Wednesday, 10 June 2020

Juniper - MPLS BGP L2 VPN

Topology






Initial Configuration - Interfaces and OSPF


PE1
set version 14.1R1.10
set system host-name PE1
set system time-zone Asia/Karachi
set system root-authentication encrypted-password "$1$Dq3mLaoK$YwfFlyLD4wTPqo6eBA.A21"
set system services ssh
set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.14/24
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/3 unit 0 description "To P1."
set interfaces ge-0/0/3 unit 0 family inet address 172.22.209.1/24
set interfaces ge-0/0/3 unit 0 family mpls
set interfaces ge-0/0/5 unit 0 description "To P2."
set interfaces ge-0/0/5 unit 0 family inet address 172.22.210.1/24
set interfaces ge-0/0/5 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.1.1/32
set routing-options autonomous-system 65512
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface ge-0/0/3.0
set protocols ospf area 0.0.0.0 interface ge-0/0/5.0
set protocols ospf area 0.0.0.0 interface lo0.0

PE2
set version 14.1R1.10
set system host-name PE2
set system time-zone Asia/Karachi
set system root-authentication encrypted-password "$1$RIo2Qokw$/tJcm8kv7H7cNiOLqstP0."
set system services ssh
set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.15/24
set interfaces ge-0/0/4 description "To P1."
set interfaces ge-0/0/4 unit 0 family inet address 172.22.211.1/24
set interfaces ge-0/0/4 unit 0 family mpls
set interfaces ge-0/0/5 description "To P3."
set interfaces ge-0/0/5 unit 0 family inet address 172.22.212.1/24
set interfaces ge-0/0/5 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.1.2/32
set routing-options autonomous-system 65512
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface ge-0/0/5.0
set protocols ospf area 0.0.0.0 interface lo0.0

PE3

set version 14.1R1.10
set system host-name PE3
set system time-zone Asia/Karachi
set system root-authentication encrypted-password "$1$elv/F315$yyAWy60QwfDaLkQCjELs10"
set system services ssh
set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.16/24
set interfaces ge-0/0/3 description "To P3."
set interfaces ge-0/0/3 unit 0 family inet address 172.22.214.1/24
set interfaces ge-0/0/3 unit 0 family mpls
set interfaces ge-0/0/4 description "To P2."
set interfaces ge-0/0/4 unit 0 family inet address 172.22.213.1/24
set interfaces ge-0/0/4 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.1.3/32
set routing-options autonomous-system 65512
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface ge-0/0/3.0
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface lo0.0

CE1
set version 14.1R1.10
set system host-name CE-1
set system root-authentication encrypted-password "$1$SBUC4L.u$NhuHztJO9BcxlPoYpYtrF."
set system services ssh
set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.17/24
set interfaces ge-0/0/7 vlan-tagging
set interfaces ge-0/0/7 unit 1001 vlan-id 1001
set interfaces ge-0/0/7 unit 1001 family inet address 10.1.10.1/24
set interfaces lo0 unit 1 family inet address 192.168.11.1/32
set routing-options static route 172.1.0.0/24 reject
set routing-options static route 172.1.1.0/24 reject
set routing-options static route 172.1.2.0/24 reject
set routing-options static route 172.1.3.0/24 reject
set routing-options autonomous-system 65101

CE2
set version 14.1R1.10
set system host-name CE-2
set system root-authentication encrypted-password "$1$H5iTolfK$JsQd772kfIRtqNZZHI3M3/"
set system services ssh
set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.18/24
set interfaces ge-0/0/7 vlan-tagging
set interfaces ge-0/0/7 unit 1001 vlan-id 1001
set interfaces ge-0/0/7 unit 1001 family inet address 10.1.10.2/24
set interfaces lo0 unit 1 family inet address 192.168.11.2/32
set routing-options static route 172.1.4.0/24 reject
set routing-options static route 172.1.5.0/24 reject
set routing-options static route 172.1.6.0/24 reject
set routing-options static route 172.1.7.0/24 reject
set routing-options autonomous-system 65101

