Category Archives: MPLS

JunOS Automation using PyEZ and Northstar REST APIs

Hi All, in this session lets discuss some Automation.

During past few days, I was looking at some REST APIs for Juniper Northstar Controller. Now Northstar is good for LSP creation/deletion/modification but it cant configure the service E2E. Offcourse that tool is not meant to do all this but Juniper has recently released one beta version of it which can bind your LSP to some service which is excellent step forward. We will see that in a moment. Juniper is leveraging Jinja templates in NS to achieve this binding.

However as I said still service creation is not E2E and for that I thought of adding one more layer of automation and for this I have used Juniper own PyEZ framework which is basically Juniper Python library for automating tasks. Brilliant lets see how this work.

Juniper PyEZ is a framework which is easily grasped by Network engineers and you don’t need to be programmer to fully understand it.

https://www.juniper.net/documentation/en_US/junos-pyez/topics/concept/junos-pyez-overview.html

REST (REpresentational State Transfer) is a set of useful conventions and principals about transfer of information over the World Wide Web.

Many Web services are now using the principals of REST in their design.

When you type a URL into your browser, like http://example.net, your browser software creates an HTTP header that identifies:

  • a desired action: GET (“get me this resource”).
  • a target machine (www.domain-name.com).

The NorthStar RESTful APIs are designed to enable access over HTTP to most of the same data and analytics that are available to you from both the NorthStar GUI and the NorthStar CLI.

https://www.juniper.net/documentation/en_US/northstar3.1.0/information-products/api-ref/api-ref.html

Below is the pictorial representation of what we will be doing. I have used a Windows server on which we will write a script which will talk to Northstar using REST APIs and other components of Juniper Pes using PyEZ.

L2VPN CCC
Automation Model

 

Our Script will be written in Python and you can write the variables value in excel and pass it to the script.

Our excel format:

L2VPN_CCC_Data

import httplib
import json
import time
import re
import sys
import pandas as pd
from jnpr.junos import Device
from jnpr.junos.utils.config import Config
from pprint import pprint

df = pd.read_excel("L2VPN_CCC_Data.xlsx","Sheet1")

PE1 = str((df['PE1'].values.tolist())[0])
PE2 = str((df['PE2'].values.tolist())[0])
Interface_PE1 = str((df['Interface_PE1'].values.tolist())[0])
Unit_PE1 = str((df['Unit_PE1'].values.tolist())[0])
Vlan_PE1 = str((df['Vlan_PE1'].values.tolist())[0])
Interface_PE2 = str((df['Interface_PE2'].values.tolist())[0])
Unit_PE2 = str((df['Unit_PE2'].values.tolist())[0])
Vlan_PE2 = str((df['Vlan_PE2'].values.tolist())[0])
LSP_Name_PE1 = str((df['LSP_Name_PE1'].values.tolist())[0])
LSP_Name_PE2 = str((df['LSP_Name_PE2'].values.tolist())[0])
VPN_CCC_PE1 = str((df['VPN_CCC_PE1'].values.tolist())[0])
VPN_CCC_PE2 = str((df['VPN_CCC_PE2'].values.tolist())[0])

dev1 = Device(host=''+PE1+'', user='demo', password='password', port='22')
dev1.open()
dev1.timeout = 300

with Config(dev1, mode='private') as cu: 
cu.load('set interfaces '+Interface_PE1+' unit '+Unit_PE1+' description L2VPN-CCC encapsulation vlan-ccc vlan-id '+Vlan_PE1+' family ccc', format='set')
cu.pdiff() #Printing the difference in the configuration after the load
cu.commit()

dev1.close()
dev2 = Device(host=''+PE2+'', user='demo', password='password', port='22')
dev2.open()
dev2.timeout = 300

with Config(dev2, mode='private') as cu: 
cu.load('set interfaces '+Interface_PE2+' unit '+Unit_PE2+' description L2VPN-CCC encapsulation vlan-ccc vlan-id '+Vlan_PE2+' family ccc', format='set')
cu.pdiff() #Printing the difference in the configuration after the load#
cu.commit() #commit#

dev2.close()
conn = httplib.HTTPConnection('10.198.123.180:8091')
Bandwidth = raw_input('Please enter LSP Bandwidth on '+PE1+' (e.g 100k): ')
Setup_Pri = raw_input('Please enter Set up Priority: ')
Hold_Pri = raw_input('Please enter Hold Priority: ')
payload = str('{\r\n\"name\": \"'+LSP_Name_PE1+'\",\r\n\"creationConfigurationMethod\": \"NETCONF\",\r\n\"provisioningType\": \"RSVP\",\r\n  \"pathType\": \"primary\",\r\n  \"from\": {\r\n\"topoObjectType\": \"ipv4\",\r\n\"address\": \"'+PE1+'\"\r\n },\r\n  \"to\": {\r\n\"topoObjectType\": \"ipv4\",\r\n\"address\": \"'+PE2+'\"\r\n},\r\n\"plannedProperties\": {\r\n\"bandwidth\": \"'+Bandwidth+'\",\r\n\"setupPriority\": '+Setup_Pri+',\r\n\"holdingPriority\": '+Hold_Pri+',\r\n\"userProperties\": {\r\n \"ccc-vpn-name\": \"'+VPN_CCC_PE1+'\",\r\n \"ccc-interface\": \"'+Interface_PE1+'.'+Unit_PE1+'\",\r\n\"transmit-lsp\": \"'+LSP_Name_PE1+'\",\r\n\"receive-lsp\": \"'+LSP_Name_PE2+'\"\r\n    }\r\n  }\r\n}\r\n')
headers = {
 'content-type': "application/json",
'cache-control': "no-cache",
 }

conn.request ("POST", "/NorthStar/API/v2/tenant/1/topology/1/te-lsps", payload, headers
res = conn.getresponse()
data = res.read()
print 'Please wait while we get the status of LSP you created :)'
for i in xrange(25,0,-1):
 time.sleep(1)
 sys.stdout.write(str(i)+' ') 
 sys.stdout.flush()
 conn.request("GET", str('/NorthStar/API/v2/tenant/1/topology/1/te-lsps/search?name=' + LSP_Name_PE1), headers=headers
 res = conn.getresponse()
 data = res.read()

LSP_Status = re.search('operationalStatus":(.*?),', data).group(1)
if LSP_Status == '"Active"':
  print ('\nSuccess: LSP "'+LSP_Name_PE1+'" is Created and Active')
elif LSP_Status == "Down":
   print ('\nFailed: LSP "'+LSP_Name_PE1+'" is created however Down')
else:
  print ('\nFailed: LSP "'+LSP_Name_PE1+'" is not created and is in Unknown State on Northstar')

time.sleep(10)

conn = httplib.HTTPConnection('10.198.123.180:8091')
Bandwidth = raw_input('Please enter LSP Bandwidth on '+PE2+' (e.g 100k): ')
Setup_Pri = raw_input('Please enter Set up Priority: ')
Hold_Pri = raw_input('Please enter Hold Priority: ')

payload = str('{\r\n\"name\": \"'+LSP_Name_PE2+'\",\r\n\"creationConfigurationMethod\": \"NETCONF\",\r\n\"provisioningType\": \"RSVP\",\r\n  \"pathType\": \"primary\",\r\n  \"from\": {\r\n\"topoObjectType\": \"ipv4\",\r\n\"address\": \"'+PE2+'\"\r\n },\r\n  \"to\": {\r\n\"topoObjectType\": \"ipv4\",\r\n\"address\": \"'+PE1+'\"\r\n},\r\n\"plannedProperties\": {\r\n\"bandwidth\": \"'+Bandwidth+'\",\r\n\"setupPriority\": '+Setup_Pri+',\r\n\"holdingPriority\": '+Hold_Pri+',\r\n\"userProperties\": {\r\n \"ccc-vpn-name\": \"'+VPN_CCC_PE2+'\",\r\n \"ccc-interface\":\"'+Interface_PE2+'.'+Unit_PE2+'\",\r\n\"transmit-lsp\": \"'+LSP_Name_PE2+'\",\r\n\"receive-lsp\": \"'+LSP_Name_PE1+'\"\r\n    }\r\n  }\r\n}\r\n')
headers = {
 'content-type': "application/json",
 'cache-control': "no-cache",
   }

conn.request ("POST", "/NorthStar/API/v2/tenant/1/topology/1/te-lsps", payload, headers)
res = conn.getresponse()
data = res.read()
print 'Please wait while we get the status of LSP you created :)'
for i in xrange(25,0,-1):
   time.sleep(1)
   sys.stdout.write(str(i)+' ')
   sys.stdout.flush()

conn.request("GET", str('/NorthStar/API/v2/tenant/1/topology/1/te-lsps/search?name=' + LSP_Name_PE2), headers=headers)
res = conn.getresponse()
data = res.read()
LSP_Status = re.search('operationalStatus":(.*?),', data).group(1)
if LSP_Status == '"Active"':
    print ('\nSuccess: LSP "'+LSP_Name_PE2+'" is Created and Active')
elif LSP_Status == "Down":
    print ('\nFailed: LSP "'+LSP_Name_PE2+'" is created however Down')
else:
    print ('\nFailed: LSP "'+LSP_Name_PE2+'" is not created and is in Unknown State on Northstar')

time.sleep(5)

dev1.open()
dev2.open()

print (dev1.cli('show connections remote-interface-switch '+VPN_CCC_PE1+'', warning=False))

print (dev2.cli('show connections remote-interface-switch '+VPN_CCC_PE2+'', warning=False))

dev1.close()
dev2.close()

In this script we are making reading the values from the excel and using it as variables in or script.

After that using PyEZ, making a SSH connection to PE1 and PE2 and configuring the layer 2 sub-interfaces with vpn-ccc encapsulations. Once that is done, connection to Northstar server 10.198.123.180 using httplib libraris/modules is made and waiting for Northstar to configure the LSP. At this stage Northstar is also binding that LSPs in connections using Jinja template. Once Northstar has created the LSPs we are using regular expression to get the LSP Index from Northstar and checking whether LSP creating in Success or failed.

At last we are printing the show command output to find out if everything is up and running 🙂

Lets see by running the script

C:\Program Files (x86)\Python\Northstar_Scripts\Working\Juniper\L2VPN_CCC>python
 E2E_L2VPN_CCC_Script.py
[edit interfaces xe-2/0/0]
+ unit 601 {
+ description L2VPN-CCC;
+ encapsulation vlan-ccc;
+ vlan-id 601;
+ family ccc;
+ }
[edit interfaces xe-2/0/0]
+ unit 601 {
+ description L2VPN-CCC;
+ encapsulation vlan-ccc;
+ vlan-id 601;
+ family ccc;
+ }
Please enter LSP Bandwidth on 10.198.123.100 (e.g 100k): 70m
Please enter Set up Priority: 5
Please enter Hold Priority: 0
Please wait while we get the status of LSP you created :)
25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
Success: LSP "l2vpn-ccc-1" is created and is Active
Please enter LSP Bandwidth on 10.198.123.205 (e.g 100k): 70m
Please enter Set up Priority: 5
Please enter Hold Priority: 0
Please wait while we get the status of LSP you created :)
25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
Success: LSP "l2vpn-ccc-2" is created and is Active
CCC and TCC connections [Link Monitoring On]
Legend for status (St): Legend for connection types:
 UN -- uninitialized if-sw: interface switching
 NP -- not present rmt-if: remote interface switching
 WE -- wrong encapsulation lsp-sw: LSP switching
 DS -- disabled tx-p2mp-sw: transmit P2MP switching
 Dn -- down rx-p2mp-sw: receive P2MP switching
 -> -- only outbound conn is up Legend for circuit types:
 <- -- only inbound conn is up intf -- interface
 Up -- operational oif -- outgoing interface
 RmtDn -- remote CCC down tlsp -- transmit LSP
 Restart -- restarting rlsp -- receive LSP
Connection/Circuit Type St Time last up # Up tran
s
l2vpn-ccc rmt-if Up Nov 25 12:52:10
1
 xe-2/0/0.601 intf Up
 l2vpn-ccc-1 tlsp Up
 l2vpn-ccc-2 rlsp Up

CCC and TCC connections [Link Monitoring On]
Legend for status (St): Legend for connection types:
 UN -- uninitialized if-sw: interface switching
 NP -- not present rmt-if: remote interface switching
 WE -- wrong encapsulation lsp-sw: LSP switching
 DS -- disabled tx-p2mp-sw: transmit P2MP switching
 Dn -- down rx-p2mp-sw: receive P2MP switching
 -> -- only outbound conn is up Legend for circuit types:
 <- -- only inbound conn is up intf -- interface
 Up -- operational oif -- outgoing interface
 RmtDn -- remote CCC down tlsp -- transmit LSP
 Restart -- restarting rlsp -- receive LSP

Connection/Circuit Type St Time last up # Up tran
s
l2vpn-ccc rmt-if Up Nov 25 12:52:11
1
 xe-2/0/0.601 intf Up
 l2vpn-ccc-2 tlsp Up
 l2vpn-ccc-1 rlsp Up

C:\Program Files (x86)\Python\Northstar_Scripts\Working\Juniper\L2VPN_CCC>

 

So that’s all for today.. You can see the possibility of using this framework in so many tasks in your daily networking journey. I hope you like this blog and will try to use it in your network 🙂

Regards

Mohit

Advertisements

Juniper Northstar SDN Controller – Part 2

Following on my earlier blog on Northstar here: https://networkzblogger.com/2017/03/17/juniper-northstar-wan-sdn-controller, recently I got chance to work on next release of it which has among other things is ability to initiate P2MP (Point to Multipoint) LSPs. P2MPs are big use case in Media and Broadcast network and ability to create them via controller would be too helpful. However there is a catch. As discussed in my earlier blog, the NorthStar (NS) Controller relies on PCEP (Path Computation Element Protocol) to deploy a path between the PCC router and PCE (Controller). Currently P2MPs are not initiated by PCEP or its standard is not ratified. So Juniper have come up with another way of configuring it and that’s via Netconf. NETCONF provides mechanisms to install, manipulate, and delete the configuration of network devices. Its operations are realized on top of a simple Remote Procedure Call (RPC) layer. The protocol messages are exchanged on top of a secure transport protocol like SSH etc.

In this blog, instead of looking at PCEP based LSPs from Northstar we will explore netconf functionality and what other features have been introduced in new ns version.

Below is our current model which is built using TED (Traffic Engineering Database) by Northstar and if you look closely there are 2 devices which have PCEP session up because they have correct Junos code on it (15.1F6 and later) however all others are having netconf session Up even if they are on Junos 10, 12, 14 etc. which is cool thing. So as long as you have netconf stanza added in Junos config and have ssh connectivity that is all Northstar need to connect to devices.

Pic-1

Lets start by configuring a P2MP LSP via Northstar

You can see 2 options here for provisioning method. One is PCEP and other is Netconf.

Pic-2

We will choose Netconf and fill other bits.

Pic-3

We have kept Path as dynamic however we can choose required path to TE it more. Under Advanced Tab, you will see P2MP Name field, in which we have added the P2MP name.

Pic-4

All others field you can pretty much keep default.

Once you submit it, Northstar will open a netconf session on port 830 towards headend router which is M320 in our case and push and commit the config to it.

Pic-5

You can see above LSP has become Active and its showing the path as well which this LSP is taking. Now one of the biggest difference between PCEP created LSP and one created from Netconf is that Netconf LSPs will be part of startup-config in Junos as the configs are committing to it so it can be slow process getting your LSP up based upon commit time. Also all Netconf created LSPs are basically shown as PCC Controlled. However PCEP just sent LSP state to network to build E2E path rather than config. PCEP LSP config still resides in NS database and LSPs are created within seconds and are PCE Initiated.

M320> show configuration protocols mpls label-switched-path demo-0610
from 10.198.123.203;
to 10.198.123.103;
p2mp demo-0610-p2p;
primary demo-0610.p0 {
 apply-groups demo-0610-p2p;
}

M320> show configuration groups demo-0610-p2p
protocols {
 mpls {
 label-switched-path <*> {
 primary <*> {
 bandwidth 10m;
 priority 7 7;
 }
 }
 }
}

Ok so that’s for P2MP LSPs which is clean. In 3.1.0 one of the issue we found was related to commit process. Suppose you have 10 LSPs to be created from one source to destination. With Netconf, NS will commit 10 times individually for those LSPs which can be time consuming on some of the MX104s, MX80s with less CPU power. Juniper is looking to change this and putting the commit in batches to decrease the overall time and commit process which would be excellent J

So we have seen now how P2MP LSPs are created via Netconf however we haven’t seen how Netconf parameters are configured on NS as with netconf you can see the analytics data as well which is populated by Telemetry. We will see Telemetry in some other blog.

