Juniper MPLS Layer-2 Circuit Configuration

In the following post i will explain how to configure L2 circuit over MPLS network which eventually allow L2 connection between 2 PEs.

Prerequisites

1. Determine all of the routers that you want to participate in the circuit, and then complete the initial configuration of their interfaces.
2. For all of the routers in the circuit configuration, update the interface configurations to enable participation in the Layer 2 circuit.
1. On the interface communicating with the other provider edge (PE) router, specify MPLS and IPv4, and include the IP address. For the loopback interface, specify inet, and include the IP address. For IPv4, designate the loopback interface as primary so it can receive control packets. (Because it is always operational, the loopback interface is best able to perform the control function.)
2. On the PE router interface facing the customer edge (CE) router, specify a circuit cross-connect (CCC) encapsulation type. The type of encapsulation depends on the interface type. For example, an Ethernet interface uses ethernet-ccc. (The encapsulation type determines how the packet is constructed for that interface.)
3. For all of the routers in the circuit configuration, configure the appropriate protocols.
1. MPLS—For PE routers and provider routers, use MPLS to advertise the Layer 2 circuit interfaces that communicate with other PE routers and provider routers.
2. BGP—For PE routers, configure a BGP session.
3. IGP and a signaling protocol—For PE routers, configure a signaling protocol (either LDP or RSVP) to dynamically set up label-switched paths (LSPs) through the provider network. (LDP routes traffic using IGP metrics.
4. In addition, configure an IGP such as OSPF or static routes on the PE routers to enable exchanges of routing information between the PE routers and provider routers. Each PE router's loopback address must appear as a separate route. Do not configure any summarization of the PE router's loopback addresses at the area boundary. Configure the provider network to run OSPF or IS-IS as an IGP, as well as IBGP sessions through either a full mesh or route reflector.

Configure Layer-2 Circuit Juniper to Cisco

The following steps will explain how to configure an MPLS Layer-2 VPN, using single interface, to multiple far end interfaces, where both Juniper and Cisco routers are been used.

Topology setup:

      1.  An MPLS network based on LDP/MPLS, IGP (in my case IS-IS but could be also OSPF) and BGP

      2.  3x PE routers (PE1 and PE2 are Juniper J-series and PE3 is Cisco 7206VXR)

      3.  3x CPEs

Note that the PE-CE connections are set to trunk mode.

The encapsulation type is depended on the PE to CE connection type, a trunk with tagged VLAN traffic will be in vlan-ccc encapsulation mode where access mode interface will be in ethernet-ccc encapsulation mode.

PE1 Configuration (Juniper router)

Loopback 0 IP address: 155.1.1.1

Interface ge-0/0/2 configured as L2 in trunk mode, connects to CE

Interface ge-0/0/1 configured as L3, runs LDP, ISIS and BGP, connects to SP network

     1.       Make sure router’s loopback is configured under mpls and ldp protocols else configure it:

root@PE1# set protocols mpls interface lo0.0 root@PE1# set protocols ldp interface lo0.0

      2.       Configure the physical ingress router interface for 802.1q tagging for a cross-connect:

root@PE1# set interfaces ge-0/0/2 vlan-tagging root@PE1# set interfaces ge-0/0/2 encapsulation vlan-ccc

      3.       Configure the appropriate interfaces as units under the physical interface:

root@PE1# set interfaces ge-0/0/2 unit 2900 encapsulation vlan-ccc vlan-id 2900 root@PE1# set interfaces ge-0/0/2 unit 2077 encapsulation vlan-ccc vlan-id 2077

      4.       Now configure the Layer-2 circuit under protocols:

[edit protocols] root@PE1# set l2circuit neighbor 155.1.1.2 interface ge-0/0/2.2900 virtual-circuit-id 2900 root@PE1# set l2circuit neighbor 155.1.1.2 interface ge-0/0/2.2900 no-control-word root@PE1# set l2circuit neighbor 155.1.1.2 interface ge-0/0/2.2900 encapsulation-type ethernet-vlan root@PE1# set l2circuit neighbor 155.1.1.2 interface ge-0/0/2.2900 mtu 1500  root@PE1# set l2circuit neighbor 155.1.1.3 interface ge-0/0/2.2077 virtual-circuit-id 2900 root@PE1# set l2circuit neighbor 155.1.1.3 interface ge-0/0/2.2077 no-control-word root@PE1# set l2circuit neighbor 155.1.1.3 interface ge-0/0/2.2077 encapsulation-type ethernet-vlan root@PE1# set l2circuit neighbor 155.1.1.3 interface ge-0/0/2.2077 mtu 1500

The configurations are per neighbor and for each VLAN configure a separate interface and interface settings.

      5.       Apply commit

root@PE1# commit

PE2 Configuration (Juniper router)

Loopback 0 IP address: 155.1.1.2

Interface ge-3/0/0 configured as L2 in trunk mode, connects to CE

Interface ge-0/0/1 configured as L3, runs LDP, ISIS and BGP, connects to SP network

The configuration is pretty much the same as PE1

     

     1.       Make sure router’s loopback is configured under mpls and ldp protocols else configure it:

root@PE2# set protocols mpls interface lo0.0 root@PE2# set protocols ldp interface lo0.0

      2.       Configure the physical ingress router interface for 802.1q tagging for a cross-connect:

root@PE2# set interfaces ge-3/0/0 vlan-tagging root@PE2# set interfaces ge-3/0/0 encapsulation vlan-ccc

      3.       Configure the appropriate interfaces as units under the physical interface:

root@PE2# set interfaces ge-3/0/0 unit 2900 encapsulation vlan-ccc vlan-id 2900

      4.       Now configure the Layer-2 circuit under protocols:

[edit protocols] root@PE2# set l2circuit neighbor 155.1.1.1 interface ge-3/0/0.2900 virtual-circuit-id 2900 root@PE2# set l2circuit neighbor 155.1.1.1 interface ge-3/0/0.2900 no-control-word root@PE2# set l2circuit neighbor 155.1.1.1 interface ge-3/0/0.2900 encapsulation-type ethernet-vlan root@PE2# set l2circuit neighbor 155.1.1.1 interface ge-3/0/0.2900 mtu 1500

      5.       Apply commit

root@PE1# commit

PE3 Configuration (Cisco router)

Loopback 0 IP address: 155.1.1.3

Interface gi2/0 configured as L2 in trunk mode, connects to CE

Interface gi0/1 configured as L3, runs LDP, ISIS and BGP, connects to SP network

      

      1.       Configure the physical interface:

interface GigaEthernet2/0  no ip address  load-interval 30  duplex full end

      2.       Configure the logical interface:

interface GigaEthernet2/0.2077  encapsulation dot1Q 2077  xconnect 155.1.1.1 2077 encapsulation mpls end

      3.       Save the configuration:

Router(config)# wr

Verification

Check Layer-2 link status:

Juniper: root@PE1> show l2circuit connections extensive Layer-2 Circuit Connections: Legend for connection status (St)   EI -- encapsulation invalid      NP -- interface h/w not present   MM -- mtu mismatch               Dn -- down                       EM -- encapsulation mismatch     VC-Dn -- Virtual circuit Down    CM -- control-word mismatch      Up -- operational                VM -- vlan id mismatch           CF -- Call admission control failure OL -- no outgoing label          IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC    TM -- TDM misconfiguration BK -- Backup Connection          ST -- Standby Connection CB -- rcvd cell-bundle size bad  SP -- Static Pseudowire LD -- local site signaled down   RS -- remote site standby RD -- remote site signaled down  XX -- unknown Legend for interface status  Up -- operational            Dn -- down                   Neighbor: 155.1.1.2     Interface                 Type  St     Time last up          # Up trans     ge-0/0/2.2900(vc 2900)    rmt   Up     Feb 12 03:35:59 2012           1       Remote PE: 155.1.1.2, Negotiated control-word: No       Incoming label: 324768, Outgoing label: 319760       Negotiated PW status TLV: No       Local interface: ge-0/0/2.2900, Status: Up, Encapsulation: VLAN     Connection History:         Feb 12 03:35:59 2012  status update timer          Feb 12 03:35:58 2012  PE route changed             Feb 12 03:35:58 2012  Out lbl Update                    319760         Feb 12 03:35:58 2012  In lbl Update                     324768         Feb 12 03:35:58 2012  loc intf up                ge-0/0/2.2900 Neighbor: 155.1.1.3     Interface                 Type  St     Time last up          # Up trans     ge-0/0/2.2077(vc 2077)    rmt   Up     Feb 13 00:34:09 2012           1       Remote PE: 155.1.1.3, Negotiated control-word: No       Incoming label: 324752, Outgoing label: 42       Negotiated PW status TLV: No       Local interface: ge-0/0/2.2077, Status: Up, Encapsulation: VLAN     Connection History:         Feb 13 00:34:09 2012  status update timer          Feb 13 00:34:09 2012  PE route changed             Feb 13 00:34:09 2012  Out lbl Update                        42         Feb 13 00:34:09 2012  In lbl Update                     324752         Feb 13 00:34:09 2012  loc intf up                ge-0/0/2.2077 Cisco: router#show xconnect all detail Legend: XC ST=Xconnect State, S1=Segment1 State, S2=Segment2 State UP=Up, DN=Down, AD=Admin Down, IA=Inactive, NH=No Hardware XC ST  Segment 1                         S1 Segment 2                         S2 ------+---------------------------------+--+---------------------------------+-- UP     ac   Gi2/0.2077 2077(Eth VLAN)    UP mpls 155.1.1.1:2077            UP             Interworking: none                   Local VC label 42                                                               Remote VC label 324752                                                          pw-class:

