Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Sat Aug 19, 2017 2:43 am


Author Message
mandrei99
Post  Post subject: Twisted LDP signaled VPLS scenario using Juniper SRX selective packet services  |  Posted: Fri May 24, 2013 11:27 am

Joined: Tue Aug 04, 2009 9:16 am
Posts: 245

Offline
 

Twisted LDP signaled VPLS scenario using Juniper SRX selective packet services

Junos - Twisted VPLS scenario with SRX selective packet services
Attachment:
vpls-ldp-selective-packet-filter.png [79.11 KiB]
Downloaded 1300 times

http://www.juniper.net/us/en/local/pdf/ ... 192-en.pdf
Quote from "BrANCh SrX SErIES ANd J SErIES SELECTIvE PACkET SErvICES" Juniper App note:
Quote:
IP routers have traditionally forwarded packets based on the destination IP address of each packet. The standard
processing sequence matches the destination IP address of a packet with an entry in the forwarding table, selects the
appropriate egress interface, and forwards the packet onto the physical medium (assuming the packet is in transit and
not one destined for the router itself).
...
This processing mode does not require any information about either previous or subsequent packets that belong to a
given connection. Each packet is individually processed, and any decision to allow or deny traffic is packet specific. Any
additional services such as firewall filtering, Network Address Translation (NAT), and IPsec result in increased overhead.
Firewalls and security devices take a session-based processing approach. Session-based or flow-mode processing
leverages session state to minimize packet-by-packet decision making, and this improves the overall performance of
SrX Series Services Gateways for the branch. In flow mode, traffic is inspected at the transport level using a five-tuple
match of source and destination addresses, source and destination ports (when applicable), and protocol with the source
and destination zones to determine if the packet belongs to a new or existing session. For any new traffic, route and policy
lookups are performed. After lookups, all subsequent packets in the session are “fast path” processed using the action
determined by the first packet. As long as future traffic matches the initial session, the processing continues unabated.
The main advantage of packet forwarding is that routers do not have to keep track of all session information or analyze
how sessions are established, which optimizes packet processing. In some cases, the forwarding path is implemented
using ASICs to achieve high, deterministic performance. Firewalls, on the other hand, only use ASICs to accelerate the
packet forwarding once a session is established.
Flow-mode forwarding, however, allows for more granular traffic control at the expense of implementation complexity
and lower, nondeterministic performance. For example, the following services benefit when sessions are monitored:
• Stateful inspection
• NAT
• Intrusion prevention system (IPS)
• Unified threat management (UTM) (such as antivirus, content filtering, Web filtering, antispam, etc.)
• J-Flow
Traffic is processed by the packet-based forwarding module providing all of the following services:
• routing
• Quality of service (QoS)
• Link fragmentation and interleaving (LFI)
• Generic routing encapsulation (GrE) and IP over IP (IP-IP) tunneling (no fragmentation and reassembly)
• L2 switching
• MPLS
• IPv6
• Compressed real-Time Transport Protocol (CrTP)
The flow-based forwarding module was able to provide all of the above and also deliver the following services:
• Stateful inspection firewall (including screens)
• NAT
• IPsec
• J-Flow
• Intrusion detection and prevention
• UTM
• GrE fragmentation and reassembly
To overcome the limitation of having to choose between the forwarding engines and the associated service trade-offs,
Junos OS 9.6 introduces the ability to use both modes simultaneously. Packet filters are used to selectively mark traffic
that requires packet mode forwarding, while unmarked traffic is sent to the default flow-based forwarding module.


Here is my diagram:

Details of this lab:
- server is a Pentium 3 running FreeBSD7 with only one routing table compiled in the kernel.
- CEs devices are Server 192.168.6.2 and cameron (srx100) fe-0/0/5 - 192.168.6.1 interface.
- PE devices are cameron fe-0/0/4 and daniel fe-0/0/5 interfaces.
- P device is one SRX 220 running two MPLS dedicated routing instances (MPLS-1 and MPLS-2) with logical tunnel (lt) interfaces between them.

Scope is to have ping between server and cameron interface fe-0/0/5.

Part 1. Configuration - the two SRX 100 (daniel & cameron) run in full packet mode while srx 220 runs in selective packet mode (quoted explanation above).
Code:
root@daniel# show | except SECRET-DATA
## Last changed: 2013-05-21 14:28:45 UTC
version 11.4R7.5;
interfaces {
    fe-0/0/0 {
        mtu 1548;
        unit 0 {
            family inet {
                mtu 1500;
                address 10.1.1.82/30;
            }
            family mpls {
                mtu 1534;
            }                           
        }
    }
    fe-0/0/5 {
        flexible-vlan-tagging;
        encapsulation vlan-vpls;
        unit 0 {
            encapsulation vlan-vpls;
            vlan-id 530;
            family vpls;
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 192.168.27.1/32;
            }
        }
    }
}
routing-options {
    autonomous-system 64515;
}
protocols {
    mpls {
        interface all;                 
    }
    bgp {
        tcp-mss 1200;
        group ibgp {
            type internal;
            family inet-vpn {
                any;
            }
            neighbor 192.168.27.2 {
                local-address 192.168.27.1;
                family inet {
                    unicast;
                }
                family inet-vpn {
                    unicast;
                }
                family l2vpn {
                    signaling;
                }
                export ibgp-export;
            }
        }
    }                                   
    ospf {
        area 0.0.0.1 {
            interface lo0.0 {
                passive;
            }
            interface fe-0/0/0.0 {
                hello-interval 2;
                dead-interval 6;
            }
        }
    }
    ldp {
        interface fe-0/0/0.0;
        interface fe-0/0/1.0;
        interface lo0.0;
    }
    lldp {
        interface all;
    }
}

security {
    forwarding-options {
        family {
            mpls {
                mode packet-based;
            }
        }
    }
    inactive: policies {
        default-policy {
            permit-all;
        }
    }
    zones {
        security-zone trust {
            host-inbound-traffic {     
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                all;
            }
        }
    }
}
routing-instances {
    MPLS-VPLS-cameron {
        instance-type vpls;
        interface fe-0/0/5.0;
        route-distinguisher 192.168.27.1:2;
        vrf-target target:64515:2;
        protocols {
            vpls {
                interface fe-0/0/5.0;
                no-tunnel-services;     
                site Cameron-fe005 {
                    site-identifier 1;
                }
                vpls-id 1;
            }
        }
    }
}


Code:
root@cameron# show | except SECRET-DATA
## Last changed: 2013-05-21 15:15:22 UTC
version 11.4R7.5;
interfaces {                           
    fe-0/0/0 {
        mtu 1548;
        unit 0 {
            family inet {
                mtu 1500;
                address 10.1.1.90/30;
            }
            family mpls {
                mtu 1534;
            }
        }
    }
    fe-0/0/4 {
        flexible-vlan-tagging;
        encapsulation vlan-vpls;       
        unit 0 {
            encapsulation vlan-vpls;
            vlan-id 530;
            family vpls;
        }
    }
    fe-0/0/5 {
        vlan-tagging;
        unit 0 {
            vlan-id 530;
            family inet {
                address 192.168.6.1/24;
            }
        }
    }

    lo0 {                               
        unit 0 {
            family inet {
                address 192.168.27.2/32;
            }
        }
    }
}
routing-options {
    static {
        defaults {
            community no-export;
        }
        route 0.0.0.0/0 next-hop 10.1.1.65;
        route 192.168.3.0/24 {
            lsp-next-hop 10.1.1.65;
        }
    }
    autonomous-system 64515;
}
protocols {
    mpls {
        interface all;
        interface lo0.0;
        interface fe-0/0/0.0;
    }
    bgp {
        tcp-mss 1200;
        group ibgp {                   
            type internal;
            neighbor 192.168.27.1 {
                local-address 192.168.27.2;
                family inet {
                    unicast;
                }
                family inet-vpn {
                    unicast;
                }
                family l2vpn {
                    signaling;
                }
                export ibgp-export;
            }
        }
    }
    ospf {           
        area 0.0.0.1 {
            interface lo0.0 {
                passive;
            }
            interface fe-0/0/1.0 {
                hello-interval 2;
                dead-interval 6;
            }
            interface fe-0/0/0.0 {
                hello-interval 2;
                dead-interval 6;
            }
        }
    }
    ldp {
        interface fe-0/0/0.0;
        interface fe-0/0/1.0;
        interface lo0.0;
    }                                   
}
security {
    forwarding-options {
        family {
            mpls {
                mode packet-based;
            }
        }
    }
}
routing-instances {
    MPLS-VPLS-daniel {
        instance-type vpls;
        interface fe-0/0/4.0;
        route-distinguisher 192.168.27.2:2;
        vrf-target target:64515:2;
        protocols {
            vpls {
                no-tunnel-services;     
                site Thor-XL0 {
                    site-identifier 4;
                    multi-homing;
                    interface fe-0/0/4.0;
                }
            }
        }
    }
}

Part 2 - SRX 220 - apollo - P core configuration:
Code:
[edit]
user@apollo# show routing-instances MPLS-1 
instance-type virtual-router;
interface lt-0/0/0.8;
interface ge-0/0/7.101;
interface ge-0/0/7.102;
interface lo0.1;
protocols {
    ospf {
        area 0.0.0.1 {
            interface lo0.1 {
                passive;
            }
            interface lt-0/0/0.8 {
                hello-interval 4;
                dead-interval 10;
            }
            interface ge-0/0/7.101 {
                hello-interval 2;
                dead-interval 6;
            }
        }
    }
    ldp {
        interface lt-0/0/0.8;
        interface ge-0/0/7.101;
        interface lo0.1;
    }
}

[edit]
user@apollo# show routing-instances MPLS-2   
instance-type virtual-router;
interface lt-0/0/0.9;
interface ge-0/0/7.103;
interface ge-0/0/7.104;
interface lo0.2;
protocols {
    ospf {
        area 0.0.0.1 {
            interface lt-0/0/0.9 {
                hello-interval 4;
                dead-interval 10;
            }
            interface lo0.2;
            interface ge-0/0/7.104 {
                hello-interval 2;
                dead-interval 6;
            }
        }
    }
    ldp {
        interface lt-0/0/0.9;
        interface ge-0/0/7.104;
        interface lo0.2;
    }
}

[edit]
user@apollo# show interfaces lt-0/0/0.8
encapsulation ethernet;
peer-unit 9;
family inet {
    mtu 1500;
    filter {
        input packet-mode;
    }
    address 10.1.1.69/30;
}
family mpls {
    mtu 1534;
    filter {
        input mpls-packet-mode;
    }
}

[edit]
user@apollo# show interfaces lt-0/0/0.9   
encapsulation ethernet;
peer-unit 8;
family inet {
    mtu 1500;
    filter {
        input packet-mode;
    }
    address 10.1.1.70/30;
}
family mpls {
    mtu 1534;
    filter {
        input mpls-packet-mode;
    }
}

[edit]
user@apollo# show interfaces lo0.1   
family inet {
    address 172.16.2.11/32;
}

[edit]
user@apollo# show interfaces lo0.2   
family inet {
    address 172.16.2.12/32;
}
user@apollo# show interfaces ge-0/0/7.101       
vlan-id 101;
family inet {
    mtu 1500;
    filter {
        input packet-mode;
    }
    address 10.1.1.81/30;
}
family mpls {
    filter {
        input mpls-packet-mode;
    }
}

[edit]
user@apollo# show interfaces ge-0/0/7.104   
vlan-id 104;
family inet {
    mtu 1500;
    filter {
        input packet-mode;
    }
    address 10.1.1.89/30;
}
family mpls {
    filter {
        input mpls-packet-mode;
    }
}

[edit]
user@apollo# show firewall family inet filter packet-mode
term 0 {
    then {
        packet-mode;
        accept;
    }
}

[edit]
user@apollo# show firewall family mpls filter mpls-packet-mode     
term main {
    then {
        count mpls;
        packet-mode;
        accept;
    }
}

[edit]
user@apollo#


For the device running in selective packet mode, it is important to set packet mode for both mpls and inet families. This is because bgp traffic between cameron and daniel will be pure inet and between CEs will be mpls encapsulated !!!!!!!! Missing this detail will block bgp peering between CEs

Testing VPLS connection between CEs:
Code:
# ping -c 1 -s 1472 192.168.6.1             
PING 192.168.6.1 (192.168.6.1): 1472 data bytes
1480 bytes from 192.168.6.1: icmp_seq=0 ttl=64 time=2.724 ms

--- 192.168.6.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.724/2.724/2.724/0.000 ms


To show that fragmentation does occur only after 1500 bytes (IP mtu), this is tcpdump output:
Code:
# tcpdump -nni vlan530 -v icmp
tcpdump: listening on vlan530, link-type EN10MB (Ethernet), capture size 65535 bytes


17:17:05.762275 IP (tos 0x0, ttl 64, id 25538, offset 0, flags [none], proto ICMP (1), length 1500)
    192.168.6.2 > 192.168.6.1: ICMP echo request, id 22303, seq 0, length 1480
17:17:05.764316 IP (tos 0x0, ttl 64, id 25538, offset 0, flags [none], proto ICMP (1), length 1500)
    192.168.6.1 > 192.168.6.2: ICMP echo reply, id 22303, seq 0, length 1480

Result: One 1500 bytes IP packet for request and one 1500 bytes IP packet for reply.

Let's try with 1501 bytes:
Code:
# ping -c 1 -s 1473 192.168.6.1 
PING 192.168.6.1 (192.168.6.1): 1473 data bytes
1481 bytes from 192.168.6.1: icmp_seq=0 ttl=64 time=4.375 ms

--- 192.168.6.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 4.375/4.375/4.375/0.000 ms
    192.168.6.2 > 192.168.6.1: ICMP echo request, id 37663, seq 0, length 1480
17:17:46.837541 IP (tos 0x0, ttl 64, id 63707, offset 1480, flags [none], proto ICMP (1), length 21)
    192.168.6.2 > 192.168.6.1: ip-proto-1
17:17:46.841715 IP (tos 0x0, ttl 64, id 45434, offset 0, flags [+], proto ICMP (1), length 1500)
    192.168.6.1 > 192.168.6.2: ICMP echo reply, id 37663, seq 0, length 1480
17:17:46.841753 IP (tos 0x0, ttl 64, id 45434, offset 1480, flags [none], proto ICMP (1), length 21)
    192.168.6.1 > 192.168.6.2: ip-proto-1


so the first packet contains first 1472 bytes of icmp payload and next packet contains the 1473rd one (size 21 = 20 bytes IP + 1 byte)



Let's check inet.0, inet.3 and mpls.0 for both CEs (cameron/daniel) and P routing instances:
First, P routing instances:
Code:
user@apollo> show route table MPLS-1.inet.0 

MPLS-1.inet.0: 12 destinations, 15 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.1.1.68/30       *[Direct/0] 4w3d 00:46:09
                    > via lt-0/0/0.8
10.1.1.69/32       *[Local/0] 4w3d 00:46:09
                      Local via lt-0/0/0.8
10.1.1.80/30       *[Direct/0] 2d 07:55:49
                    > via ge-0/0/7.101
10.1.1.81/32       *[Local/0] 4w3d 00:46:09
                      Local via ge-0/0/7.101
10.1.1.84/30       *[Direct/0] 2d 07:55:50
                    > via ge-0/0/7.102
10.1.1.85/32       *[Local/0] 4w3d 00:46:09
                      Local via ge-0/0/7.102
10.1.1.88/30       *[OSPF/10] 2d 07:55:49, metric 2
                    > to 10.1.1.70 via lt-0/0/0.8
172.16.2.11/32     *[Direct/0] 4w3d 00:46:09
                    > via lo0.1
172.16.2.12/32     *[LDP/9] 2d 07:56:15, metric 1
                    > to 10.1.1.70 via lt-0/0/0.8
                    [OSPF/10] 4w3d 00:45:53, metric 1
                    > to 10.1.1.70 via lt-0/0/0.8
192.168.27.1/32    *[LDP/9] 2d 07:55:45, metric 1
                    > to 10.1.1.82 via ge-0/0/7.101
                    [OSPF/10] 2d 07:55:46, metric 1
                    > to 10.1.1.82 via ge-0/0/7.101
192.168.27.2/32    *[LDP/9] 2d 07:55:41, metric 1
                    > to 10.1.1.70 via lt-0/0/0.8, Push 300224
                    [OSPF/10] 2d 07:55:42, metric 2
                    > to 10.1.1.70 via lt-0/0/0.8
224.0.0.5/32       *[OSPF/10] 4w3d 00:46:11, metric 1
                      MultiRecv

