Layer 3 VPN Configurations


These configurations illustrate a typical Layer 3 VPN scenario. Router 4, Router 8, and Router 9 belong to one VPN site named blue. Router 5, Router 6, and Router 7 belong to another VPN site named green. The PE-CE protocols could be BGP, static route (with the next hop configured toward the attached PE), or an IGP such as OSPF or RIP. The PE-PE connections are running MBGP. Labelled VPN routes are exchanged over the MBGP sessions that terminate on the PE routers.

The topology shown in Figure 14.12 is used in these configurations.

Figure 14.12. Layer 3 VPN Topology

graphics/14fig12.gif

Router 1 Configuration

 interfaces {     fe-0/0/0 {         description "to Router 1 fe-0/0/2";         unit 0 {             family inet {                 address 192.168.210.38/30;             }             family iso;             family mpls;         }     }     ge-0/2/0 {         unit 0 {             family inet {                 address 192.167.188.1/30;             }             family mpls;         }     }     t1-0/3/0 {         unit 0 {             family inet {                 address 192.167.188.13/30;             }             family mpls;         }     }     t1-0/3/1 {         description "to Router 6 t1-0/2/1";         unit 0 {             family inet {                 address 192.168.210.57/30;             }             family iso;             family mpls;         }     } } routing-options {     router-id 10.255.71.54;     autonomous-system 69; } protocols {     rsvp {         interface all;     }     mpls {         label-switched-path to_Router 3 {             to 10.255.71.61;         }         interface ge-0/2/0.0;         interface at-1/3/1.0;         interface at-1/3/0.0;         interface t1-0/3/0.0;     }     bgp {         group from_Router 1_to_Router 3 {             type internal;             local-address 10.255.71.54;             family inet {                 any;             }             family inet-vpn {                 any;             }             neighbor 10.255.71.61;         }     }     ospf {         traffic-engineering;         area 0.0.0.0 {             interface ge-0/2/0.0;             interface lo0.0 {                 passive;             }         }     } } policy-options {     policy-statement green-import {         term a {             from {                 protocol bgp;                 community green-comm;             }             then accept;         }         term b {             then reject;         }     }     policy-statement blue-import {         term a {             from {                 protocol bgp;                 community blue-comm;             }             then accept;         }         term b {             then reject;         }     }     policy-statement green-export {         term a {             from protocol [ bgp rip ];             then {                 community add green-comm;                 accept;             }         }         term b {             then reject;         }     }     policy-statement blue-export {         term a {             from protocol ospf;             then {                 community add blue-comm;                 accept;             }         }         term b {             then reject;         }     }     policy-statement rip-export {         term a {             from protocol bgp;             then accept;         }         term b {             then reject;         }     }     policy-statement bgp-export {         term a {             from protocol [ bgp rip ];             then accept;         }         term b {             then reject;         }     }     community blue-comm members target:69:2;     community green-comm members target:69:1; } routing-instances {     blue {         instance-type vrf;         interface at-1/3/1.0;         route-distinguisher 10.255.71.54:200;         vrf-import blue-import;         vrf-export blue-export;         protocols {             ospf {                 export blue-import;                 area 1.1.1.1 {                     interface at-1/3/1.0;                 }             }         }     }     green {         instance-type vrf;         interface at-1/3/0.0;         interface t1-0/3/0.0;         route-distinguisher 10.255.71.54:100;         vrf-import green-import;         vrf-export green-export;         protocols {             bgp {                 group to_Router5 {                     type external;                     export bgp-export;                     peer-as 1;                     neighbor 192.167.188.10;                 }             }             rip {                 group to_Router6 {                     export rip-export;                     neighbor t1-0/3/0.0;                 }             }         }     } } 

Router 2 Configuration

 interfaces {     fe-0/0/2 {         description "to Router 1 fe-0/0/2";         unit 0 {             family inet {                 address 192.168.210.37/30;             }             family iso;             family mpls;         }     }     fe-0/0/3 {         description "to Router 3 fe-0/0/0";         unit 0 {             family inet {                 address 192.168.210.41/30;             }             family iso;             family mpls;         }     } } routing-option {     router-id 10.255.71.62;     autonomous-system 69; } protocols {     rsvp {         interface all;     }     mpls {         interface ge-0/3/0.0;         interface ge-0/3/1.0;     }     ospf {         traffic-engineering;         area 0.0.0.0 {             interface ge-0/3/0.0;             interface ge-0/3/1.0;             interface lo0.0 {                 passive;             }         }     } } 

