Dear Aarseniev,
Yeah that makes sense. i just did not wait long enough to see the optimization timer come into play.
Regards,
Prathmesh D
↧
Re: Traffic Engineering configuration requirement under OSPF hierarchy ?
↧
Re: VPLS VRF IRB routing issue ?
Hi,
From what I understand, you have a VPLS instance where IRB is called as routing-interface? I suppose the IRB and DHCP server are in same subnet? Are you able to ping the DHCP server from the VRF sourcing with IRB? Can you check if you are using "vrf-table-label" inside the VRF? If not, can you add and check if that makes any difference?
↧
↧
Re: Mirroring bundle port in logical system
Hi,
For the last step to succeed, you need to make sure there is no firewall configuration done under [edit logical-systems <name>] hierarchy, so that the referenced firewall filter named "PM" in the KB is checked against the firewall configuration done globally under [edit firewall]. So just make sure you dont have any firewall configuration under logical-systems and the filter "PM" is defined in the main instance and it should be good.
This is explained in following link:
Valid Reference to a Firewall Filter Outside of the Logical System
This example configuration illustrates resolvable references from a nonfirewall object in a logical system to two firewall filter.
In the following scenario, the stateless firewall filters filter1 and fred are applied to the logical interface fe-0/3/2.0 in the logical system ls-C.
Filter filter1 is defined in the main firewall configuration.
Filter fred is defined in the main firewall configuration.
Because ls-C does not contain any firewall filter statements, the policy framework software resolves references to and from firewall filters by searching the [edit firewall] hierarchy level. Consequently, the references from fe-0/3/2.0 in the logical system to filter1 and fred use the stateless firewall filters configured in the main firewall configuration.
Thanks
↧
How to establish a remote GW via L2circuit
Hi All
I would like to set up a server's GW at remote router and route to internet.
As follow diagram, I have a server in HK and connect to local router. And wish the server cross this L2circuit into the remote router in KR, then go to internet.
Is there any suggestion or document to reach it ?
↧
Re: Community for support 4 bytes ASN
Hi
My problem is what we provide customers to tag specific community string to reach some action themselves.
If we use community alias, it's can be working by customer.
So, I would like a workgroup to let customer still tag it
Many thanks
Cloud
↧
↧
Re: How to establish a remote GW via L2circuit
Hello,
I could think of 2 ways to do it:
1/ classic way : You establish L2circuit between HK and KR routers. On HK router, configure the server-facing interface as L2cuircuit UNI. On KR router, configure LDP VPLS instance with IRB, assign an IP/IPv6 address to that IRB and make sure the IRB subnet is advertised to the outside world.
2/ modern way: it assumes that application running on that server is virtualized/running inside a VM.
spin a VMX router instance on that server and configure a L2cuircuit between VMX and KR router.
Spin a vswitch instance on that server and include one of VMX interfaces & application VM' virtual interface into that vswitch.
On VMX, configure the vswitch-facing virtual interface as L2cuircuit UNI.
The KR router configuration is as above.
HTH
Thx
Alex
↧
Re: How to establish a remote GW via L2circuit
Hi Alex
I will prefer your first way, becasue I should know how to set up.
Let me try and give you a feedback.
Thanks
↧
RSVP signal failed on the interface with public/private IPv4 address
Hi All
My routers connect each other by asigning two IPv4 address (private & public). And I set the public IP as primary and prefferred as follow. In the meanwhile, run IS-IS as my IGP and run LDP/MPLS.
> show configuration interfaces ae5
mtu 9192;
aggregated-ether-options {
link-speed 10g;
lacp {
active;
periodic fast;
}
unit 0 {
family inet {
address 172.54.131.37/30 {
primary;
preferred;
}
address 10.24.100.37/30;
}
family iso;
family mpls;
}
Now I try to run RSVP. We obersved the neighbor is up, but label is tagged failed.
After checked, one of routers use private IP as neighbor, but another router use public one.
Thus,we removed private IP and thne RSVP was working.
Is there any way to solve this problem ? Like define RSVP run on private IP?
Thanks
Cloud
↧
Re: RSVP signal failed on the interface with public/private IPv4 address
Hi,
Can you try couple of tests please?
1. If we remove the private IP address configuration from both routers and wait for the RSVP neighborship to form on public IP and then configure this private IP on both ends, do you see any issues?
2. Can you configure private IP address range higher than the public address range and see what happens?
These tests might help to understand this behavior further.
↧
↧
Re: RSVP signal failed on the interface with public/private IPv4 address
Is the Junos version the same on both routers?
Seems odd that with the same configuration they would make different selections.
↧
Dual-homed mpls vpn issue
One of our customers has asked for an additional circuit back to our DC so I’ve been looking at setting up the config so they use one as primary and the second only if the primary is down.
First thing I have seen is that if I use the same local-as on both bgp session then neither of our internal routers will see the route from each other. Ebgp sessions are fine.
Even if I disable the interface so the ebgp session goes down it does not see the route from the other. I have to delete the bgp config where I state the local-as then it can see the routes from the other internal router.
If I use a different local-as on each then I don’t get this problem.
Is this by design or am I missing something?
First thing I have seen is that if I use the same local-as on both bgp session then neither of our internal routers will see the route from each other. Ebgp sessions are fine.
Even if I disable the interface so the ebgp session goes down it does not see the route from the other. I have to delete the bgp config where I state the local-as then it can see the routes from the other internal router.
If I use a different local-as on each then I don’t get this problem.
Is this by design or am I missing something?
↧
Re: BGP Issue - Peer flapping
Have you tried disabling seq-check on SRX. I have had the issue where BGP comes up but goes down after holdtime expires. So, I changed hold-timer to 200s and now by BGP neighbourship goes down after 200s instead of 90s. After lot of troubleshooting and articles and logs found out that packets were being drops because of syn check. disabled it and no more BGP flapping.
Here;'s what I have added:
set security flow tcp-session no-syn-check
set security flow tcp-session no-sequence-check
set security flow tcp-session tcp-initial-timeout 4
set security flow tcp-session time-wait-state session-ageout
↧
Re: Dual-homed mpls vpn issue
Sounds like you might be hitting the standard iBGP behavior for routes. When the BGP speakers are in the same AS then by default they will not pass on and re-advertise any routes learned fron another iBGP speaker in the same AS.
This is the opposite of eBGP which by default sends all routes it knows to all peers.
With iBGP there is an assumption that you have a full mesh of all iBGP peers or you have a route reflector setup in place.
↧
↧
Re: RSVP signal failed on the interface with public/private IPv4 address
Hi Both
Thanks for your suggesstion first.
My routers all are the same JunOS version.
It will be working after removed private IP and just keep public one.
Also I re-number private IP as 192.168.224.37/30. Then labeling is working and stable.
Would you know why ?
Best regards,
Cloud
↧
Re: RSVP signal failed on the interface with public/private IPv4 address
So when you re-number it to 192.168.224 subnet, the rsvp neighborship is formed using which subnet? If it is 192.168.224 subnet, then I would think following possibilities:
1. Whichever is configured latest is picked or
2. Whichever is higher IP is picked up first.
Thanks
↧
Re: Dual-homed mpls vpn issue
As spuluka indicated, this is the loop prevention feature of iBGP, whic is why it requires full mesh. iBGP peers do not check the AS as does the eBGP peer, so will not pass on iBGP learned routes to each other.
↧
Re: Dual-homed mpls vpn issue
One minor correction here:
Junos does as-path check for both iBGP and eBGP peers whereas Cisco only does it for eBGP.
Junos does as-path check for both iBGP and eBGP peers whereas Cisco only does it for eBGP.
↧
↧
Re: RSVP signal failed on the interface with public/private IPv4 address
Hi
Looks like RSVP pick up the public IP , not private one. Thus, RSVP should select the lowest IP address, right ?
> show rsvp neighbor
RSVP neighbor: 2 learned
Address Idle Up/Dn LastChange HelloInt HelloTx/Rx MsgRcvd
172.54.131.8 0 2/1 3:37:58 9 1675/1673 0
172.54.131.34 0 3/2 3:37:59 9 1679/1676 3703
Best regards,
Cloud
↧
Re: RSVP signal failed on the interface with public/private IPv4 address
That would seem to be the most likely method from this data.
↧
EVPN esi route selection
Dear community,
I didn't find any documentation talking about evpn esi route selection for the anycast (virtual) gateway and I have some question regarding this topic
#Design
- I have 4 QFX10k, two per dc, which share the same virtual gateway address (with same mac). These router play the spine role
- Leaf are QFX5K
- Each DC as it own AS, which means eBGP peering bewteen DC1 and DC2 for EVP
#Observation
- On each leaf, I receive two ESI for the same mac-address. This match the theory as esi id for virtual-gateway are based with AS number
#Question
I'm not sure about how esi route selection occurs. For example if DC1 has AS number 65001 and DC2 has AS number 65002, active mac address gateway will always be DC2, even on DC1 leaf :
vagrant@vqfx3> show evpn database esi 05:00:00:fd:ea:00:00:00:0b:00 extensive
Instance: default-switch
VN Identifier: 11, MAC address: 00:00:5e:00:01:01
Source: 05:00:00:fd:ea:00:00:00:0b:00, Rank: 1, Status: Active
Remote origin: 172.16.255.201
Remote origin: 172.16.255.202
Timestamp: Jul 26 14:24:31 (0x5b59d99f)
State: <>
IP address: 10.118.134.1
Remote origin: 172.16.255.201
Remote origin: 172.16.255.202
Source: 05:00:00:fd:e9:00:00:00:0b:00, Rank: 2, Status: Inactive
Remote origin: 172.16.255.101
Remote origin: 172.16.255.102
Timestamp: Jul 26 14:16:40 (0x5b59d7c8)
State: <>
IP address: 10.118.134.1
Remote origin: 172.16.255.101
Remote origin: 172.16.255.102
In the output above I have two esi : 1 per AS = 1 per DC. 172.16.255.101 and 172.16.255.102 are DC1-SPINES, 172.16.255.201 and 172.16.255.202 are DC2-SPINE. So you can see that DC2 is prefer over DC1.
In the output below, DC2 gataway on DC2 are DC2-SPINES
vagrant@vqfx6> show evpn database esi 05:00:00:fd:ea:00:00:00:0b:00 extensive
Instance: default-switch
VN Identifier: 11, MAC address: 00:00:5e:00:01:01
Source: 05:00:00:fd:ea:00:00:00:0b:00, Rank: 1, Status: Active Remote origin: 172.16.255.201
Remote origin: 172.16.255.202
Timestamp: Jul 26 14:25:52 (0x5b59d9f0)
State: <>
IP address: 10.118.134.1
Remote origin: 172.16.255.201
Remote origin: 172.16.255.202
Source: 05:00:00:fd:e9:00:00:00:0b:00, Rank: 2, Status: Inactive Remote origin: 172.16.255.101
Remote origin: 172.16.255.102
Timestamp: Jul 26 14:25:49 (0x5b59d9ed)
State: <>
IP address: 10.118.134.1
Remote origin: 172.16.255.101
Remote origin: 172.16.255.102Now, if I raised the AS number on DC1, DC1-SPINE gateway are the gatways active on DC1 and DC2
When I rollback to original AS it happen that DC1-GW are DC1-SPINE whereas DC2-GW are DC2-SPINE, as now :
DC1 :
vagrant@vqfx3> show evpn database esi 05:00:00:fd:e9:00:00:00:0b:00 extensive
Instance: default-switch
VN Identifier: 11, MAC address: 00:00:5e:00:01:01
Source: 05:00:00:fd:e9:00:00:00:0b:00, Rank: 1, Status: Active Remote origin: 172.16.255.101
Remote origin: 172.16.255.102
Timestamp: Jul 26 21:11:24 (0x5b5a38fc)
State: <>
IP address: 10.118.134.1
Remote origin: 172.16.255.101
Remote origin: 172.16.255.102
Source: 05:00:00:fd:ea:00:00:00:0b:00, Rank: 2, Status: Inactive Remote origin: 172.16.255.201
Remote origin: 172.16.255.202
Timestamp: Jul 26 21:11:22 (0x5b5a38fa)
State: <>
IP address: 10.118.134.1
Remote origin: 172.16.255.201
Remote origin: 172.16.255.202DC2:
vagrant@vqfx6> show evpn database esi 05:00:00:fd:ea:00:00:00:0b:00 extensive
Instance: default-switch
VN Identifier: 11, MAC address: 00:00:5e:00:01:01
Source: 05:00:00:fd:ea:00:00:00:0b:00, Rank: 1, Status: Active Remote origin: 172.16.255.201
Remote origin: 172.16.255.202
Timestamp: Jul 26 21:11:17 (0x5b5a38f5)
State: <>
IP address: 10.118.134.1
Remote origin: 172.16.255.201
Remote origin: 172.16.255.202
Source: 05:00:00:fd:e9:00:00:00:0b:00, Rank: 2, Status: Inactive
Remote origin: 172.16.255.101
Remote origin: 172.16.255.102
Timestamp: Jul 26 21:11:17 (0x5b5a38f5)
State: <>
IP address: 10.118.134.1
Remote origin: 172.16.255.101
Remote origin: 172.16.255.102So how esi for virtual-gateway are selected ?
NOTE1 : evp bgp route are active for all mac-address
NOTE2 : for production, we prevent gateway mac-address learning from the other DC
Thanks for your help !
↧