Juniper EVPN-VXLAN configuration

From ppwiki
Jump to navigation Jump to search

Goal

In this tutorial we will setup a spine/leaf topology with 2 spines and 4 leaves. The goal is to configure EVPN-VXLAN

Prerequisites

For this tutorial I am using :

- EVE-NG 2.0.3-112

- VQFX model: vqfx-10000 running JUNOS 19.4R1.10

- spine1: ASN:65030

- spine2: ASN:65031

- leaf1: ASN:65032 in row A using 10.192.80.0/22 network

- leaf2: ASN:65033 in row B using 10.192.96.0/22 network

- leaf3: ASN:65034 in row C using 10.192.112.0/22 network

- leaf4: ASN:65035 in row D using 10.192.128.0/22 network

- 4 servers one in each row for testing communication

Diagram

Juniper evpn-vxlan.png

Setup and Configuration

Spine1 configuration

##basic configuration 
set system host-name spine1
## Edit policy-options
set policy-options policy-statement export-lo term lo0 from protocol direct
set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.13/32 exact
set policy-options policy-statement export-lo term lo0 then accept
set policy-options policy-statement lbpp term lb then load-balance per-packet
## #Setting the underlay network###
set protocols bgp group underlay authentication-key password1
set protocols bgp group underlay export export-lo
set protocols bgp group underlay multipath multiple-as
set protocols bgp group underlay neighbor 172.16.1.2 peer-as 65032 description lsw1
set protocols bgp group underlay neighbor 172.16.1.10 peer-as 65033 description lsw2
set protocols bgp group underlay neighbor 172.16.1.18 peer-as 65034 description lsw3
set protocols bgp group underlay neighbor 172.16.1.26 peer-as 65035 description lsw4
##  edit routing-options 
set routing-options forwarding-table export lbpp
set routing-options router-id 10.0.1.13
set routing-options autonomous-system 65030
## Edit interface lo0
set interfaces lo0 unit 0 family inet address 10.0.1.13/32
## INTERFACE CONFIGURATION
delete interfaces xe-0/0/0 unit 0 family inet dhcp
delete interfaces xe-0/0/1 unit 0 family inet dhcp
delete interfaces xe-0/0/2 unit 0 family inet dhcp
delete interfaces xe-0/0/3 unit 0 family inet dhcp
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.1/30
set interfaces xe-0/0/0 description link_to_leaf1_xe-0/0/0
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.9/30
set interfaces xe-0/0/1 description link_to_leaf2_xe-0/0/0
set interfaces xe-0/0/2 unit 0 family inet address 172.16.1.17/30
set interfaces xe-0/0/2 description link_to_leaf3_xe-0/0/0
set interfaces xe-0/0/3 unit 0 family inet address 172.16.1.25/30
set interfaces xe-0/0/3 description link_to_asw-d1_xe-0/0/0

Spine2 configuration

## basic configuration 
set system host-name spine2
## Edit policy-options
set policy-options policy-statement export-lo term lo0 from protocol direct
set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.14/32 exact
set policy-options policy-statement export-lo term lo0 then accept
set policy-options policy-statement lbpp term lb then load-balance per-packet
## Setting the underlay network###
set protocols bgp group underlay authentication-key password1
set protocols bgp group underlay export export-lo
set protocols bgp group underlay multipath multiple-as
set protocols bgp group underlay neighbor 172.16.1.6 peer-as 65032 description lsw1
set protocols bgp group underlay neighbor 172.16.1.14 peer-as 65033 description lsw2
set protocols bgp group underlay neighbor 172.16.1.22 peer-as 65034 description lsw3
set protocols bgp group underlay neighbor 172.16.1.30 peer-as 65035 description lsw4
##  edit routing-options 
set routing-options forwarding-table export lbpp
set routing-options router-id 10.0.1.14
set routing-options autonomous-system 65031
## Edit interface lo0
set interfaces lo0 unit 0 family inet address 10.0.1.14/32
delete interfaces xe-0/0/0 unit 0 family inet dhcp
delete interfaces xe-0/0/1 unit 0 family inet dhcp
delete interfaces xe-0/0/2 unit 0 family inet dhcp
delete interfaces xe-0/0/3 unit 0 family inet dhcp
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.5/30
set interfaces xe-0/0/0 description link_to_leaf1_xe-0/0/1
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.13/30
set interfaces xe-0/0/1 description link_to_leaf2_xe-0/0/1
set interfaces xe-0/0/2 unit 0 family inet address 172.16.1.21/30
set interfaces xe-0/0/2 description link_to_leaf3_xe-0/0/1
set interfaces xe-0/0/3 unit 0 family inet address 172.16.1.29/30
set interfaces xe-0/0/3 description link_to_asw-d1_xe-0/0/1


