Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
502
Views
6
Helpful
28
Replies

BGP EVPN VPWS - Cisco & Juniper - Traffic withdrawn

Jerems
Spotlight
Spotlight

‎09-23-2024 12:12 AM

Hi dear community,

I am facing an issue with the following setup :

Jerems_0-1727073861383.png

Ping is not OK for the BGP EVPN VPWS Service (Vlan / EVC 20).

Here is the configuration of the involed PE :

Cisco PE ISR1111:

interface GigabitEthernet0/0/1
 no ip address
 negotiation auto
 !
 service instance 20 ethernet
  encapsulation dot1q 20
!
l2vpn evpn instance 20 point-to-point
 route-target export 65003:20
 route-target import 65003:20
 no auto-route-target
 vpws context EVPN-12120
  service target 121201 source 121202
  member GigabitEthernet0/0/1 service-instance 20
!
router bgp 65003
 bgp router-id 10.0.0.21
 bgp log-neighbor-changes
 neighbor 10.0.0.1 remote-as 65003
 neighbor 10.0.0.1 update-source Loopback0
 !
 address-family l2vpn evpn
  neighbor 10.0.0.1 activate
  neighbor 10.0.0.1 send-community both
  neighbor 10.0.0.1 soft-reconfiguration inbound
 exit-address-family

JUNIPER PE SRX300:

set interfaces ge-0/0/5 unit 20 description "vlan l2vpn-test-Evpn-vpws_Bgp_Signaling"
set interfaces ge-0/0/5 unit 20 encapsulation vlan-ccc
set interfaces ge-0/0/5 unit 20 vlan-id 20
!
set policy-options policy-statement L2Vpn-evpn-12120-Export term from-L2Vpn-evpn-12120 then community add Rt-L2Vpn-evpn-12120
set policy-options policy-statement L2Vpn-evpn-12120-Export term from-L2Vpn-evpn-12120 then accept
set policy-options policy-statement L2Vpn-evpn-12120-Import term from-L2Vpn-evpn-12120 from community Rt-L2Vpn-evpn-12120
set policy-options policy-statement L2Vpn-evpn-12120-Import term from-L2Vpn-evpn-12120 then accept
!
set policy-options community Rt-L2Vpn-evpn-12120 members target:65003:20
!
set routing-instances evpn-12120 protocols evpn interface ge-0/0/5.20 vpws-service-id local 121201
set routing-instances evpn-12120 protocols evpn interface ge-0/0/5.20 vpws-service-id remote 121202
set routing-instances evpn-12120 protocols evpn no-control-word
set routing-instances evpn-12120 interface ge-0/0/5.20
set routing-instances evpn-12120 description "BGP EVPN-VPWS"
set routing-instances evpn-12120 instance-type evpn-vpws
set routing-instances evpn-12120 route-distinguisher 10.0.0.1:20
set routing-instances evpn-12120 vrf-import L2Vpn-evpn-12120-Import
set routing-instances evpn-12120 vrf-export L2Vpn-evpn-12120-Export
!
set protocols bgp group Bgp-Evpn-Signaling type internal
set protocols bgp group Bgp-Evpn-Signaling local-address 10.0.0.1
set protocols bgp group Bgp-Evpn-Signaling family evpn signaling
set protocols bgp group Bgp-Evpn-Signaling neighbor 10.0.0.21

 I can see some drops on the RX side of the Cisco PE :

Jerems_3-1727075192060.png

VC is up but a ping from station A to B does not work.

PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data.
From 192.168.20.1 icmp_seq=1 Destination Host Unreachable
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable
From 192.168.20.1 icmp_seq=5 Destination Host Unreachable
From 192.168.20.1 icmp_seq=8 Destination Host Unreachable
From 192.168.20.1 icmp_seq=11 Destination Host Unreachable

A packet capture on interface Gi0/0/0 on the Cisco PE shows the packet from Host A arriving at the Cisco PE (ARP request) but it does not exit the router on interface Gi0/0/1 towards Host B.

Any idea folks ?

Thanks in advance for your kind help.

