One of the biggest misconceptions I had before moving into the service provider space was that all layer 2 operations had been replaced with layer 3. I quickly found out that even if you are routing everything there are still a lot of layer 2 overlays in place, carrier ethernet, or even spanning-tree (STP). Running these technologies, hopefully not STP, is especially important rural broadband, electric co-ops, and telcos to enable things such as IP conservation and subscriber management on a broadband network gateway.
The side effect of layer 2 transport technologies being so heavily used in last mile internet service providers is having to understand vlan tagging operations. The are occasions where one side of the circuit will be double tagged and the other side will be single tagged or everything will be double tagged/single tagged/untagged. Let’s take a quickly look at some simple tag operations on IP Infusions OcNOS SP 6.0.
IGP and MPLS setup
We setup a simple topology of isis and ldp to create VPWS circuits. We are going to build two circuits in this example.
We are going to attach the circuits to the same physical ports and utilize tags to place the traffic into the correct VPWS circuit. Mikrotik-1 is double tagged and Mikrotik-2 is single tagged.
If you’ve built pseudowires on OcNOS before you might be familiar with the service-template model. However, when building VPWS circuits and utilizing the same interface this isn’t an option. You have to make a subinterface that is a switchport. This also changes the method for tag operations.
The switchport subinterfaces are then assigned as an access interface matching specific tags. In this case outer tag 3 and inner tag 400-499. On IPI-2 we are expecting single tagged frames instead of double tagged. This is where the rewrite pop comes in. This will remove the outer tag on ingress to the PW and push it back on on egress towards Mikrotik-1.
Since the AC towards Mikrotik-2 is only expecting single tagged packets we just do a simple match on encapsulation.
Let’s do some verification. First we’ll verify that the circuits are up.
ipi-2.lab.jan1.us.ipa.net#show ldp targeted-peers
IP Address Interface
100.127.0.1 xe48
ipi-2.lab.jan1.us.ipa.net#show ldp mpls-l2-circuit
Transport Client VC VC Local Remote Destination
VC ID Binding State Type VC Label VC Label Address
123 xe11.400 UP Ethernet VLAN 25602 26240 100.127.0.1
1234 xe11.4 UP Ethernet VLAN 25603 26241 100.127.0.1
ipi-2.lab.jan1.us.ipa.net#show ldp mpls-l2-circuit detail
PW ID: 123, VC state is up
Access IF: xe11.400,up,AC state is up
Session IF: xe48, state is up
Destination: 100.127.0.1, Peer LDP Ident: 100.127.0.1
Local vctype: vlan, remote vctype :vlan
Local groupid: 0, remote groupid: 0
Local label: 25602, remote label: 26240
Local MTU: 1500, Remote MTU: 1500
Local Control Word: disabled Remote Control Word: Not-Applicable Current use: disabled
Local Flow Label Direction: Disabled, Static: Disabled
Remote Flow Label Direction: Both , Static: Disabled
Local PW Status Capability : disabled
Remote PW Status Capability : disabled
Current PW Status TLV : disabled
PW ID: 1234, VC state is up
Access IF: xe11.4,up,AC state is up
Session IF: xe48, state is up
Destination: 100.127.0.1, Peer LDP Ident: 100.127.0.1
Local vctype: vlan, remote vctype :vlan
Local groupid: 0, remote groupid: 0
Local label: 25603, remote label: 26241
Local MTU: 1500, Remote MTU: 1500
Local Control Word: disabled Remote Control Word: Not-Applicable Current use: disabled
Local Flow Label Direction: Disabled, Static: Disabled
Remote Flow Label Direction: Disabled, Static: Disabled
Local PW Status Capability : disabled
Remote PW Status Capability : disabled
Current PW Status TLV : disabled
We have successfully manipulated the tags and passed traffic end to end. We started with a double tagged packet, pop off the outer tag, placed it into a PW, spit out a single tagged packet, and had end to end reachability.
