| Oracle® Communications IP Service Activator Juniper M-series Device Support Guide Release 7.2 E47718-01 |
|
|
PDF · Mobi · ePub |
| Oracle® Communications IP Service Activator Juniper M-series Device Support Guide Release 7.2 E47718-01 |
|
|
PDF · Mobi · ePub |
This chapter describes how Oracle Communications IP Service Activator configures Layer 2 Martini VPNs on Juniper M-series devices.
Refer to IP Service Activator VPN User's Guide for a technical description of Layer 2 Martini VPNs.
IP Service Activator supports the configuration and management of Layer 2 Martini VPNs.
A Layer 2 Martini point-to-point connection is a pseudo-wire (or tunnel) configured between two endpoints across an IP network.
The connection uses MPLS labels to encapsulate and transport various Layer 2 data formats, including Ethernet (Port), Ethernet (VLAN), Frame Relay, ATM Cell and ATM AAL5, across an IP network. The tunnel provides a transparent connection, so users see no change in their Layer 2 data. (Note that the tunnel does not aim to meet QoS aspects of the connection, particularly in the ATM case.) The Martini endpoints can be interfaces, sub-interfaces, or other endpoint identifiers (VCI/VPI on ATM, DLCI on Frame Relay, or VLAN ID on Ethernet).
A Layer 2 Martini VPN is an association of Layer 2 Martini point-to-point connections, as illustrated in Figure 6-1.
The data types listed in Table 6-1 can be encapsulated on Layer 2 Martini VPNs on Juniper devices.
Table 6-1 Layer 2 Martini VPN Data Types
| Encapsulated Data | Endpoint | Comment |
|---|---|---|
|
Ethernet (port-based) |
Main interface |
NA |
|
Ethernet (VLAN-based) |
Sub-interface with VC identifier |
Created by Provision sub-interface |
|
ATM Cell |
Sub-interface with VC identifier |
Created by Provision sub-interface |
|
ATM AAL5 |
Sub-interface with VC identifier |
Created by Provision sub-interface |
|
Frame Relay |
Sub-interface with VC identifier |
Created by Provision sub-interface |
All Layer 2 endpoints (such as DLCI, VLANs, VPI/VCIs) and their parents (logical and physical interfaces) must have the Access role assigned.
ATM Cell Relay Layer 2 Martini tunnel endpoints must have the same VPI/VCI. ATM AAL5 tunnel endpoints are not required to have the same VPI/VCI.
When creating a Layer 2 Martini VPN with SONET interfaces on Juniper M-series devices as endpoints, the MTU values must match. Note that this must be set manually. IP Service Activator does not validate the MTU values, so you will not be notified when there is a potential mismatch. The Martini circuit will be created in the client but may not be operational if the MTU values do not match on the SONET endpoints.
Layer 2 Martini VPNs use MPLS, particularly to create the LSPs over which encapsulated data travels. The encapsulation protocols are described in various IETF drafts including draft-martini-l2circuit-encap-mpls, draft-martini-l2circuit-trans-mpls, draft-martini-ethernet-encap-mpls, and draft-martini-atm-encap-mpls. See "Martini Drafts" for details.
Some manual preconfiguration of devices is required to support the configuration of Layer 2 Martini VPNs in IP Service Activator.
Core routers on the path to the neighbor PE, and core interfaces, must run MPLS, an IGP such as OSPF, and LDP.
Complete the following tasks in order to set up a Layer 2 Martini connection:
you perform preconfiguration tasks, create the endpoints (either sub-interfaces or VC interfaces), create the Layer 2 Martini tunnel object, set the appropriate options, and finally, assign the relevant endpoints to the tunnel.
Set up base configuration: before actually provisioning the Layer 2 Martini tunnel, certain preconfiguration tasks must be performed. See "Base Configuration".
Create the endpoints: endpoints are interfaces or sub-interfaces supporting the required type of data encapsulation. See "Provisioning Sub-interfaces for a Layer 2 Martini Connection".
Create the VPN: add the Layer 2 Martini connection by right-clicking on the Point-to-Points for the customer and selecting Add L2 Martini-Pt-Pt. Complete the specifications in the dialog box, and then add the endpoints to the new Layer 2 Martini tunnel.
Check the configuration: use Telnet to directly access the running configuration on the devices. See "Checking the Configuration Added to the Device".
This section explains how to provision and delete Layer 2 Martini sub-interfaces.
