Junos
Reply
New User
crewel
Posts: 3
Registered: ‎04-09-2010
0

Re: MPLS/BPG l3vpn - bgp.l3vpn.0 routing table is empty

I tried this configuration on a pair of J2320s running JUNOS 10.1 and I wasn't able to get my routing to work.  Any suggestions?

 

 

R1:

## Last commit: 2010-04-09 07:49:04 UTC by root
version 10.1R1.8;
system {
    root-authentication {
        encrypted-password "$1$rCvhYHAW$hsOQZGGNTtgG7hpfIN1OV."; ## SECRET-DATA
    }
    services {
        ssh;
        web-management {
            http {
                interface ge-0/0/0.0;
            }
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any any;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;   
        }
    }
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 192.168.0.254/24;
            }
            family mpls;
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 172.16.0.1/30;
            }
            family mpls;                
        }
    }
}
routing-options {
    autonomous-system 65535;
}
protocols {
    rsvp {
        interface ge-0/0/1.0;
    }
    mpls {
        label-switched-path r1-to-r2 {
            from 172.16.0.1;
            to 172.16.0.2;
        }
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
    }
    bgp {
        group r1-to-r2 {
            type internal;
            local-address 172.16.0.1;
            family inet-vpn {           
                unicast;
            }
            neighbor 172.16.0.2;
        }
    }
    ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface ge-0/0/1.0;
        }
    }
}
security {
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {                       
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    queue-size 2000; ## Warning: 'queue-size' is deprecated
                    timeout 20;
                }
                land;
            }
        }
    }
    zones {
        security-zone trust {
            tcp-rst;
            interfaces {
                ge-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            http;
                            https;
                            ssh;
                            telnet;     
                            dhcp;
                            all;
                        }
                        protocols {
                            all;
                        }
                    }
                }
            }
        }
        security-zone untrust {
            screen untrust-screen;
            interfaces {
                ge-0/0/1.0 {
                    host-inbound-traffic {
                        system-services {
                            all;
                        }
                        protocols {
                            all;
                        }
                    }
                }                       
            }
        }
    }
    policies {
        from-zone trust to-zone trust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone trust to-zone untrust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }                       
                then {
                    permit;
                }
            }
        }
        from-zone untrust to-zone trust {
            policy default-deny {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
}
routing-instances {
    VPN {
        instance-type vrf;
        interface ge-0/0/0.0;           
        route-distinguisher 65535:0;
        vrf-target target:65535:5;
        vrf-table-label;
    }
}

 

R2:

## Last changed: 2010-04-09 02:40:49 UTC
version 10.1R1.8;
system {
    root-authentication {
        encrypted-password "$1$cdlBbj3B$S30fAu6RF4MCM6jLtya1.0"; ## SECRET-DATA
    }
    services {
        ssh;
        web-management {
            http {
                interface ge-0/0/0.0;
            }
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any any;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;   
        }
    }
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 192.168.1.254/24;
            }
            family mpls;
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 172.16.0.2/30;
            }
            family mpls;                
        }
    }
}
routing-options {
    autonomous-system 65535;
}
protocols {
    rsvp {
        interface ge-0/0/1.0;
    }
    mpls {
        label-switched-path r2-to-r1 {
            from 172.16.0.2;
            to 172.16.0.1;
        }
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
    }
    bgp {
        group r2-to-r1 {
            type internal;
            local-address 172.16.0.2;
            family inet-vpn {           
                unicast;
            }
            neighbor 172.16.0.1;
        }
    }
    ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface ge-0/0/1.0;
        }
    }
}
security {
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {                       
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    queue-size 2000; ## Warning: 'queue-size' is deprecated
                    timeout 20;
                }
                land;
            }
        }
    }
    zones {
        security-zone trust {
            tcp-rst;
            interfaces {
                ge-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            http;
                            https;
                            ssh;
                            telnet;     
                            dhcp;
                            all;
                        }
                        protocols {
                            all;
                        }
                    }
                }
            }
        }
        security-zone untrust {
            screen untrust-screen;
            interfaces {
                ge-0/0/1.0 {
                    host-inbound-traffic {
                        system-services {
                            all;
                        }
                        protocols {
                            all;
                        }
                    }
                }                       
            }
        }
    }
    policies {
        from-zone trust to-zone trust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone trust to-zone untrust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }                       
                then {
                    permit;
                }
            }
        }
        from-zone untrust to-zone trust {
            policy default-deny {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
}
routing-instances {
    VPN {
        instance-type vrf;
        interface ge-0/0/0.0;           
        route-distinguisher 65535:1;
        vrf-target target:65535:5;
        vrf-table-label;
    }
}

[edit]
root# exit 
Exiting configuration mode

root> show route 

inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.0.0/30      *[Direct/0] 00:57:51
                    > via ge-0/0/1.0
172.16.0.2/32      *[Local/0] 00:59:17
                      Local via ge-0/0/1.0
224.0.0.5/32       *[OSPF/10] 00:41:37, metric 1
                      MultiRecv

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.0.1/32      *[RSVP/7/1] 00:41:07, metric 65535
                    > to 172.16.0.1 via ge-0/0/1.0, label-switched-path r2-to-r1

VPN.inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.1.254/32   *[Local/0] 00:41:35
                      Reject
                                        
mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 00:59:18, metric 1
                      Receive
1                  *[MPLS/0] 00:59:18, metric 1
                      Receive
2                  *[MPLS/0] 00:59:18, metric 1
                      Receive
16                 *[VPN/0] 00:41:36
                      to table VPN.inet.0, Pop      

root> show route advertising-protocol bgp 172.16.0.1 

root> show route advertising-protocol bgp 172.16.0.2    

root>

 

 

Distinguished Expert
aarseniev
Posts: 1,679
Registered: ‎08-21-2009
0

Re: MPLS/BPG l3vpn - bgp.l3vpn.0 routing table is empty

Hello,

I see You have this on R2:

 

 

VPN.inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.1.254/32   *[Local/0] 00:41:35
                      Reject

 

 

This route is usually auto-created when interface is up/down. Check if ge-0/0/0 is properly connected and up/up on R2.

"vrf-target" knob only auto-exports static and direct routes inside VRF.

If you need an interface inside VRF which is always up/up, you can create a nonzero unit on lo0 and add it into VRF.

HTH

Regards

Alex

 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Visitor
JTAC
Posts: 1
Registered: ‎11-24-2010
0

Re: MPLS/BPG l3vpn - bgp.l3vpn.0 routing table is empty

Hi Guys,

 

There is no configuration between PE and CE in the routing instence set the protocol run between the CE and PE like

 

#Set routing -instance L3VPN protocol .....  ( just like configuring the normal protocol) in PE router

 

lab# show routing-instances
L3VPN {
    instance-type vrf;
    interface em0.0;
    route-distinguisher 4.4.4.4:20;
    vrf-target target:1.1.1.1:20;
    vrf-table-label;
    protocols {
        ospf {
            export BGP_OSPF;
            area 0.0.0.0 {
                interface em0.0;
            }
        }
    }
}

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.