MAC-VRF Routing Instance Type Overview
Use the MAC-VRF routing instance type to configure multiple customer-specific EVPN instances (EVIs), each of which can support a different EVPN service type. You configure a MAC-VRF instance with the mac-vrf statement at the [edit routing-instances mac-vrf-instance-name instance-type] hierarchy. With this configuration, you can create customer-specific virtual routing and forwarding (VRF) tables.
Benefits of the MAC-VRF Routing Instance Type
- Customer-specific VRF tables
- Consistent configuration across supported router and switch platforms within an EVPN-VXLAN network or an EVPN-MPLS network.
- Configuration alignment with RFC 7432
MAC-VRF Instances Enable Customer-Specific VRF Tables
When you configure a MAC-VRF routing instance, you can isolate or group routing and forwarding traffic by customer. In fact, you can manage MAC-VRF instances around multiple schemes within an organization, including by department, division, or geographic location. The traffic belonging to any one MAC-VRF instance cannot interact with traffic from any other MAC-VRF instances.
MAC-VRF Instance Service Types
MAC-VRF instances follow the EVPN instance design in RFC
7432, which includes the three service types in Table 1. When you create a MAC-VRF instance, you must configure one of the supported
service types using the service-type statement at the
[edit routing-instances
mac-vrf-instance-name] hierarchy level.
When you want to change a traffic impacting option under a routing instance, use the following procedure.
Deactivate the routing instance configuration.
Change the traffic impacting option.
Reactivate the updated routing instance configuration.
For example, follow this procedure if you need to change settings such as:
-
The
service-typein a MAC-VRF routing instance-- When you change the service type of a running instance, the device might incorrectly change the VLAN ID if it is not deactivated prior to making the change. -
The
vlan-idin an EVPN routing instance-- Changing thevlan-idon the fly, without first deactivating the associated EVPN routing instance would be catastrophic.
| Service Type Option | Description |
|---|---|
|
|
You can configure the MAC-VRF EVPN instance to correspond to one or more VLANs. The MAC-VRF instance maintains one bridging table per VLAN. Note:
By default in EVPN-VXLAN MAC-VRF instances with this service type, the device extends all VXLAN network identifiers (VNIs) in the instance. You don't need to explicitly configure the extended-vni-all statement. You can configure the extended-vni-list statement if you want to extend only a subset of the VNIs in the instance. |
|
|
You can configure the MAC-VRF EVPN instance to correspond to a single VLAN and corresponding bridging table. Note:
If the VLAN maps to different VLAN IDs per Ethernet segment, then you must configure each device in the EVPN fabric to perform VLAN ID translation on packets destined for the Ethernet segment. |
|
|
You can configure the MAC-VRF EVPN instance to correspond to multiple VLANs that share the same bridging table. MAC addresses must be unique across all VLANs in the instance. This service type also doesn't support VLAN translation (you can configure each VLAN with one unique VLAN ID). Note:
If all VLANs for a port are part of the same VLAN bundle service, the service is called a port-based service. |
Flexible Configuration Options at Layer 2 and Layer 3
With MAC-VRF instances, you have more flexible configuration options for customers at both Layer 2 (L2) and Layer 3 (L3):
-
At L2: You can configure different service types in different MAC-VRF instances on the same device.
-
At L3: You can configure a VRF instance that corresponds to the VLAN or VLANs in a single MAC-VRF instance. You can also configure a VRF instance that spans the VLANs in multiple MAC-VRF instances.
For example, the following figure shows an edge-routed bridging (ERB) EVPN-VXLAN fabric. The leaf devices establish VXLAN tunnels that maintain L2 and L3 separation between a customer on VLAN 1 and VLAN 2, and a customer on VLAN 3. MAC-VRF 12 and MAC-VRF 3 separate the customers at L2. VRF 12 and VRF 3 separate the customers at L3. The figure also shows that you can configure multiple MAC-VRF instances on the same device with different service types.
MAC-VRF Instances Enable Common EVPN Configuration across Platforms
On devices that support EVPN configurations, the configuration methods vary from platform to platform. For example:
On MX Series routers, before MAC-VRF instance support, you could configure EVPN instances using instances of type
virtual-switchwith statements in the following hierarchies:bridge-domainsrouting-instances
On QFX Series switches, before MAC-VRF instance support, you could configure EVPN instances using the default switch instance with statements in the following hierarchies:
ethernet-switchingrouting-instances
On ACX Series, QFX Series, and PTX series platforms running Junos OS Evolved that support EVPN, on which EVPN feature support was introduced with MAC-VRF EVPN instances, you configure EVPN features using only MAC-VRF instances.
