Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Preserving Bandwidth with IGMP Snooping in an EVPN-VXLAN Environment

 

This example shows how to configure IGMP snooping on provider edge (PE) devices in an Ethernet VPN (EVPN)-Virtual Extensible LAN. When multicast traffic arrives at the VXLAN core, a PE device configured with EVPN forwards traffic only to the local access interfaces where there are IGMP listeners.

Requirements

This example uses the following hardware and software components:

  • Two QFX10000 switches configured as multihomed PE devices that are connected to the CE, one QFX10000 device configured as a PE device connected to the multihomed PEs and a QFX5110 configured as a CE device.

  • Junos OS Release 17.2R1 or later running on all devices.

Overview

IGMP snooping is used to constrain multicast traffic in a broadcast domain to interested receivers and multicast devices. In an environment with significant multicast traffic, IGMP snooping preserves bandwidth because multicast traffic is forwarded only on those interfaces where there are IGMP listeners. IGMP is enabled to manage multicast group membership.

When you enable IGMP snooping on each VLAN, the device advertises EVPN Type 7 and Type 8 routes (Join and Leave Sync Routes) to synchronize IGMP join and leave states among multihoming peer devices in the EVPN instance. On the access side, devices only forward multicast traffic to subscribed listeners. However, multicast traffic is still flooded in the EVPN core even when there are no remote receivers.

Configuring IGMP snooping in an EVPN-VXLAN environment requires the following:

  • Multihoming peer PE devices in all-active mode.

  • IGMP version 2 only. (IGMP versions 1 and 3 are not supported.)

  • IGMP snooping configured in proxy mode for the PE to become the IGMP querier for the local access interfaces.

Note

On QFX5110 switches, to enable IGMP snooping in an EVPN-VXLAN multihoming environment, you must configure IGMP snooping on all VLANs associated with any configured VXLANs. You cannot selectively enable IGMP snooping only on those VLANs that might have interested listeners, because all the VXLANs share VXLAN tunnel endpoints (VTEPs) between the same multihoming peers and must have the same settings.

This feature supports both intra-VLAN and inter-VLAN multicast forwarding. You can configure a PE device to perform either or both. In this example, to enable inter-VLAN forwarding, each PE device is configured as a statically defined Protocol Independent Multicast (PIM) rendezvous point (RP) to enable multicast forwarding. You also configure the distributed-dr statement at the [edit protocols pim interface interface-name] hierarchy level for each IRB interface. This mode enables PIM to forward multicast traffic more efficiently by disabling PIM features that are not required in this scenario. When you configure this statement, PIM ignores the designated router (DR) status of the interface when processing IGMP reports received on the interface. When the interface receives the IGMP report, the PE device sends PIM upstream join messages to pull the multicast stream and forward it to the interface—regardless of the DR status of the interface.

Topology

Figure 1 illustrates an EVPN-VXLAN environment where two PE devices (PE1 and PE2) are connected to the customer edge (CE) device. These PEs are dual-ihomed in active-active mode to provide redundancy. A third PE device forwards traffic to the PE devices that face the CE. IGMP is enabled on integrated routing and bridging (IRB) interfaces. The CE device hosts five VLANs; IGMP snooping is enabled on all of the VLANs. Because this implementation does not support the use of a multicast router, each VLAN in the PE is enabled as an IGMP Layer 2 querier. The multihomed PE devices forward traffic towards the CE only on those interfaces where there are IGMP listeners. .

Figure 1: IGMP Snooping in an EVPN-VXLAN Environment
IGMP Snooping in an EVPN-VXLAN
Environment

Configuration

To configure IGMP Snooping in an EVPN-VXLAN environment, perform these tasks:

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Device PE1

Device PE2

CE

PE3

Configuring PE1

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure device PE1:

  1. Specify the number of aggregated Ethernet logical interfaces.
  2. Configure the interfaces.
  3. Configure active-active multihoming and enable the Link Aggregation Control Protocol (LACP) on each aggregated Ethernet interface.
  4. Configure each aggregated Ethernet interface as a trunk port.
  5. Configure IRB interfaces and virtual-gateway addresses.
  6. Configure the autonomous system.
  7. Configure OSPF.
  8. Configure BGP internal peering.
  9. Configure the VLANs.
  10. Enable EVPN.
  11. Configure an export routing policy to load balance EVPN traffic.
  12. Configure the source interface for the VXLAN tunnel.
  13. Enable IGMP on the IRB interfaces associated with the VLANs..
  14. Enable IGMP snooping on the VLANs.
  15. Configure PIM by defining a static rendezvous point and enabling on the IRB interfaces associated with the VLANs..Note

    This step is required only if you want to configure inter-VLAN forwarding. If your PE device is performing only intra-VLAN forwarding, omit this step.

