This Lab will show simple MPLS VPN configuration.
IGP is IS-IS. R1 and R3 are PE. R2 is a BGP RR and P.
RSVP as the signaling protocol.
Two LSPs (R1_TO_R3 and R3_TO_R1) are between R1 and R3 via R2.
Two separate VPNs (VPN-A and VPN-B).
For VMware setting:
1. Setting interface IP address:
set logical-systems R1 interfaces ge-0/0/1 unit 12 description TO_R2
set logical-systems R1 interfaces ge-0/0/1 unit 12 vlan-id 12
set logical-systems R1 interfaces ge-0/0/1 unit 12 family inet address 10.200.12.1/24
set logical-systems R1 interfaces ge-0/0/2 unit 14 description TO_R4
set logical-systems R1 interfaces ge-0/0/2 unit 14 vlan-id 14
set logical-systems R1 interfaces ge-0/0/2 unit 14 family inet address 172.16.14.1/24
set logical-systems R1 interfaces ge-0/0/3 unit 15 description TO_R5
set logical-systems R1 interfaces ge-0/0/3 unit 15 vlan-id 15
set logical-systems R1 interfaces ge-0/0/3 unit 15 family inet address 172.16.15.1/24
set logical-systems R1 interfaces ge-0/0/4 unit 17 description TO_R7
set logical-systems R1 interfaces ge-0/0/4 unit 17 vlan-id 17
set logical-systems R1 interfaces ge-0/0/4 unit 17 family inet address 172.16.17.1/24
set logical-systems R1 interfaces lo0 unit 1 family inet address 10.200.1.1/32
set logical-systems R2 interfaces ge-0/0/1 unit 23 description TO_R3
set logical-systems R2 interfaces ge-0/0/1 unit 23 vlan-id 23
set logical-systems R2 interfaces ge-0/0/1 unit 23 family inet address 10.200.23.2/24
set logical-systems R2 interfaces ge-0/0/2 unit 12 description TO_R1
set logical-systems R2 interfaces ge-0/0/2 unit 12 vlan-id 12
set logical-systems R2 interfaces ge-0/0/2 unit 12 family inet address 10.200.12.2/24
set logical-systems R2 interfaces lo0 unit 2 family inet address 10.200.1.2/32
set logical-systems R3 interfaces ge-0/0/2 unit 23 description TO_R2
set logical-systems R3 interfaces ge-0/0/2 unit 23 vlan-id 23
set logical-systems R3 interfaces ge-0/0/2 unit 23 family inet address 10.200.23.3/24
set logical-systems R3 interfaces ge-0/0/3 unit 38 description TO_R8
set logical-systems R3 interfaces ge-0/0/3 unit 38 vlan-id 38
set logical-systems R3 interfaces ge-0/0/3 unit 38 family inet address 172.16.38.3/24
set logical-systems R3 interfaces ge-0/0/4 unit 36 description TO_R6
set logical-systems R3 interfaces ge-0/0/4 unit 36 vlan-id 36
set logical-systems R3 interfaces ge-0/0/4 unit 36 family inet address 172.16.36.3/24
set logical-systems R3 interfaces lo0 unit 3 family inet address 10.200.1.3/32
set logical-systems R4 interfaces ge-0/0/1 unit 14 description TO_R1
set logical-systems R4 interfaces ge-0/0/1 unit 14 vlan-id 14
set logical-systems R4 interfaces ge-0/0/1 unit 14 family inet address 172.16.14.4/24
set logical-systems R4 interfaces lo0 unit 4 family inet address 172.16.4.4/32
set logical-systems R4 routing-options static route 172.16.0.0/16 next-hop 172.16.14.1
set logical-systems R5 interfaces ge-0/0/1 unit 15 description TO_R1
set logical-systems R5 interfaces ge-0/0/1 unit 15 vlan-id 15
set logical-systems R5 interfaces ge-0/0/1 unit 15 family inet address 172.16.15.5/24
set logical-systems R5 interfaces lo0 unit 5 family inet address 172.16.5.5/32
set logical-systems R5 routing-options static route 172.16.0.0/16 next-hop 172.16.15.1
set logical-systems R6 interfaces ge-0/0/1 unit 36 description TO_R3
set logical-systems R6 interfaces ge-0/0/1 unit 36 vlan-id 36
set logical-systems R6 interfaces ge-0/0/1 unit 36 family inet address 172.16.36.6/24
set logical-systems R6 interfaces lo0 unit 6 family inet address 172.16.6.6/32
set logical-systems R6 protocols bgp group TO_R3 type external
set logical-systems R6 protocols bgp group TO_R3 local-address 172.16.36.6
set logical-systems R6 protocols bgp group TO_R3 export STATIC
set logical-systems R6 protocols bgp group TO_R3 peer-as 65001
set logical-systems R6 protocols bgp group TO_R3 neighbor 172.16.36.3
set logical-systems R6 policy-options policy-statement STATIC term 1 from protocol static
set logical-systems R6 policy-options policy-statement STATIC term 1 then accept
set logical-systems R6 routing-options static route 172.16.6.0/24 reject
set logical-systems R6 routing-options autonomous-system 65002
set logical-systems R7 interfaces ge-0/0/1 unit 17 description TO_R1
set logical-systems R7 interfaces ge-0/0/1 unit 17 vlan-id 17
set logical-systems R7 interfaces ge-0/0/1 unit 17 family inet address 172.16.17.7/24
set logical-systems R7 interfaces lo0 unit 7 family inet address 172.16.7.7/32
set logical-systems R7 protocols ospf export STATIC
set logical-systems R7 protocols ospf area 0.0.0.0 interface ge-0/0/1.17
set logical-systems R7 policy-options policy-statement STATIC term 1 from protocol static
set logical-systems R7 policy-options policy-statement STATIC term 1 then accept
set logical-systems R7 routing-options static route 172.16.7.0/24 reject
set logical-systems R8 interfaces ge-0/0/1 unit 38 description TO_R3
set logical-systems R8 interfaces ge-0/0/1 unit 38 vlan-id 38
set logical-systems R8 interfaces ge-0/0/1 unit 38 family inet address 172.16.38.8/24
set logical-systems R8 interfaces lo0 unit 8 family inet address 172.16.8.8/32
set logical-systems R8 protocols rip group TO_R3 export STATIC
set logical-systems R8 protocols rip group TO_R3 neighbor ge-0/0/1.38
set logical-systems R8 policy-options policy-statement STATIC term 1 from protocol static
set logical-systems R8 policy-options policy-statement STATIC term 1 then accept
set logical-systems R8 routing-options static route 172.16.8.0/24 reject
set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/2 vlan-tagging
set interfaces ge-0/0/3 vlan-tagging
set interfaces ge-0/0/4 vlan-tagging
2. IS-IS setting:
set logical-systems R1 interfaces ge-0/0/1 unit 12 family iso
set logical-systems R1 interfaces lo0 unit 1 family iso address 49.0001.0000.0000.0001.00
set logical-systems R1 protocols isis level 1 disable
set logical-systems R1 protocols isis interface ge-0/0/1.12
set logical-systems R1 protocols isis interface lo0.1
set logical-systems R2 interfaces ge-0/0/1 unit 23 family iso
set logical-systems R2 interfaces ge-0/0/2 unit 12 family iso
set logical-systems R2 interfaces lo0 unit 2 family iso address 49.0002.0000.0000.0002.00
set logical-systems R2 protocols isis level 1 disable
set logical-systems R2 protocols isis interface all
set logical-systems R3 interfaces ge-0/0/2 unit 23 family iso
set logical-systems R3 interfaces lo0 unit 3 family iso address 49.0003.0000.0000.0003.00
set logical-systems R3 protocols isis level 1 disable
set logical-systems R3 protocols isis interface ge-0/0/2.23
set logical-systems R3 protocols isis interface lo0.3
Check:
[edit]
root@vMX-1# run ping 10.200.1.3 source 10.200.1.1 logical-system R1
PING 10.200.1.3 (10.200.1.3): 56 data bytes
64 bytes from 10.200.1.3: icmp_seq=0 ttl=63 time=2.092 ms
64 bytes from 10.200.1.3: icmp_seq=1 ttl=63 time=1.955 ms
^C
--- 10.200.1.3 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.955/2.024/2.092/0.068 ms
[edit]
root@vMX-1#
3. BGP Setting:
R1,R2 and R3 are iBGP peering (AS 65001).
R2 is a RR.
set logical-systems R1 protocols bgp group TO_RR type internal
set logical-systems R1 protocols bgp group TO_RR local-address 10.200.1.1
set logical-systems R1 protocols bgp group TO_RR neighbor 10.200.1.2
set logical-systems R1 routing-options autonomous-system 65001
set logical-systems R2 protocols bgp group RR type internal
set logical-systems R2 protocols bgp group RR local-address 10.200.1.2
set logical-systems R2 protocols bgp group RR cluster 10.200.1.2
set logical-systems R2 protocols bgp group RR neighbor 10.200.1.1
set logical-systems R2 protocols bgp group RR neighbor 10.200.1.3
set logical-systems R2 routing-options autonomous-system 65001
set logical-systems R3 protocols bgp group TO_RR type internal
set logical-systems R3 protocols bgp group TO_RR local-address 10.200.1.3
set logical-systems R3 protocols bgp group TO_RR neighbor 10.200.1.2
set logical-systems R3 routing-options autonomous-system 65001
[edit]
root@vMX-1# run show bgp summary logical-system R2
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.200.1.1 65001 4 4 0 0 48 0/0/0/0 0/0/0/0
10.200.1.3 65001 4 3 0 0 48 0/0/0/0 0/0/0/0
[edit]
root@vMX-1#
4. MPLS and LSP setting
set logical-systems R1 interfaces ge-0/0/1 unit 12 family mpls
set logical-systems R1 protocols rsvp interface ge-0/0/1.12
set logical-systems R1 protocols mpls interface ge-0/0/1.12
set logical-systems R1 protocols mpls label-switched-path R1_TO_R3 to 10.200.1.3
set logical-systems R1 protocols mpls label-switched-path R1_TO_R3 primary VIA_R2
set logical-systems R1 protocols mpls path VIA_R2 10.200.12.2 strict
set logical-systems R1 protocols mpls path VIA_R2 10.200.1.3 loose
set logical-systems R2 interfaces ge-0/0/1 unit 23 family mpls
set logical-systems R2 interfaces ge-0/0/2 unit 12 family mpls
set logical-systems R2 protocols rsvp interface all
set logical-systems R2 protocols mpls interface all
set logical-systems R3 interfaces ge-0/0/2 unit 23 family mpls
set logical-systems R3 protocols rsvp interface ge-0/0/2.23
set logical-systems R3 protocols mpls interface ge-0/0/2.23
set logical-systems R3 protocols mpls label-switched-path R3_TO_R1 to 10.200.1.1
set logical-systems R3 protocols mpls label-switched-path R3_TO_R1 primary VIA_R2
set logical-systems R3 protocols mpls path VIA_R2 10.200.23.2 strict
set logical-systems R3 protocols mpls path VIA_R2 10.200.1.1 loose
Check:
[edit]
root@vMX-1# run show mpls lsp logical-system R1
Ingress LSP: 1 sessions
To From State Rt P ActivePath LSPname
10.200.1.3 10.200.1.1 Up 0 * VIA_R2 R1_TO_R3
Total 1 displayed, Up 1, Down 0
Egress LSP: 1 sessions
To From State Rt Style Labelin Labelout LSPname
10.200.1.1 10.200.1.3 Up 0 1 FF 3 - R3_TO_R1
Total 1 displayed, Up 1, Down 0
Transit LSP: 0 sessions
Total 0 displayed, Up 0, Down 0
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show mpls lsp logical-system R3
Ingress LSP: 1 sessions
To From State Rt P ActivePath LSPname
10.200.1.1 10.200.1.3 Up 0 * VIA_R2 R3_TO_R1
Total 1 displayed, Up 1, Down 0
Egress LSP: 1 sessions
To From State Rt Style Labelin Labelout LSPname
10.200.1.3 10.200.1.1 Up 0 1 FF 3 - R1_TO_R3
Total 1 displayed, Up 1, Down 0
Transit LSP: 0 sessions
Total 0 displayed, Up 0, Down 0
[edit]
root@vMX-1#
Configuring RIP Between the PE and CE Routers
set logical-systems R3 protocols rip group TO_R8 neighbor ge-0/0/3.38
Check:
[edit]
root@vMX-1# run show route 172.16.0.0/16 logical-system R1
inet.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.4.0/24 *[Static/5] 00:10:39
> to 172.16.14.4 via ge-0/0/2.14
172.16.5.0/24 *[Static/5] 00:10:39
> to 172.16.15.5 via ge-0/0/3.15
172.16.7.0/24 *[OSPF/150] 00:08:26, metric 0, tag 0
> to 172.16.17.7 via ge-0/0/4.17
172.16.14.0/24 *[Direct/0] 01:48:00
> via ge-0/0/2.14
172.16.14.1/32 *[Local/0] 01:48:00
Local via ge-0/0/2.14
172.16.15.0/24 *[Direct/0] 01:48:00
> via ge-0/0/3.15
172.16.15.1/32 *[Local/0] 01:48:00
Local via ge-0/0/3.15
172.16.17.0/24 *[Direct/0] 01:48:00
> via ge-0/0/4.17
172.16.17.1/32 *[Local/0] 01:48:00
Local via ge-0/0/4.17
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show route 172.16.0.0/16 logical-system R3
inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.6.0/24 *[BGP/170] 00:10:40, localpref 100
AS path: 65002 I, validation-state: unverified
> to 172.16.36.6 via ge-0/0/4.36
172.16.8.0/24 *[RIP/100] 00:07:24, metric 2, tag 0
> to 172.16.38.8 via ge-0/0/3.38
172.16.36.0/24 *[Direct/0] 01:48:13
> via ge-0/0/4.36
172.16.36.3/32 *[Local/0] 01:48:13
Local via ge-0/0/4.36
172.16.38.0/24 *[Direct/0] 01:48:13
> via ge-0/0/3.38
172.16.38.3/32 *[Local/0] 01:48:13
Local via ge-0/0/3.38
[edit]
root@vMX-1#
4. Configuring VPN family on the core Routers
This command "inet-vpn unicast" indicates that the iBGP session is for the VPN, include the family inet-vpn statement.
set logical-systems R1 protocols bgp group TO_RR family inet-vpn unicast
set logical-systems R2 protocols bgp group RR family inet-vpn unicast
set logical-systems R3 protocols bgp group TO_RR family inet-vpn unicast
Check:
[edit]
root@vMX-1# run show bgp summary logical-system R1
Groups: 1 Peers: 1 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
0 0 0 0 0 0
bgp.l3vpn.0
0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.200.1.2 65001 2 3 0 0 14 Establ
bgp.l3vpn.0: 0/0/0/0
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show bgp summary logical-system R2
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
0 0 0 0 0 0
bgp.l3vpn.0
0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.200.1.1 65001 1 2 0 0 18 Establ
bgp.l3vpn.0: 0/0/0/0
10.200.1.3 65001 2 3 0 0 18 Establ
bgp.l3vpn.0: 0/0/0/0
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show bgp summary logical-system R3
Groups: 1 Peers: 1 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
0 0 0 0 0 0
bgp.l3vpn.0
0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.200.1.2 65001 2 3 0 0 21 Establ
bgp.l3vpn.0: 0/0/0/0
[edit]
root@vMX-1#
5. Configuring Routing Instances for VPNs on the PE Routers
For VPN-A:
Configuring Static Routes Between the PE and CE Routers:
set logical-systems R1 routing-instances VPN_A_R4_R5 instance-type vrf
set logical-systems R1 routing-instances VPN_A_R4_R5 interface ge-0/0/2.14
set logical-systems R1 routing-instances VPN_A_R4_R5 interface ge-0/0/3.15
set logical-systems R1 routing-instances VPN_A_R4_R5 route-distinguisher 10.200.1.1:100
set logical-systems R1 routing-instances VPN_A_R4_R5 vrf-target import target:65001L:100
set logical-systems R1 routing-instances VPN_A_R4_R5 vrf-target export target:65001L:100
set logical-systems R1 routing-instances VPN_A_R4_R5 routing-options static route 172.16.4.0/24 next-hop 172.16.14.4
set logical-systems R1 routing-instances VPN_A_R4_R5 routing-options static route 172.16.5.0/24 next-hop 172.16.15.5
set logical-systems R1 routing-options static route 172.16.4.0/24 next-hop 172.16.14.4
set logical-systems R1 routing-options static route 172.16.5.0/24 next-hop 172.16.15.5
Configuring BGP Between the PE and CE Routers:
set logical-systems R3 routing-instances VPN_A_R6 instance-type vrf
set logical-systems R3 routing-instances VPN_A_R6 interface ge-0/0/4.36
set logical-systems R3 routing-instances VPN_A_R6 route-distinguisher 10.200.1.3:100
set logical-systems R3 routing-instances VPN_A_R6 vrf-import RT_VPN_A_IN
set logical-systems R3 routing-instances VPN_A_R6 vrf-export RT_VPN_A_OUT
set logical-systems R3 routing-instances VPN_A_R6 protocols bgp group TO_R6 type external
set logical-systems R3 routing-instances VPN_A_R6 protocols bgp group TO_R6 local-address 172.16.36.3
set logical-systems R3 routing-instances VPN_A_R6 protocols bgp group TO_R6 peer-as 65002
set logical-systems R3 routing-instances VPN_A_R6 protocols bgp group TO_R6 neighbor 172.16.36.6
set logical-systems R3 policy-options policy-statement RT_VPN_A_IN term 1 from protocol bgp
set logical-systems R3 policy-options policy-statement RT_VPN_A_IN term 1 from community RT_VPN_A
set logical-systems R3 policy-options policy-statement RT_VPN_A_IN term 1 then accept
set logical-systems R3 policy-options policy-statement RT_VPN_A_IN term 2 then reject
set logical-systems R3 policy-options policy-statement RT_VPN_A_OUT term 1 from protocol bgp
set logical-systems R3 policy-options policy-statement RT_VPN_A_OUT term 1 then community add RT_VPN_A
set logical-systems R3 policy-options policy-statement RT_VPN_A_OUT term 1 then accept
set logical-systems R3 policy-options policy-statement RT_VPN_A_OUT term 2 then reject
set logical-systems R3 policy-options community RT_VPN_A members target:65001L:100
For VPN-B:
Configuring OSPF Between the PE and CE Routers:
set logical-systems R1 routing-instances VPN_B_R7 instance-type vrf
set logical-systems R1 routing-instances VPN_B_R7 interface ge-0/0/4.17
set logical-systems R1 routing-instances VPN_B_R7 route-distinguisher 10.200.1.1:200
set logical-systems R1 routing-instances VPN_B_R7 vrf-import RT_VPN_B_IN
set logical-systems R1 routing-instances VPN_B_R7 vrf-export RT_VPN_B_OUT
set logical-systems R1 routing-instances VPN_B_R7 protocols ospf area 0.0.0.0 interface ge-0/0/4.17
set logical-systems R1 policy-options policy-statement RT_VPN_B_IN term 1 from protocol bgp
set logical-systems R1 policy-options policy-statement RT_VPN_B_IN term 1 from community RT_VPN_B
set logical-systems R1 policy-options policy-statement RT_VPN_B_IN term 1 then accept
set logical-systems R1 policy-options policy-statement RT_VPN_B_IN term 2 then reject
set logical-systems R1 policy-options policy-statement RT_VPN_B_OUT term 1 from protocol ospf
set logical-systems R1 policy-options policy-statement RT_VPN_B_OUT term 1 then community add RT_VPN_B
set logical-systems R1 policy-options policy-statement RT_VPN_B_OUT term 1 then accept
set logical-systems R1 policy-options policy-statement RT_VPN_B_OUT term 2 then reject
set logical-systems R1 policy-options community RT_VPN_B members target:65001L:200
Configuring RIP Between the PE and CE Routers:
set logical-systems R3 routing-instances VPN_B_R8 instance-type vrf
set logical-systems R3 routing-instances VPN_B_R8 interface ge-0/0/3.38
set logical-systems R3 routing-instances VPN_B_R8 route-distinguisher 10.200.1.3:200
set logical-systems R3 routing-instances VPN_B_R8 vrf-import RT_VPN_B_IN
set logical-systems R3 routing-instances VPN_B_R8 vrf-export RT_VPN_B_OUT
set logical-systems R3 routing-instances VPN_B_R8 protocols rip group TO_R8 neighbor ge-0/0/3.38
set logical-systems R3 policy-options policy-statement RT_VPN_B_IN term 1 from protocol bgp
