Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ACX] Why IRB does not work on VPLS instances in ACX routers

0

0

Article ID: KB36000 KB Last Updated: 20 Jul 2020Version: 1.0
Summary:

This article helps to understand why integrated routing and bridging (IRB) cannot be configured as a routing interface in the Virtual Private LAN Service (VPLS) setup on ACX series routers, with the help of an example.

 

Symptoms:

Consider the following topology:

 
irb.100 (1.1.1.1)                     irb.100(1.1.1.2)
+-------+                             +------+
|       |                             |      |
|  R1   +-----------------------------+  R2  |
|       |            VPLS             |      |
+---+---+                             +---+--+
    |                                     |
    |                                     |
    |                                     |
    |                                     |
    |                                     |
    |                                     |
+---+---+                              +--+---+
|       |                              |      |
|  CE1  |                              | CE2  |
|       |                              |      |
+-------+                              +------+
 

In the above topology:

  • R1 and R2 are directly connected.

  • A VPLS session exists between R1 to R2, providing connectivity between CE1 and CE2.

  • irb.100 is configured as the routing interface in the VPLS instance.

Configuration on R1

R1# show interfaces irb.100 
family inet {
    address 1.1.1.1/30;
}

R1# show routing-instances VPLS 
instance-type vpls;
vlan-id 600;
interface ge-1/0/3.100;
routing-interface irb.100;   >>>> IRB is configured as the routing interface.

route-distinguisher 100:100;
vrf-target target:1:1;
protocols {
    vpls {
        site-range 10;
        no-tunnel-services;
        site R2 {
            site-identifier 2;
        }
    }

Physical interface: irb, Enabled, Physical link is Up
  Interface index: 128, SNMP ifIndex: 501
  Type: Ethernet, Link-level type: Ethernet, MTU: 1514
  Device flags   : Present Running
  Interface flags: SNMP-Traps
  Link type      : Full-Duplex
  Link flags     : None
  Current address: ec:13:db:ec:b8:a0, Hardware address: ec:13:db:ec:b8:a0
  Last flapped   : Never
    Input packets : 0
    Output packets: 0

  Logical interface irb.100 (Index 328) (SNMP ifIndex 573)
    Flags: Up SNMP-Traps 0x0 Encapsulation: ENET2
    Bandwidth: 1000mbps
    Routing Instance: VPLS Bridging Domain: None
    Input packets : 0
    Output packets: 0
    Protocol inet, MTU: 1500
    Max nh cache: 20000, New hold nh limit: 20000, Curr nh cnt: 0, Curr new hold cnt: 0, NH drop cnt: 0
      Flags: Sendbcast-pkt-to-re
    Protocol multiservice, MTU: 1500

R1> show vpls connections 
Layer-2 VPN connections:

Legend for connection status (St)   
EI -- encapsulation invalid      NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch     WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down    NP -- interface hardware not present 
CM -- control-word mismatch      -> -- only outbound connection is up
CN -- circuit not provisioned    <- -- only inbound connection is up
OR -- out of range               Up -- operational
OL -- no outgoing label          Dn -- down                      
LD -- local site signaled down   CF -- call admission control failure      
RD -- remote site signaled down  SC -- local and remote site ID collision
LN -- local site not designated  LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status  IL -- no incoming label
MM -- MTU mismatch               MI -- Mesh-Group ID not available
BK -- Backup connection          ST -- Standby connection
PF -- Profile parse failure      PB -- Profile busy
RS -- remote site standby        SN -- Static Neighbor
LB -- Local site not best-site   RB -- Remote site not best-site
VM -- VLAN ID mismatch           HS -- Hot-standby Connection

Legend for interface status 
Up -- operational           
Dn -- down

Instance: VPLS
Edge protection: Not-Primary
  Local site: R2 (2)
    connection-site           Type  St     Time last up          # Up trans
    1                         rmt   Up     Sep 19 10:52:17 2019           1
      Remote PE: 172.23.218.65, Negotiated control-word: No
      Incoming label: 262145, Outgoing label: 262146
      Local interface: lsi.1048656, Status: Up, Encapsulation: VPLS
        Description: Intf - vpls VPLS local site 2 remote site 1
      Flow Label Transmit: No, Flow Label Receive: No

R1# run ping 1.1.1.1 rapid count 10
PING 1.1.1.1 (1.1.1.1): 56 data bytes
..........
--- 1.1.1.1 ping statistics ---
10 packets transmitted, 0 packets received, 100% packet loss

 

Solution:

This is a product limitation. Ping to the IRB interface will not work because it is host-bound traffic.

When a ping to the IRB interface comes, the packets will have the destination MAC address of the IRB interface and will enter VPLS. The internal MAC table will match the address and the forwarding logic will try to route them. Since routing is not possible/enabled in VPLS, the packets get discarded.

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search