Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring MX Series Router Cloud CPE NAT Services on the PE1 Router to Route Internet Traffic

Complete the following tasks to configure the PE1 router at Site 1:

Configuring MX Series Router Cloud CPE NAT Services

The Junos OS provides carrier-grade NAT (CGN) for IPv4 and IPv6 networks. To enable the NAT service for the cCPE services:

  1. Configure the properties for the MS-DPC and enable the extension provider service package application.
  2. Verify the configuration.

Configuring the Service Interfaces for NAT

To configure the inside and outside service interfaces:

  1. Configure the inside interface.
  2. Configure the outside interface.

Defining the Service Rules

In this sample procedure, the service set contains only the NAT service. You can also add other services like stateful firewall. To define the service rules to be applied to traffic:

  1. Configure the next-hop service set.
    1. Configure a name for the service set.

    2. Configure a name for the NAT rules.

    3. Define the next-hop service for the inside service interface.

    4. Define the next-hop service for the outside service interface.

  2. Configure the public address pool and ports.
    1. Configure the public address pool name.

    2. Specify the address or address prefix for NAT.

    3. Configure the NAT port to be assigned automatically by the router.

  3. Configure the NAT rules.
    1. Specify the name of the NAT rule.

    2. Specify the direction in which the rule match is applied.

    3. Define the NAT term actions.

Configuring the Interface, Bridge Domain, and IRB Interface

To configure the interface, bridge domain, and IRB interface:

  1. Configure the interface for VLAN tagging and flexible Ethernet services encapsulation.
  2. Configure the subscriber VLAN.
    1. Configure the logical interface.

    2. Configure the encapsulation for the logical interface.

    3. Bind an 802.1Q VLAN tag ID to the logical interface.

    4. Configure the logical interface for Layer 2 bridging.

  3. Configure the IRB interface.
    1. Configure the logical interface used for internal VPN traffic as the IRB interface.

    2. Specify the private subnet of the VPN site on the IRB interface.

  4. Configure the bridge domain.
    1. Configure the bridge domain name.

    2. Associate the subscriber’s VLAN ID with the bridge domain.

    3. Specify the interface name for the bridge domain.

    4. Specify the routing interface to include in the bridge domain.

  5. Configure the routing instance.
    1. Configure the name of the routing instance.

    2. Configure the routing instance as a VRF instance.

    3. Reference the IRB interface by specifying irb.vlan-id.

    4. Add the NAT inside interface to the routing instance by specifying the inside interface name and route distinguisher attached to the route.

    5. Specify the VPN’s community. VRF import and export policies are automatically generated.

    6. Map the inner label of a packet to a specific VRF table. This enables examination of the encapsulated IP header.

    7. Add a static route to send Internet traffic to the inside interface of NAT service.


      You must advertise this route to remote PE routers through a VPN export policy.