[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Layer 2.5 VPN Configuration

Figure 69: Layer 2.5 VPN Topology Diagram

Image g017141.gif

In Figure 69, ATM is configured between CE1 and PE1 and Frame Relay is configured between PE2 and CE2. To begin the Layer 2 VPN configuration, enable ATM and the corresponding encapsulation on CE1.

Router CE1



[edit]
interfaces
at-1/1/0 {
description "to PE1 at-0/3/0";


atm-options {
vpi 0 maximum-vcs 2000;
}




unit 32 {
vci 32;
encapsulation atm-vc-mux;


family inet {
address 10.1.1.1/30;
}


}


}

The first provider edge (PE1) router uses ATM TCC encapsulation on the ATM VC connecting to CE1. After this, standard Layer 2 VPN design rules apply. You use MPLS on interfaces pointing toward the core and the edge, establish a Layer 2 VPN BGP peer relationship with PE2, use LDP or Resource Reservation Protocol (RSVP) for traffic traveling through the core, and configure the proper VRF instance. Finally, you create policies for PE1 that will set a private community tag on outbound BGP traffic heading to PE2 and accept incoming traffic that matches similar community traffic from PE2.

Router PE1



[edit]
interfaces {


at-0/3/0 {
description "to CE1 at-1/1/0";


atm-options {
vpi 0 maximum-vcs 2000;
}




unit 32 {
encapsulation atm-tcc-vc-mux;
vci 32;
}


}




so-1/0/0 {
description "to P so-1/0/0";


unit 0 {


family inet {
address 192.168.255.86/30;
}


family mpls;
}


}




lo0 {


unit 0 {


family inet {
address 10.255.255.174/32;
}


}


}


}
protocols {


mpls {
interface at-0/3/0.32;
interface so-1/0/0.0;
}




bgp {


group my-internal-peers {
type internal;
local-address 10.255.255.174;


family l2vpn {
signaling;
}


neighbor 10.255.255.177;
}


}




ldp {
interface so-1/0/0.0;
}


}
policy-options {


policy-statement companyA-import {


term T1 {


from {
protocol bgp;
community companyA;
}


then accept;
}




term Final {
then reject;
}


}




policy-statement companyA-export {


term T1 {


then {
community add companyA;
accept;
}


}




term Final {
then reject;
}


}


community companyA members target:100:1;
}
routing-instances {


companyA {
instance-type l2vpn;
interface at-0/3/0.32;
route-distinguisher 10.255.255.174:1;
vrf-import companyA-import;
vrf-export companyA-export;


protocols {


l2vpn {
encapsulation-type interworking;


site Denver {
site-identifier 1;


interface at-0/3/0.32 {
remote-site-id 2;
}


}


}


}


}


}

On the provider core router (P), you need only enable MPLS and LDP on the interfaces that bridge the gap between the PE routers.

Router P



[edit]
interfaces {


so-1/0/0 {
description "to PE1 so-1/0/0";


unit 0 {


family inet {
address 192.168.255.85/30;
}


family mpls;
}


}




fe-1/1/0 {
description "to PE2 fe-1/1/2";


unit 0 {


family inet {
address 192.168.255.93/30;
}


family mpls;
}


}




lo0 {


unit 0 {


family inet {
address 10.255.255.173/32;
}


}


}


}
protocols {


mpls {
interface so-1/0/0.0;
interface fe-1/1/0.0;
}




ldp {
interface so-1/0/0.0;
interface fe-1/1/0.0;
}


}

The PE2 router uses Frame Relay TCC encapsulation on the Frame Relay DLCI connecting to CE2. To establish the Layer 2.5 VPN, follow the same steps you used to configure PE1. You use MPLS on interfaces pointing toward the core and the edge, establish a Layer 2 VPN BGP peer relationship with PE1, use LDP or RSVP for traffic traveling through the core, and configure the proper VRF instance. Finally, you create policies on PE2 that will set a private community tag on outbound BGP traffic heading to PE1 and accept incoming traffic that matches similar community traffic from PE1.

Router PE2



[edit]
interfaces {


fe-1/1/2 {
description "to P fe-1/1/0";


unit 0 {


family inet {
address 192.168.255.94/30;
}


family mpls;
}


}




so-1/2/1 {
description "to CE2 so-1/2/1";
dce;
encapsulation frame-relay-tcc;


unit 600 {
encapsulation frame-relay-tcc;
dlci 600;
}


}




lo0 {


unit 0 {


family inet {
address 10.255.255.177/32;
}


}


}


}
protocols {


mpls {
interface fe-1/1/2.0;
interface so-1/2/1.600;
}




bgp {


group my-internal-peers {
type internal;
local-address 10.255.255.177;


family l2vpn {
signaling;
}


neighbor 10.255.255.174;
}


}


}
ldp {
interface fe-1/1/2.0;
}
policy-options {


policy-statement companyA-import {


term T1 {


from {
protocol bgp;
community companyA;
}


then accept;
}




term Final {
then reject;
}


}




policy-statement companyA-export {


term T1 {


then {
community add companyA;
accept;
}


}




term Final {
then reject;
}


}


community companyA members target:100:1;
}
routing-instances {


companyA {
instance-type l2vpn;
interface so-1/2/1.600;
route-distinguisher 10.255.255.177:1;
vrf-import companyA-import;
vrf-export companyA-export;


protocols {


l2vpn {
encapsulation-type interworking;


site NewYork {
site-identifier 2;


interface so-1/2/1.600 {
remote-site-id 1;
}


}


}


}


}


}

To complete the Layer 2.5 VPN configuration, enable Frame Relay encapsulation on CE2.

Router CE2



[edit]
interfaces
so-1/2/1 {
description "to PE2 so-1/2/1";
encapsulation frame-relay;


unit 600 {
dlci 600;


family inet {
address 10.1.1.2/30;
}


}


}

[Contents] [Prev] [Next] [Index] [Report an Error]