L3 VPN
The Forward Networks platform can model Service Provider Layer-3 VPN MPLS networks without needing to collect data from Provider Edge (PE) and Provider (P) routers.
Changes to an L3 VPN will be applied to the next collected snapshot.
BGP advertisements to eBGP peers will be collected from CE routers connected to an L3 VPN. For instructions on manually configuring or disabling collection of BGP advertisements, see the BGP Advertisement Configuration page.
A CE Router can be connected to an L3 VPN via the Forward Enterprise GUI or the REST APIs.
Add an L3 VPN via the Forward Enterprise GUI
To add an L3 VPN synthetic node, navigate to the Sources page, select the Synthetic category, and click Add synthetic device.
Choose L3 VPN from the list of device types and click Next.
Follow the wizard to complete the setup process.
Setup L3 VPN
Provide a name for the L3 VPN synthetic device.
To add connections, click + Add connections and choose one of the following options:
- Batch-add NQE-based connections
- Add a connection manually.
Batch-add connections based on NQE query
To add connections based on NQE query, select batch-add connections based on NQE query from the NQE dropdown.
Only NQE queries compatible with L3 VPNs can be selected.
To create a new L3 VPN compatible query, click + Add new query from template, which will navigate to the NQE Library.
Edit the new NQE query using the provided query template in the NQE editor and commit it when finished.
Return to the Synthetic Devices page, select the NQE query, and click Add.
Manually add a connection
To manually add a connection, select Add a connection manually, and provide the following:
- Uplink interface: the physical port that’s connected to this synthetic device
- VLAN (optional): the on-wire VLAN of traffic as it leaves the Uplink interface
- Gateway interface (optional): The last L3 interface that routes traffic to this synthetic device. Defaults to the Uplink interface (with VLAN) if not specified.
- VRF (optional):The routing domain that will be created for traffic arriving on this connection
- Connection name (optional):
- Subnet auto-discovery: how site subnets are automatically inferred
- Off: site subnets are not inferred and must be manually entered in the “Subnets“ field
- From IP routes: site subnets are inferred from all routes in the connected gateway’s routing table
- From BGP routes: site subnets are inferred only from BGP routes in the connected gateway’s routing table
- Use interface addresses: only use the connection gateway’s interface addresses as site subnets
- Backdoor ports (optional): This feature prevents the synthetic device from learning routes forwarded through specific ports. With From IP routes Forward treats any route forwarded out a non-gateway port as advertised. If a gateway has a backdoor or tunnel link to another site, it may appear to advertise that site’s prefixes, even though the connection is not part of the L3 VPN. To avoid this, mark the tunnel as a backdoor port so Forward ignores routes forwarded through it when inferring advertised routes.
Optionally, select Reopen this form to add another connection.
Click Add to continue.
Manage connections
You are then presented with the Setup page where you can verify the connections, Manage NQE based Connections,
and Add connections. 
When finished, click Save.
Manage L3 VPNs
To edit a L3 VPN, select the edit icon at the end of each row.
To delete a L3 VPN, select the delete icon at the end of each row.
Add an L3 VPN via the Forward Enterprise REST APIs
L3 VPNs can be added via the Forward Enterprise REST APIs via the endpoint PUT:
/api/snapshots/{snapshotId}/l3Vpns/{l3VpnName} as well.
Here is an example of the request body:
{
"l3Vpns": [
{
"name": "l3vpn-atl-01",
"locationId": "29",
"connections": [
{
"device": "atl-ce01",
"port": "ge-0/0/0",
"vrf": "DEVZONE1"
},
{
"device": "atl-ce02",
"port": "ge-0/0/0",
"vrf": "default"
}
]
}
]
}
For more info on L3 VPN APIs, including endpoints to add/remove connections and update/remove an L3 VPN, please check the Synthetic Devices REST API docs.