Deutsch
We recently had the opportunity to do a POC with one of our customers for their future Juniper ACX deployment. The task was to set up a BGP-signalled VPLS instance between a Juniper MX and an ACX7024 router. Our customer currently uses a number of VPLS services based on a Juniper MX install base (various models). With the introduction of the ACX7024, we have a perfect fit for their use case in their access network.
As the technology is still new, there is not much configuration guidance available yet. We struggled at first with the new configuration style that comes with JunOS EVO. There are some great blog articles on the Juniper webpage, but these only outline the LDP-signalled VPLS configuration between two ACX7100 devices. So, we thought we would publish our configuration and results to help others.
We were lucky enough to have ordered two ACX7024 already last year for demo purposes. Those devices were delivered in Jan ’22. One Juniper ACX7024 was delivered to our customer. We used the second to build a shadow POC environment to support our customer during his evaluation. Of course, we could not rebuild the entire lab infrastructure of our customer, but we have enough hardware to cover the baseline. In our POC, we used one ACX7024 and one MX204 as IP/MPLS devices and the QFX5120 to simulate the customer’s equipment.
The following figure shows the small topology we used in our test case:
Naturally, our aim was to integrate the ACX7024 into the existing MX-based VPLS instance. This meant that the MX configuration had to remain as it was.
The following config snippet shows our ACX7024 configuration that we successfully tested. The main difference to the classic JunOS VPLS configuration is that the VPLS configuration in JunOS EVO has to specify the VLAN in the VLANs section. In our test, we used JunOS EVO release 22.4R1. According to Juniper, only one VLAN is supported per routing-instance in this JunOS release.
VPLS configuration (ACX7024):
interfaces {
et-0/0/5 {
flexible-vlan-tagging;
mtu 1522;
encapsulation flexible-ethernet-services;
ether-options {
no-auto-negotiation;
}
unit 100 {
encapsulation vlan-vpls;
vlan-id 100;
family ethernet-switching;
}
}
}
routing-instances {
VPLSTEST {
instance-type virtual-switch
protocols {
vpls {
site ACX7024 {
interface et-0/0/5.100;
site-identifier 4;
site-preference primary;
}
no-control-word;
no-tunnel-services;
}
}
interface et-0/0/5.100;
route-distinguisher 99:1001;
vrf-target target:99:100;
vlans {
VLAN100 {
vlan-id 100;
interface et-0/0/5.100;
}
}
}
}
For completeness, here is the MX204 VPLS configuration we tested.
VPLS configuration (MX204):
interfaces {
xe-0/1/1 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 100 {
encapsulation vlan-vpls;
vlan-id 100;
family vpls;
}
}
}
routing-instances {
VPLSTEST {
protocols {
vpls {
mac-table-size {
5120;
}
interface-mac-limit {
8;
}
site SITE1 {
interface xe-0/1/1.100;
site-identifier 1;
site-preference primary;
}
no-tunnel-services;
}
}
instance-type vpls;
interface xe-0/1/1.100;
route-distinguisher 99:1002;
vrf-target target:99:100;
}
}
To verify the service function, we simply sent some ICMP traffic from one interface to another of the same QFX5k switch, but both interfaces were in different VRs. Of course, our tests were very simplified, but there was no demand for more sophisticated traffic patterns.
Customer configuration:
interfaces {
xe-0/0/0 {
description to_acx;
vlan-tagging;
gigether-options {
no-auto-negotiation;
}
unit 100 {
vlan-id 100;
family inet {
address 1.1.1.1/24;
}
}
}
xe-0/0/1 {
description to_mx;
vlan-tagging;
unit 100 {
vlan-id 100;
family inet {
address 1.1.1.2/24;
}
}
}
}
routing-instances {
TEST1 {
instance-type virtual-router;
interface xe-0/0/0.100;
}
TEST2 {
instance-type virtual-router;
interface xe-0/0/1.100;
}
}
Test case verification:
hcd-superuser@re0# run show vpls connections
Layer-2 VPN connections:
Legend for connection status (St)
EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down NP -- interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned <- -- only inbound connection is up
OR -- out of range Up -- operational
OL -- no outgoing label Dn -- down
LD -- local site signaled down CF -- call admission control failure
RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
MM -- MTU mismatch MI -- Mesh-Group ID not available
BK -- Backup connection ST -- Standby connection
PF -- Profile parse failure PB -- Profile busy
RS -- remote site standby SN -- Static Neighbor
LB -- Local site not best-site RB -- Remote site not best-site
VM -- VLAN ID mismatch HS -- Hot-standby Connection
Legend for interface status
Up -- operational
Dn -- down
Instance: VPLSTEST
Edge protection: Not-Primary
Local site: ACX7024 (4)
connection-site Type St Time last up # Up trans
1 rmt Up Feb 23 12:47:32 2023 1
Remote PE: 10.0.0.1, Negotiated control-word: No
Incoming label: 33, Outgoing label: 29
Local interface: lsi.1048581, Status: Up, Encapsulation: VPLS
Description: Intf - vpls VPLSTEST local site 4 remote site 1
Flow Label Transmit: No, Flow Label Receive: No
hcd-superuser@re0# run show ethernet-switching table instance VPLSTEST
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static, C - Control MAC
SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC
GBP - group based policy)
Ethernet switching table : 2 entries, 2 learned
Routing instance : VPLSTEST
Vlan MAC MAC Age GBP Logical NH RTR
name address flags Tag interface Index ID
VPLSTEST 94:bf:94:73:9e:c4 D - et-0/0/5.100 0 0
VPLSTEST 94:bf:94:73:9e:c5 D - lsi.1048581 0 0
hcd-superuser@poc-qfx5120-01> ping 1.1.1.2 routing-instance TEST1
PING 1.1.1.2 (1.1.1.2): 56 data bytes
64 bytes from 1.1.1.2: icmp_seq=0 ttl=64 time=0.712 ms
64 bytes from 1.1.1.2: icmp_seq=1 ttl=64 time=0.548 ms
^C
--- 1.1.1.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.548/0.630/0.712/0.082 ms
Backlog:
Just in case you need the underlying IP/MPLS configuration, you can copy the snippets below.
Initial Configuration (MX204):
interfaces {
xe-0/1/0 {
unit 0 {
family inet {
address 10.10.10.0/31;
}
family iso;
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.0.1/32 {
primary;
preferred;
}
}
family iso {
address 49.0002.1000.0000.0001.00;
}
}
}
}
routing-options {
router-id 10.0.0.1;
autonomous-system 123;
}
protocols {
bgp {
group IBGP {
type internal;
local-address 10.0.0.1;
log-updown;
family l2vpn {
signaling;
}
neighbor 10.0.0.2 {
export EXPORT_NHS;
}
}
}
isis {
interface xe-0/1/0.0 {
level 2 metric 1000;
point-to-point;
}
interface lo0.0 {
passive;
}
level 1 disable;
level 2 wide-metrics-only;
}
ldp {
track-igp-metric;
deaggregate;
transport-address router-id;
interface xe-0/1/0.0;
interface lo0.0;
}
mpls {
icmp-tunneling;
ipv6-tunneling;
interface xe-0/1/0.0;
}
}
Inital Configuration (ACX7024)
interfaces {
et-0/0/4 {
unit 0 {
family inet {
address 10.10.10.1/31;
}
family iso;
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.0.0.2/32 {
primary;
preferred;
}
}
family iso {
address 49.0002.1000.0000.0002.00;
}
}
}
}
routing-options {
router-id 10.0.0.2;
autonomous-system 123;
}
protocols {
bgp {
group IBGP {
type internal;
local-address 10.0.0.2;
family l2vpn {
signaling;
}
neighbor 10.0.0.1 {
export EXPORT_NHS;
}
}
}
isis {
interface et-0/0/4.0 {
level 2 metric 1000;
point-to-point;
}
interface lo0.0 {
passive;
}
level 1 disable;
level 2 wide-metrics-only;
}
ldp {
track-igp-metric;
deaggregate;
transport-address router-id;
interface et-0/0/4.0;
interface lo0.0;
}
mpls {
icmp-tunneling;
ipv6-tunneling;
interface et-0/0/4.0;
}
}
Questions?Just ask!
You want to know more? We are happy to help. You can reach us on +49 89 215 36 92-0 or through our contact form.
Contact us