
host-name J2;
root-authentication {
encrypted-password ## SECRET-DATA
}
services {
ftp;
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.1.1.2/24;
}
family mpls;
}
}
ge-0/0/2 {
encapsulation ethernet-vpls;
unit 0;
}
lo0 {
unit 0 {
family inet {
address 2.2.2.2/32;
}
}
unit 10 {
family inet {
address 22.22.22.22/32;
}
}
}
}
routing-options {
autonomous-system 65001;
}
protocols {
mpls {
interface ge-0/0/1.0;
interface lo0.0;
}
bgp {
group ibgp {
type internal;
local-address 2.2.2.2;
family inet {
unicast;
}
family inet-vpn {
unicast;
}
family l2vpn {
signaling;
}
local-as 65001;
neighbor 1.1.1.1;
}
}
ospf {
area 0.0.0.0 {
interface lo0.0;
interface ge-0/0/1.0;
}
}
ldp {
interface ge-0/0/1.0;
}
}
security {
forwarding-options {
family {
mpls {
mode packet-based;
}
}
}
flow {
tcp-session {
no-syn-check;
no-syn-check-in-tunnel;
}
}
}
routing-instances {
blue {
instance-type vpls;
interface ge-0/0/2.0;
route-distinguisher 65001:11;
vrf-target target:65001:15;
protocols {
vpls {
interface ge-0/0/2.0;
no-tunnel-services;
site blue2 {
site-identifier 2;
}
vpls-id 101;
neighbor 1.1.1.1;
}
}
}
red {
instance-type vrf;
interface lo0.10;
route-distinguisher 65001:3;
vrf-target target:65001:1;
}
}
Hi,
I like the explanations that you provide.It would be great if you could provide the router commands to set up the configuration along with show configuration
Regards,
Karthik.
Hi Karthik,
The configurations are in there but the version of SyntaxHighlighter is using flash. I use that one since it has the copy to clipboard and view source. I pasted the configuration on Pastebin for you. Let me know if I misunderstood you and you were asking about another configuration.
http://pastebin.com/Jnfn7Ahm
Thanks for the comment and stopping by!
-Brent
Hi,
For the first router, am I correct to assume that config in the excerpt below has a typo with respect to interface ge-1/0/0.10, shouldn’t this be ge-1/0/1.0 ?
Also, any chance you could do a quick topology diagram.
Thanks in advance.
Regards
Kay
mpls {
interface lo0.0;
interface ge-1/0/0.10;
}
Give up those tissues and carry around a handkerchief. You can even learn to fold it so you can carry it around in your jacket pocket. Men, you’ll look like studs and everyone will know that you care about the environment. Women, you can drop the hankies coquettishly in order to renew an outdated and hard-to-understand courtship ritual. Just don’t wear the kerchief around your neck. You’ll end up looking like a dog named Chance or Bandit. foakleys http://pinterest.com/foakleys/