Versions Compared

Old Version 4

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version 5

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.









SRX340 full config
# check the lt and apply the BW
show chassis hardware
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
>>>>> check the lt interface created could be lt-0/0/10??
#
MX480 full config

# check the lt and apply the BW
show chassis hardware
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
>>>>> check the lt interface created could be lt-0/0/10??
#


Code Block
titleL3VPN: LDP, VRF and VR MX480: L3VPN
collapsetrue
1- Interface, LLDP, MPLS and& LDP
2- RID, AS#, BGP
3- L3VPN: VRF, RD, RT
4- virtual CE: VR


#1- Interface, LLDP, MPLS & LDP ( on the SRX340MX480 )
#---------------------------

set interfaces ge-01/03/54 unit 0 family inet address 10.17.0.12/24
set interfaces ge-0/0/5 unit 0 family mpls
protocols lldp interface all
set protocols mpls interface ge-01/03/54.0
set protocols ldp interface ge-01/03/54.0
set protocols lldpldp interface ge-0/0/5
set protocols lldp interface allfxp0.0 disable



set interfaces lo0.210 family inet address 10.210.2.2/32
set routing-instances vrf_1 interface lo0.210



#2- RID, AS#, BGP ( on SRX340the MX480 )
#-------------------------------

set routing-options router-id 10.30.9592.210193
set routing-options autonomous-system 1.65535

set protocols bgp group iBGP type internal
set protocols bgp group iBGP local-address 10.17.0.12
set protocols bgp group iBGP neighbor 10.17.0.2family inet-vpn unicast
set protocols bgp group iBGP family inet-vpn unicastneighbor 10.17.0.1




#3- L3VPNL3PVN: VRF, RD, RT ( on SRX340the MX480 )
#---------------------------------------
set interfaces lo0.210 family inet address 10.210.1.1/32

set routing-instances vrf_1 interface lt-01/0/010.31
set routing-instances vrf_1
interface
lo0.210
set routing-instances vrf_1 instance-type vrf
set routing-instances vrf_1 route-distinguisher 65535:1717
set routing-instances vrf_1 vrf-target import target:65536L:1717
set routing-instances vrf_1 vrf-target export target:65536L:1717
set routing-instances vrf_1 routing-options router-id 10.210.12.12
set routing-instances vrf_1 routing-options autonomous-system 1101

set routing-instances vrf_1 protocols bgp group eBGP type external
set routing-instances vrf_1 protocols bgp group eBGP local-address 10.217.12.2
set routing-instances vrf_1 protocols bgp group eBGP neighbor 10.217.12.1 peer-as 101102




#CE configuration:
#-----------------
set interfaces lt-0/0/0 unit 30 encapsulation ethernet
set interfaces lt-0/0/0 unit 30 peer-unit 31
set interfaces lt-0/0/0 unit 30 #set routing-instances vrf_1 protocols bgp group eBGP family inet
address
10.217.1.1/30
set
interfaces
lt-0/0/0
unit
31
encapsulation
ethernet
set#CE interfaces lt-0/0/0 unit 31 peer-unit 30
set interfaces lt-0/0/0 unit 31 family inet address 10.217.1.2/30

set interfaces lo0 unit 217 family inet address 10.217.0.1/32

set routing-instances ce_vr instance-type virtual-router
set routing-instances ce_vr interface lt-0/0/0.30
set routing-instances ce_vr interface lo0.217
set routing-instances ce_vr routing-options router-id 10.217.0.1
set routing-instances ce_vr routing-options autonomous-system 101
set routing-instances ce_vr protocols bgp group eBGP type external
set routing-instances ce_vr protocols bgp group eBGP local-address 10.217.1.1
set routing-instances ce_vr protocols bgp group eBGP neighbor 10.217.1.2 peer-as 1101
# export protocol direct into BGP
set policy-options policy-statement exp_protocol_direct from protocol direct
set policy-options policy-statement exp_protocol_direct then accept
set routing-instances ce_vr protocols bgp group eBGP export exp_protocol_direct
Code Block
titlesecurity zone and policy
collapsetrue
#SRX Secuirty Zones:

