Page 2 Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Page 3 REGARDING LICENSE TERMS. 1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks (Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referred to herein as “Juniper”), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable...
Page 4 Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license. Copyright © 2010, Juniper Networks, Inc.
Page 5 (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA http://www.gnu.org/licenses/gpl.html...
Page 33: About The Documentation
Audience This guide is intended for experienced system and network specialists working with Juniper Networks E Series Broadband Services Routers in an Internet access environment. E Series and JunosE Text and Syntax Conventions Table 1 on page xxxiv defines notice icons used in this documentation.
Page 34: Table 1: Notice Icons
Indicates that you must press two or more Press Ctrl + b. keys simultaneously. Syntax Conventions in the Command Reference Guide Plain text like this Represents keywords. terminal length Italic text like this Represents variables. mask, accessListName xxxiv Copyright © 2010, Juniper Networks, Inc.
Page 35: Obtaining Documentation
CD-ROMs or DVD-ROMs, see the Portable Libraries page at http://www.juniper.net/techpubs/resources/index.html Copies of the Management Information Bases (MIBs) for a particular software release are available for download in the software image bundle from the Juniper Networks Web site at http://www.juniper.net/...
Page 36: Self-Help Online Tools And Resources
7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: http://www.juniper.net/customers/support/...
Page 39: Configuring Bgp Routing
Certain terms used with BGP, such as the names of attributes and messages, are typically expressed in all uppercase letters in the RFCs. For improved readability, those terms are represented in lowercase in this chapter. Table 3 on page 4 lists the terms and their variant spellings. Copyright © 2010, Juniper Networks, Inc.
Page 40: Table 3: Conventions For Bgp Terms
LOCAL_PREF multiexit discriminator or MED MULTI_EXIT_DISC new-as-path NEW_AS_PATH new-aggregator NEW_AGGREGATOR next-hop or next hop NEXT_HOP no-advertise NO_ADVERTISE no-export NO_EXPORT no-export-subconfed NO_EXPORT_SUBCONFED notification NOTIFICATION open OPEN origin ORIGIN originator-ID ORIGINATOR_ID route-refresh ROUTE-REFRESH update UPDATE Copyright © 2010, Juniper Networks, Inc.
Page 41: Autonomous Systems
Figure 1: BGP Peers BGP Session When two BGP speakers have both been configured to be BGP peers of each other, they will establish a BGP session to exchange routing information. A BGP session is simply a Copyright © 2010, Juniper Networks, Inc.
Page 42: Ibgp And Ebgp
BGP speakers. EBGP sessions typically exist between peers that are physically connected. Figure 2 on page 6 shows an example of the exchange of information between routers running IBGP and EBGP across multiple ASs. Figure 2: Internal and External BGP Copyright © 2010, Juniper Networks, Inc.
Page 43: Interior Gateway Protocols
Update messages—The update message is the most important message in the BGP protocol. A BGP speaker sends update messages to announce routes to prefixes that it can reach and to withdraw routes to prefixes that it can no longer reach. Copyright © 2010, Juniper Networks, Inc.
Page 44: Table 4: Cease Notification Message Subcodes
The messages contain a request for the peer to resend its routes to the router. This feature enables the BGP speaker to apply modified or new policies to the routes when it receives them again. Copyright © 2010, Juniper Networks, Inc.
Page 45: Bgp Route
CIDR enables you to aggregate multiple classful addresses into a single classless advertisement, reducing the number of advertisements that must be made to provide full access to all the addresses. Suppose an ISP has customers with the following addresses: 192.168.128.0 192.168.129.0 192.168.130.0 192.168.131.0 Copyright © 2010, Juniper Networks, Inc.
Page 46: Figure 4: Routing Without Cidr
Without CIDR, the ISP has to advertise a route to each address, as shown in Figure 4 on page 10. Figure 4: Routing Without CIDR With CIDR, the ISP can aggregate the routes as 192.168.128.0/17 and advertise a single address to that prefix, as shown in Figure 5 on page 11. Copyright © 2010, Juniper Networks, Inc.
Page 47: Path Attributes
If a BGP speaker aggregates routes that have differing path attributes, it includes the atomic-aggregate attribute with the aggregated prefix to inform update recipients that they must not deaggregate the prefix. A BGP speaker Copyright © 2010, Juniper Networks, Inc.
Page 48: Transit And Nontransit Service
ISP 1 does not permit traffic between ISP 2 and ISP 3 to cross its backbone. If ISP 1 permits such traffic, it squanders its own resources with no benefit to its customers or itself. Copyright © 2010, Juniper Networks, Inc.
Page 49: Ipv6 Bgp Support
When a BGP speaker receives a BGP update message carrying IPv6 feasible routes, the speaker resolves the announced IPv6 BGP next hop by performing a route lookup to the IPv6 address in the IPv6 route table. Copyright © 2010, Juniper Networks, Inc.
Page 50: Exchange Of Ipv6 Routing Information Over Tcp Ipv6
Platform Considerations For information about modules that support BGP on the ERX7xx models, ERX14xx models, and the Juniper Networks ERX310 Broadband Services Router: See ERX Module Guide, Table 1, Module Combinations for detailed module specifications. See ERX Module Guide, Appendix A, Module Protocol Support for information about the modules that support BGP.
Page 51: References
Chapter 1: Configuring BGP Routing For information about modules that support BGP on Juniper Networks E120 and E320 Broadband Services Routers: See E120 and E320 Module Guide, Table 1, Modules and IOAs for detailed module specifications. See E120 and E320 Module Guide, Appendix A, IOA Protocol Support for information about the modules that support BGP.
Page 52: Features
Web site at http://www.ietf.org for the latest drafts. Features Some of the more important BGP features supported by the E Series router are the following: Access lists Advertisement intervals Aggregation BGP/MPLS VPNs Communities Confederations EBGP multihop IBGP single hop Copyright © 2010, Juniper Networks, Inc.
Page 53: Before You Configure Bgp
If you configure an attribute both for a peer group and for a peer, the peer configuration takes precedence for that peer, but does not affect other members of that peer group. Copyright © 2010, Juniper Networks, Inc.
Page 54: Enabling Bgp Routing
BGP commands can be sorted into the following categories, each of which has a different scope; that is, each configures parameters within a different area of applicability. Individual command descriptions in this chapter and in “Configuring BGP-MPLS Applications” on page 385, provide more information about command behavior. Copyright © 2010, Juniper Networks, Inc.
Page 55: Table 5: Commands Affecting Bgp Globally
The commands listed in Table 7 on page 19 configure parameters only for the current address family context. Table 7: Commands Affecting the Current Address Family address family disable-dynamic-redistribute aggregate-address external-paths auto-summary ip route-type Copyright © 2010, Juniper Networks, Inc.
Page 56: Table 8: Commands Affecting All Address Families For The Specified Peer Or
The commands listed in Table 9 on page 21 configure parameters separately for each address family exchanged over the BGP session. If you configure these parameters for Copyright © 2010, Juniper Networks, Inc.
Page 57: Inheritance Of Configuration Values
Table 10 on page 22, based on whether the command enables a feature or sets parameters, the levels at which it behaves, and how the no version of the command compares with the default version. Copyright © 2010, Juniper Networks, Inc.
Page 58: Table 10: Behavior Of Neighbor Commands
Some of the commands in Table 10 on page 22 inherit global values set by other commands. Table 11 on page 22 describes the relationship between these commands. Table 11: Inheritance from Other Commands Category B Command Inherits Global Values Set By neighbor default-originate default-information originate Copyright © 2010, Juniper Networks, Inc.
Page 59 The no command disables inbound soft-reconfiguration for peer 10.19.7.8, overriding the configuration of the peer group to which the peer 10.19.7.8 belongs. The configuration of an individual peer takes precedence over the configuration of the peer group to which the peer belongs. Copyright © 2010, Juniper Networks, Inc.
Page 60: Limitations On Inheritance
All BGP peers that are members of the same peer group must send essentially the same updates. Accordingly, all members of a peer group must be the same kind of peer; that is, all must be internal peers, all must be external peers, or all must be confederation peers. Copyright © 2010, Juniper Networks, Inc.
Page 61: Setting The Bgp Identifier
To use the new BGP identifier for sessions already in the established state, you must use the clear ip bgp command to perform a hard clear. Use the no version to restore the router ID as the BGP identifier. See bgp router-id Copyright © 2010, Juniper Networks, Inc.
Page 62: Configuring Neighbors
If you specify a BGP peer group by using the peerGroupName argument, all the members of the peer group inherit the characteristic configured with this command unless it is overridden for a specific peer. This command takes effect immediately. Copyright © 2010, Juniper Networks, Inc.
Page 63: Configuring Bgp Peer Groups
By default, peers and peer groups exist in the unicast IPv4 address family and exchange unicast IPv4 addresses. For information on configuring and activating BGP peer groups within address families, see “Configuring the Address Family” on page 43. Copyright © 2010, Juniper Networks, Inc.
Page 64: Setting The Peer Type
Setting the Peer Type Each peer group must have a peer type before any BGP sessions for members of that peer group are allowed to come up and before the Adj-RIBs-Out table of that peer group Copyright © 2010, Juniper Networks, Inc.
Page 65: Assigning A Description
If you specify a BGP peer group by using the peerGroupName argument, all the members of the peer group inherit the characteristic configured with this command unless it is overridden for a specific peer. Copyright © 2010, Juniper Networks, Inc.
Page 66: Logging Neighbor State Changes
By default, BGP uses the IP address of the outgoing interface toward the peer as the source IP address for the TCP connection over which the BGP session runs. If the outgoing interface goes down, the BGP session is dropped because the IP source address is no Copyright © 2010, Juniper Networks, Inc.
Page 67: Table 13: Source Addresses And Default Next Hop Addresses For Various Configurations
Prefixes Prefixes IPv4 neighbor address IPv4 source address IPv4 source address IPv4 source address IPv4 source address mapped to an IPv6 address IPv4 neighbor address IPv6 source address Not allowed Not allowed Not allowed Copyright © 2010, Juniper Networks, Inc.
Page 68: Specifying Peers That Are Not Directly Connected
In Figure 12 on page 33, router Boston and router LA are connected together through router NY, rather than by a direct connection. Routers Boston and LA are configured as Copyright © 2010, Juniper Networks, Inc.
Page 69: Figure 12: Using Ebgp-Multihop
Use the no version to return BGP to halt acceptance of such routers. Use the default version to remove the explicit configuration from the peer or peer group and reestablish inheritance of the feature configuration. See neighbor ebgp-multihop Copyright © 2010, Juniper Networks, Inc.
Page 70: Specifying A Single-Hop Connection For Ibgp Peers
By default, BGP checks the maximum prefix limit only against accepted routes. You can specify the strict keyword to force BGP to check the maximum prefix against all Copyright © 2010, Juniper Networks, Inc.
Page 71: Removing Private As Numbers From Updates
Use the no version to halt the removal of private AS numbers in updates sent to external peers. Use the default version to remove the explicit configuration from the peer or peer group and reestablish inheritance of the feature configuration. See neighbor remove-private-as Copyright © 2010, Juniper Networks, Inc.
Page 72: Checking As Path Length
10.23.40.3/32 172.123.23.2 100 211 32 15 10.23.40.4/32 192.168.13.1 100 211 32 > 10.23.40.4/32 172.123.23.2 100 211 32 15 67 > 10.23.40.5/32 192.168.13.1 100 211 10.23.40.5/32 172.123.23.2 100 211 32 15 67 44 (too long) Copyright © 2010, Juniper Networks, Inc.
Page 73: Enabling Md5 Authentication On A Tcp Connection
BGP session between them. Similarly, if the two routers have different passwords configured, a message appears on the console indicating that this condition exists. Copyright © 2010, Juniper Networks, Inc.
Page 74: Setting The Maximum Size Of Update Messages
If you do not issue this command, the BGP session is not brought down in the event of a link failure until the TCP connection fails or the hold timer expires. This command takes effect immediately. Copyright © 2010, Juniper Networks, Inc.
Page 75: Setting Timers
To force sessions that are already established to use the new timer values, you must use the clear ip bgp command to perform a hard clear. Copyright © 2010, Juniper Networks, Inc.
Page 76: Automatic Summarization Of Routes
Use the no version to reenable a neighbor or peer group that was previously shut down. Use the default version to remove the explicit configuration from the peer or peer group and reestablish inheritance of the feature configuration. See neighbor shutdown. Copyright © 2010, Juniper Networks, Inc.
Page 77: Configuring Bgp For Overload Conditions
The full set of attributes for each route is not stored in the peer Adj-RIBs-Out table. After enabling rib-out for a peer, you can issue the show ip bgp neighbors advertised-routes command to display the routes that have been advertised to the peer. Copyright © 2010, Juniper Networks, Inc.
Page 78: Effects Of Changing Outbound Policies
NOTE: You cannot change outbound policy for an individual peer group member. You can change outbound policy only for a peer group as a whole or for peers that are not members of a peer group. neighbor rib-out disable Copyright © 2010, Juniper Networks, Inc.
Page 79: Configuring The Address Family
See rib-out disable. Configuring the Address Family The BGP multiprotocol extensions specify that BGP can exchange information within different types of address families. The JunosE BGP implementation defines the following different types of address families: Copyright © 2010, Juniper Networks, Inc.
Page 80 2 NLRI for a specified VPWS instance. For a description of VPWS, see “Configuring VPWS” on page 659. Any command issued outside the context of an address family applies to the unicast IPv4 address family by default. Copyright © 2010, Juniper Networks, Inc.
Page 81 This command takes effect immediately. Examples host1:vr1(config-router)#address-family ipv4 multicast host1:vr1(config-router)#address-family ipv4 unicast host1:vr1(config-router)#address-family ipv4 unicast vrf vr2 host1:vr1(config-router)#address-family vpn4 unicast host1:vr1(config-router)#address-family ipv6 unicast Use the no version to disable the exchange of a type of prefix. See address-family. Copyright © 2010, Juniper Networks, Inc.
Page 83: Enabling Lenient Behavior
BGP automatically creates a dynamic peer when a peer group member accepts the incoming BGP connection. Dynamic peers are passive, meaning that when they are not in the established state, they will accept inbound connections but they will not initiate Copyright © 2010, Juniper Networks, Inc.
Page 84 BGP generates a log message whenever a dynamic peer is created, rejected because the maximum has been reached, or removed. BGP maintains counters for each peer group for the current number of dynamic peers, the highest number of concurrent dynamic Copyright © 2010, Juniper Networks, Inc.
Page 85 All the members of the peer group inherit the characteristic configured with this command. It cannot be overridden for a specific peer, because the command applies only to peer groups. Example host1(config-router)#neighbor promispeers allow remotelist1 max-peers 1023 Copyright © 2010, Juniper Networks, Inc.
Page 86: Configuring Passive Peers
Each BGP speaker advertises to its peers the routes to prefixes that it can reach. These routes include: Routes to prefixes originating within the speaker’s AS Routes redistributed from another protocol, including static routes Copyright © 2010, Juniper Networks, Inc.
Page 87: Prefixes Originating In An As
Use to specify the prefixes in its AS that the BGP speaker advertises. BGP advertises the specified prefix only if a non-BGP route to the prefix exists in the IP forwarding table. If the non-BGP route does not exist when you issue the network Copyright © 2010, Juniper Networks, Inc.
Page 88: Advertising Best Routes
The behavior enabled by this command is the default behavior for the E Series router running software releases lower than 5.0.0. Copyright © 2010, Juniper Networks, Inc.
Page 89: Redistributing Routes Into Bgp
Figure 14: Redistributing Routes into BGP clear bgp ipv6 redistribution clear ip bgp redistribution Use to reapply policy to routes that have been redistributed into BGP. This command takes effect immediately. Copyright © 2010, Juniper Networks, Inc.
Page 90: Redistributing Routes From Bgp
If you have redistributed routes from BGP into an IGP, by default only EBGP routes are redistributed. You can issue the bgp redistribute-internal command followed by clearing all BGP sessions to permit the redistribution of IBGP routes in addition to EBGP routes. Copyright © 2010, Juniper Networks, Inc.
Page 91: Configuring A Default Route
IP forwarding table. In Figure 15 on page 56, router NY originates the default route 0.0.0.0/0 to router Albany only. Router Chicago does not receive the default route. Copyright © 2010, Juniper Networks, Inc.
Page 92: Redistributing Default Routes
Policy specified by a route map with the default-information originate command is applied at the same time as the policy for redistributed routes, before any outbound policy for peers. Example host1(config)#router bgp 100 host1(config-router)#default-information originate Copyright © 2010, Juniper Networks, Inc.
Page 93: Setting A Static Default Route
37 host3(config-router)#network 172.25.122.0 mask 255.255.254.0 host3(config-router)#neighbor 10.24.5.3 remote-as 21 Figure 16: Setting a Static Default Route ip route Use to establish static routes. Use the no version to remove static routes. See ip route. Copyright © 2010, Juniper Networks, Inc.
Page 94: Setting The Minimum Interval Between Routing Updates
You aggregate IPv4 routes by specifying the aggregate IP address, and IPv6 routes by specifying the aggregate IPv6 prefix. Copyright © 2010, Juniper Networks, Inc.
Page 95: Figure 17: Configuring Aggregate Addresses
AS numbers traversed by the summarized paths. The AS-Set is enclosed within curly brackets; for example, {3, 2}. Each AS number appears only once, even if it appears in more than one of the original paths. If you use the as-set option, the atomic-aggregate Copyright © 2010, Juniper Networks, Inc.
Page 96 IP mask (mask). For IPv6 routes, you must specify an aggregate IPv6 prefix (ipv6Prefix). The optional as-set keyword preserves path information by creating an AS-Set that contains all the AS numbers traversed by the aggregated routes. Copyright © 2010, Juniper Networks, Inc.
Page 97: Advertising Inactive Routes
IP will use the static route rather than the BGP received route for forwarding traffic to that prefix. The BGP received route is inactive and is not advertised to peers. You can use the bgp advertise-inactive command to enable the advertisement of inactive received routes. bgp advertise-inactive Copyright © 2010, Juniper Networks, Inc.
Page 99: Advertising Ipv4 Routes Between Ipv6 Bgp Peers
BGP routing table. BGP conditional advertisement is supported in only the following address families: Unicast IPv4 Unicast IPv6 Multicast IPv4 Multicast IPv6 Copyright © 2010, Juniper Networks, Inc.
Page 100 The route maps referenced by the neighbor advertise-map command must include a match ip-address clause. You can also include additional match clauses. All match Copyright © 2010, Juniper Networks, Inc.
Page 101: Advertising A Route Only When Another Route Is Present
Alternatively, if the route to prefix 172.24.20.0 has been installed in the BGP routing table on router 2, then router 2 advertises to router 1 the route to prefix 10.10.30.0. In this case, the route does not have to be learned from router 3. Copyright © 2010, Juniper Networks, Inc.
Page 102: Figure 18: Advertising A Route When Another Route Is Present
10.10.30.0 0.0.0.255 host1(config)#route-map alternatetoR1 permit 10 host1(config-route-map)#match ip address test host1(config-route-map)#exit !Configure route map to match alternate route from R3 host1(config)#access-list check permit 172.24.20.0 0.0.0.255 host1(config)#route-map trigger2 permit 10 host1(config-route-map)#match ip address check host1(config-route-map)#exit Copyright © 2010, Juniper Networks, Inc.
Page 103: Advertising A Route Only When Another Route Is Absent
Figure 19: Advertising a Route When Another Route is Absent The following commands configure router R2: host1(config)#router bgp 200 host1(config-router)#neighbor peergroup1 peer-group host1(config-router)#neighbor peergroup1 remote-as 100 host1(config-router)#neighbor 10.6.6.2 peer-group peergroup1 host1(config-router)#neighbor 10.7.3.2 peer-group peergroup1 Copyright © 2010, Juniper Networks, Inc.
Page 104: Advertising A Default Route Only When Another Route Is Present
IGP prefix. Because conditional advertisement tracks the BGP routing table rather than the IP routing table, the prefixes that govern the advertisement (the conditional prefixes) must be present in the BGP routing table. In Copyright © 2010, Juniper Networks, Inc.
Page 105: Figure 20: Advertising A Default Route When Another Route Is Present
10 host1(config-route-map)#match ip address prefix-list test-default host1(config-route-map)#exit host1(config)#route-map outbound deny 10 host1(config-route-map)#match ip address prefix-list test-default host1(config-route-map)#exit host1(config)#route-map outbound permit 20 host1(config-route-map)#exit host1(config)#router bgp 200 host1(config-router)#neighbor 10.12.12.2 remote-as 300 host1(config-router)#network 172.55.55.0/24 host1(config-router)#aggregate-address 172.55.0.0/16 summary-only Copyright © 2010, Juniper Networks, Inc.
Page 106: Configuring Bgp Routing Policy
Table 14 on page 70. Table 14: Commands That Create Match-and-Set Route Maps aggregate-address attribute-map global import map bgp dampening route-map neighbor route-map in export map neighbor route-map out import map redistribute route-map global export map table-map Copyright © 2010, Juniper Networks, Inc.
Page 107: Table 15: Clauses Supported In Bgp Match-And-Set Route Maps
Table 17: Clauses Not Supported in BGP Route Maps set automatic-tag set level set distance set route-type match as-path Use to match an AS-path access list. The implemented weight is based on the first matched AS path. Copyright © 2010, Juniper Networks, Inc.
Page 108 10 host1(config-route-map)#match extcommunity topeka10 Use the no version to remove the match clause from a route map or a specified value from the match clause. See match extcommunity. match ip address Copyright © 2010, Juniper Networks, Inc.
Page 109 Use the no version to delete the match clause from a route map or a specified value from the match clause. See match metric. match metric-type Use to match a route for the specified metric type. Example Copyright © 2010, Juniper Networks, Inc.
Page 110 However, you cannot configure a member of a peer group to override the inherited peer group characteristic for outbound policy. New policy values are applied to all routes that are sent (outbound policy) or received (inbound policy) after you issue the command. Copyright © 2010, Juniper Networks, Inc.
Page 112 BGP confederation boundary Alternatively, you can use the list keyword to specify the name of a community list that you previously created with the ip community-list command. Copyright © 2010, Juniper Networks, Inc.
Page 113 On outbound route maps, disables the next hop calculation by setting the next hop to the IP address of the BGP speaker On inbound route maps, overrides any third-party next-hop configuration by setting the next hop to the IP address of the peer Copyright © 2010, Juniper Networks, Inc.
Page 114 IGP cost of the next hop of the advertised route. If the cost of the next hop changes, BGP is not forced to readvertise the route. For BGP, you can specify the following: Copyright © 2010, Juniper Networks, Inc.
Page 115 Example host1(config)#route-map nyc1 permit 10 host1(config-route-map)#set weight 200 Use the no version to delete the set clause from a route map. See set weight. Copyright © 2010, Juniper Networks, Inc.
Page 116: Applying Table Maps
Use to apply a policy to BGP routes about to be added to the IP routing table. The route map can include any of the clauses listed in Table 18 on page 80. Copyright © 2010, Juniper Networks, Inc.
Page 117 O- OSPF, E1- external type 1, E2- external type2, N1- NSSA external type1, N2- NSSA external type2 Prefix/Length Type Next Hop Dist/Met Intf ------------------ ------- --------------- -------------- ------------ Copyright © 2010, Juniper Networks, Inc.
Page 118: Access Lists
Figure 21: Filtering with Access Lists The following commands configure router Boston to apply access list reject1 to routes inbound from router SanJose. Access list reject1 rejects routes matching 172.24.160.0/19. host3(config)#router bgp 17 host3(config-router)#neighbor 10.5.5.4 remote-as 873 Copyright © 2010, Juniper Networks, Inc.
Page 119: Figure 22: Filtering Routes With An Access List
Use the no version to delete an IP access list or the specified entry in the access list. See access-list. clear access-list Use to clear IP access list counters. Each access list has a counter for its entries. Copyright © 2010, Juniper Networks, Inc.
Page 120 However, you cannot configure a member of a peer group to override the inherited peer group characteristic for outbound policy. Example host1(config-router)#neighbor 192.168.1.158 prefix-list seoul19 in Copyright © 2010, Juniper Networks, Inc.
Page 121 IPv6 prefix trees are not supported, Therefore you can specify an IPv6 address with this command only within the IPv4 address family and when you want to advertise IPv4 routes to IPv6 peers. Use the no version to remove the prefix tree. See neighbor prefix-tree. Copyright © 2010, Juniper Networks, Inc.
Page 122: Filtering As Paths With A Filter List
Accept routes originated in AS 11 only if they pass directly to router London Forward routes from AS 282 to AS 435 only if they pass through either AS 621 or AS 11, but not both AS 621 and AS 11 Copyright © 2010, Juniper Networks, Inc.
Page 123: Figure 24: Assigning A Filter List
Consider the following commands used to configure router Chicago in Figure 24 on page 87: host1(config)#router bgp 293 host1(config-router)#neighbor 10.5.5.2 remote-as 32 host1(config-router)#neighbor 10.5.5.2 filter-list 1 in host1(config-router)#neighbor 10.2.2.4 remote-as 17 host1(config-router)#exit host1(config)#ip as-path access-list 1 deny ^32$ Figure 24: Assigning a Filter List Copyright © 2010, Juniper Networks, Inc.
Page 124 You cannot merely perform a hard clear or outbound soft clear for individual peer group members because that causes BGP to resend only the contents of the Adj-RIBs-Out table. Copyright © 2010, Juniper Networks, Inc.
Page 125: Filtering As Paths With A Route Map
10 host1(config-route-map)#match as-path dog1 host1(config-route-map)#set weight 175 host1(config-route-map)#exit host1(config)#ip as-path access-list dog1 permit _32$ host1(config)#ip as-path access-list dog1 permit _837$ host1(config)#route-map alpha permit 20 host1(config-route-map)#match as-path dog2 host1(config-route-map)#exit host1(config)#ip as-path access-list dog2 permit .* Copyright © 2010, Juniper Networks, Inc.
Page 126: Configuring The Community Attribute
Advertises this route to the Internet community; by default, all prefixes are members of the Internet community In addition to the well-known communities, you can define local-use communities, also known as private communities or general communities. These communities serve as a Copyright © 2010, Juniper Networks, Inc.
Page 127: Figure 26: Communities
10.72.4.2. If the community attribute of such a route matches instance 10 of the route map, router LA sets the weight of the route to 25. host2(config)#router bgp 425 host2(config-router)#network 172.24.160 mask 255.255.224.0 host2(config-router)#neighbor 10.72.4.2 remote-as 31 host2(config-router)#neighbor 10.72.4.2 send-community Copyright © 2010, Juniper Networks, Inc.
Page 128 If you specify a BGP peer group by using the peerGroupName argument, all the members of the peer group inherit the characteristic configured with this command. You cannot override this inheritance for a peer group member. Example host1(config-router)#neighbor send-community westcoast extended Copyright © 2010, Juniper Networks, Inc.
Page 129: Community Lists
AA:NN format; otherwise it is in decimal format. The router tests the community attribute of a route against the conditions in a community list one by one. The first match determines whether the router accepts (the route is Copyright © 2010, Juniper Networks, Inc.
Page 130: Figure 27: Community Lists
3 permit internet Community list 1 comprises routes with a community of 25; their metric is set to 20. Community list 2 comprises routes with a community of 62; their metric is set to 75. Copyright © 2010, Juniper Networks, Inc.
Page 131 A clause in a route map that includes a list having more than one value only matches a route having all of the values; that is, the multiple values are logical ANDed. Example Copyright © 2010, Juniper Networks, Inc.
Page 132: Resetting A Bgp Connection
If you do not use the soft in or soft out options, the clear is known as a hard clear and clears the current BGP connection. Use the soft in option to reapply inbound policy to all received routes without clearing the BGP session. Copyright © 2010, Juniper Networks, Inc.
Page 133: Changing Policies Without Disruption
Adj-RIBs-In table. If the route-refresh capability was not negotiated with the peer, BGP automatically bounces the session. The Adj-RIBs-In table is repopulated when routes are received from the peer after the session comes back up. Copyright © 2010, Juniper Networks, Inc.
Page 134: Route-Refresh Capability
If you specify a BGP peer group by using the peerGroupName argument, all the members of the peer group inherit the characteristic configured with this command unless it is overridden for a specific peer. Copyright © 2010, Juniper Networks, Inc.
Page 135 You cannot merely perform a hard clear or outbound soft clear for individual peer group members because that causes BGP to resend only the contents of the Adj-RIBs-Out table. Use the no version to remove the prefix list. See neighbor prefix-list. Copyright © 2010, Juniper Networks, Inc.
Page 136: Configuring Route Flap Dampening
(added back to the BGP table and used for forwarding) suppress—When a route’s penalty exceeds this limit, the route is suppressed max-suppress-time—When the period a route has been suppressed exceeds this limit, the route becomes unsuppressed Copyright © 2010, Juniper Networks, Inc.
Page 137 192.168.5.0 255.255.255.0 To clear IPv4 dampening information for the most specific route matching an address: host1#clear ip bgp dampening 192.168.5.0 There is no no version. See clear bgp ipv6 dampening. See clear ip bgp dampening. Copyright © 2010, Juniper Networks, Inc.
Page 138: Policy-Based Route Flap Dampening
BGP uses and stores two dampening parameter blocks, one for each set. Example host1(config)#route-map nyc1 permit 10 Copyright © 2010, Juniper Networks, Inc.
Page 139: Policy Testing
The address-family identifier for the route is the same as is used for identifying the neighbor. If you do not specify a route, the test is performed for all routes associated with the address-family identifier. Copyright © 2010, Juniper Networks, Inc.
Page 140: Selecting The Best Path
If the origins are the same, select the path with lowest MED value. If the paths have the same MED values, select the path learned by means of EBGP over one learned by means of IBGP. Copyright © 2010, Juniper Networks, Inc.
Page 141: Configuring Next-Hop Processing
Consider the network configuration shown in Figure 28 on page 106. Router Jackson advertises 192.168.22.0/23 internally to router Memphis with a next hop of 10.2.2.1. Router Jackson advertises the same network externally to router Topeka with a next hop of 10.1.13.1. Copyright © 2010, Juniper Networks, Inc.
Page 142: Figure 28: Configuring Next-Hop Processing
To configure router Jackson: host1(config)#router bgp 604 host1(config-router)#neighbor 10.1.13.2 remote-as 25 host1(config-router)#neighbor 10.2.2.2 remote-as 604 host1(config-router)#network 192.168.22.0 mask 255.255.254.0 To configure router Memphis: host2(config)#router bgp 604 host2(config-router)#neighbor 10.2.2.1 remote-as 604 host2(config-router)#network 172.24.160.0 mask 255.255.224.0 Copyright © 2010, Juniper Networks, Inc.
Page 143: Next-Hop-Self
Toledo. Router Madrid therefore advertises 192.168.22.0/23 to router Barcelona with a next-hop attribute of 10.19.7.5. Now consider Figure 30 on page 108, which shows the same routers on a Frame Relay—NBMA—network. Copyright © 2010, Juniper Networks, Inc.
Page 144: Figure 30: Next-Hop Behavior For Nonbroadcast Multiaccess Media
To apply the new policy to routes that are already present in the BGP routing table, you must use the clear ip bgp command to perform a soft clear or hard clear of the current BGP session. Copyright © 2010, Juniper Networks, Inc.
Page 145: Assigning A Weight To A Route
Boston are higher—more preferred—than the routes coming from router NY. Router LA subsequently prefers routes received from router Boston and therefore uses router Boston as the next hop to reach network 192.68.5.0/24. Figure 31: Assigning a Weight to a Neighbor Connection Copyright © 2010, Juniper Networks, Inc.
Page 146: Using The Neighbor Weight Command
The following commands assign weights to routes filtered by AS-path access lists on router LA: host1(config)#router bgp 400 host1(config-router)#neighbor 10.5.5.1 remote-as 100 host1(config-router)#neighbor 10.5.5.1 filter-list 1 weight 1000 host1(config-router)#neighbor 10.72.4.2 remote-as 300 host1(config-router)#neighbor 10.72.4.2 filter-list 2 weight 500 host1(config-router)#exit Copyright © 2010, Juniper Networks, Inc.
Page 147 You can apply the filter to incoming or outgoing advertisements with the in or out keywords. If you specify a BGP peer group by using the peerGroupName argument, all the members of the peer group inherit the characteristic configured with this command unless it is Copyright © 2010, Juniper Networks, Inc.
Page 148 You cannot merely perform a hard clear or outbound soft clear for individual peer group members because that causes BGP to resend only the contents of the Adj-RIBs-Out table. Use the no version to remove the weight assignment. See neighbor weight. Copyright © 2010, Juniper Networks, Inc.
Page 149: Configuring The Local-Pref Attribute
AS 17 to 200. Because router LA and router SanJose exchange local preference information within AS 873, they both recognize that routes to network 192.168.5.0/24 in AS 293 have a higher local preference when they Copyright © 2010, Juniper Networks, Inc.
Page 150: Using A Route Map To Set The Local Preference
BGP. The origin of the route can be one of three values: IGP—Indicates that the route was learned by means of an IGP and, therefore, is internal to the originating AS. All routes advertised by the network command have an origin of IGP. Copyright © 2010, Juniper Networks, Inc.
Page 151: Figure 33: The Origin Attribute
The following commands configure router Albany: host3(config)#router bgp 100 host3(config-router)#neighbor 10.4.4.2 remote-as 100 host3(config-router)#neighbor 10.2.25.2 remote-as 100 host3(config-router)#network 192.168.33.0 mask 255.255.255.0 The following commands configure router LA: host4(config)#router bgp 300 host4(config-router)#neighbor 10.3.3.2 remote-as 100 Copyright © 2010, Juniper Networks, Inc.
Page 152: Table 20: Origin And As Path For Routes Viewed On Different Routers
172.21.10.0/23 Albany Incomplete 172.21.10.0/23 Boston Incomplete 172.21.10.0/23 Incomplete 172.21.10.0/23 Incomplete empty 172.28.8.0/21 Albany empty 172.28.8.0/21 Boston empty 172.28.8.0/21 empty 172.28.8.0/21 172.31.125.100 Albany Incomplete empty 172.31.125.100 Boston Incomplete empty 172.31.125.100 Incomplete empty 172.31.125.100 Incomplete Copyright © 2010, Juniper Networks, Inc.
Page 153: Understanding The As-Path Attribute
AS-path attribute for route 172.21.10.0/23 is 621 47. Router Berlin advertises the route to router London in AS 47. As received by router London, the AS-path attribute for route 172.21.10.0/23 is 11 621 47. Copyright © 2010, Juniper Networks, Inc.
Page 154: Configuring A Local As
The following example commands change the local AS number for peer 104.4.2 from the global local AS of 100 to 32: host1(config)#router bgp 100 host1(config-router)#address-family ipv4 unicast vrf boston host1(config-router)#neighbor 10.4.4.2 remote-as 645 host1(config-router)#neighbor 10.4.4.2 local-as 32 Copyright © 2010, Juniper Networks, Inc.
Page 155: Configuring The Med Attribute
10.3.3.2 remote-as 73 host1(config-router)#neighbor 10.5.5.2 remote-as 4 host1(config-router)#network 122.28.8.0 mask 255.255.248.0 The following commands configure router Paris: host2(config)#router bgp 73 host2(config-router)#neighbor 10.4.4.1 remote-as 303 host2(config-router)#neighbor 10.4.4.1 route-map 10 out host2(config-router)#neighbor 10.2.25.1 remote-as 73 Copyright © 2010, Juniper Networks, Inc.
Page 156 Paris and router Nice, but the MED advertised by router Paris is lower than that advertised by router Nice. Consequently, router London prefers the path through router Paris. Copyright © 2010, Juniper Networks, Inc.
Page 157 Setting either metric overrides any previously configured value. Example host1(config)#route-map nyc1 permit 10 host1(config-route-map)#set metric 10 Use the no version to delete the set clause from a route map. See set metric. Copyright © 2010, Juniper Networks, Inc.
Page 158: Missing Med Values
ASs and does not affect the comparison of routes that are originated in other confederations. Example host1(config-router)#bgp bestpath med confed Changes apply automatically whenever BGP subsequently runs the best-path decision process for a destination prefix; that is, whenever a best route is picked for a given prefix. Copyright © 2010, Juniper Networks, Inc.
Page 159: Capability Negotiation
The router advertises these capabilities—except for the cooperative route filtering capability—by default. You can prevent the advertisement of specific capabilities with the no neighbor capability command. You can also use this command to prevent all capability negotiation with the specified peer. Copyright © 2010, Juniper Networks, Inc.
Page 160: Cooperative Route Filtering
BGP speakers that support four-octet AS and sub-AS numbers are sometimes referred to as “ new” speakers. The four-octet AS numbers are employed by the AS-path and aggregator attributes. “ Old” speakers are those that do not support the four-octet numbers. Copyright © 2010, Juniper Networks, Inc.
Page 161: Graceful Restarts
BGP is awaiting an End-of-RIB marker. Alternatively, you can minimize this effect by using the bgp graceful-restart path-selection-defer-time-limit command to specify a maximum period that the restarted peer waits for the marker from its peers. Copyright © 2010, Juniper Networks, Inc.
Page 162 Advertisement of the graceful restart capability is disabled by default. The no neighbor capability negotiation command prevents the advertisement of all BGP capabilities, including graceful restart, to the specified peers. This command takes effect immediately and automatically bounces the session. Example host1(config-router)#bgp graceful-restart Copyright © 2010, Juniper Networks, Inc.
Page 163 This command takes effect immediately and automatically bounces the session. Example host1(config-router)#bgp graceful-restart stalepaths-time 480 Use the no version to restore the default value, 360 seconds. See bgp graceful-restart stalepaths-time. clear ip bgp wait-end-of-rib Copyright © 2010, Juniper Networks, Inc.
Page 164 Specify an interval shorter than the stalepaths time. This command takes effect immediately and automatically bounces the session. Example host1(config-router)#neighbor graceful-restart restart-time 240 Use the no version to restore the default value, 120 seconds. See neighbor graceful-restart restart-time. neighbor graceful-restart stalepaths-time Copyright © 2010, Juniper Networks, Inc.
Page 165: Scenarios
On the interface that connects PE1 to the core router, P, use the isis hello-interval command in Interface Configuration mode to set the frequency at which the router sends hello packets on the specified interface as 30 seconds. host1(config-if)#isis hello-interval 30 Copyright © 2010, Juniper Networks, Inc.
Page 166: Route Refresh
Use the no version to prevent advertisement of the specified capability or use the negotiation keyword with the no version to prevent all capability negotiation with the specified peer. Use the default version to restore the default, advertising the capability. See neighbor capability. Copyright © 2010, Juniper Networks, Inc.
Page 167: Interactions Between Bgp And Igps
IP routing table. Synchronization is enabled by default. However, you must configure redistribution of external routes into the IGP, or the routing tables will not receive the IGP routes. Copyright © 2010, Juniper Networks, Inc.
Page 168: Disabling Synchronization
NY to put the route to 192.56.0.0/16 in its IP routing table and advertise it to router Chicago without learning about 192.56.00/16 from router Albany. The command also enables router Boston to put the route to Copyright © 2010, Juniper Networks, Inc.
Page 169: Setting The Administrative Distance For A Route
The distance represents how reliable the source of the route is considered to be. A lower value is preferred over a higher value. An administrative distance of 255 indicates no confidence in the source; routes with this distance are not installed Copyright © 2010, Juniper Networks, Inc.
Page 170: Table 21: Default Administrative Distances For Route Sources
BGP. BGP can locally originate routes if you issue the network command, if you configure redistribution into BGP, or by means of a non-AS-set aggregate route. Acceptable values are from 1 to 255. The default value is 200. Copyright © 2010, Juniper Networks, Inc.
Page 171: Figure 38: Administrative Distances
See distance bgp. Example 1 Routes learned from other sources can be preferred to routes learned by means of BGP. Consider the network structure shown in Figure 38 on page 135. Figure 38: Administrative Distances Copyright © 2010, Juniper Networks, Inc.
Page 172: Figure 39: Administrative Distance And Synchronization
BGP speaker can advertise the route it learned from a peer. When the RIP route appears on router Boston, the router has both an IBGP route and a RIP route to the same prefix. Even though the RIP route has a better administrative Copyright © 2010, Juniper Networks, Inc.
Page 173: Configuring Backdoor Routes
EBGP route to that of an IBGP route, 200. Issuing this command does not cause the BGP speaker to advertise the specified route. This command takes effect immediately. Copyright © 2010, Juniper Networks, Inc.
Page 174: Setting The Maximum Number Of Equal-Cost Multipaths
VRF. BFD is not supported for multi-hop BGP sessions (IBGP multi-hop or EBGP multi-hop). BFD behavior is identical for IBGP and EBGP single-hop sessions, and for IPv4 and IPv6 neighbors. Copyright © 2010, Juniper Networks, Inc.
Page 175 BFD control packets from the remote peer. The default value is 300 milliseconds. You can use the minimum-interval keyword to specify the same value for both of those intervals. Configuring a minimum interval has the same effect as configuring Copyright © 2010, Juniper Networks, Inc.
Page 176: Bfd And Bgp Graceful Restart
When BGP is acting as a graceful restart helper and the BFD session to the BGP peer is lost, one of the following actions takes place: Copyright © 2010, Juniper Networks, Inc.
Page 177: Managing A Large-Scale As
(for clarity, only the BGP sessions are shown). Border router Salem has an EBGP session with a neighbor in AS 325. Border router Boston has an EBGP session with a neighbor in AS 413. Copyright © 2010, Juniper Networks, Inc.
Page 178: Figure 41: A Fully Meshed Autonomous System
It acts like IBGP within an AS because the local-pref, MED, and next-hop attributes are preserved across the sub-AS boundaries. To the external neighbors, AS 29 appears the same as it ever was. Copyright © 2010, Juniper Networks, Inc.
Page 179: Figure 42: A Confederation Of Subautonomous Systems
64721 host2(config-router)#bgp confederation identifier 29 host2(config-router)#bgp confederation peers 64720 64722 host2(config-router)#neighbor 10.2.25.7 remote-as 64720 From router Newport’s perspective, router Salem is simply a member of AS 29: host3(config)#router bgp 325 host3(config-router)#neighbor 10.2.25.6 remote-as 29 Copyright © 2010, Juniper Networks, Inc.
Page 180 AS paths in the set are delimited by commas rather than spaces. Example host1(config)#ip bgp-confed-as-set new-format Use the no version to restore the default display within parentheses and with space-delimited ASs. See ip bgp-confed-as-set new-format. Copyright © 2010, Juniper Networks, Inc.
Page 181: Configuring Route Reflectors
Plymouth, Westford, and Acton. These route reflector clients see router Harvard and each other simply as IBGP neighbors. Router Newport in AS 325 and router Mason in AS 413 see router Harvard simply as an EBGP neighbor in AS 29. Figure 43: Simple Route Reflection Copyright © 2010, Juniper Networks, Inc.
Page 182: Route Reflection And Redundancy
BGP prevents looping between ASs by evaluating the AS-path attribute to determine a route’s origin. Border routers reject routes they receive from external neighbors if the AS path indicates that the route originated within the border router’s AS. Copyright © 2010, Juniper Networks, Inc.
Page 183 10.2.5.6 remote-as 29 host1(config-router)#neighbor 10.2.5.6 route-reflector-client host1(config-router)#neighbor 10.2.5.7 remote-as 29 host1(config-router)#neighbor 10.2.5.8 remote-as 29 host1(config-router)#neighbor 10.2.25.5 remote-as 325 You do not configure a cluster ID, because router Salem is the only route reflector in this cluster. Copyright © 2010, Juniper Networks, Inc.
Page 184: Figure 46: Bgp Route Reflection
10.3.3.4 remote-as 29 host3(config-router)#neighbor 10.2.5.1 remote-as 29 You must configure a cluster ID, because router Acton and router Harvard are both route reflectors in this cluster. To configure router Harvard as a route reflector: Copyright © 2010, Juniper Networks, Inc.
Page 185 Use to configure the local router as the route reflector and the specified neighbor as one of its clients. The reflector and its clients constitute a cluster. BGP neighbors that are not specified as clients are nonclients. Route reflectors pass routes among the client routers. Copyright © 2010, Juniper Networks, Inc.
Page 186: Configuring Bgp Multicasting
IPv6 routes. For a description of IPv6, see JunosE IP, IPv6, and IGP Configuration Guide. Multicast IPv6—If you specify the multicast IPv6 address family, you can use BGP to exchange routing information about how to reach an IPv6 multicast source instead of Copyright © 2010, Juniper Networks, Inc.
Page 187: Peer Or Peer Group
Use to configure the router to exchange IPv4 or IPv6 addresses by creating the specified address family. IPv4 addresses can be exchanged in unicast, multicast, or VPN mode. IPv6 addresses can be exchanged in unicast mode. Copyright © 2010, Juniper Networks, Inc.
Page 188 If a neighbor is activated, BGP also sends the full contents of the BGP routing table of the newly activated address family. Example host1:vr1(config-router-af)#neighbor 192.168.1.158 activate Copyright © 2010, Juniper Networks, Inc.
Page 189: Monitoring Bgp Multicast Services
By default, BGP IPv4 and IPv6 unicast routes are available only for other unicast routing protocols. Example 1 host1(config)#router bgp 100 host1(config-router)#ipv6 route-type both Example 2 host1(config)#router bgp 100 host1(config-router)#address-family ipv4 unicast vrf v1 host1(config-router-af)#ip route-type both Use the no version to restore the default value, unicast. Copyright © 2010, Juniper Networks, Inc.
Page 190: Configuring Bgp/Mpls Vpns
The following three items apply to the test ip bgp neighbor command only: The address-family identifier for the route is the same as is used for identifying the neighbor. Copyright © 2010, Juniper Networks, Inc.
Page 191 You can set a weight value for inbound routes filtered with a filter list. Example host1#test ip bgp neighbor 10.12.54.21 advertised-routes distribute-list boston5 fields There is no no version. See test bgp ipv6 neighbor. See test ip bgp neighbor. Copyright © 2010, Juniper Networks, Inc.
Page 193: Monitoring Bgp
Monitoring BGP Routes with Inconsistent AS Paths on page 179 Monitoring BGP Neighbors on page 180 Monitoring Dampened BGP Routes of Specified Neighbors on page 185 Monitoring BGP Paths of Neighbors on page 187 Copyright © 2010, Juniper Networks, Inc.
Page 194: Setting A Baseline On All Bgp Statistics
To display information about BGP logs for inbound or outbound events, or both. Issue the debug ip bgp command: host1#debug ip bgp Related Disabling Display of BGP Logs on page 205 Documentation debug ip bgp undebug ip bgp Copyright © 2010, Juniper Networks, Inc.
Page 195: Neighbors
You can use the intro keyword to enable the display of introductory information about BGP attributes. The order in which you specify the fields has no effect on the order in which they are displayed. Action To specify the default output fields while displaying the BGP routes: Copyright © 2010, Juniper Networks, Inc.
Page 196: Table 23: Show Ip Bgp Output Fields
BGP has finished updating the routes in the IP route table. The FIB version is less than the local-RIB version when BGP is still in the process of updating the IP routing table. Copyright © 2010, Juniper Networks, Inc.
Page 197 Statistics baseline set Timestamp indicating when the statistics baseline was last set Related Monitoring the BGP Routing Table on page 162 Documentation default-fields route Copyright © 2010, Juniper Networks, Inc.
Page 198: Monitoring As-Path Access Lists
Status codes: > best, * invalid, s suppressed, d dampened, r rejected, a auto-summarized Prefix Peer Next-hop LocPrf Weight Origin ::103.103.103.0/120 103.103.103.3 ::103.103.103.3 inc. > 3ffe:0:0:1::/64 11.11.11.11 ::101.101.101.1 inc. > 3ffe:0:0:3::/64 103.103.103.3 ::103.103.103.3 inc. > 3ffe:0:1:1::/64 12.12.12.12 ::102.102.102.2 inc. Copyright © 2010, Juniper Networks, Inc.
Page 199 Direct next-hop POS4/0 (10.10.10.1) POS4/1 (12.12.12.1) Resolution in IP tunnel-route table of VR pe1 MPLS indirect next-hop index 578 Reachable (metric 100) Direct next-hop Push 23, POS4/0 (10.10.10.1) Push 43, POS4/1 (12.12.12.1) Reference count is 1 Copyright © 2010, Juniper Networks, Inc.
Page 200 Prefix Weight Route-map Backdoor 102:111:34/96 1111111111:23:1/96 To display information about network routes in the route-target address family corresponding to the specified RT-MEM-NLRI: host1:pe1#show ip bgp route-target signaling network 102:111:34 Prefix Weight Route-map Backdoor 102:111:34/96 Copyright © 2010, Juniper Networks, Inc.
Page 201 Weight Origin > 12.2.6.0/24 10.5.0.48 10.5.0.48 > 12.2.7.0/24 10.5.0.48 10.5.0.48 > 12.2.76.0/24 10.5.0.48 10.5.0.48 > 12.2.88.0/22 10.5.0.48 10.5.0.48 > 12.2.97.0/24 10.5.0.48 10.5.0.48 > 12.2.99.0/24 10.5.0.48 10.5.0.48 > 12.2.109.0/24 10.5.0.48 10.5.0.48 > 12.2.169.0/24 10.5.0.48 10.5.0.48 Copyright © 2010, Juniper Networks, Inc.
Page 202: Table 25: Show Ip Bgp Output Fields
IP address of the next router that is used when a packet is forwarded to the destination network Multiexit discriminator for the route LocPrf Local preference for the route Weight Weight of the route Origin Origin of the route Copyright © 2010, Juniper Networks, Inc.
Page 203: Monitoring Advertised Bgp Routes
Report whether the indirect next hop of a route is unreachable; if not, display the IGP cost to the indirect next hop. Copyright © 2010, Juniper Networks, Inc.
Page 204: Table 26: Show Ip Bgp Advertised-Routes Output Fields
If BGP receives two routes for different prefixes but with identical path attributes, BGP will create only one entry in its internal path attribute table and share it between the two routes to conserve memory. Copyright © 2010, Juniper Networks, Inc.
Page 205: Monitoring Bgp Aggregate Addresses
AS set ASs in the AS-set path Summary only Displays a summary of aggregate address information Attribute map Displays the attribute maps for aggregate addresses Advertise map Displays the advertise maps for aggregate addresses Copyright © 2010, Juniper Networks, Inc.
Page 206: Monitoring Bgp Routes With Nonnatural Network Masks
If several peers have advertised a route to the same prefix, only the best route is included in this count. routes selected for route Number of routes in the BGP routing table that have been inserted table installation into the IP routing table Copyright © 2010, Juniper Networks, Inc.
Page 207: Monitoring Bgp Routes In A Community
NN—Number that identifies the community within the autonomous system host1#show ip bgp community 999:999 Local router ID 192.168.1.153, local AS 100 40845 paths, 40845 distinct prefixes (2940840 bytes used) 40845 paths selected for route table installation Copyright © 2010, Juniper Networks, Inc.
Page 208: Table 29: Show Ip Bgp Community Output Fields
IP address of BGP peer Next hop IP address IP address of the next hop Multiexit discriminator for the route CalPrf Calculated preference for the route Weight Assigned path weight Origin Origin of the route Copyright © 2010, Juniper Networks, Inc.
Page 209: Monitoring Bgp Community Routes In The Community List
Number of routes to unique prefixes stored in the BGP routing table. If several peers have advertised a route to the same prefix, only the best route is included in this count. Copyright © 2010, Juniper Networks, Inc.
Page 210: Monitoring Dampened Bgp Routes
10.2.1.48 Suppressed/Reachable 2681 00:17:00 24.95.0.0/19 10.2.1.48 Suppressed/Reachable 2681 00:17:00 128.192.0.0/16 10.2.1.48 Available 1997 00:15:08 148.161.0.0/16 10.2.1.48 Available 1997 00:15:10 164.81.0.0/16 10.2.1.48 Available 1997 00:15:11 192.29.60.0/24 10.2.1.48 Available 1997 00:15:12 192.58.228.0/24 10.2.1.48 Available 1997 00:15:15 Copyright © 2010, Juniper Networks, Inc.
Page 211: Table 31: Show Ip Bgp Dampened-Paths Output Fields
A measure of the route's stability. Higher values indicate more recent route flap activity or less stability. Time until Reuse/Remove Time until the route is either reused (if currently suppressed) or its history entry is removed (if currently available) Copyright © 2010, Juniper Networks, Inc.
Page 212: Monitoring Bgp Routes With Matching As Paths And As-Path Access Lists
AS Local autonomous system number paths Total number of routes stored in the BGP routing table. If several peers have advertised a route to the same prefix, all routes are included in this count. Copyright © 2010, Juniper Networks, Inc.
Page 213: Monitoring Bgp Flap Statistics
Default cutoff threshold is 2000, default reuse threshold is 750 Default maximum hold-down time is 60 minutes 307 paths have active route flap histories (27016 bytes used) 5 paths are suppressed Figure Time until Prefix Peer Status of Merit Reuse/Remove Copyright © 2010, Juniper Networks, Inc.
Page 214: Table 33: Show Ip Bgp Flap-Statistics Output Fields
Time until Reuse/Remove Time until the route is either reused (if currently suppressed) or its history entry is removed (if currently available) Related show bgp ipv6 flap-statistics Documentation show ip bgp flap-statistics Copyright © 2010, Juniper Networks, Inc.
Page 215: Monitoring Bgp Routes With Inconsistent As Paths
BGP will create only one entry in its internal path attribute table and share it between the two routes to conserve memory. Prefix Prefix for the routing table entry Next hop IP address of the next hop Copyright © 2010, Juniper Networks, Inc.
Page 216: Monitoring Bgp Neighbors
Configured hold time is 90 seconds, negotiated 90 TCP connection: Local IP address is 192.168.1.218, local port is 1024 Remote IP address is 10.2.1.48, remote port is 179 Statistics: Total of 4100 messages sent, 44913 messages received Copyright © 2010, Juniper Networks, Inc.
Page 217 Fields relevant to BFD when BFD is configured for a multihop EBGP peer: BFD is enabled but not supported (multi-hop EBGP neighbor) Fields relevant to BFD when BFD is configured but the BGP session is not established: Copyright © 2010, Juniper Networks, Inc.
Page 218: Table 35: Show Ip Bgp Neighbors Output Fields
Name of the peer group of which this BGP neighbor is a member Remote router ID Router ID of the remote router negotiated BGP version BGP version being used to communicate with the neighbor Copyright © 2010, Juniper Networks, Inc.
Page 219 Time between a BGP peer’s attempts to reestablish a connection to the neighbor Minimum route Minimum time between route advertisements advertisement interval Minimum AS origination Minimum time between advertisement of changes within the interval speaker’s AS Copyright © 2010, Juniper Networks, Inc.
Page 220 (Cisco proprietary), four octet AS numbers, and graceful restart) has been sent, received, or both Multi-protocol extensions Lists the relevant address family and whether it has been sent, negotiation received, or used Copyright © 2010, Juniper Networks, Inc.
