Layer 3 VPN Configuration Guidelines

[Contents] [Prev] [Next] [Index] [Report an Error]

Layer 3 VPN Configuration Guidelines

To configure Layer 3 virtual private network (VPN) functionality, you must enable VPN support on the provider edge (PE) router. You must also configure any provider (P) routers that service the VPN, and you must configure the customer edge (CE) routers so that their routes are distributed into the VPN.

To configure Layer 3 VPNs, you include statements at the [edit routing-instances] hierarchy level:

[edit]

routing-instances {

    routing-instance-name {

        description text;

        interface interface-name;

        instance-type vrf;

        route-distinguisher ( as-number:number | ip-address:number );

        vrf-import [ policy-names ];

        vrf-export [ policy-names ];

        vrf-target ( community-name | export community-name | import community-name );

        vrf-table-label;

        protocols {

            bgp {

                bgp-configuration;

            ospf {

                ospf-configuration;

            pim {

                pim-configuration;

                vpn-group-address address;

            rip {

                rip-configuration;

        routing-options {

            autonomous-system autonomous-system <loops number>;

            forwarding-table {

                export [ policy-names ];

            interface-routes {

                rib-group group-name;

            martians {

                destination-prefix match-type <allow>;

            maximum-routes route-limit <log-only | threshold value>;

            options {

                syslog (level level | upto level);

            rib routing-table {

                static {

                    defaults {

                        static-options;

                    route destination-prefix {

                        next-hop;

                        static-options;

                martians {

                    destination-prefix match-type <allow>;

                static {

                    defaults {

                        static-options;

                    route destination-prefix {

                        policy [ policy-names ];

                        static-options;

            router-id address;

            static {

                defaults {

                    static-options;

                route destination-prefix {

                    policy [ policy-names ];

                    static-options;

For Layer 3 VPNs, only some of the statements in the [edit routing-instances] hierarchy are valid. For the full hierarchy, see the JUNOS Internet Software Configuration Guide: Routing and Routing Protocols.

In addition to these statements, you must enable a signaling protocol, internal Border Gateway Protocol (IBGP) sessions between the PE routers, and an interior gateway protocol (IGP) on the PE and provider routers.

By default, Layer 3 VPNs are disabled.

Many of the configuration procedures for Layer 3 VPNs are common to all types of VPNs. These procedures are described in detail in Chapter 2, "VPN Configuration Guidelines," on page "VPN Configuration Guidelines" and include the following:

This chapter describes the following tasks that are specific to configuring Layer 3 VPNs:

For configuration examples, see Layer 3 VPN Configuration Examples and Layer 3 VPN Internet Access Examples.

[Contents] [Prev] [Next] [Index] [Report an Error]