Interprovider L3VPN Option C on a vMX

Implementation Description

In this article, I will build an Interprovider L3VPN Option C setup on a single vMX. Each individual router will be configured as a logical router. The vMX router has a back-to-back connection between ge-0/0/0 and ge-0/0/1 ports. For each different link, a different VLAN number will be configured to separate the traffic generated based on router ID number.

Note: This option is the most scalable solution comparing with option A and option B.

Network Diagram

IP Allocation

  • AS 20: 192.168.20.0/16
    • CE 21: 192.168.0.21/32
    • CE 22: 192.168.0.22/32
    • Link 1121: 192.168.20.0/31
    • Link 1622: 192.168.20.2/31
  • AS 30: 192.168.30.0/16
    • CE 31: 192.168.0.31/32
    • CE 32: 192.168.0.32/32
    • Link 1131: 192.168.30.0/31
    • Link 1632: 192.168.30.2/31
  • AS 100: 10.100.0.0/16
    • PE 11: 10.100.0.11/32
    • P 12: 10.100.0.12/32
    • ASBR 13: 10.100.0.13/32
    • Internal Links: 10.100.1.0/16
  • AS 200: 10.200.0.0/16
    • PE 16: 10.200.0.16/32
    • P 15: 10.200.0.15/32
    • ASBR 14: 10.200.0.14/32
    • Internal Links: 10.200.1.0/16
  • Inter-ASBR link:
    • Link 1314: 172.167.12.0/31

Full Configuration

show | no-more 
## Last changed: 2018-03-07 08:58:37 UTC
version 15.1F4.15;
groups {
    isis {
        logical-systems {
            <*> {
                protocols {
                    isis {
                        level 1 disable;
                        interface <*> {
                            point-to-point;
                        }
                    }
                }
            }
        }
    }
}
apply-groups isis;
system {
    host-name MX;
    root-authentication {
        encrypted-password "$5$L3F31155$kVyagZl2v/WM9s32/hi7VCXxM5o0vupYD.LO3uvCif4"; ## SECRET-DATA
    }
    services {
        ssh;
        netconf {
            ssh;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
logical-systems {
    11-PE {
        interfaces {
            ge-0/0/0 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.100.1.0/31;
                    }
                    family iso;
                    family mpls;
                }
                unit 1121 {
                    vlan-id 1121;
                    family inet {
                        address 192.168.20.0/31;
                    }
                }
                unit 1131 {
                    vlan-id 1131;
                    family inet {
                        address 192.168.30.0/31;
                    }
                }
            }
            lo0 {
                unit 11 {
                    family inet {
                        address 10.100.0.11/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0011.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group to-AS200 {
                    type external;
                    multihop {
                        ttl 10;
                    }
                    local-address 10.100.0.11;
                    family inet-vpn {
                        unicast;
                    }
                    peer-as 200;
                    neighbor 10.200.0.16;
                }
                group internal {
                    type internal;
                    local-address 10.100.0.11;
                    family inet {
                        labeled-unicast {
                            resolve-vpn;
                        }
                    }
                    neighbor 10.100.0.13;
                }
            }
            isis {
                interface ge-0/0/0.1112;
                interface lo0.11;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/0.1121;
                route-distinguisher 10.100.0.11:20;
                vrf-target target:0.0.100.200:20;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 20;
                            as-override;
                            neighbor 192.168.20.1;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/0.1131;
                route-distinguisher 10.100.0.11:30;
                vrf-target target:0.0.100.200:30;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 30;
                            as-override;
                            neighbor 192.168.30.1;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    12-P {
        interfaces {
            ge-0/0/0 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.100.1.2/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.100.1.1/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 12 {
                    family inet {
                        address 10.100.0.12/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0012.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                traffic-engineering {
                    bgp-igp;
                }
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    13-ASBR {
        interfaces {
            ge-0/0/0 {
                unit 1314 {
                    vlan-id 1314;
                    family inet {
                        address 172.167.12.0/31;
                    }
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.100.1.3/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 13 {
                    family inet {
                        address 10.100.0.13/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0013.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                traffic-engineering {
                    bgp-igp;
                }
                interface all;
            }
            bgp {
                group to-AS200 {
                    type external;
                    family inet {
                        labeled-unicast;
                    }
                    export to-AS200;
                    peer-as 200;
                    neighbor 172.167.12.1;
                }
                group internal {
                    type internal;
                    local-address 10.100.0.13;
                    family inet {
                        labeled-unicast;
                    }
                    neighbor 10.100.0.11;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/1.1213;
                interface lo0.13;
            }
        }
        policy-options {
            policy-statement to-AS200 {
                term PE11-lo0 {
                    from {
                        route-filter 10.100.0.11/32 exact;
                    }
                    then accept;
                }
                term reject {
                    then reject;
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    14-ASBR {
        interfaces {
            ge-0/0/0 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.200.1.4/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1314 {
                    vlan-id 1314;
                    family inet {
                        address 172.167.12.1/31;
                    }
                    family mpls;
                }
            }
            lo0 {
                unit 14 {
                    family inet {
                        address 10.200.0.14/32;
                    }
                    family iso {
                        address 49.0200.0102.0000.0014.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                traffic-engineering {
                    bgp-igp;
                }
                interface all;
            }
            bgp {
                group to-AS100 {
                    type external;
                    family inet {
                        labeled-unicast;
                    }
                    export to-AS100;
                    peer-as 100;
                    neighbor 172.167.12.0;
                }
                group internal {
                    type internal;
                    local-address 10.200.0.14;
                    family inet {
                        labeled-unicast;
                    }
                    neighbor 10.200.0.16;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/0.1415;
                interface lo0.14;
            }
        }
        policy-options {
            policy-statement to-AS100 {
                term PE16-lo0 {
                    from {
                        route-filter 10.200.0.16/32 exact;
                    }
                    then accept;
                }
                term reject {
                    then reject;
                }
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
    15-P {
        interfaces {
            ge-0/0/0 {
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.200.1.6/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.200.1.5/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 15 {
                    family inet {
                        address 10.200.0.15/32;
                    }
                    family iso {
                        address 49.0200.0102.0000.0015.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                traffic-engineering {
                    bgp-igp;
                }
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
    }
    16-PE {
        interfaces {
            ge-0/0/0 {
                unit 1622 {
                    vlan-id 1622;
                    family inet {
                        address 192.168.20.2/31;
                    }
                }
                unit 1632 {
                    vlan-id 1632;
                    family inet {
                        address 192.168.30.2/31;
                    }
                }
            }
            ge-0/0/1 {
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.200.1.7/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 16 {
                    family inet {
                        address 10.200.0.16/32;
                    }
                    family iso {
                        address 49.0200.0102.0000.0016.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.200.0.16;
                    family inet {
                        labeled-unicast {
                            resolve-vpn;
                        }
                    }
                    neighbor 10.200.0.14;
                }
                group to-AS100 {
                    type external;
                    multihop {
                        ttl 10;
                    }
                    local-address 10.200.0.16;
                    family inet-vpn {
                        unicast;
                    }
                    peer-as 100;
                    neighbor 10.100.0.11;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/0.1622;
                route-distinguisher 10.100.0.16:20;
                vrf-target target:0.0.100.200:20;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 20;
                            as-override;
                            neighbor 192.168.20.3;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/0.1632;
                route-distinguisher 10.100.0.16:30;
                vrf-target target:0.0.100.200:30;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 30;
                            as-override;
                            neighbor 192.168.30.3;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
    21-CE {
        interfaces {
            ge-0/0/1 {
                unit 1121 {
                    vlan-id 1121;
                    family inet {
                        address 192.168.20.1/31;
                    }
                }
            }
            lo0 {
                unit 21 {
                    family inet {
                        address 192.168.0.21/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.20.0;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 20;
        }
    }
    22-CE {
        interfaces {
            ge-0/0/1 {
                unit 1622 {
                    vlan-id 1622;
                    family inet {
                        address 192.168.20.3/31;
                    }
                }
            }
            lo0 {
                unit 22 {
                    family inet {
                        address 192.168.0.22/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS200 {
                    type external;
                    export to-bgp;
                    peer-as 200;
                    neighbor 192.168.20.2;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 20;
        }
    }
    31-CE {
        interfaces {
            ge-0/0/1 {
                unit 1131 {
                    vlan-id 1131;
                    family inet {
                        address 192.168.30.1/31;
                    }
                }
            }
            lo0 {
                unit 31 {
                    family inet {
                        address 192.168.0.31/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.30.0;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 30;
        }
    }
    32-CE {
        interfaces {
            ge-0/0/1 {
                unit 1632 {
                    vlan-id 1632;
                    family inet {
                        address 192.168.30.3/31;
                    }
                }
            }
            lo0 {
                unit 32 {
                    family inet {
                        address 192.168.0.32/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS200 {
                    type external;
                    export to-bgp;
                    peer-as 200;
                    neighbor 192.168.30.2;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 30;
        }
    }
}
interfaces {
    ge-0/0/0 {
        description "to ge-0/0/1";
        vlan-tagging;
    }
    ge-0/0/1 {
        description "to ge-0/0/0";
        vlan-tagging;
    }
    ge-0/0/2 {
        description "to ge-0/0/3";
        vlan-tagging;
    }
    ge-0/0/3 {
        description "to ge-0/0/2";
        vlan-tagging;
    }
    ge-0/0/4 {
        description "to ge-0/0/5";
        vlan-tagging;
    }
    ge-0/0/5 {
        description "to ge-0/0/4";
        vlan-tagging;
    }
    ge-0/0/6 {
        description "to ge-0/0/7";
        vlan-tagging;
    }
    ge-0/0/7 {
        description "to ge-0/0/6";
        vlan-tagging;
    }
    ge-0/0/8 {
        description "to eth1";
    }
    ge-0/0/9 {
        description "to eth2";
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.83.11/24;
            }
        }
    }
}

Verification

root@MX:21-CE> show route 

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.21/32    *[Direct/0] 02:05:23
                    > via lo0.21
192.168.0.22/32    *[BGP/170] 00:00:33, localpref 100
                      AS path: 100 200 100 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121
192.168.20.0/31    *[Direct/0] 02:04:45
                    > via ge-0/0/1.1121
192.168.20.1/32    *[Local/0] 02:04:45
                      Local via ge-0/0/1.1121
192.168.20.2/31    *[BGP/170] 00:00:33, localpref 100
                      AS path: 100 200 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121

root@MX:21-CE> ping 192.168.0.22 count 3 source 192.168.0.21    
PING 192.168.0.22 (192.168.0.22): 56 data bytes
64 bytes from 192.168.0.22: icmp_seq=0 ttl=52 time=11.834 ms
64 bytes from 192.168.0.22: icmp_seq=1 ttl=52 time=11.269 ms
64 bytes from 192.168.0.22: icmp_seq=2 ttl=52 time=8.738 ms

--- 192.168.0.22 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 8.738/10.614/11.834/1.346 ms

Label Operation

1. Customer router will send simple traffic.

root@MX:21-CE> show route 192.168.0.22 

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:05:33, localpref 100
                      AS path: 100 200 100 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121

2. Router 11-PE will add three labels to the traffic, L3VPN label, BGP-LU label and LDP transport label.

root@MX:11-PE> show route 192.168.0.22    

Cust-20.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:10:04, localpref 100, from 10.200.0.16
                      AS path: 200 20 I, validation-state: unverified
                    > to 10.100.1.1 via ge-0/0/0.1112, Push 299856, Push 299952, Push 299824(top)

root@MX:11-PE> show route table mpls      

mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 02:15:03, metric 1
                      Receive
1                  *[MPLS/0] 02:15:03, metric 1
                      Receive
2                  *[MPLS/0] 02:15:03, metric 1
                      Receive
13                 *[MPLS/0] 02:15:03, metric 1
                      Receive
299776             *[LDP/9] 02:14:03, metric 1
                    > to 10.100.1.1 via ge-0/0/0.1112, Pop      
299776(S=0)        *[LDP/9] 02:14:03, metric 1
                    > to 10.100.1.1 via ge-0/0/0.1112, Pop      
299840             *[LDP/9] 00:30:25, metric 1
                    > to 10.100.1.1 via ge-0/0/0.1112, Swap 299824
299888             *[VPN/170] 00:10:08
                    > to 192.168.20.1 via ge-0/0/0.1121, Pop      
299904             *[VPN/170] 00:10:08
                    > to 192.168.30.1 via ge-0/0/0.1131, Pop           

3. Router 12-P is PHP and will pop the LDP label.

root@MX:12-P> show route 192.168.0.22  

root@MX:12-P> show route label 299824 

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299824             *[LDP/9] 00:31:02, metric 1
                    > to 10.100.1.3 via ge-0/0/0.1213, Pop      
299824(S=0)        *[LDP/9] 00:31:02, metric 1
                    > to 10.100.1.3 via ge-0/0/0.1213, Pop         

4. Router 13-ASBR will swap the BGP-LU label.

root@MX:13-ASBR> show route label 299952 

mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299952             *[VPN/170] 00:15:19
                    > to 172.167.12.1 via ge-0/0/0.1314, Swap 299920

5. Router 14-ASBR will swap BGP-LU with a new LDP label.

root@MX:14-ASBR> show route 10.200.0.16 

inet.0: 10 destinations, 12 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.200.0.16/32     *[LDP/9] 00:30:22, metric 1
                    > to 10.200.1.5 via ge-0/0/0.1415, Push 299824
                    [IS-IS/18] 00:31:56, metric 20
                    > to 10.200.1.5 via ge-0/0/0.1415

root@MX:14-ASBR> show route label 299920    

mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299920             *[VPN/170] 00:27:37
                    > to 10.200.1.5 via ge-0/0/0.1415, Swap 299824

6. Router 15-P is PHP and will pop the LDP label.

root@MX:15-P> show route 192.168.0.22 

root@MX:15-P> show route label 299824 

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299824             *[LDP/9] 00:31:21, metric 1
                    > to 10.200.1.7 via ge-0/0/0.1516, Pop      
299824(S=0)        *[LDP/9] 00:31:21, metric 1
                    > to 10.200.1.7 via ge-0/0/0.1516, Pop

7. Router 16-PE will pop the L3VPN label and will forward simple traffic to the end customer.

root@MX:16-PE> show route label 299856 

mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299856             *[VPN/170] 00:20:01
                    > to 192.168.20.3 via ge-0/0/0.1622, Pop      

root@MX:16-PE> show route 192.168.0.22 

Cust-20.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 02:24:35, localpref 100
                      AS path: 20 I, validation-state: unverified
                    > to 192.168.20.3 via ge-0/0/0.1622

Sources:

Interprovider L3VPN Option B on a vMX

Implementation Description

In this article, I will build an Interprovider L3VPN Option B setup on a single vMX. Each individual router will be configured as a logical router. The vMX router has a back-to-back connection between ge-0/0/0 and ge-0/0/1 ports. For each different link, a different VLAN number will be configured to separate the traffic generated based on router ID number.

Network Diagram

IP Allocation

  • AS 20: 192.168.20.0/16
    • CE 21: 192.168.0.21/32
    • CE 22: 192.168.0.22/32
    • Link 1121: 192.168.20.0/31
    • Link 1622: 192.168.20.2/31
  • AS 30: 192.168.30.0/16
    • CE 31: 192.168.0.31/32
    • CE 32: 192.168.0.32/32
    • Link 1131: 192.168.30.0/31
    • Link 1632: 192.168.30.2/31
  • AS 100: 10.100.0.0/16
    • PE 11: 10.100.0.11/32
    • P 12: 10.100.0.12/32
    • ASBR 13: 10.100.0.13/32
    • Internal Links: 10.100.1.0/16
  • AS 200: 10.200.0.0/16
    • PE 16: 10.200.0.16/32
    • P 15: 10.200.0.15/32
    • ASBR 14: 10.200.0.14/32
    • Internal Links: 10.200.1.0/16
  • Inter-ASBR link:
    • Link 1314: 172.167.12.0/31

Full Configuration

## Last changed: 2018-03-07 07:03:07 UTC
version 15.1F4.15;
groups {
    isis {
        logical-systems {
            <*> {
                protocols {
                    isis {
                        level 1 disable;
                        interface <*> {
                            point-to-point;
                        }
                    }
                }
            }
        }
    }
}
apply-groups isis;
system {
    host-name MX;
    root-authentication {
        encrypted-password "$5$L3F31155$kVyagZl2v/WM9s32/hi7VCXxM5o0vupYD.LO3uvCif4"; ## SECRET-DATA
    }
    services {
        ssh;
        netconf {
            ssh;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
logical-systems {
    11-PE {
        interfaces {
            ge-0/0/0 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.100.1.0/31;
                    }
                    family iso;
                    family mpls;
                }
                unit 1121 {
                    vlan-id 1121;
                    family inet {
                        address 192.168.20.0/31;
                    }
                }
                unit 1131 {
                    vlan-id 1131;
                    family inet {
                        address 192.168.30.0/31;
                    }
                }
            }
            lo0 {
                unit 11 {
                    family inet {
                        address 10.100.0.11/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0011.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.100.0.11;
                    family inet-vpn {
                        any;
                    }
                    neighbor 10.100.0.13;
                }
            }
            isis {
                interface ge-0/0/0.1112;
                interface lo0.11;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/0.1121;
                route-distinguisher 10.100.0.11:20;
                vrf-target target:0.0.100.200:20;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 20;
                            as-override;
                            neighbor 192.168.20.1;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/0.1131;
                route-distinguisher 10.100.0.11:30;
                vrf-target target:0.0.100.200:30;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 30;
                            as-override;
                            neighbor 192.168.30.1;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    12-P {
        interfaces {
            ge-0/0/0 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.100.1.2/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.100.1.1/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 12 {
                    family inet {
                        address 10.100.0.12/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0012.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    13-ASBR {
        interfaces {
            ge-0/0/0 {
                unit 1314 {
                    vlan-id 1314;
                    family inet {
                        address 172.167.12.0/31;
                    }
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.100.1.3/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 13 {
                    family inet {
                        address 10.100.0.13/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0013.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.100.0.13;
                    family inet-vpn {
                        any;
                    }
                    neighbor 10.100.0.11;
                }
                group to-AS200 {
                    type external;
                    family inet-vpn {
                        any;
                    }
                    peer-as 200;
                    neighbor 172.167.12.1;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/1.1213;
                interface lo0.13;
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    14-ASBR {
        interfaces {
            ge-0/0/0 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.200.1.4/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1314 {
                    vlan-id 1314;
                    family inet {
                        address 172.167.12.1/31;
                    }
                    family mpls;
                }
            }
            lo0 {
                unit 14 {
                    family inet {
                        address 10.200.0.14/32;
                    }
                    family iso {
                        address 49.0200.0102.0000.0014.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.200.0.14;
                    family inet-vpn {
                        any;
                    }
                    neighbor 10.200.0.16;
                }
                group to-AS100 {
                    type external;
                    family inet-vpn {
                        any;
                    }
                    peer-as 100;
                    neighbor 172.167.12.0;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/0.1415;
                interface lo0.14;
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
    15-P {
        interfaces {
            ge-0/0/0 {
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.200.1.6/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.200.1.5/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 15 {
                    family inet {
                        address 10.200.0.15/32;
                    }
                    family iso {
                        address 49.0200.0102.0000.0015.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
    }
    16-PE {
        interfaces {
            ge-0/0/0 {
                unit 1622 {
                    vlan-id 1622;
                    family inet {
                        address 192.168.20.2/31;
                    }
                }
                unit 1632 {
                    vlan-id 1632;
                    family inet {
                        address 192.168.30.2/31;
                    }
                }
            }
            ge-0/0/1 {
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.200.1.7/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 16 {
                    family inet {
                        address 10.200.0.16/32;
                    }
                    family iso {
                        address 49.0200.0102.0000.0016.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.200.0.16;
                    family inet-vpn {
                        any;
                    }
                    neighbor 10.200.0.14;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/0.1622;
                route-distinguisher 10.100.0.16:20;
                vrf-target target:0.0.100.200:20;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 20;
                            as-override;
                            neighbor 192.168.20.3;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/0.1632;
                route-distinguisher 10.100.0.16:30;
                vrf-target target:0.0.100.200:30;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 30;
                            as-override;
                            neighbor 192.168.30.3;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
    21-CE {
        interfaces {
            ge-0/0/1 {
                unit 1121 {
                    vlan-id 1121;
                    family inet {
                        address 192.168.20.1/31;
                    }
                }
            }
            lo0 {
                unit 21 {
                    family inet {
                        address 192.168.0.21/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.20.0;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 20;
        }
    }
    22-CE {
        interfaces {
            ge-0/0/1 {
                unit 1622 {
                    vlan-id 1622;
                    family inet {
                        address 192.168.20.3/31;
                    }
                }
            }
            lo0 {
                unit 22 {
                    family inet {
                        address 192.168.0.22/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS200 {
                    type external;
                    export to-bgp;
                    peer-as 200;
                    neighbor 192.168.20.2;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 20;
        }
    }
    31-CE {
        interfaces {
            ge-0/0/1 {
                unit 1131 {
                    vlan-id 1131;
                    family inet {
                        address 192.168.30.1/31;
                    }
                }
            }
            lo0 {
                unit 31 {
                    family inet {
                        address 192.168.0.31/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.30.0;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 30;
        }
    }
    32-CE {
        interfaces {
            ge-0/0/1 {
                unit 1632 {
                    vlan-id 1632;
                    family inet {
                        address 192.168.30.3/31;
                    }
                }
            }
            lo0 {
                unit 32 {
                    family inet {
                        address 192.168.0.32/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS200 {
                    type external;
                    export to-bgp;
                    peer-as 200;
                    neighbor 192.168.30.2;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 30;
        }
    }
}
interfaces {
    ge-0/0/0 {
        description "to ge-0/0/1";
        vlan-tagging;
    }
    ge-0/0/1 {
        description "to ge-0/0/0";
        vlan-tagging;
    }
    ge-0/0/2 {
        description "to ge-0/0/3";
        vlan-tagging;
    }
    ge-0/0/3 {
        description "to ge-0/0/2";
        vlan-tagging;
    }
    ge-0/0/4 {
        description "to ge-0/0/5";
        vlan-tagging;
    }
    ge-0/0/5 {
        description "to ge-0/0/4";
        vlan-tagging;
    }
    ge-0/0/6 {
        description "to ge-0/0/7";
        vlan-tagging;
    }
    ge-0/0/7 {
        description "to ge-0/0/6";
        vlan-tagging;
    }
    ge-0/0/8 {
        description "to eth1";
    }
    ge-0/0/9 {
        description "to eth2";
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.83.11/24;
            }
        }
    }
}

Verification

root@MX:21-CE> show route    

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.21/32    *[Direct/0] 00:09:22
                    > via lo0.21
192.168.0.22/32    *[BGP/170] 00:00:14, localpref 100
                      AS path: 100 200 100 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121
192.168.20.0/31    *[Direct/0] 00:08:44
                    > via ge-0/0/1.1121
192.168.20.1/32    *[Local/0] 00:08:44
                      Local via ge-0/0/1.1121
192.168.20.2/31    *[BGP/170] 00:00:13, localpref 100
                      AS path: 100 200 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121

root@MX:21-CE> ping 192.168.0.22 count 3 source 192.168.0.21  
PING 192.168.0.22 (192.168.0.22): 56 data bytes
64 bytes from 192.168.0.22: icmp_seq=0 ttl=52 time=11.001 ms
64 bytes from 192.168.0.22: icmp_seq=1 ttl=52 time=11.744 ms
64 bytes from 192.168.0.22: icmp_seq=2 ttl=52 time=12.737 ms

--- 192.168.0.22 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 11.001/11.827/12.737/0.711 ms

Label Operation

1. Customer router will send simple traffic.

root@MX:21-CE> show route 192.168.0.22 

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:05:25, localpref 100
                      AS path: 100 200 100 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121

2. Router 11-PE will add two labels to the traffic, L3VPN label and LDP transport label.

root@MX:11-PE> show route 192.168.0.22 

Cust-20.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:06:06, localpref 100, from 10.100.0.13
                      AS path: 200 20 I, validation-state: unverified
                    > to 10.100.1.1 via ge-0/0/0.1112, Push 299840, Push 299792(top)

root@MX:11-PE> show route table mpls 

mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 00:16:38, metric 1
                      Receive
1                  *[MPLS/0] 00:16:38, metric 1
                      Receive
2                  *[MPLS/0] 00:16:38, metric 1
                      Receive
13                 *[MPLS/0] 00:16:38, metric 1
                      Receive
299776             *[LDP/9] 00:15:38, metric 1
                    > to 10.100.1.1 via ge-0/0/0.1112, Pop      
299776(S=0)        *[LDP/9] 00:15:38, metric 1
                    > to 10.100.1.1 via ge-0/0/0.1112, Pop      
299792             *[LDP/9] 00:15:13, metric 1
                    > to 10.100.1.1 via ge-0/0/0.1112, Swap 299792
299808             *[VPN/170] 00:14:21
                    > to 192.168.20.1 via ge-0/0/0.1121, Pop      
299824             *[VPN/170] 00:14:21
                    > to 192.168.30.1 via ge-0/0/0.1131, Pop      

3. Router 12-P is PHP and will pop the LDP label.

root@MX:12-P> show route 192.168.0.22  

root@MX:12-P> show route label 299792 

root@MX:12-P> show route label 299792 

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299792             *[LDP/9] 00:16:25, metric 1
                    > to 10.100.1.3 via ge-0/0/0.1213, Pop      
299792(S=0)        *[LDP/9] 00:16:25, metric 1
                    > to 10.100.1.3 via ge-0/0/0.1213, Pop      

4. Router 13-ASBR will swap the L3VPN label.

root@MX:13-ASBR> show route table bgp.l3vpn.0                                  

bgp.l3vpn.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

[...]
10.100.0.16:20:192.168.0.22/32                
                   *[BGP/170] 00:11:44, localpref 100
                      AS path: 200 20 I, validation-state: unverified
                    > to 172.167.12.1 via ge-0/0/0.1314, Push 299808
[...]


root@MX:13-ASBR> show route label 299840 

mpls.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299840             *[VPN/170] 00:21:11
                    > to 172.167.12.1 via ge-0/0/0.1314, Swap 299808

5. Router 14-ASBR will swap L3VPN label and will push LDP label.

root@MX:14-ASBR> show route table bgp.l3vpn.0 

bgp.l3vpn.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

[...]
10.100.0.16:20:192.168.0.22/32                
                   *[BGP/170] 00:20:30, localpref 100, from 10.200.0.16
                      AS path: 20 I, validation-state: unverified
                    > to 10.200.1.5 via ge-0/0/0.1415, Push 299808, Push 299776(top)
[...]

root@MX:14-ASBR> show route label 299808                     

mpls.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299808             *[VPN/170] 00:27:53, metric2 1, from 10.200.0.16
                    > to 10.200.1.5 via ge-0/0/0.1415, Swap 299808, Push 299776(top)

6. Router 15-P is PHP and will pop the LDP label.

root@MX:15-P> show route 192.168.0.22 

root@MX:15-P> show route label 299776    

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299776             *[LDP/9] 00:33:15, metric 1
                    > to 10.200.1.7 via ge-0/0/0.1516, Pop      
299776(S=0)        *[LDP/9] 00:33:15, metric 1
                    > to 10.200.1.7 via ge-0/0/0.1516, Pop 

7. Router 16-PE will pop L3VPN label and will forward simple traffic to the end customer.

root@MX:16-PE> show route label 299808 

mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299808             *[VPN/170] 00:33:13
                    > to 192.168.20.3 via ge-0/0/0.1622, Pop      

root@MX:16-PE> show route 192.168.0.22    

Cust-20.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:34:52, localpref 100
                      AS path: 20 I, validation-state: unverified
                    > to 192.168.20.3 via ge-0/0/0.1622

The Factors that Limit the Scalability of this Method

  • In this solution, ASBR routers keep all VPN-IPv4 routes in the routing information base (RIB), and the labels associated with the prefixes are kept in the forwarding information base (FIB). Because the RIB and FIB tables can take too much of the respective allocated memory, this solution is not very scalable for an interprovider VPN.
  • If a transit SP is used between SP1 and SP2, the transit SP also has to keep all VPN-IPv4 routes in the RIB and the corresponding labels in the FIB. The ASBRs at the transit SP have the same functionality as ASBRs at SP1 or SP2 in this solution.

Sources:

 

Interprovider L3VPN Option A on a vMX

Implementation Description

In this article, I will build an Interprovider L3VPN Option A setup on a single vMX. Each individual router will be configured as a logical router. The vMX router has a back-to-back connection between ge-0/0/0 and ge-0/0/1 ports. For each different link, a different VLAN number will be configured to separate the traffic generated based on router ID number.

Network Diagram

IP Allocation

  • AS 20: 192.168.20.0/16
    • CE 21: 192.168.0.21/32
    • CE 22: 192.168.0.22/32
    • Link 1121: 192.168.20.0/31
    • Link 1622: 192.168.20.2/31
  • AS 30: 192.168.30.0/16
    • CE 31: 192.168.0.31/32
    • CE 32: 192.168.0.32/32
    • Link 1131: 192.168.30.0/31
    • Link 1632: 192.168.30.2/31
  • AS 100: 10.100.0.0/16
    • PE 11: 10.100.0.11/32
    • P 12: 10.100.0.12/32
    • ASBR 13: 10.100.0.13/32
    • Internal Links: 10.100.1.0/16
  • AS 200: 10.200.0.0/16
    • PE 16: 10.200.0.16/32
    • P 15: 10.200.0.15/32
    • ASBR 14: 10.200.0.14/32
    • Internal Links: 10.200.1.0/16
  • Inter-ASBR links:
    • Link 20: 172.167.20.0/31
    • LInk 30: 172.167.30.0/31

Full Configuration

## Last changed: 2018-03-06 12:52:17 UTC
version 15.1F4.15;
groups {
    isis {
        logical-systems {
            <*> {
                protocols {
                    isis {
                        level 1 disable;
                        interface <*> {
                            point-to-point;
                        }
                    }
                }
            }
        }
    }
}
apply-groups isis;
system {
    host-name MX;
    root-authentication {
        encrypted-password "$5$L3F31155$kVyagZl2v/WM9s32/hi7VCXxM5o0vupYD.LO3uvCif4"; ## SECRET-DATA
    }
    services {
        ssh;
        netconf {
            ssh;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
logical-systems {
    11-PE {
        interfaces {
            ge-0/0/0 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.100.1.0/31;
                    }
                    family iso;
                    family mpls;
                }
                unit 1121 {
                    vlan-id 1121;
                    family inet {
                        address 192.168.20.0/31;
                    }
                }
                unit 1131 {
                    vlan-id 1131;
                    family inet {
                        address 192.168.30.0/31;
                    }
                }
            }
            lo0 {
                unit 11 {
                    family inet {
                        address 10.100.0.11/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0011.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.100.0.11;
                    family inet-vpn {
                        any;
                    }
                    neighbor 10.100.0.13;
                }
            }
            isis {
                interface ge-0/0/0.1112;
                interface lo0.11;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/0.1121;
                route-distinguisher 10.100.0.11:20;
                vrf-target target:100:20;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 20;
                            as-override;
                            neighbor 192.168.20.1;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/0.1131;
                route-distinguisher 10.100.0.11:30;
                vrf-target target:100:30;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 30;
                            as-override;
                            neighbor 192.168.30.1;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    12-P {
        interfaces {
            ge-0/0/0 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.100.1.2/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.100.1.1/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 12 {
                    family inet {
                        address 10.100.0.12/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0012.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    13-ASBR {
        interfaces {
            ge-0/0/0 {
                unit 20 {
                    vlan-id 20;
                    family inet {
                        address 172.167.20.0/31;
                    }
                }
                unit 30 {
                    vlan-id 30;
                    family inet {
                        address 172.167.30.0/31;
                    }
                }
            }
            ge-0/0/1 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.100.1.3/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 13 {
                    family inet {
                        address 10.100.0.13/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0013.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.100.0.13;
                    family inet-vpn {
                        any;
                    }
                    neighbor 10.100.0.11;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/0.20;
                route-distinguisher 10.100.0.13:20;
                vrf-target target:100:20;
                protocols {
                    bgp {
                        group to-AS200 {
                            type external;
                            peer-as 200;
                            neighbor 172.167.20.1;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/0.30;
                route-distinguisher 10.100.0.13:30;
                vrf-target target:100:30;
                protocols {
                    bgp {
                        group to-AS200 {
                            type external;
                            peer-as 200;
                            neighbor 172.167.30.1;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    14-ASBR {
        interfaces {
            ge-0/0/0 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.200.1.4/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 20 {
                    vlan-id 20;
                    family inet {
                        address 172.167.20.1/31;
                    }
                }
                unit 30 {
                    vlan-id 30;
                    family inet {
                        address 172.167.30.1/31;
                    }
                }
            }
            lo0 {
                unit 14 {
                    family inet {
                        address 10.200.0.14/32;
                    }
                    family iso {
                        address 49.0200.0102.0000.0014.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.200.0.14;
                    family inet-vpn {
                        any;
                    }
                    neighbor 10.200.0.16;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/1.20;
                route-distinguisher 10.200.0.13:20;
                vrf-target target:200:20;
                protocols {
                    bgp {
                        group to-AS100 {
                            type external;
                            peer-as 100;
                            neighbor 172.167.20.0;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/1.30;
                route-distinguisher 10.200.0.14:30;
                vrf-target target:200:30;
                protocols {
                    bgp {
                        group to-AS100 {
                            type external;
                            peer-as 100;
                            neighbor 172.167.30.0;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
    15-P {
        interfaces {
            ge-0/0/0 {
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.200.1.6/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.200.1.5/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 15 {
                    family inet {
                        address 10.200.0.15/32;
                    }
                    family iso {
                        address 49.0100.0102.0000.0015.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
    }
    16-PE {
        interfaces {
            ge-0/0/0 {
                unit 1622 {
                    vlan-id 1622;
                    family inet {
                        address 192.168.20.2/31;
                    }
                }
                unit 1632 {
                    vlan-id 1632;
                    family inet {
                        address 192.168.30.2/31;
                    }
                }
            }
            ge-0/0/1 {
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.200.1.7/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 16 {
                    family inet {
                        address 10.200.0.16/32;
                    }
                    family iso {
                        address 49.0200.0102.0000.0016.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.200.0.16;
                    family inet-vpn {
                        any;
                    }
                    neighbor 10.200.0.14;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/0.1622;
                route-distinguisher 10.100.0.16:20;
                vrf-target target:200:20;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 20;
                            as-override;
                            neighbor 192.168.20.3;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/0.1632;
                route-distinguisher 10.100.0.16:30;
                vrf-target target:200:30;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 30;
                            as-override;
                            neighbor 192.168.30.3;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
    21-CE {
        interfaces {
            ge-0/0/1 {
                unit 1121 {
                    vlan-id 1121;
                    family inet {
                        address 192.168.20.1/31;
                    }
                }
            }
            lo0 {
                unit 21 {
                    family inet {
                        address 192.168.0.21/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.20.0;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 20;
        }
    }
    22-CE {
        interfaces {
            ge-0/0/1 {
                unit 1622 {
                    vlan-id 1622;
                    family inet {
                        address 192.168.20.3/31;
                    }
                }
            }
            lo0 {
                unit 22 {
                    family inet {
                        address 192.168.0.22/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS200 {
                    type external;
                    export to-bgp;
                    peer-as 200;
                    neighbor 192.168.20.2;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 20;
        }
    }
    31-CE {
        interfaces {
            ge-0/0/1 {
                unit 1131 {
                    vlan-id 1131;
                    family inet {
                        address 192.168.30.1/31;
                    }
                }
            }
            lo0 {
                unit 31 {
                    family inet {
                        address 192.168.0.31/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.30.0;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 30;
        }
    }
    32-CE {
        interfaces {
            ge-0/0/1 {
                unit 1632 {
                    vlan-id 1632;
                    family inet {
                        address 192.168.30.3/31;
                    }
                }
            }
            lo0 {
                unit 32 {
                    family inet {
                        address 192.168.0.32/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS200 {
                    type external;
                    export to-bgp;
                    peer-as 200;
                    neighbor 192.168.30.2;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 30;
        }
    }
}
interfaces {
    ge-0/0/0 {
        description "to ge-0/0/1";
        vlan-tagging;
    }
    ge-0/0/1 {
        description "to ge-0/0/0";
        vlan-tagging;
    }
    ge-0/0/2 {
        description "to ge-0/0/3";
        vlan-tagging;
    }
    ge-0/0/3 {
        description "to ge-0/0/2";
        vlan-tagging;
    }
    ge-0/0/4 {
        description "to ge-0/0/5";
        vlan-tagging;
    }
    ge-0/0/5 {
        description "to ge-0/0/4";
        vlan-tagging;
    }
    ge-0/0/6 {
        description "to ge-0/0/7";
        vlan-tagging;
    }
    ge-0/0/7 {
        description "to ge-0/0/6";
        vlan-tagging;
    }
    ge-0/0/8 {
        description "to eth1";
    }
    ge-0/0/9 {
        description "to eth2";
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.83.11/24;
            }
        }
    }
}

Verification

[edit]
root@MX:21-CE# run show route 

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.167.20.0/31    *[BGP/170] 00:04:04, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121
192.168.0.21/32    *[Direct/0] 04:10:00
                    > via lo0.21
192.168.0.22/32    *[BGP/170] 00:04:04, localpref 100
                      AS path: 100 200 100 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121
192.168.20.0/31    *[Direct/0] 04:09:08
                    > via ge-0/0/1.1121
192.168.20.1/32    *[Local/0] 04:09:08
                      Local via ge-0/0/1.1121
192.168.20.2/31    *[BGP/170] 00:04:04, localpref 100
                      AS path: 100 200 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121

[edit]
root@MX:21-CE# run ping 192.168.0.22 count 3 source 192.168.0.21 
PING 192.168.0.22 (192.168.0.22): 56 data bytes
64 bytes from 192.168.0.22: icmp_seq=0 ttl=52 time=9.114 ms
64 bytes from 192.168.0.22: icmp_seq=1 ttl=52 time=10.155 ms
64 bytes from 192.168.0.22: icmp_seq=2 ttl=52 time=8.088 ms

--- 192.168.0.22 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 8.088/9.119/10.155/0.844 ms

Label Operation


1. Customer router will send simple traffic.

root@MX:21-CE> show route 192.168.0.22 

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:10:08, localpref 100
                      AS path: 100 200 100 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121

2. Router 11-PE will add two labels to the traffic, L3VPN label and LDP transport label.

root@MX:11-PE> show route 192.168.0.22 

Cust-20.inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:11:04, localpref 100, from 10.100.0.13
                      AS path: 200 20 I, validation-state: unverified
                    > to 10.100.1.1 via ge-0/0/0.1112, Push 299808, Push 299792(top)

3. Router 12-P is PHP and will pop the LDP label.

root@MX:12-P> show route 192.168.0.22 

root@MX:12-P> show route label 299792 

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299792             *[LDP/9] 02:34:46, metric 1
                    > to 10.100.1.3 via ge-0/0/0.1213, Pop      
299792(S=0)        *[LDP/9] 02:34:46, metric 1
                    > to 10.100.1.3 via ge-0/0/0.1213, Pop

4. Router 13-ASBR will pop L3VPN label and will forward simple traffic on the dedicated circuit.

root@MX:13-ASBR> show route 192.168.0.22 

Cust-20.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:14:39, localpref 100
                      AS path: 200 20 I, validation-state

5. Router 14-ASBR will add two labels to the traffic, L3VPN label and LDP transport label.

root@MX:14-ASBR> show route 192.168.0.22 

Cust-20.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:16:04, localpref 100, from 10.200.0.16
                      AS path: 20 I, validation-state: unverified
                    > to 10.200.1.5 via ge-0/0/0.1415, Push 299808, Push 299792(top)

6. Router 15-P is PHP and will pop the LDP label.

root@MX:15-P> show route 192.168.0.22 

root@MX:15-P> show route label 299792 

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299792             *[LDP/9] 00:23:26, metric 1
                    > to 10.200.1.7 via ge-0/0/0.1516, Pop      
299792(S=0)        *[LDP/9] 00:23:26, metric 1
                    > to 10.200.1.7 via ge-0/0/0.1516, Pop

7. Router 16-PE will pop L3VPN label and will forward simple traffic to the end customer.

root@MX:16-PE> show route 192.168.0.22 

Cust-20.inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:19:35, localpref 100
                      AS path: 20 I, validation-state: unverified
                    > to 192.168.20.3 via ge-0/0/0.1622

The Factors that Limit the Scalability of this Method

  • All inter-AS VPN routes (potentially a very large number) must be stored in the BGP RIBs and IP routing tables on the AS boundary routers.
  • You must configure VRFs on each AS boundary router.

Sources:

Carrier-of-Carriers with Internet Service Provider as the Customer on a vMX

Implementation description

In this article, I will build a Carrier-of-Carriers with Internet Service Provider as the customer setup on a single vMX. Each individual router will be configured as a logical router. The vMX router has a back-to-back connection between ge-0/0/0 and ge-0/0/1 ports. For each different link, a different VLAN number will be configured to separate the traffic generated based on router ID number.

Network Diagram

IP Allocation

  • AS 1: 192.168.0.0/16
    • CE 1: 192.168.0.1/32
    • CE 2: 192.168.0.2/32
    • Link 111: 192.168.1.0/31
    • Link 216: 192.168.1.2/31
  • AS 100: 10.10.0.0/16
    • PE 11: 10.10.0.11/32
    • P 12: 10.10.0.12/32
    • C-CE 13: 10.10.0.13/32
    • C-CE 14: 10.10.0.14/32
    • P 15: 10.10.0.15/32
    • PE 16: 10.10.0.16/32
    • Internal Links: 10.10.1.0/16
  • AS 200: 172.16.0.0/16
    • C-PE 21: 172.16.0.21/32
    • C-P 22: 172.16.0.22/32
    • C-PE 23: 172.16.0.23/32
    • Link 1321: 172.16.255.0/31
    • Link 1423: 172.16.255.2/31

Full Configuration

root@MX# show | no-more 
## Last changed: 2018-03-04 11:27:16 UTC
version 15.1F4.15;
groups {
    isis {
        logical-systems {
            <*> {
                protocols {
                    isis {
                        level 1 disable;
                        interface <*> {
                            point-to-point;
                        }
                    }
                }
            }
        }
    }
}
apply-groups isis;
system {
    host-name MX;
    root-authentication {
        encrypted-password "$5$L3F31155$kVyagZl2v/WM9s32/hi7VCXxM5o0vupYD.LO3uvCif4"; ## SECRET-DATA
    }
    services {
        ssh;
        netconf {
            ssh;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
logical-systems {
    1-CE {
        interfaces {
            ge-0/0/0 {
                unit 111 {
                    vlan-id 111;
                    family inet {
                        address 192.168.1.0/31;
                    }
                }
            }
            lo0 {
                unit 1 {
                    family inet {
                        address 192.168.0.1/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.1.1;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 1;
        }
    }
    11-PE {
        interfaces {
            ge-0/0/0 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.10.1.0/31;
                    }
                    family iso;
                }
            }
            ge-0/0/1 {
                unit 111 {
                    vlan-id 111;
                    family inet {
                        address 192.168.1.1/31;
                    }
                }
            }
            lo0 {
                unit 11 {
                    family inet {
                        address 10.10.0.11/32;
                    }
                    family iso {
                        address 49.0100.0100.1000.0011.00;
                    }
                }
            }
        }
        protocols {
            bgp {
                group internal {
                    type internal;
                    local-address 10.10.0.11;
                    export to-ibgp;
                    neighbor 10.10.0.12;
                    neighbor 10.10.0.13;
                    neighbor 10.10.0.14;
                    neighbor 10.10.0.15;
                    neighbor 10.10.0.16;
                }
                group to-customer {
                    type external;
                    peer-as 1;
                    as-override;
                    neighbor 192.168.1.0;
                }
            }
            isis {
                interface ge-0/0/0.1112;
                interface lo0.11;
            }
        }
        policy-options {
            policy-statement to-ibgp {
                term nhs {
                    from protocol bgp;
                    then {
                        next-hop self;
                    }
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    12-P {
        interfaces {
            ge-0/0/0 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.10.1.2/31;
                    }
                    family iso;
                }
            }
            ge-0/0/1 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.10.1.1/31;
                    }
                    family iso;
                }
            }
            lo0 {
                unit 12 {
                    family inet {
                        address 10.10.0.12/32;
                    }
                    family iso {
                        address 49.0100.0100.1000.0012.00;
                    }
                }
            }
        }
        protocols {
            bgp {
                group internal {
                    type internal;
                    local-address 10.10.0.12;
                    neighbor 10.10.0.11;
                    neighbor 10.10.0.13;
                    neighbor 10.10.0.14;
                    neighbor 10.10.0.15;
                    neighbor 10.10.0.16;
                }
            }
            isis {
                interface all;
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    13-C-CE {
        interfaces {
            ge-0/0/0 {
                unit 1321 {
                    vlan-id 1321;
                    family inet {
                        address 172.16.255.0/31;
                    }
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.10.1.3/31;
                    }
                    family iso;
                }
            }
            lo0 {
                unit 13 {
                    family inet {
                        address 10.10.0.13/32;
                    }
                    family iso {
                        address 49.0100.0100.1000.0013.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface ge-0/0/0.1321;
            }
            bgp {
                group to-isp {
                    type external;
                    export internal;
                    peer-as 200;
                    neighbor 172.16.255.1 {
                        family inet {
                            labeled-unicast;
                        }
                    }
                }
                group internal {
                    type internal;
                    local-address 10.10.0.13;
                    export to-ibgp;
                    neighbor 10.10.0.11;
                    neighbor 10.10.0.12;
                    neighbor 10.10.0.14;
                    neighbor 10.10.0.15;
                    neighbor 10.10.0.16;
                }
            }
            isis {
                interface all;
            }
        }
        policy-options {
            policy-statement internal {
                term internal {
                    from protocol [ isis direct ];
                    then accept;
                }
                term reject {
                    then reject;
                }
            }
            policy-statement to-ibgp {
                term nhs {
                    from protocol bgp;
                    then {
                        next-hop self;
                    }
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    14-C-CE {
        interfaces {
            ge-0/0/0 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.10.1.4/31;
                    }
                    family iso;
                }
                unit 1423 {
                    vlan-id 1423;
                    family inet {
                        address 172.16.255.2/31;
                    }
                    family mpls;
                }
            }
            lo0 {
                unit 14 {
                    family inet {
                        address 10.10.0.14/32;
                    }
                    family iso {
                        address 49.0100.0100.1000.0014.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface ge-0/0/0.1423;
            }
            bgp {
                group to-isp {
                    type external;
                    export internal;
                    peer-as 200;
                    neighbor 172.16.255.3 {
                        family inet {
                            labeled-unicast;
                        }
                    }
                }
                group internal {
                    type internal;
                    local-address 10.10.0.14;
                    export to-ibgp;
                    neighbor 10.10.0.11;
                    neighbor 10.10.0.12;
                    neighbor 10.10.0.13;
                    neighbor 10.10.0.15;
                    neighbor 10.10.0.16;
                }
            }
            isis {
                interface all;
            }
        }
        policy-options {
            policy-statement internal {
                term internal {
                    from protocol [ isis direct ];
                    then accept;
                }
                term reject {
                    then reject;
                }
            }
            policy-statement to-ibgp {
                term nhs {
                    from protocol bgp;
                    then {
                        next-hop self;
                    }
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    15-P {
        interfaces {
            ge-0/0/0 {
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.10.1.6/31;
                    }
                    family iso;
                }
            }
            ge-0/0/1 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.10.1.5/31;
                    }
                    family iso;
                }
            }
            lo0 {
                unit 15 {
                    family inet {
                        address 10.10.0.15/32;
                    }
                    family iso {
                        address 49.0100.0100.1000.0015.00;
                    }
                }
            }
        }
        protocols {
            bgp {
                group internal {
                    type internal;
                    local-address 10.10.0.15;
                    neighbor 10.10.0.11;
                    neighbor 10.10.0.12;
                    neighbor 10.10.0.13;
                    neighbor 10.10.0.14;
                    neighbor 10.10.0.16;
                }
            }
            isis {
                interface all;
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    16-PE {
        interfaces {
            ge-0/0/1 {
                unit 216 {
                    vlan-id 216;
                    family inet {
                        address 192.168.1.3/31;
                    }
                }
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.10.1.7/31;
                    }
                    family iso;
                }
            }
            lo0 {
                unit 16 {
                    family inet {
                        address 10.10.0.16/32;
                    }
                    family iso {
                        address 49.0100.0100.1000.0016.00;
                    }
                }
            }
        }
        protocols {
            bgp {
                group internal {
                    type internal;
                    local-address 10.10.0.16;
                    export to-ibgp;
                    neighbor 10.10.0.11;
                    neighbor 10.10.0.12;
                    neighbor 10.10.0.13;
                    neighbor 10.10.0.14;
                    neighbor 10.10.0.15;
                }
                group to-customer {
                    type external;
                    peer-as 1;
                    as-override;
                    neighbor 192.168.1.2;
                }
            }
            isis {
                interface ge-0/0/1.1516;
                interface lo0.16;
            }
        }
        policy-options {
            policy-statement to-ibgp {
                term nhs {
                    from protocol bgp;
                    then {
                        next-hop self;
                    }
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    2-CE {
        interfaces {
            ge-0/0/0 {
                unit 216 {
                    vlan-id 216;
                    family inet {
                        address 192.168.1.2/31;
                    }
                }
            }
            lo0 {
                unit 2 {
                    family inet {
                        address 192.168.0.2/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.1.3;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 1;
        }
    }
    21-C-PE {
        interfaces {
            ge-0/0/0 {
                unit 2122 {
                    vlan-id 2122;
                    family inet {
                        address 172.16.1.0/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1321 {
                    vlan-id 1321;
                    family inet {
                        address 172.16.255.1/31;
                    }
                    family mpls;
                }
            }
            lo0 {
                unit 21 {
                    family inet {
                        address 172.16.0.21/32;
                    }
                    family iso {
                        address 49.0200.1720.1600.0021.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group pe-pe {
                    type internal;
                    local-address 172.16.0.21;
                    neighbor 172.16.0.23 {
                        family inet-vpn {
                            any;
                        }
                    }
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/0.2122;
                interface lo0.21;
            }
        }
        routing-instances {
            vpn-isp {
                instance-type vrf;
                interface ge-0/0/1.1321;
                route-distinguisher 172.16.0.21:100;
                vrf-target target:200:100;
                protocols {
                    bgp {
                        group to-isp {
                            peer-as 100;
                            neighbor 172.16.255.0 {
                                family inet {
                                    labeled-unicast;
                                }
                                as-override;
                            }
                        }
                    }
                    mpls {
                        interface all;
                    }
                }
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
    22-C-P {
        interfaces {
            ge-0/0/0 {
                unit 2223 {
                    vlan-id 2223;
                    family inet {
                        address 172.16.1.2/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 2122 {
                    vlan-id 2122;
                    family inet {
                        address 172.16.1.1/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 22 {
                    family inet {
                        address 172.16.0.22/32;
                    }
                    family iso {
                        address 49.0200.1720.1600.0022.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/0.2223;
                interface ge-0/0/1.2122;
                interface lo0.22;
            }
        }
    }
    23-C-PE {
        interfaces {
            ge-0/0/1 {
                unit 1423 {
                    vlan-id 1423;
                    family inet {
                        address 172.16.255.3/31;
                    }
                    family mpls;
                }
                unit 2223 {
                    vlan-id 2223;
                    family inet {
                        address 172.16.1.3/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 23 {
                    family inet {
                        address 172.16.0.23/32;
                    }
                    family iso {
                        address 49.0200.1720.1600.0023.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group pe-pe {
                    type internal;
                    local-address 172.16.0.23;
                    neighbor 172.16.0.21 {
                        family inet-vpn {
                            any;
                        }
                    }
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/1.2223;
                interface lo0.23;
            }
        }
        routing-instances {
            vpn-isp {
                instance-type vrf;
                interface ge-0/0/1.1423;
                route-distinguisher 172.16.0.23:100;
                vrf-target target:200:100;
                protocols {
                    bgp {
                        group to-isp {
                            peer-as 100;
                            neighbor 172.16.255.2 {
                                family inet {
                                    labeled-unicast;
                                }
                                as-override;
                            }
                        }
                    }
                    mpls {
                        interface all;
                    }
                }
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
}
interfaces {
    ge-0/0/0 {
        description "to ge-0/0/1";
        vlan-tagging;
    }
    ge-0/0/1 {
        description "to ge-0/0/0";
        vlan-tagging;
    }
    ge-0/0/2 {
        description "to ge-0/0/3";
        vlan-tagging;
    }
    ge-0/0/3 {
        description "to ge-0/0/2";
        vlan-tagging;
    }
    ge-0/0/4 {
        description "to ge-0/0/5";
        vlan-tagging;
    }
    ge-0/0/5 {
        description "to ge-0/0/4";
        vlan-tagging;
    }
    ge-0/0/6 {
        description "to ge-0/0/7";
        vlan-tagging;
    }
    ge-0/0/7 {
        description "to ge-0/0/6";
        vlan-tagging;
    }
    ge-0/0/8 {
        description "to eth1";
    }
    ge-0/0/9 {
        description "to eth2";
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.83.11/24;
            }
        }
    }
}

Verification

root@MX:1-CE> show route                             

inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.10.0.14/32      *[BGP/170] 00:17:04, localpref 100
                      AS path: 100 200 200 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/0.111
10.10.0.15/32      *[BGP/170] 00:17:04, localpref 100
                      AS path: 100 200 200 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/0.111
10.10.0.16/32      *[BGP/170] 00:17:04, localpref 100
                      AS path: 100 200 200 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/0.111
10.10.1.4/31       *[BGP/170] 00:17:04, localpref 100
                      AS path: 100 200 200 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/0.111
10.10.1.6/31       *[BGP/170] 00:17:04, localpref 100
                      AS path: 100 200 200 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/0.111
192.168.0.1/32     *[Direct/0] 03:17:20
                    > via lo0.1
192.168.0.2/32     *[BGP/170] 00:08:30, localpref 100
                      AS path: 100 100 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/0.111
192.168.1.0/31     *[Direct/0] 03:16:25
                    > via ge-0/0/0.111
192.168.1.0/32     *[Local/0] 03:16:25
                      Local via ge-0/0/0.111

root@MX:1-CE> ping 192.168.0.2 source 192.168.0.1 count 3 
PING 192.168.0.2 (192.168.0.2): 56 data bytes
64 bytes from 192.168.0.2: icmp_seq=0 ttl=46 time=12.347 ms
64 bytes from 192.168.0.2: icmp_seq=1 ttl=46 time=10.568 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=46 time=7.953 ms

--- 192.168.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 7.953/10.289/12.347/1.805 ms

Label Operation

1. From router 1-CE to 13-C-CE will flow simple traffic.

root@MX:11-PE> show route 192.168.0.2 

inet.0: 15 destinations, 21 routes (15 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.2/32     *[BGP/170] 00:10:57, localpref 100, from 10.10.0.16
                      AS path: 1 I, validation-state: unverified
                    > to 10.10.1.1 via ge-0/0/0.1112

2. Router 13-C-CE will push BGP-LU label.

root@MX:13-C-CE> show route 192.168.0.2 

inet.0: 15 destinations, 20 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.2/32     *[BGP/170] 00:11:33, localpref 100, from 10.10.0.16
                      AS path: 1 I, validation-state: unverified
                    > to 172.16.255.1 via ge-0/0/0.1321, Push 299952

3. Router 21-C-PE will swap BGP-LU label and will push an LDP label.

root@MX:21-C-PE> show route 192.168.0.2 

root@MX:21-C-PE> show route label 299952 

vpn-isp.mpls.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299952             *[VPN/170] 00:35:44, metric2 1, from 172.16.0.23
                    > to 172.16.1.1 via ge-0/0/0.2122, Swap 299952, Push 299792(top)

root@MX:21-C-PE> show route label 299792    

mpls.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299792             *[LDP/9] 03:22:12, metric 1
                    > to 172.16.1.1 via ge-0/0/0.2122, Swap 299792

root@MX:21-C-PE> show route 172.16.0.23/32 protocol ldp 

inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)

inet.3: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.0.23/32     *[LDP/9] 03:24:05, metric 1
                    > to 172.16.1.1 via ge-0/0/0.2122, Push 299792

4. Router 22-C-P is PHP router and will pop the LDP label.

root@MX:22-C-P> show route label 299792 

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299792             *[LDP/9] 03:24:49, metric 1
                    > to 172.16.1.3 via ge-0/0/0.2223, Pop      
299792(S=0)        *[LDP/9] 03:24:49, metric 1
                    > to 172.16.1.3 via ge-0/0/0.2223, Pop   

5. Router 23-C-PE will swap BGP-LU label.

root@MX:23-C-PE> show route label 299952  

mpls.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299952             *[VPN/170] 00:42:46
                    > to 172.16.255.2 via ge-0/0/1.1423, Swap 299936

6. Router 14-C-CE will pop the BGP-LU label and will forward simple traffic.

root@MX:14-C-CE> show route label 299936 

mpls.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299936             *[VPN/170] 00:44:10
                    > to 10.10.1.5 via ge-0/0/0.1415, Pop      
299936(S=0)        *[VPN/170] 00:44:10
                    > to 10.10.1.5 via ge-0/0/0.1415, Pop      

root@MX:14-C-CE> show route 192.168.0.2 

inet.0: 15 destinations, 20 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.2/32     *[BGP/170] 00:21:54, localpref 100, from 10.10.0.16
                      AS path: 1 I, validation-state: unverified
                    > to 10.10.1.5 via ge-0/0/0.1415

Documentation

Use Python Script to Create New SecureCRT Sessions from Data File

Problem description

Every time I configure a network in my virtual environment I have to manually:

  • create a special folder for the project
  • create each session (copy-paste)
  • rename each session
  • setup the logon actions on session properties

Solution

On SecureCRT website, I have found a useful article named Importing SecureCRT® Sessions from a Data File. This script creates simple sessions. It also gives me the possibility to define a logon script for each session. Therefore, I will create a script that takes the session name and use it as variable to introduce my first cli commands:

root@MX% cli
root@MX> set cli logical-system SessionName
Logical system: SessionName

root@MX:SessionName> 

Next, I will take as an example the network created to Carrier-of-carriers setup created in a recent post.

My Carrier-of-carriers.csv file:

session_name,hostname,protocol,username,folder,emulation,logon_script
21-CE,192.168.83.11,SSH2,root,Local Labs/Interpovider L3VPN,XTerm,/Users/silvia/Dropbox/Scripting/For SecureCRT/LogicalSystemsLogonScript.py
31-CE,192.168.83.11,SSH2,root,Local Labs/Interpovider L3VPN,XTerm,/Users/silvia/Dropbox/Scripting/For SecureCRT/LogicalSystemsLogonScript.py
11-PE,192.168.83.11,SSH2,root,Local Labs/Interpovider L3VPN,XTerm,/Users/silvia/Dropbox/Scripting/For SecureCRT/LogicalSystemsLogonScript.py
12-P,192.168.83.11,SSH2,root,Local Labs/Interpovider L3VPN,XTerm,/Users/silvia/Dropbox/Scripting/For SecureCRT/LogicalSystemsLogonScript.py
13-ASBR,192.168.83.11,SSH2,root,Local Labs/Interpovider L3VPN,XTerm,/Users/silvia/Dropbox/Scripting/For SecureCRT/LogicalSystemsLogonScript.py
14-ASBR,192.168.83.11,SSH2,root,Local Labs/Interpovider L3VPN,XTerm,/Users/silvia/Dropbox/Scripting/For SecureCRT/LogicalSystemsLogonScript.py
15-P,192.168.83.11,SSH2,root,Local Labs/Interpovider L3VPN,XTerm,/Users/silvia/Dropbox/Scripting/For SecureCRT/LogicalSystemsLogonScript.py
16-PE,192.168.83.11,SSH2,root,Local Labs/Interpovider L3VPN,XTerm,/Users/silvia/Dropbox/Scripting/For SecureCRT/LogicalSystemsLogonScript.py
22-CE,192.168.83.11,SSH2,root,Local Labs/Interpovider L3VPN,XTerm,/Users/silvia/Dropbox/Scripting/For SecureCRT/LogicalSystemsLogonScript.py
32-CE,192.168.83.11,SSH2,root,Local Labs/Interpovider L3VPN,XTerm,/Users/silvia/Dropbox/Scripting/For SecureCRT/LogicalSystemsLogonScript.py
vMX-mng,192.168.83.11,SSH2,root,Local Labs/Interpovider L3VPN,XTerm,

The modified Python script ImportArbitraryDataFromFileToSecureCRTSessions-Silvia-v1.0.py:

# $language = "Python"
# $interface = "1.0"

# ImportArbitraryDataFromFileToSecureCRTSessions.py
#   (Designed for use with SecureCRT 7.2 and later)
#
#   Last Modified: 23 Feb, 2018
#      - Blurb about sessions that were created during the import was
#        missing from the results log
#     - If running on Windows, and unable to write to results log, make
#       sure clipboard data containing the results log info is formatted
#       with \r\n instead of just \n so that it's legible in Notepad, for
#       example, when pasted.
#
#   Last Modified: 21 Dec, 2017
#      - Allow multiple 'description' fields on the same line. All will be
#        compounded together with each one ending up on a separate line in
#        the Session's Description session option.
#      - Allow 'username' field to be defaulted in the header line
#      - Duplicate sessions are now imported with unique time-stamped
#        names (for each additional duplicate). Earlier versions of this
#        script would overwrite the first duplicate with any subsequent
#        duplicates that were found in the data file.
#      - Allow header fields to be case-insentive so that "Description"
#        and "HostName", etc. work just as well as "description" and "hostname"
#
#   Last Modified: 18 Dec, 2017
#      - Remove unused (commented out) code block left in from the
#        20 Apr, 2017 changes.
#      - Fix required header line message to no longer reference
#        'protocol' field as required.
#      - Add fallback locations where the script will attempt to
#        write summary log of script's activities/errors/warnings.
#        This attempts to facilitate running this script in environments
#        where SecureCRT may not have access to a "Documents" folder
#        (such as when SecureCRT is being launched through VDI publishing).
#         --> First try Documents,
#         --> Then try Desktop,
#         --> Then try SecureCRT's config folder.
#         --> If none of the above are accessible for writing, the
#             script will copy the summary report to the clipboard,
#             providing the user with a way to see the summary report
#             if pasted into a text editor.
#      - Added support for defaulting the "folder" header so that all
#        new entries could be imported into a folder w/o having to
#        specify the folder on each line. Example header line for
#        CSV file with only hostname data would be:
#            hostname,folder=default_import_folder_name
#
#   Last Modified: 17 Nov, 2017
#      - No longer attempt to use platform to determine OS ver info,
#        as it's no longer needed.
#
#   Last Modified: 20 Apr, 2017
#      - No longer require protocol in header. Use the Default session's
#        protocol if the protocol field is not present in the header line.
#      - Conform to python join() method requiring only one argument.
#      - Prompt for delimiter character if it isn't found in the header line.
#      - Allow delimiter character to be NONE, so that a single field (hostname)
#        and corresponding data can be used to import sessions (say for example
#        if you have a file that just contains hostnames, one per line).
#      - [Bug Fix]: can't use + to concatenate str and int, so use format()
#        instead.
#      - [Bug Fix]: "Procotol" typo fixed to "Protocol" in error case where
#        protocol header field not found/set.
#
#   Last Modified: 04 Jan, 2017
#      - Added support for specifying logon script file to be set for
#        imported sessions.
#
#   Last Modified: 02 Jul, 2015
#      - Display status bar info for each line we're processing so that if
#        there's an error, the individual running the script might have
#        better information about why the error might have occurred.
#      - Handle cases where a line in the data file might have more fields
#        in it than the number of header fields designated for import. This
#        fixes an error reported by forum user wixxyl here:
#           https://forums.vandyke.com/showthread.php?t=12021
#        If a line has too many fields, create a warning to be displayed
#        later on, and move on to the next line -- skipping the current line
#        because it's unknown whether the data is even valid for import.
#
#   Last Modified: 20 Jan, 2015
#      - Combined TAPI protocol handling (which is no longer
#        supported for mass import) with Serial protocol
#        import errors.
#      - Enhanced example .csv file data to show subfolder specification.
#
#   Last Modified: 21 Mar, 2012
#      - Initial version for public forums
#
# DESCRIPTION
# This sample script is designed to create sessions from a text file (.csv
# format by default, but this can be edited to fit the format you have).
#
# To launch this script, map a button on the button bar to run this script:
#    http://www.vandyke.com/support/tips/buttonbar.html
#
# The first line of your data file should contain a comma-separated (or whatever
# you define as the g_strDelimiter below) list of supported "fields" designated
# by the following keywords:
# -----------------------------------------------------------------------------
# session_name: The name that should be used for the session. If this field
#               does not exist, the hostname field is used as the session_name.
#       folder: Relative path for session as displayed in the Connect dialog.
#     hostname: The hostname or IP for the remote server.
#     protocol: The protocol (SSH2, SSH1, telnet, rlogin)
#         port: The port on which remote server is listening
#     username: The username for the account on the remote server
#    emulation: The emulation (vt100, xterm, etc.)
#  description: The comment/description. Multiple lines are separated with '\r'
# logon_script: The full path to the Logon Script filename for the session.
# =============================================================================
#
#
# As mentioned above, the first line of the data file instructs this script as
# to the format of the fields in your data file and their meaning.  It is not a
# requirement that all the options be used. For example, notice the first line
# of the following file only uses the "hostname", "username", and "protocol"
# fields.  Note also that the "protocol" field can be defaulted so that if a
# protocol field is empty it will use the default value.
# -----------------------------------------------------------------------------
#   hostname,username,folder,protocol=SSH2
#   192.168.0.1,root,_imported,SSH1
#   192.168.0.2,admin,_imported,SSH2
#   192.168.0.3,root,_imported/folderA,
#   192.168.0.4,root,,
#   192.168.0.5,admin,_imported/folderB,telnet
#   ... and so on
# =============================================================================

import datetime
import os
import platform
import re
import shutil
import sys
import time
import subprocess

MsgBox = crt.Dialog.MessageBox
# The g_strDefaultProtocol variable will only be defined within the
# ValidateFieldDesignations function if the protocol field has a default value
# (e.g., protocol=SSH2), as read in from the first line of the data file.
global g_strDefaultProtocol
g_strDefaultProtocol = ""

# The g_strDefaultFolder variable will only be defined within the
# ValidateFieldDesignations function if the folder field has a default value
# (e.g., folder=Site34), as read in from the first line of the data file.
global g_strDefaultFolder
g_strDefaultFolder = ""

# The g_strDefaultUsername variable will only be defined within the
# ValidateFieldDesignations function if the protocol field has a default value
# (e.g., username=bobofet), as read in from the first line of the data file.
global g_strDefaultUsername
g_strDefaultUsername = ""

# If your data file uses spaces or a character other than comma as the
# delimiter, you would also need to edit the g_strDelimiter value a few lines
# below to indicate that fields are separated by spaces, rather than by commas.
# For example:
#       g_strDelimiter = " "
# Using a ";" might be a good alternative for a file that includes the comma
# character as part of any legitimate session name or folder name, etc.
global g_strDelimiter
g_strDelimiter = ","      # comma
#g_strDelimiter = " "    # space
#g_strDelimiter = ";"    # semi-colon
#g_strDelimiter = chr(9) # tab
#g_strDelimiter = "|||"  # a more unique example of a delimiter.


# The g_strSupportedFields indicates which of all the possible fields, are
# supported in this example script.  If a field designation is found in a data
# file that is not listed in this variable, it will not be imported into the
# session configuration.
global g_strSupportedFields
g_strSupportedFields = \
    "description,emulation,folder,hostname,port,protocol,session_name,username,logon_script"

# If you wish to overwrite existing sessions, set the
# g_bOverwriteExistingSessions to True; for this example script, we're playing
# it safe and leaving any existing sessions in place :).
global g_bOverwriteExistingSessions
g_bOverwriteExistingSessions = False

strHome = os.path.expanduser("~")
global g_strMyDocs
g_strMyDocs = strHome + "/Documents"

g_strMyDesktop = strHome + "/Desktop"

global g_strHostsFile
g_strHostsFile = g_strMyDocs + "/MyDataFile.csv"

global g_strExampleHostsFile
g_strExampleHostsFile = \
    "\thostname,protocol,username,folder,emulation\n" + \
    "\t192.168.0.1,SSH2,root,Linux Machines,XTerm\n" + \
    "\t192.168.0.2,SSH2,root,Linux Machines,XTerm\n" + \
    "\t...\n" + \
    "\t10.0.100.1,SSH1,admin,CISCO Routers,VT100\n" + \
    "\t10.0.101.1,SSH1,admin,CISCO Routers,VT100\n" + \
    "\t...\n" + \
    "\tmyhost.domain.com,SSH2,administrator,Windows Servers,VShell\n" + \
    "\t...\n"

g_strExampleHostsFile = g_strExampleHostsFile.replace(",", g_strDelimiter)

global g_strConfigFolder, strFieldDesignations, g_strFieldsArray, vSessionInfo

global strSessionName, strHostName, strPort
global strUserName, strProtocol, strEmulation
global strPathForSessions, strLine, nFieldIndex
global strSessionFileName, strFolder, nDescriptionLineCount, strDescription

global g_strLastError, g_strErrors, g_strSessionsCreated
global g_nSessionsCreated, g_nDataLines
g_strLastError = ""
g_strErrors = ""
g_strSessionsCreated = ""
g_nSessionsCreated = 0
g_nDataLines = 0

# Use current date/time info to avoid overwriting existing sessions by
# importing sessions into a new folder named with a unique timestamp.
g_strDateTimeTag = datetime.datetime.now().strftime("%Y%m%d_%H%M%S.%f")[:19]

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
def GetConfigPath():
    objConfig = crt.OpenSessionConfiguration("Default")
    # Try and get at where the configuration folder is located. To achieve
    # this goal, we'll use one of SecureCRT's cross-platform path
    # directives that means "THE path this instance of SecureCRT
    # is using to load/save its configuration": ${VDS_CONFIG_PATH}.

    # First, let's use a session setting that we know will do the
    # translation between the cross-platform moniker ${VDS_CONFIG_PATH}
    # and the actual value... say, "Upload Directory V2"
    strOptionName = "Upload Directory V2"

    # Stash the original value, so we can restore it later...
    strOrigValue = objConfig.GetOption(strOptionName)

    # Now set the value to our moniker...
    objConfig.SetOption(strOptionName, "${VDS_CONFIG_PATH}")
    # Make the change, so that the above templated name will get written
    # to the config...
    objConfig.Save()

    # Now, load a fresh copy of the config, and pull the option... so
    # that SecureCRT will convert from the template path value to the
    # actual path value:
    objConfig = crt.OpenSessionConfiguration("Default")
    strConfigPath = objConfig.GetOption(strOptionName)

    # Now, let's restore the setting to its original value
    objConfig.SetOption(strOptionName, strOrigValue)
    objConfig.Save()

    # Now return the config path
    return strConfigPath

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
def ValidateFieldDesignations(strFields):
    global g_strDelimiter, g_strExampleHostsFile, g_strDefaultProtocol
    global g_strFieldsArray, g_strDefaultFolder, g_strDefaultUsername
    if strFields.find(g_strDelimiter) == -1:
        if len(g_strDelimiter) > 1:
            strDelimiterDisplay = g_strDelimiter
        else:
            if ord(g_strDelimiter) < 33 or ord(g_strDelimiter) > 126:
                strDelimiterDisplay = "ASCII[{0}]".format(ord(g_strDelimiter))
            else:
                strDelimiterDisplay = g_strDelimiter
        strDelim = crt.Dialog.Prompt(
            "Delimiter character [" + strDelimiterDisplay + "] was not found " +
            "in the header line of your data file.\r\n\r\n" +
            "What is the delimiter (field separator) that your file " +
            "is using?\r\n\r\n\t Enter \"NONE\" if your data file only has a single field.")

        if strDelim == "":
            crt.Dialog.MessageBox("Script cannot continue w/o a field delimiter.")
            return

        if strDelim != "NONE":
            g_strDelimiter = strDelim

    g_strFieldsArray = strFields.split(g_strDelimiter)
    if not "hostname" in [x.lower() for x in g_strFieldsArray]:
        strErrorMsg = "Invalid header line in data file. " + \
            "'hostname' field is required."
        if len(g_strDelimiter) > 1:
            strDelimiterDisplay = g_strDelimiter
        else:
            if ord(g_strDelimiter) < 33 or ord(g_strDelimiter) > 126:
                strDelimiterDisplay = "ASCII[{0}]".format(ord(g_strDelimiter))
            else:
                strDelimiterDisplay = g_strDelimiter

        MsgBox(strErrorMsg + "\n" +
            "The first line of the data file is a header line " +
            "that must include\n" +
            "a '" + strDelimiterDisplay +
            "' separated list of field keywords.\n" +
            "\n" +
            "'hostname' is a required keyword." +
            "\n\n" +
            "The remainder of the lines in the file should follow the " +
            "\n" +
            "pattern established by the header line " +
            "(first line in the file)." + "\n" + "For example:\n" +
            g_strExampleHostsFile,
            "Import Data To SecureCRT Sessions")
        return


    if not "protocol" in [x.lower() for x in g_strFieldsArray]:
        if strFields.lower().find("protocol=") == -1:
            # Load the default configuration and use that as the default
            # protocol.
            objConfig = crt.OpenSessionConfiguration("Default")
            g_strDefaultProtocol = objConfig.GetOption("Protocol Name")

    for strField in g_strFieldsArray:
        #MsgBox("{0}\nHas 'protocol': {1}\nHas '=': {2}".format(strField, strField.find("protocol"), strField.find("=")))
        if strField.lower().find("protocol") > -1 and \
           strField.lower().find("=") > -1:
                g_strDefaultProtocol = strField.split("=")[1].upper()
                #MsgBox(("Found a default protocol spec: {0}".format(g_strDefaultProtocol)))
                # Fix the protocol field since we know the default protocol
                # value
                strFields = strFields.replace(strField, "protocol")
        if strField.lower().find("folder") > -1 and \
            strField.lower().find("=") > -1:
                g_strDefaultFolder = strField.split("=")[1]
                strFields = strFields.replace(strField, "folder")

        if strField.lower().find("username") > -1 and \
            strField.lower().find("=") > -1:
                g_strDefaultUsername = strField.split("=")[1]
                strFields = strFields.replace(strField, "username")


    g_strFieldsArray = strFields.split(g_strDelimiter)
    return True

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
def SessionExists(strSessionPath):
    # Returns True if a session specified as value for strSessionPath already
    # exists within the SecureCRT configuration.
    # Returns False otherwise.
    try:
        objTosserConfig = crt.OpenSessionConfiguration(strSessionPath)
        return True
    except Exception as objInst:
        return False


#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
def OpenPathInDefaultApp(strFile):
    strPlatform = sys.platform
    crt.Session.SetStatusText("Platform: {0}".format(strPlatform))
    crt.Sleep(200)
    try:
        if sys.platform.startswith('darwin'):
            subprocess.call(('open', strFile))
        elif strPlatform == "win32":
            os.startfile(strFile)
        elif sys.platform.startswith('linux'):
            subprocess.call(('xdg-open', strFile))
        else:
            MsgBox("Unknown operating system:  " + os.name)
    except Exception, objErr:
        MsgBox(
            "Failed to open " + strFile + " with the default app.\n\n"  +
            str(objErr).replace('\\\\', '\\').replace('u\'', '\''))

