Juniper Collapsed Spine with EVPN
Goal
In this tutorial, We will be setting up a collapsed Spine EVPN/VXLAN with multi-homing.We will use two SRX's in cluster mode to route traffic between the 2 Tenants that we will configure. We will be using BGP for the underlay and overlay.
Prerequisites
For this tutorial we will be using:
- EVE-NG 2.0.3-112
- VQFX model: vqfx-10000 running JUNOS 19.4R1.10 for spines and leaves
- VSRX 3.0
- Debian VM's servers
Diagram
Setup and configuration
| Devices | Role | lo.0 IP | VLAN | IP address | ae0 IP | ae0 interfaces | ae1 interfaces | ae2 interfaces | ae5 interfaces | ae6 interfaces | mgmt | local-as underlay | local-as overlay |
| cc1 | core swtich1 | 10.179.1.1/32 | 172.16.3.1/3 | xe-0/0[10-11] | xe-0/0/0 | xe-0/0/1 | xe-0/0/9 | xe-0/0/8 | 10.193.0.105/24 | 65012 | 65100 | ||
| cc2 | core switch2 | 10.179.1.2/32 | 172.16.3.2/30 | xe-0/0[10-11] | xe-0/0/0 | xe-0/0/1 | xe-0/0/9 | xe-0/0/8 | 10.193.0.106/24 | 65013 | 65100 | ||
| sw1 | switch 1 | xe-0/0[0-1] | 10.193.0.107/24 | ||||||||||
| sw2 | switch 2 | xe-0/0[0-1] | 10.193.0.108/24 | ||||||||||
| srx | Firewall | ||||||||||||
| srv1 | Server1 | private1-a-dfw | 10.192.144.100/22 | ||||||||||
| srv2 | Server2 | private1-b-dfw | 10.192.160.100/22 | ||||||||||
| srv3 | Server3 | private1-d-dfw | 10.192.192.100/22 | ||||||||||
| srv4 | Server4 | private1-c-dfw | 10.192.176.100/22 | ||||||||||
| srv5 | Server5 | private1-a-dfw | 10.192.144.200/22 | ||||||||||
| srv6 | Server6 | private1-b-dfw | 10.192.160.200/22 | ||||||||||
| srv7 | Server7 | private1-c-dfw | 10.192.176.200/22 | ||||||||||
| srv8 | Server8 | private1-d-dfw | 10.192.192.200/22 |
core switch 1 configuration
set system host-name sswecc1-dfw set system root-authentication encrypted-password "$5$bSgF2gnxBS/rA$sYP/f1pWJhl5d1VN0hHzjxd0jZhmnwGLCiwVm3hE8Z." set system login user homer uid 2002 set system login user homer class super-user set system login user homer authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4xpjWJoQhCf176i77ni9//mcYO3bBWu7necWZwJNVkFsvvT6XuWfkKVMUFnTjTMr1erv8WRDze7le9Jl2a/xMIgo9Cf71SU9faPbd /ukvaLl5VUeGvHKFg9d+7GUGx1z9K1qKY2VOBO5EQCht8+4o4mMaizoXoxHvkNolswAa5Jv/EPwnfCeDyV7TsG+Se1k7 /1h1VFOwW7Dbxno1aCnMDYbcfiBnzGnLSZQGjehok6cqYTjsNIIdAiZYSpH77pnAGglFhxNUSlqj0qRIJZdG3nhPlvIRPjn7fouq3BJEmiWPP8ru67H1J2mdSkix4xOxdUWfGB9eJlENfnobJjBr pp@U18" set system login user ppaul uid 2003 set system login user ppaul class super-user set system login user ppaul authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDST4EbXJc9l/AdrVmOZEPl3sxi6qjGIZyPwkupthSdooFHxPxUIh/a5PC9bMk5go6KvRoChpc4L8XuMRsxLTd6Ro6DsWIZieGHFuO /AL9SRUtmevGiSC2q4ibR7ACosJBUvKPRVK8anYnMSL9YWd7lnmVLnW5mvOM3Alhd8aTNKE3/H9ogDt9UfndEJXmieMTLJzGvx65sw6riqa5hh6iOcw02qb3QQCKLSRJmUJQuToY4oo/ZdLl/prEDKQ0I9DSnOxRYIvZxvUsTzwoXVq9X9dWGkKAAMDw7f2DJfa/4uCNT2dKPydApeN0ea2/69VRL3fmTz47y0CC1RTEd8j1j U18pc " set chassis aggregated-devices ethernet device-count 10 set interfaces xe-0/0/0 description Link_leaf1-xe-0/0/0 set interfaces xe-0/0/0 gigether-options 802.3ad ae1 set interfaces xe-0/0/1 description link_leaf2_xe-0/0/0 set interfaces xe-0/0/1 gigether-options 802.3ad ae2 set interfaces xe-0/0/8 description vsrx_node1_ge-7/0/4 set interfaces xe-0/0/8 gigether-options 802.3ad ae6 set interfaces xe-0/0/9 description vsrx_node0_ge-0/0/4 set interfaces xe-0/0/9 gigether-options 802.3ad ae5 set interfaces xe-0/0/10 gigether-options 802.3ad ae0 set interfaces xe-0/0/11 gigether-options 802.3ad ae0 set interfaces ae0 description link_spine2 set interfaces ae0 mtu 9216 set interfaces ae0 aggregated-ether-options lacp active set interfaces ae0 aggregated-ether-options lacp periodic fast set interfaces ae0 unit 0 family inet address 172.16.3.1/30 set interfaces ae1 description sw1_ae1 set interfaces ae1 mtu 9192 set interfaces ae1 esi 00:00:00:ab:cd:00:01:00:00:03 set interfaces ae1 esi all-active set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 aggregated-ether-options lacp system-id 00:11:00:00:00:01 set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk set interfaces ae1 unit 0 family ethernet-switching vlan members private1-a-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-b-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-c-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-d-dfw set interfaces ae2 description sw2_ae1 set interfaces ae2 mtu 9216 set interfaces ae2 esi 00:00:00:ab:cd:00:01:00:00:04 set interfaces ae2 esi all-active set interfaces ae2 aggregated-ether-options lacp active set interfaces ae2 aggregated-ether-options lacp periodic fast set interfaces ae2 aggregated-ether-options lacp system-id 00:22:00:00:00:02 set interfaces ae2 unit 0 family ethernet-switching interface-mode trunk set interfaces ae2 unit 0 family ethernet-switching vlan members private1-a-dfw set interfaces ae2 unit 0 family ethernet-switching