Configuring VPN Routing between the PE and CE Routers

Previous page
Table of content
Next page

For the PE router to distribute VPN- related routes to and from connected CE routers, you must configure routing within the VPN routing instance. You can configure a routing protocol ”either BGP, OSPF, or RIP ”or you can configure static routing. For the connection to each CE router, you can configure only one type of routing.

To configure BGP as the routing protocol between the PE and the CE router, include the protocols bgp statement: 

 [edit routing-instances  routing-instance-name  ]  protocols {   bgp {     group  group-name  {       peer-as  as-number  ;       neighbor  ip-address  ;     }   } }

To configure OSPF to distribute VPN-related routes between the PE and CE routers, configure an OSPF domain ID for each distinct OSPF domain. Routes from an OSPF domain need to have an OSPF domain ID when they are distributed in BGP as VPN-IPv4 routes in VPNs with multiple OSPF domains. In a VPN connecting multiple OSPF domains, there is a possibility that the routes from one of the domains could overlap with the routes of a different domain. Configuring a unique OSPF domain ID for each domain ensures that the routes for each domain remain separate. When a PE router receives a route with a different OSPF domain ID, it redistributes the route as a type 5 link-state advertisement (LSA). If the OSPF domain IDs match and the route is a summary route, it is distributed as a type 3 LSA (type 5 LSAs are passed as type 5 LSAs). Each VRF table in a PE router associated with an OSPF instance must be configured with the same OSPF domain ID.

You can set a VPN tag for the OSPF external routes generated by the provider edge (PE) router. By default, this tag is automatically calculated and needs no configuration. To configure the domain VPN tag for Type 5 LSAs, include the domain-vpn-tag number statement at the [edit routing-instances routing-instance-name protocols ospf] hierarchy level; the range is 1 through 4,294,967,295. If you set VPN tags manually, you must set the same value for all PE routers in that VPN.

To configure OSPF as the routing protocol between the PE and the CE router, include the ospf statement: 

 [edit routing-instances  routing-instance-name  protocols]  ospf {   area  area  {     interface  interface-name  ;   }   domain-id domain-id ;   domain-vpn-tag number; }

For a Layer 3 VPN, you can configure RIP on the PE router to learn the routes of the CE router or to propagate the routes of the PE router to the CE router. RIP routes learned from neighbors configured under any routing-instance hierarchy level are added to the routing instance's inet table ( instance_name .inet.0 ). To configure RIP as the routing protocol between the PE and the CE router, include the rip statement: 

 [edit routing-instances  routing-instance-name  protocols]  rip {   group  group-name  {     neighbor  interface-name  ;   } }

To install routes learned from a RIP routing instance to multiple routing tables, include the rib-group statement: 

 [edit protocols rip] or  [edit routing-instances  routing-instance-name  protocols rip] protocols rip {   rib-group inet  routing-table-group-name  ;   group  group-name  {     neighbor  interface-name  ;   } }

The first routing table name specified in the import-rib statement at the [edit routing-options rib table1.inet.0 static] hierarchy level must be the name of the routing table you are configuring.

To configure a static route between the PE and the CE router, include the static statement: 

 [edit routing-instances  routing-instance-name  routing-  options] static {   route  destination-prefix  {  next-hop  ;  static-options  ;   } }

To limit the number of prefixes installed into routing tables, include the maximum-routes statement. Route limits apply only to dynamic routing protocols and are not applicable to static or interface routes. 

 [edit routing-instances  routing-instance-name  routing-  options] maximum-routes  route-limit  <log-only  threshold  value  >;

Route limits can be advisory (set with the log-only option) or mandatory. An advisory limit triggers only warnings. The log messages are rate-limited to once every 30 seconds. A mandatory limit, in addition to triggering a warning message, rejects any additional routes after the threshold is reached. The threshold value is a percentage of the route limit at which warning messages are logged.


Previous page
Table of content
Next page
Juniper Networks Field Guide and Reference
Juniper Networks Field Guide and Reference
ISBN: 0321122445
EAN: 2147483647
Year: 2002
Pages: 185
Authors: Aviva Garrett, Gary Drenan, Cris Morris, Juniperu00ae Networks
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
The .NET Developers Guide to Directory Services Programming
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
The Java Tutorial: A Short Course on the Basics, 4th Edition
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy