Successfully reported this slideshow.

More Related Content

Similar to EVPN Introduction

PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...
PROIDEA
Ccnpswitch
Siddhartha Rajbhatt
Multivendor MPLS L3VPN
Stefano Sasso
Demystifying EVPN in the data center: Part 1 in 2 episode series
Cumulus Networks
OpenNebulaConf2018 - Scalable L2 overlay networks with routed VXLAN / BGP EVP...
OpenNebula Project
Fabric Path PPT by NETWORKERS HOME
networkershome
CS6551 COMPUTER NETWORKS
Kathirvel Ayyaswamy
OTV(Overlay Transport Virtualization)
NetProtocol Xpert
Multiprotocol label switching (mpls) - Networkshop44
Jisc
Lacp settting
PCCW GLOBAL
Deploying IP/MPLS VPN - Cisco Networkers 2010
Febrian ‎
Building DataCenter networks with VXLAN BGP-EVPN
Cisco Canada
Ccna ppt1
AIRTEL
Practice
Avinash Singal
Layer3protocols
assinha
Open Shortest Path First
Atakan ATAK
ACI MultiPod Config Guide
Woo Hyung Choi
Ccna day3
Sabiulla Barkathullah
Mpls Presentation Ine
Alp isik
Label distribution protocol
Atakan ATAK

More from Bangladesh Network Operators Group

Measuring the Internet Economy: How Networks Create Value
Bangladesh Network Operators Group
RPKI Deployment Status in Bangladesh
Bangladesh Network Operators Group
Route Origin Validation - A MANRS Approach
Bangladesh Network Operators Group
31, Get more from your IPv4 resources
Bangladesh Network Operators Group
The Post Covid-19 Cybersecurity World - Where Is It Headed?
Bangladesh Network Operators Group
Secured Internet Gateway for ISP with pfsense & FRR
Bangladesh Network Operators Group
Social CDN Business : Paid or Free - bdNOG12 Panel Discussion
Bangladesh Network Operators Group
Routing Security - its importance and status in South Asia
Bangladesh Network Operators Group
Having Honeypot for Better Network Security Analysis
Bangladesh Network Operators Group
MANRS for Network Operators - bdNOG12
Bangladesh Network Operators Group
Hands-on DNSSEC Deployment
Bangladesh Network Operators Group
Challenges for BdREN in COVID Environment
Bangladesh Network Operators Group
Lifting the Lid on Lawful Intercept
Bangladesh Network Operators Group
BGPalerter: BGP prefix monitoring
Bangladesh Network Operators Group
Learning from failures
Bangladesh Network Operators Group
RPKI invalids aren't gone yet
Bangladesh Network Operators Group
Log analysis with elastic stack
Bangladesh Network Operators Group
IPv6 Deployment Update
Bangladesh Network Operators Group
Routing diff
Bangladesh Network Operators Group
SEGMENT Routing
Bangladesh Network Operators Group

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
The Impulse Economy: Understanding Mobile Shoppers and What Makes Them Buy Gary Schwartz
(4.5/5)
Free
Tubes: A Journey to the Center of the Internet Andrew Blum
(4/5)
Free
Emergence: The Connected Lives of Ants, Brains, Cities, and Software Steven Johnson
(4.5/5)
Free
World Wide Mind: The Coming Integration of Humanity, Machines, and the Internet Michael Chorost
(4/5)
Free
An Army of Davids: How Markets and Technology Empower Ordinary People to Beat Big Media, Big Government, and Other Goliaths Glenn Reynolds
(4/5)
Free
In the Plex: How Google Thinks, Works, and Shapes Our Lives Steven Levy
(4.5/5)
Free
Hamlet's BlackBerry: A Practical Philosophy for Building a Good Life in the Digital Age William Powers
(4/5)
Free
The Thank You Economy Gary Vaynerchuk
(4/5)
Free
