• Supported Platforms
• M10i Routers, M120 Routers, M320 Routers, M7i Routers
• MX240 Routers, MX480 Routers, MX960 Routers
• T640 Routers

• Related Topics
• VPN Aggregation for VoIP Calls Overview
• Configuring Routing of VPN Calls

IMSG VPN Routing Overview

VPN aggregation using the IMSG works as described in VPN Aggregation for VoIP Calls Overview. However, in the IMSG solution, the BSG provides the B2BUA (gateway controller) functionality, and must be configured to direct VPN traffic to properly configured service interfaces.

To support VPNs, the BSG must be able to:

• Send messages to a specific IP address, port, and VPN.
• Distinguish on which IP address, port, and VPN a particular message arrived.
• For connected transports, such as TCP, the equivalent requirement applies to each connection.

When using the BSG, you specify a VPN by relating a service interface (interface + unit) to a service point. The service interface defines the VPN for both incoming and outgoing messages. A separate listening socket is opened for each tuple of: service interface, address, port, and transport protocol. The service interface parameter of the service point now serves as the VPN identifier. If no unit is specified for the service interface, unit 0 is implicitly assigned. If no egress service point is specified, the ingress service point is used for the outgoing messages, hence over the same VPN.

Figure 1 shows how VPN call routing is configured using the IMSG solution.

The VPN aggregation configuration consists of:

• VRFs—One for each VPN. The VRF is required to create a Layer 3 VPN. The VRF must have the instance type of VRF, a logical service interface, a route distinguisher, and VRF import and export policies.
• Pool of logical service interfaces—One pool that contains all service interfaces that are configured in your VRF routing instances. Instead of explicit inside and outside service interfaces, all of the interfaces in the pool can be both inside and outside service interfaces.
• Service set—One service set that has a next-hop service set to the pool of logical service interfaces and that contains a PGCP rule. The service set links the VRFs to the PGCP service.

  Note: Make sure that each virtual BGF used for VPN call routing is configured with: Only one service set containing only one PGCP rule. Only one service interface pool.

• Service point—One for each VRF routing instance. The default-media-realm of the service point links the service point to the virtual interface for the routing instance.
• Virtual interface—One for each VRF routing instance. The virtual interface configuration establishes the relationship between the following parts of the configuration:
  • The service point
  • NAT pool (the media service contains the NAT pool)
  • VRF routing instance to which the NAT routes are added
  • The service interface