Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Configuring MX Series Router Cloud CPE Services on PE1 to Route Internet Traffic to a Subscriber-Owned NAT Gateway

This topic describes how to configure the PE1 router for routed Internet traffic through a subscriber-owned NAT device. This configuration uses CPE-based dual-Ethernet. Complete the following tasks to configure PE1:

  1. Configuring the Subscriber VLANs — Routed Internet Traffic Through a Subscriber NAT Device
  2. Configuring the IRB Interface, Bridge Domain, and Routing Instance

Configuring the Subscriber VLANs — Routed Internet Traffic Through a Subscriber NAT Device

To configure the subscriber VLANs:

  1. Configure the physical interface for VLAN tagging and flexible Ethernet services encapsulation.
    [edit]user@host# edit interfaces ge-1/2/3 user@host# set vlan-tagginguser@host# set encapsulation flexible-ethernet-services
  2. Set up the first VLAN for internal VPN traffic.
    1. Configure the logical interface.
      [edit interfaces ge-1/2/3]user@host# edit unit 105
    2. Configure the encapsulation for the logical interface.
      [edit interfaces ge-1/2/3 unit 105 ]user@host# set encapsulation vlan-bridge
    3. Bind an 802.1Q VLAN tag ID to the logical interface.
      [edit interfaces ge-1/2/3 unit 105]user@host# set vlan-id 105
    4. Configure the logical interface for Layer 2 bridging.
      [edit interfaces ge-1/2/3 unit 105]user@host# set family bridge
  3. Set up the second VLAN as the Internet public interface. This public interface belongs to the global routing instance. You can configure dynamic or static routing between this interface and the WAN interface at the subscriber site.
    1. Configure the second logical interface.
      [edit interfaces ge-1/2/3 unit 105]user@host# up[edit interfaces ge-1/2/3]user@host# edit unit 106
    2. Configure the encapsulation for the logical interface.
      [edit interfaces ge-1/2/3 unit 106 ]user@host# set encapsulation vlan-bridge
    3. Bind an 802.1Q VLAN tag ID to the logical interface.
      [edit interfaces ge-1/2/3 unit 106]user@host# set vlan-id 106
    4. Configure the logical interface for IPv4 protocol (inet) and configure the IP address of the WAN link.
      [edit interfaces ge-1/2/3 unit 106]user@host# set family inet address IP prefix of WAN link
  4. Review the configuration.
    [edit interfaces ge-1/2/3 unit 106]user@host# up[edit interfaces ge-1/2/3]
    unit 105 {
    encapsulation vlan-bridge;
    vlan-id 105;
    family bridge;
}
unit 106 {
    encapsulation vlan-bridge;
    vlan-id 106;
    family inet {
        address 192.1.1.1/32;
    }
}

Configuring the IRB Interface, Bridge Domain, and Routing Instance

To configure the IRB interface, bridge domain, and routing instance:

  1. Configure the IRB interface.
    1. Configure the logical interface used for internal VPN traffic as the IRB interface.
      [edit]user@host# edit interfaces irb unit 105
    2. Specify the private subnet of the VPN site on the IRB interface.
      [edit interfaces irb unit 105]user@host# set family inet address 192.168.2.1/24
  2. Configure the bridge domain.
    1. Configure the bridge domain name.
      [edit]user@host# edit bridge-domains bd-105
    2. Associate the subscriber’s VLAN ID with the bridge domain.
      [edit bridge-domains bd-105]user@host# set vlan-id 105
    3. Specify the interface to include in the bridge domain.
      [edit bridge-domains bd-105]user@host# set interface ge-1/2/3.105
    4. Specify the routing interface to include in the bridge domain.
      [edit bridge-domains bd-105]user@host# set routing-interface irb.105
  3. Configure the routing instance.
    1. Configure the name of the routing instance.
      [edit]user@host# edit routing-instances acme
    2. Configure the routing instance as VRF.
      [edit routing-instances acme]user@host# set instance-type vrf
    3. Reference the IRB interface by specifying irb.vlan-id.
      [edit routing-instances acme]user@host# set interface irb.105
    4. Specify a route distinguisher attached to the route, enabling you to distinguish which VPN the route belongs to. Each routing instance must have a unique route distinguisher associated with it. The route distinguisher is used to place boundaries around a VPN so that the same IP address prefixes can be used in different VPNs without having them overlap. The format for the route distinguisher is as-number:id.
      [edit routing-instances acme]user@host# set route-distinguisher 65535:1
    5. Specify the VPN’s community. VRF import and export policies are automatically generated.
      [edit routing-instances acme]user@host# set vrf-target target:65535:5
    6. Map the inner label of a packet to a specific VRF table. This enables examination of the encapsulated IP header.
      [edit routing-instances acme]user@host# set vrf-table-label
 

Related Documentation

 

Modified: 2015-10-29

Previous Page Next Page