The example in this section shows how to route VPN and Internet traffic through the same interface in both directions (from the CE router to the Internet and from the Internet to the CE router). The VPN in this example has private addresses. If you can configure EBGP on the CE router, you can configure a PE router using the configuration outlined in Routing VPN and Internet Traffic Through the Same Interface Bidirectionally (VPN Has Public Addresses), even if the VPN has private addresses.
In the example described in this section, the CE router uses separate communities to advertise its VPN routes and public routes. The PE router selectively imports only the public routes into the inet.0 routing table. This configuration ensures that return traffic from the Internet uses the same interface between the PE and CE routers as that used by VPN traffic going out to public Internet addresses (see Figure 39).
Figure 39: VPN and Internet Traffic Routed Through the Same Interface
In this example, the CE router has one interface and a BGP session with the PE router, and it tags VPN routes and Internet routes with different communities. The PE router has one interface, selectively imports routes for the VPN’s public IP address pool into inet.0, and has a default route in the VRF routing table pointing to inet.0.
The following sections show how to route VPN and Internet traffic through the same interface bidirectionally (VPN has private addresses):
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |