Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring and Deploying a Layer 3 VPN Full-Mesh Service

 

This example shows how to set up a simple full-mesh service provider VPN configuration, as shown in Figure 1.

Figure 1: Simple Layer 3 VPN Full-Mesh Service
Simple Layer 3 VPN Full-Mesh
Service

This service provides connectivity for one VLAN, (VLAN ID = 600). Customer site A connects to the network through an N-PE device named SJC. Customer site B connects to the network through an N-PE device named SFO. Customer site C connects to the network through an N-PE device named BLR.

Preparing Devices for Discovery

Before you can add a device using device discovery, the following conditions must be met:

  • SSH v2 is enabled on the device. To enable SSH v2 on a device, issue the following CLI command:

    set system services ssh protocol-version v2
  • The NETCONF protocol over SSH is enabled on the device. To enable the NETCONF protocol over SSH on a device, issue the following CLI command:

    set system services netconf ssh
  • The device is configured with a static management IP address that is reachable from the Junos Space server. The IP address can be in-band or out-of-band.

  • A user with full administrative privileges is created on the device for the Junos Space administrator.

  • If you plan to use SNMP to probe devices as part of device discovery, ensure that SNMP is enabled on the device with appropriate read-only V1/V2C/V3 credentials.

Discovering Devices

Device discovery is a process that Junos Space uses to bring network devices under its control. This example brings two MX Series routers under Junos Space management.

  1. Log in to Junos Space using your credentials.
  2. In the Network Activate task pane, select Devices >Discover Devices > Discover Targets.
  3. In the Discover Targets page, click +.

    The Add Device Target page appears.

  4. Select IP range.
  5. Enter the IP address information. This example uses a range of three addresses.

  6. Click Add, and then click Next.
  7. In the Devices: Specify Probes page, select both Ping and SNMP as probes.
  8. Click Next.
  9. In the Devices: Specify Credentials page, click + and enter the device login credentials.
  10. Click Finish.

    Device discovery begins. It displays a graph showing the status of the discovery operation. Initially, three devices are discovered. When the Junos Space software has accessed all three devices and brought them under its management, all three devices move from the Discovered column of the graph to the Managed column.

  11. To check the results of the device discovery operation, select the Devices workspace again, then select Device Management. The Manage Devices page shows the added devices.

See also

Preparing Devices for Prestaging

Before prestaging devices for multipoint-to-multipoint services, the following entities must be configured:

  • MPLS must run on each N-PE device.

  • MPBGP must run on each N-PE device that you want to participate in a Layer 3 full mesh service.

To satisfy the preceding criteria, ensure that the following configuration exists on each N-PE device:

Discovering and Assigning N-PE Roles

Before you can provision services, you must prestage the devices. prestaging includes assigning device roles and designating interfaces on those devices as UNIs. This example provides the steps to accept the recommendations of the Network Activate software for N-PE devices and UNIs.

  1. In the Network Activate task pane, select Prestage Devices > Manage Device Roles > Discover Roles.

    This action launches the role discovery process in which the Network Activate software examines the devices under Junos Space management looking for devices that match predefined rules that identify N-PE devices. The Role Discovery Status graph shows that, in this case, the Network Activate software has discovered three such devices.

  2. In the Assign Roles page, switch to multiple selection mode and select both N-PE devices.
  3. Open the Actions menu and select Assign NPE role.
  4. In the Assign NPE page, click Assign to confirm the assignment.
  5. To view the assignment status, in the Job Management page, click the job ID of the assignment job.

    The Job Management page shows the progress and status of the role assignment job.

  6. To verify the result, in the Network Activate task pane, select Prestage Devices > Manage Device Roles.

    The Manage Device Roles page shows three devices that can be used for provisioning.

Choosing or Creating a Service Definition

A service definition provides a template upon which services are built. It specifies service attributes that are not specific to a service instance. In this example, the service definition provides all service attributes except the N-PE devices, the UNIs, and bandwidth.

The Network Activate software ships with standard service definitions. First, we check the standard service definitions to determine whether one already exists that will work.

  1. In the Network Activate task Pane, select Service Design > Manage Service Definitions.

    The Manage Service Definitions page lists all service definitions in the system. In a new system, the page lists only predefined service definitions.

    This example requires a L3 VPN full mesh service definition with OSPF/Static routing to allow each PE router to distribute VPN-related routes to and from connected CE routers.

  2. In the Network Activate task pane, select Service Design > Manage Service Definitions > Create L3 VPN Service Definition.

    The General page appears.

  3. In the name field, enter the name “l3vpn-ospf-static-full-mesh-sd” for the service definition.
  4. In the Service type field, select L3 VPN (Full Mesh).Note

    This service definition does not include a service template definition for the service, so the Service Template Definition field is left blank.

  5. Click Next to save the General step information.

    Continue with “UNI Settings” next.

  6. In the VLAN ID selection field, select Select manually to have the service provisioner select a VLAN ID for the service.
  7. To enable the service provisioner to override this setting in a service order, select the Editable in service order check box.
  8. In the VLAN range for manual input, enter “500” and “700” for VLAN ID start and end values to restrict the range of VLANs to this pool.
  9. Click Next to save the UNI settings.

    Continue with “Connectivity” next.

  10. In the PE-Core Settings box, select Auto pick to allow the Network Activate software to automatically select the route distinguisher.
  11. In the PE-CE Settings box, select the OSPF/Static Route radio button for Allowed Routing Protocols to use OSPF/Static to allow each PE router to distribute VPN-related routes to and from connected CE routers.
  12. Click Finish to save and create the Layer 3 VPN service definition.
  13. To save and complete the service definition, click Finish.

    The Manage Service Definitions page includes the new service definition.

    You have created a customized Service Definition, but it has not yet been published. Before a service definition can be used in provisioning, it must be published.

  14. To publish the service definition, in the Manage Service Definitions page, select the vpls-dot1q-sd-1 service definition, and then in the Actions menu, select Publish Service Definition.

    The Publish Service Definition page appears.

  15. To confirm that you want to publish this service definition, click Publish.

    In the Manage Service Definitions page, the State column changes to Published.

The service definition is now ready for use in provisioning.

Creating a Customer

Before you can provision the service, customer details must be present in the Junos Space data base. To add a customer:

  1. In the Network Activate task pane, select Service Provisioning > Manage Customers > Create Customer.
  2. In the Name field, enter Best Customer.
  3. In the Account number field, enter 1234.
  4. Click Create

The Manage Customers page shows the new customer.

Creating and Deploying a Layer 3 VPN Service Order

Now that you have prestaged your devices, created a suitable service definition, and added the customer information to the database, you are ready to create and deploy a service order.

  1. In the Network Activate task pane, select Service Provisioning > Manage Service Orders > Create L3 VPN Service Order.
  2. In the Create L3 VPN Service Order page, select the service definition named l3vpn-ospf-static-full-mesh-sd.

    This service definition is the customized service definition you created earlier.

  3. Click Next.
  4. In the General Settings box of the Enter Order page, in the Name field, enter l3vpn_ospf_full_mesh_so.
  5. In the Customer field, select Best Customer.
  6. In the VPN Settings box of the Enter Order Information page, select the Apply to All check box.
  7. In the VLAN ID field, enter “600”.
  8. Click Next.
  9. In the Select Endpoint PE Devices page, select BLR, SFO, and SJC.
  10. In the Endpoint Settings page, in the Interface IP field, enter an IP address/subnet for the device, for example, 10.255.245.68/28.
  11. In the Endpoint Settings page, in the OSPF area ID field, enter an IP address for the OSPF area.
  12. Click Save.
  13. Repeat Step 10 through Step 12, for each endpoint device that you want to include in the service.
  14. In the Endpoint Settings page, click Next to accept the system-selected endpoints.
  15. Click Create to display the Deployment Options page where you can save the service order to deploy it later, schedule the deployment for a specific time, or deploy the service now. Select Deploy now and click OK to start the deployment.
  16. To monitor the progress and status of the deployment, in the Order Information page, click the job ID. The Job Management page shows the status of the job.
  17. When you see in the Job Management page that the deployment is successful, in the Network Activate task pane, select the Service Provisioning > Manage Services.

    The Manage Services page shows the new Layer 3 VPN full mesh service.

Performing a Functional Audit and a Configuration Audit

Now that your new service is deployed, we recommend that you validate its configuration and functional integrity. A functional audit runs operational commands on the device to verify that the service is up or down. A configuration audit verifies whether the configuration that was pushed to the device during deployment is actually on the device.

To perform a configuration audit and a functional audit of the service:

  1. In the Manage Services page, select the service instance you just deployed.
  2. Right-click or open the Actions menu and select Perform Functional Audit.
  3. In the Schedule Functional Audit page, you can choose to perform the audit now or schedule it for later. Select Audit now, and then click OK.
  4. In the Order Information page, click OK.
  5. Right-click or open the Actions menu and select Perform Configuration Audit.
  6. In the Schedule Configuration Audit page, you can choose to perform the audit now or schedule it for later. Select Audit now, and then click OK.
  7. In the Order Information page, click OK.
  8. When the audit jobs have finished, success is indicated by an up arrow in the top right corner of the Manage Services page.

    To view the functional audit results:

    1. In the Manage Services page, select the l3vpn_ospf_full_mesh_so service instance.
    2. Right-click or open the Actions menu and select View Functional Audit Results.
    3. In the Functional Audit Results page, select each device to view the results.

    To view the results of the configuration audit:

    1. Right-click or open the Actions menu and select View Configuration Audit Results.
    2. In the Configuration Audit Results page, select each device in turn and review the results. This report indicates any part of the service configuration that is missing on the device, or inconsistent with the Junos Space database.

Following a successful audit, the service is deployed and ready to be used.