[an error occurred while processing this directive][an error occurred while processing this directive]

Routing VPN and Internet Traffic Through the Same Interface Bidirectionally (VPN Has Public Addresses)

This section shows how to configure a single logical interface to handle VPN and Internet traffic traveling both to and from the Internet and the CE router. This interface can handle both VPN and Internet traffic as long as there are no private addresses in the VPN. The VPN routes received from the CE router are added to the main routing table inet.0 by means of routing table groups. This allows the PE router to attract the return traffic from the Internet (see Figure 1).

Figure 1: Interface Configured to Carry Both Internet and VPN Traffic

Image g017204.gif

In this example, the CE router does not need to perform NAT, because all the VPN routes are public. The CE router has a single interface to the PE router, to which it advertises VPN routes. The PE router has a default route in the VRF table pointing to the main routing table inet.0. The PE router also imports VPN routes received from the CE router into inet.0 by means of routing table groups.

The following configuration for Router PE1 uses the same topology as in Routing VPN and Internet Traffic Through Different Interfaces. This configuration uses a single logical interface (instead of two) between Router PE1 and Router CE1.

The following sections show how to route VPN and Internet traffic through the same interface bidirectionally (VPN has public addresses):

Configuring Routing Options on Router PE1

Configure a routing table group definition for installing VPN routes in routing table groups vpna.inet.0 and inet.0:

[edit]routing-options {rib-groups {vpna-to-inet0 {import-rib [ vpna.inet.0 inet.0 ];}}}

Configuring Routing Protocols on Router PE1

Configure MPLS, BGP, IS-IS, and LDP protocols on Router PE1. This configuration does not include the policy redist-static statement at the [edit protocols bgp group pe-pe] hierarchy level. The VPN routes are sent directly to IBGP.

Configure BGP on Router PE1 to allow non-VPN and VPN peering, and to advertise the VPN’s public IP address pool:

[edit]protocols {mpls {interface t3-0/2/0.0;}bgp {group pe-pe {type internal;local-address 10.255.14.171;family inet {any;}family inet-vpn {any;}export fix-nh;neighbor 10.255.14.177;neighbor 10.255.14.173;}}isis {level 1 disable;interface so-0/0/0.0;interface lo0.0;}ldp {interface so-0/0/0.0;}}

Configuring the Routing Instance on Router PE1

This section describes how to configure the routing instance on Router PE1. The static route defined in the routing-options statement directs Internet traffic from the CE router to the inet.0 routing table. The routing table group defined by the rib-group vpna-to-inet0 statement adds the VPN routes to inet.0.

Configure the routing instance on Router PE1:

[edit]routing-instances {vpna {instance-type vrf;interface t3-0/2/0.0;route-distinguisher 10.255.14.171:100;vrf-import vpna-import;vrf-export vpna-export;routing-options {static {route 0.0.0.0/0 next-table inet.0;}}protocols {bgp {group to-CE1 {family inet {unicast {rib-group vpna-to-inet0;}}peer-as 63001;neighbor 192.168.197.14;}}}}}

You must configure Router CE1 to forward all traffic to Router PE1 using a default route. Alternatively, the default route can be advertised from Router PE1 to Router CE1 with EBGP.

Traffic Routed Through the Same Interface Bidirectionally: Configuration Summarized by Router

Router PE1

This example uses the same configuration as in Routing VPN and Internet Traffic Through Different Interfaces. This configuration uses a single logical interface (instead of two) between Router PE1 and Router CE1.

Routing Options

routing-options {rib-groups {vpna-to-inet0 {import-rib [ vpna.inet.0 inet.0 ];}}}

Routing Protocols

protocols {mpls {interface t3-0/2/0.0;}bgp {group pe-pe {type internal;local-address 10.255.14.171;family inet {any;}family inet-vpn {any;}export fix-nh;neighbor 10.255.14.177;neighbor 10.255.14.173;}}isis {level 1 disable;interface so-0/0/0.0;interface lo0.0;}ldp {interface so-0/0/0.0;}}

Routing Instance

routing-instances {vpna {instance-type vrf;interface t3-0/2/0.0;route-distinguisher 10.255.14.171:100;vrf-import vpna-import;vrf-export vpna-export;routing-options {static {route 0.0.0.0/0 next-table inet.0;}}protocols {bgp {group to-CE1 {family inet {unicast {rib-group vpna-to-inet0;}}peer-as 63001;neighbor 192.168.197.14;}}}}}

Published: 2010-04-27

[an error occurred while processing this directive]