close
keyboard_arrow_left
Table of Contents
- play_arrow Common Configuration for All VPNs
- play_arrow VPNs Overview
- play_arrow Assigning Routing Instances to VPNs
- play_arrow Distributing Routes in VPNs
- play_arrow Distributing VPN Routes with Target Filtering
- Configuring BGP Route Target Filtering for VPNs
- Example: BGP Route Target Filtering for VPNs
- Example: Configuring BGP Route Target Filtering for VPNs
- Configuring Static Route Target Filtering for VPNs
- Understanding Proxy BGP Route Target Filtering for VPNs
- Example: Configuring Proxy BGP Route Target Filtering for VPNs
- Example: Configuring an Export Policy for BGP Route Target Filtering for VPNs
- Reducing Network Resource Use with Static Route Target Filtering for VPNs
- play_arrow Configuring Forwarding Options for VPNs
- play_arrow Configuring Graceful Restart for VPNs
- play_arrow Configuring Class of Service for VPNs
- play_arrow Pinging VPNs
-
- play_arrow Common Configuration for Layer 2 VPNs and VPLS
- play_arrow Overview
- play_arrow Layer 2 VPNs Configuration Overview
- play_arrow Configuring Layer 2 Interfaces
- play_arrow Configuring Path Selection for Layer 2 VPNs and VPLS
- play_arrow Creating Backup Connections with Redundant Pseudowires
- play_arrow Configuring Class of Service for Layer 2 VPNs
- play_arrow Monitoring Layer 2 VPNs
- Configuring BFD for Layer 2 VPN and VPLS
- BFD Support for VCCV for Layer 2 VPNs, Layer 2 Circuits, and VPLS
- Configuring BFD for VCCV for Layer 2 VPNs, Layer 2 Circuits, and VPLS
- Connectivity Fault Management Support for EVPN and Layer 2 VPN Overview
- Configure a MEP to Generate and Respond to CFM Protocol Messages
-
- play_arrow Configuring Group VPNs
- play_arrow Configuring Public Key Infrastructure
- play_arrow Configuring Digital Certificate Validation
- play_arrow Configuring a Device for Certificate Chains
- play_arrow Managing Certificate Revocation
-
- play_arrow Configuring Layer 2 Circuits
- play_arrow Overview
- play_arrow Layer 2 Circuits Configuration Overview
- play_arrow Configuring Class of Service with Layer 2 Circuits
- play_arrow Configuring Pseudowire Redundancy for Layer 2 Circuits
- play_arrow Configuring Load Balancing for Layer 2 Circuits
- play_arrow Configuring Protection Features for Layer 2 Circuits
- Egress Protection LSPs for Layer 2 Circuits
- Configuring Egress Protection Service Mirroring for BGP Signaled Layer 2 Services
- Example: Configuring an Egress Protection LSP for a Layer 2 Circuit
- Example: Configuring Layer 2 Circuit Protect Interfaces
- Example: Configuring Layer 2 Circuit Switching Protection
- play_arrow Monitoring Layer 2 Circuits with BFD
- play_arrow Troubleshooting Layer 2 Circuits
-
- play_arrow Configuring VPLS
- play_arrow Overview
- play_arrow VPLS Configuration Overview
- play_arrow Configuring Signaling Protocols for VPLS
- VPLS Routing and Virtual Ports
- BGP Signaling for VPLS PE Routers Overview
- Control Word for BGP VPLS Overview
- Configuring a Control Word for BGP VPLS
- BGP Route Reflectors for VPLS
- Interoperability Between BGP Signaling and LDP Signaling in VPLS
- Configuring Interoperability Between BGP Signaling and LDP Signaling in VPLS
- Example: VPLS Configuration (BGP Signaling)
- Example: VPLS Configuration (BGP and LDP Interworking)
- play_arrow Assigning Routing Instances to VPLS
- Configuring VPLS Routing Instances
- Configuring a VPLS Routing Instance
- Support of Inner VLAN List and Inner VLAN Range for Qualified BUM Pruning on a Dual-Tagged Interface for a VPLS Routing Instance Overview
- Configuring Qualified BUM Pruning for a Dual-Tagged Interface with Inner VLAN list and InnerVLAN range for a VPLS Routing Instance
- Configuring a Layer 2 Control Protocol Routing Instance
- PE Router Mesh Groups for VPLS Routing Instances
- Configuring VPLS Fast Reroute Priority
- Specifying the VT Interfaces Used by VPLS Routing Instances
- Understanding PIM Snooping for VPLS
- Example: Configuring PIM Snooping for VPLS
- VPLS Label Blocks Operation
- Configuring the Label Block Size for VPLS
- Example: Building a VPLS From Router 1 to Router 3 to Validate Label Blocks
- play_arrow Associating Interfaces with VPLS
- play_arrow Configuring Pseudowires
- Configuring Static Pseudowires for VPLS
- VPLS Path Selection Process for PE Routers
- BGP and VPLS Path Selection for Multihomed PE Routers
- Dynamic Profiles for VPLS Pseudowires
- Use Cases for Dynamic Profiles for VPLS Pseudowires
- Example: Configuring VPLS Pseudowires with Dynamic Profiles—Basic Solutions
- Example: Configuring VPLS Pseudowires with Dynamic Profiles—Complex Solutions
- Configuring the FAT Flow Label for FEC 128 VPLS Pseudowires for Load-Balancing MPLS Traffic
- Configuring the FAT Flow Label for FEC 129 VPLS Pseudowires for Load-Balancing MPLS Traffic
- Example: Configuring H-VPLS BGP-Based and LDP-Based VPLS Interoperation
- Example: Configuring BGP-Based H-VPLS Using Different Mesh Groups for Each Spoke Router
- Example: Configuring LDP-Based H-VPLS Using a Single Mesh Group to Terminate the Layer 2 Circuits
- Example: Configuring H-VPLS With VLANs
- Example: Configuring H-VPLS Without VLANs
- Configure Hot-Standby Pseudowire Redundancy in H-VPLS
- Sample Scenario of H-VPLS on ACX Series Routers for IPTV Services
- play_arrow Configuring Multihoming
- VPLS Multihoming Overview
- Advantages of Using Autodiscovery for VPLS Multihoming
- Example: Configuring FEC 129 BGP Autodiscovery for VPWS
- Example: Configuring BGP Autodiscovery for LDP VPLS
- Example: Configuring BGP Autodiscovery for LDP VPLS with User-Defined Mesh Groups
- VPLS Multihoming Reactions to Network Failures
- Configuring VPLS Multihoming
- Example: VPLS Multihoming, Improved Convergence Time
- Example: Configuring VPLS Multihoming (FEC 129)
- Next-Generation VPLS for Multicast with Multihoming Overview
- Example: Next-Generation VPLS for Multicast with Multihoming
- play_arrow Configuring Point-to-Multipoint LSPs
- play_arrow Configuring Inter-AS VPLS and IRB VPLS
- play_arrow Configuring Load Balancing and Performance
- Configuring VPLS Load Balancing
- Configuring VPLS Load Balancing Based on IP and MPLS Information
- Configuring VPLS Load Balancing on MX Series 5G Universal Routing Platforms
- Example: Configuring Loop Prevention in VPLS Network Due to MAC Moves
- Understanding MAC Pinning
- Configuring MAC Pinning on Access Interfaces for Bridge Domains
- Configuring MAC Pinning on Trunk Interfaces for Bridge Domains
- Configuring MAC Pinning on Access Interfaces for Bridge Domains in a Virtual Switch
- Configuring MAC Pinning on Trunk Interfaces for Bridge Domains in a Virtual Switch
- Configuring MAC Pinning for All Pseudowires of the VPLS Routing Instance (LDP and BGP)
- Configuring MAC Pinning on VPLS CE Interface
- Configuring MAC Pinning for All Pseudowires of the VPLS Site in a BGP-Based VPLS Routing Instance
- Configuring MAC Pinning on All Pseudowires of a Specific Neighbor of LDP-Based VPLS Routing Instance
- Configuring MAC Pinning on Access Interfaces for Logical Systems
- Configuring MAC Pinning on Trunk Interfaces for Logical Systems
- Configuring MAC Pinning on Access Interfaces in Virtual Switches for Logical Systems
- Configuring MAC Pinning on Trunk Interfaces in Virtual Switches for Logical Systems
- Configuring MAC Pinning for All Pseudowires of the VPLS Routing Instance (LDP and BGP) for Logical Systems
- Configuring MAC Pinning on VPLS CE Interface for Logical Systems
- Configuring MAC Pinning for All Pseudowires of the VPLS Site in a BGP-Based VPLS Routing Instance for Logical Systems
- Configuring MAC Pinning on All Pseudowires of a Specific Neighbor of LDP-Based VPLS Routing Instance for Logical Systems
- Example: Prevention of Loops in Bridge Domains by Enabling the MAC Pinnning Feature on Access Interfaces
- Example: Prevention of Loops in Bridge Domains by Enabling the MAC Pinnning Feature on Trunk Interfaces
- Configuring Improved VPLS MAC Address Learning on T4000 Routers with Type 5 FPCs
- Understanding Qualified MAC Learning
- Qualified Learning VPLS Routing Instance Behavior
- Configuring Qualified MAC Learning
- play_arrow Configuring Class of Service and Firewall Filters in VPLS
- play_arrow Monitoring and Tracing VPLS
-
- play_arrow Connecting Layer 2 VPNs and Circuits to Other VPNs
- play_arrow Connecting Layer 2 VPNs to Other VPNs
- play_arrow Connecting Layer 2 Circuits to Other VPNs
- Using the Layer 2 Interworking Interface to Interconnect a Layer 2 Circuit to a Layer 2 VPN
- Applications for Interconnecting a Layer 2 Circuit with a Layer 2 Circuit
- Example: Interconnecting a Layer 2 Circuit with a Layer 2 VPN
- Example: Interconnecting a Layer 2 Circuit with a Layer 2 Circuit
- Applications for Interconnecting a Layer 2 Circuit with a Layer 3 VPN
- Example: Interconnecting a Layer 2 Circuit with a Layer 3 VPN
-
- play_arrow Configuration Statements and Operational Commands
list Table of Contents
keyboard_arrow_right
Example: Configuring MPLS Egress Protection Service Mirroring for BGP Signaled Layer 2 Services
date_range
24-Nov-23
Starting in Junos OS Release 14.2, Junos OS supports the restoration of egress traffic when there is a link or node failure in the egress PE node. If there is a link or node failure in the core network, a protection mechanism such as MPLS fast reroute can be triggered on the transport LSPs between the PE routers to repair the connection within tens of milliseconds. An egress protection LSP addresses the problem of a node-link failure at the edge of the network (for example, a failure of a PE router).
This example shows how to configure link protection for BGP signaled Layer 2 services.
Overview
If there is a link or node failure in the core network, a protection mechanism such as MPLS fast reroute can be triggered on the transport LSPs between the PE routers to repair the connection within tens of milliseconds. An egress protection LSP addresses the problem of a node-link failure at the edge of the network (for example, a failure of a PE router).
This example includes the following configuration concepts and statements that are unique to the configuration of an egress protection LSP:
context-identifier—Specifies an IPv4 or IPv6 address used to define the pair of PE routers participating in the egress protection LSP. It is assigned to each ordered pair of primary PE and the protector to facilitate protection establishment. This address is globally unique, or unique in the address space of the network where the primary PE and the protector reside.egress-protection—Configures the protector information for the protected Layer 2 circuit and configures the protector Layer 2 circuit at the[edit protocols mpls]hierarchy level. Configures an LSP as an egress protection LSP at the[edit protocols mpls]hierarchy level.protector—Configures the creation of standby pseudowires on the backup PE for link or node protection for the instance.
Topology
Figure 1: Egress
Protection LSP Configured from Router PE1 to Router PE2
In the event of a failure of the egress PE Router PE1, traffic is switched to the egress protection LSP configured between Router PE1 and Router PE2 (the protector PE router):
Device CE2—Traffic origin
Router PE3—Ingress PE router
Router PE1— (Primary) Egress PE router
Router PE2—Protector PE router
Device CE1—Traffic destination
When the link between CE1– PE1 goes downs, PE1 will briefly redirect that traffic toward CE1, to PE2. PE2 forwards it to CE1 until ingress router PE3 recalculates to forward the traffic to PE2.
Initially the traffic direction was: CE2 – PE3 – P – PE1 – CE1.
When the link between CE1– PE1 goes down, the traffic will be: CE2 – PE3 – P – PE1 – PE2 –CE1. PE3 then recalculates the path: CE2 – PE3 – P – PE2 – CE1.
This example shows how to configure routers PE1, PE2, and PE3.
Configuration
CLI Quick Configuration
To quickly configure an egress protection
LSP, copy the following commands, paste them into a text file, remove
any line breaks, change any details necessary to match your network
configurations, copy and then paste the commands into the CLI and
enter commit from configuration mode.
