Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.
Register to attend
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.
Reserve my spot

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Campus Fabric EVPN Multihoming Using Juniper Mist™ Wired Assurance— Juniper Validated Design (JVD)

Campus Fabric EVPN Multihoming Using Juniper Mist™ Wired Assurance— Juniper Validated Design (JVD)

keyboard_arrow_up
close
keyboard_arrow_left
Campus Fabric EVPN Multihoming Using Juniper Mist™ Wired Assurance— Juniper Validated Design (JVD)
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

APPENDIX: Junos OS Configuration from This Fabric

date_range 24-Feb-25
arrow_backward
arrow_forward
JVD-ENTWIRED-EVPNMH-01-01

Campus Fabric EVPN Multihoming Configurations

This section displays the configuration output from the Juniper Mist cloud for the IP Fabric underlay on the core and distribution switches using eBGP.

Juniper Mist provides the following options (default in parentheses):

  • BGP Local AS (65000)
  • AS Base (65001)
  • Loopback pool (172.16.254.0/23)
  • Subnet (10.255.240.0/20) – point-to-point interfaces between adjacent layers

Throughout the campus fabric between core and distribution layers, Juniper Mist enables per-packet (Junos OS defines this as per-flow) load balancing using ECMP and fast convergence of BGP in the event of a link or node failure using BFD.

Core1 Configuration:

  1. Interconnects with core2:
    content_copy zoom_out_map
    set interfaces et-0/0/48 description evpn_downlink-to-b033a6114900
set interfaces et-0/0/48 unit 0 family inet address 10.255.240.4/31
set interfaces et-0/0/49 description evpn_uplink-to-b033a6114900
set interfaces et-0/0/49 unit 0 family inet address 10.255.240.3/31
  2. Loopback interface and router ID:
    content_copy zoom_out_map
    set groups top interfaces lo0 unit 0 family inet address 172.16.254.2/32
set groups top routing-options router-id 172.16.254.2
  3. Per-packet load-balancing:
    content_copy zoom_out_map
    set groups top policy-options policy-statement ecmp_policy then load-balance per-packet
set groups top policy-options policy-statement ecmp_policy then accept
set groups top routing-options forwarding-table export ecmp_policy
  4. BGP underlay network between the two distribution switches:
    content_copy zoom_out_map
    set protocols bgp group evpn_underlay type external
set protocols bgp group evpn_underlay log-updown
set protocols bgp group evpn_underlay import evpn_underlay_import
set protocols bgp group evpn_underlay family inet unicast
set protocols bgp group evpn_underlay authentication-key "xyz"
set protocols bgp group evpn_underlay export evpn_underlay_export
set protocols bgp group evpn_underlay local-as 65002
set protocols bgp group evpn_underlay multipath multiple-as
set protocols bgp group evpn_underlay bfd-liveness-detection minimum- interval 350
set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_underlay neighbor 10.255.240.2 peer-as 65001
set protocols bgp group evpn_underlay neighbor 10.255.240.5 peer-as 65001

Core2 Configuration:

  1. Interconnects between the two distribution switches:
    content_copy zoom_out_map
    set interfaces et-0/0/48 description evpn_uplink-to-c042d016afa0
set interfaces et-0/0/48 unit 0 family inet address 10.255.240.5/31
set interfaces et-0/0/49 description evpn_downlink-to-c042d016afa0
set interfaces et-0/0/49 unit 0 family inet address 10.255.240.2/31
  2. Loopback interface and router ID:
    content_copy zoom_out_map
    set groups top interfaces lo0 unit 0 family inet address 172.16.254.1/32
set groups top routing-options router-id 172.16.254.1
  3. Per-packet load balancing:
    content_copy zoom_out_map
    set groups top policy-options policy-statement ecmp_policy then load-balance per-packet
set groups top policy-options policy-statement ecmp_policy then accept
set groups top routing-options forwarding-table export ecmp_policy
  4. BGP underlay network between the two distribution switches:
    content_copy zoom_out_map
    set protocols bgp group evpn_underlay type external
set protocols bgp group evpn_underlay type external
set protocols bgp group evpn_underlay log-updown
set protocols bgp group evpn_underlay import evpn_underlay_import
set protocols bgp group evpn_underlay family inet unicast
set protocols bgp group evpn_underlay authentication-key "xyz"
set protocols bgp group evpn_underlay export evpn_underlay_export
set protocols bgp group evpn_underlay local-as 65001
set protocols bgp group evpn_underlay multipath multiple-as
set protocols bgp group evpn_underlay bfd-liveness-detection minimum- interval 350
set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_underlay neighbor 10.255.240.4 peer-as 65002
set protocols bgp group evpn_underlay neighbor 10.255.240.3 peer-as 65002

Configuration of the EVPN-VXLAN Overlay and Virtual Networks

This section displays the Juniper Mist cloud configuration output for the EVPN-VXLAN overlay on the core and distribution switches using eBGP.

