Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring the PE2 Router to Route Internet Traffic Using MX Series Router Cloud CPE NAT Services

PE2 is the adjacent PE router of the VPN site without Internet access. Complete the following tasks to configure PE2:

Configuring the Subscriber VLAN

To configure the subscriber VLANs:

  1. Configure the physical interface for VLAN tagging and flexible Ethernet services encapsulation.
  2. Set up the VLAN for internal VPN traffic.
    1. Configure the logical interface.

    2. Configure the encapsulation for the logical interface.

    3. Bind an 802.1Q VLAN tag ID to the logical interface.

    4. Configure the logical interface for Layer 2 bridging.

Configuring the IRB Interface, Bridge Domain, and Routing Instance

To configure the IRB interface, bridge domain, and routing instance:

  1. Configure the IRB interface.
    1. Configure the logical interface used for internal VPN traffic as the IRB interface.

    2. Specify the private subnet of the VPN site on the IRB interface.

  2. Configure the bridge domain.
    1. Configure the bridge domain name.

    2. Associate the subscriber’s VLAN ID with the bridge domain.

    3. Specify the interface to include in the bridge domain.

    4. Specify the routing interface to include in the bridge domain.

  3. Configure the routing instance.
    1. Configure the name of the routing instance.

    2. Configure the routing instance as VRF.

    3. Reference the IRB interface by specifying irb.vlan-id.

    4. Specify a route distinguisher attached to the route, enabling you to distinguish which VPN the route belongs to. Each routing instance must have a unique route distinguisher associated with it. The route distinguisher is used to place boundaries around a VPN so that the same IP address prefixes can be used in different VPNs without having them overlap. The format for the route distinguisher is as-number:id.

    5. Specify the VPN’s community. VRF import and export policies are automatically generated.

    6. Map the inner label of a packet to a specific VRF table. This enables examination of the encapsulated IP header.