MPLS E VPLS COM LSP EM ROTEADORES JUNIPER

Share Button

English Title: MPLS and VPLS with LSP in Juniper Routers

Com a necessidade de interligar dois sites com uma rede L2, surgiu a idéia de fazer um VPLS, o cenário criado é um cenário de testes roando em Linux com KVM e Libvirt, rodando verções virtuais do Juniper MX e Mikrotik Router)S

Equipamentos virtualizados

3 – vMX (Juniper MX virtualized)

2 – CHR (Mikrotik RouterOS Cloud Hosted Router)

Topologia

topologia

Algums acronomos usados:

MPLS – Multi Protocol Label Switching

OSPF – Open Shortest Path First

VPLS – Virtual Private LAN Service

LDP – Label Distribution Protocol

RSVP – Resource Reservation Protocol

LSP – Label Switching Path

A ideia inicial éra que os equipamento mikrotik-1 e mikortik-2 se comunicassem a nivel de L2 usando uma VLAN para isso, mas a ideia amadureceu para o funcionamento de 802qinq no tunel VPLS.

Sendo assim os exeplos abaixo mostram como foi configurado todos os protocooos como OSPF, MPLS, LDP, RSVP e tabém o LSP para que funcione o QinQ no tunel VPLS, ambas LSPs são balanceadas e ativas, sendo assim em caso de queda de um LSP o tunel VPLS continua funcionando sem nenhuma interrupção.

Configurações do R1

system {
    host-name R1;
    services {
        ssh {
            protocol-version v2;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    ge-0/0/0 {
        mtu 2000;
        mac 52:54:00:69:dc:34;
        unit 0 {
            family inet {
                address 10.0.0.1/30;
            }
            family mpls;
        }
    }
    ge-0/0/1 {
        mtu 2000;                       
        mac 52:54:00:cc:d5:ac;
        unit 0 {
            family inet {
                address 10.0.3.1/30;
            }
            family mpls;
        }
    }
    ge-0/0/2 {
        mtu 2000;
        flexible-vlan-tagging;
		encapsulation flexible-ethernet-services;
        mac 52:54:00:eb:23:b4;
        unit 800 {
            encapsulation vlan-vpls;
            vlan-id 800;
            family vpls;
        }
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.0.101/24;
            }
        }
    }
    lo0 {
        unit 0 {                        
            family inet {
                address 10.1.1.1/32;
            }
        }
    }
}
protocols {
    rsvp {
        load-balance bandwidth;
        interface ge-0/0/1.0;
        interface ge-0/0/0.0;
    }
    mpls {
        label-switched-path NORMAL {
            to 10.2.1.1;
            primary DIRETO;
        }
        label-switched-path SECUNDARIA {
            to 10.2.1.1;
            primary VIAR3;
        }
        path DIRETO {
            10.2.1.1;
        }
        path VIAR3 {
            10.3.1.1;
            10.2.1.1;
        }
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
    }
    ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface ge-0/0/0.0;       
            interface ge-0/0/1.0;
            interface ge-0/0/2.0;
            interface lo0.0;
        }
    }
    ldp {
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
        interface lo0.0;
    }
}
routing-instances {
    VPN {
        instance-type vpls;
        vlan-id 800;
        interface ge-0/0/2.800;
        protocols {
            vpls {
                encapsulation-type ethernet-vlan;
                site-range 10;
                interface ge-0/0/2.800;
                no-tunnel-services;
                site mk1 {
                    site-identifier 1;
                }
                vpls-id 101;
                neighbor 10.2.1.1;
            }
        }
    }
}

Configurações do R2

system {
    host-name R2;
    services {
        ssh {
            protocol-version v2;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    ge-0/0/0 {
        mtu 2000;
        mac 52:54:00:dc:47:dc;
        unit 0 {
            family inet {
                address 10.0.0.2/30;
            }
            family mpls;
        }
    }
    ge-0/0/1 {
        mtu 2000;                       
        mac 52:54:00:18:3a:d0;
        unit 0 {
            family inet {
                address 10.0.2.1/30;
            }
            family mpls;
        }
    }
    ge-0/0/2 {
        mtu 2000;
        flexible-vlan-tagging;
		encapsulation flexible-ethernet-services;
        mac 52:54:00:70:f2:ce;
        unit 800 {
            encapsulation vlan-vpls;
            vlan-id 800;
            family vpls;
        }
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.0.102/24;
            }
        }
    }
    lo0 {
        unit 0 {                        
            family inet {
                address 10.2.1.1/32;
            }
        }
    }
}
protocols {
    rsvp {
        load-balance bandwidth;
        interface ge-0/0/1.0;
        interface ge-0/0/0.0;
    }
    mpls {
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
    }
    ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface ge-0/0/0.0;
            interface ge-0/0/1.0;
            interface ge-0/0/2.0;
            interface lo0.0;
        }
    }
    ldp {
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
        interface lo0.0;
    }
}
routing-instances {
    VPN {
        instance-type vpls;
        vlan-id 800;
        interface ge-0/0/2.800;
        protocols {                     
            vpls {
                encapsulation-type ethernet-vlan;
                site-range 10;
                interface ge-0/0/2.800;
                no-tunnel-services;
                site mk2 {
                    site-identifier 2;
                }
                vpls-id 101;
                neighbor 10.1.1.1;
            }
        }
    }
}

Configurações do R3

system {
    host-name R3;
    services {
        ssh {
            protocol-version v2;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    ge-0/0/0 {
        mtu 2000;
        mac 52:54:00:bf:a1:0d;
        unit 0 {
            family inet {
                address 10.0.2.2/30;
            }
            family mpls;
        }
    }
    ge-0/0/1 {
        mtu 2000;                       
        mac 52:54:00:29:54:42;
        unit 0 {
            family inet {
                address 10.0.3.2/30;
            }
            family mpls;
        }
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.0.103/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 10.3.1.1/32;
            }
        }
    }
}
protocols {
    rsvp {
        load-balance bandwidth;
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
    }
    mpls {
        interface ge-0/0/0.0;           
        interface ge-0/0/1.0;
    }
    ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface ge-0/0/0.0;
            interface ge-0/0/1.0;
            interface lo0.0;
        }
    }
    ldp {
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
        interface lo0.0;
    }
}

[edit]

Configuraṍes do Mikrotik 1

/system identity
set name=MIKROTIK-01
/interface vlan
add interface=ether2 name=vlan1 vlan-id=800
add interface=vlan1 name=vlan2 vlan-id=900
/ip address
add address=192.168.0.104/24 interface=ether1 network=192.168.0.0
add address=10.10.10.1/30 interface=vlan1 network=10.10.10.0
add address=10.20.10.1/30 interface=vlan2 network=10.20.10.0

Configuraṍes do Mikrotik 2

/system identity
set name=MIKROTIK-02
/interface vlan
add interface=ether1 name=vlan1 vlan-id=800
add interface=vlan1 name=vlan2 vlan-id=900
/ip address
add address=192.168.0.105/24 interface=ether2 network=192.168.0.0
add address=10.10.10.2/30 interface=vlan1 network=10.10.10.0
add address=10.20.10.2/30 interface=vlan2 network=10.20.10.0

Testes

Visualizando no R1 o status da conexão VPLS

vpls status

Testes de ping do Mikrotik-01 para o Mikrotik-02

mk-test