Related Documentation
Example: Configuring BGP-Based H-VPLS Using Different Mesh Groups for Each Spoke Router
This example shows how to configure the hierarchical virtual private LAN service (H-VPLS) using different mesh groups to provide H-VPLS functionality and provides steps for verifying the configuration. This is one type of H-VPLS configuration possible in the Juniper Networks implementation. For information about the alternate type of configuration see Example: Configuring LDP-Based H-VPLS Using a Single Mesh Group to Terminate the Layer 2 Circuits.
Using mesh groups improves LDP-based VPLS control plane scalability and avoids the requirement for a full mesh of LDP sessions. This example uses BGP-based VPLS.
This example is organized into the following sections:
Requirements
This example uses the following hardware components:
- Four MX Series 3D Universal Edge Routers for Router PE1, Router PE2, Router PE3, and Router PE4
- One M Series Multiservice Edge Router for Router CE4
- Two EX Series Ethernet Switches for Device CE1 and Device CE2
- One J Series Services Router for Router CE3
Overview and Topology
Figure 1 shows the physical topology used in this example.
Figure 1: Physical Topology of H-VPLS

The following describes the base configuration used in this example:
- Router PE1 and Router PE2 are configured as MTU devices.
- Router PE3 and Router PE4 are configured as PE-r routers, each using an LDP-based VPLS routing instance.
- The LDP and OSPF protocols are configured on all of the MTU devices and PE-r routers.
- Core-facing interfaces are enabled with the MPLS address family.
- Optionally, the VPLS routing instances can be configured on PE-r routers with the no-tunnel-interface statement. This allows the routers to use a label-switched interface (LSI), which is useful if your routers do not have Tunnel Services PICs or built-in support for tunnel services.
- All of the routers are configured with loopback IP addresses.
- BGP is configured on the PE-r routers. Optionally, you can configure route reflection. This is useful for scaling internal BGP (IBGP). The BGP configuration includes the signaling statement at the [edit protocols bgp group group-name family l2vpn] hierarchy level to support Layer 2 VPN signaling using BGP.
Figure 2 shows the logical topology used in this example.
Figure 2: Logical Topology of H-VPLS

In Figure 2:
- The MTU devices (Router PE1 and Router PE2) have Layer 2 circuit connections to the PE-r routers (Router PE3 and Router PE4). For redundancy, a backup neighbor is configured for the Layer 2 circuit connections to the PE-r routers.
- The l2circuit statement in the [edit protocols] hierarchy is included on the MTU devices.
- A VPLS routing instance is configured on the PE-r routers.
- In the VPLS routing instance on the PE-r routers, mesh groups are created to terminate the Layer 2 circuit pseudowires that originate at the MTU devices.
- Each MTU device is configured with a different virtual circuit ID.
- Each PE-r router’s mesh groups configuration includes VPLS ID values that match the virtual circuit IDs used on the MTU devices.
