How to Configure a Campus Network using EVPN Multihoming
Requirements
This configuration example uses the following devices:
Two EX4650 switches or two QFX5120 switches as collapsed core devices. Software version: Junos OS Release 20.2R2 or later
Note:EX4650 and QFX5120 switches are similar and can be used interchangeably.
One EX2300, EX3400, EX4300 or EX4400 switch as the access layer. In your network this can be a Juniper Networks switch or a third-party switch.
Overview
Use this network configuration example to deploy a single campus fabric with a Layer 3 IP-based underlay network that uses EVPN as the control plane protocol and VXLAN as the data plane protocol in the overlay network.
You can use BGP or OSPF as the underlay routing protocol to exchange loopback routes. In this example, you will first configure BGP as the underlay routing protocol. You will then configure IBGP between the core and distribution devices in the overlay to share reachability information about endpoints in the fabric.
A typical collapsed core for a campus network topology is shown in Figure 1. You configure a subset of this topology in this example.
Topology
The scenario demonstrated in this example involves the need to network three virtual networks: (a “separate” network for employees, guests, and IoT). The IRB interfaces for these virtual networks are on the core switches. All IRB interfaces are placed in the same routing instance. Place IRB interfaces in different routing instances for network segmentation if needed in your deployment. Figure 2 shows the topology and the IP addressing scheme used in this example.
All the links in the example topology are 1 Gigabit Ethernet interfaces. In a production deployment the core link would typically operate at 10 Gbps or higher to ensure there is no possibility for blocking.
Details
In this NCE, we design the network for three different types of users and devices (Employees, Guests, and IoT devices) that will be connecting to network through wired and wireless access. Employees, Guests, and IoT devices are mapped to different virtual networks and VNIs. Table 1 displays the configuration information for this NCE.
Virtual Network |
Wired Network |
Wireless Network |
VRF |
Route Distinguisher |
|---|---|---|---|---|
Employees |
IRB: 101 Subnet: 192.168.101.3/24 |
IRB: 102 Subnet: 192.168.102.3/24 |
JNPR_2_VRF |
102 |
Guests |
IRB: 201 Subnet: 192.168.201.3/24 |
IRB: 202 Subnet: 192.168.202.3/24 |
JNPR_1_VRF |
101 |
IoT Devices |
IRB: 301 Subnet: 192.168.210.3/24 |
IRB: 302 Subnet: 192.168.212.3/24 |
JNPR_3_VRF |
103 |
Configure the Underlay IP Fabric
Requirements
Overview
This section illustrates how to configure the IP fabric underlay on the collapsed core switches using BGP.
Interface and Underlay Configuration
Use this section to configure the underlay on the collapsed core switches.
This section shows the step-by-step configuration procedures for each device.
Collapsed Core 1 Configuration
Step-by-Step Procedure
Configure the interfaces connected to the collapsed core switches. To avoid a split-brain state in the network, we recommend configuring at least two links between the collapsed core switches and configuring multihoming from the access switches to the collapsed core switches.
set interfaces ge-0/0/46 unit 0 description "Connected to campus-tme-ex4650-2" set interfaces ge-0/0/46 unit 0 family inet address 192.168.100.5/31 set interfaces ge-0/0/46 mtu 9100
Configure the loopback interface and router ID and enable per-packet load balancing.
set interfaces lo0 unit 0 family inet address 192.168.255.11/32 set routing-options router-id 192.168.255.11 set routing-options forwarding-table export ecmp_policy set policy-options policy-statement ecmp_policy then load-balance per-packet set policy-options policy-statement ecmp_policy then accept
Configure the BGP underlay network.
set policy-options policy-statement UNDERLAY-EXPORT term LOOPBACK from route-filter 192.168.255.0/24 orlonger set policy-options policy-statement UNDERLAY-EXPORT term LOOPBACK then accept set policy-options policy-statement UNDERLAY-EXPORT term DEFAULT then reject set policy-options policy-statement UNDERLAY-IMPORT term LOOPBACK from route-filter 192.168.255.0/24 orlonger set policy-options policy-statement UNDERLAY-IMPORT term LOOPBACK then accept set policy-options policy-statement UNDERLAY-IMPORT term DEFAULT then reject set protocols bgp bfd-liveness-detection minimum-interval 1000 set protocols bgp group UNDERLAY type external set protocols bgp group UNDERLAY description "EBGP UNDERLAY" set protocols bgp group UNDERLAY import UNDERLAY-IMPORT set protocols bgp group UNDERLAY family inet unicast set protocols bgp group UNDERLAY authentication-key “SecretKeyPhrase” set protocols bgp group UNDERLAY export UNDERLAY-EXPORT set protocols bgp group UNDERLAY local-as 65013 set protocols bgp group UNDERLAY multipath multiple-as set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 350 set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3 set protocols bgp group UNDERLAY neighbor 192.168.100.4 peer-as 65012
Collapsed Core 2 Configuration
Step-by-Step Procedure
Configure the interfaces connected to the collapsed core devices. To avoid a split-brain state in the network, we recommend configuring at least two links between the collapsed core switches and configuring multihoming from the access switches to the collapsed core switches.
set interfaces ge-0/0/46 unit 0 description "Connected to campus-tme-ex4650-01" set interfaces ge-0/0/46 unit 0 family inet address 192.168.100.4/31 set interfaces ge-0/0/46 mtu 9100
Configure the loopback interface and router ID and enable per-packet load balancing.
set interfaces lo0 unit 0 family inet address 192.168.255.12/32 set routing-options router-id 192.168.255.12 set policy-options policy-statement ecmp_policy then load-balance per-packet set policy-options policy-statement ecmp_policy then accept set routing-options forwarding-table export ecmp_policy
Configure the BGP underlay network.
set policy-options policy-statement UNDERLAY-EXPORT term LOOPBACK from route-filter 192.168.255.0/24 orlonger set policy-options policy-statement UNDERLAY-EXPORT term LOOPBACK then accept set policy-options policy-statement UNDERLAY-EXPORT term DEFAULT then reject set policy-options policy-statement UNDERLAY-IMPORT term LOOPBACK from route-filter 192.168.255.0/24 orlonger set policy-options policy-statement UNDERLAY-IMPORT term LOOPBACK then accept set policy-options policy-statement UNDERLAY-IMPORT term DEFAULT then reject set protocols bgp group UNDERLAY type external set protocols bgp group UNDERLAY description "Connection to EBGP UNDERLAY" set protocols bgp group UNDERLAY import UNDERLAY-IMPORT set protocols bgp group UNDERLAY family inet unicast set protocols bgp group UNDERLAY authentication-key “SecretKeyPhrase” set protocols bgp group UNDERLAY export UNDERLAY-EXPORT set protocols bgp group UNDERLAY local-as 65012 set protocols bgp group UNDERLAY multipath multiple-as set protocols bgp group UNDERLAY bfd-liveness-detection minimum-interval 350 set protocols bgp group UNDERLAY bfd-liveness-detection multiplier 3 set protocols bgp group UNDERLAY neighbor 192.168.100.5 peer-as 65013
Configure the Overlay
Requirements
Overview
This section shows how to configure the overlay. It includes IBGP peerings, the VLAN to VXLAN mappings, and the IRB interface configurations for the virtual networks.
Overlay and Virtual Network Configuration
Use this section to configure the overlay and virtual networks on the collapsed core layer switches.
This section shows the step-by-step configuration procedures for each device.
Collapsed Core 1 Configuration
Step-by-Step Procedure
Configure IBGP neighbors from the collapsed core switch to the core switches.
set routing-options autonomous-system 65100 set protocols bgp group EVPN_FABRIC type internal set protocols bgp group EVPN_FABRIC description "OVERLAY Config" set protocols bgp group EVPN_FABRIC local-address 192.168.255.11 set protocols bgp group EVPN_FABRIC family evpn signaling set protocols bgp group EVPN_FABRIC authentication-key “SecretKeyPhrase” set protocols bgp group EVPN_FABRIC local-as 65100 set protocols bgp group EVPN_FABRIC multipath set protocols bgp group EVPN_FABRIC neighbor 192.168.255.12 set protocols evpn no-core-isolation
Configure switch options on the collapsed core switch.
set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 192.168.255.11:1 set switch-options vrf-target target:999:999 set switch-options vrf-target auto
Enable VXLAN encapsulation.
set protocols evpn encapsulation vxlan set protocols evpn default-gateway no-gateway-community set protocols evpn extended-vni-list 5101 set protocols evpn extended-vni-list 5102 set protocols evpn extended-vni-list 5201 set protocols evpn extended-vni-list 5202 set protocols evpn extended-vni-list 5301 set protocols evpn extended-vni-list 5302
Configure VLANs and VXLAN mappings.
set vlans VLAN-101 description Employee-Wired-VLAN set vlans VLAN-101 vlan-id 101 set vlans VLAN-101 l3-interface irb.101 set vlans VLAN-101 vxlan vni 5101 set vlans VLAN-102 description Employee-Wireless-VLAN set vlans VLAN-102 vlan-id 102 set vlans VLAN-102 l3-interface irb.102 set vlans VLAN-102 vxlan vni 5102 set vlans VLAN-201 description Guest-Wired-VLAN set vlans VLAN-201 vlan-id 201 set vlans VLAN-201 l3-interface irb.201 set vlans VLAN-201 vxlan vni 5201 set vlans VLAN-202 description Guest-Wireless-VLAN set vlans VLAN-202 vlan-id 202 set vlans VLAN-202 l3-interface irb.202 set vlans VLAN-202 vxlan vni 5202 set vlans VLAN-301 description IOT-Wired-VLAN set vlans VLAN-301 vlan-id 301 set vlans VLAN-301 l3-interface irb.301 set vlans VLAN-301 vxlan vni 5301 set vlans VLAN-302 description IOT-Wireless-VLAN set vlans VLAN-302 vlan-id 302 set vlans VLAN-302 l3-interface irb.302 set vlans VLAN-302 vxlan vni 5302
Configure the IRB interfaces for the Employees, Guests, and the IoT devices VLANs.
set interfaces irb unit 101 virtual-gateway-accept-data set interfaces irb unit 101 description Wired-Employee set interfaces irb unit 101 family inet address 192.168.101.3/24 virtual-gateway-address 192.168.101.1 set interfaces irb unit 102 virtual-gateway-accept-data set interfaces irb unit 102 description Wireless-Employee set interfaces irb unit 102 family inet address 192.168.102.3/24 virtual-gateway-address 192.168.102.1 set interfaces irb unit 201 virtual-gateway-accept-data set interfaces irb unit 201 description Guest-Wired-Subnet set interfaces irb unit 201 family inet address 192.168.201.3/24 virtual-gateway-address 192.168.201.1 set interfaces irb unit 202 virtual-gateway-accept-data set interfaces irb unit 202 description Guest-Wireless-Subnet set interfaces irb unit 202 family inet address 192.168.202.3/24 virtual-gateway-address 192.168.202.1 set interfaces irb unit 301 virtual-gateway-accept-data set interfaces irb unit 301 description Wired-IOT set interfaces irb unit 301 family inet address 192.168.210.3/24 virtual-gateway-address 192.168.210.1 set interfaces irb unit 302 virtual-gateway-accept-data set interfaces irb unit 302 description Wireless-IOT set interfaces irb unit 302 family inet address 192.168.212.3/24 virtual-gateway-address 192.168.212.1
Configure the VRF instances.