set logical-systems R3 policy-options policy-statement RT_VPN_B_IN term 1 from community RT_VPN_B
set logical-systems R3 policy-options policy-statement RT_VPN_B_IN term 1 then accept
set logical-systems R3 policy-options policy-statement RT_VPN_B_IN term 2 then reject
set logical-systems R3 policy-options policy-statement RT_VPN_B_OUT term 1 from protocol rip
set logical-systems R3 policy-options policy-statement RT_VPN_B_OUT term 1 then community add RT_VPN_B
set logical-systems R3 policy-options policy-statement RT_VPN_B_OUT term 1 then accept
set logical-systems R3 policy-options policy-statement RT_VPN_B_OUT term 2 then reject
set logical-systems R3 policy-options community RT_VPN_B members target:65001L:200
Check:
[edit]
root@vMX-1# run show route table VPN_A_R4_R5.inet.0 logical-system R1
VPN_A_R4_R5.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.4.0/24 *[Static/5] 00:03:47
> to 172.16.14.4 via ge-0/0/2.14
172.16.5.0/24 *[Static/5] 00:03:47
> to 172.16.15.5 via ge-0/0/3.15
172.16.14.0/24 *[Direct/0] 00:03:47
> via ge-0/0/2.14
172.16.14.1/32 *[Local/0] 00:03:47
Local via ge-0/0/2.14
172.16.15.0/24 *[Direct/0] 00:03:47
> via ge-0/0/3.15
172.16.15.1/32 *[Local/0] 00:03:47
Local via ge-0/0/3.15
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show route table VPN_A_R6 logical-system R3
VPN_A_R6.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.6.0/24 *[BGP/170] 00:03:21, localpref 100
AS path: 65002 I, validation-state: unverified
> to 172.16.36.6 via ge-0/0/4.36
172.16.36.0/24 *[Direct/0] 00:03:25
> via ge-0/0/4.36
172.16.36.3/32 *[Local/0] 00:03:25
Local via ge-0/0/4.36
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show route table VPN_B_R7 logical-system R1
VPN_B_R7.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.7.0/24 *[OSPF/150] 00:02:43, metric 0, tag 0
> to 172.16.17.7 via ge-0/0/4.17
172.16.17.0/24 *[Direct/0] 00:02:53
> via ge-0/0/4.17
172.16.17.1/32 *[Local/0] 00:02:53
Local via ge-0/0/4.17
224.0.0.5/32 *[OSPF/10] 00:02:53, metric 1
MultiRecv
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show route table VPN_B_R8 logical-system R3
VPN_B_R8.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.8.0/24 *[RIP/100] 00:02:10, metric 2, tag 0
> to 172.16.38.8 via ge-0/0/3.38
172.16.38.0/24 *[Direct/0] 00:02:17
> via ge-0/0/3.38
172.16.38.3/32 *[Local/0] 00:02:17
Local via ge-0/0/3.38
224.0.0.9/32 *[RIP/100] 00:02:17, metric 1
MultiRecv
[edit]
root@vMX-1#
6. Configuring Route Resolution on Route Reflectors
The routing table inet.3 is used to find informations about next-hop of routes learned in MP-BGP for any L3 VPN/MPLS.
So if your inet.3 table is empty, you will find your bgp.l3vpn.0 routes is not active.
You will find the R2 inet.3 table is empty and bgp.l3vpn.0 routes are not active in BGP summary.
[edit]
root@vMX-1# run show route table inet.3 logical-system R1
inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.200.1.3/32 *[RSVP/7/1] 01:04:06, metric 20
> to 10.200.12.2 via ge-0/0/1.12, label-switched-path R1_TO_R3
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show route table inet.3 logical-system R2
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show route table inet.3 logical-system R3
inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.200.1.1/32 *[RSVP/7/1] 01:04:10, metric 20
> to 10.200.23.2 via ge-0/0/2.23, label-switched-path R3_TO_R1
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show bgp summary logical-system R1
Groups: 1 Peers: 1 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
0 0 0 0 0 0
bgp.l3vpn.0
0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.200.1.2 65001 62 76 0 0 27:51 Establ
bgp.l3vpn.0: 0/0/0/0
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show bgp summary logical-system R2
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
0 0 0 0 0 0
bgp.l3vpn.0
7 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.200.1.1 65001 75 63 0 0 27:54 Establ
bgp.l3vpn.0: 0/5/5/0
10.200.1.3 65001 70 64 0 0 27:54 Establ
bgp.l3vpn.0: 0/2/2/0
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show bgp summary logical-system R3
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
0 0 0 0 0 0
bgp.l3vpn.0
0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.200.1.2 65001 63 71 0 0 28:10 Establ
bgp.l3vpn.0: 0/0/0/0
172.16.36.6 65002 58 58 0 0 25:20 Establ
VPN_A_R6.inet.0: 1/1/1/0
[edit]
root@vMX-1#
So you will find some hidden routes in R2
[edit]
root@vMX-1# run show route hidden logical-system R2
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
bgp.l3vpn.0: 7 destinations, 7 routes (0 active, 0 holddown, 7 hidden)
+ = Active Route, - = Last Active, * = Both
10.200.1.1:100:172.16.4.0/24
[BGP/170] 00:05:39, localpref 100, from 10.200.1.1
AS path: I, validation-state: unverified
Unusable
10.200.1.1:100:172.16.5.0/24
[BGP/170] 00:05:39, localpref 100, from 10.200.1.1
AS path: I, validation-state: unverified
Unusable
10.200.1.1:100:172.16.14.0/24
[BGP/170] 00:05:39, localpref 100, from 10.200.1.1
AS path: I, validation-state: unverified
Unusable
10.200.1.1:100:172.16.15.0/24
[BGP/170] 00:05:39, localpref 100, from 10.200.1.1
AS path: I, validation-state: unverified
Unusable
10.200.1.1:200:172.16.7.0/24
[BGP/170] 00:03:23, MED 0, localpref 100, from 10.200.1.1
AS path: I, validation-state: unverified
Unusable
10.200.1.3:100:172.16.6.0/24
[BGP/170] 00:04:31, localpref 100, from 10.200.1.3
AS path: 65002 I, validation-state: unverified
Unusable
10.200.1.3:200:172.16.8.0/24
[BGP/170] 00:02:42, MED 2, localpref 100, from 10.200.1.3
AS path: I, validation-state: unverified
Unusable
[edit]
root@vMX-1#
And you will find these hidden routes next hop type is Unusable. but the Protocol next hop (10.200.1.1) can be reached (inet.0).