Talking Back to Facebook: The Common Sense Guide to Raising Kids in the Digital Age James P. Steyer
(4.5/5)
Free
The Nature of the Future: Dispatches from the Socialstructed World Marina Gorbis
(4/5)
Free
Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live Jeff Jarvis
(3.5/5)
Free
Socialnomics: How Social Media Transforms the Way We Live and Do Business Erik Qualman
(4/5)
Free
The End of Business As Usual: Rewire the Way You Work to Succeed in the Consumer Revolution Brian Solis
(5/5)
Free
Blog Schmog: The Truth About What Blogs Can (and Can't) Do for Your Business Robert W. Bly
(4/5)
Free
Google's PageRank and Beyond: The Science of Search Engine Rankings Amy N. Langville
(3/5)
Free
Digital Vertigo: How Today's Online Social Revolution Is Dividing, Diminishing, and Disorienting Us Andrew Keen
(3/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
Platform: Get Noticed in a Noisy World Michael Hyatt
(4.5/5)
Free
Ten Arguments for Deleting Your Social Media Accounts Right Now Jaron Lanier
(4/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community that Will Listen Findaway
(4.5/5)
Free
Stop Checking Your Likes: Shake Off the Need for Approval and Live an Incredible Life Susie Moore
(4/5)
Free
This Machine Kills Secrets: How Wikileakers, Cypherpunks, and Hacktivists Aim to Free the World's Information Andy Greenberg
(4/5)
Free
The Dark Net: Inside the Digital Underworld Jamie Bartlett
(4/5)
Free
Who Owns the Future? Jaron Lanier
(4/5)
Free
Cryptography: The Key to Digital Security, How It Works, and Why It Matters Keith Martin
(4/5)
Free
Kill All Normies: Online Culture Wars From 4Chan And Tumblr To Trump And The Alt-Right Angela Nagle
(4/5)
Free
Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous Gabriella Coleman
(4/5)
Free
Cyberwar: How Russian Hackers and Trolls Helped Elect a President—What We Don't, Can't, and Do Know Kathleen Hall Jamieson
(3/5)
Free
Exploding Data: Reclaiming Our Cyber Security in the Digital Age Michael Chertoff
(4.5/5)
Free
Internet Riches: The Simple Money-Making Secrets of Online Millionaires Scott Fox
(4/5)
Free
Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World Don Tapscott
(4/5)
Free
The Secret Life: Three True Stories of the Digital Age Andrew O'Hagan
(4/5)
Free
Parenting for a Digital Future: How Hopes and Fears about Technology Shape Children's Lives Sonia Livingstone
(0/5)
Free

EVPN Introduction

  1. 1. EVPN Introduction • Nurul Islam Roman, Optus, Australia
  2. 2. What is EVPN? • Full form is Ethernet VPN • Carry layer 2 traffic over (Overlay) a Layer 3 network (Underlay) • In theory EVPN could use any data plane encapsulation method • MPLS, VXLAN, MPLS-over-GRE/UDP etc • In practise it is used with MPLS and VXLAN data plane encapsulation so far. • So EVPN is a control plane technology and data plane can be MPLS or VXLAN
  3. 3. Traditional Network • L2 Segmentation using VLAN • Multiple VLAN on a switch • One IP subnet for each VLAN • SVI/Sub-if to do inter-VLAN routing
  4. 4. Challenges for New Demand • Dot 1Q encap/Q-in-Q tunnel to extend VLAN across multiple physical Switches • Redundant path is STP block • Etherchannel to bundle multiple link • No control plane to learn MAC • Dataplane support MAC learning (ARP)
