Juniper Collapsed Spine with EVPN
Goal
In this tutorial, We will be setting up a collapsed Spine EVPN/VXLAN with multi-homing.We will use two SRX's in cluster mode to route traffic between the 2 Tenants that we will configure. We will be using BGP for the underlay and overlay.
Prerequisites
For this tutorial we will be using:
- EVE-NG 2.0.3-112
- VQFX model: vqfx-10000 running JUNOS 19.4R1.10 for spines and leaves
- VSRX 3.0
- Debian VM's servers
Diagram
Setup and configuration
Devices | Role | lo.0 IP | VLAN | IP address | ae0 IP | ae0 interfaces | ae1 interfaces | ae2 interfaces | ae5 interfaces | ae6 interfaces | mgmt | local-as underlay | local-as overlay |
cc1 | core swtich1 | 10.179.1.1/32 | 172.16.3.1/3 | xe-0/0[10-11] | xe-0/0/0 | xe-0/0/1 | xe-0/0/9 | xe-0/0/8 | 10.193.0.105/24 | 65012 | 65100 | ||
cc2 | core switch2 | 10.179.1.2/32 | 172.16.3.2/30 | xe-0/0[10-11] | xe-0/0/0 | xe-0/0/1 | xe-0/0/9 | xe-0/0/8 | 10.193.0.106/24 | 65013 | 65100 | ||
sw1 | switch 1 | xe-0/0[0-1] | 10.193.0.107/24 | ||||||||||
sw2 | switch 2 | xe-0/0[0-1] | 10.193.0.108/24 | ||||||||||
srx | Firewall | ||||||||||||
srv1 | Server1 | private1-a-dfw | 10.192.144.100/22 | ||||||||||
srv2 | Server2 | private1-b-dfw | 10.192.160.100/22 | ||||||||||
srv3 | Server3 | private1-d-dfw | 10.192.192.100/22 | ||||||||||
srv4 | Server4 | private1-c-dfw | 10.192.176.100/22 | ||||||||||
srv5 | Server5 | private1-a-dfw | 10.192.144.200/22 | ||||||||||
srv6 | Server6 | private1-b-dfw | 10.192.160.200/22 | ||||||||||
srv7 | Server7 | private1-c-dfw | 10.192.176.200/22 | ||||||||||
srv8 | Server8 | private1-d-dfw | 10.192.192.200/22 |
core switch 1 configuration
set system host-name sswecc1-dfw set system root-authentication encrypted-password "$5$bSgF2gnxBS/rA$sYP/f1pWJhl5d1VN0hHzjxd0jZhmnwGLCiwVm3hE8Z." set system login user homer uid 2002 set system login user homer class super-user set system login user homer authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4xpjWJoQhCf176i77ni9//mcYO3bBWu7necWZwJNVkFsvvT6XuWfkKVMUFnTjTMr1erv8WRDze7le9Jl2a/xMIgo9Cf71SU9faPbd /ukvaLl5VUeGvHKFg9d+7GUGx1z9K1qKY2VOBO5EQCht8+4o4mMaizoXoxHvkNolswAa5Jv/EPwnfCeDyV7TsG+Se1k7 /1h1VFOwW7Dbxno1aCnMDYbcfiBnzGnLSZQGjehok6cqYTjsNIIdAiZYSpH77pnAGglFhxNUSlqj0qRIJZdG3nhPlvIRPjn7fouq3BJEmiWPP8ru67H1J2mdSkix4xOxdUWfGB9eJlENfnobJjBr pp@U18" set system login user ppaul uid 2003 set system login user ppaul class super-user set system login user ppaul authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDST4EbXJc9l/AdrVmOZEPl3sxi6qjGIZyPwkupthSdooFHxPxUIh/a5PC9bMk5go6KvRoChpc4L8XuMRsxLTd6Ro6DsWIZieGHFuO /AL9SRUtmevGiSC2q4ibR7ACosJBUvKPRVK8anYnMSL9YWd7lnmVLnW5mvOM3Alhd8aTNKE3/H9ogDt9UfndEJXmieMTLJzGvx65sw6riqa5hh6iOcw02qb3QQCKLSRJmUJQuToY4oo/ZdLl/prEDKQ0I9DSnOxRYIvZxvUsTzwoXVq9X9dWGkKAAMDw7f2DJfa/4uCNT2dKPydApeN0ea2/69VRL3fmTz47y0CC1RTEd8j1j U18pc " set chassis aggregated-devices ethernet device-count 10 set interfaces xe-0/0/0 description Link_leaf1-xe-0/0/0 set interfaces xe-0/0/0 gigether-options 802.3ad ae1 set interfaces xe-0/0/1 description link_leaf2_xe-0/0/0 set interfaces xe-0/0/1 gigether-options 802.3ad ae2 set interfaces xe-0/0/8 description vsrx_node1_ge-7/0/4 set interfaces xe-0/0/8 gigether-options 802.3ad ae6 set interfaces xe-0/0/9 description vsrx_node0_ge-0/0/4 set interfaces xe-0/0/9 gigether-options 802.3ad ae5 set interfaces xe-0/0/10 gigether-options 802.3ad ae0 set interfaces xe-0/0/11 gigether-options 802.3ad ae0 set interfaces ae0 description link_spine2 set interfaces ae0 mtu 9216 set interfaces ae0 aggregated-ether-options lacp active set interfaces ae0 aggregated-ether-options lacp periodic fast set interfaces ae0 unit 0 family inet address 172.16.3.1/30 set interfaces ae1 description sw1_ae1 set interfaces ae1 mtu 9192 set interfaces ae1 esi 00:00:00:ab:cd:00:01:00:00:03 set interfaces ae1 esi all-active set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 aggregated-ether-options lacp system-id 00:11:00:00:00:01 set interfaces ae1 unit 0 family ethernet-switching interface-mode trunk set interfaces ae1 unit 0 family ethernet-switching vlan members private1-a-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-b-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-c-dfw set interfaces ae1 unit 0 family ethernet-switching vlan members private1-d-dfw set interfaces ae2 description sw2_ae1 set interfaces ae2 mtu 9216 set interfaces ae2 esi 00:00:00:ab:cd:00:01:00:00:04 set interfaces ae2 esi all-active set interfaces ae2 aggregated-ether-options lacp active set interfaces ae2 aggregated-ether-options lacp periodic fast set interfaces ae2 aggregated-ether-options lacp system-id 00:22:00:00:00:02 set interfaces ae2 unit 0 family ethernet-switching interface-mode trunk set interfaces ae2 unit 0 family ethernet-switching vlan members private1-a-dfw set interfaces ae2 unit 0 family ethernet-switching vlan members private1-b-dfw set interfaces ae2 unit 0 family ethernet-switching vlan members private1-c-dfw set interfaces ae2 unit 0 family ethernet-switching vlan members private1-d-dfw set interfaces ae5 description "to SRX cluster node0" set interfaces ae5 mtu 9216 set interfaces ae5 esi 00:00:00:00:00:00:00:00:01:11 set interfaces ae5 esi all-active set interfaces ae5 aggregated-ether-options lacp active set interfaces ae5 aggregated-ether-options lacp periodic fast set interfaces ae5 aggregated-ether-options lacp system-id 00:00:00:00:01:11 set interfaces ae5 unit 0 family ethernet-switching interface-mode trunk set interfaces ae5 unit 0 family ethernet-switching vlan members VLAN_42 set interfaces ae5 unit 0 family ethernet-switching vlan members VLAN_46 set interfaces ae6 description "to SRx Cluster" set interfaces ae6 mtu 9216 set interfaces ae6 esi 00:00:00:00:00:00:00:00:01:12 set interfaces ae6 esi all-active set interfaces ae6 aggregated-ether-options lacp active set interfaces ae6 aggregated-ether-options lacp periodic fast set interfaces ae6 aggregated-ether-options lacp system-id 00:00:00:00:01:12 set interfaces ae6 unit 0 family ethernet-switching interface-mode trunk set interfaces ae6 unit 0 family ethernet-switching vlan members VLAN_42 set interfaces ae6 unit 0 family ethernet-switching vlan members VLAN_46 set interfaces em0 unit 0 family inet address 10.193.0.105/24
core switch 2 configuration
switch 1 configuration
switch 2 configuration
vSRX configuration
Interface maping EVE-NG/vSRX
On EVE-NG ge-0/0/1 is ge-0/0/0 in the vSRX and ge-0/0/2 is ge-0/0/1 and so on. If you connect on EVE-NG for example ge-0/0/5 when you login to the vSRX the interface that needs to be setup will be ge-0/0/4.