參考:
dci-vpls-o-gre-o-ipsec.pdf
Linux-6 ens3:
ip:192.16810.1/24
mac:00:50:00:00:06:00
Linux-7 ens3:
ip:192.16810.2/24
mac:00:50:00:00:07:00
第1步:配置隧道化服務(wù)
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
set chassis fpc 0 pic 0 interface-type ge
set chassis fpc 0 pic 0 inline-services bandwidth 1g
set chassis fpc 0 lite-mode
set chassis network-services enhanced-ip
第2步:配置接口
set interfaces lo0 unit 0 family inet address 10.0.255.2/32? ? ? #用于MP-IBGP
set interfaces lo0 unit 0 family inet address 10.1.255.2/32? ? ? #用于GRE外層ip
set interfaces si-0/0/0 unit 1 description "IPsec interface to VMX-2"
set interfaces si-0/0/0 unit 1 family inet address 172.16.1.1/30
set interfaces si-0/0/0 unit 1 service-domain inside
set interfaces si-0/0/0 unit 2 family inet
set interfaces si-0/0/0 unit 2 service-domain outside
第3步:配置IPSEC
set services ipsec-vpn ike proposal IKE-PROPOSAL authentication-method pre-shared-keys
set services ipsec-vpn ike proposal IKE-PROPOSAL dh-group group5
set services ipsec-vpn ike proposal IKE-PROPOSAL authentication-algorithm sha1
set services ipsec-vpn ike proposal IKE-PROPOSAL encryption-algorithm aes-256-cbc
set services ipsec-vpn ike proposal IKE-PROPOSAL lifetime-seconds 21600
set services ipsec-vpn ike policy IKE-POLICY mode main
set services ipsec-vpn ike policy IKE-POLICY proposals IKE-PROPOSAL
set services ipsec-vpn ike policy IKE-POLICY pre-shared-key ascii-text BAIDU123
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL protocol esp
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL authentication-algorithm hmac-sha1-96
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL encryption-algorithm aes-256-cbc
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL lifetime-seconds 3600
set services ipsec-vpn ipsec policy IPSEC-POLICY perfect-forward-secrecy keys group5
set services ipsec-vpn ipsec policy IPSEC-POLICY proposals IPSEC-PROPOSAL
set services ipsec-vpn establish-tunnels immediately
set services ipsec-vpn rule DC2-VPN-RULE term 1 then remote-gateway 10.0.13.3
set services ipsec-vpn rule DC2-VPN-RULE term 1 then dynamic ike-policy IKE-POLICY
set services ipsec-vpn rule DC2-VPN-RULE term 1 then dynamic ipsec-policy IPSEC-POLICY
set services ipsec-vpn rule DC2-VPN-RULE match-direction input
set services service-set DC2-VPN-SET next-hop-service inside-service-interface si-0/0/0.1
set services service-set DC2-VPN-SET next-hop-service outside-service-interface si-0/0/0.2
set services service-set DC2-VPN-SET ipsec-vpn-options local-gateway 10.0.12.2
set services service-set DC2-VPN-SET ipsec-vpn-rules DC2-VPN-RULE
第4步:配置GRE
set interfaces gr-0/0/10 unit 0 description "GRE TO DC2"
set interfaces gr-0/0/10 unit 0 tunnel source 10.1.255.2
set interfaces gr-0/0/10 unit 0 tunnel destination 10.1.255.3
set interfaces gr-0/0/10 unit 0 family inet
set interfaces gr-0/0/10 unit 0 family mpls
set routing-options static route 10.1.255.3/32 next-hop si-0/0/0.1
第5步:配置OSPF
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface gr-0/0/10.0
第6步:配置VPLS
set interfaces ge-0/0/1 encapsulation ethernet-vpls
set interfaces ge-0/0/1 unit 0 description "LAN for VPLS to DC2"
set interfaces ge-0/0/1 unit 0 family vpls
set routing-options autonomous-system 12
set protocols bgp group iBGP type internal
