Example: Using a Source Address to Demultiplex Traffic

This example illustrates how you can use static subscriber interfaces to differentiate traffic for VPN access, based on the traffic’s source address.

Requirements

This example uses the following software and hardware components:

Overview

Figure 8 shows how you can use static subscriber interfaces to differentiate traffic for VPN access, based on the traffic’s source address.

Figure 8: Subscriber Interfaces Using a Source Address to Demultiplex Traffic

Subscriber Interfaces Using a Source
Address to Demultiplex Traffic

Using a Source Address to Demultiplex Traffic

To configure the static subscriber interfaces shown in Figure 8, perform the following steps:

  1. Configure a primary IP interface on a supported layer 2 interface.
    1. Create a layer 2 interface.
      host1(config)#interface fastEthernet 4/1
    2. Create a primary IP interface.
      host1(config-if)#ip address 10.1.1.1 255.255.255.0
    3. Exit Interface Configuration mode.
      host1(config-if)#exit
  2. Configure subscriber interface IP1.
    1. Create the shared IP interface.
      host1(config)#virtual-router vra
      Proceed with new virtual-router creation? [confirm] yes
      host1:vra(config)#interface ip ip1

      Use the specified name to refer to the shared IP interface; you cannot use the layer 2 interface to refer to the shared IP interface, because the shared interface can be moved.

      Use the no version to delete the IP interface.

    2. Associate the shared IP interface with the layer 2 interface by using one of the following methods:
      • Static
        host1:vra(config-if)#ip share-interface fastEthernet 4/1

        If you issue this command on a shared IP interface, you cannot issue the ip share-nexthop command for the interface.

        After creating the shared IP interface, you can configure it as you do any other IP interface. The shared interface is operationally up when the layer 2 interface is operationally up and IP is properly configured. You can create operational shared IP interfaces in the absence of a primary IP interface.

        Use the no version to remove the association between the layer 2 interface and the shared IP interface. You can delete shared and primary IP interfaces independently.

      • Dynamic
        host1:vra(config-if)#ip share-nexthop 10.1.1.2

        You can use this command to specify that the shared IP interface dynamically tracks a next hop. If the next hop changes, the shared IP interface moves to the new layer 2 interface associated with the IP interface toward the new next hop.

        If you issue this command on a shared IP interface, you cannot issue the ip share-interface command for the interface. If you issue this command on a shared IP interface, the shared interface cannot dynamically track the next hop for the specified destination if the next-hop IP address is resolvable over MPLS. If you specify a virtual router, the command fails if the VR does not already exist. If you do not specify a VR, the current VR is assumed.

        After creating the shared IP interface, you can configure it as you do any other IP interface. The shared interface is operationally up when the layer 2 interface associated with the specified next hop is operationally up and IP is properly configured.

        Use the no version to halt tracking of the next hop.

    3. To fully configure the shared interface, assign an address or make it unnumbered.
      host1:vra(config-if)#ip unnumbered loopback 0
    4. Specify the source addresses for the subscriber interface to use to demultiplex traffic, then exit Interface Configuration mode.
      host1:vra(config-if)#ip source-prefix 10.10.3.0 255.255.255.0 host1:vra(config-if)#exit

      On the ERX1440 router or the E320 router, you can configure up to 1024 subnets for static subscriber interfaces per primary IP interface when each subnet has a variable network mask that is less than /32. The number of subnets identifying a single route (/32) is still limited by the global maximum of 16,000 hosts per line module.

      Use the no version to remove the association between the interface and the specified IP source address and mask.

  3. Create a static route that sends traffic for destination address 10.10.3.0 to subscriber interface IP1.
    host1:vra(config)#ip route 10.10.3.0 255.255.255.0 ip ip1
  4. Repeat Step 2 to configure subscriber interface IP2.
    host1(config)#virtual-router vrb
    Proceed with new virtual-router creation? [confirm] yes
    host1:vrb(config)#interface ip ip2
    host1:vrb(config-if)#ip share-interface fastEthernet 4/1
    host1:vrb(config-if)#ip unnumbered loopback 0
    host1:vrb(config-if)#ip source-prefix 10.10.4.0 255.255.255.0
    host1:vrb(config-if)#exit
  5. Create a static route that sends traffic for destination address 10.10.4.0 to subscriber interface IP2.
    host1:vrb(config)#ip route 10.10.4.0 255.255.255.0 ip ip2
  6. Specify that DHCP relay does not install host routes—this avoids a conflict that can causes undesirable ARP behavior.
    host1(config)#set dhcp relay inhibit-access-route-creation

    For details about the cause of this conflict and the use of the set dhcp relay inhibit-access-route-creation command to avoid the conflict, see Configuring DHCP Relay Proxy.