Routing

Hi all,

   First let me state, configuration of a junpier router is not my area of knowledge, so please be kind to the newbie.

I would like to setup a simple lab configuration in my office between two linux boxes.  I need the traffic from the linux boxes to be encapsulated in MPLS packets..   L2 encapsulated....  I think this is called MPLS VPLS.

I have two SRX100H2 routers but I can't seem to get the configuration right... plus I really dont know what to look on the routers to fix/or see what is/is not working...   Junos version (12.1X44-D20.3)

Could someone help me out and tell me what I am doing wrong, and hopefully give me some direction on the router config?   I would be very grateful!!!

---  so far I can put the configurations in, check the interfaces as see the physical link it up on the 3 and 5 ports..

-- but when I show vpls connections, all I see is:

Instance: vpls-instance
Local site: site11 (7)
No connections found.

-- also, I can't seem to ping between the routers..  on one I try to ping the other lo0.0  (172.28.1.1) but cant, no route host

Thanks in advance

Bob

Here is the configuration I tried on each router and I attached a pic:  (these come from some examples I found googling...)

set system host-name PE1
set interfaces fe-0/0/3 description "CE1 on PE1"
set interfaces fe-0/0/3 vlan-tagging
set interfaces fe-0/0/3 encapsulation vlan-vpls
set interfaces fe-0/0/3 unit 0 encapsulation vlan-vpls
set interfaces fe-0/0/3 unit 0 vlan-id 600
set interfaces fe-0/0/3 unit 0 family vpls
set interfaces fe-0/0/5 vlan-tagging
set interfaces fe-0/0/5 unit 37 vlan-id 37
set interfaces fe-0/0/5 unit 37 family inet address 172.28.2.133/30
set interfaces fe-0/0/5 unit 37 family mpls
set interfaces lo0 unit 0 family inet address 172.28.1.2/32
set routing-options router-id 172.28.1.2
set routing-options autonomous-system 65512
set protocols rsvp interface fe-0/0/5.37
set protocols mpls label-switched-path pe1-to-pe2 to 172.28.1.1
set protocols mpls interface fe-0/0/5.37
set protocols mpls interface lo0.0
set protocols bgp group vpls-peering type internal
set protocols bgp group vpls-peering local-address 172.28.1.2
set protocols bgp group vpls-peering family l2vpn signaling
set protocols bgp group vpls-peering neighbor 172.28.1.1
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface fe-0/0/5.37
set routing-instances vpls-instance description "Routing instance from VPLS routing"
set routing-instances vpls-instance instance-type vpls
set routing-instances vpls-instance interface fe-0/0/3.0
set routing-instances vpls-instance route-distinguisher 172.28.1.2:1
set routing-instances vpls-instance vrf-target target:65512:1
set routing-instances vpls-instance protocols vpls site-range 10
set routing-instances vpls-instance protocols vpls no-tunnel-services site site10 automatic-site-id

set system host-name PE2
set interfaces fe-0/0/3 description "CE2 on PE2"
set interfaces fe-0/0/3 vlan-tagging
set interfaces fe-0/0/3 encapsulation vlan-vpls
set interfaces fe-0/0/3 unit 0 encapsulation vlan-vpls
set interfaces fe-0/0/3 unit 0 vlan-id 600
set interfaces fe-0/0/3 unit 0 family vpls
set interfaces fe-0/0/5 vlan-tagging
set interfaces fe-0/0/5 unit 37 vlan-id 37
set interfaces fe-0/0/5 unit 37 family inet address 172.28.2.134/30
set interfaces fe-0/0/5 unit 37 family mpls
set interfaces lo0 unit 0 family inet address 172.28.1.1/32
set routing-options router-id 172.28.1.1
set routing-options autonomous-system 65512
set protocols rsvp interface fe-0/0/5.37
set protocols mpls label-switched-path pe2-to-pe1 to 172.28.1.2
set protocols mpls interface fe-0/0/5.37
set protocols mpls interface lo0.0
set protocols bgp group vpls-peering type internal
set protocols bgp group vpls-peering local-address 172.28.1.1
set protocols bgp group vpls-peering family l2vpn signaling
set protocols bgp group vpls-peering neighbor 172.28.1.2
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface fe-0/0/5.37
set routing-instances vpls-instance description "Routing instance for VPLS routing"
set routing-instances vpls-instance instance-type vpls
set routing-instances vpls-instance interface fe-0/0/3.0
set routing-instances vpls-instance route-distinguisher 172.28.1.1:1
set routing-instances vpls-instance vrf-target target:65512:1
set routing-instances vpls-instance protocols vpls site-range 10
set routing-instances vpls-instance protocols vpls no-tunnel-services site site11 automatic-site-id

Hi Bob,

there are a couple of issues that need to be fixed. Let's start with the routing. I guess ping does not work because you do not have any OSPF adjacency. Reason for this is that the SRX100 is firewall and blocks OSPF (and also BGP) packets by default. In order to fix this, you should switch from flow-mode to packet mode, e.g.

delete security
set forwarding-options family mpls mode packet-based

Afterwards you need to reboot the box. There are other ways to fix this (e.g. configure host-inbound-traffic for security-zones) but this is the easiest one.

After the routing issue is solved, you also need to configure either the no-cspf option on the label-switched-path or alternatively enable traffic-engineering for ospf in order to populate the traffic engineering database (which is required for CSPF).

set protocols mpls label-switched-path pe1-to-pe2 no-cspf

Last but not least, you must deactive tunnel-service within the VPLS instance (or include a tunnel interface to allow pseudowires):

set routing-instances vpls-instance protocols vpls no-tunnel-services

Cheers,
Carsten

Hi Carsten,

  Thank you! Thank you! Thank you!   You nailed it exactly..

once I figured out you meant set security forwarding-options......   (missing security but funny, there is a "set forwarding-options family mpls"  command.. just no mode packet-based on that one.. )

anyways, vpls is up... my pings between routers work.. and ping between linux boxes work...  so again, thank you!

Bob

or you can use firewall filter on your mpls interface that enable the only interface into packet mode

and you can use rest of router as firewall 

set firewall family inet filter mpls term packet-mode then packet-mode

set firewall family inet filter mpls term packet-mode then accept

set interface fe-0/0/5.34 family inet filter input mpls

 dont need 'set security forwarding-options. .."  to switch to packet mode and reboot

to make it a easy fix

---

@BobWin wrote:

 

 

Hi Carsten,

 

  Thank you! Thank you! Thank you!   You nailed it exactly..

 

once I figured out you meant set security forwarding-options......   (missing security but funny, there is a "set forwarding-options family mpls"  command.. just no mode packet-based on that one.. )

 

anyways, vpls is up... my pings between routers work.. and ping between linux boxes work...  so again, thank you!

 

Bob

 

 

---

Thank you sir... I understand.

Hi Carsten,

   Would you mind answer once more for me?

I need a slight adjustment to the configuration but don't know exactly what to do.   Is it possible to send out multiple MPLS labels just by slightly changing the configuration I orig posted?

  I would like to have 2 or 3 MPLS labels in the packets. is this simple to do?

Bob