Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

ON THIS PAGE

Junos Space Layer 3 Services Overview

 

To configure Layer 3 virtual private network (VPN) functionality, you must enable VPN support on the provider edge (PE) router. You must also configure any provider (P) routers that service the VPN, and you must configure the customer edge (CE) routers so that their routes are distributed into the VPN.

This topic covers:

Overview

RFC 4364 VPNs are also known as BGP/MPLS VPNs because BGP is used to distribute VPN routing information across the provider’s backbone, and MPLS is used to forward VPN traffic across the backbone to remote VPN sites.

Customer networks, because they are private, can use either public addresses or private addresses, as defined in RFC 1918, Address Allocation for Private Internets. When customer networks that use private addresses connect to the public Internet infrastructure, the private addresses might overlap with the same private addresses used by other network users. MPLS/BGP VPNs solve this problem by adding a VPN identifier prefix to each address from a particular VPN site, thereby creating an address that is unique both within the VPN and within the public Internet. In addition, each VPN has its own VPN-specific routing table that contains the routing information for that VPN only.

Junos Space Connectivity Services Director application enables you to provision IP full mesh services.

For more information about Layer 3 VPNs, see the Junos Software VPNs Configuration Guide.

Layer 3 VPN Platform Support

Layer 3 VPNs are supported on most combinations of Juniper Networks routing platforms and PICs that are capable of running the Junos Software.

MX Series routers configured in Ethernet services mode can support some of the Junos OS Layer 3 VPN features. For Layer 3 VPNs, Ethernet services mode supports configuring a loopback interface for a VPN routing and forwarding (VRF) instance. You can configure up to two VRF instances in Ethernet services mode. Each VRF instance can handle up to 10,000 routes, The ping mpls l3vpn operational mode command is also supported.

Layer 3 VPN Attributes

Connectivity Services Director application supports the following Layer 3 VPN attributes. For more information, see the Junos OS VPNs Configuration technical documentation.

  • Target VPN—Identifies a set of sites with a VPN to which a PE router distributes routes. This attributes is also called the route target. A PE egress router uses the route target to determine whether a received route is destined for a VPN that the router services.

  • Route distinguisher—a 6-byte number that you can specify using one of the following formats:

    • as-number:number, where as-number is an AS number (a 2-byte value) and number is any 4-byte value. The AS number can be in the range 1 through 65,535. We recommend that you use an Internet Assigned Numbers Authority (IANA)-assigned, nonprivate AS number, preferably the Internet service provider’s (ISP’s) own or the customer’s own AS number.

    • ip-address:number, where ip-address is an IP address (a 4-byte value) and number is any 2-byte value. The IP address can be any globally unique unicast address. We recommend that you use the address that you configure in the router-id statement, which is a nonprivate address in your assigned prefix range.

Device Configuration for a Layer 3 VPN

To implement Layer 3 VPNs in the JUNOS Software, you configure one routing instance for each VPN. You configure the routing instances on PE routers only. Each VPN routing instance consists of the following components:

  • VRF table—On each PE router, you configure one VRF table for each VPN.

  • Set of interfaces that use the VRF table—The logical interface to each directly connected CE router must be associated with a VRF table. You can associate more than one interface with the same VRF table if more than one CE router in a VPN is directly connected to the PE router.

  • Policy rules—These control the import of routes into and the export of routes from the VRF table.

  • One or more routing protocols that install routes from CE routers into the VRF table—You can use the BGP and OSPF routing protocols and static routes.

Related Documentation