Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Configuring the PE2 Router to Route Internet Traffic Using MX Series Router Cloud CPE NAT Services

PE2 is the adjacent PE router of the VPN site without Internet access. Complete the following tasks to configure PE2:

1. Configuring the Subscriber VLAN
2. Configuring the IRB Interface, Bridge Domain, and Routing Instance

Configuring the Subscriber VLAN

1. Configure the physical interface for VLAN tagging and flexible Ethernet services encapsulation.
   [edit]user@host# edit interfaces ge-1/2/3 [edit interfaces ge-1/2/3]user@host# set vlan-tagginguser@host# set encapsulation flexible-ethernet-services
2. Set up the VLAN for internal VPN traffic.
   1. Configure the logical interface.
      [edit interfaces ge-1/2/3]user@host# edit unit 105
   2. Configure the encapsulation for the logical interface.
      [edit interfaces ge-1/2/3 unit 105 ]user@host# set encapsulation vlan-bridge
   3. Bind an 802.1Q VLAN tag ID to the logical interface.
      [edit interfaces ge-1/2/3 unit 105]user@host# set vlan-id105
   4. Configure the logical interface for Layer 2 bridging.
      [edit interfaces ge-1/2/3 unit 105]user@host# set family bridge

Configuring the IRB Interface, Bridge Domain, and Routing Instance

1. Configure the IRB interface.
   1. Configure the logical interface used for internal VPN traffic as the IRB interface.
      [edit]user@host# edit interfaces irb unit 105
   2. Specify the private subnet of the VPN site on the IRB interface.
      [edit interfaces irb unit 105]user@host# set family inet address 192.168.2.1/24
2. Configure the bridge domain.
   1. Configure the bridge domain name.
      [edit]user@host# edit bridge-domains bd-105
   2. Associate the subscriber’s VLAN ID with the bridge domain.
      [edit bridge-domains bd-105]user@host# set vlan-id 105
   3. Specify the interface to include in the bridge domain.
      [edit bridge-domains bd-105]user@host# set interface ge-1/2/3.105
   4. Specify the routing interface to include in the bridge domain.
      [edit bridge-domains bd-105]user@host# set routing-interface irb.105
3. Configure the routing instance.
   1. Configure the name of the routing instance.
      [edit]user@host# edit routing-instances acme
   2. Configure the routing instance as VRF.
      [edit routing-instances acme]user@host# set instance-type vrf
   3. Reference the IRB interface by specifying irb.vlan-id.
      [edit routing-instances acme]user@host# set interface irb.105
   4. Specify a route distinguisher attached to the route, enabling you to distinguish which VPN the route belongs to. Each routing instance must have a unique route distinguisher associated with it. The route distinguisher is used to place boundaries around a VPN so that the same IP address prefixes can be used in different VPNs without having them overlap. The format for the route distinguisher is as-number:id.
      [edit routing-instances acme]user@host# set route-distinguisher 65535:1
   5. Specify the VPN’s community. VRF import and export policies are automatically generated.
      [edit routing-instances acme]user@host# set vrf-target target:65535:5
   6. Map the inner label of a packet to a specific VRF table. This enables examination of the encapsulated IP header.
      [edit routing-instances acme]user@host# set vrf-table-label