  5. 5. Challenges for New Demand • Expand L2 network across DC, Sites or wider geographic region • Can we extend the trunk link or is this a practical solution? • Current infrastructure is a routed network and proven to be very stable. • Can a tunnelling technology address these challenges? • MAC address learning- Control Plane • Data (Frame) forwarding- Data Plane
  6. 6. Do we already have a solution for these? • Cisco FabricPath • IETF TRILL (TRansparent Interconnection of Lots of Links) • Need a link state routing protocol • VPWS/VPLS and so on • BGP base to exchange label • L2 MAC learning still data plane driven • No large-scale deployment
  7. 7. VPLS (Martini & Kompella)Model • Each tenant is represented by a VSI or similar • Each VSI is an extended bridge domain within a carrier MPLS network • Full mesh VC tunnel among VSI • MP-BGP l2-vpn address family control plane protocol is to exchange VPN labels only • Tunnel label and VC label • MAC address learning is still Flooding/Forwarding based • Scaling issue for carrier network for large scale deployment • Bandwidth cost limiting the scale • Need separate control plane protocol for L3 VPN
  8. 8. VPLS (Martini & Kompella)Model- Continue • L2 and L3 VPN on different address family • VPNv4 AFI • l2VPN AFI • Client L2 and L3 gateways are not integrated • Gateway deployment design introduce scalability issue for future growth • Introduce new integrated control plane protocol EVPN to address these challenges
  9. 9. Will EVPN be a Replacement of Current L2 VPN Technologies? • Current Layer 2 VPN technologies experiencing limitations • VPWS, VPLS has scaling issues for large scale deployment • Use dataplane forwarding to learn MAC address • Routing services require separate config which sometime can cause hairpin routing limitation • Improved Network Efficiency • No more data plane traffic to simulate ARP flooding instead use MP-BGP to exchange MAC address via L3 underlay • Integrated Layer 2/Layer 3 Functionality introducing IRB
  10. 10. Will EVPN be an Open Standard? • There are a number of RFC covers EVPN technology • BGP based widely used EVPN RFC is RFC7432 • A number of vendors started implementing EVPN since the early stage of the RFC process. • E.g. draft-ietf-l2vpn-evpn stage • Juniper QFX, MX and EX product range • Cisco Nexus product range • Interoperability among the vendors are still a challenge
  11. 11. VxLAN
  12. 12. VxLAN Data Plane Encapsulation Protocol • VXLAN - Virtual eXtensible Local Area Network • VNI - VXLAN Network Identifier • VXLAN Segment ID 24bit will map to VLAN ID • VTEP -VXLAN Tunnel End Point • A device (E.G. a PE) originates and/or terminates VXLAN tunnels • VXLAN Segment • VXLAN Layer 2 overlay network span across VTEP • VXLAN Gateway • L2: Forward L2 traffic across same VLANs on VTEP • L3: Forward L3 traffic between different VLAN on VTEP
  13. 13. VxLAN Data Plane- Inside VxLAN Header • 64 bit length • VNI 24 bit • I flag bit is set to 1 for valid VNI • R flag is reserved and need to be 0
  14. 14. VXLAN End Host Discovery • Option 1: Flood & Learn • Similar to VPLS, the original implementation of VxLAN relies on the data plane flood and learn discovery scheme. • Option 2: Separate Control Plane Learning • To address the scalability concern of flood and learn discovery, other controller-less control plane discovery scheme such BGP EVPN and OVSDB have been defined by IETF • Other SDN controller-based discovery scheme such as Cisco APIC or Juniper Contrail is an example.
  15. 15. EVPN Data Plane Encapsulation Options
  16. 16. MPLS Label for Data Plane Encapsulation • Probably be a topic for future bdNOG tutorial/Workshop
  17. 17. BGP EVPN Building Blocks • EVPN – Ethernet VPN • EVI -EVPN Instance • Span customer EVPN across PE devices • MAC-VRF • Virtual Routing and Forwarding table for MAC addresses on a PE • IP-VRF • Virtual Routing and Forwarding table for IP addresses on a PE • ES -Ethernet Segment • Multihome customer site via a set of Ethernet links • DF –Designated Forwarder
  18. 18. BGP EVPN Building Blocks- Continue • VTEP -VXLAN Tunnel End Point • A device (E.G. a PE) originates and/or terminates VXLAN tunnels • NVE -Network Virtualization Edges • Tunnel interface for VTEP • NVGRE -Network Virtualization using Generic Routing Encapsulation
  19. 19. Overlay and Underlay Network • Underlay • The underlay is the Layer 3 IP network that routes encapsulated frame/packet as normal IP traffic • Overlay • An overlay network is a service built on top of a physical network. It decouples network services from the underlaying infrastructure by further encapsulation of packet/frame inside another packet
  20. 20. BUM Traffic • Broadcast • Unknown Unicast • Multicast • Two way to facilitate host MAC address learning • Flood & learn • BGP EVPN control plane
  21. 21. BUM Traffic • Flood and learn is old way • BGP EVPN is new way • Facilitate only for known MAC • BUM traffic steel need a solution • IP Multicast underlay. L2 VNI mapped to IP multicast group. VTEP send PIM join/prune message • Enable Ingress Replication (IR) or Head-End Replication (HER). Ingress router build as a flood list to forward BUM traffic to all remote VTEP (Recently introduced)
  22. 22. EVPN Service Model • EVPN service model or deployment scenarios specifies 3 ways VLAN-to- VNI Mapping can be achieved 1. VLAN-Based Service Interface 2. VLAN Bundle Service Interface / Port-Based Service Interface 3. VLAN-Aware Bundle Service Interface • Most vendors however, only support option 1 and 3 from the list above
  23. 23. EVPN Service Model 1. VLAN-Based Service Interface • Has a one-to-one mapping between a VLAN ID on the interface and a MAC-VRF • EVPN instance consists of only a single broadcast domain. 2. VLAN Bundle Service Interface • Has a many-to-one mapping between VLANs and a MAC-VRF, and the MAC-VRF consists of a single bridge table. • EVPN instance corresponds to multiple broadcast domains 3. VLAN-Aware Bundle Service Interface • EVPN instance consists of multiple broadcast domains with • Each VLAN having its own bridge table.
  24. 24. EVPN Route Types
  25. 25. EVPN Route Types 1 • Known as Ethernet Auto-Discovery Route • Used for remote VTEP auto discovery • Used for advertising split-horizon label • Provides fast convergence through mass withdrawal • An Ethernet Tag ID is a 32-bit field containing either a 12-bit or 24-bit identifier • Identifies a particular broadcast domain for instance VLAN in an EVPN instance.
  26. 26. EVPN Route Types 2 • Known as MAC/IP advertisement route • Used to provides end-host reachability information
  27. 27. EVPN Route Types 3 • Known as Inclusive Multicast Ethernet Tag (IMET) route • Used to create the distribution list for ingress replication • Used to set up paths for BUM traffic per VLAN per EVI basis • Used to discover the multicast tunnels among the endpoints associated with a given EVI
  28. 28. EVPN Route Types 4 • Known as Ethernet segment Route • Used for Ethernet Segment auto- discovery by allowing VNE with the same ESI to discover each other • It allows for designated forwarder (DF) election
  29. 29. EVPN Route Types 5 • Known as IP Prefix Route • Used to decouple IP Prefix from MAC/IP route to provide IP prefix advertisement
  30. 30. Distributed Anycast Gateway • Gateway is closer to the end-hosts • Eliminate traffic hair pinning and unnecessary traffic backhauling to centralized gateway • Uses Anycast Gateway MAC (AGM) address to prevent traffic block-holed resulting from MAC mobility
  31. 31. Ethernet Segment Identifier (ESI) LAG • Gateway is closer to the end-hosts • Eliminate traffic hair pinning and unnecessary traffic backhauling to centralized gateway • Use an Ethernet Segment Identifier to tag the MAC on local interface • Uses Anycast Gateway MAC (AGM) address to prevent traffic block-holed resulting from MAC mobility
  32. 32. Integrated Routing and Bridging (IRB) • (IRB) allows the device in an EVPN to perform both bridging and routing on single bridge domain. • Bridge domain performs bridging when it forwards traffic to the same subnet & VLAN • Bridge Domain Interface performs routing when it forwards traffic to a different subnet & VLAN
  33. 33. Integrated Routing and Bridging (IRB) • Two Types of IRB Operation • Asymmetric IRB- via L2 VRF • Symmetric IRB- via L3 VRF by exchanging routes
  34. 34. Hands on • Lets do a quick LAB demo
  35. 35. Hands on • L2 VPN
  36. 36. Lab Topology • Two Spine • Two Leaves • Four Host • Two VLANs • VLAN 10 • VLAN 20 • Two Subnets • VLAN 10: 10.10.1.0/24 • VLAN 20: 10.20.1.0/24
  37. 37. Underlay Config • Interface interface eth1/1 no switchport ip unnumbered loop0 mtu 9216 no shut interface eth1/2 no switchport ip unnumbered loop0 mtu 9216 no shut interface loopback 0 description *** VTEP *** ip address 192.168.0.1/32
  38. 38. Underlay Config • OSPF router ospf OSPF_UNDERLAY log-adjacency-change interface loopback 0 ip router ospf OSPF_UNDERLAY area 0.0.0.0 interface ethernet1/1-2 medium p2p ip router ospf OSPF_UNDERLAY area 0.0.0.0
  39. 39. Underlay Config • Forward BUM Traffic using IP Multicast (PIM) int loopback 1 ip address 1.2.3.4/32 ip router ospf OSPF_UNDERLAY area 0.0.0.0 ip pim sparse-mode ip pim rp-address 1.2.3.4 group-list 224.0.0.0/4 ip pim ssm range 232.0.0.0/8 ip pim anycast-rp 1.2.3.4 192.168.0.1 ip pim anycast-rp 1.2.3.4 192.168.0.2 interface loopback 0 ip pim sparse-mode interface e1/1-2 ip pim sparse-mode
  40. 40. Overlay Config- L2 VPN • Spine to be used for overlay RR only router bgp 64520 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn retain route-target all template peer VXLAN_OVERLAY remote-as 64520 update-source loop0 address-family ipv4 unicast send-community extended route-reflector-client soft-reconfiguration inbound address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 192.168.0.3 inherit peer VXLAN_OVERLAY neighbor 192.168.0.4 inherit peer VXLAN_OVERLAY
  41. 41. Overlay Config- Leaf Contain Main EVPN Config • Enable VTEP Interface Interface nve1 no shut host-reachability protocol bgp source-interface loop0 sh interface nve1 (Verify)
  42. 42. Overlay Config- Leaf Contain Main EVPN Config • Verify VTEP Interface Leaf-1# sh interface nve 1 nve1 is up admin state is up, Hardware: NVE MTU 9216 bytes Encapsulation VXLAN Auto-mdix is turned off RX ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes TX ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes
  43. 43. Overlay Config- Leaf Contain Main EVPN Config • BGP EVPN Config router bgp 64520 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn retain route-target all template peer VXLAN_RR_OVERLAY remote-as 64520 update-source loop0
  44. 44. Overlay Config- Leaf Contain Main EVPN Config • BGP EVPN Config address-family ipv4 unicast send-community extended soft-reconfiguration inbound address-family l2vpn evpn send-community send-community extended neighbor 192.168.0.1 inherit peer VXLAN_RR_OVERLAY neighbor 192.168.0.2 inherit peer VXLAN_RR_OVERLAY
  45. 45. Overlay Config- Leaf Contain Main EVPN Config • Verify BGP EVPN Signalling Status Leaf-1# sh bgp ipv4 uni nei 192.168.0.1 | inc "Address family L2VPN EVPN" Address family L2VPN EVPN: advertised received Leaf-1# sh bgp ipv4 uni nei 192.168.0.2 | inc "Address family L2VPN EVPN" Address family L2VPN EVPN: advertised received
  46. 46. Anycast Gateway • Configuration & Verification hardware access-list tcam region arp-ether 256 fabric forwarding anycast-gateway-mac 0000.0011.1234 Leaf-1# show fabric forwarding internal topo-info | grep Anycast Forward Mode : Anycast Gateway Forward Mode : Anycast Gateway
  47. 47. Switch VLAN & VxLAN Related Config • Required VLAN and VNI Map vlan 10 vn-segment 100010 vlan 20 vn-segment 100020
  48. 48. Switch VLAN & VxLAN Related Config • L2 Gateway interface vlan10 no shutdown ip address 10.10.1.254/24 fabric forwarding mode anycast-gateway interface vlan20 no shutdown ip address 10.20.1.254/24 fabric forwarding mode anycast-gateway
  49. 49. Switch VLAN & VxLAN Related Config • L2 VRF/MAC VRF evpn vni 100010 l2 rd auto route-target import auto route-target export auto evpn vni 100020 l2 rd auto route-target import auto route-target export auto
  50. 50. Switch VLAN & VxLAN Related Config • Access port config interface e1/7 switchport mode access switchport access vlan 10 no shut interface e1/6 switchport mode access switchport access vlan 20 no shut
  51. 51. Switch VLAN & VxLAN Related Config • Verify L2VRF table for each VNI Leaf-1# show bgp l2vpn evpn vni-id 100010 [*** Snip ***] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.3:32777 (L2VNI 100010) *>l[2]:[0]:[0]:[48]:[0050.7966.6805]:[0]:[0.0.0.0]/216 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216 192.168.0.4 100 0 i *>l[2]:[0]:[0]:[48]:[0050.7966.6805]:[32]:[10.10.1.1]/272 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[10.10.1.2]/272 192.168.0.4 100 0 i
  52. 52. Switch VLAN & VxLAN Related Config • Verify L2VRF table for each VNI Leaf-1# show bgp l2vpn evpn vni-id 100020 [*** Snip ***] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.3:32787 (L2VNI 100020) *>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216 192.168.0.4 100 0 i *>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[32]:[10.20.1.1]/272 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[10.20.1.2]/272 192.168.0.4 100 0 i
  53. 53. Switch VLAN & VxLAN Related Config • Verify MAC VRF Table Leaf-1# sh system internal l2fwder mac [*** Snip ***] VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ * 20 0050.7966.6808 static - F F (0x47000001) nve-peer1 192.168 * 10 0050.7966.6805 dynamic 00:00:26 F F Eth1/7 G 20 5001.0003.0007 static - F F sup-eth1(R) G 10 5001.0003.0007 static - F F sup-eth1(R) * 20 0050.7966.6806 dynamic 00:03:56 F F Eth1/6 * 10 0050.7966.6807 static - F F (0x47000001) nve-peer1 192.168 G 555 5001.0003.0007 static - F F sup-eth1(R) 1 1 -00:00:00:11:12:34 - 1
  54. 54. Switch VLAN & VxLAN Related Config • Verify MAC VRF Table Leaf-2# sh system internal l2fwder mac [*** Snip ***] VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ * 20 0050.7966.6808 dynamic 00:04:57 F F Eth1/6 * 10 0050.7966.6805 static - F F (0x47000001) nve-peer1 192.168 G 20 5001.0003.0007 static - F F sup-eth1(R) G 10 5001.0003.0007 static - F F sup-eth1(R) * 20 0050.7966.6806 static - F F (0x47000001) nve-peer1 192.168 * 10 0050.7966.6807 dynamic 00:00:55 F F Eth1/7 G 555 5001.0003.0007 static - F F sup-eth1(R) 1 1 -00:00:00:11:12:34 - 1
  55. 55. Hands on • L3 VPN
  56. 56. Overlay Config- L3 VPN • L3 gateway VLAN & VNI VLAN 555 vn-segment 500555
  57. 57. Overlay Config- L3 VPN • L3 VRF config vrf context CUST1 vni 500555 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn
  58. 58. Overlay Config- L3 VPN • IRB Interface config interface vlan 555 no shutdown vrf member CUST1 ip forward
  59. 59. Overlay Config- L3 VPN • Allow L3 VNI through the VTEP interface nve1 member vni 500555 associate-vrf
  60. 60. Overlay Config- L3 VPN • BGP config VRF context router bgp 64520 vrf CUST1 log-neighbor-change address-family ipv4 unicast network 10.10.1.0/24 network 10.20.1.0/24 advertise l2vpn evpn
  61. 61. Overlay Config- L3 VPN • Assign anycast GW to L3 VRF interface vlan10 vrf member CUST1 ip address 10.10.1.254/24 fabric forwarding mode anycast-gateway interface vlan20 vrf member CUST1 ip address 10.20.1.254/24 fabric forwarding mode anycast-gateway
  62. 62. Config Verification- L3 VPN • Verify L3VRF table for each VNI Leaf-1# show bgp l2vpn evpn vni-id 500555 [Snip] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.3:3 (L3VNI 500555) *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[10.10.1.2]/272 192.168.0.4 100 0 i *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[10.20.1.2]/272 192.168.0.4 100 0 i * i[5]:[0]:[0]:[24]:[10.10.1.0]:[0.0.0.0]/224 192.168.0.4 100 0 i *>l 192.168.0.3 100 32768 i * i[5]:[0]:[0]:[24]:[10.20.1.0]:[0.0.0.0]/224 192.168.0.4 100 0 i *>l 192.168.0.3 100 32768 i
  63. 63. Config Verification- L3 VPN • Verify L3VRF table for each VNI Leaf-2# show bgp l2vpn evpn vni-id 500555 [Snip] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.4:3 (L3VNI 500555) *>i[2]:[0]:[0]:[48]:[0050.7966.6805]:[32]:[10.10.1.1]/272 192.168.0.3 100 0 i *>i[2]:[0]:[0]:[48]:[0050.7966.6806]:[32]:[10.20.1.1]/272 192.168.0.3 100 0 i *>l[5]:[0]:[0]:[24]:[10.10.1.0]:[0.0.0.0]/224 192.168.0.4 100 32768 i * i 192.168.0.3 100 0 i *>l[5]:[0]:[0]:[24]:[10.20.1.0]:[0.0.0.0]/224 192.168.0.4 100 32768 i * i 192.168.0.3 100 0 i
  64. 64. Hands on • L3 VPN Juniper vQFX10K
  65. 65. Juniper vQFX10K- Config • Underlay (Spine Interface) set interfaces lo0 unit 0 description "*** SPINE LOOPBACK ***" set interfaces lo0 unit 0 family inet address 172.16.0.1/32 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-1***" set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.1/30 set interfaces xe-0/0/1 mtu 9216 set interfaces xe-0/0/1 unit 0 description "SPINE-1-LEAF-2***" set interfaces xe-0/0/1 unit 0 family inet address 192.168.0.5/30
  66. 66. Juniper vQFX10K- Config • Underlay (Spine OSPF) set routing-options router-id 172.16.0.1 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface-type p2p set protocols ospf area 0.0.0.0 interface xe-0/0/1.0 set protocols ospf area 0.0.0.0 interface xe-0/0/1.0 interface-type p2p
  67. 67. Juniper vQFX10K- Config • Underlay (Leaf Interface) • Leaf 1 set interfaces lo0 unit 0 description "*** VTEP NEXT-HOP ***" set interfaces lo0 unit 0 family inet address 172.16.1.1/32 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-1***" set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.2/30 • Leaf 2 set interfaces lo0 unit 0 description "*** VTEP NEXT-HOP ***" set interfaces lo0 unit 0 family inet address 172.16.1.2/32 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-2***" set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.6/30
  68. 68. Juniper vQFX10K- Config • Underlay (Leaf OSPF) • Leaf 1 set routing-options router-id 172.16.1.1 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface- type p2p • Leaf 2 set routing-options router-id 172.16.1.2 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface- type p2p
  69. 69. Juniper vQFX10K- Config • Overlay (Leaf BGP) • Leaf 1 set protocols bgp group OVERLAY type internal set protocols bgp group OVERLAY local-address 172.16.1.1 set protocols bgp group OVERLAY family evpn signaling set protocols bgp group OVERLAY neighbor 172.16.1.2 description LEAF-2 set protocols bgp group OVERLAY neighbor 172.16.1.2 peer-as 65500 set protocols bgp group OVERLAY neighbor 172.16.1.2 local-as 65500 • Leaf 2 set protocols bgp group OVERLAY type internal set protocols bgp group OVERLAY local-address 172.16.1.2 set protocols bgp group OVERLAY family evpn signaling set protocols bgp group OVERLAY neighbor 172.16.1.1 description LEAF-2 set protocols bgp group OVERLAY neighbor 172.16.1.1 peer-as 65500 set protocols bgp group OVERLAY neighbor 172.16.1.1 local-as 65500
  70. 70. Juniper vQFX10K- Config • Overlay (Leaf VxLAN Encap) • Leaf 1 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication • Leaf 2 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication
  71. 71. Juniper vQFX10K- Config • Overlay (Leaf L3 VRF Config) • Leaf 1 set routing-instances CUST_A instance-type vrf set routing-instances CUST_A interface irb.100 set routing-instances CUST_A interface lo0.1 set routing-instances CUST_A route-distinguisher 172.16.1.1:5000 set routing-instances CUST_A vrf-target target:300:5000 set routing-instances CUST_A protocols evpn ip-prefix-routes advertise direct-nexthop set routing-instances CUST_A protocols evpn ip-prefix-routes encapsulation vxlan set routing-instances CUST_A protocols evpn ip-prefix-routes vni 5000 • Leaf 2 set routing-instances CUST_A instance-type vrf set routing-instances CUST_A interface irb.400 set routing-instances CUST_A interface lo0.1 set routing-instances CUST_A route-distinguisher 172.16.1.2:5000 set routing-instances CUST_A vrf-target target:300:5000 set routing-instances CUST_A protocols evpn ip-prefix-routes advertise direct-nexthop set routing-instances CUST_A protocols evpn ip-prefix-routes encapsulation vxlan set routing-instances CUST_A protocols evpn ip-prefix-routes vni 5000
  72. 72. Juniper vQFX10K- Config • Overlay (Leaf Switch Option Config) • Leaf 1 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 172.16.1.1:1 set switch-options vrf-target target:7777:7777 • Leaf 2 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 172.16.1.2:1 set switch-options vrf-target target:7777:7777
  73. 73. Juniper vQFX10K- Config • Overlay (Leaf VLAN to VNI Map Config) • Leaf 1 set vlans v100 vlan-id 100 set vlans v100 l3-interface irb.100 set vlans v100 vxlan vni 10010 set vlans v100 vxlan ingress-node-replication • Leaf 2 set vlans v400 vlan-id 400 set vlans v400 l3-interface irb.400 set vlans v400 vxlan vni 10040 set vlans v400 vxlan ingress-node-replication
  74. 74. Juniper vQFX10K- Config • Overlay (Leaf Host Switchport Config) • Leaf 1 set interfaces irb unit 100 family inet address 10.10.10.254/24 set interfaces xe-0/0/11 unit 0 family ethernet- switching vlan members v100 • Leaf 2 set interfaces irb unit 400 family inet address 40.40.40.254/24 set interfaces xe-0/0/11 unit 0 family ethernet- switching vlan members v400
  75. 75. Question?

×