Page 221: Monitoring Dampened Bgp Routes Of Specified Neighbors
Report whether the indirect next hop of a route is unreachable; if not, display the IGP cost to the indirect next hop. The show ip bgp neighbors dampened-routes and show bgp ipv6 neighbors dampened-routes commands display similar information. Copyright © 2010, Juniper Networks, Inc.
Page 222: Table 36: Show Ip Bgp Neighbors Dampened-Routes Output Fields
If BGP receives two routes for different prefixes but with identical path attributes, BGP will create only one entry in its internal path attribute table and share it between the two routes to conserve memory. Copyright © 2010, Juniper Networks, Inc.
Page 223: Monitoring Bgp Paths Of Neighbors
11488 701 3561 5683 5551 0xC384FC0 192.168.1.1 11488 701 1239 1755 1273 8793 8793 8793 0xC385030 192.168.1.1 11488 701 5705 5693 Meaning Table 37 on page 188 lists the show ip bgp neighbors paths command output fields. Copyright © 2010, Juniper Networks, Inc.
Page 224: Neighbor
Display routes originating from the specified BGP neighbor before inbound policy is applied. Report whether the indirect next hop of a route is unreachable; if not, display the IGP cost to the indirect next hop. Copyright © 2010, Juniper Networks, Inc.
Page 225: Table 39: Show Ip Bgp Neighbors Received-Routes Output Fields
Prefix Prefix for the routing table entry Peer IP address of BGP peer Next hop IP address of the next hop Multiexit discriminator for the route LocPrf Local preference for the route Copyright © 2010, Juniper Networks, Inc.
Page 226: Policy
Total number of routes stored in the BGP routing table and amount of memory consumed by routes. If several peers have advertised a route to the same prefix, all routes are included in this count. Copyright © 2010, Juniper Networks, Inc.
Page 227: Monitoring Networks In An Autonomous System
Assigned path weight Origin Origin of the route Related show bgp ipv6 neighbors routes Documentation show ip bgp neighbors routes Monitoring Networks in an Autonomous System Purpose Display information about networks in an AS. Copyright © 2010, Juniper Networks, Inc.
Page 228: Monitoring Bgp Next Hops
Reference count is 3 Indirect next-hop ::ffff:2.2.2.2 MPLS stacked label 17 Reachable (metric 3) Direct next-hop tun mpls:vpnInL17-23 Reference count is 1 Indirect next-hop 5.5.5.5 Reachable (metric 2) Direct next-hop atm2/0.35 (35.35.35.5) Reference count is 3 Copyright © 2010, Juniper Networks, Inc.
Page 229: Monitoring Bgp Paths
0x4C548530 0x4C548704 BGP internally maintains additional attributes that are not displayed—for example, the MED, local preference, and communities attributes. Meaning Table 43 on page 194 lists the show bgp ipv6 paths command output fields. Copyright © 2010, Juniper Networks, Inc.
Page 230: Monitoring Bgp Peer Groups
Restart time is 120 seconds Stale paths time is 360 seconds Configuration for address family ipv4:unicast RIB-out is disabled Default originate is disabled Next hop self is disabled Next hop unchanged is disabled Don't send communities Copyright © 2010, Juniper Networks, Inc.
Page 231: Table 44: Show Ip Bgp Peer-Group Output Fields
Desired time interval between BFD packets transmitted to members of peer group Minimum receive interval Desired time interval between BFD packets received from members of peer group Multiplier Number of BFD packets that can be missed before declaring BFD session down Copyright © 2010, Juniper Networks, Inc.
Page 232 (route map condition has not been met; regardless of this status, the specified routes might be governed by another route map with a lower sequence number and actually advertised or not according to that map Copyright © 2010, Juniper Networks, Inc.
Page 233: Monitoring Bgp Routes With Matching As-Paths And Regular Expressions For Single Regular Expressions
Local router ID 192.168.1.232, local AS 100 6 paths, 3 distinct prefixes (324 bytes used) 3 paths selected for route table installation 7 path attribute entries (872 bytes used) Prefix Next-hop CalPrf Weight AS-path 10.99.1.4/32 10.1.1.2 200 10 20 Copyright © 2010, Juniper Networks, Inc.
Page 234: Table 45: Show Ip Bgp Quote-Regexp Output Fields
CalPrf Calculated preference for the route Weight Weight of the route AS path Autonomous system path Related Monitoring BGP Routes with Matching AS-Paths and Regular Expressions for Multiple Documentation Regular Expressions on page 199 Copyright © 2010, Juniper Networks, Inc.
Page 235: Monitoring Bgp Routes With Matching As-Paths And Regular Expressions For Multiple Regular Expressions
AS-path 10.99.1.4/32 10.1.1.2 200 10 20 The show ip bgp regexp command accepts multiple strings as arguments. If you try to apply output filtering, the command interprets the filter information as a regular expression Copyright © 2010, Juniper Networks, Inc.
Page 236: Table 46: Show Ip Bgp Regexp Output Fields
Weight of the route AS path Autonomous system path Related Monitoring BGP Routes with Matching AS-Paths and Regular Expressions for Single Documentation Regular Expressions on page 197 show bgp ipv6 regexp show ip bgp regexp Copyright © 2010, Juniper Networks, Inc.
Page 237: Monitoring The Status Of All Bgp Neighbors
To display the status of next hop reachability checking by specifying vpnv4: host1#show ip bgp vpnv4 all summary Local router ID 10.13.5.19, local AS 100 Administrative state is Start BGP Operational state is Up Copyright © 2010, Juniper Networks, Inc.
Page 238: Table 47: Show Bgp Ipv6 Summary Output Fields
Status, enabled or disabled Advertise best external Status, enabled or disabled route to internal peer Enforce first AS Status, enabled or disabled Missing MED as worst Status, enabled or disabled Route flap dampening Status, enabled or disabled Copyright © 2010, Juniper Networks, Inc.
Page 239 Time in seconds restart time Global graceful-restart Time in seconds stale paths time Graceful-restart path Time in seconds selection defer time Route Distinguisher RD assigned to the VRF Confederation ID Confederation ID Confederation peers Confederation peers Copyright © 2010, Juniper Networks, Inc.
Page 240 Negotiated BGP version number State State of the connection Up/down time Time the connection has been up or down Messages sent Number of messages sent to peer Messages received Number of messages received from peer Copyright © 2010, Juniper Networks, Inc.
Page 241: Monitoring All Routes In A Bgp Community List
Condition statement for routes matching the condition Disabling Display of BGP Logs To disable the display of information about BGP logs that was previously enabled with the debug ip bgp command. Issue the undebug ip bgp command: host1#undebug ip bgp Copyright © 2010, Juniper Networks, Inc.
Page 243: Multiprotocol Layer Switching
PART 2 Multiprotocol Layer Switching MPLS Overview on page 209 Configuring MPLS on page 275 Monitoring MPLS on page 321 Configuring BGP-MPLS Applications on page 385 Monitoring BGP/MPLS VPNs on page 491 Copyright © 2010, Juniper Networks, Inc.
Page 245: Mpls Overview
Ping Extensions for Point-to-Multipoint LSPs Connectivity Verification at Egress Nodes on page 247 TLVs and Sub-TLVs Supported for Point-to-Multipoint LSPs Connectivity Verification at Egress Nodes on page 248 LDP Discovery Mechanisms on page 251 MPLS Traffic Engineering Overview on page 252 Copyright © 2010, Juniper Networks, Inc.
Page 246: Mpls Overview
RFCs and other sources either with initial uppercase letters or all uppercase letters. For improved readability, those terms are represented in lowercase in this chapter. Table 49 on page 211 lists the terms and some of their variant spellings. Copyright © 2010, Juniper Networks, Inc.
Page 247: Table 49: Conventions For Mpls Terms
PathTear PATHTEAR resv Resv RESV resvconf ResvConf RESVCONF resverr ResvErr RESVERR resvtear ResvTear RESVTEAR targeted hello Targeted Hello TARGETED_HELLO Related MPLS Terms and Acronyms on page 212 Documentation MPLS Overview on page 210 Copyright © 2010, Juniper Networks, Inc.
Page 248: Mpls Terms And Acronyms
MPLS domain This text does not use LDP to refer to the generic class of label distribution protocols. Label edge router—A label-switching router serving as an ingress or egress nodes Copyright © 2010, Juniper Networks, Inc.
Page 249 VPN Provider core router P—An LSR within a service provider core that carries traffic for a VPN RSVP Resource Reservation Protocol; E Series routers do not support RSVP Copyright © 2010, Juniper Networks, Inc.
Page 250: Mpls Features
Interface support ATM AAL5 (RSVP-TE only) ATM1483 (point-to-point AAL5SNAP only) Ethernet/VLAN Multilink PPP POS (PPP over HDLC) SLEP (Cisco HDLC) Label stacking Virtual Private Networks (VR-based and BGP-based) Layer 2 Services over MPLS LER functionality Copyright © 2010, Juniper Networks, Inc.
Page 251: Mpls Platform Considerations
See ERX Module Guide, Table 1, Module Combinations for detailed module specifications. See ERX Module Guide, Appendix A, Module Protocol Support for information about the modules that support BGP. For information about modules that support MPLS on E120 and E320 Broadband Services Routers: Copyright © 2010, Juniper Networks, Inc.
Page 252: Mpls References
RFC 2747—RSVP Cryptographic Authentication (January 2000) RFC 2836—Per Hop Behavior Identification Codes (May 2000) RFC 2858—Multiprotocol Extensions for BGP-4 (June 2000) RFC 2961—RSVP Refresh Overhead Reduction Extensions (April 2001) RFC 3031—Multiprotocol Label Switching Architecture (January 2001) Copyright © 2010, Juniper Networks, Inc.
Page 253 NOTE: IETF drafts are valid for only 6 months from the date of issuance. They must be considered as works in progress. Please refer to the IETF Web site at http://www.ietf.org for the latest drafts. Copyright © 2010, Juniper Networks, Inc.
Page 254: Mpls Label Switching And Packet Forwarding Overview
The egress router is sometimes referred to as the tunnel tail end, or the tail-end router. LSPs are unidirectional, carrying traffic only in the downstream direction from the ingress node to the egress node. Copyright © 2010, Juniper Networks, Inc.
Page 255: Mpls Lsrs
2 prepends label e to the packet. LSR 3 does the same thing, removing label e and prepending label u. Finally, the egress node, LSR 4, removes label u and determines where to forward the packet outside the MPLS domain. Figure 48: Label Switching Copyright © 2010, Juniper Networks, Inc.
Page 257: Mpls Labels And Label Spaces
When you use the platform label space, the MPLS ingress node places labels in shim headers between the link-layer header and the payload. The shim header includes the following bits (Figure 50 on page 222): Copyright © 2010, Juniper Networks, Inc.
Page 258: Ttl Processing In The Platform Label Space Overview
TTL processing the default tunnel model is uniform. You can issue the no mpls ip propagate-ttl command to change the TTL processing tunnel model from the default uniform model to the pipe model. Issue the no mpls ip Copyright © 2010, Juniper Networks, Inc.
Page 259: Ttl Processing On Incoming Mpls Packets
If the incoming TTL is less than 2, the packet is dropped. If innermost packet is IP, an ICMP packet is built and sent. If the TTL does not expire and the packet needs to be sent out, the outgoing TTL is determined by the rules for outgoing MPLS packets. Copyright © 2010, Juniper Networks, Inc.
Page 260: Ttl Processing On Outgoing Mpls Packets
TTL value when the swapped-to label is not implicit-null. When the swapped-to label is implicit-null (for example, in a PHP configuration), the inner or exposed header's TTL is either left unchanged (when the forwarded option for the mpls ip propagate-ttl Copyright © 2010, Juniper Networks, Inc.
Page 261: Rules For Processing On An Ler
MPLS sets the TTL for these pushed labels to 255. When the packet is neither IP nor MPLS, such as a Martini packet, MPLS sets the TTL of all pushed labels to 255. Copyright © 2010, Juniper Networks, Inc.
Page 262: Mpls Rules For Ttl Expiration
MPLS takes the following actions when the TTL in a MPLS label of a received MPLS packet expires: A TTL-expired ICMP packet is constructed. The destination address of ICMP packet is set to the source address of the IP packet that was encapsulated in the MPLS packet. Copyright © 2010, Juniper Networks, Inc.
Page 263: Mpls Label Distribution Methodology
LSP, preventing inappropriate (early) data mapping from occurring on the first LSR in the path. An LSR is an egress LSR for a FEC when the FEC is its directly attached interface or when MPLS is not configured on the next-hop interface. Copyright © 2010, Juniper Networks, Inc.
Page 264: Figure 53: Lsp Creation, Downstream-On-Demand, Ordered Control
In Figure 54 on page 229, LSR D learns a route to some prefix. LSR D immediately maps a label for this destination and sends the label to its peers, LSR B, LSR C, LSR E, and LSR F. In the topology-driven network, the LSPs are created automatically with each peer LSR. Copyright © 2010, Juniper Networks, Inc.
Page 265: Ip Data Packet Mapping Onto Mpls Lsps Overview
For topology-driven LSPs, LDP can modify the IP routing table to use MPLS next hops in the routing table, replacing the regular IP next hops for the corresponding routes. For labeled BGP routes, BGP adds routes with MPLS next hops to the appropriate VR or VRF routing table. Copyright © 2010, Juniper Networks, Inc.
Page 266 VPN or IPv6 VPN interface. Consequently, any policy attached to the interface applies to all that VPN traffic. Related TTL Processing in the Platform Label Space Overview on page 222 Documentation IP Data Packet Mapping onto MPLS LSPs Overview on page 229 Copyright © 2010, Juniper Networks, Inc.
Page 268 0 bad mapping, 0 bad request, 0 bad abort, 0 bad release 0 bad withdraw, 0 bad addr, 0 bad addr withdraw 0 unknown msg type err last info err code = 0x00000000, 0 loop detected Sent: 0 notf, 8 msg, 4 mapping, 0 request Copyright © 2010, Juniper Networks, Inc.
Page 269: Mpls Forwarding And Next-Hop Tables Overview
This table contains labels from the interface label space of that major interface. When an MPLS packet arrives on an MPLS major interface that uses the interface label space, MPLS looks up the label in the MPLS forwarding table for that particular major interface. Copyright © 2010, Juniper Networks, Inc.
Page 270: Mpls Packet Spoof Checking Overview
MPLS major interface identified in the spoof check field. You can use the show mpls forwarding command to view the spoof check field for an MPLS forwarding table entry. Related MPLS Forwarding and Next-Hop Tables Overview on page 233 Documentation Copyright © 2010, Juniper Networks, Inc.
Page 271: Ip And Ipv6 Tunnel Routing Tables And Mpls Tunnels Overview
Through a routing protocol–defined configuration, resulting in dynamic explicit paths. When the routing protocol (IS-IS or OSPF) creates the explicit path, it makes use of Copyright © 2010, Juniper Networks, Inc.
Page 272: Mpls Interfaces And Interface Stacking Overview
For major interfaces using the platform label space, the lookup is in the MPLS forwarding table of the VR. For major interfaces using the interface label space, the lookup is in the MPLS forwarding table of the major interface. Copyright © 2010, Juniper Networks, Inc.
Page 273: Mpls Minor Interfaces
Configuring Layer 2 Services over MPLS. Interface Stacking MPLS interface stacking differs depending on whether the platform label space (Figure 56 on page 238) or the interface label space (Figure 57 on page 238) is used. Copyright © 2010, Juniper Networks, Inc.
Page 274: Mpls Label Distribution Protocols Overview
The following protocols are currently used for label distribution: BGP—Border Gateway Protocol LDP—Label Distribution Protocol RSVP-TE—Resource Reservation Protocol with traffic-engineering extensions that enable label binding and explicit route capability Copyright © 2010, Juniper Networks, Inc.
Page 275: Ldp Messages And Sessions
In certain cases, a targeted hello adjacency to directly connected peers might be useful. If an LSR receives both a link hello message and a targeted hello message from the same initiator, only a single LDP session is established between the LSRs. Copyright © 2010, Juniper Networks, Inc.
Page 276: Rsvp-Te Messages And Sessions
A session is ended if the state machine is not refreshed within the RSVP tunnel timeout period, which is determined as follows: For example, for the default values, Copyright © 2010, Juniper Networks, Inc.
Page 277: Rsvp-Te State Refresh And Reliability
The srefresh message can carry message IDs for multiple RSVP-TE sessions. Issuing the mpls rsvp message-bundling command enables RSVP-TE to use bundle messages, each of which includes multiple standard RSVP-TE messages, to reduce the overall message processing overhead. Copyright © 2010, Juniper Networks, Inc.
Page 278: Bgp Signaling
MPLS ECMP next hop or an IP ECMP. The signaling protocol determines whether ECMP next hops are used. For example, LDP can learn multiple labels for a route from different downstream peers (or one label from Copyright © 2010, Juniper Networks, Inc.
Page 279: Mpls Connectivity And Ecmp
TLV for each downstream path. This TLV is included in the MPLS echo request packet. The TLV can specify either “ Do not reply” or “ Reply via an IPv4/IPv6 UDP packet.” Copyright © 2010, Juniper Networks, Inc.
Page 280: Table 52: Sub-Tlvs Supported For The Target Fec Stack Tlv
For Martini encapsulation RSVP P2MP IPv4 Session For identification of the point-to-multipoint LSP for which you want to verify the data plane Related MPLS Label Switching and Packet Forwarding Overview on page 218 Documentation Copyright © 2010, Juniper Networks, Inc.
Page 281: Mpls Connectivity Verification And Troubleshooting Methods
For transit routers, the echo reply indicates that downstream mapping exists for the FEC, meaning that the packet would have been forwarded if the TTL had not expired. The egress router sends an echo reply packet verifying that it is the egress. Copyright © 2010, Juniper Networks, Inc.
Page 282: Point-To-Multipoint Lsps Connectivity Verification At Egress Nodes
TLVs and Sub-TLVs Supported for Point-to-Multipoint LSPs Connectivity Verification Documentation at Egress Nodes on page 248 Ping Extensions for Point-to-Multipoint LSPs Connectivity Verification at Egress Nodes on page 247 Verifying and Troubleshooting MPLS Connectivity on page 372 Copyright © 2010, Juniper Networks, Inc.
Page 283: Nodes
The type value used by point-to-multipoint LSPs in Junos OS differs from the type value specified in the IETF draft. To enable interoperability with routers running Junos OS (which are often employed as the ingress, transit, or branch nodes in point-to-multipoint LSPs), Copyright © 2010, Juniper Networks, Inc.
Page 284: Echo Jitter Tlv Overview
(or jitter) before forwarding the response. The delay period enables the responses from multiple egresses to be spread over a time period. This mechanism is very useful in situations when the entire LSP tree is being pinged because it helps the Copyright © 2010, Juniper Networks, Inc.
Page 285: P2Mp Responder Identifier Tlv Operations
Comments IPv4 Egress Address P2MP The IPv4 address in this sub-TLV Responder Identifier is the IPv4 address of the egress node and does not specify the IPv4 address of a branch or intermediate node. Copyright © 2010, Juniper Networks, Inc.
Page 286: Egress Address P2Mp Responder Identifier Sub-Tlvs
LSP. Related Troubleshooting MTU Problems in Point-to-Point LSPs on page 381 Documentation Ping Extensions for Point-to-Multipoint LSPs Connectivity Verification at Egress Nodes on page 247 Copyright © 2010, Juniper Networks, Inc.
Page 287: Ldp Discovery Mechanisms
In the JunosE implementation, this is always the platform label space, so the LDP identifier specifies the LSR ID and a value of 0 for the label space. The targeted hello also includes other information, such as the targeted-hello hold time, which is configured Copyright © 2010, Juniper Networks, Inc.
Page 288: Mpls Traffic Engineering Overview
LSP having the next best metric. Path Option You can configure multiple paths for an LSP with the tunnel mpls path-option command. Each path option has an identifying number; the lower the number the higher the Copyright © 2010, Juniper Networks, Inc.
Page 289: Reoptimization
Currently, bandwidth (BW) and bandwidth-related information are the only resources tracked and used for traffic engineering. Admission control determines whether a setup request can be honored for an MPLS LSP with traffic parameters. Copyright © 2010, Juniper Networks, Inc.
Page 291: Lsp Preemption
LDP LSP over an RSVP-TE LSP, as shown in Figure 58 on page 256. With LDP over RSVP-TE, LDP establishes targeted sessions among the LDP routers at the edge of the RSVP core. From the perspective of the LDP LSP, the RSVP-TE core is a single hop. Copyright © 2010, Juniper Networks, Inc.
Page 292: Ldp Graceful Restart Overview
LDP graceful restart supports only the downstream-unsolicited mode of label distribution. Successful operation of LDP graceful restart requires that stateful SRP switchover (high availability) be configured on the router. Although you can configure LDP graceful restart Copyright © 2010, Juniper Networks, Inc.
Page 293: Table 54: Summary Of Ldp Graceful Restart States
(indicating that both graceful restart and helper mode are disabled), it deletes the label mapping information. Also when the LSR restarts, the neighbor sets its neighbor liveness timer to the lesser of the two values, the reconnect timeout value and its own configurable neighbor liveness Copyright © 2010, Juniper Networks, Inc.
Page 294: Ldp-Igp Synchronization Overview
BGP. Another example is an MPLS VPN where each given PE router depends on the availability of a complete MPLS forwarding path to the other PE routers for each VPN that it serves. This means that along the shortest path between the PE routers, each link Copyright © 2010, Juniper Networks, Inc.
Page 295 Only after that takes place does LDP notify the IGP to bring down the cost on the interface. LDP-IGP synchronization is supported only for directly connected peers and links with the platform label space. Copyright © 2010, Juniper Networks, Inc.
Page 296: Synchronization Behavior During Graceful Restart
You can configure the hello interval to establish how frequently the node sends hello messages. Hello messages are exchanged when an LSP is set up and are stopped when the last LSP between the two peers goes away. Copyright © 2010, Juniper Networks, Inc.
Page 297: Hello Message Objects
Peer A sends a hello request to Peer B. The request object contains the following: Source instance = 5 (generated by Peer A for this adjacency) Destination instance = 0 (because it has never exchanged messages with Peer B) Copyright © 2010, Juniper Networks, Inc.
Page 298: Determination That A Peer Has Reset
If the requesting peer advertises a wrong value in the destination instance field of the request message, then the acknowledging peer treats the requesting peer as if communication has been lost. Copyright © 2010, Juniper Networks, Inc.
Page 299: Behavior Of Both Peers
MPLS forwarding state during the restart, the LSR advertises a recovery time of zero. Both the restarting router and neighboring GR helper routers save the restart and recovery times that they receive from their peers. Copyright © 2010, Juniper Networks, Inc.
Page 300: Restarting Behavior
(RSB) shared with the restarting router until a corresponding path message is received from the restarting router. During the recovery period, the restarting router checks for the state associated with an incoming path message. If the RSVP-TE state already exists, the restarting router handles Copyright © 2010, Juniper Networks, Inc.
Page 301: Preservation Of An Established Lsp Label
RSVP-TE links and detect link failures. The node hello sessions are established by the exchange of hello messages in which node IDs are used for the source and destination addresses in the hello packets. The Copyright © 2010, Juniper Networks, Inc.
Page 302: Bfd Protocol And Rsvp-Te Overview
Without BFD, RSVP-TE can learn about adjacency failures by either of two methods. If RSVP-TE hellos are configured, then hello message timeouts indicate a failure. If hellos are not configured, then RSVP-TE learns about failures from resv and path messages. Copyright © 2010, Juniper Networks, Inc.
Page 303: Tunneling Model For Differentiated Services Overview
PHB of an incoming packet. With the short pipe model, the tunnel egress uses an inner header that is used for forwarding. With the pipe model, the outermost label is always used. Because of this, you cannot use PHP with the pipe model. Copyright © 2010, Juniper Networks, Inc.
Page 304: Uniform Model
This behavior enables the EXP bits value to be copied to outgoing labels, used to reset the traffic class/color combination on the egress module, or both. Copyright © 2010, Juniper Networks, Inc.
Page 305: Outgoing Traffic
EXP bits than do the outer labels. For example, in a VPN you might want the inner label’s EXP bits value to be the copied IP precedence Copyright © 2010, Juniper Networks, Inc.
Page 306: Figure 59: Flow For Initial Setting Of Exp Bits For The First Label Pushed
Figure 59: Flow for Initial Setting of EXP Bits for the First Label Pushed Figure 59 on page 270 shows how packet type and configuration determine how the EXP bits are set for the first label pushed. Copyright © 2010, Juniper Networks, Inc.
Page 307: Point-To-Multipoint Lsps Overview
(between ASs). Although you can use point-to-point LSPs to provide point-to-multipoint services, this type of configuration can cause data replication at the ingress LSR or duplicate traffic Copyright © 2010, Juniper Networks, Inc.
Page 308: Using E Series Routers As Egress Lsrs
Figure 61 on page 273 shows a point-to-multipoint LSP with multiple egress LSRs. The multicast source sends a packet to the ingress router, LSR 1, which in turn sends the packet on the point-to-multipoint LSP to the branch router, LSR 2. The branch router, Copyright © 2010, Juniper Networks, Inc.
Page 309: Figure 61: Simple Mpls Domain
NOTE: You cannot use E Series routers as core or ingress LSRs. You need to use Juniper Networks routers running Junos OS to function as core or ingress LSRs in the point-to-multipoint LSP. Figure 61: Simple MPLS Domain...
Page 311: Configuring Mpls
Configuring MPLS and Differentiated Services on page 304 Configuring the Tunneling Model for Differentiated Services on page 305 Configuring EXP Bits for Differentiated Services on page 305 Example Differentiated Services Application and Configuration on page 305 Copyright © 2010, Juniper Networks, Inc.
Page 312: Basic Mpls Configuration Tasks
Table 55 on page 276. Table 55: Configuration Tasks by Type of Network Traffic Engineering Topology-Driven Network Task Set Network (Best-Effort, Hop-by-Hop, LDP) Global Interface Profile Optional Optional Interface Tunnel Tunnel Profile Copyright © 2010, Juniper Networks, Inc.
Page 313: Mpls Global Configuration Tasks
EXP bits when the router acts as an LER. host1(config)#mpls copy-upc-to-exp (Optional) Specify whether the EXP bits for VPN MPLS labels can be modified by EXP bit mapping or by policy for differentiated services. host1(config)#mpls preserve-vpn-exp Copyright © 2010, Juniper Networks, Inc.
Page 314: Ldp Global Tasks
(Optional) Configure the interval at which LDP sends session keepalive messages. host1(config)#mpls ldp session keepalive-time 180 (Optional) Specify an IP address to be advertised to peers as the transport address in discovery hello messages. Copyright © 2010, Juniper Networks, Inc.
Page 315: Rsvp-Te Global Tasks
(Optional) Configure a global RSVP-TE profile that specifies the timeout period in milliseconds between generation of RSVP refresh messages, the number of refresh messages that can be lost before the PATH or RESV state is ended, or both. host1(config)#mpls rsvp interface profile rsvp4 host1(config-rsvp)#refresh-period 60000 Copyright © 2010, Juniper Networks, Inc.
Page 316: Ldp And Rsvp-Te Interface Profile Configuration Tasks
(Optional) Configure the egress router to advertise the explicit null label. host1(config)#mpls rsvp egress-label explicit-null LDP and RSVP-TE Interface Profile Configuration Tasks The interface profile configuration tasks are optional tasks you may need to perform to configure your network’s label distribution options. Copyright © 2010, Juniper Networks, Inc.
Page 317: Ldp Interface Profile Configuration Tasks And Commands
NOTE: Loop detection is always enabled in the JunosE MPLS implementation. Your choice of label distribution protocol determines whether the LDP or RSVP-TE interface configuration tasks are appropriate for your network design. Copyright © 2010, Juniper Networks, Inc.
Page 318: Mpls Interface Tasks
(Optional) Suppress transmission of link hello messages to all LSRs. host1(config-if)#mpls ldp link-hello disable RSVP-TE Interface Tasks To configure RSVP-TE on the interface: Start RSVP-TE on the interface. Using the default values (an implicit default profile): host1(config-if)#mpls rsvp Copyright © 2010, Juniper Networks, Inc.
Page 319: Mpls Tunnel Configuration Tasks
(Optional) Specify a tunnel metric to be used by an IGP in its SPF calculation. host1(config-if)#tunnel mpls autoroute metric absolute 100 (Optional) Configure the path options used for the tunnel. host1(config-if)#tunnel mpls path-option 3 dynamic isis (Optional) Configure the bandwidth required for the tunnel. Copyright © 2010, Juniper Networks, Inc.
Page 321: Mpls Tunnel Profile Configuration Tasks
100 host1(config-tunnelprofile)#tunnel mpls no-route retry-time 45 host1(config-tunnelprofile)#tunnel mpls retries 250 host1(config-tunnelprofile)#tunnel mpls retry-time 65 (Optional) Associate a text description with the tunnel. host1(config-tunnelprofile)#tunnel mpls description southshore Configure the tunnel endpoint. Copyright © 2010, Juniper Networks, Inc.
Page 322: Configuring Explicit Routing For Mpls
LSP takes is defined by the ingress node. The path consists of a series of hops defined by the ingress LSR. Each hop can be a traditional interface, an autonomous system, or an LSP. Copyright © 2010, Juniper Networks, Inc.
Page 323: Defining Configured Explicit Paths
After you have defined a configured explicit path, you can configure the path on a tunnel. To configure explicit routing on a tunnel: Create an MPLS tunnel. host1(config)#interface tunnel mpls:1 Set the path option. host1(config-if)#tunnel mpls path-option 1 explicit name xyz Copyright © 2010, Juniper Networks, Inc.
Page 324: Configuring Dynamic Explicit Paths On A Tunnel
FEC. Only a single label is advertised for this FEC. LDP maintains this aggregation as the advertisement traverses the network, if possible. Consider the topology shown in Figure 62 on page 289. Copyright © 2010, Juniper Networks, Inc.
Page 325: Configuring Ldp Graceful Restart
LDP graceful restart if stateful SRP switchover is not configured on the router, the graceful restart capability will not function. To configure LDP graceful restart: Enable LDP graceful restart and graceful restart helper mode. Copyright © 2010, Juniper Networks, Inc.
Page 326: Configuring Ldp Autoconfiguration
To configure LDP autoconfiguration to ensure that LDP is configured on all interfaces running the IGP: Specify whether LDP is created automatically on the current interface or all interfaces: Create LDP on all interfaces in the IGP router context Copyright © 2010, Juniper Networks, Inc.
Page 327: Configuring Ldp-Igp Synchronization
Configuring LDP MD5 Authentication LDP MD5 authentication provides protection against spoofed TCP segments that can be introduced into the connection streams for LDP sessions. Authentication is configurable for both directly connected and targeted peers. Copyright © 2010, Juniper Networks, Inc.
Page 328: Controlling Ldp Label Distribution
If the destination matches, labels are advertised to peers subject to any specified neighbor address list. If either access list is not matched, the labels are not advertised. Copyright © 2010, Juniper Networks, Inc.
Page 329: Additional Rsvp-Te Configuration Tasks
See “Configuring RSVP-TE Graceful Restart” on page 299. Configure the exchange of RSVP-TE node hellos on all RSVP-TE interfaces. See “Configuring RSVP-TE Hellos Based on Node IDs” on page 299. Configure the BFD Protocol for RSVP-TE. Copyright © 2010, Juniper Networks, Inc.
Page 330: Configuring Rsvp Md5 Authentication
If the sequence number is valid, then the RSVP message is authenticated and forwarded for normal RSVP processing. Unauthenticated messages are discarded. To configure RSVP-TE MD5 authentication: Assign a key to the interface for MD5 authentication between RSVP peers. host1(config-if)#mpls rsvp authentication key 34udR973j Copyright © 2010, Juniper Networks, Inc.
Page 331: Configuring Rsvp-Te Fast Rerouting With Rsvp-Te Bypass Tunnels
The bypass tunnel naturally protects all LSPs that share the bypassed link (the LSP segment from the PLR to the downstream node) and that have requested protection. Consider the network shown in Figure 63 on page 296. Copyright © 2010, Juniper Networks, Inc.
Page 332: Configuration Example
However, the link being protected by the bypass tunnel must not be in the path if you specify an explicit path. Configuration Example The following steps show a partial configuration using the topology in Figure 63 on page 296: Copyright © 2010, Juniper Networks, Inc.
Page 333: Fast Reroute Over Sonet/Sdh
The RSVP-TE hello feature enables RSVP-TE peers to exchange hello messages and establish a hello adjacency. The peers use the adjacency to verify reachability. When a peer is no longer reachable, the LSPs that traverse the neighbor are torn down. Copyright © 2010, Juniper Networks, Inc.
Page 335: Configuring Rsvp-Te Graceful Restart
You can configure the exchange of node-ID–based RSVP-TE hellos (node hellos) for interoperability with routers that cannot support RSVP-TE graceful restart with link-based hellos. E Series routers use node hellos only to support their graceful restart capabilities. Copyright © 2010, Juniper Networks, Inc.
Page 336: Configuring The Bfd Protocol For Rsvp-Te
NOTE: Before the router can use the mpls rsvp bfd-liveness-detection command, you must specify a BFD license key. To view an already configured license, use the show license bfd command. To enable BFD (bidirectional forwarding detection) on an RSVP-TE major interface: Copyright © 2010, Juniper Networks, Inc.
Page 337: Configuring Igps And Mpls
You can use the tunnel mpls autoroute announce command to configure a tunnel to announce its endpoint to IS-IS or OSPF so that the IGP can then use the LSP as a shortcut to a destination based on the LSP’s metric. Copyright © 2010, Juniper Networks, Inc.
Page 338 OSPF uses this metric in its SPF calculations for traffic to the tunnel endpoint as well as beyond the endpoint. Traffic is routed through this LSP only when the other calculated paths have higher metrics. Copyright © 2010, Juniper Networks, Inc.
Page 339: Configuring The Igps For Traffic Engineering
See JunosE IP, IPv6, and IGP Configuration Guide for more information about enabling OSPF to support traffic engineering and monitoring OSPF traffic engineering For information about BGP and MPLS, see Configuring BGP-MPLS Applications on page 385 metric-style narrow metric-style transition metric-style wide Copyright © 2010, Juniper Networks, Inc.
Page 340: Configuring Mpls And Differentiated Services
See “Configuring EXP Bits for Differentiated Services” on page 305. Configure differentiated services in a sample topology. See “Example Differentiated Services Application and Configuration” on page 305. Classify traffic In a differentiated services domain. Copyright © 2010, Juniper Networks, Inc.
Page 341: Configuring The Tunneling Model For Differentiated Services
Example Differentiated Services Application and Configuration Figure 64 on page 306 shows an example topology where a service provider offers the following differentiated services to its customers over its MPLS network: Copyright © 2010, Juniper Networks, Inc.
Page 342: Differentiated Services Configuration Example
It is acceptable that fabric queuing is based on the incoming base label's EXP. Figure 64: Differentiated Services over an MPLS Network Differentiated Services Configuration Example To configure the differentiated services described in this example: Copyright © 2010, Juniper Networks, Inc.
Page 343 You must attach a policy to the core-side IP interface to set the UPC value of the control traffic appropriately so that the EXP bits value is copied from the UPC when this traffic goes out as MPLS packets. host1(config)#ip classier-list control-traffic-prec0 … Copyright © 2010, Juniper Networks, Inc.
Page 344: Classifying Traffic For Differentiated Services
Table 56 on page 309 indicates how the PSC (column 1) is combined with the EXP field (column 2) to determine the PHB for incoming traffic on L-LSPs. Copyright © 2010, Juniper Networks, Inc.
Page 345: Table 56: Incoming L-Lsp Phb Determination
For outgoing L-LSPs, the EXP is determined by the PHB. Table 58 on page 309 indicates the PHB-to-EXP mapping for outgoing traffic on L-LSPs. Table 58: Outgoing L-LSP PHB Determination EXP Field AFn1 AFn2 AFn3 Copyright © 2010, Juniper Networks, Inc.
Page 346: Configuring Static Exp-To-Phb Mapping
For transit routers and egress routers along the path of the LSP, the incoming EXP bits are matched to determine the traffic class and drop preference (color red, yellow, or Copyright © 2010, Juniper Networks, Inc.
Page 347: Figure 65: Associations Between Phb Id, Exp Bits, And Traffic
JunosE Software at the appropriate routers along the path. Figure 65: Associations Between PHB ID, EXP Bits, and Traffic Classes/Colors Figure 66 on page 312 shows the operations performed at ingress, transit, and egress systems during signaled mapping sessions. Copyright © 2010, Juniper Networks, Inc.
Page 348: Figure 66: Signaled Mapping
To create or modify an MPLS policy: Issue the mpls policy-list command. host1(config)#mpls policy-list mpls-exp-setting To enable collection of policy statistics for a tunnel or LSP. Collection is disabled by default. Issue the mpls policy-statistics command. host1#mpls policy-statistics boston2dc Copyright © 2010, Juniper Networks, Inc.
Page 349: Preference Of Per-Vr Versus Per-Lsp Behavior
Table 59 on page 313 presents the mapping between EXP bits, PHB, PHB ID, and traffic class/color combination. Table 59: Differentiated Services Mapping Traffic PHB ID 6-bit PHB ID Class/Color 0x0000 best-effort/green AF11 0x2800 af1/green AF12 0x3000 af1/yellow Copyright © 2010, Juniper Networks, Inc.
Page 350 Create queue profiles to define how queues are instantiated to implement the corresponding traffic classes and PHBs. The JunosE Software automatically creates the best-effort queue profiles. host1(config)#queue-profile af1-queues [Queue configuration omitted] host1(config)#queue-profile af2-queues [Queue configuration omitted] host1(config)#queue-profile ef-queues [Queue configuration omitted] Copyright © 2010, Juniper Networks, Inc.
Page 351: Configuration On The Ingress Router
Define a policy that maps the selected packets into traffic classes. For the assured forwarding classes, this example uses rate limit profiles to set the colors. host1(config)#policy-list classify-packets host1(config-policy-list)#traffic-class best-effort classifier-group bf-packets host1(config-policy-list)#traffic-class ef classifier-group ef-packets Copyright © 2010, Juniper Networks, Inc.
Page 352: Configuration On The Ingress And Transit Routers
0 classifier-group be-green host1(config-policy-list)#mark 1 classifier-group af1-green host1(config-policy-list)#mark 2 classifier-group af1-yellow host1(config-policy-list)#mark 3 classifier-group af1-red host1(config-policy-list)#mark 4 classifier-group af2-green host1(config-policy-list)#mark 5 classifier-group af2-yellow host1(config-policy-list)#mark 6 classifier-group af2-red host1(config-policy-list)#mark 7 classifier-group ef-green Copyright © 2010, Juniper Networks, Inc.
Page 353: Configuration On The Transit And Egress Routers
EXP bits back according to the traffic class/color combination. Typically, the effect of the EXP bits to traffic class/color combination to EXP bits is no change. Copyright © 2010, Juniper Networks, Inc.
Page 354: Configuring Point-To-Multipoint Lsps
The IP interface on which the packet arrives must be an IGMP-owned interface. An IGMP-owned interface refers to an interface in which IGMP is the only multicast protocol enabled. The actual route to the source must be through an IGMP-owned interface. Copyright © 2010, Juniper Networks, Inc.
Page 355 LSP by using the ip multicast-routing disable-rpf-check command. For more information, see Enabling and Disabling RPF Checks in the JunosE Multicast Routing Configuration Guide. Related Point-to-Multipoint LSPs Overview on page 271 Documentation show mpls tunnels Copyright © 2010, Juniper Networks, Inc.
Page 357: Monitoring Mpls
Monitoring LDP Interfaces on page 335 Monitoring LDP Neighbors on page 337 Monitoring LDP Profiles on page 340 Monitoring LDP Statistics on page 340 Monitoring LDP Targeted Hello Receive and Send Lists on page 343 Copyright © 2010, Juniper Networks, Inc.
Page 358: Setting The Baseline For Mpls Statistics
Enabling Statistics Collection for Policies Attached to MPLS Tunnels on page 324 Setting a Baseline for MPLS Major Interface Statistics To set a statistics baseline for MPLS major interfaces: Issue the baseline mpls interface command for a specific MPLS major interface. Copyright © 2010, Juniper Networks, Inc.
Page 359: Enabling And Setting A Baseline For Mpls Forwarding Table Statistics
Issue the mpls statistics next-hop command to enable the statistics for a specific MPLS next hop. host1#mpls statistics next-hop 1046 Issue the baseline mpls next-hop command for a specific MPLS next hop. host1#baseline mpls next-hop 1046 Copyright © 2010, Juniper Networks, Inc.
Page 360: Setting A Baseline For Mpls Tunnel Statistics
Clearing and Re-Creating Dynamic Interfaces from MPLS Major Interfaces To remove and re-create dynamic IPv4 interfaces and dynamic IPv6 interfaces from all MPLS major interfaces or a specific MPLS major interface: Issue the clear mpls dynamic-interfaces on-major-interfaces command: host1#clear mpls dynamic-interfaces on-major-interfaces Copyright © 2010, Juniper Networks, Inc.
Page 361: Clearing And Refreshing Ipv4 Dynamic Routes In The Tunnel Routing Table
ICMP extensions enable LSRs to append MPLS header information (the label stack) to ICMP destination unreachable and time exceeded messages. This sample output shows the label and EXP bits used to switch the ICMP packets. Copyright © 2010, Juniper Networks, Inc.
Page 362: Monitoring Atm Vcs And Vpi/Vci Ranges Used For Mpls
Table 60 on page 326 lists the show atm vc command output fields. Table 60: show atm vc Output Fields Field Name Field Description Interface Interface type and number Virtual path identifier Virtual channel identifier Virtual circuit descriptor Copyright © 2010, Juniper Networks, Inc.
Page 363: Monitoring Global Call Admission Control Configuration
Monitoring Interfaces Configured with Traffic Engineering Bandwidth Accounting Purpose Display interfaces on which traffic engineering bandwidth accounting is configured. Action To display information about CAC interfaces: host1#show cac interface atm2/0 bandwidth 10 kbps IP/MPLS reserveable bw 10 kbps Copyright © 2010, Juniper Networks, Inc.
Page 364: Monitoring Virtual Router Configuration
Bandwidth in Kbps that is available at each priority level in the range levels 0–7 Related show cac interface Documentation Monitoring Virtual Router Configuration Purpose Display the configuration of all virtual routers or a specific virtual router. Action To display VR configuration: Copyright © 2010, Juniper Networks, Inc.
Page 365: Monitoring Ip And Ipv6 Tunnel Routing Tables
200.200.200.1/32 Type: Ldp Distance: 110 Metric: 2 Tag: 0 Class: 0 MPLS next-hop: 3, label 18 on ATM5/1.1 (ip19000003.mpls.ip), nbr 111.111.1.1 To display detailed information about all IPv6 tunnel routes beginning with address ::21.21.21.0/126: host1:pe1:pe11# show ipv6 tunnel-route ::21.21.21.0/126 detail all Protocol/Route type codes: Copyright © 2010, Juniper Networks, Inc.
Page 366: Monitoring Ldp
Monitoring LDP Purpose Display information about LDP. Action To display LDP information: host1#show ldp LSR ID is 80.0.0.2 FEC Deaggregation is off Egress label: implicit-null Label distribution control mode: ordered control Copyright © 2010, Juniper Networks, Inc.
Page 367: Table 63: Show Ldp Output Fields
Indicates whether the LSPs that are used for IP forwarding are host only, subject to a specified access list, or subject to a specified prefix list. LDP proto stats LDP protocol statistics Copyright © 2010, Juniper Networks, Inc.
Page 368: Monitoring Mpls Label Bindings
25 neighbor 10.9.1.3 10.1.1.1/32 10001 neighbor 10.3.11.2 20001 neighbor 10.3.11.2 10.2.2.2/32 10002 neighbor 10.4.12.2 stale 20002 neighbor 10.4.12.2 stale 10.3.3.3/32 10005 neighbor 10.4.12.2 stale 20003 neighbor 10.4.12.2 stale 10.4.12.0/30 10003 neighbor 10.5.5.2 20004 neighbor 10.5.5.2 Copyright © 2010, Juniper Networks, Inc.
Page 369: Monitoring Ldp Graceful Restart
Peer 80.0.1.1:0, State: operational, Restarter Mode: disabled, Helper Mode: enabled Peer 80.0.3.3:0, State: operational, Restarter Mode: disabled, Helper Mode: enabled NOTE: The mpls keyword is optional and is provided for compatibility with non–E Series implementations. Copyright © 2010, Juniper Networks, Inc.
Page 370: Monitoring Interfaces That Are Synchronizing With Ldp
State of LDP, configured, auto-configured, or not configured SYNC status State of synchronization, enabled or disabled IGP holddown time Value of IGP hold down time, infinite or number of milliseconds Peer LDP Ident IP address of LDP peer Copyright © 2010, Juniper Networks, Inc.
Page 371: Monitoring Ldp Interfaces
Table 67 on page 335 lists the show ldp interface command output fields. Table 67: show ldp interface Output Fields Field Name Field Description Interface Identifier of the interface autoconfigured LDP has been autoconfigured on the interface Copyright © 2010, Juniper Networks, Inc.
Page 372 Number of label release messages received or received bad or sent withdraw Number of label withdraw messages received or received bad or sent addr Number of address messages received or received bad or sent Copyright © 2010, Juniper Networks, Inc.
Page 373: Monitoring Ldp Neighbors
Number of next-hop addresses received = 3 10.0.2.2 100.6.12.2 100.6.23.2 Number of adjacencies = 1 Link Hello adjacency: address 10.6.12.2, transport 10.0.2.2, Up for 00:20:09, remaining hold time: 11 sec To display brief information about all LDP neighbors: Copyright © 2010, Juniper Networks, Inc.
Page 375: Table 68: Show Ldp Neighbor Output Fields
Number of notification messages received and sent Address Number of address messages received and sent Address withdraw Number of address withdraw messages received and sent Label mapping Number of label mapping messages received and sent Copyright © 2010, Juniper Networks, Inc.
Page 376: Monitoring Ldp Profiles
Number of attempts that will be made to set up an MPLS LDP session Related show ldp profile Documentation Monitoring LDP Statistics Purpose Display statistics for LDP on the current virtual router. Action To display all LDP statistics: Copyright © 2010, Juniper Networks, Inc.
Page 377: Table 70: Show Ldp Statistics Output Fields
Table 70: show ldp statistics Output Fields Field Name Field Description Hello Number of hello messages received and sent Initialization Number of initialization messages received and sent Keepalive Number of keepalive messages received and sent Copyright © 2010, Juniper Networks, Inc.
Page 378 Number of malformed PDU events Malformed message Number of malformed message events Unknown message type Number of unknown message type events Inappropriate message Number of inappropriate message events Malformed tlv Number of inappropriate message events Copyright © 2010, Juniper Networks, Inc.
Page 379: Monitoring Ldp Targeted Hello Receive And Send Lists
Configuration Guide for more information about layer 2 over MPLS Targeted session statically created by user Targeted session created by access list Used By Letter representing source of targeted session Related show ldp targeted session Documentation Copyright © 2010, Juniper Networks, Inc.
Page 380: Monitoring Mpls Status And Configuration
Recovery time 120000 milliseconds Additional detail shown when RSVP-TE graceful restart helper mode is enabled: RSVP is enabled Graceful restart is ON (helper mode) Meaning Table 72 on page 345 lists the show mpls command output fields. Copyright © 2010, Juniper Networks, Inc.
Page 381: Table 72: Show Mpls Output Fields
Indicates whether the LSPs that are used for IP forwarding are host only, subject to a specified access list, or subject to a specified prefix list. Copyright © 2010, Juniper Networks, Inc.
Page 382: Monitoring Mpls Explicit Paths
1: next-address 60.60.60.2 2: next-address 40.40.40.1 not referenced by any options To display information about the MPLS explicit path named rx1-path2: host1:pe2#show mpls explicit-paths name rx1-path2 path name/identifier rx1-path2 enabled Copyright © 2010, Juniper Networks, Inc.
Page 383: Monitoring The Rsvp-Te Bypass Tunnels
Interface type and specifier of the outgoing interface, and the label associated with that interface BackupIntf / Label Interface type and specifier of the backup interface, and the label associated with that interface Backup Status Status of backup protection (bypass) for the LSP Copyright © 2010, Juniper Networks, Inc.
Page 384: Monitoring Mpls Labels Used For Forwarding
Spoof check Type and location of spoof checking performed on the MPLS packet, router or interface Action Action taken for MPLS packets arriving with that label in pkts Number of packets sent with the label Copyright © 2010, Juniper Networks, Inc.
Page 385: Monitoring Mpls Interfaces
Hellos are on with an interval of 10000 and miss limit of 4 Hello settings are not inherited MPLS minor interface pe1-to-pe2 (transmit) Stacked on MPLS major ATM2/0.10 Operational state is up Sent: 0 packets 0 bytes Copyright © 2010, Juniper Networks, Inc.
Page 386 = 00:00:05, last hello sent time = 00:00:05 MPLS Statistics: Rcvd: 0 failed lbl lookup, 0 octets, 0 hcOctets 0 pkts, 0 hcPkts, 0 errors, 0 discards Sent: 0 octets, 0 hcOctets, 0 pkts Copyright © 2010, Juniper Networks, Inc.
Page 387 Upper IPv4 interface is ip19000001.mpls.ip (UID 0x000000bf, FEC index 0x0000003f) No upper IPv4 VPN interface No upper IPv6 interface No upper IPv6 VPN interface Condensed location is 0x00020000 Received: 0 packets 0 bytes 0 errors 0 discards Copyright © 2010, Juniper Networks, Inc.
Page 388 MPLS major interfaces Admin Oper Interface state state --------- ------- ----- ATM2/0.10 enabled MPLS shim interfaces Remote-PE Virtual Load Circuit Balancing Admin Oper Interface LSP-name Group state state --------- --------- ------- --------- ----- ----- Copyright © 2010, Juniper Networks, Inc.
Page 389: Table 76: Show Mpls Interface Output Fields
IP address of IP interfaces and session status interface Condensed location Internal, platform-dependent, 32-bit representation of the interface location, used by Juniper Networks Customer support for troubleshooting. label alloc Number of labels allocated and advertised to this peer label learned...
Page 390 Number of packets that are discarded due to lack of buffer space at receipt or before being sent adjacency Number of adjacencies currently established session Number of sessions currently established accum adjacency Cumulative total number of adjacencies established since interface is up Copyright © 2010, Juniper Networks, Inc.
Page 391: Monitoring Mpls Minor Interfaces
To display detailed information about MPLS minor interfaces: host1:pe1#show mpls minor-interface detail MPLS minor interface pe1-to-pe2 (transmit) Stacked on MPLS major ATM2/0.10 Operational state is up MPLS minor interface UID is 0x1a000001 Lower MPLS major interface UID is 0x19000001 Sent: Copyright © 2010, Juniper Networks, Inc.
Page 392: Monitoring Mpls Next Hops
MPLS next-hop: index 22, ECMP next-hop, leg count 2 MPLS next-hop: index 20, label 36 on FastEthernet1/1.120, neighbor 10.120.120.1 MPLS next-hop: index 21, label 36 on ATM2/1.20, neighbor 10.20.20.1 Statistics are not collected for MPLS ECMP next-hops Copyright © 2010, Juniper Networks, Inc.
Page 393: Monitoring The Configured Mapping Between Phb Ids And Traffic Class/Color Combinations
To display the mapping between PHB IDs and traffic class/color combinations: host1#show mpls phb-id Mpls PHB-ID traffic-class/color mappings: -------- ------ ------------- ----------- ----- ------ standard phb-id traffic-class best-effort color green private phb-id traffic-class best-effort color yellow Copyright © 2010, Juniper Networks, Inc.
Page 394: Monitoring Rsvp-Te Profiles And Mpls Tunnel Profiles
2 path to be dynamically calculated by isis destinations include: 1.1.1.1 2.2.2.2 3.3.3.3 ISIS Level 2 routers OSPF border routers Meaning Table 80 on page 359 lists the show mpls profile command output fields. Copyright © 2010, Juniper Networks, Inc.
Page 395: Monitoring Rsvp Path State Control Blocks, Reservation State Control Blocks
Max Packet Size 0 Flags : InUse RroRequired PathRefreshSent To display reservation state control blocks for an ingress session: host1#show mpls rsvp rsb RSB: Timeout 157500 label 1/33 Flags : InUse StyleConverted To display RSVP-TE session information: Copyright © 2010, Juniper Networks, Inc.
Page 396: Table 81: Show Mpls Rsvp Output Fields
Table 81 on page 360 lists the show mpls rsvp command output fields. Table 81: show mpls rsvp Output Fields Field Name Field Description Path state control block Reservation state control block Sender IP address of PSB or RSB sender LSPId ID of LSP Copyright © 2010, Juniper Networks, Inc.
Page 397 Indicates presence of this QoS object IN ERO Incoming explicit route object OUT ERO Outgoing explicit route object SES ATTR RSVP session attributes Setup Pri Setup priority of tunnel Hold Pri Hold priority of tunnel Copyright © 2010, Juniper Networks, Inc.
Page 398 Label has changed PSB Flag Reservation refresh needed ResvRefreshNeeded PSB Flag Path refresh needed PathRefreshNeeded PSB Flag RroRequired Record route object required PSB Flag Egress Session is egress PSB Flag PathRefreshSent Path refresh sent Copyright © 2010, Juniper Networks, Inc.
Page 399: Monitoring Rsvp Md5 Authentication
RSVP Authentication Secure Association with peer 102.2.2.2 Receive Sequence Number 4592798942692985934 Mpls interface ATM6/0.3 RSVP Authentication Secure Association with peer 10.2.2.2 Receive Sequence Number 4592798942692985956 Meaning Table 82 on page 364 lists the show mpls rsvp authentication command output fields. Copyright © 2010, Juniper Networks, Inc.
Page 400: Monitoring Rsvp-Te Interfaces Where Bfd Is Enabled
BFD control packets from the remote peer Minimum Tx-Interval Minimum transmit interval in milliseconds; interval at which the local peer proposes to transmit BFD control packets to the remote peer Copyright © 2010, Juniper Networks, Inc.
Page 401: Monitoring Rsvp-Te Interface Counters
Number of path messages received on the interface Path Error Sent Number of patherror messages sent on the interface Path Error Rcvd Number of patherror messages received on the interface Path Tear Sent Number of pathtear messages sent on the interface Copyright © 2010, Juniper Networks, Inc.
Page 402 Path Triggers Number of locally triggered path messages Resv Triggers Number of locally triggered resv messages Forwarded Pkts RSVP control packets that are forwarded through the router Hello Sent Number of hello messages sent Copyright © 2010, Juniper Networks, Inc.
Page 403: Monitoring Rsvp-Te Graceful Restart
Table 85: show mpls rsvp hello graceful restart Output Fields Field Name Field Description Graceful-restart State of graceful restart, ON or Off Warning State of graceful restart attributes Restart time Graceful restart time, in milliseconds Recovery time Graceful restart recovery time, in milliseconds Copyright © 2010, Juniper Networks, Inc.