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
def Import():
    global g_strHostsFile, strFieldDesignations, g_strErrors, g_strDelimiter
    global g_strDefaultProtocol, g_nDataLines, g_strSessionsCreated, g_nSessionsCreated
    global g_strDefaultFolder, g_strDefaultUsername
    g_strHostsFile = crt.Dialog.FileOpenDialog(
        "Please select the host data file to be imported.",
        "Open",
        g_strHostsFile,
        "CSV/Text Files (*.txt;*.csv)|*.txt;*.csv|All files (*.*)|*.*")

    if g_strHostsFile == "":
        return

    nStartTime = time.time()
    bFoundHeader = False
    nLine = 0
    vSessionInfo = []
    # Open our data file for reading
    with open(g_strHostsFile, "r") as objDataFile:
        # Iterate over each of the lines in the file, processing them one by one.
        for strLine in objDataFile:
            strLine = strLine.strip("\r\n")
            nLine += 1
            # if nLine == 1 or (nLine % 10) == 0:
            crt.Session.SetStatusText("Processing line #{0} from import file: {1}".format(nLine, str(strLine)))
            bSaveSession = False
            strSessionPath = ""
            strPort = ""
            strProtocol = ""
            strHostName = ""
            strUserName = ""
            strEmulation = ""
            strFolder = ""
            strDescription = ""
            strLogonScript = ""

            if not bFoundHeader:
                strFieldDesignations = strLine
                # Validate the data file
                if not ValidateFieldDesignations(strFieldDesignations):
                    return
                else:
                    # Get a timer reading so that we can calculate how long it takes to import.
                    nStartTime = time.time()
                    bFoundHeader = True
            else:
                vSessionInfo = strLine.split(g_strDelimiter)
                if len(vSessionInfo) < len(g_strFieldsArray): if strLine.strip() == "": strLine = "[Empty Line]" g_strErrors = ("\n" + "Insufficient data on line #{0:04d}: {1:s}{2:s}".format(nLine, strLine, g_strErrors)) else: # Variable used to determine if a session file should actually be # created, or if there was an unrecoverable error (and the session # should be skipped). bSaveSession = True # Now we will match the items from the new file array to the correct # variable for the session's ini file for nFieldIndex in xrange(0, len(vSessionInfo)): if nFieldIndex >= len(g_strFieldsArray):
                            g_strErrors = ("\n" +
                                "Error: Too many data fields({0:d}) found on line #{1:04d}: {2:s}".format(len(vSessionInfo), nLine, strLine) +
                                "<-- This line should only have these {0:d} fields: {1:s}{2:s}".format(len(g_strFieldsArray), g_strDelimiter.join(g_strFieldsArray), g_strErrors))
                            bSaveSession = False
                            break

                        #MsgBox("nFieldIndex: {0}\nlen(vSessionInfo):{1}\n{2}:{3}".format(nFieldIndex, len(vSessionInfo), g_strFieldsArray[nFieldIndex], vSessionInfo[nFieldIndex]))
                        strFieldLabel = g_strFieldsArray[nFieldIndex].strip().lower()
                        if strFieldLabel == "session_name":
                            strSessionName = vSessionInfo[nFieldIndex].strip()
                            # Check folder name for any invalid characters
                            mSession = re.search(r"[\\\|\/\:\*\?\\\"\<\>]", strSessionName)
                            if mSession:
                                bSaveSession = False
                                g_strErrors = ("\nError: Invalid characters found in SessionName \"{0}\" specified on line #{1:04d}: {2:s}{3:s}".format(
                                    strSessionName, nLine, strLine, g_strErrors))

                        elif strFieldLabel == "logon_script":
                            strLogonScript = vSessionInfo[nFieldIndex].strip()

                        elif strFieldLabel == "port":
                            strPort = vSessionInfo[nFieldIndex].strip()
                            if not strPort == "":
                                if not strPort.isdigit():
                                    bSaveSession = False
                                    g_strErrors = ("\nError: Invalid port \"{0}\" specified on line #{1:04d}: {2:s}{3:s}".format(
                                        strPort, nLine, strLine, g_strErrors))

                        elif strFieldLabel == "protocol":
                            strProtocol = vSessionInfo[nFieldIndex].lower().strip()


                            if strProtocol == "ssh2":
                                strProtocol = "SSH2"
                            elif strProtocol == "ssh1":
                                strProtocol = "SSH1"
                            elif strProtocol == "telnet":
                                strProtocol = "Telnet"
                            elif strProtocol == "serial" or strProtocol == "tapi":
                                bSaveSession = False
                                g_strErrors = ("\n" +
                                    "Error: Unsupported protocol \"" + vSessionInfo[nFieldIndex].strip() +
                                    "\" specified on line #" +
                                    "{0:04d}: {1:s}".format(nLine, strLine) +
                                    g_strErrors)
                            elif strProtocol == "rlogin":
                                strProtocol = "RLogin"
                            else:
                                if g_strDefaultProtocol <> "":
                                    strProtocol = g_strDefaultProtocol
                                else:
                                    bSaveSession = False
                                    g_strErrors = ("\n" +
                                        "Error: Invalid protocol \"" + strProtocol +
                                        "\" specified on line #" +
                                        "{0:04d}: {1:s}".format(nLine, strLine) +
                                        g_strErrors)

                        elif strFieldLabel == "hostname":
                            strHostName = vSessionInfo[nFieldIndex].strip()
                            if strHostName == "":
                                bSaveSession = False
                                g_strErrors = ("\n" +
                                    "Error: Hostname field on line #{0:04d} is empty: {1:s}".format(nLine, strLine) +
                                    g_strErrors)

                        elif strFieldLabel == "username":
                            strUserName = vSessionInfo[nFieldIndex].strip()

                        elif strFieldLabel == "emulation":
                            strEmulation = vSessionInfo[nFieldIndex].lower().strip()
                            if strEmulation == "xterm":
                                strEmulation = "Xterm"
                            elif strEmulation == "vt100":
                                strEmulation = "VT100"
                            elif strEmulation == "vt102":
                                strEmulation = "VT102"
                            elif strEmulation == "vt220":
                                strEmulation = "VT220"
                            elif strEmulation == "ansi":
                                strEmulation = "ANSI"
                            elif strEmulation == "linux":
                                strEmulation = "Linux"
                            elif strEmulation == "scoansi":
                                strEmulation = "SCOANSI"
                            elif strEmulation == "vshell":
                                strEmulation = "VShell"
                            elif strEmulation == "wyse50":
                                strEmulation = "WYSE50"
                            elif strEmulation == "wyse60":
                                strEmulation = "WYSE60"
                            else:
                                bSaveSession = False
                                g_strErrors = ("\n" +
                                    "Error: Invalid emulation \"{0}\" specified on line #{1:04d}: {2:s}{3:s}".format(
                                        strEmulation, nLine, strLine, g_strErrors))

                        elif strFieldLabel == "folder":
                            strFolderOrig = vSessionInfo[nFieldIndex].strip()
                            strFolder = strFolderOrig.lower()
                            if strFolder == "":
                                strFolder = g_strDefaultFolder

                            # Check folder name for any invalid characters
                            # Note that a folder can have subfolder designations,
                            # so '/' is a valid character for the folder (path).
                            mSession = re.search('[\\|\\:\\*\\?\\\\"\\<\\>]', strFolder)
                            if mSession:
                                bSaveSession = False
                                g_strErrors = ("\n" +
                                    "Error: Invalid characters in folder \"{0:s}\" specified on line #{1:04d}: {2:s}{3:s}".format(
                                        strFolder, nLine, strLine, g_strErrors))
                            else:
                                strFolder = strFolderOrig

                        elif strFieldLabel == "description":
                            strCurDescription = vSessionInfo[nFieldIndex].strip()
                            if strDescription == "":
                                strDescription = strCurDescription
                            else:
                                strDescription = "{0}\\r{1}".format(strDescription, strCurDescription)
                                strDescription = strDescription.replace("\\r", "\r")

                        else:
                            # If there is an entry that the script is not set to use
                            # in strFieldDesignations, stop the script and display a
                            # message
                            strMsg1 = "Error: Unknown field designation: {0:s}\n\tSupported fields are as follows:\n\n\t{1:s}\n\nFor a description of the supported fields, see the comments in the sample script file.".format(g_strFieldsArray[nFieldIndex], g_strSupportedFields)

                            if g_strErrors.strip() <> "":
                                strMsg1 = (strMsg1 + "\n\n" +
                                    "Other errors found so far include: " +
                                    g_strErrors)
                            MsgBox(strMsg1, "Import Data To SecureCRT Sessions: Data File Error")
                            return
                    if bSaveSession:
                        # Use hostname if a session_name field wasn't present
                        if strSessionName == "":
                            strSessionName = strHostName

                        # Canonicalize the path to the session, as needed
                        strSessionPath = strSessionName
                        if strFolder.strip() == "":
                            strFolder = g_strDefaultFolder

                        if strFolder != "":
                            strSessionPath = strFolder + "/" + strSessionName

                        if strUserName.strip() == "":
                            strUserName = g_strDefaultUsername

                        # Strip any leading '/' characters from the session path
                        strSessionPath = strSessionPath.strip('/')

                        if SessionExists(strSessionPath):
                            if not g_bOverwriteExistingSessions:
                                # Append a unique tag to the session name, if it already exists
                                strSessionPath = "{0:s}(import_({1:s})".format(strSessionPath, datetime.datetime.now().strftime("%Y%m%d_%H%M%S.%f")[:19])

                        #MsgBox(
                        #    "Line #{0}: {1}\nbSaveSession: {2}\nSessionPath: {3}\n\nPort: {4}\nProtocol: {5}\nHostname: {6}\nUsername: {7}\nEmulation: {8}\nFolder: {9}\nDescription: {10}\n\n{11}".format(
                        #        nLine, strLine, bSaveSession, strSessionPath, strPort, strProtocol, strHostName, strUserName, strEmulation, strFolder, strDescription, g_strErrors))

                        # Now: Create the session.
                        # ===================================================================
                        # Copy the default session settings into new session name and set the
                        # protocol.  Setting protocol protocol is essential since some variables
                        # within a config are only available with certain protocols.  For example,
                        # a telnet configuration will not be allowed to set any port forwarding
                        # settings since port forwarding settings are specific to SSH.
                        objConfig = crt.OpenSessionConfiguration("Default")
                        if strProtocol == "":
                            strProtocol = g_strDefaultProtocol

                        objConfig.SetOption("Protocol Name", strProtocol)

                        # We opened a default session & changed the protocol, now we save the
                        # config to the new session path:
                        objConfig.Save(strSessionPath)

                        # Now, let's open the new session configuration we've saved, and set
                        # up the various parameters that were specified in the file.
                        objConfig = crt.OpenSessionConfiguration(strSessionPath)
                        if objConfig.GetOption("Protocol Name") != strProtocol:
                            MsgBox("Error: Protocol not set. Expected \"{0}\", but got \"{1}\"".format(strProtocol, objConfig.GetOption("Protocol Name")))
                            return

                        if strDescription != "":
                            vDescription = strDescription.split("\r")
                            objConfig.SetOption("Description", vDescription)

                        if strLogonScript != "":
                            objConfig.SetOption("Script Filename V2", strLogonScript)
                            objConfig.SetOption("Use Script File", True)

                        objConfig.SetOption("Emulation", strEmulation)

                        if strProtocol.lower() <> "serial":
                            if strHostName != "":
                                objConfig.SetOption("Hostname", strHostName)

                            if strUserName != "":
                                objConfig.SetOption("Username", strUserName)

                        if strProtocol.upper() == "SSH2":
                            if strPort == "":
                                strPort = 22
                            objConfig.SetOption("[SSH2] Port", int(strPort))
                        elif strProtocol.upper() == "SSH1":
                            if strPort == "":
                                strPort = "22"
                            objConfig.SetOption("[SSH1] Port", int(strPort))
                        elif strProtocol.upper() == "TELNET":
                            if strPort == "":
                                strPort = "23"
                            objConfig.SetOption("Port", int(strPort))


                        # If you would like ANSI Color enabled for all imported sessions (regardless
                        # of value in Default session, remove comment from following line)
                        # ---------------------------------------------------------------------------
                        objConfig.SetOption("ANSI Color", True)

                        # Add other "SetOption" calls desired here...
                        # ---------------------------------------------------------------------------
                        objConfig.SetOption("Auto Reconnect", False)
                        objConfig.SetOption("Color Scheme", "Monochrome")
                        objConfig.SetOption("Color Scheme Overrides Ansi Color", True)
                        objConfig.SetOption("Copy to clipboard as RTF and plain text", True)
                        objConfig.SetOption("Line Send Delay", 15)
                        objConfig.SetOption("Log Filename V2", "${VDS_USER_DATA_PATH}\_ScrtLog(%S)_%Y%M%D_%h%m%s.%t.txt")
                        objConfig.SetOption("Rows", 60)
                        objConfig.SetOption("Cols", 140)
                        objConfig.SetOption("Use Word Delimiter Chars", True)
                        objConfig.SetOption("Word Delimiter Chars", " <>()+=$%!#*")

                        objConfig.Save()

                        if g_strSessionsCreated <> "":
                            g_strSessionsCreated = g_strSessionsCreated + "\n"

                        g_strSessionsCreated = g_strSessionsCreated + "    " + strSessionPath
                        g_nSessionsCreated += 1

            # Reset all variables in preparation for reading in the next line of
            # the hosts info file.
            strEmulation = ""
            strPort = ""
            strHostName = ""
            strFolder = ""
            strUserName = ""
            strSessionName = ""
            strDescription = ""
            nDescriptionLineCount = 0
            g_nDataLines += 1

    nTimeElapsed = time.time() - nStartTime
    strResults = "Import operation completed in %2.3f seconds." % (nTimeElapsed)

    if g_nSessionsCreated > 0:
        strResults = (strResults + "\n" +
            "-" * 70 + "\n" +
            "Number of Sessions created: %d\n" % (g_nSessionsCreated))
        strResults = strResults + "\n" + g_strSessionsCreated
    else:
        strResults = (strResults + "\n" +
            "-" * 70 + "\n" +
            "No sessions were created from %d lines of data." % (g_nDataLines))

    crt.Session.SetStatusText("Import operation completed in {0:2.3f} seconds".format(nTimeElapsed))

    # Log activity information to a file for debugging purposes...
    strFilename = "{0}/__SecureCRT-Session-ImportLog-{1}.txt".format(g_strMyDocs, g_strDateTimeTag)
    if g_strErrors == "":
        strResults = (
            "No errors/warnings encountered from the import operation.\n\n{0:s}".format(strResults))
    else:
        strResults = "Errors/warnings from this operation include:{0}\n{1}\n{2}\n\n".format(
            g_strErrors, "-" * 70, strResults)

    cFilenames = [
        "{0}/__SecureCRT-Session-ImportLog-{1}.txt".format(g_strMyDocs,     g_strDateTimeTag).replace("\\", "/"),
        "{0}/__SecureCRT-Session-ImportLog-{1}.txt".format(g_strMyDesktop,  g_strDateTimeTag).replace("\\", "/"),
        "{0}/__SecureCRT-Session-ImportLog-{1}.txt".format(GetConfigPath(), g_strDateTimeTag).replace("\\", "/")
        ]

    bSuccess = False

    for strFilename in cFilenames:
        try:
            objFile = open(strFilename, "w")
            bSuccess = True
        except:
            crt.Session.SetStatusText("Unable to open results file.")
            strResults = (strResults + "\n" +
                "Failed to write summary results to: {0}".format(strFilename))
        if not os.path.isfile(strFilename):
            bSuccess = False
        else:
            break

    if not bSuccess:
        if ":\\" in g_strMyDocs:
            strResults = strResults.replace("\n", "\r\n")
        crt.Clipboard.Text = strResults
        crt.Dialog.MessageBox(
            "Attempted to write summary results to the file locations below, " +
            "but access was denied.\r\n\t{0}".format("\r\n\t".join(cFilenames)) +
            "\r\n\r\nResults are in the clipboard. " +
            "Paste them into your favorite app now to see what occurred.")
        return


    objFile.write(strResults)
    objFile.close()


    # Display the log file as an indication that the information has been
    # imported.
    OpenPathInDefaultApp(strFilename)
    crt.Session.SetStatusText("")


Import()

My Python Logon Script LogicalSystemsLogonScript.py:

# $language = "python"
# $interface = "1.0"

import SecureCRT

def Main():

    # Get the session path... since on Windows, we might get a back-slash
    # char instead of a /, convert any '\' received into '/':
    strSessionPath = crt.Session.Path.replace("\\", "/")
    
    # Now, split on "/" and take the first one from the right ([-1]),
    # which will be our session name:
    strSessionName = strSessionPath.split("/")[-1]
    
    # turn on synchronous mode so we don't miss any data
    crt.Screen.Synchronous = True
    
    # Wait for a string that looks like first Junos prompt: 
    crt.Screen.WaitForString("root@MX% ")
    
    # Send your command followed by a carriage return
    crt.Screen.Send("cli\r")

    # Wait for a string that looks like Junos operational prompt:
    crt.Screen.WaitForString("root@MX> ")

    # send the command and a carriage return
    crt.Screen.Send("set cli logical-system " + strSessionName + "\r")
  
    # turn off synchronous mode to restore normal input processing
    crt.Screen.Synchronous = False

Main()

Sources of info:

Carrier-of-Carriers with VPN Service Provider as the Customer on a vMX

Implementation description

In this article, I will build a Carrier-of-Carriers with VPN Service Provider as the customer setup on a single vMX. Each individual router will be configured as a logical router. The vMX router has a back-to-back connection between ge-0/0/0 and ge-0/0/1 ports. For each different link, a different VLAN number will be configured to separate the traffic generated based on router ID number.

Network Diagram

IP Allocation

  • AS 1: 192.168.0.0/16
    • CE 1: 192.168.0.1/32
    • CE 2: 192.168.0.2/32
    • Link 111: 192.168.1.0/31
    • Link 216: 192.168.1.2/31
  • AS 100: 10.10.0.0/16
    • PE 11: 10.10.0.11/32
    • P 12: 10.10.0.12/32
    • C-CE 13: 10.10.0.13/32
    • C-CE 14: 10.10.0.14/32
    • P 15: 10.10.0.15/32
    • PE 16: 10.10.0.16/32
    • Internal Links: 10.10.1.0/16
  • AS 200: 172.16.0.0/16
    • C-PE 21: 172.16.0.21/32
    • C-P 22: 172.16.0.22/32
    • C-PE 23: 172.16.0.23/32
    • Link 1321: 172.16.255.0/31
    • Link 1423: 172.16.255.2/31

Full Configuration

root@MX# show | no-more 
## Last changed: 2017-12-27 03:07:53 UTC
version 15.1F4.15;
groups {
    isis {
        logical-systems {
            <*> {
                protocols {
                    isis {
                        level 1 disable;
                        interface <*> {
                            point-to-point;
                        }
                    }
                }
            }
        }
    }
}
apply-groups isis;
system {
    host-name MX;
    root-authentication {
        encrypted-password "$5$L3F31155$kVyagZl2v/WM9s32/hi7VCXxM5o0vupYD.LO3uvCif4"; ## SECRET-DATA
    }
    services {
        ssh;
        netconf {
            ssh;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
logical-systems {
    1-CE {
        interfaces {
            ge-0/0/0 {
                unit 111 {
                    vlan-id 111;
                    family inet {
                        address 192.168.1.0/31;
                    }
                }
            }
            lo0 {
                unit 1 {
                    family inet {
                        address 192.168.0.1/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.1.1;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 1;
        }
    }
    11-PE {
        interfaces {
            ge-0/0/0 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.10.1.0/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 111 {
                    vlan-id 111;
                    family inet {
                        address 192.168.1.1/31;
                    }
                }
            }
            lo0 {
                unit 11 {
                    family inet {
                        address 10.10.0.11/32;
                    }
                    family iso {
                        address 49.0100.0100.1000.0011.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.10.0.11;
                    neighbor 10.10.0.13 {
                        family inet {
                            labeled-unicast {
                                resolve-vpn;
                            }
                        }
                    }
                    neighbor 10.10.0.16 {
                        family inet-vpn {
                            any;
                        }
                    }
                }
            }
            isis {
                interface ge-0/0/0.1112;
                interface lo0.11;
            }
            ldp {
                interface ge-0/0/0.1112;
                interface lo0.11;
            }
        }
        routing-instances {
            VPN {
                instance-type vrf;
                interface ge-0/0/1.111;
                route-distinguisher 10.10.0.11:1;
                vrf-target target:100:1;
                vrf-table-label;
                protocols {
                    bgp {
                        group vpn {
                            peer-as 1;
                            as-override;
                            neighbor 192.168.1.0;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    12-P {
        interfaces {
            ge-0/0/0 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.10.1.2/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.10.1.1/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 12 {
                    family inet {
                        address 10.10.0.12/32;
                    }
                    family iso {
                        address 49.0100.0100.1000.0012.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                traffic-engineering {
                    bgp-igp;
                }
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/0.1213;
                interface ge-0/0/1.1112;
                interface lo0.12;
            }
        }
    }
    13-C-CE {
        interfaces {
            ge-0/0/0 {
                unit 1321 {
                    vlan-id 1321;
                    family inet {
                        address 172.16.255.0/31;
                    }
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.10.1.3/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 13 {
                    family inet {
                        address 10.10.0.13/32;
                    }
                    family iso {
                        address 49.0100.0100.1000.0013.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                traffic-engineering {
                    bgp-igp;
                }
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.10.0.13;
                    neighbor 10.10.0.11 {
                        family inet {
                            labeled-unicast;
                        }
                    }
                }
                group to-isp {
                    type external;
                    export internal;
                    peer-as 200;
                    neighbor 172.16.255.1 {
                        family inet {
                            labeled-unicast;
                        }
                    }
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/1.1213;
                interface lo0.13;
            }
        }
        policy-options {
            policy-statement internal {
                term internal {
                    from protocol [ isis direct ldp ];
                    then accept;
                }
                term reject {
                    then reject;
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    14-C-CE {
        interfaces {
            ge-0/0/0 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.10.1.4/31;
                    }
                    family iso;
                    family mpls;
                }
                unit 1423 {
                    vlan-id 1423;
                    family inet {
                        address 172.16.255.2/31;
                    }
                    family mpls;
                }
            }
            lo0 {
                unit 14 {
                    family inet {
                        address 10.10.0.14/32;
                    }
                    family iso {
                        address 49.0100.0100.1000.0014.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                traffic-engineering {
                    bgp-igp;
                }
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.10.0.14;
                    neighbor 10.10.0.16 {
                        family inet {
                            labeled-unicast;
                        }
                    }
                }
                group to-isp {
                    type external;
                    export internal;
                    peer-as 200;
                    neighbor 172.16.255.3 {
                        family inet {
                            labeled-unicast;
                        }
                    }
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/0.1415;
                interface lo0.14;
            }
        }
        policy-options {
            policy-statement internal {
                term internal {
                    from protocol [ isis direct ldp ];
                    then accept;
                }
                term reject {
                    then reject;
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    15-P {
        interfaces {
            ge-0/0/0 {
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.10.1.6/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.10.1.5/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 15 {
                    family inet {
                        address 10.10.0.15/32;
                    }
                    family iso {
                        address 49.0100.0100.1000.0015.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                traffic-engineering {
                    bgp-igp;
                }
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/0.1516;
                interface ge-0/0/1.1415;
                interface lo0.15;
            }
        }
    }
    16-PE {
        interfaces {
            ge-0/0/1 {
                unit 216 {
                    vlan-id 216;
                    family inet {
                        address 192.168.1.3/31;
                    }
                }
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.10.1.7/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 16 {
                    family inet {
                        address 10.10.0.16/32;
                    }
                    family iso {
                        address 49.0100.0100.1000.0016.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.10.0.16;
                    neighbor 10.10.0.11 {
                        family inet-vpn {
                            any;
                        }
                    }
                    neighbor 10.10.0.14 {
                        family inet {
                            labeled-unicast {
                                resolve-vpn;
                            }
                        }
                    }
                }
            }
            isis {
                interface ge-0/0/1.1516;
                interface lo0.16;
            }
            ldp {
                interface ge-0/0/1.1516;
                interface lo0.16;
            }
        }
        routing-instances {
            VPN {
                instance-type vrf;
                interface ge-0/0/1.216;
                route-distinguisher 10.10.0.16:1;
                vrf-target target:100:1;
                vrf-table-label;
                protocols {
                    bgp {
                        group vpn {
                            peer-as 1;
                            as-override;
                            neighbor 192.168.1.2;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    2-CE {
        interfaces {
            ge-0/0/0 {
                unit 216 {
                    vlan-id 216;
                    family inet {
                        address 192.168.1.2/31;
                    }
                }
            }
            lo0 {
                unit 2 {
                    family inet {
                        address 192.168.0.2/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.1.3;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 1;
        }
    }
    21-C-PE {
        interfaces {
            ge-0/0/0 {
                unit 2122 {
                    vlan-id 2122;
                    family inet {
                        address 172.16.1.0/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1321 {
                    vlan-id 1321;
                    family inet {
                        address 172.16.255.1/31;
                    }
                    family mpls;
                }
            }
            lo0 {
                unit 21 {
                    family inet {
                        address 172.16.0.21/32;
                    }
                    family iso {
                        address 49.0200.1720.1600.0021.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group pe-pe {
                    type internal;
                    local-address 172.16.0.21;
                    neighbor 172.16.0.23 {
                        family inet-vpn {
                            any;
                        }
                    }
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/0.2122;
                interface lo0.21;
            }
        }
        routing-instances {
            vpn-isp {
                instance-type vrf;
                interface ge-0/0/1.1321;
                route-distinguisher 172.16.0.21:100;
                vrf-target target:200:100;
                protocols {
                    bgp {
                        group to-isp {
                            peer-as 100;
                            neighbor 172.16.255.0 {
                                family inet {
                                    labeled-unicast;
                                }
                                as-override;
                            }
                        }
                    }
                    mpls {
                        interface all;
                    }
                }
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
    22-C-P {
        interfaces {
            ge-0/0/0 {
                unit 2223 {
                    vlan-id 2223;
                    family inet {
                        address 172.16.1.2/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 2122 {
                    vlan-id 2122;
                    family inet {
                        address 172.16.1.1/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 22 {
                    family inet {
                        address 172.16.0.22/32;
                    }
                    family iso {
                        address 49.0200.1720.1600.0022.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/0.2223;
                interface ge-0/0/1.2122;
                interface lo0.22;
            }
        }
    }
    23-C-PE {
        interfaces {
            ge-0/0/1 {
                unit 1423 {
                    vlan-id 1423;
                    family inet {
                        address 172.16.255.3/31;
                    }
                    family mpls;
                }
                unit 2223 {
                    vlan-id 2223;
                    family inet {
                        address 172.16.1.3/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 23 {
                    family inet {
                        address 172.16.0.23/32;
                    }
                    family iso {
                        address 49.0200.1720.1600.0023.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group pe-pe {
                    type internal;
                    local-address 172.16.0.23;
                    neighbor 172.16.0.21 {
                        family inet-vpn {
                            any;
                        }
                    }
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/1.2223;
                interface lo0.23;
            }
        }
        routing-instances {
            vpn-isp {
                instance-type vrf;
                interface ge-0/0/1.1423;
                route-distinguisher 172.16.0.23:100;
                vrf-target target:200:100;
                protocols {
                    bgp {
                        group to-isp {
                            peer-as 100;
                            neighbor 172.16.255.2 {
                                family inet {
                                    labeled-unicast;
                                }
                                as-override;
                            }
                        }
                    }
                    mpls {
                        interface all;
                    }
                }
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
}
interfaces {
    ge-0/0/0 {
        description "to ge-0/0/1";
        vlan-tagging;
    }
    ge-0/0/1 {
        description "to ge-0/0/0";
        vlan-tagging;
    }
    ge-0/0/2 {
        description "to ge-0/0/3";
        vlan-tagging;
    }
    ge-0/0/3 {
        description "to ge-0/0/2";
        vlan-tagging;
    }
    ge-0/0/4 {
        description "to ge-0/0/5";
        vlan-tagging;
    }
    ge-0/0/5 {
        description "to ge-0/0/4";
        vlan-tagging;
    }
    ge-0/0/6 {
        description "to ge-0/0/7";
        vlan-tagging;
    }
    ge-0/0/7 {
        description "to ge-0/0/6";
        vlan-tagging;
    }
    ge-0/0/8 {
        description "to eth1";
    }
    ge-0/0/9 {
        description "to eth2";
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.83.11/24;
            }
        }
    }
}

Verification

root@MX:1-CE> show route 

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.1/32     *[Direct/0] 07:13:24
                    > via lo0.1
192.168.0.2/32     *[BGP/170] 00:05:32, localpref 100
                      AS path: 100 100 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/0.111
192.168.1.0/31     *[Direct/0] 01:40:58
                    > via ge-0/0/0.111
192.168.1.0/32     *[Local/0] 01:40:59
                      Local via ge-0/0/0.111
192.168.1.2/31     *[BGP/170] 00:05:32, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/0.111

root@MX:1-CE> ping 192.168.0.2 source 192.168.0.1 count 3 
PING 192.168.0.2 (192.168.0.2): 56 data bytes
64 bytes from 192.168.0.2: icmp_seq=0 ttl=46 time=21.322 ms
64 bytes from 192.168.0.2: icmp_seq=1 ttl=46 time=13.263 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=46 time=14.254 ms

--- 192.168.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 13.263/16.280/21.322/3.588 ms

Label Operation

1. Router 1-CE will send simple traffic:

root@MX:1-CE> show route 192.168.0.2  

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.2/32     *[BGP/170] 00:29:05, localpref 100
                      AS path: 100 100 I, validation-state: unverified
                    > to 192.168.1.1 via ge-0/0/0.111

2. Router 11-PE will push L3VPN label, BGP-LU label and LDP trasport label:

root@MX:11-PE> show route 192.168.0.2 

VPN.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.2/32     *[BGP/170] 00:30:40, localpref 100, from 10.10.0.16
                      AS path: 1 I, validation-state: unverified
                    > to 10.10.1.1 via ge-0/0/0.1112, Push 16, Push 300112, Push 299856(top)

3. Router 12-P is PHP and will pop LDP label:

root@MX:12-P> show route table mpls.0 label 299856 

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299856             *[LDP/9] 01:22:43, metric 1
                    > to 10.10.1.3 via ge-0/0/0.1213, Pop      
299856(S=0)        *[LDP/9] 01:22:43, metric 1
                    > to 10.10.1.3 via ge-0/0/0.1213, Pop      

3. Router 13-C-CE is transit router for BGP-LU tunnel and will swap BGP label:

root@MX:13-C-CE> show route label 300112 

mpls.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

300112             *[VPN/170] 00:36:20
                    > to 172.16.255.1 via ge-0/0/0.1321, Swap 300096

