Layer 3 VPN Internet Access Examples

JUNOS software supports Internet access from a Layer 3 virtual private network (VPN). This chapter provides examples that demonstrate how to configure a provider edge (PE) router to provide Internet access to customer edge (CE) routers in a VPN. The method you use depends on the needs and specifications of the individual network. To provide Internet access through a Layer 3 VPN, you need to configure policies on the PE router. You also need to configure the next-table keyword at the [edit routing-instances routing-instance-name routing-options static route] hierarchy level. When configured, this statement can point a default route from the VPN table (routing instance) to the main routing table (default instance) inet.0. The main routing table stores all Internet routes and is where final route resolution occurs.

There are several ways to configure a PE router to provide CE routers access to the Internet. These types of access are described in the following sections:

• Non-VRF Internet Access—Internet and VPN access are separate. The CE routers access the Internet independently of the PE routers.
• Distributed Internet Access—The PE router provides Internet access to the CE routers. Internet route information is stored in the PE router's main routing table.
• Centralized Internet Access—Some of the CE routers are specially configured to provide Internet access to the other CE routers within the VPN.