About bitcourier

I am a router. I speak two languages: IOS and Junos. I work as a bit courier.

Using RPM to generate traffic on a Junos device

Posted on August 9, 2014 by bitcourier

RPM (Realtime Probe Monitoring) on a Junos device (similar to IP SLA feature on IOS) is used to monitor network performance between the two end points in a network. In a lab environment, we can use this feature to generate “real” traffic for testing QoS, or security policies, without having to have a real traffic generator, which is very handy. RPM can generate TCP and UDP traffic, in addition to ICMP (which can be easily done with the ping command.

The following are config to simulate ICMP/UDP/TCP traffic from R1 (simulating a Client machine) to R2 (Server).

Configuration

lab@R1> show configuration services   
rpm {
    probe ICMP_Probe {
        test Generate_ICMP_Ping {
            probe-type icmp-ping;
            target address 2.2.2.2;
            probe-count 10;
            probe-interval 1;
            test-interval 1;
            source-address 1.1.1.1;
            dscp-code-points cs1;
            data-size 100;
        }
    }
    probe IP_Phone {
        test Voice_RTP {
            probe-type udp-ping;
            target address 100.1.2.3;
            probe-count 10;
            probe-interval 1;
            test-interval 1;
            destination-port 51000;
            source-address 100.1.1.1;
            dscp-code-points ef;
            data-size 100;
        }
    }
    probe TCP_Probe {
        test Generate_TCP_Ping {
            probe-type tcp-ping;
            target address 2.2.2.2;
            probe-count 10;
            probe-interval 1;
            test-interval 1;
            destination-port 50000;
            source-address 1.1.1.1;
            dscp-code-points be;
            data-size 100;
        }
    }                                   
    probe-limit 500;                    
} 


lab@R2> show configuration services 
rpm {
    probe-server {
        tcp {
            port 50000;
            # destination-interface lo0.0;
        }
        udp {
            port 51000;
            # destination-interface ge-0/0/1.0;
        }
    }
}

Verification

lab@R1> show services rpm probe-results 
 Owner: IP_Phone, Test: Voice_RTP
 Target address: 100.1.2.3, Source address: 100.1.1.1, Probe type: udp-ping, Test size: 10 probes
 Probe results:
 Response received, Sat Aug 9 20:41:56 2014, No hardware timestamps
 Rtt: 2593 usec
 Results over current test:
 Probes sent: 7, Probes received: 7, Loss percentage: 0
 Measurement: Round trip time
 Samples: 7, Minimum: 666 usec, Maximum: 4624 usec, Average: 3008 usec, Peak to peak: 3958 usec, Stddev: 1370 usec,
 Sum: 21053 usec
 Results over last test:
 Probes sent: 10, Probes received: 10, Loss percentage: 0
 Test completed on Sat Aug 9 20:41:49 2014
 Measurement: Round trip time
 Samples: 10, Minimum: 623 usec, Maximum: 4110 usec, Average: 1485 usec, Peak to peak: 3487 usec, Stddev: 1156 usec,
 Sum: 14846 usec
 Results over all tests:
 Probes sent: 107, Probes received: 107, Loss percentage: 0
 Measurement: Round trip time
 Samples: 107, Minimum: 422 usec, Maximum: 4684 usec, Average: 1019 usec, Peak to peak: 4262 usec, Stddev: 981 usec,
 Sum: 109060 usec

 Owner: TCP_Probe, Test: Generate_TCP_Ping
 Target address: 2.2.2.2, Source address: 1.1.1.1, Probe type: tcp-ping, Test size: 10 probes
 Probe results:
 Response received, Sat Aug 9 20:41:55 2014
 Rtt: 940 usec
 Results over current test:
 Probes sent: 6, Probes received: 6, Loss percentage: 0
 Measurement: Round trip time
 Samples: 6, Minimum: 940 usec, Maximum: 1153 usec, Average: 1053 usec, Peak to peak: 213 usec, Stddev: 65 usec,
 Sum: 6318 usec 
 Results over last test:
 Probes sent: 10, Probes received: 10, Loss percentage: 0
 Test completed on Sat Aug 9 20:41:49 2014
 Measurement: Round trip time
 Samples: 10, Minimum: 952 usec, Maximum: 1179 usec, Average: 1044 usec, Peak to peak: 227 usec, Stddev: 72 usec,
 Sum: 10444 usec
 Results over all tests:
 Probes sent: 106, Probes received: 106, Loss percentage: 0
 Measurement: Round trip time
 Samples: 106, Minimum: 762 usec, Maximum: 1803 usec, Average: 1039 usec, Peak to peak: 1041 usec, Stddev: 134 usec,
 Sum: 110160 usec

 Owner: ICMP_Probe, Test: Generate_ICMP_Ping
 Target address: 2.2.2.2, Source address: 1.1.1.1, Probe type: icmp-ping, Test size: 10 probes
 Probe results:
 Response received, Sat Aug 9 20:41:56 2014, No hardware timestamps
 Rtt: 449 usec
 Results over current test:
 Probes sent: 7, Probes received: 7, Loss percentage: 0
 Measurement: Round trip time
 Samples: 7, Minimum: 360 usec, Maximum: 449 usec, Average: 401 usec, Peak to peak: 89 usec, Stddev: 33 usec, Sum: 2810 usec
 Results over last test:
 Probes sent: 10, Probes received: 10, Loss percentage: 0
 Test completed on Sat Aug 9 20:41:49 2014
 Measurement: Round trip time
 Samples: 10, Minimum: 306 usec, Maximum: 454 usec, Average: 381 usec, Peak to peak: 148 usec, Stddev: 37 usec,
 Sum: 3805 usec
 Results over all tests:
 Probes sent: 117, Probes received: 117, Loss percentage: 0
 Measurement: Round trip time
 Samples: 117, Minimum: 214 usec, Maximum: 531 usec, Average: 357 usec, Peak to peak: 317 usec, Stddev: 72 usec,
 Sum: 41719 usec


lab@R2# run show services rpm active-servers 
 Protocol: TCP, Port: 50000

 Protocol: UDP, Port: 51000

Circuit Cross Connect (RSVP-based CCC)

Posted on July 20, 2014 by bitcourier

Configuration

PE1#

/* If logical systems are used for the lab, then 
 * The physical interface encapsulation (ethernet-ccc) is configured 
 * at the global level - NOT at logical system level
 */
 interface {
    ge-1/1/0 {
        encapsulation ethernet-ccc;
        unit 0 {
            description "PE1->CE1 | Physical interface";
        }    
    }
}

protocols {
    rsvp {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
    }
    mpls {
        label-switched-path PE1-to-PE2 {
            to 12.12.12.12;
            no-cspf;
        }
        /* PE1->P1 */
        interface lt-0/0/10.1101;
    }
    ospf {
        area 0.0.0.0 {
            /* PE1 Loopback */
            interface lo0.11;
            /* PE1->P1 */
            interface lt-0/0/10.1101;
        }
    }
    connections {
        remote-interface-switch CE1-to-CE2 {
            interface ge-1/1/0.0;
            transmit-lsp PE1-to-PE2;
            receive-lsp PE2-to-PE1;
        }
    }
}



PE2#

interface {
    ge-1/1/1 {
        encapsulation ethernet-ccc;
        unit 0 {
            description "PE2->CE2 | Physical interface";
        }    
    }
}

protocols {
    rsvp {
        /* PE2->P3 */
        interface lt-0/0/10.123;
    }
    mpls {
        label-switched-path PE2-to-PE1 {
            to 11.11.11.11;             
            no-cspf;
        }
        /* PE2->P3 */
        interface lt-0/0/10.123;
    }
    ospf {
        area 0.0.0.0 {
            /* PE2->P3 */
            interface lt-0/0/10.123;
            /* PE2 Loopback */
            interface lo0.12;
        }
    }
    connections {
        remote-interface-switch CE2-to-CE1 {
            interface ge-1/1/1.0;
            transmit-lsp PE2-to-PE1;
            receive-lsp PE1-to-PE2;
        }
    }
}

Verification

pe1@MX:PE1> show connections | find Connection/Circuit 
Connection/Circuit                Type        St      Time last up     # Up trans
CE1-to-CE2                        rmt-if      Up      Jul 20 07:08:43           1
  ge-1/1/0.0                        intf  Up
  PE1-to-PE2                        tlsp  Up
  PE2-to-PE1                        rlsp  Up
  
pe1@MX:PE1> show connections labels 
Connection/Circuit                Type        St      Time last up     # Up trans
CE1-to-CE2                        rmt-if      Up      Jul 20 07:08:43           1
  Incoming labels: 300512
  Outgoing labels: Push 300144

The above labels (incoming of 300512, and outgoing of 300144) are exchanged via RSVP

pe1@MX:PE1> show rsvp session 
Ingress RSVP: 1 sessions
To              From            State   Rt Style Labelin Labelout LSPname 
12.12.12.12     11.11.11.11     Up       0  1 FF       -   300144 PE1-to-PE2
Total 1 displayed, Up 1, Down 0

Egress RSVP: 1 sessions
To              From            State   Rt Style Labelin Labelout LSPname 
11.11.11.11     12.12.12.12     Up       0  1 FF  300512        - PE2-to-PE1
Total 1 displayed, Up 1, Down 0

Transit RSVP: 0 sessions
Total 0 displayed, Up 0, Down 0


pe1@MX:PE1> show route table mpls.0  

mpls.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 01:38:01, metric 1
                      Receive
1                  *[MPLS/0] 01:38:01, metric 1
                      Receive
2                  *[MPLS/0] 01:38:01, metric 1
                      Receive
300512             *[CCC/7] 01:28:45
                    > via ge-1/1/0.0, Pop      
ge-1/1/0.0         *[CCC/7/1] 01:28:45, metric 4
                    > to 100.1.11.1 via lt-0/0/10.1101, label-switched-path PE1-to-PE2

Note one big difference of CCC compared to BGP/LDP based VPLS, BGP based L2VPN, LDP based L2CKT is that CCC does not support tunnel stacking. There is only one label used to encapsulate CCC traffic. For the other L2 technologies, there are two labels in use: one transport label (outer), and another inner one, which is VPN or CKT label.

BGP based L2VPN

Posted on July 20, 2014 by bitcourier

Configuration

PE1#

/* If logical systems are used for the lab, then 
 * The physical interface encapsulation (ethernet-ccc) is configured 
 * at the global level - NOT at logical system level
 */
interface {
    ge-1/1/0 {
        encapsulation ethernet-ccc;
        unit 0 {
            description "PE1->CE1 | Physical interface";
        }    
    }
}

protocols {
    mpls {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
    }
    bgp {
        group PE2 {                     
            type internal;
            local-address 11.11.11.11;
            family l2vpn {
                signaling;
            }
            neighbor 12.12.12.12;
        }
    }
    ospf {
        area 0.0.0.0 {
            /* PE1->P1 */
            interface lt-0/0/10.1101;
            /* PE1 Loopback */
            interface lo0.11;
        }
    }
    ldp {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
        /* PE1 Loopback */
        interface lo0.11;
    }
}
routing-instances {
    L2VPN_1 {
        instance-type l2vpn;            
        interface ge-1/1/0.0;
        route-distinguisher 11.11.11.11:1001;
        vrf-target target:100:1001;
        protocols {
            l2vpn {
                encapsulation-type ethernet;
                interface ge-1/1/0.0;
                site CE1 {
                    site-identifier 1;
                    interface ge-1/1/0.0;
                }
            }
        }
    }
}



PE2#

/* If logical systems are used for the lab, then 
 * The physical interface encapsulation (ethernet-ccc) is configured 
 * at the global level - NOT at logical system level
 */
interface {
    ge-1/1/1 {
        encapsulation ethernet-ccc;
        unit 0 {
            description "PE2->CE2 | Physical interface";
        }    
    }
}


protocols {
    mpls {
        /* PE2->P3 */
        interface lt-0/0/10.123;
    }
    bgp {
        group PE1 {
            type internal;              
            local-address 12.12.12.12;
            family l2vpn {
                signaling;
            }
            neighbor 11.11.11.11;
        }
    }
    ospf {
        area 0.0.0.0 {
            /* PE2->P3 */
            interface lt-0/0/10.123;
            /* PE2 Loopback */
            interface lo0.12;
        }
    }
    ldp {
        /* PE2->P3 */
        interface lt-0/0/10.123;
        /* PE2 Loopback */
        interface lo0.12;
    }
}
routing-instances {
    L2VPN_1 {
        instance-type l2vpn;
        interface ge-1/1/1.0;           
        route-distinguisher 12.12.12.12:1001;
        vrf-target target:100:1001;
        protocols {
            l2vpn {
                encapsulation-type ethernet;
                site CE2 {
                    site-identifier 2;
                    interface ge-1/1/1.0 {
                        remote-site-id 1;
                    }
                }
            }
        }
    }
}

Verification

pe1@MX:PE1> show bgp summary          
Groups: 1 Peers: 1 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.l2vpn.0          
                       1          1          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
12.12.12.12             100         63         64       0       0       26:27 Establ
  bgp.l2vpn.0: 1/1/1/0
  L2VPN_1.l2vpn.0: 1/1/1/0

pe1@MX:PE1> show route receive-protocol bgp 12.12.12.12 detail 

inet.0: 24 destinations, 25 routes (24 active, 0 holddown, 0 hidden)

inet.3: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)

mpls.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)

bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
*  12.12.12.12:1001:2:1/96 (1 entry, 0 announced)
     Import Accepted
     Route Distinguisher: 12.12.12.12:1001
     Label-base: 800000, range: 2, status-vector: 0x0 
     Nexthop: 12.12.12.12
     Localpref: 100
     AS path: I
     Communities: target:100:1001 Layer2-info: encaps:ETHERNET, control flags:Control-Word, mtu: 0, site preference: 100

L2VPN_1.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

*  12.12.12.12:1001:2:1/96 (1 entry, 1 announced)
     Import Accepted
     Route Distinguisher: 12.12.12.12:1001
     Label-base: 800000, range: 2, status-vector: 0x0 
     Nexthop: 12.12.12.12
     Localpref: 100
     AS path: I                         
     Communities: target:100:1001 Layer2-info: encaps:ETHERNET, control flags:Control-Word, mtu: 0, site preference: 100

pe1@MX:PE1> show route table l2vpn    

L2VPN_1.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

11.11.11.11:1001:1:1/96                
                   *[L2VPN/170/-101] 00:08:09, metric2 1
                      Indirect
12.12.12.12:1001:2:1/96                
                   *[BGP/170] 00:08:09, localpref 100, from 12.12.12.12
                      AS path: I
                    > to 100.1.11.1 via lt-0/0/10.1101, Push 300016

pe1@MX:PE1> show l2vpn connections | find L2VPN_1     

Instance: L2VPN_1
  Local site: CE1 (1)
    connection-site           Type  St     Time last up          # Up trans
    2                         rmt   Up     Jul 20 06:13:15 2014           1
      Remote PE: 12.12.12.12, Negotiated control-word: Yes (Null)
      Incoming label: 800001, Outgoing label: 800000
      Local interface: ge-1/1/0.0, Status: Up, Encapsulation: ETHERNET

LDP based L2CKT

Posted on July 20, 2014 by bitcourier

Configuration

PE1#

/* If logical systems are used for the lab, then 
 * The physical interface encapsulation (ethernet-ccc) is configured 
 * at the global level - NOT at logical system level
 */
 interface {
    ge-1/1/0 {
        encapsulation ethernet-ccc;
        unit 0 {
            description "PE1->CE1 | Physical interface";
        }    
    }
}

protocols {
    mpls {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
    }
    ospf {
        area 0.0.0.0 {                  
            /* PE1 Loopback */
            interface lo0.11;
            /* PE1->P1 */
            interface lt-0/0/10.1101;
        }
    }
    ldp {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
        /* PE1 Loopback */
        interface lo0.11;
    }
    l2circuit {
        neighbor 12.12.12.12 {
            interface ge-1/1/0.0 {
                virtual-circuit-id 1;
                no-control-word;
                ignore-mtu-mismatch;
            }
        }
    }
}



PE2#

 interface {
    ge-1/1/1 {
        encapsulation ethernet-ccc;
        unit 0 {
            description "PE2->CE2 | Physical interface";
        }    
    }
}


protocols {
    mpls {
        /* PE2->P3 */
        interface lt-0/0/10.123;
    }
    ospf {
        area 0.0.0.0 {
            /* PE2->P3 */               
            interface lt-0/0/10.123;
            /* PE2 Loopback */
            interface lo0.12;
        }
    }
    ldp {
        /* PE2->P3 */
        interface lt-0/0/10.123;
        /* PE2 Loopback */
        interface lo0.12;
    }
    l2circuit {
        neighbor 11.11.11.11 {
            interface ge-1/1/1.0 {
                virtual-circuit-id 1;
                no-control-word;
                ignore-mtu-mismatch;
            }
        }
    }
}

Verification

Confirm that LDP sessions are up not only between local routers PE1-P1, but also via remote targeted LDP session PE1–PE2

pe1@MX:PE1> show ldp neighbor    
Address            Interface          Label space ID         Hold time
12.12.12.12        lo0.11             12.12.12.12:0            42
100.1.11.1         lt-0/0/10.1101     1.1.1.1:0                14


pe1@MX:PE1> show ldp database 
Input label database, 11.11.11.11:0--1.1.1.1:0
  Label     Prefix
      3     1.1.1.1/32
 299776     2.2.2.2/32
 299792     3.3.3.3/32
 299840     4.4.4.4/32
 299808     5.5.5.5/32
 299824     6.6.6.6/32
 299952     11.11.11.11/32
 299968     12.12.12.12/32

Output label database, 11.11.11.11:0--1.1.1.1:0
  Label     Prefix
 300112     1.1.1.1/32
 300128     2.2.2.2/32
 300144     3.3.3.3/32
 300192     4.4.4.4/32
 300160     5.5.5.5/32
 300176     6.6.6.6/32
      3     11.11.11.11/32
 300224     12.12.12.12/32

Input label database, 11.11.11.11:0--12.12.12.12:0
  Label     Prefix
 300160     1.1.1.1/32
 300144     2.2.2.2/32
 300128     3.3.3.3/32                  
 300208     4.4.4.4/32
 300176     5.5.5.5/32
 300192     6.6.6.6/32
 300224     11.11.11.11/32
      3     12.12.12.12/32
 300112     L2CKT NoCtrlWord ETHERNET VC 1

Output label database, 11.11.11.11:0--12.12.12.12:0
  Label     Prefix
 300112     1.1.1.1/32
 300128     2.2.2.2/32
 300144     3.3.3.3/32
 300192     4.4.4.4/32
 300160     5.5.5.5/32
 300176     6.6.6.6/32
      3     11.11.11.11/32
 300224     12.12.12.12/32
 300208     L2CKT NoCtrlWord ETHERNET VC 1

