Hub-and-Spoke VPN Configuration Summarized by Router
Router D (Hub PE Router)
Routing Instance for Distributing Spoke Routes to Hub CE
routing-instance {
Spokes-to-Hub-CE {
instance-type vrf;
interface ge-0/0/0.0;
route-distinguisher 10.255.1.174:65535;
vrf-import spoke;
vrf-export null;
Instance Routing Protocol
protocols {
ospf {
export redistribute-vpn;
area 0.0.0.0 {
interface ge-0/0/0;
}
}
}
}
Routing Instance for Distributing Hub CE Routes to Spokes
Hub-CE-to-Spokes {
instance-type vrf;
interface ge-0/0/1.0;
route-distinguisher 10.255.1.174:65535;
vrf-import null;
vrf-export hub;
Instance Routing Protocols
protocols {
ospf {
export redistribute-vpn;
area 0.0.0.0 {
interface ge-0/0/1.0;
}
}
}
}
}
Routing Options (Master Instance)
routing-options {
autonomous-system 1 loops 1;
}
Protocols (Master Instance)
protocols {
Enable LDP
ldp {
interface so-1/0/0.0;
interface t3-1/1/0.0;
}
Configure IBGP
bgp {
group Hub-to-Spokes {
type internal;
local-address 10.255.14.174;
family inet-vpn {
unicast;
}
neighbor 10.255.14.180;
neighbor 10.255.14.182;
}
}
Configure VPN Policy
policy-options {
policy-statement spoke {
term a {
from {
protocol bgp;
community spoke;
}
then accept;
}
term b {
then reject;
}
}
policy-statement hub {
term a {
from protocol ospf;
then {
community add hub;
accept;
}
}
term b {
then reject;
}
}
policy-statement null {
then reject;
}
policy-statement redistribute-vpn {
term a {
from protocol bgp;
then accept;
}
term b {
then reject;
}
}
community hub members target:65535:1;
community spoke members target:65535:2;
}
Router E (Spoke PE Router)
Routing Instance
routing-instance {
Spoke-E-to-Hub {
instance-type vrf;
interface fe-0/1/0.0;
route-distinguisher 10.255.14.80:65535;
vrf-import hub;
vrf-export spoke;
Instance Routing Protocol
protocols {
ospf {
export redistribute-vpn;
area 0.0.0.0 {
interface fe-0/1/0.0;
]
}
}
}
}
Routing Options (Master Instance)
routing-options {
autonomous-system 1 loops 1;
}
Protocols (Master Instance)
protocols {
Enable LDP
ldp {
interface fe-0/1/2.0;
}
Configure IBGP
bgp {
group Spoke-E-to-Hub {
type internal;
local-address 10.255.14.180;
neighbor 10.255.14.174 {
family inet-vpn {
unicast;
}
}
}
}
}
Configure VPN Policy
policy-options {
policy-statement hub {
term a {
from {
protocol bgp;
community hub;
}
then accept;
}
term b {
then reject;
}
}
policy-statement spoke {
term a {
from protocol ospf;
then {
community add spoke;
accept;
}
}
term b {
then reject;
}
}
policy-statement redistribute-vpn {
term a {
from protocol bgp;
then accept;
}
term b {
then reject;
}
}
community hub members target:65535:1;
community spoke members target:65535:2;
}
Router F (Spoke PE Router)
Routing Instance
routing-instance {
Spoke-F-to-Hub {
instance-type vrf;
interface fe-1/0/1.0;
route-distinguisher 10.255.14.182:65535;
vrf-import hub;
vrf-export spoke;
Instance Routing Protocol
protocols {
ospf {
export redistribute-vpn;
area 0.0.0.0 {
interface fe-1/0/1.0;
]
}
}
}
}
Routing Options (Master Instance)
routing-options {
autonomous-system 1 loops 1;
}
Protocols (Master Instance)
protocols {
Enable LDP
ldp {
interface fe-1/0/0.0;
}
Configure IBGP
bgp {
group Spoke-F-to-Hub {
type internal;
local-address 10.255.14.182;
neighbor 10.255.14.174 {
family inet-vpn {
unicast;
}
}
}
}
}
Configure VPN Policy
policy-options {
policy-statement hub {
term a {
from {
protocol bgp;
community hub;
}
then accept;
}
term b {
then reject;
}
}
policy-statement spoke {
term a {
from protocol ospf;
then {
community add spoke;
accept;
}
}
term b {
then reject;
}
}
policy-statement redistribute-vpn {
term a {
from {
protocol bgp;
}
then accept;
}
term b {
then reject;
}
}
community hub members target:65535:1;
community spoke members target:65535:2;
}