Technical Documentation

Configuring Routing of VPN Calls

To route SIP calls between VPN routing instances, you must include interfaces for the BGF and BSG in the routing instances. Configure a service point for each VPN. Assign a default media realm for each service point. The default media realm is used to select a pgcp virtual interface, which determines the media service and NAT pool. A VPN-based call, like other SIP calls, is routed between service points based on new transaction policies attached to the ingress service point.

To configure routing of VPN calls:

  1. Configure router VPN interfaces.
    [edit interfaces]user@host# set fe-2/0/1 vlan-tagging unit 0 vlan-id 702 family inet address 70.2.101.101/16user@host# set fe-2/0/1 vlan-tagging unit 10 vlan-id 703 family inet address 70.100.101.1/24user@host# set fe-2/0/2 vlan-tagging unit 0 vlan-id 703 family inet address 70.3.101.101/16user@host# set fe-2/0/2 vlan-tagging unit 10 vlan-id 702 family inet address 70.100.102.1/24
  2. Configure the service interfaces for the BGF.
    [edit]user@host# edit interfaces sp-4/0/0 unit 10[edit interfaces sp-4/0/0 unit 10 ]user@host# set family inetuser@host# set description "BGF unit for vpn 1"user@host# edit interfaces sp-4/0/0 unit 20
    [edit][edit interfaces sp-4/0/0 unit 20]user@host# set family inetuser@host# set description "BGF unit for vpn 2"
    [edit]user@host# edit interfaces sp-4/0/0 unit 30[edit interfaces sp-4/0/0 unit 30]user@host# set family inetuser@host# set description "BGF unit for vpn 3"user@host# edit interfaces sp-4/0/0 unit 40
    [edit]user@host# edit interfaces sp-4/0/0 unit 40[edit interfaces sp-4/0/0 unit 40]user@host# set family inetuser@host# set description "BGF unit for vpn 4"
  3. Configure the service interfaces for the BSG.
    [edit]user@host# edit interfaces ms-4/2/0 unit 10[edit interfaces ms-4/2/0 unit 10]user@host# set family inetuser@host# set description "BSG unit for vpn 1"user@host# set address 70.101.101.2/32
    [edit]user@host# edit interfaces ms-4/2/0 unit 20[edit interfaces ms-4/2/0 unit 20]user@host# set family inetuser@host# set description "BSG unit for vpn 2"user@host# set address 70.101.102.2/32
    [edit]user@host# edit interfaces ms-4/2/0 unit 30[edit interfaces ms-4/2/0 unit 30]user@host# set family inetuser@host# set description "BSG unit for vpn 3"user@host# set address 70.101.103.2/32
    [edit]user@host# edit interfaces ms-4/2/0 unit 40[edit interfaces ms-4/2/0 unit 40 family inet]user@host# set family inetuser@host# set description "BSG unit for vpn 4"user@host# set address 70.101.104.2/32
  4. Configure a policy statement to be used for the vrf-import and vrf-export policies that you plan to configure in the routing instances.
    [edit]user@host# edit policy-options policy-statement policy-1[edit edit policy-options policy-statement policy-1]user@host# set term term1 then reject
  5. Configure routing instances for each VRF.
    [edit]user@host# edit routing-instances vrf_1[edit routing-instances vrf_1]user@host# set instance-type vrfuser@host# set interface fe-2/0/1.0user@host# set interface sp-4/0/0.10user@host# set interface ms-4/2/0.10user@host# set route-distinguisher 1:1user@host# set vrf-import policy-1user@host# set vrf-export policy-1
    [edit]user@host# edit routing-instances vrf_2[edit routing-instances vrf_2]user@host# set instance-type vrfuser@host# set interface fe-2/0/1.10user@host# set interface sp-4/0/0.20user@host# set interface ms-4/2/0.20user@host# set route-distinguisher 1:2user@host# set vrf-import policy-1user@host# set vrf-export policy-1
    [edit]user@host# edit routing-instances vrf_3[edit routing-instances vrf_3]user@host# set instance-type vrfuser@host# set interface fe-2/0/2.0user@host# set interface sp-4/0/0.30user@host# set interface ms-4/2/0.30user@host# set route-distinguisher 1:3user@host# set vrf-import policy-1user@host# set vrf-export policy-1
    [edit]user@host# edit routing-instances vrf_4[edit routing-instances vrf_4]user@host# set instance-type vrfuser@host# set interface fe-2/0/2.10user@host# se interface sp-4/0/0.40user@host# set interface ms-4/2/0.40user@host# set route-distinguisher 1:4user@host# set vrf-import policy-1user@host# set vrf-export policy-1
  6. Configure a pool of the logical service interfaces that are configured in the VRF routing instances.
    [edit]user@host# edit services service-interface-pools pool bgf-pool[edit services service-interface-pools pool bgf-pool]user@host# set interface sp-4/0/0.10user@host# set interface sp-4/0/0.20user@host# set interface sp-4/0/0.30user@host# set interface sp-4/0/0.40
  7. Create a service set that links the VRF and BGF services. Specify the service interface pool name as the next-hop service. The service must contain a BGF rule. It cannot contain another rule.
    [edit]user@host# edit services service-set bgf[edit services service-set bgf]user@host# set next-hop-service service-interface-pool bgf-pooluser@host# set pgcp-rules bgf-rule
  8. Configure the BSG service interface.
    [edit service border-signaling-gateway gateway bsg-1]user@host# set service interface ms-4/2/0
  9. Configure the BSG service class.
    [edit]user@host# edit services border-signaling-gateway gateway bsg1 embedded-spdf service-class default term all[edit services border-signaling-gateway gateway bsg1 embedded-spdf service-class default term all]user@host# set from media-type any-mediauser@host# set then committed-information-rate 100000user@host# set then committed-burst-size 2000user@host# set dscp af11
  10. Configure new BSG transaction policies.
    [edit]user@host# edit services border-signaling-gateway gateway bsg1 sip new-transaction-policy vpn_tr_to_vlan1 term call_to_vlan1[edit services border-signaling-gateway gateway bsg1 sip new-transaction-policy vpn_tr_to_vlan1 term call_to_vlan1]user@host# set from request-uri regular-expression sip:701.*user@host# set then accept route egress-service-point vpn_1
    [edit]user@host# edit services border-signaling-gateway gateway bsg1 sip new-transaction-policy vpn_tr_to_vlan2 term call_to_vlan2[edit services border-signaling-gateway gateway bsg1 sip new-transaction-policy vpn_tr_to_vlan2 term call_to_vlan2]user@host# set from request-uri regular-expression sip:702.*user@host# set then accept route egress-service-point vpn_2
    [edit]user@host# edit services border-signaling-gateway gateway bsg1 sip new-transaction-policy vpn_tr_to_vlan3 term call_to_vlan3[edit services border-signaling-gateway gateway bsg1 sip new-transaction-policy vpn_tr_to_vlan3 term call_to_vlan3]user@host# set from request-uri regular-expression sip:703.*user@host# set then accept route egress-service-point vpn_3
    [edit]user@host# edit services border-signaling-gateway gateway bsg1 sip new-transaction-policy vpn_tr_to_vlan4 term call_to_vlan4[edit services border-signaling-gateway gateway bsg1 sip new-transaction-policy vpn_tr_to_vlan4 term call_to_vlan4]user@host# set from request-uri regular-expression sip:704.*user@host# set then accept route egress-service-point vpn_4
  11. Configure a new call usage policy.
    [edit services border-signaling-gateway gateway bsg1 sip new-call-usage-policy call_juni_accept term accept_all]user@host# set then accept media-policy service-class defaultuser@host# set new-call-usage-input-policies call_juni_accept
  12. Configure NAT pools for use with BGF media services.
    [edit]user@host# edit services nat pool vpn_1_nat[edit services nat pool vpn_1_nat]user@host# set pgcpuser@host# set port automaticuser@host# set address 70.101.101.2/32
    [edit]user@host# edit services nat pool vpn_2_nat[edit services nat pool vpn_2_nat]user@host# set pgcpuser@host# set port automaticuser@host# set address 70.101.102.2/32
    [edit]user@host# edit services nat pool vpn_3_nat[edit services nat pool vpn_3]user@host# set pgcpuser@host# set port automaticuser@host# set address 70.101.101.3/32
    [edit]user@host# edit services nat pool vpn_4_nat[edit services nat pool vpn_4]user@host# set pgcpuser@host# set port automaticuser@host# set address 70.101.101.4/32
  13. Configure virtual interfaces for the BGF.
    [edit]user@host# edit services pgcp virtual-interface 1[edit services pgcp virtual-interface 1]user@host# set routing-instance vrf_1user@host# set service-state in-service nat-pool vpn_1_nat
    [edit]user@host# edit services pgcp virtual-interface 2[edit services pgcp virtual-interface 2]user@host# set routing-instance vrf_2user@host# set service-state in-service nat-pool vpn_2_nat
    [edit]user@host# edit services pgcp virtual-interface 3[edit services pgcp virtual-interface 3]user@host# set routing-instance vrf_3user@host# set service-state in-service nat-pool vpn_3_nat
    [edit]user@host# edit services pgcp virtual-interface 4[edit services pgcp virtual-interface 4]user@host# set routing-instance vrf_4user@host# set service-state in-service nat-pool vpn_4_nat
  14. Configure the BSG service interface.
    [edit services border-signaling-gateway gateway bsg1]user@host# set service-interface ms-4/2/0
  15. Configure BSG service points.
    [edit]user@host# edit services border-signaling-gateway gateway bsg1 service-point vpn_1[edit services border-signaling-gateway gateway bsg1 service-point vpn_1]user@host# set service-point-type sip transport-details port-number 5060 udpuser@host# set service-interface ms-4/2/0.10user@host# set default-media-realm 1user@host# edit service-policies[edit services border-signaling-gateway gateway bsg1 service-point vpn_1 service-policies]user@host# set new-transaction-input-policies [ vpn_tr_to_vlan_2 vpn_tr_to_vlan_3 vpn_tr_to_vlan_4 ]user@host# set new-call-usage-input-policies call_juni_accept
    [edit]user@host# edit services border-signaling-gateway gateway bsg1 service-point vpn_3
    [edit]user@host# edit services border-signaling-gateway gateway bsg1 service-point vpn_2[edit services border-signaling-gateway gateway bsg1 service-point vpn_2]user@host# set service-point-type sip transport-details port-number 5060 udpuser@host# set service-interface ms-4/2/0.20user@host# set default-media-realm 2user@host# edit service-policies[edit services border-signaling-gateway gateway bsg1 service-point vpn_2 service-policies]user@host# set new-transaction-input-policies [ vpn_tr_to_vlan_1 vpn_tr_to_vlan_3 vpn_tr_to_vlan_4 ]user@host# set new-call-usage-input-policies call_juni_accept
    [edit services border-signaling-gateway gateway bsg1 service-point vpn_3]user@host# set service-point-type sip transport-details port 5060 udpuser@host# set service-interface ms-4/2/0.30user@host# set default-media-realm 3user@host# edit service-policies[edit services border-signaling-gateway gateway bsg1 service-point vpn_3 service-policies]user@host# set new-transaction-input-policies [ vpn_tr_to_vlan_1 vpn_tr_to_vlan_2 vpn_tr_to_vlan_4 ]user@host# set new-call-usage-input-policies call_juni_accept
    [edit]user@host# edit services border-signaling-gateway gateway bsg1 service-point vpn_4[edit services border-signaling-gateway gateway bsg1 service-point vpn_4]user@host# set service-point-type sip transport-details port-number 5060 udpuser@host# set service-interface ms-4/2/0.40user@host# set default-media-realm 4user@host# edit service-policies[edit services border-signaling-gateway gateway bsg1 service-point vpn_4 service-policies]user@host# set new-transaction-input-policies [ vpn_tr_to_vlan_1 vpn_tr_to_vlan_2 vpn_tr_to_vlan_3 ]user@host# set new-call-usage-input-policies call_juni_accept
  16. Create a BGF rule including relevant NAT pools.
    [edit services rule pgcp1-rule]user@host# set gateway bgf-1 nat-pool [vpn_1_nat vpn_2_nat vpn_3_nat vpn_4_nat ]

Published: 2010-04-22