Routing

I have to setup L2VPN between Cisco and Juniper routers. It is for the internal products testing in my company. But VC is always down there. I searched many documents, but didn't work. I really need help. Thank you..

Jerry FAN

J2320 is running on 11.4R5.5; Cisco3945 is running on 15.2(4)M2 with MPLS function activated.

root@Router_MPS_TEST_A# show
## Last changed: 2012-11-22 11:17:01 UTC
version 11.4R5.5;
system {
    host-name Router_MPS_TEST_A;
    root-authentication {
        encrypted-password "$1$xS88ja0F$cjZBwBjP6hIxrdGDEsE7r1"; ## SECRET-DATA
    }
    services;
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any any;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }                               
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 192.168.12.1/24;
            }
            family mpls;
        }
    }
    ge-0/0/1 {
        vlan-tagging;
        encapsulation vlan-ccc;
        unit 0 {
            vlan-id 1;
        }
        unit 121 {
            vlan-id 121;
        }
    }
    lo0 {
        unit 0 {                        
            family inet {
                address 1.1.1.1/32;
            }
        }
    }
}
routing-options {
    static {
        route 2.2.2.2/32 next-hop 192.168.12.2;
    }
}
protocols {
    mpls {
        interface ge-0/0/0.0;
        interface lo0.0;
    }
    ldp {
        interface all;
    }
    l2circuit {
        neighbor 2.2.2.2 {
            interface ge-0/0/1.121 {
                virtual-circuit-id 100;
                encapsulation-type ethernet-vlan;
                ignore-encapsulation-mismatch;
                ignore-mtu-mismatch;
            }
        }
    }
}
security {
    policies {
        from-zone trust to-zone trust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
    zones {                             
        security-zone trust {
            tcp-rst;
            interfaces {
                ge-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            any-service;
                        }
                    }
                }
                lo0.0 {
                    host-inbound-traffic {
                        system-services {
                            any-service;
                        }
                    }
                }
                ge-0/0/1.0 {
                    host-inbound-traffic {
                        system-services {
                            any-service;
                        }
                    }                   
                }
                ge-0/0/1.121 {
                    host-inbound-traffic {
                        system-services {
                            any-service;
                        }
                    }
                }
            }
        }
    }
}

[edit]
root@Router_MPS_TEST_A#

=================================================================

Router_MPS_TEST_B#s run
Building configuration...

Current configuration : 1733 bytes
!
! Last configuration change at 06:22:03 UTC Thu Nov 22 2012
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_MPS_TEST_B
!
boot-start-marker
boot system flash0 c3900-universalk9-mz.SPA.152-4.M2.bin
boot-end-marker
!
!
enable password cisco
!
no aaa new-model
!
ip cef
!
!
!         
!


!
!
!
!
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
license udi pid C3900-SPE150/K9
!
!
!
redundancy
!
!
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
!
!
!
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 duplex auto
 speed auto
 mpls ip
!         
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 no keepalive
!
interface GigabitEthernet0/1.121
 encapsulation dot1Q 121
 xconnect 1.1.1.1 100 encapsulation mpls
!
interface GigabitEthernet0/2
 no ip address
 shutdown
 duplex auto
 speed auto
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 1.1.1.1 255.255.255.255 192.168.12.1
!
!
!
!
control-plane
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password cisco
 logging synchronous
 login    
 transport input all
!
scheduler allocate 20000 1000
!
end

Router_MPS_TEST_B#

===============================================================

root@Router_MPS_TEST_A# run show l2circuit connections
Layer-2 Circuit Connections:

Legend for connection status (St)   
EI -- encapsulation invalid      NP -- interface h/w not present   
MM -- mtu mismatch               Dn -- down                       
EM -- encapsulation mismatch     VC-Dn -- Virtual circuit Down    
CM -- control-word mismatch      Up -- operational                
VM -- vlan id mismatch           CF -- Call admission control failure
OL -- no outgoing label          IB -- TDM incompatible bitrate
NC -- intf encaps not CCC/TCC    TM -- TDM misconfiguration
BK -- Backup Connection          ST -- Standby Connection
CB -- rcvd cell-bundle size bad  SP -- Static Pseudowire
LD -- local site signaled down   RS -- remote site standby
RD -- remote site signaled down  XX -- unknown