Best Regards,

Jerems

 

 

 

 

 

 

Labels:
28 Replies 28

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-23-2024 02:22 PM - edited ‎09-23-2024 02:23 PM

Hello @Jerems ,

what about the MPLS LSPs between PE loopbacks ?

the pseudowire travels within them in the two directions.

check on Cisco side with

show mpls forwarding 10.0.0.1

Edit:

if it is an emulated environment you may be facing some limitations in the data plane.

Hope to help

Giuseppe

 

0 Helpful

Jerems
Spotlight
Spotlight
In response to Giuseppe Larosa

‎09-23-2024 11:01 PM

Hi @Giuseppe Larosa ,

Thank you so much for the time spent in replying my post.

Here is the output :

Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    
Label      Label      or Tunnel Id     Switched      interface              
31         299872     10.0.0.1/32      0             Gi0/0/0    192.168.12.49
        MAC/Encaps=14/18, MRU=1600, Label Stack{299872}
        44AA504C70C19077EEA7A1008847 49360000
        No output feature configured

Regards,

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Jerems

‎09-24-2024 02:12 AM

Hello @Jerems ,

the MPLS LSP toward the remote PE looks like fine,

you can try to use ping mpls 10.0.0.1 source loop0

Hope to help

Giuseppe

 

0 Helpful

Jerems
Spotlight
Spotlight
In response to Giuseppe Larosa

‎09-24-2024 02:24 AM

Hi @Giuseppe Larosa 

Interesting point !

Jerems_0-1727169498783.png

This reminds me an interop issue between Nokia and Juniper regarding the implementation of RFC 4379 and 6424.

Regards,

 

0 Helpful

Jerems
Spotlight
Spotlight
In response to Jerems

‎09-25-2024 01:25 AM

So as to have correct answers from the Junos Box i had to specify the FEC-Type in the ping Command. It is a known cosmetic & interop issue on MPLS OAM as i was thinking about.

With Fec-type LDP it works fine :

Jerems_0-1727252661429.png

Thanks @Harold Ritter :

https://community.cisco.com/t5/mpls/mpls-ping-between-asr920-and-juniper-mx204/td-p/4294930

 

MHM Cisco World
VIP
VIP

‎09-23-2024 02:34 PM

when you capture traffic do you see and vlan tag ?

MHM

0 Helpful

Jerems
Spotlight
Spotlight

‎09-23-2024 11:21 PM

Hi @MHM Cisco World ,

Thank you aswell for your contribution.

Yes i have the vlan tag of ID 20 flowing from the CE towards the Juniper PEs before reaching the Cisco PE where i perform the capture on the backbone interface.

Jerems_0-1727158831730.png

Thanks in advance for your kind help.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Jerems

‎09-24-2024 02:19 AM

Hello @Jerems ,

the network diagram that you have provided in first post makes me think the two PE nodes are not directly connected , are they directly connected?

if yes the capture with a single level of MPLS label the VC label 20 is fine

 

Hope to help

Giuseppe

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Giuseppe Larosa

‎09-24-2024 03:06 AM

Can you share 

Show l2vpn xconnect details 

MHM

0 Helpful

ChristopheLucas
Level 1
Level 1

‎09-24-2024 01:24 AM

Hi Jeremie,

In first read I would say : control-word is on on IOS XE by default and your JunOs push it off.

Regards,

Christophe

Jerems
Spotlight
Spotlight
In response to ChristopheLucas

‎09-24-2024 02:07 AM

Hi @ChristopheLucas ,

Thank you so much for your feedback. Actually i did already play with this parameter on both boxes but nothing changed.

Anyway, I gonna check again.

Thanks and hope that all is fine for you !

0 Helpful

Jerems
Spotlight
Spotlight

‎09-24-2024 02:25 AM

Ingress and Egress PEs are not directly connected. There is another Juniper box in between.

Regards,

Jerems
Spotlight
Spotlight

‎09-24-2024 02:32 AM

The transport Label is poped on the directly connected Juniper PE (PHP).

Regards,

Jerems
Spotlight
Spotlight

‎09-24-2024 04:20 AM

It is an evpn vpws not a BGP/LDP signaled xconnect.

Jerems_0-1727176318584.png

But i still can share the details of the other services:

Jerems_1-1727176773066.png

 

 

0 Helpful
Customers Also Viewed These Support Documents