To provide address space for the IPinIP encapsulation, each Avaya Ethernet Routing Switch
8800/8600 is also configured with a second CLIP network address (the Service IP) which is created
using a 24-bit mask rather than a host 32-bit mask.
Layer 3 VPNs are then configured by first creating a VRF instance at all the sites where the VPN
must terminate. As shown in the following figure, IP VLANs local to each site can then be assigned
to the relevant VRF, thus ensuring IP routing connectivity between VLANs assigned only to the
same VRF instance, but no IP routing towards other IP VLANs assigned to other VRF instances.
Each VRF then has IP VPN functionality enabled which allows it to belong to one or more Layer 3
VPNs. This configuration is done by assigning an appropriate Route Distinguisher (RD) and import
and export Route Targets (RT) to the VRF IP VPN configuration. The end result being that BGP
automatically installs remote IP routes from remote VRFs belonging to the same VPN into the local
VRF and vice versa. Furthermore each Layer 3 VPN can be created as any-any, hub-spoke or
multihub-spoke by simple manipulation of the import and export RTs as per the RFC 4364
framework.
Figure 126: Example of two separate Layer 3 VPNs
Internet Layer 3 VPN design
The two Avaya Ethernet Routing Switch 8800/8600s in the main sites 1 and 2 also have a third CLIP
address (also a Service IP) which is made the same at both sites. This CLIP address also uses a
24-bit mask and is only used for IPinIP encapsulated Layer 3 VPN traffic destined for the Internet.
June 2016
Planning and Engineering — Network Design
Comments on this document? infodev@avaya.com
Internet Layer 3 VPN design
251