Thursday, February 8, 2018
Tuesday, April 4, 2017
L2VPN and VPLS configs
BGP L2VPN
set interfaces ge-0/0/0 vlan-taggingset interfaces ge-0/0/0 encapsulation extended-vlan-ccc
set interfaces ge-0/0/0 unit 100 family ccc
set routing-instances pink instance-type l2vpn
set routing-instances pink interface ge-0/0/0.100
set routing-instances pink vrf-target target:100:1
set routing-instances pink protocols l2vpn encapsulation-type ethernet-vlan
set routing-instances pink protocols l2vpn interface ge-0/0/0.100
set routing-instances pink protocols l2vpn site site1 site-identifier 1
set routing-instances pink protocols l2vpn site site1 interface ge-0/0/0.100 remote-site-d 2
BGP VPLS
set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/1 encapsulation vlan-vpls
set interfaces ge-0/0/1 unit 600 encapsulation vlan-vpls
set interfaces ge-0/0/1 unit 600 vlan-id 600
set routing-instances vpls_1 instance-type vpls
set routing-instances vpls_1 interface ge-0/0/1.600
set routing-instances vpls_1 route-distinguisher 10.255.107.74:1
set routing-instances vpls_1 vrf-target target:65056:1
set routing-instances vpls_1 vlan-id 550
set routing-instances vpls_1 protocols vpls no-tunnel-services
set routing-instances vpls_1 protocols vpls site site_3 site-identifier 3
set routing-instances vpls_1 protocols vpls site site_3 multi-homing
set routing-instances vpls_1 protocols vpls site site_3 site-preference primary
set routing-instances vpls_1 protocols vpls site site_3 interface ge-0/0/0.600
LDP based L2VPN
set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 encapsulation extended-vlan-ccc
set interfaces ge-0/0/0 unit 100 family ccc
set protocols l2circuit neighbor 3.3.3.3 interface ge-0/0/0.100 virtual-circuit-id 1
FEC 129 VPLS
set routing-instances green instance-type vpls
set routing-instances green interface ge-0/3/1.0
set routing-instances green interface ge-0/3/3.0
set routing-instances green route-distinguisher 1.1.1.2:1
set routing-instances green l2vpn-id l2vpn-id:100:100
set routing-instances green vrf-target target:100:100
set routing-instances green protocols vpls no-tunnel-services
set routing-instances green protocols vpls multi-homing site test identifier 1
set routing-instances green protocols vpls multi-homing site test interface ge-0/0/1.0
Default tempalte
set routing-instances test provider-tunnel rsvp-te label-switched-path-template default-template
set routing-instances green interface ge-0/3/1.0
set routing-instances green interface ge-0/3/3.0
set routing-instances green route-distinguisher 1.1.1.2:1
set routing-instances green l2vpn-id l2vpn-id:100:100
set routing-instances green vrf-target target:100:100
set routing-instances green protocols vpls no-tunnel-services
set routing-instances green protocols vpls multi-homing site test identifier 1
set routing-instances green protocols vpls multi-homing site test interface ge-0/0/1.0
Default tempalte
set routing-instances test provider-tunnel rsvp-te label-switched-path-template default-template
Saturday, March 18, 2017
Hub and Spoke VPNs
- Traffic from Spokes can go to other spokes through hub's only
- Normally a PE would receive the remote routes directly from the Route Reflector. It would receive the routes matching its VRF targets. When it has to send traffic to destinations it has learned, it sends it to the remote PE and by pushing in couple of labels
- To prevent spokes form sending traffic directly to other spokes, we only accept routes tagged with the hub community
- Now, because the way IBGP behaves, routes that are received by a PE are not reflected back to to other PE's (unless they are RR).
- So to solve this problem, we create two VRF's on the hub PE. Lets call them hub VRF and Spoke VRF
- In spoke VRF we import routes from all the spoke VRF's. These routes are advertised to a CE. From the same CE we again learn routes into the Hub VRF.
- From the hub VRF we advertise these routes to all the spokes. On the spokes they filter out routes with their own communities (site of origin filter)
Configs:
Hub
r9@MX-LAB:r9> show configuration routing-instances
HUB {
instance-type vrf;
interface lt-0/1/0.92;
vrf-import nothing;
vrf-export HUB-OUT;
protocols {
bgp {
group grp1 {
neighbor 2.92.0.2 {
peer-as 65001;
}
}
}
}
}
SPOKE {
instance-type vrf;
interface lt-0/1/0.93;
vrf-import SPOKE-IN;
vrf-export nothing;
protocols {
bgp {
group grp1 {
neighbor 2.93.0.2 {
peer-as 65001;
}
}
}
}
}
r9@MX-LAB:r9> show configuration policy-options
policy-statement HUB-OUT {
term 1 {
from protocol bgp;
then {
community add hub;
accept;
}
}
}
policy-statement SPOKE-IN {
term 1 {
from community spoke;
then accept;
}
}
policy-statement export-rr {
term 1 {
from protocol [ static direct ];
then accept;
}
}
policy-statement nothing {
then reject;
}
community hub members target:100:1;
community spoke members target:200:1;
Spoke config:
r4@MX-LAB:r4> show configuration protocols bgp
group rr {
type internal;
local-address 4.4.4.4;
family inet {
labeled-unicast;
}
family inet-vpn {
unicast;
}
family inet6 {
labeled-unicast;
}
neighbor 6.6.6.6;
neighbor 5.5.5.5;
}
r4@MX-LAB:r4> show configuration policy-options
policy-statement vrf1-in {
term 1 {
from community spoke4;
then reject;
}
term 2 {
from community hub;
then accept;
}
}
policy-statement vrf1-out {
term 1 {
then {
community add spoke;
community add spoke4;
accept;
}
}
}
community hub members target:100:1;
community spoke members target:200:1;
community spoke4 members target:300:4;
r4@MX-LAB:r4>
Subscribe to:
Comments (Atom)