[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Protocols Used by a VPN

The Services Routers in a VPN use a variety of protocols to communicate between PE and provider Services Routers. Use Table 10 to help you select the tasks for your VPN type. For more information about configuring routing protocols, see the JUNOS Routing Protocols Configuration Guide and the JUNOS MPLS Applications Configuration Guide.

This section contains the following topics:

Table 10: VPN Protocol Configuration Task Summary

Section

Layer 3 VPN

Layer 2 VPN

Layer 2 Circuit

Configuring MPLS for VPNs

N/A unless you are using RSVP

PE and provider Services Routers

PE Services Routers

Configuring a BGP Session

PE Services Routers

PE Services Routers

PE Services Routers

Configuring Routing Options for VPNs

All Services Routers

All Services Routers

All Services Routers

Configuring an IGP and a Signaling Protocolone of the following tasks:

PE and provider Services Routers

PE Services Routers

PE Services Routers

Configuring a Layer 2 Circuit

N/A

N/A

PE Services Routers

Configuring MPLS for VPNs

For Layer 2 VPN and Layer 2 circuit interfaces that communicate with other PE Services Routers and provider Services Routers, you must advertise the interface using MPLS. Unless you are using RSVP, this section does not apply to Layer 3 VPNs because MPLS is configured on the interface.

For more information about configuring MPLS, see Multiprotocol Label Switching OverviewJUNOS MPLS Applications Configuration Guide.

To configure MPLS for VPNs:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 11 on each PE Services Router and provider Services Router interface that communicates with another PE Services Router.
  3. If you are finished configuring the router, commit the configuration.
  4. To verify the configuration, see Verifying a VPN Configuration
  5. Go on to Configuring a BGP Session.

Table 11: Configuring MPLS for VPNs

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the top of the configuration hierarchy and specify the interfaces used for communication between PE routers and between PE routers and provider routers.

(PE and provider Services Routers)
  1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
  2. Next to Mpls, click Configure or Edit.
  3. Next to Interface, click Configure or Edit.
  4. In the Interface name box, type interface-name.
  5. Click OK.

From the [edit] hierarchy level, enter the following command for each interface you want to enable:

edit protocols mpls interface interface-name

For RSVP only, configure an MPLS label-switched path (LSP) to the destination point on the PE router for LSP. During configuration, you specify the IP address of the LSP destination point, which is an address on the remote PE router.

The path name is defined on the source Services Router only and is unique between two routers.

(PE Services Router interface communicating with another PE Services Router)

  1. In the MPLS page, click Add New Entry in the Label switched path group.
  2. Type a path name in the Path name box and an IP address in the To box.
  3. Click OK.
  4. Next to Interface, click Add New Entry.
  5. Type interface-name in the Interface name box.
  6. Click OK.
  7. Repeat Steps 4 through 6 for each interface.
  1. From the [edit] hierarchy level, enter

    edit protocols mpls label-switched-path path-name

  2. Enter

    set to ip-address

  3. Enter up.
  4. Enter

    interface interface-name

Configuring a BGP Session

You must configure an internal BGP (IBGP) session between PE Services Routers so the Services Routers can exchange information about routes originating and terminating in the VPN. The PE routers use this information to determine which labels to use for traffic destined for remote sites. The IBGP session for the VPN runs through the loopback address. This section is valid for Layer 2 VPNs and Layer 3 VPNs, but not Layer 2 circuits.

For the Layer 3 example, you also configure an EBGP session.

For more information about configuring IBGP sessions, see the J-series Services Router Basic LAN and WAN Access Configuration Guide and the JUNOS Routing Protocols Configuration Guide.

To configure an IBGP session:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 12 on each PE router.
  3. If you are finished configuring the router, commit the configuration.
  4. To verify the configuration, Verifying a VPN Configuration.
  5. Go on to Configuring Routing Options for VPNs.

Table 12: Configuring an IBGP Session

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the top of the configuration hierarchy and configure the IGBP session.

