Difference between revisions of "Juniper EVPN-VXLAN configuration"
(29 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
- EVE-NG 2.0.3-112 | - EVE-NG 2.0.3-112 | ||
+ | |||
- VQFX model: vqfx-10000 running JUNOS 19.4R1.10 | - VQFX model: vqfx-10000 running JUNOS 19.4R1.10 | ||
+ | |||
- spine1: ASN:65030 | - spine1: ASN:65030 | ||
+ | |||
- spine2: ASN:65031 | - spine2: ASN:65031 | ||
+ | |||
- leaf1: ASN:65032 in row A using 10.192.80.0/22 network | - leaf1: ASN:65032 in row A using 10.192.80.0/22 network | ||
+ | |||
- leaf2: ASN:65033 in row B using 10.192.96.0/22 network | - leaf2: ASN:65033 in row B using 10.192.96.0/22 network | ||
+ | |||
- leaf3: ASN:65034 in row C using 10.192.112.0/22 network | - leaf3: ASN:65034 in row C using 10.192.112.0/22 network | ||
+ | |||
- leaf4: ASN:65035 in row D using 10.192.128.0/22 network | - leaf4: ASN:65035 in row D using 10.192.128.0/22 network | ||
+ | |||
- 4 servers one in each row for testing communication | - 4 servers one in each row for testing communication | ||
+ | |||
+ | ==Diagram== | ||
+ | |||
+ | [[file:juniper_evpn-vxlan.png]] | ||
+ | |||
+ | ==Setup and Configuration== | ||
+ | |||
+ | ===Spine1 configuration=== | ||
+ | |||
+ | ##basic configuration | ||
+ | set system host-name spine1 | ||
+ | ## Edit policy-options | ||
+ | set policy-options policy-statement export-lo term lo0 from protocol direct | ||
+ | set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.13/32 exact | ||
+ | set policy-options policy-statement export-lo term lo0 then accept | ||
+ | set policy-options policy-statement lbpp term lb then load-balance per-packet | ||
+ | ## #Setting the underlay network### | ||
+ | set protocols bgp group underlay authentication-key password1 | ||
+ | set protocols bgp group underlay export export-lo | ||
+ | set protocols bgp group underlay multipath multiple-as | ||
+ | set protocols bgp group underlay neighbor 172.16.1.2 peer-as 65032 description lsw1 | ||
+ | set protocols bgp group underlay neighbor 172.16.1.10 peer-as 65033 description lsw2 | ||
+ | set protocols bgp group underlay neighbor 172.16.1.18 peer-as 65034 description lsw3 | ||
+ | set protocols bgp group underlay neighbor 172.16.1.26 peer-as 65035 description lsw4 | ||
+ | ## edit routing-options | ||
+ | set routing-options forwarding-table export lbpp | ||
+ | set routing-options router-id 10.0.1.13 | ||
+ | set routing-options autonomous-system 65030 | ||
+ | ## Edit interface lo0 | ||
+ | set interfaces lo0 unit 0 family inet address 10.0.1.13/32 | ||
+ | ## INTERFACE CONFIGURATION | ||
+ | delete interfaces xe-0/0/0 unit 0 family inet dhcp | ||
+ | delete interfaces xe-0/0/1 unit 0 family inet dhcp | ||
+ | delete interfaces xe-0/0/2 unit 0 family inet dhcp | ||
+ | delete interfaces xe-0/0/3 unit 0 family inet dhcp | ||
+ | set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.1/30 | ||
+ | set interfaces xe-0/0/0 description link_to_leaf1_xe-0/0/0 | ||
+ | set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.9/30 | ||
+ | set interfaces xe-0/0/1 description link_to_leaf2_xe-0/0/0 | ||
+ | set interfaces xe-0/0/2 unit 0 family inet address 172.16.1.17/30 | ||
+ | set interfaces xe-0/0/2 description link_to_leaf3_xe-0/0/0 | ||
+ | set interfaces xe-0/0/3 unit 0 family inet address 172.16.1.25/30 | ||
+ | set interfaces xe-0/0/3 description link_to_asw-d1_xe-0/0/0 | ||
+ | |||
+ | ===Spine2 configuration=== | ||
+ | |||
+ | ## basic configuration | ||
+ | set system host-name spine2 | ||
+ | ## Edit policy-options | ||
+ | set policy-options policy-statement export-lo term lo0 from protocol direct | ||
+ | set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.14/32 exact | ||
+ | set policy-options policy-statement export-lo term lo0 then accept | ||
+ | set policy-options policy-statement lbpp term lb then load-balance per-packet | ||
+ | ## Setting the underlay network### | ||
+ | set protocols bgp group underlay authentication-key password1 | ||
+ | set protocols bgp group underlay export export-lo | ||
+ | set protocols bgp group underlay multipath multiple-as | ||
+ | set protocols bgp group underlay neighbor 172.16.1.6 peer-as 65032 description lsw1 | ||
+ | set protocols bgp group underlay neighbor 172.16.1.14 peer-as 65033 description lsw2 | ||
+ | set protocols bgp group underlay neighbor 172.16.1.22 peer-as 65034 description lsw3 | ||
+ | set protocols bgp group underlay neighbor 172.16.1.30 peer-as 65035 description lsw4 | ||
+ | ## edit routing-options | ||
+ | set routing-options forwarding-table export lbpp | ||
+ | set routing-options router-id 10.0.1.14 | ||
+ | set routing-options autonomous-system 65031 | ||
+ | ## Edit interface lo0 | ||
+ | set interfaces lo0 unit 0 family inet address 10.0.1.14/32 | ||
+ | delete interfaces xe-0/0/0 unit 0 family inet dhcp | ||
+ | delete interfaces xe-0/0/1 unit 0 family inet dhcp | ||
+ | delete interfaces xe-0/0/2 unit 0 family inet dhcp | ||
+ | delete interfaces xe-0/0/3 unit 0 family inet dhcp | ||
+ | set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.5/30 | ||
+ | set interfaces xe-0/0/0 description link_to_leaf1_xe-0/0/1 | ||
+ | set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.13/30 | ||
+ | set interfaces xe-0/0/1 description link_to_leaf2_xe-0/0/1 | ||
+ | set interfaces xe-0/0/2 unit 0 family inet address 172.16.1.21/30 | ||
+ | set interfaces xe-0/0/2 description link_to_leaf3_xe-0/0/1 | ||
+ | set interfaces xe-0/0/3 unit 0 family inet address 172.16.1.29/30 | ||
+ | set interfaces xe-0/0/3 description link_to_asw-d1_xe-0/0/1 | ||
+ | |||
+ | |||
+ | ===leaf1 configuration=== | ||
+ | ##basic configuration | ||
+ | set system host-name lsw1 | ||
+ | ## Edit policy | ||
+ | set policy-options policy-statement export-lo term lo0 from protocol direct | ||
+ | set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.24/32 exact | ||
+ | set policy-options policy-statement export-lo term lo0 then accept | ||
+ | set policy-options policy-statement lbpp term lb then load-balance per-packet | ||
+ | ## Setting the underlay network### | ||
+ | set protocols bgp group underlay authentication-key password1 | ||
+ | set protocols bgp group underlay export export-lo | ||
+ | set protocols bgp group underlay multipath multiple-as | ||
+ | set protocols bgp group underlay neighbor 172.16.1.1 peer-as 65030 | ||
+ | set protocols bgp group underlay neighbor 172.16.1.5 peer-as 65031 | ||
+ | ## edit routing-options | ||
+ | set routing-options forwarding-table export lbpp | ||
