My Usage Cent

My core Network, P and PE, are 100% Juniper

We start using VPLS, based in BGP sessions, at that time we was working at maximum of 2 or 3 new provisions per day.
We won a big project contract, we reach 90/100 per month.
VPLS become a issue in all fronts...

Planning/ low ports - price of 10G ports using MX and rack space usage

Provisioning... vlan remap, memory usage of the routers and 2000/2500 circuits/customers per MX

Tshoot, a headache to find the signaling problem when, for example: fiber degraded, all BGP sessions start flapping and the things become crazy and the impact increase each minute.

Operating, vpls routing table become a pain is the ass when you use multipoint connections and with Lucifer reason, those multipoint become unreachable and the vpls table and all routing tables become ruge to analyze.

Regarding L2circuits using Ldp

We migrate every vpls p2p to L2circuits, with that...

Very fast provisioning, 6 lines of configuration per box.

Fast tshoot,
less MX, more QFX/EX4550/ACX2200

End to end circuits... ripping of all those routes from tables keeping tables clean as possible.

Today I can sleep a entire night, weeks and month with a problem of those MX dying due vpls memory usage, vlan misconfigured causing l2 looping.

My efforts today is working only with l2circuits... that’s the problem that I am facing now...

Ex4550 will be EOS soon... with no replacement of features... maybe the ACX5448? Who knows

L2circuits is clean and fast... with no mistakes
I use, rsvp/mpls/isis/ldp routing services in every MX family, ex4550, qfx, acx2200 that I have, Everyone knows everyone, l2circuits reach everyone part and every city where we have our network.



att
Alexandre

Em 7 de jul de 2018, à(s) 08:16, Mark Tinka <***@seacom.mu> escreveu:

>
>
>> On 7/Jul/18 13:03, James Bensley wrote:
>>
>> Ah, I remember that thread. It became quite long and I was very busy
>> so I lost track of it. Just read through it. I also looked at LDPv6 a
>> while back and saw it was not well supported so passed. For us 6PE
>> (and eventually 6vPE as we move to Internet in a VRF) "just works".
>> IPv6 native in SR isn't actually enough of a reason for me to migrate
>> to it I don't think.
>
> LDPv6 implementation in IOS XR was a bit spotty 2 years. After our next
> round of code upgrades later this year on Cisco and Juniper, I'll see
> where we are and target to get LDPv6 going before we close out 2018.
>
>
>> You mentioned in the NANOG thread that you wanted to remove BGP from
>> your core - are you using 6PE or BGP IPv6-LU on every hop in the path?
>> I know you are a happy user of BGP-SD so I guess it's Internet in the
>> GRT for you?
>
> I removed BGPv4 from the core back in 2008 (previous job). So all IPv4
> traffic is forwarded inside MPLS, purely label-switched in the core.
> This is just simple LDP signaling + MPLS forwarding toward a BGP next-hop.
>
> For IPv6, as LDPv6 is not yet fully deployed around the network, we are
> still carrying BGPv6 in the core. That is normal hop-by-hop IP
> forwarding. We don't like 6PE or anything like that because it still
> depends on IPv4; I'd much rather run both protocols ships-in-the-night.
> That way, if one of them were to break, chances are the other should
> still be good.
>
> We don't do Internet in a VRF. Seems like too much headache, but that's
> just me, as I know it's a very popular architecture with many operators
> out there. We carry all routing in global, as you rightly point out,
> making heavy use of iBGP and communities to create excitement :-).
>
> We love BGP-SD -- it means we can deliver the same types of services on
> all platforms in all sections of the network, be it in the data centre
> or Metro, or be it on a big chassis or a tiny 1U router, or be it in a
> large or small PoP.
>
> Mark.
> _______________________________________________
> juniper-nsp mailing list juniper-***@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puc

Adam,

Important observation, I prefer keep my pw working even a lot of segments of the network are affected by fiber cut and so on...

When I migrate my BGP VPLS services to l2circuits, my problems today is almost Zero.

No matter what happens, business order for everyone is to keep everything running 24/7/365 with zero downtime no matter what.... planned maintenance doesn’t count, since is planned.

VPLS services, as I said before, cause two outages in one year due l2 loop caused by operation team, after hours with no progress to find the loop origin, I was called (escalated) to solve the problem.

That’s is I want to mean with my experience, uptime, availability, quality of services and so on....

I was a Cisco CCxx for many years with blind eyes in one vendor only.... even this vendor cause downtime “with brand”! My Cisco env goes down!!? Oh yes, it’s a Cisco!!! I am ok with that? Not anymore! I want peace, happy customers, sell more.

With the time that I have today, I can study new tech, make some lab tests, asking for this or for that with different vendors.

Today, I can sleep well without that fear if, someone will loop something, if some equipment will crash due cpu/memory problems.

And yes, I am a Network Warrior! But now.... a warrior tech. Like Call Of Duty Infinity Warfare!

:)

att
Alexandre

Em 8 de jul de 2018, à(s) 17:58, "***@netconsultings.com" <***@netconsultings.com> escreveu:

>> From: James Bensley [mailto:***@gmail.com]
>> Sent: Friday, July 06, 2018 2:04 PM
>>
>>
>>
>> On 5 July 2018 09:56:40 BST, ***@netconsultings.com wrote:
>>>> Of James Bensley
>>>> Sent: Thursday, July 05, 2018 9:15 AM
>>>>
>>>> - 100% rFLA coverage: TI-LA covers the "black spots" we currently
>>> have.
>>>>
>>> Yeah that's an interesting use case you mentioned, that I haven't
>>> considered, that is no TE need but FRR need.
>>> But I guess if it was business critical to get those blind spots
>>> FRR-protected then you would have done something about it already
>>> right?
>>
>> Hi Adam,
>>
>> Yeah correct, no mission critical services are effected by this for us, so the
>> business obviously hasn't allocated resource to do anything about it. If it was
>> a major issue, it should be as simple as adding an extra back haul link to a
>> node or shifting existing ones around (to reshape the P space and Q space to
>> "please" the FRR algorithm).
>>
>>> So I guess it's more like it would be nice to have, now is it enough
>>> to expose the business to additional risk?
>>> Like for instance yes you'd test the feature to death to make sure it
>>> works under any circumstances (it's the very heart of the network after
>>> all if that breaks everything breaks), but the problem I see is then
>>> going to a next release couple of years later -since SR is a new thing
>>> it would have a ton of new stuff added to it by then resulting in
>>> higher potential for regression bugs with comparison to LDP or RSVP
>>> which have been around since
>>> ever and every new release to these two is basically just bug fixes.
>>
>> Good point, I think its worth breaking that down into two separate
>> points/concerns:
>>
>> Initial deployment bugs:
>> We've done stuff like pay for a CPoC with Cisco, then deployed, then had it
>> all blow up, then paod Cisco AS to asses the situation only to be told it's not a
>> good design :D So we just assume a default/safe view now that no amount
>> of testing will protect us. We ensure we have backout plans if something
>> immediately blows up, and heightened reporting for issues that take 72
>> hours to show up, and change freezes to cover issues that take a week to
>> show up etc. etc. So I think as far as an initial SR deployment goes, all we can
>> do is our best with regards to being cautious, just as we would with any
>> major core changes. So I don't see the initial deployment as any more risky
>> than other core projects we've undertaken like changing vendors, entire
>> chassis replacements, code upgrades between major versions etc.
>>
>> Regression bugs:
>> My opinion is that in the case of something like SR which is being deployed
>> based on early drafts, regression bugs is potentially a bigger issue than an
>> initial deployment. I hadn't considered this. Again though I think its
>> something we can reasonably prepare for. Depending on the potential
>> impact to the business you could go as far as standing up a new chassis next
>> to an existing one, but on the newer code version, run them in parallel,
>> migrating services over slowly, keep the old one up for a while before you
>> take it down. You could just do something as simple and physically replace
>> the routing engine, keep the old one on site for a bit so you can quickly swap
>> back. Or just drain the links in the IGP, downgraded the code, and then un-
>> drain the links, if you've got some single homed services on there. If you
>> have OOB access and plan all the rollback config in advance, we can
>> operationally support the risks, no differently to any other major core
>> change.
>>
>> Probably the hardest part is assessing what the risk actually is? How to know
>> what level of additional support, monitoring, people, you will need. If you
>> under resource a rollback of a major failure, and fuck the rollback too, you
>> might need some new pants :)
>>
> Well yes I suppose one could actually look at it as on any other major project like upgrade to a new SW release, or migration from LDP to RSVP-TE or adding a second plane -or all 3 together.
> And apart from the tedious and rigorous testing (god there's got to be a better way of doing SW validation testing) you made me think about scoping the fallback and contingency options in case things down work out.
> These huge projects are always carried out in number of stages each broken down to several individual steps all this is to ease out the deployment but also to scope the fallout in case things go south.
> Like in migrations from LDP to RSVP you go intra-pop first then inter-pop between a pair of POPs and so on using small incremental steps and all this time the fallback option is the good old LDP maybe even well after the project is done until the operational confidence is high enough or till the next code upgrade. And I think a similar approach can be used to de-risk an SR rollout.
>
>
> adam
>
> netconsultings.com
> ::carrier-class solutions for the telecommunications industry::
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-***@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.n

Hi experts,

I had a pleasure time reading the whole thread. Thanks, folks !

Honestly, I also (a bit like Saku) feel that Alexandre's case is more about
throwing the *unneeded* complexity away than about BGP vs. LDP.

The whole story of Kompella-style signaling for L2VPN and VPLS is
auto-discovery in a multi-point VPN service case.

But yes, there is the whole bunch of reasons why multi-point L2 VPN sucks,
and when bridged it sucks 10x more. So if you can throw it away, just throw
it away and you won't need to discuss how to signal it and auto-discover
remote sites.

And yes, as pseudo-wire data plane is way simpler than VPLS, depending on
your access network design, you can [try to] extend it end-to-end, all the
way to the access switch and [maybe, if you are lucky] dramatically
simplify your NOC's life.

However p2p pseudo-wire service is a kind of rare thing these days. There
are [quite a lot of] those poor folks who were never asked whether bridged
L2 VPN (aka VPLS) is needed in the network, they operate. They have no much
choice.

BGP signaling is the coolest part of the VPLS hell (some minimal magic is
required though). In general I agree with the idea that iBGP stability is
all about making the underlaying stuff simple and clean (IGP, BFD, Loss of
Light, whatever). Who said "policies"? For VPLS BGP signaling? Please don't.

And yes, switching frames between fancy full-feature PEs is just half of
the game. The autodiscovery beauty breaks when the frames say bye bye to
the MPLS backbone and meet the ugly access layer. Now you need to switch it
down to the end-point and this often ends up in old good^W VLAN
provisioning. But it's not about BGP, it's about VPLS. Or rather about
those brave folks, who build their services relying on all these
ethernet-on-steroid things.

--
Kind regards,
Pavel


On Sun, Jul 8, 2018 at 10:57 PM, <***@netconsultings.com> wrote:

