Configuring an MPLS-Based VLAN CCC Using a Layer 2 VPN (CLI Procedure)

You can use configure an 802.1Q VLAN as an MPLS-based Layer 2 virtual private network (VPN) using EX8200 switches to interconnect multiple customer sites with Layer 2 technology.

This topic describes configuring provider edge (PE) switches in an MPLS network using a circuit cross-connect (CCC) on a tagged VLAN interface (802.1Q VLAN) rather than a simple interface.

Note: You do not need to make any changes to existing provider switches in your MPLS network to support this type of configuration. For information on configuring provider switches, see Configuring MPLS on Provider Switches (CLI Procedure).

Note: You can send any kind of traffic over a CCC, including nonstandard bridge protocol data units (BPDUs) generated by other vendors’ equipment.

To configure a PE switch with a VLAN CCC and an MPLS-based Layer 2 VPN:

1. Configure OSPF (or IS-IS) on the loopback (or switch address) and core interfaces:
   [edit protocols]
user@switch# set ospf area 0.0.0.0 interface lo0.0
user@switch# set ospf area 0.0.0.0 interface interface-name
user@switch# set ospf area 0.0.0.0 interface interface-name
user@switch# set ospf area 0.0.0.0 interface interface-name

2. Enable traffic engineering for the routing protocol:
   [edit protocols]
user@switch# set ospf traffic-engineering

3. Configure an IP address for the loopback interface and for the core interfaces:
   [edit]
user@switch# set interfaces lo0 unit logical-unit-number family inet address address
user@switch# set interfaces interface-name unit logical-unit-number family inet address address
user@switch# set interfaces interface-name unit logical-unit-number family inet address address
user@switch# set interfaces interface-name unit logical-unit-number family inet address address

   
   
4. Enable the MPLS protocol with cspf disabled:

   Note: CSPF is a shortest-path-first algorithm that has been modified to take into account specific restrictions when the shortest path across the network is calculated. You need to disable CSPF for link protection to function properly on interarea paths.

   [edit protocols]
user@switch# set mpls no-cspf
5. Define the label switched path (LSP):
   [edit protocols]
user@switch# set mpls label-switched-path lsp_name to address


   Tip: You will need to use the specified LSP name again when configuring the CCC.

6. Configure MPLS on the core interfaces:
   [edit protocols]
user@switch# set mpls interface interface-name
user@switch# set mpls interface interface-name
user@switch# set mpls interface interface-name

7. Configure RSVP on the loopback interface and the core interfaces:
   [edit protocols]
user@switch# set rsvp interface lo0.0
user@switch# set rsvp interface interface-name
user@switch# set rsvp interface interface-name
user@switch# set rsvp interface interface-name

8. Configure family mpls on the logical units of the core interfaces:
   [edit]
user@switch# set interfaces interface-name unit logical-unit-number family mpls
user@switch# set interfaces interface-name unit logical-unit-number family mpls
user@switch# set interfaces interface-name unit logical-unit-number family mpls

   
   

   Note: You can enable family mpls on either individual interfaces or aggregated Ethernet interfaces. You cannot enable it on tagged VLAN interfaces.

9. Enable VLAN tagging on the customer edge interface of the local PE switch:
   [edit]
user@switch# set interfaces interface-name vlan-tagging
10. Configure the customer edge interface to use encapsulation vlan-ccc:
    [edit]
user@switch# set interfaces interface-name encapsulation vlan-ccc
11. Configure the logical unit of the customer edge interface with a VLAN ID:

    Note: The VLAN ID cannot be configured on logical interface unit 0. The logical unit number must be 1 or higher. The same VLAN ID must be used when configuring the customer edge interface on the other PE switch.

    [edit ]
user@switch# set interfaces interface-name logical-unit-numbervlan-id vlan-id
12. Configure BGP, specifying the loopback address as the local address and enabling family l2vpn signaling:
    [edit protocols bgp]
user@switchPE1# set local-address address family l2vpn signaling
13. Configure the BGP group, specifying the group name and type:
    [edit protocols bgp]
user@switchPE1# set group ibgp type internal
14. Configure the BGP neighbor, specifying the loopback address of the remote PE switch as the neighbor’s address:
    [edit protocols bgp]
user@switchPE1# set neighbor address
15. Configure the routing instance, specifying the routing-instance name and using l2vpn as the instance type:
    [edit routing-instances]
user@switchPE1# set routing-instance-name instance-type l2vpn
16. Configure the routing instance to apply to the customer edge interface:
    [edit routing-instances]
user@switchPE1# set routing-instance-name interface interface-name
17. Configure the routing instance to use a route distinguisher:
    [edit routing-instances]
user@switchPE1# set routing-instance-name route-distinguisher address
18. Configure the VPN routing and forwarding (VRF) target of the routing instance:
    [edit routing-instances]
user@switchPE1# set routing-instance-name vrf-target community

    Note: You can create more complex policies by explicitly configuring VRF import and export policies using the import and export options. See the Junos OS VPNs Configuration Guide.

19. Configure the protocols and encapsulation type used by the routing instance:
    [edit routing-instances]
user@switchPE1# set routing-instance-name protocols l2vpn encapsulation-type ethernet-vlan
20. Apply the routing instance to a customer edge interface and specify a description for it:
    [edit routing-instances]
user@switchPE1# set routing-instance-name protocols interface interface-name description description
21. Configure the routing-instance protocols site:
    [edit routing-instances]
user@switchPE1# set routing-instance-name protocols l2vpn site site-name site-identifier identifier remote-site-id identifier

    Note: The remote site ID (configured with the remote-site-id statement) corresponds to the site ID (configured with the site-identifier statement) configured on the other PE switch.

When you have completed configuring one PE switch, follow the same procedures to configure the other PE switch.

Note: You must use the same type of switch for the other PE switch. You cannot use an EX8200 as one PE switch and use an EX3200 or EX4200 as the other PE switch.