Ok /r/Networking, I am way over my head and running out of time. We currently run mostly Juniper equipment where I work, but it looks like we will be adding in some Cisco. We have a VPLS connection to extend Layer 2 for some phones. This is not negotiable and has to work. We are slowing changing the equipment out as well since this is over a pretty large geographic area and need to make the Cisco and Juniper equipment play nicely together. Ideally we would only need to make changes to the Cisco congif as the Juniper is in production and working as is. I was not the one who originally designed this setup, and that person is no longer with the organization and it seems like they made this more complicated than it needs since there is a GRE tunnel involved as well as BGP, LDP and IS-IS. Since this is a lengthy problem I am going to try and save space by trimming the configs down to what I believe is the most relevant of pieces. The equipment is a Juniper SRX 550 running 12.3X48-D70.4 and The Cisco is C9300-24UX on CAT9K_IOSXE 16.12.02.
Juniper Section:
set interfaces ge-6/0/11 vlan-tagging set interfaces ge-6/0/11 mtu 9000 set interfaces ge-6/0/11 encapsulation flexible-ethernet-services set interfaces ge-6/0/11 unit 100 description "Juniper - Cisco TEST VLAN" set interfaces ge-6/0/11 unit 100 encapsulation vlan-vpls set interfaces ge-6/0/11 unit 100 vlan-id 100 set interfaces lo0 unit 0 family inet filter input LIMIT_MGMT_FILTER set interfaces lo0 unit 0 family inet address 10.230.139.254/32 set interfaces lo0 unit 0 family iso address 49.0002.0192.0168.1139.00 set protocols bgp local-address 10.230.139.254 set protocols bgp local-as 65001 set protocols bgp group VPLS_iBGP type internal set protocols bgp group VPLS_iBGP family inet unicast set protocols bgp group VPLS_iBGP family l2vpn signaling set protocols bgp group VPLS_iBGP neighbor 10.230.44.254 set protocols mpls interface gr-0/0/0.1 set protocols isis interface gr-0/0/0.1 set protocols isis interface lo0.0 set protocols ldp interface gr-0/0/0.1 set protocols ldp interface lo0.0 set routing-instances Cisco-Juniper_VPLS_VLAN100 instance-type vpls set routing-instances Cisco-Juniper_VPLS_VLAN100 interface ge-6/0/11.100 set routing-instances Cisco-Juniper_VPLS_VLAN100 route-distinguisher 10.230.139.254:100 set routing-instances Cisco-Juniper_VPLS_VLAN100 vrf-target target:65001:100 set routing-instances Cisco-Juniper_VPLS_VLAN100 protocols vpls site-range 100 set routing-instances Cisco-Juniper_VPLS_VLAN100 protocols vpls interface ge-6/0/11.100 set routing-instances Cisco-Juniper_VPLS_VLAN100 protocols vpls no-tunnel-services set routing-instances Cisco-Juniper_VPLS_VLAN100 protocols vpls site 100 site-identifier 2 set interfaces gr-0/0/0 unit 1 clear-dont-fragment-bit set interfaces gr-0/0/0 unit 1 tunnel source 10.230.139.4 set interfaces gr-0/0/0 unit 1 tunnel destination 10.230.44.4 set interfaces gr-0/0/0 unit 1 family inet mtu 9000 set interfaces gr-0/0/0 unit 1 family iso set interfaces gr-0/0/0 unit 1 family mpls mtu 9000 Cisco Section:
l2 vfi ER-VFI point-to-point neighbor 10.230.139.254 100 encapsulation mpls ! l2 vfi ERVV100 manual vpn id 100 ! interface Loopback0 ip address 10.230.44.253 255.255.255.255 ! interface Loopback2 ip address 20.20.20.20 255.255.255.0 ! interface Tunnel1 ip address 10.230.44.254 255.255.255.255 ip mtu 9000 mpls ip tunnel source 10.230.44.4 tunnel destination 10.230.139.4 ! interface TenGigabitEthernet1/0/11 description "Cisco - Juniper Test VPLS" no switchport no ip address no keepalive ! interface TenGigabitEthernet1/0/11.100 encapsulation dot1Q 100 mpls ip mpls label protocol ldp xconnect 10.230.139.254 1 encapsulation mpls ! router isis ! router isis tag1 net 49.0002.0192.0168.1140.00 ! router bgp 65001 bgp router-id 10.230.44.253 bgp log-neighbor-changes neighbor 10.230.139.254 remote-as 65001 ! address-family ipv4 network 10.230.44.152 mask 255.255.255.248 network 20.20.20.20 neighbor 10.230.139.254 activate neighbor 10.230.139.254 send-community extended neighbor 10.230.139.254 soft-reconfiguration inbound exit-address-family ! The GRE tunnel is working and I have gotten some of the sections to come up, but not everything. I feel like I am either really close or completely off base with the Cisco config. The problem is this is just too far out of my depth and I have read so many articles on this that things are blurring together. The added complexities as well as it being a Juniper/Cisco setup aren't helping. Here are some of the tests I have ran:
root@TEST-Juniper-SRX> show ldp database Input label database, 10.230.139.254:0--10.230.44.253:0 Label Prefix 3 0.0.0.0/0 27 10.64.0.0/16 16 10.64.96.0/20 17 10.64.240.0/22 18 10.64.248.0/22 19 10.64.254.0/24 20 10.64.255.0/24 65 10.177.203.0/24 64 10.178.8.0/24 63 10.191.18.64/27 62 10.191.18.96/27 61 10.191.18.128/27 60 10.191.32.0/24 59 10.191.33.0/24 58 10.191.34.0/24 57 10.191.35.0/24 56 10.191.36.0/24 55 10.191.37.0/26 54 10.191.37.192/27 53 10.191.37.224/27 52 10.191.54.112/28 51 10.191.187.0/24 3 10.230.44.0/25 21 10.230.44.144/29 22 10.230.44.152/29 3 10.230.44.160/29 3 10.230.44.253/32 23 10.230.44.254/32 66 10.230.139.254/32 3 20.20.20.0/24 24 Sanitized IP 50 Sanitized IP 49 172.16.1.0/24 48 172.17.188.0/22 47 172.17.248.0/22 46 172.18.10.0/24 45 172.18.11.0/24 44 172.18.162.0/23 43 172.18.164.0/22 42 172.21.0.0/24 41 172.21.132.0/24 40 172.21.133.0/24 39 172.21.134.0/24 38 172.21.135.0/24 37 172.24.8.0/22 25 172.25.148.0/29 26 172.25.148.8/29 36 192.168.11.0/24 35 192.168.68.0/24 34 192.168.99.0/24 33 192.168.121.0/24 32 192.168.125.0/24 31 192.168.126.0/24 30 192.168.129.0/24 29 192.168.133.0/24 28 192.168.249.0/24 67 L2CKT CtrlWord ETHERNET VC 1 Output label database, 10.230.139.254:0--10.230.44.253:0 Label Prefix 300048 10.230.138.254/32 3 10.230.139.254/32 Input label database, 10.230.139.254:0--10.230.138.254:0 Label Prefix 3 10.230.138.254/32 300304 10.230.139.254/32 Output label database, 10.230.139.254:0--10.230.138.254:0 Label Prefix 300048 10.230.138.254/32 3 10.230.139.254/32 root@TEST-Juniper-SRX> As you can see, we have another VPLS on the Juniper that is working and I find it odd that the Cisco seems to be just vomiting all of their LDP info to the Juniper. Checking on the VC of the Cisco I get this:
Cisco-Test#show mpls l2 vc detail Local interface: Te1/0/11.100 up, line protocol up, Eth VLAN 100 up Destination address: 10.230.139.254, VC ID: 1, VC status: down Last error: Local access circuit is not ready for label advertise Output interface: none, imposed label stack {} Preferred path: not configured Default path: no route No adjacency Create time: 1d17h, last status change time: 1d17h Last label FSM state change time: 23:18:09 Signaling protocol: LDP, peer 10.230.139.254:0 up Targeted Hello: 10.230.44.253(LDP Id) -> 10.230.139.254, LDP is DOWN, no binding Graceful restart: not configured and not enabled Non stop routing: not configured and not enabled Status TLV support (local/remote) : enabled/None (no remote binding LDP route watch : enabled Label/status state machine : local ready, LruRnd Last local dataplane status rcvd: No fault Last BFD dataplane status rcvd: Not sent Last BFD peer monitor status rcvd: No fault Last local AC circuit status rcvd: No fault Last local AC circuit status sent: DOWN(not-forwarding) Last local PW i/f circ status rcvd: No fault Last local LDP TLV status sent: No fault Last remote LDP TLV status rcvd: None (no remote binding) Last remote LDP ADJ status rcvd: None (no remote binding) MPLS VC labels: local 67, remote unassigned Group ID: local 65, remote unknown MTU: local 9000, remote unknown Remote interface description: Sequencing: receive disabled, send disabled Control Word: On (configured: autosense) SSO Descriptor: 10.230.139.254/1, local label: 67 Dataplane: SSM segment/switch IDs: 0/0 (used), PWID: 3 VC statistics: transit packet totals: receive 0, send 0 transit byte totals: receive 0, send 0 transit packet drops: receive 0, seq error 0, send 0 Cisco-Test# I have tried looking into why the "Local access circuit is not ready for label advertise" but all I ever find are bug reports so that isn't exactly helpful. This is all in a test lab so I can run any tests and make any changes you guys and gals recommend.
No comments:
Post a Comment