Juniper EVPN-VXLAN & DCI
Goal
In this tutorial we are going to setup 2 sites: Site A and site B and connect both sites together using a MPLS backbone. Both sites will be configured using EVPN-VXLAN centrally Routed Bridging (CRB).
Prerequisites
For this tutorial I will be using :
- EVE-NG 2.0.3-112
- VQFX model: vqfx-10000 running JUNOS 19.4R1.10 for spines and leaves
- VMX running Junos: 18.2R1.9 for the core routers
- Debian VM's servers
Diagram
Setup and configuration
Site A
| Devices | Role | lo.0 IP | xe-0/0/0 IP | xe-0/0/1 IP | xe-0/0/2 IP | xe-0/0/9 IP | mgmt | AS | local-as |
| qfxssw27 | spine1 | 10.179.0.1/32 | 172.16.1.49/30 | 172.16.2.2/30 | 172.16.3.1/30 | 10.193.0.78/24 | 64601 | 65030 | |
| qfxssw28 | spine2 | 10.179.0.2/32 | 172.16.1.6/30 | 172.16.2.6/30 | 172.16.3.5/30 | 10.193.0.79/24 | 64601 | 65031 | |
| qfxlsw27 | leaf1 | 10.179.0.5/32 | 172.16.1.50/30 | 172.16.1.5/30 | 10.193.0.80/24 | 64601 | 65032 | ||
| qfxlsw28 | leaf2 | 10.179.0.6/32 | 172.16.2.1/30 | 172.16.2.5/30 | 10.193.0.81/24 | 64601 | 65033 | ||
| cr1 | core router | 10.179.0.7/32 | 172.16.3.2/30 | 172.16.3.6/30 | 172.16.4.0/31 | 10.193.0.86/24 | 100 |
| vlan | vlan-id | vni | Network | irb IP | VG |
| private1-a-dal | 2005 | 102005 | 10.192.64.0/22 | 10.192.64.2/22 | 10.192.64.1 |
| private1-b-dal | 2006 | 102006 | 10.192.80.0/22 | 10.192.80.2/22 | 10.192.80.1 |
Spine1 configuration
set system host-name qfxssw27-dfw set interfaces xe-0/0/0 description link_leaf1 set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.49/30 set interfaces xe-0/0/1 description link_leaf2 set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.2/30 set interfaces xe-0/0/2 description link_cr1 set interfaces xe-0/0/2 unit 0 family inet address 172.16.3.1/30 set interfaces em0 unit 0 family inet address 10.193.0.78/24 set interfaces irb unit 2006 proxy-macip-advertisement set interfaces irb unit 2006 virtual-gateway-accept-data set interfaces irb unit 2006 family inet address 10.192.80.2/22 virtual-gateway-address 10.192.80.1 set interfaces irb unit 3502 proxy-macip-advertisement set interfaces irb unit 3502 virtual-gateway-accept-data set interfaces irb unit 3502 family inet address 10.192.64.2/22 virtual-gateway-address 10.192.64.1 set interfaces lo0 unit 0 family inet address 10.179.0.1/32 primary set policy-options prefix-list fab-lo0s 10.179.0.0/24 set policy-options policy-statement EVPN-IMPORT term VNI102005 from community com2006 set policy-options policy-statement EVPN-IMPORT term VNI102005 then accept set policy-options policy-statement EVPN-IMPORT2006 term 1 from community com2005 set policy-options policy-statement EVPN-IMPORT2006 term 1 then accept set policy-options policy-statement PFE-ECMP then load-balance per-packet set policy-options policy-statement export-dc-routes term fabric from protocol static set policy-options policy-statement export-dc-routes term fabric from prefix-list-filter fab-lo0s exact set policy-options policy-statement export-dc-routes term fabric then accept set policy-options policy-statement export-dc-routes then reject set policy-options policy-statement import-overlay term 1 from family evpn set policy-options policy-statement import-overlay term 1 from next-hop 10.179.1.1 set policy-options policy-statement import-overlay term 1 from nlri-route-type 1 set policy-options policy-statement import-overlay term 1 from nlri-route-type 2 set policy-options policy-statement import-overlay term 1 then reject set policy-options policy-statement import-overlay then accept set policy-options policy-statement send-direct term send-lo0 from protocol direct set policy-options policy-statement send-direct term send-lo0 from interface lo0.0 set policy-options policy-statement send-direct term send-lo0 then accept set policy-options policy-statement send-direct term 2 from protocol bgp set policy-options policy-statement send-direct term 2 from route-filter 0.0.0.0/0 prefix-length-range /32-/32 set policy-options policy-statement send-direct term 2 then accept set policy-options policy-statement send-direct then reject set policy-options community com2005 members target:64601:2 set policy-options community com2006 members target:64601:3 set routing-instances vlan2005 routing-options auto-export set routing-instances vlan2005 instance-type vrf set routing-instances vlan2005 interface irb.3502 set routing-instances vlan2005 route-distinguisher 10.179.0.1:2 set routing-instances vlan2005 vrf-import EVPN-IMPORT set routing-instances vlan2005 vrf-target target:64601:2 set routing-instances vlan2006 routing-options auto-export set routing-instances vlan2006 instance-type vrf set routing-instances vlan2006 interface irb.2006 set routing-instances vlan2006 route-distinguisher 10.179.0.1:3 set routing-instances vlan2006 vrf-import EVPN-IMPORT2006 set routing-instances vlan2006 vrf-target target:64601:3 set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-options static route 0.0.0.0/0 no-readvertise set routing-options static route 10.179.0.0/24 discard set routing-options forwarding-table export PFE-ECMP set routing-options forwarding-table ecmp-fast-reroute set routing-options router-id 10.179.0.1 set routing-options