O'Reilly logo

JUNOS Cookbook by Aviva Garrett

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

15.3. Adding a VPN for a Second Customer

Problem

You want to configure a single PE router to keep the traffic for the two different VPNs separated.

Solution

Configure the VPN for the second customer on the PE router:

	[edit  
routing-instances VPN1]
	aviva@RouterG# set instance-type vrf
	aviva@RouterG# set interface fe-1/0/1
	aviva@RouterG# set route-distinguisher 65500:1
	aviva@RouterG# set vrf-target target:65530:200
	aviva@RouterG# set routing-options protocols bgp group VPN1-group type external
	aviva@RouterG# set routing-options protocols bgp group VPN1-group peer-as 65530
	aviva@RouterG# set routing-options protocols bgp group VPN1-group neighbor 10.0.1.1

Have the customer configure an EBGP session on her CE router that connects to your PE router:

	[edit protocols bgp group to-ISP]
	aviva@RouterH# set type external
	aviva@RouterH# set peer-as 65500
	aviva@RouterH# set neighbor 10.0.1.2

Discussion

From a service provider point of view, the whole point of Layer 3 VPNs is to allow a single edge router in your network to provide services to a number of different customers and to isolate each customer's network so that all information pertaining to it remains private. When configuring the PE router, you set up the router to keep each customer's routing information in separate routing tables and you establish unique route distinguishers so that the PE routers can identify which routes belong to which VPNs.

This recipe shows how to add a VPN called VPN1 for a second customer. Figure 15-2 shows the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required