Configuring Logical Units on the Loopback Interface for Routing Instances in Layer 3 VPNs
For Layer 3 VPNs (VRF routing instances), you can configure a logical unit on the loopback interface into each VRF routing instance that you have configured on the router. Associating a VRF routing instance with a logical unit on the loopback interface allows you to easily identify the VRF routing instance.
Doing this is useful for troubleshooting:
It allows you to ping a remote CE router from a local PE router in a Layer 3 VPN. For more information, see Example: Troubleshooting Layer 3 VPNs.
It ensures that a path maximum transmission unit (MTU) check on traffic originating on a VRF or virtual-router routing instance functions properly. For more information, see Configuring Path MTU Checks for VPN Routing Instances.
You can also configure a firewall filter for the logical unit on the loopback interface; this configuration allows you to filter traffic for the VRF routing instance associated with it.
The following describes how firewall filters affect the VRF
routing instance depending on whether they are configured on the default
loopback interface, the VRF routing instance, or some combination
of the two. The “default loopback interface” refers to lo0.0 (associated with the default routing table), and the
“VRF loopback interface” refers to lo0.n, which is configured in the VRF routing instance.
If you configure Filter A on the default loopback interface and Filter B on the VRF loopback interface, the VRF routing instance uses Filter B.
If you configure Filter A on the default loopback interface but do not configure a filter on the VRF loopback interface, the VRF routing instance does not use a filter.
If you configure Filter A on the default loopback interface but do not configure a VRF loopback interface, the VRF routing instance uses Filter A. For MX80 devices, the behavior is slightly different: If you configure filters on the default loopback interface but do not configure a VRF loopback interface, the VRF routing instance uses only the input filters assigned to the default loopback (it does not use output filters from the default loopback).
For some ACX Series Universal Metro Routers (ACX1000, ACX2000, ACX4000, and ACX5000), the default loopback filter must be in the same routing, or virtual routing and forwarding (VRF), instance as the ingress traffic it filters. That is, on these devices, the default loopback filter cannot be used for traffic traversing an interface that belongs to a different routing instance.
To configure a logical unit on the loopback interface, include
the unit statement:
unit number {
family inet {
address address;
}
}
You can include this statement at the following hierarchy levels:
[edit interfaces lo0][edit logical-systems logical-system-name interfaces lo0]
To associate a firewall filter with the logical unit on the
loopback interface, include the filter statement:
filter {
input filter-name;
}
You can include this statement at the following hierarchy levels:
[edit interfaces lo0 unit unit-number family inet][edit logical-systems logical-system-name interfaces lo0 unit unit-number family inet]
To include the lo0.n interface
(where n specifies the logical unit)
in the configuration for the VRF routing instance, include the following
statement:
interface lo0.n;
You can include this statement at the following hierarchy levels:
[edit routing-instances routing-instance-name][edit logical-systems logical-system-name routing-instances routing-instance-name]