Junos
Reply
Contributor
Shabbir
Posts: 14
Registered: ‎11-19-2008
0
Accepted Solution

m320 multiservice ethernet (vrf)

i ve 2 m320 routers connected to each other on e3 link, i ve created a l3 vpn using a multiserivce fe interface for PE-CE connectivity on both ends.

 

now the issue is that if i ping loopback interface it pings but for this to work i put a static route inside vrf, but in this case the customer route is not advertised if i put vrf-table-label (as per documentation) it advertises the route to other side but then traffic does not forwards even the loopback interface.

 

 

kindly help.

Super Contributor
davidjdv
Posts: 113
Registered: ‎02-26-2008
0

Re: m320 multiservice ethernet (vrf)

Hi Shabbir,

 

If I understand correctly, you are having problems simply at the local PE-CE connectivity level...

If so, could you please post the configs of the PE and CE ? And then indicate what are the addresses you can/cannot ping and from where ?

 

Thanks,

/david 

Contributor
Shabbir
Posts: 14
Registered: ‎11-19-2008
0

Re: m320 multiservice ethernet (vrf)

like if on one router PE-CE router has the ip address 192.168.1.1 and the other has 192.168.2.1, now when u ping 192.168.1.1 routing-instance TEST from 2nd router it doesnt ping. the same configuration works on if l3 vpn is created between two m10i. the only difrence i saw between two routers is mutilaccess ethernet interface.
Super Contributor
davidjdv
Posts: 113
Registered: ‎02-26-2008
0

Re: m320 multiservice ethernet (vrf)

I would really need to see the configurations to be able to comment:

Are you sure this is not simply an addressing mistake ? 192.168.1.1 and 192.168.2.1 don't appear to be in the same subnet (although you haven't mentioned the mask) - are you sure it isn't supposed to be 192.168.1.2 ?

 

Contributor
Shabbir
Posts: 14
Registered: ‎11-19-2008
0

Re: m320 multiservice ethernet (vrf)

loopbacks are /32 configs are here 

 

group isb-rr {
    type internal;
    local-address 10.1.1.1;
    family inet-vpn {
        unicast;
    }
    local-as 65000;
    neighbor 10.3.3.3 {
        family inet-vpn {
            unicast;
        }
    }
    neighbor 10.1.1.3;
}
instance-type vrf;
interface lo0.100;
interface fe-0/0/1.0;
route-distinguisher 65000:1001;
vrf-import vfr-import;
vrf-export vfr-export;
routing-options {
    static {
        route 192.168.100.2/32 next-hop 192.168.100.2;
        route 10.10.253.2/32 next-hop 10.10.253.2;
    }
}

------------------------------------------------------------------------------
adnan@xxxxx-b-re0> show configuration routing-instances TEST
instance-type vrf;
interface lo0.100;
route-distinguisher 65000:1001;
vrf-import vfr-import;
vrf-export vfr-export;
routing-options {
    static {
        route 192.168.100.1/32 next-hop 192.168.100.1;
    }
}
group khi-rr {
    type internal;
    local-address 10.3.3.3;
    neighbor 10.1.1.1 {
        family inet-vpn {
            unicast;
        }
    }
    neighbor 10.3.3.5 {
        family inet-vpn {
            unicast;
        }
    }
    neighbor 10.1.1.3 {
        family inet {
            unicast;
        }
        family inet-vpn {
            unicast;
        }
    }
}
adnan@xxxx-b-re0> show configuration policy-options policy-statement vfr-export
from protocol [ bgp direct static ];
then {
    community add ngn-mgmt;
    accept;
}

{master}
adnan@XXXX-b-re0> show configuration policy-options policy-statement vfr-import
term 1 {
    from {
        protocol bgp;
        community ngn-mgmt;
    }
    then accept;
}

both routers have same  configs only bgp is diff imean nabers.

Recognized Expert
erdems
Posts: 191
Registered: ‎12-30-2008
0

Re: m320 multiservice ethernet (vrf)


Hi Shabbir,

 

 Assuming 192.168.1.1 and 192.168.1.2 correspond to lo0.100 addresses on both PE routers, you should be able to ping one from another with your configuration below.

 

 However, if those correspond to IP's of fe-0/0/1.0 and  your problem is indeed being unable to export the whole directly connected subnet within a VRF (hence the need for vrf-table-label to force an IP lookup on top of the MPLS label lookup), then you might be hitting one of the limitations described here

 

 Also, you'll need something like the following to completely export direct prefixes, as the whole subnet:

 

 

set routing-instances test routing-options interface-routes family inet export lan

 

 Another option to advertise the connected if you can't/don't want to use vrf-table-label, is to use vt-interfaces (created with the presence of a tunnel/services PIC in the router) with something like this (again, along with the code above) :

 

 

set interfaces vt-1/2/0 unit 0 family inet set routing-instances test interface vt-1/2/0.0

 

 The last suggestion I'd have  is to check whether you need vrf-import and vrf-export statements in your configuration at all. What you've configured in your example is the default behavior (with the exception of locally connected prefixes, which I've explained the requirements to advertise them) anyways.

 

Hope this helps,

Erdem

 

 

____________________________________________
If you think your question's answered, please
mark the respective post as "Accepted Solution".

Kudos are an excellent way of showing appreciation, too.
Contributor
Shabbir
Posts: 14
Registered: ‎11-19-2008
0

Re: m320 multiservice ethernet (vrf)

thanku v much for ur reply.

 

1. yes 192.168.1 n .2 are loopback ip addresses i can ping if i dont put vrf-table-label cmd.