(PE Services Router)
  1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
  2. Next to Bgp, click Configure or Edit.
  3. Next to Group, click Add New Entry.
  4. Type a name in the Group name box.
  5. From the Type list, select Internal.
  6. In the Local address box, type the local loopback IP address.
  7. In the Family group, select L2vpn for a Layer 2 VPN or Inet vpn for a Layer 3 VPN.
  8. Select Unicast.
  9. Click OK.
  10. In the Neighbor group, click Add new entry.
  11. In the Address box, type the loopback IP address of the neighboring PE router.
  12. Click OK until you return to the BGP page.

  1. From the [edit] hierarchy level, enter

    edit protocols bgp group group-name

  2. Enter

    set type internal

  3. Enter

    set local-address loopback-interface-ip-address

  4. Enter

    set family family-type unicast

    Replace family-type with l2vpn for a Layer  2 VPN or inet–vpn for a Layer  3 VPN.

  5. Enter up.
  6. Enter the loopback address of the neighboring PE router:

    set neighbor ip-address

Configuring Routing Options for VPNs

The only required routing option for VPNs is the autonomous system (AS) number. You must specify it on each router involved in the VPN.

To configure routing options for a VPN:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration task described in Table 13.
  3. If you are finished configuring the router, commit the configuration.
  4. To verify the configuration, see Verifying a VPN Configuration
  5. Go on to Configuring an IGP and a Signaling Protocol.

Table 13: Configuring Routing Options for a VPN

Task

J-Web Configuration Editor

CLI Configuration Editor

Configure the AS number.
  1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
  2. Next to Routing options, click Configure or Edit.
  3. In the AS number box, type the AS number.
  4. Click OK.

From the [edit] hierarchy level, enter

set routing-options autonomous-system as-number

Configuring an IGP and a Signaling Protocol

The PE Services Routers and provider Services Routers must be able to exchange routing information. To enable this exchange, you must configure either an IGP such as OSPF or static routes on these routers. You must configure the IGP at the [edit protocols] level, not within the routing instance at the [edit routing-instances] level.

You can use LDP or RSVP between PE routers and between PE routers and provider routers, but not for interfaces between PE routers and CE routers. LDP routes traffic using IGP metrics. RSVP has traffic engineering that lets you override IGP metrics as needed. For more information about these protocols, see Signaling Protocols Overview.

Each PE Services Router's loopback address must appear as a separate route. Do not configure any summarization of the PE Services Router's loopback addresses at the area boundary.

For more information about configuring IGPs and static routes, see the J-series Services Router Basic LAN and WAN Access Configuration Guide and the JUNOS Routing Protocols Configuration Guide.

Configure the appropriate signaling protocol for your VPN:

Configuring LDP for Signaling

You must configure LDP and OSPF on PE and provider routers. For more information about configuring OSPF see the J-series Services Router Basic LAN and WAN Access Configuration Guide.

To configure LDP and OSPF:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 14 on PE and provider router interfaces that communicate with a PE router or provider router.

    For the protocols to work properly, you also must configure the MPLS address family for each interface that uses LDP or RSVP, as described previously in Configuring Interfaces Participating in a VPN.

  3. If you are finished configuring the router, commit the configuration.
  4. To verify the configuration, see Verifying a VPN Configuration.
  5. Go on to Configuring a VPN Routing Instance.

Table 14: Configuring LDP and OSPF for Signaling

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the top of the configuration hierarchy and specify the LDP protocol. Enable local interfaces that communicate with a PE router or provider router, and the loopback interface of the PE router.

(PE and provider Services Routers)
  1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
  2. Next to Ldp, click Configure or Edit.
  3. Next to Interface, click Configure or Edit.
  4. In the Interface name column, type interface-name.
  5. Click OK.
  6. Repeat Steps 4 and 5 for each interface you want to enable.

From the [edit] hierarchy level, enter the following command for each interface you want to enable:

edit protocols ldp interface interface-name

Configure OSPF for each interface that uses LDP.

For OSPF, you must configure at least one area on at least one of the router's interfaces. An AS can be divided into multiple areas. This example uses the backbone area 0.0.0.0.

(PE and provider Services Routers)

For OSPF:

  1. On the main Configuration page next to Protocols, click Configure or Edit.
  2. Next to Ospf, click Configure or Edit.
  3. For Layer 2 VPN or circuit, select Traffic engineering.
  4. Next to Area group, click Add new entry and add the area.
  5. Next to Area group, select the area (0.0.0.0).
  6. Next to Interface group, select Add new entry.
  7. In the Interface name box, type interface-name.
  8. Click OK.
  9. Repeat Steps 5 through 7 to enable additional interfaces.
  10. Click OK twice to return to the Protocols page.

For OSPF:

  1. From the [edit] hierarchy level, enter the following command for each interface you want to enable:

    edit protocols ospf area 0.0.0.0 interface interface-name

  2. For Layer 2 VPN or circuit, move up to the [edit protocols ospf] level and enter

    set traffic-engineering

Configuring RSVP for Signaling

You must enable RSVP for all connections that participate in the label-switched path (LSP) on PE and provider Services Routers. In addition, you must configure OSPF on various interfaces.

For more information about configuring OSPF see the J-series Services Router Basic LAN and WAN Access Configuration Guide.

To configure RSVP and OSPF:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 15 on each PE router and provider router, as specified.
  3. If you are finished configuring the router, commit the configuration.
  4. To verify the configuration, see Verifying a VPN Configuration.
  5. Go on to Configuring a VPN Routing Instance.

Table 15: Configuring RSVP and OSPF for Signaling

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the top of the configuration hierarchy and configure OSPF with traffic engineering support.

(PE Services Router)

For OSPF, follow these steps:

  1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
  2. Next to Protocols, click Configure or Edit.
  3. Next to Ospf, click Configure or Edit.
  4. Select Traffic engineering, and then click Configure.
  5. Select Shortcuts.
  6. Click OK until you return to the Protocols page.

From the [edit] hierarchy level, enter the following command for each interface you want to enable:

edit protocols ospf traffic-engineering shortcuts

Enable RSVP on interfaces that participate in the LSP.

(PE Services Router) Enable interfaces on the source and destination points.

(provider Services Router) Enable interfaces that connect the LSP between the PE Services Routers.
  1. On the main Configuration page next to Protocols, click Configure or Edit.
  2. Next to Rsvp, click Configure or Edit.
  3. In the Interface group, click Add New Entry.
  4. Type an interface name.
  5. Click OK.
  6. Repeat Steps 2 through 4 for each interface you want to enable.
  7. Click OK.

From the [edit] hierarchy level, enter the following command for each interface you want to enable:

edit protocols rsvp interface interface-name

Configuring a Layer 2 Circuit

Each Layer 2 circuit is represented by the logical interface connecting the local PE Services Router to the local CE Services Router. All Layer 2 circuits using a particular remote PE Services Router neighbor is identified by its IP address and is usually the endpoint destination for the LSP tunnel transporting the Layer 2 circuit.

You configure a virtual circuit ID on each interface. Each virtual circuit ID uniquely identifies the Layer 2 circuit among all the Layer 2 circuits to a specific neighbor. The key to identifying a particular Layer 2 circuit on a PE router is the neighbor address and the virtual circuit ID. Based on the virtual circuit ID and the neighbor relationship, an LDP label is bound to an LDP circuit. LDP uses the binding for sending traffic on that Layer 2 circuit to the remote CE router.

To configure a Layer 2 circuit:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 16 on each PE router and provider router, as specified.
  3. If you are finished configuring the router, commit the configuration.
  4. To verify the configuration, see Verifying a VPN Configuration.

Table 16: Configuring a Layer 2 Circuit

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the top of the configuration hierarchy and enable a Layer 2 circuit on the appropriate interface.

(PE Services Router)
  1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
  2. Next to Protocols, click Configure or Edit.
  3. Next to L2circuit, click Configure or Edit.
  4. Next to Neighbor, click Add new entry.
  5. In the Neighbor box, enter the loopback address of the local router.
  6. Next to Interface, click Add new entry.
  7. In the Interface box, type the interface name of the remote PE router.
  8. In the Virtual circuit id box, type an ID number.
  9. Click OK until you return to the Protocols page.
  1. From the [edit] hierarchy level, enter

    edit protocols l2circuit neighbor interface-name interface interface-name

    For neighbor, specify the local loopback address, and for interface, specify the interface name of the remote PE router.

  2. Enter

    set virtual-circuit-id id-number

[Contents] [Prev] [Next] [Index] [Report an Error]

[an error occurred while processing this directive]