> > From: James Bensley [mailto:***@gmail.com]
> > Sent: Friday, July 06, 2018 2:04 PM
> >
> >
> >
> > On 5 July 2018 09:56:40 BST, ***@netconsultings.com wrote:
> > >> Of James Bensley
> > >> Sent: Thursday, July 05, 2018 9:15 AM
> > >>
> > >> - 100% rFLA coverage: TI-LA covers the "black spots" we currently
> > >have.
> > >>
> > >Yeah that's an interesting use case you mentioned, that I haven't
> > >considered, that is no TE need but FRR need.
> > >But I guess if it was business critical to get those blind spots
> > >FRR-protected then you would have done something about it already
> > >right?
> >
> > Hi Adam,
> >
> > Yeah correct, no mission critical services are effected by this for us,
> so the
> > business obviously hasn't allocated resource to do anything about it. If
> it was
> > a major issue, it should be as simple as adding an extra back haul link
> to a
> > node or shifting existing ones around (to reshape the P space and Q
> space to
> > "please" the FRR algorithm).
> >
> > >So I guess it's more like it would be nice to have, now is it enough
> > >to expose the business to additional risk?
> > >Like for instance yes you'd test the feature to death to make sure it
> > >works under any circumstances (it's the very heart of the network after
> > >all if that breaks everything breaks), but the problem I see is then
> > >going to a next release couple of years later -since SR is a new thing
> > >it would have a ton of new stuff added to it by then resulting in
> > >higher potential for regression bugs with comparison to LDP or RSVP
> > >which have been around since
> > >ever and every new release to these two is basically just bug fixes.
> >
> > Good point, I think its worth breaking that down into two separate
> > points/concerns:
> >
> > Initial deployment bugs:
> > We've done stuff like pay for a CPoC with Cisco, then deployed, then had
> it
> > all blow up, then paod Cisco AS to asses the situation only to be told
> it's not a
> > good design :D So we just assume a default/safe view now that no amount
> > of testing will protect us. We ensure we have backout plans if something
> > immediately blows up, and heightened reporting for issues that take 72
> > hours to show up, and change freezes to cover issues that take a week to
> > show up etc. etc. So I think as far as an initial SR deployment goes,
> all we can
> > do is our best with regards to being cautious, just as we would with any
> > major core changes. So I don't see the initial deployment as any more
> risky
> > than other core projects we've undertaken like changing vendors, entire
> > chassis replacements, code upgrades between major versions etc.
> >
> > Regression bugs:
> > My opinion is that in the case of something like SR which is being
> deployed
> > based on early drafts, regression bugs is potentially a bigger issue
> than an
> > initial deployment. I hadn't considered this. Again though I think its
> > something we can reasonably prepare for. Depending on the potential
> > impact to the business you could go as far as standing up a new chassis
> next
> > to an existing one, but on the newer code version, run them in parallel,
> > migrating services over slowly, keep the old one up for a while before
> you
> > take it down. You could just do something as simple and physically
> replace
> > the routing engine, keep the old one on site for a bit so you can
> quickly swap
> > back. Or just drain the links in the IGP, downgraded the code, and then
> un-
> > drain the links, if you've got some single homed services on there. If
> you
> > have OOB access and plan all the rollback config in advance, we can
> > operationally support the risks, no differently to any other major core
> > change.
> >
> > Probably the hardest part is assessing what the risk actually is? How to
> know
> > what level of additional support, monitoring, people, you will need. If
> you
> > under resource a rollback of a major failure, and fuck the rollback too,
> you
> > might need some new pants :)
> >
> Well yes I suppose one could actually look at it as on any other major
> project like upgrade to a new SW release, or migration from LDP to RSVP-TE
> or adding a second plane -or all 3 together.
> And apart from the tedious and rigorous testing (god there's got to be a
> better way of doing SW validation testing) you made me think about scoping
> the fallback and contingency options in case things down work out.
> These huge projects are always carried out in number of stages each broken
> down to several individual steps all this is to ease out the deployment but
> also to scope the fallout in case things go south.
> Like in migrations from LDP to RSVP you go intra-pop first then inter-pop
> between a pair of POPs and so on using small incremental steps and all this
> time the fallback option is the good old LDP maybe even well after the
> project is done until the operational confidence is high enough or till the
> next code upgrade. And I think a similar approach can be used to de-risk an
> SR rollout.
>
>
> adam
>
> netconsultings.com
> ::carrier-class solutions for the telecommunications industry::
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-***@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

On 6/Jul/18 17:03, Aaron Gould wrote:


> Thanks, appreciate the thoughts/insights
>
> BGP-based ELINE ... Is this Kompella you speak of ? If so, seems like a lot for a simply/quick p2p pw

There have been plenty of threads arguing for/against BGP-based vs.
LDP-based pw signaling.

Technically, modern kit should be able to scale well with either
solution. IMHO, it's just a case of what you find simpler.

Some folk find BGP-based signaling simpler than LDP-based signaling, and
vice versa.

Both are mature solutions today that will work and continue to be
well-supported.

We find LDP-based signaling simpler than having this in BGP, considering
all that is needed is just to setup a simple p2p pw. We don't do VPLS,
and don't do l3vpn's either, so don't rely that much on BGP for anything
else beyond vanilla iBGP/eBGP routing.

Mark.
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp