nonprivate AS number, preferably the Internet service provider’s (ISP’s) own or the
customer’s own AS number.
•
ip-address:number, where ip-address is an IP address (a 4-byte value) and number is
any 2-byte value. The IP address can be any globally unique unicast address. We
recommend that you use the address that you configure in the router-id statement,
which is a nonprivate address in your assigned prefix range.
•
IPv4 address—4-byte address of a device within the VPN.
Figure 46 on page 816 illustrates how the AS number can be used in the route distinguisher.
Suppose that VPN A is in AS 65535 and that VPN B is in AS 666 (both these AS numbers
belong to the ISP), and suppose that the route distinguisher for Site 2 in VPN A is 65535:02
and that the route distinguisher for Site 2 in VPN B is 666:02. When Router PE2 receives
a route from the CE router in VPN A, it converts it from its IP address of 10.2.0.0 to a
VPN-IPv4 address of 65535:02:10.2.0.0. When the PE router receives a route from VPN
B, which uses the same address space as VPN A, it converts it to a VPN-IPv4 address of
666:02:10.2.0.0.
If the IP address is used in the route distinguisher, suppose Router PE2’s IP address is
172.168.0.1. When the PE router receives a route from VPN A, it converts it to a
VPN-IPv4 address of 172.168.0.1:0:10.2.0.0/16, and it converts a route from VPN B to
172.168.0.0:1:10.2.0.0/16.
Route distinguishers are used only among PE routers to IPv4 addresses from different
VPNs. The ingress PE router creates a route distinguisher and converts IPv4 routes received
from CE routers into VPN-IPv4 addresses. The egress PE routers convert VPN-IPv4 routes
into IPv4 routes before announcing them to the CE router.
Because VPN-IPv4 addresses are a type of BGP address, you must configure IBGP sessions
between pairs of PE routers so that the PE routers can distribute VPN-IPv4 routes within
the provider’s core network. (All PE routers are assumed to be within the same AS.)
You define BGP communities to constrain the distribution of routes among the PE routers.
Defining BGP communities does not, by itself, distinguish IPv4 addresses.
Figure 47 on page 818 illustrates how Router PE1 adds the route distinguisher
10458:22:10.1/16 to routes received from the CE router at Site 1 in VPN A and forwards
these routes to the other two PE routers. Similarly, Router PE1 adds the route distinguisher
10458:23:10.2/16 to routes received by the CE router at Site 1 in VPN B and forwards these
routes to the other PE routers.
817Copyright © 2017, Juniper Networks, Inc.
Chapter 26: Configuring Layer 3 VPNs
To Next Page
Loading...
Need help?
General
