参考:
dci-vpls-o-gre-o-ipsec.pdf
Linux-6 ens3:
ip:192.16810.1/24
mac:00:50:00:00:06:00
Linux-7 ens3:
ip:192.16810.2/24
mac:00:50:00:00:07:00
第1步:配置隧道化服务
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
set chassis fpc 0 pic 0 interface-type ge
set chassis fpc 0 pic 0 inline-services bandwidth 1g
set chassis fpc 0 lite-mode
set chassis network-services enhanced-ip
第2步:配置接口
set interfaces lo0 unit 0 family inet address 10.0.255.2/32 #用于MP-IBGP
set interfaces lo0 unit 0 family inet address 10.1.255.2/32 #用于GRE外层ip
set interfaces si-0/0/0 unit 1 description "IPsec interface to VMX-2"
set interfaces si-0/0/0 unit 1 family inet address 172.16.1.1/30
set interfaces si-0/0/0 unit 1 service-domain inside
set interfaces si-0/0/0 unit 2 family inet
set interfaces si-0/0/0 unit 2 service-domain outside
第3步:配置IPSEC
set services ipsec-vpn ike proposal IKE-PROPOSAL authentication-method pre-shared-keys
set services ipsec-vpn ike proposal IKE-PROPOSAL dh-group group5
set services ipsec-vpn ike proposal IKE-PROPOSAL authentication-algorithm sha1
set services ipsec-vpn ike proposal IKE-PROPOSAL encryption-algorithm aes-256-cbc
set services ipsec-vpn ike proposal IKE-PROPOSAL lifetime-seconds 21600
set services ipsec-vpn ike policy IKE-POLICY mode main
set services ipsec-vpn ike policy IKE-POLICY proposals IKE-PROPOSAL
set services ipsec-vpn ike policy IKE-POLICY pre-shared-key ascii-text BAIDU123
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL protocol esp
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL authentication-algorithm hmac-sha1-96
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL encryption-algorithm aes-256-cbc
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL lifetime-seconds 3600
set services ipsec-vpn ipsec policy IPSEC-POLICY perfect-forward-secrecy keys group5
set services ipsec-vpn ipsec policy IPSEC-POLICY proposals IPSEC-PROPOSAL
set services ipsec-vpn establish-tunnels immediately
set services ipsec-vpn rule DC2-VPN-RULE term 1 then remote-gateway 10.0.13.3
set services ipsec-vpn rule DC2-VPN-RULE term 1 then dynamic ike-policy IKE-POLICY
set services ipsec-vpn rule DC2-VPN-RULE term 1 then dynamic ipsec-policy IPSEC-POLICY
set services ipsec-vpn rule DC2-VPN-RULE match-direction input
set services service-set DC2-VPN-SET next-hop-service inside-service-interface si-0/0/0.1
set services service-set DC2-VPN-SET next-hop-service outside-service-interface si-0/0/0.2
set services service-set DC2-VPN-SET ipsec-vpn-options local-gateway 10.0.12.2
set services service-set DC2-VPN-SET ipsec-vpn-rules DC2-VPN-RULE
第4步:配置GRE
set interfaces gr-0/0/10 unit 0 description "GRE TO DC2"
set interfaces gr-0/0/10 unit 0 tunnel source 10.1.255.2
set interfaces gr-0/0/10 unit 0 tunnel destination 10.1.255.3
set interfaces gr-0/0/10 unit 0 family inet
set interfaces gr-0/0/10 unit 0 family mpls
set routing-options static route 10.1.255.3/32 next-hop si-0/0/0.1
第5步:配置OSPF
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface gr-0/0/10.0
第6步:配置VPLS
set interfaces ge-0/0/1 encapsulation ethernet-vpls
set interfaces ge-0/0/1 unit 0 description "LAN for VPLS to DC2"
set interfaces ge-0/0/1 unit 0 family vpls
set routing-options autonomous-system 12
set protocols bgp group iBGP type internal
set protocols bgp group iBGP local-address 10.0.255.2
set protocols bgp group iBGP family l2vpn signaling
set protocols bgp group iBGP neighbor 10.0.255.3
set protocols rsvp interface gr-0/0/10.0
set protocols mpls interface gr-0/0/10.0
set protocols mpls label-switched-path From-DC1-to-DC2 from 10.0.255.2