Legend for interface status  
Up -- operational            
Dn -- down                   
Neighbor: 2.2.2.2
    Interface                 Type  St     Time last up          # Up trans
    ge-0/0/1.121(vc 100)      rmt   NP   

[edit]
root@Router_MPS_TEST_A#
root@Router_MPS_TEST_A# run show mpls interface detail
Interface: ge-0/0/0.0
  State: Up
  Administrative group: <none>
  Maximum labels: 3
  Static protection revert time: 5 seconds
  Always mark connection protection tlv: Disabled
  Switch away lsps : Disabled

[edit]
root@Router_MPS_TEST_A#

=======================================================================

Router_MPS_TEST_B#sh mpls l2transport vc detail
Local interface: Gi0/1.121 up, line protocol up, Eth VLAN 121 up
  Destination address: 1.1.1.1, VC ID: 100, VC status: down
    Output interface: none, imposed label stack {}
    Preferred path: not configured  
    Default path: no route
    No adjacency
  Create time: 04:35:05, last status change time: 03:31:50
  Signaling protocol: LDP, peer unknown
    Targeted Hello: 2.2.2.2(LDP Id) -> 1.1.1.1
    Status TLV support (local/remote)   : enabled/unknown (no remote binding)
      Label/status state machine        : local standby, AC-ready, LnuRnd
      Last local dataplane   status rcvd: no fault
      Last local SSS circuit status rcvd: no fault
      Last local SSS circuit status sent: not sent
      Last local  LDP TLV    status sent: not sent
      Last remote LDP TLV    status rcvd: unknown (no remote binding)
    MPLS VC labels: local 16, remote unassigned
    Group ID: local 0, remote unknown
    MTU: local 1500, remote unknown
    Remote interface description:
  Sequencing: receive disabled, send disabled
  VC statistics:
    packet totals: receive 0, send 0
    byte totals:   receive 0, send 0
    packet drops:  receive 0, seq error 0, send 0

Router_MPS_TEST_B#

  This looks like your ldp adjacency is down. Have to check the ldp id that your cisco router have. Maybe you will have to set this.

Hello,

You'll need packet-mode for MPLS to work on J-series and SRX

set security forwarding-options family mpls mode packet-based

You may get L2 circuit to work with Selective packet mode http://www.juniper.net/us/en/local/pdf/app-notes/3500192-en.pdf but I never tried that myself. 

HTH

Rgds
Alex

Hi,

[1] You need to specify "vlan-ccc" encapsulation for the IFL as well.

[2] Again the vlan-id for interface should be more than 512 for "vlan-ccc" type.

    ge-0/0/1 {
        vlan-tagging;
        encapsulation vlan-ccc;
        unit 0 {
            vlan-id 1;
        }
        unit 121 {

            encapsulation vlan-ccc;
            vlan-id 121 601;
        }
    }

http://www.juniper.net/techpubs/software/junos/junos93/swconfig-mpls-apps/ethernet-vlan-encapsulation-for-layer-2-switching-cross-connects.html

Regards

Surya

Also, whenever you see Status as "NP" which usually indicates "Not Present/Provisioned", please verify the interface protocol.

Execute below command and check for protocol. It needs to be CCC.

show interface ge-0/0/1 terse

Regards

Surya

Looks like only one response can be marked as solution. There is no way to mark your response as a solution if I marked another one. 😞

Kudos aarseniev.

I changed forwarding option to packet mode and reboot the machine as requested. It worked well. I haven't tried selective packet mode at this moment, cos the document you gave is a little long. I'll go through that late today. Kudo again.

Kudos Surya as well.

Your advise is really critical during my configuration update. I learned a bit more. Super. Kudo again.

Jerry FAN