Implementation description
In this article, I will build a Carrier-of-Carriers with Internet Service Provider as the customer setup on a single vMX. Each individual router will be configured as a logical router. The vMX router has a back-to-back connection between ge-0/0/0 and ge-0/0/1 ports. For each different link, a different VLAN number will be configured to separate the traffic generated based on router ID number.
Network Diagram
IP Allocation
- AS 1: 192.168.0.0/16
- CE 1: 192.168.0.1/32
- CE 2: 192.168.0.2/32
- Link 111: 192.168.1.0/31
- Link 216: 192.168.1.2/31
- AS 100: 10.10.0.0/16
- PE 11: 10.10.0.11/32
- P 12: 10.10.0.12/32
- C-CE 13: 10.10.0.13/32
- C-CE 14: 10.10.0.14/32
- P 15: 10.10.0.15/32
- PE 16: 10.10.0.16/32
- Internal Links: 10.10.1.0/16
- AS 200: 172.16.0.0/16
- C-PE 21: 172.16.0.21/32
- C-P 22: 172.16.0.22/32
- C-PE 23: 172.16.0.23/32
- Link 1321: 172.16.255.0/31
- Link 1423: 172.16.255.2/31
Full Configuration
root@MX# show | no-more
## Last changed: 2018-03-04 11:27:16 UTC
version 15.1F4.15;
groups {
isis {
logical-systems {
<*> {
protocols {
isis {
level 1 disable;
interface <*> {
point-to-point;
}
}
}
}
}
}
}
apply-groups isis;
system {
host-name MX;
root-authentication {
encrypted-password "$5$L3F31155$kVyagZl2v/WM9s32/hi7VCXxM5o0vupYD.LO3uvCif4"; ## SECRET-DATA
}
services {
ssh;
netconf {
ssh;
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
logical-systems {
1-CE {
interfaces {
ge-0/0/0 {
unit 111 {
vlan-id 111;
family inet {
address 192.168.1.0/31;
}
}
}
lo0 {
unit 1 {
family inet {
address 192.168.0.1/32;
}
}
}
}
protocols {
bgp {
group AS100 {
type external;
export to-bgp;
peer-as 100;
neighbor 192.168.1.1;
}
}
}
policy-options {
policy-statement to-bgp {
from protocol direct;
then accept;
}
}
routing-options {
autonomous-system 1;
}
}
11-PE {
interfaces {
ge-0/0/0 {
unit 1112 {
vlan-id 1112;
family inet {
address 10.10.1.0/31;
}
family iso;
}
}
ge-0/0/1 {
unit 111 {
vlan-id 111;
family inet {
address 192.168.1.1/31;
}
}
}
lo0 {
unit 11 {
family inet {
address 10.10.0.11/32;
}
family iso {
address 49.0100.0100.1000.0011.00;
}
}
}
}
protocols {
bgp {
group internal {
type internal;
local-address 10.10.0.11;
export to-ibgp;
neighbor 10.10.0.12;
neighbor 10.10.0.13;
neighbor 10.10.0.14;
neighbor 10.10.0.15;
neighbor 10.10.0.16;
}
group to-customer {
type external;
peer-as 1;
as-override;
neighbor 192.168.1.0;
}
}
isis {
interface ge-0/0/0.1112;
interface lo0.11;
}
}
policy-options {
policy-statement to-ibgp {
term nhs {
from protocol bgp;
then {
next-hop self;
}
}
}
}
routing-options {
autonomous-system 100;
}
}
12-P {
interfaces {
ge-0/0/0 {
unit 1213 {
vlan-id 1213;
family inet {
address 10.10.1.2/31;
}
family iso;
}
}
ge-0/0/1 {
unit 1112 {
vlan-id 1112;
family inet {
address 10.10.1.1/31;
}
family iso;
}
}
lo0 {
unit 12 {
family inet {
address 10.10.0.12/32;
}
family iso {
address 49.0100.0100.1000.0012.00;
}
}
}
}
protocols {
bgp {
group internal {
type internal;
local-address 10.10.0.12;
neighbor 10.10.0.11;
neighbor 10.10.0.13;
neighbor 10.10.0.14;
neighbor 10.10.0.15;
neighbor 10.10.0.16;
}
}
isis {
interface all;
}
}
routing-options {
autonomous-system 100;
}
}
13-C-CE {
interfaces {
ge-0/0/0 {
unit 1321 {
vlan-id 1321;
family inet {
address 172.16.255.0/31;
}
family mpls;
}
}
ge-0/0/1 {
unit 1213 {
vlan-id 1213;
family inet {
address 10.10.1.3/31;
}
family iso;
}
}
lo0 {
unit 13 {
family inet {