Send ICMP on MPLS

root@PE1> ping mpls l2circuit interface ge-0/0/2.2900 size 1500 count 100

Juniper/Cisco MPLS Layer-2 VPN configuration

Here is the following scenario:

The following post will explain how to configure an MPLS Layer-2 VPN, using single interface, to multiple far end interfaces, where both Juniper and Cisco routers are been used.

This is taken from a production network which I configured lately to one of our customers.

Topology setup:

       -          An MPLS network based on LDP/MPLS, IGP, BGP, MP-BGP

       -          AGG1 - An aggregation switch which terminate customer’s layer 2 connections

       -          3x PE routers (PE1 and PE2 are Juniper J6350 and PE3 is Cisco 7206VXR)

       -          Customer’s switches and CPE’s

Note that the interfaces, which connected from the switches, to the MPLS Layer-2 VPN ingress interface, should be in trunk mode.

The following configuration is referring to PE routers:

PE1 Configuration (Juniper router)

      1.       Make sure router’s loopback is configured under mpls and ldp protocols else configure it:

root@PE1# set protocols mpls interface lo0.0 root@PE1# set protocols ldp interface lo0.0

      2.       Configure the physical ingress router interface for 802.1q tagging for a cross-connect:

root@PE1# set interfaces ge-0/0/2 vlan-tagging root@PE1# set interfaces ge-0/0/2 encapsulation vlan-ccc

      3.       Configure the appropriate interfaces as units under the physical interface:

root@PE1# set interfaces ge-0/0/2 unit 2900 encapsulation vlan-ccc vlan-id 2900 root@PE1# set interfaces ge-0/0/2 unit 2077 encapsulation vlan-ccc vlan-id 2077

      4.       Now configure the Layer-2 circuit under protocols:

[edit protocols] root@PE1# set l2circuit neighbor 155.1.1.2 interface ge-0/0/2.2900 virtual-circuit-id 2900 root@PE1# set l2circuit neighbor 155.1.1.2 interface ge-0/0/2.2900 no-control-word root@PE1# set l2circuit neighbor 155.1.1.2 interface ge-0/0/2.2900 encapsulation-type ethernet-vlan root@PE1# set l2circuit neighbor 155.1.1.2 interface ge-0/0/2.2900 mtu 1500  root@PE1# set l2circuit neighbor 155.1.1.3 interface ge-0/0/2.2077 virtual-circuit-id 2900 root@PE1# set l2circuit neighbor 155.1.1.3 interface ge-0/0/2.2077 no-control-word root@PE1# set l2circuit neighbor 155.1.1.3 interface ge-0/0/2.2077 encapsulation-type ethernet-vlan root@PE1# set l2circuit neighbor 155.1.1.3 interface ge-0/0/2.2077 mtu 1500

The configurations are per neighbor and for each VLAN configure a separate interface and interface settings.

     

      5.       Apply commit

root@PE1# commit

PE2 Configuration (Juniper router)

Pretty much the same as PE1

      1.       Make sure router’s loopback is configured under mpls and ldp protocols else configure it:

root@PE2# set protocols mpls interface lo0.0 root@PE2# set protocols ldp interface lo0.0

      2.       Configure the physical ingress router interface for 802.1q tagging for a cross-connect:

root@PE2# set interfaces ge-3/0/0 vlan-tagging root@PE2# set interfaces ge-3/0/0 encapsulation vlan-ccc

      3.       Configure the appropriate interfaces as units under the physical interface:

root@PE2# set interfaces ge-3/0/0 unit 2900 encapsulation vlan-ccc vlan-id 2900

      4.       Now configure the Layer-2 circuit under protocols:

[edit protocols] root@PE2# set l2circuit neighbor 155.1.1.1 interface ge-3/0/0.2900 virtual-circuit-id 2900 root@PE2# set l2circuit neighbor 155.1.1.1 interface ge-3/0/0.2900 no-control-word root@PE2# set l2circuit neighbor 155.1.1.1 interface ge-3/0/0.2900 encapsulation-type ethernet-vlan root@PE2# set l2circuit neighbor 155.1.1.1 interface ge-3/0/0.2900 mtu 1500

      5.       Apply commit

root@PE1# commit

PE3 Configuration (Cisco router)

     

      1.       Configure the physical interface:  

interface GigaEthernet2/0  no ip address  load-interval 30  duplex full end

      2.       Configure the logical interface:

interface GigaEthernet2/0.2077  encapsulation dot1Q 2077  xconnect 155.1.1.1 2077 encapsulation mpls end

      3.       Save the configuration:

Router(config)# wr

Verification

Check Layer-2 link status:

Juniper: root@PE1> show l2circuit connections extensive Layer-2 Circuit Connections: Legend for connection status (St)   EI -- encapsulation invalid      NP -- interface h/w not present   MM -- mtu mismatch               Dn -- down                       EM -- encapsulation mismatch     VC-Dn -- Virtual circuit Down    CM -- control-word mismatch      Up -- operational                VM -- vlan id mismatch           CF -- Call admission control failure OL -- no outgoing label          IB -- TDM incompatible bitrate NC -- intf encaps not CCC/TCC    TM -- TDM misconfiguration BK -- Backup Connection          ST -- Standby Connection CB -- rcvd cell-bundle size bad  SP -- Static Pseudowire LD -- local site signaled down   RS -- remote site standby RD -- remote site signaled down  XX -- unknown Legend for interface status  Up -- operational            Dn -- down                   Neighbor: 155.1.1.2     Interface                 Type  St     Time last up          # Up trans     ge-0/0/2.2900(vc 2900)    rmt   Up     Feb 12 03:35:59 2012           1       Remote PE: 155.1.1.2, Negotiated control-word: No       Incoming label: 324768, Outgoing label: 319760       Negotiated PW status TLV: No       Local interface: ge-0/0/2.2900, Status: Up, Encapsulation: VLAN     Connection History:         Feb 12 03:35:59 2012  status update timer          Feb 12 03:35:58 2012  PE route changed             Feb 12 03:35:58 2012  Out lbl Update                    319760         Feb 12 03:35:58 2012  In lbl Update                     324768         Feb 12 03:35:58 2012  loc intf up                ge-0/0/2.2900 Neighbor: 155.1.1.3     Interface                 Type  St     Time last up          # Up trans     ge-0/0/2.2077(vc 2077)    rmt   Up     Feb 13 00:34:09 2012           1       Remote PE: 155.1.1.3, Negotiated control-word: No       Incoming label: 324752, Outgoing label: 42       Negotiated PW status TLV: No       Local interface: ge-0/0/2.2077, Status: Up, Encapsulation: VLAN     Connection History:         Feb 13 00:34:09 2012  status update timer          Feb 13 00:34:09 2012  PE route changed             Feb 13 00:34:09 2012  Out lbl Update                        42         Feb 13 00:34:09 2012  In lbl Update                     324752         Feb 13 00:34:09 2012  loc intf up                ge-0/0/2.2077 Cisco: router#show xconnect all detail Legend: XC ST=Xconnect State, S1=Segment1 State, S2=Segment2 State UP=Up, DN=Down, AD=Admin Down, IA=Inactive, NH=No Hardware XC ST  Segment 1                         S1 Segment 2                         S2 ------+---------------------------------+--+---------------------------------+-- UP     ac   Gi2/0.2077 2077(Eth VLAN)    UP mpls 155.1.1.1:2077            UP             Interworking: none                   Local VC label 42                                                               Remote VC label 324752                                                          pw-class: