Case Study 1: Full-Mesh VPN Configuration

Previous page
Table of content
Next page

The topology displayed in Figure 13-11 shows CE routers Rome and Berlin as being member sites of VPN-Red. Chicago and New York are PE routers and Seattle is a P router. The router configurations follow the explanation below:

  1. The CE router Rome will advertise routes to PE router Chicago, which, upon receipt of the routes, will install them into its VRF table for VPN-Red. The name of this table will be VPN-Red.

  2. Chicago will then create an MPLS label for the interface that connects to Rome.

  3. Chicago will then check its export policy MY-EXPORT , and for all of the routes learned from OSPF, the community VPN-Red will be added.

  4. PE router Chicago will also add the RD 64512:01 to these routes, and then distribute them to PE router New York across the IBGP session between Chicago and New York.

  5. When PE router New York receives the routes from PE router Chicago, PE router New York will check the routes against its import policy; in this case, the import policy used is MY-IMPORT . This policy says that routes learned from BGP with the community set to VPN-Red should be accepted, and all other routes should be rejected.

  6. That being the case, the routes learned by PE router New York from PE router Chicago will be installed into the BGP/Layer 3 VPN routing table. This table is identified in JUNOS as bgp.l3vpn.0 .

  7. From this table, the RDs will be removed and the IPv4 routes will be installed into the VRF for VPN-Red.

  8. PE router New York will now advertise these routes to CE router Berlin, using OSPF.

  9. CE router Berlin will install these routes into its main routing table.

  10. When packets destined for CE router Rome are received by PE router New York from CE router Berlin, the label and PE router Chicago will be used to forward the packets switched- path between PE router New York.

Figure 13-11. Case Study 1

graphics/13fig11.gif

The following examples show working BGP/MPLS VPN configurations on Juniper Networks routers. Each section is labeled with the router name and displays the configuration for the routers listed in Figure 13-11.

PE Router Chicago

The following output is the configuration used by PE router Chicago in Case Study 1. This router will exchange routing information with PE router New York. 

 interfaces {      fe-1/0/3 {         unit 0 {             family inet {                 address 10.0.8.1/24;             }             family mpls;     at-1/2/1 {         atm-options {             vpi 0 maximum-vcs 200;         }         unit 100 {             vci 0.100;             family inet {                 address 10.0.0.2/24;             }             family iso;             family mpls;     lo0 {         unit 0 {             family inet {                 address 192.168.5.1/32;             }             family iso {                 address 49.0000.0000.0001.00; routing-options {     router-id 192.168.5.1;     autonomous-system 100; } protocols {     rsvp {         interface all;     }     mpls {         label-switched-path Chicago-to-newyork {             to 192.168.2.1;         }         interface all;     }     bgp {         local-address 192.168.5.1;         family inet-vpn {             unicast;         }         group internal {             type internal;             neighbor 192.168.0.1;             neighbor 192.168.2.1;         }     }     isis {         level 1 disable;         interface all;     } } policy-options {     policy-statement MY-EXPORT {         term a {             from protocol ospf;             then {                 community add VPN-Red;                 accept;             }         }         term b {             then reject;         }     }     policy-statement MY-IMPORT {         term a {             from {                 protocol bgp;                 community VPN-Red;             }             then accept;         }         term b {             then reject;         }     }     community VPN-Red members target:64512:01; } routing-instances {     vpntest {         instance-type vrf;         interface fe-1/0/3.0;         route-distinguisher 64512:01;         vrf-import MY-IMPORT;         vrf-export MY-EXPORT;         protocols {             ospf {                 area 0.0.0.0 {                     interface fe-1/0/3.0;

PE Router New York

PE router New York exchanges routing information with PE router Chicago and connects to CE router Berlin. The configuration for PE router New York is displayed below: 

 interfaces {      so-0/1/0 {         unit 0 {             family inet {                 address 10.0.24.1/24;             }             family mpls;         }     }     so-0/3/0 {         unit 0 {             family inet {                 address 10.0.1.1/24;             }             family iso;             family mpls;     lo0 {         unit 0 {             family inet {                 address 192.168.2.1/32;             }             family iso {                 address 49.0000.0000.0003.00;             }         }     } } routing-options {     router-id 192.168.2.1;     autonomous-system 100; } protocols {     rsvp {         interface all;     }     mpls {         label-switched-path newyork-to-Chicago {             to 192.168.5.1;         }         interface all;     }     bgp {         local-address 192.168.2.1;         group internal {             type internal;             neighbor 192.168.0.1;             neighbor 192.168.5.1;         }     }     isis {         level 1 disable;         interface all;     } } policy-options {     policy-statement MY-IMPORT {         term a {             from {                 protocol bgp;                 community VPN-Red;             }             then accept;         }         term b {             then reject;         }     }     policy-statement MY-EXPORT {         term a {             from protocol ospf;             then {                 community add VPN-Red;                 accept;             }         }         term b {             then reject;         }     }     community VPN-Red members target:64512:01; } routing-instances {     vpntest {         instance-type vrf;         interface so-0/1/0.0;         route-distinguisher 64512:01;         vrf-import MY-IMPORT;         vrf-export MY-EXPORT;         protocols {             ospf {                 area 0.0.0.0 {                     interface so-0/1/0.0;

P Router Seattle

Seattle is being used as a provider router and will only function as a part of the MPLS paths between PE routers. The configuration for Seattle is displayed below: 

 interfaces {      at-1/2/0 {         atm-options {             vpi 0 maximum-vcs 200;         }         unit 100 {             vci 0.100;             family inet {                 address 10.0.0.1/24;             }             family iso;             family mpls;         }     }     so-2/0/0 {         unit 0 {             family inet {                 address 10.0.1.2/24;             }             family iso;             family mpls;     lo0 {         unit 0 {             family inet {                 address 192.168.0.1/32;             }             family iso {                 address 49.0000.0000.0002.00;  routing-options {     router-id 192.168.0.1;     autonomous-system 100; } protocols {     rsvp {         interface all;     }     mpls {         interface all;      }     isis {         level 1 disable;         interface all;

CE Router Rome

CE router Rome is site one for the VPN-Red and connects to PE router Chicago. Rome's configuration is displayed below: 

 interfaces {      fe-1/0/3 {         unit 0 {             family inet {                 address 10.0.8.2/24;     lo0 {         unit 0 {             family inet {                 address 192.168.12.1/32;             }         }     } } protocols {     ospf {         area 0.0.0.0 {             interface all;

CE Router Berlin

CE router Berlin is site two for the VPN-Red and connects to PE router New York. The Berlin router's configuration is displayed below: 

 interfaces {      so-1/1/0 {         unit 0 {             family inet {                 address 10.0.24.2/24;      lo0 {         unit 0 {             family inet {                 address 192.168.24.1/32;             }         }     } } protocols {     ospf {         area 0.0.0.0 {             interface all;

Previous page
Table of content
Next page
Juniper Networks Reference Guide. JUNOS Routing, Configuration, and Architecture
Juniper Networks Reference Guide: JUNOS Routing, Configuration, and Architecture: JUNOS Routing, Configuration, and Architecture
ISBN: 0201775921
EAN: 2147483647
Year: 2002
Pages: 176
Authors: Thomas M. Thomas, Doris Pavlichek, Lawrence H. Dwyer, Rajah Chowbay, Wayne W. Downing, James Sonderegger
BUY ON AMAZON
Lotus Notes and Domino 6 Development (2nd Edition)
C++ GUI Programming with Qt 3
C++ How to Program (5th Edition)
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy