Tawfique Ahmed: August 2020

Pre-Requisition:
-----------------------
1) iBGP should configure between PE router.

Steps :
-----------------------
1. The physical layer encapsulation type(ethernet) must be specified on the customer edge interface
2. Configure BGP group with family l2vpn signaling
3. Create VRF and Routing instance using instance type l2vpn
4. The encapsulation type(ethernet) must also be specified in the configuration of the routing instance
5. Configure the routing-instance protocols site

N.B. All steps should be performed on PE router

AGG1:
-----------------------------------------------------------------------
set system host-name vAGG-1
set interfaces ge-0/0/0 description AGG-1_To_AGG-2
set interfaces ge-0/0/0 mtu 2000
set interfaces ge-0/0/0 unit 0 family inet address 200.200.200.141/30
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/2 description AGG-1_To_SYL-POP-RTR
set interfaces ge-0/0/2 mtu 2000
set interfaces ge-0/0/2 unit 0 family inet address 10.254.128.13/30
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 200.200.200.253/32
set routing-options router-id 200.200.200.253
set routing-options autonomous-system 48200
set protocols mpls interface ge-0/0/0.0
set protocols mpls interface ge-0/0/2.0
set protocols bgp group 48200 type internal
set protocols bgp group 48200 local-address 200.200.200.253
set protocols bgp group 48200 export NEXT-HOP-SELF
set protocols bgp group 48200 neighbor 200.200.200.252
set protocols bgp group 48200 neighbor 10.254.192.1
set protocols bgp group 48200 neighbor 10.254.128.1
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ldp interface ge-0/0/0.0
set protocols ldp interface ge-0/0/2.0
set protocols ldp interface lo0.0
set policy-options policy-statement NEXT-HOP-SELF term 1 from protocol bgp
set policy-options policy-statement NEXT-HOP-SELF term 1 then next-hop self

AGG2:
-----------------------------------------------------------------------
set system host-name vAGG-2
set interfaces ge-0/0/0 description AGG-2_To_AGG-1
set interfaces ge-0/0/0 mtu 2000
set interfaces ge-0/0/0 unit 0 family inet address 200.200.200.142/30
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/2 description AGG-2_To_BOG-POP-RTR
set interfaces ge-0/0/2 mtu 2000
set interfaces ge-0/0/2 unit 0 family inet address 10.254.192.9/30
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 200.200.200.252/32
set routing-options router-id 200.200.200.252
set routing-options autonomous-system 48200
set protocols mpls interface ge-0/0/0.0
set protocols mpls interface ge-0/0/2.0
set protocols bgp group 48200 type internal
set protocols bgp group 48200 local-address 200.200.200.252
set protocols bgp group 48200 export NEXT-HOP-SELF
set protocols bgp group 48200 neighbor 200.200.200.253
set protocols bgp group 48200 neighbor 10.254.192.1
set protocols bgp group 48200 neighbor 10.254.128.1
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ldp interface ge-0/0/0.0
set protocols ldp interface ge-0/0/2.0
set protocols ldp interface lo0.0
set policy-options policy-statement NEXT-HOP-SELF term 1 from protocol bgp
set policy-options policy-statement NEXT-HOP-SELF term 1 then next-hop self

vSYL-POP-RTR(PE):
-----------------------------------------------------------------------
set system host-name vSYL-RTR
set interfaces ge-0/0/0 description vSYL-RTR_To_AGG-1
set interfaces ge-0/0/0 mtu 2000
set interfaces ge-0/0/0 unit 0 family inet address 10.254.128.14/30
set interfaces ge-0/0/0 unit 0 family mpls

//Step1--Configure the physical layer encapsulation type(ethernet) on the customer edge interface
set interfaces ge-0/0/1 description To-BT-SYL-CE
set interfaces ge-0/0/1 encapsulation ethernet-ccc  //Configure the customer edge interface to use the physical encapsulation type ethernet-ccc
set interfaces ge-0/0/1 unit 0 family ccc

set interfaces lo0 unit 0 family inet address 10.254.128.1/32
set routing-options router-id 10.254.128.1
set routing-options autonomous-system 48200
set protocols mpls interface ge-0/0/0.0
set protocols bgp group 48200 type internal
set protocols bgp group 48200 local-address 10.254.128.1
set protocols bgp group 48200 export NEXT-HOP-SELF
set protocols bgp group 48200 neighbor 200.200.200.253
set protocols bgp group 48200 neighbor 200.200.200.252

//Step2--Enable BGP group with family l2vpn signaling(vBOG-POP-RTR)
set protocols bgp group 48200 neighbor 10.254.192.1 family l2vpn signaling

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ldp interface ge-0/0/0.0
set protocols ldp interface lo0.0
set policy-options policy-statement NEXT-HOP-SELF term 1 from protocol bgp
set policy-options policy-statement NEXT-HOP-SELF term 1 then next-hop self

//Step3--Create VRF within PE RTR and Routing instance type l2vpn
set routing-instances BT-L2VPN description BT_L2VPN_SYL-BOG
set routing-instances BT-L2VPN instance-type l2vpn
set routing-instances BT-L2VPN interface ge-0/0/1
set routing-instances BT-L2VPN route-distinguisher 65050:1
set routing-instances BT-L2VPN vrf-target target:65050:100

//Step4--Configure the encapsulation type(ethernet) in the configuration of the routing instance
set routing-instances BT-L2VPN protocols l2vpn encapsulation-type ethernet //Configure protocols and encapsulation type used by routing instance
set routing-instances BT-L2VPN protocols l2vpn interface ge-0/0/1.0 description "vSYL_RTR_PE-TO-BT_SYL_CE"  //Apply the routing instance to a customer edge interface and specify a description for it

//Step5--Configure the routing-instance protocols site
set routing-instances BT-L2VPN protocols l2vpn site BT-SYL site-identifier 1 interface ge-0/0/1.0 remote-site-id 2

//Verifying
root@vSYL-RTR>show l2vpn connections
root@vSYL-RTR>show bgp summary
root@vSYL-RTR>show ldp session
root@vSYL-RTR> show ldp neighbor
root@vSYL-RTR>show route table bgp.l2vpn.0
root@vSYL-RTR>show route table BT-L2VPN.l2vpn.0
root@vSYL-RTR>ping mpls l2vpn interface ge-0/0/1.0 reply-mode ip-udp
root@vSYL-RTR>ping mpls l2vpn instance BT-L2VPN remote-site-id 2 local-site-id 1 detail

//output
root@vSYL-RTR> show l2vpn connections
Layer-2 VPN connections:

Legend for connection status (St)
EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down NP -- interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned <- -- only inbound connection is up
OR -- out of range Up -- operational
OL -- no outgoing label Dn -- down
LD -- local site signaled down CF -- call admission control failure
RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
MM -- MTU mismatch MI -- Mesh-Group ID not available
BK -- Backup connection ST -- Standby connection
PF -- Profile parse failure PB -- Profile busy
RS -- remote site standby SN -- Static Neighbor
LB -- Local site not best-site RB -- Remote site not best-site
VM -- VLAN ID mismatch

Legend for interface status
Up -- operational
Dn -- down

Instance: BT-L2VPN
Local site: BT-SYL (1)
connection-site Type St Time last up # Up trans
2 rmt Up Aug 4 08:26:32 2020 1
Remote PE: 10.254.192.1, Negotiated control-word: Yes (Null)
Incoming label: 800001, Outgoing label: 800000
Local interface: ge-0/0/1.0, Status: Up, Encapsulation: ETHERNET

root@vSYL-RTR> show bgp summary
Groups: 1 Peers: 3 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.l2vpn.0
1 1 0 0 0 0
inet.0
0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.254.192.1 48200 673 672 0 0 5:02:02 Establ
bgp.l2vpn.0: 1/1/1/0
BT-L2VPN.l2vpn.0: 1/1/1/0
200.200.200.252 48200 731 732 0 0 5:30:06 Establ
inet.0: 0/0/0/0
200.200.200.253 48200 720 731 0 0 5:30:02 Establ
inet.0: 0/0/0/0

root@vSYL-RTR> show ldp session
Address State Connection Hold time Adv. Mode
200.200.200.253 Operational Open 27 DU

root@vSYL-RTR> show ldp neighbor
Address Interface Label space ID Hold time
10.254.128.13 ge-0/0/0.0 200.200.200.253:0 11

root@vSYL-RTR> show route table bgp.l2vpn.0

bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

65050:2:2:1/96
*[BGP/170] 04:10:11, localpref 100, from 10.254.192.1
AS path: I, validation-state: unverified
> to 10.254.128.13 via ge-0/0/0.0, Push 299808

root@vSYL-RTR> show route table BT-L2VPN.l2vpn.0

BT-L2VPN.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

65050:1:1:1/96
*[L2VPN/170/-101] 05:36:18, metric2 1
Indirect
65050:2:2:1/96
*[BGP/170] 04:11:39, localpref 100, from 10.254.192.1
AS path: I, validation-state: unverified
> to 10.254.128.13 via ge-0/0/0.0, Push 29980

root@vSYL-RTR> ping mpls l2vpn interface ge-0/0/1.0 reply-mode ip-udp
!!!!!
--- lsping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss

root@vSYL-RTR> ping mpls l2vpn instance BT-L2VPN remote-site-id 2 local-site-id 1 detail
Request for seq 1, to interface 329, labels <800000, 299808>, packet size 88
Reply for seq 1, return code: Egress-ok, time: 53212.466 ms
Local transmit time: 2020-08-04 12:44:59 UTC 357.080 ms
Remote receive time: 2020-08-04 12:45:52 UTC 569.546 ms
Request for seq 2, to interface 329, labels <800000, 299808>, packet size 88
Reply for seq 2, return code: Egress-ok, time: 53215.698 ms
Local transmit time: 2020-08-04 12:45:00 UTC 343.025 ms
Remote receive time: 2020-08-04 12:45:53 UTC 558.723 ms
Request for seq 3, to interface 329, labels <800000, 299808>, packet size 88
Reply for seq 3, return code: Egress-ok, time: 53216.606 ms
Local transmit time: 2020-08-04 12:45:01 UTC 351.255 ms
Remote receive time: 2020-08-04 12:45:54 UTC 567.861 ms
Request for seq 4, to interface 329, labels <800000, 299808>, packet size 88
Reply for seq 4, return code: Egress-ok, time: 53219.439 ms
Local transmit time: 2020-08-04 12:45:02 UTC 349.627 ms
Remote receive time: 2020-08-04 12:45:55 UTC 569.066 ms
Request for seq 5, to interface 329, labels <800000, 299808>, packet size 88
Reply for seq 5, return code: Egress-ok, time: 53224.930 ms
Local transmit time: 2020-08-04 12:45:03 UTC 348.469 ms
Remote receive time: 2020-08-04 12:45:56 UTC 573.399 ms

--- lsping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss

vBOG-POP-RTR(PE):
-----------------------------------------------------------------------
set system host-name vBOG-RTR
set interfaces ge-0/0/0 description To_AGG-2-P
set interfaces ge-0/0/0 mtu 2000
set interfaces ge-0/0/0 unit 0 family inet address 10.254.192.10/30
set interfaces ge-0/0/0 unit 0 family mpls

//Step1--Configure the physical layer encapsulation type(ethernet) on the customer edge interface
set interfaces ge-0/0/1 description To-BT-BOG-CE
set interfaces ge-0/0/1 encapsulation ethernet-ccc  //Configure the customer edge interface to use the physical encapsulation type ethernet-ccc
set interfaces ge-0/0/1 unit 0 family ccc

set interfaces lo0 unit 0 family inet address 10.254.192.1/32
set routing-options router-id 10.254.192.1
set routing-options autonomous-system 48200
set protocols mpls interface ge-0/0/0.0
set protocols bgp group 48200 type internal
set protocols bgp group 48200 local-address 10.254.192.1
set protocols bgp group 48200 export NEXT-HOP-SELF
set protocols bgp group 48200 neighbor 200.200.200.252
set protocols bgp group 48200 neighbor 200.200.200.253

//Step2--Enable BGP group with family l2vpn signaling(vSYL-POP-RTR)
set protocols bgp group 48200 neighbor 10.254.128.1 family l2vpn signaling

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ldp interface ge-0/0/0.0
set protocols ldp interface lo0.0
set policy-options policy-statement NEXT-HOP-SELF term 1 from protocol bgp
set policy-options policy-statement NEXT-HOP-SELF term 1 then next-hop self

//Step3--Create VRF within PE RTR and Routing instance type l2vpn
set routing-instances BT-L2VPN description BT_L2VPN_BOG-SYL
set routing-instances BT-L2VPN instance-type l2vpn
set routing-instances BT-L2VPN interface ge-0/0/1
set routing-instances BT-L2VPN route-distinguisher 65050:2
set routing-instances BT-L2VPN vrf-target target:65050:100

//Step4--Configure the encapsulation type(ethernet) in the configuration of the routing instance
set routing-instances BT-L2VPN protocols l2vpn encapsulation-type ethernet //Configure protocols and encapsulation type used by routing instance
set routing-instances BT-L2VPN protocols l2vpn interface ge-0/0/1.0 description "vBOG_RTR_PE-TO-BT_BOG_CE"  //Apply the routing instance to a customer edge interface and specify a description for it

//Step5--Configure the routing-instance protocols site
set routing-instances BT-L2VPN protocols l2vpn site BT-BOG site-identifier 2 interface ge-0/0/1.0 remote-site-id 1

//Verifying
root@vBOG-RTR>show l2vpn connections
root@vBOG-RTR>show bgp summary
root@vBOG-RTR>show ldp session
root@vBOG-RTR> show ldp neighbor
root@vBOG-RTR>show route table bgp.l2vpn.0
root@vBOG-RTR>show route table BT-L2VPN.l2vpn.0
root@vBOG-RTR>ping mpls l2vpn interface ge-0/0/1.0 reply-mode ip-udp
root@vBOG-RTR>ping mpls l2vpn instance BT-L2VPN remote-site-id 1 local-site-id 2 detail

//output
root@vBOG-RTR> show l2vpn connections
Layer-2 VPN connections:

Legend for connection status (St)
EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down NP -- interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned <- -- only inbound connection is up
OR -- out of range Up -- operational
OL -- no outgoing label Dn -- down
LD -- local site signaled down CF -- call admission control failure
RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
MM -- MTU mismatch MI -- Mesh-Group ID not available
BK -- Backup connection ST -- Standby connection
PF -- Profile parse failure PB -- Profile busy
RS -- remote site standby SN -- Static Neighbor
LB -- Local site not best-site RB -- Remote site not best-site
VM -- VLAN ID mismatch

Legend for interface status
Up -- operational
Dn -- down

Instance: BT-L2VPN
Local site: BT-BOG (2)
connection-site Type St Time last up # Up trans
1 rmt Up Aug 4 08:26:46 2020 1
Remote PE: 10.254.128.1, Negotiated control-word: Yes (Null)
Incoming label: 800000, Outgoing label: 800001
Local interface: ge-0/0/1.0, Status: Up, Encapsulation: ETHERNET

root@vBOG-RTR> show bgp summary
Groups: 1 Peers: 3 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.l2vpn.0
1 1 0 0 0 0
inet.0
0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.254.128.1 48200 708 710 0 0 5:19:41 Establ bgp.l2vpn.0: 1/1/1/0
                      BT-L2VPN.l2vpn.0: 1/1/1/0
200.200.200.252 48200 705 707 0 0 5:19:17 Establ inet.0: 0/0/0/0
200.200.200.253 48200 697 708 0 0 5:19:35 Establ inet.0: 0/0/0/0

root@vBOG-RTR> show ldp session
Address State Connection Hold time Adv. Mode
200.200.200.252 Operational Open 28 DU

root@vBOG-RTR> show ldp neighbor
Address Interface Label space ID Hold time
10.254.192.9 ge-0/0/0.0 200.200.200.252:0 14

root@vBOG-RTR> show route table bgp.l2vpn.0

bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

65050:1:1:1/96
*[BGP/170] 04:27:26, localpref 100, from 10.254.128.1
AS path: I, validation-state: unverified
> to 10.254.192.9 via ge-0/0/0.0, Push 299792

root@vBOG-RTR> show route table BT-L2VPN.l2vpn.0

BT-L2VPN.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

65050:1:1:1/96
*[BGP/170] 04:27:34, localpref 100, from 10.254.128.1
AS path: I, validation-state: unverified
> to 10.254.192.9 via ge-0/0/0.0, Push 299792
65050:2:2:1/96
*[L2VPN/170/-101] 05:23:34, metric2 1
Indirect

root@vBOG-RTR> ping mpls l2vpn interface ge-0/0/1.0 reply-mode ip-udp
!!!!!
--- lsping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss

root@vBOG-RTR> ping mpls l2vpn instance BT-L2VPN remote-site-id 1 local-site-id 2 detail
Request for seq 1, to interface 329, labels <800001, 299792>, packet size 88
Reply for seq 1, return code: Egress-ok, time: -54595.388 ms
Local transmit time: 2020-08-04 12:55:08 UTC 837.158 ms
Remote receive time: 2020-08-04 12:54:14 UTC 241.770 ms
Request for seq 2, to interface 329, labels <800001, 299792>, packet size 88
Reply for seq 2, return code: Egress-ok, time: -54599.765 ms
Local transmit time: 2020-08-04 12:55:09 UTC 840.643 ms
Remote receive time: 2020-08-04 12:54:15 UTC 240.878 ms
Request for seq 3, to interface 329, labels <800001, 299792>, packet size 88
Reply for seq 3, return code: Egress-ok, time: -54602.667 ms
Local transmit time: 2020-08-04 12:55:10 UTC 844.260 ms
Remote receive time: 2020-08-04 12:54:16 UTC 241.593 ms
Request for seq 4, to interface 329, labels <800001, 299792>, packet size 88
Reply for seq 4, return code: Egress-ok, time: -54603.597 ms
Local transmit time: 2020-08-04 12:55:11 UTC 847.278 ms
Remote receive time: 2020-08-04 12:54:17 UTC 243.681 ms
Request for seq 5, to interface 329, labels <800001, 299792>, packet size 88
Reply for seq 5, return code: Egress-ok, time: -54606.758 ms
Local transmit time: 2020-08-04 12:55:12 UTC 840.922 ms
Remote receive time: 2020-08-04 12:54:18 UTC 234.164 ms

--- lsping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss

BT-SYL(CE):
-----------------------------------------------------------------------
/ip address
add address=192.168.128.1/24 comment=To-BTS-vSYL-POP interface=ether1 network=192.168.128.0
/system identity
set name=BT-SYL-CE

//Verifying
[admin@BT-SYL-CE] > ping 192.168.128.2
[admin@BT-SYL-CE] > ip arp print

//Output
[admin@BT-SYL-CE] > ping 192.168.128.2
SEQ HOST SIZE TTL TIME STATUS
0 192.168.128.2 56 64 14ms
1 192.168.128.2 56 64 7ms
2 192.168.128.2 56 64 6ms
sent=3 received=3 packet-loss=0% min-rtt=6ms avg-rtt=9ms max-rtt=14ms

[admin@BT-SYL-CE] > ip arp print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic, P - published,
C - complete
# ADDRESS MAC-ADDRESS INTERFACE
0 DC 192.168.128.2 0C:50:B3:AA:C2:00 ether1

BT-BOG(CE):
-----------------------------------------------------------------------
/ip address
add address=192.168.128.2/24 comment=To-BTS-vBOG-POP interface=ether1 network=192.168.128.0
/system identity
set name=BT-BOG-CE

//Verifying
[admin@BT-SYL-CE] > ping 192.168.128.1
[admin@BT-BOG-CE] > ip arp print

//Output
[admin@BT-BOG-CE] > ping 192.168.128.1
SEQ HOST SIZE TTL TIME STATUS
0 192.168.128.1 56 64 8ms
1 192.168.128.1 56 64 7ms
2 192.168.128.1 56 64 8ms
sent=3 received=3 packet-loss=0% min-rtt=7ms avg-rtt=7ms max-rtt=8ms

[admin@BT-BOG-CE] > ip arp print
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic, P - published,
C - complete
# ADDRESS MAC-ADDRESS INTERFACE
0 DC 192.168.128.1 0C:50:B3:B1:1C:00 ether1

Reference:
--------------------------------------------------------------------------
https://www.juniper.net/documentation/en_US/junos/topics/example/mpls-ex-series-vpn-layer2.html
https://www.juniper.net/documentation/en_US/junos/topics/example/vpn-layer2-configuring.html
https://kb.juniper.net/InfoCenter/index?page=content&id=KB28758

Tawfique Ahmed

Wednesday, August 5, 2020

L2VPN Circuit Cross Connect(CCC) Over MPLS

Contributors