Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring the MX Series Router in the Contrail Cloud Platform for a Centralized Deployment

    Before you configure the MX Series router, complete any basic setup procedures and install the correct Junos OS software release on the switch.

    To configure the MX Series router:

    1. Configure interfaces, IP addresses, and basic routing settings. For example:
      user@router# set interfaces ge-1/0/0 unit 0 family inet address 10.87.24.77/28
      user@router# set interfaces lo0 unit 0 family inet address 172.16.100.1/32
      user@router# set routing-options route-distinguisher-id 172.16.100.1
      user@router# set routing-options autonomous-system 64512
      user@router# set protocols ospf area 0.0.0.0 interface lo0.0
      user@router# set interfaces ge-1/0/0 unit 0 family inet service input service-set s1 service-filter ingress-1
      user@router# set interfaces ge-1/0/0 unit 0 family inet service output service-set s1 service-filter ingress-1
    2. Configure the interfaces that connect to the QFX Series switch. For example:
      user@router# set chassis aggregated-devices ethernet device-count 2
      user@router# set interfaces xe-0/0/0 gigether-options 802.3ad ae0
      user@router# set interfaces xe-0/0/1 gigether-options 802.3ad ae0
      user@router# set interfaces ae0 aggregated-ether-options lacp periodic fast
      user@router# set interfaces ae0 unit 0 family inet service input service-set s1 service-filter ingress-1
      user@router# set interfaces ae0 unit 0 family inet service output service-set s1 service-filter ingress-1
      user@router# set interfaces ae0 unit 0 family inet address 172.16.10.254/24
      user@router# set protocols ospf area 0.0.0.0 interface ae0.0
    3. Configure BGP and tunneling for the service provider’s cloud. For example:
      user@router# set chassis fpc 0 pic 0 tunnel-services
      user@router# set chassis fpc 0 pic 0 inline-services bandwidth 1g
      user@router# set routing-options dynamic-tunnels dynamic_overlay_tunnels source-address 172.16.100.1
      user@router# set routing-options dynamic-tunnels dynamic_overlay_tunnels gre
      user@router# set routing-options dynamic-tunnels dynamic_overlay_tunnels destination-networks 172.16.80.0/24
      user@router# set protocols mpls interface all
      user@router# set protocols bgp group Contrail_Controller type internal
      user@router# set protocols bgp group Contrail_Controller local-address 172.16.100.1
      user@router# set protocols bgp group Contrail_Controller keep all
      user@router# set protocols bgp group Contrail_Controller family inet-vpn unicast
      user@router# set protocols bgp group Contrail_Controller neighbor 172.16.80.2
      user@router# set protocols bgp group Contrail_Controller neighbor 172.16.80.3
      user@router# set protocols ospf export leak-default-only
    4. Set up routing. For example:
      user@router# set routing-options static rib-group inet-to-public
      user@router# set routing-options static route 0.0.0.0/0 next-hop 10.87.24.78
      user@router# set routing-options static route 0.0.0.0/0 retain
      user@router# set routing-options static route 10.87.24.64/26 next-table public.inet.0
      user@router# set routing-options rib-groups inet-to-public import-rib inet.0
      user@router# set routing-options rib-groups inet-to-public import-rib public.inet.0
      user@router# set routing-options rib-groups inet-to-public import-policy leak-default-only
      user@router# set policy-options policy-statement leak-default-only term default from route-filter 0.0.0.0/0 exact
      user@router# set policy-options policy-statement leak-default-only term default then accept
      user@router# set policy-options policy-statement leak-default-only then reject
      user@router# set routing-instances public instance-type vrf
      user@router# set routing-instances public interface lo0.10
      user@router# set routing-instances public vrf-target target:64512:10000
      user@router# set routing-instances public vrf-table-label
      user@router# set routing-instances public routing-options static route 10.87.24.64/26 discard
    5. Configure NAT. For example:
      user@router# set services service-set s1 nat-rules rule-napt-zone
      user@router# set services service-set s1 interface-service service-interface si-0/0/0.0
      user@router# set services nat pool contrailui address 10.87.24.81/32
      user@router# set services nat pool openstack address 10.87.24.82/32
      user@router# set services nat pool jumphost address 10.87.24.83/32
      user@router# set services nat rule rule-napt-zone term t1 from source-address 172.16.80.2/32
      user@router# set services nat rule rule-napt-zone term t1 then translated source-pool openstack
      user@router# set services nat rule rule-napt-zone term t1 then translated translation-type basic-nat44
      user@router# set services nat rule rule-napt-zone term t2 from source-address 172.16.80.4/32
      user@router# set services nat rule rule-napt-zone term t2 then translated source-pool contrailui
      user@router# set services nat rule rule-napt-zone term t2 then translated translation-type basic-nat44
      user@router# set services nat rule rule-napt-zone term t3 from source-address 172.16.70.1/32
      user@router# set services nat rule rule-napt-zone term t3 then translated source-pool jumphost
      user@router# set services nat rule rule-napt-zone term t3 then translated translation-type basic-nat44
      user@router# set firewall family inet service-filter ingress-1 term t1 from source-address 172.16.80.2/32
      user@router# set firewall family inet service-filter ingress-1 term t1 from protocol tcp
      user@router# set firewall family inet service-filter ingress-1 term t1 from destination-port-except 179
      user@router# set firewall family inet service-filter ingress-1 term t1 then service
      user@router# set firewall family inet service-filter ingress-1 term t2 from source-address 172.16.80.4/32
      user@router# set firewall family inet service-filter ingress-1 term t2 then service
      user@router# set firewall family inet service-filter ingress-1 term t3 from source-address 172.16.70.1/32
      user@router# set firewall family inet service-filter ingress-1 term t3 then service
      user@router# set firewall family inet service-filter ingress-1 term end then skip

    Modified: 2017-02-05