P1
set version 14.1R1.10
set system host-name P1
set system time-zone Asia/Karachi
set system root-authentication encrypted-password "$1$JJk8xKsE$yokJjs/.qzOWF.us5wVFC/"
set system services ssh
set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.11/24
set interfaces ge-0/0/1 description "To Router P2."
set interfaces ge-0/0/1 unit 0 family inet address 172.20.201.1/24
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces ge-0/0/3 description "To Router PE1."
set interfaces ge-0/0/3 unit 0 family inet address 172.22.209.2/24
set interfaces ge-0/0/3 unit 0 family mpls
set interfaces ge-0/0/4 description "To Router PE2."
set interfaces ge-0/0/4 unit 0 family inet address 172.22.211.2/24
set interfaces ge-0/0/4 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.5.1/24
set routing-options autonomous-system 65512
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols ospf area 0.0.0.0 interface ge-0/0/3.0
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface lo0.0

P2
set version 14.1R1.10
set system host-name P2
set system time-zone Asia/Karachi
set system root-authentication encrypted-password "$1$Ze3nAvao$dGUI6jGmNkWlPvhjsaIl10"
set system services ssh
set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.12/24
set interfaces ge-0/0/1 description "To P1."
set interfaces ge-0/0/1 unit 0 family inet address 172.20.201.2/24
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces ge-0/0/2 description "To P3."
set interfaces ge-0/0/2 unit 0 family inet address 172.20.206.2/24
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces ge-0/0/4 description "To PE3."
set interfaces ge-0/0/4 unit 0 family inet address 172.22.213.2/24
set interfaces ge-0/0/4 unit 0 family mpls
set interfaces ge-0/0/5 description "To PE1."
set interfaces ge-0/0/5 unit 0 family inet address 172.22.210.2/24
set interfaces ge-0/0/5 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.5.2/24
set routing-options autonomous-system 65512
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface ge-0/0/5.0
set protocols ospf area 0.0.0.0 interface lo0.0

P3
set version 14.1R1.10
set system host-name P3
set system time-zone Asia/Karachi
set system root-authentication encrypted-password "$1$uaZRodNq$yxwOpX328hQUa3vvq9pOX."
set system services ssh
set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.13/24
set interfaces ge-0/0/2 description "To P2."
set interfaces ge-0/0/2 unit 0 family inet address 172.20.206.1/24
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces ge-0/0/3 description "To PE3."
set interfaces ge-0/0/3 unit 0 family inet address 172.22.214.2/24
set interfaces ge-0/0/3 unit 0 family mpls
set interfaces ge-0/0/5 description "To PE2."
set interfaces ge-0/0/5 unit 0 family inet address 172.22.212.2/24
set interfaces ge-0/0/5 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.5.3/24
set routing-options autonomous-system 65512
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0
set protocols ospf area 0.0.0.0 interface ge-0/0/3.0
set protocols ospf area 0.0.0.0 interface ge-0/0/5.0
set protocols ospf area 0.0.0.0 interface lo0.0

MPLS, RSVP and LSPs

PE1
set protocols rsvp interface ge-0/0/3.0
set protocols rsvp interface ge-0/0/5.0
set protocols mpls interface ge-0/0/3.0
set protocols mpls interface ge-0/0/5.0
set protocols mpls label-switched-path PE1-to-PE2 from 192.168.1.1
set protocols mpls label-switched-path PE1-to-PE2 to 192.168.1.2
set protocols mpls label-switched-path PE1-to-PE3 from 192.168.1.1
set protocols mpls label-switched-path PE1-to-PE3 to 192.168.1.3

PE2
set protocols rsvp interface ge-0/0/4.0
set protocols rsvp interface ge-0/0/5.0
set protocols mpls interface ge-0/0/4.0
set protocols mpls interface ge-0/0/5.0
set protocols mpls label-switched-path PE2-to-PE1 from 192.168.1.2
set protocols mpls label-switched-path PE2-to-PE1 to 192.168.1.1
set protocols mpls label-switched-path PE2-to-PE3 from 192.168.1.2
set protocols mpls label-switched-path PE2-to-PE3 to 192.168.1.3

PE3
set protocols rsvp interface ge-0/0/3.0
set protocols rsvp interface ge-0/0/4.0
set protocols mpls interface ge-0/0/3.0
set protocols mpls interface ge-0/0/4.0
set protocols mpls label-switched-path PE3-to-PE1 from 192.168.1.3
set protocols mpls label-switched-path PE3-to-PE1 to 192.168.1.1
set protocols mpls label-switched-path PE3-to-PE2 from 192.168.1.3
set protocols mpls label-switched-path PE3-to-PE2 to 192.168.1.2

P1
set protocols rsvp interface all
set protocols mpls interface all

P2
set protocols rsvp interface all
set protocols mpls interface all

P3
set protocols rsvp interface all
set protocols mpls interface all


MPLS LSP Status




IBGP Configuration on PE Routers

PE1
set protocols bgp group int-grp-core type internal
set protocols bgp group int-grp-core local-address 192.168.1.1
set protocols bgp group int-grp-core family inet unicast
set protocols bgp group int-grp-core family l2vpn signaling
set protocols bgp group int-grp-core neighbor 192.168.1.2
set protocols bgp group int-grp-core neighbor 192.168.1.3

PE2
set protocols bgp group int-grp-core type internal
set protocols bgp group int-grp-core local-address 192.168.1.2
set protocols bgp group int-grp-core family inet unicast
set protocols bgp group int-grp-core family l2vpn signaling
set protocols bgp group int-grp-core neighbor 192.168.1.1
set protocols bgp group int-grp-core neighbor 192.168.1.3

PE3
set protocols bgp group int-grp-core type internal
set protocols bgp group int-grp-core local-address 192.168.1.3
set protocols bgp group int-grp-core family inet unicast
set protocols bgp group int-grp-core family inet-vpn unicast
set protocols bgp group int-grp-core family l2vpn signaling
set protocols bgp group int-grp-core neighbor 192.168.1.1
set protocols bgp group int-grp-core neighbor 192.168.1.2


IBGP session established with l2vpn family
 

VRF Import and Export Policies

PE-1
set policy-options policy-statement export-cust-A term 1 then community add cust-A
set policy-options policy-statement export-cust-A term 1 then accept
set policy-options policy-statement export-cust-A term 2 then reject
set policy-options policy-statement import-cust-A term 1 from protocol bgp
set policy-options policy-statement import-cust-A term 1 from community cust-A
set policy-options policy-statement import-cust-A term 1 then accept
set policy-options policy-statement import-cust-A term 2 then reject
set policy-options community cust-A members target:65512:1

PE2
set policy-options policy-statement export-cust-A term 1 then community add cust-A
set policy-options policy-statement export-cust-A term 1 then accept
set policy-options policy-statement export-cust-A term 2 then reject
set policy-options policy-statement import-cust-A term 1 from protocol bgp
set policy-options policy-statement import-cust-A term 1 from community cust-A
set policy-options policy-statement import-cust-A term 1 then accept
set policy-options policy-statement import-cust-A term 2 then reject
set policy-options community cust-A members target:65512:1

Vlan CCC Configurations

PE1
set interfaces ge-0/0/7 vlan-tagging
set interfaces ge-0/0/7 encapsulation vlan-ccc
set interfaces ge-0/0/7 unit 1001 encapsulation vlan-ccc
set interfaces ge-0/0/7 unit 1001 vlan-id 1001

PE2
set interfaces ge-0/0/7 vlan-tagging
set interfaces ge-0/0/7 encapsulation vlan-ccc
set interfaces ge-0/0/7 unit 1001 encapsulation vlan-ccc
set interfaces ge-0/0/7 unit 1001 vlan-id 1001

Routing Instances

PE1
set routing-instances customer-A instance-type l2vpn
set routing-instances customer-A interface ge-0/0/7.1001
set routing-instances customer-A route-distinguisher 192.168.1.1:1
set routing-instances customer-A vrf-import import-cust-A
set routing-instances customer-A vrf-export export-cust-A
set routing-instances customer-A protocols l2vpn encapsulation-type ethernet-vlan
set routing-instances customer-A protocols l2vpn site ce1-A1 site-identifier 1
set routing-instances customer-A protocols l2vpn site ce1-A1 interface ge-0/0/7.1001    //by default map to site 2

PE2
set routing-instances customer-A instance-type l2vpn
set routing-instances customer-A interface ge-0/0/7.1001
set routing-instances customer-A route-distinguisher 192.168.1.1:2
set routing-instances customer-A vrf-import import-cust-A
set routing-instances customer-A vrf-export export-cust-A
set routing-instances customer-A protocols l2vpn encapsulation-type ethernet-vlan
set routing-instances customer-A protocols l2vpn site ce2-A2 site-identifier 2
set routing-instances customer-A protocols l2vpn site ce2-A2 interface ge-0/0/7.1001    //by default map to site 1



Layer 2 VPN established

 ~~~ The End ~~~
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)