Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring MX Series Router Cloud CPE Services on PE1 to Route Internet Traffic to a Subscriber-Owned NAT Gateway

This topic describes how to configure the PE1 router for routed Internet traffic through a subscriber-owned NAT device. This configuration uses CPE-based dual-Ethernet. Complete the following tasks to configure PE1:

Configuring the Subscriber VLANs — Routed Internet Traffic Through a Subscriber NAT Device

To configure the subscriber VLANs:

  1. Configure the physical interface for VLAN tagging and flexible Ethernet services encapsulation.
  2. Set up the first VLAN for internal VPN traffic.
    1. Configure the logical interface.

    2. Configure the encapsulation for the logical interface.

    3. Bind an 802.1Q VLAN tag ID to the logical interface.

    4. Configure the logical interface for Layer 2 bridging.

  3. Set up the second VLAN as the Internet public interface. This public interface belongs to the global routing instance. You can configure dynamic or static routing between this interface and the WAN interface at the subscriber site.
    1. Configure the second logical interface.

    2. Configure the encapsulation for the logical interface.

    3. Bind an 802.1Q VLAN tag ID to the logical interface.

    4. Configure the logical interface for IPv4 protocol (inet) and configure the IP address of the WAN link.

  4. Review the configuration.

Configuring the IRB Interface, Bridge Domain, and Routing Instance

To configure the IRB interface, bridge domain, and routing instance:

  1. Configure the IRB interface.
    1. Configure the logical interface used for internal VPN traffic as the IRB interface.

    2. Specify the private subnet of the VPN site on the IRB interface.

  2. Configure the bridge domain.
    1. Configure the bridge domain name.

    2. Associate the subscriber’s VLAN ID with the bridge domain.

    3. Specify the interface to include in the bridge domain.

    4. Specify the routing interface to include in the bridge domain.

  3. Configure the routing instance.
    1. Configure the name of the routing instance.

    2. Configure the routing instance as VRF.

    3. Reference the IRB interface by specifying irb.vlan-id.

    4. Specify a route distinguisher attached to the route, enabling you to distinguish which VPN the route belongs to. Each routing instance must have a unique route distinguisher associated with it. The route distinguisher is used to place boundaries around a VPN so that the same IP address prefixes can be used in different VPNs without having them overlap. The format for the route distinguisher is as-number:id.

    5. Specify the VPN’s community. VRF import and export policies are automatically generated.

    6. Map the inner label of a packet to a specific VRF table. This enables examination of the encapsulated IP header.