Configuring an MPLS-Based Layer 2 VPN (CLI Procedure)
You can configure MPLS-based Layer 2 virtual private networks (VPNs) on EX8200 and EX4500 switches. Some benefits of a Layer 2 VPN are that it is private, secure and flexible. To configure Layer 2 VPN functionality in your MPLS network, you must configure Layer 2 VPN components on the local and remote provider edge (PE) switches.
This topic shows how to add Layer 2 VPN components to a CCC configured on a simple interface. For information on combining Layer 2 VPN components with a tagged VLAN CCC, see Configuring an MPLS-Based VLAN CCC Using a Layer 2 VPN (CLI Procedure) .
Before you configure the Layer 2 VPN components, you must configure the basic components for an MPLS network:
Configure two PE switches. See Configuring MPLS on Provider Edge EX8200 and EX4500 Switches Using Circuit Cross-Connect (CLI Procedure).
Configure one or more provider switches. See Configuring MPLS on EX8200 and EX4500 Provider Switches (CLI Procedure).
A Layer 2 VPN requires that the PE switches be configured using a circuit cross-connect (CCC).
Configure the Layer 2 VPN components on both PE switches. This procedure describes how to configure one PE switch. Repeat the procedure to configure the remote PE switch.
To configure Layer 2 VPN components on the PE switch:
- Configure the customer edge interface to use the physical
encapsulation type ethernet-ccc:
The customer edge interface is a simple interface.
user@switch# set interfaces interface-name encapsulation ethernet-ccc
- Configure BGP, specifying the loopback address of this
PE switch as the local address and specifying family l2vpn signaling:
[edit protocols bgp]
user@switch# set local-address address family l2vpn signaling
- Configure the BGP group, specifying the group name and type internal:
- Configure the BGP neighbor, specifying the loopback address
of the remote PE switch as the neighbor’s address:
[edit protocols bgp]
user@switch# set neighbor address
- Configure the routing instance, specifying the routing-instance
name and using l2vpn as the instance type:
user@switch# set routing-instance-name instance-type l2vpn
- Configure the routing instance to apply to the customer
user@switch# set routing-instances routing-instance-name interface interface-name
- Configure the routing instance to use a route distinguisher:
Each routing instance that you configure on a PE switch must have a unique route distinguisher associated with it. VPN routing instances musthave a route distinguisher to allow BGP to distinguish between potentially identical network layer reachability information (NLRI) messages received from different VPNs. If you configure different VPN routing instances with the same route distinguisher, the commit fails.
user@switch# set routing-instances routing-instance-name route-distinguisher ip-address:number
- Configure the VPN routing and forwarding (VRF) target
of the routing instance:
user@switch# set routing-instance-name vrf-target community
If you configure the community option only, default VRF import and export policies are generated that accept and tag routes with the specified target community. You can create more complex policies by explicitly configuring VRF import and export policies using the import and export options. See the Junos OS VPNs Configuration Guide.
- Configure the protocols and encapsulation type used by the routing instance:
- Apply the routing instance to a customer edge interface
and specify a description for it:
user@switch# set routing-instance-name protocols interface interface-name description text
- Configure the routing instance protocols site:
The remote site ID (configured with the remote-site-id statement) corresponds to the site ID (configured with the site-identifier statement) configured on the other PE switch.