Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Related Documentation
- ACX Series
- Example: Configuring Provider Edge Link Protection in Layer 3 VPNs
- M Series
- Configuring BGP PIC Edge for MPLS Layer 3 VPNs
- Example: Configuring Provider Edge Link Protection in Layer 3 VPNs
- MX Series
- Configuring BGP PIC Edge for MPLS Layer 3 VPNs
- Example: Configuring Provider Edge Link Protection in Layer 3 VPNs
- T Series
- Configuring BGP PIC Edge for MPLS Layer 3 VPNs
- Example: Configuring Provider Edge Link Protection in Layer 3 VPNs
Example: Configuring BGP PIC Edge for MPLS Layer 3 VPNs
This example shows how to configure BGP prefix-independent convergence (PIC) edge, which allows you to install a Layer 3 VPN route in the forwarding table as an alternate path. This enables fast failover when a provider edge (PE) router fails or you lose connectivity to a PE router. This already installed path is used until global convergence through the interior gateway protocol (IGP) is resolved. Using the alternative VPN route for forwarding until global convergence is complete reduces traffic loss.
Requirements
No special configuration beyond device initialization is required before configuring this example.
This example requires Junos OS Release 13.2 or later on the device with BGP PIC edge configured.
Overview
In an MPLS VPN Layer 3 environment, it is common for customers to multihome their networks to provide link redundancy. Although the interior gateway protocol (IGP) can provide fast convergence, in certain instances, the time to resolve a link failure and provide an alternate route can be time consuming. For example, a provider edge (PE) router might be configured with 200,000 or more IP prefixes, and a PE router failure could affect many of those prefixes.
This example shows two customer edge (CE) routers, Device CE1 and Device CE2. Devices PE1, PE2, and PE3 are PE routers. Device P1 is a provider core router. Only Device PE1 has BGP PIC edge configured. The example uses the P1-PE2 link (P-PE) link to simulate the loss of a section of the network.
For testing, the address 172.16.1.5/24 is added as a loopback interface address on Device CE2. The address is announced to Device PE2 and Device PE3 and is relayed by way of internal BGP (IBGP) IBGP to Device PE1. On Device PE1, there are two paths to the 172.16.1.5/24 network. These are the primary and a backup path.
Topology
Figure 1 shows the sample network.
Figure 1: BGP PIC Edge Scenario
CLI Quick Configuration shows the configuration for all of the devices in Figure 1.
The section Step-by-Step Procedure describes the steps on Device PE1.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Device CE1
set interfaces ge-1/2/0 unit 0 family inet
address 10.0.0.1/30set interfaces lo0 unit 0 family inet address
192.168.0.1/32set protocols bgp group ebgp type externalset protocols bgp group ebgp export send-directset protocols bgp group ebgp neighbor 10.0.0.2set policy-options policy-statement send-direct
from protocol directset policy-options policy-statement send-direct
then acceptset routing-options autonomous-system 101
Device CE2
set interfaces ge-1/2/4 unit 0 family inet
address 10.0.0.42/30set interfaces ge-1/2/3 unit 0 family inet
address 10.0.0.46/30set interfaces lo0 unit 0 family inet address
192.168.0.8/32set interfaces lo0 unit 0 family inet address
172.16.1.5/24set protocols bgp group ebgp type externalset protocols bgp group ebgp export send-directset protocols bgp group ebgp neighbor 10.0.0.45set protocols bgp group ebgp neighbor 10.0.0.41set policy-options policy-statement send-direct
from protocol directset policy-options policy-statement send-direct
then acceptset routing-options autonomous-system 102
Device P1
set interfaces ge-1/2/1 unit 0 family inet
address 10.0.0.5/30set interfaces ge-1/2/1 unit 0 family mplsset interfaces ge-1/2/5 unit 0 family inet
address 10.0.0.17/30set interfaces ge-1/2/5 unit 0 family mplsset interfaces ge-1/2/2 unit 0 family inet
address 10.0.0.33/30set interfaces ge-1/2/2 unit 0 family mplsset interfaces lo0 unit 0 family inet address
192.168.0.3/32set protocols mpls interface ge-1/2/1.0set protocols mpls interface ge-1/2/5.0set protocols mpls interface ge-1/2/2.0set protocols ospf area 0.0.0.0 interface
ge-1/2/1.0set protocols ospf area 0.0.0.0 interface
ge-1/2/5.0set protocols ospf area 0.0.0.0 interface
ge-1/2/2.0set protocols ospf area 0.0.0.0 interface
lo0.0 passiveset protocols ldp interface ge-1/2/1.0set protocols ldp interface ge-1/2/5.0set protocols ldp interface ge-1/2/2.0set protocols ldp interface lo0.0set routing-options autonomous-system 100
Device PE1
set interfaces ge-1/2/0 unit 0 family inet
address 10.0.0.2/30set interfaces ge-1/2/1 unit 0 family inet
address 10.0.0.6/30set interfaces ge-1/2/1 unit 0 family mplsset interfaces lo0 unit 0 family inet address
192.168.0.2/32set protocols mpls interface ge-1/2/1.0set protocols bgp group ibgp type internalset protocols bgp group ibgp local-address
192.168.0.2set protocols bgp group ibgp family inet unicastset protocols bgp group ibgp family inet-vpn
unicastset protocols bgp group ibgp export nhsset protocols bgp group ibgp neighbor 192.168.0.7set protocols bgp group ibgp neighbor 192.168.0.6set protocols ospf area 0.0.0.0 interface
ge-1/2/1.0set protocols ospf area 0.0.0.0 interface
lo0.0 passiveset protocols ldp interface ge-1/2/1.0set protocols ldp interface lo0.0set policy-options policy-statement lb then
load-balance per-packetset policy-options policy-statement nhs then
next-hop selfset routing-instances customer1 instance-type
vrfset routing-instances customer1 interface
ge-1/2/0.0set routing-instances customer1 route-distinguisher
100:1set routing-instances customer1 vrf-target
target:100:1set routing-instances customer1 routing-options
protect coreset routing-instances customer1 protocols
bgp group ebgp type externalset routing-instances customer1 protocols
bgp group ebgp neighbor 10.0.0.1set routing-options router-id 192.168.0.2set routing-options autonomous-system 100set routing-options forwarding-table export
lb
Device PE2
set interfaces ge-1/2/2 unit 0 family inet
address 10.0.0.34/30set interfaces ge-1/2/2 unit 0 family mplsset interfaces ge-1/2/3 unit 0 family inet
address 10.0.0.45/30set interfaces lo0 unit 0 family inet address
192.168.0.7/32set protocols mpls interface ge-1/2/2.0set protocols bgp group ibgp type internalset protocols bgp group ibgp local-address
192.168.0.7set protocols bgp group ibgp family inet unicastset protocols bgp group ibgp family inet-vpn
unicastset protocols bgp group ibgp export nhsset protocols bgp group ibgp neighbor 192.168.0.2set protocols bgp group ibgp neighbor 192.168.0.6set protocols ospf area 0.0.0.0 interface
ge-1/2/2.0set protocols ospf area 0.0.0.0 interface
lo0.0 passiveset protocols ldp interface ge-1/2/2.0set protocols ldp interface lo0.0set routing-instances customer1 instance-type
vrfset routing-instances customer1 interface
ge-1/2/3.0set routing-instances customer1 route-distinguisher
100:1set routing-instances customer1 vrf-target
target:100:1set routing-instances customer1 protocols
bgp group ebgp type externalset routing-instances customer1 protocols
bgp group ebgp neighbor 10.0.0.46set routing-options autonomous-system 100
Device PE3
set interfaces ge-1/2/5 unit 0 family inet
address 10.0.0.18/30set interfaces ge-1/2/5 unit 0 family mplsset interfaces ge-1/2/4 unit 0 family inet
address 10.0.0.41/30set interfaces ge-1/2/4 unit 0 family mplsset interfaces lo0 unit 0 family inet address
192.168.0.6/32set protocols mpls interface ge-1/2/5.0set protocols mpls interface ge-1/2/4.0set protocols bgp group ibgp type internalset protocols bgp group ibgp local-address
192.168.0.6set protocols bgp group ibgp family inet unicastset protocols bgp group ibgp family inet-vpn
unicastset protocols bgp group ibgp export nhsset protocols bgp group ibgp neighbor 192.168.0.7set protocols bgp group ibgp neighbor 192.168.0.2set protocols ospf area 0.0.0.0 interface
ge-1/2/5.0set protocols ospf area 0.0.0.0 interface
lo0.0 passiveset protocols ldp interface ge-1/2/5.0set protocols ldp interface lo0.0set routing-instances customer1 instance-type
vrfset routing-instances customer1 interface
ge-1/2/4.0set routing-instances customer1 route-distinguisher
100:1set routing-instances customer1 vrf-target
target:100:1set routing-instances customer1 protocols
bgp group ebgp type externalset routing-instances customer1 protocols
bgp group ebgp neighbor 10.0.0.42set routing-options autonomous-system 100
Step-by-Step Procedure
The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure Device R1:
- Configure the device interfaces.[edit interfaces]user@PE1# set ge-1/2/0 unit 0 family inet address 10.0.0.2/30
user@PE1# set ge-1/2/1 unit 0 family inet address 10.0.0.6/30user@PE1# set ge-1/2/1 unit 0 family mpls
user@PE1# set lo0 unit 0 family inet address 192.168.0.2/32 - Configure MPLS and LDP on the core-facing interfaces.[edit protocols]user@PE1# set mpls interface ge-1/2/1.0
user@PE1# set ldp interface ge-1/2/1.0user@PE1# set ldp interface lo0.0 - Configure an IGP on the core-facing interfaces.[edit protocols ospf area 0.0.0.0]user@PE1# set interface ge-1/2/1.0user@PE1# set interface lo0.0 passive
- Configure IBGP connections with the other PE devices.[edit protocols bgp group ibgp]user@PE1# set type internaluser@PE1# set local-address 192.168.0.2user@PE1# set family inet unicastuser@PE1# set family inet-vpn unicastuser@PE1# set export nhsuser@PE1# set neighbor 192.168.0.7user@PE1# set neighbor 192.168.0.6
- Configure the load-balancing policy.[edit policy-options policy-statement lb]user@PE1# set then load-balance per-packet
- (Optional) Configure a next-hop self policy.[edit policy-options policy-statement nhs]user@PE1# set then next-hop self
- Configure the routing-instance to create the CE-PE EBGP
connection.[edit routing-instances customer1]user@PE1# set instance-type vrfuser@PE1# set interface ge-1/2/0.0user@PE1# set route-distinguisher 100:1user@PE1# set vrf-target target:100:1user@PE1# set protocols bgp group ebgp type externaluser@PE1# set protocols bgp group ebgp neighbor 10.0.0.1
- Enable the BGP PIC edge feature.[edit routing-instances customer1]user@PE1# set routing-options protect core
- Apply the load-balancing policy.[edit routing-options forwarding-table]user@PE1# set export lb
- Assign the router ID and autonomous system (AS) number.[edit routing-options]user@PE1# set router-id 192.168.0.2user@PE1# set autonomous-system 100
Results
From configuration mode, confirm your configuration by entering the show interfaces, show protocols, show policy-options, show routing-instances, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
user@PE1# show interfaces
ge-1/2/0 {unit 0 {family inet {address 10.0.0.2/30;}}}
ge-1/2/1 {unit 0 {family inet {address 10.0.0.6/30;}family mpls;}}
lo0 {unit 0 {family inet {address 192.168.0.2/32;}}}
user@PE1# show protocols
mpls {interface ge-1/2/1.0;}
bgp {group ibgp {type internal;local-address 192.168.0.2;family inet {unicast;}family inet-vpn {unicast;}export nhs;neighbor 192.168.0.7;neighbor 192.168.0.6;}}
ospf {area 0.0.0.0 {interface ge-1/2/1.0;interface lo0.0 {passive;}}}
ldp {interface ge-1/2/1.0;interface lo0.0;}
user@PE1# show policy-options
policy-statement lb {then {load-balance per-packet;}}
policy-statement nhs {then {next-hop self;}}
user@PE1# show routing-instances
customer1 {instance-type vrf;interface ge-1/2/0.0;route-distinguisher 100:1;vrf-target target:100:1;routing-options {protect core;}protocols {bgp {group ebgp {type external;peer-as 101;neighbor 10.0.0.1;}}}}
user@PE1# show routing-optionsrouter-id 192.168.0.2;autonomous-system 100;
forwarding-table {export lb;}
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
Displaying Extensive Route Information
Purpose
Confirm that BGP PIC Edge is working.
Action
From Device PE1, run the show route extensive table customer1.inet.0 172.16.1/24 command.
user@PE1> show route extensive table customer1.inet.0 172.16.1/24
customer1.inet.0: 7 destinations, 12 routes (7 active, 0 holddown, 0 hidden)
172.16.1.0/24 (3 entries, 2 announced)
State: <CalcForwarding>
TSI:
KRT in-kernel 172.16.1.0/24 -> {indirect(262146), indirect(262142)}
Page 0 idx 0, (group ebgp type External) Type 1 val 0x950a62c (adv_entry)
Advertised metrics:
Nexthop: Self
AS path: [100] 102 I
Communities: target:100:1
Path 172.16.1.0 from 192.168.0.6 Vector len 4. Val: 0
@BGP Preference: 170/-101
Route Distinguisher: 100:1
Next hop type: Indirect
Address: 0x9514a74
Next-hop reference count: 7
Source: 192.168.0.6
Next hop type: Router, Next hop index: 990
Next hop: 10.0.0.5 via ge-1/2/1.0, selected
Label operation: Push 299824, Push 299856(top)
Label TTL action: prop-ttl, prop-ttl(top)
Load balance label: Label 299824: None; Label 299856: None;
Session Id: 0x280002
Protocol next hop: 192.168.0.6
Label operation: Push 299824
Label TTL action: prop-ttl
Load balance label: Label 299824: None;
Indirect next hop: 0x96bc104 262146 INH Session ID: 0x280006
State: <Secondary Active Int Ext ProtectionPath ProtectionCand>
Local AS: 100 Peer AS: 100
Age: 1:38:13 Metric2: 1
Validation State: unverified
Task: BGP_100.192.168.0.6+45824
Announcement bits (1): 1-BGP_RT_Background
AS path: 102 I
Communities: target:100:1
Import Accepted
VPN Label: 299824
Localpref: 100
Router ID: 192.168.0.6
Primary Routing Table bgp.l3vpn.0
Indirect next hops: 1
Protocol next hop: 192.168.0.6 Metric: 1
Label operation: Push 299824
Label TTL action: prop-ttl
Load balance label: Label 299824: None;
Indirect next hop: 0x96bc104 262146 INH Session ID: 0x280006
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 10.0.0.5 via ge-1/2/1.0
Session Id: 0x280002
192.168.0.6/32 Originating RIB: inet.3
Metric: 1 Node path count: 1
Forwarding nexthops: 1
Nexthop: 10.0.0.5 via ge-1/2/1.0
BGP Preference: 170/-101
Route Distinguisher: 100:1
Next hop type: Indirect
Address: 0x9515570
Next-hop reference count: 7
Source: 192.168.0.7
Next hop type: Router, Next hop index: 933
Next hop: 10.0.0.5 via ge-1/2/1.0, selected
Label operation: Push 299856, Push 299872(top)
Label TTL action: prop-ttl, prop-ttl(top)
Load balance label: Label 299856: None; Label 299872: None;
Session Id: 0x280002
Protocol next hop: 192.168.0.7
Label operation: Push 299856
Label TTL action: prop-ttl
Load balance label: Label 299856: None;
Indirect next hop: 0x96bc000 262142 INH Session ID: 0x280005
State: <Secondary NotBest Int Ext ProtectionPath ProtectionCand>
Inactive reason: Not Best in its group - Router ID
Local AS: 100 Peer AS: 100
Age: 1:38:13 Metric2: 1
Validation State: unverified
Task: BGP_100.192.168.0.7+10985
AS path: 102 I
Communities: target:100:1
Import Accepted
VPN Label: 299856
Localpref: 100
Router ID: 192.168.0.7
Primary Routing Table bgp.l3vpn.0
Indirect next hops: 1
Protocol next hop: 192.168.0.7 Metric: 1
Label operation: Push 299856
Label TTL action: prop-ttl
Load balance label: Label 299856: None;
Indirect next hop: 0x96bc000 262142 INH Session ID: 0x280005
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 10.0.0.5 via ge-1/2/1.0
Session Id: 0x280002
192.168.0.7/32 Originating RIB: inet.3
Metric: 1 Node path count: 1
Forwarding nexthops: 1
Nexthop: 10.0.0.5 via ge-1/2/1.0
#Multipath Preference: 255
Next hop type: Indirect
Address: 0x9578010
Next-hop reference count: 4
Next hop type: Router, Next hop index: 990
Next hop: 10.0.0.5 via ge-1/2/1.0, selected
Label operation: Push 299824, Push 299856(top)
Label TTL action: prop-ttl, prop-ttl(top)
Load balance label: Label 299824: None; Label 299856: None;
Session Id: 0x280002
Next hop type: Router, Next hop index: 933
Next hop: 10.0.0.5 via ge-1/2/1.0
Label operation: Push 299856, Push 299872(top)
Label TTL action: prop-ttl, prop-ttl(top)
Load balance label: Label 299856: None; Label 299872: None;
Session Id: 0x280002
Protocol next hop: 192.168.0.6
Label operation: Push 299824
Label TTL action: prop-ttl
Load balance label: Label 299824: None;
Indirect next hop: 0x96bc104 262146 INH Session ID: 0x280006 Weight 0x1
Protocol next hop: 192.168.0.7
Label operation: Push 299856
Label TTL action: prop-ttl
Load balance label: Label 299856: None;
Indirect next hop: 0x96bc000 262142 INH Session ID: 0x280005 Weight 0x4000
State: <ForwardingOnly Int Ext>
Inactive reason: Forwarding use only
Age: 1:38:13 Metric2: 1
Validation State: unverified
Task: RT
Announcement bits (1): 0-KRT
AS path: 102 I
Communities: target:100:1
Meaning
The Indirect next hop output lines that contain weight follow next hops that the software can use to repair paths where a link failure occurs.
The next-hop weight has one of the following values:
- 0x1 indicates active next hops.
- 0x4000 indicates passive next hops.
Displaying the Forwarding Table
Purpose
Check the forwarding and kernel routing-table state by using show route forwarding-table.
Action
From Device PE1, run the show route forwarding-table table customer1 destination 172.16.1.0/24 command.
user@PE1> show route forwarding-table table customer1 destination 172.16.1.0/24
Routing table: customer1.inet
Internet:
Destination Type RtRef Next hop Type Index NhRef Netif
172.16.1.0/24 user 0 ulst 262147 2
indr 262146 3
10.0.0.5 Push 299824, Push 299856(top) 990 2 ge-1/2/1.0
indr 262144 3
10.0.0.5 Push 300080, Push 299920(top) 1000 2 ge-1/2/1.0
Meaning
in addition to the forwarding and kernel routing-table state, this command shows the unilist index (262147) used by the Packet Forwarding Engine.
Displaying the OSPF Routes
Purpose
Show the OSPF route state.
Action
From Device PE1, run the show (ospf | ospf3) route detail command.
user@PE1> show ospf route detail
betsy@tp0:PE1> show ospf route detail
Topology default Route Table:
Prefix Path Route NH Metric NextHop Nexthop
Type Type Type Interface Address/LSP
192.168.0.3 Intra Router IP 1 ge-1/2/1.0 10.0.0.5
area 0.0.0.0, origin 192.168.0.3, optional-capability 0x0
192.168.0.6 Intra Router IP 2 ge-1/2/1.0 10.0.0.5
area 0.0.0.0, origin 192.168.0.6, optional-capability 0x0
192.168.0.7 Intra Router IP 2 ge-1/2/1.0 10.0.0.5
area 0.0.0.0, origin 192.168.0.7, optional-capability 0x0
10.0.0.4/30 Intra Network IP 1 ge-1/2/1.0
area 0.0.0.0, origin 192.168.0.3, priority low
10.0.0.16/30 Intra Network IP 2 ge-1/2/1.0 10.0.0.5
area 0.0.0.0, origin 192.168.0.6, priority medium
10.0.0.32/30 Intra Network IP 2 ge-1/2/1.0 10.0.0.5
area 0.0.0.0, origin 192.168.0.7, priority medium
192.168.0.2/32 Intra Network IP 0 lo0.0
area 0.0.0.0, origin 192.168.0.2, priority low
192.168.0.3/32 Intra Network IP 1 ge-1/2/1.0 10.0.0.5
area 0.0.0.0, origin 192.168.0.3, priority medium
192.168.0.6/32 Intra Network IP 2 ge-1/2/1.0 10.0.0.5
area 0.0.0.0, origin 192.168.0.6, priority medium
session-id: 2621446, version: 1
192.168.0.7/32 Intra Network IP 2 ge-1/2/1.0 10.0.0.5
area 0.0.0.0, origin 192.168.0.7, priority medium
session-id: 2621450, version: 1
Meaning
The output shows the tracked session IDs for the loopback interface addresses on Devices PE2 and PE3.
Related Documentation
- ACX Series
- Example: Configuring Provider Edge Link Protection in Layer 3 VPNs
- M Series
- Configuring BGP PIC Edge for MPLS Layer 3 VPNs
- Example: Configuring Provider Edge Link Protection in Layer 3 VPNs
- MX Series
- Configuring BGP PIC Edge for MPLS Layer 3 VPNs
- Example: Configuring Provider Edge Link Protection in Layer 3 VPNs
- T Series
- Configuring BGP PIC Edge for MPLS Layer 3 VPNs
- Example: Configuring Provider Edge Link Protection in Layer 3 VPNs
