Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring an EVPN with IRB Solution on EX9200 Switches

 

This example shows how to configure an integrated routing and bridging (IRB) solution in an Ethernet VPN (EVPN) deployment.

Requirements

This example uses the following hardware and software components:

  • Two EX9200 switches configured as PE routers

  • Junos OS Release 14.2 or later running on all the PE routers

Before you begin:

  1. Configure the switch interfaces.

  2. Configure OSPF or any other IGP protocol.

  3. Configure BGP.

  4. Configure LDP.

  5. Configure MPLS.

Overview

In an EVPN solution, multiple VLANs can be defined within a particular EVPN instance, and one or more EVPN instances can be associated with a single Layer 3 VPN VRF. In general, each data center tenant is assigned a unique Layer 3 VPN virtual route forwarding (VRF), although the tenant can comprise one or more EVPN instances or VLANs per EVPN instance.

To support this flexibility and scalability factor, the EVPN solution provides support for the IRB interfaces on EX9200 switches to facilitate optimal Layer 2 and Layer 3 forwarding along with virtual machine mobility. The IRB interfaces are configured on each configured VLAN including the default VLAN for an EVPN instance.

IRB is the ability to do Layer 2 switching and Layer 3 routing within a single node, thus avoiding extra hops for inter-subnet traffic. The EVPN IRB solution eliminates the default gateway problem using the gateway MAC and IP synchronization, and avoids the triangular routing problem with Layer 3 interworking by creating IP host routes for virtual machines (VMs) in the tenant VRFs.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

CE1

PE1

PE2

CE2

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode.

To configure Router PE1:

Note

Repeat this procedure for Router PE2, after modifying the appropriate interface names, addresses, and other parameters.

  1. Configure Router PE1 interfaces.
  2. Set the router ID and autonomous system number for Router PE1.
  3. Configure the chained composite next hop for EVPN.
  4. Enable LDP on all interfaces of Router PE1, excluding the management interface.
  5. Enable MPLS on all the interfaces of Router PE1, excluding the management interface.
  6. Configure the BGP group for Router PE1.
  7. Assign local and neighbor addresses to the ibgp BGP group for Router PE1 to peer with Router PE2.
  8. Include the EVPN signaling Network Layer Reachability Information (NLRI) to the ibgp BGP group.
  9. Configure OSPF on all the interfaces of Router PE1, excluding the management interface.
  10. Configure the EVPN routing instance.
  11. Set the VLAN identifier for the bridging domain in the evpna routing instance.
  12. Configure the interface name for the evpna routing instance.
  13. Configure the IRB interface as the routing interface for the evpna routing instance.
  14. Configure the route distinguisher for the evpna routing instance.
  15. Configure the VPN routing and forwarding (VRF) target community for the evpna routing instance.
  16. Assign the interface name that connects the PE1 site to the VPN.
  17. Configure the VRF routing instance.
  18. Configure the IRB interface as the routing interface for the vrf routing instance.
  19. Configure the route distinguisher for the vrf routing instancee.
  20. Configure the VRF label for the vrf routing instance.

Results

From configuration mode, confirm your configuration by entering the show interfaces, show routing-options, show protocols, and show routing-instances commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Verification

Confirm that the configuration is working properly.

Verifying Local IRB MACs

Purpose

Verify that the local IRB MACs are learned from L2ALD.

Action

On Router PE1, determine the MAC address of the local IRB interface.

From operational mode, run the show interfaces irb extensive | match "Current address" command.

user@PE1> show interfaces irb extensive | match "Current address"

From operational mode, run the show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10" command.

user@PE1> show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10"

Meaning

The MAC-only route for the local IRB interface appears in the EVPN instance route table on Router PE1 and is learned from EVPN and tagged with the default gateway extended community.

Verifying Remote IRB MACs

Purpose

Verify that the remote IRB MACs are learned from BGP.

Action

On Router PE1, determine the MAC address of the local IRB interface.

From operational mode, run the show interfaces irb extensive | match "Current address" command.

user@PE1> show interfaces irb extensive | match "Current address"

On Router PE2, verify that the remote IRB MACs are learned.

From operational mode, run the show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10" command.

user@PE2> show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10"

Meaning

The MAC-only route for the remote IRB interface appears in the EVPN instance route table on Router PE2 and is learned from BGP and tagged with the default gateway extended community.

Verifying Local IRB IPs

Purpose

Verify that the local IRB IPs are learned locally by RPD.

Action

On Router PE1, determine the MAC and IP addresses of the local IRB interface.

From operational mode, run the show interfaces irb extensive | match "Current address" command.

user@PE1> show interfaces irb extensive | match "Current address"

From operational mode, run the show interfaces irb.0 terse | match inet command.

user@PE1> show interfaces irb.0 terse | match inet

From operational mode, run the show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10::10.0.0.251" command.

user@PE2> show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10::10.0.0.251"

Meaning

The MAC plus IP route for the local IRB interface appears in the EVPN instance route table on Router PE1 and is learned from EVPN and tagged with the default gateway extended community.

Verifying Remote IRB IPs

Purpose

Verify that the remote IRB IPs are learned from BGP.

Action

On Router PE1, determine the MAC and IP addresses of the local IRB interface.

From operational mode, run the show interfaces irb extensive | match "Current address" command.

user@PE1> show interfaces irb extensive | match "Current address"

From operational mode, run the show interfaces irb.0 terse | match inet command.

user@PE1> show interfaces irb.0 terse | match inet

On Router PE2, verify that the remote IRB IPs are learnt.

From operational mode, run the show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10::10.0.0.251" command.

user@PE2> show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10::10.0.0.251"

Meaning

The MAC plus IP route for the remote IRB interface appears in the EVPN instance route table on Router PE2 and is tagged with the default gateway extended community.

Verifying CE-CE Inter-Subnet Forwarding

Purpose

Verify inter-subnet forwarding between Routers CE1 and CE2.

Action

From operational mode, run the show route table inet.0 command.

user@CE1> show route table inet.0

From operational mode, run the ping command.

user@CE1> ping 198.51.100.2 interval 0.1 count 10

Meaning

Ping from Router CE1 to Router CE2 is successful.