I tried this configuration on a pair of J2320s running JUNOS 10.1 and I wasn't able to get my routing to work. Any suggestions?
R1:
## Last commit: 2010-04-09 07:49:04 UTC by root
version 10.1R1.8;
system {
root-authentication {
encrypted-password "$1$rCvhYHAW$hsOQZGGNTtgG7hpfIN1OV."; ## SECRET-DATA
}
services {
ssh;
web-management {
http {
interface ge-0/0/0.0;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.0.254/24;
}
family mpls;
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 172.16.0.1/30;
}
family mpls;
}
}
}
routing-options {
autonomous-system 65535;
}
protocols {
rsvp {
interface ge-0/0/1.0;
}
mpls {
label-switched-path r1-to-r2 {
from 172.16.0.1;
to 172.16.0.2;
}
interface ge-0/0/0.0;
interface ge-0/0/1.0;
}
bgp {
group r1-to-r2 {
type internal;
local-address 172.16.0.1;
family inet-vpn {
unicast;
}
neighbor 172.16.0.2;
}
}
ospf {
traffic-engineering;
area 0.0.0.0 {
interface ge-0/0/1.0;
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000; ## Warning: 'queue-size' is deprecated
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
tcp-rst;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
http;
https;
ssh;
telnet;
dhcp;
all;
}
protocols {
all;
}
}
}
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
}
routing-instances {
VPN {
instance-type vrf;
interface ge-0/0/0.0;
route-distinguisher 65535:0;
vrf-target target:65535:5;
vrf-table-label;
}
}
R2:
## Last changed: 2010-04-09 02:40:49 UTC
version 10.1R1.8;
system {
root-authentication {
encrypted-password "$1$cdlBbj3B$S30fAu6RF4MCM6jLtya1.0"; ## SECRET-DATA
}
services {
ssh;
web-management {
http {
interface ge-0/0/0.0;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.1.254/24;
}
family mpls;
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 172.16.0.2/30;
}
family mpls;
}
}
}
routing-options {
autonomous-system 65535;
}
protocols {
rsvp {
interface ge-0/0/1.0;
}
mpls {
label-switched-path r2-to-r1 {
from 172.16.0.2;
to 172.16.0.1;
}
interface ge-0/0/0.0;
interface ge-0/0/1.0;
}
bgp {
group r2-to-r1 {
type internal;
local-address 172.16.0.2;
family inet-vpn {
unicast;
}
neighbor 172.16.0.1;
}
}
ospf {
traffic-engineering;
area 0.0.0.0 {
interface ge-0/0/1.0;
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000; ## Warning: 'queue-size' is deprecated
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
tcp-rst;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
http;
https;
ssh;
telnet;
dhcp;
all;
}
protocols {
all;
}
}
}
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
}
routing-instances {
VPN {
instance-type vrf;
interface ge-0/0/0.0;
route-distinguisher 65535:1;
vrf-target target:65535:5;
vrf-table-label;
}
}
[edit]
root# exit
Exiting configuration mode
root> show route
inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.0.0/30 *[Direct/0] 00:57:51
> via ge-0/0/1.0
172.16.0.2/32 *[Local/0] 00:59:17
Local via ge-0/0/1.0
224.0.0.5/32 *[OSPF/10] 00:41:37, metric 1
MultiRecv
inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.0.1/32 *[RSVP/7/1] 00:41:07, metric 65535
> to 172.16.0.1 via ge-0/0/1.0, label-switched-path r2-to-r1
VPN.inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.254/32 *[Local/0] 00:41:35
Reject
mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0 *[MPLS/0] 00:59:18, metric 1
Receive
1 *[MPLS/0] 00:59:18, metric 1
Receive
2 *[MPLS/0] 00:59:18, metric 1
Receive
16 *[VPN/0] 00:41:36
to table VPN.inet.0, Pop
root> show route advertising-protocol bgp 172.16.0.1
root> show route advertising-protocol bgp 172.16.0.2
root>
