You can configure an Ethernet VPN (EVPN) with virtual
switch support to enable multiple tenants with independent VLAN and
subnet space within an EVPN instance. Virtual switch provides the
ability to extend Ethernet VLANs over a WAN using a single EVPN instance
while maintaining data-plane separation between the various VLANs
associated with that instance. A single EVPN instance can stretch
up to 4094 bridge domains defined in a virtual switch to remote sites.
When configuring virtual switch for EVPN, be aware of
the following considerations:
Due to default ARP policing, some of the ARP packets not
destined for the device can be missed. This can lead to delayed ARP
learning and synchronization.
Clearing ARP for an EVPN can lead to inconsistency between
the ARP table and the EVPN ARP table. To avoid this situation, clear
both ARP and EVPN ARP tables.
The vlan-tag can be configured for local switching.
However, vlan-tagged VLANs should not be extended over the EVPN cloud.
Before you begin:
Configure the router interfaces.
Configure the router ID and autonomous system number for
the device.
Enable chained composite next hop for EVPN.
Configure OSPF or any other IGP protocol.
Configure a BGP internal group.
Include the EVPN signaling network layer reachability
information (NLRI) to the internal BGP group.
Configure RSVP or LDP.
Configure MPLS.
Create a label-switched path between the provider edge
(PE) devices.
To configure the PE device:
- Configure the virtual switch routing instance.
[edit routing-instances]
user@PE1# set evpn-instance instance-type virtual-switch
- Configure the interface names for the virtual switch routing
instance.
[edit routing-instances]
user@PE1# set evpn-instance interface interface-name
- Configure the route distinguisher for the virtual switch
routing instance.
[edit routing-instances]
user@PE1# set evpn-instance route-distinguisher route-distinguisher-value
- Configure the VPN routing and forwarding (VRF) target
community for the virtual switch routing instance.
[edit routing-instances]
user@PE1# set evpn-instance vrf-target vrf-target
- List the VLAN identifiers that are to be EVPN extended.
[edit routing-instances]
user@PE1# set evpn-instance protocols evpn extended-vlan-list [vlan-id-range]
- Configure the bridge domain for the first virtual switch
routing instance.
[edit routing-instances]
user@PE1# set evpn-instance bridge-domains first-bridge-domain-name domain-type bridge
- Assign the VLAN ID for the first bridge domain.
[edit routing-instances]
user@PE1# set evpn-instance bridge-domains first-bridge-domain-name vlan-id 10
- Configure the IRB interface as the routing interface for
the first bridge domain.
[edit routing-instances]
user@PE1# set evpn-instance bridge-domains first-bridge-domain-name routing-interface irb.0
- Configure the interface name for the first bridge domain.
[edit routing-instances]
user@PE1# set evpn-instance bridge-domains first-bridge-domain-name bridge-options interface CE-facing-interface
- Configure the bridge domain for the second virtual switch
routing instance.
[edit routing-instances]
user@PE1# set evpn-instance bridge-domains second-bridge-domain-name domain-type bridge
- Assign the VLAN ID for the second bridge domain.
[edit routing-instances]
user@PE1# set evpn-instance bridge-domains second-bridge-domain-name vlan-id VLAN-ID
- Configure the IRB interface as the routing interface for
the second bridge domain.
[edit routing-instances]
user@PE1# set evpn-instance bridge-domains second-bridge-domain-name routing-interface irb.1
- Configure the interface name for the second bridge domain.
[edit routing-instances]
user@PE1# set evpn-instance bridge-domains second-bridge-domain-name bridge-options interface CE-facing-interface
- Configure the VRF routing instance.
[edit routing-instances]
user@PE1# set vrf-instance instance-type vrf
- Configure the IRB interface as the routing interface for
the VRF routing instance.
[edit routing-instances]
user@PE1# set vrf-instance interface irb.0
user@PE1# set vrf-instance interface irb.1
- Configure the route distinguisher for the VRF routing
instance.
[edit routing-instances]
user@PE1# set vrf-instance route-distinguisher route-distinguisher-value
- Configure the VRF target community for the VRF routing
instance.
[edit routing-instances]
user@PE1# set vrf-instance vrf-target vrf-target
- Configure the VRF label for the VRF routing instance.
[edit routing-instances]
user@PE1# set vrf-instance vrf-table-label
- Verify and commit the configuration.
For example:
[edit routing-instances]
user@PE1# set evpna instance-type virtual-switch
user@PE1# set evpna interface ge-0/1/4.0
user@PE1# set evpna interface ge-0/1/4.1
user@PE1# set evpna route-distinguisher 10.255.169.37:1
user@PE1# set evpna vrf-target target:100:1
user@PE1# set evpna protocols evpn extended-vlan-list [ 10 20 ]
user@PE1# set evpna bridge-domains bda domain-type bridge
user@PE1# set evpna bridge-domains bda vlan-id 10
user@PE1# set evpna bridge-domains bda routing-interface irb.0
user@PE1# set evpna bridge-domains bda bridge-options interface ge-0/1/4.0
user@PE1# set evpna bridge-domains bdb domain-type bridge
user@PE1# set evpna bridge-domains bdb vlan-id 20
user@PE1# set evpna bridge-domains bdb routing-interface irb.1
user@PE1# set evpna bridge-domains bdb bridge-options interface ge-0/1/4.1
user@PE1# set vrf instance-type vrf
user@PE1# set vrf interface irb.0
user@PE1# set vrf interface irb.1
user@PE1# set vrf route-distinguisher 192.0.2.1:2
user@PE1# set vrf vrf-target target:100:2
user@PE1# set vrf vrf-table-label
[edit]
user@PE1# commit
commit complete
