How VPN Aggregation Works

VPN aggregation uses the virtual interface configurations as shown in Figure 23 to route traffic from users in one VPN to users in another VPN.

Figure 23: Overview of VPN Aggregation Configuration

The VPN aggregation configuration consists of:

• VRFs—One for each VPN. The VRF is required to create a layer 3 VPN. The VRF must have the instance type of VRF, a physical interface and logical service interface, a route distinguisher, and VRF import and export policies.
• Pool of logical service interfaces—One pool that contains all service interfaces that are configured in your VRF routing instances. Instead of explicit inside and outside service interfaces, all of the interfaces in the pool can be both inside and outside service interfaces.
• Service Set—One service set that has a next-hop service set to the pool of logical service interfaces and that contains a PGCP rule. The service set links the VRFs to the PGCP service.
• Virtual interface—One for each VRF routing instance. The virtual interface configuration establishes the relationship between the following parts of the configuration:
  • PGCP NAT pool (the media service contains the NAT pool)
  • VRF routing instance to which the NAT routes are added
  • The service interface
  • The physical interface

When a gate is established, the pgcpd process uses the virtual interface information in the termination ID to determine the ingress and egress virtual interfaces for the gate. In turn, the virtual interface configuration maps to the VRF, NAT pool, service interface, and physical interface.

The termination IDs of the caller and the call recipient contain the virtual interface ID. For example, in Figure 23 termination ID ip/4/vif-1/1 matches virtual interface vif-1, which is mapped through the configuration to routing instance vrf1.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.