vlan members private1-b-dfw set interfaces ae2 unit 0 family ethernet-switching vlan members private1-c-dfw set interfaces ae2 unit 0 family ethernet-switching vlan members private1-d-dfw set interfaces ae5 description "to SRX cluster node0" set interfaces ae5 mtu 9216 set interfaces ae5 esi 00:00:00:00:00:00:00:00:01:11 set interfaces ae5 esi all-active set interfaces ae5 aggregated-ether-options lacp active set interfaces ae5 aggregated-ether-options lacp periodic fast set interfaces ae5 aggregated-ether-options lacp system-id 00:00:00:00:01:11 set interfaces ae5 unit 0 family ethernet-switching interface-mode trunk set interfaces ae5 unit 0 family ethernet-switching vlan members VLAN_42 set interfaces ae5 unit 0 family ethernet-switching vlan members VLAN_46 set interfaces ae6 description "to SRx Cluster" set interfaces ae6 mtu 9216 set interfaces ae6 esi 00:00:00:00:00:00:00:00:01:12 set interfaces ae6 esi all-active set interfaces ae6 aggregated-ether-options lacp active set interfaces ae6 aggregated-ether-options lacp periodic fast set interfaces ae6 aggregated-ether-options lacp system-id 00:00:00:00:01:12 set interfaces ae6 unit 0 family ethernet-switching interface-mode trunk set interfaces ae6 unit 0 family ethernet-switching vlan members VLAN_42 set interfaces ae6 unit 0 family ethernet-switching vlan members VLAN_46 set interfaces em0 unit 0 family inet address 10.193.0.105/24 set interfaces irb unit 20 virtual-gateway-accept-data set interfaces irb unit 20 description "l3 interface for vlan private1-a-dfw" set interfaces irb unit 20 family inet address 10.192.144.3/22 preferred set interfaces irb unit 20 family inet address 10.192.144.3/22 virtual-gateway-address 10.192.144.1 set interfaces irb unit 30 virtual-gateway-accept-data set interfaces irb unit 30 description "l3 interface for vlan private1-b-dfw" set interfaces irb unit 30 family inet address 10.192.160.3/22 preferred set interfaces irb unit 30 family inet address 10.192.160.3/22 virtual-gateway-address 10.192.160.1 set interfaces irb unit 40 virtual-gateway-accept-data set interfaces irb unit 40 description "l3 inteface for vlan private1-c-dfw" set interfaces irb unit 40 family inet address 10.192.176.3/22 preferred set interfaces irb unit 40 family inet address 10.192.176.3/22 virtual-gateway-address 10.192.176.1 set interfaces irb unit 42 description "Tenant1 SRX Interconnect" set interfaces irb unit 42 family inet address 172.16.4.2/29 set interfaces irb unit 46 description "Tenant2 SRx Interconnect" set interfaces irb unit 46 family inet address 172.16.5.2/29 set interfaces irb unit 50 virtual-gateway-accept-data set interfaces irb unit 50 description "l3 interface for vlan private1-d-dfw" set interfaces irb unit 50 family inet address 10.192.192.3/22 preferred set interfaces irb unit 50 family inet address 10.192.192.3/22 virtual-gateway-address 10.192.192.1 set interfaces lo0 unit 0 family inet address 10.179.1.1/32 set interfaces lo0 unit 5 family inet address 10.179.1.3/32 set interfaces lo0 unit 6 family inet address 10.179.1.5/32 set forwarding-options vxlan-routing next-hop 32768 set forwarding-options vxlan-routing overlay-ecmp set policy-options policy-statement ECMP-POLICY then load-balance per-packet set policy-options policy-statement Interconnect_Tenant1_Export term Tenant_Routes from route-filter 10.192.128.0/17 orlonger set policy-options policy-statement Interconnect_Tenant1_Export term Tenant_Routes from route-filter 10.179.0.0/16 orlonger set policy-options policy-statement Interconnect_Tenant1_Export term Tenant_Routes then accept set policy-options policy-statement Interconnect_Tenant1_Export term DEFAULT then reject set policy-options policy-statement Interconnect_Tenant1_Import term Tenant_Routes from route-filter 10.179.0.0/16 orlonger set policy-options policy-statement Interconnect_Tenant1_Import term Tenant_Routes from route-filter 10.192.128.0/17 orlonger set policy-options policy-statement Interconnect_Tenant1_Import term Tenant_Routes then accept set policy-options policy-statement Interconnect_Tenant1_Import term DEFAULT then reject set policy-options policy-statement Interconnect_Tenant2_Export term Tenant_Routes from route-filter 10.192.128.0/17 orlonger set policy-options policy-statement Interconnect_Tenant2_Export term Tenant_Routes from route-filter 10.179.0.0/16 orlonger set policy-options policy-statement Interconnect_Tenant2_Export term Tenant_Routes then accept set policy-options policy-statement Interconnect_Tenant2_Export term DEFAULT then reject set policy-options policy-statement Interconnect_Tenant2_Import term Tenant_Routes from route-filter 10.179.0.0/16 orlonger set policy-options policy-statement Interconnect_Tenant2_Import term Tenant_Routes from route-filter 10.192.128.0/17 orlonger set policy-options policy-statement