Documente Academic
Documente Profesional
Documente Cultură
VPLS on SRX
One of the topics that I haven’t written about so far was VPLS but I had already written some posts which
lay the foundation for this VPLS setup. On this post, I will try to explain how VPLS is con gured and veri ed
on Junos particulary on packet mode Juniper SRX. I believe it will be useful for those who don’t know
anything about VPLS too. The way I explain VPLS here is how I have experienced it so far. Let’s get started by
simplifying some stu ;
VPLS (Virtual Private Lan Service) is a L2VPN technology by which you can turn an ISP cloud consisting of
numerous routers connecting di erent locations into an Ethernet Switch i.e it is a switch in the global
network. Not yet clear? Let explain it by a simple example;
Above is a simpli ed view of two devices’ communication through an ISP network and both of these devices
are in the same subnet and WebServer has a L2 connection towards the DatabaseServer e.g you can ping
your database server from Webserver device and MAC address of Database Server will be in the ARP cache
of Webserver device after a succesful ARP Request/Reply. This was the simpli ed view.
On this setup, for VPLS to work properly, you need to have a working MPLS clould which means IGP
and RSVP should be running properly. To prepare the same MPLS cloud, you can take a look at my
MPLS series posts here
Your MPLS LSPs must already been setup to create our L2 pipe.
For this setup, VLANs used on both side of the pipe must be the same
Now we will zoom in to this ISP network and see how VPLS is con gured and veri ed but for this I need to
put the ISP topology in detail and here it is;
http://rtodto.net/vpls-on-srx/ 1/6
10/6/2017 VPLS Configuration & Troubleshooting on SRX
First I need to explain this setup a little. It is a single autonomous system with ASN 8500 on this lab. I also
drew a rectangle to show the boundaries of this ISP network in other words our so-called L2 switch. Routers
J40 and J35 are crossed by this rectangle as they represent the trunk ports of our switch since they are the
PE routers in our ISP.
On this post, I will enable two devices on the west J39 (10.0.7.1) and on the east side J37 (10.0.7.2) to
communicate via this L2VPN. As you can see their IP addresses are on the same subnet.
As this is a free BGP core network, we running BGP only on J40 and J35 PE devices.
J39 site is connected to our J40 PE router on its ge-0/0/3 interface. We will start with the east side rst.
http://rtodto.net/vpls-on-srx/ 2/6
10/6/2017 VPLS Configuration & Troubleshooting on SRX
[edit]
root@j40# show interfaces ge-0/0/3
vlan-tagging;
encapsulation vlan-vpls;
unit 803 {
description "J39 Facing Interface";
encapsulation vlan-vpls;
vlan-id 803;
family vpls;
}
[edit]
root@j40# show routing-instances vpn-b
instance-type vpls;
interface ge-0/0/3.803;
route-distinguisher 10.1.1.8:102;
vrf-target target:8500:102;
protocols {
vpls {
site-range 2;
no-tunnel-services;
site ce-c {
site-identifier 1;
}
}
}
As you can see we are using encapsulation vlan-vpls and interface is tagged hence we will accept tagged
tra c on this interface. Let’s check if we have any VPLS connection or not.
hmm, nothing yet as we haven’t con gured the remote PE router J35 yet. Now we con gure the remote
side;
[edit]
root@j35# show interfaces ge-0/0/3
vlan-tagging;
encapsulation vlan-vpls;
unit 803 {
description "J37 Facing interface";
encapsulation vlan-vpls;
vlan-id 803;
family vpls;
}
[edit]
root@j35# show routing-instances vpn-b
instance-type vpls;
interface ge-0/0/3.803;
route-distinguisher 10.1.1.7:102;
vrf-target target:8500:102;
protocols {
vpls {
site-range 2;
no-tunnel-services;
site ce-d {
site-identifier 2;
}
}
}
http://rtodto.net/vpls-on-srx/ 3/6
10/6/2017 VPLS Configuration & Troubleshooting on SRX
Now it is time to do a ping test from J39 to J37 which are located on two di erent sides of the ISP network.
Bingo!!! we have now L2VPN up and running and we are passing tra c.
I think I have achieved what I wanted to explain so far. VPLS is ready and passing tra c. If you do see any
mistake or feedback, please drop your comments!
Related
Junos Space Security Director SRX for beginners #2 How to avoid ow asymmetry
2013/07/15 2015/05/29 on SRX
In "junosspace" In "srx" 2015/06/17
In "routing"
Héctor Alta m
2016/05/07 at 12:15 am
Hi, Hope you reed this, It is possible to somehow remove the tagged vlan in the vpls and deliver to the
custommer as untagged?
Jacky
2017/08/29 at 1:59 pm
Hello
http://rtodto.net/vpls-on-srx/ 5/6
10/6/2017 VPLS Configuration & Troubleshooting on SRX
When I type this command :”show route forwarding-table family vpls” , sometimes I a have the mac-address
connected to the vpls interface sometimes not.
VPLS:
Destination Type RtRef Next hop Type Index NhRef Netif
default perm 0 rjct 1313 1
lsi.1048835 user 0 comp 1335 2
ge-0/0/4.0 user 0 comp 1341 2
2017/08/30 at 9:35 pm
sorry, it has been very login that I haven’t worked with VPLS on a junos box. I would advise to check release
notes to see if there is any bug or not.
http://rtodto.net/vpls-on-srx/ 6/6