This disparity can be confusing and lead to errors configuring EVPN across different platforms.
We introduced the mac-vrf routing instance type in Junos OS Release 20.4R1 on some Junos OS platforms. Other platforms, including Junos OS Evolved platforms, have gained MAC-VRF instance support in subsequent releases. You can use mac-vrf instances to create a common EVPN configuration on all supported platforms. This common configuration hierarchy also adheres to RFC 7432.
Platforms that support MAC-VRF instances as well as other instance types to configure EVPN instances can have different instance configurations coexist in an active network. EVPN fabrics can comprise a combination of devices that support MAC-VRF instances and devices that use other instance types for EVPN.
Some mac-vrf show commands apply only to specific platforms. For example, the MAC-VRF command show mac-vrf mac-table age (and the corresponding show bridge mac-table age command) applies only to MX Series routers. If you issue the show mac-vrf mac-table age command on a QFX Series switch, the output is blank without any error indication.
See Table 2 and Table 3 for references to the commands that provide information about EVPN instances. The common MAC-VRF forms of these commands are aliases for the platform-specific commands. Use the listed commands as follows:
You can use the MAC-VRF versions of these commands in the first column to display EVPN instance information on any platforms with MAC-VRF EVPN configurations.
Use the MAC-VRF commands in the first column on ACX Series, QFX Series, and PTX series platforms running Junos OS Evolved, which support EVPN only with MAC-VRF instance configurations.
Use the commands in the second column on MX Series routers and the EX9200 line of switches running Junos OS, for example, when you configure EVPN instances using instance type
virtual-switch.Use the commands in the third column on QFX Series and EX Series switches running Junos OS, for example, when you configure EVPN instances using the default switch instance.
| MAC-VRF Command | MX Series Routers and the EX9200 Line of Switches | QFX Series and EX Series Switches |
|---|---|---|
show mac-vrf forwarding flood |
show bridge flood |
show ethernet-switching flood |
show mac-vrf forwarding flood-group |
show l2-learning flood-group |
show ethernet-switching flood-group |
show mac-vrf forwarding global-information |
show l2-learning global-information |
show ethernet-switching global-information |
show mac-vrf forwarding global-mac-count |
show l2-learning global-mac-count |
show ethernet-switching global-mac-count |
show mac-vrf forwarding global-mac-ip-count |
show l2-learning global-mac-ip-count |
show ethernet-switching global-mac-ip-count |
show mac-vrf forwarding instance |
show l2-learning instance |
show ethernet-switching instance |
show mac-vrf forwarding instance-mapping |
– | – |
show mac-vrf forwarding interface |
show l2-learning interface |
show ethernet-switching interface |
show mac-vrf forwarding mac-ip-table |
show bridge mac-ip-table |
show ethernet-switching mac-ip-table |
show mac-vrf forwarding mac-table |
show bridge mac-table |
show ethernet-switching table |
show mac-vrf forwarding mgrp-policy |
show l2-learning mgrp-policy |
show ethernet-switching mgrp-policy |
show mac-vrf forwarding statistics |
|
show ethernet-switching |
show mac-vrf forwarding vlans |
show bridge domains |
show ethernet-switching vlans |
show mac-vrf forwarding vxlan-tunnel-endpoint esi |
show l2-learning vxlan-tunnel-end-point esi |
show ethernet-switching vxlan-tunnel-end-point esi |
show mac-vrf forwarding vxlan-tunnel-endpoint remote |
show l2-learning vxlan-tunnel-end-point remote |
show ethernet-switching vxlan-tunnel-end-point remote |
show mac-vrf forwarding vxlan-tunnel-endpoint svlbnh |
show l2-learning vxlan-tunnel-end-point svlbnh |
show ethernet-switching vxlan-tunnel-end-point svlbnh |
| MAC-VRF Command | Equivalent show evpn Commands |
|---|---|
show mac-vrf routing database |
show evpn database |
show mac-vrf routing igmp-snooping database |
show evpn igmp-snooping database |
show mac-vrf routing instance |
show evpn instance |
show mac-vrf routing mld-snooping database |
show evpn mld-snooping database |
show mac-vrf routing multicast-snooping status |
show evpn multicast-snooping status |
show mac-vrf routing p2mp |
show evpn p2mp |
We have integrated the syntax of the commands from the show mac-vrf routing hierarchy into the existing show evpn command documentation. The links in Table 3 lead to the existing show evpn commands.