set routing-instances JNPR_1_VRF description "VRF for Guest Access" set routing-instances JNPR_1_VRF instance-type vrf set routing-instances JNPR_1_VRF interface irb.201 set routing-instances JNPR_1_VRF interface irb.202 set routing-instances JNPR_1_VRF route-distinguisher 192.168.255.11:101 set routing-instances JNPR_1_VRF vrf-target target:1:65001 set routing-instances JNPR_1_VRF vrf-table-label set routing-instances JNPR_1_VRF routing-options auto-export set routing-instances JNPR_2_VRF description "VRF for Employee Access" set routing-instances JNPR_2_VRF instance-type vrf set routing-instances JNPR_2_VRF interface irb.101 set routing-instances JNPR_2_VRF interface irb.102 set routing-instances JNPR_2_VRF route-distinguisher 192.168.255.11:102 set routing-instances JNPR_2_VRF vrf-target target:2:65001 set routing-instances JNPR_2_VRF vrf-table-label set routing-instances JNPR_3_VRF description "VRF for IOT Access" set routing-instances JNPR_3_VRF instance-type vrf set routing-instances JNPR_3_VRF interface irb.301 set routing-instances JNPR_3_VRF interface irb.302 set routing-instances JNPR_3_VRF route-distinguisher 192.168.255.11:103 set routing-instances JNPR_3_VRF vrf-target target:3:65001 set routing-instances JNPR_3_VRF vrf-table-label set routing-instances JNPR_3_VRF routing-options auto-export set routing-instances JNPR_2_VRF routing-options auto-export
(Optional) Enable IGMP snooping to constrain the flooding of IPv4 multicast traffic on the VLANs.
set protocols igmp-snooping vlan VLAN-201 interface ae11.0 multicast-router-interface set protocols igmp-snooping vlan VLAN-202 interface ae11.0 multicast-router-interface set protocols igmp-snooping vlan VLAN-101 interface ae11.0 multicast-router-interface set protocols igmp-snooping vlan VLAN-102 interface ae11.0 multicast-router-interface set protocols igmp-snooping vlan VLAN-301 interface ae11.0 multicast-router-interface set protocols igmp-snooping vlan VLAN-301 interface ae11.0 multicast-router-interface
Collapsed Core 2 Configuration
Step-by-Step Procedure
Configure IBGP neighbors from the collapsed core switch to the core switches.
set routing-options autonomous-system 65100 set protocols bgp group EVPN_FABRIC type internal set protocols bgp group EVPN_FABRIC description "OVERLAY Config" set protocols bgp group EVPN_FABRIC local-address 192.168.255.12 set protocols bgp group EVPN_FABRIC family evpn signaling set protocols bgp group EVPN_FABRIC authentication-key “SecretKeyPhrase” set protocols bgp group EVPN_FABRIC local-as 65100 set protocols bgp group EVPN_FABRIC multipath set protocols bgp group EVPN_FABRIC neighbor 192.168.255.11 set protocols evpn no-core-isolation
Configure switch options on the collapsed core switch.
set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 192.168.255.12:1 set switch-options vrf-target target:999:999 set switch-options vrf-target auto
Enable VXLAN encapsulation.
set protocols evpn encapsulation vxlan set protocols evpn extended-vni-list 5101 set protocols evpn extended-vni-list 5102 set protocols evpn extended-vni-list 5201 set protocols evpn extended-vni-list 5202 set protocols evpn extended-vni-list 5301 set protocols evpn extended-vni-list 5302
Configure VLANs and VXLAN mappings.
set vlans VLAN-101 description Employee-Wired-VLAN set vlans VLAN-101 vlan-id 101 set vlans VLAN-101 l3-interface irb.101 set vlans VLAN-101 vxlan vni 5101 set vlans VLAN-102 description Employee-Wireless-VLAN set vlans VLAN-102 vlan-id 102 set vlans VLAN-102 l3-interface irb.102 set vlans VLAN-102 vxlan vni 5102 set vlans VLAN-201 description "Guest Wired Subnet" set vlans VLAN-201 vlan-id 201 set vlans VLAN-201 l3-interface irb.201 set vlans VLAN-201 vxlan vni 5201 set vlans VLAN-202 description "Guest Wireless Subnet" set vlans VLAN-202 vlan-id 202 set vlans VLAN-202 l3-interface irb.202 set vlans VLAN-202 vxlan vni 5202 set vlans VLAN-301 description IOT-Wired-VLAN set vlans VLAN-301 vlan-id 301 set vlans VLAN-301 l3-interface irb.301 set vlans VLAN-301 vxlan vni 5301 set vlans VLAN-302 description IOT-Wireless-VLAN set vlans VLAN-302 vlan-id 302 set vlans VLAN-302 l3-interface irb.302 set vlans VLAN-302 vxlan vni 5302
Configure the IRB interfaces for the Employees, Guests, and the IoT devices VLANs.
set interfaces irb unit 101 description "** Employee-Wired-Subnet" set interfaces irb unit 101 virtual-gateway-accept-data set interfaces irb unit 101 family inet address 192.168.101.2/24 virtual-gateway-address 192.168.101.1 set interfaces irb unit 102 virtual-gateway-accept-data set interfaces irb unit 102 family inet address 192.168.102.2/24 virtual-gateway-address 192.168.102.1 set interfaces irb unit 201 virtual-gateway-accept-data set interfaces irb unit 201 description "** L3 interface for VLAN-201 in jnpr_1" set interfaces irb unit 201 family inet address 192.168.201.2/24 virtual-gateway-address 192.168.201.1 set interfaces irb unit 202 virtual-gateway-accept-data set interfaces irb unit 202 description "** L3 interface for VLAN-202 in jnpr_1" set interfaces irb unit 202 family inet address 192.168.202.2/24 virtual-gateway-address 192.168.202.1 set interfaces irb unit 301 virtual-gateway-accept-data set interfaces irb unit 301 description Wired-IOT-Subnet set interfaces irb unit 301 family inet address 192.168.210.2/24 virtual-gateway-address 192.168.210.1 set interfaces irb unit 302 virtual-gateway-accept-data set interfaces irb unit 302 description Wireless-IOT-subnet set interfaces irb unit 302 family inet address 192.168.212.2/24 virtual-gateway-address 192.168.212.1
Configure the VRF instances.
set routing-instances JNPR_1_VRF description "VRF for Guest Access" set routing-instances JNPR_1_VRF instance-type vrf set routing-instances JNPR_1_VRF interface irb.201 set routing-instances JNPR_1_VRF interface irb.202 set routing-instances JNPR_1_VRF route-distinguisher 192.168.255.12:101 set routing-instances JNPR_1_VRF vrf-target target:1:65001 set routing-instances JNPR_1_VRF vrf-table-label set routing-instances JNPR_1_VRF routing-options auto-export set routing-instances JNPR_2_VRF description "VRF for Employee Access" set routing-instances JNPR_2_VRF instance-type vrf set routing-instances JNPR_2_VRF interface irb.101 set routing-instances JNPR_2_VRF interface irb.102 set routing-instances JNPR_2_VRF route-distinguisher 192.168.255.12:102 set routing-instances JNPR_2_VRF vrf-target target:2:65001 set routing-instances JNPR_2_VRF vrf-table-label set routing-instances JNPR_2_VRF routing-options auto-export set routing-instances JNPR_3_VRF description "VRF for IOT Access" set routing-instances JNPR_3_VRF instance-type vrf set routing-instances JNPR_3_VRF interface irb.301 set routing-instances JNPR_3_VRF interface irb.302 set routing-instances JNPR_3_VRF route-distinguisher 192.168.255.12:103 set routing-instances JNPR_3_VRF vrf-target target:3:65001 set routing-instances JNPR_3_VRF vrf-table-label set routing-instances JNPR_3_VRF routing-options auto-export
(Optional) Enable IGMP snooping to constrain the flooding of IPv4 multicast traffic on the VLANs.
set protocols igmp-snooping vlan VLAN-201 interface ae11.0 multicast-router-interface set protocols igmp-snooping vlan VLAN-202 interface ae11.0 multicast-router-interface set protocols igmp-snooping vlan VLAN-101 interface ae11.0 multicast-router-interface set protocols igmp-snooping vlan VLAN-102 interface ae11.0 multicast-router-interface set protocols igmp-snooping vlan VLAN-301 interface ae11.0 multicast-router-interface set protocols igmp-snooping vlan VLAN-301 interface ae11.0 multicast-router-interface
Configure Multihoming Between the Access Layer Switch and Collapsed Core Switches
Requirements
Overview
This section illustrates the configurations necessary to multihome uplink interfaces from an access layer switch to collapsed core layer switches. Use this example to configure the multihome access layer uplink interfaces in the same aggregated Ethernet interface to multiple collapsed core switches.
When you configure EVPN multihoming, use the same ESI value to configure a multihomed segment on the different collapsed core switch interfaces that connect to the same access switch. ESI values are encoded as 10-byte integers and are used to identify a multihomed segment. We recommend using an ESI value that uses the same values on the first 8 bytes and changes only the 9th and 10th bytes per EVPN LAG.
Topology
The access layer supports Layer 2 for VLANs. The uplink from the access layer is an aggregated Ethernet link bundle or LAG configured as a trunk port that carries the VLANs from the access layer switch to the collapsed core layer switches.
Refer to Figure 2 for details on the physical topology for connectivity between one access layer switch and the Collapsed Core 1 switch.
Configuration
Use this example to configure the collapsed core layer for EVPN multihoming and the access layer switch.
This section shows the step-by-step configuration procedures for each device.
Collapsed Core 1 Configuration
Step-by-Step Procedure
Specify which members to include in the aggregated Ethernet bundle.
set interfaces ge-0/0/3 description "Connected to campus-tme-ex4300-01" set interfaces ge-0/0/3 ether-options 802.3ad ae11
Configure the aggregated Ethernet interface, including the Ethernet segment identifier (ESI), which assigns the multihomed interface on this switch to an Ethernet segment. The ESI value must be the same on the different multihomed interfaces.
set chassis aggregated-devices ethernet device-count 1 set interfaces ae11 description To-Access-1 set interfaces ae11 mtu 9200 set interfaces ae11 esi 00:11:11:11:11:11:11:11:11:01 set interfaces ae11 esi all-active set interfaces ae11 aggregated-ether-options lacp active set interfaces ae11 aggregated-ether-options lacp periodic fast set interfaces ae11 aggregated-ether-options lacp system-id 00:40:00:00:00:01 set interfaces ae11 unit 0 family ethernet-switching interface-mode trunk set interfaces ae11 unit 0 family ethernet-switching vlan members VLAN-201 set interfaces ae11 unit 0 family ethernet-switching vlan members VLAN-202 set interfaces ae11 unit 0 family ethernet-switching vlan members VLAN-101 set interfaces ae11 unit 0 family ethernet-switching vlan members VLAN-102 set interfaces ae11 unit 0 family ethernet-switching vlan members VLAN-301 set interfaces ae11 unit 0 family ethernet-switching vlan members VLAN-302
Collapsed Core 2 Configuration
Step-by-Step Procedure
Specify which members to include in the aggregated Ethernet bundle.
