VXLAN Layer 3 Gateways Using the Service Provider Style Interface Configuration
In platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) deployments, customer cloud and private cloud providers often use the same leaf device to forward their network traffic over a VXLAN core network. Customer cloud and private cloud providers can now use the service provider style interface configuration CLI to configure a leaf device to act as a Layer 3 gateway. They can also use the service provider style CLI to configure multiple interfaces that map to the same VLAN on the same leaf device.
The service provider style CLI is available on the following devices:
-
EX4650, QFX5110, QFX5120-32C, QFX5120-48T, QFX5120-48Y, QFX5120-48YM—Starting in Junos OS Release 22.2R1
You can use the service provider style CLI to perform these tasks:
-
Configure multiple logical interfaces on a single physical interface.
-
Configure your leaf device as a Layer 3 gateway in edge-routed bridging (ERB) and centrally-routed bridging (CRB) overlays.
-
Map an integrated routing and bridging (IRB) interface to a virtual network identifier (VNI).
-
Perform VXLAN routing.
-
Configure an ERB overlay.
-
Configure a CRB overlay.
-
Configure a VLAN ID.
-
Configure a VLAN ID as none.
-
Configure a VLAN-aware bundle service.
-
Configure a virtual gateway address.
-
Map an IRB interface to one VLAN or multiple IRB interfaces to multiple VLANs.
- Assign a VLAN ID to an IRB interface with same VLAN ID as the VLANS IDs or assign a different VLAN ID.
Benefits
-
You can use the service provider style interface style to configure a leaf device to act as a Layer 3 gateway.
-
You can also use the service provider style interface configuration to configure multiple interfaces on a single leaf device and map them to the same VLAN.
Layer 3 Gateway in an ERB Overlay Using the Service Provider Style Interface Configuration
Leaf 1
set chassis aggregated-devices ethernet device-count 20 set interfaces et-2/0/5 description "To PORT-1 --> 1/13" set interfaces et-2/0/5 flexible-vlan-tagging set interfaces et-2/0/5 encapsulation extended-vlan-bridge set interfaces et-2/0/5 unit 100 vlan-id 100 set interfaces et-2/0/5 unit 200 vlan-id 200 set interfaces et-2/0/8 description "To Spine-1 in ae31" set interfaces et-2/0/8 ether-options 802.3ad ae31 set interfaces et-2/0/11 description "To Spine-1 in ae31" set interfaces et-2/0/11 ether-options 802.3ad ae31 set interfaces ae31 description "To Spine-1" set interfaces ae31 aggregated-ether-options lacp active set interfaces ae31 aggregated-ether-options lacp periodic fast set interfaces ae31 aggregated-ether-options lacp system-id 11:11:11:11:11:11 set interfaces ae31 unit 0 family inet address 10.40.1.2/24 set interfaces et-2/0/9 description "To spine-2" set interfaces et-2/0/9 unit 0 family inet address 10.50.1.2/24 set interfaces et-2/0/12:0 description "To CE-1 in ae12" set interfaces et-2/0/12:0 ether-options 802.3ad ae12 set interfaces ae12 description "To CE-1" set interfaces ae12 flexible-vlan-tagging set interfaces ae12 encapsulation extended-vlan-bridge set interfaces ae12 esi 00:12:12:12:12:12:12:12:12:12 set interfaces ae12 esi all-active set interfaces ae12 aggregated-ether-options lacp active set interfaces ae12 aggregated-ether-options lacp periodic fast set interfaces ae12 aggregated-ether-options lacp system-id 12:12:12:12:12:12 set interfaces ae12 unit 100 vlan-id 100 set interfaces ae12 unit 200 vlan-id 200 set interfaces lo0 unit 0 family inet address 10.10.10.10/24 primary set interfaces irb unit 100 virtual-gateway-accept-data set interfaces irb unit 100 family inet address 10.100.1.1/24 preferred set interfaces irb unit 100 family inet address 10.100.1.1/24 virtual-gateway-address 10.100.1.254 set interfaces irb unit 100 family inet6 address abcd::0010:0100:0001:0001/96 preferred set interfaces irb unit 