Interconnect_Tenant2_Import term Tenant_Routes then accept set policy-options policy-statement Interconnect_Tenant2_Import term DEFAULT then reject set policy-options policy-statement T5_EXPORT term 1 from protocol direct set policy-options policy-statement T5_EXPORT term 1 then accept set policy-options policy-statement T5_EXPORT term 2 from protocol bgp set policy-options policy-statement T5_EXPORT term 2 then accept set policy-options policy-statement UNDERLAY-EXPORT term LOOPBACK from route-filter 10.179.1.0/24 orlonger set policy-options policy-statement UNDERLAY-EXPORT term LOOPBACK then accept set policy-options policy-statement UNDERLAY-EXPORT term DEFAULT then reject set policy-options policy-statement UNDERLAY-IMPORT term LOOPBACK from route-filter 10.179.1.0/24 orlonger set policy-options policy-statement UNDERLAY-IMPORT term LOOPBACK then accept set policy-options policy-statement UNDERLAY-IMPORT term DEFAULT then reject set routing-instances Tennat1 routing-options multipath set routing-instances Tennat1 protocols evpn ip-prefix-routes advertise direct-nexthop set routing-instances Tennat1 protocols evpn ip-prefix-routes encapsulation vxlan set routing-instances Tennat1 protocols evpn ip-prefix-routes vni 1101 set routing-instances Tennat1 protocols evpn ip-prefix-routes export T5_EXPORT set routing-instances Tennat1 protocols bgp group INTERCONNECT type external set routing-instances Tennat1 protocols bgp group INTERCONNECT import Interconnect_Tenant1_Import set routing-instances Tennat1 protocols bgp group INTERCONNECT family inet unicast set routing-instances Tennat1 protocols bgp group INTERCONNECT authentication-key "$9$JNZi.Pfz6CuTzlMX-2gTz3n/tuO1" set routing-instances Tennat1 protocols bgp group INTERCONNECT export Interconnect_Tenant1_Export set routing-instances Tennat1 protocols bgp group INTERCONNECT local-as 65112 set routing-instances Tennat1 protocols bgp group INTERCONNECT multipath multiple-as set routing-instances Tennat1 protocols bgp group INTERCONNECT bfd-liveness-detection minimum-interval 1000 set routing-instances Tennat1 protocols bgp group INTERCONNECT bfd-liveness-detection multiplier 3 set routing-instances Tennat1 protocols bgp group INTERCONNECT neighbor 172.16.4.1 peer-as 65200 set routing-instances Tennat1 instance-type vrf set routing-instances Tennat1 interface irb.20 set routing-instances Tennat1 interface irb.30 set routing-instances Tennat1 interface irb.42 set routing-instances Tennat1 interface lo0.5 set routing-instances Tennat1 route-distinguisher 10.179.1.3:1101 set routing-instances Tennat1 vrf-target target:64701:20 set routing-instances Tennat1 vrf-table-label set routing-instances Tennat2 routing-options multipath set routing-instances Tennat2 protocols evpn ip-prefix-routes advertise direct-nexthop set routing-instances Tennat2 protocols evpn ip-prefix-routes encapsulation vxlan set routing-instances Tennat2 protocols evpn ip-prefix-routes vni 1102 set routing-instances Tennat2 protocols evpn ip-prefix-routes export T5_EXPORT set routing-instances Tennat2 protocols bgp group INTERCONNECT type external set routing-instances Tennat2 protocols bgp group INTERCONNECT import Interconnect_Tenant2_Import set routing-instances Tennat2 protocols bgp group INTERCONNECT family inet unicast set routing-instances Tennat2 protocols bgp group INTERCONNECT authentication-key "$9$JNZi.Pfz6CuTzlMX-2gTz3n/tuO1" set routing-instances Tennat2 protocols bgp group INTERCONNECT export Interconnect_Tenant2_Export set routing-instances Tennat2 protocols bgp group INTERCONNECT local-as 65112 set routing-instances Tennat2 protocols bgp group INTERCONNECT multipath multiple-as set routing-instances Tennat2 protocols bgp group INTERCONNECT bfd-liveness-detection minimum-interval 1000 set routing-instances Tennat2 protocols bgp group INTERCONNECT bfd-liveness-detection multiplier 3 set routing-instances Tennat2 protocols bgp group INTERCONNECT neighbor 172.16.5.1 peer-as 65200 set routing-instances Tennat2 instance-type vrf set routing-instances Tennat2 interface irb.40 set routing-instances Tennat2 interface irb.46 set routing-instances Tennat2 interface irb.50 set routing-instances Tennat2 interface lo0.6 set routing-instances Tennat2 route-distinguisher 10.179.1.5:1102 set routing-instances Tennat2 vrf-target target:64701:4050 set routing-instances Tennat2 vrf-table-label set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-options static route 0.0.0.0/0 no-readvertise set routing-options forwarding-table export ECMP-POLICY set routing-options forwarding-table ecmp-fast-reroute set routing-options forwarding-table chained-composite-next-hop ingress evpn set routing-options router-id 10.179.1.1 set routing-options graceful-restart set protocols evpn encapsulation vxlan set protocols evpn default-gateway do-not-advertise set protocols evpn extended-vni-list 5020 set protocols evpn extended-vni-list 5030 set protocols evpn extended-vni-list 5040 set protocols evpn extended-vni-list 5042 set protocols evpn extended-vni-list 5046 set protocols evpn extended-vni-list 5050 set protocols evpn no-core-isolation set protocols bgp group RR-OVERLAY type internal set protocols bgp group RR-OVERLAY local-address 10.179.1.1 set protocols bgp group RR-OVERLAY family evpn signaling set protocols bgp group RR-OVERLAY local-as 65100 set protocols bgp group RR-OVERLAY multipath set protocols bgp group RR-OVERLAY bfd-liveness-detection minimum-interval 1000 set protocols bgp group RR-OVERLAY bfd-liveness-detection multiplier 3 set protocols bgp group RR-OVERLAY neighbor 10.179.1.2 set protocols bgp group RR-OVERLAY vpn-apply-export set protocols bgp group UNDERLAY type external set protocols bgp group UNDERLAY import UNDERLAY-IMPORT set protocols bgp group UNDERLAY family inet unicast set protocols bgp group UNDERLAY authentication-key "$9$5TnCtpBESe0BVYoGq.0BIRhrevW" set protocols bgp group UNDERLAY export UNDERLAY-EXPORT set protocols bgp group UNDERLAY local-as 65012 set protocols bgp group UNDERLAY multipath multiple-as set protocols bgp group UNDERLAY neighbor 172.16.3.2 peer-as 65013 set protocols bgp graceful-restart restart-time 30 set protocols l2-learning global-mac-table-aging-time 600 set protocols l2-learning global-mac-ip-table-aging-time 300 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.179.1.1:64701 set switch-options vrf-target target:64701:9999 set switch-options vrf-target auto set vlans VLAN_42 vlan-id 42 set vlans VLAN_42 l3-interface irb.42 set vlans VLAN_42 vxlan vni 5042 set vlans VLAN_46 vlan-id 46 set vlans VLAN_46 l3-interface irb.46 set vlans VLAN_46 vxlan vni 5046 set vlans private1-a-dfw vlan-id 20 set vlans private1-a-dfw l3-interface irb.20 set vlans private1-a-dfw vxlan vni 5020 set vlans private1-b-dfw vlan-id 30 set vlans private1-b-dfw l3-interface irb.30 set vlans private1-b-dfw vxlan vni 5030 set vlans private1-c-dfw vlan-id 40 set vlans private1-c-dfw l3-interface irb.40 set vlans private1-c-dfw vxlan vni 5040 set vlans private1-d-dfw description Admin set vlans private1-d-dfw vlan-id 50 set vlans private1-d-dfw l3-interface irb.50 set vlans private1-d-dfw vxlan vni 5050
core switch 2 configuration
set system host-name sswecc2-dfw set system root-authentication encrypted-password "$5$bSgF2gnxBS/rA$sYP/f1pWJhl5d1VN0hHzjxd0jZhmnwGLCiwVm3hE8Z." set system login user homer uid 2002 set system login user homer class super-user set system login user homer authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4xpjWJoQhCf176i77ni9//mcYO3bBWu7necWZwJNVkFsvvT6XuWfkKVMUFnTjTMr1erv8WRDze7le9Jl2a/xMIgo9Cf71SU9faPbd /ukvaLl5VUeGvHKFg9d+7GUGx1z9K1qKY2VOBO5EQCht8+4o4mMaizoXoxHvkNolswAa5Jv/EPwnfCeDyV7TsG+Se1k7 /1h1VFOwW7Dbxno1aCnMDYbcfiBnzGnLSZQGjehok6cqYTjsNIIdAiZYSpH77pnAGglFhxNUSlqj0qRIJZdG3nhPlvIRPjn7fouq3BJEmiWPP8ru67H1J2mdSkix4xOxdUWfGB9eJlENfnobJjBr pp@U18" set system login user ppaul uid 2003 set system login user ppaul class super-user set system login user ppaul authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDST4EbXJc9l/AdrVmOZEPl3sxi6qjGIZyPwkupthSdooFHxPxUIh/a5PC9bMk5go6KvRoChpc4L8XuMRsxLTd6Ro6DsWIZieGHFuO /AL9SRUtmevGiSC2q4ibR7ACosJBUvKPRVK8anYnMSL9YWd7lnmVLnW5mvOM3Alhd8aTNKE3/H9ogDt9UfndEJXmieMTLJzGvx65sw6riqa5hh6iOcw02qb3QQCKLSRJmUJQuToY4oo/ZdLl/prEDKQ0I9DSnOxRYIvZxvUsTzwoXVq9X9dWGkKAAMDw7f2DJfa/4uCNT2dKPydApeN0ea2/69VRL3fmTz47y0CC1RTEd8j1j U18pc " set chassis aggregated-devices ethernet device-count 10 set interfaces xe-0/0/0 description link_leaf1_xe-0/0/1 set interfaces xe-0/0/0 gigether-options 802.3ad ae1 set interfaces xe-0/0/1 description link_leaf2_xe-0/0/1 set interfaces xe-0/0/1 gigether-options 802.3ad ae2 set interfaces xe-0/0/8 description vsrx_node1_ge-7/0/5 set interfaces xe-0/0/8 gigether-options 802.3ad ae6 set interfaces xe-0/0/9 description vsrx_node0_ge-0/0/5 set interfaces xe-0/0/9 gigether-options 802.3ad ae5 set interfaces xe-0/0/10 gigether-options 802.3ad ae0 set interfaces xe-0/0/11 gigether-options 802.3ad ae0 set interfaces ae0 description link-spine1 set interfaces ae0 mtu 9216 set interfaces ae0 aggregated-ether-options lacp active set interfaces ae0 aggregated-ether-options lacp periodic fast set interfaces ae0 unit 0 family inet address 172.16.3.2/30 set interfaces ae1 description leaf1_ae1 set interfaces ae1 mtu 9192 set interfaces ae1 esi 00:00:00:ab:cd:00:01:00:00:03 set interfaces ae1 esi all-active set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 aggregated-ether-options lacp system-id 00:11:00:00:00:01 set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk set interfaces ae1 unit 0 family ethernet-switching vlan members