Juniper: 6VPE Centralized Internet Access

I recently worked on a pilot project which aim is to provide IPv6-only global connectivity to a open wireless network. The network is mostly made of IEEE 802.11n base stations routing traffic from various mobile devices (e,g. laptops, smartphones) to outside services on the Internet. I had to address three challenges; the first being the lack of proper IPv6 support on some platforms, in particular on 'old' Android 4.x devices. The second challenge was to forward and transport the native IPv6 traffic from the clients, through the base stations and up to the nearest service provider's exit point. To address the latter I decided to leverage 6VPE on the MPLS backbone; the latter being composed of multi-vendors equipments from Cisco Systems and Juniper Networks. The label distribution protocol chosen is LDP for it's simplicity of operation and troubleshooting. Finally, and this is the topic of this article, I had to provide Internet Services to the wireless VPN instances so mobile clients can browse the web in a transparent and efficient manner, despite their physical locations and the base station they're associated with.

Read More

Juniper: Constrained Shortest Path First (CSPF)

It's time to recap a few basics of MPLS, and in particular of CSPF. The Constrained Shortest Path First (CSPF) algorithm allow an ingress LSR to compute a Label Switched Path (LSP) out of a Traffic Engineering (TE) database, the latter includes various constraints or requirements on how a LSP must be signaled. As you may wonder, CSPF is widely use for traffic engineering purpose, but it's also a prerequisite for two protection mechanisms, namely Fast Reroute (FRR) and link/node protection. In fact, these two, uses the TE database to compute and later signal backup tunnels (or bypass LSPs). CSPF is therefore an important piece on the MPLS chessboard.

Read More

Juniper: VPLS Multihoming - Multiple PE

There's actually a few ways to avoid bridging loops in a VPLS network. Bridging in a VPLS environment is not really different from a standard Ethernet network, a spanning-tree protocol like the original IEEE 802.1D or any of its variants like RSTP or MSTP can be enabled to block the redundant link(s). Ethernet Ring Protection (ERP) could also be enabled on platforms supporting it (e,g. Juniper MX series), but certainly the most common and effective way is to carefully provision the VPLS VPN instances using BGP and to respect a few basic rules.

Read More