PE1
content_copy zoom_out_map
set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols mpls egress-protection context-identifier 198.51.100.3 primary set protocols mpls egress-protection context-identifier 198.51.100.3 advertise-mode stub-alias set protocols mpls egress-protection traceoptions file ep size 100m set protocols mpls egress-protection traceoptions flag all set protocols bgp traceoptions file bgp.log world-readable set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 10.255.183.58 set protocols bgp group ibgp family inet unicast set protocols bgp group ibgp family l2vpn signaling egress-protection set protocols bgp group ibgp neighbor 192.0.2.3 set protocols bgp group ibgp neighbor 192.0.2.4 set protocols isis traceoptions file isis-edge size 10m world-readable set protocols isis traceoptions flag error set protocols isis level 1 disable set protocols isis level 2 wide-metrics-only set protocols isis interface all point-to-point set protocols isis interface all level 2 metric 10 set protocols isis interface fxp0.0 disable set protocols ldp interface all set protocols ldp interface fxp0.0 disable set policy-options policy-statement lb then load-balance per-packet set routing-options traceoptions file ro.log set routing-options traceoptions flag all set routing-options traceoptions flag route set routing-options autonomous-system 100 set routing-options forwarding-table export lb set routing-instances foo instance-type l2vpn set routing-instances foo egress-protection context-identifier 198.51.100.3 set routing-instances foo interface ge-2/0/2.0 set routing-instances foo route-distinguisher 10.255.183.58:1 set routing-instances foo vrf-target target:9000:1 set routing-instances foo protocols l2vpn encapsulation-type ethernet-vlan set routing-instances foo protocols l2vpn site foo site-identifier 1 set routing-instances foo protocols l2vpn site foo site-preference primary set routing-instances foo protocols l2vpn site foo interface ge-2/0/2.0 remote-site-id 2
PE2
content_copy zoom_out_map
set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols mpls egress-protection context-identifier 198.51.100.3 protector set protocols mpls egress-protection context-identifier 198.51.100.3 advertise-mode stub-alias set protocols mpls egress-protection traceoptions file ep size 100m set protocols mpls egress-protection traceoptions flag all set protocols bgp traceoptions file bgp.log world-readable set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 10.255.183.57 set protocols bgp group ibgp family inet unicast set protocols bgp group ibgp family l2vpn signaling egress-protection set protocols bgp group ibgp neighbor 192.0.2.3 set protocols bgp group ibgp neighbor 192.0.2.4 set protocols isis traceoptions file isis-edge size 10m world-readable set protocols isis traceoptions flag error set protocols isis level 1 disable set protocols isis level 2 wide-metrics-only set protocols isis interface all point-to-point set protocols isis interface all level 2 metric 10 set protocols isis interface fxp0.0 disable set protocols ldp interface all set protocols ldp interface fxp0.0 disable set policy-options policy-statement lb then load-balance per-packet set routing-options traceoptions file ro.log set routing-options traceoptions flag normal set routing-options traceoptions flag route set routing-options autonomous-system 100 set routing-options forwarding-table export lb set routing-instances foo instance-type l2vpn set routing-instances foo egress-protection protector set routing-instances foo interface ge-2/0/2.0 set routing-instances foo route-distinguisher 10.255.183.57:1 set routing-instances foo vrf-target target:9000:1 set routing-instances foo protocols l2vpn encapsulation-type ethernet-vlan set routing-instances foo protocols l2vpn site foo hot-standby set routing-instances foo protocols l2vpn site foo site-identifier 1 set routing-instances foo protocols l2vpn site foo site-preference backup set routing-instances foo protocols l2vpn site foo interface ge-2/0/2.0 remote-site-id 2
PE3
content_copy zoom_out_map
set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols bgp traceoptions file bgp.log world-readable set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 10.255.183.61 set protocols bgp group ibgp family inet unicast set protocols bgp group ibgp family l2vpn signaling set protocols bgp group ibgp neighbor 192.0.2.3 set protocols bgp group ibgp neighbor 192.0.2.4 set protocols isis traceoptions file isis-edge size 10m world-readable set protocols isis traceoptions flag error set protocols isis level 1 disable set protocols isis level 2 wide-metrics-only set protocols isis interface all point-to-point set protocols isis interface all level 2 metric 10 set protocols isis interface fxp0.0 disable set protocols ldp interface all set protocols ldp interface fxp0.0 disable set policy-options policy-statement lb then load-balance per-packet set routing-options traceoptions file ro.log set routing-options traceoptions flag normal set routing-options traceoptions flag route set routing-options autonomous-system 100 set routing-options forwarding-table export lb set routing-instances foo instance-type l2vpn set routing-instances foo interface ge-2/1/2.0 set routing-instances foo route-distinguisher 10.255.183.61:1 set routing-instances foo vrf-target target:9000:1 set routing-instances foo protocols l2vpn encapsulation-type ethernet-vlan set routing-instances foo protocols l2vpn site foo site-identifier 2 set routing-instances foo protocols l2vpn site foo interface ge-2/1/2.0 remote-site-id 1
Step-by-Step Procedure
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode.
To configure an egress protection LSP for router PE1:
Configure RSVP.
content_copy zoom_out_map[edit protocols rsvp] user@PE1# set interface all user@PE1# set interface fxp0.0 disable
Configure MPLS to use the egress protection LSP to protect against a link failure to Device CE1.
content_copy zoom_out_map[edit protocols mpls] user@PE1# set interface all user@PE1# set interface fxp0.0 disable user@PE1# set egress-protection context-identifier 198.51.100.3 primary user@PE1# set egress-protection context-identifier 198.51.100.3 advertise-mode stub-alias user@PE1# set egress-protection traceoptions file ep size 100m user@PE1# set egress-protection traceoptions flag all
Configure BGP.
content_copy zoom_out_map[edit protocols bgp] user@PE1# set traceoptions file bgp.log world-readable user@PE1# set group ibgp type internal user@PE1# set group ibgp local-address 10.255.183.58 user@PE1# set group ibgp family inet unicast user@PE1# set group ibgp family l2vpn signaling egress-protection user@PE1# set group ibgp neighbor 192.0.2.3 user@PE1# set group ibgp neighbor 192.0.2.4
Configure IS-IS.
content_copy zoom_out_map[edit protocols isis] user@PE1# set traceoptions file isis-edge size 10m world-readable user@PE1# set traceoptions flag error user@PE1# set level 1 disable user@PE1# set level 2 wide-metrics-only user@PE1# set interface all point-to-point user@PE1# set interface all level 2 metric 10 user@PE1# set interface fxp0.0 disable
Configure LDP.
content_copy zoom_out_map[edit protocols ldp] user@PE1# set interface all user@PE1# set interface fxp0.0 disable
Configure a load-balancing policy.
content_copy zoom_out_map[edit] user@PE1# set policy-options policy-statement lb then load-balance per-packet
Configure the routing options to export routes based on the load-balancing policy.
content_copy zoom_out_map[edit routing-options] user@PE1# set traceoptions file ro.log user@PE1# set traceoptions flag all user@PE1# set autonomous-system 100 user@PE1# set forwarding-table export lb
Configure BGP to advertise nrli from the routing instance with context-ID as next-hop.
content_copy zoom_out_map[edit routing-instances] user@PE1# set foo instance-type l2vpn user@PE1# set foo egress-protection context-identifier 198.51.100.3 user@PE1# set foo interface ge-2/0/2.0 user@PE1# set foo route-distinguisher 10.255.183.58:1 user@PE1# set foo vrf-target target:9000:1
Configure l2vpn instance to use the egress LSP configured.
content_copy zoom_out_map[edit routing-instances] user@PE1# set foo protocols l2vpn encapsulation-type ethernet-vlan user@PE1# set foo protocols l2vpn site foo site-identifier 1 user@PE1# set foo protocols l2vpn site foo site-preference primary user@PE1# set foo protocols l2vpn site foo interface ge-2/0/2.0 remote-site-id 2
If you are done configuring the device, enter
commitfrom configuration mode.
Step-by-Step Procedure
To configure an egress protection LSP for Router PE2:
Configure RSVP.
content_copy zoom_out_map[edit protocols rsvp] user@PE2# set interface all user@PE2# set interface fxp0.0 disable
Configure MPLS and the LSP that acts as the egress protection LSP.
content_copy zoom_out_map[edit protocols mpls] user@PE2# set interface all user@PE2# set interface fxp0.0 disable user@PE2# set egress-protection context-identifier 198.51.100.3 protector user@PE2# set egress-protection context-identifier 198.51.100.3 advertise-mode stub-alias user@PE2# set egress-protection traceoptions file ep size 100m user@PE2# set egress-protection traceoptions flag all
Configure BGP.
content_copy zoom_out_map[edit protocols bgp] user@PE2# set traceoptions file bgp.log world-readable user@PE2# set group ibgp type internal user@PE2# set group ibgp local-address 10.255.183.57 user@PE2# set group ibgp family inet unicast user@PE2# set group ibgp family l2vpn signaling user@PE2# set group ibgp family l2vpn egress-protection user@PE2# set group ibgp neighbor 192.0.2.3 user@PE2# set group ibgp neighbor 192.0.2.4
Configure IS-IS.
content_copy zoom_out_map[edit protocols isis] user@PE2# set traceoptions file isis-edge size 10m world-readable user@PE2# set traceoptions flag error user@PE2# set level 1 disable user@PE2# set level 2 wide-metrics-only user@PE2# set interface all point-to-point user@PE2# set interface all level 2 metric 10 user@PE2# set interface fxp0.0 disable
Configure LDP.
content_copy zoom_out_map[edit protocols ldp] user@PE2# set interface all user@PE2# set interface fxp0.0 disable
Configure a load-balancing policy.
content_copy zoom_out_map[edit] user@PE2# set policy-options policy-statement lb then load-balance per-packet
Configure the routing options to export routes based on the load-balancing policy.
content_copy zoom_out_map[edit routing-options] user@PE2# set traceoptions file ro.log user@PE2# set traceoptions flag all user@PE2# set autonomous-system 100 user@PE2# set forwarding-table export lb
Configure BGP to advertise nrli from the routing instance with context-ID as next-hop.
content_copy zoom_out_map[edit routing-instances] user@PE2# set foo instance-type l2vpn user@PE2# set foo egress-protection protector user@PE2# set foo interface ge-2/0/2.0 user@PE2# set foo route-distinguisher 10.255.183.57:1 user@PE2# set foo vrf-target target:9000:1
Configure l2vpn instance to use the egress LSP configured.
content_copy zoom_out_map[edit routing-instances] user@PE2# set foo protocols l2vpn encapsulation-type ethernet-vlan user@PE2# set foo protocols l2vpn site foo hot-standby user@PE2# set foo protocols l2vpn site foo site-identifier 1 user@PE2# set foo protocols l2vpn site foo site-preference backup user@PE2# set foo protocols l2vpn site foo interface ge-2/0/2.0 remote-site-id 2
If you are done configuring the device, enter
commitfrom configuration mode.
Step-by-Step Procedure
To configure an egress protection LSP for Router PE3:
Configure RSVP.
content_copy zoom_out_map[edit protocols rsvp] user@PE3# set interface all user@PE3# set interface fxp0.0 disable
Configure MPLS.
content_copy zoom_out_map[edit protocols mpls] user@PE3# set interface all user@PE3# set interface fxp0.0 disable
Configure BGP.
content_copy zoom_out_map[edit protocols bgp] user@PE3# set traceoptions file bgp.log world-readable user@PE3# set group ibgp type internal user@PE3# set group ibgp local-address 10.255.183.61 user@PE3# set group ibgp family inet unicast user@PE3# set group ibgp family l2vpn signaling user@PE3# set group ibgp neighbor 192.0.2.3 user@PE3# set group ibgp neighbor 192.0.2.4
Configure IS-IS.
content_copy zoom_out_map[edit protocols isis] user@PE3# set traceoptions file isis-edge size 10m world-readable user@PE3# set traceoptions flag error user@PE3# set level 1 disable user@PE3# set level 2 wide-metrics-only user@PE3# set protocols isis interface all point-to-point [edit protocols isis] user@PE3# set protocols isis interface all level 2 metric 10 [edit protocols isis] user@PE3# set protocols isis interface fxp0.0 disable
Configure LDP.
content_copy zoom_out_map[edit protocols ldp] user@PE3# set interface all user@PE3# set interface fxp0.0 disable
Configure a load-balancing policy.
content_copy zoom_out_map[edit] user@PE3# set policy-options policy-statement lb then load-balance per-packet
Configure the routing options to export routes based on the load-balancing policy.
content_copy zoom_out_map[edit routing-options] user@PE3# set traceoptions file ro.log user@PE3# set traceoptions flag normal user@PE3# set traceoptions flag route user@PE3# set autonomous-system 100 user@PE3# set forwarding-table export lb
Configure BGP to advertise nlri from the routing instance with context-ID as next-hop.
content_copy zoom_out_map[edit] user@PE3# set routing-instances foo instance-type l2vpn user@PE3# set routing-instances foo interface ge-2/1/2.0 user@PE3# set routing-instances foo route-distinguisher 10.255.183.61:1 user@PE3# set routing-instances foo vrf-target target:9000:1
Configure l2vpn to specify the interface that connects to the site and the remote interface to which you want the specified interface to connect.
content_copy zoom_out_map[edit routing-instances] user@PE3# set foo protocols l2vpn encapsulation-type ethernet-vlan user@PE3# set foo protocols l2vpn site foo site-identifier 2 user@PE3# set foo protocols l2vpn site foo interface ge-2/1/2.0 remote-site-id 1
If you are done configuring the device, enter
commitfrom configuration.
Results
From configuration mode, confirm your configuration on Router PE1 by entering the show protocols, show policy-options, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
content_copy zoom_out_map
[edit]
user@PE1# show protocols
rsvp {
interface all;
interface fxp0.0 {
disable;
}
}
mpls {
interface all;
interface fxp0.0 {
disable;
}
egress-protection {
context-identifier 198.51.100.3 {
primary;
advertise-mode stub-alias;
}
traceoptions {
file ep size 100m;
flag all;
}
}
}
bgp {
traceoptions {
file bgp.log world-readable;
}
group ibgp {
type internal;
local-address 10.255.183.58;
family inet {
unicast;
}
family l2vpn {
signaling {
egress-protection;
}
}
neighbor 192.0.2.3;
neighbor 192.0.2.4;
}
}
isis {
traceoptions {
file isis-edge size 10m world-readable;
flag error;
}
level 1 disable;
level 2 wide-metrics-only;
interface all {
point-to-point;
level 2 metric 10;
}
interface fxp0.0 {
disable;
}
}
ldp {
interface all;
interface fxp0.0 {
disable;
}
}
[edit]
user@PE1# show policy-options
policy-statement lb {
then {
load-balance per-packet;
}
}
[edit]
user@PE1# show routing-options
traceoptions {
file ro.log;
flag all;
}
autonomous-system 100;
forwarding-table {
export lb;
}
[edit]
user@PE1# show routing-instances
foo {
instance-type l2vpn;
egress-protection {
context-identifier {
198.51.100.3;
}
}
interface ge-2/0/2.0;
route-distinguisher 10.255.183.58:1;
vrf-target target:9000:1;
protocols {
l2vpn {
encapsulation-type ethernet-vlan;
site foo {
site-identifier 1;
site-preference primary;
interface ge-2/0/2.0 {
remote-site-id 2;
}
}
}
}
}
From configuration mode, confirm your configuration on Router PE2 by entering the show protocols, show policy-options, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
content_copy zoom_out_map
[edit]
user@PE2# show protocols
rsvp {
interface all;
interface fxp0.0 {
disable;
}
}
mpls {
interface all;
interface fxp0.0 {
disable;
}
egress-protection {
context-identifier 198.51.100.3 {
protector;
advertise-mode stub-alias;
}
traceoptions {
file ep size 100m;
flag all;
}
}
}
bgp {
traceoptions {
file bgp.log world-readable;
}
group ibgp {
type internal;
local-address 10.255.183.57;
family inet {
unicast;
}
family l2vpn {
signaling {
egress-protection;
}
}
neighbor 192.0.2.3;
neighbor 192.0.2.4;
}
}
isis {
traceoptions {
file isis-edge size 10m world-readable;
flag error;
}
level 1 disable;
level 2 wide-metrics-only;
interface all {
point-to-point;
level 2 metric 10;
}
interface fxp0.0 {
disable;
}
}
ldp {
interface all;
interface fxp0.0 {
disable;
}
}
[edit]
user@PE2# show policy-options
policy-statement lb {
then {
load-balance per-packet;
}
}
[edit]
user@PE2# show routing-options
traceoptions {
file ro.log;
flag normal;
flag route;
}
autonomous-system 100;
forwarding-table {
export lb;
}
[edit]
user@PE2# show routing-instances
foo {
instance-type l2vpn;
egress-protection {
protector;
}
interface ge-2/0/2.0;
route-distinguisher 10.255.183.57:1;
vrf-target target:9000:1;
protocols {
l2vpn {
encapsulation-type ethernet-vlan;
site foo {
hot-standby;
site-identifier 1;
site-preference backup;
interface ge-2/0/2.0 {
remote-site-id 2;
}
}
}
}
}
From configuration mode, confirm your configuration on Router PE3 by entering the show protocols, show policy-options, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
content_copy zoom_out_map
[edit]
user@PE3# show protocols
rsvp {
interface all;
interface fxp0.0 {
disable;
}
}
mpls {
interface all;
interface fxp0.0 {
disable;
}
}
bgp {
traceoptions {
file bgp.log world-readable;
}
group ibgp {
type internal;
local-address 10.255.183.61;
family inet {
unicast;
}
family l2vpn {
signaling;
}
neighbor 192.0.2.3;
neighbor 192.0.2.4;
}
}
isis {
traceoptions {
file isis-edge size 10m world-readable;
flag error;
}
level 1 disable;
level 2 wide-metrics-only;
interface all {
point-to-point;
level 2 metric 10;
}
interface fxp0.0 {
disable;
}
}
ldp {
interface all;
interface fxp0.0 {
disable;
}
}
[edit]
user@PE3# show policy-options
policy-statement lb {
then {
load-balance per-packet;
}
}
[edit]
user@PE3# show routing-options
traceoptions {
file ro.log;
flag normal;
flag route;
}
autonomous-system 100;
forwarding-table {
export lb;
}
[edit]
user@PE3# show routing-instances
foo {
instance-type l2vpn;
interface ge-2/1/2.0;
route-distinguisher 10.255.183.61:1;
vrf-target target:9000:1;
protocols {
l2vpn {
encapsulation-type ethernet-vlan;
site foo {
site-identifier 2;
interface ge-2/1/2.0 {
remote-site-id 1;
}
}
}
}
}
Verification
Confirm that the configuration is working properly.
- Verifying the L2VPN Configuration
- Verifying the Routing Instance Details
- Verifying the IS-IS Configuration
- Verifying the MPLS Configuration
Verifying the L2VPN Configuration
Purpose
Verify that LSP is protected by the connection protection logic.
Action
From operational mode, run the show l2vpn connections
extensive command.
content_copy zoom_out_map
user@PE2> show l2vpn connections extensive
content_copy zoom_out_map
Layer-2 VPN connections:
Legend for connection status (St)
EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down NP -- interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned <- -- only inbound connection is up
OR -- out of range Up -- operational
OL -- no outgoing label Dn -- down
LD -- local site signaled down CF -- call admission control failure
RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
MM -- MTU mismatch MI -- Mesh-Group ID not available
BK -- Backup connection ST -- Standby connection
PF -- Profile parse failure PB -- Profile busy
RS -- remote site standby SN -- Static Neighbor
LB -- Local site not best-site RB -- Remote site not best-site
VM -- VLAN ID mismatch
Legend for interface status
Up -- operational
Dn -- down
Instance: foo
Local site: foo (1)
connection-site Type St Time last up # Up trans
2 rmt Up Aug 3 00:08:14 2001 1
Local circuit: ge-2/0/2.0, Status: Up
Remote PE: 192.0.2.3
Incoming label: 32769, Outgoing label: 32768
Egress Protection: Yes
Time Event Interface/Lbl/PE
Aug 3 00:08:14 2001 PE route up
Aug 3 00:08:14 2001 Out lbl Update 32768
Aug 3 00:08:14 2001 In lbl Update 32769
Aug 3 00:08:14 2001 ckt0 up fe-0/0/0.0 Meaning
The Egress Protection: Yes output shows
that the given PVC is protected by connection protection logic.
Verifying the Routing Instance Details
Purpose
Verify the routing instance information and the context identifier configured on the primary, which is used as the next-hop address in case of node-link failure.
Action
From operational mode, run the show route foo detail command.
content_copy zoom_out_map
user@PE2> show route foo detail
content_copy zoom_out_map
foo:
Router ID: 0.0.0.0
Type: l2vpn non-forwarding State: Active
Interfaces:
lt-1/2/0.56
Route-distinguisher: 10.255.255.11:1
Vrf-import: [ __vrf-import-foo-internal__ ]
Vrf-export: [ __vrf-export-foo-internal__ ]
Vrf-import-target: [ target:100:200 ]
Vrf-export-target: [ target:100:200 ]
Fast-reroute-priority: low
Vrf-edge-protection-id: 198.51.100.3
Tables:
foo.l2vpn.0 : 5 routes (3 active, 0 holddown, 0 hidden)
foo.l2id.0 : 6 routes (2 active, 0 holddown, 0 hidden)
Meaning
The context-id is set to 198.51.100.3 and
the Vrf-import: [ __vrf-import-foo-internal__] in the output
mentions the policy used for rewriting the next-hop address.
Verifying the IS-IS Configuration
Purpose
Verify the IS-IS context identifier information.
Action
From operational mode, run the show isis context-identifier
detail command.
content_copy zoom_out_map
user@PE2> show isis context-identifier detail
content_copy zoom_out_map
IS-IS context database: Context L Owner Role Primary Metric 198.51.100.3 2 MPLS Protector pro17-b-lr-R1 0 Advertiser pro17-b, Router ID 10.255.107.49, Level 2, tlv protector Advertiser pro17-b-lr-R1, Router ID 10.255.255.11, Metric 1, Level 2, tlv prefix
Meaning
Router PE2 is the protector and the configured context identifier is in use for the MPLS protocol.
Verifying the MPLS Configuration
Purpose
Verify the context identifier details on the primary and protector PEs.
Action
From operational mode, run the show mpls context-identifier
detail command.
content_copy zoom_out_map
user@PE1> show mpls context-identifier detail
content_copy zoom_out_map
ID: 198.51.100.3 Type: primary, Metric: 1, Mode: alias Total 1, Primary 1, Protector 0
content_copy zoom_out_map
user@PE2> show mpls context-identifier detail
content_copy zoom_out_map
ID: 198.51.100.3 Type: protector, Metric: 16777215, Mode: alias Context table: __198.51.100.3__.mpls.0, Label out: 299968
content_copy zoom_out_map
user@PE2> show mpls egress-protection detail
content_copy zoom_out_map
Instance Type Protection-Type foo local-l2vpn Protector Route Target 100:200
Meaning
Context-id is 198.51.100.3, advertise-mode
is alias, the MPLS table created for egress protection
is __198.51.100.3__.mpls.0, and the egress instance name
is foo, which is of type local-l2vpn.
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
Release
Description
14.2
Starting
in Junos OS Release 14.2, Junos OS supports the restoration of egress
traffic when there is a link or node failure in the egress PE node.