Under Administration -> Device Profiles we have to set the parameters for individual device.

Pic-6

We enable Netconf and add login details and password. You can test the connectivity as well from NS before actually trying to provision the network.

Pic-7

Apart from P2MP, another thing which has been introduced is while provisioning the LSP you can select which routing method you need to choose. There are many methods starting from default to routebyPCC, etc. default means that NS will calculate the path and routebyPCC means routers will calculate the path and NS won’t be having any say in it.

Pic-8

Another new feature which has been introduced in release 3.1.0 is setting the current path as explicit.

So above P2MP LSP I created was just dynamic however if we want to explicitly make this path as Strict so that LSP doesn’t change path based upon the network conditions we can configure it as below.

Pic-9

If we see the CLI now, NS has filled strict path in it.

M320> show configuration protocols mpls path demo-0610.p0
10.177.177.5 strict;
10.0.0.245 strict;

Ok that’s all for this blog. I hope you like it and let me know your views if you are looking at using NS for your network and if you are already, what are your use cases J

 

R

Mohit Mittal

 

RSVP Messages in Juniper JunOS

RSVP (Resource Reservation Protocol) is a transport layer protocol designed to reserve resources across a network for an integrated services Internet. RSVP is not a routing protocol and was designed to interoperate with current and future routing protocols.

RSVP by itself is rarely deployed in telecom networks today but the traffic engineering extension of RSVP, or RSVP-TE, is becoming more widely accepted nowadays in many QoS-oriented networks

In this blog we will see the RSVP messages which flows while setting up the E2E LSP between 2 PEs.

Following model will be used to understand the behaviour.

RSVP
RSVP Messages Topology

LSP we will configure is TEST-MX960-MX104 between MX960 (Hostname : Bentley) and MX104 (Hostname Pagani) via M320 and M120.

Let’s configure the LSP as below from MX960 to MX104 (loopback IP: 10.198.123.100) with strict path through M320 and M120.

re1.bentley> show configuration protocols mpls label-switched-path TEST-MX960-MX104
to 10.198.123.100;
bandwidth 100m;
optimize-timer 900;
preference 200;
priority 5 0;
primary Bentley-Pagani;

re1.bentley> show configuration protocols mpls path Bentley-Pagani
10.0.0.93 strict;
10.0.0.41 strict;
10.0.0.170 strict;

Before we see the RSVP session details, lets see the message interactions happening at each device from Ingress to Egress. We enabled the RSVP traceoptions in order to capture the packets.

As soon as LSP is configured, RSVP new session is built with tunnel ID (44394 in our case) which is unique for this LSP and will be present in all messages.

Jun 25 18:32:31.822264 RSVP new Session 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0, session ID 51419

Jun 25 18:32:31.822301 RSVP new path state, session 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0

Path Messages:

Path message will be sent by Ingress PE MX960 towards MX104 hop by hop using the strict path we configured or will be based on IGP path in case no path has been defined.

MX960 will send the RSVP Send path message which will be received by Transit routers which in turn will send their own Path messages.

On MX960:

Jun 25 18:32:31.824365 RSVP send Path 10.198.123.205->10.198.123.100 Len=272 ge-1/1/7.0 flags=0x1 ttl=255
Jun 25 18:32:31.824385 Integty Len 36 flag 0x0 key 0x00005e00000a seq 0xbf015059de530a00 digest 0x75c574bd 0x3c7e8ecb 0x435976f8 0x408b3263
Jun 25 18:32:31.824399 MessageID Len 12 Msg_ID: 878279 Epoch: 2641670 (Ack Desired)
Jun 25 18:32:31.824415 Session7 Len 16 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0
Jun 25 18:32:31.824431 Hop Len 12 10.0.0.94/0x80000009
Jun 25 18:32:31.824443 Time Len 8 30000 ms
Jun 25 18:32:31.824464 SrcRoute Len 28 10.0.0.93 S 10.0.0.41 S 10.0.0.170 S
Jun 25 18:32:31.824477 LabelRequest Len 8 EtherType 0x800
Jun 25 18:32:31.824492 Properties Len 12 Primary path
Jun 25 18:32:31.824505 SessionAttribute Len 24 Prio (5,0) flag 0x0 "TEST-MX960-MX104"
Jun 25 18:32:31.824520 Sender7 Len 12 10.198.123.205(port/lsp ID 1)
Jun 25 18:32:31.824546 Tspec Len 36 rate 100Mbps size 100Mbps peak Infbps m 20 M 1500
Jun 25 18:32:31.824560 ADspec Len 48 MTU 1500
Jun 25 18:32:31.824575 RecRoute Len 12 10.0.0.94

M120:

Jun 25 18:32:31.941242 RSVP recv Path 10.0.0.94->10.0.0.93 Len=272 ge-2/0/0.0 flags=0x1 ttl=255
Jun 25 18:32:31.941261 Integty Len 36 flag 0x0 key 0x00005e00000a seq 0xbf015059de530a00 digest 0x75c574bd 0x3c7e8ecb 0x435976f8 0x408b3263
Jun 25 18:32:31.941273 MessageID Len 12 Msg_ID: 878279 Epoch: 2641670 (Ack Desired)
Jun 25 18:32:31.941287 Session7 Len 16 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0
Jun 25 18:32:31.941299 Hop Len 12 10.0.0.94/0x80000009
Jun 25 18:32:31.941310 Time Len 8 30000 ms
Jun 25 18:32:31.941328 SrcRoute Len 28 10.0.0.93 S 10.0.0.41 S 10.0.0.170 S
Jun 25 18:32:31.941338 LabelRequest Len 8 EtherType 0x800
Jun 25 18:32:31.941349 Properties Len 12 Primary path
Jun 25 18:32:31.941359 SessionAttribute Len 24 Prio (5,0) flag 0x0 "TEST-MX960-MX104"
Jun 25 18:32:31.941372 Sender7 Len 12 10.198.123.205(port/lsp ID 1)
Jun 25 18:32:31.941393 Tspec Len 36 rate 100Mbps size 100Mbps peak Infbps m 20 M 1500
Jun 25 18:32:31.941405 ADspec Len 48 MTU 1500
Jun 25 18:32:31.941417 RecRoute Len 12 10.0.0.94

Jun 25 18:32:31.943251 RSVP send Path 10.198.123.205->10.198.123.100 Len=272 so-2/1/0.1 flags=0x1 ttl=254
Jun 25 18:32:31.943266 Integty Len 36 flag 0x0 key 0x00002a00000a seq 0xbf0150594b670e00 digest 0xc5bc0316 0x87716529 0xf2ca9320 0xd0fdd978
Jun 25 18:32:31.943277 MessageID Len 12 Msg_ID: 211 Epoch: 11650457 (Ack Desired)
Jun 25 18:32:31.943290 Session7 Len 16 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0
Jun 25 18:32:31.943303 Hop Len 12 10.0.0.42/0x80000003
Jun 25 18:32:31.943313 Time Len 8 30000 ms
Jun 25 18:32:31.943328 SrcRoute Len 20 10.0.0.41 S 10.0.0.170 S
Jun 25 18:32:31.943338 LabelRequest Len 8 EtherType 0x800
Jun 25 18:32:31.943349 Properties Len 12 Primary path
Jun 25 18:32:31.943359 SessionAttribute Len 24 Prio (5,0) flag 0x0 "TEST-MX960-MX104"
Jun 25 18:32:31.943372 Sender7 Len 12 10.198.123.205(port/lsp ID 1)
Jun 25 18:32:31.943390 Tspec Len 36 rate 100Mbps size 100Mbps peak Infbps m 20 M 1500
Jun 25 18:32:31.943402 ADspec Len 48 MTU 1500
Jun 25 18:32:31.943416 RecRoute Len 20 10.0.0.42 10.0.0.94

M320:

Jun 25 18:32:32.029412 RSVP recv Path 10.0.0.42->10.0.0.41 Len=272 so-0/3/0.1
Jun 25 18:32:32.029465 Integty Len 36 flag 0x0 key 0x00002a00000a seq 0xbf0150594b670e00 digest 0xc5bc0316 0x87716529 0xf2ca9320 0xd0fdd978
Jun 25 18:32:32.029477 MessageID Len 12 Msg_ID: 211 Epoch: 11650457 (Ack Desired)
Jun 25 18:32:32.029488 Session7 Len 16 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0
Jun 25 18:32:32.029498 Hop Len 12 10.0.0.42/0x80000003
Jun 25 18:32:32.029506 Time Len 8 30000 ms
Jun 25 18:32:32.029519 SrcRoute Len 20 10.0.0.41 S 10.0.0.170 S
Jun 25 18:32:32.029527 LabelRequest Len 8 EtherType 0x800
Jun 25 18:32:32.029537 Properties Len 12 Primary path
Jun 25 18:32:32.029547 SessionAttribute Len 24 Prio (5,0) flag 0x0 "TEST-MX960-MX104"
Jun 25 18:32:32.029556 Sender7 Len 12 10.198.123.205(port/lsp ID 1)
Jun 25 18:32:32.029580 Tspec Len 36 rate 100Mbps size 100Mbps peak Infbps m 20 M 1500
Jun 25 18:32:32.029590 ADspec Len 48 MTU 1500
Jun 25 18:32:32.029600 RecRoute Len 20 10.0.0.42 10.0.0.94

Jun 25 18:32:32.031527 RSVP send Path 10.198.123.205->10.198.123.100 Len=272 ge-1/3/3.0
Jun 25 18:32:32.031541 Integty Len 36 flag 0x0 key 0x0000a900000a seq 0xbf015059f47d0a00 digest 0xbb579467 0x457e455a 0x915f3fa4 0x6eeb2319
Jun 25 18:32:32.031550 MessageID Len 12 Msg_ID: 5484 Epoch: 8616743 (Ack Desired)
Jun 25 18:32:32.031560 Session7 Len 16 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0
Jun 25 18:32:32.031569 Hop Len 12 10.0.0.169/0x091a536c
Jun 25 18:32:32.031577 Time Len 8 30000 ms
Jun 25 18:32:32.031586 SrcRoute Len 12 10.0.0.170 S
Jun 25 18:32:32.031594 LabelRequest Len 8 EtherType 0x800
Jun 25 18:32:32.031603 Properties Len 12 Primary path
Jun 25 18:32:32.031652 SessionAttribute Len 24 Prio (5,0) flag 0x0 "TEST-MX960-MX104"
Jun 25 18:32:32.031662 Sender7 Len 12 10.198.123.205(port/lsp ID 1)
Jun 25 18:32:32.031676 Tspec Len 36 rate 100Mbps size 100Mbps peak Infbps m 20 M 1500
Jun 25 18:32:32.031686 ADspec Len 48 MTU 1500
Jun 25 18:32:32.031697 RecRoute Len 28 10.0.0.169 10.0.0.42 10.0.0.94

MX104:

Jun 25 18:32:32.149670 RSVP recv Path 10.0.0.169->10.0.0.170 Len=272 ge-0/0/1.0 flags=0x1 ttl=253
Jun 25 18:32:32.149787 Integty Len 36 flag 0x0 key 0x00000a0000a9 seq 0x595001bf000a7df4 digest 0x679457bb 0x5a457e45 0xa43f5f91 0x1923eb6e
Jun 25 18:32:32.149813 MessageID Len 12 Msg_ID: 5484 Epoch: 8616743 (Ack Desired)
Jun 25 18:32:32.149840 Session7 Len 16 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0
Jun 25 18:32:32.149867 Hop Len 12 10.0.0.169/0x091a536c
Jun 25 18:32:32.149891 Time Len 8 30000 ms
Jun 25 18:32:32.149918 SrcRoute Len 12 10.0.0.170 S
Jun 25 18:32:32.149943 LabelRequest Len 8 EtherType 0x800
Jun 25 18:32:32.149968 Properties Len 12 Primary path
Jun 25 18:32:32.149993 SessionAttribute Len 24 Prio (5,0) flag 0x0 "TEST-MX960-MX104"
Jun 25 18:32:32.150018 Sender7 Len 12 10.198.123.205(port/lsp ID 1)
Jun 25 18:32:32.150069 Tspec Len 36 rate 100Mbps size 100Mbps peak Infbps m 20 M 1500
Jun 25 18:32:32.150094 ADspec Len 48 MTU 1500
Jun 25 18:32:32.150121 RecRoute Len 28 10.0.0.169 10.0.0.42 10.0.0.94

 

RESV Messages

Once MX104 has received Path message, it will generate the RESV message containing the MPLS Label value towards its next-hop.

MX104:

Jun 25 18:32:32.151356 RSVP send Resv 10.0.0.170->10.0.0.169 Len=168 ge-0/0/1.0 flags=0x1 ttl=255
Jun 25 18:32:32.151402 Integty Len 36 flag 0x0 key 0x00000a0000aa seq 0x595001c00001e237 digest 0x2f64cc8a 0x402a4baf 0xbd34ce62 0x9436192e
Jun 25 18:32:32.151427 MessageID Len 12 Msg_ID: 1121 Epoch: 1236180 (Ack Desired)
Jun 25 18:32:32.151453 Session7 Len 16 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0
Jun 25 18:32:32.151479 Hop Len 12 10.0.0.170/0x091a536c
Jun 25 18:32:32.151503 Time Len 8 30000 ms
Jun 25 18:32:32.151527 Style Len 8 FF
Jun 25 18:32:32.151575 Flow Len 36 rate 100Mbps size 100Mbps peak Infbps m 20 M 1500
Jun 25 18:32:32.151600 Filter7 Len 12 10.198.123.205(port/lsp ID 1)
Jun 25 18:32:32.151624 Label Len 8 301456
Jun 25 18:32:32.151650 RecRoute Len 12 10.0.0.170

M320:

Jun 25 18:32:32.235459 RSVP recv Resv 10.0.0.170->10.0.0.169 Len=168 ge-1/3/3.0
Jun 25 18:32:32.235476 Integty Len 36 flag 0x0 key 0x0000aa00000a seq 0xc001505937e20100 digest 0x8acc642f 0xaf4b2a40 0x62ce34bd 0x2e193694
Jun 25 18:32:32.235486 MessageID Len 12 Msg_ID: 1121 Epoch: 1236180 (Ack Desired)
Jun 25 18:32:32.235496 Session7 Len 16 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0
Jun 25 18:32:32.235506 Hop Len 12 10.0.0.170/0x091a536c
Jun 25 18:32:32.235514 Time Len 8 30000 ms
Jun 25 18:32:32.235523 Style Len 8 FF
Jun 25 18:32:32.235537 Flow Len 36 rate 100Mbps size 100Mbps peak Infbps m 20 M 1500
Jun 25 18:32:32.235547 Filter7 Len 12 10.198.123.205(port/lsp ID 1)
Jun 25 18:32:32.235556 Label Len 8 301456
Jun 25 18:32:32.235565 RecRoute Len 12 10.0.0.170
Jun 25 18:32:32.235669 RSVP new resv state, session 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0

Jun 25 18:32:32.240512 RSVP send Resv 10.0.0.41->10.0.0.42 Len=176 so-0/3/0.1
Jun 25 18:32:32.240530 Integty Len 36 flag 0x0 key 0x00002900000a seq 0xbf01505945ae0d00 digest 0xa61d34f1 0x42d26c8a 0x33b66d12 0xdd26b232
Jun 25 18:32:32.240540 MessageID Len 12 Msg_ID: 5485 Epoch: 8616743 (Ack Desired)
Jun 25 18:32:32.240551 Session7 Len 16 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0
Jun 25 18:32:32.240561 Hop Len 12 10.0.0.41/0x80000003
Jun 25 18:32:32.240569 Time Len 8 30000 ms
Jun 25 18:32:32.240577 Style Len 8 FF
Jun 25 18:32:32.240598 Flow Len 36 rate 100Mbps size 100Mbps peak Infbps m 20 M 1500
Jun 25 18:32:32.240608 Filter7 Len 12 10.198.123.205(port/lsp ID 1)
Jun 25 18:32:32.240617 Label Len 8 315600
Jun 25 18:32:32.240629 RecRoute Len 20 10.0.0.41 10.0.0.170

M120:

Jun 25 18:32:32.357134 RSVP recv Resv 10.0.0.41->10.0.0.42 Len=176 so-2/1/0.1 flags=0x1 ttl=255
Jun 25 18:32:32.357151 Integty Len 36 flag 0x0 key 0x00002900000a seq 0xbf01505945ae0d00 digest 0xa61d34f1 0x42d26c8a 0x33b66d12 0xdd26b232
Jun 25 18:32:32.357162 MessageID Len 12 Msg_ID: 5485 Epoch: 8616743 (Ack Desired)
Jun 25 18:32:32.357177 Session7 Len 16 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0
Jun 25 18:32:32.357190 Hop Len 12 10.0.0.41/0x80000003
Jun 25 18:32:32.357200 Time Len 8 30000 ms
Jun 25 18:32:32.357210 Style Len 8 FF
Jun 25 18:32:32.357235 Flow Len 36 rate 100Mbps size 100Mbps peak Infbps m 20 M 1500
Jun 25 18:32:32.357249 Filter7 Len 12 10.198.123.205(port/lsp ID 1)
Jun 25 18:32:32.357259 Label Len 8 315600
Jun 25 18:32:32.357274 RecRoute Len 20 10.0.0.41 10.0.0.170

Jun 25 18:32:32.379175 RSVP send Resv 10.0.0.93->10.0.0.94 Len=184 ge-2/0/0.0 flags=0x1 ttl=255
Jun 25 18:32:32.379194 Integty Len 36 flag 0x0 key 0x00005d00000a seq 0xc0015059ddcb0500 digest 0x123882a6 0xc852ee76 0x2564233e 0x68cb222c
Jun 25 18:32:32.379206 MessageID Len 12 Msg_ID: 212 Epoch: 11650457 (Ack Desired)
Jun 25 18:32:32.379220 Session7 Len 16 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0
Jun 25 18:32:32.379233 Hop Len 12 10.0.0.93/0x80000009
Jun 25 18:32:32.379244 Time Len 8 30000 ms
Jun 25 18:32:32.379253 Style Len 8 FF
Jun 25 18:32:32.379281 Flow Len 36 rate 100Mbps size 100Mbps peak Infbps m 20 M 1500
Jun 25 18:32:32.379326 Filter7 Len 12 10.198.123.205(port/lsp ID 1)
Jun 25 18:32:32.379338 Label Len 8 301728
Jun 25 18:32:32.379356 RecRoute Len 28 10.0.0.93 10.0.0.41 10.0.0.170

MX960:

Jun 25 18:32:32.465718 RSVP recv Resv 10.0.0.93->10.0.0.94 Len=184 ge-1/1/7.0 flags=0x1 ttl=255
Jun 25 18:32:32.465736 Integty Len 36 flag 0x0 key 0x00005d00000a seq 0xc0015059ddcb0500 digest 0x123882a6 0xc852ee76 0x2564233e 0x68cb222c
Jun 25 18:32:32.465750 MessageID Len 12 Msg_ID: 212 Epoch: 11650457 (Ack Desired)
Jun 25 18:32:32.465767 Session7 Len 16 10.198.123.100(port/tunnel ID 44394 Ext-ID 10.198.123.205) Proto 0
Jun 25 18:32:32.465785 Hop Len 12 10.0.0.93/0x80000009
Jun 25 18:32:32.465798 Time Len 8 30000 ms
Jun 25 18:32:32.465811 Style Len 8 FF
Jun 25 18:32:32.465841 Flow Len 36 rate 100Mbps size 100Mbps peak Infbps m 20 M 1500
Jun 25 18:32:32.465856 Filter7 Len 12 10.198.123.205(port/lsp ID 1)
Jun 25 18:32:32.465869 Label Len 8 301728
Jun 25 18:32:32.465890 RecRoute Len 28 10.0.0.93 10.0.0.41 10.0.0.170

re1.bentley> show rsvp session name TEST-MX960-MX104 detail
Ingress RSVP: 30 sessions
10.198.123.100
 From: 10.198.123.205, LSPstate: Up, ActiveRoute: 0
 LSPname: TEST-MX960-MX104, LSPpath: Primary
 LSPtype: Static Configured
 Suggested label received: -, Suggested label sent: -
 Recovery label received: -, Recovery label sent: 301728
 Resv style: 1 FF, Label in: -, Label out: 301728
 Time left: -, Since: Sun Jun 25 18:32:31 2017
 Tspec: rate 100Mbps size 100Mbps peak Infbps m 20 M 1500
 Port number: sender 1 receiver 44394 protocol 0
 PATH rcvfrom: localclient
 Adspec: sent MTU 1500
 Path MTU: received 1500
 PATH sentto: 10.0.0.93 (ge-1/1/7.0) 3 pkts
 RESV rcvfrom: 10.0.0.93 (ge-1/1/7.0) 1 pkts, Entropy label: No
 Explct route: 10.0.0.93 10.0.0.41 10.0.0.170
 Record route: <self> 10.0.0.93 10.0.0.41 10.0.0.170
Total 1 displayed, Up 1, Down 0

As this service was part of L2VPN CCC configuration, hence no explicit null label was sent by penultimate hop router resulting in label sent to MX960 PE.

xe-2/0/0.601 (1 entry, 1 announced)

TSI:

KRT in-kernel xe-2/0/0.601.0      /32 -> {Push 301728}

*CCC    Preference: 200/1

Next hop type: Router, Next hop index: 1255

Address: 0xa5dba0c

Next-hop reference count: 2

Next hop: 10.0.0.93 via ge-1/1/7.0 weight 0x1, selected

Label-switched-path TEST-MX960-MX104

Label operation: Push 301728

Label TTL action: no-prop-ttl

Load balance label: Label 301728: None;

Label element ptr: 0xa7cc2c0

Label parent element ptr: 0x0

Label element references: 3

Label element child references: 0

Label element lsp id: 0

Session Id: 0xbcf

State: <Active Int>

Local AS: 65004

Age: 10:45      Metric: 425

Validation State: unverified

Task: MPLS global

Announcement bits (1): 1-KRT

AS path: I

So that’s all for RSVP in Junos. I hope you liked the blog and let me know if there are any queries.

Mohit Mittal

vrf-table-label on Juniper JunOS

In this blog we will discuss about one important knob in JunOS i.e vrf-table-label.

Vrf-table-label is useful for 2 purposes in Junos

  1. Save label space
  2. Perform 2 lookup on packet

So let’s understand it more. We will start with 1st point above

Junos by default allocates same VPN Label to prefixes recieved from one CE Interface. So for example if you have 2 CEs connected via 2 different interfaces and they are in same VPN on PE then Junos will allocate 2 different VPN labels to the prefixes recieved. In Cisco this is different where VPN label is allocated on per prefix which according to some is not optimal but we are not comparing anything here.

Currently in our configuration vrf-table-label is not configured. If you see below, we have 2 CEs connected to Juniper M320 PE1 via 2 different interfaces and we have Ebgp relationship between them and we are receiving some routes over it.

PE1-re1> show route 10.203.20.6
MVPN-1.inet.0: 46 destinations, 77 routes (46 active, 0 holddown, 0 hidden)
Restart Complete
+ = Active Route, – = Last Active, * = Both

10.203.20.4/30 *[Direct/0] 3d 00:21:55
> via ge-0/3/2.20

PE1-re1> show route 10.203.12.2
MVPN-1.inet.0: 46 destinations, 77 routes (46 active, 0 holddown, 0 hidden)
Restart Complete
+ = Active Route, – = Last Active, * = Both

10.203.12.0/30 *[Direct/0] 00:10:26
> via so-1/0/0.12

PE1-re1> show route receive-protocol bgp 10.203.12.2 table MVPN-1.inet.0
MVPN-1.inet.0: 46 destinations, 77 routes (46 active, 0 holddown, 0 hidden)
Restart Complete
Prefix                              Nexthop              MED Lclpref AS path
* 10.1.225.128/32          10.203.12.2                                 65012 I
10.203.12.0/30               10.203.12.2                                 65012 I

PE1-re1> show route receive-protocol bgp 10.203.20.6 table MVPN-1.inet.0
MVPN-1.inet.0: 46 destinations, 77 routes (46 active, 0 holddown, 0 hidden)
Restart Complete
Prefix                              Nexthop             MED Lclpref AS path
* 10.0.233.0/30               10.203.20.6                                65020 I

Now if we look at the VPN label which is being tagged by this PE1 for the routes received by CE, we can see that Junos is allocating separate VPN Labels to both of the routes which is what I mentioned earlier.

PE1-re1> show route advertising-protocol bgp 10.198.123.236 10.0.233.0/30 extensive
MVPN-1.inet.0: 46 destinations, 77 routes (46 active, 0 holddown, 0 hidden)
Restart Complete
* 10.0.233.0/30 (2 entries, 1 announced)
BGP group mvpn-rr type Internal
Route Distinguisher: 10.198.123.203:32764
VPN Label: 300448
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [65004] 65020 I
Communities: target:65000:321 src-as:65004:0 rt-import:10.198.123.203:16

PE1-re1> show route advertising-protocol bgp 10.198.123.236 10.203.12.0/30 extensive
MVPN-1.inet.0: 46 destinations, 77 routes (46 active, 0 holddown, 0 hidden)
Restart Complete
* 10.203.12.0/30 (2 entries, 1 announced)
BGP group mvpn-rr type Internal
Route Distinguisher: 10.198.123.203:32764
VPN Label: 300480
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [65004] I
Communities: target:65000:321 src-as:65004:0 rt-import:10.198.123.203:16

Now if we configure the vrf-table-label under routing instance on PE1, we can see the difference.

[edit routing-instances MVPN-1]
PE1-re1# set vrf-table-label

edit routing-instances MVPN-1]
PE1-re1# commit
re1:
configuration check succeeds
re0:
commit complete
re1:
commit complete

See the difference below, now only one VPN label is being allocated for the whole VRF and this really saves the label space.

PE1-re1> show route advertising-protocol bgp 10.198.123.236 10.203.12.0/30 extensive
MVPN-1.inet.0: 46 destinations, 77 routes (46 active, 0 holddown, 0 hidden)
Restart Complete
* 10.203.12.0/30 (2 entries, 1 announced)
BGP group mvpn-rr type Internal
Route Distinguisher: 10.198.123.203:32764
VPN Label: 39
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [65004] I
Communities: target:65000:321 src-as:65004:0 rt-import:10.198.123.203:16

PE1-re1> show route advertising-protocol bgp 10.198.123.236 10.0.233.0/30 extensive
MVPN-1.inet.0: 46 destinations, 77 routes (46 active, 0 holddown, 0 hidden)
Restart Complete
* 10.0.233.0/30 (2 entries, 1 announced)
BGP group mvpn-rr type Internal
Route Distinguisher: 10.198.123.203:32764
VPN Label: 39
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [65004] 65020 I
Communities: target:65000:321 src-as:65004:0 rt-import:10.198.123.203:16

So this completes one part. Now moving over to 2nd part.
Junos by default looks at the incoming MPLS packet, Pops the label and sends the underlying packet to CE without looking at IP packet at all. This situation is fine in case you have PE connected to CE via P2P links like Serial links however if you have Broadcast medium like Ethernet in between then router can’t just send the packet like this without first building the frame and to build frame it needs to do ARP lookup to get the MAC Address of the CE. So it needs to do extra lookup apart from MPLS lookup.
Vrf-table-label actually allows the router to do 2 lookups. The first lookup is done on the VPN label to determine which VRF table to refer to, and the second lookup is done on the IP header to determine how to forward packets to the correct end hosts on the shared medium. This can be useful for number of applications like ingress firewall filters, CoS etc. Now a days VT interface (tunnel-pic) is also used to do the same however if router doesn’t support tunnel-pic then vrf-table-label can be used in its place to do the same thing. With VTL, lsi interface is created which allows it to handle the first lookup before a second ARP/IP lookup is carried out through the PFE.

Lets rollback the changes we did above and come back to same situation where unique label is assigned per CE port.

VPN Label 300560 is assigned for the route by PE1 and when mpls table is checked for that particular label we can see action is Pop plus to send the packet directly to interface.

PE1-re1> show route advertising-protocol bgp 10.198.123.236 10.203.12.0/30 extensive
MVPN-1.inet.0: 46 destinations, 77 routes (46 active, 0 holddown, 0 hidden)
Restart Complete
* 10.203.12.0/30 (2 entries, 1 announced)
BGP group mvpn-rr type Internal
Route Distinguisher: 10.198.123.203:32764
VPN Label: 300560
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [65004] I
Communities: target:65000:321 src-as:65004:0 rt-import:10.198.123.203:16

PE1-re1> show route table mpls.0 label 300560
mpls.0: 57 destinations, 57 routes (57 active, 0 holddown, 0 hidden)
Restart Complete
+ = Active Route, – = Last Active, * = Both
300560 *[VPN/170] 00:00:41
> via so-1/0/0.12, Pop

If we enable the vrf-table-label now and check the same route and corresponding label. Lets see what we see.

PE1-re1> show route advertising-protocol bgp 10.198.123.236 10.203.12.0/30 extensive
MVPN-1.inet.0: 46 destinations, 77 routes (46 active, 0 holddown, 0 hidden)
Restart Complete
* 10.203.12.0/30 (2 entries, 1 announced)
BGP group mvpn-rr type Internal
Route Distinguisher: 10.198.123.203:32764
VPN Label: 40
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [65004] I
Communities: target:65000:321 src-as:65004:0 rt-import:10.198.123.203:16

PE1-re1> show route table mpls.0 label 40
mpls.0: 53 destinations, 53 routes (53 active, 0 holddown, 0 hidden)
Restart Complete
+ = Active Route, – = Last Active, * = Both

40 *[VPN/0] 00:00:12
to table MVPN-1.inet.0, Pop

So we can see, label 40 is basically pointing to routing-table now and not to interface as in our previous case. You can see the corresponding LSI interface allocated by looking at following command

PE1-re1> show route instance MVPN-1 detail
MVPN-1:
Router ID: 10.14.233.1
Type: vrf State: Active
Restart State: Complete Path selection timeout: 300
Interfaces:
lsi.24
so-1/0/0.12
ge-0/3/3.50
ge-0/3/2.20
vt-1/2/0.20
Route-distinguisher: 10.198.123.203:32764
Vrf-import: [ __vrf-import-MVPN-1-internal__ ]
Vrf-export: [ __vrf-export-MVPN-1-internal__ ]
Vrf-import-target: [ target:65000:321 ]
Vrf-export-target: [ target:65000:321 ]
Fast-reroute-priority: low
Tables:
MVPN-1.inet.0 : 77 routes (46 active, 0 holddown, 0 hidden)
Restart Complete
MVPN-1.inet.1 : 11 routes (9 active, 0 holddown, 0 hidden)
Restart Complete
MVPN-1.mvpn.0 : 77 routes (42 active, 7 holddown, 0 hidden)
Restart Complete

Ok so that’s all. I hope you liked the blog and I was able to resolve some of your confusion on this command. If you still have any queries, please let me know and I would be happy to discuss.

Regards
Mohit Mittal

 

 

L2VPN using Kompella – Junos

In my earlier blog on L2VPN via CCC https://networkzblogger.com/2017/04/23/l2vpn-via-ccc-in-junos/ we saw in that method customer interface needs to be bind with LSP and for each customer we need to have separate LSP configured which is not ideal from operational perspective. In this blog we will look at another method of achieving this where BGP is used as signalling protocol which automates the connections, so manual configuration of the association between the LSP and the customer edge interface is not required.

This config is also called Kompella after its author (https://tools.ietf.org/html/draft-kompella-l2vpn-l2vpn-00) where BGP is used to signal the control plane and it uses a two label stack as Martini. The VC (VPN) label is signalled via BGP and transport label can be signaled via either RSVP or LDP.

We would be looking at below topology where we will be configuring the MPLS L2VPN or Juniper L2CIRCUIT between M10i and MX960 PEs. M320s in between are just acting as Transit P/PE nodes and no configuration specifically needed on them for L2VPN however normal RSVP/LDP/MPLS/IGP config needs to be configured for transport label same as how L3VPN works.

L2VPN Kompella

MX104s are acting as RR so BGP neighborship will appropriate family needs to be activated between PEs-RRs.

For BGP based L2VPNs, following configuration needs to be configured

  1. BGP group with family l2vpn signalling
  2. Routing instance using instance type “l2vpn”
  3. Ethernet link needs to be established with Customer and same needs to be defined under Routing-instance.

Let’s start with Juniper l2vpn configuration.

First BGP Group where l2vpn signalling family needs to be enabled for PE-RR group.

BGP neighborship between M10i and one of the RR.

M10i-PE> show configuration protocols bgp group L2VPN-RRs
type internal;
family l2vpn {
    signaling;
}
authentication-algorithm md5;
authentication-key-chain BGP-L2VPN-key-chain;
neighbor 10.198.123.234;  <<<<<<<<< Loopback of RR1
neighbor 10.198.123.237;  <<<<<<<<< Loopback of RR2

BGP neighborship between M10i and one of the RR.

