Difference between revisions of "Juniper EVPN-VXLAN & DCI"

From ppwiki
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 1,631: Line 1,631:
 
                     >  to 172.16.1.6 via xe-0/0/1.0
 
                     >  to 172.16.1.6 via xe-0/0/1.0
  
-Check remote MAC
+
- Check remote MAC
  
 
  root@qfxlsw27-dfw> show ethernet-switching table vlan-id 2005   
 
  root@qfxlsw27-dfw> show ethernet-switching table vlan-id 2005   
Line 1,638: Line 1,638:
 
  Ethernet switching table : 7 entries, 7 learned
 
  Ethernet switching table : 7 entries, 7 learned
 
  Routing instance : default-switch
 
  Routing instance : default-switch
    Vlan                MAC                MAC      Logical                Active
+
  Vlan                MAC                MAC      Logical                Active
    name                address            flags    interface              source
+
  name                address            flags    interface              source
    private1-a-dal      00:00:5e:00:01:01  DR      esi.1763              05:00:00:fc:59:00:01:8e:75:00  
+
  private1-a-dal      00:00:5e:00:01:01  DR      esi.1763              05:00:00:fc:59:00:01:8e:75:00  
    private1-a-dal      00:50:00:00:15:00  D        xe-0/0/11.0           
+
  private1-a-dal      00:50:00:00:15:00  D        xe-0/0/11.0           
    private1-a-dal      00:50:00:00:17:00  D        vtep.32773            10.179.0.6                     
+
  private1-a-dal      00:50:00:00:17:00  D        vtep.32773            10.179.0.6                     
    private1-a-dal      00:50:00:00:45:00  D        vtep.32770            10.179.1.5                     
+
  private1-a-dal      00:50:00:00:45:00  D        vtep.32770            10.179.1.5                     
    private1-a-dal      00:50:00:00:46:00  D        vtep.32770            10.179.1.5                     
+
  private1-a-dal      00:50:00:00:46:00  D        vtep.32770            10.179.1.5                     
    private1-a-dal      02:05:86:71:08:00  D        vtep.32772            10.179.0.2                     
+
  private1-a-dal      02:05:86:71:08:00  D        vtep.32772            10.179.0.2                     
    private1-a-dal      02:05:86:71:fe:00  D        vtep.32774            10.179.0.1
+
  private1-a-dal      02:05:86:71:fe:00  D        vtep.32774            10.179.0.1
 +
 
 +
We can see based on the output above that the remove server with MAC address 00:50:00:00:45:00 is reachable via the remote vtep interface  vtep.32770 with source IP address of 10.179.1.5 which is the loopback address of leaf1 in site B.
 +
 
 +
====Ping test====
 +
 
 +
[[file:srv100.png]]
 +
 
 +
[[file:srv204.png]]
 +
 
 +
This complete our DCI L2 tutorial. In the future I will be discussing about DCI L3.

Latest revision as of 00:22, 14 September 2022

Goal

In this tutorial we are going to setup 2 sites: Site A and site B and connect both sites together using a MPLS backbone. Both sites will be configured using EVPN-VXLAN centrally Routed Bridging (CRB).

Prerequisites

For this tutorial I will be using :

- EVE-NG 2.0.3-112

- VQFX model: vqfx-10000 running JUNOS 19.4R1.10 for spines and leaves

- VMX running Junos: 18.2R1.9 for the core routers

- Debian VM's servers

Diagram

Dci.png

Setup and configuration

Site A

network info
Devices Role lo.0 IP xe-0/0/0 IP xe-0/0/1 IP xe-0/0/2 IP xe-0/0/9 IP mgmt AS local-as
qfxssw27 spine1 10.179.0.1/32 172.16.1.49/30 172.16.2.2/30 172.16.3.1/30 10.193.0.78/24 64601 65030
qfxssw28 spine2 10.179.0.2/32 172.16.1.6/30 172.16.2.6/30 172.16.3.5/30 10.193.0.79/24 64601 65031
qfxlsw27 leaf1 10.179.0.5/32 172.16.1.50/30 172.16.1.5/30 10.193.0.80/24 64601 65032
qfxlsw28 leaf2 10.179.0.6/32 172.16.2.1/30 172.16.2.5/30 10.193.0.81/24 64601 65033
cr1 core router 10.179.0.7/32 172.16.3.2/30 172.16.3.6/30 172.16.4.0/31 10.193.0.86/24 100
vlan info
vlan vlan-id vni Network irb IP VG
private1-a-dal 2005 102005 10.192.64.0/22 10.192.64.2/22 10.192.64.1
private1-b-dal 2006 102006 10.192.80.0/22 10.192.80.2/22 10.192.80.1

Spine1 configuration

set system host-name qfxssw27-dfw
set interfaces xe-0/0/0 description link_leaf1
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.49/30
set interfaces xe-0/0/1 description link_leaf2
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.2/30
set interfaces xe-0/0/2 description link_cr1
set interfaces xe-0/0/2 unit 0 family inet address 172.16.3.1/30
set interfaces em0 unit 0 family inet address 10.193.0.78/24
set interfaces irb unit 2006 proxy-macip-advertisement
set interfaces irb unit 2006 virtual-gateway-accept-data
set interfaces irb unit 2006 family inet address 10.192.80.2/22 virtual-gateway-address 10.192.80.1
set interfaces irb unit 3502 proxy-macip-advertisement
set interfaces irb unit 3502 virtual-gateway-accept-data
set interfaces irb unit 3502 family inet address 10.192.64.2/22 virtual-gateway-address 10.192.64.1
set interfaces lo0 unit 0 family inet address 10.179.0.1/32 primary
set policy-options prefix-list fab-lo0s 10.179.0.0/24
set policy-options policy-statement EVPN-IMPORT term VNI102005 from community com2006
set policy-options policy-statement EVPN-IMPORT term VNI102005 then accept
set policy-options policy-statement EVPN-IMPORT2006 term 1 from community com2005
set policy-options policy-statement EVPN-IMPORT2006 term 1 then accept
set policy-options policy-statement PFE-ECMP then load-balance per-packet
set policy-options policy-statement export-dc-routes term fabric from protocol static
set policy-options policy-statement export-dc-routes term fabric from prefix-list-filter fab-lo0s exact
set policy-options policy-statement export-dc-routes term fabric then accept
set policy-options policy-statement export-dc-routes then reject
set policy-options policy-statement import-overlay term 1 from family evpn
set policy-options policy-statement import-overlay term 1 from next-hop 10.179.1.1
set policy-options policy-statement import-overlay term 1 from nlri-route-type 1
set policy-options policy-statement import-overlay term 1 from nlri-route-type 2
set policy-options policy-statement import-overlay term 1 then reject
set policy-options policy-statement import-overlay term 2 from family evpn
set policy-options policy-statement import-overlay term 2 from next-hop 10.179.1.2
set policy-options policy-statement import-overlay term 2 from nlri-route-type 1
set policy-options policy-statement import-overlay term 2 from nlri-route-type 2
set policy-options policy-statement import-overlay term 2 then reject
set policy-options policy-statement import-overlay then accept
set policy-options policy-statement send-direct term send-lo0 from protocol direct
set policy-options policy-statement send-direct term send-lo0 from interface lo0.0
set policy-options policy-statement send-direct term send-lo0 then accept
set policy-options policy-statement send-direct term 2 from protocol bgp
set policy-options policy-statement send-direct term 2 from route-filter 0.0.0.0/0 prefix-length-range /32-/32
set policy-options policy-statement send-direct term 2 then accept
set policy-options community com2005 members target:64601:2
set policy-options community com2006 members target:64601:3
set routing-instances vlan2005 routing-options auto-export
set routing-instances vlan2005 instance-type vrf
set routing-instances vlan2005 interface irb.3502
set routing-instances vlan2005 route-distinguisher 10.179.0.1:2
set routing-instances vlan2005 vrf-import EVPN-IMPORT
set routing-instances vlan2005 vrf-target target:64601:2
set routing-instances vlan2006 routing-options auto-export
set routing-instances vlan2006 instance-type vrf
set routing-instances vlan2006 interface irb.2006
set routing-instances vlan2006 route-distinguisher 10.179.0.1:3
set routing-instances vlan2006 vrf-import EVPN-IMPORT2006
set routing-instances vlan2006 vrf-target target:64601:3
set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1
set routing-options static route 0.0.0.0/0 no-readvertise
set routing-options static route 10.179.0.0/24 discard
set routing-options forwarding-table export PFE-ECMP
set routing-options forwarding-table ecmp-fast-reroute
set routing-options router-id 10.179.0.1
set routing-options autonomous-system 64601
set protocols evpn vni-options vni 102005 vrf-target target:1:2005
set protocols evpn vni-options vni 102006 vrf-target target:1:2006
set protocols evpn encapsulation vxlan  
set protocols evpn multicast-mode ingress-replication
set protocols evpn default-gateway no-gateway-community
set protocols evpn extended-vni-list all
set protocols bgp group UNDERLAY type external
set protocols bgp group UNDERLAY mtu-discovery
set protocols bgp group UNDERLAY export send-direct
set protocols bgp group UNDERLAY local-as 65030
set protocols bgp group UNDERLAY multipath multiple-as
set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000
set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3
set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic
set protocols bgp group UNDERLAY neighbor 172.16.2.1 description leaf2
set protocols bgp group UNDERLAY neighbor 172.16.2.1 peer-as 65033
set protocols bgp group UNDERLAY neighbor 172.16.1.50 description leaf1
set protocols bgp group UNDERLAY neighbor 172.16.1.50 peer-as 65032
set protocols bgp group EVPN-IBGP type internal
set protocols bgp group EVPN-IBGP local-address 10.179.0.1
set protocols bgp group EVPN-IBGP import import-overlay
set protocols bgp group EVPN-IBGP family evpn signaling
set protocols bgp group EVPN-IBGP cluster 1.1.1.1
set protocols bgp group EVPN-IBGP multipath
set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350
set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3
set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic
set protocols bgp group EVPN-IBGP neighbor 10.179.0.5 description lfsw01
set protocols bgp group EVPN-IBGP neighbor 10.179.0.6 description lfsw02
set protocols bgp group EVPN-IBGP neighbor 10.179.0.2 description spine2
set protocols bgp group EVPN-IBGP neighbor 10.179.1.1 description dc2_spine1
set protocols bgp group EVPN-IBGP neighbor 10.169.1.2 description dc2_spine2
set protocols bgp group core type external
set protocols bgp group core export export-dc-routes
set protocols bgp group core peer-as 100
set protocols bgp group core local-as 65030
set protocols bgp group core neighbor 172.16.3.2
set protocols igmp-snooping vlan default
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 10.179.0.1:1
set switch-options vrf-target target:64512:1111
set vlans default vlan-id 1             
set vlans private1-a-dal vlan-id 2005   
set vlans private1-a-dal l3-interface irb.3502
set vlans private1-a-dal vxlan vni 102005
set vlans private1-b-dal vlan-id 2006   
set vlans private1-b-dal l3-interface irb.2006
set vlans private1-b-dal vxlan vni 102006

Spine2 configuration

set system host-name qfxssw28-dfw
set interfaces xe-0/0/0 description link_leaf1
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.6/30
set interfaces xe-0/0/1 description link_leaf2
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.6/30
set interfaces xe-0/0/2 description link_cr2
set interfaces xe-0/0/2 unit 0 family inet address 172.16.3.5/30
set interfaces em0 unit 0 family inet address 10.193.0.79/24
set interfaces irb unit 2006 proxy-macip-advertisement
set interfaces irb unit 2006 virtual-gateway-accept-data
set interfaces irb unit 2006 family inet address 10.192.80.3/22 virtual-gateway-address 10.192.80.1
set interfaces irb unit 3502 proxy-macip-advertisement
set interfaces irb unit 3502 virtual-gateway-accept-data
set interfaces irb unit 3502 family inet address 10.192.64.3/22 virtual-gateway-address 10.192.64.1
set interfaces lo0 unit 0 family inet address 10.179.0.2/32 primary
set policy-options prefix-list fab-lo0s 10.179.0.0/24
set policy-options policy-statement EVPN-IMPORT term VNI102005 from community com2006
set policy-options policy-statement EVPN-IMPORT term VNI102005 then accept
set policy-options policy-statement EVPN-IMPORT2006 term 1 from community com2005
set policy-options policy-statement EVPN-IMPORT2006 term 1 then accept
set policy-options policy-statement PFE-ECMP then load-balance per-packet
set policy-options policy-statement export-dc-routes term fabric from protocol static
set policy-options policy-statement export-dc-routes term fabric from prefix-list-filter fab-lo0s exact
set policy-options policy-statement export-dc-routes term fabric then accept
set policy-options policy-statement export-dc-routes then reject
set policy-options policy-statement import-overlay term 1 from family evpn
set policy-options policy-statement import-overlay term 1 from next-hop 10.179.1.1
set policy-options policy-statement import-overlay term 1 from nlri-route-type 1
set policy-options policy-statement import-overlay term 1 from nlri-route-type 2
set policy-options policy-statement import-overlay term 1 then reject
set policy-options policy-statement import-overlay then accept
set policy-options policy-statement send-direct term send-lo0 from protocol direct
set policy-options policy-statement send-direct term send-lo0 from interface lo0.0
set policy-options policy-statement send-direct term send-lo0 then accept
set policy-options policy-statement send-direct term 2 from protocol bgp
set policy-options policy-statement send-direct term 2 from route-filter 0.0.0.0/0 prefix-length-range 
/32-/32
set policy-options policy-statement send-direct term 2 then accept
set policy-options community com2005 members target:64601:2
set policy-options community com2006 members target:64601:3
set routing-instances vlan2005 routing-options auto-export
set routing-instances vlan2005 instance-type vrf
set routing-instances vlan2005 interface irb.3502
set routing-instances vlan2005 route-distinguisher 10.179.0.1:2
set routing-instances vlan2005 vrf-import EVPN-IMPORT
set routing-instances vlan2005 vrf-target target:64601:2
set routing-instances vlan2006 routing-options auto-export
set routing-instances vlan2006 instance-type vrf
set routing-instances vlan2006 interface irb.2006
set routing-instances vlan2006 route-distinguisher 10.179.0.1:3
set routing-instances vlan2006 vrf-import EVPN-IMPORT2006
set routing-instances vlan2006 vrf-target target:64601:3
set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1
set routing-options static route 0.0.0.0/0 no-readvertise
set routing-options static route 10.179.0.0/24 discard
set routing-options forwarding-table export PFE-ECMP
set routing-options forwarding-table ecmp-fast-reroute
set routing-options router-id 10.179.0.2
set routing-options autonomous-system 64601
set protocols evpn vni-options vni 102005 vrf-target target:1:2005
set protocols evpn vni-options vni 102006 vrf-target target:1:2006
set protocols evpn encapsulation vxlan  
set protocols evpn multicast-mode ingress-replication
set protocols evpn default-gateway no-gateway-community
set protocols evpn extended-vni-list all
set protocols bgp group UNDERLAY type external
set protocols bgp group UNDERLAY mtu-discovery
set protocols bgp group UNDERLAY export send-direct
set protocols bgp group UNDERLAY local-as 65031
set protocols bgp group UNDERLAY multipath multiple-as
set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000
set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3
set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic
set protocols bgp group UNDERLAY neighbor 172.16.1.5 description leaf1
set protocols bgp group UNDERLAY neighbor 172.16.1.5 peer-as 65032
set protocols bgp group UNDERLAY neighbor 172.16.2.5 description leaf2
set protocols bgp group UNDERLAY neighbor 172.16.2.5 peer-as 65033
set protocols bgp group EVPN-IBGP type internal
set protocols bgp group EVPN-IBGP local-address 10.179.0.2
set protocols bgp group EVPN-IBGP import import-overlay
set protocols bgp group EVPN-IBGP family evpn signaling
set protocols bgp group EVPN-IBGP cluster 2.2.2.2
set protocols bgp group EVPN-IBGP multipath
set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350
set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3
set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic
set protocols bgp group EVPN-IBGP neighbor 10.179.0.5 description lfsw01
set protocols bgp group EVPN-IBGP neighbor 10.179.0.6 description lfsw02
set protocols bgp group EVPN-IBGP neighbor 10.179.0.1 description spine1
set protocols bgp group EVPN-IBGP neighbor 10.179.1.1 description dc2_spine1
set protocols bgp group EVPN-IBGP neighbor 10.179.1.2 description dc2_spine2
set protocols bgp group core type external
set protocols bgp group core export export-dc-routes
set protocols bgp group core peer-as 100
set protocols bgp group core local-as 65031
set protocols bgp group core neighbor 172.16.3.6
set protocols igmp-snooping vlan default
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 10.179.0.2:1
set switch-options vrf-target target:64512:1111
set vlans default vlan-id 1             
set vlans private1-a-dal vlan-id 2005   
set vlans private1-a-dal l3-interface irb.3502
set vlans private1-a-dal vxlan vni 102005
set vlans private1-b-dal vlan-id 2006   
set vlans private1-b-dal l3-interface irb.2006
set vlans private1-b-dal vxlan vni 102006

Leaf1 configuration

set system host-name qfxlsw27-dfw
set interfaces xe-0/0/0 description link_spine1
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.50/30
set interfaces xe-0/0/1 description link_spine2
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.5/30
set interfaces xe-0/0/10 description srv101
set interfaces xe-0/0/10 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/10 unit 0 family ethernet-switching vlan members private1-b-dal
set interfaces xe-0/0/11 description srv100
set interfaces xe-0/0/11 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/11 unit 0 family ethernet-switching vlan members private1-a-dal
set interfaces em0 unit 0 family inet address 10.193.0.80/24
set interfaces lo0 unit 0 family inet address 10.179.0.5/32
set policy-options policy-statement PFE-ECMP then load-balance per-packet
set policy-options policy-statement send-direct term send-lo0 from protocol direct
set policy-options policy-statement send-direct term send-lo0 then accept
set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1
set routing-options static route 0.0.0.0/0 no-readvertise
set routing-options forwarding-table export PFE-ECMP
set routing-options forwarding-table ecmp-fast-reroute
set routing-options router-id 10.179.0.5
set routing-options autonomous-system 64601
set protocols evpn vni-options vni 102005 vrf-target target:1:2005
set protocols evpn vni-options vni 102006 vrf-target target:1:2006
set protocols evpn encapsulation vxlan  
set protocols evpn multicast-mode ingress-replication
set protocols evpn extended-vni-list all
set protocols bgp group UNDERLAY type external
set protocols bgp group UNDERLAY export send-direct
set protocols bgp group UNDERLAY local-as 65032
set protocols bgp group UNDERLAY multipath multiple-as
set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000
set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3
set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic
set protocols bgp group UNDERLAY neighbor 172.16.1.6 description spine2
set protocols bgp group UNDERLAY neighbor 172.16.1.6 peer-as 65031
set protocols bgp group UNDERLAY neighbor 172.16.1.49 description spine1
set protocols bgp group UNDERLAY neighbor 172.16.1.49 peer-as 65030
set protocols bgp group EVPN-IBGP type internal
set protocols bgp group EVPN-IBGP local-address 10.179.0.5
set protocols bgp group EVPN-IBGP family evpn signaling
set protocols bgp group EVPN-IBGP multipath
set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350
set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3
set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic
set protocols bgp group EVPN-IBGP neighbor 10.179.0.1 description spsw01
set protocols bgp group EVPN-IBGP neighbor 10.179.0.2 description spsw02
set protocols lldp disable              
set protocols lldp port-id-subtype interface-name
set protocols lldp interface all        
set protocols lldp-med interface all    
set protocols igmp-snooping vlan default
set switch-options service-id 1         
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 10.179.0.5:1
set switch-options vrf-target target:64512:1111       
set vlans private1-a-dal vlan-id 2005   
set vlans private1-a-dal vxlan vni 102005
set vlans private1-b-dal vlan-id 2006   
set vlans private1-b-dal vxlan vni 102006