Confirm that the L2CKT is up for the P2P connection between PE1–PE2. If the session is not up, then we may need to check MTU, encapsulation, VC ID.

pe1@MX:PE1> show l2circuit connections | find Neighbor       
Neighbor: 12.12.12.12 
    Interface                 Type  St     Time last up          # Up trans
    ge-1/1/0.0(vc 1)          rmt   Up     Jul 20 05:27:32 2014           1
      Remote PE: 12.12.12.12, Negotiated control-word: No
      Incoming label: 300208, Outgoing label: 300112
      Negotiated PW status TLV: No
      Local interface: ge-1/1/0.0, Status: Up, Encapsulation: ETHERNET

BGP based VPLS

Posted on July 20, 2014 by bitcourier

Configuration

PE1#

/* If Logical Systems are used for the lab
 * Note that the physical interface encapsulation of ethernet-vpls
 * is configured at the global level - Not at logical system level
 */
interface {
    ge-1/1/0 {
        encapsulation ethernet-vpls;
        unit 0 {
            description "PE1->CE1 | Physical interface";
        }    
    }
}

protocols {
    mpls {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
    }
    bgp {
        group PE2 {                     
            type internal;
            local-address 11.11.11.11;
            family l2vpn {
                signaling;
            }
            neighbor 12.12.12.12;
        }
    }
    ospf {
        area 0.0.0.0 {
            /* PE1->P1 */
            interface lt-0/0/10.1101;
            /* PE1 Loopback */
            interface lo0.11;
        }
    }
    ldp {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
        /* PE1 Loopback */
        interface lo0.11;
    }
}
routing-instances {
    VPLS_1 {
        instance-type vpls;             
        interface ge-1/1/0.0;
        route-distinguisher 11.11.11.11:1001;
        vrf-target target:100:1001;
        protocols {
            vpls {
                site-range 10;
                site CE1 {
                    site-identifier 1;
                    interface ge-1/1/0.0;
                }
            }
        }
    }
}



PE2#

interface {
    ge-1/1/1 {
        encapsulation ethernet-vpls;
        unit 0 {
            description "PE2->CE2 | Physical interface";
        }    
    }
}
protocols {
    mpls {
        /* PE2->P3 */
        interface lt-0/0/10.123;
    }
    bgp {
        family l2vpn {
            signaling;                  
        }
        group PE1 {
            type internal;
            local-address 12.12.12.12;
            neighbor 11.11.11.11;
        }
    }
    ospf {
        area 0.0.0.0 {
            /* PE2->P3 */
            interface lt-0/0/10.123;
            /* PE2 Loopback */
            interface lo0.12;
        }
    }
    ldp {
        /* PE2->P3 */
        interface lt-0/0/10.123;
        /* PE2 Loopback */
        interface lo0.12;
    }
}
routing-instances {
    VPLS_1 {
        instance-type vpls;
        interface ge-1/1/1.0;           
        route-distinguisher 12.12.12.12:1001;
        vrf-target target:100:1001;
        protocols {
            vpls {
                site-range 10;
                site CE2 {
                    site-identifier 2;
                    interface ge-1/1/1.0;
                }
            }
        }
    }
}

Verification

Verify that BGP is up, and exchange routes.

pe1@MX:PE1> show route receive-protocol bgp 12.12.12.12 
...
bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  12.12.12.12:1001:2:1/96                    
*                         12.12.12.12                  100        I

VPLS_1.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  12.12.12.12:1001:2:1/96                    
*                         12.12.12.12                  100        I

pe1@MX:PE1> show route advertising-protocol bgp 12.12.12.12 

VPLS_1.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  11.11.11.11:1001:1:1/96                    
*                         Self                         100        I

pe1@MX:PE1> show route table VPLS_1 extensive 

VPLS_1.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
 11.11.11.11:1001:1:1/96 (1 entry, 1 announced)
TSI:
Page 0 idx 0 Type 1 val 27912b4
    Flags: Nexthop Change
    Nexthop: Self
    Localpref: 100
    AS path: [100] I
    Communities: target:100:1001 Layer2-info: encaps:VPLS, control flags:, mtu: 0, site preference: 100
Path 11.11.11.11:1001:1:1 Vector len 4.  Val: 0
        *L2VPN  Preference: 170/-101
                Next hop type: Indirect
                Address: 0x28183ec
                Next-hop reference count: 2
                Protocol next hop: 11.11.11.11
                Indirect next hop: 0 -
                State: 
                Age: 14:33      Metric2: 1 
                Task: VPLS_1-l2vpn
                Announcement bits (1): 1-BGP_RT_Background 
                AS path: I
                Communities: Layer2-info: encaps:VPLS, control flags:, mtu: 0, site preference: 100
                Label-base: 800008, range: 8, status-vector: 0x3F 

 12.12.12.12:1001:2:1/96 (1 entry, 1 announced)
        *BGP    Preference: 170/-101    
                Route Distinguisher: 12.12.12.12:1001
                Next hop type: Indirect
                Address: 0x281935c
                Next-hop reference count: 5
                Source: 12.12.12.12
                Protocol next hop: 12.12.12.12
                Indirect next hop: 2 no-forward
                State: 
                Local AS:   100 Peer AS:   100
                Age: 14:10      Metric2: 1 
                Task: BGP_100.12.12.12.12+65086
                Announcement bits (1): 0-VPLS_1-l2vpn 
                AS path: I
                Communities: target:100:1001 Layer2-info: encaps:VPLS, control flags:, mtu: 0, site preference: 100
                Import Accepted
                Label-base: 800008, range: 8
                Localpref: 100
                Router ID: 12.12.12.12
                Primary Routing Table bgp.l2vpn.0
                Indirect next hops: 1
                        Protocol next hop: 12.12.12.12 Metric: 1
                        Indirect next hop: 2 no-forward
                        Indirect path forwarding next hops: 1
                                Next hop type: Router
                                Next hop: 100.1.11.1 via lt-0/0/10.1101
                        12.12.12.12/32 Originating RIB: inet.3
                          Metric: 1                       Node path count: 1
                          Forwarding nexthops: 1
                                Nexthop: 100.1.11.1 via lt-0/0/10.1101

Verify VPLS connections

pe1@MX:PE1> show vpls connections | find VPLS_1              

Instance: VPLS_1
  Local site: CE1 (1)
    connection-site           Type  St     Time last up          # Up trans
    2                         rmt   Up     Jul 20 03:06:23 2014           1
      Remote PE: 12.12.12.12, Negotiated control-word: No
      Incoming label: 800009, Outgoing label: 800008
      Local interface: vt-1/0/10.168821250, Status: Up, Encapsulation: VPLS
        Description: Intf - vpls VPLS_1 local site 1 remote site 2

pe1@MX:PE1> show vpls connections extensive | find VPLS_1    

Instance: VPLS_1
  Local site: CE1 (1)
    Number of local interfaces: 1
    Number of local interfaces up: 1
    IRB interface present: no
    ge-1/1/0.0         
    vt-1/0/10.168821250 2         Intf - vpls VPLS_1 local site 1 remote site 2
    Label-base        Offset     Size  Range     Preference
    800008            1          8      8         100   
    connection-site           Type  St     Time last up          # Up trans
    2                         rmt   Up     Jul 20 03:06:23 2014           1
      Remote PE: 12.12.12.12, Negotiated control-word: No
      Incoming label: 800009, Outgoing label: 800008
      Local interface: vt-1/0/10.168821250, Status: Up, Encapsulation: VPLS
        Description: Intf - vpls VPLS_1 local site 1 remote site 2
    Connection History:
        Jul 20 03:06:23 2014  status update timer  
        Jul 20 03:06:23 2014  loc intf up           vt-1/0/10.168821250
        Jul 20 03:06:23 2014  PE route changed     
        Jul 20 03:06:23 2014  Out lbl Update                    800008
        Jul 20 03:06:23 2014  In lbl Update                     800009
        Jul 20 03:06:23 2014  loc intf down

Check VPLS MAC table, and statistics

pe1@MX:PE1> show vpls mac-table    

MAC flags (S -static MAC, D -dynamic MAC, L -locally learned
           SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)

Logical system   : PE1
Routing instance : VPLS_1
 Bridging domain : __VPLS_1__, VLAN : NA
   MAC                 MAC      Logical
   address             flags    interface 
   a8:d0:e5:55:26:50   D        ge-1/1/0.0           
   a8:d0:e5:55:26:51   D        vt-1/0/10.168821250  

pe1@MX:PE1> show vpls statistics 
VPLS statistics:

Instance: VPLS_1
   Local interface: ge-1/1/0.0, Index: 330
     Broadcast packets:                     5
     Broadcast bytes  :                   300
     Multicast packets:                     0
     Multicast bytes  :                     0
     Flooded packets  :                     1
     Flooded bytes    :                    98
     Unicast packets  :                  1010
     Unicast bytes    :                 98942
     Current MAC count:                     1 (Limit 1024)
   Local interface: vt-1/0/10.168821250, Index: 334
   Remote PE: 12.12.12.12
     Broadcast packets:                     2
     Broadcast bytes  :                   120
     Multicast packets:                     0
     Multicast bytes  :                     0
     Flooded packets  :                     0
     Flooded bytes    :                     0
     Unicast packets  :                  1006
     Unicast bytes    :                 98588
     Current MAC count:                     1