Conclusion
There are various methods and configurations to manipulate traffic. This is one of the more common examples of tag manipulation that occurs in broadband aggregation. I will explore tag manipulation with service-templates and VPLS in a later post.
With the current state of the supply chain lead times for networking gear can be astronomical. This led consumers to look at other options for networking equipment forcing the whitebox and disaggregated networking market to become more prevalent.
With full featured operating systems like IP Infusion‘s OcNOS 6.0 and commodity hardware from Ufispace and Edgecore companies have been about to upgrade faster and further than ever before.
We’ll be looking at the ufispace 9600-32s and 9500-30xs in this deployment. This is shaping up to be a great combination for 100g and 10g density. Since both run the same operating system moving between is easy. While the bigger Qumran2c, 9600-32s, doesn’t support breakouts/10g we can aggregate and terminate 100g services here while using a small device to delivery 10g density and breakout.
We’re going to look specifically at VPLS and VPWS delivery in this deployment. Since these deployments typically complement existing deployments we’ll look at interop with a Calix e9-2 ASM 3001 deployment.
I know Calix doesn’t normally come to mind for MPLS deployments but more for FTTX or ERPS. However, they’ve been putting a lot of effort into their MPLS stack on the e9-2 ASM platform which has helped led to this testing.
We also have an Arista 7280CR3K-32P4 acting as a p-router during link failure.
IGP/LDP Setup
We’re going to run isis as an IGP which is typical in a service provider network. This time we’re going to run straight LDP instead of SR-MPLS, however, you can still utilize SR-MPLS with a mapping server if your topology supports it.
Let’s verify IGP/LDP and routing.
ASM3001# show isis neighbors
NEIGHBOR HOLD CIRCUIT
SYSTEM ID TYPE INTERFACE STATE TIME ID
-------------------------------------------------------
0010.0127.0118 L2 la3 UP 23 3
0010.0127.0119 L2 la4 UP 26 4
details
NEIGHBOR HOLD CIRCUIT
SYSTEM ID TYPE INTERFACE STATE TIME ID
-------------------------------------------------------
0010.0127.0118 L2 la3 UP 23 3
Hostname:ufispace-100
SNPA:e8c5.7a77.a655
State Changed:3214
LAN Priority:0
Restart Capable:1
Peer Restart State:1
0010.0127.0119 L2 la4 UP 26 4
Hostname:ARISTA
SNPA:c4ca.2b66.fb6d
State Changed:3152
LAN Priority:0
Restart Capable:1
Peer Restart State:1
-------------------------------------------------------
ASM3001# show mpls ldp neighbors
LOOP INTERFACE
INDEX PEER LDP ID LOCAL LDP ID TYPE SESSION DISTMODE DETECTION TRANS ADD NAME
---------------------------------------------------------------------------------------------------------------
1 100.127.0.118:0 100.127.0.117:0 TARGETED DownstreamUnsolicited Disabled 100.127.0.119 none
2 100.127.0.118:0 100.127.0.117:0 DIRECTED DownstreamUnsolicited Disabled 100.127.0.119 la3
3 100.127.0.119:0 100.127.0.117:0 DIRECTED DownstreamUnsolicited Disabled 100.127.0.119 la4
ASM3001# show ip route all
ROUTE
INDEX PREFIX NEXT HOP TYPE DISTANCE INTERFACE UPTIME
----------------------------------------------------------------------------
1 100.126.2.160/29 100.126.2.161 local 0/0 la3 0:9:47
2 100.126.2.161/32 0.0.0.0 local 0/0 la3 0:9:47
3 100.126.2.168/29 100.126.2.169 local 0/0 la4 0:9:42
4 100.126.2.169/32 0.0.0.0 local 0/0 la4 0:9:42
5 100.126.2.176/29 100.126.2.162 isis 115/20 la3 0:9:33
6 100.126.2.170 isis 115/20 la4 0:9:33
7 100.126.2.184/29 100.126.2.162 isis 115/20 la3 0:9:33
8 100.127.0.117/32 0.0.0.0 local 0/0 loopback1 0:9:53
9 100.127.0.118/32 100.126.2.162 isis 115/20 la3 0:9:33
10 100.127.0.119/32 100.126.2.170 isis 115/20 la4 0:9:33
11 100.127.0.120/32 100.126.2.162 isis 115/30 la3 0:9:33
ASM3001# ping 100.127.0.120
PING 100.127.0.120 (100.127.0.120) 56(84) bytes of data.
64 bytes from 100.127.0.120: icmp_seq=1 ttl=63 time=0.778 ms
64 bytes from 100.127.0.120: icmp_seq=2 ttl=63 time=0.722 ms
OcNOS-SW#show clns neighbors
Total number of L1 adjacencies: 0
Total number of L2 adjacencies: 1
Total number of adjacencies: 1
Tag UNDERLAY: VRF : default
System Id Interface SNPA State Holdtime Type Protocol
ufispace-100 po1 e8c5.7a77.a657 Up 26 L2 IS-IS
OcNOS-SW#ping 100.127.0.117 source-ip 100.127.0.120
Press CTRL+C to exit
PING 100.127.0.117 (100.127.0.117) from 100.127.0.120 : 56(84) bytes of data.
64 bytes from 100.127.0.117: icmp_seq=1 ttl=64 time=0.811 ms
64 bytes from 100.127.0.117: icmp_seq=2 ttl=64 time=0.746 ms
Since we have LDP neighbors and loopback to loopback reachability we can begin to build our services.
100g VPWS
First we’ll build a VPWS service between the E9-2 and ufispace-100 to verify functionality. We’ll utilize a TX300s-100GX test set to push traffic through the service.
First lets look at the ASM configuration for the xconnect.
Below you can see the config for the interface facing the test set. This will put the traffic into the VPWS service.
ASM3001# show running-config interface ethernet 1/2/q7
interface ethernet 1/2/q7
no shutdown
role uni
arp arp-announce any
l2transport
point-to-point 200
!
!
Now we can see the same on the IP infusion side.
ufispace-100#show run mpls
!
service-template TEST
match all
!
mpls l2-circuit TEST-VPWS 200 100.127.0.117
ufispace-100#show run int ce17
!
interface ce17
switchport
mtu 1986
mpls-l2-circuit TEST-VPWS service-template TEST primary
!
Finally lets verify functionality. I did a verbose output of the circuit details to help see all of the details. Some important things to match are the MTU and if it’s a vlan or raw service.
IP Infusion sets the MTU on the attachment circuit while Calix is inherited from the default interface value of 2000 minus some overhead.
ufispace-100#show ldp mpls-l2-circuit detail
PW ID: 200, VC state is up
Access IF: ce17,up,AC state is up
Session IF: po1, state is up
Destination: 100.127.0.117, Peer LDP Ident: 100.127.0.117
Local vctype: vlan, remote vctype :vlan
Local groupid: 0, remote groupid: 0
Local label: 24962, remote label: 26
Local MTU: 1986, Remote MTU: 1986
Local Control Word: disabled Remote Control Word: Not-Applicable Current use: disabled
Local Flow Label Direction: Disabled, Static: Disabled
Remote Flow Label Direction: Disabled, Static: Disabled
Local PW Status Capability : disabled
Remote PW Status Capability : enabled
Current PW Status TLV : disabled
Local VCCV Capability:
CC-Types: None
CV-Types: None
Remote VCCV Capability:
CC-Types: Type 3
CV-Types:
LSP ping
ASM3001# show l2vpn xconnect pw-id 200
l2vpn xconnect pw-id 200
XCONNECT NAME STATE
--------------------------------- ---------------
200 Up
-------------------------------------------------
VPWS Index : 2
VPN Key : 131074
% 1 entries in the table.
AC Details
-------------------------------------------------
INTERFACE VLAN STATE TYPE MTU VPWS-INDEX
------------ --------- --------------- ---------- --------- -----------
1/2/q7 NA Active Tagged 1986 2
% 1 entries in the table.
PW Details
-------------------------------------------------
PW-ID PW-STATE PW-CLASS ENCAPSULATION PROTOCOL ADMIN-STATE REDUNDANCY-STATE VPWS-INDEX
------ ----------------- --------------------- -------------- --------- ------------ ----------------- ----------
200 Up PWE-1 MPLS LDP Up NA 2
-----------------------------------------------------------------------------------------------------------------
PW-INFO LOCAL REMOTE
------------- -------------------- --------------------
Address 100.127.0.117 100.127.0.118
PW ID 200 uNknOwn
PW type Tagged uNknoWn
Label 26 24962
MTU 1986 1986
Control Word Disabled uNknOwn
Status TLV Enabled Disabled
CC Type 4 0
CV Type 2 0
Local Status (PW Status TLV): 0x6
Remote Status (PW Status TLV): 0x0
Create time: 2022-09-10 09:17:23
Last time status changed: 2022-09-10 09:30:28
% 1 entries in the table.
Finally, we can see 95g of traffic across the circuit with the test set.
10g VPLS
Next we will look at a 10g VPLS service delivered off the extension switch. We already saw end to end reachability in the IGP setup so we will start with configuration.
On the ASM you build a bridge domain and tie it to a virtual forwarding instance.
Again, we tie the interface facing the test kit into the bridge-domain. This will put the traffic into the VPLS instance.
ASM3001# show running-config interface ethernet 1/1/x15
interface ethernet 1/1/x15
no shutdown
role uni
arp arp-announce any
l2transport
rewrite-ingress tag add dot1q 220
!
bridge-domain 220
!
!
!
Here we also have to define the peers for targeted hellos in LDP.
OcNOS-SW#show run ldp
!
router ldp
router-id 100.127.0.120
graceful-restart full
targeted-peer ipv4 100.127.0.117
exit-targeted-peer-mode
transport-address ipv4 100.127.0.120
!
Finally, we attached the a port to the service and plug in the test kit.
OcNOS-SW#show run int xe15
!
interface xe15
switchport
mtu 9086
mpls-vpls TEST-VPLS service-template TEST
exit-if-vpls
!
Again, we will look at the verbose output and pay attention to MTU and VPLS type, vlan in this case.
OcNOS-SW#show mpls vpls detail
Virtual Private LAN Service Instance: TEST-VPLS, ID: 220
SIG-Protocol: LDP
Attachment-Circuit :UP
Learning: Enabled
Control-Word: Disabled
Flow Label Status: Disabled, Direction: None, Static: No
Group ID: 0, VPLS Type: Ethernet VLAN, Configured MTU: 9086
Description: none
service-tpid: dot1.q
Operating mode: Tagged
Svlan Id: 0
Svlan Tpid: 8100
Configured interfaces:
Interface: xe15
Service-template : TEST
Match criteria : Accept all
Mesh Peers:
100.127.0.117 (Up)
ASM3001# show l2vpn bridge-domain bd-name 220
l2vpn bridge-domain bd-name 220
BRIDGE DOMAIN NAME STATE
--------------------------------- ---------------
220 Up
-------------------------------------------------
VPLS Index : 3
VPN Key : 65539
MTU : 9086
MAC Learning : ENABLE
MAC Aging Time : 300
MAC Limit Max : 1024
MAC Action : FLOOD
AD Type : NONE
SIG type : NONE
Transport Mode : ETHERNET TAGGED
Control Word : DISABLE
Route Distinguisher: 0x0000000000000000(NULL)
VPLS ID : 0x0000000000000000(DEFAULT)
VE ID : 0
VE Range : 8
% 1 entries in the table.