Juniper Mist enables load balancing across the overlay network and fast convergence of BGP in the event of a link or node failure using BFD between the core and distribution layers.

Juniper Mist provisions Layer 3 IRB interfaces on the distribution layer.

Juniper Mist enables VXLAN tunnelling, VLAN to VXLAN mapping, and MP-BGP configuration snippets such as vrf-targets on the distribution and core switches.

The VRFs for traffic isolation are provisioned on the distribution switches.

Core1 Configuration:

  1. BGP overlay peering between the two distribution switches:
    content_copy zoom_out_map
    set protocols bgp group evpn_overlay type internal
set protocols bgp group evpn_overlay local-address 172.16.254.2
set protocols bgp group evpn_overlay log-updown
set protocols bgp group evpn_overlay family evpn signaling
set protocols bgp group evpn_overlay authentication-key "xyz"
set protocols bgp group evpn_overlay cluster 1.0.0.1
set protocols bgp group evpn_overlay local-as 65000
set protocols bgp group evpn_overlay multipath
set protocols bgp group evpn_overlay bfd-liveness-detection minimum- interval 1000
set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic
set protocols bgp group evpn_overlay neighbor 172.16.254.1
  2. Switch options that define vrf-targets and the source loopback interface used for VXLAN:
    content_copy zoom_out_map
    set groups top switch-options vtep-source-interface lo0.0
set groups top switch-options route-distinguisher 172.16.254.2:1
set groups top switch-options vrf-target target:65000:1
set groups top switch-options vrf-target auto
  3. VXLAN encapsulation:
    content_copy zoom_out_map
    set groups top protocols evpn no-core-isolation
set groups top protocols evpn encapsulation vxlan
set groups top protocols evpn default-gateway no-gateway-community
set groups top protocols evpn extended-vni-list all
  4. VRFs used for traffic isolation:
    content_copy zoom_out_map
    set groups top routing-instances guest-wifi instance-type vrf
set groups top routing-instances guest-wifi routing-options static route 0.0.0.0/0 next-hop 10.33.33.254
set groups top routing-instances guest-wifi routing-options auto-export
set groups top routing-instances guest-wifi interface irb.1033
set groups top routing-instances guest-wifi route-distinguisher 172.16.254.2:103
set groups top routing-instances guest-wifi vrf-target target:65000:103
set groups top routing-instances guest-wifi vrf-table-label
set groups top routing-instances developers instance-type vrf
set groups top routing-instances developers routing-options static route 0.0.0.0/0 next-hop 10.88.88.254
set groups top routing-instances developers routing-options auto-export
set groups top routing-instances developers interface irb.1088
set groups top routing-instances developers route-distinguisher 172.16.254.2:102
set groups top routing-instances developers vrf-target target:65000:102
set groups top routing-instances developers vrf-table-label
set groups top routing-instances corp-it instance-type vrf
set groups top routing-instances corp-it routing-options static route 0.0.0.0/0 next-hop 10.99.99.254
set groups top routing-instances corp-it routing-options auto-export
set groups top routing-instances corp-it interface irb.1099
set groups top routing-instances corp-it route-distinguisher 172.16.254.2:101
set groups top routing-instances corp-it vrf-target target:65000:101
set groups top routing-instances corp-it vrf-table-label
  5. VLAN to VXLAN mapping:
    content_copy zoom_out_map
    set vlans vlan1033 vlan-id 1033
set vlans vlan1033 l3-interface irb.1033
set vlans vlan1033 vxlan vni 11033
set vlans vlan1088 vlan-id 1088
set vlans vlan1088 l3-interface irb.1088
set vlans vlan1088 vxlan vni 11088
set vlans vlan1099 vlan-id 1099
set vlans vlan1099 l3-interface irb.1099
set vlans vlan1099 vxlan vni 11099
  6. Layer 3 IRB interface enablement with virtual gateway addressing:
    content_copy zoom_out_map
    set interfaces irb unit 1033 virtual-gateway-accept-data
set interfaces irb unit 1033 description vlan1033
set interfaces irb unit 1033 family inet address 10.33.33.2/24 virtual-gateway-address 10.33.33.1
set interfaces irb unit 1088 virtual-gateway-accept-data
set interfaces irb unit 1088 description vlan1088
set interfaces irb unit 1088 family inet address 10.88.88.2/24 virtual-gateway-address 10.88.88.1
set interfaces irb unit 1099 virtual-gateway-accept-data
set interfaces irb unit 1099 description vlan1099
set interfaces irb unit 1099 family inet address 10.99.99.2/24 virtual-gateway-address 10.99.99.1

Core2 Configuration:

  1. BGP overlay peering between the two distribution switches:
    content_copy zoom_out_map
    set protocols bgp group evpn_overlay type internal
set protocols bgp group evpn_overlay local-address 172.16.254.1
set protocols bgp group evpn_overlay log-updown
set protocols bgp group evpn_overlay family evpn signaling
set protocols bgp group evpn_overlay authentication-key "xyz"
set protocols bgp group evpn_overlay cluster 1.0.0.1
set protocols bgp group evpn_overlay local-as 65000
set protocols bgp group evpn_overlay multipath
set protocols bgp group evpn_overlay bfd-liveness-detection minimum- interval 1000
set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic
set protocols bgp group evpn_overlay neighbor 172.16.254.2
  2. Switch options that define vrf-targets and the source loopback interface used for VXLAN:
    content_copy zoom_out_map
    set groups top switch-options vtep-source-interface lo0.0
set groups top switch-options route-distinguisher 172.16.254.1:1
set groups top switch-options vrf-target target:65000:1
set groups top switch-options vrf-target auto
  3. VXLAN encapsulation:
    content_copy zoom_out_map
    set groups top protocols evpn no-core-isolation
set groups top protocols evpn encapsulation vxlan
set groups top protocols evpn default-gateway no-gateway-community
set groups top protocols evpn extended-vni-list all
  4. VRFs used for traffic isolation:
    content_copy zoom_out_map
    set groups top routing-instances guest-wifi instance-type vrf
set groups top routing-instances guest-wifi routing-options static route 0.0.0.0/0 next-hop 10.33.33.254
set groups top routing-instances guest-wifi routing-options auto-export
set groups top routing-instances guest-wifi interface irb.1033
set groups top routing-instances guest-wifi route-distinguisher 172.16.254.1:103
set groups top routing-instances guest-wifi vrf-target target:65000:103
set groups top routing-instances guest-wifi vrf-table-label
set groups top routing-instances developers instance-type vrf
set groups top routing-instances developers routing-options static route 0.0.0.0/0 next-hop 10.88.88.254
set groups top routing-instances developers routing-options auto-export
set groups top routing-instances developers interface irb.1088
set groups top routing-instances developers route-distinguisher 172.16.254.1:102
set groups top routing-instances developers vrf-target target:65000:102
set groups top routing-instances developers vrf-table-label
set groups top routing-instances corp-it instance-type vrf
set groups top routing-instances corp-it routing-options static route 0.0.0.0/0 next-hop 10.99.99.254
set groups top routing-instances corp-it routing-options auto-export
set groups top routing-instances corp-it interface irb.1099
set groups top routing-instances corp-it route-distinguisher 172.16.254.1:101
set groups top routing-instances corp-it vrf-target target:65000:101
set groups top routing-instances corp-it vrf-table-label
  5. VLAN to VXLAN mapping:
    content_copy zoom_out_map
    set vlans vlan1033 vlan-id 1033
set vlans vlan1033 l3-interface irb.1033
set vlans vlan1033 vxlan vni 11033
set vlans vlan1088 vlan-id 1088
set vlans vlan1088 l3-interface irb.1088
set vlans vlan1088 vxlan vni 11088
set vlans vlan1099 vlan-id 1099
set vlans vlan1099 l3-interface irb.1099
set vlans vlan1099 vxlan vni 11099
  6. Layer 3 IRB interface enablement with virtual gateway addressing.
    content_copy zoom_out_map
    set interfaces irb unit 1033 virtual-gateway-accept-data
set interfaces irb unit 1033 description vlan1033
set interfaces irb unit 1033 family inet address 10.33.33.3/24 virtual-gateway-address 10.33.33.1
set interfaces irb unit 1088 virtual-gateway-accept-data
set interfaces irb unit 1088 description vlan1088
set interfaces irb unit 1088 family inet address 10.88.88.3/24 virtual-gateway-address 10.88.88.1
set interfaces irb unit 1099 virtual-gateway-accept-data
set interfaces irb unit 1099 description vlan1099
set interfaces irb unit 1099 family inet address 10.99.99.3/24 virtual-gateway-address 10.99.99.1

Configuration of the Layer 2 ESI-LAG Between the Distribution Switches and the Access Switches

This section displays the configuration output from the Juniper Mist cloud for the enablement of the Layer 2 ESI-LAGs between the distribution switches and access switches. This Juniper Mist profile enables all VLANs on the Ethernet bundle with requisite ESI and LACP configuration options. From the perspective of the access switches, the Ethernet bundle that is configured on the access layer views the ESI-LAG as a single MAC address with the same LACP system-ID. This enables load hashing between distribution and access layers without requiring Layer 2 loop-free detection protocols such as RSTP.

