Configure a Logical Unit on the Loopback Interface

[Contents] [Prev] [Next] [Index] [Report an Error]

Configure a Logical Unit on the Loopback Interface
You can configure a logical unit on the loopback interface into each VRF routing instance you have configured on the router. This is possible only on Layer 3 VPNs (VRF routing instances). Associating a VRF routing instance with a logical unit on the loopback interface allows you to easily identify the VRF. This is useful for troubleshooting, allowing you to ping a remote CE router from a local PE router in a Layer 3 VPN. See Ping a Remote CE Router from a PE Router for more information.

You can also configure a firewall filter for the logical unit on the loopback interface, allowing you to filter traffic for the VRF routing instance associated with it.

The following describes how firewall filters affect the VRF routing instance depending on whether they are configured on the default loopback interface, the VRF routing instance, or some combination of the two. The "default loopback interface" refers to lo0.0 (associated with the default routing table) and the "VRF loopback interface" refers to lo0.n, which is configured in the VRF routing instance.

If you configure Filter A on the default loopback interface and Filter B on the VRF loopback interface, the VRF routing instance uses Filter B.

If you configure Filter A on the default loopback interface, but do not configure a filter on the VRF loopback interface, the VRF routing instance does not use a filter.

If you configure Filter A on the default loopback interface but do not even configure a VRF loopback interface, the VRF routing instance uses Filter A.

To configure a logical unit on the loopback interface, configure the unit statement at the [edit interfaces lo0] hierarchy level:
[edit interfaces]
lo0 {
    unit number {
        family inet {
            address address;
        }
}
To associate a firewall filter with the logical unit on the loopback interface, include the following statements at the [edit interfaces lo0 unit unit-number family inet] hierarchy level:
[edit interfaces lo0 unit unit-number family inet]
filter {
    input filter-name;
}
You also need to include the lo0.n interface in the configuration for the VRF routing instance at the [edit routing-instances routing-instance-name] hierarchy level:
[edit]
routing-instances {
    routing-instance-name {
        interface lo0.n;
    }
}
For more information on how to configure firewall filters, see the JUNOS Internet Software Configuration Guide: Policy Framework.

[Contents] [Prev] [Next] [Index] [Report an Error]