M10i-PE > show bgp neighbor 10.198.123.234
Peer: 10.198.123.234+179 AS 65004 Local: 10.198.123.213+50453 AS 65004
 Group: L2VPN-RRs Routing-Instance: master
 Type: Internal State: Established Flags: <Sync>
 Options: <Preference LocalAddress GracefulRestart LogUpDown AddressFamily Rib-group Refresh>
 Address families configured: l2vpn-signaling
 Local Address: 10.198.123.213 Holdtime: 90 Preference: 170
 Peer ID: 10.198.123.234 Local ID: 10.198.123.213 Active Holdtime: 90
 NLRI for restart configured on peer: l2vpn
 NLRI advertised by peer: l2vpn
 NLRI for this session: l2vpn
 Peer supports Refresh capability (2)
 Restart time configured on the peer: 120
 Stale routes from peer are kept for: 300
 Restart time requested by this peer: 120
 NLRI that peer supports restart for: l2vpn
 NLRI peer can save forwarding state: l2vpn
 NLRI that peer saved forwarding for: l2vpn
 NLRI that restart is negotiated for: l2vpn
 NLRI of received end-of-rib markers: l2vpn
 NLRI of all end-of-rib markers sent: l2vpn.
.
.

Even though customer facing config is not part of MPLS L2VPN, I will define it here which is using l2vpn encapsulation vlan-ccc.

M10i-PE > show configuration interfaces fe-0/1/1
description "Connected to CE-1";
vlan-tagging;
link-mode full-duplex;
encapsulation vlan-ccc;
unit 2 {
 encapsulation vlan-ccc;
 vlan-id 1001;
 family ccc;
}

Fairly simple configuration which is using encapsulation vlan-ccc.

OK, lets move to 2nd and 3rd part which is routing-instance configuration. I have highlighted important bits below. Off course for this L2VPN type you need to define RD, RT, and Interface which I am not mentioning specifically but you can see below.

M10i-PE > show configuration routing-instances L2VPN
instance-type l2vpn;
interface fe-0/1/1.2;
route-distinguisher 10.198.123.213:2;
vrf-target target:65004:2;
protocols {
 l2vpn {
 encapsulation-type ethernet-vlan;
 site Audi {
 site-identifier 2;
 interface fe-0/1/1.2 {
 remote-site-id 3;
 }
 }
 }
}

Important bit is instance-type l2vpn which enables this routing-instance for L2VPN. Under protocols l2vpn we have to enable the encap type as ethernet-vlan and then under site parameters we need to be define local site-identifier which is in our case is 2 and an optional remote-site-id. I have defined remote-site-id as 3 which will be configured on MX960 Remote-PE as its local site-identifier.

In same way we will be configuring the MX960 PE

MX960-PE> show configuration interfaces ge-1/1/9.700
encapsulation vlan-ccc;
vlan-id 700;
family ccc;

MX960-PE> show configuration routing-instances L2VPN
instance-type l2vpn;
interface ge-1/1/9.700;
route-distinguisher 10.198.123.205:3;
vrf-target target:65004:2;
protocols {
 l2vpn {
 encapsulation-type ethernet-vlan;
 site Bentley {
 site-identifier 3;
 interface ge-1/1/9.700 {
 remote-site-id 2;
 }
 }
 }
}

Once this is configured, let’s check the routing table on M10i

M10i-PE > show route table L2VPN.l2vpn.0
L2VPN.l2vpn.0: 3 destinations, 5 routes (3 active, 0 holddown, 0 hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both

10.198.123.205:3:3:1/96 <<<<<<<<<------------ Learnt from MX960
 *[BGP/170] 13:56:58, localpref 100, from 10.198.123.237
 AS path: I, validation-state: unverified
 > via so-0/0/0.0, Push 299888
 [BGP/170] 13:56:58, localpref 100, from 10.198.123.234
 AS path: I, validation-state: unverified
 > via so-0/0/0.0, Push 299888
.
.
.
10.198.123.213:2:2:3/96 <<<<<<<<-------------- Local route on M10i
 *[L2VPN/170/-101] 16:56:08, metric2 1
 Indirect

This output is showing us RD value of 10.198.123.205:3 plus value of remote-side identifier which is 3 as well plus label-offset value which is 1

In same way, local route has RD value of 10.198.123.213:2 plus value of remote-side identifier which is 2 and label-offset value of 3. Will explain label-offset later.

So this completes our BGP control signalling path.

L2VPN connection state is up between both PEs

M10i-PE > show l2vpn connections up
Layer-2 VPN connections:

Instance: L2VPN
Edge protection: Not-Primary
 Local site: Audi (2)
 connection-site Type St Time last up # Up trans
 3               rmt  Up May 2 20:53:51 2017 1
 Remote PE: 10.198.123.205, Negotiated control-word: Yes (Null)
 Incoming label: 800006, Outgoing label: 800003
 Local interface: fe-0/1/1.2, Status: Up, Encapsulation: VLAN

Now we can move over to forwarding path where we will see MPLS labels. As in case of L3VPNs, we have 2 Labels on each packet i.e. VPN Label and other is transport label.

Transport label is calculated in same way where label is assigned for next-hop which in our case is remote-PE MX960 loopback address and this label can be learnt by any method LDP or RSVP and will be advertised to M10i PE by its immediate neighbour which in our case is M320.

So to check the label stack which is being pushed at M10i, we can see the MPLS.0 table.

M10i-PE > show route table mpls.0
mpls.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both
.
.
.
fe-0/1/1.2 *[L2VPN/7] 14:27:18, metric2 1
 > via so-0/0/0.0, Push 800003, Push 299888(top) Offset: 252

So you can see two labels are being pushed, TOP (transport) label is 299888 which is advertised by M320

M320-Transit-P-1> show ldp database session 10.198.123.213
.
.

Output label database, 10.198.123.202:0--10.198.123.213:0
 Label Prefix
 306336 10.198.123.100/32
 299808 10.198.123.201/32
 3      10.198.123.202/32
 299792 10.198.123.203/32
 308832 10.198.123.204/32
 299888 10.198.123.205/32
 304288 10.198.123.211/32

VPN Label is 800003 which is calculated little bit differently in case of L2VPNs and not directly advertised by Remote-Pes.

Formula to calculate VPN label is

L2VPN label = Label-Base (remote) + Site-Id(Local) – Label-Offset (remote)

Label-base (remote) value is what we can get from MX960 by looking at its L2VPN.l2vpn table

MX960-PE > show route table L2VPN.l2vpn.0 extensive
L2VPN.l2vpn.0: 3 destinations, 5 routes (3 active, 0 holddown, 0 hidden)
.
.
 Advertised metrics:
 Flags: Nexthop Change
 Nexthop: Self
 Localpref: 100
 AS path: [65004] I
Path 10.198.123.205:3:3:1 Vector len 4. Val: 0
 *L2VPN Preference: 170/-101
 Next hop type: Indirect, Next hop index: 0
 Address: 0xa5d246c
.
.
.
 Label-base: 800002, range: 2, status-vector: 0x0, offset: 1
 Secondary Tables: L2VPN.l2id.0

You can see above that label-base is 800002 on MX960 and Label-offset value is 1

So as per our equation above,

L2VPN Label = 800002 + 2 (Site-id local on M10i)  – 1  = 800003

Once this VPN Label reaches MX960, it is pop as per normal MPLS procedures and out to CE-2 interface.

800003 *[L2VPN/7] 14:37:16
 > via ge-1/1/9.700, Pop Offset: 4

In same way, MX960 will also calculate the VPN label for traffic flowing from MX960 to M10i.

So that’s all for this blog. I hope you enjoyed it and let me know if you still have any issues.

 

Regards

Mohit Mittal


	

L2VPN via CCC in Junos!!!!

L2VPNs are another type of VPNs which Service providers have in their kitty to connect their customers over its MPLS environment. With L2VPNs, service providers extend the Customer LAN over the SP network and customer don’t have any idea that they are connected over the MPLS network. There are many variants of L2VPNs and majority of them use LDP/BGP schemes to configure this. However first method which was implemented for carrying layer 2 traffic over a MPLS network was CCC (Circuit Cross Connect) which we will talk here and still being used by many SPs to connect their customers.

CCC scheme always use an RSVP Signaled LSP which has advantage of taking Traffic Engineering properties of RSVP. For each connection between Customers we need to have a dedicated LSP which is different from LDP/BGP schemes which use same Transport LSP to send the traffic E2E.

As we have dedicated LSP between 2 End Point PEs, there is no concept of VPN Label to associate the corresponding VRF/Customer interface in case of CCC scheme. Also in CCC, as there is only label E2E, we need to disable the PHP (Penultimate Hop Popping) so that Penultimate Hop Router doesn’t Pop the label which would otherwise send plain Ethernet Frame to Egress PE and PE won’t be knowing what to do with this.

For a point-to-point CCC connection, the connection is bidirectional, so an RSVP-signaled LSP is required in each direction between the two PEs.

We will look at configuration of L2VPN via CCC method on Junos where we will use the below Network to configure it.

VPN CCC Model

As the connection needs to be bidirectional, we will only look at the forwarding path from Left to right however other direction would be using the same method.

On Ingress side, Customer CE-1 is connected to ge-0/1/8/.601 interface on MX104 PE and interface config would be:

Re1@Ingress_PE> show configuration interfaces ge-0/1/8
description "Connected to Customer CE-1";
vlan-tagging;
mtu 1522;
encapsulation vlan-ccc;
unit 601 {
    encapsulation vlan-ccc;
    vlan-id 601;
    family ccc;
}

Vlans 512-4094 are only reserved for vlan-ccc encapsulation so you need to use vlan greater than equal to 512.

On Egress side, Customer CE-2 is connected to xe-2/0/0.601 interface on MX960 PE and interface config would be:

Re1@Egress_PE> show configuration interfaces xe-2/0/0
description "Connected to Customer CE-2";
vlan-tagging;
mtu 1522;
encapsulation vlan-ccc;
unit 601 {
 encapsulation vlan-ccc;
 vlan-id 601;
 family ccc;
}

Next config is to create a Label switched path from Ingress to Egress with an optional strict ‘path’ to fully utilize the TE properties otherwise router will dynamically calculate the path towards Egress.

In our case, we have defined the path

So LSP from Ingress MX104 PE to Egress PE MX960 via Transit PE looks like:

Re1@Ingress_PE > show configuration protocols mpls label-switched-path MX104-MX960
to 10.198.123.205;
bandwidth 100m;
optimize-timer 900;
preference 200;
priority 5 0;
primary MX104-MX960; <<<<< Path

Re1@Ingress_PE > show mpls lsp name MX104-MX960
Ingress LSP: 11 sessions
To             From           State Rt P ActivePath LSPname
10.198.123.205 10.198.123.100 Up    0 * MX104-MX960 MX104-MX960
Total 1 displayed, Up 1

LSP is Up and everything looks fine from Ingress to Egress. In same way we have to configure the LSP from MX960 to MX104 in other direction. Once both LSPs are up, we have to bind these LSPs and Ingress Interface under one connection on MX104 and same way in MX960.

Lets check on MX104 Ingress

Re1@Ingress_PE > show configuration protocols connections remote-interface-switch L2VPN
interface ge-0/1/8.601;
transmit-lsp MX104-MX960; 
receive-lsp MX960-MX104;  

Once we have configured this on both sides, we should have this connection Up and running. Lets check this.

Re1@Ingress_PE > show connections remote-interface-switch L2VPN
CCC and TCC connections [Link Monitoring On]
Legend for status (St): Legend for connection types:
 UN -- uninitialized if-sw: interface switching
 NP -- not present rmt-if: remote interface switching
 WE -- wrong encapsulation lsp-sw: LSP switching
 DS -- disabled tx-p2mp-sw: transmit P2MP switching
 Dn -- down rx-p2mp-sw: receive P2MP switching
 -> -- only outbound conn is up Legend for circuit types:

So we have UP state once config is done on both sides. Our L2VPN is ready to accept and switch the traffic to egress. For any chance if there is any issue in config like vlan-mismatch on other end or LSP is down because of any reason like path or Bandwidth issue, connection won’t be up and we can see from the various legend from the command output showing exactly where is the issue.

Now as Control plane is configured, let’s check how Forwarding plane looks like.

Lets see the label which has been allocated by Ingress PE for this LSP.

Re1@Ingress_PE > show rsvp session ingress up name MX104-MX960
Ingress RSVP: 11 sessions
To             From           State Rt Style Labelin Labelout LSPname
10.198.123.205 10.198.123.100 Up    0 1 FF         - 307680   MX104-MX960
Total 1 displayed, Up 1, Down 0

Re1@Ingress_PE > show route table mpls.0 label-switched-path MX104-MX960 extensive
mpls.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden)
Restart Complete
ge-0/1/8.601 (1 entry, 1 announced)
TSI:
KRT in-kernel ge-0/1/8.601.0 /32 -> {Push 307680}
 *CCC Preference: 200/1
 Next hop type: Router, Next hop index: 829
 Address: 0x2b4c224
 Next-hop reference count: 2
 Next hop: 10.0.0.169 via ge-0/0/1.0 weight 0x1, selected
 Label-switched-path MX104-MX960
 Label operation: Push 307680
 Label TTL action: no-prop-ttl
 Session Id: 0x3
 State: 
 Local AS: 65004
 Age: 19:10 Metric: 328
 Validation State: unverified
 Task: MPLS
 Announcement bits (1): 0-KRT
 AS path: I

Lets look at Transit PE-1. As you can see below, Label from MX104 Ingress is being swapped here with 300928.

Re1@Transit-PE-1> show rsvp session transit name MX104-MX960
Transit RSVP: 13 sessions
To             From           State Rt Style Labelin Labelout LSPname
10.198.123.205 10.198.123.100 Up 0 1 FF      307680  300928 MX104-MX960
Total 1 displayed, Up 1, Down 0

Similarly on Transit PE-2

Re1@Transit-PE-2> show rsvp session transit name MX104-MX960
Transit RSVP: 7 sessions
To             From           State Rt Style Labelin Labelout LSPname
10.198.123.205 10.198.123.100 Up 0 1 FF      300928  300427  MX104-MX960
Total 1 displayed, Up 1, Down 0

At Egress PE,

Re1@Egress-PE> show rsvp session egress up name MX104-MX960
Egress RSVP: 29 sessions
To             From           State Rt Style Labelin Labelout LSPname
10.198.123.205 10.198.123.100 Up 0 1 FF      300427  -        MX104-MX960
Total 1 displayed, Up 1, Down 0

Re1@Egress-PE> show route table mpls.0 label 300427 extensive
mpls.0: 81 destinations, 81 routes (81 active, 0 holddown, 0 hidden)
Restart Complete
300427 (1 entry, 1 announced)
TSI:
KRT in-kernel 300427 /52 -> {Pop }
 *CCC Preference: 7
 Next hop type: Router, Next hop index: 1725
 Address: 0xe9414fc
 Next-hop reference count: 2
 Next hop: via xe-2/0/0.601, selected
 Label operation: Pop
 Load balance label: None;
 Label element ptr: 0xa7c8780
 Label parent element ptr: 0x0
 Label element references: 20
 Label element child references: 0
 Label element lsp id: 0
 Session Id: 0x0
 State: 
 Local AS: 65004
 Age: 2d 2:21:13
 Validation State: unverified
 Task: MPLS global
 Announcement bits (1): 1-KRT
 AS path: I

Just to confirm this all, you can use the below command on Ingress/Egress PE which shows what all labels being pushed and used for this LSP via CCC.

Re1@Ingress_PE > show connections remote-interface-switch L2VPN labels
CCC and TCC connections [Link Monitoring On]
Legend for status (St): Legend for connection types:
 UN -- uninitialized if-sw: interface switching
 NP -- not present rmt-if: remote interface switching
 WE -- wrong encapsulation lsp-sw: LSP switching
 DS -- disabled tx-p2mp-sw: transmit P2MP switching
 Dn -- down rx-p2mp-sw: receive P2MP switching
 -> -- only outbound conn is up Legend for circuit types:
  Outgoing labels: Push 307680

Re1@Egress_PE > show connections remote-interface-switch L2VPN labels
CCC and TCC connections [Link Monitoring On]
Legend for status (St): Legend for connection types:
 UN -- uninitialized if-sw: interface switching
 NP -- not present rmt-if: remote interface switching
 WE -- wrong encapsulation lsp-sw: LSP switching
 DS -- disabled tx-p2mp-sw: transmit P2MP switching
 Dn -- down rx-p2mp-sw: receive P2MP switching
 -> -- only outbound conn is up Legend for circuit types:
  Incoming labels: 300427
 Outgoing labels: Push 301040

Others labels shown in above commands are for opposite direction from Egress to Ingress.

So that’s all for L2VPN CCC. I hope I have been able to clear your doubts if you had any. if you have any queries, please let me know. In future blogs, we will discuss other methods of doing L2VPN.

Regards

Mohit