+ | set routing-options router-id 10.0.1.24 | ||
+ | set routing-options autonomous-system 65032 | ||
+ | ## Edit interface lo0 | ||
+ | set interfaces lo0 unit 0 family inet address 10.0.1.24/32 | ||
+ | ## INTERFACE CONFIGURATION | ||
+ | delete interfaces xe-0/0/0 unit 0 family inet dhcp | ||
+ | delete interfaces xe-0/0/1 unit 0 family inet dhcp | ||
+ | set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.2/30 | ||
+ | set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/0 | ||
+ | set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.6/30 | ||
+ | set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/0 | ||
+ | ##EVPN-VXLAN setup ### | ||
+ | set protocols evpn encapsulation vxlan | ||
+ | set protocols evpn multicast-mode ingress-replication | ||
+ | set protocols evpn extended-vni-list 10200 | ||
+ | set protocols evpn extended-vni-list 10300 | ||
+ | set protocols evpn extended-vni-list 10400 | ||
+ | set protocols evpn extended-vni-list 10500 | ||
+ | set switch-options vtep-source-interface lo0.0 | ||
+ | set switch-options route-distinguisher 10.0.1.24:1 | ||
+ | set switch-options vrf-target target:65400:1 | ||
+ | ##Setup VLANS | ||
+ | set vlans private1-a vlan-id 200 vxlan vni 10200 | ||
+ | set vlans private1-b vlan-id 300 vxlan vni 10300 | ||
+ | set vlans private1-c vlan-id 400 vxlan vni 10400 | ||
+ | set vlans private1-d vlan-id 500 vxlan vni 10500 | ||
+ | ##Set interface to access mode for the servers | ||
+ | delete interfaces xe-0/0/2 unit 0 | ||
+ | set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access | ||
+ | set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members private1-a | ||
+ | # Overlay network on leaf 1### | ||
+ | set protocols bgp group overlay type internal | ||
+ | set protocols bgp group overlay local-address 10.0.1.24 | ||
+ | set protocols bgp group overlay family evpn signaling | ||
+ | set protocols bgp group overlay local-as 65400 | ||
+ | set protocols bgp group overlay authentication-key password1 | ||
+ | set protocols bgp group overlay multipath | ||
+ | set protocols bgp group overlay neighbor 10.0.1.25 description lsw2 | ||
+ | set protocols bgp group overlay neighbor 10.0.1.26 description lsw3 | ||
+ | set protocols bgp group overlay neighbor 10.0.1.27 description lsw4 | ||
+ | # irb interfaces setup | ||
+ | set interface irb unit 200 family inet address 10.192.80.1/22 virtual-gateway-address 10.192.80.254 | ||
+ | set interfaces irb unit 200 virtual-gateway-accept-data | ||
+ | set interface irb unit 300 family inet address 10.192.96.1/22 virtual-gateway-address 10.192.96.254 | ||
+ | set interfaces irb unit 300 virtual-gateway-accept-data | ||
+ | set interface irb unit 400 family inet address 10.192.112.1/22 virtual-gateway-address 10.192.112.254 | ||
+ | set interfaces irb unit 400 virtual-gateway-accept-data | ||
+ | set interface irb unit 500 family inet address 10.192.128.1/22 virtual-gateway-address 10.192.128.254 | ||
+ | set interfaces irb unit 500 virtual-gateway-accept-data | ||
+ | #add irb interface for each vlan | ||
+ | set vlans private1-a l3-interface irb.200 | ||
+ | set vlans private1-b l3-interface irb.300 | ||
+ | set vlans private1-c l3-interface irb.400 | ||
+ | set vlans private1-d l3-interface irb.500 | ||
+ | set vlans private1-a vxlan ingress-node-replication | ||
+ | set vlans private1-b vxlan ingress-node-replication | ||
+ | set vlans private1-c vxlan ingress-node-replication | ||
+ | set vlans private1-d vxlan ingress-node-replication | ||
+ | |||
+ | ===leaf2 configuration=== | ||
+ | |||
+ | #basic configuration | ||
+ | set system host-name lsw2 | ||
+ | ## Edit policy-options | ||
+ | set policy-options policy-statement export-lo term lo0 from protocol direct | ||
+ | set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.25/32 exact | ||
+ | set policy-options policy-statement export-lo term lo0 then accept | ||
+ | set policy-options policy-statement lbpp term lb then load-balance per-packet | ||
+ | #Setting the underlay network### | ||
+ | set protocols bgp group underlay authentication-key password1 | ||
+ | set protocols bgp group underlay export export-lo | ||
+ | set protocols bgp group underlay multipath multiple-as | ||
+ | set protocols bgp group underlay neighbor 172.16.1.9 peer-as 65030 | ||
+ | set protocols bgp group underlay neighbor 172.16.1.13 peer-as 65031 | ||
+ | ## edit routing-options | ||
+ | set routing-options forwarding-table export lbpp | ||
+ | set routing-options router-id 10.0.1.25 | ||
+ | set routing-options autonomous-system 65033 | ||
+ | ## Edit interface lo0 | ||
+ | set interfaces lo0 unit 0 family inet address 10.0.1.25/32 | ||
+ | ## INTERFACE CONFIGURATION | ||
+ | delete interfaces xe-0/0/0 unit 0 family inet dhcp | ||
+ | delete interfaces xe-0/0/1 unit 0 family inet dhcp | ||
+ | set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.10/30 | ||
+ | set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/1 | ||
+ | set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.14/30 | ||
+ | set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/1 | ||
+ | ##EVPN-VXLAN setup ### | ||
+ | set protocols evpn encapsulation vxlan | ||
+ | set protocols evpn multicast-mode ingress-replication | ||
+ | set protocols evpn extended-vni-list 10200 | ||
+ | set protocols evpn extended-vni-list 10300 | ||
+ | set protocols evpn extended-vni-list 10400 | ||
+ | set protocols evpn extended-vni-list 10500 | ||
+ | set switch-options vtep-source-interface lo0.0 | ||
+ | set switch-options route-distinguisher 10.0.1.25:1 | ||
+ | set switch-options vrf-target target:65400:1 | ||
+ | ##Setup VLANS | ||
+ | set vlans private1-a vlan-id 200 vxlan vni 10200 | ||
+ | set vlans private1-b vlan-id 300 vxlan vni 10300 | ||
+ | set vlans private1-c vlan-id 400 vxlan vni 10400 | ||
+ | set vlans private1-d vlan-id 500 vxlan vni 10500 | ||
+ | ##Set interface to access mode for the servers | ||
+ | delete interfaces xe-0/0/2 unit 0 | ||
+ | set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access | ||
+ | set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members private1-b | ||
+ | # Overlay network on leaf 2### | ||
+ | set protocols bgp group overlay type internal | ||
+ | set protocols bgp group overlay local-address 10.0.1.25 | ||
+ | set protocols bgp group overlay family evpn signaling | ||
+ | set protocols bgp group overlay local-as 65400 | ||
+ | set protocols bgp group overlay authentication-key password1 | ||
+ | set protocols bgp group overlay multipath | ||
+ | set protocols bgp group overlay neighbor 10.0.1.24 description lsw1 | ||
+ | set protocols bgp group overlay neighbor 10.0.1.26 descripion lsw3 | ||
+ | set protocols bgp group overlay neighbor 10.0.1.27 description lsw4 | ||
+ | # irb interfaces setup | ||
+ | set interface irb unit 200 family inet address 10.192.80.1/22 virtual-gateway-address 10.192.80.254 | ||
+ | set interfaces irb unit 200 virtual-gateway-accept-data | ||
+ | set interface irb unit 300 family inet address 10.192.96.1/22 virtual-gateway-address 10.192.96.254 | ||
+ | set interfaces irb unit 300 virtual-gateway-accept-data | ||
+ | set interface irb unit 400 family inet address 10.192.112.1/22 virtual-gateway-address 10.192.112.254 | ||
+ | set interfaces irb unit 400 virtual-gateway-accept-data | ||
+ | set interface irb unit 500 family inet address 10.192.128.1/22 virtual-gateway-address 10.192.128.254 | ||
+ | set interfaces irb unit 500 virtual-gateway-accept-data | ||
+ | #add irb interface for each vlan | ||
+ | set vlans private1-a l3-interface irb.200 | ||
+ | set vlans private1-b l3-interface irb.300 | ||
+ | set vlans private1-c l3-interface irb.400 | ||
+ | set vlans private1-d l3-interface irb.500 | ||
+ | set vlans private1-a vxlan ingress-node-replication | ||
+ | set vlans private1-b vxlan ingress-node-replication | ||
+ | set vlans private1-c vxlan ingress-node-replication | ||
+ | set vlans private1-d vxlan ingress-node-replication | ||
+ | |||
+ | ===leaf3 configutation=== | ||
+ | |||
+ | #basic configuration | ||
+ | set system host-name lsw3 | ||
+ | ## Edit policy-options | ||
+ | set policy-options policy-statement export-lo term lo0 from protocol direct | ||
+ | set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.26/32 exact | ||
+ | set policy-options policy-statement export-lo term lo0 then accept | ||
+ | set policy-options policy-statement lbpp term lb then load-balance per-packet | ||
+ | #Setting the underlay network### | ||
+ | set protocols bgp group underlay authentication-key password1 | ||
+ | set protocols bgp group underlay export export-lo | ||
+ | set protocols bgp group underlay multipath multiple-as | ||
+ | set protocols bgp group underlay neighbor 172.16.1.17 peer-as 65030 | ||
+ | set protocols bgp group underlay neighbor 172.16.1.21 peer-as 65031 | ||
+ | ## edit routing-options | ||
+ | set routing-options forwarding-table export lbpp | ||
+ | set routing-options router-id 10.0.1.26 | ||
+ | set routing-options autonomous-system 65034 | ||
+ | ## Edit interface lo0 | ||
+ | set interfaces lo0 unit 0 family inet address 10.0.1.26/32 | ||
+ | ## INTERFACE CONFIGURATION | ||
+ | delete interfaces xe-0/0/0 unit 0 family inet dhcp | ||
+ | delete interfaces xe-0/0/1 unit 0 family inet dhcp | ||
+ | set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.18/30 | ||
+ | set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/1 | ||
+ | set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.22/30 | ||
+ | set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/1 | ||
+ | ## INTERFACE CONFIGURATION | ||
+ | delete interfaces xe-0/0/0 unit 0 family inet dhcp | ||
+ | delete interfaces xe-0/0/1 unit 0 family inet dhcp | ||
+ | set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.18/30 | ||
+ | set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/1 | ||
+ | set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.22/30 | ||
+ | set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/1 | ||
+ | ##EVPN-VXLAN setup ### | ||
+ | set protocols evpn encapsulation vxlan | ||
+ | set protocols evpn multicast-mode ingress-replication | ||
+ | set protocols evpn extended-vni-list 10200 | ||
+ | set protocols evpn extended-vni-list 10300 | ||
+ | set protocols evpn extended-vni-list 10400 | ||
+ | set protocols evpn extended-vni-list 10500 | ||
+ | set switch-options vtep-source-interface lo0.0 | ||
+ | set switch-options route-distinguisher 10.0.1.26:1 | ||
+ | set switch-options vrf-target target:65400:1 | ||
+ | ##Setup VLANS | ||
+ | set vlans private1-a vlan-id 200 vxlan vni 10200 | ||
+ | set vlans private1-b vlan-id 300 vxlan vni 10300 | ||
+ | set vlans private1-c vlan-id 400 vxlan vni 10400 | ||
+ | set vlans private1-d vlan-id 500 vxlan vni 10500 | ||
+ | ##Set interface to access mode for the servers | ||
+ | delete interfaces xe-0/0/2 unit 0 | ||
+ | set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access | ||
+ | set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members private1-c | ||
+ | set protocols bgp group overlay type internal | ||
+ | set protocols bgp group overlay local-address 10.0.1.26 | ||
+ | set protocols bgp group overlay family evpn signaling | ||
+ | set protocols bgp group overlay local-as 65400 | ||
+ | set protocols bgp group overlay authentication-key password1 | ||
+ | set protocols bgp group overlay multipath | ||
+ | set protocols bgp group overlay neighbor 10.0.1.24 description lsw1 | ||
+ | set protocols bgp group overlay neighbor 10.0.1.25 description lsw2 | ||
+ | set protocols bgp group overlay neighbor 10.0.1.27 description lsw4 | ||
+ | # irb interfaces setup | ||
+ | set interface irb unit 200 family inet address 10.192.80.1/22 virtual-gateway-address 10.192.80.254 | ||
+ | set interfaces irb unit 200 virtual-gateway-accept-data | ||
+ | set interface irb unit 300 family inet address 10.192.96.1/22 virtual-gateway-address 10.192.96.254 | ||
+ | set interfaces irb unit 300 virtual-gateway-accept-data | ||
+ | set interface irb unit 400 family inet address 10.192.112.1/22 virtual-gateway-address 10.192.112.254 | ||
+ | set interfaces irb unit 400 virtual-gateway-accept-data | ||
+ | set interface irb unit 500 family inet address 10.192.128.1/22 virtual-gateway-address 10.192.128.254 | ||
+ | set interfaces irb unit 500 virtual-gateway-accept-data | ||
+ | #add irb interface for each vlan | ||
+ | set vlans private1-a l3-interface irb.200 | ||
+ | set vlans private1-b l3-interface irb.300 | ||
+ | set vlans private1-c l3-interface irb.400 | ||
+ | set vlans private1-d l3-interface irb.500 | ||
+ | set vlans private1-a vxlan ingress-node-replication | ||
+ | set vlans private1-b vxlan ingress-node-replication | ||
+ | set vlans private1-c vxlan ingress-node-replication | ||
+ | set vlans private1-d vxlan ingress-node-replication | ||
+ | |||
+ | ===leaf4 configuration=== | ||
+ | |||
+ | #basic configuration | ||
+ | set system host-name lsw4 | ||
+ | ## Edit policy-options | ||
+ | set policy-options policy-statement export-lo term lo0 from protocol direct | ||
+ | set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.27/32 exact | ||
+ | set policy-options policy-statement export-lo term lo0 then accept | ||
+ | set policy-options policy-statement lbpp term lb then load-balance per-packet | ||
+ | #Setting the underlay network### | ||
+ | set protocols bgp group underlay authentication-key password1 | ||
+ | set protocols bgp group underlay export export-lo | ||
+ | set protocols bgp group underlay multipath multiple-as | ||
+ | set protocols bgp group underlay neighbor 172.16.1.25 peer-as 65030 description spine1 | ||
+ | set protocols bgp group underlay neighbor 172.16.1.29 peer-as 65031 description spine2 | ||
+ | ## edit routing-options | ||
+ | set routing-options forwarding-table export lbpp | ||
+ | set routing-options router-id 10.0.1.27 | ||
+ | set routing-options autonomous-system 65035 | ||
+ | ## Edit interface lo0 | ||
+ | set interfaces lo0 unit 0 family inet address 10.0.1.27/32 | ||
+ | ## INTERFACE CONFIGUATION | ||
+ | delete interfaces xe-0/0/0 unit 0 family inet dhcp | ||
+ | delete interfaces xe-0/0/1 unit 0 family inet dhcp | ||
+ | set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.26/30 | ||
+ | set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/3 | ||
+ | set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.30/30 | ||
+ | set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/3 | ||
+ | ##EVPN-VXLAN setup ### | ||
+ | set protocols evpn encapsulation vxlan | ||
+ | set protocols evpn multicast-mode ingress-replication | ||
+ | set protocols evpn extended-vni-list 10200 | ||
+ | set protocols evpn extended-vni-list 10300 | ||
+ | set protocols evpn extended-vni-list 10400 | ||
+ | set protocols evpn extended-vni-list 10500 | ||
+ | set switch-options vtep-source-interface lo0.0 | ||
+ | set switch-options route-distinguisher 10.0.1.27:1 | ||
+ | set switch-options vrf-target target:65400:1 | ||
+ | ##Setup VLANS | ||
+ | set vlans private1-a vlan-id 200 vxlan vni 10200 | ||
+ | set vlans private1-b vlan-id 300 vxlan vni 10300 | ||
+ | set vlans private1-c vlan-id 400 vxlan vni 10400 | ||
+ | set vlans private1-d vlan-id 500 vxlan vni 10500 | ||
+ | ##Set interface to access mode for the servers | ||
+ | delete interfaces xe-0/0/2 unit 0 | ||
+ | set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access | ||
+ | set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members private1-d | ||
+ | set protocols bgp group overlay type internal | ||
+ | set protocols bgp group overlay local-address 10.0.1.27 | ||
+ | set protocols bgp group overlay family evpn signaling | ||
+ | set protocols bgp group overlay local-as 65400 | ||
+ | set protocols bgp group overlay authentication-key password1 | ||
+ | set protocols bgp group overlay multipath | ||
+ | set protocols bgp group overlay neighbor 10.0.1.24 description lsw1 | ||
+ | set protocols bgp group overlay neighbor 10.0.1.25 description lsw2 | ||
+ | set protocols bgp group overlay neighbor 10.0.1.26 description lsw3 | ||
+ | # irb interfaces setup | ||
+ | set interface irb unit 200 family inet address 10.192.80.1/22 virtual-gateway-address 10.192.80.254 | ||
+ | set interfaces irb unit 200 virtual-gateway-accept-data | ||
+ | set interface irb unit 300 family inet address 10.192.96.1/22 virtual-gateway-address 10.192.96.254 | ||
+ | set interfaces irb unit 300 virtual-gateway-accept-data | ||
+ | set interface irb unit 400 family inet address 10.192.112.1/22 virtual-gateway-address 10.192.112.254 | ||
+ | set interfaces irb unit 400 virtual-gateway-accept-data | ||
+ | set interface irb unit 500 family inet address 10.192.128.1/22 virtual-gateway-address 10.192.128.254 | ||
+ | set interfaces irb unit 500 virtual-gateway-accept-data | ||
+ | #add irb interface for each vlan | ||
+ | set vlans private1-a l3-interface irb.200 | ||
+ | set vlans private1-b l3-interface irb.300 | ||
+ | set vlans private1-c l3-interface irb.400 | ||
+ | set vlans private1-d l3-interface irb.500 | ||
+ | set vlans private1-a vxlan ingress-node-replication | ||
+ | set vlans private1-b vxlan ingress-node-replication | ||
+ | set vlans private1-c vxlan ingress-node-replication | ||
+ | set vlans private1-d vxlan ingress-node-replication | ||
+ | |||
+ | ==Checking and testing== | ||
+ | |||
+ | ===spine1 BGP=== | ||
+ | root@spine1> show bgp summary | ||
+ | Threading mode: BGP I/O | ||
+ | Groups: 1 Peers: 4 Down peers: 0 | ||
+ | Table Tot Paths Act Paths Suppressed History Damp State Pending | ||
+ | inet.0 | ||
+ | 26 24 0 0 0 0 | ||
+ | Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... | ||
+ | 172.16.1.2 65032 2648 2657 0 0 20:05:01 Establ | ||
+ | inet.0: 6/7/7/0 | ||
+ | 172.16.1.10 65033 2654 2658 0 0 20:05:03 Establ | ||
+ | inet.0: 6/7/7/0 | ||
+ | 172.16.1.18 65034 2647 2658 0 0 20:04:53 Establ | ||
+ | inet.0: 6/6/6/0 | ||
+ | 172.16.1.26 65035 2647 2659 0 0 20:04:49 Establ | ||
+ | inet.0: 6/6/6/0 | ||
+ | |||
+ | We can see that the BGP section from spine 1 to all the 4 leaves is up. | ||
+ | |||
+ | ===spine2 BGP=== | ||
+ | |||
+ | root@spine2> show bgp summary | ||
+ | Threading mode: BGP I/O | ||
+ | Groups: 1 Peers: 4 Down peers: 0 | ||
+ | Table Tot Paths Act Paths Suppressed History Damp State Pending | ||
+ | inet.0 | ||
+ | 34 24 0 0 0 0 | ||
+ | Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... | ||
+ | 172.16.1.6 65032 2660 2669 0 1 20:08:41 Establ | ||
+ | inet.0: 6/8/8/0 | ||
+ | 172.16.1.14 65033 2664 2666 0 0 20:08:42 Establ | ||
+ | inet.0: 6/8/8/0 | ||
+ | 172.16.1.22 65034 2662 2668 0 1 20:08:39 Establ | ||
+ | inet.0: 6/9/9/0 | ||
+ | 172.16.1.30 65035 2660 2669 0 1 20:08:41 Establ | ||
+ | inet.0: 6/9/9/0 | ||
+ | |||
+ | ===leaf1 BGP=== | ||
+ | |||
+ | root@leaf1> show bgp summary | ||
+ | Threading mode: BGP I/O | ||
+ | Groups: 2 Peers: 5 Down peers: 0 | ||
+ | Table Tot Paths Act Paths Suppressed History Damp State Pending | ||
+ | bgp.evpn.0 | ||
+ | 78 78 0 0 0 0 | ||
+ | inet.0 | ||
+ | 32 16 0 0 0 0 | ||
+ | Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... | ||
+ | 10.0.1.25 65400 2680 2665 0 2 20:07:21 Establ | ||
+ | __default_evpn__.evpn.0: 0/0/0/0 | ||
+ | bgp.evpn.0: 26/26/26/0 | ||
+ | default-switch.evpn.0: 26/26/26/0 | ||
+ | 10.0.1.26 65400 2679 2674 0 3 20:10:56 Establ | ||
+ | __default_evpn__.evpn.0: 0/0/0/0 | ||
+ | bgp.evpn.0: 26/26/26/0 | ||
+ | default-switch.evpn.0: 26/26/26/0 | ||
