Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.
Register to attend
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.
Reserve my spot

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS OVSDB and VXLAN User Guide for MX Series Routers and EX9200 Switches VXLAN (Without a Controller) Using VXLAN Without a Controller

OVSDB and VXLAN User Guide for MX Series Routers and EX9200 Switches

keyboard_arrow_up
close
keyboard_arrow_left
OVSDB and VXLAN User Guide for MX Series Routers and EX9200 Switches
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Example: Manually Configuring VXLANs on MX Series Routers

date_range 30-Apr-24
arrow_backward
arrow_forward

Virtual Extensible Local Area Network (VXLAN) is a Layer 3 encapsulation protocol that enables MX Series routers to push Layer 2 or Layer 3 packets through a VXLAN tunnel to a virtualized data center or the Internet. Communication is established between two virtual tunnel endpoints (VTEPs). VTEPs encapsulate the virtual machine traffic into a VXLAN header and strip off the encapsulation.

This example shows how to configure VXLAN on MX Series routers using switch options in a default bridge domain.

Requirements

This example uses the following hardware and software components:

  • An MX Series router

  • A VXLAN capable peer router

  • Junos OS Release 14.1

Overview

In this example, VXLAN is configured to run on a default bridge domain. VTEP interfaces sources are configured to the loopback address, and VLAN groups are configured under bridge domains with VXLAN enabled. Interfaces are configured for VLAN tagging and encapsulation, and IRB is enabled. OSPF and PIM protocols are configured to facilitate unicast and multicast routing. The chassis is configured for GRES and enhanced IP services.

Note:

We support static VXLAN and OVSDB-VXLAN with an IPv4 underlay. You configure the VTEP source interface as the loopback interface with an IPv4 address. We support an IPv6 underlay (the VTEP source interface as the loopback interface with an IPv6 address) only with EVPN-VXLAN configurations.

Topology

Figure 1: VXLAN TopologyVXLAN Topology

Configuring VXLAN on MX Series Routers

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

content_copy zoom_out_map
set switch-options vtep-source-interface lo0.0
set bridge-domains vlan-5 vxlan vni 100
set bridge-domains vlan-5 vxlan multicast-group 233.252.0.1
set bridge-domains vlan-5 vlan-id 100
set bridge-domains vlan-5 routing-interface irb.0
set bridge-domains vlan-5 interface xe-1/0/0.0
set bridge-domains vlan-6 vxlan vni 200
set bridge-domains vlan-6 vxlan multicast-group 233.252.0.1
set bridge-domains vlan-6 vlan-id 200
set bridge-domains vlan-6 routing-interface irb.1
set bridge-domains vlan-6 interface xe-2/0/0.0
set interfaces xe-1/0/0 vlan-tagging
set interfaces xe-1/0/0 encapsulation flexible-ethernet-services
set interfaces xe-1/0/0 unit 0 encapsulation vlan-bridge
set interfaces xe-1/0/0 unit 0 vlan-id 100
set interfaces xe-2/0/0 vlan-tagging
set interfaces xe-2/0/0 encapsulation flexible-ethernet-services
set interfaces xe-2/0/0 unit 0 encapsulation vlan-bridge
set interfaces xe-2/0/0 unit 0 vlan-id 200
set interface irb unit 0 family inet address 10.5.5.1/24
set interface irb unit 1 family inet address 10.6.6.1/24
set interfaces lo0 unit 0 family inet address 10.3.3.3/32
set protocols ospf area 0.0.0.0 interface ge-8/3/8.0
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ospf area 0.0.0.0 interface xe-0/1/3.0
set protocols ospf area 0.0.0.0 interface ge-8/3/2.0
set protocols pim rp static address 10.2.1.3
set protocols pim interface lo0.0 mode bidirectional-sparse
set protocols pim interface ge-8/3/8.0 mode bidirectional-sparse
set protocols pim interface xe-0/1/3.0 mode bidirectional-sparse
set protocols pim interface ge-8/3/2.0 mode bidirectional-sparse
set chassis redundancy graceful-switchover
set chassis aggregated-devices ethernet device-count 10
set chassis fpc 1 pic 0 tunnel-services bandwidth 10g
set chassis network-services enhanced-ip

Configuring VXLAN

Step-by-Step Procedure

The following example show how to set up a basic VXLAN configuration with default bridge domains and switch options. To configure VXLAN on an MX Series router, follow these steps:

  1. Configure VTEP interface sources under switch-options for the default-switch.

    content_copy zoom_out_map
    [edit]
user@router# set switch-options vtep-source-interface lo0.0

  2. Set up a VLAN group named vlan-5 and set its VXLAN Network Identifier (VNI) to 100.

    content_copy zoom_out_map
    [edit]
user@router# set bridge-domains vlan-5 vxlan vni 100

  3. Configure the vlan-5 multicast group address for VXLAN.

    content_copy zoom_out_map
    [edit]
user@router# set bridge-domains vlan-5 vxlan multicast-group 233.252.0.1

  4. Set the VLAN ID to 100 for vlan-5.

    content_copy zoom_out_map
    [edit]
user@router# set bridge-domains vlan-5 vlan-id 100

  5. Configure integrated bridging and routing (IRB) for vlan-5.

    content_copy zoom_out_map
    [edit]
user@router# set bridge-domains vlan-5 routing-interface irb.0

  6. Assign the xe-1/0/0.0 interface to vlan-5.

    content_copy zoom_out_map
    [edit]
user@router# set bridge-domains vlan-5 interface xe-1/0/0.0

  7. Set up a VLAN group named vlan-6 and set its VXLAN Network Identifier (VNI) to 200.

    content_copy zoom_out_map
    [edit]
user@router# set bridge-domains vlan-6 vxlan vni 200

  8. Configure the vlan-6 multicast group address for VXLAN.

    content_copy zoom_out_map
    [edit]
user@router# set bridge-domains vlan-6 vxlan multicast-group 233.252.0.1

  9. Set the VLAN ID to 200 for vlan-6.

    content_copy zoom_out_map
    [edit]
user@router# set bridge-domains vlan-6 vlan-id 200

  10. Configure IRB for vlan-6.

    content_copy zoom_out_map
    [edit]
user@router# set bridge-domains vlan-6 routing-interface irb.1

  11. Assign the xe-2/0/0.0 interface to vlan-6.

    content_copy zoom_out_map
    [edit]
user@router# set bridge-domains vlan-6 interface xe-2/0/0.0

  12. Set up VLAN tagging for xe-1/0/0.

    content_copy zoom_out_map
    [edit]
user@router# set interfaces xe-1/0/0 vlan-tagging

  13. Configure flexible Ethernet service encapsulation on xe-1/0/0.

    content_copy zoom_out_map
    [edit]
user@router# set interfaces xe-1/0/0 encapsulation flexible-ethernet-services

  14. Set up VLAN bridging encapsulation for xe-1/0/0 unit 0˙.

    content_copy zoom_out_map
    [edit]
user@router# set interfaces xe-1/0/0 unit 0 encapsulation vlan-bridge

  15. Set the xe-1/0/0 unit 0 VLAN ID to 100.

    content_copy zoom_out_map
    [edit]
user@router# set interfaces xe-1/0/0 unit 0 vlan-id 100

  16. Configure VLAN tagging for xe-2/0/0

    content_copy zoom_out_map
    [edit]
user@router# set interfaces xe-2/0/0 vlan-tagging

  17. Set up flexible Ethernet service encapsulation on xe-2/0/0.

    content_copy zoom_out_map
    [edit]
user@router# set interfaces xe-2/0/0 encapsulation flexible-ethernet-services

  18. Configure VLAN bridging encapsulation for xe-2/0/0 unit 0˙.

    content_copy zoom_out_map
    [edit]
user@router# set interfaces xe-2/0/0 unit 0 encapsulation vlan-bridge

  19. Set the xe-2/0/0 unit 0 VLAN ID to 200.

    content_copy zoom_out_map
    [edit]
user@router# set interfaces xe-2/0/0 unit 0 vlan-id 200

  20. Configure the IRB unit 0 family inet address.

    content_copy zoom_out_map
    [edit]
user@router# set interface irb unit 0 family inet address 10.5.5.1/24

  21. Configure the IRB unit 1 family inet address.

    content_copy zoom_out_map
    [edit]
user@router# set interface irb unit 1 family inet address 10.6.6.1/24

  22. Set the family inet address for the loopback unit 0.

    content_copy zoom_out_map
    [edit]
user@router# set interfaces lo0 unit 0 family inet address 10.3.3.3/32

  23. Set up OSPF for the ge-8/3/8.0 interface.

    content_copy zoom_out_map
    [edit]
user@router# set protocols ospf area 0.0.0.0 interface ge-8/3/8.0

  24. Configure OSPF for the loopback interface.

    content_copy zoom_out_map
    [edit]
user@router# set protocols ospf area 0.0.0.0 interface lo0.0

  25. Set up OSPF for the xe-0/1/3.0 interface.

    content_copy zoom_out_map
    [edit]
user@router# set protocols ospf area 0.0.0.0 interface xe-0/1/3.0

  26. Configure OSPF for the ge-8/3/2.0 interface.

    content_copy zoom_out_map
    [edit]
user@router# set protocols ospf area 0.0.0.0 interface ge-8/3/2.0

  27. Set up the static address for the protocol independent multicast (PIM) rendezvous point (RP).

    content_copy zoom_out_map
    [edit]
user@router# set protocols pim rp static address 10.2.1.3

  28. Configure the loopback interface to bidirectional sparse mode for the PIM protocol.

    content_copy zoom_out_map
    [edit]
user@router# set protocols pim interface lo0.0 mode bidirectional-sparse

  29. Set the ge-8/3/8.0 interface to bidirectional sparse mode for the PIM protocol.

    content_copy zoom_out_map
    [edit]
user@router# set protocols pim interface ge-8/3/8.0 mode bidirectional-sparse

  30. Configure the xe-0/1/3.0 interface to bidirectional sparse mode for the PIM protocol.

    content_copy zoom_out_map
    [edit]
user@router# set protocols pim interface xe-0/1/3.0 mode bidirectional-sparse

  31. Set the ge-8/3/2.0 interface to bidirectional sparse mode for the PIM protocol.

    content_copy zoom_out_map
    [edit]
user@router# set protocols pim interface ge-8/3/2.0 mode bidirectional-sparse

  32. Configure redundant graceful switchover on the chassis.

    content_copy zoom_out_map
    [edit]
user@router# set chassis redundancy graceful-switchover

  33. Set the aggregated ethernet device count to 10.

    content_copy zoom_out_map
    [edit]
user@router# set chassis aggregated-devices ethernet device-count 10

  34. Configure the tunnel services bandwidth for FPC 1/PIC 0.

    content_copy zoom_out_map
    [edit]
user@router# set chassis fpc 1 pic 0 tunnel-services bandwidth 10g

  35. Enable enhanced IP for network services on the chassis.

    content_copy zoom_out_map
    [edit]
user@router# set chassis network-services enhanced-ip

Results

From configuration mode, confirm your configuration by entering the following commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

content_copy zoom_out_map
user@router# show switch-options
content_copy zoom_out_map
switch-options {
    vtep-source-interface lo0.0;
}
content_copy zoom_out_map
user@router# show bridge-domains
content_copy zoom_out_map
bridge-domains {
    vlan-5 {
        vxlan {
            vni              100;
            multicast-group      233.252.0.1;
        }
        vlan-id              100;
        routing-interface    irb.0;
        interface            xe-1/0/0.0;
    }
    vlan-6 {
        vxlan {
            vni              200;
            multicast-group      233.252.0.1;
        }
        vlan-id              200;
        routing-interface    irb.1;
        interface            xe-2/0/0.0;
    }
}
content_copy zoom_out_map
user@router# show interfaces
content_copy zoom_out_map
interfaces {
    xe-1/0/0 {
        vlan-tagging;
        encapsulation flexible-ethernet-services;
        unit 0 {
            encapsulation vlan-bridge;
            vlan-id 100;
        }
    }
    xe-2/0/0 {
        vlan-tagging;
        encapsulation flexible-ethernet-services;
        unit 0 {
            encapsulation vlan-bridge;
            vlan-id 200;
        }
    }
    irb {
        unit 0 {
            family inet {
                address 10.5.5.1/24;
            }
        }
        unit 1 {
            family inet {
                address 10.6.6.1/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 10.3.3.3/32;
            }
        }
    }
}
content_copy zoom_out_map
user@router# show protocols ospf
content_copy zoom_out_map
area 0.0.0.0 {
    interface ge-8/3/8.0;
    interface lo0.0;
    interface xe-0/1/3.0;
    interface ge-8/3/2.0;
}
content_copy zoom_out_map
user@router# show protocols pim
content_copy zoom_out_map
rp {
    static {
        address 10.2.1.3;
    }
}
content_copy zoom_out_map
user@router# show chassis
content_copy zoom_out_map
redundancy {
    graceful-switchover;
}
aggregated-devices {
    ethernet {
        device-count 10;
    }
}
fpc 1 {
    pic 0 {
        tunnel-services {
            bandwidth 10g;
        }
    }
}
network-services enhanced-ip;

Verification

Confirm that the configuration is working properly.

Verifying Reachability

Purpose

Verify that the network is up and running with the proper interfaces and routes installed.

Action

content_copy zoom_out_map
user@router> show interfaces terse irb
Interface               Admin Link Proto    Local                 Remote
irb                     up    up
irb.0                   up    up   inet     10.5.5.1/24      
                                   multiservice
irb.1                   up    up   inet     10.6.6.1/24      
                                   multiservice

user@router> ping 10.5.5.1/24
PING 10.5.5.1 (10.5.5.1): 56 data bytes
64 bytes from 10.5.5.1: icmp_seq=0 ttl=64 time=0.965 ms
64 bytes from 10.5.5.1: icmp_seq=1 ttl=64 time=0.960 ms
64 bytes from 10.5.5.1: icmp_seq=2 ttl=64 time=0.940 ms
^C
--- 10.1.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.940/0.955/0.965/0.011 ms

Meaning

Use the show interfaces terse irb command to verify that the IRB interface has been properly configured. The irb.0 and irb.1 interfaces should display the proper multiservice inet addresses.

Use the ping command to confirm that the network is connected to the IRB multiservice address.

Verifying VXLAN

Purpose

Verify that VXLAN is working and the proper protocols are enabled.

Action

content_copy zoom_out_map
user@router> show interfaces vtep
Physical interface: vtep, Enabled, Physical link is Up
  Interface index: 133, SNMP ifIndex: 575
  Type: Software-Pseudo, Link-level type: VxLAN-Tunnel-Endpoint, MTU: 1600, Speed: Unlimited
  Device flags   : Present Running
  Interface flags: SNMP-Traps
  Link type      : Full-Duplex
  Link flags     : None
  Last flapped   : Never
    Input packets : 0
    Output packets: 0

  Logical interface vtep.32768 (Index 334) (SNMP ifIndex 607)
    Flags: Up SNMP-Traps Encapsulation: ENET2
    VXLAN Endpoint Type: Source, VXLAN Endpoint Address: 10.255.187.32, L2 Routing Instance: default-switch, L3 Routing Instance: default
    Input packets : 0
    Output packets: 0
content_copy zoom_out_map
user@router> show l2-learning vxlan-tunnel-end-point remote mac-table
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
           SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)

Logical system   : <default>
Routing instance : default-switch
 Bridging domain : vlan-5+100, VLAN : 100, VNID : 100
 Bridging domain : vlan-6+200, VLAN : 200, VNID : 200
content_copy zoom_out_map
user@router> show l2-learning vxlan-tunnel-end-point source
Logical System Name       Id  SVTEP-IP         IFL   L3-Idx
<default>                 0   10.255.187.32    lo0.0    0  
    L2-RTT                   Bridge Domain              VNID     MC-Group-IP
    default-switch           vlan-5+100                 100      233.252.0.1      
    default-switch           vlan-6+200                 200      233.252.0.1

Meaning

Use the show interface vtep command to displays information about VXLAN endpoint configuration. Make sure the routing instance is assigned to the default-switch..

Use the show l2-learning vxlan-tunnel-end-point remote mac-table command to confirm that the bridging domain VLAN groups were configured correctly.

Use the show l2-learning vxlan-tunnel-end-point source command to confirm the multicast IP addresses for bridging domain VLAN groups.

Related Documentation

arrow_backward PREVIOUS PIM NSR and Unified ISSU Support for VXLAN Overview
NEXT arrow_forward Monitoring a Remote VTEP Interface
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top