Using Route Targets To Configure Vpn Topologies; Full-Mesh Vpns; Figure 82: Site Connectivity In A Full-Mesh Vpn - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BGP AND MPLS CONFIGURATION GUIDE 2010-10-12 Configuration Manual
Software for e series broadband services routers bgp and mpls configuration guide
Hide thumbs
Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - BGP AND MPLS CONFIGURATION GUIDE 2010-10-12:
- Configuration manual (786 pages)
Table of Contents
Advertisement
JunosE 11.3.x BGP and MPLS Configuration Guide
Using Route Targets to Configure VPN Topologies
Full-Mesh VPNs
412
In Figure 81 on page 411, the base tunnels between the PE routers are established in the
IPv4 core networks with LDP or RSVP. The PE routers advertise IPv6 prefixes from the
CE devices within their respective ASs as VPNv6 prefixes with MP-IBGP. For example,
PE 1 advertises the CE 1 prefix 6001:0430::/48 over to PE 2 in its MP_REACH_NLRI attribute.
The next-hop attribute in the update message is the PE 1 loopback address—the
IPv4-mapped IPv6 address, FFFF::1.1.1.1/128.
PE 2 advertises 6001:0430::/48 by means of MP-EBGP to PE 3. The prefix is sent as a
VPNv6-labeled prefix (2002:0202/48), with the default BGP next hop being the
IPv4-mapped IPv6 address of the IPv4 interface going to PE 3.
For inter-AS services, in contrast to intra-AS services, JunosE Software supports both
IPv4 backbone and IPv6 backbone types of BGP next-hop encodings. The default BGP
next-hop encoding used for IPv6 VPN inter-AS services is the one specified for the IPv4
backbone where IPv4-mapped IPv6 addresses are used. Alternatively, you might also
configure the IPv6 backbone type of BGP next-hop encoding by configuring route maps
that use native IPv6 addresses for the BGP next hop.
You can use VRF import and export route targets to configure a variety of VPN topologies,
such as full-mesh VPNs, hub-and-spoke VPNs, and overlapping VPNs.
In a full-mesh VPN, each site in the VPN can communicate with every other site in that
same VPN. For example, in Figure 82 on page 412, each site in VPN A can communicate
with all other VPN A sites but not with the sites in VPN B.
Figure 82: Site Connectivity in a Full-Mesh VPN
Figure 83 on page 413 illustrates how you can configure the VRF import and export route
targets to build a full-mesh VPN. Each VRF in VPN A has the same route target, 100:10,
in their import list and export list. Each VPN A VRF accepts only received routes that have
this route target attached. Because this route target is attached to each route advertised
by VPN A VRFs, every site in VPN A accepts routes only from other sites in VPN A. The
same principle applies to VPN B.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the JUNOSE SOFTWARE FOR E SERIES 11.3.X - BGP AND MPLS CONFIGURATION GUIDE 2010-10-12 and is the answer not in the manual?