Example: Configuring Layer 3 VPN Localization for VRFs
Layer 3 VPN Localization Overview
Layer 3 VPN localization provides a mechanism for localizing routes of instance type vrf or virtual-router to specific Packet Forwarding Engines to help maximize the number of routes or VRFs that a router can handle.
To accomplish this, the Layer 3 VPN routes are installed only on the CE-facing Packet Forwarding Engine. By doing this, you can optimize the Packet Forwarding Engine memory. By Layer 3 VPN localization, the number of VPN IP routes that can be handled can be increased by using multiple Layer 3 VPN instances that are distributed across multiple Packet Forwarding Engines.
VPN localization can also be enabled on Layer 3 VPN and virtual-router routing instances configured on logical systems.
Packet Forwarding Engine-Based VPN Label Allocation
A new type of next hop, localized table next hop, is used for VRF localization. This next-hop type is referenced by MPLS routes for MPLS VPN labels that have been advertised for a VRF with localization enabled. When the core-facing Packet Forwarding Engine receives VPN traffic, it performs a lookup for the VPN label in the MPLS table.
The lookup for the VPN label on the MPLS route table provides a localized table next-hop that performs two functions for the Packet Forwarding Engine:
- Indicates to which CE-facing Packet Forwarding Engine the packet must be forwarded.
- Indicates which VRF table to use for the IP lookup on the CE-facing Packet Forwarding Engine.
When the routing protocol process advertises a Layer 3 VPN route to a BGP peer, BGP constructs the next hop to use for the MPLS VPN route for the VPN label. If the VRF has localization enabled, BGP uses the localized table next hop that was previously created for the logical interface referenced by the CE-route next hop. In the case where the CE-route next hop is equal-cost multipath (ECMP), BGP constructs an ECMP next hop comprised of the localized table next hop indices.
This feature is supported on the following devices:
- M320 devices
- MX Series devices with DPCs and MxFPC cards only
- T series devices
 | Note:
|
Example: Configuring Layer 3 VPN Localization
This example shows how to configure Layer 3 VPN localization on a PE router. Layer 3 VPN localization provides a mechanism for localizing Layer 3 VPN routes to specific Packet Forwarding Engines to help scale the routes that a router can handle.
Requirements
This example uses the following hardware and software components:
- MX Series 3D Universal Edge routers
- Junos OS Release 12.2 or later running on the devices
Overview
| Note: Layer 3 VPN localization is discontinued in Junos OS release 12.3R7. As such, the following command is now hidden: set routing-instances instance-name routing-options localize (Hidden commands can be executed as usual but they are not visible in the CLI. Hiding a command is the standard precursor to removing it from later releases.) |
You can use the following statements at the [edit routing-instances routing-instance-name routing-options] or the [edit logical-systems routing-instances routing-instance-name routing-options] hierarchy level to configure route localization for VRF:
- localize—Include this statement to localize
routing-instance routes to a specific Packet Forwarding Engine hardware.
This statement is applicable to inet and inet6 families
in the routing instance. It is not applicable for address families
such as ISO and MPLS.
For routing instances of type vrf, the localize statement can be specified along with the vrf-table-label. You can also configure the statement in a VRF table that includes a vt- interface. If both localize and vrf-table-label are specified, the localize statement takes precedence for an L3VPN route label allocation. Similarly, if a vt- interface is configured along with the localize statement, the localize statement configuration takes precedence for an L3VPN route label allocation.
You can configure the following options for this statement
- unicast-only—Localizes unicast routes for the route tables associated with the routing instance. If the localize statement is configured without this option, the device localizes both unicast and multicast routes for the route tables associated with the routing instance.
- source-class-usage—Enables the Packet Forwarding Engine for source-prefix lookup in the context of a per-Packet Forwarding Engine table next hop at the egress CE-facing Packet Forwarding Engine. Include this statement for a VRF routing instance for packets coming from the MPLS core.
To enable flexible label allocation for localization, you can specify a different label allocation policy when you configure a VRF with localization. Use the per-table-localize option for the label-allocation statement at the [edit policy-options policy-statement policy-statement-name term term-name then] or the [edit logical-systems policy-options policy-statement policy-statement-name term term-name then].
The per-table-localize label allocation policy is only applicable if the VRF is configured with the localize statement.
Configuration
Configuring Layer 3 VPN Route Localization for Unicast and Multicast Routes
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Router R1
Step-by-Step Procedure
To configure VPN route localization for unicast and multicast routes:
- Configure the localize statement.[edit routing-instances]set vpn1 routing-options localize
Results
Confirm your configuration by issuing the show routing-instances command.
Configuring Layer 3 VPN Route Localization for Unicast Routes Only
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Router R1
Step-by-Step Procedure
To configure VPN route localization for unicast routes only:
- Configure the localize statement with the unicast-only option.[edit routing-instances]set vpn1 routing-options localize unicast-only
Results
Confirm your configuration by issuing the show routing-instances command.
Configuring Layer 3 VPN Route Localization With Source Class Usage
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Router R1
Step-by-Step Procedure
To configure VPN route localization with source class usage:
- Configure the localize statement with the source-class-usage option.[edit routing-instances]set vpn1 routing-options localize source-class-usage
Note: If source class usage is configured at this hierarchy level, it takes precedence over source class usage configured at the [edit routing-instances instance-name vrf-table-label] hierarchy level.
- Configure the policy options.[edit policy-options]set policy-statement ipv4_scu term R0 from route-filter 11.0.0.0/8 orlongerset policy-statement ipv4_scu term R0 then source-class R0set policy-statement ipv4_scu term R1 from route-filter 21.0.0.0/8 orlongerset policy-statement ipv4_scu term R1 then source-class R1set policy-statement ipv4_scu term R2 from route-filter 31.0.0.0/8 orlongerset policy-statement ipv4_scu term R2 then source-class R2set policy-statement ipv6_scu term R0 from route-filter 11::/16 orlongerset policy-statement ipv6_scu term R0 then source-class R0set policy-statement ipv6_scu term R1 from route-filter 21::/16 orlongerset policy-statement ipv6_scu term R1 then source-class R1set policy-statement ipv6_scu term R2 from route-filter 31::/16 orlongerset policy-statement ipv6_scu term R2 then source-class R2
- Export the policy to the forwarding table.[edit policy-options]set forwarding-table export ipv4_scuset routing-options forwarding-table export ipv6_scu
- Enable the SCU on the VRF interface.[edit interfaces]set interfaces ge-2/0/0 unit 0 family inet accounting source-class-usage outputset interfaces ge-2/0/0 unit 0 family inet6 accounting source-class-usage output
Results
Confirm your configuration by issuing the show routing-instances and show policy-options command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
Configuring Layer 3 VPN Route Localization Using Policy-Based Label Allocation
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Router R1
Step-by-Step Procedure
In this example, you configure the per-nexthop or per-table-localize label allocation methods for a policy. When you configure per-nexthop label allocation, a unique label is assigned for each direct route. When you configure per-table-localize label allocation, a localization method is assigned for BGP routes.
To configure VPN route localization through policy based label allocation:
- Configure the export policy for the VRF routing instance
RIBs.[edit routing-instances]set vpn1 vrf-export PBLA
- Configure the policy options.[edit policy-options]set policy-statement PBLA term t1 from protocol directset policy-statement PBLA term t1 then label-allocation per-nexthopset policy-statement PBLA term t1 then community add vpn1set policy-statement PBLA term t1 then acceptset policy-statement PBLA term t2 from protocol bgpset policy-statement PBLA term t2 then label-allocation per-table-localizeset policy-statement PBLA term t2 then community add vpn1set policy-statement PBLA term t2 then acceptset community vpn1 members target:1:1
Results
Confirm your configuration by issuing the show routing-instances command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
Verification
Confirm that the configuration is working properly. These verification steps correspond to the first example describing Layer 3 VPN Route Localization for Unicast Route and Multicast Routes.
- Verify Route Localization Details
- Verify VPN MPLS Route Nexthop Information
- View the Interfaces Associated With the Packet Fowarding Engine or Routing Table Nexthops
Verify Route Localization Details
Purpose
Check the routing-instance localization status.
Action
user@R1> show route instance vpn1 detail vpn1:
Router ID: 10.10.10.1
Type: vrf State: Active
Interfaces:
fe-0/2/2.0
fe-0/2/3.0
Localization Scopes:
unicast
multicast
Localization Interfaces:
fe-0/2/2.0 Address Family: inet Next-Hop ID: 1000
fe-0/2/3.0 Address Family: inet Next-Hop ID: 1000
Route-distinguisher: 200:1
Vrf-import: [ __vrf-import-vpn1-internal__]
Vrf-export: [ __vrf-export-vpn1-internal__ ]
Vrf-import-target: [ target:100:1 ]
Vrf-export-target: [ target:100:1 ]
Fast-reroute-priority: low
Tables:
vpn1.inet.0 : 5 routes (5 active, 0 holddown, 0 hidden)
Verify VPN MPLS Route Nexthop Information
Purpose
Check the MPLS route nexthop information for the VPN.
Action
user@R1> show route table mpls protocol vpnmpls.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
= Active Route, - = Last Active, * = Both
299824 *[VPN/170] 00:02:38
to localized table vpn1.inet.0, Pop
Meaning
When route localization for a VRF is active, the VPN MPLS route next hop consists of a PFE or table nexthop ID. The information displayed for this new nexthop type is shown for MPLS routes with protocol "VPN" that are created for localized VPN prefixes.
View the Interfaces Associated With the Packet Fowarding Engine or Routing Table Nexthops
Purpose
View the set of interfaces associated with the Packet Forwarding Engines or routing tables involved in VPN route localization.
Action
user@R1> show route table mpls protocol vpn
detailmpls.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
299824 (1 entry, 1 announced)
*VPN Preference: 170
Next hop type: Localized Table, Next hop index: 1000
Next-hop reference count: 4
Next table localized: green.inet.0
Next-hop localized interface: fe-0/2/2.0
Next-hop localized interface: fe-0/2/3.0
Label operation: Pop
State: <Active Int Ext>
Local AS: 61
Age: 43
Task: BGP RT Background
Announcement bits (1): 0-KRT
AS path: I
Ref Cnt: 2