autonomous-system 64601 set protocols evpn vni-options vni 102005 vrf-target target:1:2005 set protocols evpn vni-options vni 102006 vrf-target target:1:2006 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication set protocols evpn default-gateway no-gateway-community set protocols evpn extended-vni-list all set protocols bgp group UNDERLAY type external set protocols bgp group UNDERLAY mtu-discovery set protocols bgp group UNDERLAY export send-direct set protocols bgp group UNDERLAY local-as 65030 set protocols bgp group UNDERLAY multipath multiple-as set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000 set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3 set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic set protocols bgp group UNDERLAY neighbor 172.16.2.1 description leaf2 set protocols bgp group UNDERLAY neighbor 172.16.2.1 peer-as 65033 set protocols bgp group UNDERLAY neighbor 172.16.1.50 description leaf1 set protocols bgp group UNDERLAY neighbor 172.16.1.50 peer-as 65032 set protocols bgp group EVPN-IBGP type internal set protocols bgp group EVPN-IBGP local-address 10.179.0.1 set protocols bgp group EVPN-IBGP import import-overlay set protocols bgp group EVPN-IBGP family evpn signaling set protocols bgp group EVPN-IBGP cluster 1.1.1.1 set protocols bgp group EVPN-IBGP multipath set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350 set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3 set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic set protocols bgp group EVPN-IBGP neighbor 10.179.0.5 description lfsw01 set protocols bgp group EVPN-IBGP neighbor 10.179.0.6 description lfsw02 set protocols bgp group EVPN-IBGP neighbor 10.179.0.2 description spine2 set protocols bgp group EVPN-IBGP neighbor 10.179.1.1 description dc2_spine1 set protocols bgp group core type external set protocols bgp group core export export-dc-routes set protocols bgp group core peer-as 100 set protocols bgp group core local-as 65030 set protocols bgp group core neighbor 172.16.3.2 set protocols igmp-snooping vlan default set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.179.0.1:1 set switch-options vrf-target target:64512:1111 set vlans default vlan-id 1 set vlans private1-a-dal vlan-id 2005 set vlans private1-a-dal l3-interface irb.3502 set vlans private1-a-dal vxlan vni 102005 set vlans private1-b-dal vlan-id 2006 set vlans private1-b-dal l3-interface irb.2006 set vlans private1-b-dal vxlan vni 102006
Spine2 configuration
set system host-name qfxssw28-dfw set interfaces xe-0/0/0 description link_leaf1 set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.6/30 set interfaces xe-0/0/1 description link_leaf2 set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.6/30 set interfaces xe-0/0/2 description link_cr2 set interfaces xe-0/0/2 unit 0 family inet address 172.16.3.5/30 set interfaces em0 unit 0 family inet address 10.193.0.79/24 set interfaces irb unit 2006 proxy-macip-advertisement set interfaces irb unit 2006 virtual-gateway-accept-data set interfaces irb unit 2006 family inet address 10.192.80.3/22 virtual-gateway-address 10.192.80.1 set interfaces irb unit 3502 proxy-macip-advertisement set interfaces irb unit 3502 virtual-gateway-accept-data set interfaces irb unit 3502 family inet address 10.192.64.3/22 virtual-gateway-address 10.192.64.1 set interfaces lo0 unit 0 family inet address 10.179.0.2/32 primary set policy-options prefix-list fab-lo0s 10.179.0.0/24 set policy-options policy-statement EVPN-IMPORT term VNI102005 from community com2006 set policy-options policy-statement EVPN-IMPORT term VNI102005 then accept set policy-options policy-statement EVPN-IMPORT2006 term 1 from community com2005 set policy-options policy-statement EVPN-IMPORT2006 term 1 then accept set policy-options policy-statement PFE-ECMP then load-balance per-packet set policy-options policy-statement export-dc-routes term fabric from protocol static set policy-options policy-statement export-dc-routes term fabric from prefix-list-filter fab-lo0s exact set policy-options policy-statement export-dc-routes term fabric then accept set policy-options policy-statement export-dc-routes then reject set policy-options policy-statement import-overlay term 1 from family evpn set policy-options policy-statement import-overlay term 1 from next-hop 10.179.1.1 set policy-options policy-statement import-overlay term 1 from nlri-route-type 1 set policy-options policy-statement import-overlay term 1 from nlri-route-type 2 set policy-options policy-statement import-overlay term 1 then reject set policy-options policy-statement import-overlay then accept set policy-options policy-statement send-direct term send-lo0 from protocol direct set policy-options policy-statement send-direct term send-lo0 from interface lo0.0 set policy-options policy-statement send-direct term send-lo0 then accept set policy-options community com2005 members target:64601:2 set policy-options community com2006 members target:64601:3 set routing-instances vlan2005 routing-options auto-export set routing-instances vlan2005 instance-type vrf set routing-instances vlan2005 interface irb.3502 set routing-instances vlan2005 route-distinguisher 