[edit]
root@vMX-1# run show route table bgp.l3vpn.0 hidden extensive logical-system R2
bgp.l3vpn.0: 7 destinations, 7 routes (0 active, 0 holddown, 7 hidden)
10.200.1.1:100:172.16.4.0/24 (1 entry, 0 announced)
BGP Preference: 170/-101
Route Distinguisher: 10.200.1.1:100
Next hop type: Unusable
Address: 0x9293e84
Next-hop reference count: 7
State:
Local AS: 65001 Peer AS: 65001
Age: 35:37
Validation State: unverified
Task: BGP_65001.10.200.1.1+179
AS path: I
Communities: target:65001L:100
Accepted
VPN Label: 299776
Localpref: 100
Router ID: 10.200.1.1
Indirect next hops: 1
Protocol next hop: 10.200.1.1
Label operation: Push 299776
Label TTL action: prop-ttl
Load balance label: Label 299776: None;
Indirect next hop: 0x0 - INH Session ID: 0x0
[edit]
root@vMX-1# run ping 10.200.1.1 logical-system R2
PING 10.200.1.1 (10.200.1.1): 56 data bytes
64 bytes from 10.200.1.1: icmp_seq=0 ttl=64 time=3.203 ms
^C
--- 10.200.1.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.203/3.203/3.203/0.000 ms
[edit]
root@vMX-1#
The Juniper Layer 3 VPNs Configuration Guide points out that
"On an RR with no attached customer edge (CE) routers, the resolution rib bgp.l3vpn.0 resolution-ribs inet.0 configuration causes routes in bgp.l3vpn.0 to use the information in inet.0 instead of inet.3 to resolve routes.
You should not use this configuration on a router that is directly attached to a CE router.
In other words, do not use resolution rib bgp.l3vpn.0 resolution-ribs inet.0 on a PE router."
set logical-systems R2 routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0
Check:
[edit]
root@vMX-1# run show bgp summary logical-system R1
Groups: 1 Peers: 1 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
0 0 0 0 0 0
bgp.l3vpn.0
2 2 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.200.1.2 65001 135 143 0 0 58:12 Establ
bgp.l3vpn.0: 2/2/2/0
VPN_A_R4_R5.inet.0: 1/1/1/0
VPN_B_R7.inet.0: 1/1/1/0
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show bgp summary logical-system R2
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
0 0 0 0 0 0
bgp.l3vpn.0
7 7 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.200.1.1 65001 142 135 0 0 58:14 Establ
bgp.l3vpn.0: 5/5/5/0
10.200.1.3 65001 138 137 0 0 58:14 Establ
bgp.l3vpn.0: 2/2/2/0
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show bgp summary logical-system R3
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
0 0 0 0 0 0
bgp.l3vpn.0
5 5 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.200.1.2 65001 136 138 0 0 58:16 Establ
bgp.l3vpn.0: 5/5/5/0
VPN_A_R6.inet.0: 4/4/4/0
VPN_B_R8.inet.0: 1/1/1/0
172.16.36.6 65002 125 129 0 0 55:26 Establ
VPN_A_R6.inet.0: 1/1/1/0
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show route table bgp.l3vpn.0 logical-system R1
bgp.l3vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.200.1.3:100:172.16.6.0/24
*[BGP/170] 00:00:56, localpref 100, from 10.200.1.2
AS path: 65002 I, validation-state: unverified
> to 10.200.12.2 via ge-0/0/1.12, label-switched-path R1_TO_R3
10.200.1.3:200:172.16.8.0/24
*[BGP/170] 00:00:56, MED 2, localpref 100, from 10.200.1.2
AS path: I, validation-state: unverified
> to 10.200.12.2 via ge-0/0/1.12, label-switched-path R1_TO_R3
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show route table bgp.l3vpn.0 logical-system R2
bgp.l3vpn.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.200.1.1:100:172.16.4.0/24
*[BGP/170] 00:57:07, localpref 100, from 10.200.1.1
AS path: I, validation-state: unverified
> to 10.200.12.1 via ge-0/0/2.12, Push 299776
10.200.1.1:100:172.16.5.0/24
*[BGP/170] 00:57:07, localpref 100, from 10.200.1.1
AS path: I, validation-state: unverified
> to 10.200.12.1 via ge-0/0/2.12, Push 299792
10.200.1.1:100:172.16.14.0/24
*[BGP/170] 00:57:07, localpref 100, from 10.200.1.1
AS path: I, validation-state: unverified
> to 10.200.12.1 via ge-0/0/2.12, Push 299776
10.200.1.1:100:172.16.15.0/24
*[BGP/170] 00:57:07, localpref 100, from 10.200.1.1
AS path: I, validation-state: unverified
> to 10.200.12.1 via ge-0/0/2.12, Push 299792
10.200.1.1:200:172.16.7.0/24
*[BGP/170] 00:54:51, MED 0, localpref 100, from 10.200.1.1
AS path: I, validation-state: unverified
> to 10.200.12.1 via ge-0/0/2.12, Push 299808
10.200.1.3:100:172.16.6.0/24
*[BGP/170] 00:55:59, localpref 100, from 10.200.1.3
AS path: 65002 I, validation-state: unverified
> to 10.200.23.3 via ge-0/0/1.23, Push 299776
10.200.1.3:200:172.16.8.0/24
*[BGP/170] 00:54:10, MED 2, localpref 100, from 10.200.1.3
AS path: I, validation-state: unverified
> to 10.200.23.3 via ge-0/0/1.23, Push 299792
[edit]
root@vMX-1#
[edit]
root@vMX-1# run show route table bgp.l3vpn.0 logical-system R3
bgp.l3vpn.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.200.1.1:100:172.16.4.0/24
*[BGP/170] 00:01:03, localpref 100, from 10.200.1.2
AS path: I, validation-state: unverified
> to 10.200.23.2 via ge-0/0/2.23, label-switched-path R3_TO_R1
10.200.1.1:100:172.16.5.0/24
*[BGP/170] 00:01:03, localpref 100, from 10.200.1.2
AS path: I, validation-state: unverified
> to 10.200.23.2 via ge-0/0/2.23, label-switched-path R3_TO_R1
10.200.1.1:100:172.16.14.0/24
*[BGP/170] 00:01:03, localpref 100, from 10.200.1.2
AS path: I, validation-state: unverified
> to 10.200.23.2 via ge-0/0/2.23, label-switched-path R3_TO_R1
10.200.1.1:100:172.16.15.0/24
*[BGP/170] 00:01:03, localpref 100, from 10.200.1.2
AS path: I, validation-state: unverified
> to 10.200.23.2 via ge-0/0/2.23, label-switched-path R3_TO_R1
10.200.1.1:200:172.16.7.0/24
*[BGP/170] 00:01:03, MED 0, localpref 100, from 10.200.1.2
AS path: I, validation-state: unverified
> to 10.200.23.2 via ge-0/0/2.23, label-switched-path R3_TO_R1
[edit]
root@vMX-1#
7. Redistributing BGP routes into CE routers.
For VPN-A:
Static route:
R1 uses static route to redistribute routes into CE router. (Done in Step 5)
set logical-systems R1 routing-options static route 172.16.4.0/24 next-hop 172.16.14.4
set logical-systems R1 routing-options static route 172.16.5.0/24 next-hop 172.16.15.5
BGP:
R3 uses BGP to distribute routes to and from the CE router.
For VPN-B:
R1 redistributes BGP route into CE (R7) OSPF routes.
set logical-systems R1 policy-options policy-statement BGP>R7_OSPF term 1 from protocol bgp
set logical-systems R1 policy-options policy-statement BGP>R7_OSPF term 1 then accept
set logical-systems R1 routing-instances VPN_B_R7 protocols ospf export BGP>R7_OSPF
R3 redistributes BGP route into CE (R8) RIP routes.
set logical-systems R3 policy-options policy-statement BGP>R8_RIP term 1 from protocol bgp
set logical-systems R3 policy-options policy-statement BGP>R8_RIP term 1 then accept
set logical-systems R3 routing-instances VPN_B_R8 protocols rip group TO_R8 export BGP>R8_RIP
Check:
For VPN-A:
[edit]
root@vMX-1# run ping 172.16.5.5 source 172.16.4.4 logical-system R4
PING 172.16.5.5 (172.16.5.5): 56 data bytes
64 bytes from 172.16.5.5: icmp_seq=0 ttl=63 time=2.079 ms
64 bytes from 172.16.5.5: icmp_seq=1 ttl=63 time=2.240 ms
^C
--- 172.16.5.5 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.079/2.160/2.240/0.080 ms
[edit]
root@vMX-1#
[edit]
root@vMX-1# run ping 172.16.6.6 source 172.16.4.4 logical-system R4
PING 172.16.6.6 (172.16.6.6): 56 data bytes
64 bytes from 172.16.6.6: icmp_seq=0 ttl=61 time=4.920 ms
^C
--- 172.16.6.6 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.920/4.920/4.920/0.000 ms
[edit]
root@vMX-1#
[edit]
root@vMX-1# run traceroute 172.16.5.5 source 172.16.4.4 logical-system R4
traceroute to 172.16.5.5 (172.16.5.5) from 172.16.4.4, 30 hops max, 40 byte packets
1 172.16.14.1 (172.16.14.1) 1.517 ms 1.574 ms 1.465 ms
2 172.16.5.5 (172.16.5.5) 1.891 ms 4.272 ms 2.136 ms
[edit]
root@vMX-1#
[edit]
root@vMX-1# run traceroute 172.16.6.6 source 172.16.4.4 logical-system R4
traceroute to 172.16.6.6 (172.16.6.6) from 172.16.4.4, 30 hops max, 40 byte packets
1 172.16.14.1 (172.16.14.1) 1.869 ms 1.457 ms 1.294 ms
2 * * *
3 10.200.23.3 (10.200.23.3) 3.310 ms 2.705 ms 2.571 ms
MPLS Label=299776 CoS=0 TTL=1 S=1
4 172.16.6.6 (172.16.6.6) 3.840 ms 5.932 ms 3.141 ms
[edit]
root@vMX-1#
For VPN-B:
[edit]
root@vMX-1# run ping 172.16.8.8 source 172.16.7.7 logical-system R7
PING 172.16.8.8 (172.16.8.8): 56 data bytes
64 bytes from 172.16.8.8: icmp_seq=0 ttl=61 time=4.153 ms
64 bytes from 172.16.8.8: icmp_seq=1 ttl=61 time=5.033 ms
^C
--- 172.16.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.153/4.593/5.033/0.440 ms
[edit]
root@vMX-1#
[edit]
root@vMX-1# run traceroute 172.16.8.8 source 172.16.7.7 logical-system R7
traceroute to 172.16.8.8 (172.16.8.8) from 172.16.7.7, 30 hops max, 40 byte packets
1 172.16.17.1 (172.16.17.1) 1.719 ms 1.829 ms 1.175 ms
2 * * *
3 10.200.23.3 (10.200.23.3) 3.291 ms 2.826 ms 2.586 ms
MPLS Label=299792 CoS=0 TTL=1 S=1
4 172.16.8.8 (172.16.8.8) 3.954 ms 6.151 ms 3.210 ms
[edit]
root@vMX-1#
Final configuration:
set logical-systems R1 interfaces ge-0/0/1 unit 12 description TO_R2
set logical-systems R1 interfaces ge-0/0/1 unit 12 vlan-id 12
set logical-systems R1 interfaces ge-0/0/1 unit 12 family inet address 10.200.12.1/24
set logical-systems R1 interfaces ge-0/0/1 unit 12 family iso
set logical-systems R1 interfaces ge-0/0/1 unit 12 family mpls
set logical-systems R1 interfaces ge-0/0/2 unit 14 description TO_R4
set logical-systems R1 interfaces ge-0/0/2 unit 14 vlan-id 14
set logical-systems R1 interfaces ge-0/0/2 unit 14 family inet address 172.16.14.1/24
set logical-systems R1 interfaces ge-0/0/3 unit 15 description TO_R5
set logical-systems R1 interfaces ge-0/0/3 unit 15 vlan-id 15
set logical-systems R1 interfaces ge-0/0/3 unit 15 family inet address 172.16.15.1/24
set logical-systems R1 interfaces ge-0/0/4 unit 17 description TO_R7
set logical-systems R1 interfaces ge-0/0/4 unit 17 vlan-id 17
set logical-systems R1 interfaces ge-0/0/4 unit 17 family inet address 172.16.17.1/24
set logical-systems R1 interfaces lo0 unit 1 family inet address 10.200.1.1/32
set logical-systems R1 interfaces lo0 unit 1 family iso address 49.0001.0000.0000.0001.00
set logical-systems R1 protocols rsvp interface ge-0/0/1.12
set logical-systems R1 protocols mpls label-switched-path R1_TO_R3 to 10.200.1.3
set logical-systems R1 protocols mpls label-switched-path R1_TO_R3 primary VIA_R2
set logical-systems R1 protocols mpls path VIA_R2 10.200.12.2 strict
set logical-systems R1 protocols mpls path VIA_R2 10.200.1.3 loose
set logical-systems R1 protocols mpls interface ge-0/0/1.12
set logical-systems R1 protocols bgp group TO_RR type internal
set logical-systems R1 protocols bgp group TO_RR local-address 10.200.1.1
set logical-systems R1 protocols bgp group TO_RR family inet-vpn unicast
set logical-systems R1 protocols bgp group TO_RR neighbor 10.200.1.2
set logical-systems R1 protocols isis level 1 disable
set logical-systems R1 protocols isis interface ge-0/0/1.12
set logical-systems R1 protocols isis interface lo0.1
set logical-systems R1 policy-options policy-statement BGP>R7_OSPF term 1 from protocol bgp
set logical-systems R1 policy-options policy-statement BGP>R7_OSPF term 1 then accept
set logical-systems R1 policy-options policy-statement RT_VPN_B_IN term 1 from protocol bgp
set logical-systems R1 policy-options policy-statement RT_VPN_B_IN term 1 from community RT_VPN_B
set logical-systems R1 policy-options policy-statement RT_VPN_B_IN term 1 then accept
set logical-systems R1 policy-options policy-statement RT_VPN_B_IN term 2 then reject
set logical-systems R1 policy-options policy-statement RT_VPN_B_OUT term 1 from protocol ospf
set logical-systems R1 policy-options policy-statement RT_VPN_B_OUT term 1 then community add RT_VPN_B
set logical-systems R1 policy-options policy-statement RT_VPN_B_OUT term 1 then accept
set logical-systems R1 policy-options policy-statement RT_VPN_B_OUT term 2 then reject
set logical-systems R1 policy-options community RT_VPN_B members target:65001L:200
set logical-systems R1 routing-instances VPN_A_R4_R5 instance-type vrf
set logical-systems R1 routing-instances VPN_A_R4_R5 interface ge-0/0/2.14
set logical-systems R1 routing-instances VPN_A_R4_R5 interface ge-0/0/3.15
set logical-systems R1 routing-instances VPN_A_R4_R5 route-distinguisher 10.200.1.1:100
set logical-systems R1 routing-instances VPN_A_R4_R5 vrf-target import target:65001L:100
set logical-systems R1 routing-instances VPN_A_R4_R5 vrf-target export target:65001L:100
set logical-systems R1 routing-instances VPN_A_R4_R5 routing-options static route 172.16.4.0/24 next-hop 172.16.14.4
set logical-systems R1 routing-instances VPN_A_R4_R5 routing-options static route 172.16.5.0/24 next-hop 172.16.15.5
set logical-systems R1 routing-instances VPN_B_R7 instance-type vrf
set logical-systems R1 routing-instances VPN_B_R7 interface ge-0/0/4.17
set logical-systems R1 routing-instances VPN_B_R7 route-distinguisher 10.200.1.1:200
set logical-systems R1 routing-instances VPN_B_R7 vrf-import RT_VPN_B_IN
set logical-systems R1 routing-instances VPN_B_R7 vrf-export RT_VPN_B_OUT
set logical-systems R1 routing-instances VPN_B_R7 protocols ospf export BGP>R7_OSPF
set logical-systems R1 routing-instances VPN_B_R7 protocols ospf area 0.0.0.0 interface ge-0/0/4.17
set logical-systems R1 routing-options static route 172.16.4.0/24 next-hop 172.16.14.4
set logical-systems R1 routing-options static route 172.16.5.0/24 next-hop 172.16.15.5
set logical-systems R1 routing-options autonomous-system 65001
set logical-systems R2 interfaces ge-0/0/1 unit 23 description TO_R3
set logical-systems R2 interfaces ge-0/0/1 unit 23 vlan-id 23
set logical-systems R2 interfaces ge-0/0/1 unit 23 family inet address 10.200.23.2/24
set logical-systems R2 interfaces ge-0/0/1 unit 23 family iso
set logical-systems R2 interfaces ge-0/0/1 unit 23 family mpls
set logical-systems R2 interfaces ge-0/0/2 unit 12 description TO_R1
set logical-systems R2 interfaces ge-0/0/2 unit 12 vlan-id 12
set logical-systems R2 interfaces ge-0/0/2 unit 12 family inet address 10.200.12.2/24
set logical-systems R2 interfaces ge-0/0/2 unit 12 family iso
set logical-systems R2 interfaces ge-0/0/2 unit 12 family mpls
set logical-systems R2 interfaces lo0 unit 2 family inet address 10.200.1.2/32
set logical-systems R2 interfaces lo0 unit 2 family iso address 49.0002.0000.0000.0002.00
set logical-systems R2 protocols rsvp interface all
set logical-systems R2 protocols mpls interface all
set logical-systems R2 protocols bgp group RR type internal
set logical-systems R2 protocols bgp group RR local-address 10.200.1.2
set logical-systems R2 protocols bgp group RR family inet-vpn unicast
set logical-systems R2 protocols bgp group RR cluster 10.200.1.2
set logical-systems R2 protocols bgp group RR neighbor 10.200.1.1
set logical-systems R2 protocols bgp group RR neighbor 10.200.1.3
set logical-systems R2 protocols isis level 1 disable
set logical-systems R2 protocols isis interface all
set logical-systems R2 routing-options autonomous-system 65001
set logical-systems R2 routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0
set logical-systems R3 interfaces ge-0/0/2 unit 23 description TO_R2
set logical-systems R3 interfaces ge-0/0/2 unit 23 vlan-id 23
set logical-systems R3 interfaces ge-0/0/2 unit 23 family inet address 10.200.23.3/24
set logical-systems R3 interfaces ge-0/0/2 unit 23 family iso
set logical-systems R3 interfaces ge-0/0/2 unit 23 family mpls
set logical-systems R3 interfaces ge-0/0/3 unit 38 description TO_R8
set logical-systems R3 interfaces ge-0/0/3 unit 38 vlan-id 38
set logical-systems R3 interfaces ge-0/0/3 unit 38 family inet address 172.16.38.3/24
set logical-systems R3 interfaces ge-0/0/4 unit 36 description TO_R6
set logical-systems R3 interfaces ge-0/0/4 unit 36 vlan-id 36
set logical-systems R3 interfaces ge-0/0/4 unit 36 family inet address 172.16.36.3/24
set logical-systems R3 interfaces lo0 unit 3 family inet address 10.200.1.3/32
set logical-systems R3 interfaces lo0 unit 3 family iso address 49.0003.0000.0000.0003.00
set logical-systems R3 protocols rsvp interface ge-0/0/2.23
set logical-systems R3 protocols mpls label-switched-path R3_TO_R1 to 10.200.1.1
set logical-systems R3 protocols mpls label-switched-path R3_TO_R1 primary VIA_R2
set logical-systems R3 protocols mpls path VIA_R2 10.200.23.2 strict
set logical-systems R3 protocols mpls path VIA_R2 10.200.1.1 loose
set logical-systems R3 protocols mpls interface ge-0/0/2.23
set logical-systems R3 protocols bgp group TO_RR type internal
set logical-systems R3 protocols bgp group TO_RR local-address 10.200.1.3
set logical-systems R3 protocols bgp group TO_RR family inet-vpn unicast
set logical-systems R3 protocols bgp group TO_RR neighbor 10.200.1.2
set logical-systems R3 protocols isis level 1 disable
set logical-systems R3 protocols isis interface ge-0/0/2.23
set logical-systems R3 protocols isis interface lo0.3
set logical-systems R3 policy-options policy-statement BGP>R8_RIP term 1 from protocol bgp
set logical-systems R3 policy-options policy-statement BGP>R8_RIP term 1 then accept
set logical-systems R3 policy-options policy-statement RT_VPN_A_IN term 1 from protocol bgp
set logical-systems R3 policy-options policy-statement RT_VPN_A_IN term 1 from community RT_VPN_A
set logical-systems R3 policy-options policy-statement RT_VPN_A_IN term 1 then accept
set logical-systems R3 policy-options policy-statement RT_VPN_A_IN term 2 then reject
set logical-systems R3 policy-options policy-statement RT_VPN_A_OUT term 1 from protocol bgp
set logical-systems R3 policy-options policy-statement RT_VPN_A_OUT term 1 then community add RT_VPN_A
set logical-systems R3 policy-options policy-statement RT_VPN_A_OUT term 1 then accept
set logical-systems R3 policy-options policy-statement RT_VPN_A_OUT term 2 then reject
set logical-systems R3 policy-options policy-statement RT_VPN_B_IN term 1 from protocol bgp
set logical-systems R3 policy-options policy-statement RT_VPN_B_IN term 1 from community RT_VPN_B
set logical-systems R3 policy-options policy-statement RT_VPN_B_IN term 1 then accept
set logical-systems R3 policy-options policy-statement RT_VPN_B_IN term 2 then reject
set logical-systems R3 policy-options policy-statement RT_VPN_B_OUT term 1 from protocol rip
set logical-systems R3 policy-options policy-statement RT_VPN_B_OUT term 1 then community add RT_VPN_B
set logical-systems R3 policy-options policy-statement RT_VPN_B_OUT term 1 then accept
set logical-systems R3 policy-options policy-statement RT_VPN_B_OUT term 2 then reject
set logical-systems R3 policy-options community RT_VPN_A members target:65001L:100
set logical-systems R3 policy-options community RT_VPN_B members target:65001L:200
set logical-systems R3 routing-instances VPN_A_R6 instance-type vrf
set logical-systems R3 routing-instances VPN_A_R6 interface ge-0/0/4.36
set logical-systems R3 routing-instances VPN_A_R6 route-distinguisher 10.200.1.3:100
set logical-systems R3 routing-instances VPN_A_R6 vrf-import RT_VPN_A_IN
set logical-systems R3 routing-instances VPN_A_R6 vrf-export RT_VPN_A_OUT
set logical-systems R3 routing-instances VPN_A_R6 protocols bgp group TO_R6 type external
set logical-systems R3 routing-instances VPN_A_R6 protocols bgp group TO_R6 local-address 172.16.36.3
set logical-systems R3 routing-instances VPN_A_R6 protocols bgp group TO_R6 peer-as 65002
set logical-systems R3 routing-instances VPN_A_R6 protocols bgp group TO_R6 neighbor 172.16.36.6
set logical-systems R3 routing-instances VPN_B_R8 instance-type vrf
set logical-systems R3 routing-instances VPN_B_R8 interface ge-0/0/3.38
set logical-systems R3 routing-instances VPN_B_R8 route-distinguisher 10.200.1.3:200
set logical-systems R3 routing-instances VPN_B_R8 vrf-import RT_VPN_B_IN
set logical-systems R3 routing-instances VPN_B_R8 vrf-export RT_VPN_B_OUT
set logical-systems R3 routing-instances VPN_B_R8 protocols rip group TO_R8 export BGP>R8_RIP
set logical-systems R3 routing-instances VPN_B_R8 protocols rip group TO_R8 neighbor ge-0/0/3.38
set logical-systems R3 routing-options autonomous-system 65001
set logical-systems R4 interfaces ge-0/0/1 unit 14 description TO_R1
set logical-systems R4 interfaces ge-0/0/1 unit 14 vlan-id 14
set logical-systems R4 interfaces ge-0/0/1 unit 14 family inet address 172.16.14.4/24
set logical-systems R4 interfaces lo0 unit 4 family inet address 172.16.4.4/32
set logical-systems R4 routing-options static route 172.16.0.0/16 next-hop 172.16.14.1
set logical-systems R5 interfaces ge-0/0/1 unit 15 description TO_R1
set logical-systems R5 interfaces ge-0/0/1 unit 15 vlan-id 15
set logical-systems R5 interfaces ge-0/0/1 unit 15 family inet address 172.16.15.5/24
set logical-systems R5 interfaces lo0 unit 5 family inet address 172.16.5.5/32
set logical-systems R5 routing-options static route 172.16.0.0/16 next-hop 172.16.15.1
set logical-systems R6 interfaces ge-0/0/1 unit 36 description TO_R3
set logical-systems R6 interfaces ge-0/0/1 unit 36 vlan-id 36
set logical-systems R6 interfaces ge-0/0/1 unit 36 family inet address 172.16.36.6/24
set logical-systems R6 interfaces lo0 unit 6 family inet address 172.16.6.6/32
set logical-systems R6 protocols bgp group TO_R3 type external
set logical-systems R6 protocols bgp group TO_R3 local-address 172.16.36.6
set logical-systems R6 protocols bgp group TO_R3 export STATIC
set logical-systems R6 protocols bgp group TO_R3 peer-as 65001
set logical-systems R6 protocols bgp group TO_R3 neighbor 172.16.36.3
set logical-systems R6 policy-options policy-statement STATIC term 1 from protocol static
set logical-systems R6 policy-options policy-statement STATIC term 1 then accept
set logical-systems R6 routing-options static route 172.16.6.0/24 reject
set logical-systems R6 routing-options autonomous-system 65002
set logical-systems R7 interfaces ge-0/0/1 unit 17 description TO_R1
set logical-systems R7 interfaces ge-0/0/1 unit 17 vlan-id 17
set logical-systems R7 interfaces ge-0/0/1 unit 17 family inet address 172.16.17.7/24
set logical-systems R7 interfaces lo0 unit 7 family inet address 172.16.7.7/32
set logical-systems R7 protocols ospf export STATIC
set logical-systems R7 protocols ospf area 0.0.0.0 interface ge-0/0/1.17
set logical-systems R7 policy-options policy-statement STATIC term 1 from protocol static
set logical-systems R7 policy-options policy-statement STATIC term 1 then accept
set logical-systems R7 routing-options static route 172.16.7.0/24 reject
set logical-systems R8 interfaces ge-0/0/1 unit 38 description TO_R3
set logical-systems R8 interfaces ge-0/0/1 unit 38 vlan-id 38
set logical-systems R8 interfaces ge-0/0/1 unit 38 family inet address 172.16.38.8/24
set logical-systems R8 interfaces lo0 unit 8 family inet address 172.16.8.8/32
set logical-systems R8 protocols rip group TO_R3 export STATIC
set logical-systems R8 protocols rip group TO_R3 neighbor ge-0/0/1.38
set logical-systems R8 policy-options policy-statement STATIC term 1 from protocol static
set logical-systems R8 policy-options policy-statement STATIC term 1 then accept
set logical-systems R8 routing-options static route 172.16.8.0/24 reject
set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/2 vlan-tagging
set interfaces ge-0/0/3 vlan-tagging
set interfaces ge-0/0/4 vlan-tagging
Reference:
Junos Layer 3 VPNs Configuration Guide
最初發表 / 最後更新: 2015.09.16 / 2018.06.03
0 comments:
張貼留言