set protocols mpls label-switched-path From-DC1-to-DC2 to 10.0.255.3
set protocols mpls label-switched-path From-DC1-to-DC2 no-cspf
set routing-instances VPLS instance-type vpls
set routing-instances VPLS interface ge-0/0/1.0
set routing-instances VPLS route-distinguisher 10.0.255.2:100
set routing-instances VPLS vrf-target target:12:100
set routing-instances VPLS protocols vpls no-tunnel-services
set routing-instances VPLS protocols vpls site-range 10
set routing-instances VPLS protocols vpls site DC1 site-identifier 1
-------------------------------------具体配置如下-------------------------------------------------------
root@INTERNET-R> show configuration | display set
set version 14.1R4.8
set system host-name INTERNET-R
set system root-authentication encrypted-password "$1$czFmzflT$fRwwwJRTUyHfii1irLHQd1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 10.0.12.1/24
set interfaces ge-0/0/1 unit 0 family inet address 10.0.13.1/24
root@VMX-1> show configuration | display set
set version 17.4R1.16
set system host-name VMX-1
set system root-authentication encrypted-password "$6$ZQ4qNe6G$pbGgzALEFmxJE32UKCsHvXEyHy9jntcPZN9bkAnLJm3/hlL3/D.OAmdfTAc00psRb1zFb8Jf5gpxyYXDOda.O1"
set system services ssh root-login allow
set system services ssh protocol-version v2
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system processes dhcp-service traceoptions file dhcp_logfile
set system processes dhcp-service traceoptions file size 10m
set system processes dhcp-service traceoptions level all
set system processes dhcp-service traceoptions flag all
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
set chassis fpc 0 pic 0 interface-type ge
set chassis fpc 0 pic 0 inline-services bandwidth 1g
set chassis fpc 0 lite-mode
set chassis network-services enhanced-ip
set services service-set DC2-VPN-SET next-hop-service inside-service-interface si-0/0/0.1
set services service-set DC2-VPN-SET next-hop-service outside-service-interface si-0/0/0.2
set services service-set DC2-VPN-SET ipsec-vpn-options local-gateway 10.0.12.2
set services service-set DC2-VPN-SET ipsec-vpn-rules DC2-VPN-RULE
set services ipsec-vpn rule DC2-VPN-RULE term 1 then remote-gateway 10.0.13.3
set services ipsec-vpn rule DC2-VPN-RULE term 1 then dynamic ike-policy IKE-POLICY
set services ipsec-vpn rule DC2-VPN-RULE term 1 then dynamic ipsec-policy IPSEC-POLICY
set services ipsec-vpn rule DC2-VPN-RULE match-direction input
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL protocol esp
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL authentication-algorithm hmac-sha1-96
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL encryption-algorithm aes-256-cbc
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL lifetime-seconds 3600
set services ipsec-vpn ipsec policy IPSEC-POLICY perfect-forward-secrecy keys group5
set services ipsec-vpn ipsec policy IPSEC-POLICY proposals IPSEC-PROPOSAL
set services ipsec-vpn ike proposal IKE-PROPOSAL authentication-method pre-shared-keys
set services ipsec-vpn ike proposal IKE-PROPOSAL dh-group group5
set services ipsec-vpn ike proposal IKE-PROPOSAL authentication-algorithm sha1
set services ipsec-vpn ike proposal IKE-PROPOSAL encryption-algorithm aes-256-cbc
set services ipsec-vpn ike proposal IKE-PROPOSAL lifetime-seconds 21600
set services ipsec-vpn ike policy IKE-POLICY mode main
set services ipsec-vpn ike policy IKE-POLICY proposals IKE-PROPOSAL
set services ipsec-vpn ike policy IKE-POLICY pre-shared-key ascii-text "$9$fQzn/9tuOISr4JGUHkp0ORyl"