Configuration
To configure H-VPLS with different mesh groups for each spoke PE-r router using BGP-based VPLS, perform the following tasks:
Configuring the Spoke MTU PE Routers
Step-by-Step Procedure
- On Router PE1, configure the Gigabit Ethernet interface
connected to Router CE1. Include the encapsulation statement
and specify the ethernet-ccc option. Also configure the
logical interface by including the family statement and
specifying the ccc option.[edit interfaces]ge-2/0/5 {encapsulation ethernet-ccc;unit 0 {family ccc;}}
- On Router PE1, configure the Layer 2 circuit by including
the neighbor statement and specifying the IP address of
Router PE3 as the neighbor. Configure the Gigabit Ethernet logical
interface by including the virtual-circuit-id statement
and specifying 100 as the ID. Also configure a backup neighbor
for the Layer 2 circuit by including the backup-neighbor statement, specifying the loopback interface IP address of Router
PE4 as the backup neighbor, and including the standby statement.[edit protocols]l2circuit {neighbor 3.3.3.3 {interface ge-2/0/5.0 {virtual-circuit-id 100;backup-neighbor 4.4.4.4 { # Backup H-VPLS PE routerstandby;}}}
- On Router PE2, configure the Gigabit Ethernet interface
connected to Router CE2. Include the encapsulation statement
and specify the ethernet-ccc option. Also configure the
logical interface by including the family statement and
specifying the ccc option.[edit interfaces]ge-2/0/6 {encapsulation ethernet-ccc;unit 0 {family ccc;}}
- On Router PE2, configure the Layer 2 circuit by including
the neighbor statement and specifying the IP address of
Router PE3 as the neighbor. Configure the Gigabit Ethernet logical
interface by including the virtual-circuit-id statement
and specifying 200 as the ID. Configure the encapsulation
by including the encapsulation-type statement and specifying
the ethernet option. Also configure a backup neighbor for
the Layer 2 circuit by including the backup-neighbor statement,
specifying the loopback interface IP address of Router PE4 as the
backup neighbor, and including the standby statement.[edit protocols]l2circuit {neighbor 3.3.3.3 {interface ge-1/0/2.0 {virtual-circuit-id 200; # different VC-IDencapsulation-type ethernet; # default encapsulationbackup-neighbor 4.4.4.4 {standby;}}}}
Configuring the Hub PE (PE-r)
Step-by-Step Procedure
- On Router PE3 (the primary hub), configure the Gigabit
Ethernet interface connected to Router CE3. Include the encapsulation statement and specify the ethernet-vpls option. Also
configure the logical interface by including the family vpls statement.[edit interfaces]ge-2/0/0 {encapsulation ethernet-vpls;unit 0 {family vpls;}}lo0 {unit 0 {family inet {address 3.3.3.3/32;}}}
- On Router PE4 (the backup hub), configure the Gigabit
Ethernet interface connected to Router CE4. Include the encapsulation statement and specify the ethernet-vpls option. Also
configure the logical interface by including the family vpls statement.[edit interfaces]ge-2/1/7 {encapsulation ethernet-vpls;unit 0 {description to_CE4;family vpls;}}lo0 {unit 0 {family inet {address 4.4.4.4/32;}}}
- On PE-r Router PE3, configure the BGP-based VPLS routing
instance by including the instance-type statement at the [edit routing-instances H-VPLS] hierarchy level and specifying
the vpls option. Include the interface statement
and specify the Gigabit Ethernet interface connected to Router CE3.
Configure a route distinguisher to ensure that the route advertisement
is unique by including the route-distinguisher statement
and specifying 3.3.3.3:33 as the value. Also configure
the VPN routing and forwarding (VRF) route target to be included in
the route advertisements to the other routers participating in the
VPLS. To configure the VRF route target, include the vrf-target statement and specify target:64510:2 as the value. Optionally,
include the no-tunnel-services statement to enable the
use of LSI interfaces, which is useful if the device does not have
tunnel services. The no-tunnel-services statement is omitted
in this example. Optionally, you can include the site-range statement to specify an upper limit on the maximum site identifier
that can be accepted to allow a pseudowire to be brought up. The site-range statement is omitted in this example. We recommend
using the default of 65,534.
Configure the VPLS protocol and the mesh groups for each MTU PE device.
To configure the VPLS protocol, include the vpls statement at the [edit routing-instances H-VPLS protocols] hierarchy level. Include the site statement and specify a name for the site. Include the interface statement and specify the Gigabit Ethernet interface connected to Device CE3.