Leaf2 configuration

set system host-name qfxlsw28
set interfaces xe-0/0/0 description link_spine1
set interfaces xe-0/0/0 unit 0 family inet address 172.16.2.1/30
set interfaces xe-0/0/1 description link_spine2
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.5/30
set interfaces xe-0/0/10 description srv104
set interfaces xe-0/0/10 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/10 unit 0 family ethernet-switching vlan members private1-b-dal
set interfaces xe-0/0/11 description srv103
set interfaces xe-0/0/11 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/11 unit 0 family ethernet-switching vlan members private1-a-dal
set interfaces em0 unit 0 family inet address 10.193.0.81/24 
set interfaces lo0 unit 0 family inet address 10.179.0.6/32        
set policy-options policy-statement PFE-ECMP then load-balance per-packet
set policy-options policy-statement send-direct term send-lo0 from protocol direct
set policy-options policy-statement send-direct term send-lo0 then accept
set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1
set routing-options static route 0.0.0.0/0 no-readvertise
set routing-options forwarding-table export PFE-ECMP
set routing-options forwarding-table ecmp-fast-reroute
set routing-options router-id 10.179.0.6
set routing-options autonomous-system 64601
set protocols evpn vni-options vni 102005 vrf-target target:1:2005
set protocols evpn vni-options vni 102006 vrf-target target:1:2006
set protocols evpn encapsulation vxlan  
set protocols evpn multicast-mode ingress-replication
set protocols evpn extended-vni-list all
set protocols bgp group UNDERLAY type external
set protocols bgp group UNDERLAY export send-direct
set protocols bgp group UNDERLAY local-as 65033
set protocols bgp group UNDERLAY multipath multiple-as
set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000
set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3
set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic
set protocols bgp group UNDERLAY neighbor 172.16.2.2 description spine1
set protocols bgp group UNDERLAY neighbor 172.16.2.2 peer-as 65030
set protocols bgp group UNDERLAY neighbor 172.16.2.6 description spine2
set protocols bgp group UNDERLAY neighbor 172.16.2.6 peer-as 65031
set protocols bgp group EVPN-IBGP type internal
set protocols bgp group EVPN-IBGP local-address 10.179.0.6
set protocols bgp group EVPN-IBGP family evpn signaling
set protocols bgp group EVPN-IBGP multipath
set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350
set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3
set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic
set protocols bgp group EVPN-IBGP neighbor 10.179.0.1 description spsw01
set protocols bgp group EVPN-IBGP neighbor 10.179.0.2 description spsw02
set protocols lldp disable              
set protocols lldp port-id-subtype interface-name
set protocols lldp interface all        
set protocols lldp-med interface all    
set protocols igmp-snooping vlan default
set switch-options service-id 1         
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 10.179.0.6:1
set switch-options vrf-target target:64512:1111
set vlans default vlan-id 1             
set vlans private1-a-dal vlan-id 2005   
set vlans private1-a-dal vxlan vni 102005
set vlans private1-b-dal vlan-id 2006   
set vlans private1-b-dal vxlan vni 102006

Site A EVPN/VXLAN testing & Verification

Underlay Verification

We are performing the test only on leaf1 and spine1, the same result will be also true for leaf2 and spine2. To verify this we will power off spine 1 later in this tutorial and make sure that spine2 will be taking all the traffic.

- on leaf1

root@qfxlsw27-dfw> show bgp summary group UNDERLAY 
Threading mode: BGP I/O
Groups: 2 Peers: 4 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.evpn.0                                 42         36          0          0          0          0
inet.0               
                      6          6          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.1.6            65031       1844       1853       0      35    14:01:33 Establ
  inet.0: 4/4/4/0
172.16.1.49           65030        463        463       0      35     3:29:50 Establ
  inet.0: 2/2/2/0

We have BGP session with spine1(1.49) and spein2 (1.6) up.

root@qfxlsw27-dfw> show route advertising-protocol bgp 172.16.1.49 
inet.0: 15 destinations, 16 routes (15 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.179.0.2/32           Self                                    65031 I
* 10.179.0.5/32           Self                                    I


root@qfxlsw27-dfw> show route advertising-protocol bgp 172.16.1.6     
inet.0: 15 destinations, 16 routes (15 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.179.0.1/32           Self                                    65030 I
* 10.179.0.5/32           Self                                    I
* 10.179.0.6/32           Self                                    65030 65033 I
root@qfxlsw27-dfw> show route receive-protocol bgp 172.16.1.49 table inet.0 
inet.0: 15 destinations, 16 routes (15 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.179.0.1/32           172.16.1.49                             65030 I
  10.179.0.2/32           172.16.1.49                             65030 65033 65031 I
  10.179.0.6/32           172.16.1.49                             65030 65033 I
root@qfxlsw27-dfw> show route receive-protocol bgp 172.16.1.6 table inet.0     
inet.0: 15 destinations, 16 routes (15 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  10.179.0.1/32           172.16.1.6                              65031 65033 65030 I
* 10.179.0.2/32           172.16.1.6                              65031 I
* 10.179.0.6/32           172.16.1.6                              65031 65033 I

-On spine1

root@qfxssw27-dfw> show bgp summary group UNDERLAY 
Threading mode: BGP I/O
Groups: 3 Peers: 7 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.evpn.0                                 83         56          0          0          0          0 
inet.0               
                     15          7          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.1.50           65032        443        437       0       1     3:17:55 Establ
  inet.0: 3/7/7/0
172.16.2.1            65033       1499       1493       0       1    11:19:41 Establ
  inet.0: 3/7/7/0
root@qfxssw27-dfw> show route receive-protocol bgp 172.16.1.50 table inet.0    
inet.0: 19 destinations, 28 routes (19 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  10.179.0.2/32           172.16.1.50                             65032 65031 I
* 10.179.0.5/32           172.16.1.50                             65032 I

root@qfxssw27-dfw> show route receive-protocol bgp 172.16.2.1 table inet.0    
inet.0: 19 destinations, 26 routes (19 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.179.0.2/32           172.16.2.1                              65033 65031 I
* 10.179.0.6/32           172.16.2.1                              65033 I

root@qfxssw27-dfw> show route advertising-protocol bgp 172.16.1.50 
inet.0: 19 destinations, 26 routes (19 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.179.0.1/32           Self                                    I
* 10.179.0.2/32           Self                                    65033 65031 I
* 10.179.0.6/32           Self                                    65033 I
root@qfxssw27-dfw> show route advertising-protocol bgp 172.16.2.1     
inet.0: 19 destinations, 26 routes (19 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.179.0.1/32           Self                                    I
* 10.179.0.5/32           Self                                    65032 I

Now that we know that leaves and spines can reach each other loopback, let us now verify the Overlay network.

Overlay Verification

- On leaf1

root@qfxlsw27-dfw> show bgp summary group EVPN-IBGP 
Threading mode: BGP I/O
Groups: 2 Peers: 4 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.evpn.0           
                      72         36          0          0          0          0
inet.0               
                       6          4          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.179.0.1            64601       3064       3030       0       3    22:55:21 Establ
  __default_evpn__.evpn.0: 0/0/0/0
  bgp.evpn.0: 24/36/36/0
  default-switch.evpn.0: 24/36/36/0
10.179.0.2            64601       9817       9625       0       4  3d 0:54:21 Establ
  __default_evpn__.evpn.0: 0/0/0/0
  bgp.evpn.0: 12/36/36/0
  default-switch.evpn.0: 12/36/36/0

- On spine1

root@qfxssw27-dfw# run show bgp summary group EVPN-IBGP 
Threading mode: BGP I/O
Groups: 3 Peers: 7 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.evpn.0           
                      83         56          0          0          0          0
inet.0               
                      15          7          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn 
State|#Active/Received/Accepted/Damped...
10.179.0.2            64601       5763       5764       0       0 1d 19:46:04 Establ
  __default_evpn__.evpn.0: 0/0/0/0
  bgp.evpn.0: 12/24/24/0
  default-switch.evpn.0: 12/24/24/0
10.179.0.5            64601       6253       6262       0       0 1d 23:20:01 Establ
  __default_evpn__.evpn.0: 0/0/0/0
  bgp.evpn.0: 6/6/6/0
  default-switch.evpn.0: 6/6/6/0
10.179.0.6            64601       6253       6302       0       0 1d 23:19:57 Establ
  __default_evpn__.evpn.0: 0/0/0/0
  bgp.evpn.0: 6/6/6/0                   
  default-switch.evpn.0: 6/6/6/0        

We can see that on leaf1 we are able to see spine1 an spine2 loopback and on spine1 we are able to see leaf1, leaf2 and spine2 loopback.

Connectivity test

Test that srv100 with IP address 10.192.64.100 can ping 10.192.64.200 and 10.192.80.200 on leaf2.

Pingtest1.png
Pingtest2.png

Now that we know everything is working in site A, it is time to move to site B

Site B

network info
Devices Role lo.0 IP xe-0/0/0 IP xe-0/0/1 IP xe-0/0/2 IP xe-0/0/9 IP mgmt AS local-as
qfxssw29 spine1 10.179.1.1/32 172.16.1.41/30 172.16.1.33/30 172.16.5.1/30 10.193.0.82/24 64601 65034
qfxssw30 spine2 10.179.1.2/32 172.16.1.45/30 172.16.1.37/30 172.16.5.5/30 10.193.0.83/24 64601 65035
qfxlsw29 leaf1 10.179.1.5/32 172.16.1.42/30 172.16.1.46/30 10.193.0.84/24 64601 65036
qfxlsw30 leaf2 10.179.1.6/32 172.16.1.34/30 172.16.1.38/30 10.193.0.85/24 64601 65037
cr2 core router 10.179.1.7/32 172.16.5.2/30 172.16.5.6/30 172.16.6.0/31 10.193.0.87/24 100
vlan info
vlan vlan-id vni Network irb IP VG
private1-a-dal 2005 102005 10.192.64.0/22 10.192.64.3/22 10.192.64.1
private1-a-sfo 2007 102007 10.192.96.0/22 10.192.96.2/22 10.192.96.1
private1-b-sfo 2008 102008 10.192.112.0/22 10.192.112.2/22 10.192.112.1

Spine1 configuration

set system host-name qfxssw29-dfw
set interfaces xe-0/0/0 description link_leaf1
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.41/30
set interfaces xe-0/0/1 description link_leaf2
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.33/30
set interfaces xe-0/0/2 description link_cr2
set interfaces xe-0/0/2 unit 0 family inet address 172.16.5.1/30
set interfaces em0 unit 0 family inet address 10.193.0.82/24
set interfaces irb unit 2007 proxy-macip-advertisement
set interfaces irb unit 2007 virtual-gateway-accept-data
set interfaces irb unit 2007 family inet address 10.192.96.2/22 virtual-gateway-address 10.192.96.1
set interfaces irb unit 2008 proxy-macip-advertisement
set interfaces irb unit 2008 virtual-gateway-accept-data
set interfaces irb unit 2008 family inet address 10.192.112.2/22 virtual-gateway-address 10.192.112.1
set interfaces irb unit 3502 proxy-macip-advertisement
set interfaces irb unit 3502 virtual-gateway-accept-data
set interfaces irb unit 3502 family inet address 10.192.64.4/22 virtual-gateway-address 10.192.64.1
set interfaces lo0 unit 0 family inet address 10.179.1.1/32 primary
set policy-options prefix-list fab-lo0s 10.179.1.0/24
set policy-options policy-statement EVPN-IMPORT term VNI102007 from community com2008
set policy-options policy-statement EVPN-IMPORT term VNI102007 then accept
set policy-options policy-statement EVPN-IMPORT term VNI102005 from community com2005
set policy-options policy-statement EVPN-IMPORT term VNI102005 then accept
set policy-options policy-statement EVPN-IMPORT2008 term 1 from community com2007
set policy-options policy-statement EVPN-IMPORT2008 term 1 then accept
set policy-options policy-statement PFE-ECMP then load-balance per-packet
set policy-options policy-statement export-dc-routes term fabric from protocol static
set policy-options policy-statement export-dc-routes term fabric from prefix-list-filter fab-lo0s exact
set policy-options policy-statement export-dc-routes term fabric then accept
set policy-options policy-statement export-dc-routes then reject
set policy-options policy-statement import-overlay term 1 from family evpn
set policy-options policy-statement import-overlay term 1 from next-hop 10.179.0.1
set policy-options policy-statement import-overlay term 1 from nlri-route-type 1
set policy-options policy-statement import-overlay term 1 from nlri-route-type 2
set policy-options policy-statement import-overlay term 1 then reject
set policy-options policy-statement import-overlay term 2 from family evpn
set policy-options policy-statement import-overlay term 2 from next-hop 10.179.0.2
set policy-options policy-statement import-overlay term 2 from nlri-route-type 1
set policy-options policy-statement import-overlay term 2 from nlri-route-type 2
set policy-options policy-statement import-overlay term 2 then reject
set policy-options policy-statement import-overlay then accept
set policy-options policy-statement send-direct term send-lo0 from protocol direct
set policy-options policy-statement send-direct term send-lo0 from interface lo0.0
set policy-options policy-statement send-direct term send-lo0 then accept
set policy-options community com2005 members target:65001:4
set policy-options community com2007 members target:65001:2
set policy-options community com2008 members target:65001:3
set routing-instances vlan2007 routing-options auto-export
set routing-instances vlan2007 instance-type vrf
set routing-instances vlan2007 interface irb.2007
set routing-instances vlan2007 route-distinguisher 10.179.1.1:2
set routing-instances vlan2007 vrf-import EVPN-IMPORT
set routing-instances vlan2007 vrf-target target:65001:2
set routing-instances vlan2008 routing-options auto-export
set routing-instances vlan2008 instance-type vrf
set routing-instances vlan2008 interface irb.2008
set routing-instances vlan2008 route-distinguisher 10.179.1.1:3
set routing-instances vlan2008 vrf-import EVPN-IMPORT2008
set routing-instances vlan2008 vrf-target target:65001:3
set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1
set routing-options static route 0.0.0.0/0 no-readvertise
set routing-options static route 10.179.1.0/24 discard
set routing-options forwarding-table export PFE-ECMP
set routing-options forwarding-table ecmp-fast-reroute
set routing-options router-id 10.179.1.1
set routing-options autonomous-system 64601
set protocols evpn vni-options vni 102005 vrf-target target:1:2005
set protocols evpn vni-options vni 102007 vrf-target target:1:2007
set protocols evpn vni-options vni 102008 vrf-target target:1:2008
set protocols evpn encapsulation vxlan  
set protocols evpn multicast-mode ingress-replication
set protocols evpn default-gateway no-gateway-community
set protocols evpn extended-vni-list all
set protocols bgp group UNDERLAY type external
set protocols bgp group UNDERLAY mtu-discovery
set protocols bgp group UNDERLAY export send-direct
set protocols bgp group UNDERLAY local-as 65034
set protocols bgp group UNDERLAY multipath multiple-as
set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000
set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3
set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic
set protocols bgp group UNDERLAY neighbor 172.16.1.34 description leaf2
set protocols bgp group UNDERLAY neighbor 172.16.1.34 peer-as 65037
set protocols bgp group UNDERLAY neighbor 172.16.1.42 description leaf1
set protocols bgp group UNDERLAY neighbor 172.16.1.42 peer-as 65036
set protocols bgp group EVPN-IBGP type internal
set protocols bgp group EVPN-IBGP local-address 10.179.1.1
set protocols bgp group EVPN-IBGP import import-overlay
set protocols bgp group EVPN-IBGP family evpn signaling
set protocols bgp group EVPN-IBGP cluster 0.0.0.1
set protocols bgp group EVPN-IBGP multipath
set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350
set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3
set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic
set protocols bgp group EVPN-IBGP neighbor 10.179.1.5 description lfsw01
set protocols bgp group EVPN-IBGP neighbor 10.179.1.6 description lfsw02
set protocols bgp group EVPN-IBGP neighbor 10.179.1.2 description spine2
set protocols bgp group EVPN-IBGP neighbor 10.179.0.1 description dc1_spine1
set protocols bgp group EVPN-IBGP neighbor 10.179.0.2 description dc1_spine2
set protocols bgp group core type external
set protocols bgp group core export export-dc-routes
set protocols bgp group core peer-as 100
set protocols bgp group core local-as 65034
set protocols bgp group core neighbor 172.16.5.2
set protocols igmp-snooping vlan default
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 10.179.1.1:1
set switch-options vrf-target target:65512:1111
set vlans default vlan-id 1             
set vlans private1-a-dal vlan-id 2005   
set vlans private1-a-dal l3-interface irb.3502
set vlans private1-a-dal vxlan vni 102005
set vlans private1-a-sfo vlan-id 2007   
set vlans private1-a-sfo l3-interface irb.2007
set vlans private1-a-sfo vxlan vni 102007
set vlans private1-b-sfo vlan-id 2008   
set vlans private1-b-sfo l3-interface irb.2008
set vlans private1-b-sfo vxlan vni 102008

Spine2 configuration

set system host-name qfxssw30-dfw
set interfaces xe-0/0/0 description link_leaf1
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.45/30
set interfaces xe-0/0/1 description link_leaf2
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.37/30
set interfaces xe-0/0/2 description link_cr2
set interfaces xe-0/0/2 unit 0 family inet address 172.16.5.5/30
set interfaces em0 unit 0 family inet address 10.193.0.83/24
set interfaces em1 unit 0 family inet address 169.254.0.2/24
set interfaces irb unit 2007 proxy-macip-advertisement
set interfaces irb unit 2007 virtual-gateway-accept-data
set interfaces irb unit 2007 family inet address 10.192.96.3/22 virtual-gateway-address 10.192.96.1
set interfaces irb unit 2008 proxy-macip-advertisement
set interfaces irb unit 2008 virtual-gateway-accept-data
set interfaces irb unit 2008 family inet address 10.192.112.3/22 virtual-gateway-address 10.192.112.1
set interfaces irb unit 3502 proxy-macip-advertisement
set interfaces irb unit 3502 virtual-gateway-accept-data
set interfaces irb unit 3502 family inet address 10.192.64.5/22 virtual-gateway-address 10.192.64.1
set interfaces lo0 unit 0 family inet address 10.179.1.2/32
set policy-options prefix-list fab-lo0s 10.179.1.0/24
set policy-options policy-statement EVPN-IMPORT term VNI102007 from community com2008
set policy-options policy-statement EVPN-IMPORT term VNI102007 then accept
set policy-options policy-statement EVPN-IMPORT term VNI102005 from community com2005
set policy-options policy-statement EVPN-IMPORT term VNI102005 then accept
set policy-options policy-statement EVPN-IMPORT2008 term 1 from community com2007
set policy-options policy-statement EVPN-IMPORT2008 term 1 then accept
set policy-options policy-statement PFE-ECMP then load-balance per-packet
set policy-options policy-statement export-dc-routes term fabric from protocol static
set policy-options policy-statement export-dc-routes term fabric from prefix-list-filter fab-lo0s exact
set policy-options policy-statement export-dc-routes term fabric then accept
set policy-options policy-statement export-dc-routes then reject
set policy-options policy-statement import-overlay term 1 from family evpn
set policy-options policy-statement import-overlay term 1 from next-hop 10.179.0.1
set policy-options policy-statement import-overlay term 1 from nlri-route-type 1
set policy-options policy-statement import-overlay term 1 from nlri-route-type 2
set policy-options policy-statement import-overlay term 1 then reject
set policy-options policy-statement import-overlay term 2 from family evpn
set policy-options policy-statement import-overlay term 2 from next-hop 10.179.0.2
set policy-options policy-statement import-overlay term 2 from nlri-route-type 1
set policy-options policy-statement import-overlay term 2 from nlri-route-type 2
set policy-options policy-statement import-overlay term 2 then reject
set policy-options policy-statement import-overlay then accept
set policy-options policy-statement send-direct term send-lo0 from protocol direct
set policy-options policy-statement send-direct term send-lo0 from interface lo0
set policy-options policy-statement send-direct term send-lo0 then accept
set policy-options community com2005 members target:65001:4
set policy-options community com2007 members target:65001:2
set policy-options community com2008 members target:65001:3
set routing-instances vlan2007 routing-options auto-export
set routing-instances vlan2007 instance-type vrf
set routing-instances vlan2007 interface irb.2007
set routing-instances vlan2007 route-distinguisher 10.179.1.1:2
set routing-instances vlan2007 vrf-import EVPN-IMPORT
set routing-instances vlan2007 vrf-target target:65001:2
set routing-instances vlan2008 routing-options auto-export
set routing-instances vlan2008 instance-type vrf
set routing-instances vlan2008 interface irb.2008
set routing-instances vlan2008 route-distinguisher 10.179.1.1:3
set routing-instances vlan2008 vrf-import EVPN-IMPORT2008
set routing-instances vlan2008 vrf-target target:65001:3
set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1
set routing-options static route 0.0.0.0/0 no-readvertise
set routing-options static route 10.179.1.0/24 discard
set routing-options forwarding-table export PFE-ECMP
set routing-options forwarding-table ecmp-fast-reroute
set routing-options router-id 10.179.1.2
set routing-options autonomous-system 64601
set protocols evpn vni-options vni 102005 vrf-target target:1:2005
set protocols evpn vni-options vni 102007 vrf-target target:1:2007
set protocols evpn vni-options vni 102008 vrf-target target:1:2008
set protocols evpn encapsulation vxlan  
set protocols evpn multicast-mode ingress-replication
set protocols evpn default-gateway no-gateway-community
set protocols evpn extended-vni-list all
set protocols bgp group UNDERLAY type external
set protocols bgp group UNDERLAY mtu-discovery
set protocols bgp group UNDERLAY export send-direct
set protocols bgp group UNDERLAY local-as 65035
set protocols bgp group UNDERLAY multipath multiple-as
set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000
set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3
set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic
set protocols bgp group UNDERLAY neighbor 172.16.1.38 description leaf2
set protocols bgp group UNDERLAY neighbor 172.16.1.38 peer-as 65037
set protocols bgp group UNDERLAY neighbor 172.16.1.46 description leaf1
set protocols bgp group UNDERLAY neighbor 172.16.1.46 peer-as 65036
set protocols bgp group EVPN-IBGP type internal
set protocols bgp group EVPN-IBGP local-address 10.179.1.2
set protocols bgp group EVPN-IBGP import import-overlay
set protocols bgp group EVPN-IBGP family evpn signaling
set protocols bgp group EVPN-IBGP cluster 0.0.0.2
set protocols bgp group EVPN-IBGP multipath
set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350
set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3
set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic
set protocols bgp group EVPN-IBGP neighbor 10.179.1.5 description lfsw01
set protocols bgp group EVPN-IBGP neighbor 10.179.1.6 description lfsw02
set protocols bgp group EVPN-IBGP neighbor 10.179.1.1 description spine1
set protocols bgp group EVPN-IBGP neighbor 10.179.0.1 description dc1_spine1
set protocols bgp group EVPN-IBGP neighbor 10.179.0.2 description dc1_spine2
set protocols bgp group core type external
set protocols bgp group core export export-dc-routes
set protocols bgp group core peer-as 100
set protocols bgp group core local-as 65035
set protocols bgp group core neighbor 172.16.5.6 description cr2
set protocols igmp-snooping vlan default
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 10.179.1.2:1
set switch-options vrf-target target:65512:1111
set vlans default vlan-id 1             
set vlans private1-a-dal vlan-id 2005   
set vlans private1-a-dal l3-interface irb.3502
set vlans private1-a-dal vxlan vni 102005
set vlans private1-a-sfo vlan-id 2007   
set vlans private1-a-sfo l3-interface irb.2007
set vlans private1-a-sfo vxlan vni 102007
set vlans private1-b-sfo vlan-id 2008   
set vlans private1-b-sfo l3-interface irb.2008
set vlans private1-b-sfo vxlan vni 102008

leaf1 configuration

set system host-name qfxlsw29-dfw
set interfaces xe-0/0/0 description link_spine1
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.42/30
set interfaces xe-0/0/1 description link_spine2
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.46/30
set interfaces xe-0/0/8 description srv205
set interfaces xe-0/0/8 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/8 unit 0 family ethernet-switching vlan members private1-a-dal
set interfaces xe-0/0/9 description srv206
set interfaces xe-0/0/9 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/9 unit 0 family ethernet-switching vlan members private1-a-dal
set interfaces xe-0/0/10 description srv20
set interfaces xe-0/0/10 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/10 unit 0 family ethernet-switching vlan members private1-b-sfo
set interfaces xe-0/0/11 description srv10
set interfaces xe-0/0/11 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/11 unit 0 family ethernet-switching vlan members private1-a-sfo
set interfaces em0 unit 0 family inet address 10.193.0.84/24
set interfaces lo0 unit 0 family inet address 10.179.1.5/32
set policy-options policy-statement PFE-ECMP then load-balance per-packet
set policy-options policy-statement send-direct term send-lo0 from protocol direct
set policy-options policy-statement send-direct term send-lo0 then accept
set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1
set routing-options static route 0.0.0.0/0 no-readvertise
set routing-options forwarding-table export PFE-ECMP
set routing-options forwarding-table ecmp-fast-reroute
set routing-options router-id 10.179.1.5
set routing-options autonomous-system 64601
set protocols evpn vni-options vni 102005 vrf-target target:1:2005
set protocols evpn vni-options vni 102007 vrf-target target:1:2007
set protocols evpn vni-options vni 102008 vrf-target target:1:2008
set protocols evpn encapsulation vxlan  
set protocols evpn multicast-mode ingress-replication
set protocols evpn extended-vni-list all
set protocols bgp group UNDERLAY type external
set protocols bgp group UNDERLAY export send-direct
set protocols bgp group UNDERLAY local-as 65036
set protocols bgp group UNDERLAY multipath multiple-as
set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000
set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3
set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic
set protocols bgp group UNDERLAY neighbor 172.16.1.41 description spine1
set protocols bgp group UNDERLAY neighbor 172.16.1.41 peer-as 65034
set protocols bgp group UNDERLAY neighbor 172.16.1.45 description spine2
set protocols bgp group UNDERLAY neighbor 172.16.1.45 peer-as 65035
set protocols bgp group EVPN-IBGP type internal
set protocols bgp group EVPN-IBGP local-address 10.179.1.5
set protocols bgp group EVPN-IBGP family evpn signaling
set protocols bgp group EVPN-IBGP multipath
set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350
set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3
set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic
set protocols bgp group EVPN-IBGP neighbor 10.179.1.1 description spsw01
set protocols bgp group EVPN-IBGP neighbor 10.179.1.2 description spsw02
set protocols lldp disable              
set protocols lldp port-id-subtype interface-name
set protocols lldp interface all        
set protocols lldp-med interface all    
set protocols igmp-snooping vlan default
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 10.179.1.5:1
set switch-options vrf-target target:65512:1111
set vlans default vlan-id 1             
set vlans private1-a-dal vlan-id 2005   
set vlans private1-a-dal vxlan vni 102005
set vlans private1-a-sfo vlan-id 2007   
set vlans private1-a-sfo vxlan vni 102007
set vlans private1-b-sfo vlan-id 2008   
set vlans private1-b-sfo vxlan vni 102008