LDP based VPLS

Posted on July 20, 2014 by bitcourier

Configuration

PE1#

/* If Logical Systems are used for the lab
 * Note that the physical interface encapsulation of ethernet-vpls
 * is configured at the global level - Not at logical system level
 */
interface {
    ge-1/1/0 {
        encapsulation ethernet-vpls;
        unit 0 {
            description "PE1->CE1 | Physical interface";
        }    
    }
}


protocols {
    mpls {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
    }
    ospf {
        area 0.0.0.0 {                  
            /* PE1->P1 */
            interface lt-0/0/10.1101;
            /* PE1 Loopback */
            interface lo0.11;
        }
    }
    ldp {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
        /* PE1 Loopback */
        interface lo0.11;
    }
}
routing-instances {
    VPLS_1 {
        instance-type vpls;
        /* PE1->CE1 */
        interface ge-1/1/0.0;
        protocols {
            vpls {
                vpls-id 1001;
                neighbor 12.12.12.12;
            }
        }
    }
}


PE2#

interface {
    ge-1/1/1 {
        encapsulation ethernet-vpls;
        unit 0 {
            description "PE2->CE2 | Physical interface";
        }    
    }
}
protocols {
    mpls {
        /* PE2->P3 */
        interface lt-0/0/10.123;
    }
    ospf {
        area 0.0.0.0 {
            /* PE2->P3 */               
            interface lt-0/0/10.123;
            /* PE2 Loopback */
            interface lo0.12;
        }
    }
    ldp {
        /* PE2->P3 */
        interface lt-0/0/10.123;
        /* PE2 Loopback */
        interface lo0.12;
    }
}
routing-instances {
    VPLS_1 {
        instance-type vpls;
        /* PE2->CE2 */
        interface ge-1/1/1.0;
        protocols {
            vpls {
                vpls-id 1001;
                neighbor 11.11.11.11;
            }
        }
    }
}

Verification

Check LDP database, note there are local LDP session between PE1–P1, as well as targeted LDP session between PE1–PE2

pe1@MX:PE1> show ldp database 
Input label database, 11.11.11.11:0--1.1.1.1:0
  Label     Prefix
      3     1.1.1.1/32
 299776     2.2.2.2/32
 299792     3.3.3.3/32
 299840     4.4.4.4/32
 299808     5.5.5.5/32
 299824     6.6.6.6/32
 299888     11.11.11.11/32
 299904     12.12.12.12/32

Output label database, 11.11.11.11:0--1.1.1.1:0
  Label     Prefix
 299888     1.1.1.1/32
 299904     2.2.2.2/32
 299920     3.3.3.3/32
 299968     4.4.4.4/32
 299936     5.5.5.5/32
 299952     6.6.6.6/32
      3     11.11.11.11/32
 299984     12.12.12.12/32

Input label database, 11.11.11.11:0--12.12.12.12:0
  Label     Prefix
 299920     1.1.1.1/32
 299904     2.2.2.2/32
 299888     3.3.3.3/32                  
 299968     4.4.4.4/32
 299936     5.5.5.5/32
 299952     6.6.6.6/32
 299984     11.11.11.11/32
      3     12.12.12.12/32 
 800000 L2CKT NoCtrlWord ETHERNET VC 1001


Output label database, 11.11.11.11:0--12.12.12.12:0
  Label     Prefix
 299888     1.1.1.1/32
 299904     2.2.2.2/32
 299920     3.3.3.3/32
 299968     4.4.4.4/32
 299936     5.5.5.5/32
 299952     6.6.6.6/32
      3     11.11.11.11/32
 299984     12.12.12.12/32
 800000     L2CKT NoCtrlWord ETHERNET VC 1001

Check the status of VPLS connections

pe1@MX:PE1> show vpls connections | find VPLS_1      

Instance: VPLS_1
  VPLS-id: 1001
    Neighbor                  Type  St     Time last up          # Up trans
    12.12.12.12(vpls-id 1001) rmt   Up     Jul 20 01:36:58 2014           1
      Remote PE: 12.12.12.12, Negotiated control-word: No
      Incoming label: 800000, Outgoing label: 800000
      Negotiated PW status TLV: No
      Local interface: vt-1/0/10.168820992, Status: Up, Encapsulation: ETHERNET
        Description: Intf - vpls VPLS_1 neighbor 12.12.12.12 vpls-id 1001


pe1@MX:PE1> show vpls connections extensive | find VPLS_1 

Instance: VPLS_1
  VPLS-id: 1001
    Number of local interfaces: 1
    Number of local interfaces up: 1
    ge-1/1/0.0         
    vt-1/0/10.168820992           Intf - vpls VPLS_1 neighbor 12.12.12.12 vpls-id 1001
    Neighbor                  Type  St     Time last up          # Up trans
    12.12.12.12(vpls-id 1001) rmt   Up     Jul 20 01:36:58 2014           1
      Remote PE: 12.12.12.12, Negotiated control-word: No
      Incoming label: 800000, Outgoing label: 800000
      Negotiated PW status TLV: No
      Local interface: vt-1/0/10.168820992, Status: Up, Encapsulation: ETHERNET
        Description: Intf - vpls VPLS_1 neighbor 12.12.12.12 vpls-id 1001
    Connection History:
        Jul 20 01:36:58 2014  status update timer  
        Jul 20 01:36:58 2014  PE route changed     
        Jul 20 01:36:58 2014  Out lbl Update                    800000
        Jul 20 01:36:58 2014  In lbl Update                     800000
        Jul 20 01:36:58 2014  loc intf up           vt-1/0/10.168820992

And check the VPLS statistics, MAC table

        
        
pe1@MX:PE1> show vpls statistics 
VPLS statistics:

Instance: VPLS_1
   Local interface: ge-1/1/0.0, Index: 326
     Broadcast packets:                     3
     Broadcast bytes  :                   180
     Multicast packets:                     0
     Multicast bytes  :                     0
     Flooded packets  :                     0
     Flooded bytes    :                     0
     Unicast packets  :                  1001
     Unicast bytes    :                 98098
     Current MAC count:                     0 (Limit 1024)
   Local interface: vt-1/0/10.168820992, Index: 333
   Remote PE: 12.12.12.12
     Broadcast packets:                     1
     Broadcast bytes  :                    60
     Multicast packets:                     0
     Multicast bytes  :                     0
     Flooded packets  :                     0
     Flooded bytes    :                     0
     Unicast packets  :                  1003
     Unicast bytes    :                 98218
     Current MAC count:                     0
     
pe1@MX:PE1> show vpls mac-table    

MAC flags (S -static MAC, D -dynamic MAC, L -locally learned
           SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)

Logical system   : PE1
Routing instance : VPLS_1
 Bridging domain : __VPLS_1__, VLAN : NA
   MAC                 MAC      Logical
   address             flags    interface 
   a8:d0:e5:55:26:50   D        ge-1/1/0.0           
   a8:d0:e5:55:26:51   D        vt-1/0/10.168820992

Also, we may want to check the route table, and note the LDP, VPLS label entries in inet.3, mpls.0 & l2circuit.0

pe1@MX:PE1> show route | find inet.3         

inet.3: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.1/32         *[LDP/9] 00:25:10, metric 1
                    > to 100.1.11.1 via lt-0/0/10.1101
...
12.12.12.12/32     *[LDP/9] 00:25:10, metric 1
                    > to 100.1.11.1 via lt-0/0/10.1101, Push 299904

mpls.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 00:50:01, metric 1
                      Receive
1                  *[MPLS/0] 00:50:01, metric 1
                      Receive
2                  *[MPLS/0] 00:50:01, metric 1
                      Receive
299888             *[LDP/9] 00:25:10, metric 1
                    > to 100.1.11.1 via lt-0/0/10.1101, Pop      
299888(S=0)        *[LDP/9] 00:25:10, metric 1
                    > to 100.1.11.1 via lt-0/0/10.1101, Pop      
299904             *[LDP/9] 00:25:10, metric 1
                    > to 100.1.11.1 via lt-0/0/10.1101, Swap 299776
...
800000             *[VPLS/7] 00:35:29
                    > via vt-1/0/10.168820992, Pop      
vt-1/0/10.168820992*[VPLS/7] 00:35:29, metric2 1
                    > to 100.1.11.1 via lt-0/0/10.1101, Push 800000, Push 299904(top)

l2circuit.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

12.12.12.12:NoCtrlWord:5:1001:Local/96                
                   *[VPLS/7] 00:35:34, metric2 1
                    > to 100.1.11.1 via lt-0/0/10.1101, Push 299904
12.12.12.12:NoCtrlWord:5:1001:Remote/96                
                   *[LDP/9] 00:35:34
                      Discard

Encapsulated Remote SPAN (ERSPAN)

Posted on June 14, 2014 by bitcourier

There are three types of Switch Port Analyser (SPAN) supported on Cisco routers and switches:

Local SPAN: Mirrors traffic from one or more interface on the switch to one or more interfaces on the same switch.

Remote SPAN (RSPAN): An extension of SPAN called remote SPAN or RSPAN which allows to capture traffic and send it to a remote switch via a Layer 2 network.

Encapsulated Remote SPAN (ERSPAN): as the name indicates, ERSPAN encapsulates capture traffic in GRE and allows it to be transported to a remote port across a Layer 3 network.

