Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2141
Views
11
Helpful
43
Replies

BGP EVPN VPWS - Cisco & Juniper - Traffic withdrawn

Jerems
Spotlight
Spotlight

‎09-23-2024 12:12 AM

Hi dear community,

I am facing an issue with the following setup :

Jerems_0-1727073861383.png

Ping is not OK for the BGP EVPN VPWS Service (Vlan / EVC 20).

Here is the configuration of the involed PE :

Cisco PE ISR1111:

interface GigabitEthernet0/0/1
 no ip address
 negotiation auto
 !
 service instance 20 ethernet
  encapsulation dot1q 20
!
l2vpn evpn instance 20 point-to-point
 route-target export 65003:20
 route-target import 65003:20
 no auto-route-target
 vpws context EVPN-12120
  service target 121201 source 121202
  member GigabitEthernet0/0/1 service-instance 20
!
router bgp 65003
 bgp router-id 10.0.0.21
 bgp log-neighbor-changes
 neighbor 10.0.0.1 remote-as 65003
 neighbor 10.0.0.1 update-source Loopback0
 !
 address-family l2vpn evpn
  neighbor 10.0.0.1 activate
  neighbor 10.0.0.1 send-community both
  neighbor 10.0.0.1 soft-reconfiguration inbound
 exit-address-family

JUNIPER PE SRX300:

set interfaces ge-0/0/5 unit 20 description "vlan l2vpn-test-Evpn-vpws_Bgp_Signaling"
set interfaces ge-0/0/5 unit 20 encapsulation vlan-ccc
set interfaces ge-0/0/5 unit 20 vlan-id 20
!
set policy-options policy-statement L2Vpn-evpn-12120-Export term from-L2Vpn-evpn-12120 then community add Rt-L2Vpn-evpn-12120
set policy-options policy-statement L2Vpn-evpn-12120-Export term from-L2Vpn-evpn-12120 then accept
set policy-options policy-statement L2Vpn-evpn-12120-Import term from-L2Vpn-evpn-12120 from community Rt-L2Vpn-evpn-12120
set policy-options policy-statement L2Vpn-evpn-12120-Import term from-L2Vpn-evpn-12120 then accept
!
set policy-options community Rt-L2Vpn-evpn-12120 members target:65003:20
!
set routing-instances evpn-12120 protocols evpn interface ge-0/0/5.20 vpws-service-id local 121201
set routing-instances evpn-12120 protocols evpn interface ge-0/0/5.20 vpws-service-id remote 121202
set routing-instances evpn-12120 protocols evpn no-control-word
set routing-instances evpn-12120 interface ge-0/0/5.20
set routing-instances evpn-12120 description "BGP EVPN-VPWS"
set routing-instances evpn-12120 instance-type evpn-vpws
set routing-instances evpn-12120 route-distinguisher 10.0.0.1:20
set routing-instances evpn-12120 vrf-import L2Vpn-evpn-12120-Import
set routing-instances evpn-12120 vrf-export L2Vpn-evpn-12120-Export
!
set protocols bgp group Bgp-Evpn-Signaling type internal
set protocols bgp group Bgp-Evpn-Signaling local-address 10.0.0.1
set protocols bgp group Bgp-Evpn-Signaling family evpn signaling
set protocols bgp group Bgp-Evpn-Signaling neighbor 10.0.0.21

 I can see some drops on the RX side of the Cisco PE :

Jerems_3-1727075192060.png

VC is up but a ping from station A to B does not work.

PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data.
From 192.168.20.1 icmp_seq=1 Destination Host Unreachable
From 192.168.20.1 icmp_seq=2 Destination Host Unreachable
From 192.168.20.1 icmp_seq=3 Destination Host Unreachable
From 192.168.20.1 icmp_seq=5 Destination Host Unreachable
From 192.168.20.1 icmp_seq=8 Destination Host Unreachable
From 192.168.20.1 icmp_seq=11 Destination Host Unreachable

A packet capture on interface Gi0/0/0 on the Cisco PE shows the packet from Host A arriving at the Cisco PE (ARP request) but it does not exit the router on interface Gi0/0/1 towards Host B.

Any idea folks ?

Thanks in advance for your kind help.

Best Regards,

Jerems

 

 

 

 

 

 

Labels:
43 Replies 43

MHM Cisco World
VIP
VIP
In response to Jerems

‎09-25-2024 02:14 AM

Add pop under instance of ios xe' 

And check 

MHM

 

0 Helpful

Jerems
Spotlight
Spotlight

‎09-25-2024 02:34 AM

I have tried with and without, same result :

jey-isr1k-pe-01#sh run int gi0/0/1
Building configuration...

Current configuration : 341 bytes
!
interface GigabitEthernet0/0/1
 no ip address
 negotiation auto
 service instance 20 ethernet
  encapsulation dot1q 20
  rewrite ingress tag pop 1 symmetric
!
end

Thanks again for your precious time spent on that matter.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Jerems

‎09-25-2024 03:33 AM

First thanks for nice words in your all answer 

Second 

It vlan mismatch which in ypur original post you dont use POP and it correct and even with it vpws not wrok 

Or 

Labeling mismatch' try use explicit null label in ios xe router 

Thanks again 

MHM

0 Helpful

Jerems
Spotlight
Spotlight
In response to MHM Cisco World

‎09-25-2024 04:46 AM

Hi @MHM Cisco World 

I didn't get this :

"It vlan mismatch which in ypur original post you dont use POP and it correct and even with it vpws not wrok."

Thanks in advance

Jerems

0 Helpful

MHM Cisco World
VIP
VIP
In response to Jerems

‎09-25-2024 05:14 AM

If one peer send traffic untag you need to use POP symmetric 

If one peer send traffic tag you not need any POP (this is your case) from capture the traffic is tag and you dont use POP'

Anyway we try POP and it not solve issue.

So let check labeling' did you try explicit null label in ios xe ?

MHM

0 Helpful

jenniferlopez02030
Level 1
Level 1

‎09-25-2024 03:36 AM

Great info...

0 Helpful

Jerems
Spotlight
Spotlight

‎09-25-2024 05:17 AM

Thank you for your feedback

Control word came up on juniper box during few minutes when i enabled explicit-null on the Cisco Box and left after.

Jerems_0-1727266531673.png

mpls label protocol ldp
mpls ldp explicit-null

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Jerems

‎09-25-2024 05:22 AM

Sorry can you more elaborate' did you try ping ?

MHM

0 Helpful

Jerems
Spotlight
Spotlight

‎09-25-2024 05:26 AM

For some reasons i have two 802.1q headers...in the frames which go out from the Cisco PE (ingress LER)

Jerems_1-1727266789221.pngi have a put a switch in between the Cisco PE and the first Juniper PE (which is not the Egress PE), to capture traffic.

Traffic is captured both direction Tx & Rx.

The frame below comes from the neighboring juniper PE and ingress the Cisco PE

Jerems_2-1727267102434.png

Thanks in advance,

 

 

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Jerems

‎09-25-2024 05:30 AM

So now you see Tx count and there is no more  Rx drop in PE ? Please confirm 

MHM

0 Helpful

Jerems
Spotlight
Spotlight

‎09-25-2024 05:34 AM

Still can not ping and still have drops on Cisco PE.

Jerems_0-1727267634526.png

 

 

 

0 Helpful

Jerems
Spotlight
Spotlight

‎09-25-2024 05:35 AM

The weird thing is also the fact of having two dot1q headers on the outgoing traffic of the Cisco PE...

0 Helpful

MHM Cisco World
VIP
VIP
In response to Jerems

‎09-25-2024 11:26 PM

Not sure but if you use interworking ethernet the PE add tag vlan 0 to frame.

So keep mpls explicit null label and use interworking vlan 

MHM

0 Helpful

Jerems
Spotlight
Spotlight
In response to MHM Cisco World

‎09-25-2024 11:32 PM

Hi @MHM Cisco World ,

Thanks again for your contribution. How can i change the interworking parameter ? The pw (if any in BGP EVPN) is created automatically. As far as i know i can not create it manually. Tell me if i mistaken !

Thanks in advance,

Best Regards,

0 Helpful

MHM Cisco World
VIP
VIP
In response to Jerems

‎09-27-2024 01:00 AM

L2vpb evpn instance vlan-based 

Can you check if vlan-based keyword is available 

MHM

0 Helpful
Customers Also Viewed These Support Documents