Navigation
Supported Platforms
Example: Configuring Provider Edge Link Protection in Layer 3 VPNs
Understanding Provider Edge Link Protection in Layer 3 VPNs
In an MPLS service provider network, a customer can have dual-homed CE routers that are connected to the service provider through different PE routers. This setup enables load balancing of traffic in the service provider network. However, this can lead to disruption in traffic if the link between a CE router and a PE router goes down. Hence, a precomputed protection path should be configured such that if a link between a CE router and a PE router goes down, the protection path (also known as the backup path) between the CE router and an alternate PE router can be used.
To configure a path to be a protection path, use the protection statement at the [edit routing-instances instance-name protocols bgp family inet unicast] hierarchy level:
routing-instances {customer {instance-type vrf;...protocols {bgp {type external;...family inet {unicast {protection;}}family inet6 {unicast {protection;}}}}}}
The protection statement indicates that protection is required on prefixes received from the particular neighbor or family. After protection is enabled for a given family, group, or neighbor, protection entries are added for prefixes or next hops received from the given peer.
 | Note: A protection path can be selected only if the best path has already been installed by BGP in the forwarding table. This is because a protection path cannot be used as the best path. |
| Note: The option vrf-table-label must be configured under the [routing-instances instance-name] hierarchy for the routers that have protected PE-CE links. This applies to Junos OS Releases 12.3 through 13.2 inclusive. |
The protection path selection takes place based on the value of two state flags:
- The ProtectionPath flag indicates paths requesting protection.
- The ProtectionCand flag indicates the route entry that can be used as a protection path.
| Note:
|
Example: Configuring Provider Edge Link Protection in Layer 3 VPNs
This example shows how to configure a provider edge protection path that can be used in case of a link failure in an MPLS network.
Requirements
This example uses the following hardware components, software components and configuration options:
- M Series Multiservice Edge Routers, MX Series 3D Universal Edge Routers, or T Series Core Routers
- Junos OS Release 12.3 through 13.2 inclusive
- The option vrf-table-label must be enabled at the [routing-instances instance-name] hierarchy level for routers with protected PE-CE links.
Overview
The following example shows how to configure provider edge link protection in a Layer 3 VPN.
Topology
In this example, a Layer 3 VPN is set up by configuring three customer edge devices and three service provider edge devices in four autonomous systems. The CE devices are configured in AS 64496, AS 64498, and AS 64499. The PE devices are configured in AS 64497.
Figure 1 shows the topology used in this example.
Figure 1: Provider Edge Link Protection in a Layer 3 VPN
The aim of this example is to protect the provider edge link between Routers PE2 and CE2. Protection is configured on the backup link between Routers PE3 and CE2, such that the traffic can be routed through this link when the PE2-CE2 link goes down.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Router CE1
set interfaces ge-2/0/0 unit 0 description toPE1set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.1/30set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:1::/64 eui-64set interfaces ge-2/0/0 unit 0 family mplsset interfaces lo0 unit 0 family inet address 1.1.1.1/32set interfaces lo0 unit 0 family inet6 address 2001:db8::1/128set routing-options router-id 1.1.1.1set routing-options autonomous-system 64496set protocols bgp group toPE1 type externalset protocols bgp group toPE1 export send-directset protocols bgp group toPE1 peer-as 64497set protocols bgp group toPE1 neighbor 10.1.1.2set policy-options policy-statement send-direct from protocol directset policy-options policy-statement send-direct then accept
Router PE1
set interfaces ge-2/0/0 unit 0 description toCE1set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.2/30set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:1::/64 eui-64set interfaces ge-2/0/0 unit 0 family mplsset interfaces ge-2/0/1 unit 0 description toPE2set interfaces ge-2/0/1 unit 0 family inet address 10.1.1.5/30set interfaces ge-2/0/1 unit 0 family inet6 address 2001:db8:0:5::/64 eui-64set interfaces ge-2/0/1 unit 0 family mplsset interfaces ge-2/0/2 unit 0 description toPE3set interfaces ge-2/0/2 unit 0 family inet address 10.1.1.9/30set interfaces ge-2/0/2 unit 0 family inet6 address 2001:db8:0:9::/64 eui-64set interfaces ge-2/0/2 unit 0 family mplsset interfaces lo0 unit 0 family inet address 1.1.1.2/32set interfaces lo0 unit 0 family inet6 address 2001:db8::2/128set protocols mpls interface allset protocols ldp interface allset protocols ospf area 0.0.0.0 interface lo0.0 passiveset protocols ospf area 0.0.0.0 interface ge-2/0/1.0 metric 10set protocols ospf area 0.0.0.0 interface ge-2/0/2.0 metric 10set protocols ospf3 area 0.0.0.0 interface lo0.0 passiveset protocols ospf3 area 0.0.0.0 interface ge-2/0/1.0 metric 10set protocols ospf3 area 0.0.0.0 interface ge-2/0/2.0 metric 10set protocols bgp group toInternal type internalset protocols bgp group toInternal family inet-vpn unicastset protocols bgp group toInternal family inet6-vpn unicastset protocols bgp group toInternal multipathset protocols bgp group toInternal local-address 1.1.1.2set protocols bgp group toInternal neighbor 1.1.1.3set protocols bgp group toInternal neighbor 1.1.1.4set routing-options router-id 1.1.1.2set routing-options autonomous-system 64497set routing-options forwarding-table export lbset routing-instances radium instance-type vrfset routing-instances radium interface ge-2/0/0.0set routing-instances radium route-distinguisher 64497:1set routing-instances radium vrf-target target:64497:1set routing-instances radium protocols bgp group toCE1 type externalset routing-instances radium protocols bgp group toCE1 peer-as 64496set routing-instances radium protocols bgp group toCE1 neighbor 10.1.1.1set policy-options policy-statement lb then load-balance per-packet
Router PE2
set interfaces ge-2/0/0 unit 0 description toPE1set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.6/30set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:5::/64 eui-64set interfaces ge-2/0/0 unit 0 family mplsset interfaces ge-2/0/1 unit 0 description toPset interfaces ge-2/0/1 unit 0 family inet address 10.1.1.13/30set interfaces ge-2/0/1 unit 0 family inet6 address 2001:db8:0:13::/64 eui-64set interfaces ge-2/0/1 unit 0 family mplsset interfaces ge-2/0/2 unit 0 description toCE2set interfaces ge-2/0/2 unit 0 family inet address 10.1.1.29/30set interfaces ge-2/0/2 unit 0 family inet6 address 2001:db8:0:29::/64 eui-64set interfaces ge-2/0/2 unit 0 family mplsset interfaces lo0 unit 0 family inet address 1.1.1.3/32set interfaces lo0 unit 0 family inet6 address 2001:db8::3/128set protocols mpls interface allset protocols ldp interface allset protocols ospf area 0.0.0.0 interface lo0.0 passiveset protocols ospf area 0.0.0.0 interface ge-2/0/0.0 metric 10set protocols ospf area 0.0.0.0 interface ge-2/0/1.0 metric 5set protocols ospf3 area 0.0.0.0 interface lo0.0 passiveset protocols ospf3 area 0.0.0.0 interface ge-2/0/0.0 metric 10set protocols ospf3 area 0.0.0.0 interface ge-2/0/1.0 metric 5set protocols bgp group toInternal type internalset protocols bgp group toInternal family inet-vpn unicastset protocols bgp group toInternal family inet6-vpn unicastset protocols bgp group toInternal multipathset protocols bgp group toInternal local-address 1.1.1.3set protocols bgp group toInternal neighbor 1.1.1.2set protocols bgp group toInternal neighbor 1.1.1.4set routing-options router-id 1.1.1.3set routing-options autonomous-system 64497set routing-options forwarding-table export lbset routing-instances radium instance-type vrfset routing-instances radium interface ge-2/0/2.0set routing-instances radium route-distinguisher 64497:1set routing-instances radium vrf-target target:64497:1set routing-instances radium protocols bgp group toCE2 type externalset routing-instances radium protocols bgp group toCE2 peer-as 64498set routing-instances radium protocols bgp group toCE2 neighbor 10.1.1.30set policy-options policy-statement lb then load-balance per-packet
Router PE3
set interfaces ge-2/0/0 unit 0 description toPE1set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.10/30set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:9::/64 eui-64set interfaces ge-2/0/0 unit 0 family mplsset interfaces ge-2/0/1 unit 0 description toPset interfaces ge-2/0/1 unit 0 family inet address 10.1.1.18/30set interfaces ge-2/0/1 unit 0 family inet6 address 2001:db8:0:17::/64 eui-64set interfaces ge-2/0/1 unit 0 family mplsset interfaces ge-2/0/2 unit 0 description toCE2set interfaces ge-2/0/2 unit 0 family inet address 10.1.1.25/30set interfaces ge-2/0/2 unit 0 family inet6 address 2001:db8:0:25::/64 eui-64set interfaces ge-2/0/2 unit 0 family mplsset interfaces ge-2/0/3 unit 0 description toCE3set interfaces ge-2/0/3 unit 0 family inet address 10.1.1.21/30set interfaces ge-2/0/3 unit 0 family inet6 address 2001:db8:0:21::/64 eui-64set interfaces ge-2/0/3 unit 0 family mplsset interfaces lo0 unit 0 family inet address 1.1.1.4/32set interfaces lo0 unit 0 family inet6 address 2001:db8::4/128set protocols mpls interface allset protocols ldp interface allset protocols ospf area 0.0.0.0 interface lo0.0 passiveset protocols ospf area 0.0.0.0 interface ge-2/0/1.0 metric 5set protocols ospf area 0.0.0.0 interface ge-2/0/0.0 metric 10set protocols ospf3 area 0.0.0.0 interface lo0.0 passiveset protocols ospf3 area 0.0.0.0 interface ge-2/0/1.0 metric 5set protocols ospf3 area 0.0.0.0 interface ge-2/0/0.0 metric 10set protocols bgp group toInternal type internalset protocols bgp group toInternal family inet-vpn unicastset protocols bgp group toInternal family inet6-vpn unicastset protocols bgp group toInternal multipathset protocols bgp group toInternal local-address 1.1.1.4set protocols bgp group toInternal neighbor 1.1.1.2set protocols bgp group toInternal neighbor 1.1.1.3set routing-options router-id 1.1.1.4set routing-options autonomous-system 64497set routing-options forwarding-table export lbset routing-instances radium instance-type vrfset routing-instances radium vrf-table-labelset routing-instances radium interface ge-2/0/2.0set routing-instances radium interface ge-2/0/3.0set routing-instances radium route-distinguisher 64497:1set routing-instances radium vrf-target target:64497:1set routing-instances radium protocols bgp group toCE2 type externalset routing-instances radium protocols bgp group toCE2 peer-as 64498set routing-instances radium protocols bgp group toCE2 neighbor 10.1.1.26set routing-instances radium protocols bgp group toCE2 family inet unicast protectionset routing-instances radium protocols bgp group toCE2 family inet6 unicast protectionset routing-instances radium protocols bgp group toCE3 type externalset routing-instances radium protocols bgp group toCE3 peer-as 64499set routing-instances radium protocols bgp group toCE3 neighbor 10.1.1.22set policy-options policy-statement lb then load-balance per-packet
Router P
set interfaces ge-2/0/0 unit 0 description toPE2set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.14/30set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:13::/64 eui-64set interfaces ge-2/0/0 unit 0 family mplsset interfaces ge-2/0/1 unit 0 description toPE3set interfaces ge-2/0/1 unit 0 family inet address 10.1.1.17/30set interfaces ge-2/0/1 unit 0 family inet6 address 2001:db8:0:17::/64 eui-64set interfaces ge-2/0/1 unit 0 family mplsset interfaces lo0 unit 0 family inet address 1.1.1.5/32set interfaces lo0 unit 0 family inet6 address 2001:db8::5/128set routing-options router-id 1.1.1.5set routing-options autonomous-system 64497set protocols mpls interface allset protocols ldp interface allset protocols ospf area 0.0.0.0 interface lo0.0 passiveset protocols ospf area 0.0.0.0 interface ge-2/0/0.0 metric 5set protocols ospf area 0.0.0.0 interface ge-2/0/1.0 metric 5set protocols ospf3 area 0.0.0.0 interface lo0.0 passiveset protocols ospf3 area 0.0.0.0 interface ge-2/0/0.0 metric 5set protocols ospf3 area 0.0.0.0 interface ge-2/0/1.0 metric 5
Router CE2
set interfaces ge-2/0/0 unit 0 description toPE2set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.30/30set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:29::/64 eui-64set interfaces ge-2/0/0 unit 0 family mplsset interfaces ge-2/0/1 unit 0 description toPE3set interfaces ge-2/0/1 unit 0 family inet address 10.1.1.26/30set interfaces ge-2/0/1 unit 0 family inet6 address 2001:db8:0:25::/64 eui-64set interfaces ge-2/0/1 unit 0 family mplsset interfaces lo0 unit 0 family inet address 1.1.1.6/32set interfaces lo0 unit 0 family inet6 address 2001:db8::6/128set routing-options router-id 1.1.1.6set routing-options autonomous-system 64498set protocols bgp group toAS2 type externalset protocols bgp group toAS2 export send-directset protocols bgp group toAS2 peer-as 64497set protocols bgp group toAS2 neighbor 10.1.1.25set protocols bgp group toAS2 neighbor 10.1.1.29set policy-options policy-statement send-direct from protocol directset policy-options policy-statement send-direct then accept
Router CE3
set interfaces ge-2/0/0 unit 0 description toPE3set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.22/30 set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:21::/64 eui-64 set interfaces ge-2/0/0 unit 0 family mplsset interfaces lo0 unit 0 family inet address 1.1.1.7/32set interfaces lo0 unit 0 family inet6 address 2001:db8::7/128set routing-options router-id 1.1.1.7set routing-options autonomous-system 64499set protocols bgp group toPE3 type externalset protocols bgp group toPE3 export send-directset protocols bgp group toPE3 peer-as 64497set protocols bgp group toPE3 neighbor 10.1.1.21set policy-options policy-statement send-direct from protocol directset policy-options policy-statement send-direct then accept
Configuring Provider Edge Link Protection in Layer 3 VPNs
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure provider edge link protection:
- Configure the router interfaces.[edit interfaces]user@PE3# set interfaces ge-2/0/0 unit 0 description toPE1user@PE3# set interfaces ge-2/0/0 unit 0 family inet address 10.1.1.10/30user@PE3# set interfaces ge-2/0/0 unit 0 family inet6 address 2001:db8:0:9::/64 eui-64user@PE3# set interfaces ge-2/0/0 unit 0 family mplsuser@PE3# set interfaces ge-2/0/1 unit 0 description toPuser@PE3# set interfaces ge-2/0/1 unit 0 family inet address 10.1.1.18/30user@PE3# set interfaces ge-2/0/1 unit 0 family inet6 address 2001:db8:0:17::/64 eui-64user@PE3# set interfaces ge-2/0/1 unit 0 family mplsuser@PE3# set interfaces ge-2/0/2 unit 0 description toCE2user@PE3# set interfaces ge-2/0/2 unit 0 family inet address 10.1.1.25/30user@PE3# set interfaces ge-2/0/2 unit 0 family inet6 address 12001:db8:0:25::/64 eui-64user@PE3# set interfaces ge-2/0/2 unit 0 family mplsuser@PE3# set interfaces ge-2/0/3 unit 0 description toCE3user@PE3# set interfaces ge-2/0/3 unit 0 family inet address 10.1.1.21/30user@PE3# set interfaces ge-2/0/3 unit 0 family inet6 address 2001:db8:0:21::/64 eui-64user@PE3# set interfaces ge-2/0/3 unit 0 family mplsuser@PE3# set interfaces lo0 unit 0 family inet address 1.1.1.4/32user@PE3# set interfaces lo0 unit 0 family inet6 address 2001:db8::4/128
Similarly, configure the interfaces on all other routers.
- Configure the router ID and autonomous system (AS) number.[edit routing-options]user@PE3# set router-id 1.1.1.4user@PE3# set autonomous-system 64497
Similarly, configure the router ID and AS number for all other routers. In this example, the router ID is chosen to be identical to the loopback address configured on the router.
- Configure MPLS and LDP on all interfaces of Router PE3.[edit protocols]user@PE3# set mpls interface alluser@PE3# set ldp interface all
Similarly, configure other PE routers.
- Configure an IGP on the core-facing interfaces of Router
PE3.[edit protocols ospf area 0.0.0.0]user@PE3# set interface lo0.0 passiveuser@PE3# set interface ge-2/0/1.0 metric 5user@PE3# set interface ge-2/0/0.0 metric 10[edit protocols ospf3 area 0.0.0.0]user@PE3# set interface lo0.0 passiveuser@PE3# set interface ge-2/0/1.0 metric 5user@PE3# set interface ge-2/0/0.0 metric 10
Similarly, configure other PE routers.
- Configure a policy that exports the routes from the routing
table into the forwarding table on Router PE3.[edit policy-options]user@PE3# set policy-statement lb then load-balance per-packet[edit routing-options]user@PE3# set forwarding-table export lb
Similarly, configure other PE routers.
- Configure BGP on Router CE2, and include a policy for
exporting routes to and from the service provider network.[edit policy-options]user@CE2# set policy-statement send-direct from protocol directuser@CE2# set policy-statement send-direct then accept[edit protocols bgp group toAS2]user@CE2# set type externaluser@CE2# set export send-directuser@CE2# set peer-as 64497user@CE2# set neighbor 10.1.1.25user@CE2# set neighbor 10.1.1.29
Similarly, configure other CE routers.
- Configure BGP on Router PE3 for routing within the provider
core.[edit protocols bgp group toInternal]user@PE3# set type internaluser@PE3# set family inet-vpn unicastuser@PE3# set family inet6-vpn unicastuser@PE3# set multipathuser@PE3# set local-address 1.1.1.4user@PE3# set neighbor 1.1.1.2user@PE3# set neighbor 1.1.1.3
Similarly, configure other PE routers.
- Configure the Layer 3 VPN routing instance on Router PE3.[set routing-instances radium]user@PE3# set instance-type vrfuser@PE3# set vrf-table-labeluser@PE3# set interface ge-2/0/2.0user@PE3# set interface ge-2/0/3.0user@PE3# set route-distinguisher 64497:1user@PE3# set vrf-target target:64497:1[edit routing-instances radium protocols bgp group toCE2]user@PE3# set type externaluser@PE3# set peer-as 64498user@PE3# set neighbor 10.1.1.26[edit routing-instances radium protocols bgp group toCE3]user@PE3# set type externaluser@PE3# set peer-as 64499user@PE3# set neighbor 10.1.1.22
Similarly, configure other PE routers.
- Configure provider edge link protection on the link between
Routers PE3 and CE2.[edit routing-instances radium protocols bgp group toCE2]user@PE3# set family inet unicast protectionuser@PE3# set family inet6 unicast protection
Results
From configuration mode, confirm your configuration by entering the show interfaces, show routing-options, show policy-options, show protocols , and show routing-instances commands.
If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
user@PE3# show interfacesge-2/0/0 {
unit 0 {
description toPE1;
family inet {
address 10.1.1.10/30;
}
family inet6 {
address 2001:db8:0:9::/64 {
eui-64;
}
}
family mpls;
}
}
ge-2/0/1 {
unit 0 {
description toP;
family inet {
address 10.1.1.18/30;
}
family inet6 {
address 2001:db8:0:17::/64 {
eui-64;
}
}
family mpls;
}
}
ge-2/0/2 {
unit 0 {
description toCE2;
family inet {
address 10.1.1.25/30;
}
family inet6 {
address 2001:db8:0:25::/64 {
eui-64;
}
}
family mpls;
}
}
ge-2/0/3 {
unit 0 {
description toCE3;
family inet {
address 10.1.1.21/30;
}
family inet6 {
address 2001:db8:0:21::/64 {
eui-64;
}
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 1.1.1.4/32;
}
family inet6 {
address 2001:db8::4/128;
}
}
}
user@PE3# show routing-optionsrouter-id 1.1.1.4;
autonomous-system 64497;
forwarding-table {
export lb;
}user@PE3# show policy-optionspolicy-statement lb {
then {
load-balance per-packet;
}
}user@PE3# show protocolsmpls {
interface all;
}
bgp {
group toInternal {
type internal;
local-address 1.1.1.4;
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
multipath;
neighbor 1.1.1.2;
neighbor 1.1.1.3;
}
}
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface ge-2/0/1.0 {
metric 5;
}
interface ge-2/0/0.0 {
metric 10;
}
}
}
ospf3 {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface ge-2/0/1.0 {
metric 5;
}
interface ge-2/0/0.0 {
metric 10;
}
}
}
ldp {
interface all;
}user@PE3# show routing-instancesradium {
instance-type vrf;
interface ge-2/0/2.0;
interface ge-2/0/3.0;
route-distinguisher 64497:1;
vrf-target target:64497:1;
protocols {
bgp {
group toCE2 {
type external;
family inet {
unicast {
protection;
}
}
family inet6 {
unicast {
protection;
}
}
peer-as 64498;
neighbor 10.1.1.26;
}
group toCE3 {
type external;
peer-as 64499;
neighbor 10.1.1.22;
}
}
}
}Run these commands on all other routers to confirm the configurations. If you are done configuring the routers, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
Verifying BGP
Purpose
Verify that BGP is functional in the Layer 3 VPN.
Action
From operational mode on Router PE3, run the show route protocol bgp command.
user@PE3> show route protocol bgpinet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
inet.3: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
radium.inet.0: 9 destinations, 14 routes (9 active, 0 holddown, 0 hidden)
@ = Routing Use Only, # = Forwarding Use Only
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[BGP/170] 00:09:15, localpref 100, from 1.1.1.2
AS path: 64496 I, validation-state: unverified
> to 10.1.1.9 via ge-2/0/0.0, Push 299792
1.1.1.6/32 @[BGP/170] 00:09:40, localpref 100
AS path: 64498 I, validation-state: unverified
> to 10.1.1.26 via ge-2/0/2.0
[BGP/170] 00:09:07, localpref 100, from 1.1.1.3
AS path: 64498 I, validation-state: unverified
> to 10.1.1.17 via ge-2/0/1.0, Push 299792, Push 299776(top)
1.1.1.7/32 *[BGP/170] 00:09:26, localpref 100
AS path: 64499 I, validation-state: unverified
> to 10.1.1.22 via ge-2/0/3.0
10.1.1.0/30 *[BGP/170] 00:09:15, localpref 100, from 1.1.1.2
AS path: I, validation-state: unverified
> to 10.1.1.9 via ge-2/0/0.0, Push 299792
10.1.1.20/30 [BGP/170] 00:09:26, localpref 100
