Simple VPN Configuration Summarized by Router
Router A (PE Router)
Routing Instance for VPN-A
routing-instance {
VPN-A-Paris-Munich {
instance-type vrf;
interface so-6/0/0.0;
interface so-6/0/1.0;
route-distinguisher 65535:0;
vrf-import VPN-A-import;
vrf-export VPN-A-export;
Instance Routing Protocol
routing-options {
static {
route 172.16.0.0/16 next-hop so-6/0/0.0;
route 172.17.0.0/16 next-hop so-6/0/1.0;
}
}
}
}
Routing Instance for VPN-B
routing-instance {
VPN-B-Madrid {
instance-type vrf;
interface ge-0/3/0.0;
route-distinguisher 65535:2;
vrf-import VPN-B-import;
vrf-export VPN-B-export;
Instance Routing Protocol
protocols {
ospf {
area 0.0.0.0 {
interface ge-0/3/0;
}
}
}
}
}
Master Protocol Instance
protocols {
Enable RSVP
rsvp {
interface so-3/0/0.0;
}
Configure an MPLS LSP
mpls {
label-switched-path RouterA-to-RouterC {
to 10.255.245.47;
}
interface so-3/0/0.0;
interface so-6/0/0.0;
interface so-6/0/1.0;
interface ge-0/3/0.0;
}
Configure IBGP
bgp {
group PE-RouterA-to-PE-RouterC {
type internal;
local-address 10.255.245.68;
family inet-vpn {
unicast;
}
neighbor 10.255.245.47;
}
}
Configure OSPF for Traffic Engineering Support
ospf {
traffic-engineering;
area 0.0.0.0 {
interface so-3/0/0.0;
}
}
}
Configure VPN Policy
policy-options {
policy-statement VPN-A-import {
term a {
from {
protocol bgp;
community VPN-A;
}
then accept;
}
term b {
then reject;
}
}
policy-statement VPN-A-export {
term a {
from protocol static;
then {
community add VPN-A;
accept;
}
}
term b {
then reject;
}
}
policy-statement VPN-B-import {
term a {
from {
protocol bgp;
community VPN-B;
}
then accept;
}
term b {
then reject;
}
}
policy-statement VPN-B-export {
term a {
from protocol ospf;
then {
community add VPN-B;
accept;
}
}
term b {
then reject;
}
}
community VPN-A members target:65535:0;
community VPN-B members target:65535:2;
}
Router B (Provider Router)
Master Protocol Instance
protocols {
Enable RSVP
rsvp {
interface so-4/0/0.0;
interface so-6/0/0.0;
}
Enable MPLS
mpls {
interface so-4/0/0.0;
interface so-6/0/0.0;
}
}
Router C (PE Router)
Routing Instance for VPN-A
routing-instance {
VPN-A-Tokyo {
instance-type vrf;
interface ge-1/0/0.0;
route-distinguisher 65535:1;
vrf-import VPN-A-import;
vrf-export VPN-A-export;
Instance Routing Protocol
protocols {
bgp {
group VPN-A-Site2 {
peer-as 1;
neighbor 10.12.1.2;
}
}
}
}
Routing Instance for VPN-B
VPN-B-Osaka {
instance-type vrf;
interface at-1/2/0.0;
route-distinguisher 65535:3;
vrf-import VPN-B-import;
vrf-export VPN-B-export;
Instance Routing Protocol
protocols {
rip {
group PE-C-to-VPN-B {
neighbor at-1/2/0;
}
}
}
}
}
Master Protocol Instance
protocols {
Enable RSVP
rsvp {
interface so-2/0/0.0;
}
Configure an MPLS LSP
mpls {
label-switched-path RouterC-to-RouterA {
to 10.255.245.68;
}
interface so-2/0/0.0;
interface ge-1/0/0.0;
interface at-1/2/0.0;
}
Configure IBGP
bgp {
group PE-RouterC-to-PE-RouterA {
type internal;
local-address 10.255.245.47;
family inet-vpn {
unicast;
}
neighbor 10.255.245.68;
}
}
Configure OSPF for Traffic Engineering Support
ospf {
traffic-engineering;
area 0.0.0.0 {
interface so-2/0/0.0;
}
}
}
Configure VPN Policy
policy-options {
policy-statement VPN-A-import {
term a {
from {
protocol bgp;
community VPN-A;
}
then accept;
}
term b {
then reject;
}
}
policy-statement VPN-A-export {
term a {
from protocol bgp;
then {
community add VPN-A;
accept;
}
}
term b {
then reject;
}
}
policy-statement VPN-B-import {
term a {
from {
protocol bgp;
community VPN-B;
}
then accept;
}
term b {
then reject;
}
}
policy-statement VPN-B-export {
term a {
from protocol rip;
then {
community add VPN-B;
accept;
}
}
term b {
then reject;
}
}
community VPN-A members target:65535:1;
community VPN-B members target:65535:3;
}