Juniper JUNOS OS 10.4 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Juniper JUNOS OS 10.4, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Juniper JUNOS OS 10.4 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Juniper JUNOS OS 10.4. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Juniper JUNOS OS 10.4 should contain:
- informations concerning technical data of Juniper JUNOS OS 10.4
- name of the manufacturer and a year of construction of the Juniper JUNOS OS 10.4 item
- rules of operation, control and maintenance of the Juniper JUNOS OS 10.4 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Juniper JUNOS OS 10.4 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Juniper JUNOS OS 10.4, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Juniper service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Juniper JUNOS OS 10.4.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Juniper JUNOS OS 10.4 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    Junos ® O S MX S eries 3D Univ er sal Edg e R out er s Sol utions Guide Rel ea se 12. 1 Published: 2012-03-08 Cop yright © 2012, Juniper Networks, Inc.[...]

  • Page 2

    Juniper Netw orks, Inc. 1194 North Mathil da Av enue Sunnyv ale, Calif ornia 94089 US A 408-7 45-2000 www .juniper .net This pr oduct includes the Env oy SNMP Engine, dev eloped by Epil ogue T echnol ogy , an Integr ate d Syst ems Company . Copyright © 1986-1997 , Epilog ue T echnolog y Corpora tion. All rights reserve d. This progr am and its doc[...]

  • Page 3

    Abbr e via t ed T abl e of C ont ents A b o u t T h i s G u i d e .................................................x i i i P art 1 Overvie w C h a p t e r 1 O v e r v i e w o f E t h e r n e t S o l u t i o n s ......................................3 P art 2 Basic S olutions f or MX Series R outers Chapter 2 Basic L ay er 2 Fea tures on MX Series R[...]

  • Page 4

    Cop yright © 2012, Juniper Networks, Inc. iv Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 5

    T abl e of C ont ents A b o u t T h i s G u i d e .................................................x i i i Junos Document ation and R ele ase Not es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii O b j e c t i v e s .........................................................x i v A u d i e n c e ...................................[...]

  • Page 6

    C h a p t e r 3 V i r t u a l S w i t c h e s ..................................................3 9 Lay er 2 Featur es for a S witching Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Config uring V irtual Swit ches a s S epara te Routing Instanc es . . . . . . . . . . . . . . . . 40 Chapter 4 VLANs Within Bridg e Domain and [...]

  • Page 7

    P art 3 Ethernet Fil tering, Monit oring, and F ault Mana gement Sol utions for MX S eries R outer s C h a p t e r 9 L a y e r2F i r e w a l lF i l t e r s.............................................9 5 Fire wall Filt ers for Bridg e Domains and VPLS Instanc es . . . . . . . . . . . . . . . . . . . . 95 Exampl e: Configuring P olicing and Marking [...]

  • Page 8

    P art 4 Index I n d e x .............................................................1 7 7 Cop yright © 2012, Juniper Networks, Inc. viii Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 9

    List of Fig ur es P art 1 Overvie w C h a p t e r 1 O v e r v i e w o f E t h e r n e t S o l u t i o n s ......................................3 Figure 1: Nativ e (Normal) and VLAN-T agged Ethernet Frames . . . . . . . . . . . . . . . . 12 F i g u r e 2 : A M e t r o E t h e r n e t N e t w o r k .....................................1 5 Figure 3: [...]

  • Page 10

    Figure 22: Etherne t LFM with L oopback Support . . . . . . . . . . . . . . . . . . . . . . . . . 142 C h a p t e r 1 3 E t h e r n e t R i n g P r o t e c t i o n ..........................................1 4 5 Figure 23: Etherne t Ring Prot ection Exampl e Nodes . . . . . . . . . . . . . . . . . . . . . . 148 Figure 2 4: ERP with Multipl e Prot e[...]

  • Page 11

    List of T abl es A b o u t T h i s G u i d e .................................................x i i i T a b l e1 :N o t i c eI c o n s................................................x v i i T able 2: T ext and Synt ax Conv entions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii P art 3 Ethernet Fil tering, Monit oring, and [...]

  • Page 12

    Cop yright © 2012, Juniper Networks, Inc. xii Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 13

    About T his Guide This pr efac e pro vides the foll owing guidelines f or using the Junos ® OS MX Series 3D Univers al Edge Rout ers Sol utions Guide : • Junos Documenta tion and Rel ea se Notes on pa ge xiii • Objectiv es on page xiv • Audienc e on page xiv • Support ed Routing Pl at forms on pag e xv • Using the Index es on pag e xv ?[...]

  • Page 14

    Objectiv es This g uide provides an o verview of the La yer 2 f eatur es of the Junos OS and describe s how t o configur e the fea tures t o provide sol utions to sev eral net work scenario s. NO TE: For additional informa tion about the Junos OS—either c orrections to or informa tion that might ha ve been omitt ed from this guide—see the softw[...]

  • Page 15

    Support ed Routing P lat forms For the Lay er 2 fe atures de scribed in this manual, the Junos OS curr ently supports the foll owing r outing pla tforms: • Juniper Netw orks MX Serie s 3D Universal Edg e Rout ers Using the Index es This r efer ence cont ains a standard index with t opic entries. Using the Exampl es in This Manual If you w ant to [...]

  • Page 16

    } 2. Merg e the content s of the file int o your routing pl atf orm config uration b y issuing the loa d merge configur ation mode c ommand: [edit] user@host# l oad merge / var /tmp/ ex-script.conf loa d comple te Merging a S nippet T o merge a snippe t, foll ow these st eps: 1. From the HTML or PDF v ersion of the manual, cop y a configur ation sn[...]

  • Page 17

    T able 1: Notic e Icons Description Meaning Icon Indica tes important f eatur es or instructions. Informa tional note Indica tes a situa tion that might resul t in loss of da ta or hardwar e damage. Caution Alert s you to the risk of pers onal injury or death. W arning Alert s you to the risk of pers onal injury from a la ser . Las er warning T abl[...]

  • Page 18

    T able 2: T ex t and Synta x Conv entions (c ontinued) Exampl es Description Conv ention broadca st | multica st ( string1 | string2 | string3 ) Indica tes a choice be tween the mutuall y ex clusive k eywor ds or variables on either side of the symbol. T he set of choices is often encl osed in parenthese s for clarit y . | (pipe symbol) rsvp { # R [...]

  • Page 19

    or are c over ed under warr anty , and need postsal es t echnical support, you c an acc ess our tool s and resourc es online or open a ca se with JT A C. • JT A C policies—For a compl ete under standing of our JT A C proc edures and policies, re view the JT A C User Guide loca ted a t http:/ / www .juniper .net/ us/ en/loc al/ pdf/ resourc e-gu[...]

  • Page 20

    Cop yright © 2012, Juniper Networks, Inc. xx Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 21

    P AR T 1 Ov ervie w • Overvie w of Ethernet Solutions on p age 3 1 Copyright © 2012, Juniper Netw orks, Inc.[...]

  • Page 22

    Cop yright © 2012, Juniper Networks, Inc. 2 Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 23

    CHAPTER 1 Ov ervie w of Ethernet S ol utions • Ethernet T erms and Acr onyms on pag e 3 • Netw orking and Internetw orking with Bridges and R outer s on page 6 • Netw ork Addr essing at La yer 2 and La yer 3 on pag e 7 • Netw orking at La yer 2: Benefits of Etherne t Frames on pag e 9 • Netw orking at La yer 2: Chall enges of Ethernet MA [...]

  • Page 24

    • bridge— A netw ork component defined b y the IEEE that f orwards fr ames from one LAN segment or VLAN t o another . The bridging function c an be contained in a r outer , LAN swit ch, or other specialized devic e. See al so switch . • bridge domain— A set of l ogical ports tha t share the same flooding or br oadca st chara cteristics. As [...]

  • Page 25

    • MS TP—Multipl e Spanning T r ee Prot ocol. A spanning-tr ee protoc ol used to pr event loop s in bridge configur ations. Unlik e other types of S TPs, MS TP can bl ock ports sel ectivel y by VLAN. Se e also RS TP . • O AM—Operation, A dministra tion, and Maintenanc e. A set of tool s used to pr ovide manag ement for links, de vice, and ne[...]

  • Page 26

    • Netw orking at La yer 2: Forwar ding Dual-T a gged Frame s on page 13 • Netw orking at La yer 2: L ogical Interf ace T ypes on pa ge 14 • A Metro E thernet Network with MX S eries R outers on pag e 15 • Lay er 2 Netw orking Standards on p age 17 Netw orking and Interne tworking with Bridg es and R outers T ra ditionally , different har dw[...]

  • Page 27

    coul d older bridg es that w ere l ess intelligent de vices. Bridg es learn much about the LAN segments the y connect t o from prot ocols lik e those in the Spanning T re e Prot ocol (S TP) famil y . The ne twork l ayer (La yer 3) is the highest l ay er used by netw ork nodes to f orward tr affic as part of the da ta pl ane. On the Internet, the ne[...]

  • Page 28

    NO TE: The opposit e of a “gl obally unique netw ork address” is the “l ocally significant c onnection identifier ” which connec ts two endpoints on a net work. For exampl e, MPLS l abels such as 1000001 c an repea t in a network, but a public IP address c an appear on the Internet in onl y one pla ce at a time (otherwise it is an err or). [...]

  • Page 29

    R elat ed Documenta tion Ethernet Net working • • Ethernet T erms and Acr onyms on pag e 3 • Netw orking and Internetw orking with Bridges and R outer s on page 6 • Netw orking at La yer 2: Benefits of Etherne t Frames on pag e 9 • Netw orking at La yer 2: Chall enges of Ethernet MA C Addr esses on pag e 10 • Netw orking at La yer 2: Fo[...]

  • Page 30

    NO TE: Netw orking at the frame l ev el says nothing about the pr esence or absence of IP a ddresses at the pa cket l evel. Almos t all ports, links, and devic es on a netw ork of LAN switches s till have IP addr esses, just as do all the sour ce and destina tion hosts. There ar e many rea sons for the c ontinued need for IP , not the le ast of whi[...]

  • Page 31

    • Netw orking at La yer 2: Benefits of Etherne t Frames on pag e 9 • Netw orking at La yer 2: Forwar ding VLAN T a gged Frame s on page 11 • Netw orking at La yer 2: Forwar ding Dual-T a gged Frame s on page 13 • Netw orking at La yer 2: L ogical Interf ace T ypes on pa ge 14 • A Metro E thernet Network with MX S eries R outers on pag e 1[...]

  • Page 32

    Figure 1: Na tive (Normal) and VLAN-T agg ed Ethernet Fr ames The VLAN t ag subtrac ts four b ytes from the t otal MTU l ength of the Ethernet frame, but this is sel dom a problem if k ept in mind. When this t ag is used in an Ethernet fr ame, the frame c omplies with the IEEE 802.1Q (f ormerly IEEE 802. 1q) specifica tion. T ogether , the four add[...]

  • Page 33

    Netw orking at La yer 2: Forw arding Dual-T agg ed Frames The use of VLAN t agging to gr oup (or bundle) s ets of MAC a ddresses is a start t owar d a method of f orwarding LAN tr affic ba sed on informa tion found in the fr ame, not on IP addre ss in the packet. Ho wev er , there is a major limita tion in trying to buil d forw arding tabl es base [...]

  • Page 34

    • Netw orking and Internetw orking with Bridges and R outer s on page 6 • Netw ork Addr essing at La yer 2 and La yer 3 on pag e 7 • Netw orking at La yer 2: Benefits of Etherne t Frames on pag e 9 • Netw orking at La yer 2: Chall enges of Ethernet MA C Addr esses on pag e 10 • Netw orking at La yer 2: Forwar ding VLAN T a gged Frame s on[...]

  • Page 35

    A Metr o Ethernet Netw ork with MX Series R outer s Wha t would a Me tro Ethernet net work with Juniper Netw orks MX Serie s 3D Universal Edge R outer l ook like ? It is very lik ely tha t the Metro Ethernet ne twork will pl ace MX Series rout ers at the e dge of a VPLS and MPL S core ne twork. The VLAN l abels in the pack et are sta cked with MPL [...]

  • Page 36

    Figure 3: A Me tro Ethernet Ne twork with MX S eries Rout ers In Figure 3 on p age 16 , the circl ed numbers r eflec t the different f ormats tha t the Ethernet frame s can take a s the frames mak e their wa y from a host on one Ethernet s witching hub to a host on the other hub . The fr ame can hav e two VLAN ta gs (inner and outer), one tag ( onl[...]

  • Page 37

    • Netw orking at La yer 2: Benefits of Etherne t Frames on pag e 9 • Netw orking at La yer 2: Chall enges of Ethernet MA C Addr esses on pag e 10 • Netw orking at La yer 2: Forwar ding VLAN T a gged Frame s on page 11 • Netw orking at La yer 2: Forwar ding Dual-T a gged Frame s on page 13 • Netw orking at La yer 2: L ogical Interf ace T y[...]

  • Page 38

    • Netw orking at La yer 2: Forwar ding VLAN T a gged Frame s on page 11 • Netw orking at La yer 2: Forwar ding Dual-T a gged Frame s on page 13 • Netw orking at La yer 2: L ogical Interf ace T ypes on pa ge 14 • A Metro E thernet Network with MX S eries R outers on pag e 15 Cop yright © 2012, Juniper Networks, Inc. 18 Junos OS 12. 1 MX Ser[...]

  • Page 39

    P AR T 2 Ba sic S ol utions f or MX S eries R out ers • Basic L ayer 2 Fe atures on MX Serie s Rout ers on pag e 21 • Virtual S witches on pag e 39 • VLANs Within Bridg e Domain and VPLS Envir onments on page 43 • Bulk Adminis tration of L ayer 2 Fe atures on MX S eries R outers on pa ge 59 • Dynamic Pr ofiles f or VLAN Interf aces and P [...]

  • Page 40

    Cop yright © 2012, Juniper Networks, Inc. 20 Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 41

    CHAPTER 2 Ba sic L a y er 2 Fe a tur e s on MX S eries R out er s • Lay er 2 Fea tures for a Bridging En vironment on pag e 21 • Exampl e Roa dmap: Configuring a Ba sic Bridge Domain Envir onment on page 22 • Exampl e St ep: Configuring Int erfac es and VLAN T a gs on page 24 • Exampl e St ep: Configuring Bridge Domains on p age 30 • Exam[...]

  • Page 42

    • Spanning T r ee Prot ocols (xS TP , where the “x” r epresents the S TP type)—Bridg es function b y associating a MA C addr ess with an interf ace, simil ar to the wa y a rout er associa tes an IP ne twork addr ess with a next-hop int erfac e. Just a s routing prot ocols use pack ets to de tect and pr event r outing loops, bridg es use xST[...]

  • Page 43

    Figure 5: Bridging Netw ork with MX Series R outers The thr ee rout ers each ha ve a series of hosts on their Etherne t interf aces, a s well as aggr egat ed Ethernet link s between them. R outer 2 and R outer 3 are link ed to the Int ernet, and R outer 1 and R outer 3 are al so linked t o switches c onfigured with a r ange of VLANs, as sho wn in t[...]

  • Page 44

    • R outer 1 has an a ccess int erfa ce which pro vides bridging on VLAN 205 and is connect ed to a cus tomer devic e configure d on ge-2/2/2 . R outer 3 has an a ccess int erfa ce which pro vides bridging on VLAN 200 and is connect ed to a c ustomer devic e configure d on ge-2/2/ 6 . • R outer 1 and R outer 3 are c onfigured with a trunk int er[...]

  • Page 45

    T o configur e the Ethernet interf aces and VLAN t ags on all three r outers: 1. Config ure the Ethernet interf ac es and VLAN tags on R outer 1: [edit] chassis { aggre gat ed-devices { ethernet { devic e-count 2; # Number of AE interf aces on rout er } } } interf aces g e-2/ 1/ 0 { gigether-options { 802.3ad ae2; } } interf aces g e-2/ 1/ 1 { gige[...]

  • Page 46

    famil y bridge { interf ace-mode ac cess; vlan-id 205; } } } interf aces g e-2/2/ 4 { nativ e-vlan-id 200; # Untagg ed packe ts get vl an 200 tag unit 0 { famil y bridge { interf ace-mode trunk; vlan-id-list 200-205; # T his trunk port is part of VLAN range 200– 205 } } } interf aces g e-2/2/6 { encapsul ation fle xible-etherne t-services; vlan-t[...]

  • Page 47

    encapsul ation vlan-bridg e; vlan-id 100; } } interf aces g e-3/3/3 { encapsul ation fle xible-etherne t-services; vlan-ta gging; # Customer int erfac e uses singly-ta gged fr ames unit 200 { encapsul ation vlan-bridg e; vlan-id 200; } } interf aces g e-5/ 1/ 0 { gigether-options { 802.3ad ae3; } } interf aces g e-5/ 1/ 1 { gigether-options { 802.3[...]

  • Page 48

    vlan-id 100; } unit 200 { vlan-id 200; } } 3. Config ure the Ethernet interf ac es and VLAN tags on R outer 3: [edit] chassis { aggre gat ed-devices { ethernet { devic e-count 2; # Number of AE interf aces on rout er } } } interf aces g e-2/2/2 { encapsul ation fle xible-etherne t-services; vlan-ta gging; # Customer int erfac e uses singly-ta gged [...]

  • Page 49

    802.3ad ae3; } } interf aces g e-11/ 1/2 { gigether-options { 802.3ad ae3; } } interf aces g e-11/ 1/3 { gigether-options { 802.3ad ae2; } } interf aces g e-11/ 1/ 4 { gigether-options { 802.3ad ae2; } } interf aces g e-11/ 1/5 { gigether-options { 802.3ad ae2; } } interf aces ae2 { unit 0 { famil y bridge { interf ace-mode trunk; vlan-id-list 100 [...]

  • Page 50

    Exampl e St ep: Config uring Bridge Domains T o configur e the bridge domains on all three r outers: 1. Config ure a bridge domain on R outer 1: [edit] bridge-domains { vlan100 { domain-type bridge; vlan-id 100; interf ace g e-2/2/ 1. 100; interf ace ae1. 100; } vlan200 { domain-type bridge; vlan-id 200; interf ace g e-2/2/ 1.200; interf ace g e-2/[...]

  • Page 51

    domain-type bridge; vlan-id 200; interf ace g e-3/3/3.200; interf ace ae1.200; interf ace ae3.200; } } 3. Config ure a bridge domain on R outer 3: [edit] bridge-domains { vlan100 { domain-type bridge; vlan-id 100; interf ace g e-2/2/2.100; interf ace ae3. 100; } vlan200 { domain-type bridge; vlan-id 200; interf ace g e-3/3/3.200; interf ace ae3.200[...]

  • Page 52

    Exampl e St ep: Config uring Spanning T ree P rotoc ols Config ure the Spanning T r ee Prot ocol on all thre e routers. T his is necess ary to av oid the potential bridging l oop formed b y the triangular ar chitec ture of the rout ers. MSTP is config ured on the three r outers so the se t of VLANs has an independent, l oop-free topol ogy . The Lay[...]

  • Page 53

    3. Config ure MS TP on Rout er 3: [edit] prot ocols { mstp { configur ation-name mstp-f or-R1-2-3; # The names must ma tch to be in the same region revision-l evel 3; # T he revision l evels mus t match interf ace ae2; interf ace ae3; msti 1 { vlan100; # T his VLAN corresponds t o MSTP inst ance 1 } msti 2 { vlan200; # T his VLAN corresponds t o MS[...]

  • Page 54

    R elat ed Documenta tion Ethernet Net working • • Lay er 2 Fea tures for a Bridging En vironment on pag e 21 • Exampl e Roa dmap: Configuring a Ba sic Bridge Domain Envir onment on page 22 • Exampl e St ep: Configuring Int erfac es and VLAN T a gs on page 24 • Exampl e St ep: Configuring Bridge Domains on p age 30 • Exampl e St ep: Conf[...]

