Skip to main content

L3 VPN

Forward Platform can model the Service Provider Layer-3 VPN MPLS network without the need to collect from the Provider Edge (PE) and Provider (P) routers.

warning

Changes to a L3 VPN will be applied to the next collected snapshot.

tip

BGP advertisements to eBGP peers will be collected from CE routers connected to an L3 VPN. For instructions on manually configuring or disabling collection of BGP advertisements, see the BGP Advertisement Configuration page.

A CE Router can be connected to an L3 VPN via the Forward Enterprise GUI or via the REST APIs.

Add an L3 VPN via the Forward Enterprise GUI

To add the L3 VPN via the Forward Enterprise GUI, navigate to the Sources page, select the Synthetic devices tab, and click on Add synthetic device.

The wizard will guide you through the entire set up process.

Select device type

Select L3 VPN from the list of synthetic devices available and click on Next:

Add L3 VPN

Configure L3 VPN

Provide a Device name, the Location and configure one or more Connections. For every connection provide the following:

  • Uplink interface: the physical port that’s connected to this synthetic device
  • VLAN (optional): the on-wire VLAN of traffic as it leaves the Uplink interface
  • Gateway interface (optional): The last L3 interface that routes traffic to this synthetic device. Defaults to the Uplink interface (with VLAN) if not specified.
  • VRF (optional):The routing domain that will be created for traffic arriving on this connection
  • Connection name (optional):
  • Subnet auto-discovery: how site subnets are automatically inferred
    • Off: site subnets are not inferred and must be manually entered in the “Subnets“ field
    • From IP routes: site subnets are inferred from all routes in the connected gateway’s routing table
    • From BGP routes: site subnets are inferred only from BGP routes in the connected gateway’s routing table
    • Use interface addresses: only use the connection gateway’s interface addresses as site subnets
  • Backdor ports (optional)

To add a connection, simply click on + Add another connection below the last connection available.

Configure L3 VPN

Finally, click on Save

You can edit or delete a L3 VPN by clicking on the Edit or Delete icon on the right side of the Synthetic devices page.

Newly added L3 VPNs, or any change to existing L3 VPNs, will be shown in the next collected snapshot:

Show L3 VPN

Add an L3 VPN via the Forward Enterprise REST APIs

L3 VPNs can be added via the Forward Enterprise REST APIs via the endpoint PUT: /api/snapshots/{snapshotId}/l3Vpns/{l3VpnName} as well.

Here is an example of the request body:

{
  "l3Vpns": [
    {
      "name": "l3vpn-atl-01",
      "locationId": "29",
      "connections": [
        {
          "device": "atl-ce01",
          "port": "ge-0/0/0",
          "vrf": "DEVZONE1"
        },
        {
          "device": "atl-ce02",
          "port": "ge-0/0/0",
          "vrf": "default"
        }
      ]
    }
  ]
}

For more info on L3 VPN APIs, including endpoints to add/remove connections and update/remove an L3 VPN, please check the Synthetic Devices REST API docs.