address 10.10.0.13/32;
}
family iso {
address 49.0100.0100.1000.0013.00;
}
}
}
}
protocols {
mpls {
interface ge-0/0/0.1321;
}
bgp {
group to-isp {
type external;
export internal;
peer-as 200;
neighbor 172.16.255.1 {
family inet {
labeled-unicast;
}
}
}
group internal {
type internal;
local-address 10.10.0.13;
export to-ibgp;
neighbor 10.10.0.11;
neighbor 10.10.0.12;
neighbor 10.10.0.14;
neighbor 10.10.0.15;
neighbor 10.10.0.16;
}
}
isis {
interface all;
}
}
policy-options {
policy-statement internal {
term internal {
from protocol [ isis direct ];
then accept;
}
term reject {
then reject;
}
}
policy-statement to-ibgp {
term nhs {
from protocol bgp;
then {
next-hop self;
}
}
}
}
routing-options {
autonomous-system 100;
}
}
14-C-CE {
interfaces {
ge-0/0/0 {
unit 1415 {
vlan-id 1415;
family inet {
address 10.10.1.4/31;
}
family iso;
}
unit 1423 {
vlan-id 1423;
family inet {
address 172.16.255.2/31;
}
family mpls;
}
}
lo0 {
unit 14 {
family inet {
address 10.10.0.14/32;
}
family iso {
address 49.0100.0100.1000.0014.00;
}
}
}
}
protocols {
mpls {
interface ge-0/0/0.1423;
}
bgp {
group to-isp {
type external;
export internal;
peer-as 200;
neighbor 172.16.255.3 {
family inet {
labeled-unicast;
}
}
}
group internal {
type internal;
local-address 10.10.0.14;
export to-ibgp;
neighbor 10.10.0.11;
neighbor 10.10.0.12;
neighbor 10.10.0.13;
neighbor 10.10.0.15;
neighbor 10.10.0.16;
}
}
isis {
interface all;
}
}
policy-options {
policy-statement internal {
term internal {
from protocol [ isis direct ];
then accept;
}
term reject {
then reject;
}
}
policy-statement to-ibgp {
term nhs {
from protocol bgp;
then {
next-hop self;
}
}
}
}
routing-options {
autonomous-system 100;
}
}
15-P {
interfaces {
ge-0/0/0 {
unit 1516 {
vlan-id 1516;
family inet {
address 10.10.1.6/31;
}
family iso;
}
}
ge-0/0/1 {
unit 1415 {
vlan-id 1415;
family inet {
address 10.10.1.5/31;
}
family iso;
}
}
lo0 {
unit 15 {
family inet {
address 10.10.0.15/32;
}
family iso {
address 49.0100.0100.1000.0015.00;
}
}
}
}
protocols {
bgp {
group internal {
type internal;
local-address 10.10.0.15;
neighbor 10.10.0.11;
neighbor 10.10.0.12;
neighbor 10.10.0.13;
neighbor 10.10.0.14;
neighbor 10.10.0.16;
}
}
isis {
interface all;
}
}
routing-options {
autonomous-system 100;
}
}
16-PE {
interfaces {
ge-0/0/1 {
unit 216 {
vlan-id 216;
family inet {
address 192.168.1.3/31;
}
}
unit 1516 {
vlan-id 1516;
family inet {
address 10.10.1.7/31;
}
family iso;
}
}
lo0 {
unit 16 {
family inet {
address 10.10.0.16/32;
}
family iso {
address 49.0100.0100.1000.0016.00;
}
}
}
}
protocols {
bgp {
group internal {
type internal;
local-address 10.10.0.16;
export to-ibgp;
neighbor 10.10.0.11;
neighbor 10.10.0.12;
neighbor 10.10.0.13;
neighbor 10.10.0.14;
neighbor 10.10.0.15;
}
group to-customer {
type external;
peer-as 1;
as-override;
neighbor 192.168.1.2;
}
}
isis {
interface ge-0/0/1.1516;
interface lo0.16;
}
}
policy-options {
policy-statement to-ibgp {
term nhs {
from protocol bgp;
then {
next-hop self;
}
}
}
}
routing-options {
autonomous-system 100;
}
}
2-CE {
interfaces {
ge-0/0/0 {
unit 216 {
vlan-id 216;
family inet {
address 192.168.1.2/31;
}
}
}
lo0 {
unit 2 {
family inet {
address 192.168.0.2/32;
}
}
}
}
protocols {
bgp {
group AS100 {
type external;
export to-bgp;
peer-as 100;
neighbor 192.168.1.3;
}
}
}
policy-options {
policy-statement to-bgp {
from protocol direct;
then accept;
}
}
routing-options {
autonomous-system 1;
}