set protocols bgp group iBGP local-address 10.0.255.2
set protocols bgp group iBGP family l2vpn signaling
set protocols bgp group iBGP neighbor 10.0.255.3
set protocols rsvp interface gr-0/0/10.0
set protocols mpls interface? gr-0/0/10.0
set protocols mpls label-switched-path From-DC1-to-DC2 from? 10.0.255.2
set protocols mpls label-switched-path From-DC1-to-DC2 to 10.0.255.3
set protocols mpls label-switched-path From-DC1-to-DC2 no-cspf
set routing-instances VPLS instance-type vpls
set routing-instances VPLS interface ge-0/0/1.0
set routing-instances VPLS route-distinguisher 10.0.255.2:100
set routing-instances VPLS vrf-target target:12:100
set routing-instances VPLS protocols vpls no-tunnel-services
set routing-instances VPLS protocols vpls site-range 10
set routing-instances VPLS protocols vpls site DC1 site-identifier 1
-------------------------------------具體配置如下-------------------------------------------------------
root@INTERNET-R> show configuration | display set
set version 14.1R4.8
set system host-name INTERNET-R
set system root-authentication encrypted-password "$1$czFmzflT$fRwwwJRTUyHfii1irLHQd1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 10.0.12.1/24
set interfaces ge-0/0/1 unit 0 family inet address 10.0.13.1/24
root@VMX-1> show configuration | display set
set version 17.4R1.16
set system host-name VMX-1
set system root-authentication encrypted-password "$6$ZQ4qNe6G$pbGgzALEFmxJE32UKCsHvXEyHy9jntcPZN9bkAnLJm3/hlL3/D.OAmdfTAc00psRb1zFb8Jf5gpxyYXDOda.O1"
set system services ssh root-login allow
set system services ssh protocol-version v2
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system processes dhcp-service traceoptions file dhcp_logfile
set system processes dhcp-service traceoptions file size 10m
set system processes dhcp-service traceoptions level all
set system processes dhcp-service traceoptions flag all
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
set chassis fpc 0 pic 0 interface-type ge
set chassis fpc 0 pic 0 inline-services bandwidth 1g
set chassis fpc 0 lite-mode
set chassis network-services enhanced-ip
set services service-set DC2-VPN-SET next-hop-service inside-service-interface si-0/0/0.1
set services service-set DC2-VPN-SET next-hop-service outside-service-interface si-0/0/0.2
set services service-set DC2-VPN-SET ipsec-vpn-options local-gateway 10.0.12.2
set services service-set DC2-VPN-SET ipsec-vpn-rules DC2-VPN-RULE
set services ipsec-vpn rule DC2-VPN-RULE term 1 then remote-gateway 10.0.13.3
set services ipsec-vpn rule DC2-VPN-RULE term 1 then dynamic ike-policy IKE-POLICY
set services ipsec-vpn rule DC2-VPN-RULE term 1 then dynamic ipsec-policy IPSEC-POLICY
set services ipsec-vpn rule DC2-VPN-RULE match-direction input
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL protocol esp
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL authentication-algorithm hmac-sha1-96
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL encryption-algorithm aes-256-cbc
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL lifetime-seconds 3600
set services ipsec-vpn ipsec policy IPSEC-POLICY perfect-forward-secrecy keys group5
set services ipsec-vpn ipsec policy IPSEC-POLICY proposals IPSEC-PROPOSAL
set services ipsec-vpn ike proposal IKE-PROPOSAL authentication-method pre-shared-keys