ERSPAN is a Cisco proprietary feature and is available only to Catalyst 6500, 7600, Nexus, and ASR 1000 platforms to date. The ASR 1000 supports ERSPAN source (monitoring) only on Fast Ethernet, Gigabit Ethernet, and port-channel interfaces.

Firstly we will go through a typical scenario, in which traffic on port Gi1.23 of Router R2 is captured, and sent to interface Gi2 of R1 traffic using ERSPAN.

Topology

Configuration

ERSPAN Source Router

CSR2# 

monitor session 10 type erspan-source
 source interface GigabitEthernet1
 filter vlan 23    ! Specify Sub-interface
 destination
 erspan-id 100
 ip address 1.1.1.1
 origin ip address 2.2.2.2
 no shutdown   !   Default is shutdown

ERSPAN Destination Router

CSR1#
 
monitor session 10 type erspan-destination
 destination interface GigabitEthernet2
 source
  erspan-id 100
  ip address 1.1.1.1
 no shutdown   !   Default is shutdown

Verification

CSR2#show monitor session all
Session 10
----------
Type                   : ERSPAN Source Session
Status                 : Admin Enabled
Source Ports           : 
    Both               : Gi1
Filter VLANs           : 23
Destination IP Address : 1.1.1.1
MTU                    : 1464
Destination ERSPAN ID  : 100
Origin IP Address      : 2.2.2.2


CSR1#show monitor session all
Session 10
----------
Type                   : ERSPAN Destination Session
Status                 : Admin Enabled
Destination Ports      : Gi2
Source IP Address      : 1.1.1.1
Source ERSPAN ID       : 100

CSR1#show interface gi2 stats 
GigabitEthernet2
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
               Processor          1         77          4        308
             Route cache          0          0          0          0
       Distributed cache         47       7745        112      31780
                   Total         48       7822        116      32088

Capture files:

ERSPAN transport traffic, encapsulated within a GRE tunnel, as seen on R1 interface Gi1.12
https://www.cloudshark.org/captures/19b7c6b1c70b

ERSPAN capture result – on R1 Gi2
https://www.cloudshark.org/captures/00c5e863ecfe

ERSPAN without the destination router

Since ERSPAN is a Cisco proprietary protocol supported on a limited number of platforms, one may ask if we can capture traffic and send it via GRE to a remote laptop without having a destination ERSPAN router. We might run into this situation if the destination router does not support ERSPAN, or the PC is not connected directly to a physical port of the ERSPAN destination router (e.g. via a LAN switch, or via an Wireless AP).

The answer is, yes we can do this without the ERSPAN destination router!

The ERSPAN destination router is not a critical requirement. GRE/ERSPAN protocol in this case is not equipped with a reliable transmission mechanism. Nor it has a mechanism to verify the status of the ERSPAN session destination, before sending the capture traffic. Unlike ERSPAN, in the general GRE tunnel interface configuration on IOS (similarly in Juniper JUNOS) we can enable the “keep-alive” function under the GRE tunnel interface, and routers at both ends of the tunnel can check the status of the other end, and can bring down the interface if the keep-alive is not received within a configurable period, and can bring the interface up once the keep-alive messages are received again. The ERSPAN implementation of GRE does not have this feature.

ERSPAN destination router is needed if we want the traffic send to the destination interface appear in the same format as the one captured from the source, i.e. without it being encapsulated in GRE/ERSPAN headers.

If the remote PC is reachable via an IP address (connected to the network via a LAN switch or Wireless AP) the ERSPAN source router can send encapsulated traffic directly to this IP address. The PC does not need to have an GRE tunnel nor ERSPAN session configured . PC can not run ERSPAN anyway, because it is a Cisco proprietary protocol, and there is no “ERSPAN client” software released for PC.

If the remote PC does not have a reachable IP address (quite typical usage case) but connect physically to a router interface, we can still force the ERSPAN traffic to the interface assigned to this PC, by implementing a static route and static ARP. In this example below, 1.1.1.1 is the destination ERSPAN address (configured on R2), and R1 does not support ERSPAN.

Configuration

ERSPAN Source router (2.2.2.2)
CRS2#
! Configuration is unchanged from the previous case
monitor session 10 type erspan-source
 source interface GigabitEthernet1
 filter vlan 23    ! Specify Sub-interface
 destination
 erspan-id 100
 ip address 1.1.1.1
 origin ip address 2.2.2.2
 no shutdown   !   Default is shutdown



CSR1#
! Destination router does not support ERSPAN. 
! The destination IP address 1.1.1.1 is now NOT a real IP "behind" the monitoring PC.

! Remove ERSPAN session
no monitor session 10

! Remove 1.1.1.1 from Loopback interface.
no interface Loopback0

! Configure a dummy "transit" IP address on Gi2 
! And add a static route for destination 1.1.1.1 to force ERSPAN traffic out this way.

interface GigabitEthernet2
 ip address 10.1.1.1 255.255.255.0
!
ip route 1.1.1.1 255.255.255.255 10.1.1.2 name Force_Traffic_Out_Gi2

! Note that we need static ARP for the dummy next hop IP. 
! Otherwise, router will keep ARPing, without sending the actual ERSPAN traffic out Gi2
 
arp 10.1.1.2 6400.f1e2.0112 ARPA

Capture file:

ERSPAN capture result – as seen on on R1 Gi2. Note that the captured traffic is now encapsulated within GRE/ERSPAN header, similar to the transit traffic captured on R1 Gi1.12 in the previous example.

https://www.cloudshark.org/captures/76ce4261df29

Local ERSPAN

In this example, we’d like to mirror traffic from interface Gi1 to Gi2 on a local router R1. As traffic is copied from one interface to other on the same router, we wont be able to capture the actual transport traffic encapsulated within GRE/ERSPAN.

Below is the configuration & verification steps.

CSR1#

monitor session 10 type erspan-source
 source interface GigabitEthernet1
 destination
 erspan-id 100
 ip address 1.1.1.1
 origin ip address 1.1.1.1
 shutdown   !   Default
 
monitor session 20 type erspan-destination
 destination interface GigabitEthernet2
 source
  erspan-id 100
  ip address 1.1.1.1
 shutdown   !   Default
 

CSR1#! Before turning montor session ON
CSR1#
CSR1#
CSR1#show interfaces gigabitEthernet 1 stats 
GigabitEthernet1
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
               Processor          0          0          0          0
             Route cache          0          0          0          0
       Distributed cache         17       1540         15       1268
                   Total         17       1540         15       1268
CSR1#show interfaces gigabitEthernet 2 stats 
GigabitEthernet2
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
               Processor          0          0          0          0
             Route cache          0          0          0          0
       Distributed cache          0          0          0          0
                   Total          0          0          0          0
                   
                   
Note that there is no traffic sent to Gi2  


CSR1#
config t
monitor session 10
 no shutdown
monitor session 20
 no shutdown


CSR1#! After turning montor session ON


CSR1#show interfaces gigabitEthernet 1 stats 
GigabitEthernet1
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
               Processor          0          0          0          0
             Route cache          0          0          0          0
       Distributed cache         48       4264         45       3782
                   Total         48       4264         45       3782
CSR1#show interfaces gigabitEthernet 2 stats 
GigabitEthernet2
          Switching path    Pkts In   Chars In   Pkts Out  Chars Out
               Processor          0          0          0          0
             Route cache          0          0          0          0
       Distributed cache          0          0         14       1192
                   Total          0          0         14       1192

References

Configuring ERSPAN

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/lanswitch/configuration/xe-3s/lanswitch-xe-3s-book/lnsw-conf-erspan.html#GUID-152D9875-169B-461F-A34B-ABAABD0C1FF8

Understanding SPAN, RSPAN, and ERSPAN

https://supportforums.cisco.com/document/139236/understanding-spanrspanand-erspan

Inter-AS L3VPN Option B

Posted on June 2, 2014 by bitcourier

In this post, we are going to go through the implementation and verification steps of Inter-AS Option B (defined in RFC4364 http://tools.ietf.org/html/rfc4364#page-32 ). Please refer to previous post Inter-AS Options to for the definitions, and differences of the three.

In option B implementation, ASBRs themselves are PE routers. They learn VPN-IPv4 routes from other PEs from the same AS via MP-iBGP (either directly or via Route Reflectors). The ASBR from one AS then have an eBGP session(s) with other AS ASBR to redistribute the VPN-IPv4 routes to the other AS. The later ASBR then redistributes those VPN-IPv4 labeled routes to the rest of the PEs belonging to that AS.

Topology

In this topology, we use Cisco IOS routers (R1 – R3) in AS100, as well as Juniper routers (R4 – R6) in AS200, just for demonstration of configuration and verification on both platforms. Typically for connectivity beween ASes, one eBGP session between ASBRs is sufficient. In this example, however, we set up two eBGP sessions between ASBR R3 and R4 to demonstrate VPN-based policy routing, by route filtering based on VPN route targets. We would like to route traffic for VPN1 via the first connection, and VPN2 via the other.

Configuration

R3-ASBR#

interface Loopback0
 description Management Loopback
 ip address 3.3.3.3 255.255.255.255
!
interface GigabitEthernet1.23
 description R3 -> R2-P
 encapsulation dot1Q 23
 ip address 20.2.3.3 255.255.255.0
 mpls ip
!
interface GigabitEthernet1.34
 description R3 -> R4 | First eBGP
 encapsulation dot1Q 34
 ip address 20.3.4.3 255.255.255.0
 mpls bgp forwarding
!
interface GigabitEthernet1.342
 description R3 -> R4 | Second eBGP
 encapsulation dot1Q 342
 ip address 20.3.42.3 255.255.255.0
 mpls bgp forwarding


! Enable OSPF
 
router ospf 1
 network 3.3.3.3 0.0.0.0 area 0
 network 20.2.3.3 0.0.0.0 area 0
!