  • Page 55

    vrrp-group 1 { virtual-address 10 .0 .1.51; priority 254; } } } } unit 1 { famil y inet { address 10 .0.2.2/2 4 { vrrp-group 2 { virtual-address 10 .0 .2.51; priority 100; } } } } } } bridge-domains { vlan-100 { domain-type bridge; vlan-id 100; interf ace g e-2/2/2.100; interf ace ae1. 100; interf ace ae3. 100 routing-int erface irb .0; } vlan-200 [...]

  • Page 56

    } } } } unit 1 { famil y inet { address 10 .0.2.3/2 4 { vrrp-group 2 { virtual-address 10 .0 .2.51; priority 254; } } } } unit 2 { famil y inet { address 10 .0.3.2/2 4 { } } unit 3 { famil y inet { address 10 .0.3.3/2 4 { } } unit 4 { famil y inet { address 10 .0.3. 4/24 { } } unit 5 { famil y inet { address 10 .0.3.5/2 4 { } } unit 6 { famil y ine[...]

  • Page 57

    interf ace ae2. 100; interf ace ae3. 100; routing-int erface irb .0; } vlan-200 { domain-type bridge; vlan-id 200; interf ace g e-3/3/3.200; interf ace ae2.200; interf ace ae3.200; routing-int erface irb .1; } vlan201 { vlan-id 201; routing-int erface irb .2 } vlan202 { vlan-id 202; routing-int erface irb .3 } vlan203 { vlan-id 203; routing-int erf[...]

  • Page 58

    Cop yright © 2012, Juniper Networks, Inc. 38 Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 59

    CHAPTER 3 V irtual S wit ches • Lay er 2 Fea tures for a S witching Environment on pa ge 39 • Config uring Virtual S witches a s Separa te R outing Instanc es on page 40 Lay er 2 Fea tures f or a Swit ching Environment Juniper Netw orks MX Serie s 3D Universal Edg e Rout ers include all st andard Ethernet capabilities a s well a s enhanced mech[...]

  • Page 60

    • Config uring Virtual S witches a s Separa te R outing Instanc es on page 40 Config uring Virtual S witche s as Separ at e R outing Instance s Y ou c an configure t wo virtual swit ches as separ at e routing instanc es on an MX Series rout er with bridge domains and VLANs. Bef ore you begin, y ou should ha ve alre ady configur ed a basic bridg e[...]

  • Page 61

    R elat ed Documenta tion • Ethernet Net working • Lay er 2 Fea tures for a S witching Environment on pa ge 39 41 Copyright © 2012, Juniper Netw orks, Inc. Chapter 3: V irtual Swit ches[...]

  • Page 62

    Cop yright © 2012, Juniper Networks, Inc. 42 Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 63

    CHAPTER 4 VLANs W ithin Bridg e Domain and VPL S Envir onments • VLANs Within a Bridg e Domain or VPLS Instanc e on page 43 • P acket Fl ow T hrough a Bridg ed Network with Normaliz ed VLANs on pag e 44 • Config uring a Normalized VLAN for T ransla tion or T agging on page 45 • Config uring Learning Domains f or VLAN IDs Bound to L ogical I[...]

  • Page 64

    • Exampl e: Configuring One VPL S Instance f or Sev eral VLANs on pag e 55 P acke t Flo w Throu gh a Bridged Ne twork with Normaliz ed VLANs P acket s receiv ed ov er a Layer 2 l ogical int erfac e for bridging ar e processe d in a strict sequenc e of steps. P acket s receiv ed ov er a Layer 2 l ogical int erfac e for bridging when a normaliz ed [...]

  • Page 65

    Config uring a Normalized VLAN f or T ransla tion or T agging This t opic provide s configur ation and opera tional informa tion to help y ou manipula te virtual l ocal area ne twork s (VLANs) within a bridge domain or a virtual priva te LAN servic e (VPLS) inst ance. T he VPLS configur ation is not c ov ered in this topic. For mor e informa tion a[...]

  • Page 66

    Then, the sour ce MA C address of a r eceive d packet is l earned ba sed on the normalized VLAN config uration. For output pack ets, if the VLAN tag s associa ted with an egr ess logic al interfa ce do not mat ch the normalized VLAN ta gs within the pack et, then appropria te VLAN tag oper ations (such as push-push, pop-pop , pop-swap , swap-sw ap,[...]

  • Page 67

    • vlan-ta gs outer outer-vl an-number inner inner-vlan-number • Use the vlan-id all sta tement to c onfigure bridging f or sever al VLANS with minimal amount of config uration and s witch res ources. For an e xample of this c onfigura tion, see “Exampl e: Config uring One VPLS Instanc e for Se veral VLANs” on pa ge 55 . R elat ed Documenta [...]

  • Page 68

    NO TE: This t opic does not present exha ustive config uration listing s for all rout ers in the figures. Ho wev er , you can us e it with a broader config uration stra teg y to compl ete the MX S eries router ne twork c onfigura tions. Consider the pr ovider bridge ne twork shown in F igure 7 on pag e 48 . Figure 7: P ro vider Bridge Netw ork Usin[...]

  • Page 69

    The VLANs’ bridging pa ths are sho wn with distinct dashed and dot ted lines. T he VLANs at e ach site ar e: • L2-PE1 at Sit e 1: VLAN 100 and VLAN 300 • L2-PE2 at Sit e 2: VLAN 100 • L2-PE3 at Sit e 3: VLAN 100 • L2-PE4 at Sit e 4: VLAN 300 NO TE: The c onfigura tions in this chapter are onl y partial exampl es of compl ete and func tion[...]

  • Page 70

    } } interf aces g e-5/0/ 0 { encapsul ation fle xible-etherne t-services; fle xible-vl an-tagging; unit 1 { encapsul ation vlan-bridg e; vlan-ta gs outer 500 inner 100; # T his places t wo VLAN tag s on the provider # pseudowir e } unit 11 { encapsul ation vlan-bridg e; vlan-ta gs outer 600 inner 300; # T his place s two VLAN tag s on the provider [...]

  • Page 71

    Bridge domain c1–vl an-100 for cus tomer-c1–virtual-swit ch has fiv e logical int erfac es: • Logic al interf ace g e-1/0/ 0.1 c onfigured on ph ysical port g e-1/0/ 0 . • Logic al interf ace g e-2/0/ 0.1 c onfigured on ph ysical port g e-2/0/ 0 . • Logic al interf ace g e-3/0/ 0.1 c onfigured on ph ysical port g e-3/0/ 0 . • Logic al i[...]

  • Page 72

    For more inf ormation about c onfiguring Ethernet pseudowir es as part of VPL S, see the Junos OS Fea ture Guides . NO TE: This t opic does not present exha ustive config uration listing s for all rout ers in the figures. Ho wev er , you can us e it with a broader config uration stra teg y to compl ete the MX S eries router ne twork c onfigura tion[...]

  • Page 73

    and P3, and Site 4 is c onnecte d to P1 and P3. VPLS ps eudowires c onfigured on the PE and P rout ers carry tr affic betw een the site s. The pseudo wires f or the VPLS instanc es are sho wn with distinct dashed and dot ted lines. The VLANs a t each sit e are: • L2-PE1 at Sit e 1: VLAN 100 and VLAN 300 • L2-PE2 at Sit e 2: VLAN 100 • L2-PE3 [...]

  • Page 74

    vlan-id 302; } } routing-instanc es { cust omer-c1-vsi { instanc e-type vpls; vlan-id 100; interf ace g e-1/0/ 0.1; interf ace g e-2/0/ 0.1; interf ace g e-3/0/ 0.1; } # End of cust omer-c1-vsi cust omer-c2-vsi { instanc e-type vpls; vlan-id none; # T his will remov e the VLAN tags from pa ckets sent on VPL S for cust omer 2 interf ace g e-1/0/ 0.1[...]

  • Page 75

    • P acket s with a single VLAN tag v alue of 302 are a ccept ed on interf ace g e-6/0 /0. 11 . The VLAN t ag value 302 is then poppe d and remov ed from the fr ame of this packet. • All pack ets sent on pseudo wires will not hav e any VLAN tag s used to identify the incoming La yer 2 l ogical interf ace . NO TE: The pack et can still c ontain o[...]

  • Page 76

    Figure 9: Man y VLANs on One VPLS Instanc e The La yer 2 PE r outers ar e MX Series rout ers. Each sit e is connect ed to tw o P rout ers for redundanc y , although both link s are onl y shown for L2-PE1 a t Site 1. Sit e 1 is connect ed to P0 and P1, Sit e 2 is connect ed to P0 and P2 (not sho wn), Site 3 is c onnected t o P2 and P3, and Site 4 is[...]

  • Page 77

    If VLANs 1 through 1000 f or cust omer C1 span the same sites, then the vl an-id all and vlan-r ange sta tements pr ovide a wa y to swit ch all of these VLANs with a minimum config uration e ffort and fe wer swit ch resour ces. NO TE: Y ou c annot use the vlan-id all stat ement if you config ure an IRB interf ace on one or mor e of the VLANs. The f[...]

  • Page 78

    } # End of cust omer-c1-v1-to-v1000 cust omer-c1-v1500 { instanc e-type vpls; vlan-id 1500; interf ace g e-1/0/ 0.11; interf ace g e-6/0 /0. 11; } # End of cust omer-c1-v1500 } # End of routing-instanc es Note the use of the vl an-id all and vl an-id-rang e stat ements in the VPLS instanc e call ed cust omer-c1-v1-to-v1000 . The vl an-id all st ate[...]

  • Page 79

    CHAPTER 5 Bulk A dministr a tion of L a y er 2 Fe a tur es on MX S eries R out ers • Bulk Config uration of VLANs and Bridg e Domains on page 59 • Exampl e: Configuring VLAN T ransla tion with a VLAN ID List on pag e 59 • Exampl e: Configuring Mul tiple Bridg e Domains with a VLAN ID List on page 60 Bulk Config ura tion of VLANs and Bridge Do[...]

  • Page 80

    The f ollo wing exampl e transl ate s incoming trunk pack ets from VLAN identifier 200 t o 500 and 201 to 501 ( other valid VLAN identifiers ar e not aff ected): [edit int erfac es ge-1/0 / 1] unit 0 { ... # Other logic al interfa ce sta tements famil y bridge { interf ace-mode trunk # T ransl ation is onl y for trunks vlan-id-list [ 100 500–600 [...]

  • Page 81

    bridge-domains { bd-vlan–5 { vlan-id 5; } bd { vlan-id [ 1–4 6– 10 ]; } } If a VLAN identifier is alre ady part of a VLAN identifier list in a bridge domain under a routing inst ance, then you mus t delet e the VLAN identifier from the list bef ore you c an config ure an explicit or “re gular” bridge domain. Also , the explicit bridge dom[...]

  • Page 82

    Cop yright © 2012, Juniper Networks, Inc. 62 Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 83

    CHAPTER 6 Dynamic P r ofil es f or VLAN Int erf ac es and P r ot oc ols • Dynamic Pr ofiles f or VPLS Pseudo wires on pa ge 63 • Exampl e: Configuring VPL S Pseudowir es with Dynamic Pr ofiles—Ba sic Sol utions on page 64 • Exampl e: Configuring VPL S Pseudowir es with Dynamic Pr ofiles—C omplex Sol utions on page 68 Dynamic Pr ofiles f o[...]

  • Page 84

    (unit). When a client ac cesses the r outer , the dynamic profile c onfigura tion repl aces the prede fined variable with the a ctual interf ace name or unit v alue for the int erfa ce the client is acc essing. Dynamic profil es for VPL S are supporte d only on MX Serie s router s. For more informa tion about dynamic profil es, see the Junos OS S u[...]

  • Page 85

    [edit int erfac es] ge-0 /0/1 { unit 0 { vlan-id 10; } } ge-0 /0/2 { unit 0 { vlan-id 20; } } ge-0 /0/3 { unit 0 { vlan-id 30; } } NO TE: This is not a c omplet e router c onfigura tion. With this c onfigura tion, broadc ast pack ets inside fr ames arriving with VLAN identifier 10 on ge-0 /0/1 are normalized t o a dual-tagg ed frame with an outer V[...]

  • Page 86

    unit 0 { vlan-id 10; } } ge-0 /0/2 { unit 0 { vlan-id 20; } } ge-0 /0/3 { unit 0 { vlan-id 30; } } [edit dynamic-pr ofiles] green_vpls_p w_1 interf aces $junos-int erface-if d-name { unit $junos-underl ying-unit-number { vlan-ta gs outer 200 inner 100; } } NO TE: This is not a c omplet e router c onfigura tion. With this c onfigura tion, broadc ast[...]

  • Page 87

    ge-0 /0/1 { unit 0 { vlan-id 100; } } ge-0 /0/2 { unit 0 { vlan-id 100; } } ge-0 /0/3 { unit 0 { vlan-id 100; } } NO TE: This is not a c omplet e router c onfigura tion. With this c onfigura tion, broadc ast pack ets inside fr ames arriving on ge-0/ 0/ 1 are normalized t o a dual-tagg ed frame with an out er VLAN value of 200 and an inner VLAN val [...]

  • Page 88

    vlan-id 100; } } [edit dynamic-pr ofiles] green_vpls_p w_2 interf aces $junos-int erface-if d-name { unit $junos-underl ying-unit-number { vlan-ta gs outer 200 inner 100; } } NO TE: This is not a c omplet e router c onfigura tion. With this c onfigura tion, broadc ast pack ets inside fr ames arriving with VLAN identifier 100 on ge-0 /0/1 are normal[...]

  • Page 89

    instanc e-type virtual-switch; rout e-distinguisher 10. 1.1. 10:1; vrf-targ et targ et:1000:1; interf ace g e-3/0/ 0; # The trunk interf ace bridge-domains { sal es { vlan-id 10; interf ace g e-0/0 /0. 1; ... # Other interf aces and st atements f or Sales } engineering { vlan-id 20; interf ace g e-1/0/2. 0; ... # Other interf aces and st atements f[...]

  • Page 90

    First, c onsider the requirement t o push an outer VLAN ta g value of 200 ont o the VPLS pseudowir e frames on egr ess. Dynamic profil es ea sily sa tisfy this requir ement. [edit r outing-instance gr een] instanc e-type virtual-switch; ... # Other routing instanc e stat ements prot ocols vpls { site-r ange 10; site sampl e-site-1 { site-identifier[...]

  • Page 91

    unit $junos-underl ying-unit-number { famil y bridge { interf ace-mode trunk; inner-vlan-id-list [ 10 20 40 50 ]; # R emov ed Ac counting VLAN 30 } } } NO TE: This is not a c omplet e router c onfigura tion. In this ca se, frame s arriving on the interfa ces are cl assified a ccor ding to their bridge domains and swit ched, if nec essary , to the V[...]

  • Page 92

    swit ched within the interf aces list ed within bridge domain ac counting and any st aticall y config ured trunk interf ace s and are prev ented fr om crossing the VPLS ps eudowire due to the absenc e of VLAN 30 on the trunk. Config ura tion of T ag T r anslation Using Dynamic P rofil es Consider a final c ase where the bridg e domain VLANs need tr[...]

  • Page 93

    CHAPTER 7 MX S eries R out er a s a DHCP R el a y A g ent • MX Series R outer a s a Lay er 2 DHCP Rel ay Ag ent on page 73 • Exampl e: Configuring DHCP R ela y in a Bridge Domain VLAN Envir onment on page 74 • Exampl e: Configuring DHCP R ela y in a VPLS R outing Instance En vironment on pag e 75 MX Series R outer as a La yer 2 DHCP R ela y A[...]

  • Page 94

    R elat ed Documenta tion DHCP R elay A gent • • Exampl e: Configuring DHCP R ela y in a Bridge Domain VLAN Envir onment on page 74 • Exampl e: Configuring DHCP R ela y in a VPLS R outing Instance En vironment on pag e 75 Exampl e: Config uring DHCP Rel ay in a Bridg e Domain VLAN Environment The f ollo wing exampl e configur es DHCP rela y in[...]

  • Page 95

    Exampl e: Config uring DHCP Rel ay in a VPL S Routing Inst ance Envir onment The f ollo wing exampl e configur es DHCP rela y in a bridge domain (VLAN) envir onment. The MX S eries rout er will trust only the MA C addresses l earned on the list ed interf ace s. NO TE: This is not a c omplet e router c onfigura tion. The r outer ha s three interf ac[...]

  • Page 96

    interf ace g e-2/2/ 4.0; interf ace g e-2/2/6. 0; } } } } } } Y ou v erify your config uration b y using two r ela ted c ommands: • show dhcp r elay binding routing-ins tance vs1 bridg e-domains bd1 • show dhcp r elay binding routing-ins tance vs1 bridg e-domains bd1 detail user@router1> show dhcp r elay binding routing-inst ance vs1 bridg e[...]

  • Page 97

    CHAPTER 8 MX S eries R out er in an A TM Ethernet Int erw orking Function • MX Series R outer A TM Ethernet Interw orking Function on pag e 77 • Exampl e: Configuring MX S eries Rout er A TM Ethernet Int erworking on pag e 79 MX Series R outer A TM Ethernet Int erworking Function Y ou c an configure an MX S eries rout er as part of an A TM Ethe[...]

  • Page 98

    Becaus e of the transla tion, the flo w of packe ts and frames bet ween PE1 (the M Serie s rout er) and PE2 (the MX series rout er) router s is not symmetrical, a s is shown in Figur e 11 on pag e 78 . Figure 11: A TM Etherne t VLAN Interworking P ack et Struc ture g017429 MPLS Inner VLAN L3 Ether type SA D A Ethernet MPLS Inner VLAN L3 Ether type [...]

  • Page 99

    Exampl e: Config uring MX Series R outer A TM Etherne t Interw orking Consider the r outer topol ogy sho wn in Figure 13 on pag e 79 . The MX Serie s router is config ured as the R outer PE2 (the pro vider edge 2 rout er) in the figure t o support the A TM Etherne t IWF . Figure 13: A TM Etherne t VLAN Interworking CE1 CE2 g017428 A TM DSLAM Servic[...]

  • Page 100

    Config uring Rout er PE2 with a Lay er 2 Circuit R outer CE1 Config uration The c onfigura tion of the Lay er 2 circuit is ba sed on LDP-signaled MPL S connec tions. Config ure Ethernet ov er A TM on the A TM interfa ce. [edit] interf aces { at-2/ 0/0 { encapsul ation ethernet-o ver-atm; atm-options { vpi 100; } unit 0 { vci 100 .34; famil y inet {[...]

  • Page 101

    } } ldp { interf ace all; } l2circuit { neighbor 10.255. 171.1 4 { interf ace a t-2/0/1.0 { virtual-circuit-id 100; } } } } R outer PE2 Config uration Config ure the Lay er 2 circuit on the MX Serie s router . [edit] interf aces { ge-0 /2/0 { vlan-v ci-tagging; encapsul ation vlan-v ci-ccc; unit 0 { vlan-id 100; inner-vlan-id-r ange start 32 end 63[...]

  • Page 102

    } } R outer CE2 Config uration Config ure the dual- tagg ed Ethernet interf ac e. [edit] interf aces { ge-0 /0/ 0 { fle xible-vl an-tagging; encapsul ation fle xible-etherne t-services; unit 0 { vlan-ta gs outer 100 inner 34; famil y inet { address 30. 1.1. 10/24; } } } } Y ou v erify your config uration on the MX S eries rout er with the show l2ci[...]

  • Page 103

    atm-options { vpi 100; } unit 0 { vci 100 .34; famil y inet { address 30 .1. 1.1/2 4; } } } } R outer PE1 Config uration Config ure the Lay er 2 circuit. [edit] interf aces { at-2/ 0/ 1 { atm-options { vpi 100; } unit 0 { encapsul ation vlan-v ci-ccc; vpi 100; vci-r ange 32 63; } } ge-5/ 0/0 { unit 0 { famil y inet { address 20 .1. 1.1/2 4; } famil[...]