Router 3 Configuration

 interfaces {     fe-0/0/0 {         description "to Router 2 fe-0/0/3";         unit 0 {             family inet {                 address 192.168.210.42/30;             }             family iso;             family mpls;         }     }   ... } routing-option {     router-id 10.255.71.61;     autonomous-system 69; } protocols {     rsvp {         interface all;     }     mpls {         label-switched-path to_Router 1 {             to 10.255.71.54;         }         interface ge-0/2/0.0;         interface so-1/0/0.0;         interface at-0/3/1.0;         interface so-1/0/1.0;     }     bgp {         group from_Router 3_to_Router 1 {             type internal;             local-address 10.255.71.61;             family inet {                 any;             }             family inet-vpn {                 any;             }             neighbor 10.255.71.54;         }     }     ospf {         traffic-engineering;         area 0.0.0.0 {             interface ge-0/2/0.0;             interface lo0.0 {                 passive;             }         }     } } policy-options {     policy-statement green-import {         term a {             from {                 protocol bgp;                 community green-comm;             }             then accept;         }         term b {             then reject;         }     }     policy-statement blue-import {         term a {             from {                 protocol bgp;                 community blue-comm;             }             then accept;         }         term b {             then reject;         }     }     policy-statement green-export {         term a {             from protocol static;             then {                 community add green-comm;                 accept;             }         }         term b {             then reject;         }     }     policy-statement blue-export {         term a {             from protocol bgp;             then {                 community add blue-comm;                 accept;             }         }         term b {             then reject;         }     }     community blue-comm members target:69:2;     community green-comm members target:69:1; } routing-instances {     blue {         instance-type vrf;         interface at-0/3/1.0;         interface so-1/0/1.0;         route-distinguisher 10.255.71.61:200;         vrf-import blue-import;         vrf-export blue-export;         protocols {             bgp {                 group to_Router8_Router9 {                     type external;                     peer-as 1;                     neighbor 192.167.188.26;                     neighbor 192.167.188.30;                 }             }         }     }     green {         instance-type vrf;         interface so-1/0/0.0;         route-distinguisher 10.255.71.61:100;         vrf-import green-import;         vrf-export green-export;         routing-options {             static {                 route 10.255.71.60/32 next-hop 192.167.188.22;                 route 10.220.1.0/24 next-hop 192.167.188.22;             }         }     } } 

Router 4 Configuration

 protocols {     mpls {         interface at-1/0/0.0;     }     ospf {         export export-vpn;         area 1.1.1.1 {             interface at-1/0/0.0;         }     } } policy-options {     policy-statement export-vpn {         term a {             from {                 protocol direct;                 route-filter 10.255.71.55/32 exact;             }             then accept;         }         term b {             from {                 protocol static;                 route-filter 10.220.1.0/24 exact;             }             then accept;         }         term c {             then reject;         }     } } 

Router 5 Configuration

 protocols {     bgp {         group to_Router1 {             export export-vpn;             peer-as 69;             neighbor 192.167.188.9;         }     } } policy-options {     policy-statement export-vpn {         term a {             from {                 protocol direct;                 route-filter 10.255.71.56/32 exact;             }             then accept;         }         term b {             from {                 protocol static;                 route-filter 10.220.1.0/24 exact;             }             then accept;         }         term c {             then reject;         }     } } 

Router 6 Configuration

 protocols {     rip {         group to_Router1 {             export export-vpn;             neighbor t1-0/2/0.0;         }     } } policy-options {     policy-statement export-vpn {         term a {             from {                 protocol direct;                 route-filter 10.255.71.57/32 exact;             }             then accept;         }         term b {             from {                 protocol static;                 route-filter 10.220.1.0/24 exact;             }             then accept;         }         term c {             then reject;         }     } } 

Router 7 Configuration

 policy-options {     policy-statement export-vpn {         term a {             from {                 protocol direct;                 route-filter 10.255.71.57/32 exact;             }             then accept;         }         term b {             from {                 protocol static;                 route-filter 10.220.1.0/24 exact;             }             then accept;         }         term c {             then reject;         }     } } 

Router 8 Configuration

 protocols {     bgp {         group to-Router 3 {             export export-vpn;             peer-as 69;             neighbor 192.167.188.25;         }     } } policy-options {     policy-statement export-vpn {         term a {             from {                 protocol direct;                 route-filter 10.255.71.59/32 exact;             }             then accept;         }         term b {             from {                 protocol static;                 route-filter 10.220.1.0/24 exact;             }             then accept;         }         term c {             then reject;         }     } } 

Router 9 Configuration

 protocols {     bgp {         group to-Router 3 {             export export-vpn;             peer-as 69;             neighbor 192.167.188.29;         }     } } policy-options {     policy-statement export-vpn {         term a {             from {                 protocol direct;                 route-filter 10.255.71.58/32 exact;             }             then accept;         }         term b {             from {                 protocol static;                 route-filter 10.220.1.0/24 exact;             }             then accept;         }         term c {             then reject;         }     } 


Juniper Networks Field Guide and Reference
Juniper Networks Field Guide and Reference
ISBN: 0321122445
EAN: 2147483647
Year: 2002
Pages: 185

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net