leaf2 configuration

set system host-name qfxlsw30-dfw
set interfaces xe-0/0/0 description link_spine1
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.34/30
set interfaces xe-0/0/1 description link_spine2
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.38/30
set interfaces xe-0/0/10 description srv42
set interfaces xe-0/0/10 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/10 unit 0 family ethernet-switching vlan members private1-b-sfo
set interfaces xe-0/0/11 description srv41
set interfaces xe-0/0/11 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/11 unit 0 family ethernet-switching vlan members private1-a-sfo
set interfaces em0 unit 0 family inet address 10.193.0.85/24
set interfaces lo0 unit 0 family inet address 10.179.1.6/32     
set forwarding-options storm-control-profiles default all
set policy-options policy-statement PFE-ECMP then load-balance per-packet
set policy-options policy-statement send-direct term send-lo0 from protocol direct
set policy-options policy-statement send-direct term send-lo0 then accept
set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1
set routing-options static route 0.0.0.0/0 no-readvertise
set routing-options forwarding-table export PFE-ECMP
set routing-options forwarding-table ecmp-fast-reroute
set routing-options router-id 10.179.1.6
set routing-options autonomous-system 64601
set protocols evpn vni-options vni 102005 vrf-target target:1:2005
set protocols evpn vni-options vni 102007 vrf-target target:1:2007
set protocols evpn vni-options vni 102008 vrf-target target:1:2008
set protocols evpn encapsulation vxlan  
set protocols evpn multicast-mode ingress-replication
set protocols evpn extended-vni-list all
set protocols bgp group UNDERLAY type external
set protocols bgp group UNDERLAY export send-direct
set protocols bgp group UNDERLAY local-as 65037
set protocols bgp group UNDERLAY multipath multiple-as
set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000
set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3
set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic
set protocols bgp group UNDERLAY neighbor 172.16.1.33 description spine1
set protocols bgp group UNDERLAY neighbor 172.16.1.33 peer-as 65034
set protocols bgp group UNDERLAY neighbor 172.16.1.37 description spine2
set protocols bgp group UNDERLAY neighbor 172.16.1.37 peer-as 65035
set protocols bgp group EVPN-IBGP type internal
set protocols bgp group EVPN-IBGP local-address 10.179.1.6
set protocols bgp group EVPN-IBGP family evpn signaling
set protocols bgp group EVPN-IBGP multipath
set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350
set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3
set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic
set protocols bgp group EVPN-IBGP neighbor 10.179.1.1 description spsw01
set protocols bgp group EVPN-IBGP neighbor 10.179.1.2 description spsw02
set protocols lldp disable              
set protocols lldp port-id-subtype interface-name
set protocols lldp interface all        
set protocols lldp-med interface all    
set protocols igmp-snooping vlan default
set switch-options service-id 1         
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 10.179.1.6:1
set switch-options vrf-target target:65512:1111
set vlans default vlan-id 1
set vlans private1-a-dal vlan-id 2005
set vlans private1-a-dal vxlan vni 102005          
set vlans private1-a-sfo vlan-id 2007   
set vlans private1-a-sfo vxlan vni 102007
set vlans private1-b-sfo vlan-id 2008   
set vlans private1-b-sfo vxlan vni 102008

Site B EVPN/VXLAN testing & Verification

Underlay Verification

We are performing the test only on leaf1 and spine1, the same result will be also true for leaf2 and spine2. To verify this we will power off spine 1 later in this tutorial and make sure that spine2 will be taking all the traffic.

- on leaf1

root@qfxlsw29-dfw> show bgp summary group underlay    
Threading mode: BGP I/O
Groups: 2 Peers: 4 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.evpn.0           
                     100         50          0          0          0          0
inet.0               
                      17         10          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn 
State|#Active/Received/Accepted/Damped...
172.16.1.41           65034         42         42       0      33       15:47 Establ
  inet.0: 3/6/6/0
172.16.1.45           65035        599        601       0      43     4:29:50 Establ
  inet.0: 7/11/11/0

BGP sessions with spine1(1.41) ad spine2(1.45) are up.

root@qfxlsw29-dfw> show route advertising-protocol bgp 172.16.1.41 
inet.0: 18 destinations, 27 routes (18 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.179.1.2/32           Self                                    65035 I
* 10.179.1.5/32           Self                                    I
* 10.179.1.6/32           Self                                    65035 65037 I
root@qfxlsw29-dfw> show route advertising-protocol bgp 172.16.1.45    
inet.0: 18 destinations, 27 routes (18 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.179.1.1/32           Self                                    65034 I
* 10.179.1.5/32           Self                                    I
root@qfxlsw29-dfw> show route receive-protocol bgp 172.16.1.41 table inet.0  
inet.0: 18 destinations, 27 routes (18 active, 0 holddown, 0 hidden)
  Prefix                   Nexthop              MED     Lclpref    AS path
  *10.179.1.1/32           172.16.1.41                             65034 I
   10.179.1.6/32            172.16.1.41                             65034 65037 I
root@qfxlsw29-dfw> show route receive-protocol bgp 172.16.1.45 table inet.0    
inet.0: 18 destinations, 27 routes (18 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.179.1.2/32           172.16.1.45                             65035 I
* 10.179.1.6/32           172.16.1.45                             65035 65037 I

-On spine1

root@qfxssw29-dfw> show bgp summary group underlay 
Threading mode: BGP I/O
Groups: 3 Peers: 8 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.evpn.0           
                     161         51          0          0          0          0
inet.0               
                      26          9          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.1.34           65037        927        920       0      39     6:58:11 Establ
  inet.0: 4/12/12/0
172.16.1.42           65036        233        231       0      42     1:43:11 Establ
  inet.0: 4/12/12/0
root@qfxssw29-dfw> show route receive-protocol bgp 172.16.1.34 table inet.0 
inet.0: 23 destinations, 42 routes (23 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.179.1.2/32           172.16.1.34                             65037 65035 I
  10.179.1.5/32           172.16.1.34                             65037 65035 65036 I
* 10.179.1.6/32           172.16.1.34                             65037 I
root@qfxssw29-dfw> show route receive-protocol bgp 172.16.1.42 table inet.0    
inet.0: 23 destinations, 42 routes (23 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  10.179.1.2/32           172.16.1.42                             65036 65035 I
* 10.179.1.5/32           172.16.1.42                             65036 I
  10.179.1.6/32           172.16.1.42                             65036 65035 65037 I
root@qfxssw29-dfw> show route advertising-protocol  bgp 172.16.1.34    
inet.0: 23 destinations, 42 routes (23 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.179.1.1/32           Self                                    I
* 10.179.1.2/32           Self                                    65036 65035 I
* 10.179.1.5/32           Self                                    65036 I
root@qfxssw29-dfw> show route advertising-protocol  bgp 172.16.1.42    
inet.0: 23 destinations, 42 routes (23 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.179.1.1/32           Self                                    I
* 10.179.1.6/32           Self                                    65037 I

Overlay Verification

- On leaf1

root@qfxlsw29-dfw> show bgp summary group EVPN-IBGP 
Threading mode: BGP I/O
Groups: 2 Peers: 4 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.evpn.0           
                     100         50          0          0          0          0
inet.0               
                      17         10          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.179.1.1            64601       3319       3313       0       1  1d 1:04:31 Establ
  __default_evpn__.evpn.0: 0/0/0/0
  bgp.evpn.0: 32/50/50/0
  default-switch.evpn.0: 32/50/50/0
10.179.1.2            64601      41509      41230       0       0 1w6d 0:15:29 Establ
  __default_evpn__.evpn.0: 0/0/0/0
  bgp.evpn.0: 18/50/50/0
  default-switch.evpn.0: 18/50/50/0

- on spine1

root@qfxssw29-dfw> show bgp summary group EVPN-IBGP    
Threading mode: BGP I/O
Groups: 3 Peers: 8 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.evpn.0           
                     161         51          0          0          0          0
inet.0               
                      26          9          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... 
10.179.1.2            64601       3316       3331       0       1  1d 1:05:54 Establ
  __default_evpn__.evpn.0: 0/0/0/0
  bgp.evpn.0: 18/51/51/0
  default-switch.evpn.0: 18/43/43/0
10.179.1.5            64601       3317       3321       0       2  1d 1:05:49 Establ
  __default_evpn__.evpn.0: 0/0/0/0
  bgp.evpn.0: 11/11/11/0
  default-switch.evpn.0: 11/11/11/0
10.179.1.6            64601       3315       3317       0       1  1d 1:05:36 Establ
  __default_evpn__.evpn.0: 0/0/0/0
  bgp.evpn.0: 6/6/6/0
  default-switch.evpn.0: 6/6/6/0

Leaf1 can see spine1 and spine2 loopback and spine1 can see leaf1. leaf2 and spine2 loopback.

Connectivity test

Test that srv10 with IP address 10.192.96.100 can ping 10.192.96.200 and 10.192.112.200 on leaf2.

Pingtest3.png


Pingtest4.png

Core network

cr1 configuration

set system host-name cr1
set system management-instance
set chassis fpc 0 pic 0 interface-type xe
set chassis fpc 0 performance-mode
set interfaces xe-0/0/0 description link_spine1
set interfaces xe-0/0/0 unit 0 family inet address 172.16.3.2/30
set interfaces xe-0/0/1 description link_spine2
set interfaces xe-0/0/1 unit 0 family inet address 172.16.3.6/30
set interfaces xe-0/0/9 description link_p-router-xe-0/0/9
set interfaces xe-0/0/9 unit 0 family inet address 172.16.4.0/31
set interfaces xe-0/0/9 unit 0 family mpls
set interfaces fxp0 unit 0 family inet address 10.193.0.86/24
set interfaces lo0 unit 0 family inet address 10.179.0.7/32 primary
set snmp community junos1 routing-instance mgmt_junos
set snmp routing-instance-access
set routing-options static route 10.179.0.100/32 discard
set routing-options autonomous-system 100
set protocols mpls no-cspf
set protocols mpls interface xe-0/0/9.0
set protocols bgp group core_spine type external
set protocols bgp group core_spine as-override
set protocols bgp group core_spine neighbor 172.16.3.1 description spine1 
set protocols bgp group core_spine neighbor 172.16.3.1 peer-as 65030
set protocols bgp group core_spine neighbor 172.16.3.5 description spine2
set protocols bgp group core_spine neighbor 172.16.3.5 peer-as 65031
set protocols bgp group core type internal
set protocols bgp group core local-address 10.179.0.7
set protocols bgp group core export into-ibgp
set protocols bgp group core neighbor 10.179.1.7 description cr2-lo0
set protocols ospf export into-ospf     
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface xe-0/0/9.0 interface-type p2p
set protocols ldp egress-policy into-ldp
set protocols ldp interface xe-0/0/9.0  
set protocols ldp interface lo0.0       
set policy-options prefix-list dc-routes 10.179.0.0/24
set policy-options policy-statement into-ibgp term 1 from protocol bgp
set policy-options policy-statement into-ibgp term 1 from prefix-list-filter dc-routes exact
set policy-options policy-statement into-ibgp term 1 then next-hop 10.179.0.100
set policy-options policy-statement into-ibgp term 1 then accept
set policy-options policy-statement into-ibgp then reject
set policy-options policy-statement into-ldp term 1 from interface lo0.0
set policy-options policy-statement into-ldp term 1 then accept
set policy-options policy-statement into-ldp term 2 from protocol static
set policy-options policy-statement into-ldp term 2 from route-filter 10.179.0.100/32 exact
set policy-options policy-statement into-ldp term 2 then accept
set policy-options policy-statement into-ldp then reject
set policy-options policy-statement into-ospf term 1 from route-filter 10.179.0.100/32 exact
set policy-options policy-statement into-ospf term 1 then accept
set policy-options policy-statement into-ospf then reject
set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 10.193.0.1

cr2 configuration

set system host-name cr2
set system management-instance
set chassis fpc 0 pic 0 interface-type xe
set chassis fpc 0 performance-mode
set interfaces xe-0/0/0 description link_spine1
set interfaces xe-0/0/0 unit 0 family inet address 172.16.5.2/30
set interfaces xe-0/0/1 description link_spine2
set interfaces xe-0/0/1 unit 0 family inet address 172.16.5.6/30
set interfaces xe-0/0/9 description link_p-router-xe-0/0/8
set interfaces xe-0/0/9 unit 0 family inet address 172.16.6.0/31
set interfaces xe-0/0/9 unit 0 family mpls
set interfaces fxp0 unit 0 family inet address 10.193.0.87/24
set interfaces lo0 unit 0 family inet address 10.179.1.7/32 primary
set snmp community junos1 routing-instance mgmt_junos
set snmp routing-instance-access
set routing-options static route 10.179.1.100/32 discard
set routing-options autonomous-system 100
set protocols mpls no-cspf
set protocols mpls interface xe-0/0/9.0
set protocols bgp group core_spine type external
set protocols bgp group core_spine as-override
set protocols bgp group core_spine neighbor 172.16.5.1 description spine1
set protocols bgp group core_spine neighbor 172.16.5.1 peer-as 65034
set protocols bgp group core_spine neighbor 172.16.5.5 description spine2
set protocols bgp group core_spine neighbor 172.16.5.5 peer-as 65035
set protocols bgp group core type internal
set protocols bgp group core local-address 10.179.1.7
set protocols bgp group core export into-ibgp
set protocols bgp group core neighbor 10.179.0.7 description cr1-lo0
set protocols ospf export into-ospf     
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface xe-0/0/9.0 interface-type p2p
set protocols ldp egress-policy into-ldp
set protocols ldp interface xe-0/0/9.0  
set protocols ldp interface lo0.0       
set policy-options prefix-list dc-routes 10.179.1.0/24
set policy-options policy-statement into-ibgp term 1 from protocol bgp
set policy-options policy-statement into-ibgp term 1 from prefix-list-filter dc-routes exact
set policy-options policy-statement into-ibgp term 1 then next-hop 10.179.1.100
set policy-options policy-statement into-ibgp term 1 then accept
set policy-options policy-statement into-ibgp then reject
set policy-options policy-statement into-ldp term 1 from interface lo0.0
set policy-options policy-statement into-ldp term 1 then accept
set policy-options policy-statement into-ldp term 2 from protocol static
set policy-options policy-statement into-ldp term 2 from route-filter 10.179.1.100/32 exact
set policy-options policy-statement into-ldp term 2 then accept
set policy-options policy-statement into-ldp then reject
set policy-options policy-statement into-ospf term 1 from route-filter 10.179.1.100/32 exact
set policy-options policy-statement into-ospf term 1 then accept
set policy-options policy-statement into-ospf then reject
set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 10.193.0.1

p-router configuration

set system host-name p-router
set system management-instance
set chassis fpc 0 pic 0 interface-type xe
set chassis fpc 0 performance-mode
set interfaces xe-0/0/8 description link_cr2-dfw
set interfaces xe-0/0/8 unit 0 family inet address 172.16.6.1/31
set interfaces xe-0/0/8 unit 0 family mpls
set interfaces xe-0/0/9 description link_cr1-dfw
set interfaces xe-0/0/9 unit 0 family inet address 172.16.4.1/31
set interfaces xe-0/0/9 unit 0 family mpls
set interfaces fxp0 unit 0 family inet address 10.193.0.90/24
set interfaces lo0 unit 0 family inet address 4.4.4.4/32
set protocols mpls no-cspf
set protocols mpls interface xe-0/0/9.0
set protocols mpls interface xe-0/0/8.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface xe-0/0/9.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface xe-0/0/8.0 interface-type p2p
set protocols ldp interface xe-0/0/8.0
set protocols ldp interface xe-0/0/9.0
set protocols ldp interface lo0.0
set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 10.193.0.1
set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 no-readvertise

Verification

- verify that OSPF sessions are up with site A router and site B router.

root@p-router> show ospf neighbor 
Address          Interface              State     ID               Pri  Dead
172.16.6.0       xe-0/0/8.0             Full      10.179.1.7       128    31
172.16.4.0       xe-0/0/9.0             Full      10.179.0.7       128    33

- Verify that p router can reach both site A and site B routers loopback and anycast addresses.

root@p-router> show route protocol ospf    
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.179.0.7/32      *[OSPF/10] 1w6d 08:45:37, metric 1
                    > to 172.16.4.0 via xe-0/0/9.0
10.179.0.100/32    *[OSPF/150] 1w6d 06:48:35, metric 0, tag 0
                    > to 172.16.4.0 via xe-0/0/9.0
10.179.1.7/32      *[OSPF/10] 1w6d 07:03:40, metric 1
                    > to 172.16.6.0 via xe-0/0/8.0
10.179.1.100/32    *[OSPF/150] 1w6d 07:03:40, metric 0, tag 0
                    > to 172.16.6.0 via xe-0/0/8.0
224.0.0.5/32       *[OSPF/10] 1w6d 08:58:36, metric 1
                      MultiRecv

- Verify that ldp session is up

root@p-router> show ldp session 
Address                           State       Connection  Hold time  Adv. Mode
10.179.0.7                          Operational Open          26         DU
10.179.1.7                          Operational Open          23         DU
root@p-router> show ldp database 
Input label database, 4.4.4.4:0--10.179.0.7:0
Labels received: 3
  Label     Prefix
 299776      4.4.4.4/32
      3      10.179.0.7/32
      3      10.179.0.100/32
 299792      10.179.1.7/32
 299792      10.179.1.100/32
Output label database, 4.4.4.4:0--10.179.0.7:0
Labels advertised: 3
  Label     Prefix
      3      4.4.4.4/32
 299776      10.179.0.7/32
 299776      10.179.0.100/32
 299792      10.179.1.7/32
 299792      10.179.1.100/32
Input label database, 4.4.4.4:0--10.179.1.7:0
Labels received: 3
  Label     Prefix
 299776      4.4.4.4/32
 299792      10.179.0.7/32
 299792      10.179.0.100/32
      3      10.179.1.7/32
      3      10.179.1.100/32            
Output label database, 4.4.4.4:0--10.179.1.7:0
Labels advertised: 3                    
  Label     Prefix                      
      3      4.4.4.4/32                 
 299776      10.179.0.7/32              
 299776      10.179.0.100/32            
 299792      10.179.1.7/32              
 299792      10.179.1.100/32

- Last things to verify is the mpls table

 root@p-router> show route table mpls.0      
mpls.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0                  *[MPLS/0] 1w6d 09:03:53, metric 1
                      to table inet.0
0(S=0)             *[MPLS/0] 1w6d 09:03:53, metric 1
                      to table mpls.0
1                  *[MPLS/0] 1w6d 09:03:53, metric 1
                      Receive
2                  *[MPLS/0] 1w6d 09:03:53, metric 1
                      to table inet6.0
2(S=0)             *[MPLS/0] 1w6d 09:03:53, metric 1
                      to table mpls.0
13                 *[MPLS/0] 1w6d 09:03:53, metric 1
                      Receive
299776             *[LDP/9] 1w6d 06:55:45, metric 1
                    > to 172.16.4.0 via xe-0/0/9.0, Pop      
299776(S=0)        *[LDP/9] 1w6d 06:55:45, metric 1
                    > to 172.16.4.0 via xe-0/0/9.0, Pop      
299792             *[LDP/9] 1w6d 07:03:22, metric 1
                    > to 172.16.6.0 via xe-0/0/8.0, Pop      
299792(S=0)        *[LDP/9] 1w6d 07:03:22, metric 1
                    > to 172.16.6.0 via xe-0/0/8.0, Pop

DCI connectivity

Now the fun part starts. We have to make sure that spines in site A can reach spines and leaves in site B

root@qfxssw27-dfw> show route table inet.0 10.179.1.1 
inet.0: 19 destinations, 32 routes (19 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.179.1.0/24      *[BGP/170] 1d 02:06:03, localpref 100
                      AS path: 100 65035 I, validation-state: unverified
                    >  to 172.16.3.2 via xe-0/0/2.0
                    [BGP/170] 07:20:25, localpref 100
                     AS path: 65033 65031 100 65035 I, validation-state: unverified
                   >  to 172.16.2.1 via xe-0/0/1.0
 root@qfxssw28-dfw> show route table inet.0 10.179.1.1 
inet.0: 19 destinations, 29 routes (19 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.179.1.0/24      *[BGP/170] 1d 02:12:58, localpref 100
                      AS path: 100 65035 I, validation-state: unverified
                    >  to 172.16.3.6 via xe-0/0/2.0
                    [BGP/170] 07:20:25, localpref 100
                     AS path: 65033 65031 100 65035 I, validation-state: unverified
                    >  to 172.16.2.1 via xe-0/0/1.0

Spines in site A are route reflectors (RR) for spines in site B. Spines in site B in this case are RR clients. This is also true for spines in site B. Spines in site B will be RR for spines in site A and spines in site A will be RR clients. We make this possible by peering in the overlay session of both spines the loopback of the remote spines.

On spine 1 in site A we have:

neighbor 10.179.1.1 {                   
   description dc2_spine1;             
}                                       
neighbor 10.179.1.2 {                   
   description dc2_spine2;             
}   

on spine 1 in site B we have:

neighbor 10.179.0.1 {                   
    description dc1_spine1;             
}                                       
neighbor 10.179.0.2 {                   
    description dc1_spine2;             
}

check BGP session with remote spines from spine1

root@qfxssw27-dfw# run show bgp summary group EVPN-IBGP 
Threading mode: BGP I/O
Groups: 3 Peers: 8 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.evpn.0           
                     184         47          0          0          0          0
inet.0               
                      15          7          0          0          0          0
10.179.1.1            64601       3494       3469       0       1  1d 2:13:33 Establ
  __default_evpn__.evpn.0: 0/0/0/0      
  bgp.evpn.0: 20/55/25/0                
  default-switch.evpn.0: 6/17/9/0       
10.179.1.2            64601       3495       3497       0       1  1d 2:28:57 Establ
  __default_evpn__.evpn.0: 0/0/0/0      
  bgp.evpn.0: 3/55/25/0                 
  default-switch.evpn.0: 1/17/9/0       

L2 DCI testing

For our testing, we are going to make sure that servers in private1-a-dal vlan (in yellow,10.192.64.0/22,vlan2005,vni102005) in our diagram in site A can communicate with servers in private1-a-dal(in yellow,10.192.64.0/22,vlan2005,vni102005 ) as well but in site B. This should work like having the servers in the same VLAN connected to the same switch (L2)

  • Important note: We can have servers in for example vlan10 with VNI 10100 in site A and servers with vlan20 with VNI 10100 in site B since both vlan's have the same VNI those servers will still be able to communicate. This most important piece here is the VNI number and not the VLAN itself.
 Srv100mac.png
 Srv204mac.png

Our server in site A with IP address 10.192.64.100 has for MAC 00:50:00:00:15:00 and our server in site B with IP address 10.192.64.50 has for MAC 00:50:00:00:45:00

- Check we are receiving route from remote leaf1

 root@qfxlsw27-dfw> show route receive-protocol bgp 10.179.0.1 match-prefix 
2:10.179.1.5:1::102005::00:50:00:00:45:00 extensive    
inet.0: 16 destinations, 18 routes (16 active, 0 holddown, 0 hidden)
:vxlan.inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
bgp.evpn.0: 47 destinations, 84 routes (47 active, 0 holddown, 0 hidden)
* 2:10.179.1.5:1::102005::00:50:00:00:45:00/304 MAC/IP (2 entries, 0 announced)
     Import Accepted
     Route Distinguisher: 10.179.1.5:1
     Route Label: 102005
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: 10.179.1.5
     Localpref: 100
     AS path: I  (Originator)
     Cluster list:  1.1.1.1 0.0.0.1
     Originator ID: 10.179.1.5
     Communities: target:1:2005 encapsulation:vxlan(0x8)

- check leaf1 in site A has route toward leaf1 and leaf2 in site B

root@qfxlsw27-dfw> show route forwarding-table destination 10.179.1.5 
Routing table: default.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
10.179.1.0/24      user     0                    ulst   131078     8
                              172.16.1.49        ucst     1750     7 xe-0/0/0.0
                              172.16.1.6         ucst     1751     7 xe-0/0/1.0
Routing table: __master.anon__.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    rjct     1666     1
Routing table: __juniper_services__.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    dscd     1688     2
Routing table: __pfe_private__.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    dscd     1701     2
Routing table: :vxlan.inet
Internet:                               
Destination        Type RtRef Next hop           Type Index    NhRef Netif
10.179.1.5/32      user     0                    indr   131074     3
                                                ulst   131078     8
                              172.16.1.49        ucst     1750     7 xe-0/0/0.0
                              172.16.1.6         ucst     1751     7 xe-0/0/1.0
root@qfxlsw27-dfw> show route 10.179.1.5 
inet.0: 14 destinations, 18 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.179.1.0/24      *[BGP/170] 00:55:48, localpref 100, from 172.16.1.49
                      AS path: 65030 100 65035 I, validation-state: unverified
                       to 172.16.1.49 via xe-0/0/0.0
                    >  to 172.16.1.6 via xe-0/0/1.0
                    [BGP/170] 00:55:48, localpref 100
                      AS path: 65031 100 65035 I, validation-state: unverified
                    >  to 172.16.1.6 via xe-0/0/1.0
:vxlan.inet.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.179.1.5/32      *[Static/1] 4d 05:55:09, metric2 0
                       to 172.16.1.49 via xe-0/0/0.0
                    >  to 172.16.1.6 via xe-0/0/1.0
root@qfxlsw27-dfw> show route 10.179.1.6    
inet.0: 14 destinations, 18 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.179.1.0/24      *[BGP/170] 00:57:15, localpref 100, from 172.16.1.49
                      AS path: 65030 100 65035 I, validation-state: unverified
                       to 172.16.1.49 via xe-0/0/0.0
                    >  to 172.16.1.6 via xe-0/0/1.0
                    [BGP/170] 00:57:15, localpref 100
                      AS path: 65031 100 65035 I, validation-state: unverified
                    >  to 172.16.1.6 via xe-0/0/1.0
:vxlan.inet.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.179.1.6/32      *[Static/1] 3d 22:33:05, metric2 0
                       to 172.16.1.49 via xe-0/0/0.0
                    >  to 172.16.1.6 via xe-0/0/1.0

- Check remote MAC

root@qfxlsw27-dfw> show ethernet-switching table vlan-id 2005   
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static
           SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
Ethernet switching table : 7 entries, 7 learned
Routing instance : default-switch
  Vlan                MAC                 MAC      Logical                Active
  name                address             flags    interface              source
  private1-a-dal      00:00:5e:00:01:01   DR       esi.1763               05:00:00:fc:59:00:01:8e:75:00 
  private1-a-dal      00:50:00:00:15:00   D        xe-0/0/11.0          
  private1-a-dal      00:50:00:00:17:00   D        vtep.32773             10.179.0.6                    
  private1-a-dal      00:50:00:00:45:00   D        vtep.32770             10.179.1.5                    
  private1-a-dal      00:50:00:00:46:00   D        vtep.32770             10.179.1.5                    
  private1-a-dal      02:05:86:71:08:00   D        vtep.32772             10.179.0.2                    
  private1-a-dal      02:05:86:71:fe:00   D        vtep.32774             10.179.0.1

We can see based on the output above that the remove server with MAC address 00:50:00:00:45:00 is reachable via the remote vtep interface vtep.32770 with source IP address of 10.179.1.5 which is the loopback address of leaf1 in site B.

Ping test

Srv100.png
Srv204.png

This complete our DCI L2 tutorial. In the future I will be discussing about DCI L3.