MPLS VPN – option C – using bgp label exchange with cisco and Junos -part 1

It has been a while since I have done any labs after getting a new job. This time, I will be building a NNI option C using both Cisco IOS and Juniper MX. The reason I write this is because I do not find many resources on the internet about the inter AS connection using 2 different software at the same time. Hope this can be useful for anyone who is having the same struggle as i do.

(the AS# below are randomly picked!!)

lab-testing-mpls

Based on the lab diagram (dont feel like copping it up), as the internal VPN service is already running and the intra AS is running OSPF and LDP for MPLS, I will be connecting AS5052 (the green aren in middle) and AS7077 (the orange area at the bottom) together over NNIs to extend the MPLS VPN services.

Continue reading

Advertisements

MPLS VPN – routes sharing between 2 different VRFs across the MPLS network

The beaut of MPLS VPN is to have multi tenants running over the same MPLS core network and each tenant are prevented to access other tenants networks. But what if the 2 different tenants want to connect to each other?

In the lab below, we have 2 different tenants and they are 1120020010 (RT:200010) in Router 12 and 1030010010 (RT:100010) in Router 03. By default, the ASAs connected to these VRFs cannot communicate since they are in 2 different VRF network. In this case, I will be using Cisco IOS and Juniper MX to let 2 different VRFs to connect together.

20161221-mpls-2vrfs

We could check the existing configuration and the route table in Router 03 and Router 12

Continue reading

Using dynamic DNS at SRX with non DYNDNS service provider

When placing a network equipment without a static IP address, the best way to remote access to the device is by using the dynamic DNS service. Juniper has import this feature into their network security products such as Netscreen ScreenOS and JunOS SRX.

I recently has replaced my SSG with the SRX, and am having trouble updating the DDNS record with the built-in DDNS feature. What happen is SRX only offer 2 options of “dyndns.org or ddo.jp”, any service other than these 2 are out of questions. Since I am using HE.net for DDNS, that does not do my any good.

 

20160521-DDNS-SRX_DDNS_server

So my work around is: to map the dyndns domain name to a HE.net dns server IP address with the following command. The command below is to bind the members.dyndns.org (the dyndns.org DDNS service domain name) to the IP address of 184.105.242.3 (the DDNS service domain name). Continue reading