Results

From configuration mode, confirm your configuration by entering the show chassis, show interfaces. show routing-options,show protocols, show vlans, show policy-options, and show switch-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Configuring PE2

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure device PE2:

  1. Specify the number of aggregated Ethernet logical interfaces.
  2. Configure the interfaces.
  3. Configure active-active multihoming and enable the Link Aggregation Control Protocol (LACP) on each aggregated Ethernet interface.
  4. Configure each aggregated Ethernet interface as a trunk port.
  5. Configure IRB interfaces and virtual-gateway addresses.
  6. Configure the autonomous system.
  7. Configure OSPF.
  8. Configure BGP internal peering.
  9. Configure the VLANs.
  10. Enable EVPN.
  11. Configure an export routing policy to load balance EVPN traffic and apply it to the forwarding-table.
  12. Configure the source interface for the VXLAN tunnel.
  13. Enable IGMP on the IRB interfaces.
  14. Enable IGMP snooping on the IRB interfaces.
  15. Configure PIM by defining a static rendezvous point and enabling on the IRB interfaces.Note

    This step is required only if you want to configure inter-VLAN forwarding. If your PE device is performing only intra-VLAN forwarding, omit this step.

Results

From configuration mode, confirm your configuration by entering the show chassis, show interfaces. show routing-options,show protocols, show vlans, show policy-options, and show switch-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Configuring CE Device

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure device CE:

  1. Specify the number of aggregated Ethernet logical interfaces.
  2. Configure the interfaces and enable LACP on the aggregated Ethernet interfaces.
  3. Create the Layer 2 customer bridge domains and the VLANs associated with the domains.
  4. Configure each interface to include in CE domain as a trunk port for accepting packets tagged with the specified VLAN identifiers.

Results

From configuration mode, confirm your configuration by entering the show chassis and show interfaces commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Configuring PE3

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure device PE3:

  1. Configure the interfaces.
  2. Configure each logical Ethernet interface as a trunk port for accepting packets tagged with the specified VLAN identifiers.
  3. Configure IRB interfaces and virtual-gateway addresses.
  4. Configure the autonomous system.
  5. Configure OSPF
  6. Configure BGP internal peering with PE1 and PE2.
  7. Configure the VLANs.
  8. Enable EVPN.
  9. Configure an export routing policy to load balance EVPN traffic.
  10. Configure the source interface for the VXLAN tunnel.
  11. Enable IGMP on the IRB interfaces.
  12. Enable IGMP snooping on the IRB interfaces.
  13. Configure PIM by defining the local rendezvous point and enabling on the IRB interfaces.Note

    This step is required only if you want to configure inter-VLAN forwarding. If your PE device is performing only intra-VLAN forwarding, omit this step.

Results

From configuration mode, confirm your configuration by entering the show chassis, show interfaces. show routing-options,show protocols, show vlans, show policy-options, and show switch-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Verification

Confirm that the configuration is working properly.

Verifying IGMP Messages are Synced

Purpose

Verify on each PE that IGMP join and leave messages are synced.

Action

From operational mode, run the show evpn instance extensive command.

user@PE1> show evpn instance extensive

Meaning

The SG Sync is Enabled and the IM Core next-hop field displays a valid route.

Verifying Source Addresses Are Learned and Multicast Traffic Is Being Forwarded

Purpose

Verify on each PE that multicast receivers have learned the source interface for the VXLAN tunnel.

Action

From operational mode, enter the show evpn igmp-snooping database extensive l2-domain-id 1 command and the show igmp snooping evpn database vlan VLAN1 commands.

These commands displays output for VLAN1. You can use them to display output for each configured VLAN

From operational mode, enter the show evpn multicast-snooping next-hops to verify that downstream interface has been learned.

user@PE1> show evpn igmp-snooping database extensive l2-domain-id 1
user@PE1> show igmp snooing evpn database vlan VLAN1
user@PE1> show evpn multicast-snooping next-hops