You are on page 1of 34

Network Configuration Example

Interconnecting Layer 2 Circuits Across AS


Boundaries

Published: 2014-01-10

Copyright 2014, Juniper Networks, Inc.

Juniper Networks, Inc.


1194 North Mathilda Avenue
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.

Network Configuration Example Interconnecting Layer 2 Circuits Across AS Boundaries


NCE0093
Copyright 2014, Juniper Networks, Inc.
All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the
year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT


The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks
software. Use of such software is subject to the terms and conditions of the End User License Agreement (EULA) posted at
http://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions of
that EULA.

ii

Copyright 2014, Juniper Networks, Inc.

Table of Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Use Case for Configuring Layer 2 Circuits Across AS Boundaries . . . . . . . . . . . . . . . 1
Understanding the Operation of Layer 2 Circuits Across AS Boundaries . . . . . . . . . 2
Introduction to Interconnecting Layer 2 Circuits Across Autonomous System
Boundaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Understanding Layer 2 Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Autonomous Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Interconnecting Layer 2 Circuits Across Autonomous Systems . . . . . . . . . . . . 5
Example: Interconnecting Layer 2 Circuits Across Autonomous System
Boundaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Copyright 2014, Juniper Networks, Inc.

iii

Interconnecting Layer 2 Circuits Across AS Boundaries

iv

Copyright 2014, Juniper Networks, Inc.

Introduction
This document shows how to configure and verify an Inter-AS Layer 2 circuit and explains
when this configuration might be useful.

Use Case for Configuring Layer 2 Circuits Across AS Boundaries


A Layer 2 circuit is a point-to-point Layer 2 connection transported using Multiprotocol
Label Switching (MPLS).
A Layer 2 circuit can transport traffic that originated from an ATM switch, Frame Relay
switch, or time division multiplexer as well as Ethernet switches.
The ability for a Layer 2 circuit to transport different types of traffic is an advantage to
service providers and their customers. This capability enables a service provider to better
utilize their core network infrastructure which reduces the cost of providing the transport
service
For customers it also reduces the complexity of the network by eliminating the need to
operate separate core networks for each type of Layer 2 traffic.
Furthermore the service provider core MPLS network can also transport Layer 3 VPN
traffic over the same infrastructure which also reduces the cost of providing services.
An inter-AS Layer 2 circuit extends the connection across multiple service providers that
have different autonomous system (AS) numbers.
An inter-AS Layer 2 circuit is useful when an enterprise has offices spread across a large
geographic area for example after a merger of two companies.
An inter-AS Layer 2 circuit forms a virtual Layer 2 network to transport traffic between
customer edge (CE) routers.
When a Layer 2 circuit is used to transport Ethernet traffic, the VLAN tagged Ethernet
frames from the CE routers are encapsulated by the provider edge (PE) routers using
MPLS labels and the frames are switched across the service provider network.
For more information about the technical operation of an inter-AS Layer 2 circuit, see
Understanding the Operation of Layer 2 Circuits Across AS Boundaries.
Related
Documentation

Example: Interconnecting Layer 2 Circuits Across Autonomous System Boundaries on


page 5

Introduction to Interconnecting Layer 2 Circuits Across Autonomous System Boundaries


on page 4

Understanding the Operation of Layer 2 Circuits Across AS Boundaries on page 2

Copyright 2014, Juniper Networks, Inc.

Interconnecting Layer 2 Circuits Across AS Boundaries

Understanding the Operation of Layer 2 Circuits Across AS Boundaries


A Layer 2 circuit is a point-to-point Layer 2 connection transported using Multiprotocol
Label Switching (MPLS).
An inter-AS Layer 2 circuit offers the ability to extend the reach of Layer 2 connections
across multiple service providers.
In Figure 1 an inter-AS Layer 2 circuit forms a virtual layer-2 network to transport VLAN
tagged Ethernet frames between customer edge (CE) routers.

Figure 1: Operation of a Layer 2 Circuit Across AS Boundaries

The CE routers are transmitting VLAN tagged Ethernet frames.


The PE routers are configured to support:

VLAN tagged Ethernet on the logical interfaces connected to the CE routers.

A Layer 2 circuit service for the CE router. (creates the virtual circuit label and binds
the PE interface with the label)

OSPF as the IGP between the PE router and the ASBR.

MPLS switching between the PE router and the ASBR.

RSVP signaling between the PE router and the ASBR.

An IBGP peer session between the PE router and the ASBR.

A loopback interface with an IPv4 addresses using a /32 subnet mask.

Copyright 2014, Juniper Networks, Inc.

The ASBR routers are configured to support:

OSPF as the IGP between the PE router and the ASBR.

MPLS switching between the PE router and the ASBR.

RSVP signaling between the PE router and the ASBR.

An IBGP peer session between the PE router and the ASBR.

MPLS between the ASBR and the remote ASBR.

An EBGP peer session between the PE router and the ASBR.

An RSVP-TE LSP is established between the PE router and the ASBR router.
RFC 3107 describes the method, known as labeled unicast routes, to use MBGP to carry
labels with routing information. Labeled unicast routes are unicast routes with an MPLS
label binding (a prefix and label).
An EBGP peer session is established between the ASBRs. The ASBRs announce labeled
unicast routes to each other for the /32 routes to the PE routers in their local AS. The
routes are advertised with the ASBR identifying itself as the next hop.
The ASBR then advertises the route it learned from the peer ASBR to the PE router in its
local AS.
The PE routers are configured to support targeted LDP sessions between the PE routers.
Targeted LDP is used for inner label distribution to distribute the pseudowire (virtual
circuit) labels that enables the Layer 2 circuit. This extends the LSP from the ingress PE
router to the egress PE router.

TIP: Targeted LDP sessions are different than non-targeted LDP sessions
because during the discovery phase hellos are unicast to the LDP peer rather
than being multicast to all routers. A consequence of this is that targeted
LDP can be used between non-directly connected peers whereas non-targeted
LDP peers must be on the same subnet.

An Inter-AS Layer 2 circuit is established across the ASs.


When a packet traverses the ASBR it has the following three labels:

The RSVP label for the IGP next-hop

The MBGP label

The targeted LDP label for the Layer 2 circuit

Since LSPs are unidirectional, a bidirectional Layer 2 circuit requires two LSPs. The same
process is used to create the LSP in the reverse direction.
Related
Documentation

Example: Interconnecting Layer 2 Circuits Across Autonomous System Boundaries on


page 5

Copyright 2014, Juniper Networks, Inc.

Interconnecting Layer 2 Circuits Across AS Boundaries

Introduction to Interconnecting Layer 2 Circuits Across Autonomous System Boundaries


on page 4

Use Case for Configuring Layer 2 Circuits Across AS Boundaries on page 1

Introduction to Interconnecting Layer 2 Circuits Across Autonomous System Boundaries


The following sections explain about Layer 2 circuits and how you can interconnect Layer
2 circuits across autonomous system boundaries in detail:

Understanding Layer 2 Circuit on page 4

Autonomous Systems on page 5

Interconnecting Layer 2 Circuits Across Autonomous Systems on page 5

Understanding Layer 2 Circuit


A Layer 2 circuit is a point-to-point Layer 2 connection transported using either
Multiprotocol Label Switching (MPLS) technology or any other tunneling technology on
a service provider network. A Layer 2 circuit is similar to a circuit cross-connect (CCC),
except that multiple virtual circuits (VCs) are transported over a single shared
label-switched path (LSP) tunnel between two provider edge (PE) routers. In contrast,
each CCC requires a separate dedicated LSP. For more information about Layer 2 circuits,
see Layer 2 Circuits Overview.
The following occurs to establish a Layer 2 circuit:
1.

Firstly, Link Integrity Protocol (LIP) is used as the signaling protocol to advertise the
ingress label to the remote PE routers.

2. To advertise the ingress label, a targeted remote Label Distribution Protocol (LDP)

neighbor session is established using the extended discovery mechanism described


in LDP, and the session is brought up on the remote PE loopback interface IP address.
Since, LDP looks at the Layer 2 circuit configuration and initiates extended neighbor
discovery for all the Layer 2 circuit neighbors (the remote PEs), no new configuration
is necessary in LDP.
3. Each Layer 2 circuit is represented by the logical interface connecting the local PE

router to the local customer edge (CE) router. Therefore, LDP must be enabled on
the lo0.0 loopback interface for extended neighbor discovery to function correctly.
4. Packets are then sent to remote CE routers over an egress VPN label advertised by

the remote PE router, using a targeted LDP session.


5. The VPN label is sent over an LDP LSP to the remote PE router connected to the

remote CE router.
6. Return traffic from the remote CE router destined to the local CE router is sent using

an ingress VPN label advertised by the local PE router, which is also sent over the LDP
LSP to the local PE router from the remote PE router.

Copyright 2014, Juniper Networks, Inc.

For information about configuring interfaces for Layer 2 circuits, see Configuring Interfaces
for Layer 2 Circuits.

Autonomous Systems
Layer 2 circuits are configured between two peers. The peers must use the same interior
gateway protocol (IGP), such as Open Shortest Path First (OSPF) or Intermediate
System-to-Intermediate System (IS-IS). Also, the peers must have asymmetrical Layer
2 configuration and belong to the same routing domain or autonomous system (AS).
An autonomous system (AS) is a set of routing devices that are under a single technical
administration and that generally use a single interior gateway protocol (IGP) and metrics
to propagate routing information within the set of routing devices. An AS appears to other
ASs to have a single, coherent interior routing plan and presents a consistent picture of
what destinations are reachable through it. ASs are identified by a number that is assigned
by the Network Information Center (NIC) in the United States. If you are using BGP on a
routing device, you must configure an AS number. For more information about autonomous
systems and assigning an AS number, see autonomous-system.

Interconnecting Layer 2 Circuits Across Autonomous Systems


To interconnect a Layer 2 circuit across two autonomous systems, you must configure
external BGP and Layer 2 circuits with the vpn-ccc encapsulation on the provider edge
(PE) routers and configure the routers with a VLAN ID that is the same across all the PEs
that are configured with the Layer 2 circuit. You must also configure internal BGP, RSVP,
and an LDP tunnel between the AS boundary router and the PE router. The Example:
Interconnecting Layer 2 Circuits Across Autonomous System Boundaries on page 5
topic explains in detail how to interconnect Layer 2 Circuits across two autonomous
systems.
Related
Documentation

Understanding the Operation of Layer 2 Circuits Across AS Boundaries on page 2

Use Case for Configuring Layer 2 Circuits Across AS Boundaries on page 1

Example: Interconnecting Layer 2 Circuits Across Autonomous System Boundaries


This example describes how to interconnect and configure Layer 2 circuits across
autonomous systems (AS).
This example is organized in the following sections:

Requirements on page 6

Overview and Topology on page 6

Configuration on page 7

Copyright 2014, Juniper Networks, Inc.

Interconnecting Layer 2 Circuits Across AS Boundaries

Requirements
To interconnect and configure Layer 2 circuits across AS, your network must meet the
following hardware and software requirements:

M Series Multiservice Edge Routers, MX Series 3D Universal Edge Routers, or T Series


Core Routers.

Junos OS Release 10.4 or higher.

NOTE: This configuration example has been tested using the software release
listed and is assumed to work on all later releases.

Overview and Topology


To interconnect a Layer 2 circuit across two autonomous systems, you must configure
the following:

On customer edge (CE) routers:

Loopback interface.

Ethernet interface connecting the CE router to the PE router.

On provider edge (PE) routers:

Loopback interface.

Ethernet interfaces connecting the PE router to the CE router and to the ASBR.

OSPF as the IGP between the PE router and the ASBR with the area set as 0.0.0.0.

MPLS switching where an LSP is enabled for LDP tunneling

RSVP signaling between the PE router and the ASBR.

An IBGP peer session between the PE router and the ASBR.

Targeted LDP by configuring strict-targeted-hellos and l2-smart-policy statements.

A Layer 2 circuit service for the CE router (creates the virtual circuit label and binds
the PE interface with the label).

On AS boundary routers (ASBRs):

Loopback interface.

Ethernet interface and logical interfaces connecting the ASBRs and PE routers.

OSPF as the IGP between the PE router and the ASBR with area set as 0.0.0.0.

MPLS switching where LSP is enabled for LDP tunneling.

RSVP signaling between the PE router and the ASBR.

Copyright 2014, Juniper Networks, Inc.

An IBGP peer session between the PE router and the ASBR.

An EBGP peer session between the ASBRs.

NOTE: The topology shown in Figure 2 on page 7 has been configured by


using logical systems with a combination of physical interfaces and logical
tunnel (lt) interfaces. You can configure this topology using only physical
interfaces as well.

Figure 2 on page 7 shows the topology used in this example.

Figure 2: Interconnecting Layer 2 Circuits Across Autonomous System


Example Topology Example Topology

Configuration
To configure Layer 2 circuits across AS boundaries, perform these tasks:

NOTE: In any configuration session it is a good practice to periodically use


the commit check command to verify that the configuration can be committed.

Configuring Logical Systems on page 8

Configuring Interfaces on page 9

Configuring OSPF on page 11

Configuring RSVP on page 12

Configuring LDP on page 12

Configuring MPLS on page 13

Configuring Internal BGP on page 14

Configuring Policy Options on page 15

Configuring External BGP on page 16

Configuring Layer 2 Circuit Between PE Routers on page 19

Results on page 22

Copyright 2014, Juniper Networks, Inc.

Interconnecting Layer 2 Circuits Across AS Boundaries

Configuring Logical Systems


Step-by-Step
Procedure

The following example requires you to navigate various levels in the configuration
hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration
Mode in the CLI User Guide.
To verify if your router supports logical tunnel (lt) interfaces and to create and navigate
to a logical system, perform the following steps:

Run the show interfaces terse command to verify that the physical router has a
logical tunnel (lt) interface.
user@host> show interfaces terse
Interface
Admin Link Proto
...
lt-2/0/10
up
up
...

Local

Remote

Navigate to configuration mode to create a logical system (for example, CE1) and
commit.
[edit]
user@host# set logical-system CE1
user@host# commit

Create similar logical systems for PE1, ASBR1, ASBR2, PE2, and CE2 routers.

To edit a logical system. For example, CE1 logical system:


user@host> set cli logical-system CE1
Logical system: CE1
user@host:CE1>
user@host:CE1>edit
[edit]
user@host:CE1#

For more information about logical systems, see Examples: Configuring Logical
System Interfaces.

NOTE: In logical systems, you must treat each interface like a


point-to-point connection because you can only connect one logical
tunnel interface to another at any given time. Also, you must select an
interface encapsulation type, specify a DLCI number or VLAN identifier,
configure a corresponding protocol family, and set the logical interface
unit number of the peering lt interface.

To exit a logical system. For example, CE1 logical system:


[edit]
user@host:CE1#exit

Copyright 2014, Juniper Networks, Inc.

Exiting configuration mode


user@host:CE1> clear cli logical-system
Cleared default logical system
user@host>

Configuring Interfaces
Step-by-Step
Procedure

To configure interfaces and to verify the configuration with the show interfaces lo0 and
show interfaces terse operational mode commands, perform the following steps:
1.

Configure an IP address on the loopback logical interface (lo0) on each logical


system:
user@host:CE1# set logical-systems CE1 interfaces lo0 unit 1 family inet address
192.168.0.1/32
user@host:PE1# set logical-systems PE1 interfaces lo0 unit 2 family inet address
192.168.0.2/32
user@host:ASBR1# set logical-systems ASBR1 interfaces lo0 unit 3 family inet
address 192.168.0.3/32
user@host:ASBR2# set logical-systems ASBR2 interfaces lo0 unit 4 family inet
address 192.168.0.4/32
user@host:PE2# set logical-systems PE2 interfaces lo0 unit 5 family inet address
192.168.0.5/32
user@host:CE2# set logical-systems CE2 interfaces lo0 unit 6 family inet address
192.168.0.6/32

2.

Commit the configuration:


user@host:CE1#commit check
configuration check succeeds
user@host:CE1# commit
commit complete

3.

Display the interface information for the lo0 loopback interface and verify that the
correct IP address is configured:
user@host:ASBR2> show interfaces lo0
Physical interface: lo0
Logical interface lo0.4 (Index 355) (SNMP ifIndex 623)
Flags: SNMP-Traps Encapsulation: Unspecified
Input packets : 0
Output packets: 0
Protocol inet, MTU: Unlimited
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Default Is-Primary
Local: 192.168.0.4

Copyright 2014, Juniper Networks, Inc.

Interconnecting Layer 2 Circuits Across AS Boundaries

In the example above notice that the loopback interface local address for the inet
protocol family on logical system ASBR2 is 192.168.0.4.
4.

Configure an IP address, protocol family as inet, VLAN tagging, and VLAN ID on the
physical Ethernet interface connecting the CE1 router to the PE1 router.
user@host# set interfaces ge-2/0/6 vlan-tagging unit 600 description to-PE1
vlan-id 600 family inet address 172.16.1.2/24

5.

Configure VLAN tagging, VLAN CCC encapsulation on the physical Ethernet interface
and the logical interface connecting the PE1 router to the CE1 router and specify the
ccc protocol family and VLAN ID. Configure an IP address, peer unit and specify
encapsulation as ethernet and the protocol family as inet on the logical tunnel
interface connecting PE1 router to ASBR1 router.
user@host:PE1# set interfaces ge-2/1/0 vlan-tagging encapsulation vlan-ccc unit
600 description to CE1 encapsulation vlan-ccc vlan-id 600 family ccc
user@host:PE1# set interfaces lt-2/0/10 unit 5 description to-ASBR1 encapsulation
ethernet peer-unit 6 family inet address 10.0.0.5/30

6.

Configure an IP address, peer unit, and specify the protocol family as inet and
encapsulation as ethernet on the logical tunnel interfaces connecting the ASBR1
router to the PE1 router and to the ASBR2 router.
user@host:ASBR1# set interfaces lt-2/0/10 unit 6 description to-PE1 encapsulation
ethernet peer-unit 5 family inet address 10.0.0.6/30
user@host:ASBR1# set interfaces lt-2/0/10 unit 9 description to-ASBR2
encapsulation ethernet peer-unit 10 family inet address 10.0.0.9/30

7.

Configure an IP address, protocol family as inet on the physical Ethernet interface


connecting the ASBR2 router to the PE2 router. Configure an IP address, protocol
family as inet, encapsulation as ethernet and peer unit on the logical tunnel interface
connecting the ASBR2 router to the ASBR1 router.
user@host:ASBR2# set interfaces ge-2/0/9 unit 0 description to-PE2 family inet
address 10.0.0.13/30
user@host:ASBR2# set interfaces lt-2/0/10 unit 10 description to-ASBR1
encapsulation ethernet peer-unit 9 family inet address 10.0.0.10/30

8.

Configure VLAN tagging, VLAN CCC encapsulation on the physical Ethernet interface
and the logical interface connecting the PE2 router to the CE2 router and specify
the ccc protocol family and VLAN ID. Configure an IP address, protocol family as
inet on the physical Ethernet interface connecting the PE2 router to the ASBR2
router.
user@host# set interfaces ge-2/1/1 vlan-tagging encapsulation vlan-ccc unit 600
description to CE2 encapsulation vlan-ccc vlan-id 600 family ccc
user@host:PE2# set interfaces ge-2/1/3 unit 0 description to-ASBR2 family inet
address 10.0.0.14/30

9.

Configure an IP address, protocol family as inet, VLAN tagging, and VLAN ID on the
physical Ethernet interface connecting the CE2 router to the PE2 router.
user@host# set interfaces ge-2/1/2 vlan-tagging unit 600 description to-PE2
vlan-id 600 family inet address 172.16.1.1/24

10.

Commit the configuration:


user@host:CE1#commit check

10

Copyright 2014, Juniper Networks, Inc.

configuration check succeeds


user@host:CE1# commit
commit complete
11.

Display information for Gigabit Ethernet interfaces and verify that the IP address
and protocol family are configured correctly.
user@host:ASBR2> show interfaces terse
Interface
Admin Link Proto
ge-2/0/9
ge-2/0/9.0
up
up
inet
lt-2/0/10
lt-2/0/10.10
up
up
inet
lo0
lo0.4
up
up
inet

Local

Remote

10.0.0.13/30
10.0.0.10/30
192.168.0.4

--> 0/0

Configuring OSPF
Step-by-Step
Procedure

To configure OSPF and to verify if the configuration is working with the show ospf neighbor
operational mode command, perform the following steps:
1.

On the PE and ASBR logical systems, configure the provider instance of OSPF.
Configure OSPF traffic engineering support. Specify area 0.0.0.0 and specify the
Ethernet logical interfaces between the PE and ASBR routers. Specify lo0.0 as a
passive interface for OSPF.
user@host:PE1# set protocols ospf traffic-engineering
user@host:PE1# set protocols ospf area 0.0.0.0 interface lt-2/0/10.5
user@host:PE1# set protocols ospf area 0.0.0.0 interface lo0.2 passive
user@host:ASBR1# set protocols ospf traffic-engineering
user@host:ASBR1# set protocols ospf area 0.0.0.0 interface lt-2/0/10.6
user@host:ASBR1# set protocols ospf area 0.0.0.0 interface lo0.3 passive
user@host:ASBR2# set protocols ospf traffic-engineering
user@host:ASBR2# set protocols ospf area 0.0.0.0 interface ge-2/0/9.0
user@host:ASBR2# set protocols ospf area 0.0.0.0 interface lo0.4 passive
user@host:PE2# set protocols ospf traffic-engineering
user@host:PE2# set protocols ospf area 0.0.0.0 interface ge-2/1/3.0
user@host:PE2# set protocols ospf area 0.0.0.0 interface lo0.5 passive

2.

Commit the configuration:


user@host:PE1#commit check
configuration check succeeds
user@host:PE1#commit
commit complete

3.

Display OSPF neighbor information and verify that the PE routers form adjacencies
with the ASBR router in the same area. Verify that the neighbor state is Full.
user@host:ASBR2> show ospf neighbor
Address
10.0.0.14

Copyright 2014, Juniper Networks, Inc.

Interface
ge-2/0/9.0

State
Full

ID
192.168.0.5

Pri
128

Dead
34

11

Interconnecting Layer 2 Circuits Across AS Boundaries

Configuring RSVP
Step-by-Step
Procedure

To configure RSVP signaling between the PE router and the ASBR and to verify if the
configuration is working with the show rsvp neighbor operational mode command, perform
the following steps:
1.

On the PE routers and the ASBRs, configure RSVP:


user@host:PE1# set protocols rsvp interface lo0.2
user@host:PE1# set protocols rsvp interface lt-2/0/10.5;
user@host:ASBR1# set protocols rsvp interface lo0.3
user@host:ASBR1# set protocols rsvp interface lt-2/0/10.6
user@host:ASBR2# set protocols rsvp interface lo0.4
user@host:ASBR2# set protocols rsvp interface ge-2/0/9.0
user@host:PE2# set protocols rsvp interface lo0.5
user@host:PE2# set protocols rsvp interface ge-2/1/3.0

2.

Commit the configuration:


user@host:PE1#commit check
configuration check succeeds
user@host:PE1# commit
commit complete

3.

Display RSVP neighbor information and verify that the PE routers form adjacencies
with the ASBR in the same area.
user@host:ASBR2> show rsvp neighbor
RSVP neighbor: 1 learned
Address
Idle Up/Dn LastChange HelloInt HelloTx/Rx MsgRcvd
10.0.0.14
10 1/0 1d 15:20:18
9 15658/15658 6307

Configuring LDP
Step-by-Step
Procedure

To configure targeted LDP on PE routers and to verify if the configuration is working with
the show configuration protocols ldp operational mode command, perform the following
steps:
1.

On the PE routers and the ASBRs, enable LDP between the PE router and the ASBR,
and between the two ASBRs. Include the strict-targeted-hellos statement in the PE
router configuration. The strict-targeted-hellos statement is what enables the PE
routers to unicast hello messages to the non-directly connected LDP peer rather
than multicast the hello messages to all routers.
user@host:PE1# set protocols ldp l2-smart-policy
user@host:PE1# set protocols ldp strict-targeted-hellos
user@host:PE1# set protocols ldp interface lo0.2
user@host:PE1# set protocols ldp session 192.168.0.5 authentication-key
"$9$tt8Tu1hleWNVwSylM8Xws5QF3/t1IcvWxSrxdsYZGDikqT30ORevLO1WLNV4oDik.z6";
## SECRET-DATA
user@host:ASBR1# set protocols ldp interface lo0.3

12

Copyright 2014, Juniper Networks, Inc.

user@host:ASBR2# set protocols ldp interface lo0.4


user@host:PE2# set protocols ldp l2-smart-policy
user@host:PE2# set protocols ldp strict-targeted-hellos
user@host:PE2# set protocols ldp interface lo0.5
user@host:PE2# set protocols ldp session 192.168.0.2 authentication-key
"$9$h8OSeW7Nb4JGLX7VwYGUCtu01heK8db2Lx2aUDmP5QF3A0yrvNdsrebs4JHk5QFnpB";
## SECRET-DATA
2.

Commit the configuration:


user@host:PE1#commit check
configuration check succeeds
user@host:PE1# commit
commit complete

3.

Display LDP configuration information and verify that the correct interfaces are
configured. LDP operation can be verified after MPLS is configured.
user@host:ASBR2> show configuration protocols ldp
interface lo0.4;

Configuring MPLS
Step-by-Step
Procedure

To configure MPLS and to verify if the configuration is working, perform the following
steps:
1.

On the PE routers and the ASBRs, configure MPLS by enabling MPLS on the logical
interfaces, add the Ethernet interfaces to the MPLS protocol, and create the LSP
between the PE routers and the ASBRs. Adding the Ethernet interfaces creates
entries in the MPLS forwarding table.
user@host:PE1# set protocols mpls no-cspf
user@host:PE1# set protocols mpls label-switched-path PE1-ASBR1 to 192.168.0.3
ldp-tunneling
user@host:PE1# set protocols mpls interface lt-2/0/10.5
user@host:PE1# set interfaces lt-2/0/10 unit 5 family mpls
user@host:ASBR1# set protocols mpls no-cspf label-switched-path ASBR1-to-PE1
to 192.168.0.2 ldp-tunneling
user@host:ASBR1# set protocols mpls interface lt-2/0/10.6
user@host:ASBR1# set interfaces lt-2/0/10 unit 6 family mpls
user@host:ASBR1# set interfaces lt-2/0/10 unit 9 family mpls
user@host:ASBR2# set protocols mpls no-cspf label-switched-path ASBR2-to-PE2
to 192.168.0.5 ldp-tunneling
user@host:ASBR2# set protocols mpls interface ge-2/0/9.0
user@host:ASBR2# set interfaces ge-2/0/9 unit 0 family mpls
user@host:ASBR2# set interfaces lt-2/0/10 unit 10 family mpls
user@host:PE2# set protocols mpls no-cspf
user@host:PE2# set protocols mpls label-switched-path PE2-to-ASBR2 to
192.168.0.4 ldp-tunneling
user@host:PE2# set protocols mpls interface ge-2/1/3.0
user@host:PE2# set interfaces ge-2/1/3 unit 0 family mpls

Copyright 2014, Juniper Networks, Inc.

13

Interconnecting Layer 2 Circuits Across AS Boundaries

2.

Commit the configuration:


user@host:PE1#commit check
configuration check succeeds
user@host:PE1#commit
commit complete

3.

On the PE routers and the ASBRs, display LDP neighbor information and verify that
the directly connected and indirectly-connected LDP neighbors are listed:
user@host:ASBR1> show ldp neighbor
Address
Interface
192.168.0.5
lo0.4

Label space ID
192.168.0.5:0

Hold time
42

user@host:PE2> show ldp neighbor


Address
Interface
192.168.0.4
lo0.5

Label space ID
192.168.0.4:0

Hold time
44

Configuring Internal BGP


Step-by-Step
Procedure

To configure the routing options and internal BGP (IBGP) on PE routers and on ASBRs,
perform the following steps:
1.

On PE routers and ASBRs, configure an autonomous system number:


user@host:PE1# set routing-options autonomous-system 64510
user@host:ASBR1# set routing-options autonomous-system 64510
user@host:ASBR2# set routing-options autonomous-system 64511
user@host:PE2# set routing-options autonomous-system 64511

2.

Configure IBGP on PE1:


user@host:PE1# set protocols bgp group int type internal local-address 192.168.0.2
family inet unicast
user@host:PE1# set protocols bgp group int family inet labeled-unicast rib inet.3
user@host:PE1# set protocols bgp group int neighbor 192.168.0.3

3.

Configure IBGP on ASBR1:


user@host:ASBR1# set protocols bgp group int type internal local-address 192.168.0.3
family inet unicast
user@host:ASBR1# set protocols bgp group int type internal local-address 192.168.0.3
family inet labeled-unicast rib inet.3
user@host:ASBR1# set protocols bgp group int neighbor 192.168.0.2
user@host:ASBR1# set protocols bgp group int export next-hop-self

4.

Configure IBGP on ASBR2:


user@host:ASBR2# set protocols bgp group int type internal local-address
192.168.0.4 family inet unicast
user@host:ASBR2# set protocols bgp group int type internal local-address
192.168.0.4 family inet labeled-unicast rib inet.3
user@host:ASBR2# set protocols bgp group int neighbor 192.168.0.5
user@host:ASBR2# set protocols bgp group int export next-hop-self

5.

14

Configure IBGP on PE2:

Copyright 2014, Juniper Networks, Inc.

user@host:PE2# set protocols bgp group int type internal local-address 192.168.0.5
family inet unicast
user@host:PE2# set protocols bgp group int type internal local-address 192.168.0.5
family inet labeled-unicast rib inet.3
user@host:PE2# set protocols bgp group int neighbor 192.168.0.4;

Configuring Policy Options


Step-by-Step
Procedure

To configure the policy options on ASBRs:


1.

Create the next-hop-self policy on ASBR router1. The next-hop-self policy is what
enables the ASBRs to announce labeled unicast routes to each other for the /32
routes to the PE routers in their local AS. The routes are advertised with the ASBR
identifying itself as the next hop.
user@host:ASBR1# set policy-options policy-statement next-hop-self term 1 then
next-hop self

2.

Create the send-pe policy on ASBR1 router. The send-pe policy is what enables the
ASBRs to advertise the route it learned from the peer ASBR to the PE router in its
local AS.
user@host:ASBR1# set policy-options policy-statement send-pe from route-filter
192.168.0.2/32 exact
user@host:ASBR1# set policy-options policy-statement send-pe then accept

3.

Create the next-hop-self policy on ASBR2 router. The next-hop-self policy is what
enables the ASBRs to announce labeled unicast routes to each other for the /32
routes to the PE routers in their local AS. The routes are advertised with the ASBR
identifying itself as the next hop.
user@host:ASBR2# set policy-options policy-statement next-hop-self term 1 then
next-hop self

4.

Create the send-pe policy on ASBR2 router. The send-pe policy is what enables the
ASBRs to advertise the route it learned from the peer ASBR to the PE router in its
local AS.
user@host:ASBR2# set policy-options policy-statement send-pe from route-filter
192.168.0.5/32 exact
user@host:ASBR2# set policy-options policy-statement send-pe then accept

5.

Commit the configuration:


user@host:ASBR1#commit check
configuration check succeeds
user@host:ASBR1# commit
commit complete

Copyright 2014, Juniper Networks, Inc.

15

Interconnecting Layer 2 Circuits Across AS Boundaries

Configuring External BGP


Step-by-Step
Procedure

On the ASBRs, configure external BGP (EBGP) with labeled unicast routes and specify
the inet.3 routing table. Including the labeled-unicast statement is what enables the
ASBRs to use MBGP to carry labeled unicast routes with an MPLS label binding (a prefix
and label). Verify it with the show bgp neighbor, show bgp summary, and the show bgp
group operational mode commands.
1.

Configure EBGP on ASBR1:


user@host:ASBR1# set protocols bgp group ext type external family inet unicast
user@host:ASBR1# set protocols bgp group ext type external family inet
labeled-unicast rib inet.3
user@host:ASBR1# set protocols bgp group ext export send-pe
user@host:ASBR1# set protocols bgp group ext peer-as 64511
user@host:ASBR1# set protocols bgp group ext neighbor 10.0.0.10

2.

Configure EBGP on ASBR2:


user@host:ASBR2# set protocols bgp group ext type external family inet unicast
user@host:ASBR2# set protocols bgp group ext type external family inet
labeled-unicast rib inet.3
user@host:ASBR2# set protocols bgp group ext export send-pe
user@host:ASBR2# set protocols bgp group ext peer-as 64510
user@host:ASBR2# set protocols bgp group ext neighbor 10.0.0.9

3.

Commit the configuration:


user@host:ASBR1#commit check
configuration check succeeds
user@host:ASBR1# commit
commit complete

4.

Display BGP neighbors using the show bgp neighbor operational mode command.
user@host:PE2> show bgp neighbor
Peer: 192.168.0.4+50790 AS 64511 Local: 192.168.0.5+179 AS 64511
Type: Internal
State: Established
Flags: <Sync>
Last State: OpenConfirm
Last Event: RecvKeepAlive
Last Error: Cease
Options: <Preference LocalAddress AddressFamily Refresh>
Address families configured: inet-unicast inet-labeled-unicast
Local Address: 192.168.0.5 Holdtime: 90 Preference: 170
Number of flaps: 1
Last flap event: Stop
Error: 'Cease' Sent: 1 Recv: 0
Peer ID: 192.168.0.4
Local ID: 192.168.0.5
Active Holdtime: 90
Keepalive Interval: 30
Group index: 1
Peer index: 0
BFD: disabled, down
NLRI for restart configured on peer: inet-unicast inet-labeled-unicast
NLRI advertised by peer: inet-unicast inet-labeled-unicast
NLRI for this session: inet-unicast inet-labeled-unicast
Peer supports Refresh capability (2)
Stale routes from peer are kept for: 300
Peer does not support Restarter functionality
NLRI that restart is negotiated for: inet-unicast inet-labeled-unicast
NLRI of received end-of-rib markers: inet-unicast inet-labeled-unicast
NLRI of all end-of-rib markers sent: inet-unicast inet-labeled-unicast
Peer supports 4 byte AS extension (peer-as 64511)
Peer does not support Addpath

16

Copyright 2014, Juniper Networks, Inc.

Table inet.0 Bit: 10000


RIB State: BGP restart is complete
Send state: in sync
Active prefixes:
1
Received prefixes:
1
Accepted prefixes:
1
Suppressed due to damping:
0
Advertised prefixes:
0
Table inet.3 Bit: 20000
RIB State: BGP restart is complete
Send state: in sync
Active prefixes:
1
Received prefixes:
1
Accepted prefixes:
1
Suppressed due to damping:
0
Advertised prefixes:
0
Last traffic (seconds): Received 5
Sent 18
Checked 20
Input messages: Total 5163
Updates 6
Refreshes 0

Octets 98319

Output messages: Total 5186

Octets 98758

Updates 4

Refreshes 0

Output Queue[0]: 0
Output Queue[1]: 0
5.

On ASBR2 router, display the BGP summary information using the show bgp summary
operational mode command. Verify that the state of each peer is Established.
user@host:ASBR2> show bgp summary
Peer: 10.0.0.9+179 AS 64510
Local: 10.0.0.10+52476 AS 64511
Type: External
State: Established
Flags: <Sync>
Last State: OpenConfirm
Last Event: RecvKeepAlive
Last Error: Cease
Export: [ send-pe ]
Options: <Preference AddressFamily PeerAS Refresh>
Address families configured: inet-unicast inet-labeled-unicast
Holdtime: 90 Preference: 170
Number of flaps: 1
Last flap event: Stop
Error: 'Cease' Sent: 1 Recv: 0
Peer ID: 192.168.0.3
Local ID: 192.168.0.4
Active Holdtime: 90
Keepalive Interval: 30
Group index: 2
Peer index: 0
BFD: disabled, down
Local Interface: lt-2/0/10.10
NLRI for restart configured on peer: inet-unicast inet-labeled-unicast
NLRI advertised by peer: inet-unicast inet-labeled-unicast
NLRI for this session: inet-unicast inet-labeled-unicast
Peer supports Refresh capability (2)
Stale routes from peer are kept for: 300
Peer does not support Restarter functionality
NLRI that restart is negotiated for: inet-unicast inet-labeled-unicast
NLRI of received end-of-rib markers: inet-unicast inet-labeled-unicast
NLRI of all end-of-rib markers sent: inet-unicast inet-labeled-unicast
Peer supports 4 byte AS extension (peer-as 64510)
Peer does not support Addpath
Table inet.0 Bit: 10001
RIB State: BGP restart is complete
Send state: in sync
Active prefixes:
1
Received prefixes:
1
Accepted prefixes:
1
Suppressed due to damping:
0

Copyright 2014, Juniper Networks, Inc.

17

Interconnecting Layer 2 Circuits Across AS Boundaries

Advertised prefixes:
1
Table inet.3 Bit: 20001
RIB State: BGP restart is complete
Send state: in sync
Active prefixes:
1
Received prefixes:
1
Accepted prefixes:
1
Suppressed due to damping:
0
Advertised prefixes:
1
Last traffic (seconds): Received 12
Sent 27
Checked 30
Input messages: Total 4767
Updates 17
Refreshes 0

Octets 91055

Output messages: Total 4765

Octets 91134

Updates 11

Refreshes 0

Output Queue[0]: 0
Output Queue[1]: 0
Peer: 192.168.0.5+179 AS 64511 Local: 192.168.0.4+50790 AS 64511
Type: Internal
State: Established
Flags: <Sync>
Last State: OpenConfirm
Last Event: RecvKeepAlive
Last Error: None
Export: [ next-hop-self ]
Options: <Preference LocalAddress AddressFamily Refresh>
Address families configured: inet-unicast inet-labeled-unicast
Local Address: 192.168.0.4 Holdtime: 90 Preference: 170
Number of flaps: 1
Last flap event: RecvNotify
Error: 'Cease' Sent: 0 Recv: 1
Peer ID: 192.168.0.5
Local ID: 192.168.0.4
Active Holdtime: 90
Keepalive Interval: 30
Group index: 1
Peer index: 0
BFD: disabled, down
NLRI for restart configured on peer: inet-unicast inet-labeled-unicast
NLRI advertised by peer: inet-unicast inet-labeled-unicast
NLRI for this session: inet-unicast inet-labeled-unicast
Peer supports Refresh capability (2)
Stale routes from peer are kept for: 300
Peer does not support Restarter functionality
NLRI that restart is negotiated for: inet-unicast inet-labeled-unicast
NLRI of received end-of-rib markers: inet-unicast inet-labeled-unicast
NLRI of all end-of-rib markers sent: inet-unicast inet-labeled-unicast
Peer supports 4 byte AS extension (peer-as 64511)
Peer does not support Addpath
Table inet.0 Bit: 10000
RIB State: BGP restart is complete
Send state: in sync
Active prefixes:
0
Received prefixes:
0
Accepted prefixes:
0
Suppressed due to damping:
0
Advertised prefixes:
1
Table inet.3 Bit: 20000
RIB State: BGP restart is complete
Send state: in sync
Active prefixes:
0
Received prefixes:
0
Accepted prefixes:
0
Suppressed due to damping:
0
Advertised prefixes:
1
Last traffic (seconds): Received 3
Sent 19
Checked 74
Input messages: Total 5268
Updates 10
Refreshes 0
Octets 100329

18

Copyright 2014, Juniper Networks, Inc.

Output messages: Total 5261

Updates 21

Refreshes 0

Octets 100868

Output Queue[0]: 0
Output Queue[1]: 0
6.

On PE2 router, display BGP group information using the show bgp group operational
mode command. Verify that the state of each peer is Established.
user@host:PE2> show bgp group
Group Type: Internal
AS: 64511
Name: int
Index: 1
Export: [ next-hop-self ]
Holdtime: 0
Total peers: 1
Established: 1
192.168.0.5+179
inet.0: 0/0/0/0
inet.3: 0/0/0/0
Group Type: External
Name: ext
Export: [ send-pe ]
Holdtime: 0
Total peers: 1
10.0.0.9+179
inet.0: 1/1/1/0
inet.3: 1/1/1/0
Groups: 2
2
Table
Pending
inet.0

Peers: 2

Local AS: 64511


Flags: <>

Local AS: 64511


Flags: <>

Index: 2

Established: 1

External: 1

Tot Paths

Internal: 1

Act Paths Suppressed

Down peers: 0

Flaps:

History Damp State

0
inet.3
0

Configuring Layer 2 Circuit Between PE Routers


Step-by-Step
Procedure

To configure Layer 2 circuit between PE1 router and PE2 router and to verify it with the
show l2circuit connections operational mode command and to ping CE routers to check
connectivity between them:
1.

On PE1 router, configure the Layer 2 circuit.


user@PE1# set protocols l2circuit neighbor 192.168.0.5 interface ge-2/1/0.600
virtual-circuit-id 600 ignore-mtu-mismatch

2.

On PE2 router, configure the Layer 2 circuit.


user@PE2# set protocols l2circuit neighbor 192.168.0.2 interface ge-2/1/1.600
virtual-circuit-id 600 ignore-mtu-match

3.

Commit the configuration:


user@host:PE1#commit check
configuration check succeeds
user@host:PE1# commit
commit complete

Copyright 2014, Juniper Networks, Inc.

19

Interconnecting Layer 2 Circuits Across AS Boundaries

4.

On the PE1 router, display the CE-facing Gigabit Ethernet interface information and
verify that the encapsulation is configured correctly as vlan-ccc:
user@host:PE1> show interfaces ge-2/1/0
Physical interface: ge-2/1/0
Logical interface ge-2/1/0.600 (Index 196623) (SNMP ifIndex 590)
Description: to-CE1
Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.600 ] Encapsulation: VLAN-CCC
Input packets : 126
Output packets: 121
Protocol ccc, MTU: 1518
Flags: Is-Primary

5.

On the PE1 router, display the Layer 2 circuit connections:


user@host:PE1> show l2circuit connections
Layer-2 Circuit Connections:
Legend for connection status (St)
EI -- encapsulation invalid
NP -MM -- mtu mismatch
Dn -EM -- encapsulation mismatch
VC-Dn
CM -- control-word mismatch
Up -VM -- vlan id mismatch
CF -OL -- no outgoing label
IB -NC -- intf encaps not CCC/TCC
TM -BK -- Backup Connection
ST -CB -- rcvd cell-bundle size bad SP -LD -- local site signaled down
RS -RD -- remote site signaled down HS -XX -- unknown

interface h/w not present


down
-- Virtual circuit Down
operational
Call admission control failure
TDM incompatible bitrate
TDM misconfiguration
Standby Connection
Static Pseudowire
remote site standby
Hot-standby Connection

Legend for interface status


Up -- operational
Dn -- down
Neighbor: 192.168.0.5
Interface

Type

St

Time last up

ge-2/1/0.600(vc 600)

rmt

Up

May 15 17:10:28 2013

# Up trans
1

Remote PE: 192.168.0.5, Negotiated control-word: Yes (Null)


Incoming label: 299792, Outgoing label: 299792
Negotiated PW status TLV: No
Local interface: ge-2/1/0.600, Status: Up, Encapsulation: VLAN
6.

To verify that the CE routers can send and receive traffic across the Layer 2 circuits,
use the ping command.
user@host:CE1> ping 172.16.1.2 count 2
PING 172.16.1.2 (172.16.1.2): 56 data bytes
64 bytes from 172.16.1.2: icmp_seq=0 ttl=64 time=0.236 ms
64 bytes from 172.16.1.2: icmp_seq=1 ttl=64 time=0.112 ms
--- 172.16.1.2 ping statistics --2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.112/0.174/0.236/0.062 ms
user@host:CE2> ping 172.16.1.1 count 2
PING 172.16.1.1 (172.16.1.1): 56 data bytes
64 bytes from 172.16.1.1: icmp_seq=0 ttl=64 time=0.199 ms

20

Copyright 2014, Juniper Networks, Inc.

64 bytes from 172.16.1.1: icmp_seq=1 ttl=64 time=0.120 ms


--- 172.16.1.1 ping statistics --2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.120/0.160/0.199/0.040 ms

Copyright 2014, Juniper Networks, Inc.

21

Interconnecting Layer 2 Circuits Across AS Boundaries

Results
The following displays relevant sample configuration on all the routers. Note that since
logical systems are used in this example, the sample configuration displays are as such.
1.

To display the configuration for interfaces on the router, use show interfaces:
ge-2/0/6 {
vlan-tagging;
unit 600 {
description to-PE1;
vlan-id 600;
family inet {
address 172.16.1.2/24;
}
}
}
ge-2/1/0 {
vlan-tagging;
encapsulation vlan-ccc;
unit 600 {
description to-CE1;
encapsulation vlan-ccc;
vlan-id 600;
family ccc;
}
}
ge-2/1/1 {
vlan-tagging;
encapsulation vlan-ccc;
unit 600 {
description to-CE2;
encapsulation vlan-ccc;
vlan-id 600;
family ccc;
}
}
ge-2/1/2 {
vlan-tagging;
unit 600 {
description to-PE2;
vlan-id 600;
family inet {
address 172.16.1.1/24;
}
}
}

2. To display the configuration on a particular logical system, run the show command:

Configuration on CE1 router


CE1 {
interfaces {
ge-2/0/6 {
unit 600;
}

22

Copyright 2014, Juniper Networks, Inc.

lo0 {
unit 1 {
family inet {
address 192.168.0.1/32;
}
}
}
}
}
Configuration on PE1 router
PE1 {
interfaces {
lt-2/0/10 {
unit 5 {
description to-ASBR1;
encapsulation ethernet;
peer-unit 6;
family inet {
address 10.0.0.5/30;
}
family mpls;
}
}
ge-2/1/0 {
unit 600;
}
lo0 {
unit 2 {
family inet {
address 192.168.0.2/32;
}
}
}
}
protocols {
rsvp {
interface lo0.2;
interface lt-2/0/10.5;
}
mpls {
no-cspf;
label-switched-path PE1-ASBR1 {
to 192.168.0.3;
ldp-tunneling;
}
interface lt-2/0/10.5;
}
bgp {
group int {
type internal;
local-address 192.168.0.2;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;

Copyright 2014, Juniper Networks, Inc.

23

Interconnecting Layer 2 Circuits Across AS Boundaries

}
}
}
neighbor 192.168.0.3;
}
}
ospf {
traffic-engineering;
area 0.0.0.0 {
interface lt-2/0/10.5;
interface lo0.2 {
passive;
}
}
}
ldp {
l2-smart-policy;
strict-targeted-hellos;
interface lo0.2;
session 192.168.0.5 {
authentication-key
"$9$tt8Tu1hleWNVwSylM8Xws5QF3/t1IcvWxSrxdsYZGDikqT30ORevLO1WLNV4oDik.z6";
## SECRET-DATA
}
}
l2circuit {
neighbor 192.168.0.5 {
interface ge-2/1/0.600 {
virtual-circuit-id 600;
ignore-mtu-mismatch;
}
}
}
}
routing-options {
autonomous-system 64510;
}
}
Configuration on ASBR1 router
ASBR1 {
interfaces {
lt-2/0/10 {
unit 6 {
description to-PE1;
encapsulation ethernet;
peer-unit 5;
family inet {
address 10.0.0.6/30;
}
family mpls;
}
unit 9 {
description to-ASBR2;
encapsulation ethernet;
peer-unit 10;
family inet {

24

Copyright 2014, Juniper Networks, Inc.

address 10.0.0.9/30;
}
family mpls;
}
}
lo0 {
unit 3 {
family inet {
address 192.168.0.3/32;
}
}
}
}
protocols {
rsvp {
interface lo0.3;
interface lt-2/0/10.6;
}
mpls {
no-cspf;
label-switched-path ASBR1-to-PE1 {
to 192.168.0.2;
ldp-tunneling;
}
interface lt-2/0/10.6;
}
bgp {
group int {
type internal;
local-address 192.168.0.3;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
export next-hop-self;
neighbor 192.168.0.2;
}
group ext {
type external;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
export send-pe;
peer-as 64511;
neighbor 10.0.0.10;
}
}

Copyright 2014, Juniper Networks, Inc.

25

Interconnecting Layer 2 Circuits Across AS Boundaries

ospf {
traffic-engineering;
area 0.0.0.0 {
interface lo0.3 {
passive;
}
interface lt-2/0/10.6;
}
}
ldp {
interface lo0.3;
}
}
policy-options {
policy-statement next-hop-self {
term 1 {
then {
next-hop self;
}
}
}
policy-statement send-pe {
from {
route-filter 192.168.0.2/32 exact;
}
then accept;
}
}
routing-options {
autonomous-system 64510;
}
}
Configuration on ASBR2 router
ASBR2 {
interfaces {
ge-2/0/9 {
unit 0 {
description to-PE2;
family inet {
address 10.0.0.13/30;
}
family mpls;
}
}
lt-2/0/10 {
unit 10 {
description to-ASBR1;
encapsulation ethernet;
peer-unit 9;
family inet {
address 10.0.0.10/30;
}
family mpls;
}
}
lo0 {

26

Copyright 2014, Juniper Networks, Inc.

unit 4 {
family inet {
address 192.168.0.4/32;
}
}
}
}
protocols {
rsvp {
interface ge-2/0/9.0;
interface lo0.4;
}
mpls {
no-cspf;
label-switched-path ASBR2-to-PE2 {
to 192.168.0.5;
ldp-tunneling;
}
interface ge-2/0/9.0;
}
bgp {
group int {
type internal;
local-address 192.168.0.4;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
export next-hop-self;
neighbor 192.168.0.5;
}
group ext {
type external;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
export send-pe;
peer-as 64510;
neighbor 10.0.0.9;
}
}
ospf {
traffic-engineering;
area 0.0.0.0 {
interface ge-2/0/9.0;
interface lo0.4 {
passive;

Copyright 2014, Juniper Networks, Inc.

27

Interconnecting Layer 2 Circuits Across AS Boundaries

}
}
}
ldp {
interface lo0.4;
}
}
policy-options {
policy-statement next-hop-self {
term 1 {
then {
next-hop self;
}
}
}
policy-statement send-pe {
from {
route-filter 192.168.0.5/32 exact;
}
then accept;
}
}
routing-options {
autonomous-system 64511;
}
}
Configuration on PE2 router
PE2 {
interfaces {
ge-2/1/1 {
unit 600;
}
ge-2/1/3 {
unit 0 {
description to-ASBR2;
family inet {
address 10.0.0.14/30;
}
family mpls;
}
}
lo0 {
unit 5 {
family inet {
address 192.168.0.5/32;
}
}
}
}
protocols {
rsvp {
interface ge-2/1/3.0;
interface lo0.5;
}
mpls {
no-cspf;

28

Copyright 2014, Juniper Networks, Inc.

label-switched-path PE2-to-ASBR2 {
to 192.168.0.4;
ldp-tunneling;
}
interface ge-2/1/3.0;
}
bgp {
group int {
type internal;
local-address 192.168.0.5;
family inet {
unicast;
labeled-unicast {
rib {
inet.3;
}
}
}
neighbor 192.168.0.4;
}
}
ospf {
traffic-engineering;
area 0.0.0.0 {
interface lo0.5 {
passive;
}
interface ge-2/1/3.0;
}
}
ldp {
l2-smart-policy;
strict-targeted-hellos;
interface lo0.5;
session 192.168.0.2 {
authentication-key
"$9$h8OSeW7Nb4JGLX7VwYGUCtu01heK8db2Lx2aUDmP5QF3A0yrvNdsrebs4JHk5QFnpB";
## SECRET-DATA
}
}
l2circuit {
neighbor 192.168.0.2 {
interface ge-2/1/1.600 {
virtual-circuit-id 600;
ignore-mtu-mismatch;
}
}
}
}
routing-options {
autonomous-system 64511;
}
}
Configuration on CE2 router
CE2 {
interfaces {

Copyright 2014, Juniper Networks, Inc.

29

Interconnecting Layer 2 Circuits Across AS Boundaries

ge-2/1/2 {
unit 600;
}
lo0 {
unit 6 {
family inet {
address 192.168.0.6/32;
}
}
}
}
}

Related
Documentation

30

Introduction to Interconnecting Layer 2 Circuits Across Autonomous System Boundaries


on page 4

Understanding the Operation of Layer 2 Circuits Across AS Boundaries on page 2

Use Case for Configuring Layer 2 Circuits Across AS Boundaries on page 1

Copyright 2014, Juniper Networks, Inc.