Layer 2 Martini VPNs provide a tunnel between two endpoints which carries encapsulated data. The encapsulation is done at the endpoints, or sub-interfaces. The sub-interfaces provisioned to support the Layer 2 Martini tunnel must support the desired type of data encapsulation.
See IP Service Activator VPN User's Guide for information about Layer 2 Martini VPN devices and data types and for details on the different hardware devices and data encapsulations supported by IP Service Activator for Layer 2 Martini VPNS, and the specific details for VPN types in which there are variations from the typical configuration.
You create sub-interfaces using configuration policies. See IP Service Activator VPN User's Guide for details.
To manually check the configuration added to the device:
Access the device through a Telnet session. The sub-interface configuration is added in its own group, called orchestream.
Enter the following command:
show groups orchestream
The sub-interface configuration is displayed.
Until you commit your transactions, the created sub-interfaces are not configured on the device. However, you can still use these sub-interfaces in the provisioning of the Layer 2 Martini VPN service. They will be configured, as will the Martini tunnel, when the transactions are committed.
To confirm that the parent interface is capable of supporting the sub-interface you wish to provision:
Right-click on the parent interface and select Properties
On the Interface dialog box, select the Capabilities property page.
Under Outbound Properties, expand Martini.
Confirm that the type of sub-interface you wish to create to support the Layer 2 Martini VPN is shown.
Devices used in Layer 2 Martini VPNs should be configured to use the Gateway role. Interfaces and sub-interfaces used as endpoints should be configured to use the Access role.
IP Service Activator does not allow the deletion of a sub-interface if it is part of an existing Layer 2 Martini VPN or is otherwise still in use.
Do not delete sub-interfaces that were created manually (outside of IP Service Activator).
After creating a numbered sub-interface under an interface (in the Orchestream group) on a Juniper router, you can also manually create a same-numbered sub-interface (under the actual interface) on the Juniper router. However, these two sub-interfaces could have different DLCI values.
Use IP Service Activator to create the provisioned sub-interface. This creates a sub-interface number and a DLCI. If you manually create the same-numbered sub-interface on the Juniper router, remember that the DLCI number must be the same as the DLCI for the sub-interface created by IP Service Activator to discover it properly
To delete a provisioned sub-interface:
On the Topology tab, open the relevant device, and double click on the parent interface for the sub-interface to be deleted.
The Details window appears.
Select the Provisioned Topology tab.
Do one of the following:
Right click the sub-interface in the Provisioned Topology window, then choose Delete from the context menu.
Choose Delete from the Edit menu.
Click on the Delete button on the toolbar.
To remove a sub-interface that was created directly on a device (rather than provisioned using the IP Service Activator client), first log into the device and remove the sub-interface. Then remove the sub-interface from the IP Service Activator client. If you do not first remove the sub-interface from the device, it will re-appear in the IP Service Activator client the next time the device is discovered.
Provisioned sub-interfaces can only be deleted from the Provisioned Topology window as described. The delete button is disabled if trying to delete from another location, for example the hierarchical tree. When you right click a provisioned sub-interface in the hierarchical tree, ”Delete” does not appear in the context menu.
This section describes MPLS, OSPF, and LDP features that must be configured in order to support Layer 2 Martini VPNs.
MPLS support must be enabled on all appropriate interfaces.
The command to configure MPLS on all interfaces is made at the [edit protocols] hierarchy level:
mpls {
interface {interface-name | all };
}
OSPF (or another IGP) must be configured to support Layer 2 Martini VPNs.
The command to configure OSPF on all interfaces is made at the [edit protocols] hierarchy level:
protocols {
ospf {
traffic-engineering
area address {
interface interface-id
interface loopback-id
}
}
}
where address is the address of the area, interface-id is the interface, and loopback-id is the loopback interface.
LDP must be configured to support Layer 2 Martini VPNs. On PE devices LSPs must be configured between the loopback addresses of all PE and P devices.
The command to configure LDP is made at the [edit protocols] hierarchy level:
protocols {
ldp {
interface interface-id
interface loopback-id
}
}
where interface-id is the interface and loopback-id is the loopback interface.
This section discusses the Juniper commands for Layer 2 Martini VPNs.
The commands to configure endpoints depend on the type of data encapsulation in the Layer 2 Martini VPN.