}
21-C-PE {
interfaces {
ge-0/0/0 {
unit 2122 {
vlan-id 2122;
family inet {
address 172.16.1.0/31;
}
family iso;
family mpls;
}
}
ge-0/0/1 {
unit 1321 {
vlan-id 1321;
family inet {
address 172.16.255.1/31;
}
family mpls;
}
}
lo0 {
unit 21 {
family inet {
address 172.16.0.21/32;
}
family iso {
address 49.0200.1720.1600.0021.00;
}
}
}
}
protocols {
mpls {
interface all;
}
bgp {
group pe-pe {
type internal;
local-address 172.16.0.21;
neighbor 172.16.0.23 {
family inet-vpn {
any;
}
}
}
}
isis {
interface all;
}
ldp {
interface ge-0/0/0.2122;
interface lo0.21;
}
}
routing-instances {
vpn-isp {
instance-type vrf;
interface ge-0/0/1.1321;
route-distinguisher 172.16.0.21:100;
vrf-target target:200:100;
protocols {
bgp {
group to-isp {
peer-as 100;
neighbor 172.16.255.0 {
family inet {
labeled-unicast;
}
as-override;
}
}
}
mpls {
interface all;
}
}
}
}
routing-options {
autonomous-system 200;
}
}
22-C-P {
interfaces {
ge-0/0/0 {
unit 2223 {
vlan-id 2223;
family inet {
address 172.16.1.2/31;
}
family iso;
family mpls;
}
}
ge-0/0/1 {
unit 2122 {
vlan-id 2122;
family inet {
address 172.16.1.1/31;
}
family iso;
family mpls;
}
}
lo0 {
unit 22 {
family inet {
address 172.16.0.22/32;
}
family iso {
address 49.0200.1720.1600.0022.00;
}
}
}
}
protocols {
mpls {
interface all;
}
isis {
interface all;
}
ldp {
interface ge-0/0/0.2223;
interface ge-0/0/1.2122;
interface lo0.22;
}
}
}
23-C-PE {
interfaces {
ge-0/0/1 {
unit 1423 {
vlan-id 1423;
family inet {
address 172.16.255.3/31;
}
family mpls;
}
unit 2223 {
vlan-id 2223;
family inet {
address 172.16.1.3/31;
}
family iso;
family mpls;
}
}
lo0 {
unit 23 {
family inet {
address 172.16.0.23/32;
}
family iso {
address 49.0200.1720.1600.0023.00;
}
}
}
}
protocols {
mpls {
interface all;
}
bgp {
group pe-pe {
type internal;
local-address 172.16.0.23;
neighbor 172.16.0.21 {
family inet-vpn {
any;
}
}
}
}
isis {
interface all;
}
ldp {
interface ge-0/0/1.2223;
interface lo0.23;
}
}
routing-instances {
vpn-isp {
instance-type vrf;
interface ge-0/0/1.1423;
route-distinguisher 172.16.0.23:100;
vrf-target target:200:100;
protocols {
bgp {
group to-isp {
peer-as 100;
neighbor 172.16.255.2 {
family inet {
labeled-unicast;
}
as-override;
}
}
}
mpls {
interface all;
}
}
}
}
routing-options {
autonomous-system 200;
}
}
}
interfaces {
ge-0/0/0 {
description "to ge-0/0/1";
vlan-tagging;
}
ge-0/0/1 {
description "to ge-0/0/0";
vlan-tagging;
}
ge-0/0/2 {
description "to ge-0/0/3";
vlan-tagging;
}
ge-0/0/3 {
description "to ge-0/0/2";
vlan-tagging;
}
ge-0/0/4 {
description "to ge-0/0/5";
vlan-tagging;
}
ge-0/0/5 {
description "to ge-0/0/4";
vlan-tagging;
}
ge-0/0/6 {
description "to ge-0/0/7";
vlan-tagging;
}
ge-0/0/7 {
description "to ge-0/0/6";
vlan-tagging;
}
ge-0/0/8 {
description "to eth1";
}
ge-0/0/9 {
description "to eth2";
}
fxp0 {
unit 0 {
family inet {
address 192.168.83.11/24;
}
}
}
}
Verification
root@MX:1-CE> show route
inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.10.0.14/32 *[BGP/170] 00:17:04, localpref 100
AS path: 100 200 200 I, validation-state: unverified
> to 192.168.1.1 via ge-0/0/0.111
10.10.0.15/32 *[BGP/170] 00:17:04, localpref 100
AS path: 100 200 200 I, validation-state: unverified
> to 192.168.1.1 via ge-0/0/0.111
10.10.0.16/32 *[BGP/170] 00:17:04, localpref 100
AS path: 100 200 200 I, validation-state: unverified
> to 192.168.1.1 via ge-0/0/0.111
10.10.1.4/31 *[BGP/170] 00:17:04, localpref 100