set services ipsec-vpn establish-tunnels immediately
set interfaces ge-0/0/0 unit 0 family inet address 10.0.12.2/24
set interfaces si-0/0/0 unit 1 description "IPsec interface to VMX-2"
set interfaces si-0/0/0 unit 1 family inet address 172.16.1.1/30
set interfaces si-0/0/0 unit 1 service-domain inside
set interfaces si-0/0/0 unit 2 family inet
set interfaces si-0/0/0 unit 2 service-domain outside
set interfaces ge-0/0/1 encapsulation ethernet-vpls
set interfaces ge-0/0/1 unit 0 description "LAN for VPLS to DC2"
set interfaces ge-0/0/1 unit 0 family vpls
set interfaces gr-0/0/10 unit 0 description "GRE TO DC2"
set interfaces gr-0/0/10 unit 0 tunnel source 10.1.255.2
set interfaces gr-0/0/10 unit 0 tunnel destination 10.1.255.3
set interfaces gr-0/0/10 unit 0 family inet
set interfaces gr-0/0/10 unit 0 family mpls
set interfaces fxp0 unit 0 family inet address 10.5.245.12/24
set interfaces lo0 unit 0 family inet address 10.0.255.2/32
set interfaces lo0 unit 0 family inet address 10.1.255.2/32
set routing-options static route 10.5.0.0/16 next-hop 10.5.245.254
set routing-options static route 10.0.13.0/24 next-hop 10.0.12.1
set routing-options static route 10.1.255.3/32 next-hop si-0/0/0.1
set routing-options autonomous-system 12
set protocols rsvp interface gr-0/0/10.0
set protocols mpls label-switched-path From-DC1-to-DC2 from 10.0.255.2
set protocols mpls label-switched-path From-DC1-to-DC2 to 10.0.255.3
set protocols mpls label-switched-path From-DC1-to-DC2 no-cspf
set protocols mpls interface gr-0/0/10.0
set protocols bgp group iBGP type internal
set protocols bgp group iBGP local-address 10.0.255.2
set protocols bgp group iBGP family l2vpn signaling
set protocols bgp group iBGP neighbor 10.0.255.3
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface gr-0/0/10.0
set routing-instances VPLS instance-type vpls
set routing-instances VPLS interface ge-0/0/1.0
set routing-instances VPLS route-distinguisher 10.0.255.2:100
set routing-instances VPLS vrf-target target:12:100
set routing-instances VPLS protocols vpls site-range 10
set routing-instances VPLS protocols vpls no-tunnel-services
set routing-instances VPLS protocols vpls site DC1 site-identifier 1
root@VMX-2> show configuration | display set
set version 17.4R1.16
set system host-name VMX-2
set system root-authentication encrypted-password "$6$dW5rXJR0$AXBcRtDNK2yzZbiYnAFAJY8O5NwqT.TGyJcVzoS7nZD6QZ/Ta/dVSsw3W4Ly7yTlCVSPPFDpTLf0XS4SR0avr1"
set system services ssh root-login allow
set system services ssh protocol-version v2
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system processes dhcp-service traceoptions file dhcp_logfile
set system processes dhcp-service traceoptions file size 10m
set system processes dhcp-service traceoptions level all
set system processes dhcp-service traceoptions flag all
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
set chassis fpc 0 pic 0 interface-type ge
set chassis fpc 0 pic 0 inline-services bandwidth 1g
set chassis fpc 0 lite-mode
set chassis network-services enhanced-ip
set services service-set DC1-VPN-SET next-hop-service inside-service-interface si-0/0/0.1
set services service-set DC1-VPN-SET next-hop-service outside-service-interface si-0/0/0.2
set services service-set DC1-VPN-SET ipsec-vpn-options local-gateway 10.0.13.3
set services service-set DC1-VPN-SET ipsec-vpn-rules DC1-VPN-RULE
set services ipsec-vpn rule DC1-VPN-RULE term 1 then remote-gateway 10.0.12.2
set services ipsec-vpn rule DC1-VPN-RULE term 1 then dynamic ike-policy IKE-POLICY
