[j-nsp] MPLS for management VPN question

Timur Ibragimov itim at ycc.ru
Thu Jun 4 08:59:52 EDT 2009


The management VPN configuration is for example going to be like the
following:

mgmt {
    description "-- management vpn --";
    instance-type vrf;
    # - e.g. management vlan 100
    interface ge-0/0/0.100;
    interface lo0.110;
    vrf-export mgmt-export-policy;
    vrf-target import target:as_num:1100;
    vrf-table-label;
}

Routes from 192.168.0.0/16 management net on ge-0/0/0.100 interface go
into the corresponding forwarding table mgmt.inet.0.

In /vrf-export mgmt-export-policy/ statement you'd put a policy that
routes to be exported should pass through and in which you should assign
a community e.g. /target:as_num:1100/ to that routes. That policy should
look like this:

    policy-statement mgmt-export-policy {
        then {
            community set mgmt;
            accept;
        }
    }

    community mgmt members target:as_num:1100;


And in /vrf-target import target:as_num:1100/ statement you should
specify the allowed communities (target:as_num:1100) to accept from
neighbors.

-- 
Best regards,

Timur Ibragimov


> Truman Boyes schrieb:
>
> Hi,
>
> thanks for your answer so far.
>
>> You then need to define a route-distinguisher, and route targets (or
>> simply vrf-target under the VRF) to import/export the routes for this
>> VPN from other PEs.
>
> Can you provide an example for that? That would be a L3VPN, right? Why
> would I need any routes to be known on the router? Basically I only
> need 192.168.0.0/16 to be the management subnet globally without any
> default gateways.
>
>> Later on you might want to connect some of your NMS/OSS systems into
>> the VRF so they can reach the the devices on the management VPN.
>
> So I simply add the devices to the vlan 100 on the existing ae Link
> with .1q tagged vlans? No special encapsulation needed on juniper side?
>
>
> Thanks,
> Jeff
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list