Ethernet endpoints: endpoints for Layer 2 Martini VPNs encapsulating Ethernet data are the main interfaces themselves. Therefore, no specific configuration is applied to the device.
Ethernet VLAN data endpoints: the commands to configure sub-interfaces for Layer 2 Martini VPNs encapsulating Ethernet VLAN data are made at the [edit interfaces] hierarchy level, as follows.
interfaces {
name {
description "description"
vlan-tagging;
encapsulation vlan-ccc;
unit unit-number {
encapsulation vlan-ccc;
vlan-id vlan-id;
}
}
}
where name is the name of the interface, description is a text description of the interface, unit-number is the sub-interface number, and vlan-id is the VLAN identifier.
ATM Cell endpoints: the commands to configure endpoints for Layer 2 Martini VPNs encapsulating ATM Cell and ATM AAL5 data are made at the [edit interfaces] and the [edit chassis] hierarchy level.
At the [edit interfaces] hierarchy level:
interfaces {
name {
description
encapsulation atm-ccc-cell-relay;
atm-options {
pic-type atm1 | atm2;
vpi vpi-id;
}
unit unit-number {
encapsulation atm-vc-mux;
vci vci-id;
}
}
}
where name is the name of the interface, description is a text description of the interface, atm1 | atm2 is the type of PIC card, vpi-id is the virtual path identifier, unit-number is the sub-interface number, and vci-id is the virtual channel identifier.
At the [edit chassis] hierarchy level:
chassis {
fpc fpc-id {
pic pic-id {
atm-l2circuit-mode cell | atm-l2circuit-mode aal5;
}
}
}
where fpc-id is the functional processor card, pic-id is the processor interface card identifier, and atm-l2circuit-mode cell | atm-l2circuit-mode aal5 is the type of ATM encapsulation (either ATM cell or rATM AAL5)
Frame Relay interfaces: the commands to configure endpoints for Layer 2 Martini VPNs encapsulating Frame Relay data follow.
interfaces {
name {
description
encapsulation frame-relay-ccc;
unit unit-number {
encapsulation frame-relay-ccc;
dlci dlci-id;
}
}
}
where name is the name of the interface, description is a text description of the interface, unit-number is the sub-interface number, and dlci-id is the data link connection identifier.
When a sub-interface is part of a Layer 2 Martini connection over frame relay, the DLCI number cannot be modified through the properties dialog box for the sub-interface.
To modify the DLCI number of a sub-interface assigned to a Layer 2 Martini connection:
Unlink the sub-interface from the Layer 2 Martini connection by right-clicking on the sub-interface and selecting Unlink from the context menu.
Click the Provisioned Topology tab in the Details window.
Click the sub-interface to be changed.
Right-click and select Properties from the context menu.
Change the DLCI number of the sub-interface.
Apply the changes by committing pending transactions.
Re-discover the device. The DLCI number is refreshed in the Details window.
Drag the sub-interface back to the Layer 2 Martini connection object in order to re-link it to the Martini tunnel.
In some situations, manually configured VLANs and DLCIs are discovered with the IDs of their parent's logical unit ID rather than with their own ID. This leads to misrepresentation in the client of DLCIs and VLANs IDs when the parent logical unit is provisioned with a different ID than the DLCI or VLAN ID.
For example, a DLCI with ID 567 on logical unit 10 will be discovered as a DLCI with ID 10. When manually provisioning router subinterfaces and virtual circuits, if possible, use matching IDs for logical units and DLCIs or VLANs. For example, for logical unit 567 use a matching DLCI value of 567.
When provisioning Martini circuits (or CCCs) it is possible, that the device driver will generate incorrect router configuration due to issues discovering DLCIs or VLANs.
Create subinterfaces using configuration policies with proper encapsulations and DLCIs or VLANs ID values suitable for planned Martini circuits. Use those subinterfaces as Martini or CCC endpoints rather than manually configured sub-interfaces to avoid any conflicts.
Subinterfaces can be created using configuration policies. Refer to IP Service Activator VPN User's Guide for details.
The command to define the connection between the endpoints in a Layer 2 Martini VPN is:
protocols {
l2circuit {
neighbor address {
description
interface name {
virtual-circuit-id virtual-circuit;
}
}
}
}
where address is the address of the neighbor, description is a text description of the Layer 2 Martini VPN, name is the name of the interface, and virtual-circuit is the identifier for the Layer 2 Martini VPN.
|
 Copyright © 2011, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|