MPLS VPLS configuration with Juniper JunOS
Posting a Juniper VPLS how-to on a couple of J-series routers. Have been pretty SDN focused lately so wanted to get some real stuff in for a post. Docs on JunOS VPLS can be shaky so nothing like a couple real configs to plugin your address in the lab if having problems with L2 VPNs. This includes MPLS VPLS configuration with Juniper JunOS.
The two PE routers build MPLS/BGP adjacencies to one another to exchange label information and build the LSPs for the two VRFs. VRF Blue is the VPLS virtual circuit and VRF red is a simple L3 VPN you can use to test MP-BGP to test MP-BGP populating it with loopbacks (or phy ints). VPLS can be multipoint while draft-Martini/Kompella are p2p one being LDP (Martini) to signal the label and the other being BGP (Kompella) signalled.
Feel free to hit me up with any questions. I can do more JunOS stuff if anyone needs a hand with particulars. It’s a bit different than IOS starting out but it has structured data model once you get used to it.
Figure 1. Orange line is the pseudowire or VPLS circuit going through the provider edge nodes to the customer edge nodes.
MPLS VPLS configuration Node 1
root@J1# show
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 |
## Last changed: version 10.0R3.10; system { host-name J1; root-authentication { encrypted-password ## SECRET-DATA } services { ftp; web-management { http { interface [ ge-0/0/0.0 ge-0/0/1.0 ge-0/0/2.0 ge-0/0/3.0 ]; } } } syslog { file logs { any any; } } } ge-1/0/1 { unit 0 { family inet { address 10.1.1.1/24; } family mpls; } } ge-1/0/2 { encapsulation ethernet-vpls; unit 0; } lo0 { unit 0 { family inet { address 1.1.1.1/32; } } unit 10 { family inet { address 11.11.11.11/32; } } } } routing-options { autonomous-system 65001; } protocols { mpls { interface lo0.0; interface ge-1/0/0.10; } bgp { group ibgp { type internal; local-address 1.1.1.1; family inet { unicast; } family inet-vpn { unicast; } family l2vpn { signaling; } local-as 65001; neighbor 2.2.2.2; } } ospf { area 0.0.0.0 { interface lo0.0; interface ge-1/0/1.0; } } ldp { interface ge-1/0/1.0; } } policy-options { policy-statement direct-int { from protocol direct; then accept; } policy-statement r2-peer { term loop1 { from { route-filter 192.168.250.1/32 exact; route-filter 192.168.252.1/32 exact; } then accept; } term exp-deny { then reject; } } } security { forwarding-options { family { mpls { mode packet-based; } } } flow { tcp-session { no-syn-check; no-syn-check-in-tunnel; } } } routing-instances { blue { instance-type vpls; interface ge-1/0/2.0; route-distinguisher 65001:12; vrf-target target:65001:15; protocols { vpls { interface ge-1/0/2.0; no-tunnel-services; site blue1 { site-identifier 1; } vpls-id 101; neighbor 2.2.2.2; } } } red { instance-type vrf; interface lo0.10; route-distinguisher 65001:2; vrf-target target:65001:1; } } |
MPLS VPLS configuration Node 2
root@J2# show
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
## Last changed: version 10.0R3.10; system { host-name J2; root-authentication { encrypted-password ## SECRET-DATA } services { ftp; } } ge-0/0/1 { unit 0 { family inet { address 10.1.1.2/24; } family mpls; } } ge-0/0/2 { encapsulation ethernet-vpls; unit 0; } lo0 { unit 0 { family inet { address 2.2.2.2/32; } } unit 10 { family inet { address 22.22.22.22/32; } } } } routing-options { autonomous-system 65001; } protocols { mpls { interface ge-0/0/1.0; interface lo0.0; } bgp { group ibgp { type internal; local-address 2.2.2.2; family inet { unicast; } family inet-vpn { unicast; } family l2vpn { signaling; } local-as 65001; neighbor 1.1.1.1; } } ospf { area 0.0.0.0 { interface lo0.0; interface ge-0/0/1.0; } } ldp { interface ge-0/0/1.0; } } security { forwarding-options { family { mpls { mode packet-based; } } } flow { tcp-session { no-syn-check; no-syn-check-in-tunnel; } } } routing-instances { blue { instance-type vpls; interface ge-0/0/2.0; route-distinguisher 65001:11; vrf-target target:65001:15; protocols { vpls { interface ge-0/0/2.0; no-tunnel-services; site blue2 { site-identifier 2; } vpls-id 101; neighbor 1.1.1.1; } } } red { instance-type vrf; interface lo0.10; route-distinguisher 65001:3; vrf-target target:65001:1; } } |
If you are interested in other L2 provider encapsulations take a look at QinQ and MAC-in-MAC:
Putting Together Provider Bridging, Provider Backbone Bridging, S-Tags and C-Tags →
Should get you started with P2MP and P2P pseudowires!
Hi,
I like the explanations that you provide.It would be great if you could provide the router commands to set up the configuration along with show configuration
Regards,
Karthik.
Hi Karthik,
The configurations are in there but the version of SyntaxHighlighter is using flash. I use that one since it has the copy to clipboard and view source. I pasted the configuration on Pastebin for you. Let me know if I misunderstood you and you were asking about another configuration.
http://pastebin.com/Jnfn7Ahm
Thanks for the comment and stopping by!
-Brent
HI Brent,
I am using opendaylight controller so please kindly help me how to push, swap, pop mpls in the controller using curl commands?
Thanks & regards
Hi,
For the first router, am I correct to assume that config in the excerpt below has a typo with respect to interface ge-1/0/0.10, shouldn’t this be ge-1/0/1.0 ?
Also, any chance you could do a quick topology diagram.
Thanks in advance.
Regards
Kay
mpls {
interface lo0.0;
interface ge-1/0/0.10;
}
What???? i think the above comment is some how in the wrong place, what has handkerchief, tissues and ladies hankies got to do with VPLS stuff!!
otherwise the blog is fine and informative…
Yeah, was spam.
Hi Brent,
thanks a lot once again for the vpls tuto. do you mind doing a tutorial on how to route between private IP address to public IP address on juniper routers (sort of NATTING from private LAN to public IP).
Thanks
Ahmed.
HI Brent,
I am using opendaylight controller so please kindly help me how to push, swap, pop mpls in the controller using curl commands?
Thanks & regards
Hi Vivek, I have just started coding with the OFv1.3 interface. There are still tweaking needed but they did a really nice job with it. I haven’t done anything w/ the northbound interface yet but only accessing the MD-Sal “org.opendaylight.controller.sal” to get flows for OVSDB and Net-Virt nailed down. I will have a post on it as soon as we get it commited in the next week or so. In the meantime here is a screencap of the OF Library to MD Sal conversion. https://www.dropbox.com/s/tuqj1bit6zhr3i6/MD-Sal-UML.png.pdf
Also Here is a Test Unit that Ive been using to get started.
https://git.opendaylight.org/gerrit/gitweb?p=openflowplugin.git;a=blob;f=test-provider/src/main/java/org/opendaylight/openflowplugin/test/OpenflowpluginTestCommandProvider.java;h=0a1301da4ca96ed643cd45d56f2e18b8e288c8f4;hb=b3dd6aac41b5c8e074c325e5bde7318022917e39
Cheers,
-Brent