set interfaces ge-0/0/6 description "Connected to campus-tme-ex2300-01" set interfaces ge-0/0/6 ether-options 802.3ad ae11
Configure the aggregated Ethernet interface, including the Ethernet segment identifier (ESI), which assigns the multihomed interface on this switch to an Ethernet segment. The ESI value must be the same on the different multihomed interfaces.
set chassis aggregated-devices ethernet device-count 1 set interfaces ae11 description To-Access-1 set interfaces ae11 mtu 9200 set interfaces ae11 esi 00:11:11:11:11:11:11:11:11:01 set interfaces ae11 esi all-active set interfaces ae11 aggregated-ether-options lacp active set interfaces ae11 aggregated-ether-options lacp periodic fast set interfaces ae11 aggregated-ether-options lacp system-id 00:40:00:00:00:01 set interfaces ae11 unit 0 family ethernet-switching interface-mode trunk set interfaces ae11 unit 0 family ethernet-switching vlan members VLAN-201 set interfaces ae11 unit 0 family ethernet-switching vlan members VLAN-202 set interfaces ae11 unit 0 family ethernet-switching vlan members VLAN-101 set interfaces ae11 unit 0 family ethernet-switching vlan members VLAN-102 set interfaces ae11 unit 0 family ethernet-switching vlan members VLAN-301 set interfaces ae11 unit 0 family ethernet-switching vlan members VLAN-302
Access Switch Configuration
Step-by-Step Procedure
Specify which members to include in the aggregated Ethernet bundle.
set interfaces ge-0/0/1 description "to Campus-tme--ex4650-01" set interfaces ge-0/0/1 ether-options 802.3ad ae11 set interfaces ge-0/0/2 description "To Campus-tme-ex4650-02" set interfaces ge-0/0/2 ether-options 802.3ad ae11
Configure the aggregated Ethernet interface.
set chassis aggregated-devices ethernet device-count 1 set interfaces ae11 aggregated-ether-options lacp active set interfaces ae11 aggregated-ether-options lacp periodic fast set interfaces ae11 unit 0 family ethernet-switching interface-mode trunk set interfaces ae11 unit 0 family ethernet-switching vlan members 101-102 set interfaces ae11 unit 0 family ethernet-switching vlan members 201-202 set interfaces ae11 unit 0 family ethernet-switching vlan members 301-302
Configure the VLANs.
set vlans VLAN-201 vlan-id 201 set vlans VLAN-101 vlan-id 101 set vlans VLAN-102 vlan-id 102 set vlans VLAN-201 vlan-id 201 set vlans VLAN-202 vlan-id 202 set vlans VLAN-301 vlan-id 301 set vlans VLAN-302 vlan-id 302
You now have multihomed the uplink interfaces from the access layer switch to the collapsed core devices.
If you have multiple access layer switches in your network, repeat this configuration procedure for each switch.
For more information on configuring ports for PoE, trunk ports for Access Point, and configuring 802.1X, see How to Configure the SRX Router.
Verification
Requirements
Overview
In this section you verify proper operation of the EVPN MC LAG example. Log in to each device and verify that the EVPN-VXLAN fabric has been configured.
Verification
- Collapsed Core 1: Verifying BGP Sessions
- Collapsed Core 2: Verifying BGP Sessions
- Collapsed Core 1: Verifying EVPN Database Information
- Collapsed Core 2: Verifying EVPN Database Information
- Collapsed Core 1: Verifying Local Switching Table Information
- Collapsed Core 2: Verifying Local Switching Table Information
- Collapsed Core1: Verifying Multihomed Ethernet Segment
- Collapsed Core 2: Verifying Multihomed Ethernet Segment
Collapsed Core 1: Verifying BGP Sessions
Purpose
Verify the state of the BGP sessions with the core devices.
Action
Verify that the Collapsed Core 1 IBGP sessions are established with the loopbacks of the core devices, which have IP addresses 192.168.0.4 and 192.168.0.5.
user@campus-tme-ex4650-01> show bgp summary
Threading mode: BGP I/O
Default eBGP mode: advertise - accept, receive - accept
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
1 1 0 0 0 0
bgp.evpn.0
39 39 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
192.168.100.4 65012 54 53 0 0 22:51 Establ
inet.0: 1/1/1/0
192.168.255.12 65100 177 167 0 0 22:49 Establ
bgp.evpn.0: 39/39/39/0
default-switch.evpn.0: 38/38/38/0
__default_evpn__.evpn.0: 1/1/1/0Meaning
The IBGP sessions are established with the loopbacks of the core devices using MP-IBGP with EVPN signaling in the overlay layer to enable the exchange of EVPN routes.
Collapsed Core 2: Verifying BGP Sessions
Purpose
Verify the state of the BGP sessions with the Collapsed Core 2.
Action
Verify that BGP sessions are established with the core devices. The IP addresses of the core devices are 192.168.0.4 and 192.168.0.5.
user@campus-tme-ex4650-02> show bgp summary
Threading mode: BGP I/O
Default eBGP mode: advertise - accept, receive - accept
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
1 1 0 0 0 0
bgp.evpn.0
39 39 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
192.168.100.5 65013 62 61 0 0 26:45 Establ
inet.0: 1/1/1/0
192.168.255.11 65100 176 185 0 0 26:43 Establ
bgp.evpn.0: 39/39/39/0
default-switch.evpn.0: 38/38/38/0
__default_evpn__.evpn.0: 1/1/1/0Meaning
The IBGP sessions are established with the loopbacks of the core devices using MP-IBGP with EVPN signaling in the overlay layer to enable the exchange of EVPN routes.
Collapsed Core 1: Verifying EVPN Database Information
Purpose
Verify that the EVPN database has been populated correctly.
Action
Verify that the EVPN database is installing MAC address information for locally attached hosts and receiving advertisements from other leaf devices with information about remote hosts.
user@campus-tme-ex4650-01> show evpn database
Instance: default-switch
VLAN DomainId MAC address Active source Timestamp IP address
5101 00:00:5e:00:01:01 05:00:00:fe:4c:00:00:13:ed:00 Aug 19 10:21:46 192.168.101.1
5101 02:05:86:71:5d:00 irb.101 Aug 19 10:21:46 192.168.101.3
5101 02:05:86:71:8d:00 192.168.255.12 Aug 19 10:21:46 192.168.101.2
5102 00:00:5e:00:01:01 05:00:00:fe:4c:00:00:13:ee:00 Aug 19 10:21:46 192.168.102.1
5102 02:05:86:71:5d:00 irb.102 Aug 19 10:21:46 192.168.102.3
5102 02:05:86:71:8d:00 192.168.255.12 Aug 19 10:21:46 192.168.102.2
5201 00:00:5e:00:01:01 05:00:00:fe:4c:00:00:14:51:00 Aug 19 10:21:46 192.168.201.1
5201 02:05:86:71:5d:00 irb.201 Aug 19 10:21:46 192.168.201.3
5201 02:05:86:71:8d:00 192.168.255.12 Aug 19 10:21:46 192.168.201.2
5202 00:00:5e:00:01:01 05:00:00:fe:4c:00:00:14:52:00 Aug 19 10:21:46 192.168.202.1
5202 02:05:86:71:5d:00 irb.202 Aug 19 10:21:46 192.168.202.3
5202 02:05:86:71:8d:00 192.168.255.12 Aug 19 10:21:46 192.168.202.2
5301 00:00:5e:00:01:01 05:00:00:fe:4c:00:00:14:b5:00 Aug 19 10:22:35 192.168.210.1
5301 02:05:86:71:5d:00 irb.301 Aug 19 10:21:46 192.168.210.3
5301 02:05:86:71:8d:00 192.168.255.12 Aug 19 10:22:35 192.168.210.2
5302 00:00:5e:00:01:01 05:00:00:fe:4c:00:00:14:b6:00 Aug 19 10:21:46 192.168.212.1
5302 02:05:86:71:5d:00 irb.302 Aug 19 10:21:46 192.168.212.3
5302 02:05:86:71:8d:00 192.168.255.12 Aug 19 10:22:35 192.168.212.2
Meaning
The output above confirms that the EVPN database is properly learning and installing MAC routes for all endpoints. It also shows the relationship between MAC addresses and their associated VNIs: 5101, 5102, 5201, 5202 , 5301 and 5302.
Collapsed Core 2: Verifying EVPN Database Information
Purpose
Verify that the EVPN database has been populated correctly.
Action
Verify that the EVPN database is installing MAC address information for locally attached hosts and receiving advertisements from the other leaf devices with information about remote hosts.
user@campus-tme-ex4650-02> show evpn database
Instance: default-switch
VLAN DomainId MAC address Active source Timestamp IP address
5101 00:00:5e:00:01:01 05:00:00:fe:4c:00:00:13:ed:00 Aug 19 10:21:46 192.168.101.1
5101 02:05:86:71:5d:00 irb.101 Aug 19 10:21:46 192.168.101.3
5101 02:05:86:71:8d:00 192.168.255.12 Aug 19 10:21:46 192.168.101.2
5102 00:00:5e:00:01:01 05:00:00:fe:4c:00:00:13:ee:00 Aug 19 10:21:46 192.168.102.1
5102 02:05:86:71:5d:00 irb.102 Aug 19 10:21:46 192.168.102.3
5102 02:05:86:71:8d:00 192.168.255.12 Aug 19 10:21:46 192.168.102.2
5201 00:00:5e:00:01:01 05:00:00:fe:4c:00:00:14:51:00 Aug 19 10:21:46 192.168.201.1
5201 02:05:86:71:5d:00 irb.201 Aug 19 10:21:46 192.168.201.3
5201 02:05:86:71:8d:00 192.168.255.12 Aug 19 10:21:46 192.168.201.2
5202 00:00:5e:00:01:01 05:00:00:fe:4c:00:00:14:52:00 Aug 19 10:21:46 192.168.202.1
5202 02:05:86:71:5d:00 irb.202 Aug 19 10:21:46 192.168.202.3
5202 02:05:86:71:8d:00 192.168.255.12 Aug 19 10:21:46 192.168.202.2
5301 00:00:5e:00:01:01 05:00:00:fe:4c:00:00:14:b5:00 Aug 19 10:22:35 192.168.210.1
5301 02:05:86:71:5d:00 irb.301 Aug 19 10:21:46 192.168.210.3
5301 02:05:86:71:8d:00 192.168.255.12 Aug 19 10:22:35 192.168.210.2
5302 00:00:5e:00:01:01 05:00:00:fe:4c:00:00:14:b6:00 Aug 19 10:21:46 192.168.212.1
5302 02:05:86:71:5d:00 irb.302 Aug 19 10:21:46 192.168.212.3
5302 02:05:86:71:8d:00 192.168.255.12 Aug 19 10:22:35 192.168.212.2
Meaning
The output above confirms that the EVPN database is properly learning and installing MAC routes for all endpoints. It also shows the relationship between MAC addresses and their associated VNIs: 5101, 5102, 5201, 5202 , 5301 and 5302.
