[j-nsp] MPLS for management VPN question

Richmond, Jeff Jeff.Richmond at frontiercorp.com
Thu Jun 4 09:16:42 EDT 2009 

Jeff,

This isn't typically something that can be described in just a few short emails, as there are so many ways to do things. However, that said, here is a short sample config for an L3VPN VRF:

jeff at br01.xxxx> show configuration routing-instances
VPN.TEST {
    instance-type vrf;
    interface lo0.125;
    route-distinguisher 1.1.1.1:125;
    vrf-target target:1111:125;
}

In this case I have no physical interfaces in the VRF, just a loopback address on lo0.125. For this VPN I am just doing a simple vrf-target statement which uses the configured value as an import and export value for the VRF. So lo0.125 will be tagged with the community 1111:125, and any routes learned that also have that matching community will also get automatically imported in to the VRF. You can get much more granular, however, using explicit import and export filters.

Hope this helps.
-Jeff

________________________________________
From: juniper-nsp-bounces at puck.nether.net [juniper-nsp-bounces at puck.nether.net] On Behalf Of Jeff Meyers [Jeff.Meyers at gmx.net]
Sent: Thursday, June 04, 2009 4:13 AM
To: Truman Boyes
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] MPLS for management VPN question

Truman Boyes schrieb:

Hi,

thanks for your answer so far.

> You then need to define a route-distinguisher, and route targets (or
> simply vrf-target under the VRF) to import/export the routes for this
> VPN from other PEs.

Can you provide an example for that? That would be a L3VPN, right? Why
would I need any routes to be known on the router? Basically I only need
192.168.0.0/16 to be the management subnet globally without any default
gateways.

> Later on you might want to connect some of your NMS/OSS systems into the
> VRF so they can reach the the devices on the management VPN.

So I simply add the devices to the vlan 100 on the existing ae Link with
.1q tagged vlans? No special encapsulation needed on juniper side?


Thanks,
Jeff

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list