[j-nsp] Hub and Spoke VPN
Krzysztof Maj
mkrzych at post.pl
Fri Nov 7 10:07:06 EST 2003
Hi,
I have a question about a VPN Hub and Spoke topology, but a quite bit
diffrent then a normal Juniper configuration. As everybody can read in
docs I have for example 2 CE's connected to diffrent PE's (Spokes) and
one PE with HUB CE router.
To achieve this topology I must to configure two VRF: one for spokes
and one for Hub routes. I must to have two interfaces to hub CE router
in diffrent VRFs too. Is it true?
Now imagine that I have 3 CE routers in one PE location and one CE
router in other PE location where the hub is connected. All 4 CE
routers are in the same VPN!
I like to all traffic from particular CE's (Spokes) send via Hub CE,
but not between CE's directly.
Remember that all routers are in the same VPN (I have one VRF).
The question is how I can do it? I thought about routing-instance
forwardin options and next-hop-groups to check the source address in
firewall filter and alter in groups next-hop for this route.
All suggestions are highly appreciated :-)
Best regards,
Christopher May
More information about the juniper-nsp
mailing list