Configuring mesh groups under the VPLS instance terminates the Layer 2 circuit into the VPLS instance. To configure each mesh group, include the mesh-group statement and specify the mesh group name. In this example, the mesh group name is the name of the MTU device associated with each mesh group. Include the vpls-id statement and specify the ID that matches the virtual circuit ID configured in Configuring the Spoke MTU PE Routers. Also include the neighbor statement and specify the IP address of the spoke PE router associated with each mesh group. Optionally, include the local-switching statement if you are not using a full mesh of VPLS connections. The local-switching statement is useful if you are configuring a single mesh group and terminating multiple Layer 2 circuit pseudowires into it. The local-switching statement is omitted in this example.
routing-instances {H-VPLS {instance-type vpls;interface ge-2/1/3.0;route-distinguisher 3.3.3.3:33;vrf-target target:64510:2;protocols {vpls {site pe3 {site-identifier 3;interface ge-2/1/3.0;}mesh-group pe1 {vpls-id 100;neighbor 1.1.1.1;}mesh-group pe2 {vpls-id 200;neighbor 2.2.2.2;}}}}} - On PE-r Router PE4, configure a routing instance like
the one on Router PE3.routing-instances {H-VPLS {instance-type vpls;interface ge-2/1/7.0;route-distinguisher 4.4.4.4:44;vrf-target target:64510:2;protocols {vpls {site pe4 {site-identifier 4;interface ge-2/1/7.0;}mesh-group pe1 {vpls-id 100;neighbor 1.1.1.1;}mesh-group pe2 {vpls-id 200;neighbor 2.2.2.2;}}}}}
Verifying the H-VPLS Operation
Step-by-Step Procedure
This section describes the operational commands that you can use to validate that the H-VPLS is working as expected.
- On Router PE1 and Router PE2, use the show l2circuit connections command to verify that the Layer 2 circuit to Router
PE3 is Up and the Layer 2 circuit to Router PE4 is in standby mode.
The output also shows the assigned label, virtual circuit ID, and the ETHERNET encapsulation type.
user@PE1> show l2circuit connections
Layer-2 Circuit Connections: Legend for connection status (St) EI -- encapsulation invalid NP -- interface h/w not present MM -- mtu mismatch Dn -- down EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down CM -- control-word mismatch Up -- operational VM -- vlan id mismatch CF -- Call admission control failure OL -- no outgoing label IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration BK -- Backup Connection ST -- Standby Connection CB -- rcvd cell-bundle size bad SP -- Static Pseudowire LD -- local site signaled down RS -- remote site standby RD -- remote site signaled down XX -- unknown Legend for interface status Up -- operational Dn -- down Neighbor: 3.3.3.3 Interface Type St Time last up # Up trans ge-2/0/5.0(vc 100) rmt Up Oct 18 15:55:07 2012 1 Remote PE: 3.3.3.3, Negotiated control-word: No Incoming label: 299840, Outgoing label: 800001 Negotiated PW status TLV: No Local interface: ge-2/0/5.0, Status: Up, Encapsulation: ETHERNET Neighbor: 4.4.4.4 Interface Type St Time last up # Up trans ge-2/0/5.0(vc 100) rmt ST
user@PE2> show l2circuit connections
Layer-2 Circuit Connections: Legend for connection status (St) EI -- encapsulation invalid NP -- interface h/w not present MM -- mtu mismatch Dn -- down EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down CM -- control-word mismatch Up -- operational VM -- vlan id mismatch CF -- Call admission control failure OL -- no outgoing label IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration BK -- Backup Connection ST -- Standby Connection CB -- rcvd cell-bundle size bad SP -- Static Pseudowire LD -- local site signaled down RS -- remote site standby RD -- remote site signaled down XX -- unknown Legend for interface status Up -- operational Dn -- down Neighbor: 3.3.3.3 Interface Type St Time last up # Up trans ge-2/0/6.0(vc 200) rmt Up Oct 18 15:55:07 2012 1 Remote PE: 3.3.3.3, Negotiated control-word: No Incoming label: 299872, Outgoing label: 800002 Negotiated PW status TLV: No Local interface: ge-2/0/6.0, Status: Up, Encapsulation: ETHERNET Neighbor: 4.4.4.4 Interface Type St Time last up # Up trans ge-2/0/6.0(vc 200) rmt ST
- On Router PE1 and Router PE2, use the show ldp neighbor command to verify that the targeted LDP sessions have been created
between the loopback interface to the primary and backup H-VPLS hub
neighbors.
