epcim
3/15/2016 - 8:28 PM

MX Configuration Steps for Floating IP

MX Configuration Steps for Floating IP

Step 1: Enable tunnel services
for example: for an mx480 with two fpcs for redundant logical tunnels
fpc 1 {
    pic 0 {
        tunnel-services;
        inline-services {
            bandwidth 10g;
        }
    }
    pic 1 {
        inline-services {
            bandwidth 10g;
        }
    }
}
fpc 2 {
    pic 0 {
        tunnel-services;
        inline-services {
            bandwidth 10g;
        }
    }
    pic 1 {
        inline-services {
            bandwidth 10g;
        }
    }
}

Step 2: Commit config

Step 3: Check for lt interface created it’ll be like lt-1/0/0, lt-2/0/0

Step 4: Create lt interfaces and loopback interfaces 

interfaces{
     lt-1/0/0{
          unit 100 {
                encapsulation frame-relay;
    dlci 100;
    peer-unit 101;
    family inet;
           }
           unit 101 {
    encapsulation frame-relay;
    dlci 100;
    peer-unit 100;
    family inet;
            }
     }
     lt-2/0/0{
          unit 200 {
              encapsulation frame-relay;
              dlci 200;
              peer-unit 201;
              family inet;
         }
         unit 201 {
              encapsulation frame-relay;
              dlci 200;
              peer-unit 200;
              family inet;
         }
     }
    lo0 {
          unit 0 {
              family inet {
              address 10.128.192.20/32;
              }
         }
         unit 101 {
              family inet {
                  address 10.130.1.1/32;
              }
         }
     }
}

Step 5: Create a static route for your virtual network subnet to be defined in Contrail

routing-options
{
static
{
    route <subnet> next-hop [ lt-1/0/0.100 lt-2/0/0.200 ]; 
}
}

Step 6:

Create a loopback interface for the MX and use that for router-id and route-distinguisher-id. Set the MX’s AS number

routing-options 
{
     router-id 10.128.192.20;
     route-distinguisher-id 10.128.192.20;
     autonomous-system 65000;
}
     

Step 7: 

Configure dynamic-tunnels configuration to the subnet where all vRouters reside. It maybe the /16 subnet which encompasses all the racks.

routing-options
{
dynamic-tunnels {
    dynamic-tunnels-overlay { <name>
        source-address 10.128.192.20; <loopback address of the MX >
        gre;
        destination-networks {
            10.128.0.0/21; <super net for all vRouters>
        }
    }
}

Step 9:
Enable BGP and establish peering with contrail controllers

protocols {
  bgp {
     family inet-vpn { 
         unicast;
     }
     group Contrail { 
         type internal;
         keep all;
         family inet-vpn {
             unicast;
         }
         family route-target;
         neighbor 10.128.0.10; <contrail-controller-1>
         neighbor 10.128.0.138; <contrail-controller-2>
         neighbor 10.128.1.10; <contrail-controller-3>
     }
 }
}

Step 10: 

Create a VRF for the virtual network in Contrail that needs external (non-overlay) routed access

<VRF-NAME> {
    instance-type vrf;
    interface lt-1/0/0.101;
    interface lt-2/0/0.201;
    interface lo0.101; <This is a loopback interface>
    vrf-target target:65000:30007; <Same Route Target to be used in Contrail>
    vrf-table-label;
    routing-options {
        static {
            route <subnet> discard; 
            route 0.0.0.0/0 next-hop [ lt-1/0/0.101 lt-2/0/0.201 ];
        }
    }
}

Step 11: 
Check the following
show route table inet.3 for tunnels created to all compute hosts where you have a VM in the external routed network
inet.3: 54 destinations, 54 routes (54 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.128.0.0/21      *[Tunnel/300] 19w3d 17:15:26
                      Tunnel
10.128.0.10/32     *[Tunnel/300] 2w1d 07:01:14
                    > via gr-1/0/0.33844
10.128.0.11/32     *[Tunnel/300] 2w1d 11:53:38
                    > via gr-2/0/0.33810
10.128.0.12/32     *[Tunnel/300] 2w1d 11:53:35
                    > via gr-2/0/0.33821