set services ipsec-vpn rule DC1-VPN-RULE term 1 then dynamic ipsec-policy IPSEC-POLICY
set services ipsec-vpn rule DC1-VPN-RULE match-direction input
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL protocol esp
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL authentication-algorithm hmac-sha1-96
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL encryption-algorithm aes-256-cbc
set services ipsec-vpn ipsec proposal IPSEC-PROPOSAL lifetime-seconds 3600
set services ipsec-vpn ipsec policy IPSEC-POLICY perfect-forward-secrecy keys group5
set services ipsec-vpn ipsec policy IPSEC-POLICY proposals IPSEC-PROPOSAL
set services ipsec-vpn ike proposal IKE-PROPOSAL authentication-method pre-shared-keys
set services ipsec-vpn ike proposal IKE-PROPOSAL dh-group group5
set services ipsec-vpn ike proposal IKE-PROPOSAL authentication-algorithm sha1
set services ipsec-vpn ike proposal IKE-PROPOSAL encryption-algorithm aes-256-cbc
set services ipsec-vpn ike proposal IKE-PROPOSAL lifetime-seconds 21600
set services ipsec-vpn ike policy IKE-POLICY mode main
set services ipsec-vpn ike policy IKE-POLICY proposals IKE-PROPOSAL
set services ipsec-vpn ike policy IKE-POLICY pre-shared-key ascii-text "$9$tkJx0OIEhylKW7-.fTQn6reK8Nd"
set services ipsec-vpn establish-tunnels immediately
set interfaces ge-0/0/0 unit 0 family inet address 10.0.13.3/24
set interfaces si-0/0/0 unit 1 description "IPsec interface to VMX-1"
set interfaces si-0/0/0 unit 1 family inet address 172.16.1.2/30
set interfaces si-0/0/0 unit 1 service-domain inside
set interfaces si-0/0/0 unit 2 family inet
set interfaces si-0/0/0 unit 2 service-domain outside
set interfaces ge-0/0/1 encapsulation ethernet-vpls
set interfaces ge-0/0/1 unit 0 description "LAN for VPLS to DC1"
set interfaces ge-0/0/1 unit 0 family vpls
set interfaces gr-0/0/10 unit 0 description "GRE TO DC1"
set interfaces gr-0/0/10 unit 0 tunnel source 10.1.255.3
set interfaces gr-0/0/10 unit 0 tunnel destination 10.1.255.2
set interfaces gr-0/0/10 unit 0 family inet
set interfaces gr-0/0/10 unit 0 family mpls
set interfaces fxp0 unit 0 family inet address 10.5.245.13/24
set interfaces lo0 unit 0 family inet address 10.0.255.3/32
set interfaces lo0 unit 0 family inet address 10.1.255.3/32
set routing-options static route 10.5.0.0/16 next-hop 10.5.245.254
set routing-options static route 10.0.12.0/24 next-hop 10.0.13.1
set routing-options static route 10.1.255.2/32 next-hop si-0/0/0.1
set routing-options autonomous-system 12
set protocols rsvp interface gr-0/0/10.0
set protocols mpls label-switched-path From-DC2-to-DC1 from 10.0.255.3
set protocols mpls label-switched-path From-DC2-to-DC1 to 10.0.255.2
set protocols mpls label-switched-path From-DC2-to-DC1 no-cspf
set protocols mpls interface gr-0/0/10.0
set protocols bgp group iBGP type internal
set protocols bgp group iBGP local-address 10.0.255.3
set protocols bgp group iBGP family l2vpn signaling
set protocols bgp group iBGP neighbor 10.0.255.2
set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface gr-0/0/10.0
set routing-instances VPLS instance-type vpls
set routing-instances VPLS interface ge-0/0/1.0
set routing-instances VPLS route-distinguisher 10.0.255.3:100
set routing-instances VPLS vrf-target target:12:100
set routing-instances VPLS protocols vpls site-range 10
set routing-instances VPLS protocols vpls no-tunnel-services
set routing-instances VPLS protocols vpls site DC2 site-identifier 2
验证:
root@VMX-1> show route
inet.0: 13 destinations, 14 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.12.0/24 *[Direct/0] 00:46:16