Collapsed Core 1: Verifying Local Switching Table Information
Purpose
Verify that the local switching table has been populated correctly.
Action
Verify that the local switching table is installing MAC address information for locally attached hosts and receiving advertisements from the other leaf devices with information about remote hosts.
user@campus-tme-ex4650-01> show ethernet-switching table
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static
SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
Ethernet switching table : 12 entries, 12 learned
Routing instance : default-switch
Vlan MAC MAC Logical SVLBNH/ Active
name address flags interface VENH Index source
VLAN-101 00:00:5e:00:01:01 DR esi.1734 05:00:00:fe:4c:00:00:13:ed:00
VLAN-101 02:05:86:71:8d:00 D vtep.32769 192.168.255.12
VLAN-102 00:00:5e:00:01:01 DR esi.1739 05:00:00:fe:4c:00:00:13:ee:00
VLAN-102 02:05:86:71:8d:00 D vtep.32769 192.168.255.12
VLAN-201 00:00:5e:00:01:01 DR esi.1735 05:00:00:fe:4c:00:00:14:51:00
VLAN-201 02:05:86:71:8d:00 D vtep.32769 192.168.255.12
VLAN-202 00:00:5e:00:01:01 DR esi.1736 05:00:00:fe:4c:00:00:14:52:00
VLAN-202 02:05:86:71:8d:00 D vtep.32769 192.168.255.12
VLAN-301 00:00:5e:00:01:01 DR esi.1737 05:00:00:fe:4c:00:00:14:b5:00
VLAN-301 02:05:86:71:8d:00 D vtep.32769 192.168.255.12
VLAN-302 00:00:5e:00:01:01 DR esi.1738 05:00:00:fe:4c:00:00:14:b6:00
VLAN-302 02:05:86:71:8d:00 D vtep.32769 192.168.255.12 Meaning
The output above confirms that the local switching table is correctly learning and installing MAC addresses for all endpoints. It also shows the relationship between MAC addresses, VLANs they are associated to (in this case, VLANs 101,102, 201,202, 301 and 302), and their next-hop interface.
Collapsed Core 2: Verifying Local Switching Table Information
Purpose
Verify that the local switching table has been populated correctly.
Action
Verify that the local switching table is installing MAC address information for locally attached hosts and receiving advertisements from the other leaf devices with information about remote hosts.
user@campus-tme-ex4650-02> show ethernet-switching table
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static
SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
Ethernet switching table : 12 entries, 12 learned
Routing instance : default-switch
Vlan MAC MAC Logical SVLBNH/ Active
name address flags interface VENH Index source
VLAN-101 00:00:5e:00:01:01 DR esi.1878 05:00:00:fe:4c:00:00:13:ed:00
VLAN-101 02:05:86:71:5d:00 D vtep.32769 192.168.255.11
VLAN-102 00:00:5e:00:01:01 DR esi.1958 05:00:00:fe:4c:00:00:13:ee:00
VLAN-102 02:05:86:71:5d:00 D vtep.32769 192.168.255.11
VLAN-201 00:00:5e:00:01:01 DR esi.1960 05:00:00:fe:4c:00:00:14:51:00
VLAN-201 02:05:86:71:5d:00 D vtep.32769 192.168.255.11
VLAN-202 00:00:5e:00:01:01 DR esi.1959 05:00:00:fe:4c:00:00:14:52:00
VLAN-202 02:05:86:71:5d:00 D vtep.32769 192.168.255.11
VLAN-301 00:00:5e:00:01:01 DR esi.1860 05:00:00:fe:4c:00:00:14:b5:00
VLAN-301 02:05:86:71:5d:00 D vtep.32769 192.168.255.11
VLAN-302 00:00:5e:00:01:01 DR esi.1957 05:00:00:fe:4c:00:00:14:b6:00
VLAN-302 02:05:86:71:5d:00 D vtep.32769 192.168.255.11
Meaning
The output above confirms that the local switching table is correctly learning and installing MAC addresses for all endpoints. It also shows the relationship between MAC addresses, VLANs they are associated to (in this case, VLANs 101,102, 201,202, 301 and 302), and their next-hop interface.
Collapsed Core1: Verifying Multihomed Ethernet Segment
Purpose
Check the multihomed connection from Access Switch 1 to the collapsed core devices.
Action
Verify the local interfaces that are part of the Ethernet segment, other collapsed core devices that are part of the same Ethernet segment, the bridge domains that are part of the Ethernet segment, and the designated forwarder for the Ethernet segment.