private1-a-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-b-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-c-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-d-dfw set interfaces ae2 mtu 9216 set interfaces ae2 esi 00:00:00:ab:cd:00:01:00:00:04 set interfaces ae2 esi all-active set interfaces ae2 aggregated-ether-options lacp active set interfaces ae2 aggregated-ether-options lacp periodic fast set interfaces ae2 aggregated-ether-options lacp system-id 00:22:00:00:00:02 set interfaces ae2 unit 0 family ethernet-switching interface-mode trunk set interfaces ae2 unit 0 family ethernet-switching vlan members private1-a-dfw set interfaces ae2 unit 0 family ethernet-switching vlan members private1-b-dfw set interfaces ae2 unit 0 family ethernet-switching vlan members private1-c-dfw set interfaces ae2 unit 0 family ethernet-switching vlan members private1-d-dfw set interfaces ae5 description "to SRX cluster node0" set interfaces ae5 mtu 9216 set interfaces ae5 esi 00:00:00:00:00:00:00:00:01:11 set interfaces ae5 esi all-active set interfaces ae5 aggregated-ether-options lacp active set interfaces ae5 aggregated-ether-options lacp periodic fast set interfaces ae5 aggregated-ether-options lacp system-id 00:00:00:00:01:11 set interfaces ae5 unit 0 family ethernet-switching interface-mode trunk set interfaces ae5 unit 0 family ethernet-switching vlan members VLAN_42 set interfaces ae5 unit 0 family ethernet-switching vlan members VLAN_46 set interfaces ae6 description "to SRx Cluster" set interfaces ae6 mtu 9216 set interfaces ae6 esi 00:00:00:00:00:00:00:00:01:12 set interfaces ae6 esi all-active set interfaces ae6 aggregated-ether-options lacp active set interfaces ae6 aggregated-ether-options lacp periodic fast set interfaces ae6 aggregated-ether-options lacp system-id 00:00:00:00:01:12 set interfaces ae6 unit 0 family ethernet-switching interface-mode trunk set interfaces ae6 unit 0 family ethernet-switching vlan members VLAN_42 set interfaces ae6 unit 0 family ethernet-switching vlan members VLAN_46 set interfaces em0 unit 0 family inet address 10.193.0.106/24 set interfaces irb unit 20 virtual-gateway-accept-data set interfaces irb unit 20 description "l3 interface for vlan private1-a-dfw" set interfaces irb unit 20 family inet address 10.192.144.2/22 preferred set interfaces irb unit 20 family inet address 10.192.144.2/22 virtual-gateway-address 10.192.144.1 set interfaces irb unit 30 virtual-gateway-accept-data set interfaces irb unit 30 description "l3 interface for vlan private1-b-dfw" set interfaces irb unit 30 family inet address 10.192.160.2/22 preferred set interfaces irb unit 30 family inet address 10.192.160.2/22 virtual-gateway-address 10.192.160.1 set interfaces irb unit 40 virtual-gateway-accept-data set interfaces irb unit 40 description "l3 interface for vlan private1-c-dfw" set interfaces irb unit 40 family inet address 10.192.176.2/22 preferred set interfaces irb unit 40 family inet address 10.192.176.2/22 virtual-gateway-address 10.192.176.1 set interfaces irb unit 42 description "Tenant1 SRX Interconnect" set interfaces irb unit 42 family inet address 172.16.4.3/29 set interfaces irb unit 46 description "Tenant2 SRx Interconnect" set interfaces irb unit 46 family inet address 172.16.5.3/29 set interfaces irb unit 50 virtual-gateway-accept-data set interfaces irb unit 50 description "l3 interface for vlan private1-d-dfw" set interfaces irb unit 50 family inet address 10.192.192.2/22 virtual-gateway-address 10.192.192.1 set interfaces irb unit 50 family inet address 10.192.192.3/22 preferred set interfaces lo0 unit 0 family inet address 10.179.1.2/32 set interfaces lo0 unit 5 family inet address 10.179.1.4/32 set interfaces lo0 unit 6 family inet address 10.179.1.6/32 set forwarding-options vxlan-routing next-hop 32768 set forwarding-options vxlan-routing overlay-ecmp set policy-options policy-statement ECMP-POLICY then load-balance per-packet set policy-options policy-statement Interconnect_Tenant1_Export term Tenant_Routes from route-filter 10.179.0.0/16 orlonger set policy-options policy-statement Interconnect_Tenant1_Export term Tenant_Routes from route-filter 10.192.128.0/17 orlonger set policy-options policy-statement Interconnect_Tenant1_Export term Tenant_Routes then accept set policy-options policy-statement Interconnect_Tenant1_Export term DEFAULT then reject set policy-options policy-statement Interconnect_Tenant1_Import term Tenant_Routes from route-filter 10.179.0.0/16 orlonger set policy-options policy-statement Interconnect_Tenant1_Import term Tenant_Routes from route-filter 10.192.128.0/17 orlonger set policy-options policy-statement Interconnect_Tenant1_Import term Tenant_Routes then accept set policy-options policy-statement Interconnect_Tenant1_Import term DEFAULT then reject set policy-options policy-statement Interconnect_Tenant2_Export term Tenant_Routes from route-filter 10.179.0.0/16 orlonger set policy-options policy-statement Interconnect_Tenant2_Export term Tenant_Routes from route-filter 10.192.128.0/17 orlonger set policy-options policy-statement Interconnect_Tenant2_Export term Tenant_Routes then accept set policy-options policy-statement Interconnect_Tenant2_Export term DEFAULT then reject set policy-options policy-statement Interconnect_Tenant2_Import term Tenant_Routes from route-filter 10.179.0.0/16 orlonger set policy-options policy-statement Interconnect_Tenant2_Import term Tenant_Routes from route-filter 10.192.128.0/17 orlonger set policy-options policy-statement Interconnect_Tenant2_Import term Tenant_Routes then accept set policy-options policy-statement Interconnect_Tenant2_Import term DEFAULT then reject set policy-options policy-statement T5_EXPORT term 1 from protocol direct set policy-options policy-statement T5_EXPORT term 1 then accept set policy-options policy-statement T5_EXPORT term 2 from protocol bgp set policy-options policy-statement T5_EXPORT term 2 then accept set policy-options policy-statement UNDERLAY-EXPORT term LOOPBACK from route-filter 10.179.1.0/24 orlonger set policy-options policy-statement UNDERLAY-EXPORT term LOOPBACK then accept set policy-options policy-statement UNDERLAY-EXPORT term DEFAULT then reject set policy-options policy-statement UNDERLAY-IMPORT term LOOPBACK from route-filter 10.179.1.0/24 orlonger set policy-options policy-statement UNDERLAY-IMPORT term LOOPBACK then accept set policy-options policy-statement UNDERLAY-IMPORT term DEFAULT then reject set routing-instances Tennat1 routing-options multipath set routing-instances Tennat1 protocols evpn ip-prefix-routes advertise direct-nexthop set routing-instances Tennat1 protocols evpn ip-prefix-routes encapsulation vxlan set routing-instances Tennat1 protocols evpn ip-prefix-routes vni 1101 set routing-instances Tennat1 protocols evpn ip-prefix-routes export T5_EXPORT set routing-instances Tennat1 protocols bgp group INTERCONNECT type external set routing-instances Tennat1 protocols bgp group INTERCONNECT import Interconnect_Tenant1_Import set routing-instances Tennat1 protocols bgp group INTERCONNECT family inet unicast set routing-instances Tennat1 protocols bgp group INTERCONNECT authentication-key "$9$JNZi.Pfz6CuTzlMX-2gTz3n/tuO1" set routing-instances Tennat1 protocols bgp group INTERCONNECT export Interconnect_Tenant1_Export set routing-instances Tennat1 protocols bgp group INTERCONNECT local-as 65113 set routing-instances Tennat1 protocols bgp group INTERCONNECT multipath multiple-as set routing-instances Tennat1 protocols bgp group INTERCONNECT bfd-liveness-detection minimum-interval 1000 set routing-instances Tennat1 protocols bgp group INTERCONNECT bfd-liveness-detection multiplier 3 set routing-instances Tennat1 protocols bgp group INTERCONNECT neighbor 172.16.4.1 peer-as 65200 set routing-instances Tennat1 instance-type vrf set routing-instances Tennat1 interface irb.20 set routing-instances Tennat1 interface irb.30 set routing-instances Tennat1 interface irb.42 set routing-instances Tennat1 interface lo0.5 set routing-instances Tennat1 route-distinguisher 10.179.1.4:1101 set routing-instances Tennat1 vrf-target target:64701:20 set routing-instances Tennat1 vrf-table-label set routing-instances Tennat2 routing-options multipath set routing-instances Tennat2 protocols evpn ip-prefix-routes advertise direct-nexthop set routing-instances Tennat2 protocols evpn ip-prefix-routes encapsulation vxlan set routing-instances Tennat2 protocols evpn ip-prefix-routes vni 1102 set routing-instances Tennat2 protocols evpn ip-prefix-routes export T5_EXPORT set routing-instances Tennat2 protocols bgp group INTERCONNECT type external set routing-instances Tennat2 protocols bgp group INTERCONNECT import Interconnect_Tenant2_Import set routing-instances Tennat2 protocols bgp group INTERCONNECT family inet unicast set routing-instances Tennat2 protocols bgp group INTERCONNECT authentication-key "$9$JNZi.Pfz6CuTzlMX-2gTz3n/tuO1" set routing-instances Tennat2 protocols bgp group INTERCONNECT export Interconnect_Tenant2_Export set routing-instances Tennat2 protocols bgp group INTERCONNECT local-as 65113 set routing-instances Tennat2 protocols bgp group INTERCONNECT multipath multiple-as set routing-instances Tennat2 protocols bgp group INTERCONNECT bfd-liveness-detection minimum-interval 1000 set routing-instances Tennat2 protocols bgp group INTERCONNECT bfd-liveness-detection multiplier 3 set routing-instances Tennat2 protocols bgp group INTERCONNECT neighbor 172.16.5.1 peer-as 65200 set routing-instances Tennat2 instance-type vrf set routing-instances Tennat2 interface irb.40 set routing-instances Tennat2 interface irb.46 set routing-instances Tennat2 interface irb.50 set routing-instances Tennat2 interface lo0.6 set routing-instances