Circuit Cross Connect (RSVP-based CCC)

Configuration

PE1#

/* If logical systems are used for the lab, then 
 * The physical interface encapsulation (ethernet-ccc) is configured 
 * at the global level - NOT at logical system level
 */
 interface {
    ge-1/1/0 {
        encapsulation ethernet-ccc;
        unit 0 {
            description "PE1->CE1 | Physical interface";
        }    
    }
}

protocols {
    rsvp {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
    }
    mpls {
        label-switched-path PE1-to-PE2 {
            to 12.12.12.12;
            no-cspf;
        }
        /* PE1->P1 */
        interface lt-0/0/10.1101;
    }
    ospf {
        area 0.0.0.0 {
            /* PE1 Loopback */
            interface lo0.11;
            /* PE1->P1 */
            interface lt-0/0/10.1101;
        }
    }
    connections {
        remote-interface-switch CE1-to-CE2 {
            interface ge-1/1/0.0;
            transmit-lsp PE1-to-PE2;
            receive-lsp PE2-to-PE1;
        }
    }
}



PE2#

interface {
    ge-1/1/1 {
        encapsulation ethernet-ccc;
        unit 0 {
            description "PE2->CE2 | Physical interface";
        }    
    }
}

protocols {
    rsvp {
        /* PE2->P3 */
        interface lt-0/0/10.123;
    }
    mpls {
        label-switched-path PE2-to-PE1 {
            to 11.11.11.11;             
            no-cspf;
        }
        /* PE2->P3 */
        interface lt-0/0/10.123;
    }
    ospf {
        area 0.0.0.0 {
            /* PE2->P3 */
            interface lt-0/0/10.123;
            /* PE2 Loopback */
            interface lo0.12;
        }
    }
    connections {
        remote-interface-switch CE2-to-CE1 {
            interface ge-1/1/1.0;
            transmit-lsp PE2-to-PE1;
            receive-lsp PE1-to-PE2;
        }
    }
}

Verification

pe1@MX:PE1> show connections | find Connection/Circuit 
Connection/Circuit                Type        St      Time last up     # Up trans
CE1-to-CE2                        rmt-if      Up      Jul 20 07:08:43           1
  ge-1/1/0.0                        intf  Up
  PE1-to-PE2                        tlsp  Up
  PE2-to-PE1                        rlsp  Up
  
pe1@MX:PE1> show connections labels 
Connection/Circuit                Type        St      Time last up     # Up trans
CE1-to-CE2                        rmt-if      Up      Jul 20 07:08:43           1
  Incoming labels: 300512
  Outgoing labels: Push 300144  

The above labels (incoming of 300512, and outgoing of 300144) are exchanged via RSVP

pe1@MX:PE1> show rsvp session 
Ingress RSVP: 1 sessions
To              From            State   Rt Style Labelin Labelout LSPname 
12.12.12.12     11.11.11.11     Up       0  1 FF       -   300144 PE1-to-PE2
Total 1 displayed, Up 1, Down 0

Egress RSVP: 1 sessions
To              From            State   Rt Style Labelin Labelout LSPname 
11.11.11.11     12.12.12.12     Up       0  1 FF  300512        - PE2-to-PE1
Total 1 displayed, Up 1, Down 0

Transit RSVP: 0 sessions
Total 0 displayed, Up 0, Down 0


pe1@MX:PE1> show route table mpls.0  

mpls.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 01:38:01, metric 1
                      Receive
1                  *[MPLS/0] 01:38:01, metric 1
                      Receive
2                  *[MPLS/0] 01:38:01, metric 1
                      Receive
300512             *[CCC/7] 01:28:45
                    > via ge-1/1/0.0, Pop      
ge-1/1/0.0         *[CCC/7/1] 01:28:45, metric 4
                    > to 100.1.11.1 via lt-0/0/10.1101, label-switched-path PE1-to-PE2

Note one big difference of CCC compared to BGP/LDP based VPLS, BGP based L2VPN, LDP based L2CKT is that CCC does not support tunnel stacking. There is only one label used to encapsulate CCC traffic. For the other L2 technologies, there are two labels in use: one transport label (outer), and another inner one, which is VPN or CKT label.

BGP based L2VPN

Configuration

PE1#

/* If logical systems are used for the lab, then 
 * The physical interface encapsulation (ethernet-ccc) is configured 
 * at the global level - NOT at logical system level
 */
interface {
    ge-1/1/0 {
        encapsulation ethernet-ccc;
        unit 0 {
            description "PE1->CE1 | Physical interface";
        }    
    }
}

protocols {
    mpls {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
    }
    bgp {
        group PE2 {                     
            type internal;
            local-address 11.11.11.11;
            family l2vpn {
                signaling;
            }
            neighbor 12.12.12.12;
        }
    }
    ospf {
        area 0.0.0.0 {
            /* PE1->P1 */
            interface lt-0/0/10.1101;
            /* PE1 Loopback */
            interface lo0.11;
        }
    }
    ldp {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
        /* PE1 Loopback */
        interface lo0.11;
    }
}
routing-instances {
    L2VPN_1 {
        instance-type l2vpn;            
        interface ge-1/1/0.0;
        route-distinguisher 11.11.11.11:1001;
        vrf-target target:100:1001;
        protocols {
            l2vpn {
                encapsulation-type ethernet;
                interface ge-1/1/0.0;
                site CE1 {
                    site-identifier 1;
                    interface ge-1/1/0.0;
                }
            }
        }
    }
}



PE2#

/* If logical systems are used for the lab, then 
 * The physical interface encapsulation (ethernet-ccc) is configured 
 * at the global level - NOT at logical system level
 */
interface {
    ge-1/1/1 {
        encapsulation ethernet-ccc;
        unit 0 {
            description "PE2->CE2 | Physical interface";
        }    
    }
}


protocols {
    mpls {
        /* PE2->P3 */
        interface lt-0/0/10.123;
    }
    bgp {
        group PE1 {
            type internal;              
            local-address 12.12.12.12;
            family l2vpn {
                signaling;
            }
            neighbor 11.11.11.11;
        }
    }
    ospf {
        area 0.0.0.0 {
            /* PE2->P3 */
            interface lt-0/0/10.123;
            /* PE2 Loopback */
            interface lo0.12;
        }
    }
    ldp {
        /* PE2->P3 */
        interface lt-0/0/10.123;
        /* PE2 Loopback */
        interface lo0.12;
    }
}
routing-instances {
    L2VPN_1 {
        instance-type l2vpn;
        interface ge-1/1/1.0;           
        route-distinguisher 12.12.12.12:1001;
        vrf-target target:100:1001;
        protocols {
            l2vpn {
                encapsulation-type ethernet;
                site CE2 {
                    site-identifier 2;
                    interface ge-1/1/1.0 {
                        remote-site-id 1;
                    }
                }
            }
        }
    }
}

Verification

pe1@MX:PE1> show bgp summary          
Groups: 1 Peers: 1 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.l2vpn.0          
                       1          1          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
12.12.12.12             100         63         64       0       0       26:27 Establ
  bgp.l2vpn.0: 1/1/1/0
  L2VPN_1.l2vpn.0: 1/1/1/0

pe1@MX:PE1> show route receive-protocol bgp 12.12.12.12 detail 

inet.0: 24 destinations, 25 routes (24 active, 0 holddown, 0 hidden)

inet.3: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)

mpls.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)

bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
*  12.12.12.12:1001:2:1/96 (1 entry, 0 announced)
     Import Accepted
     Route Distinguisher: 12.12.12.12:1001
     Label-base: 800000, range: 2, status-vector: 0x0 
     Nexthop: 12.12.12.12
     Localpref: 100
     AS path: I
     Communities: target:100:1001 Layer2-info: encaps:ETHERNET, control flags:Control-Word, mtu: 0, site preference: 100

L2VPN_1.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)

*  12.12.12.12:1001:2:1/96 (1 entry, 1 announced)
     Import Accepted
     Route Distinguisher: 12.12.12.12:1001
     Label-base: 800000, range: 2, status-vector: 0x0 
     Nexthop: 12.12.12.12
     Localpref: 100
     AS path: I                         
     Communities: target:100:1001 Layer2-info: encaps:ETHERNET, control flags:Control-Word, mtu: 0, site preference: 100

pe1@MX:PE1> show route table l2vpn    

L2VPN_1.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

11.11.11.11:1001:1:1/96                
                   *[L2VPN/170/-101] 00:08:09, metric2 1
                      Indirect
12.12.12.12:1001:2:1/96                
                   *[BGP/170] 00:08:09, localpref 100, from 12.12.12.12
                      AS path: I
                    > to 100.1.11.1 via lt-0/0/10.1101, Push 300016

pe1@MX:PE1> show l2vpn connections | find L2VPN_1     

Instance: L2VPN_1
  Local site: CE1 (1)
    connection-site           Type  St     Time last up          # Up trans
    2                         rmt   Up     Jul 20 06:13:15 2014           1
      Remote PE: 12.12.12.12, Negotiated control-word: Yes (Null)
      Incoming label: 800001, Outgoing label: 800000
      Local interface: ge-1/1/0.0, Status: Up, Encapsulation: ETHERNET

LDP based L2CKT

Configuration

PE1#

/* If logical systems are used for the lab, then 
 * The physical interface encapsulation (ethernet-ccc) is configured 
 * at the global level - NOT at logical system level
 */
 interface {
    ge-1/1/0 {
        encapsulation ethernet-ccc;
        unit 0 {
            description "PE1->CE1 | Physical interface";
        }    
    }
}

protocols {
    mpls {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
    }
    ospf {
        area 0.0.0.0 {                  
            /* PE1 Loopback */
            interface lo0.11;
            /* PE1->P1 */
            interface lt-0/0/10.1101;
        }
    }
    ldp {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
        /* PE1 Loopback */
        interface lo0.11;
    }
    l2circuit {
        neighbor 12.12.12.12 {
            interface ge-1/1/0.0 {
                virtual-circuit-id 1;
                no-control-word;
                ignore-mtu-mismatch;
            }
        }
    }
}



PE2#

 interface {
    ge-1/1/1 {
        encapsulation ethernet-ccc;
        unit 0 {
            description "PE2->CE2 | Physical interface";
        }    
    }
}


protocols {
    mpls {
        /* PE2->P3 */
        interface lt-0/0/10.123;
    }
    ospf {
        area 0.0.0.0 {
            /* PE2->P3 */               
            interface lt-0/0/10.123;
            /* PE2 Loopback */
            interface lo0.12;
        }
    }
    ldp {
        /* PE2->P3 */
        interface lt-0/0/10.123;
        /* PE2 Loopback */
        interface lo0.12;
    }
    l2circuit {
        neighbor 11.11.11.11 {
            interface ge-1/1/1.0 {
                virtual-circuit-id 1;
                no-control-word;
                ignore-mtu-mismatch;
            }
        }
    }
}

Verification

Confirm that LDP sessions are up not only between local routers PE1-P1, but also via remote targeted LDP session PE1–PE2

pe1@MX:PE1> show ldp neighbor    
Address            Interface          Label space ID         Hold time
12.12.12.12        lo0.11             12.12.12.12:0            42
100.1.11.1         lt-0/0/10.1101     1.1.1.1:0                14


pe1@MX:PE1> show ldp database 
Input label database, 11.11.11.11:0--1.1.1.1:0
  Label     Prefix
      3     1.1.1.1/32
 299776     2.2.2.2/32
 299792     3.3.3.3/32
 299840     4.4.4.4/32
 299808     5.5.5.5/32
 299824     6.6.6.6/32
 299952     11.11.11.11/32
 299968     12.12.12.12/32

Output label database, 11.11.11.11:0--1.1.1.1:0
  Label     Prefix
 300112     1.1.1.1/32
 300128     2.2.2.2/32
 300144     3.3.3.3/32
 300192     4.4.4.4/32
 300160     5.5.5.5/32
 300176     6.6.6.6/32
      3     11.11.11.11/32
 300224     12.12.12.12/32

Input label database, 11.11.11.11:0--12.12.12.12:0
  Label     Prefix
 300160     1.1.1.1/32
 300144     2.2.2.2/32
 300128     3.3.3.3/32                  
 300208     4.4.4.4/32
 300176     5.5.5.5/32
 300192     6.6.6.6/32
 300224     11.11.11.11/32
      3     12.12.12.12/32
 300112     L2CKT NoCtrlWord ETHERNET VC 1

Output label database, 11.11.11.11:0--12.12.12.12:0
  Label     Prefix
 300112     1.1.1.1/32
 300128     2.2.2.2/32
 300144     3.3.3.3/32
 300192     4.4.4.4/32
 300160     5.5.5.5/32
 300176     6.6.6.6/32
      3     11.11.11.11/32
 300224     12.12.12.12/32
 300208     L2CKT NoCtrlWord ETHERNET VC 1

Confirm that the L2CKT is up for the P2P connection between PE1–PE2. If the session is not up, then we may need to check MTU, encapsulation, VC ID.

pe1@MX:PE1> show l2circuit connections | find Neighbor       
Neighbor: 12.12.12.12 
    Interface                 Type  St     Time last up          # Up trans
    ge-1/1/0.0(vc 1)          rmt   Up     Jul 20 05:27:32 2014           1
      Remote PE: 12.12.12.12, Negotiated control-word: No
      Incoming label: 300208, Outgoing label: 300112
      Negotiated PW status TLV: No
      Local interface: ge-1/1/0.0, Status: Up, Encapsulation: ETHERNET
      

BGP based VPLS

Configuration

PE1#

/* If Logical Systems are used for the lab
 * Note that the physical interface encapsulation of ethernet-vpls
 * is configured at the global level - Not at logical system level
 */
interface {
    ge-1/1/0 {
        encapsulation ethernet-vpls;
        unit 0 {
            description "PE1->CE1 | Physical interface";
        }    
    }
}

protocols {
    mpls {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
    }
    bgp {
        group PE2 {                     
            type internal;
            local-address 11.11.11.11;
            family l2vpn {
                signaling;
            }
            neighbor 12.12.12.12;
        }
    }
    ospf {
        area 0.0.0.0 {
            /* PE1->P1 */
            interface lt-0/0/10.1101;
            /* PE1 Loopback */
            interface lo0.11;
        }
    }
    ldp {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
        /* PE1 Loopback */
        interface lo0.11;
    }
}
routing-instances {
    VPLS_1 {
        instance-type vpls;             
        interface ge-1/1/0.0;
        route-distinguisher 11.11.11.11:1001;
        vrf-target target:100:1001;
        protocols {
            vpls {
                site-range 10;
                site CE1 {
                    site-identifier 1;
                    interface ge-1/1/0.0;
                }
            }
        }
    }
}



PE2#

interface {
    ge-1/1/1 {
        encapsulation ethernet-vpls;
        unit 0 {
            description "PE2->CE2 | Physical interface";
        }    
    }
}
protocols {
    mpls {
        /* PE2->P3 */
        interface lt-0/0/10.123;
    }
    bgp {
        family l2vpn {
            signaling;                  
        }
        group PE1 {
            type internal;
            local-address 12.12.12.12;
            neighbor 11.11.11.11;
        }
    }
    ospf {
        area 0.0.0.0 {
            /* PE2->P3 */
            interface lt-0/0/10.123;
            /* PE2 Loopback */
            interface lo0.12;
        }
    }
    ldp {
        /* PE2->P3 */
        interface lt-0/0/10.123;
        /* PE2 Loopback */
        interface lo0.12;
    }
}
routing-instances {
    VPLS_1 {
        instance-type vpls;
        interface ge-1/1/1.0;           
        route-distinguisher 12.12.12.12:1001;
        vrf-target target:100:1001;
        protocols {
            vpls {
                site-range 10;
                site CE2 {
                    site-identifier 2;
                    interface ge-1/1/1.0;
                }
            }
        }
    }
}

Verification

Verify that BGP is up, and exchange routes.

pe1@MX:PE1> show route receive-protocol bgp 12.12.12.12 
...
bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  12.12.12.12:1001:2:1/96                    
*                         12.12.12.12                  100        I

VPLS_1.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  12.12.12.12:1001:2:1/96                    
*                         12.12.12.12                  100        I

pe1@MX:PE1> show route advertising-protocol bgp 12.12.12.12 

VPLS_1.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  11.11.11.11:1001:1:1/96                    
*                         Self                         100        I

pe1@MX:PE1> show route table VPLS_1 extensive 

VPLS_1.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
 11.11.11.11:1001:1:1/96 (1 entry, 1 announced)
TSI:
Page 0 idx 0 Type 1 val 27912b4
    Flags: Nexthop Change
    Nexthop: Self
    Localpref: 100
    AS path: [100] I
    Communities: target:100:1001 Layer2-info: encaps:VPLS, control flags:, mtu: 0, site preference: 100
Path 11.11.11.11:1001:1:1 Vector len 4.  Val: 0
        *L2VPN  Preference: 170/-101
                Next hop type: Indirect
                Address: 0x28183ec
                Next-hop reference count: 2
                Protocol next hop: 11.11.11.11
                Indirect next hop: 0 -
                State: 
                Age: 14:33      Metric2: 1 
                Task: VPLS_1-l2vpn
                Announcement bits (1): 1-BGP_RT_Background 
                AS path: I
                Communities: Layer2-info: encaps:VPLS, control flags:, mtu: 0, site preference: 100
                Label-base: 800008, range: 8, status-vector: 0x3F 

 12.12.12.12:1001:2:1/96 (1 entry, 1 announced)
        *BGP    Preference: 170/-101    
                Route Distinguisher: 12.12.12.12:1001
                Next hop type: Indirect
                Address: 0x281935c
                Next-hop reference count: 5
                Source: 12.12.12.12
                Protocol next hop: 12.12.12.12
                Indirect next hop: 2 no-forward
                State: 
                Local AS:   100 Peer AS:   100
                Age: 14:10      Metric2: 1 
                Task: BGP_100.12.12.12.12+65086
                Announcement bits (1): 0-VPLS_1-l2vpn 
                AS path: I
                Communities: target:100:1001 Layer2-info: encaps:VPLS, control flags:, mtu: 0, site preference: 100
                Import Accepted
                Label-base: 800008, range: 8
                Localpref: 100
                Router ID: 12.12.12.12
                Primary Routing Table bgp.l2vpn.0
                Indirect next hops: 1
                        Protocol next hop: 12.12.12.12 Metric: 1
                        Indirect next hop: 2 no-forward
                        Indirect path forwarding next hops: 1
                                Next hop type: Router
                                Next hop: 100.1.11.1 via lt-0/0/10.1101
                        12.12.12.12/32 Originating RIB: inet.3
                          Metric: 1                       Node path count: 1
                          Forwarding nexthops: 1
                                Nexthop: 100.1.11.1 via lt-0/0/10.1101