> via ge-0/0/0.0
10.0.12.2/32 *[Local/0] 00:46:16
Local via ge-0/0/0.0
10.0.13.0/24 *[Static/5] 00:46:16
> to 10.0.12.1 via ge-0/0/0.0
10.0.255.2/32 *[Direct/0] 00:26:59
> via lo0.0
10.0.255.3/32 *[OSPF/10] 00:19:01, metric 1
> via gr-0/0/10.0
10.1.255.2/32 *[Direct/0] 00:26:59
> via lo0.0
10.1.255.3/32 *[Static/5] 00:22:49
> via si-0/0/0.1
[OSPF/10] 00:18:56, metric 1
> via gr-0/0/10.0
10.5.0.0/16 *[Static/5] 00:46:16
> to 10.5.245.254 via fxp0.0
10.5.245.0/24 *[Direct/0] 00:46:16
> via fxp0.0
10.5.245.12/32 *[Local/0] 00:46:16
Local via fxp0.0
172.16.1.0/30 *[Direct/0] 00:26:59
> via si-0/0/0.1
172.16.1.1/32 *[Local/0] 00:26:59
Local via si-0/0/0.1
224.0.0.5/32 *[OSPF/10] 00:19:54, metric 1
MultiRecv
inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.255.3/32 *[RSVP/7/1] 00:18:02, metric 1
> via gr-0/0/10.0, label-switched-path From-DC1-to-DC2
mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0 *[MPLS/0] 00:19:54, metric 1
to table inet.0
0(S=0) *[MPLS/0] 00:19:54, metric 1
to table mpls.0
1 *[MPLS/0] 00:19:54, metric 1
Receive
2 *[MPLS/0] 00:19:54, metric 1
to table inet6.0
2(S=0) *[MPLS/0] 00:19:54, metric 1
to table mpls.0
13 *[MPLS/0] 00:19:54, metric 1
Receive
17 *[VPLS/7] 00:18:02
> via lsi.1048576 (master), Pop
lsi.1048576 *[VPLS/7] 00:18:02, metric2 1
> via gr-0/0/10.0, label-switched-path From-DC1-to-DC2
inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
ff02::2/128 *[INET6/0] 01:05:35
MultiRecv
bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.255.3:100:2:1/96
*[BGP/170] 00:18:02, localpref 100, from 10.0.255.3
AS path: I, validation-state: unverified
> via gr-0/0/10.0, label-switched-path From-DC1-to-DC2
VPLS.l2vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.255.2:100:1:1/96
*[L2VPN/170/-101] 00:19:54, metric2 1
Indirect
10.0.255.3:100:2:1/96
*[BGP/170] 00:18:02, localpref 100, from 10.0.255.3
AS path: I, validation-state: unverified
> via gr-0/0/10.0, label-switched-path From-DC1-to-DC2
root@VMX-1> show services ipsec-vpn ike security-associations
Remote Address State Initiator cookie Responder cookie Exchange type
10.0.13.3 Matured 5bd7f97df5db984a d7fb216fb0e69827 Main
root@VMX-1>
root@VMX-1> show services ipsec-vpn ipsec security-associations
Service set: DC2-VPN-SET, IKE Routing-instance: default
Rule: DC2-VPN-RULE, Term: 1, Tunnel index: 1
Local gateway: 10.0.12.2, Remote gateway: 10.0.13.3
IPSec inside interface: si-0/0/0.1, Tunnel MTU: 1500
UDP encapsulate: Disabled, UDP Destination port: 0
NATT Detection: Not Detected, NATT keepalive interval: 0
Direction SPI AUX-SPI Mode Type Protocol
inbound 2161884131 0 tunnel dynamic ESP
outbound 2674364107 0 tunnel dynamic ESP
inbound 1945802811 0 tunnel dynamic ESP
outbound 493457633 0 tunnel dynamic ESP
root@VMX-1> show ospf neighbor
Address Interface State ID Pri Dead
10.0.255.3 gr-0/0/10.0 Full 10.0.255.3 128 35
root@VMX-1> show bgp summary
Groups: 1 Peers: 1 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.l2vpn.0
1 1 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.0.255.3 12 55 54 0 0 22:43 Establ
bgp.l2vpn.0: 1/1/1/0
VPLS.l2vpn.0: 1/1/1/0
root@VMX-1> show mpls lsp
Ingress LSP: 1 sessions
To From State Rt P ActivePath LSPname
10.0.255.3 10.0.255.2 Up 0 * From-DC1-to-DC2
Total 1 displayed, Up 1, Down 0
Egress LSP: 1 sessions
To From State Rt Style Labelin Labelout LSPname
10.0.255.2 10.0.255.3 Up 0 1 FF 3 - From-DC2-to-DC1
Total 1 displayed, Up 1, Down 0
Transit LSP: 0 sessions
Total 0 displayed, Up 0, Down 0
root@VMX-1> show vpls connections
Layer-2 VPN connections:
Legend for connection status (St)
EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down NP -- interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned <- -- only inbound connection is up
OR -- out of range Up -- operational
OL -- no outgoing label Dn -- down
LD -- local site signaled down CF -- call admission control failure
RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
MM -- MTU mismatch MI -- Mesh-Group ID not available
BK -- Backup connection ST -- Standby connection
PF -- Profile parse failure PB -- Profile busy
RS -- remote site standby SN -- Static Neighbor
LB -- Local site not best-site RB -- Remote site not best-site
VM -- VLAN ID mismatch HS -- Hot-standby Connection
Legend for interface status
Up -- operational
Dn -- down
Instance: VPLS
Edge protection: Not-Primary
Local site: DC1 (1)
connection-site Type St Time last up # Up trans
2 rmt Up Feb 18 13:58:01 2021 1
Remote PE: 10.0.255.3, Negotiated control-word: No
Incoming label: 17, Outgoing label: 262145
Local interface: lsi.1048576, Status: Up, Encapsulation: VPLS
Description: Intf - vpls VPLS local site 1 remote site 2
Flow Label Transmit: No, Flow Label Receive: No
root@VMX-1> show vpls mac-table
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC, P -Pinned MAC)
Routing instance : VPLS
Bridging domain : __VPLS__, VLAN : NA
MAC MAC Logical NH MAC active
address flags interface Index property source
00:50:00:00:06:00 D ge-0/0/1.0
00:50:00:00:07:00 D lsi.1048576
root@VMX-1> show services ipsec-vpn ipsec statistics
PIC: si-0/0/0, Service set: DC2-VPN-SET
ESP Statistics:
Encrypted bytes: 208016
Decrypted bytes: 206400
Encrypted packets: 1488
Decrypted packets: 1470
AH Statistics:
Input bytes: 0
Output bytes: 0
Input packets: 0
Output packets: 0
Errors:
AH authentication failures: 0
ESP authentication failures: 0
ESP decryption failures: 0
Bad headers: 0, Bad trailers: 0
Replay before window drops: 0, Replayed pkts: 0
IP integrity errors: 0, Exceeds tunnel MTU: 0
Rule lookup failures: 0, No SA errors: 0
Flow errors: 0, Misc errors: 0
root@VMX-1> show interfaces gr-0/0/10 detail
Physical interface: gr-0/0/10, Enabled, Physical link is Up
Interface index: 140, SNMP ifIndex: 530, Generation: 143
Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: 1000mbps
Hold-times : Up 0 ms, Down 0 ms
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps
Statistics last cleared: Never
Traffic statistics:
Input bytes : 108741 312 bps
Output bytes : 66784 0 bps
Input packets: 1071 0 pps
Output packets: 451 0 pps
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Logical interface gr-0/0/10.0 (Index 336) (SNMP ifIndex 541) (Generation 145)
Description: GRE TO DC2
Flags: Up Point-To-Point SNMP-Traps 0x4000 IP-Header 10.1.255.3:10.1.255.2:47:df:64:0000000000000000 Encapsulation: GRE-NULL
Copy-tos-to-outer-ip-header: Off, Copy-tos-to-outer-ip-header-transit: Off
Gre keepalives configured: Off, Gre keepalives adjacency state: down
Traffic statistics:
Input bytes : 108821
Output bytes : 123157
Input packets: 1072
Output packets: 1088
Local statistics:
Input bytes : 40101
Output bytes : 56373
Input packets: 620
Output packets: 637
Transit statistics:
Input bytes : 68720 0 bps
Output bytes : 66784 0 bps
Input packets: 452 0 pps
Output packets: 451 0 pps
Protocol inet, MTU: 9168
Max nh cache: 0, New hold nh limit: 0, Curr nh cnt: 0, Curr new hold cnt: 0, NH drop cnt: 0
Generation: 163, Route table: 0
Flags: Sendbcast-pkt-to-re
Protocol mpls, MTU: 9156, Maximum labels: 3, Generation: 164, Route table: 0
Flags: Is-Primary