• Download Software
• Research a Problem 
• Case Management 
• Contract & Product Management 
• Technical Documentation
  • Advanced Search
  • Documentation Archive
  • Documentation Bug Report
  • Enterprise MIBs
  • File Format Help
  • Glossary
  • Portable Libraries
• End-of-Life Products
• Contact Support
• Guidelines and Policies
• Security Resources

Introduction to VPN Aggregation

The VPN aggregation feature uses VPN routing and forwarding (VRF) so users on one VPN can call users on another VPN. For example, in Figure 1, users in VPN B can call users in VPN A and VPN C.

VPN aggregation provides the following benefits:

• Provides a scalable way to configure VRFs in a mesh-like configuration that uses only one logical service interface for each VRF.
• Reduces the number of service sets that you need because you can add all of your logical service interfaces to a pool of interfaces, and then assign the entire pool of interfaces to a service set.
• Configurations are inline so that, when you provision the service set for VRFs, you can seamlessly tie the service into the BGF service without the need for additional configuration states.
• Uses the router’s native support for VRFs and VPNs, which omits the need for an external element that terminates the VRFs and replaces them with the VLAN tags required to support VoIP media handling.

How VPN Aggregation Works

VPN aggregation uses the virtual interface configurations as shown in Figure 2 to route traffic from users in one VPN to users in another VPN.

The VPN aggregation configuration consists of:

• VRFs—One for each VPN. The VRF is required to create a Layer 3 VPN. The VRF must have the instance type of VRF, a logical service interface, a route distinguisher, and VRF import and export policies.
• Pool of logical service interfaces—One pool that contains all service interfaces that are configured in your VRF routing instances. Instead of explicit inside and outside service interfaces, all of the interfaces in the pool can be both inside and outside service interfaces.
• Service Set—One service set that has a next-hop service set to the pool of logical service interfaces and that contains a PGCP rule. The service set links the VRFs to the PGCP service.
• Virtual interface—One for each VRF routing instance. The virtual interface configuration establishes the relationship between the following parts of the configuration:
  • NAT pool (the media service contains the NAT pool)
  • VRF routing instance to which the NAT routes are added
  • The service interface

When a gate is established, the pgcpd process uses the virtual interface information in the termination ID to determine the ingress and egress virtual interfaces for the gate. In turn, the virtual interface configuration maps to the VRF, NAT pool, and service interface.

The termination IDs of the caller and the call recipient contain the virtual interface ID. For example, in Figure 2, termination ID ip/4/vif-1/1 matches virtual interface vif-1, which is mapped through the configuration to routing instance vrf1.