10.179.0.1:2 set routing-instances vlan2005 vrf-import EVPN-IMPORT set routing-instances vlan2005 vrf-target target:64601:2 set routing-instances vlan2006 routing-options auto-export set routing-instances vlan2006 instance-type vrf set routing-instances vlan2006 interface irb.2006 set routing-instances vlan2006 route-distinguisher 10.179.0.1:3 set routing-instances vlan2006 vrf-import EVPN-IMPORT2006 set routing-instances vlan2006 vrf-target target:64601:3 set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-options static route 0.0.0.0/0 no-readvertise set routing-options static route 10.179.0.0/24 discard set routing-options forwarding-table export PFE-ECMP set routing-options forwarding-table ecmp-fast-reroute set routing-options router-id 10.179.0.2 set routing-options autonomous-system 64601 set protocols evpn vni-options vni 102005 vrf-target target:1:2005 set protocols evpn vni-options vni 102006 vrf-target target:1:2006 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication set protocols evpn default-gateway no-gateway-community set protocols evpn extended-vni-list all set protocols bgp group UNDERLAY type external set protocols bgp group UNDERLAY mtu-discovery set protocols bgp group UNDERLAY export send-direct set protocols bgp group UNDERLAY local-as 65031 set protocols bgp group UNDERLAY multipath multiple-as set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000 set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3 set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic set protocols bgp group UNDERLAY neighbor 172.16.1.5 description leaf1 set protocols bgp group UNDERLAY neighbor 172.16.1.5 peer-as 65032 set protocols bgp group UNDERLAY neighbor 172.16.2.5 description leaf2 set protocols bgp group UNDERLAY neighbor 172.16.2.5 peer-as 65033 set protocols bgp group EVPN-IBGP type internal set protocols bgp group EVPN-IBGP local-address 10.179.0.2 set protocols bgp group EVPN-IBGP import import-overlay set protocols bgp group EVPN-IBGP family evpn signaling set protocols bgp group EVPN-IBGP cluster 2.2.2.2 set protocols bgp group EVPN-IBGP multipath set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350 set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3 set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic set protocols bgp group EVPN-IBGP neighbor 10.179.0.5 description lfsw01 set protocols bgp group EVPN-IBGP neighbor 10.179.0.6 description lfsw02 set protocols bgp group EVPN-IBGP neighbor 10.179.0.1 description spine1 set protocols bgp group EVPN-IBGP neighbor 10.179.1.1 description dc2_spine1 set protocols bgp group core type external set protocols bgp group core export export-dc-routes set protocols bgp group core peer-as 100 set protocols bgp group core local-as 65031 set protocols bgp group core neighbor 172.16.3.6 set protocols igmp-snooping vlan default set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.179.0.2:1 set switch-options vrf-target target:64512:1111 set vlans default vlan-id 1 set vlans private1-a-dal vlan-id 2005 set vlans private1-a-dal l3-interface irb.3502 set vlans private1-a-dal vxlan vni 102005 set vlans private1-b-dal vlan-id 2006 set vlans private1-b-dal l3-interface irb.2006 set vlans private1-b-dal vxlan vni 102006
Leaf1 configuration
set system host-name qfxlsw27-dfw set interfaces xe-0/0/0 description link_spine1 set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.50/30 set interfaces xe-0/0/1 description link_spine2 set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.5/30 set interfaces xe-0/0/10 description srv101 set interfaces xe-0/0/10 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/10 unit 0 family ethernet-switching vlan members private1-b-dal set interfaces xe-0/0/11 description srv100 set interfaces xe-0/0/11 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/11 unit 0 family ethernet-switching vlan members private1-a-dal set interfaces em0 unit 0 family inet address 10.193.0.80/24 set interfaces lo0 unit 0 family inet address 10.179.0.5/32 set policy-options policy-statement PFE-ECMP then load-balance per-packet set policy-options policy-statement send-direct term send-lo0 from protocol direct set policy-options policy-statement send-direct term send-lo0 then accept set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-options static route 0.0.0.0/0 no-readvertise set routing-options forwarding-table export PFE-ECMP set routing-options forwarding-table ecmp-fast-reroute set routing-options router-id 10.179.0.5 set routing-options autonomous-system 64601 set protocols evpn vni-options vni 102005 vrf-target target:1:2005 set protocols evpn vni-options vni 102006 vrf-target target:1:2006 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication set protocols evpn extended-vni-list all set protocols bgp group UNDERLAY type external set protocols bgp group UNDERLAY export send-direct set protocols bgp group UNDERLAY local-as 65032 set protocols bgp group UNDERLAY multipath multiple-as set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000 set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3 set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic set protocols bgp group UNDERLAY neighbor 172.16.1.6 description spine2 set protocols bgp group UNDERLAY neighbor 172.16.1.6 peer-as 65031 set protocols bgp group UNDERLAY neighbor 172.16.1.49 description spine1 set protocols bgp group UNDERLAY neighbor 172.16.1.49 peer-as 65030 set protocols bgp group EVPN-IBGP type internal set protocols bgp group EVPN-IBGP local-address 10.179.0.5 set protocols bgp group EVPN-IBGP family evpn signaling set protocols bgp group EVPN-IBGP multipath set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350 set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3 set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic set protocols bgp group EVPN-IBGP neighbor 10.179.0.1 description spsw01 set protocols bgp group EVPN-IBGP neighbor 10.179.0.2 description spsw02 set protocols lldp disable set protocols lldp port-id-subtype interface-name set protocols lldp interface all set protocols lldp-med interface all set protocols igmp-snooping vlan default set switch-options service-id 1 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.179.0.5:1 set switch-options vrf-target target:64512:1111 set vlans private1-a-dal vlan-id 2005 set vlans private1-a-dal vxlan vni 102005 set vlans private1-b-dal vlan-id 2006 set vlans private1-b-dal vxlan vni 102006
Leaf2 configuration
set system host-name qfxlsw28 set interfaces xe-0/0/0 description link_spine1 set interfaces xe-0/0/0 unit 0 family inet address 172.16.2.1/30 set interfaces xe-0/0/1 description link_spine2 set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.5/30 set interfaces xe-0/0/10 description srv104 set interfaces xe-0/0/10 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/10 unit 0 family ethernet-switching vlan members private1-b-dal set interfaces xe-0/0/11 description srv103 set interfaces xe-0/0/11 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/11 unit 0 family ethernet-switching vlan members private1-a-dal set interfaces em0 unit 0 family inet address 10.193.0.81/24 set interfaces lo0 unit 0 family inet address 10.179.0.6/32 set policy-options policy-statement PFE-ECMP then load-balance per-packet set policy-options policy-statement send-direct term send-lo0 from protocol direct set policy-options policy-statement send-direct term send-lo0 then accept set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-options static route 0.0.0.0/0 no-readvertise set routing-options forwarding-table export PFE-ECMP set routing-options forwarding-table ecmp-fast-reroute set routing-options router-id 10.179.0.6 set routing-options autonomous-system 64601 set protocols evpn vni-options vni 102005 vrf-target target:1:2005 set protocols evpn vni-options vni 102006 vrf-target target:1:2006 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication set protocols evpn extended-vni-list all set protocols bgp group UNDERLAY type external set protocols bgp group UNDERLAY export send-direct set protocols bgp group UNDERLAY local-as 65033 set protocols bgp group UNDERLAY multipath multiple-as set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000 set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3 set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic set protocols bgp group UNDERLAY neighbor 172.16.2.2 description spine1 set protocols bgp group UNDERLAY neighbor 172.16.2.2 peer-as 65030 set protocols bgp group UNDERLAY neighbor 172.16.2.6 description spine2 set protocols bgp group UNDERLAY neighbor 172.16.2.6 peer-as 65031 set protocols bgp group EVPN-IBGP type internal set protocols bgp group EVPN-IBGP local-address 10.179.0.6 set protocols bgp group EVPN-IBGP family evpn signaling set protocols bgp group EVPN-IBGP multipath set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350 set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3 set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic set protocols bgp group EVPN-IBGP neighbor 10.179.0.1 description spsw01 set protocols bgp group EVPN-IBGP neighbor 10.179.0.2 description spsw02 set protocols lldp disable set protocols lldp port-id-subtype interface-name set protocols lldp interface all set protocols lldp-med interface all set protocols igmp-snooping vlan default set switch-options service-id 1 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.179.0.6:1 set switch-options vrf-target target:64512:1111 set vlans default vlan-id 1 set vlans private1-a-dal vlan-id 2005 set vlans private1-a-dal vxlan vni 102005 set vlans private1-b-dal vlan-id 2006 set vlans private1-b-dal vxlan vni 102006
Site A EVPN/VXLAN testing & Verification
Underlay Verification
We are performing the test only on leaf1 and spine1, the same result will be also true for leaf2 and spine2. To verify this ww will power off spine 1 later in this tutorial and make sure that spine2 will be taking all the traffic. - on leaf1
root@qfxlsw27-dfw> show bgp summary group UNDERLAY
Threading mode: BGP I/O
Groups: 2 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.evpn.0 42 36 0 0 0 0
inet.0
6 6 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.1.6 65031 1844 1853 0 35 14:01:33 Establ
inet.0: 4/4/4/0
172.16.1.49 65030 463 463 0 35 3:29:50 Establ
inet.0: 2/2/2/0
We have BGP session with spine1(1.49) and spein2 (1.6) up.
root@qfxlsw27-dfw> show route advertising-protocol bgp 172.16.1.49 inet.0: 15 destinations, 16 routes (15 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 10.179.0.5/32 Self I
root@qfxlsw27-dfw> show route advertising-protocol bgp 172.16.1.6 inet.0: 15 destinations, 16 routes (15 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 10.179.0.5/32 Self I
root@qfxlsw27-dfw> show route receive-protocol bgp 172.16.1.49 table inet.0 inet.0: 15 destinations, 16 routes (15 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 10.179.0.1/32 172.16.1.49 65030 I 10.179.0.6/32 172.16.1.49 65030 65033 I
root@qfxlsw27-dfw> show route receive-protocol bgp 172.16.1.6 table inet.0 inet.0: 15 destinations, 16 routes (15 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 10.179.0.2/32 172.16.1.6 65031 I * 10.179.0.6/32 172.16.1.6 65031 65033 I
-On spine1
root@qfxssw27-dfw> show bgp summary group UNDERLAY
Threading mode: BGP I/O
Groups: 3 Peers: 7 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.evpn.0 83 56 0 0 0 0
inet.0
15 7 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.1.50 65032 443 437 0 1 3:17:55 Establ
inet.0: 3/7/7/0
172.16.2.1 65033 1499 1493 0 1 11:19:41 Establ
inet.0: 3/7/7/0
root@qfxssw27-dfw> show route receive-protocol bgp 172.16.1.50 table inet.0 inet.0: 19 destinations, 28 routes (19 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 10.179.0.5/32 172.16.1.50 65032 I 10.179.0.6/32 172.16.1.50 65032 65031 65033 I
root@qfxssw27-dfw> show route receive-protocol bgp 172.16.2.1 table inet.0 inet.0: 19 destinations, 26 routes (19 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 10.179.0.2/32 172.16.2.1 65033 65031 I * 10.179.0.6/32 172.16.2.1 65033 I root@qfxssw27-dfw> show route advertising-protocol bgp 172.16.1.50 inet.0: 19 destinations, 26 routes (19 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 10.179.0.1/32 Self I * 10.179.0.2/32 Self 65033 65031 I * 10.179.0.6/32 Self 65033 I
root@qfxssw27-dfw> show route advertising-protocol bgp 172.16.2.1 inet.0: 19 destinations, 26 routes (19 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path * 10.179.0.1/32 Self I * 10.179.0.5/32 Self 65032 I
Now that we know that leaves and spines can reach each other loopback, let us now verify the Overlay network.
Overlay Verification
- On leaf1
root@qfxlsw27-dfw> show bgp summary group EVPN-IBGP
Threading mode: BGP I/O
Groups: 2 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.evpn.0
72 36 0 0 0 0
inet.0
6 4 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.179.0.1 64601 3064 3030 0 3 22:55:21 Establ
__default_evpn__.evpn.0: 0/0/0/0
bgp.evpn.0: 24/36/36/0
default-switch.evpn.0: 24/36/36/0
10.179.0.2 64601 9817 9625 0 4 3d 0:54:21 Establ
__default_evpn__.evpn.0: 0/0/0/0
bgp.evpn.0: 12/36/36/0
default-switch.evpn.0: 12/36/36/0
- On spine1
root@qfxssw27-dfw# run show bgp summary group EVPN-IBGP
Threading mode: BGP I/O
Groups: 3 Peers: 7 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.evpn.0
83 56 0 0 0 0
inet.0
15 7 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
10.179.0.2 64601 5763 5764 0 0 1d 19:46:04 Establ
__default_evpn__.evpn.0: 0/0/0/0
bgp.evpn.0: 12/24/24/0
default-switch.evpn.0: 12/24/24/0
10.179.0.5 64601 6253 6262 0 0 1d 23:20:01 Establ
__default_evpn__.evpn.0: 0/0/0/0
bgp.evpn.0: 6/6/6/0
default-switch.evpn.0: 6/6/6/0
10.179.0.6 64601 6253 6302 0 0 1d 23:19:57 Establ
__default_evpn__.evpn.0: 0/0/0/0
bgp.evpn.0: 6/6/6/0
default-switch.evpn.0: 6/6/6/0
We can see that we on leaf1 we are able to see spine1 an spine2 loopback and on spine1 we are able to see leaf1, leaf2 and spine2 loopback.
cr1 configuration
set system host-name cr1 set system management-instance set chassis fpc 0 pic 0 interface-type xe set chassis fpc 0 performance-mode set interfaces xe-0/0/0 description link_spine1 set interfaces xe-0/0/0 unit 0 family inet address 172.16.3.2/30 set interfaces xe-0/0/1 description link_spine2 set interfaces xe-0/0/1 unit 0 family inet address 172.16.3.6/30 set interfaces xe-0/0/9 description link_p-router-xe-0/0/9 set interfaces xe-0/0/9 unit 0 family inet address 172.16.4.0/31 set interfaces xe-0/0/9 unit 0 family mpls set interfaces fxp0 unit 0 family inet address 10.193.0.86/24 set interfaces lo0 unit 0 family inet address 10.179.0.7/32 primary set snmp community junos1 routing-instance mgmt_junos set snmp routing-instance-access set routing-options static route 10.179.0.100/32 discard set routing-options autonomous-system 100 set protocols mpls no-cspf set protocols mpls interface xe-0/0/9.0 set protocols bgp group core_spine type external set protocols bgp group core_spine as-override set protocols bgp group core_spine neighbor 172.16.3.1 description spine1 set protocols bgp group core_spine neighbor 172.16.3.1 peer-as 65030 set protocols bgp group core_spine neighbor 172.16.3.5 description spine2 set protocols bgp group core_spine neighbor 172.16.3.5 peer-as 65031 set protocols bgp group core type internal set protocols bgp group core local-address 10.179.0.7 set protocols bgp group core export into-ibgp set protocols bgp group core neighbor 10.179.1.7 description cr2-lo0 set protocols ospf export into-ospf set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/9.0 interface-type p2p set protocols ldp egress-policy into-ldp set protocols ldp interface xe-0/0/9.0 set protocols ldp interface lo0.0 set policy-options prefix-list dc-routes 10.179.0.0/24 set policy-options policy-statement into-ibgp term 1 from protocol bgp set policy-options policy-statement into-ibgp term 1 from prefix-list-filter dc-routes exact set policy-options policy-statement into-ibgp term 1 then next-hop 10.179.0.100 set policy-options policy-statement into-ibgp term 1 then accept set policy-options policy-statement into-ibgp then reject set policy-options policy-statement into-ldp term 1 from interface lo0.0 set policy-options policy-statement into-ldp term 1 then accept set policy-options policy-statement into-ldp term 2 from protocol static set policy-options policy-statement into-ldp term 2 from route-filter 10.179.0.100/32 exact set policy-options policy-statement into-ldp term 2 then accept set policy-options policy-statement into-ldp then reject set policy-options policy-statement into-ospf term 1 from route-filter 10.179.0.100/32 exact set policy-options policy-statement into-ospf term 1 then accept set policy-options policy-statement into-ospf then reject set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 10.193.0.1
Site B
| Devices | Role | lo.0 IP | xe-0/0/0 IP | xe-0/0/1 IP | xe-0/0/2 IP | xe-0/0/9 IP | mgmt | AS | local-as |
| qfxssw29 | spine1 | 10.179.1.1/32 | 172.16.1.41/30 | 172.16.1.33/30 | 172.16.5.1/30 | 10.193.0.82/24 | 64601 | 65034 | |
| qfxssw30 | spine2 | 10.179.1.2/32 | 172.16.1.45/30 | 172.16.1.37/30 | 172.16.5.5/30 | 10.193.0.83/24 | 64601 | 65035 | |
| qfxlsw29 | leaf1 | 10.179.1.5/32 | 172.16.1.42/30 | 172.16.1.46/30 | 10.193.0.84/24 | 64601 | 65036 | ||
| qfxlsw30 | leaf2 | 10.179.1.6/32 | 172.16.1.34/30 | 172.16.1.38/30 | 10.193.0.85/24 | 64601 | 65037 | ||
| cr2 | core router | 10.179.1.7/32 | 172.16.5.2/30 | 172.16.5.6/30 | 172.16.6.0/31 | 10.193.0.87/24 | 100 |
| vlan | vlan-id | vni | Network | irb IP | VG |
| private1-a-dal | 2005 | 102005 | 10.192.64.0/22 | 10.192.64.3/22 | 10.192.64.1 |
| private1-a-sfo | 2007 | 102007 | 10.192.96.0/22 | 10.192.96.2/22 | 10.192.96.1 |
| private1-b-sfo | 2008 | 102008 | 10.192.112.0/22 | 10.192.112.2/22 | 10.192.112.1 |
Spine1 configuration
set system host-name qfxssw29-dfw set interfaces xe-0/0/0 description link_leaf1 set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.41/30 set interfaces xe-0/0/1 description link_leaf2 set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.33/30 set interfaces xe-0/0/2 description link_cr2 set interfaces xe-0/0/2 unit 0 family inet address 172.16.5.1/30 set interfaces em0 unit 0 family inet address 10.193.0.82/24 set interfaces irb unit 2007 proxy-macip-advertisement set interfaces irb unit 2007 virtual-gateway-accept-data set interfaces irb unit 2007 family inet address 10.192.96.2/22 virtual-gateway-address 10.192.96.1 set interfaces irb unit 2008 proxy-macip-advertisement set interfaces irb unit 2008 virtual-gateway-accept-data set interfaces irb unit 2008 family inet address 10.192.112.2/22 virtual-gateway-address 10.192.112.1 set interfaces irb unit 3502 proxy-macip-advertisement set interfaces irb unit 3502 virtual-gateway-accept-data set interfaces irb unit 3502 family inet address 10.192.64.4/22 virtual-gateway-address 10.192.64.1 set interfaces lo0 unit 0 family inet address 10.179.1.1/32 primary set policy-options prefix-list fab-lo0s 10.179.1.0/24 set policy-options policy-statement EVPN-IMPORT term VNI102007 from community com2008 set policy-options policy-statement EVPN-IMPORT term VNI102007 then accept set policy-options policy-statement EVPN-IMPORT term VNI102005 from community com2005 set policy-options policy-statement EVPN-IMPORT term VNI102005 then accept set policy-options policy-statement EVPN-IMPORT2008 term 1 from community com2007 set policy-options policy-statement EVPN-IMPORT2008 term 1 then accept set policy-options policy-statement PFE-ECMP then load-balance per-packet set policy-options policy-statement export-dc-routes term fabric from protocol static set policy-options policy-statement export-dc-routes term fabric from prefix-list-filter fab-lo0s exact set policy-options policy-statement export-dc-routes term fabric then accept set policy-options policy-statement export-dc-routes then reject set policy-options policy-statement import-overlay term 1 from family evpn set policy-options policy-statement import-overlay term 1 from next-hop 10.179.0.1 set policy-options policy-statement import-overlay term 1 from nlri-route-type 1 set policy-options policy-statement import-overlay term 1 from nlri-route-type 2 set policy-options policy-statement import-overlay term 1 then reject set policy-options policy-statement import-overlay then accept set policy-options policy-statement send-direct term send-lo0 from protocol direct set policy-options policy-statement send-direct term send-lo0 from interface lo0.0 set policy-options policy-statement send-direct term send-lo0 then accept set policy-options community com2005 members target:65001:4 set policy-options community com2007 members target:65001:2 set policy-options community com2008 members target:65001:3 set routing-instances vlan2007 routing-options auto-export set routing-instances vlan2007 instance-type vrf set routing-instances vlan2007 interface irb.2007 set routing-instances vlan2007 route-distinguisher 10.179.1.1:2 set routing-instances vlan2007 vrf-import EVPN-IMPORT set routing-instances vlan2007 vrf-target target:65001:2 set routing-instances vlan2008 routing-options auto-export set routing-instances vlan2008 instance-type vrf set routing-instances