Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

Configuring a Signaling Protocol and LSPs for VPNs

For VPNs to function, you must enable a signaling protocol, either the LDP or RSVP on the provider edge (PE) routers and on the provider (P) routers. You also need to configure label-switched paths (LSPs) between the ingress and egress routers. In a typical VPN configuration, you need to configure LSPs from each PE router to all of the other PE routers participating in the VPN in a full mesh.

Note: As with any configuration involving MPLS, you cannot configure any of the core-facing interfaces on the PE routers over dense Fast Ethernet PICs.

Using LDP for VPN Signaling

1. Configure LDP on the interfaces in the core of the service provider’s network by including the ldp statement at the [edit protocols] hierarchy level.

   You need to configure LDP only on the interfaces between PE routers or between PE and P routers. You can think of these as the “core-facing” interfaces. You do not need to configure LDP on the interface between the PE and customer edge (CE) routers.

   [edit]

   protocols {ldp {interface type-fpc/pic/port;}}
2. Configure the MPLS address family on the interfaces on which you enabled LDP (the interfaces you configured in Step 1) by including the family mpls statement at the [edit interfaces type-fpc/pic/port unit logical-unit-number] hierarchy level.
   [edit]

   interfaces {type-fpc/pic/port {unit logical-unit-number {family mpls;}}}
3. Configure OSPF or IS-IS on each PE and P router.

   You configure these protocols at the master instance of the routing protocol, not within the routing instance used for the VPN.

   • To configure OSPF, include the ospf statement at the [edit protocols] hierarchy level. At a minimum, you must configure a backbone area on at least one of the router’s interfaces.
     [edit]

     protocols {ospf {area 0.0.0.0 {interface type-fpc/pic/port;}}}
   • To configure IS-IS, include the isis statement at the [edit protocols] hierarchy level and configure the loopback interface and International Organization for Standardization (ISO) family at the [edit interfaces] hierarchy level. At a minimum, you must enable IS-IS on the router, configure a network entity title (NET) on one of the router’s interfaces (preferably the loopback interface, lo0), and configure the ISO family on all interfaces on which you want IS-IS to run. When you enable IS-IS, Level 1 and Level 2 are enabled by default. The following is the minimum IS-IS configuration. In the address statement, address is the NET.
     [edit]

     interfaces {lo0 {unit logical-unit-number {family iso {address address;}}}type-fpc/pic/port {unit logical-unit-number {family iso;}}}

     protocols {isis {interface all;}}

   For more information about configuring OSPF and IS-IS, see the OSPF Feature Guide for Routing Devices and IS-IS Feature Guide for Routing Devices.

Using RSVP for VPN Signaling

To use RSVP for VPN signaling, perform the following steps:

1. On each PE router, configure traffic engineering.

   To do this, you must configure an interior gateway protocol (IGP) that supports traffic engineering (either IS-IS or OSPF) and enable traffic engineering support for that protocol.

   To enable OSPF traffic engineering support, include the traffic-engineering statement at the [edit protocols ospf] hierarchy level:

   [edit protocols ospf]

   traffic-engineering {shortcuts;}

   For IS-IS, traffic engineering support is enabled by default.

2. On each PE and P router, enable RSVP on the interfaces that participate in the label-switched path (LSP).

   On the PE router, these interfaces are the ingress and egress points to the LSP. On the P router, these interfaces connect the LSP between the PE routers. Do not enable RSVP on the interface between the PE and the CE routers, because this interface is not part of the LSP.

   To configure RSVP on the PE and P routers, include the interface statement at the [edit protocols rsvp] hierarchy level. Include one interface statement for each interface on which you are enabling RSVP.

   [edit protocols]

   rsvp {interface interface-name;interface interface-name;}
3. On each PE router, configure an MPLS LSP to the PE router that is the LSP’s egress point.

   To do this, include the interface and label-switched-path statements at the [edit protocols mpls] hierarchy level:

   [edit protocols]

   mpls {interface interface-name;label-switched-path path-name {to ip-address;}}

   In the to statement, specify the address of the LSP’s egress point, which is an address on the remote PE router.

   In the interface statement, specify the name of the interface (both the physical and logical portions). Include one interface statement for the interface associated with the LSP.

   When you configure the logical portion of the same interface at the [edit interfaces] hierarchy level, you must also configure the family inet and family mpls statements:

   [edit interfaces]

   interface-name {unit logical-unit-number {family inet;family mpls;}}
4. On all P routers that participate in the LSP, enable MPLS by including the interface statement at the [edit mpls] hierarchy level.

   Include one interface statement for each connection to the LSP.

   [edit]

   mpls {interface interface-name;interface interface-name;}
5. Enable MPLS on the interface between the PE and CE routers by including the interface statement at the [edit mpls] hierarchy level.

   Doing this allows the PE router to assign an MPLS label to traffic entering the LSP or to remove the label from traffic exiting the LSP.

   [edit]

   mpls {interface interface-name;}

   For information about configuring MPLS, see the Minimum MPLS Configuration.