AS path: 100 200 200 I, validation-state: unverified
> to 192.168.1.1 via ge-0/0/0.111
10.10.1.6/31 *[BGP/170] 00:17:04, localpref 100
AS path: 100 200 200 I, validation-state: unverified
> to 192.168.1.1 via ge-0/0/0.111
192.168.0.1/32 *[Direct/0] 03:17:20
> via lo0.1
192.168.0.2/32 *[BGP/170] 00:08:30, localpref 100
AS path: 100 100 I, validation-state: unverified
> to 192.168.1.1 via ge-0/0/0.111
192.168.1.0/31 *[Direct/0] 03:16:25
> via ge-0/0/0.111
192.168.1.0/32 *[Local/0] 03:16:25
Local via ge-0/0/0.111
root@MX:1-CE> ping 192.168.0.2 source 192.168.0.1 count 3
PING 192.168.0.2 (192.168.0.2): 56 data bytes
64 bytes from 192.168.0.2: icmp_seq=0 ttl=46 time=12.347 ms
64 bytes from 192.168.0.2: icmp_seq=1 ttl=46 time=10.568 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=46 time=7.953 ms
--- 192.168.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 7.953/10.289/12.347/1.805 ms
Label Operation
1. From router 1-CE to 13-C-CE will flow simple traffic.
root@MX:11-PE> show route 192.168.0.2
inet.0: 15 destinations, 21 routes (15 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.0.2/32 *[BGP/170] 00:10:57, localpref 100, from 10.10.0.16
AS path: 1 I, validation-state: unverified
> to 10.10.1.1 via ge-0/0/0.1112
2. Router 13-C-CE will push BGP-LU label.
root@MX:13-C-CE> show route 192.168.0.2
inet.0: 15 destinations, 20 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.0.2/32 *[BGP/170] 00:11:33, localpref 100, from 10.10.0.16
AS path: 1 I, validation-state: unverified
> to 172.16.255.1 via ge-0/0/0.1321, Push 299952
3. Router 21-C-PE will swap BGP-LU label and will push an LDP label.
root@MX:21-C-PE> show route 192.168.0.2
root@MX:21-C-PE> show route label 299952
vpn-isp.mpls.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
299952 *[VPN/170] 00:35:44, metric2 1, from 172.16.0.23
> to 172.16.1.1 via ge-0/0/0.2122, Swap 299952, Push 299792(top)
root@MX:21-C-PE> show route label 299792
mpls.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
299792 *[LDP/9] 03:22:12, metric 1
> to 172.16.1.1 via ge-0/0/0.2122, Swap 299792
root@MX:21-C-PE> show route 172.16.0.23/32 protocol ldp
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
inet.3: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.0.23/32 *[LDP/9] 03:24:05, metric 1
> to 172.16.1.1 via ge-0/0/0.2122, Push 299792
4. Router 22-C-P is PHP router and will pop the LDP label.
root@MX:22-C-P> show route label 299792
mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
299792 *[LDP/9] 03:24:49, metric 1
> to 172.16.1.3 via ge-0/0/0.2223, Pop
299792(S=0) *[LDP/9] 03:24:49, metric 1
> to 172.16.1.3 via ge-0/0/0.2223, Pop
5. Router 23-C-PE will swap BGP-LU label.
root@MX:23-C-PE> show route label 299952
mpls.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
299952 *[VPN/170] 00:42:46
> to 172.16.255.2 via ge-0/0/1.1423, Swap 299936
6. Router 14-C-CE will pop the BGP-LU label and will forward simple traffic.
root@MX:14-C-CE> show route label 299936
mpls.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
299936 *[VPN/170] 00:44:10
> to 10.10.1.5 via ge-0/0/0.1415, Pop
299936(S=0) *[VPN/170] 00:44:10
> to 10.10.1.5 via ge-0/0/0.1415, Pop
root@MX:14-C-CE> show route 192.168.0.2
inet.0: 15 destinations, 20 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.0.2/32 *[BGP/170] 00:21:54, localpref 100, from 10.10.0.16
AS path: 1 I, validation-state: unverified
> to 10.10.1.5 via ge-0/0/0.1415