SRX Services Gateway
Highlighted
SRX Services Gateway

Connectivity issue between CE to CE

[ Edited ]
‎03-07-2020 05:44 AM

HI,

i am trying to setup a L3VPN service b/w Juniper and Cisco. but not able to ping from CE-CE. connectivity is as below:-

CE(8.8.8.8)----(isis)---em3.0-PE(Juniper 1.1.1.1)-----(mplsbackbone)-----PE(CISCO 4.4.4.4)----------CE(7.7.7.7)

 

Problem seems to be at Juniper end. as i have captured the packet, packet is reaching at Juniepr (PE) device with lable 299840 but it is not forwarding towards CE (8.8.8.8) out of em3.0 interface.

 

configuration and routing table on Juniper device:-

 

 

root@R1> show route 7.7.7.7 detail

A.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
7.7.7.7/32 (1 entry, 1 announced)
*BGP Preference: 170/-101
Route Distinguisher: 100:1
Next hop type: Indirect
Address: 0x9334958
Next-hop reference count: 5
Source: 4.4.4.4
Next hop type: Router, Next hop index: 616
Next hop: 12.0.0.2 via em1.0 weight 0x1, selected
Label-switched-path tunnel0
Label operation: Push 407, Push 206(top)
Label TTL action: prop-ttl, prop-ttl(top)
Protocol next hop: 4.4.4.4
Push 407
Indirect next hop: 9484e80 131070
State: <Secondary Active Int Ext>
Local AS: 12 Peer AS: 12
Age: 38:22 Metric: 1010 Metric2: 3001
Task: BGP_12.4.4.4.4+28067
Announcement bits (2): 0-A-OSPF 1-KRT
AS path: ?
Communities: target:100:1
Import Accepted
VPN Label: 407
Localpref: 100
Router ID: 4.4.4.4
Primary Routing Table bgp.l3vpn.0

B.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

7.7.7.7/32 (1 entry, 1 announced)
*BGP Preference: 170/-101
Route Distinguisher: 100:1
Next hop type: Indirect
Address: 0x9334958
Next-hop reference count: 5
Source: 4.4.4.4
Next hop type: Router, Next hop index: 616
Next hop: 12.0.0.2 via em1.0 weight 0x1, selected
Label-switched-path tunnel0
Label operation: Push 407, Push 206(top)
Label TTL action: prop-ttl, prop-ttl(top)
Protocol next hop: 4.4.4.4
Push 407
Indirect next hop: 9484e80 131070
State: <Secondary Active Int Ext>
Local AS: 12 Peer AS: 12
Age: 38:22 Metric: 1010 Metric2: 3001
Task: BGP_12.4.4.4.4+28067
Announcement bits (2): 0-KRT 1-B-IS-IS
AS path: ?
Communities: target:100:1
Import Accepted
VPN Label: 407
Localpref: 100
Router ID: 4.4.4.4
Primary Routing Table bgp.l3vpn.0

root@R1>


root@R1> show route advertising-protocol bgp 4.4.4.4 8.8.8.8/32 detail

B.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
* 8.8.8.8/32 (1 entry, 1 announced)
BGP group PE1-PE4 type Internal
Route Distinguisher: 200:2
VPN Label: 299840
Nexthop: Self
Flags: Nexthop Change
MED: 2000
Localpref: 100
AS path: [12] I
Communities: target:100:1

root@R1>

 

 

root@R1> show route 8.8.8.8 detail

B.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
8.8.8.8/32 (1 entry, 1 announced)
*IS-IS Preference: 18
Level: 2
Next hop type: Router, Next hop index: 611
Address: 0x93347f0
Next-hop reference count: 3
Next hop: 12.0.0.1 via em3.0, selected
State: <Active Int>
Age: 39:07 Metric: 2000
Task: B-IS-IS
Announcement bits (2): 0-KRT 3-BGP_RT_Background
AS path: I

root@R1>

 


root@R1> show route table mpls.0

mpls.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0 *[MPLS/0] 00:39:50, metric 1
Receive
1 *[MPLS/0] 00:39:50, metric 1
Receive
2 *[MPLS/0] 00:39:50, metric 1
Receive
13 *[MPLS/0] 00:39:50, metric 1
Receive
16 *[VPN/0] 00:39:48
to table A.inet.0, Pop
299776 *[LDP/9] 00:39:30, metric 1
> to 12.0.0.2 via em1.0, Pop
299776(S=0) *[LDP/9] 00:39:30, metric 1
> to 12.0.0.2 via em1.0, Pop
299792 *[LDP/9] 00:39:30, metric 1
> to 12.0.0.2 via em1.0, Swap 202
299808 *[LDP/9] 00:39:30, metric 1
> to 12.0.0.2 via em1.0, Swap 203
299824 *[LDP/9] 00:39:30, metric 1
> to 12.0.0.2 via em1.0, Swap 204
299840 *[VPN/170] 00:39:28
> to 12.0.0.1 via em3.0, Pop


root@R1> show route table B.inet.0

B.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

7.7.7.7/32 *[BGP/170] 00:40:14, MED 1010, localpref 100, from 4.4.4.4
AS path: ?
> to 12.0.0.2 via em1.0, label-switched-path tunnel0
8.8.8.8/32 *[IS-IS/18] 00:40:25, metric 2000
> to 12.0.0.1 via em3.0
12.0.0.0/24 *[Direct/0] 00:40:39
> via em3.0
12.0.0.2/32 *[Local/0] 00:40:42
Local via em3.0
77.77.77.77/32 *[BGP/170] 00:40:14, MED 1010, localpref 100, from 4.4.4.4
AS path: ?
> to 12.0.0.2 via em1.0, label-switched-path tunnel0


CE7#ping 8.8.8.8 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7
.....
Success rate is 0 percent (0/5)


set routing-instances A protocols ospf export adv_to_ce
set routing-instances A protocols ospf area 0.0.0.0 interface em2.0 interface-type p2p
set routing-instances B instance-type vrf
set routing-instances B interface em3.0
set routing-instances B route-distinguisher 200:2
set routing-instances B vrf-import import_to_A
set routing-instances B vrf-export B_to_PE4
set routing-instances B protocols isis traceoptions file isis
set routing-instances B protocols isis traceoptions file size 10k
set routing-instances B protocols isis traceoptions file files 2
set routing-instances B protocols isis traceoptions flag hello detail
set routing-instances B protocols isis traceoptions flag error detail
set routing-instances B protocols isis traceoptions flag packets
set routing-instances B protocols isis export adv_to_ce
set routing-instances B protocols isis level 2 wide-metrics-only
set routing-instances B protocols isis interface em3.0 level 2 metric 1000


set policy-options policy-statement B_to_PE4 term a from protocol isis
set policy-options policy-statement B_to_PE4 term a then community set export_to_PE4
set policy-options policy-statement B_to_PE4 term a then accept
set policy-options policy-statement adv_to_ce term a from protocol bgp
set policy-options policy-statement adv_to_ce term a then accept
set policy-options policy-statement export_to_PE4 term a from protocol ospf2
set policy-options policy-statement export_to_PE4 term a then community set export_to_PE4
set policy-options policy-statement export_to_PE4 term a then accept
set policy-options policy-statement import_to_A term a from community import_to_A
set policy-options policy-statement import_to_A term a from community import_to_A_2
set policy-options policy-statement import_to_A term a then accept
set policy-options community export_to_PE4 members target:100:1
set policy-options community import_to_A members target:200:1
set policy-options community import_to_A_2 members target:100:1

root@R1> show configuration interfaces em3 | display set
set interfaces em3 unit 0 family inet address 12.0.0.2/24
set interfaces em3 unit 0 family iso address 49.0000.0000.0001.00

 

 

 

 

 

 

2 REPLIES 2
Highlighted
SRX Services Gateway

Re: Connectivity issue between CE to CE

‎03-08-2020 12:56 AM

Resolved after configuring "vrf-table-label" under routing-instance but don't know why

 

Highlighted
SRX Services Gateway

Re: Connectivity issue between CE to CE

‎03-08-2020 10:49 AM

Hi Sunil,

vrf-table-label creates a LSI interface corresponding to the VPN (show interface routing-instance name). This LSI interface helps to perfrom the IP lookup on the packet.

If this statement is not configured the packet will come the PE with VPN label and first lookup will remove the MPLS label but IP lookup won't be perfromed. Once LSI interface is there a second IP lookup will be performed on the packet.

You can refer this blog for details: https://networkzblogger.com/2017/06/16/vrf-table-label-on-juniper-junos/

PS: Please accept my response as solution if it answers your query, kudos are appreicted too!

Thanks
Vishal

Feedback