Juniper/Cisco MPLS Layer-2 VPN configuration

Here is the following scenario:

The following post will explain how to configure an MPLS Layer-2 VPN, using single interface, to multiple far end interfaces, where both Juniper and Cisco routers are been used.

This is taken from a production network which I configured lately to one of our customers.

Topology setup:

       -          An MPLS network based on LDP/MPLS, IGP, BGP, MP-BGP

       -          AGG1 - An aggregation switch which terminate customer’s layer 2 connections

       -          3x PE routers (PE1 and PE2 are Juniper J6350 and PE3 is Cisco 7206VXR)

       -          Customer’s switches and CPE’s

Note that the interfaces, which connected from the switches, to the MPLS Layer-2 VPN ingress interface, should be in trunk mode.

The following configuration is referring to PE routers:

PE1 Configuration (Juniper router)

      1.       Make sure router’s loopback is configured under mpls and ldp protocols else configure it:

root@PE1# set protocols mpls interface lo0.0 root@PE1# set protocols ldp interface lo0.0

      2.       Configure the physical ingress router interface for 802.1q tagging for a cross-connect:

root@PE1# set interfaces ge-0/0/2 vlan-tagging root@PE1# set interfaces ge-0/0/2 encapsulation vlan-ccc

      3.       Configure the appropriate interfaces as units under the physical interface:

root@PE1# set interfaces ge-0/0/2 unit 2900 encapsulation vlan-ccc vlan-id 2900 root@PE1# set interfaces ge-0/0/2 unit 2077 encapsulation vlan-ccc vlan-id 2077

      4.       Now configure the Layer-2 circuit under protocols:

[edit protocols] root@PE1# set l2circuit neighbor 155.1.1.2 interface ge-0/0/2.2900 virtual-circuit-id 2900 root@PE1# set l2circuit neighbor 155.1.1.2 interface ge-0/0/2.2900 no-control-word root@PE1# set l2circuit neighbor 155.1.1.2 interface ge-0/0/2.2900 encapsulation-type ethernet-vlan root@PE1# set l2circuit neighbor 155.1.1.2 interface ge-0/0/2.2900 mtu 1500  root@PE1# set l2circuit neighbor 155.1.1.3 interface ge-0/0/2.2077 virtual-circuit-id 2900 root@PE1# set l2circuit neighbor 155.1.1.3 interface ge-0/0/2.2077 no-control-word root@PE1# set l2circuit neighbor 155.1.1.3 interface ge-0/0/2.2077 encapsulation-type ethernet-vlan root@PE1# set l2circuit neighbor 155.1.1.3 interface ge-0/0/2.2077 mtu 1500

The configurations are per neighbor and for each VLAN configure a separate interface and interface settings.

     

      5.       Apply commit

root@PE1# commit

PE2 Configuration (Juniper router)

Pretty much the same as PE1

      1.       Make sure router’s loopback is configured under mpls and ldp protocols else configure it:

root@PE2# set protocols mpls interface lo0.0 root@PE2# set protocols ldp interface lo0.0

      2.       Configure the physical ingress router interface for 802.1q tagging for a cross-connect:

root@PE2# set interfaces ge-3/0/0 vlan-tagging root@PE2# set interfaces ge-3/0/0 encapsulation vlan-ccc

      3.       Configure the appropriate interfaces as units under the physical interface:

root@PE2# set interfaces ge-3/0/0 unit 2900 encapsulation vlan-ccc vlan-id 2900

      4.       Now configure the Layer-2 circuit under protocols:

[edit protocols] root@PE2# set l2circuit neighbor 155.1.1.1 interface ge-3/0/0.2900 virtual-circuit-id 2900 root@PE2# set l2circuit neighbor 155.1.1.1 interface ge-3/0/0.2900 no-control-word root@PE2# set l2circuit neighbor 155.1.1.1 interface ge-3/0/0.2900 encapsulation-type ethernet-vlan root@PE2# set l2circuit neighbor 155.1.1.1 interface ge-3/0/0.2900 mtu 1500

      5.       Apply commit

root@PE1# commit

PE3 Configuration (Cisco router)

     

      1.       Configure the physical interface:  

interface GigaEthernet2/0  no ip address  load-interval 30  duplex full end

      2.       Configure the logical interface:

interface GigaEthernet2/0.2077  encapsulation dot1Q 2077  xconnect 155.1.1.1 2077 encapsulation mpls end

      3.       Save the configuration:

Router(config)# wr

Verification

Check Layer-2 link status:

Juniper: root@PE1> show l2circuit connections extensive Layer-2 Circuit Connections: Legend for connection status (St)   EI -- encapsulation invalid      NP -- interface h/w not present   MM -- mtu mismatch               Dn -- down                       EM -- encapsulation mismatch     VC-Dn -- Virtual circuit Down    CM -- control-word mismatch      Up -- operational                VM -- vlan id mismatch           CF -- Call admission control failure OL -- no outgoing label          IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC    TM -- TDM misconfiguration BK -- Backup Connection          ST -- Standby Connection CB -- rcvd cell-bundle size bad  SP -- Static Pseudowire LD -- local site signaled down   RS -- remote site standby RD -- remote site signaled down  XX -- unknown Legend for interface status  Up -- operational            Dn -- down                   Neighbor: 155.1.1.2     Interface                 Type  St     Time last up          # Up trans     ge-0/0/2.2900(vc 2900)    rmt   Up     Feb 12 03:35:59 2012           1       Remote PE: 155.1.1.2, Negotiated control-word: No       Incoming label: 324768, Outgoing label: 319760       Negotiated PW status TLV: No       Local interface: ge-0/0/2.2900, Status: Up, Encapsulation: VLAN     Connection History:         Feb 12 03:35:59 2012  status update timer          Feb 12 03:35:58 2012  PE route changed             Feb 12 03:35:58 2012  Out lbl Update                    319760         Feb 12 03:35:58 2012  In lbl Update                     324768         Feb 12 03:35:58 2012  loc intf up                ge-0/0/2.2900 Neighbor: 155.1.1.3     Interface                 Type  St     Time last up          # Up trans     ge-0/0/2.2077(vc 2077)    rmt   Up     Feb 13 00:34:09 2012           1       Remote PE: 155.1.1.3, Negotiated control-word: No       Incoming label: 324752, Outgoing label: 42       Negotiated PW status TLV: No       Local interface: ge-0/0/2.2077, Status: Up, Encapsulation: VLAN     Connection History:         Feb 13 00:34:09 2012  status update timer          Feb 13 00:34:09 2012  PE route changed             Feb 13 00:34:09 2012  Out lbl Update                        42         Feb 13 00:34:09 2012  In lbl Update                     324752         Feb 13 00:34:09 2012  loc intf up                ge-0/0/2.2077 Cisco: router#show xconnect all detail Legend: XC ST=Xconnect State, S1=Segment1 State, S2=Segment2 State UP=Up, DN=Down, AD=Admin Down, IA=Inactive, NH=No Hardware XC ST  Segment 1                         S1 Segment 2                         S2 ------+---------------------------------+--+---------------------------------+-- UP     ac   Gi2/0.2077 2077(Eth VLAN)    UP mpls 155.1.1.1:2077            UP             Interworking: none                   Local VC label 42                                                               Remote VC label 324752                                                          pw-class: