[an error occurred while processing this directive][an error occurred while processing this directive]

Configuring VPN Aggregation

VPN aggregation configurations have the following requirements.

  • All interfaces in a pool must belong to the same service PIC.
  • Logical interfaces cannot be in more than one pool.
  • All interfaces must have either family inet or family inet6 configured.
  • Logical unit 0 cannot be configured in a service interface pool.
  • The maximum number of service interfaces in a pool is 1000.
  • The service set must have a next-hop service that is set to the service interface pool; it cannot have inside and outside services.
  • The service set must have a BGF rule.
  • In the virtual interface configuration, the service interface must match the interface configured in the VRF routing instance.
  • The virtual interface configuration must include all media services in the BGF rule that is configured in the service set.

Figure illustrates the configuration in this topic.

Image g017464.gif

To configure VPN aggregation:

  1. Configure a policy statement to be used for the vrf-import and vrf-export policies that you plan to configure in the routing instances.
    [edit]user@host# edit policy-options policy-statement policy-1
    [edit policy-options policy-statement policy-1]user@host# set term t1 then reject
  2. Configure a VRF routing instance for each VPN.
    [edit]user@host# edit routing-instances vrf1
    [edit routing-instances vrf1]user@host# set instance-type vrfuser@host# set interface sp-1/0/0.10user@host# set route-distinguisher 10.10.10.11:0user@host# set vrf-import policy-1user@host# set vrf-export policy-1
    [edit]user@host# edit routing-instances vrf2
    [edit routing-instances vrf2]user@host# set instance-type vrfuser@host# set interface sp-2/0/0.10user@host# set route-distinguisher 10.10.10.22:0user@host# set vrf-import policy-1user@host# set vrf-export policy-1
    [edit]user@host# edit routing-instances vrf3
    [edit routing-instances vrf3]user@host# set instance-type vrfuser@host# set interface sp-3/0/0.10user@host# set route-distinguisher 10.10.10.33:0user@host# set vrf-import policy-1user@host# set vrf-export policy-1
  3. Configure a pool of logical service interfaces that are configured in the VRF routing instances.
    [edit]user@host# edit services service-interface-pools pool bgf-pool
    [edit services service-interface-pools pool bgf-pooluser@host# set interface sp-1/0/0.10user@host# set interface sp-2/0/0.10user@host# set interface sp-3/0/0.10
  4. Create a service set that links the VRF and the BGF services. Specify the service interface pool as the next-hop service. The service set must contain a BGF rule. It cannot contain any other type of rule.
    [edit]user@host# edit services service-set bgf
    [edit services service-set bgf]user@host# set next-hop-service service-interface-pool bgf-pooluser@host# set pgcp-rules bgf-rule
  5. Configure a virtual interface for each VRF routing instance.
    [edit]user@host# edit services pgcp virtual-interface 1
    [edit services pgcp virtual-interface 1]user@host# set routing-instance vrf1 service-interface sp-1/0/0.10user@host# set nat-pool access_ms
    [edit]user@host# edit services pgcp virtual-interface 2
    [edit services pgcp virtual-interface 2]user@host# set routing-instance vrf2service-interface sp-2/0/0.10user@host# set nat-pool core_ms
    [edit]user@host# edit services pgcp virtual-interface 3
    [edit services pgcp virtual-interface 3]user@host# set routing-instance vrf3 service-interface sp-3/0/0.10user@host# set nat-pool access_ms

Published: 2010-04-13

[an error occurred while processing this directive]