set security zones security-zone vCE_2_vPE interfaces lt-0/0/0.30
set security zones security-zone vCE_2_vPE interfaces lo0.217
set security zones security-zone vCE_2_vPE host-inbound-traffic system-services all
set security zones security-zone vCE_2_vPE host-inbound-traffic protocols all

set security zones security-zone vPE_2_vCE interfaces lt-0/0/0.31
set security zones security-zone vPE_2_vCE interfaces lo0.210
set security zones security-zone vPE_2_vCE host-inbound-traffic protocols all
set security zones security-zone vPE_2_vCE host-inbound-traffic system-services all
MX480 full config
Code Block
titleMX480: L3VPN
collapsetrue
1- Interface, LLDP, MPLS & LDP
2- RID, AS#, BGP
3- L3VPN: VRF, RD, RT
4- virtual CE: VR


#1- Interface, LLDP, MPLS & LDP ( on the MX480 )
#---------------------------

set interfaces ge-1/3/4 unit 0 family inet address 10.17.0.2/24
set protocols lldp interface all
set protocols mpls interface ge-1/3/4.0
set protocols ldp interface ge-1/3/4.0
set protocols ldp interface fxp0.0 disable



set interfaces lo0.210 family inet address 10.210.2.2/32
set routing-instances vrf_1 interface lo0.210



#2- RID, AS#, BGP ( on the MX480 )
#--------------------

set routing-options router-id 10.30.92.193
set routing-options autonomous-system 1.65535
set protocols bgp group iBGP type internal
set protocols bgp group iBGP local-address 10.17.0.2
set protocols bgp group iBGP family inet-vpn unicast
set protocols bgp group iBGP neighbor 10.17.0.1



#3- L3PVN: VRF, RD, RT ( on the MX480 )
#---------------------------------------
set routing-instances vrf_1 interface lt-1/0/10.31

set routing-instances vrf_1 routing-options router-id 10.210.2.2
set routing-instances vrf_1 routing-options autonomous-system 1101

set routing-instances vrf_1 protocols bgp group eBGP type external
set routing-instances vrf_1 protocols bgp group eBGP local-address 10.217.2.2
set routing-instances vrf_1 protocols bgp group eBGP neighbor 10.217.2.1 peer-as 102
#set routing-instances vrf_1 protocols bgp group eBGP family inet









#CE config on MX480
#-------------------config on MX480
#-------------------
# check the lt and apply the BW
show chassis hardware
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
>>>>> check the lt interface created could be lt-0/0/10??
## check the lt and apply the BW
show chassis hardware
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
>>>>> check the lt interface created could be lt-0/0/10??
## check the lt and apply the BW
show chassis hardware
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
>>>>> check the lt interface created could be lt-0/0/10??
## check the lt and apply the BW
show chassis hardware
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
>>>>> check the lt interface created could be lt-0/0/10??
#
set interfaces lt-1/0/10 unit 30 encapsulation ethernet
set interfaces lt-1/0/10 unit 30 peer-unit 31
set interfaces lt-1/0/10 unit 30 family inet address 10.217.2.1/30
set interfaces lt-1/0/10 unit 31 encapsulation ethernet
set interfaces lt-1/0/10 unit 31 peer-unit 30
set interfaces lt-1/0/10 unit 31 family inet address 10.217.2.2/30

set interfaces lo0 unit 217 family inet address 10.217.0.2/32

set routing-instances ce_vr instance-type virtual-router
set routing-instances ce_vr interface lt-1/0/10.30
set routing-instances ce_vr interface lo0.217
set routing-instances ce_vr routing-options router-id 10.217.0.2
set routing-instances ce_vr routing-options autonomous-system 102
set routing-instances ce_vr protocols bgp group eBGP type external
set routing-instances ce_vr protocols bgp group eBGP local-address 10.217.2.1
set routing-instances ce_vr protocols bgp group eBGP neighbor 10.217.2.2 peer-as 1101


set policy-options policy-statement exp_protocol_direct from protocol direct
set policy-options policy-statement exp_protocol_direct then accept

set routing-instances ce_vr protocols bgp group eBGP export exp_protocol_direct




Code Block
titleshow LDP
root@mx480-re0> show route table inet.3

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.255.50/32  *[LDP/9] 17:41:40, metric 1
                    > to 10.17.0.1 via ge-1/3/4.0
























...