Page 404: Monitoring Rsvp-Te Hello Adjacency Instances
Table 86 on page 368 lists the show mpls rsvp hello instance command output fields. Table 86: show mpls rsvp hello instance Output Fields Field Name Field Description Peer Address Address of the peer in the RSVP-TE hello adjacency Interface Specifier and status of each interface Copyright © 2010, Juniper Networks, Inc.
Page 405 Nonzero 32-bit value that represents the sender's hello instance. The value is maintained on a per-neighbor basis. This instance value changes only when the sending peer resets, when the sender’s router reboots, or when communication is lost between the hello adjacency peers. Copyright © 2010, Juniper Networks, Inc.
Page 406: Monitoring Status And Configuration For Mpls Tunnels
(Global) interval 5 during Lsp setup if there is route (Global) Retry forever at (Global) interval 5 during Lsp setup if there is no route metric is relative 0 phb-id 2 path option 2 Copyright © 2010, Juniper Networks, Inc.
Page 407: Table 87: Show Mpls Tunnels Output Fields
PHB ID supported by this tunnel; for E-LSPs an additional exp-bits entry is displayed after the phb-id entry pkts Number of packets sent across tunnel hcPkts Number of high-capacity (64-bit) packets sent across tunnel octets Number of octets sent across tunnel Copyright © 2010, Juniper Networks, Inc.
Page 408: Verifying And Troubleshooting Mpls Connectivity
Tracing the Path of an MPLS Echo Request Packet to an RSVP-TE Tunnel on page 374 Sending an MPLS Echo Request Packet to a VPLS Instance on page 374 Tracing the Path of an MPLS Echo Request Packet to a VPLS Instance on page 374 Copyright © 2010, Juniper Networks, Inc.
Page 409: Sending An Mpls Echo Request Packet To An Ip Or Ipv6 Address
Issue the trace mpls l3vpn command. host1:pe1#trace mpls l3vpn vrf pe11 10.2.3.21/32 Sending an MPLS Echo Request Packet to an RSVP-TE Tunnel To send an MPLS echo request packet to the specified RSVP-TE tunnel: Copyright © 2010, Juniper Networks, Inc.
Page 410: Tracing The Path Of An Mpls Echo Request Packet To An Rsvp-Te Tunnel
Figure 67 on page 375 shows a sample IPv4/IPv6 L3VPN topology with LDP or RSVP-TE base tunnels. Two base tunnels (one in each direction) are present between 10.1.1.1 and 10.2.2.2. The packet flow examples that follow refer to this sample topology. Copyright © 2010, Juniper Networks, Inc.
Page 411: Packet Flow Examples For Mpls Lsps To An Ip Prefix
The following example illustrates the packet flow that results when you issue the ping mpls ip command from router PE 1 (10.1.1.1) to router PE 2 (10.2.2.2) over an LDP base tunnel. host1:pe1#ping mpls ip 10.2.2.2/32 Copyright © 2010, Juniper Networks, Inc.
Page 412 Success rate = 100% (5/5), round-trip min/avg/max = 4294967295/4/0 ms host1:pe1#ping mpls ip 10.2.2.2/32 detail Sending 5 UDP echo requests for LDP IPv4 prefix, timeout = 2 sec MplsNextHopIndex 32 handle 8073311 '!' - success, 'Q' - request not transmitted, Copyright © 2010, Juniper Networks, Inc.
Page 413: Packet Flow Example For The Trace Mpls Command
The Interface and Label Stack TLV is included in the echo reply packet. The MPLS echo reply packet is sent back as a labeled UDP packet with the following attributes: Source address 10.3.3.3 Destination address 10.1.1.1 Copyright © 2010, Juniper Networks, Inc.
Page 414: Packet Flows For Ping And Trace To L3Vpn Ipv4 Prefixes
PE 1 to the IPv4 prefix 10.99.99.21/32. For validation at the remote end, the source address of the echo request packet must be the same as the update-source address of BGP peer. host1:pe1#ping mpls l3vpn vrf pe11 10.99.99.21/32 Copyright © 2010, Juniper Networks, Inc.
Page 415 Figure 67 on page 375. host1:pe1:pe11#ip8:pe1#trace mpls l3vpn 10.99.99.21/32 detail Tracing VPN IPv4 prefix, timeout = 2 sec, Max TTL 32 MplsNextHopIndex 73 handle 8073322 Copyright © 2010, Juniper Networks, Inc.
Page 416: Inter-As Topology
LSP and an echo reply can be sent back to the source. However, in an inter-AS topology, this behavior might result in premature termination of the ping or trace. You can use the bottom-label-ttl keyword to avoid this problem. Copyright © 2010, Juniper Networks, Inc.
Page 417: Packet Flows To L3Vpn Ipv6 Prefixes
Circuit on page 382 Troubleshooting MTU Problems in a Point-to-Point MPLS LSP Associated with an RSVP-TE Tunnel on page 382 Troubleshooting MTU Problems in a Point-to-Point MPLS LSP Associated with a VPLS Instance on page 382 Copyright © 2010, Juniper Networks, Inc.
Page 418: Troubleshooting Mtu Problems In A Point-To-Point Mpls Lsp Associated With An Ip Or Ipv6 Address
MPLS packets to be discarded owing to the size of the packet exceeding the MTU size: Issue the trace mpls vpls command with the data-size keyword. host1:pe1#trace mpls vpls vplsA sender-site-id 1 remote-site-id 2 data-size 60 Copyright © 2010, Juniper Networks, Inc.
Page 419 Related ping mpls ip Documentation ping mpls l2transport ping mpls l3vpn ping mpls rsvp tunnel ping mpls vpls trace mpls ip trace mpls l2transport trace mpls l3vpn trace mpls rsvp tunnel trace mpls vpls Copyright © 2010, Juniper Networks, Inc.
Page 421: Configuring Bgp-Mpls Applications
NOTE: Before you read this chapter, we recommend you be thoroughly familiar with both BGP and MPLS. For detailed information about those protocols, see “Configuring BGP Routing” on page 3 and “Configuring MPLS” on page 275. Copyright © 2010, Juniper Networks, Inc.
Page 422: Address Families
“Configuring VPLS” on page 597. For a description of VPWS, see “Configuring VPWS” on page 659. Route-target—If you specify the route-target address family, you can configure the router to exchange route-target membership information to limit the number of routes Copyright © 2010, Juniper Networks, Inc.
Page 423: Equal-Cost Multipath Support
In a network that connects IPv6 islands across an IPv4 core, where a given IPv6 prefix is learned from multiple egress PEs running IPv6. Consider the simple ECMP scenario for a BGP/MPLS VPN shown in Figure 68 on page 388. Copyright © 2010, Juniper Networks, Inc.
Page 424: Bgp/Mpls Vpn Components
MPLS labels, whereas MPLS transports the data traffic. Figure 69 on page 389 shows a typical scenario. The service provider backbone comprises two types of routers: Provider edge routers (PE routers) Provider core routers (P routers) Copyright © 2010, Juniper Networks, Inc.
Page 425: Figure 69: Bgp/Mpls Vpn Scenario
A customer site is a network that can communicate with other networks in the same VPN. A customer site can belong to more than one VPN. Two sites can exchange IP packets with each other only if they have at least one VPN in common. Copyright © 2010, Juniper Networks, Inc.
Page 426: Figure 70: Bgp/Mpls Vpn Components
The VRFs are populated by BGP while it learns routes from the VPN. If a customer site is a member of multiple VPNs, the routes learned from all those VPNs populate the VRF associated with the site. Copyright © 2010, Juniper Networks, Inc.
Page 427: Vpn-Ipv4 Addresses
Configure the import list and the export list to include the same information: the set of VPNs comprising the sites associated with the VRF. For more complicated scenarios—for example, hub-and-spoke VPNs—the route-target import list and the route-target export list might not be identical. Copyright © 2010, Juniper Networks, Inc.
Page 428: Distribution Of Routes And Labels With Bgp
Run an IGP (such as IS-IS, OSPF, or RIP) between the CE router and the PE router. Configure static routes on the CE and PE routers (on the CE router this would typically be a default route). Copyright © 2010, Juniper Networks, Inc.
Page 429 FEC pointed to by a BGP route in a given VRF. However, some routes always receive a per-VRF label; see “Creating Labels per FEC” on page 443 for more information. Copyright © 2010, Juniper Networks, Inc.
Page 430: Figure 72: Standard And Extended Bgp Update Messages
MP-Reach-NLRI attribute, according to MP-BGP. The extended update also has the extended-communities attribute, which identifies the VPN to which the routes are advertised. In this example, the route target is 777:1001, identifying VPN A. Copyright © 2010, Juniper Networks, Inc.
Page 431: Platform Considerations
NOTE: IETF drafts are valid for only 6 months from the date of issuance. They must be considered as works in progress. Please refer to the IETF Web site at http://www.ietf.org for the latest drafts. Copyright © 2010, Juniper Networks, Inc.
Page 432: Transporting Packets Across An Ip Backbone With Mpls
If you display the in label on PE 2, you see that MP-BGP advertises a labeled VPN-IPv4 prefix of 10.24.0.0/16 with an in label of 16 (and an RD of 777:5, as shown in the illustration). host2:pe2#show ip bgp vpn all field in-label Prefix In-label Copyright © 2010, Juniper Networks, Inc.
Page 433 LSP. Each LSP is unidirectional for data traffic, so you must establish LSPs in both directions for two-way data transport. Figure 74 on page 398 shows that two LSPs have been created Copyright © 2010, Juniper Networks, Inc.
Page 434: Figure 74: Lsp Creation For Bgp/Mpls Vpn
The process of data transport is shown in Figure 75 on page 399. PE 1 has already received Transport announcements from PE 2; an LSP has been established between PE 1 and PE 2. Copyright © 2010, Juniper Networks, Inc.
Page 435: Figure 75: Traffic Across The Mpls Backbone Of A Bgp/Mpls Vpn
LSP and must pop label 46. Then it proceeds to look up the next label, label 16, and determines that the packet goes to VRF A. Then the IP address is Copyright © 2010, Juniper Networks, Inc.
Page 436: Configuring Ipv6 Vpns
IPv6 VPN Sites. All features previously supported for BGP/MPLS IPv4 VPNs, such as policy-based routing, redistribution to and from other protocols, aggregation, route-flap dampening, and so on are also supported for BGP/MPLS IPv6 VPNs. Copyright © 2010, Juniper Networks, Inc.
Page 437: Intra-As Ipv6 Vpns
You can also configure IPv6 static routes in the VRFs on the PE routers to reach the networks through the CE IPv6 link. Alternatively, you can configure the static routes with any routing protocol that supports IPv6, such as OSPFv3. Copyright © 2010, Juniper Networks, Inc.
Page 438: Bgp Control Plane Behavior
2 advertises 6001:0431::/48 to its MP-BGP peer in VRF B. When it receives the advertised prefix in VRF A, BGP adds 6001:0430::/48 to its BGP VPNv6 RIB with the stacked label L1, which MPLS allocated for this prefix. The default IPv6 VRF label is L1. Copyright © 2010, Juniper Networks, Inc.
Page 439: Pe-Pe Behavior
A, option B, and option C. Option C is preferred to option B; option B is preferred to option A. For inter-AS options B and C, you must explicitly configure MPLS on all the inter-AS links. Copyright © 2010, Juniper Networks, Inc.
Page 440: Inter-As Option A
The base MPLS tunnels are local to each AS. Stacked tunnels run from end to end between PE routers on the different ASs. This method provides greater scalability, because only the BGP RIBs store all the inter-AS VPN routes. Copyright © 2010, Juniper Networks, Inc.
Page 441: Figure 78: Inter-As Topology With End-To-End Stacked Mpls Tunnels
Prefix In-label 10.10.10.11/32 ASBR 2 receives MPLS frames with label 44 (the in label) from ASBR 3 and sends MPLS frames with label 16 (the out label) to PE 1. Copyright © 2010, Juniper Networks, Inc.
Page 442 MPLS next-hop: 30, label 43, resolved by MPLS next-hop 29 MPLS next-hop: 29, resolved by MPLS next-hop 23, peer 1.1.1.1 MPLS next-hop: 23, label 34 on ATM6/1.20, nbr 10.20.20.1 Statistics: 0 in pkts 0 in Octets Copyright © 2010, Juniper Networks, Inc.
Page 443 Prefix Out-label 10.10.10.11/32 On PE 4, no in label is associated with the IPv4 prefix 10.10.10.11/32. host1:pe4#show ip bgp vpn all field in-label Prefix In-label 10.10.10.11/32 none Copyright © 2010, Juniper Networks, Inc.
Page 444: Inter-As Option C
Figure 79 on page 408 illustrates the three-label stack scenario. PHP is not used in this example. Figure 79: Topology for Three-label Stack Configuration for Inter-AS Option C Copyright © 2010, Juniper Networks, Inc.
Page 445 The top (outermost) label, L5, is assigned by the ingress PE router’s IGP next hop. P 1. This label is obtained from an LDP or RSVP-TE session with the next hop. It corresponds to the /32 route to ASBR 1. Copyright © 2010, Juniper Networks, Inc.
Page 446: Inter-As Option C With Route Reflectors
VPN RR that is multihop peering with another RR in the AS to send the next hop unchanged for the VPN routes that it advertises. Figure 80: Topology for Inter-AS Option C with Route Reflectors neighbor next-hop-unchanged Copyright © 2010, Juniper Networks, Inc.
Page 447: Providing Ipv6 Vpn Services Across Multiple Autonomous Systems
(Figure 81 on page 411). The base MPLS tunnels are local to each AS. Stacked tunnels run from end to end between PE routers on the different ASs. This method enhances scalability, because only the BGP RIBs store all the inter-AS VPN routes. Figure 81: Inter-AS IPv6 VPN Services Copyright © 2010, Juniper Networks, Inc.
Page 448: Using Route Targets To Configure Vpn Topologies
Because this route target is attached to each route advertised by VPN A VRFs, every site in VPN A accepts routes only from other sites in VPN A. The same principle applies to VPN B. Copyright © 2010, Juniper Networks, Inc.
Page 449: Hub-And-Spoke Vpns
However, the hub VRF has an export route target of 100:11, so routes advertised by the hub do match the import target of each spoke and are accepted by all of the spokes. Copyright © 2010, Juniper Networks, Inc.
Page 450: Overlapping Vpns
VPN AB can therefore accept routes advertised by any site in either VPN A or VPN B. Because the VPN AB export route target list also includes both 100:10 and 100:20, every route advertised by VPN AB can be accepted by any site in either VPN A or VPN B. Copyright © 2010, Juniper Networks, Inc.
Page 451: Figure 87: Route Target Configuration For An Overlapping Vpn
To achieve this internally, the router obtains the source address as follows: If the next-hop interface is in the same VRF and the interface is numbered, the router uses the source address of the interface. Copyright © 2010, Juniper Networks, Inc.
Page 452: Constraining Route Distribution With Route-Target Filtering
Exchanging Route-Target Membership Information BGP peers exchange route-target membership information in the following sequence: Copyright © 2010, Juniper Networks, Inc.
Page 453 VPN sites. In configurations where VPNs are members of many route target communities—that is, route target membership is dense—the amount of VPN NLRI exchange traffic is about the same regardless of whether route-target filtering is configured. Copyright © 2010, Juniper Networks, Inc.
Page 454: Receiving And Sending Rt-Mem-Nlri Routing Updates
Advertise to Advertise to IBGP Route IBGP Route Advertise Advertise to EBGP Reflector Reflector to EBGP Confederation Routes Received From Client? Nonclient? Peer? Peer? IBGP route reflector client IBGP route reflector nonclient EBGP peer Copyright © 2010, Juniper Networks, Inc.
Page 455: Table 88: Route-Target Filtering Advertisement Rules For Routes Received From
The wait interval applies to all route-target address family peers. This command takes effect immediately. Example host1(config-router)#address-family route-target signaling host1(config-router-af)#bgp wait-on-end-of-rib 360 Use the no version to restore the default wait interval, 60 seconds. See bgp wait-on-end-of-rib. neighbor maximum-prefix Copyright © 2010, Juniper Networks, Inc.
Page 456: Conditions For Advertising Rt-Mem-Nlri Routes
By default, BGP does not generate or advertise the Default-RT-MEM-NLRI route. You can use the default-information originate command to generate the Default-RT-MEM-NLRI route and send it to all peers. You can use the neighbor Copyright © 2010, Juniper Networks, Inc.
Page 457 Outbound policy configured for the neighbor (using the neighbor route-map out command) is not applied to default routes that are advertised because of the neighbor default-originate command. This command takes effect immediately. Example Copyright © 2010, Juniper Networks, Inc.
Page 458: Route Selection When Route-Target Filtering Is Enabled
EBGP peers that receive the route target VPN routes referenced by the RT-MEM-NLRI route. BGP ignores routes received from the peer after the limit specified with the external paths command is reached. Configuring Route-Target Filtering To configure route-target filtering: Copyright © 2010, Juniper Networks, Inc.
Page 459 Specify a value in the range 1–255; the default value is 1. This command takes effect immediately; it does not bounce the session. This command applies to only the route-target address family. Example 1 host1(config-router)#external-paths 45 Example 2 Copyright © 2010, Juniper Networks, Inc.
Page 460: Multicast Services Over Vpns
1/0 NOTE: You can also use the ip vrf forwarding command to specify secondary route lookup at the parent (global) level, in the event the original lookup does not yield any results. Copyright © 2010, Juniper Networks, Inc.
Page 461: Pe Router Configuration Tasks
100 (Optional) Disable automatic route-target filtering. host1:vr1(config-router)#no bgp default route-target filter Configure PE-to-PE BGP sessions. a. Create the PE-to-PE session. host1:vr1(config)#router bgp 100 host1:vr1(config-router)#neighbor 192.168.1.158 remote-as 100 b. Create the VPN-IPv4 address family. Copyright © 2010, Juniper Networks, Inc.
Page 462: Creating A Vrf
(Optional) Force the BGP speaker to accept routes that have the speaker’s AS number in its AS path. host1:vr1(config-router)#bgp enforce-first-as Creating a VRF Access the desired virtual router context; then create the VRF(s) for that VR. host1(config)#virtual-router vr1 host1:vr1(config)#ip vrf vrfA ip vrf Copyright © 2010, Juniper Networks, Inc.
Page 463: Specifying A Route Distinguisher
When BGP advertises a route from this VRF’s forwarding table, it associates the list of export route targets with the route and includes this attribute in the update message that advertises the route. Copyright © 2010, Juniper Networks, Inc.
Page 464 You can add only one route target to a list at a time. Example host1:vr1(config-vrf)#route-target export 100:1 host1:vr1(config-vrf)#route-target import 100:1 Use the no version to remove a route target from the import list, the export list, or both lists. See route-target. Copyright © 2010, Juniper Networks, Inc.
Page 465: Figure 89: Fully Meshed Vpns
Route-target configuration on PE 1: host1(config)#virtual-router newyork host1:newyork(config)#ip vrf vrfA host1:newyork(config-vrf)#route-target both 777:1 host1:newyork(config-vrf)#exit host1:newyork(config)#ip vrf vrfB host1:newyork(config-vrf)#route-target both 777:2 Route-target configuration on PE 2: host2(config)#virtual-router boston host2:boston(config)#ip vrf vrfC host2:boston(config-vrf)#route-target both 777:1 host2:boston(config-vrf)#exit Copyright © 2010, Juniper Networks, Inc.
Page 466 To configure route targets for this hub and spoke, you specify different import and export route targets on the hub VRF. On the spoke VRFs, you switch these route targets. Route-target configuration on PE 1: host1(config)#virtual-router newyork host1:newyork(config)#ip vrf vrfA host1:newyork(config-vrf)#route-target export 777:25 host1:newyork(config-vrf)#route-target import 777:50 Copyright © 2010, Juniper Networks, Inc.
Page 467: Setting Import And Export Maps For A Vrf
VRFs. As shown in Figure 91 on page 432, a route is distributed (leaked) between RIBs and its attributes are changed as specified Copyright © 2010, Juniper Networks, Inc.
Page 468: Characteristics Of Import And Global Import Maps
When a route that was previously imported into the local VRF RIB is modified in the global BGP RIB (VPN or non-VPN) such that it no longer matches the import or global import map, that route is removed from the local VRF RIB. Copyright © 2010, Juniper Networks, Inc.
Page 469: Characteristics Of Export And Global Export Maps
Subsequent Distribution of Routes Routes that are imported from the global BGP non-VPN RIB (with a global import map) into a VRF RIB are never exported again. Because these routes are not exported to the Copyright © 2010, Juniper Networks, Inc.
Page 470: Creating A Map
You can specify that only IPv4 or only IPv6 routes are exported. By default, both types of routes are exported. Example host1:boston(config-vrf)#export map routemap5 filter Use the no version to remove the route map from the VRF. See export map. Copyright © 2010, Juniper Networks, Inc.
Page 471: Global Export Maps
You can specify that only IPv4 or only IPv6 routes are imported. By default, both types of routes are imported. Example host1:boston(config-vrf)#import map routemap72 Use the no version to remove the route map from the VRF. See import map. Copyright © 2010, Juniper Networks, Inc.
Page 472: Global Import Maps
IPv6 access-lists (IPv6 prefix-lists). You can have the route map disallow IPv4 VPN routes by matching on IPv4 access lists that filter out IPv4 prefixes. The following commands illustrate this behavior. Copyright © 2010, Juniper Networks, Inc.
Page 473: Assigning An Interface To A Vrf
Enter the VRF context. host1:vr1(config)#virtual-router :vrfA Associate the interface. host1:vr1:vrfA(config)#interface gigabitEthernet 1/0 In this case, you do not have to reassign an IP address to the interface because you did not use the ip vrf forwarding command. Copyright © 2010, Juniper Networks, Inc.
Page 474: Defining Secondary Routing Table Lookup
Specify a VRF and that you want it to perform secondary routing table lookup. host1:vr1(config-if)#ip vrf forwarding vrfA fallback global host1:vr1:vrfA(config-if)#ip address 10.12.4.5 255.255.255.0 To specify from inside the VRF context that an interface use the fallback global routing table lookup: Select the interface. host1:vr1(config)#interface gigabitEthernet 1/0 Copyright © 2010, Juniper Networks, Inc.
Page 475 10.12.4.5 255.255.255.0 host1:vr1(config-if)#ip vrf forwarding vrfA fallback global host1:vr1:vrfA(config-if)#ip address 10.12.4.5 255.255.255.0 Use the no version to remove the interface assignment or discontinue secondary routing table lookup. See ip vrf forwarding. Copyright © 2010, Juniper Networks, Inc.
Page 476: Adding Static Routes To A Vrf
If you do not configure static routes on the VRF for each prefix in the associated customer site, then you must configure an IGP on the VRF so that the VRF can learn routes from customer sites. Copyright © 2010, Juniper Networks, Inc.
Page 477: Configuring The Igp In The Vrf Context
3. virtual-router Use to access a VRF to configure it with an IGP to learn routes from a CE router. To access the VRF from its VR context (in this example, the default VR): Copyright © 2010, Juniper Networks, Inc.
Page 478: Disabling Automatic Route-Target Filtering
If the route-refresh capability was not negotiated over the session, BGP bounces the session. Example host1:vrf1(config-router)#no bgp default route-target filter Use the no version to disable automatic route-target filtering. See bgp default route-target filter. Copyright © 2010, Juniper Networks, Inc.
Page 479: Creating Labels Per Fec
Use to generate a label for each different FEC pointed to by a BGP route. For some types of routes, issuing this command has no effect on the labels created; they are always per-VRF labels. Example Copyright © 2010, Juniper Networks, Inc.
Page 480: Configuring Pe-To-Pe Lsps
In the example shown in Figure 93 on page 445, the E Series router gives equal consideration to IBGP VPN routes learned from multiple remote PE devices when determining load balancing. Copyright © 2010, Juniper Networks, Inc.
Page 481: Figure 93: Bgp/Mpls Vpn Ibgp Example
In Figure 94 on page 446, a BGP/MPLS network connects PE 1 and PE 2, which are configured for VPNv4 unicast IBGP peering. CE 1 and CE 2 are configured for EBGP peering with the PE devices. CE 2 is multihomed, connected to both PE 1 and PE 2. Copyright © 2010, Juniper Networks, Inc.
Page 482: Figure 94: Bgp/Mpls Vpn Eibgp Example
This command is not supported for the VPNv4 or VPNv6 address families. The maximum-paths eibgp command cannot be used if the router is currently configured with the maximum-paths or maximum-paths ibgp command. Example host1(config)#router bgp 100 host1(config-router)#address-family ipv4 vrf vrfA host1(config-router-af)#maximum-paths eibgp 6 Copyright © 2010, Juniper Networks, Inc.
Page 483: Enabling Vpn Address Exchange
Use the no version to disable the exchange of a type of prefix. See address-family. exit-address-family Use to exit Address Family Configuration mode and access Router Configuration mode. Example host1:vr1(config-router-af)#exit-address-family There is no no version. See exit-address-family. neighbor activate Copyright © 2010, Juniper Networks, Inc.
Page 484: Configuring Pe-To-Ce Bgp Sessions
You configure the characteristics of VRF A, the global BGP attributes, the address family for the session, and BGP attributes relevant to the VRF or address family. host1(config)#ip vrf vrfa host1(config-vrf)#rd 777:5 host1(config-vrf)#route-target both 777:5 host1(config-vrf)#exit host1(config)#interface gigabitEthernet 1/0 host1(config-if)#ip vrf forwarding vrfA Copyright © 2010, Juniper Networks, Inc.
Page 485: Advertising Static Routes To Customers
The following commands illustrate how to configure the exchange of routes in both the IPv4 unicast and the VPNv4 unicast address families for a BGP peer: host1:vr1(config)#router bgp 777 host1:vr1(config-router)#neighbor 10.26.5.10 remote-as 100 host1:vr1(config-router)#address-family vpnv4 unicast host1:vr1(config-router-af)#neighbor 10.26.5.10 activate host1:vr1(config-router-af)#exit-address-family Copyright © 2010, Juniper Networks, Inc.
Page 486: Using A Single As Number For All Ce Sites
In the following example, the router’s AS number of 777 overrides the neighboring router’s AS number of 100. host1:vr1(config)#router bgp 777 host1:vr1(config-router)#neighbor 172.16.20.10 remote-as 100 host1:vr1(config-router)#neighbor 172.16.20.10 update-source loopback0 host1:vr1(config-router)#address-family ipv4 vrf vpn1 host1:vr1(config-router-af)#neighbor 172.25.14.12 remote-as 100 Copyright © 2010, Juniper Networks, Inc.
Page 487: Preventing Routing Loops
The site-of-origin extended community attribute enables BGP to filter out such routes to prevent routing loops in this network. You can use the set extcommunity command to specify a site of origin and then use the match extcommunity command and an Copyright © 2010, Juniper Networks, Inc.
Page 488: Figure 96: Network With Potential Routing Loops
BGP session on each PE router with the site of origin. The result of the following (partial) configuration is shown in Figure 97 on page 453. host1:pe1(config)#ip vrf yourvpn host1:pe1(config-vrf)#rd 200:1 host1:pe1(config-vrf)#route-target both 200:11 Copyright © 2010, Juniper Networks, Inc.
Page 489: Figure 97: Preventing Potential Routing Loops In The Network
To apply the new policy to routes that are already present in the BGP routing table, you must use the clear ip bgp command to perform a soft clear or hard clear of the current BGP session. Example host1(config-router)#neighbor 10.25.32.4 site-of-origin 200:21 Copyright © 2010, Juniper Networks, Inc.
