The VPN aggregation feature uses VPN routing and forwarding
(VRF) so users on one VPN can call users on another VPN. For example,
in Figure 22, users in
VPN B can call users in VPN A and VPN C.
Figure 22: VPN Aggregation
in a VoIP Network
VPN aggregation provides the following benefits:
Provides a scalable way to configure VRFs in a mesh-like
configuration that uses only one logical service interface for each
VRF.
Reduces the number of service sets that you need because
you can add all of your logical service interfaces to a pool of interfaces,
and then assign the entire pool of interfaces to a service set.
Configurations are inline so, when you provision the service
set for VRFs, you can seamlessly tie the service into the BGF service
without the need for additional configuration states.
Uses the router’s native support for VRFs and VPNs,
which omits the need for an external element that terminates the VRFs
and replaces them with the VLAN tags required to support VoIP media
handling.
How VPN Aggregation Works
VPN aggregation uses the virtual interface configurations as
shown in Figure 23 to
route traffic from users in one VPN to users in another VPN.
Figure 23: Overview of
VPN Aggregation Configuration
The VPN aggregation configuration consists of:
VRFs—One for each VPN. The VRF is required to create
a layer 3 VPN. The VRF must have the instance type of VRF, a logical
service interface, a route distinguisher, and VRF import and export
policies.
Pool of logical service interfaces—One pool that
contains all service interfaces that are configured in your VRF routing
instances. Instead of explicit inside and outside service interfaces,
all of the interfaces in the pool can be both inside and outside service
interfaces.
Service Set—One service set that has a next-hop
service set to the pool of logical service interfaces and that contains
a PGCP rule. The service set links the VRFs to the PGCP service.
Virtual interface—One for each VRF routing instance.
The virtual interface configuration establishes the relationship between
the following parts of the configuration:
NAT pool (the media service contains the NAT pool)
VRF routing instance to which the NAT routes are added
The service interface
When a gate is established, the pgcpd process uses the virtual
interface information in the termination ID to determine the ingress
and egress virtual interfaces for the gate. In turn, the virtual interface
configuration maps to the VRF, NAT pool, and service interface.
The termination IDs of the caller and the call recipient contain
the virtual interface ID. For example, in Figure 23 termination ID ip/4/vif-1/1
matches virtual interface vif-1, which is mapped through the configuration
to routing instance vrf1.