+ | 10.0.1.27 65400 2687 2673 0 3 20:10:49 Establ | ||
+ | __default_evpn__.evpn.0: 0/0/0/0 | ||
+ | bgp.evpn.0: 26/26/26/0 | ||
+ | default-switch.evpn.0: 26/26/26/0 | ||
+ | 172.16.1.1 65030 2672 2661 0 1 20:11:06 Establ | ||
+ | inet.0: 8/16/16/0 | ||
+ | 172.16.1.5 65031 2674 2663 0 3 20:10:53 Establ | ||
+ | inet.0: 8/16/16/0 | ||
+ | |||
+ | leaf1 BGP section is different from spine1/2 section since we have 2 peering groups | ||
+ | |||
+ | - leaf1 to spine1/2 section | ||
+ | |||
+ | - leaf1 to leaf2, leaf3 and leaf4 section using the loopback interface of those switches | ||
+ | |||
+ | BGP section for leaf2, leaf3 and leaf4 will be the same as leaf1. | ||
+ | |||
+ | ===checking ECMP=== | ||
+ | root@leaf1> show route forwarding-table destination 10.0.1.27 | ||
+ | Routing table: default.inet | ||
+ | Internet: | ||
+ | Destination Type RtRef Next hop Type Index NhRef Netif | ||
+ | 10.0.1.27/32 user 1 ulst 131071 10 | ||
+ | 172.16.1.1 ucst 1752 9 xe-0/0/0.0 | ||
+ | 172.16.1.5 ucst 1753 9 xe-0/0/1.0 | ||
+ | Routing table: __master.anon__.inet | ||
+ | Internet: | ||
+ | Destination Type RtRef Next hop Type Index NhRef Netif | ||
+ | default perm 0 rjct 1666 1 | ||
+ | Routing table: __juniper_services__.inet | ||
+ | Internet: | ||
+ | Destination Type RtRef Next hop Type Index NhRef Netif | ||
+ | default perm 0 dscd 1688 2 | ||
+ | Routing table: __pfe_private__.inet | ||
+ | Internet: | ||
+ | Destination Type RtRef Next hop Type Index NhRef Netif | ||
+ | default perm 0 dscd 1701 2 | ||
+ | Routing table: :vxlan.inet | ||
+ | Internet: | ||
+ | Destination Type RtRef Next hop Type Index NhRef Netif | ||
+ | 10.0.1.27/32 user 0 indr 131073 3 | ||
+ | ulst 131071 10 | ||
+ | 172.16.1.1 ucst 1752 9 xe-0/0/0.0 | ||
+ | 172.16.1.5 ucst 1753 9 xe-0/0/1.0 | ||
+ | |||
+ | leaf1 has two(2) equal paths to get to leaf4; by using spine1 (172.16.1.1) on interface xe-0/0/0 or spine2 (172.16.1.5) on interface xe-0/0/1. The output below shows the default path leaf1 is using to get to leaf4 | ||
+ | |||
+ | root@leaf1> show route protocol bgp | ||
+ | inet.0: 36 destinations, 55 routes (36 active, 0 holddown, 0 hidden) | ||
+ | + = Active Route, - = Last Active, * = Both | ||
+ | ---- | ||
+ | ----- | ||
+ | ----- | ||
+ | 10.0.1.27/32 *[BGP/170] 21:08:48, localpref 100, from 172.16.1.5 | ||
+ | AS path: 65031 65035 I, validation-state: unverified | ||
+ | > to 172.16.1.1 via xe-0/0/0.0 | ||
+ | to 172.16.1.5 via xe-0/0/1.0 | ||
+ | [BGP/170] 21:08:48, localpref 100 | ||
+ | AS path: 65030 65035 I, validation-state: unverified | ||
+ | > to 172.16.1.1 via xe-0/0/0.0 | ||
+ | |||
+ | === Ping from leaf1 to leaf4 loopback address=== | ||
+ | root@leaf1> ping 10.0.1.27 | ||
+ | PING 10.0.1.27 (10.0.1.27): 56 data bytes | ||
+ | 64 bytes from 10.0.1.27: icmp_seq=0 ttl=63 time=118.906 ms | ||
+ | 64 bytes from 10.0.1.27: icmp_seq=1 ttl=63 time=116.724 ms |
Latest revision as of 21:13, 26 December 2021
Goal
In this tutorial we will setup a spine/leaf topology with 2 spines and 4 leaves. The goal is to configure EVPN-VXLAN
Prerequisites
For this tutorial I am using :
- EVE-NG 2.0.3-112
- VQFX model: vqfx-10000 running JUNOS 19.4R1.10
- spine1: ASN:65030
- spine2: ASN:65031
- leaf1: ASN:65032 in row A using 10.192.80.0/22 network
- leaf2: ASN:65033 in row B using 10.192.96.0/22 network
- leaf3: ASN:65034 in row C using 10.192.112.0/22 network
- leaf4: ASN:65035 in row D using 10.192.128.0/22 network
- 4 servers one in each row for testing communication
Diagram
Setup and Configuration
Spine1 configuration
##basic configuration set system host-name spine1 ## Edit policy-options set policy-options policy-statement export-lo term lo0 from protocol direct set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.13/32 exact set policy-options policy-statement export-lo term lo0 then accept set policy-options policy-statement lbpp term lb then load-balance per-packet ## #Setting the underlay network### set protocols bgp group underlay authentication-key password1 set protocols bgp group underlay export export-lo set protocols bgp group underlay multipath multiple-as set protocols bgp group underlay neighbor 172.16.1.2 peer-as 65032 description lsw1 set protocols bgp group underlay neighbor 172.16.1.10 peer-as 65033 description lsw2 set protocols bgp group underlay neighbor 172.16.1.18 peer-as 65034 description lsw3 set protocols bgp group underlay neighbor 172.16.1.26 peer-as 65035 description lsw4 ## edit routing-options set routing-options forwarding-table export lbpp set routing-options router-id 10.0.1.13 set routing-options autonomous-system 65030 ## Edit interface lo0 set interfaces lo0 unit 0 family inet address 10.0.1.13/32 ## INTERFACE CONFIGURATION delete interfaces xe-0/0/0 unit 0 family inet dhcp delete interfaces xe-0/0/1 unit 0 family inet dhcp delete interfaces xe-0/0/2 unit 0 family inet dhcp delete interfaces xe-0/0/3 unit 0 family inet dhcp set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.1/30 set interfaces xe-0/0/0 description link_to_leaf1_xe-0/0/0 set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.9/30 set interfaces xe-0/0/1 description link_to_leaf2_xe-0/0/0 set interfaces xe-0/0/2 unit 0 family inet address 172.16.1.17/30 set interfaces xe-0/0/2 description link_to_leaf3_xe-0/0/0 set interfaces xe-0/0/3 unit 0 family inet address 172.16.1.25/30 set interfaces xe-0/0/3 description link_to_asw-d1_xe-0/0/0
Spine2 configuration
## basic configuration set system host-name spine2 ## Edit policy-options set policy-options policy-statement export-lo term lo0 from protocol direct set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.14/32 exact set policy-options policy-statement export-lo term lo0 then accept set policy-options policy-statement lbpp term lb then load-balance per-packet ## Setting the underlay network### set protocols bgp group underlay authentication-key password1 set protocols bgp group underlay export export-lo set protocols bgp group underlay multipath multiple-as set protocols bgp group underlay neighbor 172.16.1.6 peer-as 65032 description lsw1 set protocols bgp group underlay neighbor 172.16.1.14 peer-as 65033 description lsw2 set protocols bgp group underlay neighbor 172.16.1.22 peer-as 65034 description lsw3 set protocols bgp group underlay neighbor 172.16.1.30 peer-as 65035 description lsw4 ## edit routing-options set routing-options forwarding-table export lbpp set routing-options router-id 10.0.1.14 set routing-options autonomous-system 65031 ## Edit interface lo0 set interfaces lo0 unit 0 family inet address 10.0.1.14/32 delete interfaces xe-0/0/0 unit 0 family inet dhcp delete interfaces xe-0/0/1 unit 0 family inet dhcp delete interfaces xe-0/0/2 unit 0 family inet dhcp delete interfaces xe-0/0/3 unit 0 family inet dhcp set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.5/30 set interfaces xe-0/0/0 description link_to_leaf1_xe-0/0/1 set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.13/30 set interfaces xe-0/0/1 description link_to_leaf2_xe-0/0/1 set interfaces xe-0/0/2 unit 0 family inet address 172.16.1.21/30 set interfaces xe-0/0/2 description link_to_leaf3_xe-0/0/1 set interfaces xe-0/0/3 unit 0 family inet address 172.16.1.29/30 set interfaces xe-0/0/3 description link_to_asw-d1_xe-0/0/1
leaf1 configuration