Tennat2 route-distinguisher 10.179.1.6:1102 set routing-instances Tennat2 vrf-target target:64701:4050 set routing-instances Tennat2 vrf-table-label set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-options static route 0.0.0.0/0 no-readvertise set routing-options forwarding-table export ECMP-POLICY set routing-options forwarding-table ecmp-fast-reroute set routing-options forwarding-table chained-composite-next-hop ingress evpn set routing-options router-id 10.179.1.2 set routing-options graceful-restart set protocols evpn encapsulation vxlan set protocols evpn default-gateway do-not-advertise set protocols evpn extended-vni-list 5020 set protocols evpn extended-vni-list 5030 set protocols evpn extended-vni-list 5040 set protocols evpn extended-vni-list 5042 set protocols evpn extended-vni-list 5046 set protocols evpn extended-vni-list 5050 set protocols evpn no-core-isolation set protocols bgp group RR-OVERLAY type internal set protocols bgp group RR-OVERLAY local-address 10.179.1.2 set protocols bgp group RR-OVERLAY family inet-vpn any set protocols bgp group RR-OVERLAY family evpn signaling set protocols bgp group RR-OVERLAY local-as 65100 set protocols bgp group RR-OVERLAY multipath set protocols bgp group RR-OVERLAY bfd-liveness-detection minimum-interval 1000 set protocols bgp group RR-OVERLAY bfd-liveness-detection multiplier 3 set protocols bgp group RR-OVERLAY neighbor 10.179.1.1 set protocols bgp group RR-OVERLAY vpn-apply-export set protocols bgp group UNDERLAY type external set protocols bgp group UNDERLAY import UNDERLAY-IMPORT set protocols bgp group UNDERLAY family inet unicast set protocols bgp group UNDERLAY authentication-key "$9$5TnCtpBESe0BVYoGq.0BIRhrevW" set protocols bgp group UNDERLAY export UNDERLAY-EXPORT set protocols bgp group UNDERLAY local-as 65013 set protocols bgp group UNDERLAY multipath multiple-as set protocols bgp group UNDERLAY neighbor 172.16.3.1 peer-as 65012 set protocols bgp graceful-restart restart-time 30 set protocols l2-learning global-mac-table-aging-time 600 set protocols l2-learning global-mac-ip-table-aging-time 300 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.179.1.2:64701 set switch-options vrf-target target:64701:9999 set switch-options vrf-target auto set vlans VLAN_42 vlan-id 42 set vlans VLAN_42 l3-interface irb.42 set vlans VLAN_42 vxlan vni 5042 set vlans VLAN_46 vlan-id 46 set vlans VLAN_46 l3-interface irb.46 set vlans VLAN_46 vxlan vni 5046 set vlans private1-a-dfw vlan-id 20 set vlans private1-a-dfw l3-interface irb.20 set vlans private1-a-dfw vxlan vni 5020 set vlans private1-b-dfw vlan-id 30 set vlans private1-b-dfw l3-interface irb.30 set vlans private1-b-dfw vxlan vni 5030 set vlans private1-c-dfw vlan-id 40 set vlans private1-c-dfw l3-interface irb.40 set vlans private1-c-dfw vxlan vni 5040 set vlans private1-d-dfw description Admin set vlans private1-d-dfw vlan-id 50 set vlans private1-d-dfw l3-interface irb.50 set vlans private1-d-dfw vxlan vni 5050
switch 1 configuration
set system host-name lswecc1-dfw set system login user homer uid 2002 set system login user homer class super-user set system login user homer authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4xpjWJoQhCf176i77ni9//mcYO3bBWu7necWZwJNVkFsvvT6XuWfkKVMUFnTjTMr1erv8WRDze7le9Jl2a/xMIgo9Cf71SU9faPbd /ukvaLl5VUeGvHKFg9d+7GUGx1z9K1qKY2VOBO5EQCht8+4o4mMaizoXoxHvkNolswAa5Jv/EPwnfCeDyV7TsG+Se1k7/1h1VFOwW7Dbxno1aCnMDYbcfiBnzGnLSZQGjehok6cqYTjsNIIdAiZYSpH77pnAGglFhxNUSlqj0qRIJZdG3nhPlvIRPjn7fouq3BJEmiWPP8ru67H1J2mdSkix4xOxdUWfGB9eJlENfnobJjBr pp@U18" set system login user ppaul uid 2003 set system login user ppaul class super-user set system login user ppaul authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDST4EbXJc9l/AdrVmOZEPl3sxi6qjGIZyPwkupthSdooFHxPxUIh/a5PC9bMk5go6KvRoChpc4L8XuMRsxLTd6Ro6DsWIZieGHFuO/AL9SRUtmevGiSC2q4ibR7ACosJBUvKPRVK8anYnMSL9YWd7lnmVLnW5mvOM3Alhd8aTNKE3/H9ogDt9UfndEJXmieMTLJzGvx65sw6riqa5hh6iOcw02qb3QQCKLSRJmUJQuToY4oo/ZdLl/prEDKQ0I9DSnOxRYIvZxvUsTzwoXVq9X9dWGkKAAMDw7f2DJfa/4uCNT2dKPydApeN0ea2/69VRL3fmTz47y0CC1RTEd8j1j U18pc " set chassis aggregated-devices ethernet device-count 3 set interfaces xe-0/0/0 description Link_spine1-xe-0/0/0 set interfaces xe-0/0/0 gigether-options 802.3ad ae1 set interfaces xe-0/0/1 description link_spine2_xe-0/0/0 set interfaces xe-0/0/1 gigether-options 802.3ad ae1 set interfaces xe-0/0/8 description srv3 set interfaces xe-0/0/8 unit 0 family ethernet-switching vlan members private1-d-dfw set interfaces xe-0/0/9 description srv4:eth0 set interfaces xe-0/0/9 gigether-options 802.3ad ae0 set interfaces xe-0/0/10 description srv2 set interfaces xe-0/0/10 unit 0 family ethernet-switching vlan members private1-b-dfw set interfaces xe-0/0/11 description srv1 set interfaces xe-0/0/11 unit 0 family ethernet-switching vlan members private1-a-dfw set interfaces ae0 description lacp_srv5 set interfaces ae0 encapsulation ethernet-bridge set interfaces ae0 esi 00:01:01:01:01:01:01:01:01:01 set interfaces ae0 esi all-active set interfaces ae0 aggregated-ether-options lacp active set interfaces ae0 aggregated-ether-options lacp periodic fast set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:01:01:01 set interfaces ae0 unit 0 family ethernet-switching interface-mode access set interfaces ae0 unit 0 family ethernet-switching vlan members private1-c-dfw set interfaces ae1 description core:ae1 set interfaces ae1 mtu 9192 set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk set interfaces ae1 unit 0 family ethernet-switching vlan members private1-a-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-b-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-c-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-d-dfw set interfaces em0 unit 0 family inet address 10.193.0.107/24 set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-options static route 0.0.0.0/0 no-readvertise set vlans private1-a-dfw vlan-id 20 set vlans private1-b-dfw vlan-id 30 set vlans private1-c-dfw vlan-id 40 set vlans private1-d-dfw vlan-id 50
switch 2 configuration
set system host-name lswecc2-dfw set system login user homer uid 2002 set system login user homer class super-user set system login user homer authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4xpjWJoQhCf176i77ni9//mcYO3bBWu7necWZwJNVkFsvvT6XuWfkKVMUFnTjTMr1erv8WRDze7le9Jl2a/xMIgo9Cf71SU9faPbd /ukvaLl5VUeGvHKFg9d+7GUGx1z9K1qKY2VOBO5EQCht8+4o4mMaizoXoxHvkNolswAa5Jv/EPwnfCeDyV7TsG+Se1k7/1h1VFOwW7Dbxno1aCnMDYbcfiBnzGnLSZQGjehok6cqYTjsNIIdAiZYSpH77pnAGglFhxNUSlqj0qRIJZdG3nhPlvIRPjn7fouq3BJEmiWPP8ru67H1J2mdSkix4xOxdUWfGB9eJlENfnobJjBr pp@U18" set system login user ppaul uid 2003 set system login user ppaul class super-user set system login user ppaul authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDST4EbXJc9l/AdrVmOZEPl3sxi6qjGIZyPwkupthSdooFHxPxUIh/a5PC9bMk5go6KvRoChpc4L8XuMRsxLTd6Ro6DsWIZieGHFuO/AL9SRUtmevGiSC2q4ibR7ACosJBUvKPRVK8anYnMSL9YWd7lnmVLnW5mvOM3Alhd8aTNKE3/H9ogDt9UfndEJXmieMTLJzGvx65sw6riqa5hh6iOcw02qb3QQCKLSRJmUJQuToY4oo/ZdLl/prEDKQ0I9DSnOxRYIvZxvUsTzwoXVq9X9dWGkKAAMDw7f2DJfa/4uCNT2dKPydApeN0ea2/69VRL3fmTz47y0CC1RTEd8j1j U18pc " set chassis aggregated-devices ethernet device-count 3 set interfaces xe-0/0/0 description link_spine1_xe-0/0/1 set interfaces xe-0/0/0 gigether-options 802.3ad ae1 set interfaces xe-0/0/1 description link_spine2_xe-0/0/1 set interfaces xe-0/0/1 gigether-options 802.3ad ae1 set interfaces xe-0/0/7 description srv8 set interfaces xe-0/0/7 unit 0 family ethernet-switching vlan members private1-d-dfw set interfaces xe-0/0/8 description srv7 set interfaces xe-0/0/8 unit 0 family ethernet-switching vlan members private1-c-dfw set interfaces xe-0/0/9 description srv4:eth1 set interfaces xe-0/0/9 gigether-options 802.3ad ae0 set interfaces xe-0/0/10 description srv6 set interfaces xe-0/0/10 unit 0 family ethernet-switching vlan members private1-b-dfw set interfaces xe-0/0/11 description srv5 set interfaces xe-0/0/11 unit 0 family ethernet-switching vlan members private1-a-dfw set interfaces ae1 description core:ae2 set interfaces ae1 mtu 9192 set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk set interfaces ae1 unit 0 family ethernet-switching vlan members private1-a-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-b-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-c-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-d-dfw set interfaces em0 unit 0 family inet address 10.193.0.108/24 set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-options static route 0.0.0.0/0 no-readvertise set vlans private1-a-dfw vlan-id 20 set vlans private1-b-dfw vlan-id 30 set vlans private1-c-dfw vlan-id 40 set vlans private1-d-dfw vlan-id 50
vSRX configuration
Interface maping EVE-NG/vSRX
On EVE-NG ge-0/0/1 is ge-0/0/0 in the vSRX and ge-0/0/2 is ge-0/0/1 and so on. If you connect on EVE-NG for example ge-0/0/5 when you login to the vSRX the interface that needs to be setup will be ge-0/0/4.
Configure the vSRX's to form a cluster
## on first vsrx set chassis cluster cluster-id 1 node 0 reboot
## On on the second vsrx set chassis cluster cluster-id 1 node 1 reboot
After reboot, login to the first node run the commands below:
set groups node0 system host-name mr1-dfw
set groups node0 interfaces fxp0 unit 0 family inet address 10.193.0.90/24
set groups node1 system host-name mr2-dfw
set groups node1 interfaces fxp0 unit 0 family inet address 10.193.0.91/24
set apply-groups "${node}"
set system host-name mr-dfw
set system management-instance
set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 10.193.0.1
set interfaces fab0 fabric-options member-interfaces ge-0/0/0
set interfaces fab1 fabric-options member-interfaces ge-7/0/0