vlan2008 interface irb.2008 set routing-instances vlan2008 route-distinguisher 10.179.1.1:3 set routing-instances vlan2008 vrf-import EVPN-IMPORT2008 set routing-instances vlan2008 vrf-target target:65001:3 set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-options static route 0.0.0.0/0 no-readvertise set routing-options static route 10.179.1.0/24 discard set routing-options forwarding-table export PFE-ECMP set routing-options forwarding-table ecmp-fast-reroute set routing-options router-id 10.179.1.1 set routing-options autonomous-system 64601 set protocols evpn vni-options vni 102005 vrf-target target:1:2005 set protocols evpn vni-options vni 102007 vrf-target target:1:2007 set protocols evpn vni-options vni 102008 vrf-target target:1:2008 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication set protocols evpn default-gateway no-gateway-community set protocols evpn extended-vni-list all set protocols bgp group UNDERLAY type external set protocols bgp group UNDERLAY mtu-discovery set protocols bgp group UNDERLAY export send-direct set protocols bgp group UNDERLAY local-as 65034 set protocols bgp group UNDERLAY multipath multiple-as set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000 set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3 set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic set protocols bgp group UNDERLAY neighbor 172.16.1.34 description leaf2 set protocols bgp group UNDERLAY neighbor 172.16.1.34 peer-as 65037 set protocols bgp group UNDERLAY neighbor 172.16.1.42 description leaf1 set protocols bgp group UNDERLAY neighbor 172.16.1.42 peer-as 65036 set protocols bgp group EVPN-IBGP type internal set protocols bgp group EVPN-IBGP local-address 10.179.1.1 set protocols bgp group EVPN-IBGP import import-overlay set protocols bgp group EVPN-IBGP family evpn signaling set protocols bgp group EVPN-IBGP cluster 0.0.0.1 set protocols bgp group EVPN-IBGP multipath set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350 set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3 set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic set protocols bgp group EVPN-IBGP neighbor 10.179.1.5 description lfsw01 set protocols bgp group EVPN-IBGP neighbor 10.179.1.6 description lfsw02 set protocols bgp group EVPN-IBGP neighbor 10.179.1.2 description spine2 set protocols bgp group EVPN-IBGP neighbor 10.179.0.1 description dc1_spine1 set protocols bgp group core type external set protocols bgp group core export export-dc-routes set protocols bgp group core peer-as 100 set protocols bgp group core local-as 65034 set protocols bgp group core neighbor 172.16.5.2 set protocols igmp-snooping vlan default set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.179.1.1:1 set switch-options vrf-target target:65512:1111 set vlans default vlan-id 1 set vlans private1-a-dal vlan-id 2005 set vlans private1-a-dal l3-interface irb.3502 set vlans private1-a-dal vxlan vni 102005 set vlans private1-a-sfo vlan-id 2007 set vlans private1-a-sfo l3-interface irb.2007 set vlans private1-a-sfo vxlan vni 102007 set vlans private1-b-sfo vlan-id 2008 set vlans private1-b-sfo l3-interface irb.2008 set vlans private1-b-sfo vxlan vni 102008
Spine2 configuration
leaf1 configuration
set system host-name qfxlsw29-dfw set interfaces xe-0/0/0 description link_spine1 set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.42/30 set interfaces xe-0/0/1 description link_spine2 set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.46/30 set interfaces xe-0/0/8 description srv205 set interfaces xe-0/0/8 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/8 unit 0 family ethernet-switching vlan members private1-a-dal set interfaces xe-0/0/9 description srv206 set interfaces xe-0/0/9 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/9 unit 0 family ethernet-switching vlan members private1-a-dal set interfaces xe-0/0/10 description srv20 set interfaces xe-0/0/10 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/10 unit 0 family ethernet-switching vlan members private1-b-sfo set interfaces xe-0/0/11 description srv10 set interfaces xe-0/0/11 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/11 unit 0 family ethernet-switching vlan members private1-a-sfo set interfaces em0 unit 0 family inet address 10.193.0.84/24 set interfaces lo0 unit 0 family inet address 10.179.1.5/32 set policy-options policy-statement PFE-ECMP then load-balance per-packet set policy-options policy-statement send-direct term send-lo0 from protocol direct set policy-options policy-statement send-direct term send-lo0 then accept set routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-options static route 0.0.0.0/0 no-readvertise set routing-options forwarding-table export PFE-ECMP set routing-options forwarding-table ecmp-fast-reroute set routing-options router-id 10.179.1.5 set routing-options autonomous-system 64601 set protocols evpn vni-options vni 102005 vrf-target target:1:2005 set protocols evpn vni-options vni 102007 vrf-target target:1:2007 set protocols evpn vni-options vni 102008 vrf-target target:1:2008 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication set protocols evpn extended-vni-list all set protocols bgp group UNDERLAY type external set protocols bgp group UNDERLAY export send-direct set protocols bgp group UNDERLAY local-as 65036 set protocols bgp group UNDERLAY multipath multiple-as set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 1000 set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3 set protocols bgp group UNDERLAY bfd-liveness-detection session-mode automatic set protocols bgp group UNDERLAY neighbor 172.16.1.41 description spine1 set protocols bgp group UNDERLAY neighbor 172.16.1.41 peer-as 65034 set protocols bgp group UNDERLAY neighbor 172.16.1.45 description spine2 set protocols bgp group UNDERLAY neighbor 172.16.1.45 peer-as 65035 set protocols bgp group EVPN-IBGP type internal set protocols bgp group EVPN-IBGP local-address 10.179.1.5 set protocols bgp group EVPN-IBGP family evpn signaling set protocols bgp group EVPN-IBGP multipath set protocols bgp group EVPN-IBGP bfd-liveness-detection minimum-interval 350 set protocols bgp group EVPN-IBGP bfd-liveness-detection multiplier 3 set protocols bgp group EVPN-IBGP bfd-liveness-detection session-mode automatic set protocols bgp group EVPN-IBGP neighbor 10.179.1.1 description spsw01 set protocols bgp group EVPN-IBGP neighbor 10.179.1.2 description spsw02 set protocols lldp disable set protocols lldp port-id-subtype interface-name set protocols lldp interface all set protocols lldp-med interface all set protocols igmp-snooping vlan default set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.179.1.5:1 set switch-options vrf-target target:65512:1111 set vlans default vlan-id 1 set vlans private1-a-dal vlan-id 2005 set vlans private1-a-dal vxlan vni 102005 set vlans private1-a-sfo vlan-id 2007 set vlans private1-a-sfo vxlan vni 102007 set vlans private1-b-sfo vlan-id 2008 set vlans private1-b-sfo vxlan vni 102008
leaf2 configuration
cr2 configuration
set system host-name cr2 set system management-instance set chassis fpc 0 pic 0 interface-type xe set chassis fpc 0 performance-mode set interfaces xe-0/0/0 description link_spine1 set interfaces xe-0/0/0 unit 0 family inet address 172.16.5.2/30 set interfaces xe-0/0/1 description link_spine2 set interfaces xe-0/0/1 unit 0 family inet address 172.16.5.6/30 set interfaces xe-0/0/9 description link_p-router-xe-0/0/8 set interfaces xe-0/0/9 unit 0 family inet address 172.16.6.0/31 set interfaces xe-0/0/9 unit 0 family mpls set interfaces fxp0 unit 0 family inet address 10.193.0.87/24 set interfaces lo0 unit 0 family inet address 10.179.1.7/32 primary set snmp community junos1 routing-instance mgmt_junos set snmp routing-instance-access set routing-options static route 10.179.1.100/32 discard set routing-options autonomous-system 100 set protocols mpls no-cspf set protocols mpls interface xe-0/0/9.0 set protocols bgp group core_spine type external set protocols bgp group core_spine peer-as 65034 set protocols bgp group core_spine as-override set protocols bgp group core_spine neighbor 172.16.5.1 description spine1 set protocols bgp group core type internal set protocols bgp group core local-address 10.179.1.7 set protocols bgp group core export into-ibgp set protocols bgp group core neighbor 10.179.0.7 description cr1-lo0 set protocols ospf export into-ospf set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/9.0 interface-type p2p set protocols ldp egress-policy into-ldp set protocols ldp interface xe-0/0/9.0 set protocols ldp interface lo0.0 set policy-options prefix-list dc-routes 10.179.1.0/24 set policy-options policy-statement into-ibgp term 1 from protocol bgp set policy-options policy-statement into-ibgp term 1 from prefix-list-filter dc-routes exact set policy-options policy-statement into-ibgp term 1 then next-hop 10.179.1.100 set policy-options policy-statement into-ibgp term 1 then accept set policy-options policy-statement into-ibgp then reject set policy-options policy-statement into-ldp term 1 from interface lo0.0 set policy-options policy-statement into-ldp term 1 then accept set policy-options policy-statement into-ldp term 2 from protocol static set policy-options policy-statement into-ldp term 2 from route-filter 10.179.1.100/32 exact set policy-options policy-statement into-ldp term 2 then accept set policy-options policy-statement into-ldp then reject set policy-options policy-statement into-ospf term 1 from route-filter 10.179.1.100/32 exact set policy-options policy-statement into-ospf term 1 then accept set policy-options policy-statement into-ospf then reject set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 10.193.0.1
Core network
p-router configuration
set system host-name p-router set system management-instance set chassis fpc 0 pic 0 interface-type xe set chassis fpc 0 performance-mode set interfaces xe-0/0/8 description link_cr2-dfw set interfaces xe-0/0/8 unit 0 family inet address 172.16.6.1/31 set interfaces xe-0/0/8 unit 0 family mpls set interfaces xe-0/0/9 description link_cr1-dfw set interfaces xe-0/0/9 unit 0 family inet address 172.16.4.1/31 set interfaces xe-0/0/9 unit 0 family mpls set interfaces fxp0 unit 0 family inet address 10.193.0.90/24 set interfaces lo0 unit 0 family inet address 4.4.4.4/32 set protocols mpls no-cspf set protocols mpls interface xe-0/0/9.0 set protocols mpls interface xe-0/0/8.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/9.0 interface-type p2p set protocols ospf area 0.0.0.0 interface xe-0/0/8.0 interface-type p2p set protocols ldp interface xe-0/0/8.0 set protocols ldp interface xe-0/0/9.0 set protocols ldp interface lo0.0 set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 10.193.0.1 set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 no-readvertise