Verify VPLS connections

pe1@MX:PE1> show vpls connections | find VPLS_1              

Instance: VPLS_1
  Local site: CE1 (1)
    connection-site           Type  St     Time last up          # Up trans
    2                         rmt   Up     Jul 20 03:06:23 2014           1
      Remote PE: 12.12.12.12, Negotiated control-word: No
      Incoming label: 800009, Outgoing label: 800008
      Local interface: vt-1/0/10.168821250, Status: Up, Encapsulation: VPLS
        Description: Intf - vpls VPLS_1 local site 1 remote site 2

pe1@MX:PE1> show vpls connections extensive | find VPLS_1    

Instance: VPLS_1
  Local site: CE1 (1)
    Number of local interfaces: 1
    Number of local interfaces up: 1
    IRB interface present: no
    ge-1/1/0.0         
    vt-1/0/10.168821250 2         Intf - vpls VPLS_1 local site 1 remote site 2
    Label-base        Offset     Size  Range     Preference
    800008            1          8      8         100   
    connection-site           Type  St     Time last up          # Up trans
    2                         rmt   Up     Jul 20 03:06:23 2014           1
      Remote PE: 12.12.12.12, Negotiated control-word: No
      Incoming label: 800009, Outgoing label: 800008
      Local interface: vt-1/0/10.168821250, Status: Up, Encapsulation: VPLS
        Description: Intf - vpls VPLS_1 local site 1 remote site 2
    Connection History:
        Jul 20 03:06:23 2014  status update timer  
        Jul 20 03:06:23 2014  loc intf up           vt-1/0/10.168821250
        Jul 20 03:06:23 2014  PE route changed     
        Jul 20 03:06:23 2014  Out lbl Update                    800008
        Jul 20 03:06:23 2014  In lbl Update                     800009
        Jul 20 03:06:23 2014  loc intf down        

Check VPLS MAC table, and statistics

pe1@MX:PE1> show vpls mac-table    

MAC flags (S -static MAC, D -dynamic MAC, L -locally learned
           SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)

Logical system   : PE1
Routing instance : VPLS_1
 Bridging domain : __VPLS_1__, VLAN : NA
   MAC                 MAC      Logical
   address             flags    interface 
   a8:d0:e5:55:26:50   D        ge-1/1/0.0           
   a8:d0:e5:55:26:51   D        vt-1/0/10.168821250  

pe1@MX:PE1> show vpls statistics 
VPLS statistics:

Instance: VPLS_1
   Local interface: ge-1/1/0.0, Index: 330
     Broadcast packets:                     5
     Broadcast bytes  :                   300
     Multicast packets:                     0
     Multicast bytes  :                     0
     Flooded packets  :                     1
     Flooded bytes    :                    98
     Unicast packets  :                  1010
     Unicast bytes    :                 98942
     Current MAC count:                     1 (Limit 1024)
   Local interface: vt-1/0/10.168821250, Index: 334
   Remote PE: 12.12.12.12
     Broadcast packets:                     2
     Broadcast bytes  :                   120
     Multicast packets:                     0
     Multicast bytes  :                     0
     Flooded packets  :                     0
     Flooded bytes    :                     0
     Unicast packets  :                  1006
     Unicast bytes    :                 98588
     Current MAC count:                     1

LDP based VPLS

Configuration

PE1#

/* If Logical Systems are used for the lab
 * Note that the physical interface encapsulation of ethernet-vpls
 * is configured at the global level - Not at logical system level
 */
interface {
    ge-1/1/0 {
        encapsulation ethernet-vpls;
        unit 0 {
            description "PE1->CE1 | Physical interface";
        }    
    }
}


protocols {
    mpls {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
    }
    ospf {
        area 0.0.0.0 {                  
            /* PE1->P1 */
            interface lt-0/0/10.1101;
            /* PE1 Loopback */
            interface lo0.11;
        }
    }
    ldp {
        /* PE1->P1 */
        interface lt-0/0/10.1101;
        /* PE1 Loopback */
        interface lo0.11;
    }
}
routing-instances {
    VPLS_1 {
        instance-type vpls;
        /* PE1->CE1 */
        interface ge-1/1/0.0;
        protocols {
            vpls {
                vpls-id 1001;
                neighbor 12.12.12.12;
            }
        }
    }
}


PE2#

interface {
    ge-1/1/1 {
        encapsulation ethernet-vpls;
        unit 0 {
            description "PE2->CE2 | Physical interface";
        }    
    }
}
protocols {
    mpls {
        /* PE2->P3 */
        interface lt-0/0/10.123;
    }
    ospf {
        area 0.0.0.0 {
            /* PE2->P3 */               
            interface lt-0/0/10.123;
            /* PE2 Loopback */
            interface lo0.12;
        }
    }
    ldp {
        /* PE2->P3 */
        interface lt-0/0/10.123;
        /* PE2 Loopback */
        interface lo0.12;
    }
}
routing-instances {
    VPLS_1 {
        instance-type vpls;
        /* PE2->CE2 */
        interface ge-1/1/1.0;
        protocols {
            vpls {
                vpls-id 1001;
                neighbor 11.11.11.11;
            }
        }
    }
}

Verification

Check LDP database, note there are local LDP session between PE1–P1, as well as targeted LDP session between PE1–PE2

pe1@MX:PE1> show ldp database 
Input label database, 11.11.11.11:0--1.1.1.1:0
  Label     Prefix
      3     1.1.1.1/32
 299776     2.2.2.2/32
 299792     3.3.3.3/32
 299840     4.4.4.4/32
 299808     5.5.5.5/32
 299824     6.6.6.6/32
 299888     11.11.11.11/32
 299904     12.12.12.12/32

Output label database, 11.11.11.11:0--1.1.1.1:0
  Label     Prefix
 299888     1.1.1.1/32
 299904     2.2.2.2/32
 299920     3.3.3.3/32
 299968     4.4.4.4/32
 299936     5.5.5.5/32
 299952     6.6.6.6/32
      3     11.11.11.11/32
 299984     12.12.12.12/32

Input label database, 11.11.11.11:0--12.12.12.12:0
  Label     Prefix
 299920     1.1.1.1/32
 299904     2.2.2.2/32
 299888     3.3.3.3/32                  
 299968     4.4.4.4/32
 299936     5.5.5.5/32
 299952     6.6.6.6/32
 299984     11.11.11.11/32
      3     12.12.12.12/32 
 800000 L2CKT NoCtrlWord ETHERNET VC 1001


Output label database, 11.11.11.11:0--12.12.12.12:0
  Label     Prefix
 299888     1.1.1.1/32
 299904     2.2.2.2/32
 299920     3.3.3.3/32
 299968     4.4.4.4/32
 299936     5.5.5.5/32
 299952     6.6.6.6/32
      3     11.11.11.11/32
 299984     12.12.12.12/32
 800000     L2CKT NoCtrlWord ETHERNET VC 1001

Check the status of VPLS connections

pe1@MX:PE1> show vpls connections | find VPLS_1      

Instance: VPLS_1
  VPLS-id: 1001
    Neighbor                  Type  St     Time last up          # Up trans
    12.12.12.12(vpls-id 1001) rmt   Up     Jul 20 01:36:58 2014           1
      Remote PE: 12.12.12.12, Negotiated control-word: No
      Incoming label: 800000, Outgoing label: 800000
      Negotiated PW status TLV: No
      Local interface: vt-1/0/10.168820992, Status: Up, Encapsulation: ETHERNET
        Description: Intf - vpls VPLS_1 neighbor 12.12.12.12 vpls-id 1001


pe1@MX:PE1> show vpls connections extensive | find VPLS_1 

Instance: VPLS_1
  VPLS-id: 1001
    Number of local interfaces: 1
    Number of local interfaces up: 1
    ge-1/1/0.0         
    vt-1/0/10.168820992           Intf - vpls VPLS_1 neighbor 12.12.12.12 vpls-id 1001
    Neighbor                  Type  St     Time last up          # Up trans
    12.12.12.12(vpls-id 1001) rmt   Up     Jul 20 01:36:58 2014           1
      Remote PE: 12.12.12.12, Negotiated control-word: No
      Incoming label: 800000, Outgoing label: 800000
      Negotiated PW status TLV: No
      Local interface: vt-1/0/10.168820992, Status: Up, Encapsulation: ETHERNET
        Description: Intf - vpls VPLS_1 neighbor 12.12.12.12 vpls-id 1001
    Connection History:
        Jul 20 01:36:58 2014  status update timer  
        Jul 20 01:36:58 2014  PE route changed     
        Jul 20 01:36:58 2014  Out lbl Update                    800000
        Jul 20 01:36:58 2014  In lbl Update                     800000
        Jul 20 01:36:58 2014  loc intf up           vt-1/0/10.168820992

And check the VPLS statistics, MAC table

        
        
pe1@MX:PE1> show vpls statistics 
VPLS statistics:

Instance: VPLS_1
   Local interface: ge-1/1/0.0, Index: 326
     Broadcast packets:                     3
     Broadcast bytes  :                   180
     Multicast packets:                     0
     Multicast bytes  :                     0
     Flooded packets  :                     0
     Flooded bytes    :                     0
     Unicast packets  :                  1001
     Unicast bytes    :                 98098
     Current MAC count:                     0 (Limit 1024)
   Local interface: vt-1/0/10.168820992, Index: 333
   Remote PE: 12.12.12.12
     Broadcast packets:                     1
     Broadcast bytes  :                    60
     Multicast packets:                     0
     Multicast bytes  :                     0
     Flooded packets  :                     0
     Flooded bytes    :                     0
     Unicast packets  :                  1003
     Unicast bytes    :                 98218
     Current MAC count:                     0
     
pe1@MX:PE1> show vpls mac-table    

MAC flags (S -static MAC, D -dynamic MAC, L -locally learned
           SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)

Logical system   : PE1
Routing instance : VPLS_1
 Bridging domain : __VPLS_1__, VLAN : NA
   MAC                 MAC      Logical
   address             flags    interface 
   a8:d0:e5:55:26:50   D        ge-1/1/0.0           
   a8:d0:e5:55:26:51   D        vt-1/0/10.168820992  

Also, we may want to check the route table, and note the LDP, VPLS label entries in inet.3, mpls.0 & l2circuit.0

pe1@MX:PE1> show route | find inet.3         

inet.3: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.1/32         *[LDP/9] 00:25:10, metric 1
                    > to 100.1.11.1 via lt-0/0/10.1101
...
12.12.12.12/32     *[LDP/9] 00:25:10, metric 1
                    > to 100.1.11.1 via lt-0/0/10.1101, Push 299904

mpls.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 00:50:01, metric 1
                      Receive
1                  *[MPLS/0] 00:50:01, metric 1
                      Receive
2                  *[MPLS/0] 00:50:01, metric 1
                      Receive
299888             *[LDP/9] 00:25:10, metric 1
                    > to 100.1.11.1 via lt-0/0/10.1101, Pop      
299888(S=0)        *[LDP/9] 00:25:10, metric 1
                    > to 100.1.11.1 via lt-0/0/10.1101, Pop      
299904             *[LDP/9] 00:25:10, metric 1
                    > to 100.1.11.1 via lt-0/0/10.1101, Swap 299776
...
800000             *[VPLS/7] 00:35:29
                    > via vt-1/0/10.168820992, Pop      
vt-1/0/10.168820992*[VPLS/7] 00:35:29, metric2 1
                    > to 100.1.11.1 via lt-0/0/10.1101, Push 800000, Push 299904(top)

l2circuit.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

12.12.12.12:NoCtrlWord:5:1001:Local/96                
                   *[VPLS/7] 00:35:34, metric2 1
                    > to 100.1.11.1 via lt-0/0/10.1101, Push 299904
12.12.12.12:NoCtrlWord:5:1001:Remote/96                
                   *[LDP/9] 00:35:34
                      Discard

Inter-AS L3VPN Option B

In this post, we are going to go through the implementation and verification steps of Inter-AS Option B (defined in RFC4364 http://tools.ietf.org/html/rfc4364#page-32 ). Please refer to previous post Inter-AS Options to for the definitions, and differences of the three.

In option B implementation, ASBRs themselves are PE routers. They learn VPN-IPv4 routes from other PEs from the same AS via MP-iBGP (either directly or via Route Reflectors). The ASBR from one AS then have an eBGP session(s) with other AS ASBR to redistribute the VPN-IPv4 routes to the other AS. The later ASBR then redistributes those VPN-IPv4 labeled routes to the rest of the PEs belonging to that AS.

Topology

In this topology, we use Cisco IOS routers (R1 – R3) in AS100, as well as Juniper routers (R4 – R6) in AS200, just for demonstration of configuration and verification on both platforms. Typically for connectivity beween ASes, one eBGP session between ASBRs is sufficient. In this example, however, we set up two eBGP sessions between ASBR R3 and R4 to demonstrate VPN-based policy routing, by route filtering based on VPN route targets. We would like to route traffic for VPN1 via the first connection, and VPN2 via the other.

Configuration

R3-ASBR#

interface Loopback0
 description Management Loopback
 ip address 3.3.3.3 255.255.255.255
!
interface GigabitEthernet1.23
 description R3 -> R2-P
 encapsulation dot1Q 23
 ip address 20.2.3.3 255.255.255.0
 mpls ip
!
interface GigabitEthernet1.34
 description R3 -> R4 | First eBGP
 encapsulation dot1Q 34
 ip address 20.3.4.3 255.255.255.0
 mpls bgp forwarding
!
interface GigabitEthernet1.342
 description R3 -> R4 | Second eBGP
 encapsulation dot1Q 342
 ip address 20.3.42.3 255.255.255.0
 mpls bgp forwarding


! Enable OSPF
 
router ospf 1
 network 3.3.3.3 0.0.0.0 area 0
 network 20.2.3.3 0.0.0.0 area 0
!

! Enable MP-iBGP to other PE, and MP-eBGP to other ASBR
router bgp 100
 bgp log-neighbor-changes
 ! By default, PE do not accept VPNv4 routes 
 ! that do not belong to one of its VRF
 ! This command force it to learn & propagate all routes to other PEs.
 no bgp default route-target filter
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 20.3.4.4 remote-as 200
 neighbor 20.3.42.4 remote-as 200
 !
 address-family ipv4
  no neighbor 1.1.1.1 activate
  no neighbor 20.3.4.4 activate
  no neighbor 20.3.42.4 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
  neighbor 1.1.1.1 next-hop-self
  neighbor 20.3.4.4 activate
  neighbor 20.3.4.4 send-community extended
  neighbor 20.3.42.4 activate
  neighbor 20.3.42.4 send-community extended
 exit-address-family
 

! Policy to only import and export VPN2 routes via the second eBGP connection
! We can apply a similar policy on the first eBGP connection on R3
! But for demonstration purpose, we choose to apply that policy on R4 (Junos)

ip extcommunity-list standard Community_VPN2 permit rt 100:2
ip extcommunity-list standard Community_VPN2 permit rt 200:2
!
route-map VPN2-EXPORT-ONLY permit 10
 match extcommunity Community_VPN2
!
route-map VPN2-EXPORT-ONLY deny 1000
 description Deny all else
!
route-map VPN2-IMPORT-ONLY permit 10
 match extcommunity Community_VPN2
 set local-preference 200
!
route-map VPN2-IMPORT-ONLY deny 1000
 description Deny all else
!
router bgp 100 
 address-family vpnv4
  neighbor 20.3.42.4 route-map VPN2-IMPORT-ONLY in
  neighbor 20.3.42.4 route-map VPN2-EXPORT-ONLY out
 exit-address-family 
 
  


R4-ASBR# 

interfaces {
    ge-0/0/1 {
        vlan-tagging;
        unit 34 {
            description "R4 -> R3 | First eBGP";
            vlan-id 34;
            family inet {
                address 20.3.4.4/24;
            }                           
            family mpls;
        }
        unit 45 {
            description "R4 -> R5";
            vlan-id 45;
            family inet {
                address 20.4.5.4/24;
            }
            family mpls;
        }
        unit 342 {
            description "R4 -> R3 | Second eBGP";
            vlan-id 342;
            family inet {
                address 20.3.42.4/24;
            }
            family mpls;
        }
    }
    lo0 {
        unit 0 {
            description "Management Loopback";
            family inet {
                address 4.4.4.4/32;     
            }
            family mpls;
        }
    }
}


routing-options {
    router-id 4.4.4.4;
    autonomous-system 200;
}
protocols {
    mpls {
        interface ge-0/0/1.45;
        interface ge-0/0/1.34;
        interface ge-0/0/1.342;
    }
    bgp {
        group IBGP {
            type internal;
            local-address 4.4.4.4;
            family inet-vpn {
                unicast;
            }
            export next-hop-self;
            neighbor 6.6.6.6;           
        }
        group EBGP1 {
            type external;
            description "L3VPN Inter-AS";
            import VPN1-IMPORT-ONLY;
            family inet-vpn {
                unicast;
            }
            export VPN1-EXPORT-ONLY;
            neighbor 20.3.4.3 {
                peer-as 100;
            }
        }
        group EBGP2 {
            type external;
            description "2nd L3VPN Inter-AS";
            family inet-vpn {
                unicast;
            }
            neighbor 20.3.42.3 {
                peer-as 100;
            }
        }
    }                                   
    ospf {
        area 0.0.0.0 {
            interface ge-0/0/1.45;
            interface lo0.0;
        }
    }
    ldp {
        interface ge-0/0/1.45;
        interface lo0.0;
    }
}



policy-options {
    policy-statement VPN1-EXPORT-ONLY {
        term VPN1 {
            from community [ Community_100_1 Community_200_1 ];
            then accept;
        }
        term Reject-All {
            then reject;
        }
    }
    policy-statement VPN1-IMPORT-ONLY {
        term VPN1 {
            from community Community_100_1;
            then {                      
                local-preference 200;   
                accept;                 
            }
        }
        term Reject-All {
            then reject;
        }
    }
    policy-statement next-hop-self {
        then {
            next-hop self;
        }
    }
    community Community_100_1 members target:100:1;
    community Community_100_2 members target:100:2;
    community Community_200_1 members target:200:1;
    community Community_200_2 members target:200:2;
}





/// Other router configuration

R1-PE#
!
hostname R1-PE
!
ip vrf VPN1
 rd 1.1.1.1:1
 route-target export 100:1
 route-target import 100:1
 route-target import 200:1
!
ip vrf VPN2
 rd 1.1.1.1:2
 route-target export 100:2
 route-target import 100:2
 route-target import 200:2

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
 ip vrf forwarding VPN1
 ip address 10.1.1.1 255.255.255.0
!
interface Loopback2
 ip vrf forwarding VPN2
 ip address 10.1.2.1 255.255.255.0
!
interface GigabitEthernet1.12
 encapsulation dot1Q 12
 ip address 20.1.2.1 255.255.255.0
 mpls ip
!
router ospf 1
 network 1.1.1.1 0.0.0.0 area 0
 network 20.1.2.1 0.0.0.0 area 0
!
router bgp 100
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 100
 neighbor 3.3.3.3 update-source Loopback0
 !
 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf VPN1
  redistribute connected
 exit-address-family
 !
 address-family ipv4 vrf VPN2
  redistribute connected
 exit-address-family
!


R2-P#

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet1.12
 encapsulation dot1Q 12
 ip address 20.1.2.2 255.255.255.0
 mpls ip
!
interface GigabitEthernet1.23
 encapsulation dot1Q 23
 ip address 20.2.3.2 255.255.255.0
 mpls ip
!
router ospf 1
 network 2.2.2.2 0.0.0.0 area 0
 network 20.1.2.2 0.0.0.0 area 0
 network 20.2.3.2 0.0.0.0 area 0
 
 





lab@R5-P> show configuration

interfaces {
    ge-0/0/1 {
        vlan-tagging;
        unit 45 {
            vlan-id 45;
            family inet {
                address 20.4.5.5/24;
            }
            family mpls;                
        }
        unit 56 {
            vlan-id 56;
            family inet {
                address 20.5.6.5/24;
            }
            family mpls;
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 5.5.5.5/32;
            }
            family mpls;
        }
    }
}
routing-options {
    router-id 5.5.5.5;
    autonomous-system 200;
}
protocols {
    mpls {                              
        interface ge-0/0/1.45;
        interface ge-0/0/1.56;
    }
    ospf {
        area 0.0.0.0 {
            interface lo0.0;
            interface ge-0/0/1.45;
            interface ge-0/0/1.56;
        }
    }
    ldp {
        interface ge-0/0/1.45;
        interface ge-0/0/1.56;
        interface lo0.0;
    }
}



lab@R6-PE> show configuration 

interfaces {
    ge-0/0/1 {
        vlan-tagging;
        unit 56 {
            vlan-id 56;
            family inet {
                address 20.5.6.6/24;
            }
            family mpls;                
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 6.6.6.6/32;
            }
            family mpls;
        }
        unit 1 {
            family inet {
                address 10.6.1.1/24;
            }
        }
        unit 2 {
            family inet {
                address 10.6.2.1/24;
            }
        }
    }
}
routing-options {
    router-id 6.6.6.6;
    autonomous-system 200;              
}
protocols {
    mpls {
        interface ge-0/0/1.56;
    }
    bgp {
        group IBGP {
            type internal;
            local-address 6.6.6.6;
            family inet-vpn {
                unicast;
            }
            neighbor 4.4.4.4;
        }
    }
    ospf {
        area 0.0.0.0 {
            interface lo0.0;
            interface ge-0/0/1.56;
        }
    }
    ldp {
        interface ge-0/0/1.56;
        interface lo0.0;                
    }
}
policy-options {
    policy-statement VPN1-EXPORT {
        then {
            community add Community_200_1;
            accept;
        }
    }
    policy-statement VPN1-IMPORT {
        term Import {
            from community [ Community_200_1 Community_100_1 ];
            then accept;
        }
    }
    policy-statement VPN2-EXPORT {
        then {
            community add Community_200_2;
            accept;
        }
    }
    policy-statement VPN2-IMPORT {
        term Import {
            from community [ Community_200_2 Community_100_2 ];
            then accept;
        }
    }
    community Community_100_1 members target:100:1;
    community Community_100_2 members target:100:2;
    community Community_200_1 members target:200:1;
    community Community_200_2 members target:200:2;
}

routing-instances { 
    VPN1 {
        instance-type vrf;
        interface lo0.1;
        route-distinguisher 6.6.6.6:1;
        vrf-import VPN1-IMPORT;
        vrf-export VPN1-EXPORT;
    }
    VPN2 {
        instance-type vrf;
        interface lo0.2;
        route-distinguisher 6.6.6.6:2;
        vrf-import VPN2-IMPORT;
        vrf-export VPN2-EXPORT;
    }
}

Verification

R3-ASBR#show ip bgp vpnv4 all         
BGP table version is 31, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:1
 *>i 10.1.1.0/24      1.1.1.1                  0    100      0 ?
Route Distinguisher: 1.1.1.1:2
 *>i 10.1.2.0/24      1.1.1.1                  0    100      0 ?
Route Distinguisher: 6.6.6.6:1
 *>  10.6.1.0/24      20.3.4.4                               0 200 i
 *>  10.6.1.1/32      20.3.4.4                               0 200 i
Route Distinguisher: 6.6.6.6:2
 *>  10.6.2.0/24      20.3.42.4                     200      0 200 i
 *>  10.6.2.1/32      20.3.42.4                     200      0 200 i
 
 
R3-ASBR#show mpls forwarding-table 
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    
Label      Label      or Tunnel Id     Switched      interface              
16         Pop Label  20.3.4.4/32      0             Gi1.34     20.3.4.4    
17         Pop Label  20.3.42.4/32     0             Gi1.342    20.3.42.4   
18         Pop Label  2.2.2.2/32       0             Gi1.23     20.2.3.2    
19         Pop Label  20.1.2.0/24      0             Gi1.23     20.2.3.2    
20         16         1.1.1.1/32       0             Gi1.23     20.2.3.2    
27         300976     6.6.6.6:1:10.6.1.0/24   \
                                       0             Gi1.34     20.3.4.4    
28         300992     6.6.6.6:1:10.6.1.1/32   \
                                       0             Gi1.34     20.3.4.4    
29         301008     6.6.6.6:2:10.6.2.0/24   \
                                       0             Gi1.342    20.3.42.4   
30         301024     6.6.6.6:2:10.6.2.1/32   \
                                       0             Gi1.342    20.3.42.4   
31         18         1.1.1.1:1:10.1.1.0/24   \
                                       0             Gi1.23     20.2.3.2    
32         19         1.1.1.1:2:10.1.2.0/24   \
                                       0             Gi1.23     20.2.3.2  



lab@R4-ASBR> show route                 

inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
...

inet.3: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

5.5.5.5/32         *[LDP/9] 02:27:16, metric 1
                    > to 20.4.5.5 via ge-0/0/1.45
6.6.6.6/32         *[LDP/9] 02:27:16, metric 1
                    > to 20.4.5.5 via ge-0/0/1.45, Push 301040

mpls.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 06:09:45, metric 1
                      Receive
1                  *[MPLS/0] 06:09:45, metric 1
                      Receive
2                  *[MPLS/0] 06:09:45, metric 1
                      Receive
13                 *[MPLS/0] 06:09:45, metric 1
                      Receive
300944             *[LDP/9] 02:27:16, metric 1
                    > to 20.4.5.5 via ge-0/0/1.45, Pop      
300944(S=0)        *[LDP/9] 02:27:16, metric 1
                    > to 20.4.5.5 via ge-0/0/1.45, Pop      
300960             *[LDP/9] 02:27:16, metric 1
                    > to 20.4.5.5 via ge-0/0/1.45, Swap 301040
300976             *[VPN/170] 02:27:08, metric2 1, from 6.6.6.6
                    > to 20.4.5.5 via ge-0/0/1.45, Swap 300080, Push 301040(top)
300992             *[VPN/170] 02:27:08, metric2 1, from 6.6.6.6
                    > to 20.4.5.5 via ge-0/0/1.45, Swap 300096, Push 301040(top)
301008             *[VPN/170] 02:27:08, metric2 1, from 6.6.6.6
                    > to 20.4.5.5 via ge-0/0/1.45, Swap 300112, Push 301040(top)
301024             *[VPN/170] 02:27:08, metric2 1, from 6.6.6.6
                    > to 20.4.5.5 via ge-0/0/1.45, Swap 300128, Push 301040(top)
301040             *[VPN/170] 02:26:38
                    > to 20.3.4.3 via ge-0/0/1.34, Swap 31
301056             *[VPN/170] 02:26:38
                    > to 20.3.42.3 via ge-0/0/1.342, Swap 32
                                        
bgp.l3vpn.0: 6 destinations, 7 routes (6 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.1:1:10.1.1.0/24                
                   *[BGP/170] 02:26:38, localpref 200
                      AS path: 100 ?
                    > to 20.3.4.3 via ge-0/0/1.34, Push 31
1.1.1.1:2:10.1.2.0/24                
                   *[BGP/170] 02:26:38, localpref 100
                      AS path: 100 ?
                    > to 20.3.42.3 via ge-0/0/1.342, Push 32
6.6.6.6:1:10.6.1.0/24                
                   *[BGP/170] 02:27:08, localpref 100, from 6.6.6.6
                      AS path: I
                    > to 20.4.5.5 via ge-0/0/1.45, Push 300080, Push 301040(top)
6.6.6.6:1:10.6.1.1/32                
                   *[BGP/170] 02:27:08, localpref 100, from 6.6.6.6
                      AS path: I
                    > to 20.4.5.5 via ge-0/0/1.45, Push 300096, Push 301040(top)
6.6.6.6:2:10.6.2.0/24                
                   *[BGP/170] 02:27:08, localpref 100, from 6.6.6.6
                      AS path: I
                    > to 20.4.5.5 via ge-0/0/1.45, Push 300112, Push 301040(top)
6.6.6.6:2:10.6.2.1/32                   
                   *[BGP/170] 02:27:08, localpref 100, from 6.6.6.6
                      AS path: I
                    > to 20.4.5.5 via ge-0/0/1.45, Push 300128, Push 301040(top)
                    
                    




Verification on PE routers


R1-PE#sh ip route vrf VPN1

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.1.1.0/24 is directly connected, Loopback1
L        10.1.1.1/32 is directly connected, Loopback1
B        10.6.1.0/24 [200/0] via 3.3.3.3, 02:30:47
B        10.6.1.1/32 [200/0] via 3.3.3.3, 02:30:47


R1-PE#sh ip bgp vpnv4 vrf VPN1 10.6.1.0/24
BGP routing table entry for 1.1.1.1:1:10.6.1.0/24, version 20
Paths: (1 available, best #1, table VPN1)
  Not advertised to any peer
  Refresh Epoch 1
  200, imported path from 6.6.6.6:1:10.6.1.0/24 (global)
    3.3.3.3 (metric 3) from 3.3.3.3 (3.3.3.3)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Extended Community: RT:200:1
      mpls labels in/out nolabel/27
      rx pathid: 0, tx pathid: 0x0
      
lab@R6-PE> show route 

inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
...

inet.3: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

4.4.4.4/32         *[LDP/9] 02:33:44, metric 1
                    > to 20.5.6.5 via ge-0/0/1.56, Push 301056
5.5.5.5/32         *[LDP/9] 02:33:46, metric 1
                    > to 20.5.6.5 via ge-0/0/1.56

VPN1.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.1.1.0/24        *[BGP/170] 02:33:06, localpref 200, from 4.4.4.4
                      AS path: 100 ?
                    > to 20.5.6.5 via ge-0/0/1.56, Push 301040, Push 301056(top)
10.6.1.0/24        *[Direct/0] 03:58:06
                    > via lo0.1
10.6.1.1/32        *[Local/0] 03:58:06
                      Local via lo0.1

VPN2.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
                                        
10.1.2.0/24        *[BGP/170] 02:33:06, localpref 100, from 4.4.4.4
                      AS path: 100 ?
                    > to 20.5.6.5 via ge-0/0/1.56, Push 301056, Push 301056(top)
10.6.2.0/24        *[Direct/0] 03:58:06
                    > via lo0.2
10.6.2.1/32        *[Local/0] 03:58:06
                      Local via lo0.2

mpls.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 04:35:27, metric 1
                      Receive
1                  *[MPLS/0] 04:35:27, metric 1
                      Receive
2                  *[MPLS/0] 04:35:27, metric 1
                      Receive
13                 *[MPLS/0] 04:35:27, metric 1
                      Receive
300048             *[LDP/9] 02:33:46, metric 1
                    > to 20.5.6.5 via ge-0/0/1.56, Pop      
300048(S=0)        *[LDP/9] 02:33:46, metric 1
                    > to 20.5.6.5 via ge-0/0/1.56, Pop      
300064             *[LDP/9] 02:33:44, metric 1
                    > to 20.5.6.5 via ge-0/0/1.56, Swap 301056
300080             *[VPN/170] 02:33:36
                      receive table VPN1.inet.0, Pop      
300096             *[VPN/170] 02:33:36
                      receive table VPN1.inet.0, Pop      
300112             *[VPN/170] 02:33:36
                      receive table VPN2.inet.0, Pop      
300128             *[VPN/170] 02:33:36
                      receive table VPN2.inet.0, Pop      

bgp.l3vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.1:1:10.1.1.0/24                
                   *[BGP/170] 02:33:06, localpref 200, from 4.4.4.4
                      AS path: 100 ?
                    > to 20.5.6.5 via ge-0/0/1.56, Push 301040, Push 301056(top)
1.1.1.1:2:10.1.2.0/24                
                   *[BGP/170] 02:33:06, localpref 100, from 4.4.4.4
                      AS path: 100 ?
                    > to 20.5.6.5 via ge-0/0/1.56, Push 301056, Push 301056(top)

Inter-AS L3VPN Options

In certain cases, we need to connect L3VPN sites across multiple ASes, e.g. to join VPN sites provided by multiple ISPs. In this post, we are going to discuss three main options to deliver L3VPN across multiple ASes defined in RFC4364 ( http://tools.ietf.org/html/rfc4364#page-32 ). They are options A, B, C, also known as options 10A, 10B, 10C, because they are defined in section 10 – Multi-AS Backbones in RFC4364. The complexity increasing from A to B to C.

Option A: VRF-to-VRF connections at ASBR routers

This option is also referred to as “back-to-back” VRF, where at least one connection (typically one VLAN) is required to connect one VPN from one AS to the corresponding VPN in the other AS. Multiple eBGP peering sessions are used to exchange no-labeled IPv4 routes between ASes. There are no MPLS labels exchanged between ASBRs at all, and each ASBR will treat the other as if it were a CE router. This option is simple, but not scalable because a new sub-interface and new a new eBGP peering is required for each new VPN.

Option B: eBGP redistribution of labeled VPN-IPv4 routes from one AS to the other

In this option, iBGP is used to redistribute VPN-IPv4 routes between their PEs within an AS. The ASBR then uses eBGP to redistribute those labeled VPN-IPv4 routes to the ASBR in the other AS. The later ASBR then redistributes those VPN-IPv4 labeled routes to the rest of the PEs (via a direct iBGP peering session, or via Route Reflectors).

Typically one eBGP peering session is required between a pair of ASBRs, as compared to multiple ones (one per VPN) in option A. As the result Option B is more scalable than Option A. To make the memory usage more scalable, when there are multiple Inter-AS connections via multiple ASBRs, then ASBRs do not need to hold all routes from all VPNs. One ASBR can hold routes for a set of VPNs, and other ASBR can hold different sets of routes. This can be done by RT filters when the routes are exchanged via eBGP.

Option C: Multi-hop eBGP redistribution of labeled VPN VPN-IPv4 routes between PEs of source & destination ASes, with eBGP redistribution of labeled IPv4 routes (the PE loopbacks) between ASBRs

The difference between this option and option B is that ASes now exchange the loopbacks of the PEs (source and destination) via eBGP sessions between ASBRs. This creates an end to end labeled switch path between source and destination PEs. The source and destination PEs then can set up multi-hop eBGP (directly, or via RR) to exchange VPN-IPv4 labeled routes . The ASBRs do not need to hold the VPN-IPv4 routes. This make the option most scalable.

Circuit Cross Connect (CCC)

In this lab, we will demonstrate CCC configuration between similar type interfaces.
– CCC to connect VLAN to VLAN
– CCC to connect VLAN at one end, and the whole physical Ethernet port at the other end.

CCC Topology – VLAN to VLAN

Configuration

lab@PE1# show

interfaces {
    ge-1/0/6 {
        vlan-tagging;
        encapsulation flexible-ethernet-services;
        /* CCC Vlan */
        unit 500 {
            description "ccc interface to SW1";
            encapsulation vlan-ccc;
            vlan-id 500;
        }
        /* VLPS Vlan can co-exist on the same physical */
        unit 600 {
            description "vpls interface to SW1";
            encapsulation vlan-vpls;
            vlan-id 600;
            family vpls;
        }
    }
}

protocols {
    rsvp {
        load-balance bandwidth;
        interface all;
    }
    mpls {
        label-switched-path PE1-to-PE2-LSP1 {
            to 10.1.1.22;
            bandwidth 200m;
            no-cspf;
            primary via-Ge1;
        }
        label-switched-path PE1-to-PE2-LSP2 {
            to 10.1.1.22;
            bandwidth 200m;
            no-cspf;
            primary via-Ge2;
        }
        label-switched-path CCC-PE1-to-PE2 {
            to 10.1.1.22;
            no-cspf;
            primary via-Ge1;
        }
        path via-Ge1 {
            10.10.101.2;
        }
        path via-Ge2 {
            10.10.102.2;
        }
        interface ge-1/0/7.0;
        interface ge-1/1/7.0;
    }
    bgp {
        local-as 65000;
        group PEs {
            type internal;
            local-address 10.1.1.11;
            family inet {
                unicast;
            }
            family inet-vpn {
                unicast;
            }
            family l2vpn {
                signaling;
            }
            neighbor 10.1.1.22;         
        }                               
    }                                   
    ospf {                              
        traffic-engineering;
        area 0.0.0.0 {
            interface ge-1/0/7.0 {
                interface-type p2p;
            }
            interface ge-1/1/7.0 {
                interface-type p2p;
            }
            interface lo0.0;
        }
    }
    connections {
        remote-interface-switch CCC-500 {
            interface ge-1/0/6.500;
            transmit-lsp CCC-PE1-to-PE2;
            receive-lsp CCC-PE2-to-PE1;
        }
    }
}

Verification

lab@PE1> show connections  
CCC and TCC connections [Link Monitoring On]
Legend for status (St)              Legend for connection types
UN -- uninitialized                 if-sw:  interface switching
NP -- not present                   rmt-if: remote interface switching
WE -- wrong encapsulation           lsp-sw: LSP switching
DS -- disabled                      tx-p2mp-sw: transmit P2MP switching
Dn -- down                          rx-p2mp-sw: receive P2MP switching
-> -- only outbound conn is up
 ping 10.50.50.21 source 10.50.50.1 rapid count 5  
PING 10.50.50.21 (10.50.50.21): 56 data bytes
!!!!!
--- 10.50.50.21 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.534/2.228/3.721/0.794 ms

lab@PE1> show mpls lsp statistics     
Ingress LSP: 3 sessions
To              From            State     Packets            Bytes LSPname
10.1.1.22       10.1.1.11       Up              0                0 PE1-to-PE2-LSP1
10.1.1.22       10.1.1.11       Up              0                0 PE1-to-PE2-LSP2
10.1.1.22       10.1.1.11       Up              5              510 CCC-PE1-to-PE2
Total 3 displayed, Up 3, Down 0

Egress LSP: 3 sessions
To              From            State     Packets            Bytes LSPname
10.1.1.11       10.1.1.22       Up             NA               NA PE2-to-PE1-LSP1
10.1.1.11       10.1.1.22       Up             NA               NA PE2-to-PE1-LSP2
10.1.1.11       10.1.1.22       Up              0                0 CCC-PE2-to-PE1
Total 3 displayed, Up 3, Down 0

Transit LSP: 0 sessions
Total 0 displayed, Up 0, Down 0

CCC Topology – VLAN to Port

Configuration

[edit]
lab@PE1# show interfaces ge-1/0/8                                                       
description "CCC Ethernet interface to SW1 ge-0/0/0";
encapsulation ethernet-ccc;
unit 0 {
    input-vlan-map {
        push;
        vlan-id 500;
    }
    output-vlan-map pop;
}

[edit]
lab@PE1# show protocols connections 
remote-interface-switch CCC-500 {
    interface ge-1/0/8.0;
    transmit-lsp CCC-PE1-to-PE2;
    receive-lsp CCC-PE2-to-PE1;
}

[edit]
lab@PE2# show interfaces ge-1/0/6        
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
/* CCC Vlan */
unit 500 {
    description "ccc vlan interface to SW2";
    encapsulation vlan-ccc;
    vlan-id 500;
}

[edit]
lab@PE2# show protocols connections 
remote-interface-switch CCC-500 {
    interface ge-1/0/6.500;
    transmit-lsp CCC-PE2-to-PE1;
    receive-lsp CCC-PE1-to-PE2;
}

Verification

lab@PE1> show connections 
CCC and TCC connections [Link Monitoring On]
Legend for status (St)              Legend for connection types
UN -- uninitialized                 if-sw:  interface switching
NP -- not present                   rmt-if: remote interface switching
WE -- wrong encapsulation           lsp-sw: LSP switching
DS -- disabled                      tx-p2mp-sw: transmit P2MP switching
Dn -- down                          rx-p2mp-sw: receive P2MP switching
-> -- only outbound conn is up
 show interfaces ge-1/0/8.0  
  Logical interface ge-1/0/8.0 (Index 355) (SNMP ifIndex 560)
    Flags: SNMP-Traps 0x0 VLAN-Tag In(push 0x8100.500) Out(pop)  Encapsulation: Ethernet-CCC
    Input packets : 6760 
    Output packets: 6866
    Protocol ccc, MTU: 1514
      Flags: Is-Primary

lab@SW1> ping 10.50.50.21 source 10.50.50.1 rapid count 5    
PING 10.50.50.21 (10.50.50.21): 56 data bytes
.....
--- 10.50.50.21 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

{master:0}
lab@SW1> clear arp 
10.50.50.21      deleted
10.50.50.22      deleted

{master:0}
lab@SW1> ping 10.50.50.21 source 10.50.50.1 rapid count 5    
PING 10.50.50.21 (10.50.50.21): 56 data bytes
.!!!!
--- 10.50.50.21 ping statistics ---
5 packets transmitted, 4 packets received, 20% packet loss
round-trip min/avg/max/stddev = 1.964/2.908/5.001/1.224 ms

lab@PE1> show mpls lsp statistics     
Ingress LSP: 3 sessions
To              From            State     Packets            Bytes LSPname
10.1.1.22       10.1.1.11       Up              0                0 PE1-to-PE2-LSP1
10.1.1.22       10.1.1.11       Up              0                0 PE1-to-PE2-LSP2
10.1.1.22       10.1.1.11       Up              5              510 CCC-PE1-to-PE2
Total 3 displayed, Up 3, Down 0

Load balancing VPLS traffic

In this post, we will demonstrate load balancing VPLS traffic using multiple LSP tunnels.

Topology

Configuration

[edit]
lab@PE1# 

interfaces {

    ge-1/0/7 {
        description "LINK - PE2 ge-1/0/7";
        unit 0 {
            family inet {
                address 10.10.101.1/24;
            }
            family mpls;
        }
    }

    ge-1/1/7 {
        description "LINK - PE2 ge-1/1/7";
        unit 0 {
            family inet {
                address 10.10.102.1/24;
            }
            family mpls;
        }
    }

    ge-1/0/6 {
        vlan-tagging;
        encapsulation flexible-ethernet-services;
        /* VLPS Vlan */
        unit 600 {
            description "vpls interface to SW1";
            encapsulation vlan-vpls;
            vlan-id 600;                
            family vpls;
        }
    }
}

protocols {
    rsvp {
        load-balance bandwidth;
        interface all;
    }
    mpls {
        label-switched-path PE1-to-PE2-LSP1 {
            to 10.1.1.22;               
            bandwidth 200m;
            no-cspf;
            primary via-Ge1;
        }
        label-switched-path PE1-to-PE2-LSP2 {
            to 10.1.1.22;
            bandwidth 200m;
            no-cspf;
            primary via-Ge2;
        }
        path via-Ge1 {
            10.10.101.2;
        }
        path via-Ge2 {
            10.10.102.2;
        }
        interface ge-1/0/7.0;
        interface ge-1/1/7.0;
    }
    bgp {
        local-as 65000;
        group PEs {
            type internal;
            local-address 10.1.1.11;
            family inet {
                unicast;
            }
            family inet-vpn {
                unicast;
            }
            family l2vpn {
                signaling;
            }
            neighbor 10.1.1.22;
        }
    }
    ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface ge-1/0/7.0 {
                interface-type p2p;     
            }
            interface ge-1/1/7.0 {
                interface-type p2p;
            }
            interface lo0.0;
        }
    }
}

routing-instances {
    VPLS-1 {
        instance-type vpls;             
        interface ge-1/0/6.600;
        route-distinguisher 10.1.1.11:11;
        vrf-target target:65000:100;
        protocols {
            vpls {
                site-range 10;
                site Site1 {
                    site-identifier 1;
                }
            }
        }
    }
}

policy-options {
    policy-statement per-flow-load-balance {
        then {
            load-balance per-packet;
        }
    }
}

routing-options {
    forwarding-table {
        export per-flow-load-balance;
    }
}

Verification

Behaviour on different Junos version may be different. Note that on MX5, the load-balancing is supported under forwarding-options enhanced-hash-key configuration, rather than hash-key. In fact, we need to remove all the hash-key config, otherwise, the behaviour is not expected. By default load-balancing is already supported on MX5.

