Configuring Interfaces for Layer 2 Circuits
The following sections describe how to configure interfaces for Layer 2 circuits:
Not all subtasks are supported on all platforms; check the CLI on your device.
Configuring the Address for the Neighbor of the Layer 2 Circuit
All the Layer 2 circuits using a particular remote PE router
designated for remote CE routers are listed under the neighbor statement (“neighbor” designates the PE router). Each
neighbor is identified by its IP address and is usually the end-point
destination for the label-switched path (LSP) tunnel transporting
the Layer 2 circuit.
To configure a PE router as a neighbor for a Layer 2 circuit,
specify the neighbor address using the neighbor statement:
neighbor address { ... }
You can include this statement at the following hierarchy levels:
[edit protocols l2circuit][edit logical-systems logical-system-name protocols l2circuit]
Configuring the Neighbor Interface for the Layer 2 Circuit
Each Layer 2 circuit is represented by the logical interfaceencapsulation connecting the local provider edge (PE) router to the local customer edge (CE) router. This interface is tied to the Layer 2 circuit neighbor configured in Configuring the Address for the Neighbor of the Layer 2 Circuit.
To configure the interface for a Layer 2 circuit neighbor,
include the interface statement:
The commit operation fails, if the same logical interface is configured for both Layer 2 circuit and ccc connection.
On the EX9200 switches, replace encapsulation-type with the encapsulation statement.
interface interface-name { bandwidth (bandwidth | ctnumber bandwidth); community community-name; (control-word | no-control-word); description text; encapsulation-type type; ignore-encapsulation-mismatch; ignore-mtu-mismatch; mtu mtu-number; no-revert; protect-interface interface-name; pseudowire-status-tlv; psn-tunnel-endpoint address; virtual-circuit-id identifier; }
You can include this statement at the following hierarchy levels:
[edit protocols l2circuit neighbor address][edit logical-systems logical-system-name protocols l2circuit neighbor address]
The following sections describe how to configure the interface for the Layer 2 circuit neighbor:
- Configuring a Community for the Layer 2 Circuit
- Configuring the Control Word for Layer 2 Circuits
- Configuring the Encapsulation Type for the Layer 2 Circuit Neighbor Interface
- Enabling the Layer 2 Circuit When the Encapsulation Does Not Match
- Configuring the MTU Advertised for a Layer 2 Circuit
- Enabling the Layer 2 Circuit When the MTU Does Not Match
- Configuring the Protect Interface
- Configuring the Protect Interface From Switching Over to the Primary Interface
- Configuring the Pseudowire Status TLV
- Configuring Layer 2 Circuits over Both RSVP and LDP LSPs
- Configuring the Virtual Circuit ID
Configuring a Community for the Layer 2 Circuit
To configure a community for a Layer 2 circuit, include
the community statement:
community community-name;
You can include this statement at the following hierarchy levels:
[edit protocols l2circuit neighbor address interface interface-name][edit logical-systems logical-system-name protocols l2circuit neighbor address interface interface-name]
For information about how to configure a routing policy for a Layer 2 circuit, see Configuring Policies for Layer 2 Circuits.
Configuring the Control Word for Layer 2 Circuits
To emulate the virtual circuit (VC) encapsulation for Layer 2 circuits, a 4-byte control word is added between the Layer 2 protocol data unit (PDU) being transported and the VC label that is used for demultiplexing. For most protocols, a null control word consisting of all zeroes is sent between Layer 2 circuit neighbors.
However, individual bits are available in a control word that can carry Layer 2 protocol control information. The control information is mapped into the control word, which allows the header of a Layer 2 protocol to be stripped from the frame. The remaining data and control word can be sent over the Layer 2 circuit, and the frame can be reassembled with the proper control information at the egress point of the circuit.
The following Layer 2 protocols map Layer 2 control information into special bit fields in the control word:
Frame Relay—The control word supports the transport of discard eligible (DE), forward explicit congestion notification (FECN), and backward explicit congestion notification (BECN) information. For configuration information, see Configuring the Control Word for Frame Relay Interfaces.
Note:Frame Relay is not supported on the ACX Series routers.
ATM AAL5 mode—The control word supports the transport of sequence number processing, ATM cell loss priority (CLP), and explicit forward congestion indication (EFCI) information. When you configure an AAL5 mode Layer 2 circuit, the control information is carried by default and no additional configuration is needed.