set services ipsec-vpn ike proposal IKE-PROPOSAL dh-group group5
set services ipsec-vpn ike proposal IKE-PROPOSAL authentication-algorithm sha1
set services ipsec-vpn ike proposal IKE-PROPOSAL encryption-algorithm aes-256-cbc
set services ipsec-vpn ike proposal IKE-PROPOSAL lifetime-seconds 21600
set services ipsec-vpn ike policy IKE-POLICY mode main
set services ipsec-vpn ike policy IKE-POLICY proposals IKE-PROPOSAL
set services ipsec-vpn ike policy IKE-POLICY pre-shared-key ascii-text "$9$fQzn/9tuOISr4JGUHkp0ORyl"
set services ipsec-vpn establish-tunnels immediately
set interfaces ge-0/0/0 unit 0 family inet address 10.0.12.2/24
set interfaces si-0/0/0 unit 1 description "IPsec interface to VMX-2"
set interfaces si-0/0/0 unit 1 family inet address 172.16.1.1/30
set interfaces si-0/0/0 unit 1 service-domain inside
set interfaces si-0/0/0 unit 2 family inet
set interfaces si-0/0/0 unit 2 service-domain outside
set interfaces ge-0/0/1 encapsulation ethernet-vpls
set interfaces ge-0/0/1 unit 0 description "LAN for VPLS to DC2"
set interfaces ge-0/0/1 unit 0 family vpls
set interfaces gr-0/0/10 unit 0 description "GRE TO DC2"
set interfaces gr-0/0/10 unit 0 tunnel source 10.1.255.2
set interfaces gr-0/0/10 unit 0 tunnel destination 10.1.255.3
set interfaces gr-0/0/10 unit 0 family inet
set interfaces gr-0/0/10 unit 0 family mpls
set interfaces fxp0 unit 0 family inet address 10.5.245.12/24
set interfaces lo0 unit 0 family inet address 10.0.255.2/32
set interfaces lo0 unit 0 family inet address 10.1.255.2/32
set routing-options static route 10.5.0.0/16 next-hop 10.5.245.254
set routing-options static route 10.0.13.0/24 next-hop 10.0.12.1
set routing-options static route 10.1.255.3/32 next-hop si-0/0/0.1
set routing-options autonomous-system 12
set protocols rsvp interface gr-0/0/10.0
set protocols mpls label-switched-path From-DC1-to-DC2 from 10.0.255.2
set protocols mpls label-switched-path From-DC1-to-DC2 to 10.0.255.3
set protocols mpls label-switched-path From-DC1-to-DC2 no-cspf
set protocols mpls interface gr-0/0/10.0
set protocols bgp group iBGP type internal
set protocols bgp group iBGP local-address 10.0.255.2
set protocols bgp group iBGP family l2vpn signaling
set protocols bgp group iBGP neighbor 10.0.255.3
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface gr-0/0/10.0
set routing-instances VPLS instance-type vpls
set routing-instances VPLS interface ge-0/0/1.0
set routing-instances VPLS route-distinguisher 10.0.255.2:100
set routing-instances VPLS vrf-target target:12:100
set routing-instances VPLS protocols vpls site-range 10
set routing-instances VPLS protocols vpls no-tunnel-services
set routing-instances VPLS protocols vpls site DC1 site-identifier 1
root@VMX-2> show configuration | display set
set version 17.4R1.16
set system host-name VMX-2
set system root-authentication encrypted-password "$6$dW5rXJR0$AXBcRtDNK2yzZbiYnAFAJY8O5NwqT.TGyJcVzoS7nZD6QZ/Ta/dVSsw3W4Ly7yTlCVSPPFDpTLf0XS4SR0avr1"
set system services ssh root-login allow
set system services ssh protocol-version v2
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system processes dhcp-service traceoptions file dhcp_logfile
set system processes dhcp-service traceoptions file size 10m
set system processes dhcp-service traceoptions level all
set system processes dhcp-service traceoptions flag all
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
set chassis fpc 0 pic 0 interface-type ge
set chassis fpc 0 pic 0 inline-services bandwidth 1g
set chassis fpc 0 lite-mode
set chassis network-services enhanced-ip
set services service-set DC1-VPN-SET next-hop-service inside-service-interface si-0/0/0.1
set services service-set DC1-VPN-SET next-hop-service outside-service-interface si-0/0/0.2
set services service-set DC1-VPN-SET ipsec-vpn-options local-gateway 10.0.13.3
set services service-set DC1-VPN-SET ipsec-vpn-rules DC1-VPN-RULE
set services ipsec-vpn rule DC1-VPN-RULE term 1 then remote-gateway 10.0.12.2
set services ipsec-vpn rule DC1-VPN-RULE term 1 then dynamic ike-policy IKE-POLICY
set services ipsec-vpn rule DC1-VPN-RULE term 1 then dynamic ipsec-policy IPSEC-POLICY
set services ipsec-vpn rule DC1-VPN-RULE match-direction input
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL protocol esp
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL authentication-algorithm hmac-sha1-96
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL encryption-algorithm aes-256-cbc
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL lifetime-seconds 3600
set services ipsec-vpn ipsec policy IPSEC-POLICY perfect-forward-secrecy keys group5
set services ipsec-vpn ipsec policy IPSEC-POLICY proposals IPSEC-PROPOSAL
set services ipsec-vpn ike proposal IKE-PROPOSAL authentication-method pre-shared-keys
set services ipsec-vpn ike proposal IKE-PROPOSAL dh-group group5
set services ipsec-vpn ike proposal IKE-PROPOSAL authentication-algorithm sha1
set services ipsec-vpn ike proposal IKE-PROPOSAL encryption-algorithm aes-256-cbc
set services ipsec-vpn ike proposal IKE-PROPOSAL lifetime-seconds 21600
set services ipsec-vpn ike policy IKE-POLICY mode main
set services ipsec-vpn ike policy IKE-POLICY proposals IKE-PROPOSAL
set services ipsec-vpn ike policy IKE-POLICY pre-shared-key ascii-text "$9$tkJx0OIEhylKW7-.fTQn6reK8Nd"
set services ipsec-vpn establish-tunnels immediately
set interfaces ge-0/0/0 unit 0 family inet address 10.0.13.3/24
set interfaces si-0/0/0 unit 1 description "IPsec interface to VMX-1"
set interfaces si-0/0/0 unit 1 family inet address 172.16.1.2/30
set interfaces si-0/0/0 unit 1 service-domain inside
set interfaces si-0/0/0 unit 2 family inet
set interfaces si-0/0/0 unit 2 service-domain outside
set interfaces ge-0/0/1 encapsulation ethernet-vpls
set interfaces ge-0/0/1 unit 0 description "LAN for VPLS to DC1"
set interfaces ge-0/0/1 unit 0 family vpls
set interfaces gr-0/0/10 unit 0 description "GRE TO DC1"
set interfaces gr-0/0/10 unit 0 tunnel source 10.1.255.3
set interfaces gr-0/0/10 unit 0 tunnel destination 10.1.255.2
set interfaces gr-0/0/10 unit 0 family inet
set interfaces gr-0/0/10 unit 0 family mpls
set interfaces fxp0 unit 0 family inet address 10.5.245.13/24
set interfaces lo0 unit 0 family inet address 10.0.255.3/32
set interfaces lo0 unit 0 family inet address 10.1.255.3/32
set routing-options static route 10.5.0.0/16 next-hop 10.5.245.254
set routing-options static route 10.0.12.0/24 next-hop 10.0.13.1
set routing-options static route 10.1.255.2/32 next-hop si-0/0/0.1
set routing-options autonomous-system 12
set protocols rsvp interface gr-0/0/10.0