user@campus-tme-ex4650-01> show evpn instance esi 00:11:11:11:11:11:11:11:11:01 extensive
Instance: default-switch
Route Distinguisher: 192.168.255.11:1
Encapsulation type: VXLAN
Duplicate MAC detection threshold: 5
Duplicate MAC detection window: 180
MAC database status Local Remote
MAC advertisements: 6 12
MAC+IP advertisements: 12 12
Default gateway MAC advertisements: 12 6
Number of local interfaces: 2 (2 up)
Interface name ESI Mode Status AC-Role
.local..3 00:00:00:00:00:00:00:00:00:00 single-homed Up Root
ae11.0 00:11:11:11:11:11:11:11:11:01 all-active Up Root
Number of IRB interfaces: 6 (6 up)
Interface name VLAN VNI Status L3 context
irb.101 5101 Up JNPR_2_VRF
irb.102 5102 Up JNPR_2_VRF
irb.201 5201 Up JNPR_1_VRF
irb.202 5202 Up JNPR_1_VRF
irb.301 5301 Up JNPR_3_VRF
irb.302 5302 Up JNPR_3_VRF
Number of protect interfaces: 0
Number of bridge domains: 6
VLAN Domain-ID Intfs/up IRB-intf Mode MAC-sync IM-label v4-SG-sync IM-core-NH v6-SG-sync IM-core-NH Trans-ID
101 5101 1 1 irb.101 Extended Enabled 5101 Enabled 131134 Disabled 5101
102 5102 1 1 irb.102 Extended Enabled 5102 Enabled 131130 Disabled 5102
201 5201 1 1 irb.201 Extended Enabled 5201 Enabled 131142 Disabled 5201
202 5202 1 1 irb.202 Extended Enabled 5202 Enabled 131138 Disabled 5202
301 5301 1 1 irb.301 Extended Enabled 5301 Enabled 131126 Disabled 5301
302 5302 1 1 irb.302 Extended Enabled 5302 Enabled 131122 Disabled 5302
Number of neighbors: 1
Address MAC MAC+IP AD IM ES Leaf-label Remote-DCI-Peer
192.168.255.12 12 12 8 6 0
Number of ethernet segments: 7
ESI: 00:11:11:11:11:11:11:11:11:01
Status: Resolved by IFL ae11.0
Local interface: ae11.0, Status: Up/Forwarding
Number of remote PEs connected: 1
Remote-PE MAC-label Aliasing-label Mode
192.168.255.12 0 0 all-active
DF Election Algorithm: MOD based
Designated forwarder: 192.168.255.12
Backup forwarder: 192.168.255.11
Last designated forwarder update: Aug 19 10:21:50
Router-ID: 192.168.255.11
SMET Forwarding: Enabled: Nexthop Limit: 10000 Nexthop Usage: 1Meaning
Interface ae11.0 is part of this Ethernet segment. The virtual networks (Employees, Guests, and IoT) are part of this Ethernet segment. The remote PE or collapsed core device participating in this Ethernet segment is 192.168.255.12.
Collapsed Core 2: Verifying Multihomed Ethernet Segment
Purpose
Check the multihomed connection from Access Switch 1 to the collapsed core.
Action
Verify that the local interfaces that are part of the Ethernet segment, other collapsed core devices that are part of the same Ethernet segment, the bridge domains that are part of the Ethernet segment, and the designated forwarder for the Ethernet segment.
user@campus-tme-ex4650-02> show evpn instance esi 00:11:11:11:11:11:11:11:11:01 extensive
Instance: default-switch
Route Distinguisher: 192.168.255.12:1
Encapsulation type: VXLAN
Duplicate MAC detection threshold: 5
Duplicate MAC detection window: 180
MAC database status Local Remote
MAC advertisements: 6 12
MAC+IP advertisements: 12 12
Default gateway MAC advertisements: 12 0
Number of local interfaces: 2 (2 up)
Interface name ESI Mode Status AC-Role
.local..3 00:00:00:00:00:00:00:00:00:00 single-homed Up Root
ae11.0 00:11:11:11:11:11:11:11:11:01 all-active Up Root
Number of IRB interfaces: 6 (6 up)
Interface name VLAN VNI Status L3 context
irb.101 5101 Up JNPR_2_VRF
irb.102 5102 Up JNPR_2_VRF
irb.201 5201 Up JNPR_1_VRF
irb.202 5202 Up JNPR_1_VRF
irb.301 5301 Up JNPR_3_VRF
irb.302 5302 Up JNPR_3_VRF
Number of protect interfaces: 0
Number of bridge domains: 6
VLAN Domain-ID Intfs/up IRB-intf Mode MAC-sync IM-label v4-SG-sync IM-core-NH v6-SG-sync IM-core-NH Trans-ID
101 5101 1 1 irb.101 Extended Enabled 5101 Enabled 131088 Disabled 5101
102 5102 1 1 irb.102 Extended Enabled 5102 Enabled 131084 Disabled 5102
201 5201 1 1 irb.201 Extended Enabled 5201 Enabled 131076 Disabled 5201
202 5202 1 1 irb.202 Extended Enabled 5202 Enabled 131072 Disabled 5202
301 5301 1 1 irb.301 Extended Enabled 5301 Enabled 131080 Disabled 5301
302 5302 1 1 irb.302 Extended Enabled 5302 Enabled 131093 Disabled 5302
Number of neighbors: 1
Address MAC MAC+IP AD IM ES Leaf-label Remote-DCI-Peer
192.168.255.11 12 12 8 6 0
Number of ethernet segments: 7
ESI: 00:11:11:11:11:11:11:11:11:01
Status: Resolved by IFL ae11.0
Local interface: ae11.0, Status: Up/Forwarding
Number of remote PEs connected: 1
Remote-PE MAC-label Aliasing-label Mode
192.168.255.11 0 0 all-active
DF Election Algorithm: MOD based
Designated forwarder: 192.168.255.12
Backup forwarder: 192.168.255.11
Last designated forwarder update: Aug 19 10:21:50
Router-ID: 192.168.255.12
SMET Forwarding: Enabled: Nexthop Limit: 10000 Nexthop Usage: 1Meaning
Interface ae11.0 is part of this Ethernet segment. The virtual networks 1, 2, and 3 are part of this Ethernet segment. The remote PE, or collapsed core device, participating in this Ethernet segment is 192.168.255.11.