##basic configuration set system host-name lsw1 ## Edit policy set policy-options policy-statement export-lo term lo0 from protocol direct set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.24/32 exact set policy-options policy-statement export-lo term lo0 then accept set policy-options policy-statement lbpp term lb then load-balance per-packet ## Setting the underlay network### set protocols bgp group underlay authentication-key password1 set protocols bgp group underlay export export-lo set protocols bgp group underlay multipath multiple-as set protocols bgp group underlay neighbor 172.16.1.1 peer-as 65030 set protocols bgp group underlay neighbor 172.16.1.5 peer-as 65031 ## edit routing-options set routing-options forwarding-table export lbpp set routing-options router-id 10.0.1.24 set routing-options autonomous-system 65032 ## Edit interface lo0 set interfaces lo0 unit 0 family inet address 10.0.1.24/32 ## INTERFACE CONFIGURATION delete interfaces xe-0/0/0 unit 0 family inet dhcp delete interfaces xe-0/0/1 unit 0 family inet dhcp set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.2/30 set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/0 set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.6/30 set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/0 ##EVPN-VXLAN setup ### set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication set protocols evpn extended-vni-list 10200 set protocols evpn extended-vni-list 10300 set protocols evpn extended-vni-list 10400 set protocols evpn extended-vni-list 10500 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.0.1.24:1 set switch-options vrf-target target:65400:1 ##Setup VLANS set vlans private1-a vlan-id 200 vxlan vni 10200 set vlans private1-b vlan-id 300 vxlan vni 10300 set vlans private1-c vlan-id 400 vxlan vni 10400 set vlans private1-d vlan-id 500 vxlan vni 10500 ##Set interface to access mode for the servers delete interfaces xe-0/0/2 unit 0 set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members private1-a # Overlay network on leaf 1### set protocols bgp group overlay type internal set protocols bgp group overlay local-address 10.0.1.24 set protocols bgp group overlay family evpn signaling set protocols bgp group overlay local-as 65400 set protocols bgp group overlay authentication-key password1 set protocols bgp group overlay multipath set protocols bgp group overlay neighbor 10.0.1.25 description lsw2 set protocols bgp group overlay neighbor 10.0.1.26 description lsw3 set protocols bgp group overlay neighbor 10.0.1.27 description lsw4 # irb interfaces setup set interface irb unit 200 family inet address 10.192.80.1/22 virtual-gateway-address 10.192.80.254 set interfaces irb unit 200 virtual-gateway-accept-data set interface irb unit 300 family inet address 10.192.96.1/22 virtual-gateway-address 10.192.96.254 set interfaces irb unit 300 virtual-gateway-accept-data set interface irb unit 400 family inet address 10.192.112.1/22 virtual-gateway-address 10.192.112.254 set interfaces irb unit 400 virtual-gateway-accept-data set interface irb unit 500 family inet address 10.192.128.1/22 virtual-gateway-address 10.192.128.254 set interfaces irb unit 500 virtual-gateway-accept-data #add irb interface for each vlan set vlans private1-a l3-interface irb.200 set vlans private1-b l3-interface irb.300 set vlans private1-c l3-interface irb.400 set vlans private1-d l3-interface irb.500 set vlans private1-a vxlan ingress-node-replication set vlans private1-b vxlan ingress-node-replication set vlans private1-c vxlan ingress-node-replication set vlans private1-d vxlan ingress-node-replication
leaf2 configuration
#basic configuration set system host-name lsw2 ## Edit policy-options set policy-options policy-statement export-lo term lo0 from protocol direct set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.25/32 exact set policy-options policy-statement export-lo term lo0 then accept set policy-options policy-statement lbpp term lb then load-balance per-packet #Setting the underlay network### set protocols bgp group underlay authentication-key password1 set protocols bgp group underlay export export-lo set protocols bgp group underlay multipath multiple-as set protocols bgp group underlay neighbor 172.16.1.9 peer-as 65030 set protocols bgp group underlay neighbor 172.16.1.13 peer-as 65031 ## edit routing-options set routing-options forwarding-table export lbpp set routing-options router-id 10.0.1.25 set routing-options autonomous-system 65033 ## Edit interface lo0 set interfaces lo0 unit 0 family inet address 10.0.1.25/32 ## INTERFACE CONFIGURATION delete interfaces xe-0/0/0 unit 0 family inet dhcp delete interfaces xe-0/0/1 unit 0 family inet dhcp set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.10/30 set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/1 set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.14/30 set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/1 ##EVPN-VXLAN setup ### set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication set protocols evpn extended-vni-list 10200 set protocols evpn extended-vni-list 10300 set protocols evpn extended-vni-list 10400 set protocols evpn extended-vni-list 10500 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.0.1.25:1 set switch-options vrf-target target:65400:1 ##Setup VLANS set vlans private1-a vlan-id 200 vxlan vni 10200 set vlans private1-b vlan-id 300 vxlan vni 10300 set vlans private1-c vlan-id 400 vxlan vni 10400 set vlans private1-d vlan-id 500 vxlan vni 10500 ##Set interface to access mode for the servers delete interfaces xe-0/0/2 unit 0 set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members