user@PE1> show ldp neighbor
Address Interface Label space ID Hold time 10.10.3.2 ge-2/0/9.0 2.2.2.2:0 13 10.10.1.2 ge-2/0/10.0 3.3.3.3:0 10 3.3.3.3 lo0.0 3.3.3.3:0 36 4.4.4.4 lo0.0 4.4.4.4:0 39 10.10.9.2 ge-2/0/8.0 4.4.4.4:0 14
user@PE2> show ldp neighbor
Address Interface Label space ID Hold time 10.10.3.1 ge-2/0/10.0 1.1.1.1:0 12 10.10.5.2 ge-2/0/9.0 4.4.4.4:0 11 10.10.4.1 ge-2/0/8.0 3.3.3.3:0 11 3.3.3.3 lo0.0 3.3.3.3:0 39 4.4.4.4 lo0.0 4.4.4.4:0 38
- On Router PE3 and Router PE4, use the show vpls connections command to verify that the VPLS connection status is Up for both the LDP-based VPLS and the BGP-based VPLS Layer 2 circuits
that are terminated.
user@PE3> show vpls connections
Layer-2 VPN connections: Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS EM -- encapsulation mismatch WE -- interface and instance encaps not same VC-Dn -- Virtual circuit down NP -- interface hardware not present CM -- control-word mismatch -> -- only outbound connection is up CN -- circuit not provisioned <- -- only inbound connection is up OR -- out of range Up -- operational OL -- no outgoing label Dn -- down LD -- local site signaled down CF -- call admission control failure RD -- remote site signaled down SC -- local and remote site ID collision LN -- local site not designated LM -- local site ID not minimum designated RN -- remote site not designated RM -- remote site ID not minimum designated XX -- unknown connection status IL -- no incoming label MM -- MTU mismatch MI -- Mesh-Group ID not available BK -- Backup connection ST -- Standby connection PF -- Profile parse failure PB -- Profile busy RS -- remote site standby SN -- Static Neighbor LB -- Local site not best-site RB -- Remote site not best-site VM -- VLAN ID mismatch Legend for interface status Up -- operational Dn -- down Instance: H-VPLS BGP-VPLS State Local site: pe3 (3) connection-site Type St Time last up # Up trans 4 rmt Up Oct 18 15:58:39 2012 1 Remote PE: 4.4.4.4, Negotiated control-word: No Incoming label: 800267, Outgoing label: 800266 Local interface: vt-2/0/9.135266562, Status: Up, Encapsulation: VPLS Description: Intf - vpls H-VPLS local site 3 remote site 4 LDP-VPLS State Mesh-group connections: pe1 Neighbor Type St Time last up # Up trans 1.1.1.1(vpls-id 100) rmt Up Oct 18 15:55:07 2012 1 Remote PE: 1.1.1.1, Negotiated control-word: No Incoming label: 800001, Outgoing label: 299840 Negotiated PW status TLV: No Local interface: vt-2/0/10.135266560, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls H-VPLS neighbor 1.1.1.1 vpls-id 100 Mesh-group connections: pe2 Neighbor Type St Time last up # Up trans 2.2.2.2(vpls-id 200) rmt Up Oct 18 15:55:07 2012 1 Remote PE: 2.2.2.2, Negotiated control-word: No Incoming label: 800002, Outgoing label: 299872 Negotiated PW status TLV: No Local interface: vt-2/0/8.135266561, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls H-VPLS neighbor 2.2.2.2 vpls-id 200
user@PE4> show vpls connections
Layer-2 VPN connections: Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS EM -- encapsulation mismatch WE -- interface and instance encaps not same VC-Dn -- Virtual circuit down NP -- interface hardware not present CM -- control-word mismatch -> -- only outbound connection is up CN -- circuit not provisioned <- -- only inbound connection is up OR -- out of range Up -- operational OL -- no outgoing label Dn -- down LD -- local site signaled down CF -- call admission control failure RD -- remote site signaled down SC -- local and remote site ID collision LN -- local site not designated LM -- local site ID not minimum designated RN -- remote site not designated RM -- remote site ID not minimum designated XX -- unknown connection status IL -- no incoming label MM -- MTU mismatch MI -- Mesh-Group ID not available BK -- Backup connection ST -- Standby connection PF -- Profile parse failure PB -- Profile busy RS -- remote site standby SN -- Static Neighbor LB -- Local site not best-site RB -- Remote site not best-site VM -- VLAN ID mismatch Legend for interface status Up -- operational Dn -- down Instance: H-VPLS BGP-VPLS State Local site: pe4 (4) connection-site Type St Time last up # Up trans 3 rmt Up Oct 18 15:58:39 2012 1 Remote PE: 3.3.3.3, Negotiated control-word: No Incoming label: 800266, Outgoing label: 800267 Local interface: vt-2/0/8.17826050, Status: Up, Encapsulation: VPLS Description: Intf - vpls H-VPLS local site 4 remote site 3 LDP-VPLS State Mesh-group connections: pe1 Neighbor Type St Time last up # Up trans 1.1.1.1(vpls-id 100) rmt Up Oct 18 15:58:39 2012 1 Remote PE: 1.1.1.1, Negotiated control-word: No Incoming label: 800002, Outgoing label: 299856 Negotiated PW status TLV: No Local interface: vt-2/0/9.17826048, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls H-VPLS neighbor 1.1.1.1 vpls-id 100 Mesh-group connections: pe2 Neighbor Type St Time last up # Up trans 2.2.2.2(vpls-id 200) rmt Up Oct 18 15:58:39 2012 1 Remote PE: 2.2.2.2, Negotiated control-word: No Incoming label: 800003, Outgoing label: 299888 Negotiated PW status TLV: No Local interface: vt-2/0/10.17826049, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls H-VPLS neighbor 2.2.2.2 vpls-id 200
- On Router PE3 and Router PE4, use the show vpls flood command to verify that the H-VPLS PE router created a flood group
for each spoke PE site.
user@PE3> show vpls flood
Name: H-VPLS CEs: 1 VEs: 3 Flood Routes: Prefix Type Owner NhType NhIndex 0x300cc/51 FLOOD_GRP_COMP_NH __ves__ comp 1376 0x300cf/51 FLOOD_GRP_COMP_NH __all_ces__ comp 744 0x300d5/51 FLOOD_GRP_COMP_NH pe1 comp 1702 0x300d3/51 FLOOD_GRP_COMP_NH pe2 comp 1544 0x30001/51 FLOOD_GRP_COMP_NH __re_flood__ comp 740
user@PE4> show vpls flood
Name: H-VPLS CEs: 1 VEs: 3 Flood Routes: Prefix Type Owner NhType NhIndex 0x300d1/51 FLOOD_GRP_COMP_NH __ves__ comp 1534 0x300d0/51 FLOOD_GRP_COMP_NH __all_ces__ comp 753 0x300d6/51 FLOOD_GRP_COMP_NH pe1 comp 1378 0x300d4/51 FLOOD_GRP_COMP_NH pe2 comp 1695 0x30002/51 FLOOD_GRP_COMP_NH __re_flood__ comp 750
- On Router PE3 and Router PE4, use the show vpls mac-table command to verify that MAC addresses of the CE devices have been
learned.
user@PE3> show vpls mac-table
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC) Routing instance : H-VPLS Bridging domain : __H-VPLS__, VLAN : NA MAC MAC Logical NH RTR address flags interface Index ID 00:21:59:0f:35:32 D vt-2/0/8.135266560 00:21:59:0f:35:33 D ge-2/1/3.0 00:21:59:0f:35:d4 D vt-2/0/9.135266561 00:21:59:0f:35:d5 D vt-2/0/10.135266562
user@PE4> show vpls mac-table
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC) Logical system : PE4 Routing instance : H-VPLS Bridging domain : __H-VPLS__, VLAN : NA MAC MAC Logical NH RTR address flags interface Index ID 00:21:59:0f:35:32 D vt-2/0/8.17826050 00:21:59:0f:35:33 D vt-2/0/9.17826050 00:21:59:0f:35:d4 D vt-2/0/10.17826050 00:21:59:0f:35:d5 D ge-2/1/7.0
- Make sure that the CE devices can ping each other.
user@CE1> ping 10.255.14.219 # ping sent from CE1 CE4
PING 10.255.14.219 (10.255.14.219): 56 data bytes 64 bytes from 10.255.14.219: icmp_seq=0 ttl=64 time=10.617 ms 64 bytes from 10.255.14.219: icmp_seq=1 ttl=64 time=9.224 ms ^C --- 10.255.14.219 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 9.224/9.921/10.617/0.697 ms
user@CE2> ping 10.255.14.218 # ping sent from CE2 to CE3
PING 10.255.14.218 (10.255.14.218): 56 data bytes 64 bytes from 10.255.14.218: icmp_seq=0 ttl=64 time=1.151 ms 64 bytes from 10.255.14.218: icmp_seq=1 ttl=64 time=0.674 ms ^C --- 10.255.14.218 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.674/0.913/1.151/0.238 ms
- Check the relevant routing tables.
user@PE1> show route table l2circuit.0
l2circuit.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 3.3.3.3:NoCtrlWord:5:100:Local/96 *[L2CKT/7] 00:12:16, metric2 1 > to 10.10.1.2 via ge-2/0/10.0 3.3.3.3:NoCtrlWord:5:100:Remote/96 *[LDP/9] 00:12:16 Discard 4.4.4.4:NoCtrlWord:5:100:Local/96 *[L2CKT/7] 00:12:10, metric2 1 > to 10.10.9.2 via ge-2/0/8.0 4.4.4.4:NoCtrlWord:5:100:Remote/96 *[LDP/9] 00:12:15 Discard
user@PE2> show route table l2circuit.0
l2circuit.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 3.3.3.3:NoCtrlWord:5:200:Local/96 *[L2CKT/7] 00:13:13, metric2 1 > to 10.10.4.1 via ge-2/0/8.0 3.3.3.3:NoCtrlWord:5:200:Remote/96 *[LDP/9] 00:13:13 Discard 4.4.4.4:NoCtrlWord:5:200:Local/96 *[L2CKT/7] 00:13:13, metric2 1 > to 10.10.5.2 via ge-2/0/9.0 4.4.4.4:NoCtrlWord:5:200:Remote/96 *[LDP/9] 00:13:13 Discard
user@PE3> show route table H-VPLS.l2vpn.0
H-VPLS.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 3.3.3.3:33:3:1/96 *[L2VPN/170/-101] 03:19:26, metric2 1 Indirect 4.4.4.4:44:4:1/96 *[BGP/170] 03:15:45, localpref 100, from 4.4.4.4 AS path: I, validation-state: unverified > to 10.10.6.2 via ge-2/0/9.0
user@PE4> show route table H-VPLS.l2vpn.0
H-VPLS.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 3.3.3.3:33:3:1/96 *[BGP/170] 03:21:17, localpref 100, from 3.3.3.3 AS path: I, validation-state: unverified > to 10.10.6.1 via ge-2/0/9.0 4.4.4.4:44:4:1/96 *[L2VPN/170/-101] 03:17:47, metric2 1 Indirect
Results
The configuration and verification parts of this example have been completed. The following section is for your reference.
The relevant sample configuration for Router PE1 follows.
Router PE1
The relevant sample configuration for Router PE2 follows.
Router PE2
The relevant sample configuration for Router PE3 follows.
Router PE3
The relevant sample configuration for Router PE4 follows.
Router PE4
The relevant sample configuration for Device CE1 follows.
Router CE1
The relevant sample configuration for Device CE2 follows.
Router CE2
The relevant sample configuration for Device CE3 follows.
Router CE3
The relevant sample configuration for Device CE4 follows.
Router CE4