Understanding Layer 3 Vpn Attributes - Juniper ACX1000 Configuration Manual

ACX Series Universal Access Router Configuration Guide

Understanding Layer 3 VPN Attributes

814
RFC 4364 VPNs are also known as BGP/MPLS VPNs because BGP is used to distribute
VPN routing information across the provider's backbone, and MPLS is used to forward
VPN traffic across the backbone to remote VPN sites.
Customer networks, because they are private, can use either public addresses or private
addresses, as defined in RFC 1918, Address Allocation for Private Internets. When customer
networks that use private addresses connect to the public Internet infrastructure, the
private addresses might overlap with the same private addresses used by other network
users. MPLS/BGP VPNs solve this problem by adding a VPN identifier prefix to each
address from a particular VPN site, thereby creating an address that is unique both within
the VPN and within the public Internet. In addition, each VPN has its own VPN-specific
routing table that contains the routing information for that VPN only.
Route distribution within a VPN is controlled through BGP extended community attributes.
RFC 4364 defines the following three attributes used by VPNs:
Target VPN—Identifies a set of sites within a VPN to which a provider edge (PE) router
distributes routes. This attribute is also called the route target. The route target is used
by the egress PE router to determine whether a received route is destined for a VPN
that the router services.
Figure 45 on page 815 illustrates the function of the route target. PE Router PE1 adds
the route target "VPN B" to routes received from the customer edge (CE) router at
Site 1 in VPN B. When it receives the route, the egress router PE2 examines the route
target, determines that the route is for a VPN that it services, and accepts the route.
When the egress router PE3 receives the same route, it does not accept the route
because it does not service any CE routers in VPN B.
VPN of origin—Identifies a set of sites and the corresponding route as having come
from one of the sites in that set.
Site of origin—Uniquely identifies the set of routes that a PE router learned from a
particular site. This attribute ensures that a route learned from a particular site through
a particular PE-CE connection is not distributed back to the site through a different
PE-CE connection. It is particularly useful if you are using BGP as the routing protocol
between the PE and CE routers and if different sites in the VPN have been assigned
the same autonomous system (AS) numbers.
Copyright © 2017, Juniper Networks, Inc.