Juniper Networks solutions for Metro Ethernet Forum

What are the JuniperNetworks solutions forMetro Ethernet Forum (MEF) 6.1 Ethernet services definitions, including Ethernet privateline, Ethernet virtual private line, Ethernet LAN, Ethernet lines, and Ethernet trees?

• Ethernet private line (EPL) and Ethernet virtual private line (EVPL) are emulated by Juniper Networks Layer 2 circuit and Layer 2 VPN configurations.

• Ethernet LAN (E-LAN) is emulated by any Juniper Networks VPLS configuration solution.

• Ethernet lines (E-Line) service is emulated by using Juniper Networks Layer 2 circuit service configuration. The encapsulation type for the E-Line can be full Ethernet or only VLAN.

• Ethernet trees (E-Tree) service can be built using point-to-multipoint, or a more sophisticated implementation can be built using hub-and-spoke communities with BGP VPLS.

Juniper and routing-instances

You can configure the following five types of routing instances among others:

Forwarding - Use this instance type for filter-based forwarding applications. For this instance type, there is no one-to-once mapping between an interface and a routing instance. All interfaces belong to the default instance inet.0.

Layer 2 VPN (L2VPN) - Use this routing instance type for Layer 2 virtual private network (VPN) implementations.

Non Forwarding- Use this routing instance type when a separation of routing table information is required. There is no corresponding forwarding table. All routes are installed into the default forwarding tables. IS-IS instances are strictly non forwarding instance types.

Virtual Router - Similar to a VPN routing and forwarding instance type, but used for non-VPN-related applications. There are no virtual routing and forwarding (VRF) import, VRF export, VRF target, or route distinguisher requirements for this instance type.

VRF - Use the VPN routing and forwarding (VRF) instance type for Layer 3 VPN implementations. This routing instance type has a VPN routing table as well as corresponding VPN forwarding table. For this instance type, there is a one-to-one mapping between an interface and a routing instance. Each VRF instance corresponds with a forwarding table. Routers on an interface go into the corresponding forwarding table.

Junos BGP flowspec with exabgp

BGP flowspec injector is exabgp and can be found @ http://code.google.com/p/exabgp/

Topology:

Juniper MX960 <--- bgp peering ---> exabgp (installed on Ubuntu 10.10)

Junos cfg:

lab@MX960_lab# show
import accept-all;
family inet {
     flow {
     no-validate accept-all;
     }
}
peer-as 65000;
neighbor 192.168.200.208;

Exabgp cfg:

lab@lab-virtual-machine:/usr/local/etc/bgp$ cat mx960.txt
neighbor 192.168.200.77 {
        description "mx960 router";
        router-id 192.168.200.208;
        local-address 192.168.200.208;
        local-as 65000;
        peer-as 65534;
        hold-time 180;

        flow {
                route optional-name-of-the-route {
                        match {
                                source 10.11.11.5/32;
                                destination 192.168.200.208/32;
#                               port =80 =8080;
#                               destination-port >8080&<8088 =3128;
#                               source-port >1024;
#                               protocol [ tcp udp ];
#                               protocol tcp;
#                               packet-length >200&<300 >400&<500;
#                               fragment not-a-fragment;
#                               fragment [ first-fragment last-fragment ];
#                               icmp-type [ unreachable echo-request echo-reply ];
#                               icmp-code [ host-unreachable network-unreachable ];
#                               tcp-flags [ urgent rst ];
#                               dscp [ 10 20 ];

                        }
                        then {
#                               rate-limit 9600;
                                discard;
#                               redirect 65500:12345;
#                               redirect 1.2.3.4:5678;
                        }
                }
        }
}


To start exabgp:

lab@lab-virtual-machine:/usr/local/etc/bgp$ bgpd mx960.txt
Thu, 24 Mar 2011 14:04:58 INFO     3491   configuration performing reload
Thu, 24 Mar 2011 14:04:58 INFO     3491   supervisor    New Peer 192.168.200.77
Thu, 24 Mar 2011 14:04:58 INFO     3491   configuration loaded new configuration successfully
Thu, 24 Mar 2011 14:04:59 INFO     3491   message       Peer  192.168.200.77 ASN 65534   >> OPEN version=4 asn=65000 hold_time=180 router_id=192.168.200.208 capabilities=[Multiprotocol for IPv4 flow-ipv4, 4Bytes AS 65000]
Thu, 24 Mar 2011 14:05:00 INFO     3491   message       Peer  192.168.200.77 ASN 65534   << OPEN version=4 asn=65534 hold_time=180 router_id=172.16.0.1 capabilities=[Cisco Route Refresh, Multiprotocol for IPv4 flow-ipv4, Route Refresh, Graceful Restart, 4Bytes AS 65534]
Thu, 24 Mar 2011 14:05:01 INFO     3491   message       Peer  192.168.200.77 ASN 65534   >> KEEPALIVE
Thu, 24 Mar 2011 14:05:02 INFO     3491   message       Peer  192.168.200.77 ASN 65534   << KEEPALIVE
Thu, 24 Mar 2011 14:05:02 INFO     3491   message       Peer  192.168.200.77 ASN 65534   >> UPDATE (update)
Thu, 24 Mar 2011 14:05:02 INFO     3491   message       Peer  192.168.200.77 ASN 65534   >> 1 UPDATE(s)
Thu, 24 Mar 2011 14:05:02 INFO     3491   message       Peer  192.168.200.77 ASN 65534   << KEEPALIVE

To restart exabgp:

lab@lab-virtual-machine:/usr/local/etc/bgp$ ps -fax | grep bgpd
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
3490 pts/1    S+     0:00              \_ grep --color=auto bgpd
3054 ?        S      1:14 /usr/bin/python /usr/local/bin/bgpd mx960.txt
lab@lab-virtual-machine:/usr/local/etc/bgp$ kill 3054

lab@MX960_lab> show route table inetflow.0 extensive

inetflow.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
Restart Complete
3.3.33.3,* (1 entry, 1 announced)
TSI:
KRT in dfwd
        *Flow   Preference: 5
                Next hop type: Fictitious
                Next-hop reference count: 2
                State:
                Local AS: 65534
                Age: 1d 2:37:43
                Task: RT Flow
                Announcement bits (1): 0-Flow
                AS path: I
                Communities: traffic-rate:0:10000

192.168.200.208,10.11.11.5 (1 entry, 1 announced)
TSI:
KRT in dfwd
        *BGP    Preference: 170/-101
                Next hop type: Fictitious
                Next-hop reference count: 2
                State:
                Local AS: 65534 Peer AS: 65000
                Age: 18:08:14
                Task: BGP_65000.192.168.200.208+45985
                Announcement bits (1): 0-Flow
                AS path: 65000 I
                Communities: traffic-rate:0:0
                Accepted
                Localpref: 100
                Router ID: 192.168.200.208

And the traffic is discarded from source 10.11.11.5 to 192.168.200.208 as shown on the filter:

lab@MX960_lab> show firewall filter __flowspec_default_inet__   

Filter: __flowspec_default_inet__                             
Counters:
Name                                                Bytes              Packets
3.3.33.3,*                                              0                    0
192.168.200.208,10.11.11.5                          42168                  502
Policers:
Name                                              Packets
3.3.33.3,*                                              0