! Enable MP-iBGP to other PE, and MP-eBGP to other ASBR
router bgp 100
 bgp log-neighbor-changes
 ! By default, PE do not accept VPNv4 routes 
 ! that do not belong to one of its VRF
 ! This command force it to learn & propagate all routes to other PEs.
 no bgp default route-target filter
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 20.3.4.4 remote-as 200
 neighbor 20.3.42.4 remote-as 200
 !
 address-family ipv4
  no neighbor 1.1.1.1 activate
  no neighbor 20.3.4.4 activate
  no neighbor 20.3.42.4 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
  neighbor 1.1.1.1 next-hop-self
  neighbor 20.3.4.4 activate
  neighbor 20.3.4.4 send-community extended
  neighbor 20.3.42.4 activate
  neighbor 20.3.42.4 send-community extended
 exit-address-family
 

! Policy to only import and export VPN2 routes via the second eBGP connection
! We can apply a similar policy on the first eBGP connection on R3
! But for demonstration purpose, we choose to apply that policy on R4 (Junos)

ip extcommunity-list standard Community_VPN2 permit rt 100:2
ip extcommunity-list standard Community_VPN2 permit rt 200:2
!
route-map VPN2-EXPORT-ONLY permit 10
 match extcommunity Community_VPN2
!
route-map VPN2-EXPORT-ONLY deny 1000
 description Deny all else
!
route-map VPN2-IMPORT-ONLY permit 10
 match extcommunity Community_VPN2
 set local-preference 200
!
route-map VPN2-IMPORT-ONLY deny 1000
 description Deny all else
!
router bgp 100 
 address-family vpnv4
  neighbor 20.3.42.4 route-map VPN2-IMPORT-ONLY in
  neighbor 20.3.42.4 route-map VPN2-EXPORT-ONLY out
 exit-address-family 
 
  


R4-ASBR# 

interfaces {
    ge-0/0/1 {
        vlan-tagging;
        unit 34 {
            description "R4 -> R3 | First eBGP";
            vlan-id 34;
            family inet {
                address 20.3.4.4/24;
            }                           
            family mpls;
        }
        unit 45 {
            description "R4 -> R5";
            vlan-id 45;
            family inet {
                address 20.4.5.4/24;
            }
            family mpls;
        }
        unit 342 {
            description "R4 -> R3 | Second eBGP";
            vlan-id 342;
            family inet {
                address 20.3.42.4/24;
            }
            family mpls;
        }
    }
    lo0 {
        unit 0 {
            description "Management Loopback";
            family inet {
                address 4.4.4.4/32;     
            }
            family mpls;
        }
    }
}


routing-options {
    router-id 4.4.4.4;
    autonomous-system 200;
}
protocols {
    mpls {
        interface ge-0/0/1.45;
        interface ge-0/0/1.34;
        interface ge-0/0/1.342;
    }
    bgp {
        group IBGP {
            type internal;
            local-address 4.4.4.4;
            family inet-vpn {
                unicast;
            }
            export next-hop-self;
            neighbor 6.6.6.6;           
        }
        group EBGP1 {
            type external;
            description "L3VPN Inter-AS";
            import VPN1-IMPORT-ONLY;
            family inet-vpn {
                unicast;
            }
            export VPN1-EXPORT-ONLY;
            neighbor 20.3.4.3 {
                peer-as 100;
            }
        }
        group EBGP2 {
            type external;
            description "2nd L3VPN Inter-AS";
            family inet-vpn {
                unicast;
            }
            neighbor 20.3.42.3 {
                peer-as 100;
            }
        }
    }                                   
    ospf {
        area 0.0.0.0 {
            interface ge-0/0/1.45;
            interface lo0.0;
        }
    }
    ldp {
        interface ge-0/0/1.45;
        interface lo0.0;
    }
}



policy-options {
    policy-statement VPN1-EXPORT-ONLY {
        term VPN1 {
            from community [ Community_100_1 Community_200_1 ];
            then accept;
        }
        term Reject-All {
            then reject;
        }
    }
    policy-statement VPN1-IMPORT-ONLY {
        term VPN1 {
            from community Community_100_1;
            then {                      
                local-preference 200;   
                accept;                 
            }
        }
        term Reject-All {
            then reject;
        }
    }
    policy-statement next-hop-self {
        then {
            next-hop self;
        }
    }
    community Community_100_1 members target:100:1;
    community Community_100_2 members target:100:2;
    community Community_200_1 members target:200:1;
    community Community_200_2 members target:200:2;
}





/// Other router configuration

R1-PE#
!
hostname R1-PE
!
ip vrf VPN1
 rd 1.1.1.1:1
 route-target export 100:1
 route-target import 100:1
 route-target import 200:1
!
ip vrf VPN2
 rd 1.1.1.1:2
 route-target export 100:2
 route-target import 100:2
 route-target import 200:2

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
 ip vrf forwarding VPN1
 ip address 10.1.1.1 255.255.255.0
!
interface Loopback2
 ip vrf forwarding VPN2
 ip address 10.1.2.1 255.255.255.0
!
interface GigabitEthernet1.12
 encapsulation dot1Q 12
 ip address 20.1.2.1 255.255.255.0
 mpls ip
!
router ospf 1
 network 1.1.1.1 0.0.0.0 area 0
 network 20.1.2.1 0.0.0.0 area 0
!
router bgp 100
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 100
 neighbor 3.3.3.3 update-source Loopback0
 !
 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf VPN1
  redistribute connected
 exit-address-family
 !
 address-family ipv4 vrf VPN2
  redistribute connected
 exit-address-family
!


R2-P#

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet1.12
 encapsulation dot1Q 12
 ip address 20.1.2.2 255.255.255.0
 mpls ip
!
interface GigabitEthernet1.23
 encapsulation dot1Q 23
 ip address 20.2.3.2 255.255.255.0
 mpls ip
!
router ospf 1
 network 2.2.2.2 0.0.0.0 area 0
 network 20.1.2.2 0.0.0.0 area 0
 network 20.2.3.2 0.0.0.0 area 0
 
 





lab@R5-P> show configuration

interfaces {
    ge-0/0/1 {
        vlan-tagging;
        unit 45 {
            vlan-id 45;
            family inet {
                address 20.4.5.5/24;
            }
            family mpls;                
        }
        unit 56 {
            vlan-id 56;
            family inet {
                address 20.5.6.5/24;
            }
            family mpls;
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 5.5.5.5/32;
            }
            family mpls;
        }
    }
}
routing-options {
    router-id 5.5.5.5;
    autonomous-system 200;
}
protocols {
    mpls {                              
        interface ge-0/0/1.45;
        interface ge-0/0/1.56;
    }
    ospf {
        area 0.0.0.0 {
            interface lo0.0;
            interface ge-0/0/1.45;
            interface ge-0/0/1.56;
        }
    }
    ldp {
        interface ge-0/0/1.45;
        interface ge-0/0/1.56;
        interface lo0.0;
    }
}



lab@R6-PE> show configuration 

interfaces {
    ge-0/0/1 {
        vlan-tagging;
        unit 56 {
            vlan-id 56;
            family inet {
                address 20.5.6.6/24;
            }
            family mpls;                
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 6.6.6.6/32;
            }
            family mpls;
        }
        unit 1 {
            family inet {
                address 10.6.1.1/24;
            }
        }
        unit 2 {
            family inet {
                address 10.6.2.1/24;
            }
        }
    }
}
routing-options {
    router-id 6.6.6.6;
    autonomous-system 200;              
}
protocols {
    mpls {
        interface ge-0/0/1.56;
    }
    bgp {
        group IBGP {
            type internal;
            local-address 6.6.6.6;
            family inet-vpn {
                unicast;
            }
            neighbor 4.4.4.4;
        }
    }
    ospf {
        area 0.0.0.0 {
            interface lo0.0;
            interface ge-0/0/1.56;
        }
    }
    ldp {
        interface ge-0/0/1.56;
        interface lo0.0;                
    }
}
policy-options {
    policy-statement VPN1-EXPORT {
        then {
            community add Community_200_1;
            accept;
        }
    }
    policy-statement VPN1-IMPORT {
        term Import {
            from community [ Community_200_1 Community_100_1 ];
            then accept;
        }
    }
    policy-statement VPN2-EXPORT {
        then {
            community add Community_200_2;
            accept;
        }
    }
    policy-statement VPN2-IMPORT {
        term Import {
            from community [ Community_200_2 Community_100_2 ];
            then accept;
        }
    }
    community Community_100_1 members target:100:1;
    community Community_100_2 members target:100:2;
    community Community_200_1 members target:200:1;
    community Community_200_2 members target:200:2;
}

routing-instances { 
    VPN1 {
        instance-type vrf;
        interface lo0.1;
        route-distinguisher 6.6.6.6:1;
        vrf-import VPN1-IMPORT;
        vrf-export VPN1-EXPORT;
    }
    VPN2 {
        instance-type vrf;
        interface lo0.2;
        route-distinguisher 6.6.6.6:2;
        vrf-import VPN2-IMPORT;
        vrf-export VPN2-EXPORT;
    }
}