private1-b # Overlay network on leaf 2### set protocols bgp group overlay type internal set protocols bgp group overlay local-address 10.0.1.25 set protocols bgp group overlay family evpn signaling set protocols bgp group overlay local-as 65400 set protocols bgp group overlay authentication-key password1 set protocols bgp group overlay multipath set protocols bgp group overlay neighbor 10.0.1.24 description lsw1 set protocols bgp group overlay neighbor 10.0.1.26 descripion lsw3 set protocols bgp group overlay neighbor 10.0.1.27 description lsw4 # irb interfaces setup set interface irb unit 200 family inet address 10.192.80.1/22 virtual-gateway-address 10.192.80.254 set interfaces irb unit 200 virtual-gateway-accept-data set interface irb unit 300 family inet address 10.192.96.1/22 virtual-gateway-address 10.192.96.254 set interfaces irb unit 300 virtual-gateway-accept-data set interface irb unit 400 family inet address 10.192.112.1/22 virtual-gateway-address 10.192.112.254 set interfaces irb unit 400 virtual-gateway-accept-data set interface irb unit 500 family inet address 10.192.128.1/22 virtual-gateway-address 10.192.128.254 set interfaces irb unit 500 virtual-gateway-accept-data #add irb interface for each vlan set vlans private1-a l3-interface irb.200 set vlans private1-b l3-interface irb.300 set vlans private1-c l3-interface irb.400 set vlans private1-d l3-interface irb.500 set vlans private1-a vxlan ingress-node-replication set vlans private1-b vxlan ingress-node-replication set vlans private1-c vxlan ingress-node-replication set vlans private1-d vxlan ingress-node-replication
leaf3 configutation
#basic configuration set system host-name lsw3 ## Edit policy-options set policy-options policy-statement export-lo term lo0 from protocol direct set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.26/32 exact set policy-options policy-statement export-lo term lo0 then accept set policy-options policy-statement lbpp term lb then load-balance per-packet #Setting the underlay network### set protocols bgp group underlay authentication-key password1 set protocols bgp group underlay export export-lo set protocols bgp group underlay multipath multiple-as set protocols bgp group underlay neighbor 172.16.1.17 peer-as 65030 set protocols bgp group underlay neighbor 172.16.1.21 peer-as 65031 ## edit routing-options set routing-options forwarding-table export lbpp set routing-options router-id 10.0.1.26 set routing-options autonomous-system 65034 ## Edit interface lo0 set interfaces lo0 unit 0 family inet address 10.0.1.26/32 ## INTERFACE CONFIGURATION delete interfaces xe-0/0/0 unit 0 family inet dhcp delete interfaces xe-0/0/1 unit 0 family inet dhcp set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.18/30 set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/1 set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.22/30 set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/1 ## INTERFACE CONFIGURATION delete interfaces xe-0/0/0 unit 0 family inet dhcp delete interfaces xe-0/0/1 unit 0 family inet dhcp set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.18/30 set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/1 set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.22/30 set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/1 ##EVPN-VXLAN setup ### set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication set protocols evpn extended-vni-list 10200 set protocols evpn extended-vni-list 10300 set protocols evpn extended-vni-list 10400 set protocols evpn extended-vni-list 10500 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.0.1.26:1 set switch-options vrf-target target:65400:1 ##Setup VLANS set vlans private1-a vlan-id 200 vxlan vni 10200 set vlans private1-b vlan-id 300 vxlan vni 10300 set vlans private1-c vlan-id 400 vxlan vni 10400 set vlans private1-d vlan-id 500 vxlan vni 10500 ##Set interface to access mode for the servers delete interfaces xe-0/0/2 unit 0 set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members private1-c set protocols bgp group overlay type internal set protocols bgp group overlay local-address 10.0.1.26 set protocols bgp group overlay family evpn signaling set protocols bgp group overlay local-as 65400 set protocols bgp group overlay authentication-key password1 set protocols bgp group overlay multipath set protocols bgp group overlay neighbor 10.0.1.24 description lsw1 set protocols bgp group overlay neighbor 10.0.1.25 description lsw2 set protocols bgp group overlay neighbor 10.0.1.27 description lsw4 # irb interfaces setup set interface irb unit 200 family inet address 10.192.80.1/22 virtual-gateway-address 10.192.80.254 set interfaces irb unit 200 virtual-gateway-accept-data set interface irb unit 300 family inet address 10.192.96.1/22 virtual-gateway-address 10.192.96.254 set interfaces irb unit 300 virtual-gateway-accept-data set interface irb unit 400 family inet address 10.192.112.1/22 virtual-gateway-address 10.192.112.254 set interfaces irb unit 400 virtual-gateway-accept-data set interface irb unit 500 family inet address 10.192.128.1/22 virtual-gateway-address 10.192.128.254 set interfaces irb unit 500 virtual-gateway-accept-data #add irb interface for each vlan set vlans private1-a l3-interface irb.200 set vlans private1-b l3-interface irb.300 set vlans private1-c l3-interface irb.400 set vlans private1-d l3-interface irb.500 set vlans private1-a vxlan ingress-node-replication set vlans private1-b vxlan ingress-node-replication set vlans private1-c vxlan ingress-node-replication set vlans private1-d vxlan ingress-node-replication
leaf4 configuration
#basic configuration set system host-name lsw4 ## Edit policy-options set policy-options policy-statement export-lo term lo0 from protocol direct set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.27/32 exact set policy-options policy-statement export-lo term lo0 then accept set policy-options policy-statement lbpp term lb then load-balance per-packet #Setting the underlay network### set protocols bgp group underlay authentication-key password1 set protocols bgp group underlay export export-lo set protocols bgp group underlay multipath multiple-as set protocols bgp group underlay neighbor 172.16.1.25 peer-as 65030 description spine1 set protocols bgp group underlay neighbor 172.16.1.29 peer-as 65031 description spine2 ## edit routing-options set routing-options forwarding-table export lbpp set routing-options router-id 10.0.1.27 set routing-options autonomous-system 65035 ## Edit interface lo0 set interfaces lo0 unit 0 family inet address 10.0.1.27/32 ## INTERFACE CONFIGUATION delete interfaces xe-0/0/0 unit 0 family inet dhcp delete interfaces xe-0/0/1 unit 0 family inet dhcp set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.26/30 set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/3 set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.30/30 set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/3 ##EVPN-VXLAN setup ### set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication set protocols evpn extended-vni-list 10200 set protocols evpn extended-vni-list 10300 set protocols evpn extended-vni-list 10400 set protocols evpn extended-vni-list 10500 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.0.1.27:1 set switch-options vrf-target target:65400:1 ##Setup VLANS set vlans private1-a vlan-id 200 vxlan vni 10200 set vlans private1-b vlan-id 300 vxlan vni 10300 set vlans private1-c vlan-id 400 vxlan vni 10400 set vlans private1-d vlan-id 500 vxlan vni 10500 ##Set interface to access mode for the servers delete interfaces xe-0/0/2 unit 0 set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members private1-d set protocols bgp group overlay type internal set protocols bgp group overlay local-address 10.0.1.27 set protocols bgp group overlay family evpn signaling set protocols bgp group overlay local-as 65400 set protocols bgp group overlay authentication-key password1 set protocols bgp group overlay multipath set protocols bgp group overlay neighbor 10.0.1.24 description lsw1 set protocols bgp group overlay neighbor 10.0.1.25 description lsw2 set protocols bgp group overlay neighbor 10.0.1.26 description lsw3 # irb interfaces setup set interface irb unit 200 family inet address 10.192.80.1/22 virtual-gateway-address 10.192.80.254 set interfaces irb unit 200 virtual-gateway-accept-data set interface irb unit 300 family inet address 10.192.96.1/22 virtual-gateway-address 10.192.96.254 set interfaces irb unit 300 virtual-gateway-accept-data set interface irb unit 400 family inet address 10.192.112.1/22 virtual-gateway-address 10.192.112.254 set interfaces irb unit 400 virtual-gateway-accept-data set interface irb unit 500 family inet address 10.192.128.1/22 virtual-gateway-address 10.192.128.254 set interfaces irb unit 500 virtual-gateway-accept-data #add irb interface for each vlan set vlans private1-a l3-interface irb.200 set vlans private1-b l3-interface irb.300 set vlans private1-c l3-interface irb.400 set vlans private1-d l3-interface irb.500 set vlans private1-a vxlan ingress-node-replication set vlans private1-b vxlan ingress-node-replication set vlans private1-c vxlan ingress-node-replication set vlans private1-d vxlan ingress-node-replication
Checking and testing
spine1 BGP
root@spine1> show bgp summary Threading mode: BGP I/O Groups: 1 Peers: 4 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending inet.0 26 24 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... 172.16.1.2 65032 2648 2657 0 0 20:05:01 Establ inet.0: 6/7/7/0 172.16.1.10 65033 2654 2658 0 0 20:05:03 Establ inet.0: 6/7/7/0 172.16.1.18 65034 2647 2658 0 0 20:04:53 Establ inet.0: 6/6/6/0 172.16.1.26 65035 2647 2659 0 0 20:04:49 Establ inet.0: 6/6/6/0
We can see that the BGP section from spine 1 to all the 4 leaves is up.
spine2 BGP
root@spine2> show bgp summary Threading mode: BGP I/O Groups: 1 Peers: 4 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending inet.0 34 24 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... 172.16.1.6 65032 2660 2669 0 1 20:08:41 Establ inet.0: 6/8/8/0 172.16.1.14 65033 2664 2666 0 0 20:08:42 Establ inet.0: 6/8/8/0 172.16.1.22 65034 2662 2668 0 1 20:08:39 Establ inet.0: 6/9/9/0 172.16.1.30 65035 2660 2669 0 1 20:08:41 Establ inet.0: 6/9/9/0
leaf1 BGP
root@leaf1> show bgp summary Threading mode: BGP I/O Groups: 2 Peers: 5 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending bgp.evpn.0 78 78 0 0 0 0 inet.0 32 16 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... 10.0.1.25 65400 2680 2665 0 2 20:07:21 Establ __default_evpn__.evpn.0: 0/0/0/0 bgp.evpn.0: 26/26/26/0 default-switch.evpn.0: 26/26/26/0 10.0.1.26 65400 2679 2674 0 3 20:10:56 Establ __default_evpn__.evpn.0: 0/0/0/0 bgp.evpn.0: 26/26/26/0 default-switch.evpn.0: 26/26/26/0 10.0.1.27 65400 2687 2673 0 3 20:10:49 Establ __default_evpn__.evpn.0: 0/0/0/0 bgp.evpn.0: 26/26/26/0 default-switch.evpn.0: 26/26/26/0 172.16.1.1 65030 2672 2661 0 1 20:11:06 Establ inet.0: 8/16/16/0 172.16.1.5 65031 2674 2663 0 3 20:10:53 Establ inet.0: 8/16/16/0
leaf1 BGP section is different from spine1/2 section since we have 2 peering groups
- leaf1 to spine1/2 section
- leaf1 to leaf2, leaf3 and leaf4 section using the loopback interface of those switches
BGP section for leaf2, leaf3 and leaf4 will be the same as leaf1.
checking ECMP
root@leaf1> show route forwarding-table destination 10.0.1.27 Routing table: default.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif 10.0.1.27/32 user 1 ulst 131071 10 172.16.1.1 ucst 1752 9 xe-0/0/0.0 172.16.1.5 ucst 1753 9 xe-0/0/1.0 Routing table: __master.anon__.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 rjct 1666 1 Routing table: __juniper_services__.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 dscd 1688 2 Routing table: __pfe_private__.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 dscd 1701 2 Routing table: :vxlan.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif 10.0.1.27/32 user 0 indr 131073 3 ulst 131071 10 172.16.1.1 ucst 1752 9 xe-0/0/0.0 172.16.1.5 ucst 1753 9 xe-0/0/1.0
leaf1 has two(2) equal paths to get to leaf4; by using spine1 (172.16.1.1) on interface xe-0/0/0 or spine2 (172.16.1.5) on interface xe-0/0/1. The output below shows the default path leaf1 is using to get to leaf4
root@leaf1> show route protocol bgp inet.0: 36 destinations, 55 routes (36 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both ---- ----- ----- 10.0.1.27/32 *[BGP/170] 21:08:48, localpref 100, from 172.16.1.5 AS path: 65031 65035 I, validation-state: unverified > to 172.16.1.1 via xe-0/0/0.0 to 172.16.1.5 via xe-0/0/1.0 [BGP/170] 21:08:48, localpref 100 AS path: 65030 65035 I, validation-state: unverified > to 172.16.1.1 via xe-0/0/0.0
Ping from leaf1 to leaf4 loopback address
root@leaf1> ping 10.0.1.27 PING 10.0.1.27 (10.0.1.27): 56 data bytes 64 bytes from 10.0.1.27: icmp_seq=0 ttl=63 time=118.906 ms 64 bytes from 10.0.1.27: icmp_seq=1 ttl=63 time=116.724 ms