Configuring Layer 3 VPNs

[Contents] [Prev] [Next] [Index] [Report an Error]

To configure Layer 3 virtual private network (VPN) functionality, you must enable VPN support on the provider edge (PE) router. You must also configure any provider (P) routers that service the VPN, and you must configure the customer edge (CE) routers so that their routes are distributed into the VPN.

To configure Layer 3 VPNs, you include the following statements:




description text;

instance-type vrf;

interface interface-name;

route-distinguisher (as-number:id | ip-address:id);

vrf-export [ policy-names  ];

vrf-import [ policy-names ];

vrf-target (community | export community-name | import community-name);

vrf-table-label;
protocols {


bgp {


group group-name {
peer-as as-number;
neighbor ip-address;
}



multihop ttl-value;
}




(ospf | ospf3) {


area area {
interface interface-name;
}



domain-id domain-id;

domain-vpn-tag number;



sham-link  {
local address;
}



sham-link-remote address <metric number>;
}




pim {
vpn-group-address address;
}




rip {

rip-configuration;
}


}
routing-options {


autonomous-system autonomous-system {
independent-domain;
loops number;
}




forwarding-table {
export [ policy-names ];
}




interface-routes {
rib-group group-name ;
}




martians {

destination-prefix match-type <allow>; 
}





maximum-paths {

path-limit;
log-interval interval;
log-only;
threshold percentage;
}





maximum-prefixes {

prefix-limit;
log-interval interval;
log-only;
threshold percentage;
}





multipath {
vpn-unequal-cost;
}




options {
syslog (level level | upto level);
}




rib routing-table-name {


martians {
destination-prefix match-type <allow>; 
}





multipath {
vpn-unequal-cost;
}




static {


defaults {

static-options;
}




route destination-prefix {
next-hop [next-hops]; 

static-options; 
}


}


}


}
router-id address;
static {


defaults {

static-options;
}




route destination-prefix {
policy [ policy-names ];

static-options;
}


}

You can include these statements at the following hierarchy levels:

[edit routing-instances routing-instance-name]
[edit logical-systems logical-system-name routing-instances routing-instance-name]

For Layer 3 VPNs, only some of the statements in the [edit routing-instances] hierarchy are valid. For the full hierarchy, see the JUNOS Routing Protocols Configuration Guide.

In addition to these statements, you must enable a signaling protocol, internal BGP (IBGP) sessions between the PE routers, and an interior gateway protocol (IGP) on the PE and P routers.

By default, Layer 3 VPNs are disabled.

For Layer 3 VPN configuration examples, see Layer 3 VPN Configuration Examples and Layer 3 VPN Internet Access Examples.

Many of the configuration procedures for Layer 3 VPNs are common to all types of VPNs. These procedures are described in detail in Configuring VPNs.

This chapter describes how to configure Layer 3 VPNs, discussing the following topics:

[Contents] [Prev] [Next] [Index] [Report an Error]