Configuring Logical Units on the Loopback Interface for Routing Instances in Layer 3 VPNs

For Layer 3 VPNs (VRF routing instances), you can configure a logical unit on the loopback interface into each VRF routing instance that you have configured on the router. Associating a VRF routing instance with a logical unit on the loopback interface allows you to easily identify the VRF routing instance.

Doing this is useful for troubleshooting:

It allows you to ping a remote CE router from a local PE router in a Layer 3 VPN. For more information, see Pinging the Remote CE Router from the Local PE Router.
It ensures that a path maximum transmission unit (MTU) check on traffic originating on a VRF or virtual-router routing instance functions properly. For more information, see Configuring Path MTU Checks for VPNs.

You can also configure a firewall filter for the logical unit on the loopback interface; this configuration allows you to filter traffic for the VRF routing instance associated with it.

The following describes how firewall filters affect the VRF routing instance depending on whether they are configured on the default loopback interface, the VRF routing instance, or some combination of the two. The “default loopback interface” refers to lo0.0 (associated with the default routing table), and the “VRF loopback interface” refers to lo0.n, which is configured in the VRF routing instance.

If you configure Filter A on the default loopback interface and Filter B on the VRF loopback interface, the VRF routing instance uses Filter B.
If you configure Filter A on the default loopback interface but do not configure a filter on the VRF loopback interface, the VRF routing instance does not use a filter.
If you configure Filter A on the default loopback interface but do not even configure a VRF loopback interface, the VRF routing instance uses Filter A.

To configure a logical unit on the loopback interface, include the unit statement:

unit number {family inet {address address;}}

You can include this statement at the following hierarchy levels:

[edit interfaces lo0]
[edit logical-systems logical-system-name interfaces lo0]

To associate a firewall filter with the logical unit on the loopback interface, include the filter statement:

filter {input filter-name;}

You can include this statement at the following hierarchy levels:

[edit interfaces lo0 unit unit-number family inet]
[edit logical-systems logical-system-name interfaces lo0 unit unit-number family inet]

To include the lo0.n interface (where n specifies the logical unit) in the configuration for the VRF routing instance, include the following statement:

interface lo0.n;

You can include this statement at the following hierarchy levels:

[edit routing-instances routing-instance-name]
[edit logical-systems logical-system-name routing-instances routing-instance-name]

For more information about how to configure firewall filters, see the Junos Policy Framework Configuration Guide.