Difference between revisions of "Juniper Collapsed Spine with EVPN"

Revision as of 00:33, 19 October 2023

Goal

In this tutorial, We will be setting up a collapsed Spine EVPN/VXLAN with multi-homing.We will use two SRX's in cluster mode to route traffic between the 2 Tenants that we will configure. We will be using BGP for the underlay and overlay.

Prerequisites

For this tutorial we will be using:

- EVE-NG 2.0.3-112

- VQFX model: vqfx-10000 running JUNOS 19.4R1.10 for spines and leaves

- VSRX 3.0

- Debian VM's servers

Diagram

Setup and configuration

network info
Devices	Role	lo.0 IP	VLAN	IP address	ae0 IP	ae0 interfaces	ae1 interfaces	ae2 interfaces	ae5 interfaces	ae6 interfaces	mgmt	local-as underlay	local-as overlay
cc1	core swtich1	10.179.1.1/32			172.16.3.1/3	xe-0/0[10-11]	xe-0/0/0	xe-0/0/1	xe-0/0/9	xe-0/0/8	10.193.0.105/24	65012	65100
cc2	core switch2	10.179.1.2/32			172.16.3.2/30	xe-0/0[10-11]	xe-0/0/0	xe-0/0/1	xe-0/0/9	xe-0/0/8	10.193.0.106/24	65013	65100
sw1	switch 1						xe-0/0[0-1]				10.193.0.107/24
sw2	switch 2						xe-0/0[0-1]				10.193.0.108/24
srx	Firewall
srv1	Server1		private1-a-dfw	10.192.144.100/22
srv2	Server2		private1-b-dfw	10.192.160.100/22
srv3	Server3		private1-d-dfw	10.192.192.100/22
srv4	Server4		private1-c-dfw	10.192.176.100/22
srv5	Server5		private1-a-dfw	10.192.144.200/22
srv6	Server6		private1-b-dfw	10.192.160.200/22
srv7	Server7		private1-c-dfw	10.192.176.200/22
srv8	Server8		private1-d-dfw	10.192.192.200/22

core switch 1 configuration

set system host-name sswecc1-dfw
set system root-authentication encrypted-password "$5$bSgF2gnxBS/rA$sYP/f1pWJhl5d1VN0hHzjxd0jZhmnwGLCiwVm3hE8Z."
set system login user homer uid 2002
set system login user homer class super-user
set system login user homer authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4xpjWJoQhCf176i77ni9//mcYO3bBWu7necWZwJNVkFsvvT6XuWfkKVMUFnTjTMr1erv8WRDze7le9Jl2a/xMIgo9Cf71SU9faPbd  /ukvaLl5VUeGvHKFg9d+7GUGx1z9K1qKY2VOBO5EQCht8+4o4mMaizoXoxHvkNolswAa5Jv/EPwnfCeDyV7TsG+Se1k7 /1h1VFOwW7Dbxno1aCnMDYbcfiBnzGnLSZQGjehok6cqYTjsNIIdAiZYSpH77pnAGglFhxNUSlqj0qRIJZdG3nhPlvIRPjn7fouq3BJEmiWPP8ru67H1J2mdSkix4xOxdUWfGB9eJlENfnobJjBr pp@U18"
set system login user ppaul uid 2003
set system login user ppaul class super-user
set system login user ppaul authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDST4EbXJc9l/AdrVmOZEPl3sxi6qjGIZyPwkupthSdooFHxPxUIh/a5PC9bMk5go6KvRoChpc4L8XuMRsxLTd6Ro6DsWIZieGHFuO /AL9SRUtmevGiSC2q4ibR7ACosJBUvKPRVK8anYnMSL9YWd7lnmVLnW5mvOM3Alhd8aTNKE3/H9ogDt9UfndEJXmieMTLJzGvx65sw6riqa5hh6iOcw02qb3QQCKLSRJmUJQuToY4oo/ZdLl/prEDKQ0I9DSnOxRYIvZxvUsTzwoXVq9X9dWGkKAAMDw7f2DJfa/4uCNT2dKPydApeN0ea2/69VRL3fmTz47y0CC1RTEd8j1j U18pc "
set chassis aggregated-devices ethernet device-count 10
set interfaces xe-0/0/0 description Link_leaf1-xe-0/0/0
set interfaces xe-0/0/0 gigether-options 802.3ad ae1
set interfaces xe-0/0/1 description link_leaf2_xe-0/0/0
set interfaces xe-0/0/1 gigether-options 802.3ad ae2
set interfaces xe-0/0/8 description vsrx_node1_ge-7/0/4
set interfaces xe-0/0/8 gigether-options 802.3ad ae6
set interfaces xe-0/0/9 description vsrx_node0_ge-0/0/4
set interfaces xe-0/0/9 gigether-options 802.3ad ae5
set interfaces xe-0/0/10 gigether-options 802.3ad ae0
set interfaces xe-0/0/11 gigether-options 802.3ad ae0
set interfaces ae0 description link_spine2
set interfaces ae0 mtu 9216             
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp periodic fast
set interfaces ae0 unit 0 family inet address 172.16.3.1/30
set interfaces ae1 description sw1_ae1
set interfaces ae1 mtu 9192             
set interfaces ae1 esi 00:00:00:ab:cd:00:01:00:00:03
set interfaces ae1 esi all-active       
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast
set interfaces ae1 aggregated-ether-options lacp system-id 00:11:00:00:00:01
set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae1 unit 0 family ethernet-switching vlan members private1-a-dfw
set interfaces ae1 unit 0 family ethernet-switching vlan members private1-b-dfw
set interfaces ae1 unit 0 family ethernet-switching vlan members private1-c-dfw
set interfaces ae1 unit 0 family ethernet-switching vlan members private1-d-dfw
set interfaces ae2 description sw2_ae1
set interfaces ae2 mtu 9216             
set interfaces ae2 esi 00:00:00:ab:cd:00:01:00:00:04
set interfaces ae2 esi all-active       
set interfaces ae2 aggregated-ether-options lacp active
set interfaces ae2 aggregated-ether-options lacp periodic fast
set interfaces ae2 aggregated-ether-options lacp system-id 00:22:00:00:00:02
set interfaces ae2 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae2 unit 0 family ethernet-switching vlan members private1-a-dfw
set interfaces ae2 unit 0 family ethernet-switching vlan members private1-b-dfw
set interfaces ae2 unit 0 family ethernet-switching vlan members private1-c-dfw
set interfaces ae2 unit 0 family ethernet-switching vlan members private1-d-dfw 
set interfaces ae5 description "to SRX cluster node0"
set interfaces ae5 mtu 9216             
set interfaces ae5 esi 00:00:00:00:00:00:00:00:01:11
set interfaces ae5 esi all-active       
set interfaces ae5 aggregated-ether-options lacp active
set interfaces ae5 aggregated-ether-options lacp periodic fast
set interfaces ae5 aggregated-ether-options lacp system-id 00:00:00:00:01:11
set interfaces ae5 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae5 unit 0 family ethernet-switching vlan members VLAN_42
set interfaces ae5 unit 0 family ethernet-switching vlan members VLAN_46
set interfaces ae6 description "to SRx Cluster"
set interfaces ae6 mtu 9216             
set interfaces ae6 esi 00:00:00:00:00:00:00:00:01:12
set interfaces ae6 esi all-active       
set interfaces ae6 aggregated-ether-options lacp active
set interfaces ae6 aggregated-ether-options lacp periodic fast
set interfaces ae6 aggregated-ether-options lacp system-id 00:00:00:00:01:12
set interfaces ae6 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae6 unit 0 family ethernet-switching vlan members VLAN_42
set interfaces ae6 unit 0 family ethernet-switching vlan members VLAN_46
set interfaces em0 unit 0 family inet address 10.193.0.105/24

core switch 2 configuration

switch 1 configuration

switch 2 configuration

vSRX configuration

Interface maping EVE-NG/vSRX

On EVE-NG ge-0/0/1 is ge-0/0/0 in the vSRX and ge-0/0/2 is ge-0/0/1 and so on. If you connect on EVE-NG for example ge-0/0/5 when you login to the vSRX the interface that needs to be setup will be ge-0/0/4.

@@ Line 79: / Line 79: @@
 |
 |
-|
+|10.193.0.107/24
 |
 |
@@ Line 94: / Line 94: @@
 |
 |
-|
+|10.193.0.108/24
 |
 |