Figure 1: Access Switch Attach to Collapsed Core Switches Access Switch Attach to Collapsed Core Switches

Core1 Configuration:

  1. Interface association with the newly created Ethernet bundle that includes ESI and LACP configuration:
    content_copy zoom_out_map
    set interfaces ae0 apply-groups esi-lag
set interfaces ae0 esi 00:11:00:00:00:01:00:01:02:00 set interfaces ae0 esi all-active
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp periodic fast set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:31:57:00
set interfaces ae0 aggregated-ether-options lacp admin-key 0
set interfaces ae1 apply-groups esi-lag
set interfaces ae1 esi 00:11:00:00:00:01:00:01:02:01 set interfaces ae1 esi all-active
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 aggregated-ether-options lacp system-id 00:00:00:31:57:01
set interfaces ae1 aggregated-ether-options lacp admin-key 1
set groups esi-lag interfaces <*> unit 0 family ethernet-switching interface-mode trunk
set groups esi-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1033
set groups esi-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1088
set groups esi-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1099
set interfaces xe-0/0/1 description esilag-to-4c734f095900 set interfaces xe-0/0/1 hold-time up 120000
set interfaces xe-0/0/1 hold-time down 1
set interfaces xe-0/0/1 ether-options 802.3ad ae1
set interfaces xe-0/0/1 unit 0 family ethernet-switching storm-control default
deactivate interfaces xe-0/0/1 unit 0
set interfaces xe-0/0/2 description esilag-to-4c734f095900 set interfaces xe-0/0/2 hold-time up 120000
set interfaces xe-0/0/2 hold-time down 1
set interfaces xe-0/0/2 ether-options 802.3ad ae0

    Core2 Configuration:

  2. Interface association with the newly created Ethernet bundle that includes ESI and LACP configuration:
    content_copy zoom_out_map
    set interfaces ae0 apply-groups esi-lag
set interfaces ae0 esi 00:11:00:00:00:01:00:01:02:00 set interfaces ae0 esi all-active
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp periodic fast
set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:31:57:00
set interfaces ae0 aggregated-ether-options lacp admin-key 0
set interfaces ae1 apply-groups esi-lag
set interfaces ae1 esi 00:11:00:00:00:01:00:01:02:01 set interfaces ae1 esi all-active
set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp periodic fast
set interfaces ae1 aggregated-ether-options lacp system-id 00:00:00:31:57:01
set interfaces ae1 aggregated-ether-options lacp admin-key 1
set groups esi-lag interfaces <*> unit 0 family ethernet-switching interface-mode trunk
set groups esi-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1033
set groups esi-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1088
set groups esi-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1099
set interfaces xe-0/0/1 description esilag-to-4c734f095900
set interfaces xe-0/0/1 hold-time up 120000
set interfaces xe-0/0/1 hold-time down 1
set interfaces xe-0/0/1 ether-options 802.3ad ae1
set interfaces xe-0/0/1 unit 0 family ethernet-switching storm-control default
deactivate interfaces xe-0/0/1 unit 0
set interfaces xe-0/0/2 description esilag-to-4c734f095900
set interfaces xe-0/0/2 hold-time up 120000
set interfaces xe-0/0/2 hold-time down 1
set interfaces xe-0/0/2 ether-options 802.3ad ae0
set interfaces xe-0/0/2 unit 0 family ethernet-switching storm-control default
deactivate interfaces xe-0/0/2 unit 0

    Access1 Configuration:

  3. VLANs associated with the new LACP Ethernet bundle:
    content_copy zoom_out_map
    set groups esi-lag interfaces <*> mtu 9200
set groups esi-lag interfaces <*> unit 0 family ethernet-switching interface-mode trunk
set groups esi-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1033
set groups esi-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1088
set groups esi-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1099
set interfaces ae1 apply-groups esi-lag
set interfaces ae1 aggregated-ether-options lacp active
set interfaces xe-0/2/0 ether-options 802.3ad ae1
set interfaces xe-0/2/0 unit 0 family ethernet-switching storm-control default
deactivate interfaces xe-0/2/0 unit 0
set interfaces xe-0/2/3 ether-options 802.3ad ae1
set interfaces xe-0/2/3 unit 0 family ethernet-switching storm-control default
deactivate interfaces xe-0/2/3 unit 0

    Access2 Configuration:

  4. VLANs associated with the new LACP Ethernet bundle:
    content_copy zoom_out_map
    set groups esi-lag interfaces <*> mtu 9200
set groups esi-lag interfaces <*> unit 0 family ethernet-switching interface-mode trunk
set groups esi-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1033
set groups esi-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1088
set groups esi-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1099
set interfaces ae0 apply-groups esi-lag
set interfaces ae0 aggregated-ether-options lacp active
set interfaces xe-0/2/0 ether-options 802.3ad ae0
set interfaces xe-0/2/0 unit 0 family ethernet-switching storm-control default
deactivate interfaces xe-0/2/0 unit 0
set interfaces xe-0/2/3 ether-options 802.3ad ae0
set interfaces xe-0/2/3 unit 0 family ethernet-switching storm-control default
deactivate interfaces xe-0/2/3 unit 0

Configuration of the Layer 2 ESI-LAG Between the Core Switches and the MX Router

This section displays the configuration output from the Juniper Mist cloud for the enablement of the Layer 2 ESI LAG between the core switches and SRX Series Firewall. This Mist profile enables all VLANs on the Ethernet bundle with requisite ESI and LACP configuration options. From the perspective of the SRX Series Firewall, the Ethernet bundle that is configured on the SRX Series Firewall views the ESI-LAG as a single MAC address with the same LACP system- ID. This enables load hashing between the core and SRX Series Firewall without requiring Layer 2 loop-free detection protocols such as RSTP.

Figure 2: Layer 2 ESI-LAG Supporting Active-Active Load Balancing Layer 2 ESI-LAG Supporting Active-Active Load Balancing

Core 1 Configuration:

  1. Interface association with the newly created Ethernet bundle that includes ESI and LACP configuration:
    content_copy zoom_out_map
    set interfaces ge-0/0/10 description esilag-to-4c734f095900
set interfaces ge-0/0/10 hold-time up 120000
set interfaces ge-0/0/10 hold-time down 1
set interfaces ge-0/0/10 ether-options 802.3ad ae2
set interfaces ge-0/0/10 unit 0 family ethernet-switching storm-control default
deactivate interfaces ge-0/0/10 unit 0
set interfaces ae2 apply-groups esi-lag
set interfaces ae2 esi 00:11:00:00:00:01:00:01:02:02
set interfaces ae2 esi all-active
set interfaces ae2 aggregated-ether-options lacp active
set interfaces ae2 aggregated-ether-options lacp periodic fast
set interfaces ae2 aggregated-ether-options lacp system-id 00:00:00:31:57:02
set interfaces ae2 aggregated-ether-options lacp admin-key 2

    Core 2 Configuration:

  2. Interface association with the newly created Ethernet bundle that includes ESI and LACP configuration:
    content_copy zoom_out_map
    set interfaces ge-0/0/10 description esilag-to-4c734f095900
set interfaces ge-0/0/10 hold-time up 120000
set interfaces ge-0/0/10 hold-time down 1
set interfaces ge-0/0/10 ether-options 802.3ad ae2
set interfaces ge-0/0/10 unit 0 family ethernet-switching storm-control default
deactivate interfaces ge-0/0/10 unit 0
set interfaces ae2 apply-groups esi-lag
set interfaces ae2 esi 00:11:00:00:00:01:00:01:02:02 set interfaces ae2 esi all-active
set interfaces ae2 aggregated-ether-options lacp active
set interfaces ae2 aggregated-ether-options lacp periodic fast
set interfaces ae2 aggregated-ether-options lacp system-id 00:00:00:31:57:02
set interfaces ae2 aggregated-ether-options lacp admin-key 2

    SRX Series Firewall Configuration:

  3. Interface association with newly created Ethernet bundle and LACP configuration:
    content_copy zoom_out_map
    set interfaces ae0 flexible-vlan-tagging
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 unit 1033 vlan-id 1033
set interfaces ae0 unit 1033 family inet address 10.33.33.254/24
set interfaces ae0 unit 1088 vlan-id 1088       
set interfaces ae0 unit 1088 family inet address 10.88.88.254/24
set interfaces ae0 unit 1099 vlan-id 1099       
set interfaces ae0 unit 1099 family inet address 10.99.99.254/24
arrow_backward PREVIOUS APPENDIX: EVPN Insights
NEXT arrow_forward Revision History
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top