leaf1 configuration

##basic configuration 
set system host-name lsw1
## Edit policy
set policy-options policy-statement export-lo term lo0 from protocol direct
set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.24/32 exact
set policy-options policy-statement export-lo term lo0 then accept
set policy-options policy-statement lbpp term lb then load-balance per-packet
## Setting the underlay network###
set protocols bgp group underlay authentication-key password1
set protocols bgp group underlay export export-lo
set protocols bgp group underlay multipath multiple-as
set protocols bgp group underlay neighbor 172.16.1.1 peer-as 65030
set protocols bgp group underlay neighbor 172.16.1.5 peer-as 65031
##  edit routing-options 
set routing-options forwarding-table export lbpp
set routing-options router-id 10.0.1.24
set routing-options autonomous-system 65032
## Edit interface lo0
set interfaces lo0 unit 0 family inet address 10.0.1.24/32
## INTERFACE CONFIGURATION
delete interfaces xe-0/0/0 unit 0 family inet dhcp
delete interfaces xe-0/0/1 unit 0 family inet dhcp
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.2/30
set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/0
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.6/30
set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/0
##EVPN-VXLAN setup ###
set protocols evpn encapsulation vxlan
set protocols evpn multicast-mode ingress-replication
set protocols evpn extended-vni-list 10200
set protocols evpn extended-vni-list 10300
set protocols evpn extended-vni-list 10400
set protocols evpn extended-vni-list 10500
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 10.0.1.24:1
set switch-options vrf-target target:65400:1
##Setup VLANS
set vlans private1-a vlan-id 200 vxlan vni 10200
set vlans private1-b vlan-id 300 vxlan vni 10300
set vlans private1-c vlan-id 400 vxlan vni 10400
set vlans private1-d vlan-id 500 vxlan vni 10500
##Set interface to access mode for the servers
delete interfaces xe-0/0/2 unit 0
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members private1-a
# Overlay network on leaf 1###
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 10.0.1.24
set protocols bgp group overlay family evpn signaling
set protocols bgp group overlay local-as 65400
set protocols bgp group overlay authentication-key password1
set protocols bgp group overlay multipath
set protocols bgp group overlay neighbor 10.0.1.25 description lsw2
set protocols bgp group overlay neighbor 10.0.1.26 description lsw3
set protocols bgp group overlay neighbor 10.0.1.27 description lsw4
# irb interfaces setup
set interface irb unit 200 family inet address 10.192.80.1/22 virtual-gateway-address 10.192.80.254
set interfaces irb unit 200 virtual-gateway-accept-data
set interface irb unit 300 family inet address 10.192.96.1/22 virtual-gateway-address 10.192.96.254
set interfaces irb unit 300 virtual-gateway-accept-data
set interface irb unit 400 family inet address 10.192.112.1/22 virtual-gateway-address 10.192.112.254
set interfaces irb unit 400 virtual-gateway-accept-data
set interface irb unit 500 family inet address 10.192.128.1/22 virtual-gateway-address 10.192.128.254
set interfaces irb unit 500 virtual-gateway-accept-data
#add irb interface for each vlan
set vlans private1-a l3-interface irb.200
set vlans private1-b l3-interface irb.300
set vlans private1-c l3-interface irb.400
set vlans private1-d l3-interface irb.500

leaf2 configuration

#basic configuration 
set system host-name lsw2
## Edit policy-options
set policy-options policy-statement export-lo term lo0 from protocol direct
set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.25/32 exact
set policy-options policy-statement export-lo term lo0 then accept
set policy-options policy-statement lbpp term lb then load-balance per-packet
#Setting the underlay network###
set protocols bgp group underlay authentication-key password1
set protocols bgp group underlay export export-lo
set protocols bgp group underlay multipath multiple-as
set protocols bgp group underlay neighbor 172.16.1.9 peer-as 65030
set protocols bgp group underlay neighbor 172.16.1.13 peer-as 65031
##  edit routing-options 
set routing-options forwarding-table export lbpp
set routing-options router-id 10.0.1.25
set routing-options autonomous-system 65033
## Edit interface lo0
set interfaces lo0 unit 0 family inet address 10.0.1.25/32
## INTERFACE CONFIGURATION
delete interfaces xe-0/0/0 unit 0 family inet dhcp
delete interfaces xe-0/0/1 unit 0 family inet dhcp
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.10/30
set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/1
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.14/30
set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/1
##EVPN-VXLAN setup ###
set protocols evpn encapsulation vxlan
set protocols evpn multicast-mode ingress-replication
set protocols evpn extended-vni-list 10200
set protocols evpn extended-vni-list 10300
set protocols evpn extended-vni-list 10400
set protocols evpn extended-vni-list 10500
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 10.0.1.25:1
set switch-options vrf-target target:65400:1
##Setup VLANS
set vlans private1-a vlan-id 200 vxlan vni 10200
set vlans private1-b vlan-id 300 vxlan vni 10300
set vlans private1-c vlan-id 400 vxlan vni 10400
set vlans private1-d vlan-id 500 vxlan vni 10500
##Set interface to access mode for the servers
delete interfaces xe-0/0/2 unit 0
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members private1-b
# Overlay network on leaf 2###
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 10.0.1.25
set protocols bgp group overlay family evpn signaling
set protocols bgp group overlay local-as 65400
set protocols bgp group overlay authentication-key password1
set protocols bgp group overlay multipath
set protocols bgp group overlay neighbor 10.0.1.24 description lsw1
set protocols bgp group overlay neighbor 10.0.1.26 descripion lsw3
set protocols bgp group overlay neighbor 10.0.1.27 description lsw4
# irb interfaces setup
set interface irb unit 200 family inet address 10.192.80.1/22 virtual-gateway-address 10.192.80.254
set interfaces irb unit 200 virtual-gateway-accept-data
set interface irb unit 300 family inet address 10.192.96.1/22 virtual-gateway-address 10.192.96.254
set interfaces irb unit 300 virtual-gateway-accept-data
set interface irb unit 400 family inet address 10.192.112.1/22 virtual-gateway-address 10.192.112.254
set interfaces irb unit 400 virtual-gateway-accept-data
set interface irb unit 500 family inet address 10.192.128.1/22 virtual-gateway-address 10.192.128.254
set interfaces irb unit 500 virtual-gateway-accept-data
#add irb interface for each vlan
set vlans private1-a l3-interface irb.200
set vlans private1-b l3-interface irb.300
set vlans private1-c l3-interface irb.400
set vlans private1-d l3-interface irb.500

leaf3 configutation

#basic configuration 
set system host-name lsw3
## Edit policy-options
set policy-options policy-statement export-lo term lo0 from protocol direct
set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.26/32 exact
set policy-options policy-statement export-lo term lo0 then accept
set policy-options policy-statement lbpp term lb then load-balance per-packet
#Setting the underlay network###
set protocols bgp group underlay authentication-key password1
set protocols bgp group underlay export export-lo
set protocols bgp group underlay multipath multiple-as
set protocols bgp group underlay neighbor 172.16.1.17 peer-as 65030
set protocols bgp group underlay neighbor 172.16.1.21 peer-as 65031
##  edit routing-options 
set routing-options forwarding-table export lbpp
set routing-options router-id 10.0.1.26
set routing-options autonomous-system 65034
## Edit interface lo0
set interfaces lo0 unit 0 family inet address 10.0.1.26/32
## INTERFACE CONFIGURATION
delete interfaces xe-0/0/0 unit 0 family inet dhcp
delete interfaces xe-0/0/1 unit 0 family inet dhcp
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.18/30
set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/1
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.22/30
set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/1
## INTERFACE CONFIGURATION
delete interfaces xe-0/0/0 unit 0 family inet dhcp
delete interfaces xe-0/0/1 unit 0 family inet dhcp
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.18/30
set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/1
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.22/30
set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/1
##EVPN-VXLAN setup ###
set protocols evpn encapsulation vxlan
set protocols evpn multicast-mode ingress-replication
set protocols evpn extended-vni-list 10200
set protocols evpn extended-vni-list 10300
set protocols evpn extended-vni-list 10400
set protocols evpn extended-vni-list 10500
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 10.0.1.26:1
set switch-options vrf-target target:65400:1
##Setup VLANS
set vlans private1-a vlan-id 200 vxlan vni 10200
set vlans private1-b vlan-id 300 vxlan vni 10300
set vlans private1-c vlan-id 400 vxlan vni 10400
set vlans private1-d vlan-id 500 vxlan vni 10500
##Set interface to access mode for the servers
delete interfaces xe-0/0/2 unit 0
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members private1-c
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 10.0.1.26
set protocols bgp group overlay family evpn signaling
set protocols bgp group overlay local-as 65400
set protocols bgp group overlay authentication-key password1
set protocols bgp group overlay multipath
set protocols bgp group overlay neighbor 10.0.1.24 description lsw1
set protocols bgp group overlay neighbor 10.0.1.25 description lsw2
set protocols bgp group overlay neighbor 10.0.1.27 description lsw4
# irb interfaces setup
set interface irb unit 200 family inet address 10.192.80.1/22 virtual-gateway-address 10.192.80.254
set interfaces irb unit 200 virtual-gateway-accept-data
set interface irb unit 300 family inet address 10.192.96.1/22 virtual-gateway-address 10.192.96.254
set interfaces irb unit 300 virtual-gateway-accept-data
set interface irb unit 400 family inet address 10.192.112.1/22 virtual-gateway-address 10.192.112.254
set interfaces irb unit 400 virtual-gateway-accept-data
set interface irb unit 500 family inet address 10.192.128.1/22 virtual-gateway-address 10.192.128.254
set interfaces irb unit 500 virtual-gateway-accept-data
#add irb interface for each vlan
set vlans private1-a l3-interface irb.200
set vlans private1-b l3-interface irb.300
set vlans private1-c l3-interface irb.400
set vlans private1-d l3-interface irb.500

leaf4 configuration

#basic configuration 
set system host-name lsw4
## Edit policy-options
set policy-options policy-statement export-lo term lo0 from protocol direct
set policy-options policy-statement export-lo term lo0 from route-filter 10.0.1.27/32 exact
set policy-options policy-statement export-lo term lo0 then accept
set policy-options policy-statement lbpp term lb then load-balance per-packet
#Setting the underlay network### 
set protocols bgp group underlay authentication-key password1
set protocols bgp group underlay export export-lo
set protocols bgp group underlay multipath multiple-as
set protocols bgp group underlay neighbor 172.16.1.25 peer-as 65030 description spine1
set protocols bgp group underlay neighbor 172.16.1.29 peer-as 65031 description spine2
##  edit routing-options  
set routing-options forwarding-table export lbpp
set routing-options router-id 10.0.1.27
set routing-options autonomous-system 65035
## Edit interface lo0
set interfaces lo0 unit 0 family inet address 10.0.1.27/32
## INTERFACE CONFIGUATION
delete interfaces xe-0/0/0 unit 0 family inet dhcp
delete interfaces xe-0/0/1 unit 0 family inet dhcp
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.26/30
set interfaces xe-0/0/0 description link_to_spine1_xe-0/0/3
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.30/30
set interfaces xe-0/0/1 description link_to_spine2_xe-0/0/3
##EVPN-VXLAN setup ###
set protocols evpn encapsulation vxlan
set protocols evpn multicast-mode ingress-replication
set protocols evpn extended-vni-list 10200
set protocols evpn extended-vni-list 10300
set protocols evpn extended-vni-list 10400
set protocols evpn extended-vni-list 10500
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 10.0.1.27:1
set switch-options vrf-target target:65400:1
##Setup VLANS
set vlans private1-a vlan-id 200 vxlan vni 10200
set vlans private1-b vlan-id 300 vxlan vni 10300
set vlans private1-c vlan-id 400 vxlan vni 10400
set vlans private1-d vlan-id 500 vxlan vni 10500
##Set interface to access mode for the servers
delete interfaces xe-0/0/2 unit 0
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members private1-d
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 10.0.1.27
set protocols bgp group overlay family evpn signaling
set protocols bgp group overlay local-as 65400
set protocols bgp group overlay authentication-key password1
set protocols bgp group overlay multipath
set protocols bgp group overlay neighbor 10.0.1.24 description lsw1
set protocols bgp group overlay neighbor 10.0.1.25 description lsw2
set protocols bgp group overlay neighbor 10.0.1.26 description lsw3
# irb interfaces setup
set interface irb unit 200 family inet address 10.192.80.1/22 virtual-gateway-address 10.192.80.254
set interfaces irb unit 200 virtual-gateway-accept-data
set interface irb unit 300 family inet address 10.192.96.1/22 virtual-gateway-address 10.192.96.254
set interfaces irb unit 300 virtual-gateway-accept-data
set interface irb unit 400 family inet address 10.192.112.1/22 virtual-gateway-address 10.192.112.254
set interfaces irb unit 400 virtual-gateway-accept-data
set interface irb unit 500 family inet address 10.192.128.1/22 virtual-gateway-address 10.192.128.254
set interfaces irb unit 500 virtual-gateway-accept-data
#add irb interface for each vlan
set vlans private1-a l3-interface irb.200
set vlans private1-b l3-interface irb.300
set vlans private1-c l3-interface irb.400
set vlans private1-d l3-interface irb.500

Checking and testing

spine1 BGP

root@spine1> show bgp summary     
Threading mode: BGP I/O
Groups: 1 Peers: 4 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0               
                     26         24          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.1.2            65032       2648       2657       0       0    20:05:01 Establ
  inet.0: 6/7/7/0
172.16.1.10           65033       2654       2658       0       0    20:05:03 Establ
  inet.0: 6/7/7/0
172.16.1.18           65034       2647       2658       0       0    20:04:53 Establ
  inet.0: 6/6/6/0
172.16.1.26           65035       2647       2659       0       0    20:04:49 Establ
  inet.0: 6/6/6/0

We can see that the BGP section from spine 1 to all the 4 leaves is up.

spine2 BGP

root@spine2> show bgp summary 
Threading mode: BGP I/O
Groups: 1 Peers: 4 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0               
                      34         24          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.1.6            65032       2660       2669       0       1    20:08:41 Establ
  inet.0: 6/8/8/0
172.16.1.14           65033       2664       2666       0       0    20:08:42 Establ
  inet.0: 6/8/8/0
172.16.1.22           65034       2662       2668       0       1    20:08:39 Establ
  inet.0: 6/9/9/0
172.16.1.30           65035       2660       2669       0       1    20:08:41 Establ
  inet.0: 6/9/9/0

leaf1 BGP

root@leaf1> show bgp summary 
Threading mode: BGP I/O
Groups: 2 Peers: 5 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.evpn.0           
                      78         78          0          0          0          0
inet.0               
                      32         16          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.0.1.25             65400       2680       2665       0       2    20:07:21 Establ
  __default_evpn__.evpn.0: 0/0/0/0
  bgp.evpn.0: 26/26/26/0
  default-switch.evpn.0: 26/26/26/0
10.0.1.26             65400       2679       2674       0       3    20:10:56 Establ
  __default_evpn__.evpn.0: 0/0/0/0
  bgp.evpn.0: 26/26/26/0
  default-switch.evpn.0: 26/26/26/0
10.0.1.27             65400       2687       2673       0       3    20:10:49 Establ
  __default_evpn__.evpn.0: 0/0/0/0
  bgp.evpn.0: 26/26/26/0
  default-switch.evpn.0: 26/26/26/0
172.16.1.1            65030       2672       2661       0       1    20:11:06 Establ
  inet.0: 8/16/16/0                     
172.16.1.5            65031       2674       2663       0       3    20:10:53 Establ
  inet.0: 8/16/16/0