AC Details
------------ --------------- ---------- ------------ ---------------
DESCRIPTION STATE TYPE VPLS INDEX SPLIT HORIZON
------------ --------------- ---------- ------------ ---------------
1.x15 Active Ethernet 3 Disabled
% 1 entries in the table.
PW Details
PW-ID STATE PW-Class ENCAPSULATION VPLS-INDEX ADMIN-STATE
--------------- ----------- --------------------- -------------- ---------- ------------
220 Up vlan-pwe MPLS 3 Up
------------------------------------------------------------------------------------
------------- -------------------- --------------------
PW LOCAL REMOTE
------------- -------------------- --------------------
Address 100.127.0.117 100.127.0.120
PW ID 220 uNknOwn
PW type Tagged uNknoWn
Label 34 24961
MTU 9086 9086
Control Word Disabled uNknOwn
Status TLV Enabled Disabled
CC Type 4 0
CV Type 2 0
Create time: 2022-09-10 09:55:06
Last time status changed: 2022-09-10 09:58:56
% 1 entries in the table.
Finally, we can see all of the traffic on the test set across the circuit.
Conclusion
Disaggregated networking provides an alternative to traditional vendors and these are real world examples of service deployment for service providers. A special thanks to Sorin Esanu and Race Communications for organizing this test environment as a proof of concept for their deployment.
A while back we published a blog on ip infusion‘s OcNOS and MikroTik interop with segment routing mpls and LDP. Today we are going to build on the fundamentals learned there to test VPNv4 and VPNv6 interoperability with Juniper.
We’re going to start with the same topology from the previous post but with juniper instead of mikrotik. Of course juniper could run isis end to end to eliminate the redistribution but we’re going to continue to use OSPF and LDP. OSPF and LDP are largely deployed and it is likely you will come across this scenario in your path towards SR-MPLS.
MPLS/IGP Setup
The first thing to accomplish is end to end reachability between the provider edge (PE) routers.
MPLS only requires the /32s of the loopbacks for functionality so redistribution is limited to the /32 loopbacks of the PE routers. If we ran isis end to end we would not have to perform this redistribution.
ipi-2.lab.jan1.us.ipa.net#
ip prefix-list LDP-PE-LOOPBACKS
seq 10 permit 100.127.2.0/24 eq 32
!
ip prefix-list SR-PE-LOOPBACKS
seq 10 permit 100.127.0.0/24 eq 32
!
route-map REDIS-OSPF-TO-ISIS permit 10
match ip address prefix-list LDP-PE-LOOPBACKS
!
route-map REDIS-ISIS-TO-OSPF permit 10
match ip address prefix-list SR-PE-LOOPBACKS
!
router isis UNDERLAY
is-type level-1-2
metric-style wide
mpls traffic-eng router-id 100.127.0.2
mpls traffic-eng level-1
mpls traffic-eng level-2
capability cspf
dynamic-hostname
fast-reroute ti-lfa level-1 proto ipv4
fast-reroute ti-lfa level-2 proto ipv4
net 49.0015.1001.2700.0002.00
redistribute ospf level-1-2 route-map REDIS-OSPF-TO-ISIS
segment-routing mpls
!
router ospf
ospf router-id 100.127.0.2
redistribute isis UNDERLAY route-map REDIS-ISIS-TO-OSPF
passive-interface lo enable
network 100.126.0.0/29 area 0.0.0.0
network 100.126.0.8/29 area 0.0.0.0
network 100.127.0.2/32 area 0.0.0.0
!
ipi-1.lab.jan1.us.ipa.net#ping 100.127.2.2 source-ip 100.127.0.1
Press CTRL+C to exit
PING 100.127.2.2 (100.127.2.2) from 100.127.0.1 : 56(84) bytes of data.
64 bytes from 100.127.2.2: icmp_seq=1 ttl=63 time=6.30 ms
64 bytes from 100.127.2.2: icmp_seq=2 ttl=63 time=2.09 ms
64 bytes from 100.127.2.2: icmp_seq=3 ttl=63 time=5.83 ms
Now that we have loopback to loopback reachability we will stitch together the LDP and segment routing (SR) domains.
IPI-1 is going to server as a segment routing mapping server. This will assign labels to the routes in the LDP label space and distribute them to through the SR domain so we can have an end to end label switched path enabling the use of MPLS services.
segment-routing
mpls sr-prefer
global block 16000 23999
mapping-server
srms preference 100
prefix-sid-map address-family ipv4
100.127.2.0/32 4000 range 256
exit-ms-af
exit-ms
This will start with prefix 100.127.2.0/32 add 4000 to the segment routing global block starting point (16000 as defined) and be able to label the next 256 routes in order. i.e. 100.127.2.1/32 gets the node sid 20001. IPI-2 shows the stitching in action.
Let’s look at the label space.
ipi-2.lab.jan1.us.ipa.net#show mpls ilm-table
Codes: > - installed ILM, * - selected ILM, p - stale ILM
K - CLI ILM, T - MPLS-TP, s - Stitched ILM
S - SNMP, L - LDP, R - RSVP, C - CRLDP
B - BGP , K - CLI , V - LDP_VC, I - IGP_SHORTCUT
O - OSPF/OSPF6 SR, i - ISIS SR, k - SR CLI
P - SR Policy, U - unknown
Code FEC/VRF/L2CKT ILM-ID In-Label Out-Label In-Intf Out-Intf
/VRF Nexthop LSP-Type
i> 100.127.0.1/32 4 16101 3 N/A xe48
100.126.0.1 LSP_DEFAULT
B> evpn:1 3 17 Nolabel N/A N/A
127.0.0.1 LSP_DEFAULT
B> evpn:2 1 16 Nolabel N/A N/A
127.0.0.1 LSP_DEFAULT
B> evpn:1 2 640 Nolabel N/A N/A
127.0.0.1 LSP_DEFAULT
L> 100.127.0.1/32 8 24961 3 N/A xe48
100.126.0.1 LSP_DEFAULT
s i> 100.127.2.2/32 9 20002 3 N/A xe47.1
100.126.0.10 LSP_DEFAULT
i> 100.127.0.2/32 5 16102 Nolabel N/A N/A
127.0.0.1 LSP_DEFAULT
i> 100.126.0.1/32 6 25600 3 N/A xe48
100.126.0.1 LSP_DEFAULT
L> 100.127.2.2/32 10 24962 3 N/A xe47.1
100.126.0.10 LSP_DEFAULT
The highlighted label above shows the stitching in action as denoted by the s. IMPORTANTmpls lsp-stitching needs to be enabled on any router in the SR and LDP domain.
IPI-1 only sees isis-sr labels and QFX-2 only sees LDP labels as shown below.
ipi-1.lab.jan1.us.ipa.net#show mpls ilm-table
Codes: > - installed ILM, * - selected ILM, p - stale ILM
K - CLI ILM, T - MPLS-TP, s - Stitched ILM
S - SNMP, L - LDP, R - RSVP, C - CRLDP
B - BGP , K - CLI , V - LDP_VC, I - IGP_SHORTCUT
O - OSPF/OSPF6 SR, i - ISIS SR, k - SR CLI
P - SR Policy, U - unknown
Code FEC/VRF/L2CKT ILM-ID In-Label Out-Label In-Intf Out-Intf
/VRF Nexthop LSP-Type
i> 100.127.0.1/32 4 16101 Nolabel N/A N/A
127.0.0.1 LSP_DEFAULT
B> evpn:1 3 17 Nolabel N/A N/A
127.0.0.1 LSP_DEFAULT
B> evpn:100 1 16 Nolabel N/A N/A
127.0.0.1 LSP_DEFAULT
B> evpn:1 2 640 Nolabel N/A N/A
127.0.0.1 LSP_DEFAULT
P> 100.127.0.2/32 7 20 3 N/A xe48
100.126.0.2 LSP_DEFAULT
i> 100.127.2.2/32 8 20002 20002 N/A xe48
100.126.0.2 LSP_DEFAULT
i> 100.127.0.2/32 6 16102 3 N/A xe48
100.126.0.2 LSP_DEFAULT
i> 100.126.0.2/32 5 26240 3 N/A xe48
100.126.0.2 LSP_DEFAULT
B> VOICE 9 24960 Nolabel N/A VOICE
N/A LSP_DEFAULT
[email protected]# run show route table inet.3
inet.3: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
100.126.0.0/29 *[LDP/9] 01:14:11, metric 1
> to 100.126.0.9 via xe-0/0/47.0
100.127.0.1/32 *[LDP/9] 01:14:11, metric 1
> to 100.126.0.9 via xe-0/0/47.0, Push 24961
100.127.0.2/32 *[LDP/9] 01:14:11, metric 1
> to 100.126.0.9 via xe-0/0/47.0
L3VPN
It is common to place a voice services into a layer 3 vpn. So first we’ll setup a VPNv4 session. Then build the vrf and test end to end reachability.
[email protected]# show routing-instances
VOICE {
instance-type vrf;
interface xe-0/0/47.10;
interface xe-0/0/47.100;
route-distinguisher 100.127.2.2:1;
vrf-target target:65000:12;
vrf-table-label;
}
[email protected]# show interfaces xe-0/0/47
vlan-tagging;
unit 0 {
vlan-id 1;
family inet {
address 100.126.0.10/29;
}
family iso;
family mpls;
}
unit 10 {
vlan-id 10;
family inet {
address 172.16.2.1/24;
}
family inet6 {
address 2001:db8:0:1::1/64;
}
}
[email protected]# show protocols bgp
group VPN {
family inet-vpn {
unicast;
}
family inet6-vpn {
unicast;
}
export PS-DIRECT;
peer-as 65000;
neighbor 100.127.0.1;
}
local-address 100.127.2.2;
local-as 65000;
We are building the vrf VOICE with route-target import and export 65000:12 for membership.
ipi-1.lab.jan1.us.ipa.net#show ip bgp vpnv4 all summary
BGP router identifier 100.127.0.1, local AS number 65000
BGP table version is 2
1 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd
100.127.2.2 4 65000 368 354 2 0 0 02:09:07 2
Total number of neighbors 1
Total number of Established sessions 1
[email protected]# run show bgp summary
Threading mode: BGP I/O
Groups: 1 Peers: 1 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.l3vpn.0
1 1 0 0 0 0
bgp.l3vpn-inet6.0
1 1 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
100.127.0.1 65000 319 313 0 7 2:14:50 Establ
bgp.l3vpn.0: 1/1/1/0
bgp.l3vpn-inet6.0: 1/1/1/0
VOICE.inet.0: 1/1/1/0
VOICE.inet6.0: 1/1/1/0
ipi-1.lab.jan1.us.ipa.net#show ip bgp vrf VOICE
BGP table version is 1, local router ID is 172.16.0.1
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> l 172.16.0.0/24 0.0.0.0 0 100 32768 ?
*>i 172.16.2.0/24 100.127.2.2 0 100 0 i
*>i 192.168.0.0 100.127.2.2 0 100 0 i
Total number of prefixes 3
[email protected]# run show route table VOICE.inet.0
VOICE.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.0.0/24 *[BGP/170] 01:35:07, localpref 100, from 100.127.0.1
AS path: ?, validation-state: unverified
> to 100.126.0.9 via xe-0/0/47.0, Push 24960, Push 24961(top)
172.16.2.0/24 *[Direct/0] 02:08:32
> via xe-0/0/47.10
172.16.2.1/32 *[Local/0] 02:08:32
Local via xe-0/0/47.10
192.168.0.0/24 *[Direct/0] 1w0d 00:03:04
> via xe-0/0/47.100
192.168.0.2/32 *[Local/0] 1w0d 00:03:04
Local via xe-0/0/47.100
We can see that we are receiving three prefixes from QFX-2 and reachability is confirmed below.
ipi-1.lab.jan1.us.ipa.net#ping 172.16.2.1 vrf VOICE
Press CTRL+C to exit
PING 172.16.2.1 (172.16.2.1) 56(84) bytes of data.
64 bytes from 172.16.2.1: icmp_seq=1 ttl=64 time=3.02 ms
64 bytes from 172.16.2.1: icmp_seq=2 ttl=64 time=6.87 ms
6VPE
6VPE is a great way to take advantage of your already deployed and operational MPLS core. Here we’re going to use the sr-mpls/LDP setup to build an IPv6 service on top, again for vrf VOICE.
Most of the configuration elements are the same except for utilizing VPNv6 and IPv6 addressing. Let’s look specifically at those portions.
I will draw attention to the ipv6-tunneling command on QFX-2 above. This is required to tunnel the IPv6 packets over the MPLS core. Without this you will end up with an unusable next hop.
ipi-1.lab.jan1.us.ipa.net#show ip bgp vpnv6 all summary
BGP router identifier 100.127.0.1, local AS number 65000
BGP table version is 2
1 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd
100.127.2.2 4 65000 393 380 2 0 0 02:20:07 1
Total number of neighbors 1
Total number of Established sessions 1
[email protected]# run show bgp summary
Threading mode: BGP I/O
Groups: 1 Peers: 1 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.l3vpn.0
1 1 0 0 0 0
bgp.l3vpn-inet6.0
1 1 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
100.127.0.1 65000 319 313 0 7 2:14:50 Establ
bgp.l3vpn.0: 1/1/1/0
bgp.l3vpn-inet6.0: 1/1/1/0
VOICE.inet.0: 1/1/1/0
VOICE.inet6.0: 1/1/1/0
ipi-1.lab.jan1.us.ipa.net#show ip bgp vpnv6 vrf VOICE
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i - internal, l - lab
eled
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100.127.0.1:12 (Default for VRF VOICE)
*> l 2001:db8::/64 :: 0 100 32768 ?
*>i 2001:db8:0:1::/64
::ffff:100.127.2.2 0 100 0 i
Announced routes count = 1
Accepted routes count = 1
[email protected]# run show route table VOICE.inet6.0
VOICE.inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
2001:db8::/64 *[BGP/170] 01:43:15, localpref 100, from 100.127.0.1
AS path: ?, validation-state: unverified
> to 100.126.0.9 via xe-0/0/47.0, Push 24960, Push 24961(top)
2001:db8:0:1::/64 *[Direct/0] 01:49:56
> via xe-0/0/47.10
2001:db8:0:1::1/128*[Local/0] 01:49:56
Local via xe-0/0/47.10
fe80::86c1:c100:a32:5032/128
*[Local/0] 01:49:56
Local via xe-0/0/47.10
ff02::2/128 *[INET6/0] 1w2d 20:22:10
MultiRecv
{master:0}[edit]
Now that we have all over our routes and signaling setup lets verify reachability.
ipi-1.lab.jan1.us.ipa.net#ping ipv6 2001:db8:0:1::1 vrf VOICE
Press CTRL+C to exit
PING 2001:db8:0:1::1(2001:db8:0:1::1) 56 data bytes
64 bytes from 2001:db8:0:1::1: icmp_seq=1 ttl=64 time=2.80 ms
64 bytes from 2001:db8:0:1::1: icmp_seq=2 ttl=64 time=3.84 ms
Conclusion
With the new features and support in IP Infusion GA 6.0 stability and interop between vendors is becoming better. This paves the way for deployments of segment-routing while migrating the LDP segments all while maintaining current VPNs.
The 6VPE support allows for rapid adoption of IPv6 utilizing the core already in place.
We’ll be working on more interop testing to include L2VPN with both LDP signaled VPLS and BGP signaled VPLS. Be sure to come back for more.