Verification

R3-ASBR#show ip bgp vpnv4 all         
BGP table version is 31, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:1
 *>i 10.1.1.0/24      1.1.1.1                  0    100      0 ?
Route Distinguisher: 1.1.1.1:2
 *>i 10.1.2.0/24      1.1.1.1                  0    100      0 ?
Route Distinguisher: 6.6.6.6:1
 *>  10.6.1.0/24      20.3.4.4                               0 200 i
 *>  10.6.1.1/32      20.3.4.4                               0 200 i
Route Distinguisher: 6.6.6.6:2
 *>  10.6.2.0/24      20.3.42.4                     200      0 200 i
 *>  10.6.2.1/32      20.3.42.4                     200      0 200 i
 
 
R3-ASBR#show mpls forwarding-table 
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    
Label      Label      or Tunnel Id     Switched      interface              
16         Pop Label  20.3.4.4/32      0             Gi1.34     20.3.4.4    
17         Pop Label  20.3.42.4/32     0             Gi1.342    20.3.42.4   
18         Pop Label  2.2.2.2/32       0             Gi1.23     20.2.3.2    
19         Pop Label  20.1.2.0/24      0             Gi1.23     20.2.3.2    
20         16         1.1.1.1/32       0             Gi1.23     20.2.3.2    
27         300976     6.6.6.6:1:10.6.1.0/24   \
                                       0             Gi1.34     20.3.4.4    
28         300992     6.6.6.6:1:10.6.1.1/32   \
                                       0             Gi1.34     20.3.4.4    
29         301008     6.6.6.6:2:10.6.2.0/24   \
                                       0             Gi1.342    20.3.42.4   
30         301024     6.6.6.6:2:10.6.2.1/32   \
                                       0             Gi1.342    20.3.42.4   
31         18         1.1.1.1:1:10.1.1.0/24   \
                                       0             Gi1.23     20.2.3.2    
32         19         1.1.1.1:2:10.1.2.0/24   \
                                       0             Gi1.23     20.2.3.2  



lab@R4-ASBR> show route                 

inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
...

inet.3: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

5.5.5.5/32         *[LDP/9] 02:27:16, metric 1
                    > to 20.4.5.5 via ge-0/0/1.45
6.6.6.6/32         *[LDP/9] 02:27:16, metric 1
                    > to 20.4.5.5 via ge-0/0/1.45, Push 301040

mpls.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 06:09:45, metric 1
                      Receive
1                  *[MPLS/0] 06:09:45, metric 1
                      Receive
2                  *[MPLS/0] 06:09:45, metric 1
                      Receive
13                 *[MPLS/0] 06:09:45, metric 1
                      Receive
300944             *[LDP/9] 02:27:16, metric 1
                    > to 20.4.5.5 via ge-0/0/1.45, Pop      
300944(S=0)        *[LDP/9] 02:27:16, metric 1
                    > to 20.4.5.5 via ge-0/0/1.45, Pop      
300960             *[LDP/9] 02:27:16, metric 1
                    > to 20.4.5.5 via ge-0/0/1.45, Swap 301040
300976             *[VPN/170] 02:27:08, metric2 1, from 6.6.6.6
                    > to 20.4.5.5 via ge-0/0/1.45, Swap 300080, Push 301040(top)
300992             *[VPN/170] 02:27:08, metric2 1, from 6.6.6.6
                    > to 20.4.5.5 via ge-0/0/1.45, Swap 300096, Push 301040(top)
301008             *[VPN/170] 02:27:08, metric2 1, from 6.6.6.6
                    > to 20.4.5.5 via ge-0/0/1.45, Swap 300112, Push 301040(top)
301024             *[VPN/170] 02:27:08, metric2 1, from 6.6.6.6
                    > to 20.4.5.5 via ge-0/0/1.45, Swap 300128, Push 301040(top)
301040             *[VPN/170] 02:26:38
                    > to 20.3.4.3 via ge-0/0/1.34, Swap 31
301056             *[VPN/170] 02:26:38
                    > to 20.3.42.3 via ge-0/0/1.342, Swap 32
                                        
bgp.l3vpn.0: 6 destinations, 7 routes (6 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.1:1:10.1.1.0/24                
                   *[BGP/170] 02:26:38, localpref 200
                      AS path: 100 ?
                    > to 20.3.4.3 via ge-0/0/1.34, Push 31
1.1.1.1:2:10.1.2.0/24                
                   *[BGP/170] 02:26:38, localpref 100
                      AS path: 100 ?
                    > to 20.3.42.3 via ge-0/0/1.342, Push 32
6.6.6.6:1:10.6.1.0/24                
                   *[BGP/170] 02:27:08, localpref 100, from 6.6.6.6
                      AS path: I
                    > to 20.4.5.5 via ge-0/0/1.45, Push 300080, Push 301040(top)
6.6.6.6:1:10.6.1.1/32                
                   *[BGP/170] 02:27:08, localpref 100, from 6.6.6.6
                      AS path: I
                    > to 20.4.5.5 via ge-0/0/1.45, Push 300096, Push 301040(top)
6.6.6.6:2:10.6.2.0/24                
                   *[BGP/170] 02:27:08, localpref 100, from 6.6.6.6
                      AS path: I
                    > to 20.4.5.5 via ge-0/0/1.45, Push 300112, Push 301040(top)
6.6.6.6:2:10.6.2.1/32                   
                   *[BGP/170] 02:27:08, localpref 100, from 6.6.6.6
                      AS path: I
                    > to 20.4.5.5 via ge-0/0/1.45, Push 300128, Push 301040(top)
                    
                    




Verification on PE routers


R1-PE#sh ip route vrf VPN1

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.1.1.0/24 is directly connected, Loopback1
L        10.1.1.1/32 is directly connected, Loopback1
B        10.6.1.0/24 [200/0] via 3.3.3.3, 02:30:47
B        10.6.1.1/32 [200/0] via 3.3.3.3, 02:30:47


R1-PE#sh ip bgp vpnv4 vrf VPN1 10.6.1.0/24
BGP routing table entry for 1.1.1.1:1:10.6.1.0/24, version 20
Paths: (1 available, best #1, table VPN1)
  Not advertised to any peer
  Refresh Epoch 1
  200, imported path from 6.6.6.6:1:10.6.1.0/24 (global)
    3.3.3.3 (metric 3) from 3.3.3.3 (3.3.3.3)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Extended Community: RT:200:1
      mpls labels in/out nolabel/27
      rx pathid: 0, tx pathid: 0x0
      
lab@R6-PE> show route 

inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
...

inet.3: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

4.4.4.4/32         *[LDP/9] 02:33:44, metric 1
                    > to 20.5.6.5 via ge-0/0/1.56, Push 301056
5.5.5.5/32         *[LDP/9] 02:33:46, metric 1
                    > to 20.5.6.5 via ge-0/0/1.56

VPN1.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.1.1.0/24        *[BGP/170] 02:33:06, localpref 200, from 4.4.4.4
                      AS path: 100 ?
                    > to 20.5.6.5 via ge-0/0/1.56, Push 301040, Push 301056(top)
10.6.1.0/24        *[Direct/0] 03:58:06
                    > via lo0.1
10.6.1.1/32        *[Local/0] 03:58:06
                      Local via lo0.1

VPN2.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
                                        
10.1.2.0/24        *[BGP/170] 02:33:06, localpref 100, from 4.4.4.4
                      AS path: 100 ?
                    > to 20.5.6.5 via ge-0/0/1.56, Push 301056, Push 301056(top)
10.6.2.0/24        *[Direct/0] 03:58:06
                    > via lo0.2
10.6.2.1/32        *[Local/0] 03:58:06
                      Local via lo0.2

mpls.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 04:35:27, metric 1
                      Receive
1                  *[MPLS/0] 04:35:27, metric 1
                      Receive
2                  *[MPLS/0] 04:35:27, metric 1
                      Receive
13                 *[MPLS/0] 04:35:27, metric 1
                      Receive
300048             *[LDP/9] 02:33:46, metric 1
                    > to 20.5.6.5 via ge-0/0/1.56, Pop      
300048(S=0)        *[LDP/9] 02:33:46, metric 1
                    > to 20.5.6.5 via ge-0/0/1.56, Pop      
300064             *[LDP/9] 02:33:44, metric 1
                    > to 20.5.6.5 via ge-0/0/1.56, Swap 301056
300080             *[VPN/170] 02:33:36
                      receive table VPN1.inet.0, Pop      
300096             *[VPN/170] 02:33:36
                      receive table VPN1.inet.0, Pop      
300112             *[VPN/170] 02:33:36
                      receive table VPN2.inet.0, Pop      
300128             *[VPN/170] 02:33:36
                      receive table VPN2.inet.0, Pop      

bgp.l3vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.1:1:10.1.1.0/24                
                   *[BGP/170] 02:33:06, localpref 200, from 4.4.4.4
                      AS path: 100 ?
                    > to 20.5.6.5 via ge-0/0/1.56, Push 301040, Push 301056(top)
1.1.1.1:2:10.1.2.0/24                
                   *[BGP/170] 02:33:06, localpref 100, from 4.4.4.4
                      AS path: 100 ?
                    > to 20.5.6.5 via ge-0/0/1.56, Push 301056, Push 301056(top)

Inter-AS L3VPN Options

Posted on May 31, 2014 by bitcourier

In certain cases, we need to connect L3VPN sites across multiple ASes, e.g. to join VPN sites provided by multiple ISPs. In this post, we are going to discuss three main options to deliver L3VPN across multiple ASes defined in RFC4364 ( http://tools.ietf.org/html/rfc4364#page-32 ). They are options A, B, C, also known as options 10A, 10B, 10C, because they are defined in section 10 – Multi-AS Backbones in RFC4364. The complexity increasing from A to B to C.

Option A: VRF-to-VRF connections at ASBR routers

This option is also referred to as “back-to-back” VRF, where at least one connection (typically one VLAN) is required to connect one VPN from one AS to the corresponding VPN in the other AS. Multiple eBGP peering sessions are used to exchange no-labeled IPv4 routes between ASes. There are no MPLS labels exchanged between ASBRs at all, and each ASBR will treat the other as if it were a CE router. This option is simple, but not scalable because a new sub-interface and new a new eBGP peering is required for each new VPN.

Option B: eBGP redistribution of labeled VPN-IPv4 routes from one AS to the other

In this option, iBGP is used to redistribute VPN-IPv4 routes between their PEs within an AS. The ASBR then uses eBGP to redistribute those labeled VPN-IPv4 routes to the ASBR in the other AS. The later ASBR then redistributes those VPN-IPv4 labeled routes to the rest of the PEs (via a direct iBGP peering session, or via Route Reflectors).

Typically one eBGP peering session is required between a pair of ASBRs, as compared to multiple ones (one per VPN) in option A. As the result Option B is more scalable than Option A. To make the memory usage more scalable, when there are multiple Inter-AS connections via multiple ASBRs, then ASBRs do not need to hold all routes from all VPNs. One ASBR can hold routes for a set of VPNs, and other ASBR can hold different sets of routes. This can be done by RT filters when the routes are exchanged via eBGP.

Option C: Multi-hop eBGP redistribution of labeled VPN VPN-IPv4 routes between PEs of source & destination ASes, with eBGP redistribution of labeled IPv4 routes (the PE loopbacks) between ASBRs

The difference between this option and option B is that ASes now exchange the loopbacks of the PEs (source and destination) via eBGP sessions between ASBRs. This creates an end to end labeled switch path between source and destination PEs. The source and destination PEs then can set up multi-hop eBGP (directly, or via RR) to exchange VPN-IPv4 labeled routes . The ASBRs do not need to hold the VPN-IPv4 routes. This make the option most scalable.

Circuit Cross Connect (CCC)

Posted on June 17, 2013 by bitcourier

In this lab, we will demonstrate CCC configuration between similar type interfaces.
– CCC to connect VLAN to VLAN
– CCC to connect VLAN at one end, and the whole physical Ethernet port at the other end.

CCC Topology – VLAN to VLAN

Configuration

lab@PE1# show

interfaces {
    ge-1/0/6 {
        vlan-tagging;
        encapsulation flexible-ethernet-services;
        /* CCC Vlan */
        unit 500 {
            description "ccc interface to SW1";
            encapsulation vlan-ccc;
            vlan-id 500;
        }
        /* VLPS Vlan can co-exist on the same physical */
        unit 600 {
            description "vpls interface to SW1";
            encapsulation vlan-vpls;
            vlan-id 600;
            family vpls;
        }
    }
}

protocols {
    rsvp {
        load-balance bandwidth;
        interface all;
    }
    mpls {
        label-switched-path PE1-to-PE2-LSP1 {
            to 10.1.1.22;
            bandwidth 200m;
            no-cspf;
            primary via-Ge1;
        }
        label-switched-path PE1-to-PE2-LSP2 {
            to 10.1.1.22;
            bandwidth 200m;
            no-cspf;
            primary via-Ge2;
        }
        label-switched-path CCC-PE1-to-PE2 {
            to 10.1.1.22;
            no-cspf;
            primary via-Ge1;
        }
        path via-Ge1 {
            10.10.101.2;
        }
        path via-Ge2 {
            10.10.102.2;
        }
        interface ge-1/0/7.0;
        interface ge-1/1/7.0;
    }
    bgp {
        local-as 65000;
        group PEs {
            type internal;
            local-address 10.1.1.11;
            family inet {
                unicast;
            }
            family inet-vpn {
                unicast;
            }
            family l2vpn {
                signaling;
            }
            neighbor 10.1.1.22;         
        }                               
    }                                   
    ospf {                              
        traffic-engineering;
        area 0.0.0.0 {
            interface ge-1/0/7.0 {
                interface-type p2p;
            }
            interface ge-1/1/7.0 {
                interface-type p2p;
            }
            interface lo0.0;
        }
    }
    connections {
        remote-interface-switch CCC-500 {
            interface ge-1/0/6.500;
            transmit-lsp CCC-PE1-to-PE2;
            receive-lsp CCC-PE2-to-PE1;
        }
    }
}

Verification

lab@PE1> show connections  
CCC and TCC connections [Link Monitoring On]
Legend for status (St)              Legend for connection types
UN -- uninitialized                 if-sw:  interface switching
NP -- not present                   rmt-if: remote interface switching
WE -- wrong encapsulation           lsp-sw: LSP switching
DS -- disabled                      tx-p2mp-sw: transmit P2MP switching
Dn -- down                          rx-p2mp-sw: receive P2MP switching
-> -- only outbound conn is up
 ping 10.50.50.21 source 10.50.50.1 rapid count 5  
PING 10.50.50.21 (10.50.50.21): 56 data bytes
!!!!!
--- 10.50.50.21 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.534/2.228/3.721/0.794 ms

lab@PE1> show mpls lsp statistics     
Ingress LSP: 3 sessions
To              From            State     Packets            Bytes LSPname
10.1.1.22       10.1.1.11       Up              0                0 PE1-to-PE2-LSP1
10.1.1.22       10.1.1.11       Up              0                0 PE1-to-PE2-LSP2
10.1.1.22       10.1.1.11       Up              5              510 CCC-PE1-to-PE2
Total 3 displayed, Up 3, Down 0

Egress LSP: 3 sessions
To              From            State     Packets            Bytes LSPname
10.1.1.11       10.1.1.22       Up             NA               NA PE2-to-PE1-LSP1
10.1.1.11       10.1.1.22       Up             NA               NA PE2-to-PE1-LSP2
10.1.1.11       10.1.1.22       Up              0                0 CCC-PE2-to-PE1
Total 3 displayed, Up 3, Down 0

Transit LSP: 0 sessions
Total 0 displayed, Up 0, Down 0

CCC Topology – VLAN to Port

Configuration

[edit]
lab@PE1# show interfaces ge-1/0/8                                                       
description "CCC Ethernet interface to SW1 ge-0/0/0";
encapsulation ethernet-ccc;
unit 0 {
    input-vlan-map {
        push;
        vlan-id 500;
    }
    output-vlan-map pop;
}

[edit]
lab@PE1# show protocols connections 
remote-interface-switch CCC-500 {
    interface ge-1/0/8.0;
    transmit-lsp CCC-PE1-to-PE2;
    receive-lsp CCC-PE2-to-PE1;
}

[edit]
lab@PE2# show interfaces ge-1/0/6        
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
/* CCC Vlan */
unit 500 {
    description "ccc vlan interface to SW2";
    encapsulation vlan-ccc;
    vlan-id 500;
}

[edit]
lab@PE2# show protocols connections 
remote-interface-switch CCC-500 {
    interface ge-1/0/6.500;
    transmit-lsp CCC-PE2-to-PE1;
    receive-lsp CCC-PE1-to-PE2;
}

Verification

lab@PE1> show connections 
CCC and TCC connections [Link Monitoring On]
Legend for status (St)              Legend for connection types
UN -- uninitialized                 if-sw:  interface switching
NP -- not present                   rmt-if: remote interface switching
WE -- wrong encapsulation           lsp-sw: LSP switching
DS -- disabled                      tx-p2mp-sw: transmit P2MP switching
Dn -- down                          rx-p2mp-sw: receive P2MP switching
-> -- only outbound conn is up
 show interfaces ge-1/0/8.0  
  Logical interface ge-1/0/8.0 (Index 355) (SNMP ifIndex 560)
    Flags: SNMP-Traps 0x0 VLAN-Tag In(push 0x8100.500) Out(pop)  Encapsulation: Ethernet-CCC
    Input packets : 6760 
    Output packets: 6866
    Protocol ccc, MTU: 1514
      Flags: Is-Primary

lab@SW1> ping 10.50.50.21 source 10.50.50.1 rapid count 5    
PING 10.50.50.21 (10.50.50.21): 56 data bytes
.....
--- 10.50.50.21 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

{master:0}
lab@SW1> clear arp 
10.50.50.21      deleted
10.50.50.22      deleted

{master:0}
lab@SW1> ping 10.50.50.21 source 10.50.50.1 rapid count 5    
PING 10.50.50.21 (10.50.50.21): 56 data bytes
.!!!!
--- 10.50.50.21 ping statistics ---
5 packets transmitted, 4 packets received, 20% packet loss
round-trip min/avg/max/stddev = 1.964/2.908/5.001/1.224 ms

lab@PE1> show mpls lsp statistics     
Ingress LSP: 3 sessions
To              From            State     Packets            Bytes LSPname
10.1.1.22       10.1.1.11       Up              0                0 PE1-to-PE2-LSP1
10.1.1.22       10.1.1.11       Up              0                0 PE1-to-PE2-LSP2
10.1.1.22       10.1.1.11       Up              5              510 CCC-PE1-to-PE2
Total 3 displayed, Up 3, Down 0