Table of Contents
Advertisement
JUNOSe 11.1.x BGP and MPLS Configuration Guide
VRF and is used for VPN traffic. The other logical circuit runs between the CE router
and the parent VR of the VRF and is used for Internet traffic. These logical circuits
are typically FR circuits, ATM circuits, or VLANs.
The following sections describe alternative methods of providing Internet access for
situations in which having two separate logical circuits is not acceptable or desirable.
Enabling Traffic Flow from the VPN to the Internet
Traffic from a CE router arrives on a PE interface that exists in the context of a VRF.
The PE router then looks up the destination address of the IP packet in the context
of the VRF routing table rather than the VR routing table.
Problems
The VRF routing table lookup introduces the following complication.
Solutions
The following methods enable advertising of Internet routes to VPN sites and thus
enable traffic flow from the VPNs to the Internet:
You can create multiple IP interfaces on top of a single layer 2 interface. One of those
interfaces is the primary IP interface for receiving and sending IP packets. The other
interfaces are shared IP interfaces that are used only to send traffic.
Configuring a Default Route to a Shared Interface
For the first solution you create a default route in the VRF that points to a shared IP
interface. You must manually create the shared IP interface on top of the layer 2
interface that points to the Internet gateway. See Figure 101 on page 463.
The main disadvantage of this approach is that if multiple Internet gateways are
available, BGP cannot select the egress gateway that is optimal for each destination
462
Providing Internet Access to and from VPNs
The size of the Internet routing table. Placing a full default-free Internet routing
table in the VRF routing table is not feasible because it does not scale. The PE
router would have to support more than 100,000,000 routes, because the full
default-free Internet routing table is currently about 120,000 routes and the
router must support up to 1,000 VRFs.
Configure default routes instead of a full default-free Internet routing table in the
VRF. The default routes must point to a shared IP interface that you create on
top of the layer 2 interface that points to the Internet gateway.
Configure a single full default-free Internet routing table in the context of the
parent VR and share this one table among all VRFs with the fallback global
feature. Fallback global enables an additional lookup in the IP routing table of
the parent VR in the event that the IP route lookup in the child VRF fails.
When reachability to a small number of networks in the Internet is required,
then configure a global import map to import only the specific route to these
networks into the VRF.
- Quick Links:
- Bgp Peers and Neighbors
- Ibgp and Ebgp
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the BGP - CONFIGURATION GUIDE V 11.1.X and is the answer not in the manual?