ATM cell-relay mode—The control word supports sequence number processing only. When you configure a cell-relay mode Layer 2 circuit, the sequence number information is carried by default and no additional configuration is needed.
The Junos OS implementation of sequence number processing for ATM cell-relay mode and AAL5 mode is not the same as that described in Sec. 3.1.2 of the IETF draft Encapsulation Methods for Transport of Layer 2 Frames Over IP and MPLS Networks. The differences are as follows:
A packet with a sequence number of 0 is considered as out of sequence.
A packet that does not have the next incremental sequence number is considered out of sequence.
When out-of-sequence packets arrive, the sequence number in the Layer 2 circuit control word increments by one and becomes the expected sequence number for the neighbor.
The following sections discuss how to configure the control word for Layer 2 circuits:
Configuring the Control Word for Frame Relay Interfaces
On interfaces with Frame Relay CCC encapsulation, you can configure Frame Relay control bit translation to support Frame Relay services over IP and MPLS backbones by using CCC, Layer 2 VPNs, and Layer 2 circuits. When you configure translation of Frame Relay control bits, the bits are mapped into the Layer 2 circuit control word and preserved across the IP or MPLS backbone.
For information about how to configure the control bits, see the Configuring Frame Relay Control Bit Translation.
Disabling the Control Word for Layer 2 Circuits
The Junos OS can typically determine whether a neighboring router
supports the control word. However, if you want to explicitly disable
its use on a specific interface, include the no-control-word statement:
no-control-word;
For a list of hierarchy levels at which you can configure this statement, see the statement summary section for this statement.
Configuring the Encapsulation Type for the Layer 2 Circuit Neighbor Interface
You can specify the Layer 2 circuit encapsulation type for the interface receiving traffic from a Layer 2 circuit neighbor. The encapsulation type is carried in the LDP-signaling messages exchanged between Layer 2 circuit neighbors when pseudowires are created. The encapsulation type you configure for each Layer 2 circuit neighbor varies depending on the type of networking equipment or the type of Layer 2 protocol you have deployed in your network. If you do not specify an encapsulation type for the Layer 2 circuit, the encapsulation of the CE device interface is used by default.
Specify the encapsulation type for the Layer 2 circuit neighbor
interface by including the encapsulation-type statement:
encapsulation-type (atm-aal5 | atm-cell | atm-cell-port-mode | atm-cell-vc-mode | atm-cell-vp-mode | cesop | cisco-hdlc | ethernet | ethernet-vlan | frame-relay | frame-relay-port-mode | interworking | ppp | satop-e1 | satop-e3 | satop-t1 | satop-t3);
You can include this statement at the following hierarchy levels:
[edit protocols l2circuit neighbor address interface interface-name][edit logical-systems logical-system-name protocols l2circuit neighbor address interface interface-name]
Enabling the Layer 2 Circuit When the Encapsulation Does Not Match
You can configure the Junos OS to allow a Layer 2 circuit
to be established even though the encapsulation configured on the
CE device interface does not match the encapsulation configured on
the Layer 2 circuit interface by including the ignore-encapsulation-mismatch statement. You can configure the ignore-encapsulation-mismatch statement for the connection to the remote connection by including
the statement at the [edit protocols l2circuit neighbor address interface interface-name] hierarchy level or for the local connection by including this statement
at the [edit protocols l2circuit local-switching interface interface-name] hierarchy level.
ignore-encapsulation-mismatch;
For a list of hierarchy levels at which you can include this statement, see the statement summary section for this statement.
Configuring the MTU Advertised for a Layer 2 Circuit
By default, the MTU used to advertise a Layer 2 circuit is determined by taking the interface MTU for the associated physical interface and subtracting the encapsulation overhead for sending IP packets based on the encapsulation.
However, encapsulations that support multiple logical interfaces (and multiple Layer 2 circuits) rely on the same interface MTU (since they are all associated with the same physical interface). This can prove to be a limitation for VLAN Layer 2 circuits using the same Ethernet interface or for Layer 2 circuit DLCIs using the same Frame Relay interface.
This can also affect multivendor environments. For example, if you have three PE devices supplied by different vendors and one of the devices only supports an MTU of 1500, even if the other devices support larger MTUs you must to configure the MTU as 1500 (the smallest MTU of the three PE devices).
You can explicitly configure which MTU is advertised for a Layer 2 circuit, even if the Layer 2 circuit is sharing a physical interface with other Layer 2 circuits. When you explicitly configure an MTU for a Layer 2 circuit, be aware of the following:
An explicitly configured MTU is signaled to the remote PE device. The configured MTU is also compared to the MTU received from the remote PE device. If there is a conflict, the Layer 2 circuit is taken down.
If you configure an MTU for an ATM cell relay interface on an ATM II PIC, the configured MTU is used to compute the cell bundle size advertised for that Layer 2 circuit, instead of the default interface MTU.
A configured MTU is used only in the control plane. It is not enforced in the data plane. You need to ensure that the CE device for a given Layer 2 circuit uses the correct MTU for data transmission.
To configure the MTU for a Layer 2 circuit, include the mtu statement at the [edit protocols l2circuit neighbor address interface interface-name] hierarchy level.
mtu mtu-number;
Enabling the Layer 2 Circuit When the MTU Does Not Match
You can configure the Junos OS to allow a Layer 2 circuit
to be established even though the MTU configured on the PE router
does not match the MTU configured on the remote PE router by including
the ignore-mtu-mismatch statement at the [edit protocols
l2circuit neighbor address interface interface-name] hierarchy level.
Configuring the Protect Interface
You can configure a protect interface for the logical interface linking a virtual circuit to its destination, whether the destination is remote or local. A protect interface provides a backup for the protected interface in case of failure. Network traffic uses the primary interface only so long as the primary interface functions. If the primary interface fails, traffic is switched to the protect interface. The protect interface is optional.
To configure the protect interface, include the protect-interface statement:
protect-interface interface-name;
The protect interface must be configured prior to configuring
the no-revert statement.
For a list of hierarchy levels at which you can include this statement, see the statement summary section for this statement.
For an example of how to configure a protect interface for a Layer 2 circuit, see Example: Configuring Layer 2 Circuit Protect Interfaces.
Configuring the Protect Interface From Switching Over to the Primary Interface
Typically, when the primary interface goes down, the pseudowire
starts using the protect interface. By default, when the primary interface
comes back online, the interface is switched-over back from the protect
interface to the primary interface. To prevent the switchover back
to the primary interface, unless the protect interface goes down,
include the no-revert statement. This prevents loss of
traffic during the switchover.
If the protect interface fails, the interface is switched-over
back to the primary interface, irrespective of whether or not the no-revert statement is included in the configuration.
You can configure the no-revert statement at the [edit protocols l2circuit neighbor address interface interface-name] hierarchy level:
[edit protocols l2circuit neighbor address interface interface-name]
no-revert;
Configuring the Pseudowire Status TLV
The pseudowire status type length variable (TLV) is used to communicate the status of a pseudowire back and forth between two PE routers. For Layer 2 circuit configurations, you can configure the PE router to negotiate the pseudowire with its neighbor using the pseudowire status TLV. This same functionality is also available for LDP VPLS neighbor configurations. The pseudowire status TLV is configurable for each pseudowire connection and is disabled by default. The pseudowire status negotiation process assures that a PE router reverts back to the label withdraw method for pseudowire status if its remote PE router neighbor does not support the pseudowire status TLV.
Unlike the control word, a PE router’s ability to support the pseudowire status TLV is communicated when the initial label mapping message is sent to its remote PE router. Once the PE router transmits its support for the pseudowire status TLV to its remote PE router, it includes the pseudowire status TLV in every label mapping message sent to the remote PE router. If you disable support for the pseudowire status TLV on the PE router, a label withdraw message is sent to the remote PE router and then a new label mapping message without the pseudowire status TLV follows.
To configure the pseudowire status TLV for the pseudowire to
the neighbor PE router, include the pseudowire-status-tlv statement:
pseudowire-status-tlv;
For a list of the hierarchy levels at which you can include this statement, see the statement summary section for this statement.
Configuring Layer 2 Circuits over Both RSVP and LDP LSPs
You can configure two Layer 2 circuits between the same two routers, and have one Layer 2 circuit traverse an RSVP LSP and the other traverse an LDP LSP. To accomplish this, you need to configure two loopback addresses on the local router. You configure one of the loopback address for the Layer 2 circuit traversing the RSVP LSP. You configure the other loopback address to handle the Layer 2 circuit traversing the LDP LSP. For information about how to configure multiple loop back interfaces, see Configuring Logical Units on the Loopback Interface for Routing Instances in Layer 3 VPNs.
You also need to configure a packet switched network (PSN) tunnel endpoint for one of the Layer 2 circuits. It can be either the Layer 2 circuit traversing the RSVP LSP or the one traversing the LDP LSP. The PSN tunnel endpoint address is the destination address for the LSP on the remote router.
To configure the address for the PSN tunnel endpoint, include
the psn-tunnel-endpoint statement:
psn-tunnel-endpoint address;
You can include this statement at the following hierarchy levels:
[edit logical-systems logical-system-name protocols l2circuit neighbor address interface interface-name][edit protocols l2circuit neighbor address interface interface-name]
By default, the PSN tunnel endpoint for a Layer 2 circuit is identical to the neighbor address, which is also the same as the LDP neighbor address.
The tunnel endpoints on the remote router do not need to be loopback addresses.
Example: PSN Tunnel Endpoint
The following example illustrates how you might configure a PSN tunnel endpoint:
[edit protocols l2circuit]
neighbor 10.255.0.6 {
interface t1-0/2/2.0 {
psn-tunnel-endpoint 192.0.2.0;
virtual-circuit-id 1;
}
interface t1-0/2/1.0 {
virtual-circuit-id 10;
}
}
The Layer 2 circuit configured for the t1-0/2/2.0 interface resolves in the inet3 routing table to 192.0.2.0. This could be either an RSVP route or a static route with an LSP
next hop.
Configuring the Virtual Circuit ID
You configure a virtual circuit ID on each interface. Each virtual circuit ID uniquely identifies the Layer 2 circuit among all the Layer 2 circuits to a specific neighbor. The key to identifying a particular Layer 2 circuit on a PE router is the neighbor address and the virtual circuit ID. An LDP-FEC-to-label binding is associated with a Layer 2 circuit based on the virtual circuit ID in the FEC and the neighbor that sent this binding. The LDP-FEC-to-label binding enables the dissemination of the VPN label used for sending traffic on that Layer 2 circuit to the remote CE device.
You also configure a virtual circuit ID for each redundant pseudowire. A redundant pseudowire is identified by the backup neighbor address and the virtual circuit ID. For more information, see Configuring Pseudowire Redundancy on the PE Router.
To configure the virtual circuit ID, include the virtual-circuit-id statement:
virtual-circuit-id identifier;
For a list of hierarchy levels at which you can include this statement, see the statement summary section for this statement.
Configuring the Interface Encapsulation Type for Layer 2 Circuits
The Layer 2 encapsulation type is carried in the LDP forwarding equivalence class (FEC). You can configure either circuit cross-connect (CCC) or translational cross-connect (TCC) encapsulation types for Layer 2 circuits. For more information, see the MPLS Applications User Guide and Junos OS Network Interfaces Library for Routing Devices.
Some platform and FPC combinations can not pass TCC encapsulated ISO traffic. See Platforms/FPCs That Cannot Forward TCC Encapsulated ISO Traffic for details.
To configure the interface encapsulation for a Layer 2
circuit, include the encapsulation statement:
encapsulation encapsulation;
You can include this statement at the following hierarchy levels:
[edit interfaces interface-name][edit logical-systems logical-system-name interfaces interface-name]
Configuring ATM2 IQ Interfaces for Layer 2 Circuits
You can configure Asynchronous Transfer Mode 2 (ATM2) intelligent queuing (IQ) interfaces for Layer 2 circuits by using Layer 2 circuit ATM Adaptation Layer 5 (AAL5) transport mode, Layer 2 circuit ATM cell relay mode, and the Layer 2 circuit ATM trunk mode.
The configuration statements are as follows:
atm-l2circuit-mode aal5atm-l2circuit-mode cellatm-l2circuit-mode trunk
For more information about these statements, see the Junos OS Administration Library. For more information about how to configure ATM2 IQ interfaces, see theJunos OS Network Interfaces Library for Routing Devices.
The Junos OS implementation of sequence number processing for Layer 2 circuit ATM cell relay mode and Layer 2 circuit AAL5 mode differs from that described in the Internet draft draft-martini-l2circuit-encap-mpls-11.txt, Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks (expires August 2006).
The Junos OS implementation has the following differences:
A packet with a sequence number of 0 is treated as out of sequence.
A packet that does not have the next incremental sequence number is considered out of sequence.
When out-of-sequence packets arrive, the expected sequence number for the neighbor is set to the sequence number in the Layer 2 circuit control word.