Configure a Simple Full-Mesh VPN Topology

This example shows how to set up a simple full-mesh service provider VPN configuration, which consists of the following components (see Figure 16):

• Two separate VPNs (VPN-A and VPN-B)
• Two provider edge (PE) routers, both of which service VPN-A and VPN-B
• Resource Reservation Protocol (RSVP) as the signaling protocol
• One RSVP label-switched path (LSP) that tunnels between the two PE routers through one provider (P) router

Figure 16: Example of a Simple VPN Topology

In this configuration, route distribution in VPN A from the router VPN-A-Paris to the router VPN-A-Tokyo occurs as follows:

1. The customer edge (CE) router VPN-A-Paris announces routes to the PE router Router A.
2. Router A installs the received announced routes into its VPN routing and forwarding (VRF) table, VPN-A.inet.0.
3. Router A creates a Multiprotocol Label Switching (MPLS) label for the interface between it and the router VPN-A-Paris.
4. Router A checks its VRF export policy.
5. Router A converts the Internet Protocol Version 4 (IPv4) routes from VPN-A-Paris into VPN IPv4 format using its route distinguisher and announces these routes to PE Router C over the internal Border Gateway Protocol (IBGP) between the two PE routers.
6. Router C checks its VRF import policy and installs all routes that match the policy into its bgp.l3vpn.0 routing table. (Any routes that do not match are discarded.)
7. Router C checks its VRF import policy and installs all routes that match into its VPN-A.inet.0 routing table. The routes are installed in IPv4 format.
8. Router C announces its routes to the CE router VPN-A-Tokyo, which installs them into its master routing table. (For routers running JUNOS software, the master routing table is inet.0.)
9. Router C uses the LSP between it and Router A to route all packets from router VPN-A-Tokyo that are destined for the router VPN-A-Paris.

The following sections explain how to configure the VPN functionality on the PE and provider routers. The CE routers are not aware of the VPN, so you configure them normally.

• Enable an IGP on the PE and Provider Routers
• Enable RSVP and MPLS on the Provider Router
• Configure the MPLS LSP Tunnel between the PE Routers
• Configure IBGP on the PE Routers
• Configure Routing Instances for VPNs on the PE Routers
• Configure VPN Policy on the PE Routers

The final section in this example, Simple VPN Configuration Summarized by Router, consolidates the statements needed to configure VPN functionality on each of the service provider routers shown in Figure 16.

In this example, a private autonomous system (AS) number is used for the route distinguisher and the route target. This number is used for illustration only. When you are configuring VPNs, you should use an assigned AS number.