Configure BGP Unnumbered EVPN Fabric
SUMMARY Quickly configure the BGP unnumbered peering feature.
Overview
Starting with Junos OS Release 21.1R1, Juniper supports BGP unnumbered (auto-discovered) peering. This feature automatically configures BGP peering and related route exchange in an EVPN-VXLAN fabric underlay. The underlay's E-BGP peering uses dynamically discovered link-local IPv6 addresses of directly connected fabric devices.
When configuring BGP unnumbered peering, you only need to configure a minimum number configuration statements. These configuration statements are used to quickly bootstrap an IPv6 based underlay. This underlay supports the EVPN-VXLAN overlay. Although the underlay uses native IPv6, it also supports IPv4 routes with IPv6 next-hops (RFC5549) . This means that the underlay supports both IPv4 and IPv6 workloads and their related virtual networks (VNs) in the EVPN-VXLAN overlay. A complete discussion of IPv6 stateless auto-configuration is beyond the scope of this document.
The following list highlights the key features of BGP unnumbered peering:
- Automatically configures stateless link-local IPv6 addresses on all IPv6 enabled interfaces.
- Supports a list of allowed AS numbers to simplify peering to remote fabric devices.
- Uses IPv6 Router Advertisements (RAs) that provides dynamic discovery of directly attached neighbors.
- Uses IPv6 neighbor discovery to resolve the neighbor's link-local IP to the corresponding MAC address to facilitate link level communications.
- The local end uses the discovered peer link-local and MAC addresses to send a BGP open message to directly attached neighbors. This open message contains the local peer's AS number. The remote peer matches this against its list of allowed AS numbers to decide if the session is allowed. Likewise, the local peer matches on the remote peer's AS number, as returned in the remote peer's open message.
- Provides you with a simple BGP policy that advertises all directly connected networks (at a minimum, the loopback address of each fabric device must be advertised).
- Uses the default E-BGP policy to re-advertise the routes learned from other fabric devices.
- Uses the BGP AS path length is to prevent loops and to provide optimum route selection for ECMP load balancing.
- Because the underlay provides loopback reachability, you can easily add an EVPN-VXLAN overlay.
BGP unnumbered peering only supports EBGP. Multihop EBGP and IBGP are not supported.
Requirements
The requirements for staging this NCE are:
-
Junos OS or Junos OS Evolved release 21.1R1 or higher. For the full list of supported devices and OS versions, see Supported Juniper Devices.
-
Topology
The following topology shows a a simple two spine and two leaf topology. Refer to this topology when performing the Step-by-Step Configuration in the next section.. Some points to note about the topology include:
- The fabric underlay is pure IPv6. This includes the device loopback addresses.
- The attached workloads are IPv4 based. This is to demonstrate support for IPv4 over IPv6 (RFC 5549). IPv6 workloads are also supported in the overlay. You may assume these are bare metal servers (BMS) that are preconfigured with the IP addressing shown. The VLAN membership is used to map these workloads into overlay VNs that are isolated by VXLAN encapsulation. The access interfaces are untagged in this example.
- You expect to have routed connectivity between the server workloads when you add an overlay. The overlay can be either Centrally-routed bridging (CRB) or Edge-routed bridging (ERB) as desired. The BGP unnumbered underlay supported either type of overlay. See EVPN Primer for information on EVPN-VXLAN overlay architecture options.
Step-by-Step Configuration
This section provides step-by-step instructions on how to configure BGP unnumbered peering. Because the configuration is similar on all the fabric devices, the configuration for the Leaf 1 device is only shown here.
To get you up and running quickly, we've provided configurations for the fabric devices inQuick Configurations.
Step-by-Step Configuration: Leaf 1
-
Enable the
inet6family on all fabric interfaces. These fabric interfaces attach the leaf to the spine device. Theinet6family provides support for IPv6 stateless auto-configuration and neighbor discovery. To support IPv4 workloads you must also add theinetfamily.set interfaces xe-0/0/0 unit 0 family inet6 set interfaces xe-0/0/0 unit 0 family inet set interfaces xe-0/0/1 unit 0 family inet6 set interfaces xe-0/0/1 unit 0 family inet
Note:If you have a large number of fabric interfaces, consider using a configuration group. This configuration group applies the
inet6family to all 10GE interfaces on the first FPC and PIC. The configuration group does not create the interface. For this configuration group to work, the interface must already be present in the configuration ( for example, the interface is present with just an interface description or some other interface parameter like an IPv4 address).root@leaf1# show groups v6-unnum interfaces { "<xe-0/0/[*]>" { unit 0 { family inet; family inet6; } } } root@leaf1# show apply-groups apply-groups v6-unnum; -
Create the loopback interface and configure the IPv6 address. The loopback address is used to support BGP peering when you add the EVPN-VXLAN overlay.
set interfaces lo0 unit 0 family inet6 address 2001:db8:100::3/128
-
Configure a policy that specifies the list of BGP AS numbers you want to allow for dynamic BGP peering.
set policy-options as-list a-list members [65000-65100]
Note:Junos OS support for an AS number list is a key component of the BGP unnumbered peering solution. The AS number list simplifies dynamic BGP peering because it eliminates the need to explicitly list the AS number associated with each directly connected peer.