The following command is useful to confirm the hash key configuration:

lab@PE1> request pfe execute command "show jnh lb" target tfeb0 
SENT: Ukern command: show jnh lb
GOT:
GOT: Unilist Seed Configured 0x8bce4c39 System Mac address 00:00:00:00:00:00
GOT: Hash Key Configuration: 0x0000000000e00000 0xffffffffffffffff
GOT:            IIF-V4: No
GOT:          SPORT-V4: Yes
GOT:          DPORT-V4: Yes
GOT:               TOS: No
GOT:
GOT:            IIF-V6: No
GOT:          SPORT-V6: Yes
GOT:          DPORT-V6: Yes
GOT:     TRAFFIC_CLASS: No
GOT:
GOT:          IIF-MPLS: No
GOT:      MPLS_PAYLOAD: Yes
GOT:          MPLS_EXP: No
GOT:
GOT:       IIF-BRIDGED: No
GOT:     MAC ADDRESSES: Yes
GOT:     ETHER_PAYLOAD: Yes
GOT:      802.1P OUTER: No
GOT:
GOT: Services Hash Key Configuration:
GOT:          SADDR-V4: No
GOT:            IIF-V4: No
GOT:
LOCAL: End of file

lab@PE1> show mpls lsp statistics    
Ingress LSP: 3 sessions
To              From            State     Packets            Bytes LSPname
10.1.1.22       10.1.1.11       Up           1284           130968 PE1-to-PE2-LSP1
10.1.1.22       10.1.1.11       Up           1208           123216 PE1-to-PE2-LSP2
Total 3 displayed, Up 3, Down 0

Egress LSP: 3 sessions
To              From            State     Packets            Bytes LSPname
10.1.1.11       10.1.1.22       Up             NA               NA PE2-to-PE1-LSP1
10.1.1.11       10.1.1.22       Up             NA               NA PE2-to-PE1-LSP2
Total 3 displayed, Up 3, Down 0

Transit LSP: 0 sessions
Total 0 displayed, Up 0, Down 0

lab@PE1> monitor label-switched-path PE1-to-PE2-LSP2 

To 10.1.1.22, From 10.1.1.11, state: Up
  LSPname: PE1-to-PE2-LSP2, type: Ingress
  Label in: -, Label out: 3
  Port number: sender 4, receiver 7368, protocol 0
  Record Route:  10.10.102.2

  Traffic statistics:                      pps/bps
    Output packets:            38813             0
    Output bytes:            3958926             0

MPLS L3VPN

In this post, we are going to configure and verify a simple L3 VPN.

On all P routers

Enable the following protocols: OSPF (with Traffic Engineering for CSPF), MPLS, RSVP or LDP. Enable MPLS on interfaces.

p1@VR:p1> show configuration 
interfaces {
    lt-0/0/10 {
        unit 12 {
            description P1->P2;
            encapsulation ethernet;
            peer-unit 21;
            family inet {
                address 172.22.201.1/24;
            }
            family mpls;
        }
        unit 110 {
            description P1->PE1;
            encapsulation vlan;
            vlan-id 210;
            peer-unit 101;
            family inet {
                address 172.22.210.2/24;
            }
            family mpls;
        }
    }
    lo0 {                               
        unit 1 {
            family inet {
                address 192.168.5.1/32;
            }
        }
    }
}

protocols {
    rsvp {
        interface all;
    }
    mpls {
        no-cspf;
        interface all;
    }
    ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface all;
        }
    }
    /* Not required if PE and P already run RSVP */
    ldp {
        interface all;
    }
}

Verification the basic MPLS operation with the following commands

show ospf neighbor
show route protocol ospf 
show mpls interface
show mpls lsp
show rsvp interface
show rsvp session
show rsvp neighbor

Note that we only see RSVP active sessions. In addition, RSVP neighbours only show up after we configure LSPs.

On PE routers

Enable protocols similar to P routers (OSPF with Traffic Engineering, MPLS, RSVP or LDP. Remember to enable MPLS on interfaces.)

[edit]
pe1@VR:pe1# show

interfaces {
    lt-0/0/10 {
        unit 101 {
            description PE1->P1;
            encapsulation vlan;
            vlan-id 210;
            peer-unit 110;
            family inet {
                address 172.22.210.1/24;
            }
            family mpls;
        }
    }
}

protocols {
    rsvp {
        interface lt-0/0/10.101;
        interface lt-0/0/10.104;
    }
    mpls {
        interface lt-0/0/10.101;
        interface lt-0/0/10.104;
    }                                   
   ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface lt-0/0/10.101;
            interface lt-0/0/10.104;
            interface lo0.10;
        }
    }
}

In addition, we need to configure BGP for MP-BGP route exchange. Note that the standard BGP is not required for L3VPN operation.

protocols {
    bgp {                               
        group PE {
            type internal;
            local-address 192.168.1.1;

            /* Family inet is not required for L3VPN */
            inactive: family inet {
                unicast;
            }

            family inet-vpn {
                unicast;
            }
            neighbor 192.168.1.2;
        }
    }
}

routing-options {                       
    router-id 192.168.1.1;              
    route-distinguisher-id 192.168.1.1; 
    autonomous-system 65512;            
}

Establish RSVP LSPs between PEs.

(Alternatively, LDP can be used to exchange labels, instead of RSVP).

[edit protocols mpls]
pe1@VR:pe1# show 
label-switched-path PE1-TO-PE2 {
    to 192.168.1.2;
}

Verify LSPs.

pe1@VR:pe1> show mpls lsp              
Ingress LSP: 1 sessions
To              From            State Rt P     ActivePath       LSPname
192.168.1.2     192.168.1.1     Up     0 *                      PE1-TO-PE2
Total 1 displayed, Up 1, Down 0

Egress LSP: 1 sessions
To              From            State   Rt Style Labelin Labelout LSPname 
192.168.1.1     192.168.1.2     Up       0  1 FF       3        - PE2-TO-PE1
Total 1 displayed, Up 1, Down 0

Transit LSP: 0 sessions
Total 0 displayed, Up 0, Down 0

pe1@VR:pe1> show route table inet.3   

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.1.2/32     *[RSVP/7/1] 00:01:50, metric 4
                    > to 172.22.210.2 via lt-0/0/10.101, label-switched-path PE1-TO-PE2

Verify MPLS connectivity using MPLS ping

pe1@VR:pe1> ping mpls rsvp PE1-TO-PE2    
!!!!!
--- lsping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss

Configure L3 VPN instance

pe1@VR:pe1# show routing-instances 
CUSTOMER-A {
    instance-type vrf;
    /* Assign Customer WAN interface to VRF */
    interface lt-0/0/10.1011;
    route-distinguisher 192.168.1.1:123;
    vrf-target target:65512:123;
    /* Note this command - No prefixes are exchanged unless this command is enabled */
    vrf-table-label;
}

/* Enable routing protocol, e.g. BGP with Customer CE */
protocols {
    bgp {
        group CE1 {
            type external;
            peer-as 65101;
            neighbor 10.0.10.2;
        }
    }
}

Verification

pe1@VR:pe1> show route receive-protocol bgp 10.0.10.2              

inet.0: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

CUSTOMER-A.inet.0: 13 destinations, 14 routes (13 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  10.0.10.0/24            10.0.10.2                               65101 I
* 172.10.0.0/24           10.0.10.2                               65101 I
* 172.10.1.0/24           10.0.10.2                               65101 I
* 172.10.2.0/24           10.0.10.2                               65101 I
* 172.10.3.0/24           10.0.10.2                               65101 I
* 192.168.11.1/32         10.0.10.2                               65101 I

CE1.inet.0: 13 destinations, 18 routes (13 active, 0 holddown, 5 hidden)

mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

bgp.l3vpn.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

pe1@VR:pe1> show route advertising-protocol bgp 192.168.1.2        

CUSTOMER-A.inet.0: 13 destinations, 14 routes (13 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.0.10.0/24            Self                         100        I
* 172.10.0.0/24           Self                         100        65101 I
* 172.10.1.0/24           Self                         100        65101 I
* 172.10.2.0/24           Self                         100        65101 I
* 172.10.3.0/24           Self                         100        65101 I
* 192.168.11.1/32         Self                         100        65101 I

pe1@VR:pe1> show route receive-protocol bgp 10.0.10.1              

inet.0: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

CUSTOMER-A.inet.0: 13 destinations, 14 routes (13 active, 0 holddown, 0 hidden)

CE1.inet.0: 13 destinations, 18 routes (13 active, 0 holddown, 5 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.0.11.0/24            10.0.10.1                               65512 I
* 172.10.4.0/24           10.0.10.1                               65512 65512 I
* 172.10.5.0/24           10.0.10.1                               65512 65512 I
* 172.10.6.0/24           10.0.10.1                               65512 65512 I
* 172.10.7.0/24           10.0.10.1                               65512 65512 I
* 192.168.11.2/32         10.0.10.1                               65512 65512 I

mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

bgp.l3vpn.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

pe1@VR:pe1> show route receive-protocol bgp 10.0.10.1 table CE1 extensive 

CE1.inet.0: 13 destinations, 18 routes (13 active, 0 holddown, 5 hidden)
* 10.0.11.0/24 (1 entry, 1 announced)
     Accepted
     Nexthop: 10.0.10.1
     AS path: 65512 I
     Communities: target:65512:123

* 172.10.4.0/24 (1 entry, 1 announced)
     Accepted
     Nexthop: 10.0.10.1
     AS path: 65512 65512 I
     Communities: target:65512:123

* 172.10.5.0/24 (1 entry, 1 announced)
     Accepted
     Nexthop: 10.0.10.1
     AS path: 65512 65512 I
     Communities: target:65512:123

* 172.10.6.0/24 (1 entry, 1 announced)
     Accepted
     Nexthop: 10.0.10.1
---(more)---

Ping from CE1 to CE2

pe1@VR:pe1> ping 192.168.11.2 source 192.168.11.1 routing-instance CE1 rapid count 5
PING 192.168.11.2 (192.168.11.2): 56 data bytes
!!!!!
--- 192.168.11.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.439/5.810/26.980/10.586 ms