Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring and Deploying a Layer 3 VPN Full-Mesh Service

    This example shows how to set up a simple full-mesh service provider VPN configuration, as shown in Figure 1.

    Figure 1: Simple Layer 3 VPN Full-Mesh Service

    Simple Layer 3 VPN Full-Mesh
Service

    Figure 2: Example of a Simple VPN Topology

    Example of a Simple VPN Topology

    This service provides connectivity for one VLAN, (VLAN ID = 600). Customer site A connects to the network through an N-PE device named SJC (IP address 1.1.1.1). Customer site B connects to the network through an N-PE device named SFO (IP address 1.1.1.2). Customer site C connects to the network through an N-PE device named BLR (IP address 1.1.1.3).

    Preparing Devices for Discovery

    Before you can add a device using device discovery, the following conditions must be met:

    • SSH v2 is enabled on the device. To enable SSH v2 on a device, issue the following CLI command:

      set system services ssh protocol-version v2
    • The NETCONF protocol over SSH is enabled on the device. To enable the NETCONF protocol over SSH on a device, issue the following CLI command:

      set system services netconf ssh
    • The device is configured with a static management IP address that is reachable from the Junos Space server. The IP address can be in-band or out-of-band.

    • A user with full administrative privileges is created on the device for the Junos Space administrator.

    • If you plan to use SNMP to probe devices as part of device discovery, ensure that SNMP is enabled on the device with appropriate read-only V1/V2C/V3 credentials.

    Discovering Devices

    Device discovery is a process that Junos Space uses to bring network devices under its control. This example brings two MX Series routers under Junos Space management.

    Note: Alternatively, you can import devices using the Connectivity Services Director GUI. See Discovering Devices in a Physical Network for instructions on discovering devices from Build mode of Connectivity Services Director.

    1. Log in to Junos Space using your credentials.
    2. From the Junos Space Network management Platform user interface, select Devices >Discover Devices > Discover Targets.
    3. In the Discover Targets window, click +.

      The Add Device Target window appears.

    4. Select IP range.
    5. Enter the IP address information. This example uses a range of three addresses.
    6. Click Add, and then click Next.
    7. In the Devices: Specify Probes window, select both Ping and SNMP as probes.
    8. Click Next.
    9. In the Devices: Specify Credentials window, click + and enter the device login credentials.
    10. Click Finish.

      Device discovery begins. It displays a graph showing the status of the discovery operation. Initially, three devices are discovered. When the Junos Space software has accessed all three devices and brought them under its management, all three devices move from the Discovered column of the graph to the Managed column.

    11. To check the results of the device discovery operation, select the Devices workspace again, then select Device Management. The Manage Devices page shows the added devices.
     

    See Also

     

    Preparing Devices for Prestaging

    Before prestaging devices for multipoint-to-multipoint services, the following entities must be configured:

    • MPLS must run on each N-PE device.

    • MPBGP must run on each N-PE device that you want to participate in a Layer 3 full mesh service.

    To satisfy the preceding criteria, ensure that the following configuration exists on each N-PE device:

    interfaces {
        ge-0/0/0 {
            unit 0 {
                family inet {
                    address 10.1.22.2/30;
                }
                family mpls;
            }
        }
    
        }
        lo0 {
            unit 0 {
                family inet {
                    address 192.168.1.30/32;
                }
            }           
        }
    
    }
    routing-options {
        autonomous-system 65410;
    }
    protocols {
        mpls {
            interface ge-0/0/0.0;
            interface lo0.0;
        }
        bgp {
            group IBGP {
                type internal;
                local-address 192.168.10.1;
                family inet-vpn {
    					 unicast; 
                }
                peer-as 65410;
                neighbor 192.168.10.4;
            }
        }
        ospf {
            traffic-engineering;
            area 0.0.0.0 {
                interface lo0.0 {
                    passive;
                }       
                interface ge-0/0/0.0;
        }
        ldp {
            interface ge-0/0/0.0;
            interface lo0.0;
        }
    }
    

    Discovering and Assigning N-PE Roles

    Before you can provision services, you must prestage the devices. prestaging includes assigning device roles and designating interfaces on those devices as UNIs. This example provides the steps to accept the recommendations of the Network Services application for N-PE devices and UNIs.

    1. From the View selector, select Service View. The workspaces that are applicable to routing and tunnel services are displayed.
    2. Click the Build icon in the Service View of the Connectivity Services Director banner. The functionalities that you can configure in this mode are displayed in the task pane.
    3. In the Network Services > Connectivity task pane, select Prestage Devices > Prestage Devices.

      View the values displayed under the Roles column of the discovered devices.

      This action launches the role discovery process in which the Network Services application examines the devices under Junos Space management looking for devices that match predefined rules that identify N-PE devices. In this example, the Role Discovery Status graph shows that the Network Services application has discovered two such devices.

    4. Click Manage Device Roles and from the drop-down list, select Discover Roles to retrieve the roles of the devices. A dialog box is displayed with the job ID of the discovery job that is created to obtain the latest roles of the devices.
    5. To view the assignment status, in the CSD Deployment Jobs window that you can access from Deploy mode of Service View by selecting View Deployment Jobs from the task pane, click the job ID of the assignment job.

      The Job Management page shows the progress and status of the role assignment job.

    6. To verify the result, in Build mode, select Prestage Devices > Manage Device Roles from the tasks pane.

      The Manage Device Roles window shows two devices that can be used for provisioning.

    7. To unassign a device from N-PE role assignment, click Manage Device Roles and from the drop-down list, select Unassign Role to remove the role capability of a network element. You are prompted to confirm the operation. If you click OK, a request is submitted to remove the latest role of the network element or device.

    Choosing or Creating a Service Definition

    A service definition provides a template upon which services are built. It specifies service attributes that are not specific to a service instance. In this example, the service definition provides all service attributes except the N-PE devices, the UNIs, and bandwidth.

    The Network Services application ships with standard service definitions. First, we check the standard service definitions to determine whether one already exists that will work.

    1. From the View selector, select Service View. The workspaces that are applicable to routing and tunnel services are displayed.
    2. Click the Build icon in the Service View of the Connectivity Services Director banner. The functionalities that you can configure in this mode are displayed in the task pane.
    3. In the Network Services > Connectivity task pane, select Service Design > Manage Service Definitions.

      The Manage Service Definitions page lists all service definitions in the system. In a new system, the page lists only predefined service definitions.

      This example requires a L3 VPN full mesh service definition with OSPF/Static routing to allow each PE router to distribute VPN-related routes to and from connected CE routers.

    4. In the Network Services > Connectivity task pane, select Service Design > Manage Service Definitions > New > L3VPN Service Definition.

      The General Settings window appears.

    5. In the name field, enter the name “l3vpn-ospf-static-full-mesh-sd” for the service definition.
    6. In the Service type field, select L3 VPN (Full Mesh).

      Note: This service definition does not include a service template definition for the service, so the Service Template Definition field is left blank.

    7. In the Connectivity Settings box, select Auto pick Route Distinguisher to allow the Network Services application to automatically select the route distinguisher.
    8. Click Next to save the General Settings step information.

      Continue with “Site Settings” next.

    9. In the VLAN ID selection field, select Select manually to have the service provisioner select a VLAN ID for the service.
    10. To enable the service provisioner to override this setting in a service order, select the Editable in service order check box.
    11. In the VLAN range for manual input, enter “500” and “700” for VLAN ID start and end values to restrict the range of VLANs to this pool.
    12. In the PE-CE Settings box, select the OSPF/Static Route radio button for Allowed Routing Protocols to use OSPF/Static to allow each PE router to distribute VPN-related routes to and from connected CE routers.
    13. Click Review to review and create the Layer 3 VPN service definition.
    14. To save and complete the service definition, click Finish.

      The Manage Service Definitions page includes the new service definition.

      You have created a customized Service Definition, but it has not yet been published. Before a service definition can be used in provisioning, it must be published.

    15. To publish the service definition, in the Manage Service Definitions page, select the vpls-dot1q-sd-1 service definition, and click the Publish Service Definition button.

      The Publish Service Definition window appears.

    16. To confirm that you want to publish this service definition, click Publish.

      In the Manage Service Definitions page, the State column changes to Published.

    The service definition is now ready for use in provisioning.

    Creating a Customer

    Before you can provision the service, customer details must be present in the Junos Space database. To add a customer:

    1. From the View selector, select Service View. The workspaces that are applicable to routing and tunnel services are displayed.
    2. Click the Build icon in the Service View of the Connectivity Services Director banner. The functionalities that you can configure in this mode are displayed in the task pane.
    3. In the Network Services > Connectivity task pane, select Service Provisioning > Manage Customers > Create Customer.
    4. In the Name field, enter Best Customer.
    5. In the Account number field, enter 1234.
    6. Click Create

    The Manage Customers window shows the new customer.

    Creating and Deploying a Layer 3 VPN Service Order

    Now that you have prestaged your devices, created a suitable service definition, and added the customer information to the database, you are ready to create and deploy a service order.

    1. From the View selector, select Service View. The workspaces that are applicable to routing and tunnel services are displayed.
    2. Click the Deploy icon in the Service View of the Connectivity Services Director banner. The functionalities that you can configure in this mode are displayed in the task pane.
    3. From the Service View pane, which is the left pane in the window, click the plus sign (+) next to Network Services > VPLS Services to expand the tree and display the different service types that you can configure.
    4. Select Deploy Services from the task pane. The right pane displays two pages. The Manage Network Services page is displayed in the upper half of the right pane. Selecting a service from this page causes the associated service orders for the selected service to be displayed in the Manage Service Orders page in the lower half of the right pane.
    5. Click the New icon at the top of the upper half of the page that displays previously created service orders. The Select Service Type dialog box appears.
    6. Select L3VPN to create a Layer 3 VPN service order.

      The General/Connectivity Settings panel appears initially in the right panel, as shown in the example.

    7. In the Create L3 VPN Service Order window, select the service definition named l3vpn-ospf-static-full-mesh-sd.

      This service definition is the customized service definition you created earlier.

    8. In the General Settings box of the Service Settings window, in the Name field, enter l3vpn_ospf_full_mesh_so.
    9. In the Customer field, select Best Customer.
    10. In the PE-CE Settings box, enter “1.1.1.1” as the OSPF domain ID.
    11. Click Next.
    12. In the Node Settings window, select BLR, SFO, and SJC as the endpoint devices.
    13. Click Next.
    14. In the Site Settings window, clear the Autopick VLAN ID check box (the default setting).
    15. In the VLAN ID field, enter “600”.
    16. In the Interface IP field, enter an IP address/subnet for the device, for example, 10.255.245.68/28.
    17. In the OSPF area ID field, enter an IP address for the OSPF area.
    18. Click Save.
    19. Repeat Step 10 through Step 12, for each endpoint device that you want to include in the service.
    20. Click Next. The Review page of the wizard is displayed.
    21. Click Done. The service order is created and listed in the Manage Service Orders page.
    22. You can schedule the deployment of the service order for a specific time, or deploy the service now. Select Deploy now and click OK to start the deployment.
    23. To monitor the progress and status of the deployment, in the Order Information window, click the job ID. The Job Management page shows the status of the job.
    24. When you see in the Job Management page that the deployment is successful, in the Network Services task pane, select the Service Provisioning > Manage Deploy Services.

      The Manage Network Services page shows the new Layer 3 VPN full mesh service.

    Performing a Functional Audit and a Configuration Audit

    Now that your new service is deployed, we recommend that you validate its configuration and functional integrity. A functional audit runs operational commands on the device to verify that the service is up or down. A configuration audit verifies whether the configuration that was pushed to the device during deployment is actually on the device.

    To perform a configuration audit and a functional audit of the service:

    1. From the View selector, select Service View. The workspaces that are applicable to routing and tunnel services are displayed.
    2. Click the Deploy icon in the Service View of the Connectivity Services Director banner. The functionalities that you can configure in this mode are displayed in the task pane.
    3. From the Service View pane, which is the left pane in the window, click the plus sign (+) next to Network Services > P2P Services to expand the tree and display the different service types that you can configure.
    4. Select Deploy Services from the task pane. The right pane displays two pages. The Manage Network Services page is displayed in the upper half of the right pane. Selecting a service from this page causes the associated service orders for the selected service to be displayed in the Manage Service Orders page in the lower half of the right pane.
    5. In the Manage Network Services page, select the service instance you just deployed.
    6. Select the service instance, and open the Actions menu and select Run Functional Audit.
    7. In the Schedule Functional Audit window, you can choose to perform the audit now or schedule it for later. Select Audit now, then click OK.
    8. In the Order Information screen, click OK.
    9. Select the service instance, and open the Audit menu and select Run Configuration Audit.
    10. In the Schedule Configuration Audit window, you can choose to perform the audit now or schedule it for later. Select Audit now, and then click OK.
    11. In the Order Information window, click OK.

      When the audit jobs have finished, success is indicated by an up arrow in the top right corner of the service.

    12. To view the functional audit results:
      1. From the View selector, select Service View. The workspaces that are applicable to routing and tunnel services are displayed.
      2. Click the Build icon in the Service View of the Connectivity Services Director banner. The functionalities that you can configure in this mode are displayed in the task pane.
      3. From the Network Services > Connectivity > L3VPN Services View pane, select the l3vpn_ospf_full_mesh_so service instance.
      4. In the tasks pane, select Audit/Results > Functional Audit.
      5. In the Functional Audit Results window, select each device to view the results.
    13. To view the results of the configuration audit:
      1. From the View selector, select Service View. The workspaces that are applicable to routing and tunnel services are displayed.
      2. Click the Build icon in the Service View of the Connectivity Services Director banner. The functionalities that you can configure in this mode are displayed in the task pane.
      3. From the Network Services > Connectivity > L3VPN Services View pane, select the l3vpn_ospf_full_mesh_so service instance.
      4. In the tasks pane, select Audit/Results > Configuration Audit.
      5. In the Configuration Audit Results window, select each device in turn and review the results. This report indicates any part of the service configuration that is missing on the device, or is inconsistent with the Junos Space database.

    Following a successful audit, the service is deployed and ready to be used.

    Modified: 2016-07-07