-
Configure a per-packet load balancing policy. A load balancing policy allows multiple equal-cost next-hops to be installed in the forwarding table. This provides rapid fail-over to alternative equal-cost fabric hops in the vent of a link failure.
set policy-options policy-statement load-balancing-policy then load-balance per-packet
-
Apply the per-packet load balancing policy to the forwarding table.
set routing-options forwarding-table export load-balancing-policy
-
Configure a policy to advertise direct routes. Because link-local subnets are not exported, in this example, this policy advertises only the loopback address. You'll use this same loopback address later when you configure BGP peering in the overlay.
set policy-options policy-statement DIRECT-RTS from protocol direct set policy-options policy-statement DIRECT-RTS then accept
-
Configure the Router ID (RID). Because this is an example of a native IPv6 fabric you must ensure there is an IPv4 formatted router ID available. In most cases, the RID is automatically derived from the loopback address, but in this example, the loopback is IPv6 only.
set routing-options router-id 10.0.0.4
-
Configure router-advertisement on all fabric interfaces. When RA is enabled the interface periodically sends RA messages. RA messages are used to discover the remote neighbor's link-local IP, which in turn kicks off neighbor discovery and the rest of the dynamic peering process.
set protocols router-advertisement interface xe-0/0/0 set protocols router-advertisement interface xe-0/0/1
-
Configure a BGP group to support unnumbered peering. A policy that exports direct routes is applied to this group. You must include all fabric interfaces in this group and you must enable them for
peer-auto-discovery. This group is linked to the policy that defines the AS numbers allowed for dynamic peering.You enable load balancing over multiple paths and multiple AS numbers. Recall that in this fabric each node uses a unique AS number. Multipath load balancing (ECMP) to multiple AS numbers enables fast fail-over by allowing the RIB to install multiple next hops that point to these different AS numbers. Adding support for extended IPv4 nexthops allows IPv4 route exchange over the IPv6 BGP sessions.
set protocols bgp group auto-disc family inet6 unicast set protocols bgp group auto-disc family inet unicast extended-nexthop set protocols bgp group auto-disc export DIRECT-RTS set protocols bgp group auto-disc local-as 65003 set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery family inet6 ipv6-nd set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery interface xe-0/0/0 set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery interface xe-0/0/1 set protocols bgp group auto-disc peer-as-list a-list set protocols bgp group auto-disc multipath multiple-as
Results
Recall that all fabric devices have similar configurations. For brevity, only the configuration delta for leaf 1 is shown.
user@leaf-1> show configuration
system {
host-name leaf1;
}
interfaces {
xe-0/0/0 {
unit 0 {
family inet;
family inet6;
}
}
xe-0/0/1 {
unit 0 {
family inet;
family inet6;
}
}
lo0 {
unit 0 {
family inet6 {
address 2001:db8:100::3/128;
}
}
}
}
policy-options {
policy-statement DIRECT-RTS {
from protocol direct;
then accept;
}
policy-statement load-balancing-policy {
then load-ballance per-packet;
}
as-list a-list members 65000-65100;
}
routing-options {
router-id 10.0.0.3;
forwarding-table {
export load-balancing-policy;
}
}
protocols {
router-advertisement {
interface xe-0/0/0.0;
interface xe-0/0/1.0;
}
bgp {
group auto-disc {
family inet6 {
unicast;
}
family inet {
unicast {
extended-nexthop;
}
}
export DIRECT-RTS;
local-as 65003;
multipath;
dynamic-neighbor FABRIC {
peer-auto-discovery {
family inet6 {
ipv6-nd;
}
interface xe-0/0/0.0;
interface xe-0/0/1.0;
}
}
peer-as-list a-list;
}
}
}
Quick Configurations
To get you up and running quickly, we've provided you with quick configurations for each node in the topology. Make sure that you edit these configurations to match your fabric specifics and paste them into the corresponding fabric node.
CLI Quick Configuration
The device configurations omit the management interface, static routes, system logging, system services, and user login information. These parts of the configuration vary by location and are not directly related to BGP unnumbered peering functionality.
Edit the following commands as needed for the specifics of your environment and
paste them into the related fabric device's terminal window when in
configuration mode at the [edit] hierarchy:
The quick configuration for leaf 1:
set system host-name leaf1 set interfaces xe-0/0/0 unit 0 family inet set interfaces xe-0/0/1 unit 0 family inet set interfaces xe-0/0/0 unit 0 family inet6 set interfaces xe-0/0/1 unit 0 family inet6 set interfaces lo0 unit 0 family inet6 address 2001:db8:100::3/128 set policy-options as-list a-list members [65000-65100] set policy-options policy-statement DIRECT-RTS from protocol direct set policy-options policy-statement DIRECT-RTS then accept set policy-options policy-statement load-balancing-policy then load-balance per-packet set protocols router-advertisement interface xe-0/0/0 set protocols router-advertisement interface xe-0/0/1 set protocols bgp group auto-disc family inet6 unicast set protocols bgp group auto-disc export DIRECT-RTS set protocols bgp group auto-disc local-as 65003 set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery family inet6 ipv6-nd set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery interface xe-0/0/0 set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery interface xe-0/0/1 set protocols bgp group auto-disc peer-as-list a-list set protocols bgp group auto-disc multipath multiple-as set routing-options forwarding-table export load-balancing-policy set routing-options router-id 10.0.0.3
The quick configuration for leaf 2:
set system host-name leaf2 set interfaces xe-0/0/0 unit 0 family inet set interfaces xe-0/0/1 unit 0 family inet set interfaces xe-0/0/0 unit 0 family inet6 set interfaces xe-0/0/1 unit 0 family inet6 set interfaces lo0 unit 0 family inet6 address 2001:db8:100::4/128 set policy-options as-list a-list members [65000-65100] set policy-options policy-statement DIRECT-RTS from protocol direct set policy-options policy-statement DIRECT-RTS then accept set policy-options policy-statement load-balancing-policy then load-balance per-packet set protocols router-advertisement interface xe-0/0/0 set protocols router-advertisement interface xe-0/0/1 set protocols bgp group auto-disc family inet6 unicast set protocols bgp group auto-disc export DIRECT-RTS set protocols bgp group auto-disc local-as 65004 set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery family inet6 ipv6-nd set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery interface xe-0/0/0 set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery interface xe-0/0/1 set protocols bgp group auto-disc peer-as-list a-list set protocols bgp group auto-disc multipath multiple-as set routing-options forwarding-table export load-balancing-policy set routing-options router-id 10.0.0.4
The quick configuration for spine 1:
set system host-name spine1 set interfaces xe-0/0/0 unit 0 family inet set interfaces xe-0/0/1 unit 0 family inet set interfaces xe-0/0/0 unit 0 family inet6 set interfaces xe-0/0/1 unit 0 family inet6 set interfaces lo0 unit 0 family inet6 address 2001:db8:100::1/128 set policy-options as-list a-list members [65000-65100] set policy-options policy-statement DIRECT-RTS from protocol direct set policy-options policy-statement DIRECT-RTS then accept set policy-options policy-statement load-balancing-policy then load-balance per-packet set protocols router-advertisement interface xe-0/0/0 set protocols router-advertisement interface xe-0/0/1 set protocols bgp group auto-disc family inet6 unicast set protocols bgp group auto-disc export DIRECT-RTS set protocols bgp group auto-disc local-as 65001 set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery family inet6 ipv6-nd set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery interface xe-0/0/0 set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery interface xe-0/0/1 set protocols bgp group auto-disc peer-as-list a-list set protocols bgp group auto-disc multipath multiple-as set routing-options forwarding-table export load-balancing-policy set routing-options router-id 10.0.0.1
The quick configuration for spine 2:
set system host-name spine2 set interfaces xe-0/0/0 unit 0 family inet set interfaces xe-0/0/1 unit 0 family inet set interfaces xe-0/0/0 unit 0 family inet6 set interfaces xe-0/0/1 unit 0 family inet6 set interfaces lo0 unit 0 family inet6 address 2001:db8:100::2/128 set policy-options as-list a-list members [65000-65100] set policy-options policy-statement DIRECT-RTS from protocol direct set policy-options policy-statement DIRECT-RTS then accept set policy-options policy-statement load-balancing-policy then load-balance per-packet set protocols router-advertisement interface xe-0/0/0 set protocols router-advertisement interface xe-0/0/1 set protocols bgp group auto-disc family inet6 unicast set protocols bgp group auto-disc export DIRECT-RTS set protocols bgp group auto-disc local-as 65002 set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery family inet6 ipv6-nd set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery interface xe-0/0/0 set protocols bgp group auto-disc dynamic-neighbor FABRIC peer-auto-discovery interface xe-0/0/1 set protocols bgp group auto-disc peer-as-list a-list set protocols bgp group auto-disc multipath multiple-as set routing-options forwarding-table export load-balancing-policy set routing-options router-id 10.0.0.2
Be sure to commit the configuration changes on all devices. Congratulations on your new IPv6 underlay!
The configuration of the server devices is not relevant until you add the EVPN-VXLAN overlay. Until the overlay is added, these devices are isolated and unable to ping any other fabric or server devices. Part of adding the overlay involves configuring the access port parameters, such as VLAN ID and tagged vs. untagged, to be compatible with the attached device.
For now, it's sufficient to assume the server devices are configured with IPv4 addressing as shown in the topology diagram and that they are configured for untagged (access interface) operation.
In the next section, we show you how to verify proper operation of the BGP unnumbered underlay.