4. Router 21-C-PE will swap BGP label and push LDP label:

root@MX:21-C-PE> show route label 300096  

vpn-isp.mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

300096             *[VPN/170] 00:38:24, metric2 1, from 172.16.0.23
                    > to 172.16.1.1 via ge-0/0/0.2122, Swap 300080, Push 299840(top)

root@MX:21-C-PE> show route 192.168.0.2 

root@MX:21-C-PE> show route 10.10.0.16 

vpn-isp.inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.10.0.16/32      *[BGP/170] 00:39:31, MED 1, localpref 100, from 172.16.0.23
                      AS path: 100 I, validation-state: unverified
                    > to 172.16.1.1 via ge-0/0/0.2122, Push 300080, Push 299840(top)

root@MX:21-C-PE> show route 172.16.0.23 

inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.0.23/32     *[IS-IS/18] 02:17:08, metric 20
                    > to 172.16.1.1 via ge-0/0/0.2122

inet.3: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.0.23/32     *[LDP/9] 02:17:08, metric 1
                    > to 172.16.1.1 via ge-0/0/0.2122, Push 299840

4. Router 22-C-P is PHP and will pop LDP label:

root@MX:22-C-P> show route label 299840 

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299840             *[LDP/9] 02:19:45, metric 1
                    > to 172.16.1.3 via ge-0/0/0.2223, Pop      
299840(S=0)        *[LDP/9] 02:19:45, metric 1
                    > to 172.16.1.3 via ge-0/0/0.2223, Pop      

5. Router 23-C-PE will swap BGP label:

root@MX:23-C-PE> show route 10.10.0.16 

vpn-isp.inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.10.0.16/32      *[BGP/170] 00:45:36, MED 1, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 172.16.255.2 via ge-0/0/1.1423, Push 300064

root@MX:23-C-PE> show route table mpls.0 label 300080 

mpls.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

300080             *[VPN/170] 00:56:09
                    > to 172.16.255.2 via ge-0/0/1.1423, Swap 300064

6. Router 14-C-CE will swap LDP label:

root@MX:14-C-CE> show route label 300064 

mpls.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

300064             *[VPN/170] 00:57:14
                    > to 10.10.1.5 via ge-0/0/0.1415, Swap 299872

root@MX:14-C-CE> show route 10.10.0.16 

inet.0: 14 destinations, 16 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.10.0.16/32      *[LDP/9] 01:47:03, metric 1
                    > to 10.10.1.5 via ge-0/0/0.1415, Push 299872
                    [IS-IS/18] 01:47:03, metric 20
                    > to 10.10.1.5 via ge-0/0/0.1415

Note: Here BGP-LU is, in fact, internal LDP tunel. Only one transport label is needed.

7. Router 15-P is PHP router and will pop the LDP label:

root@MX:15-P> show route label 299872 

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299872             *[LDP/9] 01:56:46, metric 1
                    > to 10.10.1.7 via ge-0/0/0.1516, Pop      
299872(S=0)        *[LDP/9] 01:56:46, metric 1
                    > to 10.10.1.7 via ge-0/0/0.1516, Pop      

8. Router 16-PE will receive the traffic with only L3VPN label. It will pop the label and forward the traffic to de destination:

root@MX:16-PE> show route 192.168.0.2 

VPN.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.2/32     *[BGP/170] 02:45:28, localpref 100
                      AS path: 1 I, validation-state: unverified
                    > to 192.168.1.2 via ge-0/0/1.216

Documentation

How to create ASCII Diagrams – ASCIIO

Problem description:
I need a solution to create ASCII diagrams on a MacBook Pro for email communication, for document creation, and for my blog.

Options that did not pass my selection:

Web-based editors I have tried demo level:

MacOS applications:

  • Monodraw – not possible to type a text out of a box. not flexible, not predefined stencils
  • Karograph – far away of all I have seen till now

Solution: ASCIIO APP

  • Install Ubuntu Desktop 14.4.1 on VMware Fusion
  • Install VMware Tools
  • Share Host Folder for the ASCII diagrams – it will be mounted on /mnt/hgfs/
  • Install Asciio app on Ubuntu Desktop VMWare using Ubuntu Software Center
  • Create diagram > CTRL-E to copy ascii > create .txt file, paste and safe the diagram OR
  • Create diagram > right click > Safe as.. > file_name.txt
  • To show the ASCII diagram into HTML, copy-paste into <pre></pre> tag
                                        ____   __ 
                 .------------.        |    | |==|
                ( Ana are chef )------>|____| |  |
                 '------------'        /::::/ |__|

For more info on how to use the application, visit this webpage:
http://search.cpan.org/dist/App-Asciio/lib/App/Asciio.pm

Have fun!

UPDATE PROBLEM: It seems that my diagrams just brakes in the middle. I don’t understand why! 🙁

Example:

  
.----------------.   .--------------------------------------------.
| AS 1           |   | AS 100                                     |
|   .----.       |   |   .-----.        .----.        .-------.   |
|  /      \      |   |  /       \      /      \      /         \  |
| (  CE 1  )---------->(  PE 11  )--->(  P 12  )--->(  C-CE 13  ) |
|  \      /      |111|  \       / 1112 \      / 1213 \         /  |
|   '----'       |   |   '-----'        '----'        '-------'   |
'----------------'   '------------------------------------|-------'
                                                          |
                                                          |
                                                          | 1321
                                                          |
  .------------------------------------------------------.|
  | AS 200                                               ||
  |   .-------.           .------.           .-------.   ||
  |  /         \         /        \         /         \  ||
  | (  C-PE 23  )<------(  C-P 22  )<------(  C-PE 21  )<-' | \ / 2223 \ / 2122 \ / | | '-------' '------' '-------' | '-----.------------------------------------------------' | | | 1423 | .-------|------------------------------------. .----------------. | v AS 100 | | AS 1 | | .-------. .----. .-----. | | .----. | | / \ / \ / \ | | / \ | | ( C-CE 14 )--->(  P 15  )--->(  PE 16  )--------->(  CE 2  )  |
|  \         / 1415 \      / 1516 \       /  |162|     \      /   |
|   '-------'        '----'        '-----'   |   |      '----'    |
'--------------------------------------------'   '----------------'



| IP Allocation:                                                  |
| --------------                                                  |
|                                                                 |
|  AS 1: 192.168.0.0/16               AS 100: 10.10.0.0/16        |
|  --------------------               ----------------------      |
|  CE 1: 192.168.0.1/32               PE 11: 10.10.0.11/32        |
|  CE 2: 192.168.0.2/32               P 12: 10.10.0.12/32         |
|                                     C-CE 13: 10.10.0.13/32      |
|  AS 200: 172.16.0.0/16              C-CE 14: 10.10.0.14/32      |
|  -----------------------            P 15: 10.10.0.15/32         |
|  C-PE 21: 172.16.0.21/32            PE 16: 10.10.0.16/32        |
|  C-P 22: 172.16.0.22/32                                         |
|  C-PE 23: 172.16.0.23/32                                        |
'-----------------------------------------------------------------'

The VMware Tools installation after Easy Install Ubuntu 14.4.1

Components:

  • MacBook Pro with Sierra 10.12.6 as Host
  • VMWare Fusion PRO 10.1.1
  • Ubuntu Desktop 64-bits 14.4.1 LST as Guest

Problem description:
I have installed Ubuntu using Easy Install. After powering on the VM I can’t install VMware Tools. The option is grey/unavailable.

Observation:
The CD-ROM can not be connected because of one error.

Solution:
Open VMware Fusion application > right click on the corresponding VM > Show in Finder > right click on the corresponding .vmwarevm file > Show Package Contents:

  • If you have autoinst.flp in the VM directory – rename
  • If you have autoinst.iso in the VM directory – rename

Where these files are present and/or configured in the vmx – the virtual machine will be launched in automatic installation mode that prevents the connection files iso vmware-tools

VMware Tools Installation

From VMware Fusion application Menu > Virtual Machine > Reinstall VMware Tools > Install
Follow install window indications for further installation inside Ubuntu OS.

Enjoy!

Install FreeRadius on Ubuntu VM

Before starting

Install Free Radius

  • Update Ubuntu VM
silvia@ubuntu :~$ sudo apt-get update
  • Install freeradius. I will install also freeradius-mysql to play with mysql later.
silvia@ubuntu :~$ sudo apt-get install freeradius freeradius-mysql
  • Get into root mode
silvia@ubuntu:~$ sudo -i
root@ubuntu:~#
  • I like vim
root@ubuntu:~# vim /etc/freeradius/users 
The program 'vim' can be found in the following packages:
* vim
* vim-gnome
* vim-tiny
* vim-athena
* vim-gtk
* vim-nox
Try: apt-get install <selected package>
root@ubuntu:~# apt-get install vim

[...]

root@ubuntu:~#

Test PAP subscriber

The first step to getting any authentication working in FreeRADIUS is to configure PAP, or clear-text passwords. Even though many deployments will end up using additional authentication protocols, PAP is the simplest and easiest to configure. And as we will see later, once PAP is configured, many other authentication protocols become simple, too.

In this example, we will configure PAP using the users file. The users file is a flat-text file that allows many common policies to be implemented. It is simple to use, easy to edit, and does not require any additional effort to configure databases like LDAP or SQL. It is therefore the ideal configuration file to use when starting to deploy a new server.

To configure PAP authentication, we must tell the server about a particular user, in this case bob. We must also tell the server what the users “known good” password is, in this case hello. This “known good” password will be used to validate the password entered by the user, and sent to FreeRADIUS by the NAS or AP. If the passwords match, then FreeRADIUS will return an Access-Accept packet. If the passwords do not match, then FreeRADIUS will return an Access-Reject packet.

  • Add a test user
root@ubuntu:~# vim /etc/freeradius/users 
silvia Cleartext-Password := "password"

#
# Please read the documentation file ../doc/processing_users_file,
# or 'man 5 users' (after installing the server) for more information.
#
# This file contains authentication security and configuration
# information for each user. Accounting requests are NOT processed
# through this file. Instead, see 'acct_users', in this directory.
#
# The first field is the user's name and can be up to
# 253 characters in length. This is followed (on the same line) with
# the list of authentication requirements for that user. This can
# include password, comm server name, comm server port number, protocol
# type (perhaps set by the "hints" file), and huntgroup name (set by
# the "huntgroups" file).
#
# If you are not sure why a particular reply is being sent by the
# server, then run the server in debugging mode (radiusd -X), and
# you will see which entries in this file are matched.
#
[...]
  • Enter debug mode
root@ubuntu:~# freeradius -X
FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Jul 26 2017 at 15:30:42
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE.

[...]

radiusd: #### Opening IP addresses and Ports ####
listen {
 type = "auth"
 ipaddr = *
 port = 0
Failed binding to authentication address * port 1812: Address already in use 
/etc/freeradius/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812

Obs: Get normal error as the service is already running

root@ubuntu:~# netstat -unpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:7682 0.0.0.0:* 929/dhclient 
udp 0 0 127.0.0.1:18120 0.0.0.0:* 50902/freeradius
udp 0 0 0.0.0.0:1812 0.0.0.0:* 50902/freeradius
udp 0 0 0.0.0.0:1813 0.0.0.0:* 50902/freeradius
udp 0 0 0.0.0.0:1814 0.0.0.0:* 50902/freeradius
udp 0 0 0.0.0.0:68 0.0.0.0:* 929/dhclient 
udp 0 0 0.0.0.0:47222 0.0.0.0:* 50902/freeradius
udp6 0 0 :::23210 :::* 929/dhclient
  • Test the created user
root@ubuntu:~# radtest silvia password localhost 0 testing123
Sending Access-Request of id 231 to 127.0.0.1 port 1812
 User-Name = "silvia"
 User-Password = "password"
 NAS-IP-Address = 127.0.1.1
 NAS-Port = 0
 Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=231, length=20
  ^---- This text means that authentication succeeded.

 OBS: With the default configuration in Version 2.x, and the above users file entry, the following authentication types will just work:

  • PAP
  • CHAP
  • MS-CHAP
  • EAP-MD5
  • EAP-MSCHAPv2
  • Cisco LEAP

Install Ubuntu Server on Fusion PRO

Software

  • VMWare Fusion PRO 10.0.1
  • Ubuntu package: ubuntu-14.04.1-server-amd64.iso

How to install a fresh Ubuntu Server

  • Open VMware Fusion > New > Install from disc or image > [ Continue ]
  • Drag and Drop the Ubuntu Image ubuntu-14.04.1-server-amd64.iso already stored into your computer > [ Continue ]
  • Use Easy Install (checked), Display Name: your_name, Account Name: ubuntu_user, Password: ubuntu_password, Confirm Password: ubuntu_password > [ Continue ]
  • [ Customize Settings ] > Save As: custom_name > [ Save ]
  • [ Finish ]
  • From menu chose Virtual Mashine > Setings…
  • Processors & Memory: 1 vCPU, 4G RAM, Advanced Options and check Enable hypervisor applications in this virtual machine
  • Existing NIC used for internet connectivity will be mapped to eth0: Network Adapter > Share with my Mac
  • New NIC used for other purposes will be mapped to eth1: [ Add Device ] >  Network Adapter > vmnet3
  • Delete Camera
  • Delete Printer
  • Power ON the VM and wait for the easy installation. Chose eth0 as the Primary network interface.

Connect using SSH >> ERROR

Check ifconfig

silvia@ubuntu :~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:5f:59:4b 
 inet addr:172.16.226.135 Bcast:172.16.226.255 Mask:255.255.255.0
               ^-- got this IP address form Fusion DHCP
 inet6 addr: fe80::20c:29ff:fe5f:594b/64 Scope:Link
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:86448 errors:0 dropped:0 overruns:0 frame:0
 TX packets:11662 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000 
 RX bytes:118763956 (118.7 MB) TX bytes:1141495 (1.1 MB)

lo Link encap:Local Loopback 
 inet addr:127.0.0.1 Mask:255.0.0.0
 inet6 addr: ::1/128 Scope:Host
 UP LOOPBACK RUNNING MTU:65536 Metric:1
 RX packets:34 errors:0 dropped:0 overruns:0 frame:0
 TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0 
 RX bytes:2632 (2.6 KB) TX bytes:2632 (2.6 KB)

When trying to connect using ssh you will get an error. This is normal as ssh server is not installed.

Murgescus-MacBook-Pro:~ silvia$ ssh silvia@172.16.226.135

ssh: connect to host 172.16.226.135 port 22: Connection refused

Murgescus-MacBook-Pro:~ silvia$

Install a ssh-server

  • Update repositories
silvia@ubuntu :~$ sudo apt-get update
  • And again
silvia@ubuntu :~$ sudo apt-get upgrade
  • Install ssh-server
silvia@ubuntu :~$ apt-get install openssh-server

Connect using SSH >> SUCCESS

Murgescus-MacBook-Pro:~ silvia$ ssh silvia@172.16.226.135
The authenticity of host '172.16.226.135 (172.16.226.135)' can't be established.
ECDSA key fingerprint is SHA256:YCEkSF7rhHph60SRWGbfhHm2lRau5wUpPgjH2VqzMhA.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.226.135' (ECDSA) to the list of known hosts.
silvia@172.16.226.135's password:
Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-32-generic x86_64)

* Documentation: https://help.ubuntu.com/
Last login: Wed Dec 13 06:07:12 2017
silvia@ubuntu:~$

Do you need to configure the network adapters? Find here the solution.