user@apollo> show route table MPLS-1.inet.3   

MPLS-1.inet.3: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.2.12/32     *[LDP/9] 2d 07:56:17, metric 1
                    > to 10.1.1.70 via lt-0/0/0.8
192.168.27.1/32    *[LDP/9] 2d 07:55:47, metric 1
                    > to 10.1.1.82 via ge-0/0/7.101
192.168.27.2/32    *[LDP/9] 2d 07:55:43, metric 1
                    > to 10.1.1.70 via lt-0/0/0.8, Push 300224

user@apollo> show route table MPLS-1.mpls.0   

MPLS-1.mpls.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

300160             *[LDP/9] 2d 07:56:22, metric 1
                    > to 10.1.1.70 via lt-0/0/0.8, Pop     
300160(S=0)        *[LDP/9] 2d 07:56:22, metric 1
                    > to 10.1.1.70 via lt-0/0/0.8, Pop     
300192             *[LDP/9] 2d 07:55:52, metric 1
                    > to 10.1.1.82 via ge-0/0/7.101, Pop     
300192(S=0)        *[LDP/9] 2d 07:55:52, metric 1
                    > to 10.1.1.82 via ge-0/0/7.101, Pop     
300240             *[LDP/9] 2d 07:55:48, metric 1
                    > to 10.1.1.70 via lt-0/0/0.8, Swap 300224

user@apollo> show route table MPLS-2.inet.0     

MPLS-2.inet.0: 12 destinations, 15 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.1.1.68/30       *[Direct/0] 4w3d 00:46:23
                    > via lt-0/0/0.9
10.1.1.70/32       *[Local/0] 4w3d 00:46:23
                      Local via lt-0/0/0.9
10.1.1.80/30       *[OSPF/10] 2d 07:56:03, metric 2
                    > to 10.1.1.69 via lt-0/0/0.9
10.1.1.84/30       *[Direct/0] 2d 07:56:04
                    > via ge-0/0/7.103
10.1.1.86/32       *[Local/0] 4w3d 00:46:23
                      Local via ge-0/0/7.103
10.1.1.88/30       *[Direct/0] 2d 07:56:04
                    > via ge-0/0/7.104
10.1.1.89/32       *[Local/0] 4w3d 00:46:23
                      Local via ge-0/0/7.104
172.16.2.11/32     *[LDP/9] 2d 07:56:29, metric 1
                    > to 10.1.1.69 via lt-0/0/0.9
                    [OSPF/10] 4w3d 00:46:02, metric 1
                    > to 10.1.1.69 via lt-0/0/0.9
172.16.2.12/32     *[Direct/0] 4w3d 00:46:23
                    > via lo0.2
192.168.27.1/32    *[LDP/9] 2d 07:55:59, metric 1
                    > to 10.1.1.69 via lt-0/0/0.9, Push 300192
                    [OSPF/10] 2d 07:56:00, metric 2
                    > to 10.1.1.69 via lt-0/0/0.9
192.168.27.2/32    *[LDP/9] 2d 07:55:55, metric 1
                    > to 10.1.1.90 via ge-0/0/7.104
                    [OSPF/10] 2d 07:55:56, metric 1
                    > to 10.1.1.90 via ge-0/0/7.104
224.0.0.5/32       *[OSPF/10] 4w3d 00:46:25, metric 1
                      MultiRecv

user@apollo> show route table MPLS-2.inet.3   

MPLS-2.inet.3: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.2.11/32     *[LDP/9] 2d 07:56:32, metric 1
                    > to 10.1.1.69 via lt-0/0/0.9
192.168.27.1/32    *[LDP/9] 2d 07:56:02, metric 1
                    > to 10.1.1.69 via lt-0/0/0.9, Push 300192
192.168.27.2/32    *[LDP/9] 2d 07:55:58, metric 1
                    > to 10.1.1.90 via ge-0/0/7.104

user@apollo> show route table MPLS-2.mpls.0   

MPLS-2.mpls.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

300128             *[LDP/9] 2d 07:56:37, metric 1
                    > to 10.1.1.69 via lt-0/0/0.9, Pop     
300128(S=0)        *[LDP/9] 2d 07:56:37, metric 1
                    > to 10.1.1.69 via lt-0/0/0.9, Pop     
300208             *[LDP/9] 2d 07:56:07, metric 1
                    > to 10.1.1.69 via lt-0/0/0.9, Swap 300192
300224             *[LDP/9] 2d 07:56:03, metric 1
                    > to 10.1.1.90 via ge-0/0/7.104, Pop     
300224(S=0)        *[LDP/9] 2d 07:56:03, metric 1
                    > to 10.1.1.90 via ge-0/0/7.104, Pop     


Code:
root@daniel> show route | no-more

inet.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.1/32        *[Local/0] 2w0d 09:42:03
                      Reject
10.1.1.53/32       *[Local/0] 2w0d 09:42:12
                      Reject
10.1.1.65/32       *[Local/0] 2w0d 09:42:04
                      Reject
10.1.1.68/30       *[OSPF/10] 2d 07:58:24, metric 2
                    > to 10.1.1.81 via fe-0/0/0.0
10.1.1.74/32       *[Local/0] 2w0d 09:42:12
                      Reject
10.1.1.80/30       *[Direct/0] 2w0d 09:42:00
                    > via fe-0/0/0.0
10.1.1.82/32       *[Local/0] 2w0d 09:42:04
                      Local via fe-0/0/0.0
10.1.1.88/30       *[OSPF/10] 2d 07:58:24, metric 3
                    > to 10.1.1.81 via fe-0/0/0.0
172.16.2.11/32     *[OSPF/10] 2d 07:58:24, metric 1
                    > to 10.1.1.81 via fe-0/0/0.0
172.16.2.12/32     *[OSPF/10] 2d 07:58:24, metric 2
                    > to 10.1.1.81 via fe-0/0/0.0
192.168.27.1/32    *[Direct/0] 2w0d 09:42:28
                    > via lo0.0
192.168.27.2/32    *[OSPF/10] 2d 07:58:20, metric 3
                    > to 10.1.1.81 via fe-0/0/0.0
224.0.0.2/32       *[PIM/0] 2w0d 09:42:38
                      MultiRecv
224.0.0.5/32       *[OSPF/10] 2w0d 09:42:39, metric 1
                      MultiRecv
224.0.0.13/32      *[PIM/0] 2w0d 09:42:38
                      MultiRecv
224.0.0.22/32      *[IGMP/0] 2w0d 09:42:11
                      MultiRecv

inet.1: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

224.0.1.39,192.168.27.1/32*[PIM/105] 2w0d 09:42:28
                      Multicast (IPv4) Composite
224.0.1.40,192.168.27.1/32*[PIM/105] 2w0d 09:40:42
                      Multicast (IPv4) Composite

inet.3: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.2.11/32     *[LDP/9] 2d 07:58:23, metric 1
                    > to 10.1.1.81 via fe-0/0/0.0
172.16.2.12/32     *[LDP/9] 2d 07:58:23, metric 1
                    > to 10.1.1.81 via fe-0/0/0.0, Push 300160
192.168.27.2/32    *[LDP/9] 2d 07:58:19, metric 1
                    > to 10.1.1.81 via fe-0/0/0.0, Push 300240

mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 2w0d 09:42:38, metric 1
                      Receive
1                  *[MPLS/0] 2w0d 09:42:38, metric 1
                      Receive
2                  *[MPLS/0] 2w0d 09:42:38, metric 1
                      Receive
262156             *[VPLS/7] 00:15:42
                    > via lsi.1049089, Pop     
299872             *[LDP/9] 2d 07:58:23, metric 1
                    > to 10.1.1.81 via fe-0/0/0.0, Pop     
299872(S=0)        *[LDP/9] 2d 07:58:23, metric 1
                    > to 10.1.1.81 via fe-0/0/0.0, Pop     
299888             *[LDP/9] 2d 07:58:23, metric 1
                    > to 10.1.1.81 via fe-0/0/0.0, Swap 300160
299904             *[LDP/9] 2d 07:58:19, metric 1
                    > to 10.1.1.81 via fe-0/0/0.0, Swap 300240
lsi.1049089        *[VPLS/7] 00:15:42, metric2 1
                    > to 10.1.1.81 via fe-0/0/0.0, Push 262153, Push 300240(top)

inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

ff02::2/128        *[PIM/0] 2w0d 09:42:38
                      MultiRecv
ff02::d/128        *[PIM/0] 2w0d 09:42:38
                      MultiRecv

bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.27.2:2:4:1/96               
                   *[BGP/170] 00:15:42, localpref 100, from 192.168.27.2
                      AS path: I
                    > to 10.1.1.81 via fe-0/0/0.0, Push 300240

MPLS-VPLS-cameron.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.27.1:2:1:1/96               
                   *[L2VPN/170/-101] 1w4d 04:39:01, metric2 1
                      Indirect
192.168.27.2:2:4:1/96               
                   *[BGP/170] 00:15:42, localpref 100, from 192.168.27.2
                      AS path: I
                    > to 10.1.1.81 via fe-0/0/0.0, Push 300240
root@daniel> show route forwarding-table family vpls 
Routing table: MPLS-VPLS-cameron.vpls
VPLS:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   565     1
fe-0/0/5.0         user     0                    comp   603     2
lsi.1049089        user     0                    comp   613     2
00:40:ca:18:30:c9/48 dynm     0                  indr 262143     4
                              10.1.1.81         Push 262153, Push 300240(top)   608     2 fe-0/0/0.0
80:71:1f:38:f9:45/48 dynm     0                  ucst   601     3 fe-0/0/5.0


Code:
root@cameron> show route | no-more

inet.0: 17 destinations, 17 routes (17 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.2/32        *[Local/0] 2w0d 09:42:31
                      Reject
10.1.1.54/32       *[Local/0] 2w0d 09:42:41
                      Reject
10.1.1.66/32       *[Local/0] 2w0d 09:42:31
                      Reject
10.1.1.68/30       *[OSPF/10] 2d 07:58:30, metric 2
                    > to 10.1.1.89 via fe-0/0/0.0
10.1.1.80/30       *[OSPF/10] 2d 07:58:30, metric 3
                    > to 10.1.1.89 via fe-0/0/0.0
10.1.1.88/30       *[Direct/0] 2w0d 09:42:26
                    > via fe-0/0/0.0
10.1.1.90/32       *[Local/0] 2w0d 09:42:31
                      Local via fe-0/0/0.0
172.16.2.11/32     *[OSPF/10] 2d 07:58:30, metric 2
                    > to 10.1.1.89 via fe-0/0/0.0
172.16.2.12/32     *[OSPF/10] 2d 07:58:30, metric 1
                    > to 10.1.1.89 via fe-0/0/0.0
192.168.6.0/24     *[Direct/0] 2w0d 09:42:21
                    > via fe-0/0/5.0
192.168.6.1/32     *[Local/0] 2w0d 09:42:31
                      Local via fe-0/0/5.0
192.168.27.1/32    *[OSPF/10] 2d 07:58:30, metric 3
                    > to 10.1.1.89 via fe-0/0/0.0
192.168.27.2/32    *[Direct/0] 2w0d 09:42:54
                    > via lo0.0
224.0.0.2/32       *[PIM/0] 2w0d 09:43:05
                      MultiRecv
224.0.0.5/32       *[OSPF/10] 2w0d 09:43:07, metric 1
                      MultiRecv
224.0.0.13/32      *[PIM/0] 2w0d 09:43:05
                      MultiRecv
224.0.0.22/32      *[IGMP/0] 2w0d 09:42:31
                      MultiRecv

inet.3: 4 destinations, 5 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.2.11/32     *[LDP/9] 2d 07:58:29, metric 1
                    > to 10.1.1.89 via fe-0/0/0.0, Push 300128
172.16.2.12/32     *[LDP/9] 2d 07:58:29, metric 1
                    > to 10.1.1.89 via fe-0/0/0.0
172.17.0.0/16      *[MPLS/100/1] 2w0d 09:42:26, metric 0
                    > to 10.1.1.89 via fe-0/0/0.0, Push 912
192.168.27.1/32    *[LDP/9] 2d 07:58:29, metric 1
                    > to 10.1.1.89 via fe-0/0/0.0, Push 300208
                    [MPLS/100/1] 2w0d 09:42:26, metric 0
                    > to 10.1.1.89 via fe-0/0/0.0, Push 912

mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 2w0d 09:43:05, metric 1
                      Receive
1                  *[MPLS/0] 2w0d 09:43:05, metric 1
                      Receive
2                  *[MPLS/0] 2w0d 09:43:05, metric 1
                      Receive
262153             *[VPLS/7] 00:15:50
                    > via lsi.1049089, Pop     
299872             *[LDP/9] 2d 07:58:29, metric 1
                    > to 10.1.1.89 via fe-0/0/0.0, Pop     
299872(S=0)        *[LDP/9] 2d 07:58:29, metric 1
                    > to 10.1.1.89 via fe-0/0/0.0, Pop     
299888             *[LDP/9] 2d 07:58:29, metric 1
                    > to 10.1.1.89 via fe-0/0/0.0, Swap 300128
299904             *[LDP/9] 2d 07:58:29, metric 1
                    > to 10.1.1.89 via fe-0/0/0.0, Swap 300208
lsi.1049089        *[VPLS/7] 00:15:50, metric2 1
                    > to 10.1.1.89 via fe-0/0/0.0, Push 262156, Push 300208(top)

inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

ff02::2/128        *[PIM/0] 2w0d 09:43:05
                      MultiRecv
ff02::d/128        *[PIM/0] 2w0d 09:43:05
                      MultiRecv

bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.27.1:2:1:1/96               
                   *[BGP/170] 00:15:50, localpref 100, from 192.168.27.1
                      AS path: I
                    > to 10.1.1.89 via fe-0/0/0.0, Push 300208

MPLS-VPLS-daniel.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.27.1:2:1:1/96               
                   *[BGP/170] 00:15:50, localpref 100, from 192.168.27.1
                      AS path: I
                    > to 10.1.1.89 via fe-0/0/0.0, Push 300208
192.168.27.2:2:4:1/96               
                   *[L2VPN/170/-101] 2w0d 09:42:54, metric2 1
                      Indirect

root@cameron> show route forwarding-table family vpls
Routing table: MPLS-VPLS-daniel.vpls
VPLS:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   541     1
fe-0/0/4.0         user     0                    comp   582     2
lsi.1049089        user     0                    comp   579     2
00:40:ca:18:30:c9/48 dynm     0                  ucst   581     3 fe-0/0/4.0
80:71:1f:38:f9:45/48 dynm     0                  indr 262142     4
                              10.1.1.89         Push 262156, Push 300208(top)   550     2 fe-0/0/0.0





Top
Tripple26
Post  Post subject: Re: Junos: GRE interface in VR with local tunnel endpoint in main routing instance  |  Posted: Mon Apr 13, 2015 3:25 am

Joined: Mon Apr 13, 2015 3:13 am
Posts: 1

Offline
For the device running in selective packet mode, it is important to set packet mode for both mpls and inet families. This is because bgp traffic between cameron and daniel will be pure inet and between CEs will be mpls encapsulated !!!!!!!! Missing this detail will block bgp peering between CEs

_________________
DevIL jiN


Top
Display posts from previous:  Sort by  
E-mail friendPrint view

Topics related to - "Twisted LDP signaled VPLS scenario using Juniper SRX selective packet services"
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. OSPF Multi area scenario with isolated areas cisco & Juniper - part 1.

mandrei99

0

1202

Thu Nov 13, 2014 9:51 am

mandrei99 View the latest post

There are no new unread posts for this topic. Example of BGP update message sent from Junos for a VPLS circuit

mandrei99

0

667

Fri Jul 19, 2013 9:24 am

mandrei99 View the latest post

There are no new unread posts for this topic. Junos VPLS Label Block Operations - Example with BGP signaling

mandrei99

0

1712

Thu Jul 04, 2013 7:44 am

mandrei99 View the latest post

There are no new unread posts for this topic. Junos VPLS Virtual circuit stuck in "VC-Dn" state

mandrei99

0

1887

Tue Jul 09, 2013 9:48 am

mandrei99 View the latest post

There are no new unread posts for this topic. Attachment(s) OSPF: Dangers of non-standard area design - Juniper way

mandrei99

0

879

Thu Nov 13, 2014 12:29 pm

mandrei99 View the latest post

There are no new unread posts for this topic. Injecting a default route in an OSPF NSSA area from a Juniper device

mandrei99

0

2982

Sun Mar 15, 2015 5:24 pm

mandrei99 View the latest post

 

Who is online
Users browsing this forum: No registered users and 0 guests
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO