Mailing List Archive: nsp: juniper

SRX & MPLS

Index | Next | Previous | View Threaded

johan.borch at gmail

Aug 15, 2012, 7:29 AM

Post #1 of 9 (857 views)
Permalink

SRX & MPLS

Hi,

I have a design question regarding MPLS.

I'm planning to create a MPLS rings with 4-8 SRX240 devices in packet mode
and the main purpose is L3VPN/VPLS

p1-p2-p3-p4-p5-p1 (p5 connects back to p1)

My budget is low for this and the srx240 is cheap, we will push max 1Gbps.

For example in some sites there will be two SRX and the plan is to use
these two as P/PE and use VRRP for customer equipment. At the same time
they will be P routers for other sites.

Example site:

P1--------P3-P4----------P5
\ /
(vrrp)
Customer equipment

Do I make any sense? Will this work? :)

Regards
Johan
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

p.mayers at imperial

Aug 15, 2012, 8:11 AM

Post #2 of 9 (838 views)
Permalink

Re: SRX & MPLS [In reply to]

On 15/08/12 15:29, Johan Borch wrote:
> Hi,
>
> I have a design question regarding MPLS.
>
> I'm planning to create a MPLS rings with 4-8 SRX240 devices in packet mode
> and the main purpose is L3VPN/VPLS
>
> p1-p2-p3-p4-p5-p1 (p5 connects back to p1)
>
> My budget is low for this and the srx240 is cheap, we will push max 1Gbps.

That should be ok. I've had hundreds of megabits of MPLS out of the SRX210.

>
> For example in some sites there will be two SRX and the plan is to use
> these two as P/PE and use VRRP for customer equipment. At the same time
> they will be P routers for other sites.
>
> Example site:
>
> P1--------P3-P4----------P5
> \ /
> (vrrp)
> Customer equipment
>
> Do I make any sense? Will this work? :)

Should do. We use them in similar (but not identical) configurations.

I've never tested VRRP on them, however.
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

giuliano at wztech

Aug 15, 2012, 8:50 AM

Post #3 of 9 (833 views)
Permalink

Re: SRX & MPLS [In reply to]

Phill,

Could ou please share some juniper links or configurations on how about
to configure SRX boxes with MPLS in a RING topology ?

Are you using L3 MPLS VPN or L2 VPLS or EoMPLS ?

Is it possible to share some configurations or links ?

Thanks a lot,

Giuliano

> On 15/08/12 15:29, Johan Borch wrote:
>> Hi,
>>
>> I have a design question regarding MPLS.
>>
>> I'm planning to create a MPLS rings with 4-8 SRX240 devices in packet
>> mode
>> and the main purpose is L3VPN/VPLS
>>
>> p1-p2-p3-p4-p5-p1 (p5 connects back to p1)
>>
>> My budget is low for this and the srx240 is cheap, we will push max
>> 1Gbps.
>
> That should be ok. I've had hundreds of megabits of MPLS out of the SRX210.
>
>>
>> For example in some sites there will be two SRX and the plan is to use
>> these two as P/PE and use VRRP for customer equipment. At the same time
>> they will be P routers for other sites.
>>
>> Example site:
>>
>> P1--------P3-P4----------P5
>> \ /
>> (vrrp)
>> Customer equipment
>>
>> Do I make any sense? Will this work? :)
>
> Should do. We use them in similar (but not identical) configurations.
>
> I've never tested VRRP on them, however.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

p.mayers at imperial

Aug 15, 2012, 9:07 AM

Post #4 of 9 (836 views)
Permalink

Re: SRX & MPLS [In reply to]

On 15/08/12 16:50, GIULIANO (WZTECH) wrote:
> Phill,
>
> Could ou please share some juniper links or configurations on how about
> to configure SRX boxes with MPLS in a RING topology ?

Sure.

I'm assuming you have a basic Juniper layer3 provider core configured.
In particular, you'll want an IGP (OSPF, IS-IS) and BGP configured, as
well as basic addressing. In other words, something like this:

interfaces {
ge-0/0/0 {
description "faces other routers";
mtu 2000;
unit 0 {
family inet {
address 192.0.2.1/31;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.0.2.100/32;
}
}
}
}
routing-options {
router-id 192.0.2.100;
}

protocols {
bgp {
local-as 65000;
group Core {
type internal;
family inet {
any;
}
peer-as 65000;
neighbor 192.0.2.101;
neighbor ...;
neighbor 192.0.2.102;
}
}
ospf {
area 0.0.0.0 {
interface ge-0/0/0.0 {
interface-type p2p;
}
interface lo0.0 {
passive;
}
}
}
}

You then need to add MPLS:

interfaces {
ge-0/0/0 {
unit 0 {
family mpls;
}
}
}
protocols {
mpls {
interface ge-0/0/0.0;
}
ldp {
interface ge-0/0/0.0;
}
bgp {
group Core {
family inet-vpn {
any;
}
}
}
}

Finally, on the SRX you need to enable packet mode:

security {
zones {
security-zone zone_default {
host-inbound-traffic {
system-services {
all;
}
}
interfaces {
all;
}
}
}
forwarding-options {
family {
inet6 {
mode packet-based;
}
mpls {
mode packet-based;
}
}
}
}

...and reboot. Once that's done, you can add a layer 3 VPN:

interfaces {
ge-0/0/1 {
vlan-tagging;
unit 100 {
vlan-id 100;
family inet {
address 192.168.1.1/24;
}
}
}
}
routing-instances {
PROD {
instance-type vrf;
interface ge-0/0/1.100;
route-distinguisher 65000:1;
vrf-target target:65000:1;
vrf-table-label;
}
}

>
> Are you using L3 MPLS VPN or L2 VPLS or EoMPLS ?

We use L3VPN. I've tested EoMPLS, but I don't have a configuration to hand.

I haven't tested VPLS on the SRX.
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

ihsan at grep

Aug 15, 2012, 3:57 PM

Post #5 of 9 (833 views)
Permalink

Re: SRX & MPLS [In reply to]

Johan,

You might want to know that VRRPv6 isn't supported on the branch SRX so if you need IPv6 resiliency, you're out of luck.

If you need both v4 and v6 node resiliency, the only way to do it now is clustering which is a whole different beast altogether.

On Aug 15, 2012, at 10:29 PM, Johan Borch wrote:

> Hi,
>
> I have a design question regarding MPLS.
>
> I'm planning to create a MPLS rings with 4-8 SRX240 devices in packet mode
> and the main purpose is L3VPN/VPLS
>
> p1-p2-p3-p4-p5-p1 (p5 connects back to p1)
>
> My budget is low for this and the srx240 is cheap, we will push max 1Gbps.
>
> For example in some sites there will be two SRX and the plan is to use
> these two as P/PE and use VRRP for customer equipment. At the same time
> they will be P routers for other sites.
>
> Example site:
>
> P1--------P3-P4----------P5
> \ /
> (vrrp)
> Customer equipment
>
> Do I make any sense? Will this work? :)
>
> Regards
> Johan
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

johan.borch at gmail

Aug 23, 2012, 1:39 AM

Post #6 of 9 (785 views)
Permalink

Re: SRX & MPLS [In reply to]

I saw the following exceptions for SRX-series:

"VPLS multihoming, which allows connecting a CE device to multiple PE
routers to provide redundant connectivity, is not supported on J Series or
SRX Series devices"

I'm going to have two SRX's on each site and using vrrp between them, will
I hit this exception then?

Regards
Johan

On Wed, Aug 15, 2012 at 5:11 PM, Phil Mayers <p.mayers [at] imperial>wrote:

> On 15/08/12 15:29, Johan Borch wrote:
>
>> Hi,
>>
>> I have a design question regarding MPLS.
>>
>> I'm planning to create a MPLS rings with 4-8 SRX240 devices in packet mode
>> and the main purpose is L3VPN/VPLS
>>
>> p1-p2-p3-p4-p5-p1 (p5 connects back to p1)
>>
>> My budget is low for this and the srx240 is cheap, we will push max 1Gbps.
>>
>
> That should be ok. I've had hundreds of megabits of MPLS out of the SRX210.
>
>
>
>> For example in some sites there will be two SRX and the plan is to use
>> these two as P/PE and use VRRP for customer equipment. At the same time
>> they will be P routers for other sites.
>>
>> Example site:
>>
>> P1--------P3-P4----------P5
>> \ /
>> (vrrp)
>> Customer equipment
>>
>> Do I make any sense? Will this work? :)
>>
>
> Should do. We use them in similar (but not identical) configurations.
>
> I've never tested VRRP on them, however.
> ______________________________**_________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/**mailman/listinfo/juniper-nsp<https://puck.nether.net/mailman/listinfo/juniper-nsp>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

juniperdude at gmail

Aug 23, 2012, 2:21 AM

Post #7 of 9 (778 views)
Permalink

Re: SRX & MPLS [In reply to]

Err VPLS Implies Layer 2 only.

Where is the VRP runninng in-between? Are you doing "vlan-id" inside the VPLS instance for normalization, then binding an irb.x into it? I dont think that works in SRX/J either. (l3 within VPLS).

- CK.

On 2012-08-23, at 6:39 PM, Johan Borch wrote:

> "VPLS multihoming, which allows connecting a CE device to multiple PE
> routers to provide redundant connectivity, is not supported on J Series or
> SRX Series devices"
>
> I'm going to have two SRX's on each site and using vrrp between them, will
> I hit this exception then?

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

johan.borch at gmail

Aug 23, 2012, 2:47 AM

Post #8 of 9 (780 views)
Permalink

Re: SRX & MPLS [In reply to]

Your'e right of course :)

My question was more how the VPLS multihoming will affect this setup.

Regards
Johan

On Thu, Aug 23, 2012 at 11:21 AM, Chris Kawchuk <juniperdude [at] gmail>wrote:

> Err VPLS Implies Layer 2 only.
>
> Where is the VRP runninng in-between? Are you doing "vlan-id" inside the
> VPLS instance for normalization, then binding an irb.x into it? I dont
> think that works in SRX/J either. (l3 within VPLS).
>
> - CK.
>
> On 2012-08-23, at 6:39 PM, Johan Borch wrote:
>
> > "VPLS multihoming, which allows connecting a CE device to multiple PE
> > routers to provide redundant connectivity, is not supported on J Series
> or
> > SRX Series devices"
> >
> > I'm going to have two SRX's on each site and using vrrp between them,
> will
> > I hit this exception then?
>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

juniperdude at gmail

Aug 23, 2012, 2:53 PM

Post #9 of 9 (783 views)
Permalink

Re: SRX & MPLS [In reply to]

Shouldn't affect it in the classical BGP active./backup sense; only 1 'vrf' is active in a multi-homing BGP setup.

However, since the SRX/J doesn't do that, both will end up being active - You'll need a way to suppress one of them from getting any traffic. Perhaps think about using an EX4200 underneath using an RTG to each SRX at layer 2 to prevent the loop.

Should have zero effect on vrrp/layer-3 stuff.

- CK.

On 23/08/2012, at 7:47 PM, Johan Borch <johan.borch [at] gmail> wrote:

> Your'e right of course :)
>
> My question was more how the VPLS multihoming will affect this setup.
>
> Regards
> Johan
>
> On Thu, Aug 23, 2012 at 11:21 AM, Chris Kawchuk <juniperdude [at] gmail> wrote:
> Err VPLS Implies Layer 2 only.
>
> Where is the VRP runninng in-between? Are you doing "vlan-id" inside the VPLS instance for normalization, then binding an irb.x into it? I dont think that works in SRX/J either. (l3 within VPLS).
>
> - CK.
>
> On 2012-08-23, at 6:39 PM, Johan Borch wrote:
>
> > "VPLS multihoming, which allows connecting a CE device to multiple PE
> > routers to provide redundant connectivity, is not supported on J Series or
> > SRX Series devices"
> >
> > I'm going to have two SRX's on each site and using vrrp between them, will
> > I hit this exception then?
>
>

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads