Configuring Interprovider VPNs

You can configure interprovider VPN service using either multiprotocol external BGP (MP-EBGP) or multihop MP-EBGP:

Configuring Interprovider VPNs Using MP-EBGP

To configure interprovider VPN service using MP-EBGP, you need to configure the AS border routers of each AS. For an illustration of how the routers interconnect in an interprovider VPN service, see Interprovider VPNs.

The configuration of the AS border routers in each AS is nearly identical. To configure each AS border router, you perform the steps in the following sections:

Configuring RSVP

You need to configure the interprovider VPN interface in RSVP. This interface on the PE router, which handles VPN traffic in the current AS, receives VPN traffic from the other AS.

Configure the interface for RSVP by including the interface statement:

interface interface-name;

You can include this statement at the following hierarchy levels:

[edit protocols rsvp]
[edit logical-systems logical-system-name protocols rsvp]

Configuring MPLS

Configure a label-switched path (LSP) to the PE router. Also configure the interfaces handling VPN traffic from the other AS and to the PE router in the current AS.

mpls {label-switched-path path-name {to address;}interface interface-name;interface interface-name;}

You can include this statement at the following hierarchy levels:

[edit protocols]
[edit logical-systems logical-system-name protocols]

Configuring BGP

Configure an MP-EBGP session on the AS border router. This session exchanges VPN Internet Protocol version 4 (IPv4) routes with the AS border router in the other AS.

To configure a group to handle IBGP and a group to handle EBGP, include the bgp statement:

bgp {keep all;group group-name {type internal;local-address address;family inet-vpn {unicast;}neighbor address;}group group-name {type external;family inet-vpn {unicast;}neighbor address {peer-as as number;}}}

You can include this statement at the following hierarchy levels:

[edit protocols]
[edit logical-systems logical-system-name protocols]

Configuring OSPF

To configure OSPF on the AS border router, include the ospf statement:

ospf {traffic engineering;area address {interface interface-name;interface interface-name {passive;}}}

You can include this statement at the following hierarchy levels:

[edit protocols]
[edit logical-systems logical-system-name protocols]

Configuring Interprovider VPNs Using Multihop MP-EBGP

To configure a network to provide interprovider VPN service using multihop MP-EBGP, you need to set up the AS border routers and the PE routers connected to the end customer’s CE routers. For an illustration of how the routers interconnect in an interprovider VPN service, see Interprovider VPNs.

The following sections describe how to configure a network to provide interprovider VPN service using multihop MP-EBGP:

Configuring the AS Border Routers

The configuration of the AS border routers in each AS is nearly identical. To configure each AS border router, you perform the steps in the following sections:

Configuring BGP

Configure BGP on the AS border routers. To configure a group for IBGP to the PE router, include the bgp statement:

bgp {group group-name {type internal;local-address address;family inet {labeled-unicast {resolve-vpn;}}neighbor address;}}

To configure a group for EBGP to the AS border router in the adjacent AS router, include the bgp statement:

bgp {group group-name {type external;family inet {labeled-unicast;}export internal;neighbor address {peer-as as-number;}}}

You can include this statement at the following hierarchy levels:

[edit protocols]
[edit logical-systems logical-system-name protocols]

Configuring Policy Options

For the policy configuration on the AS border routers, you only need to advertise the loopbacks of the PE routers. If the AS border router is also a PE router, configure from protocol ospf direct at the [edit policy-options policy-statement policy-name term term-name] hierarchy level.

To configure the policy options on the AS border routers, include the policy-statement statement:

policy-statement policy-name {term term-name {from {protocol ospf direct;route-filter pe-router-loopback-address exact accept;}then reject;}}

You can include these statements at the following hierarchy levels:

[edit policy-options]
[edit logical-systems logical-system-name policy-options]

Configuring the PE Router

Configure a multihop MP-EBGP session on the PE router connected to the end customer’s CE router.

To pass labeled IPv4 routes, include the labeled-unicast statement:

labeled-unicast {resolve-vpn;}

You can include this statement at the following hierarchy levels:

[edit protocols bgp group group-name family inet]
[edit logical-systems logical-system-name protocols bgp group group-name family inet]

To configure a group to handle an EBGP multihop session with the remote PE router (that is, to pass VPN-IPv4 routes), include the bgp statement:

bgp {group group-name {multihop {ttl 10;}family inet-vpn {unicast;}}neighbor address {peer-as as-number;}}

You can include this statement at the following hierarchy levels:

[edit protocols]
[edit logical-systems logical-system-name protocols]