•	Check lt status
show interfaces terse lt-1/0/0  
Interface               Admin Link Proto    Local                 Remote
lt-1/0/0              
lt-1/0/0.100            up    up   inet    
show interfaces terse lt-2/0/0   
Interface               Admin Link Proto    Local                 Remote
lt-2/0/0              
lt-2/0/0.200            up    up   inet 

◦	Check BGP status, you will see all VRFs which are exchanging routes between MX and Contrail controllers

show bgp summary
Groups: 3 Peers: 9 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.l3vpn.0
                    1663        561          0          0          0          0
bgp.l2vpn.0
                      34          6          0          0          0          0
bgp.rtarget.0
                     108         16          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.128.0.10           65000     627218      71606       0       5 1w5d 22:47:24 Establ
  bgp.l3vpn.0: 465/465/465/0
  bgp.rtarget.0: 16/28/28/0
  PR_BOSH.inet.0: 1/1/1/0
  PR_BOSHSVC.inet.0: 92/92/92/0
  PR_CF.inet.0: 242/242/242/0
  SB_BOSH.inet.0: 1/1/1/0
  SB_PCF.inet.0: 50/50/50/0
  SB_PCF_BOSH.inet.0: 3/3/3/0
  SB_PCF_BOSH_SVC.inet.0: 76/76/76/0
10.128.0.138          65000      37519     186148       0       6 1w5d 22:46:55 Establ
  bgp.l3vpn.0: 10/35/35/0
  bgp.rtarget.0: 0/28/28/0
  PR_BOSHSVC.inet.0: 2/6/6/0
  PR_CF.inet.0: 8/24/24/0
  SB_PCF.inet.0: 0/4/4/0
  SB_PCF_BOSH_SVC.inet.0: 0/1/1/0
10.128.1.10           65000     688473     158798       0       5 1w5d 22:47:23 Establ
  bgp.l3vpn.0: 0/450/450/0
  bgp.rtarget.0: 0/28/28/0
  PR_BOSH.inet.0: 0/1/1/0
  PR_BOSHSVC.inet.0: 0/90/90/0
  PR_CF.inet.0: 0/234/234/0
  SB_BOSH.inet.0: 0/1/1/0
  SB_PCF.inet.0: 0/46/46/0
  SB_PCF_BOSH.inet.0: 0/3/3/0
  SB_PCF_BOSH_SVC.inet.0: 0/75/75/0

•	Check individual VM /32 routes in the VRF to see if Contrail Controller has propagate it to the MX correctly using the BGP peering

For example: 
show route table SB_BOSH.inet.0

SB_BOSH.inet.0: 8 destinations, 13 routes (5 active, 0 holddown, 4 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 19w3d 17:18:35
                    > via lt-1/0/0.103
                      via lt-2/0/0.203
                    [BGP/170] 19w3d 17:17:17, localpref 100, from 10.128.192.21
                      AS path: I, validation-state: unverified
                    > to 10.128.192.107 via ae3.20, Push 23
10.129.32.0/20     *[Static/5] 19w3d 17:21:48
                      Discard
                    [BGP/170] 19w3d 17:17:17, localpref 100, from 10.128.192.21
                      AS path: I, validation-state: unverified
                    > to 10.128.192.107 via ae3.20, Push 23
10.129.47.205/32   *[BGP/170] 4d 18:37:58, localpref 200, from 10.128.0.10
                      AS path: ?, validation-state: unverified
                    > via gr-2/0/0.33843, Push 37
                    [BGP/170] 4d 18:37:58, localpref 200, from 10.128.192.21
                      AS path: ?, validation-state: unverified
                    > via gr-2/0/0.33843, Push 37
                    [BGP/170] 4d 18:37:58, localpref 200, from 10.128.1.10
                      AS path: ?, validation-state: unverified
                    > via gr-2/0/0.33843, Push 37