Training, Certification, and Career Topics
Reply
Trusted Contributor
kronicklez
Posts: 498
Registered: ‎08-10-2010
0

Missing some config in doc EDU-JUN-JMV VPN-10a ?

Hi All,

 

 

I already done some testing using MX960 based on the training material as per above(Lab Detailed Guide). I using logical-system to simulate the exact topology. The problem now i cannot ping from CE1 -->CE2.

 

I'm stuck on page Lab1-23.

 

Refering to that doc the CE is simulate by using instance Virtual-Router. But i'm not found in that doc the config that using instance VRF to control the CE. What i'm understanding in PE we must have instance VRF to connect with CE. And to make sure ping can be done we must put vrf-table-label right? But in that page not show that.

 

Hopefully someone can help and verify if that doc has missing something. Thanks and appreciate the feedback

Trusted Contributor
kronicklez
Posts: 498
Registered: ‎08-10-2010
0

Re: Missing some config in doc EDU-JUN-JMV VPN-10a ?

Hi All,

 

Below is the result ping:

 

 

root@MX960:smileytongue:E_MX-A1> ping 192.168.11.2 source 192.168.11.1 count 10 rapid routing-instance CE1-1
PING 192.168.11.2 (192.168.11.2): 56 data bytes
..........
--- 192.168.11.2 ping statistics ---
10 packets transmitted, 0 packets received, 100% packet loss


Visitor
nabromov@gmail.com
Posts: 8
Registered: ‎07-09-2012
0

Re: Missing some config in doc EDU-JUN-JMV VPN-10a ?

I have the same issue.

Visitor
rdeberry
Posts: 2
Registered: ‎07-09-2012
0

Re: Missing some config in doc EDU-JUN-JMV VPN-10a ?

I don't have this lab guide but jut want to make sure you are aware of the vrf-table-label limitations.

 

http://www.juniper.net/techpubs/software/junos/junos90/swconfig-vpns/other-limitations.html#id-10993...

 

 

 

Visitor
nabromov@gmail.com
Posts: 8
Registered: ‎07-09-2012
0

Re: Missing some config in doc EDU-JUN-JMV VPN-10a ?

Hello rdeberry

 

We don't need vrf-label-table in this lab. It works only when you have more than one label in terms the router to do another inverse-arp resolv. This lab is extremely basic. We have CE1 - PE1 - P1 - P2 - P3 - PE2 - CE2. There is a static-lsp between PE1 and PE2. CE1 and CE2 are using BGP to announce the /32 loopback routes to the PE's (so far so good). 

 

Probably I need to past some configs to save some time. 

 

on PE1 we have the static LSP pointing to Lo of PE2,with next-hop P1. 

 

"static-label-switched-path my-static-lsp {

ingress {
next-hop 172.22.210.2;
to 192.168.1.2;
push 1000101;
}"

 

 

There is transit LSP configured on all transit routers. There is similar configurations from PE2 to PE1 (because of the uni-directional natura of the LSPs)

 

The problem is. Everything looks ok in the configurations but CE1 cannot ping CE2. From the LSP statistics I can see that there are packets going through ths LSP but no icmp response. 

 

 

Trusted Contributor
kronicklez
Posts: 498
Registered: ‎08-10-2010
0

Re: Missing some config in doc EDU-JUN-JMV VPN-10a ?

Hi Nabromov,

 

 

Yes u are correct. I get the result same as u and also same with the doc. But the problem is cannot ping. But when i don't us static-label,from CE to CE can ping. So very weird. So hopefuly can someone from Juniper check again this material n test again. Thanks

Visitor
nabromov@gmail.com
Posts: 8
Registered: ‎07-09-2012
0

Re: Missing some config in doc EDU-JUN-JMV VPN-10a ?

Hi, I managed to fix it and it works now. What I did was to delete the static-lsp from one of the routers and create it again. Another thing that is a bit annoying is the verification of the tasks which I think is incorrect. They are using traceroute to do the verification between the CE's (there is iBGP between PE1 and PE2 only) and in the course materials we can see traceroute working between the CE's and the only way this to work is the P routers to know about the CE routes which will require full-mesh iBGP/conferations/route-reflectors. As we know the LSPs are uni-directional and they don't know how to return the traffic within the LSP tunnel. I believe the correct way to verify it is by using 'traceroute mpls [rsvp/ldp] LSP-name]. 

 

Trusted Contributor
kronicklez
Posts: 498
Registered: ‎08-10-2010
0

Re: Missing some config in doc EDU-JUN-JMV VPN-10a ?

Hi Nabromov,

 

 

Just delete n config back the static lsp one of the PE? Very weird....Thanks for that solution.

 

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.