MAC-VRF Conforms to RFC 7432
The common configuration hierarchy across routing and switching platforms brings our implementation of MAC-VRF into compliance with https://datatracker.ietf.org/doc/html/rfc7432. RFC compliance enables our MAC-VRF implementation to work well in data center, service provider, and public cloud environments.
Usage and Behavior Notes
Read the following notes to know more about using MAC-VRF routing instances and the observed behaviors of those MAC-VRF routing instances.
- Shared VTEP Tunnels in EVPN-VXLAN Fabrics with Multiple MAC-VRF Routing Instances
- VLANs, Forwarding Instances, and Overlapping VLANs with MAC-VRF Routing Instances
- Extended VNI List Behavior
VLANs, Forwarding Instances, and Overlapping VLANs with MAC-VRF Routing Instances
Each supported platform has its own support framework for VLANs and forwarding instances, and how VLANs can overlap.
EX4400, QFX5100, QFX5110, QFX5120, QFX5200, QFX5130-32CD, and QFX5700 switches, and PTX10001-36MR, PTX10004, PTX10008, PTX10016 routers
These devices support only one forwarding instance (
default-switch). You can't configure overlapping VLANs within a single MAC-VRF routing instance or across different MAC-VRF routing instances.However, on some of these platforms, you can alternatively use VLAN translation to support overlapping VLANs. See vlan-rewrite and Overlapping VLAN Support Using VLAN Translation in EVPN-VXLAN Networks.
ACX7100-32C and ACX7100-48L routers, and the QFX10000 line of switches
The QFX10000 line of switches supports multiple forwarding instances using the forwarding-instance identifier option at the
[edit routing-instances mac-vrf-instance-name]hierarchy. This statement maps a MAC-VRF instance to a forwarding instance corresponding to the configured identifier. Starting in Junos OS Evolved Release 22.3R1, ACX7100-32C and ACX7100-48L routers also support multiple routing instances using theforwarding-instance identifieroption.On these platforms, you can configure overlapping VLANs across multiple MAC-VRF routing instances if you've mapped each routing instance to a unique forwarding instance. You can also configure multiple MAC-VRF routing instances to use one forwarding instance. You can't configure overlapping VLANs within a single MAC-VRF routing instance or across routing instances each of which maps to the same forwarding instance. If you don't configure the forwarding instance, the MAC-VRF routing instance uses the default forwarding instance (
default-switch).ACX7100-32C and ACX7100-48L routers alternatively support overlapping VLANs using explicit or implicit VLAN normalization. You can also use VLAN normalization to support overlapping VLANs on these routers in releases before Junos OS Evolved Release 22.3R1. See Overlapping VLAN Support Using Multiple Forwarding Instances or VLAN Normalization.
MX Series routers and the EX9200 line of switches
You can configure overlapping VLANs across multiple MAC-VRF routing instances. You cannot configure overlapping VLANs within a single MAC-VRF routing instance.
On these platforms, each MAC-VRF routing instance that you configure automatically maps to its own forwarding instance. We don't support the
forwarding-instanceoption.
In the default configuration, devices include a default VLAN with a VLAN ID value of 1 associated with the default forwarding instance. Because VLAN IDs must be unique in a forwarding instance, if you want to configure a VLAN with VLAN ID 1 in a MAC-VRF instance that uses the default forwarding instance, you must reassign the VLAN ID of the default VLAN to a value other than 1. For example:
set vlans default vlan-id 4094 set routing-instances mac-vrf-instance-name vlans vlan-name vlan-id 1
Extended VNI List Behavior
You can configure extended virtual network identifier (VNI) lists within any MAC-VRF routing instance at the edit routing-instances mac-vrf routing instance name protocols evpn hierarchy level. The extended-vni-list keyword is an optional configuration element. By default, the device extends all VNI (whether in a VNI list or not) within the MAC-VRF routing instance. If you configure a specific VNI list, then you can extend only those VNIs that are in the list.