AS path: 64499 I, validation-state: unverified
> to 10.1.1.22 via ge-2/0/3.0
10.1.1.24/30 [BGP/170] 00:09:40, localpref 100
AS path: 64498 I, validation-state: unverified
> to 10.1.1.26 via ge-2/0/2.0
10.1.1.28/30 *[BGP/170] 00:09:07, localpref 100, from 1.1.1.3
AS path: I, validation-state: unverified
> to 10.1.1.17 via ge-2/0/1.0, Push 299792, Push 299776(top)
[BGP/170] 00:09:40, localpref 100
AS path: 64498 I, validation-state: unverified
> to 10.1.1.26 via ge-2/0/2.0
mpls.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
bgp.l3vpn.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
64497:1:1.1.1.1/32
*[BGP/170] 00:09:15, localpref 100, from 1.1.1.2
AS path: 64496 I, validation-state: unverified
> to 10.1.1.9 via ge-2/0/0.0, Push 299792
64497:1:1.1.1.6/32
*[BGP/170] 00:09:07, localpref 100, from 1.1.1.3
AS path: 64498 I, validation-state: unverified
> to 10.1.1.17 via ge-2/0/1.0, Push 299792, Push 299776(top)
64497:1:10.1.1.0/30
*[BGP/170] 00:09:15, localpref 100, from 1.1.1.2
AS path: I, validation-state: unverified
> to 10.1.1.9 via ge-2/0/0.0, Push 299792
64497:1:10.1.1.28/30
*[BGP/170] 00:09:07, localpref 100, from 1.1.1.3
AS path: I, validation-state: unverified
> to 10.1.1.17 via ge-2/0/1.0, Push 299792, Push 299776(top)
inet6.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden)
radium.inet6.0: 7 destinations, 8 routes (7 active, 0 holddown, 0 hidden)The output shows all the BGP routes in the routing table of Router PE3. This indicates that BGP is functioning as required.
Similarly, run this command on other routers to check if BGP is operational.
Meaning
BGP is functional in the Layer 3 VPN.
Verifying Provider Edge Link Protection
Purpose
Verify that the provider edge link between Routers PE2 and CE2 is protected.
Action
To verify that provider edge link protection is configured correctly:
- Confirm that a route on Router CE2 is advertised to Router
PE3, directly and through Router PE2.
If the route is advertised correctly, you will see multiple paths for the route.
From operational mode on Router PE3, run the show route destination-prefix command.
user@PE3> show route 1.1.1.6radium.inet.0: 9 destinations, 14 routes (9 active, 0 holddown, 0 hidden) @ = Routing Use Only, # = Forwarding Use Only + = Active Route, - = Last Active, * = Both 1.1.1.6/32 @[BGP/170] 02:55:36, localpref 100 AS path: 64498 I, validation-state: unverified > to 10.1.1.26 via ge-2/0/2.0 [BGP/170] 00:10:13, localpref 100, from 1.1.1.3 AS path: 64498 I, validation-state: unverified > to 10.1.1.17 via ge-2/0/1.0, Push 299840, Push 299776(top) #[Multipath/255] 00:10:13 > to 10.1.1.26 via ge-2/0/2.0 to 10.1.1.17 via ge-2/0/1.0, Push 299840, Push 299776(top)The output verifies the presence of multiple paths from Router PE3 to the destination route, 1.1.1.6, on Router CE2. The first path is directly through the PE3-CE2 link (10.1.1.26). The second path is through the provider core and PE2 (10.1.1.17).
- Verify that the protection path is correctly configured
by confirming that the weight for the active path being protected
is 0x1, and the weight for the protection candidate path
is 0x4000.
From operational mode on Router PE3, run the show route destination-prefix extensive command.
user@PE3> show route 1.1.1.6 extensiveradium.inet.0: 9 destinations, 14 routes (9 active, 0 holddown, 0 hidden) 1.1.1.6/32 (3 entries, 2 announced) State: <CalcForwarding> TSI: KRT in-kernel 1.1.1.6/32 -> {list:10.1.1.26, indirect(1048584)} Page 0 idx 1 Type 1 val 9229c38 Nexthop: Self AS path: [64497] 64498 I Communities: Page 0 idx 2 Type 1 val 9229cc4 Flags: Nexthop Change Nexthop: Self Localpref: 100 AS path: [64497] 64498 I Communities: target:64497:1 Path 1.1.1.6 from 10.1.1.26 Vector len 4. Val: 1 2 @BGP Preference: 170/-101 Next hop type: Router, Next hop index: 994 Address: 0x9240a74 Next-hop reference count: 5 Source: 10.1.1.26 Next hop: 10.1.1.26 via ge-2/0/2.0, selected Session Id: 0x200001 State: <Active Ext ProtectionPath ProtectionCand> Peer AS: 64498 Age: 2:55:54 Validation State: unverified Task: BGP_64498.10.1.1.26+52214 Announcement bits (1): 2-BGP_RT_Background AS path: 64498 I Accepted Localpref: 100 Router ID: 1.1.1.6 BGP Preference: 170/-101 Route Distinguisher: 64497:1 Next hop type: Indirect Address: 0x92413a8 Next-hop reference count: 6 Source: 1.1.1.3 Next hop type: Router, Next hop index: 1322 Next hop: 10.1.1.17 via ge-2/0/1.0, selected Label operation: Push 299840, Push 299776(top) Label TTL action: prop-ttl, prop-ttl(top) Session Id: 0x200005 Protocol next hop: 1.1.1.3 Push 299840 Indirect next hop: 94100ec 1048584 INH Session ID: 0x20000b State: <Secondary NotBest Int Ext ProtectionCand> Inactive reason: Not Best in its group - Interior > Exterior > Exterior via Interior Local AS: 64497 Peer AS: 64497 Age: 10:31 Metric2: 1 Validation State: unverified Task: BGP_64497.1.1.1.3+179 Local AS: 64497 Peer AS: 64497 Age: 10:31 Metric2: 1 Validation State: unverified Task: BGP_64497.1.1.1.3+179 AS path: 64498 I Communities: target:64497:1 Import Accepted VPN Label: 299840 Localpref: 100 Router ID: 1.1.1.3 Primary Routing Table bgp.l3vpn.0 Indirect next hops: 1 Protocol next hop: 1.1.1.3 Metric: 1 Push 299840 Indirect next hop: 94100ec 1048584 INH Session ID: 0x20000b Indirect path forwarding next hops: 1 Next hop type: Router Next hop: 10.1.1.17 via ge-2/0/1.0 Session Id: 0x200005 1.1.1.3/32 Originating RIB: inet.3 Metric: 1 Node path count: 1 Forwarding nexthops: 1 Nexthop: 10.1.1.17 via ge-2/0/1.0 #Multipath Preference: 255 Next hop type: List, Next hop index: 1048585 Address: 0x944c154 Next-hop reference count: 2 Next hop: ELNH Address 0x9240a74 weight 0x1, selected equal-external-internal-type external Next hop type: Router, Next hop index: 994 Address: 0x9240a74 Next-hop reference count: 5 Next hop: 10.1.1.26 via ge-2/0/2.0 Next hop: ELNH Address 0x92413a8 weight 0x4000 equal-external-internal-type internal Next hop type: Indirect Address: 0x92413a8 Next-hop reference count: 6 Protocol next hop: 1.1.1.3 Push 299840 Indirect next hop: 94100ec 1048584 INH Session ID: 0x20000b Next hop type: Router, Next hop index: 1322 Address: 0x9241310 Next-hop reference count: 4 Next hop: 10.1.1.17 via ge-2/0/1.0 Label operation: Push 299840, Push 299776(top) Label TTL action: prop-ttl, prop-ttl(top) State: <ForwardingOnly Int Ext> Inactive reason: Forwarding use only Age: 10:31 Validation State: unverified Task: RT Announcement bits (1): 0-KRT AS path: 64498 IThe output shows that the weight (0x4000) assigned to the PE3-CE2 path is greater than the weight (0x1) assigned to the PE2-CE2 path. This confirms that the PE2-CE2 path is protected by the PE3-CE2 path.
Meaning
The provider edge link between Routers PE2 and CE2 is protected.