set protocols mpls label-switched-path From-DC2-to-DC1 from 10.0.255.3
set protocols mpls label-switched-path From-DC2-to-DC1 to 10.0.255.2
set protocols mpls label-switched-path From-DC2-to-DC1 no-cspf
set protocols mpls interface gr-0/0/10.0
set protocols bgp group iBGP type internal
set protocols bgp group iBGP local-address 10.0.255.3
set protocols bgp group iBGP family l2vpn signaling
set protocols bgp group iBGP neighbor 10.0.255.2
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface gr-0/0/10.0
set routing-instances VPLS instance-type vpls
set routing-instances VPLS interface ge-0/0/1.0
set routing-instances VPLS route-distinguisher 10.0.255.3:100
set routing-instances VPLS vrf-target target:12:100
set routing-instances VPLS protocols vpls site-range 10
set routing-instances VPLS protocols vpls no-tunnel-services
set routing-instances VPLS protocols vpls site DC2 site-identifier 2
驗(yàn)證:
root@VMX-1> show route
inet.0: 13 destinations, 14 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.12.0/24? ? ? *[Direct/0] 00:46:16
? ? ? ? ? ? ? ? ? ? > via ge-0/0/0.0
10.0.12.2/32? ? ? *[Local/0] 00:46:16
? ? ? ? ? ? ? ? ? ? ? Local via ge-0/0/0.0
10.0.13.0/24? ? ? *[Static/5] 00:46:16
? ? ? ? ? ? ? ? ? ? > to 10.0.12.1 via ge-0/0/0.0
10.0.255.2/32? ? ? *[Direct/0] 00:26:59
? ? ? ? ? ? ? ? ? ? > via lo0.0
10.0.255.3/32? ? ? *[OSPF/10] 00:19:01, metric 1
? ? ? ? ? ? ? ? ? ? > via gr-0/0/10.0
10.1.255.2/32? ? ? *[Direct/0] 00:26:59
? ? ? ? ? ? ? ? ? ? > via lo0.0
10.1.255.3/32? ? ? *[Static/5] 00:22:49
? ? ? ? ? ? ? ? ? ? > via si-0/0/0.1
? ? ? ? ? ? ? ? ? ? [OSPF/10] 00:18:56, metric 1
? ? ? ? ? ? ? ? ? ? > via gr-0/0/10.0
10.5.0.0/16? ? ? ? *[Static/5] 00:46:16
? ? ? ? ? ? ? ? ? ? > to 10.5.245.254 via fxp0.0
10.5.245.0/24? ? ? *[Direct/0] 00:46:16
? ? ? ? ? ? ? ? ? ? > via fxp0.0
10.5.245.12/32? ? *[Local/0] 00:46:16
? ? ? ? ? ? ? ? ? ? ? Local via fxp0.0
172.16.1.0/30? ? ? *[Direct/0] 00:26:59
? ? ? ? ? ? ? ? ? ? > via si-0/0/0.1
172.16.1.1/32? ? ? *[Local/0] 00:26:59
? ? ? ? ? ? ? ? ? ? ? Local via si-0/0/0.1
224.0.0.5/32? ? ? *[OSPF/10] 00:19:54, metric 1
? ? ? ? ? ? ? ? ? ? ? MultiRecv
inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.255.3/32? ? ? *[RSVP/7/1] 00:18:02, metric 1
? ? ? ? ? ? ? ? ? ? > via gr-0/0/10.0, label-switched-path From-DC1-to-DC2
mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0? ? ? ? ? ? ? ? ? *[MPLS/0] 00:19:54, metric 1
? ? ? ? ? ? ? ? ? ? ? to table inet.0
0(S=0)? ? ? ? ? ? *[MPLS/0] 00:19:54, metric 1
? ? ? ? ? ? ? ? ? ? ? to table mpls.0
1? ? ? ? ? ? ? ? ? *[MPLS/0] 00:19:54, metric 1
? ? ? ? ? ? ? ? ? ? ? Receive
2? ? ? ? ? ? ? ? ? *[MPLS/0] 00:19:54, metric 1
? ? ? ? ? ? ? ? ? ? ? to table inet6.0
2(S=0)? ? ? ? ? ? *[MPLS/0] 00:19:54, metric 1
? ? ? ? ? ? ? ? ? ? ? to table mpls.0
13? ? ? ? ? ? ? ? *[MPLS/0] 00:19:54, metric 1
? ? ? ? ? ? ? ? ? ? ? Receive
17? ? ? ? ? ? ? ? *[VPLS/7] 00:18:02
? ? ? ? ? ? ? ? ? ? > via lsi.1048576 (master), Pop? ? ?
lsi.1048576? ? ? ? *[VPLS/7] 00:18:02, metric2 1
? ? ? ? ? ? ? ? ? ? > via gr-0/0/10.0, label-switched-path From-DC1-to-DC2
inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
ff02::2/128? ? ? ? *[INET6/0] 01:05:35
? ? ? ? ? ? ? ? ? ? ? MultiRecv
bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.255.3:100:2:1/96? ? ? ? ? ? ? ?
? ? ? ? ? ? ? ? ? *[BGP/170] 00:18:02, localpref 100, from 10.0.255.3
? ? ? ? ? ? ? ? ? ? ? AS path: I, validation-state: unverified
? ? ? ? ? ? ? ? ? ? > via gr-0/0/10.0, label-switched-path From-DC1-to-DC2
VPLS.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.255.2:100:1:1/96? ? ? ? ? ? ? ?
? ? ? ? ? ? ? ? ? *[L2VPN/170/-101] 00:19:54, metric2 1
? ? ? ? ? ? ? ? ? ? ? Indirect
10.0.255.3:100:2:1/96? ? ? ? ? ? ? ?
? ? ? ? ? ? ? ? ? *[BGP/170] 00:18:02, localpref 100, from 10.0.255.3
? ? ? ? ? ? ? ? ? ? ? AS path: I, validation-state: unverified
? ? ? ? ? ? ? ? ? ? > via gr-0/0/10.0, label-switched-path From-DC1-to-DC2
root@VMX-1> show services ipsec-vpn ike security-associations? ? ? ? ? ?
Remote Address? State? ? ? ? Initiator cookie? Responder cookie? Exchange type
10.0.13.3? ? ? Matured? ? ? 5bd7f97df5db984a? d7fb216fb0e69827? Main? ? ? ?
root@VMX-1>
root@VMX-1> show services ipsec-vpn ipsec security-associations?
Service set: DC2-VPN-SET, IKE Routing-instance: default
? Rule: DC2-VPN-RULE, Term: 1, Tunnel index: 1
? Local gateway: 10.0.12.2, Remote gateway: 10.0.13.3
? IPSec inside interface: si-0/0/0.1, Tunnel MTU: 1500
? UDP encapsulate: Disabled, UDP Destination port: 0
? NATT Detection: Not Detected, NATT keepalive interval: 0
? ? Direction SPI? ? ? ? AUX-SPI? ? Mode? ? ? Type? ? Protocol
? ? inbound? 2161884131? 0? ? ? ? ? tunnel? ? dynamic? ESP? ? ?
? ? outbound? 2674364107? 0? ? ? ? ? tunnel? ? dynamic? ESP? ? ?
? ? inbound? 1945802811? 0? ? ? ? ? tunnel? ? dynamic? ESP? ? ?
? ? outbound? 493457633? 0? ? ? ? ? tunnel? ? dynamic? ESP? ? ?
root@VMX-1> show ospf neighbor? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
Address? ? ? ? ? Interface? ? ? ? ? ? ? State? ? ID? ? ? ? ? ? ? Pri? Dead
10.0.255.3? ? ? gr-0/0/10.0? ? ? ? ? ? Full? ? ? 10.0.255.3? ? ? 128? ? 35
root@VMX-1> show bgp summary? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
Groups: 1 Peers: 1 Down peers: 0
Table? ? ? ? ? Tot Paths? Act Paths Suppressed? ? History Damp State? ? Pending
bgp.l2vpn.0? ? ? ? ?
? ? ? ? ? ? ? ? ? ? ? 1? ? ? ? ? 1? ? ? ? ? 0? ? ? ? ? 0? ? ? ? ? 0? ? ? ? ? 0
Peer? ? ? ? ? ? ? ? ? ? AS? ? ? InPkt? ? OutPkt? ? OutQ? Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.0.255.3? ? ? ? ? ? ? 12? ? ? ? 55? ? ? ? 54? ? ? 0? ? ? 0? ? ? 22:43 Establ
? bgp.l2vpn.0: 1/1/1/0
? VPLS.l2vpn.0: 1/1/1/0
root@VMX-1> show mpls lsp? ? ?
Ingress LSP: 1 sessions
To? ? ? ? ? ? ? From? ? ? ? ? ? State Rt P? ? ActivePath? ? ? LSPname
10.0.255.3? ? ? 10.0.255.2? ? ? Up? ? 0 *? ? ? ? ? ? ? ? ? ? ? From-DC1-to-DC2
Total 1 displayed, Up 1, Down 0
Egress LSP: 1 sessions
To? ? ? ? ? ? ? From? ? ? ? ? ? State? Rt Style Labelin Labelout LSPname
10.0.255.2? ? ? 10.0.255.3? ? ? Up? ? ? 0? 1 FF? ? ? 3? ? ? ? - From-DC2-to-DC1
Total 1 displayed, Up 1, Down 0
Transit LSP: 0 sessions
Total 0 displayed, Up 0, Down 0
root@VMX-1> show vpls connections?
Layer-2 VPN connections:
Legend for connection status (St)?
EI -- encapsulation invalid? ? ? NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch? ? WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down? ? NP -- interface hardware not present
CM -- control-word mismatch? ? ? -> -- only outbound connection is up
CN -- circuit not provisioned? ? <- -- only inbound connection is up
OR -- out of range? ? ? ? ? ? ? Up -- operational
OL -- no outgoing label? ? ? ? ? Dn -- down? ? ? ? ? ? ? ? ? ? ?
LD -- local site signaled down? CF -- call admission control failure? ? ?
RD -- remote site signaled down? SC -- local and remote site ID collision
LN -- local site not designated? LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status? IL -- no incoming label
MM -- MTU mismatch? ? ? ? ? ? ? MI -- Mesh-Group ID not available
BK -- Backup connection? ? ? ? ? ST -- Standby connection
PF -- Profile parse failure? ? ? PB -- Profile busy
RS -- remote site standby? ? ? ? SN -- Static Neighbor
LB -- Local site not best-site? RB -- Remote site not best-site
VM -- VLAN ID mismatch? ? ? ? ? HS -- Hot-standby Connection
Legend for interface status
Up -- operational? ? ? ? ?
Dn -- down
Instance: VPLS
Edge protection: Not-Primary
? Local site: DC1 (1)
? ? connection-site? ? ? ? ? Type? St? ? Time last up? ? ? ? ? # Up trans
? ? 2? ? ? ? ? ? ? ? ? ? ? ? rmt? Up? ? Feb 18 13:58:01 2021? ? ? ? ? 1
? ? ? Remote PE: 10.0.255.3, Negotiated control-word: No
? ? ? Incoming label: 17, Outgoing label: 262145
? ? ? Local interface: lsi.1048576, Status: Up, Encapsulation: VPLS
? ? ? ? Description: Intf - vpls VPLS local site 1 remote site 2
? ? ? Flow Label Transmit: No, Flow Label Receive: No
root@VMX-1> show vpls mac-table? ? ?
MAC flags? ? ? (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
? ? O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC, P -Pinned MAC)
Routing instance : VPLS
Bridging domain : __VPLS__, VLAN : NA
? MAC? ? ? ? ? ? ? ? MAC? ? ? Logical? ? ? ? ? NH? ? MAC? ? ? ? active
? address? ? ? ? ? ? flags? ? interface? ? ? ? Index? property? ? source
? 00:50:00:00:06:00? D? ? ? ? ge-0/0/1.0? ? ?
? 00:50:00:00:07:00? D? ? ? ? lsi.1048576? ?
root@VMX-1> show services ipsec-vpn ipsec statistics? ? ? ? ? ? ? ? ? ?
PIC: si-0/0/0, Service set: DC2-VPN-SET
ESP Statistics:
? Encrypted bytes:? ? ? ? ? 208016
? Decrypted bytes:? ? ? ? ? 206400
? Encrypted packets:? ? ? ? ? 1488
? Decrypted packets:? ? ? ? ? 1470
AH Statistics:
? Input bytes:? ? ? ? ? ? ? ? ? ? 0
? Output bytes:? ? ? ? ? ? ? ? ? 0
? Input packets:? ? ? ? ? ? ? ? ? 0
? Output packets:? ? ? ? ? ? ? ? 0
Errors:
? AH authentication failures:? ? 0
? ESP authentication failures:? ? 0
? ESP decryption failures:? ? ? ? 0
? Bad headers: 0, Bad trailers: 0
? Replay before window drops: 0, Replayed pkts: 0
? IP integrity errors: 0, Exceeds tunnel MTU: 0
? Rule lookup failures: 0, No SA errors: 0
? Flow errors: 0, Misc errors: 0
root@VMX-1> show interfaces gr-0/0/10 detail? ? ? ? ? ?
Physical interface: gr-0/0/10, Enabled, Physical link is Up
? Interface index: 140, SNMP ifIndex: 530, Generation: 143
? Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: 1000mbps
? Hold-times? ? : Up 0 ms, Down 0 ms
? Device flags? : Present Running
? Interface flags: Point-To-Point SNMP-Traps
? Statistics last cleared: Never
? Traffic statistics:
? Input? bytes? :? ? ? ? ? ? ? 108741? ? ? ? ? ? ? ? ? 312 bps
? Output bytes? :? ? ? ? ? ? ? ? 66784? ? ? ? ? ? ? ? ? ? 0 bps
? Input? packets:? ? ? ? ? ? ? ? 1071? ? ? ? ? ? ? ? ? ? 0 pps
? Output packets:? ? ? ? ? ? ? ? ? 451? ? ? ? ? ? ? ? ? ? 0 pps
? IPv6 transit statistics:
? ? Input? bytes? :? ? ? ? ? ? ? ? ? 0
? ? Output bytes? :? ? ? ? ? ? ? ? ? 0
? ? Input? packets:? ? ? ? ? ? ? ? ? 0
? ? Output packets:? ? ? ? ? ? ? ? ? 0
? Logical interface gr-0/0/10.0 (Index 336) (SNMP ifIndex 541) (Generation 145)
? ? Description: GRE TO DC2
? ? Flags: Up Point-To-Point SNMP-Traps 0x4000 IP-Header 10.1.255.3:10.1.255.2:47:df:64:0000000000000000 Encapsulation: GRE-NULL
? ? Copy-tos-to-outer-ip-header: Off, Copy-tos-to-outer-ip-header-transit: Off
? ? Gre keepalives configured: Off, Gre keepalives adjacency state: down
? ? Traffic statistics:
? ? Input? bytes? :? ? ? ? ? ? ? 108821
? ? Output bytes? :? ? ? ? ? ? ? 123157
? ? Input? packets:? ? ? ? ? ? ? ? 1072
? ? Output packets:? ? ? ? ? ? ? ? 1088
? ? Local statistics:
? ? Input? bytes? :? ? ? ? ? ? ? ? 40101
? ? Output bytes? :? ? ? ? ? ? ? ? 56373
? ? Input? packets:? ? ? ? ? ? ? ? ? 620
? ? Output packets:? ? ? ? ? ? ? ? ? 637
? ? Transit statistics:
? ? Input? bytes? :? ? ? ? ? ? ? ? 68720? ? ? ? ? ? ? ? ? ? 0 bps
? ? Output bytes? :? ? ? ? ? ? ? ? 66784? ? ? ? ? ? ? ? ? ? 0 bps
? ? Input? packets:? ? ? ? ? ? ? ? ? 452? ? ? ? ? ? ? ? ? ? 0 pps
? ? Output packets:? ? ? ? ? ? ? ? ? 451? ? ? ? ? ? ? ? ? ? 0 pps
? ? Protocol inet, MTU: 9168
? ? Max nh cache: 0, New hold nh limit: 0, Curr nh cnt: 0, Curr new hold cnt: 0, NH drop cnt: 0
? ? Generation: 163, Route table: 0
? ? ? Flags: Sendbcast-pkt-to-re
? ? Protocol mpls, MTU: 9156, Maximum labels: 3, Generation: 164, Route table: 0
? ? ? Flags: Is-Primary