Page 490: Advertising Prefixes With Duplicate As Numbers
AS number up to the specified number of times. If the AS path of a route contains the speaker’s AS number more than the specified number of times, the route is determined to be a loop and is discarded. Copyright © 2010, Juniper Networks, Inc.
Page 491: Controlling Route Importation
As long as the route count stays at the limit, further attempts to add routes fail, but do not generate any more limit-exceeded log entries. Copyright © 2010, Juniper Networks, Inc.
Page 492: Deleting Routes For A Vrf
If you do not specify a VRF, routes are removed from all VRFs. You can specify either that a single route or all dynamic routes are to be removed. This command takes effect immediately. Example Copyright © 2010, Juniper Networks, Inc.
Page 493: Enabling Vrf-To-Vr Peering
Use to establish a static route in a VRF to a remote interface in the parent VR. The specified interface must be preexisting and have an alias assigned with the description command. Copyright © 2010, Juniper Networks, Inc.
Page 494: Achieving Fast Reconvergence In Vpn Networks
PE router without having to wait for the BGP session to the failed PE router to time out. Depending on the network topology, you can achieve fast reconvergence by assigning unique RDs to each VRF or by enabling next-hop reachability checking. Copyright © 2010, Juniper Networks, Inc.
Page 495: Fast Reconvergence With Unique Rds
MPLS tunnel or IP connectivity from the route reflector to the egress PE router and the presence of the MPLS tunnel from the ingress PE router to the egress PE router. Copyright © 2010, Juniper Networks, Inc.
Page 496: Fast Reconvergence By Means Of Reachability Checking
PE 1 is considered to be the best. VRFs share the same RD, but reachability checking has been enabled. In Figure 100 on page 461, PE 1 has already failed, and tunnels PE 3–PE 1 and PE 4–PE 1 have gone down. Copyright © 2010, Juniper Networks, Inc.
Page 497: Configuring Bgp To Send Labeled And Unlabeled Unicast Routes
A route is advertised as a labeled route within a given BGP peering session in either of the following cases: You issue the neighbor send-label command, but no outbound route map has been configured. Copyright © 2010, Juniper Networks, Inc.
Page 498: Bgp Next-Hop-Self
When a BGP router reports itself as the next hop, whether because of an explicit neighbor next-hop-self configuration or implicitly as a result of participating in an EBGP session, BGP allocates a new in label and adds an entry to the MPLS forwarding table, creating a label-to-next-hop mapping. Copyright © 2010, Juniper Networks, Inc.
Page 499: Bgp Processing Of Received Routes
VPN route is received from a nonmultihop peer, then the BGP indirect next hop is always resolved, because a connected route to that peer exists in the IP tunnel routing table. Table 91 on page 464 summarizes indirect next hop resolution. Copyright © 2010, Juniper Networks, Inc.
Page 500: Afi
VRF contains only routes to sites in the VPN and not routes to sites in the Internet. The exchange of traffic between a VPN and the Internet requires both of the following: Traffic flow from the VPN to the Internet Traffic flow from the Internet to the VPN Copyright © 2010, Juniper Networks, Inc.
Page 501: Enabling Traffic Flow From The Vpn To The Internet
For the first solution you create a default route in the VRF that points to a shared IP interface. You must manually create the shared IP interface on top of the layer 2 interface that points to the Internet gateway. See Figure 101 on page 466. Copyright © 2010, Juniper Networks, Inc.
Page 502: Configuring A Fallback Global Option
CE router. One lookup is in the IP routing table of the VRF; the other lookup is in the IP routing table of the parent Copyright © 2010, Juniper Networks, Inc.
Page 503: Configuring A Global Import Map For Specific Routes
For the third solution you create a global import map to import only the specific routes needed to reach the desired small number of networks in the Internet. See Figure 103 on page 468. Copyright © 2010, Juniper Networks, Inc.
Page 504: Creating A Bgp Session Between The Ce Router And The Parent Vr
This situation requires a BGP session from the parent VR to the CE router (Figure 104 on page 469). This BGP session in turn requires a route in the VRF to the loopback interface Copyright © 2010, Juniper Networks, Inc.
Page 505: Figure 104: Bgp Session Between Ce Router And Parent Vr
VRloop host1:pe1(config-route-map)#exit host1:pe1(config)#ip vrf pe11 host1:pe1(config-vrf)#rd 100:1 host1:pe1(config-vrf)#route-target both 100:1 host1:pe1(config-vrf)#global import map globimaploop The following commands create a BGP session between the CE router and the parent On host 1, VR PE 1: Copyright © 2010, Juniper Networks, Inc.
Page 506: Enabling Traffic Flow From The Internet To The Vpn
PE-CE interface for each particular VPN site. The static routes must then be injected into BGP (possibly as part of an aggregate) so that they can be reached from the Internet. Figure 105 on page 471 illustrates this approach: Copyright © 2010, Juniper Networks, Inc.
Page 507: Global Export Map
When they are installed in the global IP routing table, these exported routes point to the IP interface in the VRF as shown in Figure 106 on page 472. See “Global Export Maps” on page 435 for more information. Copyright © 2010, Juniper Networks, Inc.
Page 508: Carrier-Of-Carriers Ipv4 Vpns
Layer 3 VPN services—The customer carrier provides VPN services for its customers and uses the provider carrier’s VPN for the backbone that connects the customer carrier’s VPN sites. This environment is called a hierarchical VPN, because there are Copyright © 2010, Juniper Networks, Inc.
Page 509: Customer Carrier As An Internet Service Provider
PE routers that connect to the provider carrier at each site. Routes are learned and maintained as follows: The customer carrier’s internal routes are learned and advertised across the provider carrier’s VPN. The customer carrier’s external routes are not installed in the provider’s VPN. Copyright © 2010, Juniper Networks, Inc.
Page 510: Configuration Steps
Figure 107: Carrier-of-Carriers Internet Service Configuration Steps You must complete the following configuration process when the customer carrier provides Internet connectivity for its customers. On the provider carrier’s PE router: Configure MPLS. Configure BGP. Copyright © 2010, Juniper Networks, Inc.
Page 511: Customer Carrier As A Vpn Service Provider
In the customer carrier’s VPN, PE routers use MP-IBGP sessions to exchange labeled VPN routes that correspond to the end customer’s VPN routes. Figure 108 on page 476 shows a sample carrier-of-carriers environment in which the customer carrier provides VPN services to its customers. Copyright © 2010, Juniper Networks, Inc.
Page 512: Configuration Steps
Figure 108: Carrier-of-Carriers VPN Service Configuration Steps You must complete the following configuration process when the customer carrier provides VPN services for its customers. On the provider carrier’s PE router: Configure MPLS. Configure BGP. Configure an IGP. Copyright © 2010, Juniper Networks, Inc.
Page 513: Enabling Carrier-Of-Carriers Support On A Vrf
VRF. The output includes a line indicating the status: Carrier’s carrier mode is enabled. Example host1:vr1:VrfA(config)#mpls topology-driven-lsp Use the no version to disable carrier-of-carriers mode on the VRF. See mpls topology-driven-lsp. Copyright © 2010, Juniper Networks, Inc.
Page 514: Carrier-Of-Carriers Using Bgp As The Label Distribution Protocol
109 on page 478) must be IPv4 addresses; they cannot be IPv6 addresses, whether native or IPv4-mapped. For more information about carrier-of-carriers VPNs, see “Carrier-of-Carriers IPv4 VPNs” on page 472 . Figure 109: Carrier-of-Carrier IPv6 VPNs Copyright © 2010, Juniper Networks, Inc.
Page 515: Connecting Ipv6 Islands Across Ipv4 Clouds With Bgp
In the topology shown in Figure 110 on page 479, OSPF advertises reachability of the loopback (10.1.1.1/32 and 10.2.2.1/32) and core-facing (10.10.10.1/32 and 10.20.20.2/32) interfaces of the PE routers. LDP binds label L1 to 10.1.1.1/32 on the P router. Copyright © 2010, Juniper Networks, Inc.
Page 516: Connecting Ipv6 Islands Across Multiple Ipv4 Domains
DS-BGP routers of each domain. Routing between PE 1–ASBR 1 in AS 1 and between PE 2–ASBR 2 in AS 2 is accomplished by means of label-switched paths. Copyright © 2010, Juniper Networks, Inc.
Page 517: Configuring Ipv6 Tunneling Over Ipv4 Mpls
Activate the neighbors in the IPv6 address-family. host1(config-router)#address-family ipv6 unicast host1(config-router-af)#neighbor 11.19.1.2 activate host1(config-router-af)#neighbor 2.2.2.2 activate d. Configure the MP-BGP PE neighbor to send labeled IPv6 prefixes. host1(config-router-af)#neighbor 2.2.2.2 send-label host1(config-router-af)#neighbor 2.2.2.2 update-source loopback 1 Copyright © 2010, Juniper Networks, Inc.
Page 518: Ospf And Bgp/Mpls Vpns
(ABR) and functions as an area 0 router so that it can distribute interarea routes to the CE router. The BGP/MPLS VPN distributes both interarea and intra-area routes between PE routers as interarea, type 3 summary routes. Copyright © 2010, Juniper Networks, Inc.
Page 519: Distributing Ospf Routes From Ce Router To Pe Router
The route type attribute carries the OSPF area ID and LSA type, as indicated in Table 93 on page 483: Table 93: Route Types and Route Origins Type of Route Origin of Route 1 – intra-area route Type 1 LSA Copyright © 2010, Juniper Networks, Inc.
Page 520: Distributing Ospf Routes From Pe Router To Ce Router
PE router sets the most-significant bit in the LSA options field to identify the LSA as being generated from a PE router. Doing this prevents the LSA from being passed back to the BGP/MPLS VPN through a different PE router. Copyright © 2010, Juniper Networks, Inc.
Page 521: Using Remote Neighbors To Configure Ospf Sham Links
BGP extended communities to determine the type of LSA to send to CE routers. As a result the intra-area OSPF routes in one VPN site appear as interarea OSPF routes at the remote VPN sites. Copyright © 2010, Juniper Networks, Inc.
Page 522: Ospf Backdoor Links
NOTE: If the VPN sites are not connected by an OSPF backdoor link or if the VPN sites are in different OSPF areas, the problem does not exist and you do not need to configure an OSPF sham link. Copyright © 2010, Juniper Networks, Inc.
Page 523: Figure 113: Ospf Sham Link
Using this command avoids having many BGP routes to the same prefix by preventing OSPF routes learned over the sham link from being redistributed back into BGP even when you have configured redistribution of OSPF routes into BGP. Copyright © 2010, Juniper Networks, Inc.
Page 524: Configuration Tasks
At a minimum, perform the following tasks on each PE router to configure them for OSPF. For other OSPF configuration tasks, see OSPF Configuration Tasks in the JunosE IP, IPv6, and IGP Configuration Guide. Create the VRF. host1(config)#ip vrf ospf2 Proceed with new VRF creation? [confirm] Copyright © 2010, Juniper Networks, Inc.
Page 525 The default value is a 32-bit number based on the AS number of the BGP/MPLS VPN backbone, with the first 16 bits set to 1110 0000 0000 0000, followed by the 16 bits representing the AS number. Copyright © 2010, Juniper Networks, Inc.
Page 526: Configuring Vpls
L2VPNs enable the sharing of a provider’s core network infrastructure between IP and L2VPN services, reducing the cost of providing those services. For details about configuring and using L2VPNs, see “Configuring VPWS” on page 659. Copyright © 2010, Juniper Networks, Inc.
Page 527: Monitoring Bgp/Mpls Vpns
Issue the debug ip mbgp command: host1#debug ip mbgp Related Disabling the MP-BGP Events Log Display on page 508 Documentation debug ip mbgp undebug ip mbgp Monitoring BGP Next Hops for VPN Purpose Display information about BGP next hops. Copyright © 2010, Juniper Networks, Inc.
Page 528: Table 94: Show Ip Bgp Next-Hop Output Fields
Index number of the IP indirect next hop that this BGP indirect next hop resolves to MPLS indirect next-hop Index number of the MPLS indirect next hop that this BGP indirect index next hop resolves to Copyright © 2010, Juniper Networks, Inc.
Page 529: Monitoring Vrf Interfaces
Operational debounce-time = disabled Access routing = disabled Multipath mode = hashed In Received Packets 0, Bytes 0 Unicast Packets 0, Bytes 0 Multicast Packets 0, Bytes 0 In Policed Packets 0, Bytes 0 Copyright © 2010, Juniper Networks, Inc.
Page 530: Table 95: Show Ip Interface Vrf Output Fields
Configured MTU for the interface Operational speed Actual speed Administrative speed Configured speed Discontinuity Time Value of sysUpTime the last time the integrity of the interface statistics was compromised Router advertisement Whether routes are advertised; enabled or disabled Copyright © 2010, Juniper Networks, Inc.
Page 531 Number of committed packets and bytes dropped because of out Committed Packets, Bytes queue threshold limit Out Scheduler Drops Number of conformed packets and bytes dropped because of out Conformed Packets, Bytes queue threshold limit Copyright © 2010, Juniper Networks, Inc.
Page 532: Monitoring Vrf Routing Protocols
Always compare MED Status of multiexit discrimination: enabled, disabled Router flap damping Status of route dampening: enabled, disabled Administrative Distance External, internal, and local administrative distances Neighbor Address IP address of the BGP neighbor Copyright © 2010, Juniper Networks, Inc.
Page 533 Network for which OSPF is currently injecting routes Router Administrative RIP protocol state. Enable means it is allowed to send and receive State updates. Disable means that it may be configured but it is not allowed to run yet. Copyright © 2010, Juniper Networks, Inc.
Page 534: Monitoring The Vrf Routing Table
O- OSPF, E1- external type 1, E2- external type2, N1- NSSA external type1, N2- NSSA external type2 Prefix/Length Type Next Hop Dist/Met Intf --------------- ------- ---------- -------- ------------ Copyright © 2010, Juniper Networks, Inc.
Page 535: Monitoring The Vrf
To display detailed information about a specified VRF: host1:pe1#show ip vrf detail pe11; Default RD 100:11 VRF IP Router Id: 10.11.11.1 Default TTL: 127 Reassemble Timeout: 30 Interface Configured: null0 ATM2/0.11 tun mpls:vpnEgL17-3 ip dyn-24 Import VPN Route Target Extended Communities: Copyright © 2010, Juniper Networks, Inc.
Page 536 To display detailed information about the interfaces: host1:PE1#show ip vrf interfaces detail null0 is up, line protocol is up VRF: pe11 Link up/down trap is disabled Internet address is 255.255.255.255/255.255.255.255 IP statistics: Rcvd: 0 local destination Copyright © 2010, Juniper Networks, Inc.
Page 537 Out Scheduler Drops Exceeded Packets 0, Bytes 0 Out Policed Packets 0 Out Discarded Packets 0 Out Fabric Dropped Packets 0 Meaning Table 98 on page 502 lists the show ip vrf command output fields. Copyright © 2010, Juniper Networks, Inc.
Page 538: Table 98: Show Ip Vrf Output Fields
IPv4 and IPv6 routes, unless the field name is preceded by IPv4 (applies the map to only IPv4 routes) or IPv6 (applies the map to only IPv6 routes). IP-Address IP address of the interface Status Status of the interface Copyright © 2010, Juniper Networks, Inc.
Page 539 Number of discarded packets IP Statistics Frags reasm ok Number of reassembled packets reasm req Number of requests for reassembly reasm fails Number of reassembly failures frag ok Number of packets fragmented successfully Copyright © 2010, Juniper Networks, Inc.
Page 540 Number of packets sent with destination unreachable time exceed Number of packets sent with time-to-live exceeded param probs Number of packets sent with parameter error src quench Number of source quench packets sent Copyright © 2010, Juniper Networks, Inc.
Page 541: Monitoring Load-Balanced Martini Circuits
Dropped committed packets 0, bytes 0 Dropped conformed packets 0, bytes 0 Dropped exceeded packets 0, bytes 0 Member Interfaces Interface fastEthernet 2/0.2 active Incoming Traffic Statistics 0 pkts, 0 hcPkts, 0 octets 0 hcOctets, 0 errors, 0 discardPkts Copyright © 2010, Juniper Networks, Inc.
Page 542: Table 99: Show Mpls L2Transport Load-Balancing-Group Output Fields
Number of packets sent across tunnel hcPkts Number of high-capacity (64-bit) packets sent across tunnel octets Number of octets sent across tunnel hcOctets Number of high-capacity (64-bit) octets sent across tunnel Copyright © 2010, Juniper Networks, Inc.
Page 543: Monitoring Mpls Tunnels
Documentation show mpls l2transport interface Monitoring MPLS Tunnels Purpose Display status and configuration for all tunnels or for a specific tunnel in the current router context Action To display the configuration for all tunnels: Copyright © 2010, Juniper Networks, Inc.
Page 544: Disabling The Mp-Bgp Events Log Display
Disabling the MP-BGP Events Log Display To disable the display of information about MP-BGP logs that was previously enabled with the debug ip mbgp command Issue the undebug ip mbgp command: host1#undebug ip mbgp Copyright © 2010, Juniper Networks, Inc.
Page 547: Layer 2 Services Over Mpls
PART 3 Layer 2 Services Over MPLS Layer 2 Services over MPLS Overview on page 513 Configuring Layer 2 Services over MPLS on page 535 Monitoring Layer 2 Services over MPLS on page 569 Copyright © 2010, Juniper Networks, Inc.
Page 549: Layer 2 Services Over Mpls Overview
From the perspective of the customer edge (CE) devices, all that exists is the layer 2 circuit, even though the circuit actually exists over the service provider’s MPLS network. The JunosE Software currently support the following layer 2 services over MPLS: Copyright © 2010, Juniper Networks, Inc.
Page 550: Layer 2 Services Over Mpls Platform Considerations
See ERX Module Guide, Appendix A, Module Protocol Support for information about the modules that support the underlying layer 2 service and MPLS. For information about the modules that support the underlying layer 2 service and MPLS on the E120 or E320 Broadband Services Router: Copyright © 2010, Juniper Networks, Inc.
Page 551: Interface Specifiers
Networks—draft-ietf-pwe3-ethernet-encap-05.txt (June 2004 expiration) Encapsulation Methods for Transport of Layer 2 Frames Over IP and MPLS Networks—draft-martini-l2circuit-encap-mpls-08.txt (March 2005 expiration) Encapsulation Methods for Transport of PPP/HDLC Over IP and MPLS Networks—draft-ietf-pwe3-hdlc-ppp-encap-mpls-03.txt (October 2004 expiration) Copyright © 2010, Juniper Networks, Inc.
Page 552: Layer 2 Services Over Mpls Implementation
Layer 2 Services over MPLS Implementation When layer 2 services are configured over MPLS, layer 2 traffic is encapsulated in MPLS frames and sent over MPLS tunnels. A virtual circuit (VC) label that indicates a specific Copyright © 2010, Juniper Networks, Inc.
Page 553: Local Cross-Connects Between Layer 2 Interfaces Using Mpls Overview
For a list of supported layer 2 services, see Layer 2 Services over MPLS Overview on Documentation page 513 For a configuration example that shows how to create local cross-connects between Ethernet/VLAN interfaces, see Configuring Local Cross-Connects Between Ethernet/VLAN Interfaces on page 539 Copyright © 2010, Juniper Networks, Inc.
Page 554: Mpls Shim Interfaces For Layer 2 Services Over Mpls Overview
The layer 2 interface determines the default preference if this option is not configured. Even when preferred, the sequence numbers might not be sent if the Copyright © 2010, Juniper Networks, Inc.
Page 555: Multiple Layer 2 Services Over Mpls Overview
ATM Layer 2 Services over MPLS Overview ATM layer 2 services over MPLS provide ATM switch-like functionality for E Series routers. This feature is useful for customers who run IP in the majority of their network but still Copyright © 2010, Juniper Networks, Inc.
Page 556: Aal5 Encapsulation
ATM VC. In Figure 117 on page 521, an MPLS tunnel connects two E Series routers, and ATM cross-connects provide a pseudowire between the ATM VCs on the two routers. All AAL5 Copyright © 2010, Juniper Networks, Inc.
Page 557: Oam Cells
Automatic connection setup using user-to-network interface (UNI) signaling and private network-to-network interface (PNNI) is not supported. The ATM MIB cross-connected table is not supported. Connections between ATM circuits and non-ATM interfaces are not supported. Copyright © 2010, Juniper Networks, Inc.
Page 558: Control Word Support
Values (in microseconds) for each of the three ATM Martini cell packing timers maintained on the router. These timers define the time threshold that the router uses to concatenate ATM cells and transmit the cells in an MPLS packet on the pseudowire. Copyright © 2010, Juniper Networks, Inc.
Page 559: Cell Concatenation And Latency
For information about, VCC cell relay encapsulation, see Encapsulation Methods for Transport of ATM Over MPLS Networks—draft-ietf-pwe3-atm-encap-07.txt (April 2005 expiration) For VCC cell relay encapsulation configuration instructions, seeConfiguring an MPLS Pseudowire with VCC Cell Relay Encapsulation on page 542 Copyright © 2010, Juniper Networks, Inc.
Page 560: Hdlc Layer 2 Services Over Mpls Overview
POS interface contains actual PPP packets and not, for example, Cisco HDLC packets. Control Word Support The router always sends a control word for HDLC layer 2 circuits, regardless of whether or not sequencing is enabled. Copyright © 2010, Juniper Networks, Inc.
Page 561: Local Cross-Connects
VLAN1 interface, when the MPLS L2VPN tunnel over VLAN1 over LAG1 is configured. The Martini tunnel from PE1 to PE2 can be configured either over Ethernet or LAG. In this scenario, it is considered to be configured over LAG. Copyright © 2010, Juniper Networks, Inc.
Page 562: Ethernet Raw Mode Encapsulation For Martini Layer 2 Transport Overview
10G Uplink LMs, and ES2 10G ADV LMs. In previous releases, the transfer of Ethernet packets over MPLS-based pseudowire enabled service providers to provide point-to-point layer 2 Ethernet connectivity between geographically remote customer edge (CE) devices. This functionality enabled the following tasks to be performed on received packets: Copyright © 2010, Juniper Networks, Inc.
Page 563 When raw mode encapsulation is configured on the VLAN interface stacked below the MPLS shim interface When a pseudowire operates in raw mode, service-delimiting tags, if present in the frame received from the PE device, are stripped from the frame before being sent to the next Copyright © 2010, Juniper Networks, Inc.
Page 564: S-Vlan Subinterface With An Untagged C-Vlan Id Overview
VLAN subinterface is previously configured with a VLAN ID value on the same major VLAN, an error message is displayed. Related Examples: Configuring S-VLAN Subinterface with an Untagged C-VLAN ID on page 563 Documentation svlan id Copyright © 2010, Juniper Networks, Inc.
Page 565: Multiple Atm Virtual Circuits Over A Single Pseudowire Overview
ATM virtual circuits whose cells need to be transported on the single pseudowire using the VPI/VCI range configuration. You can specify a maximum of four non-overlapping VPI/VCI ranges for each ATM port. The cumulative number of ATM virtual circuits in the specified VPI/VCI ranges must not Copyright © 2010, Juniper Networks, Inc.
Page 566 The changeover to the LOS state for the ATM port is not performed because only a subset of the ATM virtual circuits are configured to be transported on the pseudowire. The ATM Copyright © 2010, Juniper Networks, Inc.
Page 567: Guidelines For Configuring Vpi/Vci Ranges Of Atm Virtual Circuits
You must remove the conflicting range, and remove or reconfigure this range to activate it for transportation of ATM cells. Copyright © 2010, Juniper Networks, Inc.
Page 568: An Atm Port
16,000. The VPI/VCI range specification on the ATM ports for this feature is controlled by this limit. Depending on other VPI/VCI configuration on the ATM line module, the range specification must not be greater than this scaled limit subtracted from the other VPI/VCI configuration. Copyright © 2010, Juniper Networks, Inc.
Page 569 Support for unified ISSU and high availability with a VPI/VCI range configured with the maximum number of VCs is provided. Related Example: Multiple ATM Virtual Circuits over a Single Pseudowire on page 565 Documentation mpls-relay atm vpi-range vci-range mpls-relay atm cell-packing mcpt-timer Copyright © 2010, Juniper Networks, Inc.
Page 571: Configuring Layer 2 Services Over Mpls
MPLS and the type of layer 2 interfaces that you want to configure. Before you configure layer 2 services over MPLS, you must configure the layer 2 interfaces and MPLS. Copyright © 2010, Juniper Networks, Inc.
Page 572: Configuring Frame Relay Layer 2 Services
To configure the router to interoperate with a router that uses the legacy Frame Relay pseudowire type for layer 2 services over MPLS: Configure the Frame Relay interface. host1(config)#interface serial 4/1:1/1 host1(config-if)#encapsulation frame-relay ietf host1(config-if)#frame-relay intf-type dte host1(config-if)#frame-relay lmi-type ansi host1(config-if)#interface serial 4/1:1/1.1 host1(config-subif)#frame-relay interface-dlci 17 ietf Copyright © 2010, Juniper Networks, Inc.
Page 573: Configuring Ethernet/Vlan Layer 2 Services
Specify MPLS tunneling by using the appropriate command. host1(config-if)#mpls-relay 10.10.100.2 45 host1(config-if)#route interface tunnel mpls:tunnel6 45 Configure Ethernet/VLAN and MPLS on the remote PE router. Related encapsulation vlan Documentation interface fastEthernet mpls-relay route interface vlan id Copyright © 2010, Juniper Networks, Inc.
Page 574: Configuring S-Vlan Tunnels For Layer 2 Services
PE router. Related For more information about S-VLANs, including complete configuration instructions, Documentation see the JunosE Link Layer Configuration Guide encapsulation vlan interface fastEthernet mpls-relay route interface svlan ethertype svlan id Copyright © 2010, Juniper Networks, Inc.
Page 575: Configuring Local Cross-Connects Between Ethernet/Vlan Interfaces
9/1 host1(config-if)#encapsulation vlan host1(config-if)#exit host1(config)#interface fastEthernet 9/1.1 host1(config-if)#vlan id 10 (Optional) If you are configuring a multiservice local cross-connect, assign an IP address and mask to the Ethernet/VLAN interface. host1(config-if)#ip address 10.1.2.3 255.255.255.0 Copyright © 2010, Juniper Networks, Inc.
Page 576: Configuring Local Atm Cross-Connects With Aal5 Encapsulation
MPLS relay connection from the PVCs to the loopback interface. You do not need to configure any other MPLS commands. The following commands create an ATM cross-connect between two ATM subinterfaces on the same router. Copyright © 2010, Juniper Networks, Inc.
Page 577 ---------- --- --- ---------- --- --- ----- ----- ---- ---- -------- ATM2/0.1 0 100 ATM2/0.2 0 101 2 AAL5 0 State UP 1 local connection(s) found Related atm pvc Documentation interface atm interface loopback ip address mpls-relay show mpls cross-connects atm vlan id Copyright © 2010, Juniper Networks, Inc.
Page 578: Configuring An Mpls Pseudowire With Vcc Cell Relay Encapsulation
The values you configure for the ATM Martini cell packing timers and cell concatenation parameters need not be the same on the ingress and egress routers, although matching Copyright © 2010, Juniper Networks, Inc.
Page 579 ATM 4/0.101 ATM/MPLS 101 0 101 PVC AAL0 9180 lowerLayerDown Static Maximum number of cells per packet: 150 Cell aggregation timeout timer: SNMP trap link-status: disabled InPackets: InBytes: OutPackets: OutBytes: InErrors: OutErrors: InPacketDiscards: InPacketsUnknownProtocol: 0 Copyright © 2010, Juniper Networks, Inc.
Page 580: Configuring Hdlc Layer 2 Services
PPP encapsulation instead of the default VC-type HDLC signaling and HDLC encapsulation. Use this command syntax if the traffic carried on the serial or POS interface contains actual PPP packets. host1(config-if)#mpls-relay 2.2.2.1 1 relay-format ppp Copyright © 2010, Juniper Networks, Inc.
Page 581: Differences
Alternatively, a given layer 2 circuit or each end of a local cross-connect can have many shim interfaces. In these cases, traffic destined for the CE routers is load-balanced among the multiple shim interfaces. This is known as CE-side load balancing. In the case of Copyright © 2010, Juniper Networks, Inc.
Page 582: Vc Id
In the case of a local cross-connects configuration, the following commands illustrate how a three-way cross-connect is created when 10.9.1.2 is a local address: host1(config)#interface atm 6/0.101 point-to-point host1(config-subif)#mpls-relay 10.9.1.2 600001 host1(config-subif)#exit host1(config)#interface atm 6/2.101 point-to-point host1(config-subif)#mpls-relay 10.9.1.2 600001 host1(config-subif)#exit host1(config)#interface atm 6/2.103 point-to-point Copyright © 2010, Juniper Networks, Inc.
Page 583: Load-Balancing Group Configuration
Load-balancing groups are a legacy method of configuring CE-side load balancing. It was the only method available before Release 7.1.0. Load-balancing groups enable you to configure attributes for a group that are inherited by the member shim interfaces. Copyright © 2010, Juniper Networks, Inc.
Page 584: Figure 120: Ce-Side Load-Balancing Topology
You configure each circuit for VLAN or S-VLAN subinterfaces that you create across a set of candidate Ethernet ports. The router distributes traffic from the core through the candidate ports used by the load-balancing group. If a port is disabled, traffic is redistributed to a working port. Copyright © 2010, Juniper Networks, Inc.
Page 585: Mpls Interfaces And Labels
VLAN or S-VLAN subinterface level. Each of the following examples removes member Fast Ethernet subinterface 13/0.2 from the load-balanced Martini circuit: host1(config)#mpls l2transport load-balancing-group 100 mpls-relay 2.2.2.2 202 host1(config-mpls-l2-group)#no member interface fast 13/0.2 host1()#interface fast 13/0.2 host1(config-subif)#no mpls-relay Copyright © 2010, Juniper Networks, Inc.
Page 586: Example: Configuring Frame Relay Over Mpls
1/1 timeslots 1-24 speed 64 t1 2 clock source internal module t1 2/1 timeslots 1-24 speed 64 controller t3 4/1 no shutdown clock source internal module cablelength 5 t1 1 clock source internal module Copyright © 2010, Juniper Networks, Inc.
Page 587 1 1 11 aal5snap ip address 10.10.11.2 255.255.255.0 ip router isis mpls mpls ldp router isis net 47.0005.80FF.F800.0000.0000.0004.0000.F209.0202.00 mpls traffic-eng router-id loopback 0 mpls traffic-eng level-1 metric-style wide !-------------------------------------------------------------------------- !Create virtual router three. Configure MPLS. !-------------------------------------------------------------------------- Copyright © 2010, Juniper Networks, Inc.
Page 588 2/1.2 atm pvc 2 1 12 aal5snap ip address 10.10.12.5 255.255.255.0 ip router isis mpls mpls ldp router isis net 47.0005.80FF.F800.0000.0000.0004.0000.F209.0505.00 mpls traffic-eng router-id loopback 0 mpls traffic-eng level-1 metric-style wide !-------------------------------------------------------------------------- Copyright © 2010, Juniper Networks, Inc.
Page 589: Example: Configuring Mpls L2Vpn Tunnel Over Vlan Over Lag
Configuration on CE2 (Remote CE Router) on page 556 Configuration on CE1 (Local CE Router) Use the following commands on the local CE router (CE1) to configure the MPLS L2VPN tunnel shown in Figure 122 on page 553. Copyright © 2010, Juniper Networks, Inc.
Page 590: Configuration On Pe1 (Local Pe Router)
2/1/2 host1:pe1(config-if)#encapsulation vlan ! Specify a subinterface by adding a unique subinterface number to the LAG bundle ! name. Assign an S-VLAN ID and a VLAN ID for the subinterface. Also, configure Copyright © 2010, Juniper Networks, Inc.
Page 591: Configuration On Pe2 (Remote Pe Router)
! Create a Gigabit Ethernet interface and configure MPLS tunneling with the IP ! address of the router on the remote end of the layer 2 circuit and the virtual ! circuit identifier. host1:pe2(config)#interface gigabitEthernet 2/1/6 host1:pe2(config-if)#encapsulation vlan Copyright © 2010, Juniper Networks, Inc.
Page 592: Configuration On Ce2 (Remote Ce Router)
Example: Configuring MPLS L2VPN Tunnel over LAG Figure 123 on page 557 shows a sample configuration scenario of an MPLS L2VPN or Martini tunnel over LAG. The topology is the same as the one described in “Example: Copyright © 2010, Juniper Networks, Inc.
Page 593: Configuration On Ce1 (Local Ce Router)
1 ! Add the Gigabit Ethernet physical interfaces to the LAG bundle named lag 1. ! Assign an IP address and mask to it. host1:ce1(config-if)#member-interface gigabitEthernet 2/1/0 host1:ce1(config-if)#member-interface gigabitEthernet 2/1/3 host1:ce1(config-if)#ip address 7.7.7.7 255.255.255.0 Copyright © 2010, Juniper Networks, Inc.
Page 594: Configuration On Pe1 (Local Pe Router)
! the next hop that can be used to reach the destination network. host1:pe1(config)#ip route 22.22.22.22 255.255.255.255 2.0.0.2 ! Configure LDP to advertise a non-null label for the egress routes. host1:pe1(config)#mpls ldp egress-label non-null Copyright © 2010, Juniper Networks, Inc.
Page 595: Configuration On Pe2 (Remote Pe Router)
! the next hop that can be used to reach the destination network. host1:pe2(config)#ip route 22.22.22.22 255.255.255.255 2.0.0.1 ! Configure LDP to advertise a non-null label for the egress routes. host1:pe2(config)#mpls ldp egress-label non-null Copyright © 2010, Juniper Networks, Inc.
Page 596: Configuration On Ce2 (Remote Ce Router)
Ethernet frames. The packets reaching the CE-side devices can be S-VLAN-aware or not. The MPLS network might also be S-VLAN-aware or not, which means that S-VLAN tags might or might not be sent over the MPLS cloud. Copyright © 2010, Juniper Networks, Inc.
Page 597: Figure 124: Mpls L2Vpn Tunnel Over Lag Configuration Example
S-VLAN-Unaware Unsupported S-VLAN-Unaware S-VLAN-Unaware S-VLAN-Unaware Supported Table 102 on page 562 describes the different scenarios in which the Martini circuit configuration is supported, when Ethernet raw mode encapsulation is configured on the S-VLAN interfaces. Copyright © 2010, Juniper Networks, Inc.
Page 598: Figure 125: Ethernet Packet Distribution Over Martini Circuits
ES2 4G, ES2 10G, ES2 10G Uplink, and ES2 10G ADV LMs. When the packet reaches the subinterface on the ingress line module (ES2 4G LM and ES2 10G LM), point C, inside PE2, the added MPLS header is removed and the packet Copyright © 2010, Juniper Networks, Inc.
Page 599: Examples: Configuring S-Vlan Subinterface With An Untagged C-Vlan Id
ID to identify a particular user: If the S-VLAN Ethertype is 0x8100, then you must create two sub-interfaces, one for the double-tagged packets, and the other for single-tagged packets to process both these types of packets. Copyright © 2010, Juniper Networks, Inc.
Page 600: Figure 126: Martini Circuit With Two Pseudowires Between Pe-Facing
X and Ethertype as 8100 are matched to the sub-interface. Case 2: Assume that vlan id X is configured on the subinterface. In this case, only single-tagged packets with VLAN ID X and Ethertype of 8100 are matched to this Copyright © 2010, Juniper Networks, Inc.
Page 601: Example: Multiple Atm Virtual Circuits Over A Single Pseudowire
PE1, on one side of the core are connected by an ATM port. Similarly, PE2 and CE2 are connected by an ATM port. The necessary MPLS Martini circuit configuration and VPI/VCI range configuration are added to the ATM ports on PE1 and Copyright © 2010, Juniper Networks, Inc.
Page 602: Figure 127: Martini Circuit Deployment For Transmission Of Multiple Atm Vcs
VPI/VCI range. For data traffic traversing from CE2 to CE1, the same workflow is followed with the roles reserved—PE2 as the transmitter of MPLS labeled packet and PE2 as the receiver of MPLS labeled packet. Copyright © 2010, Juniper Networks, Inc.
Page 603 VPI/VCI range. If the ATM cells do not fall within the configured VPI/VCI range, they are discarded. Related Multiple ATM Virtual Circuits over a Single Pseudowire Overview on page 529 Documentation mpls-relay atm vpi-range vci-range mpls-relay atm cell-packing mcpt-timer Copyright © 2010, Juniper Networks, Inc.
Page 605: Monitoring Layer 2 Services Over Mpls
The following statistics are maintained for each MPLS shim interface: receive packets and octets transmit packets and octets receive discarded packets transmit discarded packets receive error packets transmit error packets To set a statistics baseline for layer 2 services over MPLS: Copyright © 2010, Juniper Networks, Inc.
Page 606: Monitoring Atm Martini Cell Packing Timers For Layer 2 Services Over Mpls
9180 up ATM 2/0.200 RFC-1483 200 0 200 PVC SNAP 9180 up ATM 2/0.201 RFC-1483 201 0 201 PVC SNAP 9180 up 4 interface(s) found To display the current state of a specific ATM subinterface: Copyright © 2010, Juniper Networks, Inc.
Page 607: Table 104: Show Atm Subinterface Output Fields
“ Martini cell aggregation: disabled” appears instead of this field. Displayed for an individual ATM over MPLS interface with AAL0 encapsulation NOTE: For ATM over MPLS interfaces, the ATM-Prot field displays ATM/MPLS. Related show atm subinterface Documentation Copyright © 2010, Juniper Networks, Inc.
Page 608: Monitoring Atm Cross-Connects For Layer 2 Services Over Mpls
LSPs configured on the label-switching router (LSR). The brief keyword displays only the the action taken for each in label. Action To display LSP configuration and statistics from the MPLS forwarding table: host1:two#show mpls forwarding serial4/1:1/1/1/1/1.1 to 222.9.1.3 Copyright © 2010, Juniper Networks, Inc.
Page 609: Table 106: Show Mpls Forwarding Output Fields
Label sent to upstream neighbor for route Out label Label received from downstream neighbor for route pkts Number of packets sent across tunnel hcPkts Number of high-capacity (64-bit) packets sent across tunnel octets Number of octets sent across tunnel Copyright © 2010, Juniper Networks, Inc.
Page 610: Monitoring Mpls Layer 2 Interfaces For Layer 2 Services Over Mpls
0: traffic class best-effort, bound to ethernet FastEthernet2/0 Queue length 0 bytes Forwarded packets 0, bytes 0 Dropped committed packets 0, bytes 0 Dropped conformed packets 0, bytes 0 Dropped exceeded packets 0, bytes 0 Copyright © 2010, Juniper Networks, Inc.
Page 611: Table 107: Show Mpls Interface And Show Mpls L2Transport Interface Output
Address of the remote PE router for the layer 2 circuit Virtual circuit ID VC ID number for the interface Group ID Group ID number for the interface Control word Configuration of the control word Copyright © 2010, Juniper Networks, Inc.
Page 612 Queue and traffic class bound to the specified interface Queue length Number of bytes in the queue Forwarded packets, bytes Total number of packets and bytes forwarded by this interface Copyright © 2010, Juniper Networks, Inc.
Page 613 Number of packets that are dropped for some reason at receipt or before being sent discardPkts Number of packets that are discarded because of lack of buffer space at receipt or before being sent Interface Interface specifier Copyright © 2010, Juniper Networks, Inc.
Page 614 Load-balancing group associated with the layer 2 Martini transport circuit Admin state Administrative state of the interface, enabled or disabled Oper state Operational state of the interface, up or down Related show mpls interface Documentation show mpls l2transport interface Copyright © 2010, Juniper Networks, Inc.
Page 617: Vpls Overview
BGP as the protocol that signals reachability for the VPLS domain in which the VPLS instance participates. You must configure BGP on each provider edge (PE) router in your topology to provide signaling for each VPLS domain. Copyright © 2010, Juniper Networks, Inc.
Page 618: Vpls Components Overview
As illustrated in Figure 128 on page 582, a typical VPLS topology consists of the following components. VPLS Domains on page 583 Customer Edge Devices on page 583 VPLS Edge Devices on page 583 Copyright © 2010, Juniper Networks, Inc.
Page 619: Vpls Domains
PE devices. The router encapsulates Ethernet frames from the CE device in an MPLS packet and then forwards the encapsulated frames to the service provider core through the provider (P) router. This encapsulation is identical to Martini encapsulation for Ethernet layer 2 services over MPLS. Copyright © 2010, Juniper Networks, Inc.
Page 620: Vpls And Transparent Bridging Overview
Bridged Ethernet 2/0.12 2b2b.2b2b.2b2b – – VPLS virtual core interface 4b4b.4b4b.4b4b Table 110: VPLS Forwarding Table on PE 2 for VPLS A Interface MAC Address Outgoing Label Received Label Fast Ethernet 3/5 3a3a.3a3a.3a3a – – Copyright © 2010, Juniper Networks, Inc.
Page 621: Subscriber Policies For Vpls Network Interfaces Overview
Each network interface is associated with a default subscriber policy for that interface type. The subscriber policy is a set of forwarding and filtering rules that defines how the specified interface handles various packet or attribute types, as follows: Copyright © 2010, Juniper Networks, Inc.
Page 622: Modifying Subscriber Policies
VPLS virtual core interface. Trunk interfaces and the VPLS virtual core interface always use the default trunk policy, which forwards packets of all types and permits relearning. Copyright © 2010, Juniper Networks, Inc.
Page 623: Considerations For Vpls Network Interfaces
JunosE Link Layer Configuration Guide. BGP Signaling for VPLS Overview BGP multiprotocol extensions (MP-BGP) enable BGP to support IPv4 services such as BGP/MPLS VPNs, which are sometimes known as RFC 2547bis VPNs. VPLS with BGP Copyright © 2010, Juniper Networks, Inc.
Page 624: Ldp Signaling For Vpls Overview
VPLS identifier for the VPLS instance, and the mpls ldp vpls neighbor command to configure a list of neighbor (peer) addresses to which LDP can send or from which LDP can receive targeted hello messages. Copyright © 2010, Juniper Networks, Inc.
Page 625: Pwid Fec Element Tlv
BEST PRACTICE: To prevent the creation of layer 2 loops due to a misconfiguration or temporary loops during a topology change and subsequent convergence, we recommend that you employ the Spanning Tree Protocol (STP) on your CE devices. Copyright © 2010, Juniper Networks, Inc.
Page 626 PE router for the purpose of reflecting layer 2 routes. Layer 2 prefixes that have different route distinguishers are considered to have different NLRI for route reflection. This result of the standard BGP path selection process enables Copyright © 2010, Juniper Networks, Inc.
Page 627: Designated Ve Device Selection For A Multihomed Site
The result of this process establishes that the best path is suitable for establishing a pseudowire from the remote PE router to the PE router. That PE router is accordingly selected as the designated VE device. Copyright © 2010, Juniper Networks, Inc.
Page 628 When a VE device receives an advertisement for a layer 2 NLRI that matches its own site ID but the site is not multihomed, then the pseudowire between it and the transmitting PE router transitions to a site collision (SC) state and is not considered to be up. Copyright © 2010, Juniper Networks, Inc.
Page 629: Multihoming Reaction To Failures In The Network
VPLS pseudowires as needed. To modify their pseudowires, the peer routers correct their MPLS forwarding tables and set up new entries in their pseudowire tables. VPLS Supported Features The JunosE implementation of VPLS provides the following features: Copyright © 2010, Juniper Networks, Inc.
Page 630: Vpls Platform Considerations
For information about the modules that support VPLS network interfaces and VPLS virtual core interfaces on ERX14xx models, ERX7xx models, and ERX310 Braoadband Services Router: See ERX Module Guide, Table 1, Module Combinations for detailed module specifications. Copyright © 2010, Juniper Networks, Inc.
Page 631: Interface Specifiers
RFC 4447—Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) (April 2006) RFC 4762—Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling (January 2007) Virtual Private LAN Service—draft-ietf-l2vpn-vpls-bgp-05.txt (October 2005 expiration) Copyright © 2010, Juniper Networks, Inc.
Page 632 NOTE: IETF drafts are valid for only 6 months from the date of issuance. They must be considered as works in progress. Please refer to the IETF Web site at http://www.ietf.org for the latest drafts. Copyright © 2010, Juniper Networks, Inc.
Page 633: Configuring Vpls
Configuring VPLS Instances with LDP Signaling on page 611 Configuring LDP Signaling for VPLS on page 612 Configuring Routing in the Core Network for VPLS on page 612 Example: Configuring VPLS LDP Signaling on page 613 Copyright © 2010, Juniper Networks, Inc.
Page 634: Configuring Vpls With Bgp Signaling On A Pe Router
Table 114 on page 598 lists the commands that you use to configure a basic VPLS instance, as described in this section. Table 114: Commands to Configure Basic VPLS Instances bridge vpls rd bridge vpls site-range bridge vpls route-target bridge vpls transport-virtual-routers bridge vpls site-name site-id Copyright © 2010, Juniper Networks, Inc.
Page 635 Create or add a route target to the import and export lists of VPN extended communities for this VPLS instance. host1(config)#bridge customer1 vpls route-target both 100:1 The PE router uses the lists of VPN extended communities to determine which routes are imported by this VPLS instance. Copyright © 2010, Juniper Networks, Inc.
Page 636: Configuring Bgp Multihoming For Vpls
PE router can begin providing service to the customer site as soon as the failure is detected. The redundant connectivity maintains the VPLS service and traffic forwarding to and from the multihomed site while avoiding the formation of layer 2 traffic loops. Copyright © 2010, Juniper Networks, Inc.
Page 637: Configuring Optional Attributes For Vpls Instances
(Optional) Set the length of time that a dynamic (learned) MAC address entry can remain in the forwarding table of the specified VPLS instance before expiring. host1(config)#bridge vplsB aging-time 1000 (Optional) Set the maximum number of dynamic MAC address entries that the specified VPLS instance can learn. Copyright © 2010, Juniper Networks, Inc.
Page 638: Configuring Vpls Network Interfaces
From Interface Configuration mode or Subinterface Configuration mode, assign the interface to the specified VPLS instance. host1(config-if)#bridge-group customer1 Issuing this command with no optional keywords configures the network interface as a subscriber (client) interface by default. Copyright © 2010, Juniper Networks, Inc.
Page 639: Configuring The Loopback Interface And Router Id For Vpls
Configure a loopback interface on the PE router and assign it an IP address. host1(config)#interface loopback 0 host1(config-if)#ip address 10.3.3.3 255.255.255.255 host1(config-if)#exit Assign the router ID using the IP address you configured for the loopback interface. host1(config)#ip router-id 10.3.3.3 Copyright © 2010, Juniper Networks, Inc.
Page 640: Configuring Mpls Lsps For Vpls
For complete information about configuring MPLS LSPs, see Configuring MPLS on page 275. mpls mpls ldp Configuring BGP Signaling for VPLS This section describes one way to configure BGP signaling for VPLS, but does not provide complete details about configuring BGP and BGP/MPLS VPNs. Copyright © 2010, Juniper Networks, Inc.
Page 641: Table 115: Commands To Configure Bgp Signaling For Vpls
This example configures only the next-hop-self attribute, forcing the BGP speaker to report itself as the next hop for an advertised route that it learned from a neighbor. host1(config-router-af)#neighbor 10.4.4.4 next-hop-self host1(config-router-af)#exit-address-family Copyright © 2010, Juniper Networks, Inc.
Page 642: Example: Configuring Vpls With Bgp Signaling
The example in this section shows how to configure the VPLS topology illustrated in Figure 129 on page 607. The example includes the commands for configuring VPLS on both the local E Series router (PE 1) and the remote E Series router (PE 2). Copyright © 2010, Juniper Networks, Inc.
Page 643: Topology Overview Of Vpls With Bgp Signaling
After you configure the bridging, MPLS, and BGP components of VPLS, the router automatically generates a VPLS virtual core interface for each VPLS instance. The VPLS virtual core interface represents all of the MPLS tunnels from the router to the remote VE device. Copyright © 2010, Juniper Networks, Inc.
Page 644: Configuration On Pe 1 (Local Pe Router)
! and assign it an IP address. host1(config)#interface atm 2/0.100 point-to-point host1(config-subif)#atm pvc 100 1 100 aal5snap 0 0 0 host1(config-subif)#ip address 192.168.1.1 255.255.255.0 ! Enable MPLS, LDP, and topology-driven LSPs on the core-facing interface. host1(config-subif)#mpls host1(config-subif)#mpls ldp host1(config-subif)#exit Copyright © 2010, Juniper Networks, Inc.
Page 645: Configuration On Pe 2 (Remote Pe Router)
! Configure a loopback interface on PE 2 and assign it an IP address. host2(config)#interface loopback 0 host2(config-if)#ip address 10.2.2.2 255.255.255.255 host2(config-if)#exit ! Assign the router ID for PE 2 using the IP address of the loopback interface. host2(config)#ip router-id 10.2.2.2 Copyright © 2010, Juniper Networks, Inc.
Page 646: Configuring Vpls With Ldp Signaling On A Pe Router
For instructions, see “Subscriber Policies for VPLS Network Interfaces Overview” on page 585. Configure a loopback interface to be associated with the targeted LDP neighbor, and assign a router ID that uses the IP address of the loopback interface. Copyright © 2010, Juniper Networks, Inc.
Page 647: Configuring Vpls Instances With Ldp Signaling
(customer3 in this example) already exists on the router, issuing this command causes the bridge group to become a VPLS instance. Related Configuring VPLS with LDP Signaling on a PE Router on page 610 Documentation bridge vpls transport-virtual-router Copyright © 2010, Juniper Networks, Inc.
Page 648: Configuring Ldp Signaling For Vpls
MPLS network. This section explains one way to configure OSPF to enable routing in the core network. Table 117 on page 613 lists the commands discussed in this section to configure OSPF. Copyright © 2010, Juniper Networks, Inc.
Page 649: Example: Configuring Vpls Ldp Signaling
The example in this section shows how to configure the VPLS topology illustrated in Figure 130 on page 614. The example includes the commands for configuring VPLS on both the local E Series router (PE 1) and the remote E Series router (PE 2). Copyright © 2010, Juniper Networks, Inc.
Page 650: Topology Overview Of Vpls With Ldp Signaling
“Topology Overview of VPLS with BGP Signaling” on page 607. Configuration on PE 1 (Local PE Router) Use the following commands on the local PE router (PE 1) to configure the VPLS topology shown in Figure 130 on page 614. Copyright © 2010, Juniper Networks, Inc.
Page 651: Configuration On Pe 2 (Remote Pe Router)
10.10.10.0 0.0.0.255 area 0.0.0.0 host1(config-router)#exit Configuration on PE 2 (Remote PE Router) Use the following commands on the remote PE router (PE 2) to configure the VPLS topology shown in Figure 130 on page 614. Copyright © 2010, Juniper Networks, Inc.
Page 652 ! Configure OSPF routing in the core MPLS network. host2(config)#router ospf 1 host2(config-router)#network 2.2.2.2 0.0.0.0 area 0.0.0.0 host2(config-router)#network 20.20.20.0 0.0.0.255 area 0.0.0.0 host2(config-router)#exit Related Configuring VPLS with LDP Signaling on a PE Router on page 610 Documentation Copyright © 2010, Juniper Networks, Inc.
Page 653: Monitoring Vpls
You can use the following baseline commands to set a statistics baseline for a VPLS instance, for a network interface associated with a VPLS instance, or for the VPLS virtual core interface associated with a VPLS instance. The router implements the baseline by Copyright © 2010, Juniper Networks, Inc.
Page 654: Setting A Baseline For A Vpls Instance
Tasks to clear the VPLS forwarding table are: Clearing All Dynamic MAC Addresses from the VPLS Forwarding Table on page 619 Clearing a Specific Dynamic MAC Addresses from the VPLS Forwarding Table on page 619 Copyright © 2010, Juniper Networks, Inc.
Page 655: Clearing All Dynamic Mac Addresses From The Vpls Forwarding Table
To clear all dynamic MAC address entries for the VPLS virtual core interface associated with a VPLS instance: Issue the clear bridge interface vpls command. host1#clear bridge interface vpls vplsA Related clear bridge Documentation clear bridge address clear bridge interface clear bridge interface vpls Copyright © 2010, Juniper Networks, Inc.
Page 656: Clearing Bgp Attributes For Vpls
To clear the wait for receiving an End-of-RIB marker from the peer for the L2VPN address family: Issue the clear ip bgp wait-end-of-rib command. host1#clear ip bgp l2vpn wait-end-of-rib Related clear ip bgp Documentation clear ip bgp dampening clear ip bgp wait-end-of-rib Copyright © 2010, Juniper Networks, Inc.
Page 657: Monitoring Vpls Configuration And Statistics For A Specific Vpls Instance
Maximum number of dynamic MAC addresses that the VPLS instance can learn Link Status Snmp Traps Whether SNMP link status processing is enabled or disabled Subscriber Policy Name of the subscriber policy currently in effect Copyright © 2010, Juniper Networks, Inc.
Page 658: Monitoring Vpls Configuration And Statistics For All Vpls Instances
Display configuration and statistics information for all VPLS instances configured on the router. Action To display the names of all VPLS instances configured on the router: host1#show bridge groups BridgeGroup: vplsA(vpls) BridgeGroup: vplsB(vpls) To display configuration settings for all VPLS instances on the router: Copyright © 2010, Juniper Networks, Inc.
Page 659: Table 119: Show Bridge Groups Details Output Fields
Bridge Mode Bridging capability currently enabled; for a VPLS instance, this field always displays default Aging Time Length of time, in seconds, that a MAC address entry can remain in the forwarding table before expiring Copyright © 2010, Juniper Networks, Inc.
Page 660: Monitoring Configuration, Statistics, And Status For Vpls Network Interfaces
Documentation Monitoring Configuration, Statistics, and Status for VPLS Network Interfaces Purpose Display configuration, statistics, and status information for a specified network interface or for all interfaces assigned to a VPLS instance. Copyright © 2010, Juniper Networks, Inc.
Page 661 Queue length 0 bytes Forwarded packets 27, bytes 3898 Dropped committed packets 0, bytes 0 Dropped conformed packets 0, bytes 0 Dropped exceeded packets 0, bytes 0 vpls vplsB Port Number: 2 Operational Status: Down Copyright © 2010, Juniper Networks, Inc.
Page 662: Table 120: Show Bridge Interface Output Fields
Displays statistics information for the specified port In Octets Number of octets received on this interface In Frames Number of frames received on this interface In Discards Number of incoming packets discarded on this interface Copyright © 2010, Juniper Networks, Inc.
Page 663: Table 121: Show Bridge Interface Output Fields
Field Description Interface Interface type and specifier associated with the port Port Port number on which this interface resides Status Operational status of the physical interface: Up, Down, LowerLayerDown, NotPresent Related show bridge interface Documentation Copyright © 2010, Juniper Networks, Inc.
Page 664: Monitoring Configuration, Statistics, And Status For Vpls Core Interfaces
Maximum number of dynamic MAC addresses that the interface can learn Subscriber Policy Name of the subscriber policy currently in effect for the interface Statistics Displays statistics information for the specified port In Octets Number of octets received on this interface Copyright © 2010, Juniper Networks, Inc.
Page 665: Monitoring Configuration, Statistics, And Status For Vpls Ports
Monitoring Configuration, Statistics, and Status for VPLS Ports Purpose Display configuration, statistics, and status information for ports (interfaces) associated with a VPLS instance. Action To display information for VPLS ports: host1#show bridge vplsC port FastEthernet1/1.1 Copyright © 2010, Juniper Networks, Inc.
Page 666: Table 123: Show Bridge Port Output Fields
Table 123 on page 630 lists the show bridge port command output fields. Table 123: show bridge port Output Fields Field Name Field Description BridgeGroup Name of the VPLS instance to which the interface belongs Port Number Port number on which this interface resides Copyright © 2010, Juniper Networks, Inc.
Page 667 Number of packets and bytes forwarded on this queue Dropped committed Number of committed packets and bytes that were dropped packets, bytes Dropped conformed Number of conformed packets and bytes that were dropped packets, bytes Copyright © 2010, Juniper Networks, Inc.
Page 668: Monitoring Mac Address Entries For A Specific Vpls Instance
Field Description Bridge Name of the VPLS instance for which the MAC address table is displayed Address MAC address of the entry Action Specifies how the VPLS instance handles this entry: forward or discard Copyright © 2010, Juniper Networks, Inc.
Page 669: Monitoring Subscriber Policy Rules
: Permit Unicast : Permit PPPoE : Permit Relearn : Permit Mpls : Permit Subscriber: default Trunk : Permit Broadcast : Permit Multicast : Permit Unknown Destination : Permit : Permit Unknown Protocol : Permit Copyright © 2010, Juniper Networks, Inc.
Page 670: Monitoring Layer2 Nlri For Vpls Instances
To display layer 2 NLRI for the route that matches a specified prefix (site ID and block offset) in the L2VPN address family or in the VPLS address family, use the site-id and block-offset keywords. Copyright © 2010, Juniper Networks, Inc.
Page 671 Graceful-restart is not ready to switch to the standby SRP The last restart was not graceful Local-RIB version 11. FIB version 11. Messages Messages Prefixes Neighbor AS State Up/down time Sent Received Received 2.2.2.2 100 Established 00:30:35 Copyright © 2010, Juniper Networks, Inc.
Page 672: Table 127: Show Ip Bgp L2Vpn Output Fields
Local BGP identifier IP address of the local VE router local AS Autonomous system number Local-RIB version Version number of the local routing information base FIB version Version number of the forwarding information base Copyright © 2010, Juniper Networks, Inc.
Page 673: Monitoring Bgp Next Hops For Vpls
To display next hop information that matches the specified indirect next-hop address (2.2.2.2) in the L2VPN address family: host1#show ip bgp l2vpn all next-hops 2.2.2.2 Indirect next-hop 2.2.2.2 Resolution in IP route table of VR IP indirect next-hop index 2 Copyright © 2010, Juniper Networks, Inc.
Page 674: Monitoring Ldp-Related Settings For Vpls
Display MPLS configuration information for a VPLS instance that uses LDP as the signaling protocol. Action To display information for all VPLS instances configured on the virtual router: host1:ve1#show ldp vpls Vpls Vpls Remote Instance In-label Out-label Copyright © 2010, Juniper Networks, Inc.
Page 675: Monitoring Mpls-Related Settings For Vpls
To display summary information for all MPLS labels being used for forwarding: host1:ve1#show mpls forwarding brief In-label Owner Action -------- ----- ---------------------------------- Forward to bridge-group customer1 Forward to bridge-group customer2 Meaning Table 130 on page 640 lists the show mpls forwarding command output fields. Copyright © 2010, Juniper Networks, Inc.
Page 676: Monitoring Vpls-Specific Settings
SC = Local and Remote Site Identifier Collision EM = Encapsulation Mismatch OR = Out of Range DN = VC Down because Remote PE Unreachable LD = Local Site Down RD = Remote Site Down Copyright © 2010, Juniper Networks, Inc.
Page 677 Bridge Mode: default Aging Time: 300 secs Learning: Enabled Max Learn: Unlimited Link Status Snmp Traps: Disabled Subscriber Policy: default Subscriber Port Count: Interface Count: Transport Virtual Rtr: Route Distinguisher: 1.1.1.1:10 SiteName: westford SiteId: Copyright © 2010, Juniper Networks, Inc.
Page 678: Table 131: Show Vpls Connections Output Fields
VPLS virtual core interface Interface Count Number of network interfaces currently configured for the VPLS instance Transport Virtual Rtr Name of the transport virtual router configured for the VPLS instance Copyright © 2010, Juniper Networks, Inc.
Page 679 IP address of the remote VPLS edge (VE) router, which is analogous to the remote provider edge (PE) router in a BGP/MPLS VPN configuration In-label Incoming MPLS label from the remote site Out-label Outgoing MPLS label used to reach the remote site Copyright © 2010, Juniper Networks, Inc.
Page 680 Field Name Field Description MPLS NH Idx MPLS next-hop index number that corresponds to the outgoing MPLS label Up-down Time Time since the last state change for this VPLS connection Related show vpls connections Documentation Copyright © 2010, Juniper Networks, Inc.
Page 683: Vpws Overview
VPNs over layer 2 circuits. BGP signaling also enables autodiscovery of L2VPN peers. VPWS is similar to BGP/MPLS VPNs and VPLS in many respects, because all three types of services employ BGP for signaling. Copyright © 2010, Juniper Networks, Inc.
Page 684: Figure 131: Vpws Sample Topology
VPWS L2VPN must be configured with the VPWS L2VPN’s encapsulation type. The layer 2 interfaces that connect the PE router and CE device pairs are configured to be members of the corresponding VPWS L2VPN, L2VPN A or L2VPN B. Copyright © 2010, Juniper Networks, Inc.
Page 685: Bgp Signaling For L2Vpns Overview
VPWS instance. Traffic coming into the local interface from the CE device is cross-connected to an MPLS next hop that corresponds to the demultiplexer. Traffic is then encapsulated in MPLS and sent across the MPLS core to the remote PE router in the L2VPN. Copyright © 2010, Juniper Networks, Inc.
Page 686: Vpws Components Overview
Figure 132 on page 650 shows the components of a typical VPWS L2VPN topology. Figure 132: VPWS Components VPWS Instances on page 651 Customer Edge Devices on page 651 VPWS Provider Edge Devices on page 651 Copyright © 2010, Juniper Networks, Inc.
Page 687: Vpws Instances
BGP multiprotocol extensions (MP-BGP) enable BGP to support IPv4 services such as BGP/MPLS VPNs, which are sometimes known as RFC 2547bis VPNs. A VPWS L2VPN is actually a BGP-MPLS application that has much in common with BGP/MPLS VPNs. Copyright © 2010, Juniper Networks, Inc.
Page 688: Bgp Multihoming For Vpws Overview
You specify on each PE router connected to the CE device in the VPWS that the site is multihomed and you configure a priority. The priority serves as a site preference and is propagated by BGP in the local-preference attribute. Copyright © 2010, Juniper Networks, Inc.
Page 689 Layer 2 prefixes that have different route distinguishers are considered to have different NLRI for route reflection. This result of the L2VPN multihoming decision process enables the RR to reflect all routes that have different route distinguishers to all other RR clients Copyright © 2010, Juniper Networks, Inc.
Page 690: Designated Ve Device Selection For A Multihomed Site
The multihoming selection process is similar to the standard BGP process, but it omits two steps: The process does not prefer locally originated routes. Local origination is of no value in establishing the designated VE device. The PE routers connected to the customer Copyright © 2010, Juniper Networks, Inc.
Page 691 PE routers in the VPWS network. The PE router receives the multihomed advertisements and selects a best path; it does not originate any of these advertisements because it is not connected to the multihomed customer site. Copyright © 2010, Juniper Networks, Inc.
Page 692: Multihoming Reaction To Failures In The Network
PE router. BGP sends a layer 2 update with the new local preference attribute to all peer PE routers. The peer PE routers each run the best path selection process again and adjust the VPWS pseudowires as needed. Copyright © 2010, Juniper Networks, Inc.
Page 693: Vpws Supported Features
See ERX Module Guide, Chapter 1, Module Combinations for detailed module specifications. See ERX Module Guide, Appendix A, Module Protocol Support for information about the modules that support VPWS. For information about the modules that support VPWS on E120 and E320 Broadband Services Routers: Copyright © 2010, Juniper Networks, Inc.
Page 694: Interface Specifiers
NOTE: IETF drafts are valid for only 6 months from the date of issuance. They must be considered as works in progress. Please refer to the IETF Web site at http://www.ietf.org for the latest drafts. Copyright © 2010, Juniper Networks, Inc.
Page 695: Configuring Vpws
See “Configuring Customer-Facing Interfaces in the VPWS Instance” on page 662 (Optional) Configure local cross-connects. See “Configuring a Local Cross-Connect for VPWS” on page 663 Configure the loopback interface and router ID for BGP. Copyright © 2010, Juniper Networks, Inc.
Page 696: Configuring An Vpws Instance
Configure the maximum number of customer sites that can participate in the L2VPN. host1(config)#l2vpn exampleco site-range 10 Configure the name and ID number for the customer sites in the L2VPN instance. Copyright © 2010, Juniper Networks, Inc.
Page 697: Configuring Bgp Multihoming For Vpws
2 traffic loops. To configure BGP multihoming on a VPWS PE router: Configure the site as multihomed and specify a multihoming priority for the PE site for this instance. Copyright © 2010, Juniper Networks, Inc.
Page 698: Types Of Interfaces To Configure In The Vpws Instance
VPWS L2VPN. host1(config-if)#l2vpn exampleco local-site-id 1 remote-site-id 2 host1(config-if)#exit Repeat for all customer-facing interfaces in the VPWS. host1(config)#interface fastEthernet 4/1 host1(config-if)#l2vpn exampleco local-site-id 1 remote-site-id 3 host1(config-if)#exit Related interface fastEthernet Documentation l2vpn local-site-id remote-site-id Copyright © 2010, Juniper Networks, Inc.
Page 699: Local Cross-Connects For Vpws Overview
Configure the correct local and remote site IDs on the two local interfaces that are being cross-connected. host1(config)#interface fastEthernet 4/0 host1(config-if)#l2vpn exampleco local-site-id 1 remote-site-id 2 host1(config-if)#exit host1(config)#interface fastEthernet 4/1 host1(config-if)#l2vpn exampleco local-site-id 2 remote-site-id 1 host1(config-if)#exit Copyright © 2010, Juniper Networks, Inc.
Page 700: Bgp Loopback Interface And Router Id Overview
Table 134 on page 664 lists the commands used in this section to configure BGP signaling for VPWS. Table 134: Commands to Configure BGP Signaling for VPWS address-family l2vpn neighbor next-hop-self address-family vpws neighbor remote-as exit-address-family neighbor update-source Copyright © 2010, Juniper Networks, Inc.
Page 701: Configuring Bgp Signaling For Vpws
You must issue the address-family vpws command separately for each VPWS instance configured on the router. host1(config-router)#address-family vpws l2vpnA host1(config-router)#address-family vpws l2vpnB Related Configuring BGP Routing on page 3 Documentation Configuring BGP-MPLS Applications on page 385 Copyright © 2010, Juniper Networks, Inc.
Page 702: Mpls Lsps For Vpws Overview
Enable MPLS on the core-facing interface. host1(config-subif)#mpls Enable LDP and topology-driven LSPs on the core-facing interface. host1(config-subif)#mpls ldp host1(config-subif)#exit Related Configuring MPLS on page 275 Documentation atm pvc interface atm ip address mpls mpls ldp Copyright © 2010, Juniper Networks, Inc.
Page 703: Example: Configuring Vpws On Local And Remote Routers
MPLS LSPs on the core-facing interfaces to connect PE 1 and PE 2 through the P router across the service provider core. Finally, you must configure BGP on both PE 1 and PE 2 to provide signaling for both L2VPNs. Copyright © 2010, Juniper Networks, Inc.
Page 704: Configuration On Pe 1 (Local Pe Router)
! Configure BGP signaling. host1(config)#router bgp 738 host1(config-router)#neighbor 10.1.1.1 remote-as 738 host1(config-router)#neighbor 10.1.1.1 update-source loopback 0 host1(config-router)#neighbor 10.1.1.1 next-hop-self host1(config-router)#address-family l2vpn signaling host1(config-router-af)#neighbor 10.1.1.1 activate host1(config-router-af)#neighbor 10.1.1.1 next-hop-self host1(config-router-af)#exit-address-family host1(config-router)#address-family vpws l2vpnA host1(config-router-af)#exit-address-family host1(config-router)#address-family vpws l2vpnB Copyright © 2010, Juniper Networks, Inc.
Page 705: Configuration On Pe 2 (Remote Pe Router)
! in L2VPN instance l2vpnB. host2(config)#interface gigabitEthernet 0/1 host2(config-subif)#l2vpn l2vpnB local-site-id 4 remote-site-id 2 host2(config-if)#exit ! Configure a loopback interface on PE 2 and assign it an IP address. host2(config)#interface loopback 0 host2(config-if)#ip address 10.2.2.2 255.255.255.255 host2(config-if)#exit Copyright © 2010, Juniper Networks, Inc.
Page 706 192.168.4.4 255.255.255.0 ! Enable MPLS, LDP, and topology-driven LSPs on the on the core-facing interface. host2(config-subif)#mpls host2(config-subif)#mpls ldp host2(config-subif)#exit ! Enable MPLS, LDP, and topology-driven LSPs on the core-facing interface. host1(config-subif)#mpls host1(config-subif)#mpls ldp host1(config-subif)#exit Copyright © 2010, Juniper Networks, Inc.
Page 707: Monitoring Vpws
Clearing the Wait for the End-of-RIB Marker for the L2VPN Address Family on page 672 Clearing BGP Reachability Information for the L2VPN Address Family To clear BGP reachability information for a specific VPWS instance in the L2VPN address family: Copyright © 2010, Juniper Networks, Inc.
Page 708: Family
Monitoring BGP-Related Settings for VPWS L2VPNS Purpose This section provides examples of some of the show ip bgp commands that you can use to monitor VPWS configurations. Copyright © 2010, Juniper Networks, Inc.
Page 709: Table 135: Commands For Monitoring Bgp Settings For The Vpws Address
The l2vpn all keywords display layer 2 NLRI for all VPWS instances in the L2VPN address family. The output for this version of the command also includes information about any VPLS instances configured in the L2VPN address family. Copyright © 2010, Juniper Networks, Inc.
Page 710 The last restart was not graceful Local-RIB version 6. FIB version 6. (No neighbors are configured) To display information for the route that matches the specified prefix (2:1) for a VPWS instance named customer1 in the VPWS address family: Copyright © 2010, Juniper Networks, Inc.
Page 711: Table 137: Show Ip Bgp L2Vpn Output Fields
Table 137 on page 675 lists the show ip bgp l2vpn command output fields Table 137: show ip bgp l2vpn Output Fields Field Name Field Description Local BGP identifier IP address of the local PE router local AS Autonomous system number Copyright © 2010, Juniper Networks, Inc.
Page 712 Operational state, up or down Status Vector Hexadecimal representation of the status vector bits attached to the route Related show ip bgp Documentation show ip bgp advertised-routes show ip bgp community show ip bgp community-list Copyright © 2010, Juniper Networks, Inc.
Page 713: Monitoring Bgp Next Hops For Vpws L2Vpns
BGP next-hop attribute received in the BGP update message Resolution Describes where the indirect next hop is resolved (the IP routing table, the IP tunnel routing table, or both) and whether this is in a VR or VRF Copyright © 2010, Juniper Networks, Inc.
Page 714: Monitoring Vpws Connections
Local-Site-Id Remote-Site-Id state state --------------- ------------- -------------- ------- ----- FastEthernet4/1 enabled Connections status code: UP = Operational SC = Local and Remote Site Identifier Collision EM = Encapsulation Mismatch OR = Out of Range Copyright © 2010, Juniper Networks, Inc.
Page 715 To display detailed information about connections for a specific VPWS instance: host1#show l2vpn connections instance l2vpn1 details L2VPN: l2vpn1 Encapsulation Type ATM AAL5 SDU VCC transport Use of control word is preferred Send sequence numbers Route Distinguisher 100:11 Copyright © 2010, Juniper Networks, Inc.
Page 716: Table 139: Show L2Vpn Connections Output Fields
Priority of the VPWS instance to serve as the backup PE router for the CE device in the event of a network failure in the multihomed configuration; indicates also that the site is multihomed Route Targets Route targets configured for the VPWS instance Copyright © 2010, Juniper Networks, Inc.
Page 717: Monitoring Vpws Instances
To display detailed information about all VPWS instances configured on the router: host1#show l2vpn instance all detail L2VPN: l2vpn1 Encapsulation Type Ethernet Use of control word is preferred Send sequence numbers Route Distinguisher 100:11 Site Range 10 Copyright © 2010, Juniper Networks, Inc.
Page 718: Table 140: Show L2Vpn Instance Output Fields
ATM1/1.1 enabled down Meaning Table 140 on page 682 lists the show l2vpn instance command output fields. Table 140: show l2vpn instance Output Fields Field Name Field Description L2VPN Name of VPWS instance Copyright © 2010, Juniper Networks, Inc.
Page 719: Monitoring L2Vpn Interfaces For Vpws
L2VPN interface or all L2VPN interfaces. Action To display L2VPN interface information for a particular VPWS instance: host1#show l2vpn interface instance l2vpn1 MPLS shim interface ATM2/0.100 ATM circuit type is AAL5 Member of L2VPN instance l2vpn1 Copyright © 2010, Juniper Networks, Inc.
Page 720: Table 141: Show L2Vpn Interface Output Fields
Relay format Type of signaling and encapsulation used by the router for layer 2 traffic Administrative state Administrative state of the interface, enabled or disabled Operational state Operational state of the interface, up or down Copyright © 2010, Juniper Networks, Inc.
Page 721: Monitoring Mpls Forwarding Table For Vpws
UID automatically assigned to the MPLS major interface when it is created Condensed location Internal, platform-dependent, 32-bit representation of the interface location, used by Juniper Networks Customer support for troubleshooting. Received Number of packets, bytes, errors and discards received on the...
Page 722: Table 142: Show Mpls Forwarding Output Fields
Table 142 on page 686 lists the show mpls forwarding command output fields. Table 142: show mpls forwarding Output Fields Field Name Field Description In label Label sent to upstream neighbor for route Out label Label received from downstream neighbor for route Copyright © 2010, Juniper Networks, Inc.
Page 723 Number of packets that are discarded due to lack of buffer space before being sent Interface Layer 2 interface that is a member of an L2VPN Related show mpls forwarding Documentation Copyright © 2010, Juniper Networks, Inc.
Page 727: Index
MPLs packets....530 defining................612 for concatenation of multiple cells AS (autonomous system)............3 and transmission over a single advertising networks in..........50 pseudowire............530 confederation..............141 IGP (interior gateway protocol)........7 managing a large-scale..........141 AS path filtering..............86 Copyright © 2010, Juniper Networks, Inc.
Page 728 ASs........50 limit on total number of........532 advertising routes conditionally........61 performance impact .........532 advertising two best routes........52 unified ISSU and..........532 aggregator path attribute..........11 Copyright © 2010, Juniper Networks, Inc.
Page 729 AS numbers capability......123 speaker.................3 graceful restart .............123 synchronization..............131 and BFD..............138 troubleshooting.............157 IBGP..................6 update message..............7 inheritance of configuration values......21 VPLS, configuring............604 keepalive message............7 bgp commands...............113 keepalives and BFD.............138 bgp advertise-best-external-to-internal....52 L2VPNs, configuring..........664 bgp advertise-inactive..........61 Copyright © 2010, Juniper Networks, Inc.
Page 730 VR, peering with VRF........457 fallback global example........466, 468 path failure, ECMP............386 fast reconvergence............457 peering between VRF and parent VR....457 filtering routes...............416 platform considerations...........395 full mesh VPN...............427 provider core routers..........388 provider edge routers..........388 Copyright © 2010, Juniper Networks, Inc.
Page 731 VRF...................390 BGP hard................96 Bidirectional Forwarding Detection. See BFD BGP soft................96 Border Gateway Protocol. See BGP clear bgp ipv6 commands bridge commands clear bgp ipv6..............96 bridge acquire..............601 clear bgp ipv6 dampening........100 bridge address..............601 bridge aging-time............601 Copyright © 2010, Juniper Networks, Inc.
Page 732 RIP data path failure........266 connectivity verification disable-dynamic-redistribute command......54 at egress nodes discovery, LDP in point-to-multipoint MPLS LSPs....246 basic...................251 using ping feature for extended................251 point-to-multipoint LDP LSPs, distance bgp command..........134, 135 unsupported.............247 connectivity, verify and troubleshoot MPLS....245 Copyright © 2010, Juniper Networks, Inc.
Page 733 IETF draft, Detecting Data Plane Failures setting the BGP/MPLS VPN........431 in Point-to-Multipoint Multiprotocol use..................434 Label Switching (MPLS) - Extensions to export map command............434 LSP Ping ............248 extended communities type value, 12..............248 BGP................12, 95 route target..............391 Copyright © 2010, Juniper Networks, Inc.
Page 734 VCI/VPI values as the data hard clear of BGP sessions..........96 cells..............530 hardware limitations inter-AS (interprovider) services with ATM line modules IPv4..................403 and support of multiple VCs over a single IPv6..................411 pseudowire............529 Copyright © 2010, Juniper Networks, Inc.
Page 735 See mpls commands; router ID.............249 mpls bandwidth using in echo requests ip vrf commands that contain RSVP P2MP Session ip vrf..................424 sub-TLV.............250 ip vrf forwarding..........436, 438 IPv6 VPNs carrier-of-carriers............478 global export maps............436 inter-AS services............411 intra-AS services............401 Copyright © 2010, Juniper Networks, Inc.
Page 736 VPLS signaling........612 configuring shim interfaces......519, 540 discovery mechanisms..........251 control word..............516 extended discovery............251 control word support for ATM FEC aggregation............288 passthrough..............522 FEC deaggregation.............288 Ethernet aggregation..........545 graceful restart.............256 graceful restart configuration tasks.....289 Copyright © 2010, Juniper Networks, Inc.
Page 737 BGP/MPLS VPN.......455 export................432 maximum route warning threshold, BGP/MPLS global export............435, 436 VPN..................455 global import..............435 maximum routes command..........456 import................435 maximum-paths command..........446 member interface command...........547 meshed peers, reduce BGP..........141 messages, BGP................7 Copyright © 2010, Juniper Networks, Inc.
Page 738 RSVP-TE............240 EXP bits................221 ordered control.............227 experimental bits............221 OSPF, configuring............301 explicit null label............220 overview..............209, 218 explicit path path options for backup..........252 configured..............235 penultimate hop popping........220 configuring dynamic.........288 platform considerations..........215 platform label space...........221 Copyright © 2010, Juniper Networks, Inc.
Page 739 282, 604, 666 including P2MP Responder Identifier TLV in mpls atm vci range............282 tracing the path from ingress node.....249 mpls atm vpi range.............282 Copyright © 2010, Juniper Networks, Inc.
Page 740 MPLS L2VPNs over LAG between two ATM ports........530 on CE-side, overview..........525 over a single pseudowire.........530 mpls ldp commands using the RSVP configuration mpls ldp..........278, 282, 604, 666 on the same ATM port........530 mpls ldp advertise-labels.........278 Copyright © 2010, Juniper Networks, Inc.
Page 741 ATMx port state..........530 mpls rsvp bfd-liveness-detection......300 Multiprotocol Label Switching. See MPLS mpls rsvp disable............282 (Multiprotocol Label Switching) mpls rsvp egress-router..........279 multiservice layer 2 services..........519 mpls rsvp profile........279, 281, 282 mpls rsvp signalling hello.........297 Copyright © 2010, Juniper Networks, Inc.
Page 742 .........123 distributing between PEs........482 neighbor graceful-restart restart-time....123 distributing from CE to PE......482 neighbor graceful-restart stalepaths-time............123 distributing from PE to CE......482 routing information, preserving......482 Copyright © 2010, Juniper Networks, Inc.
Page 743 IPv4 Egress Address P2MP Responder nonstandard..............308 Identifier.............249 per-hop scheduling class..........308 IPv4 Node Address P2MP Responder performance impact Identifier.............249 on routers and transmission of multiple ATM VCs over single pseudowire..........532 PHB. See per-hop behavior Copyright © 2010, Juniper Networks, Inc.
Page 744 VC platform considerations on an ATM subinterface........567 BGP..................14 used for cell relay for multiple VCs BGP/MPLS VPNs............395 on an ATM port............567 L2VPNs................657 layer 2 services over MPLS........514 MPLS.................215 VPLS................594 Copyright © 2010, Juniper Networks, Inc.
Page 745 RFC 4816—Pseudowire Emulation Edge-to-Edge conditionally advertising BGP........61 (PWE3) Asynchronous Transfer Mode (ATM) processing of received routes for BGP/MPLS Transparent Cell Transport Service (February VPNs................463 2007)..................515 redistributing into BGP..........53 using BGP................153 routing and forwarding instance. See VRF Copyright © 2010, Juniper Networks, Inc.
Page 746 MD5 authentication...........294 set metric................71 overview................240 set metric-type..............71 peer reachability............260 set mpls-label..............462 purging learned routes..........266 Copyright © 2010, Juniper Networks, Inc.
Page 747 IBGP peers............34 show ldp profile............340 soft clear of BGP sessions..........96 show ldp statistics............340 speakers, BGP................3 show ldp targeted-hello...........343 route reflection and.............145 show ldp vpls..............638 srefresh messages...............240 subscriber policies for VPLS..........585 Copyright © 2010, Juniper Networks, Inc.
Page 748 VCC (virtual channel connection) cell relay and ping feature in point-to-multipoint encapsulation, ATM LSPs..............248 configuring..............542 sent by ingress nodes overview................522 in point-to-multipoint LSPs......248 transit service................12 transparent bridging and VPLS........584 transport virtual router, configure for VPLS....598 Copyright © 2010, Juniper Networks, Inc.
Page 749 L2VPN address family......587, 604 overview..............582 loopback interface and router ID, subscriber policies..........585 configuring............603 platform considerations...........594 sample topology, configuring......606 references...............595 signaling overview..........587 subscriber policies on..........585 transparent bridging, comparison to....584 transport virtual router, configure......598 Copyright © 2010, Juniper Networks, Inc.
Page 750 BGP/MPLS VPNs............651 CE (customer edge device)........650 clear BGP reachability...........671 BGP route flap dampening......672 BGP wait for end-of-RIB marker....672 components..............650 configuration example..........667 configure address families..........664 BGP signaling............664 L2VPN instances..........660 L2VPN interfaces..........662 Copyright © 2010, Juniper Networks, Inc.

This manual is also suitable for:

Junose 11.3

Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BGP AND MPLS CONFIGURATION GUIDE 2010-10-12 Configuration Manual

Chapter 3 MPLS Overview

Quick Links

Troubleshooting

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BGP AND MPLS CONFIGURATION GUIDE 2010-10-12

Summary of Contents for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BGP AND MPLS CONFIGURATION GUIDE 2010-10-12