  • Page 104

    } } R outer PE2 Config uration Config ure the Lay er 2 circuit o ver aggre gat ed Ethernet on the MX S eries router . [edit] chassis { aggre gat ed-devices { ethernet { devic e-count 1; } } } interf aces { ge-0 /2/0 { gigether-options { 802.3ad ae0; } } ge-0 /2/8 { unit 0 { famil y inet { address 20 .1. 1.10 /24; } famil y mpls; } } ae0 { vlan-v ci[...]

  • Page 105

    } } } R outer CE2 Config uration Config ure the dual-tagg ed Ethernet interf ac e. [edit] interf aces { ge-0 /0/ 0 { fle xible-vl an-tagging; encapsul ation fle xible-etherne t-services; unit 0 { vlan-ta gs outer 100 inner 34; famil y inet { address 30. 1.1. 10/24; } } } } Y ou v erify your config uration on the MX S eries rout er with the show l2c[...]

  • Page 106

    at-2/ 0/0 { encapsul ation ethernet-o ver-atm; atm-options { vpi 100; } unit 0 { vci 100 .34; famil y inet { address 30 .1. 1.1/2 4; } } } } R outer PE1 Config uration Config ure the remot e interfa ce swit ch. [edit] interf aces { at-2/ 0/ 1 { atm-options { vpi 100; } unit 0 { encapsul ation vlan-v ci-ccc; vpi 100; vci-r ange start 32 end 63; } } [...]

  • Page 107

    connec tions { remot e-interfac e-switch rw s1 { interf ace a t-2/0/1.0; transmit-l sp lsp1-2; rec eive-lsp lsp2-1; } } } R outer PE2 Config uration Config ure the remot e interfa ce swit ch on the MX Series rout er . [edit] interf aces { ge-0 /2/0 { vlan-v ci-tagging; encapsul ation vlan-v ci-ccc; unit 0 { vlan-id 100; inner-vlan-id-r ange start 3[...]

  • Page 108

    } R outer CE2 Config uration Config ure the dual-tagg ed Ethernet interf ac e. [edit] interf aces { ge-0 /0/ 0 { fle xible-vl an-tagging; encapsul ation fle xible-etherne t-services; unit 0 { vlan-ta gs outer 100 inner 34; famil y inet { address 30. 1.1. 10/24; } } } } Y ou v erify your config uration on the MX S eries rout er with the show connec [...]

  • Page 109

    unit 0 { vci 100 .34; famil y inet { address 30 .1. 1.1/2 4; } } } } R outer PE1 Config uration Config ure the remot e interfa ce swit ch. [edit] interf aces { at-2/ 0/ 1 { atm-options { vpi 100; } unit 0 { encapsul ation vlan-v ci-ccc; vpi 100; vci-r ange 32 end 63; } } ge-5/ 0/0 { unit 0 { famil y inet { address 20 .1. 1.1/2 4; } famil y mpls; } [...]

  • Page 110

    } } } R outer PE2 Config uration Config ure the remot e interfa ce swit ch over a ggrega ted E thernet on the MX Series rout er . [edit] chassis { aggre gat ed-devices { ethernet { devic e-count 1; } } } interf aces { ge-0 /2/0 { gigether-options { 802.3ad ae0; } } ge-0 /2/8 { unit 0 { famil y inet { address 20 .1. 1.10 /24; } famil y iso; famil y [...]

  • Page 111

    connec tions { remot e-interfac e-switch rw sl { interf ace ae0 .0 { transmit-l sp- lsp-1sp2-1; rec eive-lsp lsp1-2; } } } R outer CE2 Config uration Config ure the dual-tagg ed Ethernet Interf ac e. [edit] interf aces { ge-0 /0/ 0 { fle xible-vl an-tagging; encapsul ation fle xible-etherne t-services; unit 0 { vlan-ta gs outer 100 inner 34; famil [...]

  • Page 112

    Cop yright © 2012, Juniper Networks, Inc. 92 Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 113

    P AR T 3 Etherne t Fil t ering, Monit oring, and F aul t Mana g ement S ol utions f or MX S eries R out er s • Lay er 2 Firew all Filt ers on pag e 95 • IEEE 802. 1ag OAM C onnectivity-F ault Mana gement on pag e 103 • ITU-T Y . 1731 Ethernet Fr ame Delay Me asurement s on page 119 • IEEE 802.3ah O AM Link-Faul t Management on pa ge 137 •[...]

  • Page 114

    Cop yright © 2012, Juniper Networks, Inc. 94 Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 115

    CHAPTER 9 L a y er 2 Fir e w all Fil t ers • Fire wall Filt ers for Bridg e Domains and VPLS Instanc es on pag e 95 • Exampl e: Configuring P olicing and Marking of T ra ffic Entering a VPL S Core on pa ge 96 • Exampl e: Configuring Fil tering of Fr ames by MA C Addr ess on page 98 • Exampl e: Configuring Fil tering of Fr ames by IEEE 802. [...]

  • Page 116

    NO TE: If the chassis is running in Enhanc ed IP mode, a single shar ed filt er instanc e is creat ed for a fil ter applied acr oss bridge domains. How ever , if the chassis is not running in Enhanc ed IP mode, then separa te fil ter instanc es are cr eat ed for each bridg e domain that the fil ter is applied to . R elat ed Documenta tion Lay er 2 [...]

  • Page 117

    NO TE: This e xample does not pr esent exhaustiv e configur ation listings f or all rout ers in the figures. Ho wev er , you can us e this exampl e with a broader config uration str at egy to c omplet e the MX Series rout er netw ork Ethernet Opera tions, Administr ation, and Maint enance (O AM) configur ations. T o configur e policing and marking [...]

  • Page 118

    from { tra ffic-type [ broadc ast unknown-unic ast mul ticast ]; } then policer bc ast-unknown-unic ast-non-ip-mca st-policer; } } } 4. Appl y the firew all filt er as an input fil ter to the c ustomer interf ace a t ge-2/ 1/0 : [edit int erfac es] ge-2/1/0 { vlan-ta gging; encapsul ation fle xible-etherne t-services; unit 5 { encapsul ation vlan-v[...]

  • Page 119

    famil y bridge { filt er evil-mac-addre ss { term one { from { sourc e-mac-address 88:05:00:29:3c:de/ 48; } then { count e vil-mac-address; # Count s frame with the bad sourc e MAC addr ess discard; } term tw o { then acc ept; # Make sure t o acc ept other traffic } } } } 2. Appl y evil-mac-address a s an input filt er to vlan100200 on R outer 1: [[...]

  • Page 120

    For more det ailed inf ormation about c onfiguring firew all filt ers and configuring fil ter mat ch conditions f or Lay er 2 bridging traffic on the MX S eries rout ers, see the Junos OS Policy Fr amework C onfigura tion Guide . NO TE: Lay er 2 bridging is supported onl y on the MX Series rout ers. For more informa tion about how t o configure La [...]

  • Page 121

    • Exampl e: Configuring P olicing and Marking of T ra ffic Entering a VPL S Core on pa ge 96 • Exampl e: Configuring Fil tering of Fr ames by MA C Addr ess on page 98 • Exampl e: Configuring Fil tering of Fr ames by P acke t Loss P riority on page 101 Exampl e: Config uring Filt ering of Frames b y P acke t Loss Priorit y T o configur e an MX[...]

  • Page 122

    bd { domain-type bridge { interf ace g e-0/0 /0; } } 3. Appl y the filter fil ter-plp-c onfigure-forw arding as an input fil ter t o the ge-0/ 0/0 interf ace: [edit int erfac es] ge-0 /0/ 0 { unit 0 { famil y bridge { filt er { input filt er-plp-configur e-forwarding; } } } } R elat ed Documenta tion • Lay er 2 Firew all Filt ers • Fire wall Fi[...]

  • Page 123

    CHAPTER 10 IEEE 802. 1a g O AM Conne ctivit y-F aul t Mana g ement • Ethernet Oper ations, A dministra tion, and Maintenance on pa ge 103 • Ethernet O AM Connectivit y Faul t Management on pa ge 104 • Exampl e: Configuring Etherne t CFM over VPL S on page 105 • Exampl e: Configuring Etherne t CFM on Bridge Connec tions on page 112 • Examp[...]

  • Page 124

    • Fa ult isol ation, verific ation, and re cov ery (isola tion and verifica tion are pro vided by a combina tion of prot ocols, whil e reco very is the function of pr otocol s such as spanning tree) The l oopback prot ocol used in Etherne t OAM is model ed on the standard IP ping. A fter a fa ult is det ecte d, the loopba ck protoc ol performs f [...]

  • Page 125

    maintenanc e domain, each servic e instance is c alled a maint enance associa tion. A maintenanc e associa tion can be thought a s a full mesh of maintenanc e endpoints (MEPs) having simil ar charac teristics. MEPs ar e active CFM entitie s genera ting and responding to CFM pr otocol me ssages. T here is also a maint enance int ermediat e point (MI[...]

  • Page 126

    Figure 15: E thernet O AM with VPLS The f ollo wing are the config urations of the VPL S and CFM on the service pr ovider rout ers. Config uration of PE1 [ edit chassis] fpc 5 { pic 0 { tunnel-services { bandwidth 1g; } } } [edit int erfac es] ge-1/ 0/7 { encapsul ation fle xible-etherne t-services; vlan-ta gging; unit 1 { encapsul ation vlan-vpls;[...]

  • Page 127

    instanc e-type vpls; vlan-id 2000; interf ace g e-1/0/7 . 1; rout e-distinguisher 10.255. 168.231:2000; vrf-targ et targ et:1000:1; prot ocols { vpls { site-r ange 10; site vl an2000-PE1 { site-identifier 2; } } } } [edit pr otocol s] rsvp { interf ace g e-0/0 /0. 0; } mpls { label-s witched-path PE1-t o-PE2 { to 10 .100 .1. 1; } interf ace g e-0/0[...]

  • Page 128

    } mep 100 { interf ace g e-1/0/7 . 1; direction up; auto-disc overy; } } } } } } Config uration of PE2 [ edit chassis] fpc 5 { pic 0 { tunnel-services { bandwidth 1g; } } } [edit int erfac es] ge-5/ 0/9 { vlan-ta gging; encapsul ation fle xible-etherne t-services; unit 1 { encapsul ation vlan-vpls; vlan-id 2000; } } ge-5/2/7 { unit 0 { famil y inet[...]

  • Page 129

    vrf-targ et targ et:1000:1; prot ocols { vpls { site-r ange 10; site vl an2000-PE2 { site-identifier 1; } } } } [edit pr otocol s] rsvp { interf ace g e-5/2/7 .0; } mpls { label-s witched-path PE2-t o-PE1 { to 10 .200. 1.1; } interf ace g e-5/2/7 .0; } bgp { group PE2-t o-PE1 { type internal; loc al-address 10. 100. 1.1; famil y l2vpn { signaling; [...]

  • Page 130

    auto-disc overy; } } } } } } Config uration of P rout er MPLS onl y , no CFM needed: [edit] interf aces { ge-5/2/7 { # Connec ted to PE1 unit 0 { famil y inet { address 10 .200. 1.10 /24; } famil y mpls; } } ge-0 / 1/ 0 { # Connec ted to PE2 unit 0 { famil y inet { address 10 .100 .1. 10/24; } famil y mpls; } } lo0 { unit 0{ famil y inet { address [...]

  • Page 131

    disabl e; } interf ace g e-0/ 1/0. 0; interf ace g e-5/2/7 .0; } } } CFM on L2-CE1 Here is the c onfigura tion of CFM on L2-E1: [edit int erfac es] ge-5/2/3 { vlan-ta gging; unit 0 { vlan-id 2000; } } [edit pr otocol s oam] ethernet { connec tivity-faul t-management { maintenanc e-domain customer { le vel 7; maintenanc e-association c ustomer-site1[...]

  • Page 132

    } mep 700 { interf ace g e-0/2/9 .0; direction do wn; auto-disc overy; } } } } } R elat ed Documenta tion Ethernet O AM • • Ethernet Oper ations, A dministra tion, and Maintenance on pa ge 103 • Ethernet O AM Connectivit y Faul t Management on pa ge 104 • Exampl e: Configuring Etherne t CFM on Bridge Connec tions on page 112 • Exampl e: C[...]

  • Page 133

    CFM on L2-CE1 [edit int erfac es] ge-0 /2/9 { vlan-ta gging; unit 0 { vlan-id 2000; } } [edit pr otocol s oam ethernet] connec tivity-faul t-management { maintenanc e-domain customer { le vel 7; maintenanc e-association c ustomer-site1 { continuity-che ck { interv al 1s; } mep 700 { interf ace g e-0/2/9 .0; direction do wn; auto-disc overy; } } } }[...]

  • Page 134

    encapsul ation fle xible-etherne t-services; unit 0 { encapsul ation vlan-bridg e; vlan-id 2000; } } ge-5/1/ 7 { vlan-ta gging; encapsul ation fle xible-etherne t-services; unit 0 { encapsul ation vlan-bridg e; vlan-id 2000; } } [edit bridg e-domains] bridge-vl an2000 { domain-type bridge; vlan-id 2000; interf ace g e-5/0/9 .0; interf ace g e-5/ 1/[...]

  • Page 135

    unit 0 { encapsul ation vlan-bridg e; vlan-id 2000; } } ge-5/2/3 { vlan-ta gging; encapsul ation fle xible-etherne t-services; unit 0 { encapsul ation vlan-bridg e; vlan-id 2000; } } [edit bridg e-domains] bridge-vl an2000 { domain-type bridge; interf ace g e-5/2/3.0; interf ace g e-5/ 1/7 .0; } [edit pr otocol s oam ethernet connec tivity-faul t-m[...]

  • Page 136

    • Exampl e: Configuring Etherne t CFM over VPL S on page 105 • Exampl e: Configuring Etherne t CFM on Physical Int erfac es on pag e 116 Exampl e: Config uring Ethernet CFM on Phy sical Int erfac es CFM can be used t o monitor the phy sical link betw een two r outers. T his functionality is similar t o that support ed by the IEEE 802.3ah LFM pr[...]

  • Page 137

    mep 100 { interf ace g e-1/0/ 1; direction do wn; auto-disc overy; } } } } } } } The c onfigura tion on Rout er 2 mirrors tha t on R outer 1, with the ex ception of the mep-id . R outer 2 Configur e the interf ace and CFM: [edit] interf aces g e-0/2/5 { unit 0 { famil y inet; } } prot ocols { oam { ethernet { connec tivity-faul t-management { maint[...]

  • Page 138

    Cop yright © 2012, Juniper Networks, Inc. 118 Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 139

    CHAPTER 11 ITU-T Y . 1 7 31 Etherne t Fr ame Del a y Me a sur ements • Ethernet Fr ame Delay Me asurement s on page 119 • Config uring MEP Interfa ces t o Support Ethernet Frame Del ay Mea surements on pa ge 122 • T riggering an Etherne t Frame Del ay Mea surements Se ssion on page 123 • Vie wing Ethernet Frame Del ay Mea surements S tatist[...]

  • Page 140

    dela y measur ement provide s fine control t o opera tors f or triggering del ay mea surement on a given servic e and can be used t o monitor Servic e Le vel Agre ements (SLAs). Ethernet fr ame delay me asurement al so coll ects other useful inf ormation, such a s worst and best ca se dela ys, av erag e dela y , and av erag e delay v ariation. Ethe[...]

  • Page 141

    MEP . The cl ocks do not need t o be synchroniz ed at the tr ansmitting and rec eiving MEPs. The Junos O S supports the optional timestamps in del ay mea surement repl y (DMR) frame s to incre ase the ac curacy of del ay cal cul ations. The Junos O S also supports hardw are-assist ed timestamping f or Ethernet frame del ay pr otocol da ta units (PD[...]

  • Page 142

    Config uring MEP Interf aces t o Support Ethernet Fr ame Dela y Mea surements Ethernet fr ame delay me asurement is a us eful tool f or providing perf ormance sta tistics or supporting or challenging S ervice L evel Agr eements (SLAs). By def ault, E thernet frame dela y measur ement uses softw are for timest amping and delay c alcul ations. Y ou c[...]

  • Page 143

    T o perform Ethernet fr ame dela y measur ement, make sure tha t the foll owing config uration st at ement is NO T present: [edit r outing-options] ppm { no-dele gat e-processing; # T his turns distributed PPMD OFF . } R elat ed Documenta tion Ethernet O AM • • Ethernet Fr ame Delay Me asurement s on page 119 • T riggering an ETH-DM S ession [...]

  • Page 144

    T able 3: Monitor E thernet Dela y Command P aramet ers ( continued) Description P arameter R ange P arameter (Optional) Spe cifies the number of seconds t o wait betwe en frames. The def ault is 1 sec ond. 1–255 sec onds (def ault: 1) wait time If you a ttempt t o monitor del ays t o a nonexist ent MAC addr ess, you must exit the applica tion ma[...]

  • Page 145

    NO TE: The onl y differenc e in the two c ommands is the use of the mep-sta tistics and delay-st atistics k eyword . The fiel ds for thes e commands are describe d in T abl e 4 on page 125 . T able 4: Sho w Ethernet Dela y Command P aramet ers Description P arameter R ange P arameter Specifies an e xisting maintenance domain (MD ) to use. Exis ting[...]

  • Page 146

    NO TE: These ar e not compl ete rout er configur ations. Config uration on R outer MX-1 : [edit] interf aces { ge-5/2/9 { vlan-ta gging; unit 0 { vlan-id 512; } } } prot ocols { oam { ethernet { connec tivity-faul t-management { trac eoptions { file e oam_cfm.log size 1g fil es 2 worl d-readabl e; fla g all; } linktr ace { path-da tabase-siz e 255;[...]

  • Page 147

    } prot ocols { oam { ethernet { connec tivity-faul t-management { trac eoptions { file e oam_cfm.log size 1g fil es 2 worl d-readabl e; fla g all; } linktr ace { path-da tabase-siz e 255; ag e 10s; } maintenanc e-domain md6 { le vel 6; maintenanc e-association ma6 { continuity-che ck { interv al 100ms; hold-int erval 1; } mep 101 { interf ace g e-0[...]

  • Page 148

    Statistics: CCMs sent : 1590 CCMs received out of sequence : 0 LBMs sent : 0 Valid in-order LBRs received : 0 Valid out-of-order LBRs received : 0 LBRs received with corrupted data : 0 LBRs sent : 0 LTMs sent : 0 LTMs received : 0 LTRs sent : 0 LTRs received : 0 Sequence number of next LTM request : 0 1DMs sent : 10 Valid 1DMs received : 0 Invalid [...]

  • Page 149

    Identifier MAC address State Interface 101 00:90:69:0a:48:57 ok ge-5/2/9.0 The r emote R outer MX-1 shoul d also coll ect the del ay sta tistics (up to 100 per session) for displ ay with mep-sta tistics or dela y-statistics . user@MX-1> show oam etherne t connectivity-f ault-manag ement mep-statistic s maintenanc e-domain md6 MEP identifier: 201[...]

  • Page 150

    2 357 3 344 4 332 5 319 6 306 7 294 8 281 9 269 10 255 Average one-way delay : 312 usec Average one-way delay variation: 11 usec Best case one-way delay : 255 usec NO TE: When tw o syst ems are cl ose to each other , their one-way del ay val ues are v ery high compared t o their two-w ay dela y values. T his is because one-wa y delay me asurement r[...]

  • Page 151

    } } } prot ocols { oam { ethernet { connec tivity-faul t-management { trac eoptions { file e oam_cfm.log size 1g fil es 2 worl d-readabl e; fla g all; } linktr ace { path-da tabase-siz e 255; ag e 10s; } maintenanc e-domain md6 { le vel 6; maintenanc e-association ma6 { continuity-che ck { interv al 100ms; hold-int erval 1; } mep 201 { interf ace g[...]

  • Page 152

    } maintenanc e-domain md6 { le vel 6; maintenanc e-association ma6 { continuity-che ck { interv al 100ms; hold-int erval 1; } mep 101 { interf ace g e-0/2/5.0; direction do wn; auto-disc overy; } } } } } } } From R outer MX-1 , st art a two-wa y dela y measur ement to R outer MX-2 . user@MX-1> monitor etherne t delay-mea surement two-w ay mep 10[...]

  • Page 153

    CCMs received out of sequence : 0 LBMs sent : 0 Valid in-order LBRs received : 0 Valid out-of-order LBRs received : 0 LBRs received with corrupted data : 0 LBRs sent : 0 LTMs sent : 0 LTMs received : 0 LTRs sent : 0 LTRs received : 0 Sequence number of next LTM request : 0 1DMs sent : 0 Valid 1DMs received : 0 Invalid 1DMs received : 0 DMMs sent : [...]

  • Page 154

    8 92 9 92 10 108 Average two-way delay : 103 usec Average two-way delay variation: 8 usec Best case two-way delay : 92 usec Worst case two-way delay : 122 usec The c ollec ted del ay sta tistics are also sa ved (up t o 100 per session) and displa yed a s part of the MEP dela y sta tistics on Rout er MX-1 . user@MX-1> show oam etherne t connectiv[...]

  • Page 155

    Untagg ed interf ace c onfigura tion for R outer MX-1 . [edit] interf aces { ge-5/ 0/0 { unit 0; } ge-5/2/9 { unit 0; } } prot ocols { oam { ethernet { connec tivity-faul t-management { trac eoptions { file e oam_cfm.log size 1g fil es 2 worl d-readabl e; fla g all; } linktr ace { path-da tabase-siz e 255; ag e 10s; } maintenanc e-domain md6 { le v[...]

  • Page 156

    connec tivity-faul t-management { trac eoptions { file e oam_cfm.log size 1g fil es 2 worl d-readabl e; fla g all; } linktr ace { path-da tabase-siz e 255; ag e 10s; } maintenanc e-domain md6 { le vel 6; maintenanc e-association ma6 { continuity-che ck { interv al 100ms; hold-int erval 1; } mep 101 { interf ace g e-0/2/2; direction do wn; auto-disc[...]

  • Page 157

    CHAPTER 12 IEEE 802.3ah O AM Link-F aul t Mana g ement • Ethernet O AM Link Faul t Management on p age 137 • Exampl e: Configuring Etherne t LFM Between PE and CE on p age 138 • Exampl e: Configuring Etherne t LFM for CC C on pag e 139 • Exampl e: Configuring Etherne t LFM for Aggr egat ed Ethernet on pa ge 140 • Exampl e: Configuring Eth[...]

  • Page 158

    Exampl e: Config uring Ethernet LFM Bet ween PE and CE In this exampl e, LFM is enabl ed on an IP link betw een the provider e dge (PE) and cust omer edge ( CE) interf aces. If the link g oes down, the f ault will be de tect ed by LFM and the interf ace s on both sides will be marked Link-La yer-Down . T his resul ts in notifica tions to various su[...]

  • Page 159

    link-faul t-manag ement { interf ace g e-1/ 1/0 { pdu-interv al 1000; pdu-threshol d 5; } } } } } R elat ed Documenta tion Ethernet O AM • • Ethernet O AM Link Faul t Management on p age 137 • Exampl e: Configuring Etherne t LFM for CC C on pag e 139 • Exampl e: Configuring Etherne t LFM for Aggr egat ed Ethernet on pa ge 140 • Exampl e: [...]

  • Page 160

    pdu-threshol d 5; } } } } } 2. Config ure LFM on the PE2 rout er with CCC: [edit] interf aces g e-1/0/ 0 { encapsul ation ethernet-c cc; unit 0; } prot ocols { oam { ethernet { link-faul t-manag ement { interf ace g e-1/0/ 0 { pdu-interv al 1000; pdu-threshol d 5; } } } } } R elat ed Documenta tion Ethernet O AM • • Ethernet O AM Link Faul t Ma[...]

  • Page 161

    T o configur e LFM on an aggreg ate d Ethernet interf ace be tween tw o router s: 1. Config ure LFM on Rout er 1 for AE0: [edit] chassis { aggre gat ed-devices { ethernet { devic e-count 1; } } } interf aces g e-1/0/1 { gigether-options { 802.3ad ae0; } } interf aces g e-2/0/ 0 { gigether-options { 802.3ad ae0; } } interf aces ae0 { unit 0 { famil [...]

  • Page 162

    802.3ad ae0; } } interf aces ae0 { unit 0 { famil y inet { address 11. 11.11. 1/24; } } } prot ocols { oam { ethernet { link-faul t-manag ement { interf ace ae0; } } } } R elat ed Documenta tion Ethernet O AM • • Ethernet O AM Link Faul t Management on p age 137 • Exampl e: Configuring Etherne t LFM Between PE and CE on p age 138 • Exampl e[...]

  • Page 163

    } prot ocols { oam { ethernet { link-faul t-manag ement { interf ace g e-1/0/ 0 { pdu-interv al 1000; pdu-threshol d 5; remot e-loopback; } } } } } 2. Config ure LFM loopba ck on the CE router: [edit] interf aces g e-1/ 1/ 0 { unit 0 { famil y inet { address 11. 11.11.2/2 4; } } } prot ocols { oam { ethernet { link-faul t-manag ement { interf ace g[...]

  • Page 164

    Cop yright © 2012, Juniper Networks, Inc. 144 Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 165

    CHAPTER 13 Etherne t Ring P r ot ec tion • Ethernet Ring P rotec tion on page 145 • Ethernet Ring P rotec tion Using Ring Instances f or Load Bal ancing on pag e 147 • Exampl e: Configuring Etherne t Ring Prot ection for MX S eries Rout ers on pag e 148 • Exampl e: Configuring L oad Balancing W ithin Ethernet Ring Pr otection f or MX Series[...]

  • Page 166

    Ev ery node on the ring is one of two type s: • RPL owner node— This node o wns the RPL and block s or unblock s the RPL as conditions requir e. This node initia tes the R-AP S messag e. • Normal node— All other nodes on the ring (that is, those tha t are not the RPL owner node) opera te a s normal nodes and hav e no special rol e on the ri[...]

  • Page 167

    • Exampl e: Configuring L oad Balancing W ithin Ethernet Ring Pr otection f or MX Series R outers on pa ge 154 Ethernet Ring P rote ction Using Ring Instanc es for L oad Balancing Juniper Netw ork MX Series 3D Univ ersal Edge R outer s support Ethernet ring prot ection (ERP) to help a chieve high reliabilit y and network st ability . ERP is used [...]

  • Page 168

    Exampl e: Config uring Ethernet Ring Pr otec tion for MX Series R outers This e xample c onfigures Etherne t ring protec tion for thre e MX Series rout er nodes: • Exampl e T opology on pa ge 148 • R outer 1 (RPL Owner) Config uration on p age 149 • R outer 2 Config uration on p age 150 • R outer 3 Config uration on p age 152 Exampl e T opo[...]

  • Page 169

    • R outer 2’ s east c ontrol channel int erfac e is ge-1/0 /2.1 (the RPL) and the w est control channel interf ace is g e-1/2/ 1.1 . The pr otection gr oup is pg102 . • R outer 3’ s east c ontrol channel int erfac e is ge-1/0 /3.1 (the RPL) and the w est control channel interf ace is g e-1/0/ 4.1 . T he prote ction group is pg103 . NO TE: A[...]

  • Page 170

    contr ol-channel ge-1/0 / 1. 1; ring-prot ection-link-end; } west-int erfac e { contr ol-channel ge-1/2/ 4. 1; } } } } 4. C onfigure Ethernet O AM: [edit] prot ocols { oam { ethernet { connec tivity-faul t-management { action-pr ofile rmep-def aults { def ault-action { interf ace-do wn; } } maintenanc e-domain d1 { le vel 0; maintenanc e-associatio[...]

  • Page 171

    interf aces { ge-1/ 0/2 { vlan-ta gging; encapsul ation fle xible-etherne t-services; unit 1 { encapsul ation vlan-bridg e; vlan-id 100; } } ge-1/2/1 { vlan-ta gging; encapsul ation fle xible-etherne t-services; unit 1 { encapsul ation vlan-bridg e; vlan-id 100; } } } 2. Config ure the bridge domain: [edit] bridge-domains { bd1 { domain-type bridge[...]

  • Page 172

    maintenanc e-domain d1 { le vel 0; maintenanc e-association 100 { mep 2 { interf ace g e-1/2/ 1; remot e-mep 1 { action-pr ofile rmep-def aults; } } } } maintenanc e-domain d3 { le vel 0; maintenanc e-association 100 { mep 1 { interf ace g e-1/0/2; remot e-mep 2 { action-pr ofile rmep-def aults; } } } } } } } } R outer 3 Config ura tion T o configu[...]

  • Page 173

    bridge-domains { bd1 { domain-type bridge; interf ace g e-1/0/ 4.1; interf ace g e-1/0/3. 1; } } 3. Config ure the Ethernet prot ection group: [edit] prot ocols { prot ection-group { ethernet-ring pg103 { ea st-interfa ce { contr ol-channel ge-1/0 /3.1; } west-int erfac e { contr ol-channel ge-1/0 / 4. 1; } } } } 4. C onfigure Ethernet O AM: [edit][...]

  • Page 174

    } } } } } R elat ed Documenta tion Ethernet O AM • • Ethernet Ring P rotec tion on page 145 • Exampl e: Viewing Etherne t Ring Prot ection St atus—Normal Ring Opera tion on pag e 171 • Exampl e: Viewing Etherne t Ring Prot ection St atus—Ring F ailure C ondition on page 172 Exampl e: Config uring Load Bal ancing Within Etherne t Ring Pr[...]

  • Page 175

    the ring coor dinat e protec tion activities by e xchanging mess ages thr ough the Ethernet ring automa tic prot ection swit ching (R-APS) messa ging protoc ol. Each ring instanc e has an RPL owner . The ring-1 RPL o wner is CS1; the ring-2 RPL owner is C S2. The RPL owner s block or unbl ock the RPL as c onditions requir e and initiate R-AP S mess[...]

  • Page 176

    T able 5: C omponents of the Network T opol ogy Set tings Propert y • ring-1 —Dat a channel [200,300] • ring-2 —Dat a channel [500,600 ] Ring instanc es T wo cust omer sites are c onnected t o AS 1: • Cust omer site 1, VLAN 200 and VLAN 300 • Cust omer site 2, VLAN 500 and VLAN 600 Cust omer sites CS1 ha s the foll owing prot ection gro[...]

  • Page 177

    T able 5: C omponents of the Network T opol ogy ( continued) Set tings Propert y AS1 ha s the foll owing prot ection group propertie s: • Eas t interfac e— ge-2/0 /5.0 . • W est int erface— g e-2/ 1/ 1. 0 . • Dat a channel for ring-1 — VLAN 200 , VLAN 300 . • Dat a channel for ring-2 — VLAN 500 , VLAN 600 . AS1 ha s the foll owing b[...]

  • Page 178

    set routing-inst ances vs bridg e-domains bd200 vlan-id 200 set routing-inst ances vs bridg e-domains bd300 vlan-id 300 set routing-inst ances vs bridg e-domains bd500 vlan-id 500 set routing-inst ances vs bridg e-domains bd600 vlan-id 600 St ep-by-St ep Proc edure T o configur e ERP on CS1: Config ure the trunk interf ace g e-3/2/ 4 to c onnect CS[...]

  • Page 179

    user@cs1> show c onfigura tion interf aces { ge-3/2/ 4 { vlan-ta gging; unit 0 { famil y bridge { interf ace-mode trunk; vlan-id-list 100-1000; } } } ge-5/2/3 { vlan-ta gging; unit 0 { famil y bridge { interf ace-mode trunk; vlan-id-list 100-1000; } } } prot ocols { prot ection-group { ethernet-ring ring-1 { ea st-interfa ce { contr ol-channel {[...]

  • Page 180

    vlan [ 500 600 ]; } } } } routing-instanc es { vs { instanc e-type virtual-switch; interf ace g e-3/2/ 4.0; interf ace g e-5/2/3.0; bridge-domains { bd100 { vlan-id 100; } bd101 { vlan-id 101; } bd200 { vlan-id 200; } bd300 { vlan-id 300; } bd500 { vlan-id 500; } bd600 { vlan-id 600; } } } } } Config uring ERP on CS2 CLI Quick Config uration T o qu[...]

  • Page 181

    set bridge-domains bd101 vl an-id 101 set bridge-domains bd200 vl an-id 200 set bridge-domains bd300 vl an-id 300 set bridge-domains bd500 vl an-id 500 set bridge-domains bd6 00 vlan-id 600 St ep-by-St ep Proc edure T o configur e ERP on CS2: Config ure the trunk interf ace g e-2/0/ 4 to connec t CS2 to C S1 and trunk interf ace ge-2/ 0/8 t o conne[...]

  • Page 182

    famil y bridge { interf ace-mode trunk; vlan-id-list 100-1000; } } } ge-2/ 0/8 { unit 0 { famil y bridge { interf ace-mode trunk; vlan-id-list 100-1000; } } } prot ocols { prot ection-group { ethernet-ring ring-1 { ea st-interfa ce { contr ol-channel { ge-2/ 0/ 4. 0; vlan 100; } } west-int erfac e { contr ol-channel { ge-2/ 0/8. 0; vlan 100; } } da[...]

  • Page 183

    } bd101 { vlan-id 101; } bd200 { vlan-id 200; } bd300 { vlan-id 300; } bd500 { vlan-id 500; } bd600 { vlan-id 600; } } } Config uring ERP on AS1 CLI Quick Config uration T o quickly c onfigure A S1 for ERP , cop y the foll owing c ommands and past e them into the swit ch terminal window of A S1: [edit] set interf aces g e-2/0/5 unit 0 f amily bridg[...]

  • Page 184

    2. Enable ERP , specifying the control channels and da ta channels f or ring-1 and ring-2 : NO TE: Al way s configure the e ast-interf ace sta tement firs t, before config uring the west-interf ace sta tement. [edit protection-group] user@as1# set ethernet-ring ring-1 e ast-interf ace c ontrol-channel ge-2/0 /5.0 user@as1# set ethernet-ring ring-1 [...]

  • Page 185

    } } west-int erfac e { contr ol-channel { ge-2/1/ 1.0; vlan 100; } } data-channel { vlan [200 , 300]; } } } } prot ection-group { ethernet-ring ring-2 { ea st-interfa ce { contr ol-channel { ge-2/ 0/5.0; vlan 101; } } west-int erfac e { contr ol-channel { ge-2/1/ 1.0; vlan 101; } } data-channel { vlan [500 , 600]; } } } bridge-domains { bd100 { vla[...]

  • Page 186

    V erifica tion T o confirm tha t the ERP configur ation for mul tiple ring ins tances is oper ating, perf orm these ta sks: • V erifying the Ethernet Prot ection Ring on CS1 on p age 166 • V erifying the Data Channel C S1 on page 166 • V erifying the VLANs on CS1 on pag e 167 • V erifying the Ethernet Prot ection Ring on CS2 on p age 167 ?[...]

  • Page 187

    ge-3/2/4 122 forwarding ge-5/2/3 123 forwarding Ethernet ring data channel parameters for protection group ring-2 Interface STP index Forward State ge-3/2/4 124 discarding ge-5/2/3 125 forwarding Meaning T he output display ed show s the STP inde x number used by ea ch interfa ce in ring instanc es ring-1 and ring-2 . The S TP index c ontrols the f[...]

  • Page 188

    Ethernet Ring Name Request/state No Flush Ring Protection Originator Remote Node ID Link Blocked Ring-1 NR No No No 00:21:59:03:ff:d0 Ring-2 NR No Yes Yes Meaning T he output display ed show s that prot ection groups ring-1 and ring-2 ha ve a R equest/ stat e of NR , meaning ther e is no request f or APS on the ring. If a R equest/ stat e of SF is [...]

  • Page 189

    Interface Vlan STP Index Bridge Domain ge-2/0/4 200 44 default — switch/bd200 ge-2/0/8 200 45 default-switch/bd200 ge-2/0/4 300 44 default — switch/bd300 ge-2/0/8 300 45 default-switch/bd300 Ethernet ring IFBD parameters for protection group ring-2 Interface Vlan STP Index Bridge Domain ge-2/0/4 500 46 default — switch/bd500 ge-2/0/8 500 47 d[...]

  • Page 190

    Ethernet ring data channel parameters for protection group ring-1 Interface STP index Forward State ge-2/0/5 22 forwarding ge-2/1/1 23 forwarding Ethernet ring data channel parameters for protection group ring-2 Interface STP index Forward State ge-2/0/5 24 forwarding ge-2/1/1 25 forwarding Meaning T he output display ed show s the STP inde x numbe[...]

  • Page 191

    Exampl e: Vie wing Ethernet Ring Pr otec tion Sta tus—Normal Ring Opera tion Under normal opera ting conditions, when Ethernet ring pr otection is c onfigured c orrectl y , the ring prot ection link (RPL) owner (R outer 1 in the c onfigura tion exampl e) will see the foll owing: R outer 1 Opera tional Commands (Normal Ring Opera tion) user@router[...]

  • Page 192

    R outer 3 will see almost identic al informa tion. user@router2> show pr otection-group etherne t-ring interfac e Ethernet ring port parameters for protection group pg102 Interface Control Channel Forward State Ring Protection Link End ge-1/2/1 ge-1/2/1.1 forwarding No ge-1/0/2 ge-1/0/2.1 forwarding No Signal Failure Admin State Clear IFF ready [...]

  • Page 193

    Originator Remote Node ID No 00:01:02:00:00:01 Note tha t the ring prot ection link is no long er block ed and the node is no long er marked as origina tor . user@router1> show pr otection-group etherne t-ring interfac e Ethernet ring port parameters for protection group pg101 Interface Control Channel Forward State Ring Protection Link End ge-1[...]

  • Page 194

    Signal Failure Admin State Clear IFF ready set IFF ready Note tha t the fail ed interf ace ( g e-1/0/2. 1 ) is not forw arding. R outer 3 will see almost identical inf ormation. user@router2> show pr otection-group etherne t-ring node-state Ethernet ring APS State Event Ring Protection Link Owner pg102 idle NR-RB No Restore Timer Quard Timer Ope[...]

  • Page 195

    P AR T 4 Inde x • Index on pa ge 177 175 Copyright © 2012, Juniper Net works, Inc.[...]

  • Page 196

    Cop yright © 2012, Juniper Networks, Inc. 17 6 Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]

  • Page 197

    Inde x S ymbols #, comments in c onfigura tion sta tements................. xviii ( ), in synta x descriptions.................................................. xviii < >, in synta x descriptions.................................................. xvii [ ], in config uration st at ements....................................... xviii { }, in conf[...]

  • Page 198

    Ethernet ring normal oper ation................................ 171 Ethernet ring pr otection............................................ 148 single VPL S for se veral VLANs................................. 55 VLAN tag s with VPLS label s....................................... 51 F fe ature s MX Series L ayer 2 ba sics..............................[...]

  • Page 199

    T technic al support cont acting JT A C............................................................ xviii terminol ogy Ethernet ................................................................................ 3 U user priority (IEEE 802. 1p), fil tering on........................... 99 V virtual swit ches config uration ............................[...]

  • Page 200

    Cop yright © 2012, Juniper Networks, Inc. 180 Junos OS 12. 1 MX Series 3D Univer sal Edge R outers Sol utions Guide[...]