100 family inet6 address abcd::abcd::0010:0100:0001:0001/96 virtual-gateway-address abcd::0192:0100:0001:0254 set interfaces irb unit 100 virtual-gateway-v4-mac 00:10:01:00:01:fe set interfaces irb unit 100 virtual-gateway-v6-mac 00:10:01:00:02:fe set interfaces irb unit 200 virtual-gateway-accept-data set interfaces irb unit 200 family inet address 10.200.1.1/24 preferred set interfaces irb unit 200 family inet address 10.200.1.1/24 virtual-gateway-address 10.200.1.254 set interfaces irb unit 200 family inet6 address abcd::abcd::0010:0200:0001:0001/24 preferred set interfaces irb unit 200 family inet6 address abcd::abcd::0010:0200:0001:0001/24 virtual-gateway-address abcd::0010:0200:0001:0254 set interfaces irb unit 200 virtual-gateway-v4-mac 00:10:01:00:01:fe set interfaces irb unit 200 virtual-gateway-v6-mac 00:10:01:00:00:01:fe set routing-instances evpn_vlan_aware instance-type mac-vrf set routing-instances evpn_vlan_aware protocols evpn encapsulation vxlan set routing-instances evpn_vlan_aware protocols evpn default-gateway no-gateway-community set routing-instances evpn_vlan_aware vtep-source-interface lo0.0 set routing-instances evpn_vlan_aware service-type vlan-aware set routing-instances evpn_vlan_aware route-distinguisher 1010:100200 set routing-instances evpn_vlan_aware vrf-target target:666:100200 set routing-instances evpn_vlan_aware vlans V100 vlan-id 100 set routing-instances evpn_vlan_aware vlans V100 interface et-2/0/5.100 set routing-instances evpn_vlan_aware vlans V100 interface ae12.100 set routing-instances evpn_vlan_aware vlans V100 l3-interface irb.100 set routing-instances evpn_vlan_aware vlans V100 vxlan vni 1100 set routing-instances evpn_vlan_aware vlans V200 vlan-id 200 set routing-instances evpn_vlan_aware vlans V200 interface et-2/0/5.200 set routing-instances evpn_vlan_aware vlans V200 interface ae12.200 set routing-instances evpn_vlan_aware vlans V200 l3-interface irb.200 set routing-instances evpn_vlan_aware vlans V200 vxlan vni 1200 set routing-options router-id 10.10.10.10 set routing-options autonomous-system 666 set protocols bgp group vteps type internal set protocols bgp group vteps local-address 10.10.10.10 set protocols bgp group vteps family evpn signaling set protocols bgp group vteps neighbor 10.30.30.30 set protocols bgp group vteps neighbor 10.20.20.20 set protocols ospf area 0.0.0.0 interface et-2/0/9.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ae31.0
Spine 1
set chassis aggregated-devices ethernet device-count 20 set interfaces et-0/0/10 description "To Leaf-1 in ae31" set interfaces et-0/0/10 ether-options 802.3ad ae31 set interfaces et-0/0/13 description "To Leaf-1 in ae31" set interfaces et-0/0/13 ether-options 802.3ad ae31 set interfaces ae31 description "To Leaf-1" set interfaces ae31 aggregated-ether-options lacp active set interfaces ae31 aggregated-ether-options lacp periodic fast set interfaces ae31 aggregated-ether-options lacp system-id 30:30:30:30:30:30 set interfaces ae31 unit 0 family inet address 10.40.1.1/24 set interfaces et-0/0/1 description "To Leaf-2" set interfaces et-0/0/1 unit 0 family inet address 10.30.1.1/24 set interfaces et-0/0/16 description "To Leaf-3" set interfaces et-0/0/16 unit 0 family inet address 10.40.1.1/24 set interfaces lo0 unit 0 family inet address 10.50.40.1/24 primary set protocols ospf area 0.0.0.0 interface et-0/0/1.0 set protocols ospf area 0.0.0.0 interface et-0/0/16.0 set protocols ospf area 0.0.0.0 interface ae31.0
Layer 3 Gateway in a CRB Overlay Configuration Using the Service Provider Style Interface Configuration
In this sample configuration, you use the service provider style interface configuration to create a Layer 3 gateway , CRB overlay, virtual gateway address, MAC-VRF instance, and VLANs with VLAN IDs. For brevity, we're only providing configurations for one leaf device and one spine.
Leaf 1
set chassis aggregated-devices ethernet device-count 20 set interfaces et-2/0/5 description "To PORT-1 --> 1/13" set interfaces et-2/0/5 flexible-vlan-tagging set interfaces et-2/0/5 encapsulation extended-vlan-bridge set interfaces et-2/0/5 unit 100 vlan-id 100 set interfaces et-2/0/5 unit 200 vlan-id 200 set interfaces et-2/0/8 description "To Spine-1 in ae31" set interfaces et-2/0/8 ether-options 802.3ad ae31 set interfaces et-2/0/11 description "To Spine-1 in ae31" set interfaces et-2/0/11 ether-options 802.3ad ae31 set interfaces ae31 description "To Spine-1" set interfaces ae31 aggregated-ether-options lacp active set interfaces ae31 aggregated-ether-options lacp periodic fast set interfaces ae31 aggregated-ether-options lacp system-id 11:11:11:11:11:11 set interfaces ae31 unit 0 family inet address 10.4.1.2/24 set interfaces et-2/0/9 description "To spine-2" set interfaces et-2/0/9 unit 0 family inet address 10.5.1.2/24 set interfaces et-2/0/12:0 description "To CE-1 in ae12" set interfaces et-2/0/12:0 ether-options 802.3ad ae12 set interfaces ae12 description "To CE-1" set interfaces ae12 flexible-vlan-tagging set interfaces ae12 encapsulation extended-vlan-bridge set interfaces ae12 esi 00:12:12:12:12:12:12:12:12:12 set interfaces ae12 esi all-active set interfaces ae12 aggregated-ether-options lacp active set interfaces ae12 aggregated-ether-options lacp periodic fast set interfaces ae12 aggregated-ether-options lacp system-id 12:12:12:12:12:12 set interfaces ae12 unit 100 vlan-id 100 set interfaces ae12 unit 200 vlan-id 200 set interfaces lo0 unit 0 family inet address 10.10.10.10/24 primary set routing-instances evpn_vlan_aware instance-type mac-vrf set routing-instances evpn_vlan_aware protocols evpn encapsulation vxlan set routing-instances evpn_vlan_aware vtep-source-interface lo0.0 set routing-instances evpn_vlan_aware service-type vlan-aware set routing-instances evpn_vlan_aware route-distinguisher 1010:100200 set routing-instances evpn_vlan_aware vrf-target target:666:100200 set routing-instances evpn_vlan_aware vlans V100 interface et-2/0/5.100 set routing-instances evpn_vlan_aware vlans V100 interface ae12.100 set routing-instances evpn_vlan_aware vlans V100 vxlan vni 1100 set routing-instances evpn_vlan_aware vlans V200 interface et-2/0/5.200 set routing-instances evpn_vlan_aware vlans V200 interface ae12.200 set routing-instances evpn_vlan_aware vlans V200 vxlan vni 1200 set routing-options router-id 10.10.10.10 set routing-options autonomous-system 666 set protocols bgp group vteps type internal set protocols bgp group vteps local-address 10.10.10.10 set protocols bgp group vteps family evpn signaling set protocols bgp group vteps neighbor 10.1.1.30 set protocols bgp group vteps neighbor 10.5.5.50 set protocols bgp group vteps neighbor 10.4.4.40 set protocols bgp group vteps neighbor 10.2.2.20 set protocols ospf area 0.0.0.0 interface et-2/0/9.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ae31.0
Spine 1
set chassis aggregated-devices ethernet device-count 20 set interfaces et-0/0/0 description "To CE-3 in ae34" set interfaces et-0/0/0 ether-options 802.3ad ae34 set interfaces ae34 description "To CE-1" set interfaces ae34 flexible-vlan-tagging set interfaces ae34 encapsulation extended-vlan-bridge set interfaces ae34 esi 00:34:34:34:34:34:34:34:34:34 set interfaces ae34 esi all-active set interfaces ae34 aggregated-ether-options lacp active set interfaces ae34 aggregated-ether-options lacp periodic fast set interfaces ae34 aggregated-ether-options lacp system-id 34:34:34:34:34:34 set interfaces ae34 unit 100 vlan-id 100 set interfaces ae34 unit 200 vlan-id 200 set interfaces et-0/0/10 description "To Leaf-1 in ae31" set interfaces et-0/0/10 ether-options 802.3ad ae31 set interfaces ae31 description "To Leaf-1" set interfaces ae31 aggregated-ether-options lacp active set interfaces ae31 aggregated-ether-options lacp periodic fast set interfaces ae31 aggregated-ether-options lacp system-id 30:30:30:30:30:30 set interfaces ae31 unit 0 family inet address 10.40.1.1/24 set interfaces et-0/0/11 description "To PORT-5 --> 1/1" set interfaces et-0/0/11 flexible-vlan-tagging set interfaces et-0/0/11 speed 40g set interfaces et-0/0/11 encapsulation extended-vlan-bridge set interfaces et-0/0/11 unit 100 vlan-id 100 set interfaces et-0/0/11 unit 200 vlan-id 200 set interfaces et-0/0/12 description "To PORT- --> 1/5" set interfaces et-0/0/12 flexible-vlan-tagging set interfaces et-0/0/12 encapsulation extended-vlan-bridge set interfaces et-0/0/12 unit 100 vlan-id 100 set interfaces et-0/0/12 unit 200 vlan-id 200 set interfaces et-0/0/13 description "To Leaf-1 in ae31" set interfaces et-0/0/13 ether-options 802.3ad ae31 set interfaces et-0/0/1 description "To Leaf-2" set interfaces et-0/0/1 unit 0 family inet address 10.40.1.1/24 set interfaces et-0/0/16 description "To Leaf-3" set interfaces et-0/0/16 unit 0 family inet address 10.30.1.1/24 set interfaces irb unit 100 virtual-gateway-accept-data set interfaces irb unit 100 family inet address 10.100.1.1/16 preferred set interfaces irb unit 100 family inet address 10.100.1.1/16 virtual-gateway-address 10.100.1.254 set interfaces irb unit 100 family inet6 address abcd::0010:0100:0001:0001/16 preferred set interfaces irb unit 100 family inet6 address abcd::0010:0100:0001:0001/96 virtual-gateway-address abcd::0010:0100:0001:0254 set interfaces irb unit 100 virtual-gateway-v4-mac 00:10:01:00:01:fe set interfaces irb unit 100 virtual-gateway-v6-mac 00:10:01:00:02:fe set interfaces irb unit 200 virtual-gateway-accept-data set interfaces irb unit 200 family inet address 10.200.1.1/16 preferred set interfaces irb unit 200 family inet address 10.200.1.1/16 virtual-gateway-address 10.200.1.254 set interfaces irb unit 200 family inet6 address abcd::0010:0200:0001:0001/96 preferred set interfaces irb unit 200 family inet6 address abcd::0010:0200:0001:0001/96 virtual-gateway-address abcd::0010:0200:0001:0254 set interfaces irb unit 200 virtual-gateway-v4-mac 00:20:02:00:01:fe set interfaces irb unit 200 virtual-gateway-v6-mac 00:20:02:00:02:fe set interfaces lo0 unit 0 family inet address 10.300.40.40/32 primary set routing-instances evpn_vlan_aware instance-type mac-vrf set routing-instances evpn_vlan_aware protocols evpn encapsulation vxlan set routing-instances evpn_vlan_aware vtep-source-interface lo0.0 set routing-instances evpn_vlan_aware service-type vlan-aware set routing-instances evpn_vlan_aware route-distinguisher 4040:100200 set routing-instances evpn_vlan_aware vrf-target target:666:100200 set routing-instances evpn_vlan_aware vlans V100 vlan-id 100 set routing-instances evpn_vlan_aware vlans V100 interface et-0/0/11.100 set routing-instances evpn_vlan_aware vlans V100 interface et-0/0/12.100 set routing-instances evpn_vlan_aware vlans V100 interface ae34.100 set routing-instances evpn_vlan_aware vlans V100 l3-interface irb.100 set routing-instances evpn_vlan_aware vlans V100 vxlan vni 1100 set routing-instances evpn_vlan_aware vlans V200 vlan-id 200 set routing-instances evpn_vlan_aware vlans V200 interface et-0/0/11.200 set routing-instances evpn_vlan_aware vlans V200 interface et-0/0/12.200 set routing-instances evpn_vlan_aware vlans V200 interface ae34.200 set routing-instances evpn_vlan_aware vlans V200 l3-interface irb.200 set routing-instances evpn_vlan_aware vlans V200 vxlan vni 1200 set routing-options router-id 40.40.40.40 set routing-options autonomous-system 666 set protocols bgp group vteps type internal set protocols bgp group vteps local-address 10.10.10.10 set protocols bgp group vteps family evpn signaling set protocols bgp group vteps neighbor 10.20.30.30 set protocols bgp group vteps neighbor 10.30.50.50 set protocols bgp group vteps neighbor 10.40.10.10 set protocols bgp group vteps neighbor 10.50.20.20 set protocols ospf area 0.0.0.0 interface et-0/0/1.0 set protocols ospf area 0.0.0.0 interface et-0/0/16.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ae31.0