2. when i put vrf-table-label the ethernet  routes advertises but i cant ping both/any of the sides.

 

my problem is not advertisement of routes they advertise but problem is forwarding of traffic. i can remove vrf-import-export and put vrf-target .....

 

looking forward for ur help.

 

thanku.

Recognized Expert
erdems
Posts: 191
Registered: ‎12-30-2008
0

Re: m320 multiservice ethernet (vrf)

 

Hi Shabir,

 

 The problem (or one of the problems) is the static routes for 192.168.100.x addresses in your configuration. Please remove them and use a configuration similar to my previous example to advertise the ethernet routes.

 

 Cheers,

 Erdem

____________________________________________
If you think your question's answered, please
mark the respective post as "Accepted Solution".

Kudos are an excellent way of showing appreciation, too.
Super Contributor
davidjdv
Posts: 113
Registered: ‎02-26-2008
0

Re: m320 multiservice ethernet (vrf)

Hi Shabbir,

 

I think I have an idea of what may be going wrong. As Erdem pointed to, there are some known (and less known) limitations with vrf-table-label. There is one additional PIC which is does not support vrf-table-label when used as the core-facing (PE/P or PE/PE) interface: the PB-4E3-QPP - is this the PIC you are using ?

If so, you're out of luck :smileysad: - you're best option is to try to get a hold of PB-4E3 PICs that do support vrf-table-label.

 

Regards,

/david

 

Contributor
Shabbir
Posts: 14
Registered: ‎11-19-2008
0

Re: m320 multiservice ethernet (vrf)

@erdems

 

router A

 

set routing-instances TEST instance-type vrf
set routing-instances TEST interface lo0.100
set routing-instances TEST route-distinguisher 65000:1001
set routing-instances TEST vrf-import vfr-import
set routing-instances TEST vrf-export vfr-export
set routing-instances TEST routing-options interface-routes family inet export lan

 

run show route table TEST

TEST.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.100.1/32   *[BGP/170] 00:00:33, localpref 100, from 10.1.1.1
                      AS path: I
                    > via e3-0/1/0.0, Push 303808, Push 339152(top)
192.168.100.2/32   *[Direct/0] 5d 07:24:34
                    > via lo0.100

 

Router B

 

set routing-instances TEST instance-type vrf
set routing-instances TEST interface lo0.100
set routing-instances TEST interface fe-0/0/1.0
set routing-instances TEST route-distinguisher 65000:1001
set routing-instances TEST vrf-import vfr-import
set routing-instances TEST vrf-export vfr-export
set routing-instances TEST routing-options interface-routes family inet export lan

 run show route table TEST

TEST.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.10.253.0/30     *[Direct/0] 17:23:04
                    > via fe-0/0/1.0
10.10.253.2/32     *[Local/0] 5d 06:20:21
                      Local via fe-0/0/1.0
192.168.100.1/32   *[Direct/0] 5d 07:26:33
                    > via lo0.100
192.168.100.2/32   *[BGP/170] 00:02:50, localpref 100, from 10.3.3.3
                      AS path: I
                    > via e3-0/1/0.0, Push 535360, Push 341952(top)

 

@dav

 

Hardware inventory:
Item             Version  Part number  Serial number     Description
Chassis                                D1573             M320
Midplane         REV 08   710-009120   TR1378            M320 Midplane
FPM GBUS         REV 05   710-005928   WR7819            M320 Board
FPM Display      REV 05   710-009351   WR7878            M320 FPM Display
CIP              REV 05   710-005926   WR7786            M320 CIP
PEM 0            Rev 08   740-009148   UD56048           DC Power Entry Module
PEM 1            Rev 08   740-009148   UD56043           DC Power Entry Module
Routing Engine 0 REV 02   740-016485   P13004102725      RE-4.0
Routing Engine 1 REV 02   740-016485   P13004102369      RE-4.0
CB 0             REV 12   710-009115   WS4762            M320 Control Board
CB 1             REV 12   710-009115   WS4754            M320 Control Board
FPC 0            REV 08   710-016168   WR7229            M320 E3-FPC Type 1
  PIC 0          REV 13   750-002911   WR6208            4x F/E, 100 BASE-TX
  PIC 1          REV 12   750-009215   WP5656            4x E3 IQ
  PIC 2          REV 04   750-015595   JZ0948            AS2 Layer-2 Services
  PIC 3          REV 18   750-007631   WP7536            10x CHE1 IQ
  I3MB A         REV 04   710-016681   WR6458            M320 E3-FPC I3 Mez Board
FPC 1            REV 08   710-016168   WR7224            M320 E3-FPC Type 1
  PIC 0          REV 18   750-007631   WN2706            10x CHE1 IQ
  PIC 1          REV 13   750-002911   WR6219            4x F/E, 100 BASE-TX
  PIC 2          REV 12   750-009215   WP6122            4x E3 IQ
  PIC 3          REV 18   750-007631   WP7551            10x CHE1 IQ
  I3MB A         REV 04   710-016681   WR6459            M320 E3-FPC I3 Mez Board
FPC 2            REV 08   710-016168   WR7213            M320 E3-FPC Type 1
  I3MB A         REV 04   710-016681   WR6464            M320 E3-FPC I3 Mez Board
SIB 0            REV 05   710-013146   WS6612            M320 SIB
SIB 1            REV 05   710-013146   WS6613            M320 SIB
Fan Tray 0                                               Front Top Fan Tray
Fan Tray 1                                               Front Bottom Fan Tray
Fan Tray 2                                               Rear Fan Tray

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.