ON THIS PAGE
Example: Configuring an EVPN with IRB Solution on EX9200 Switches
This example shows how to configure an integrated routing and bridging (IRB) solution in an Ethernet VPN (EVPN) deployment.
Requirements
This example uses the following hardware and software components:
Two EX9200 switches configured as PE routers
Junos OS Release 14.2 or later running on all the PE routers
Before you begin:
Configure the switch interfaces.
Configure OSPF or any other IGP protocol.
Configure BGP.
Configure LDP.
Configure MPLS.
Overview
In an EVPN solution, multiple VLANs can be defined within a particular EVPN instance, and one or more EVPN instances can be associated with a single Layer 3 VPN VRF. In general, each data center tenant is assigned a unique Layer 3 VPN virtual route forwarding (VRF), although the tenant can comprise one or more EVPN instances or VLANs per EVPN instance.
To support this flexibility and scalability factor, the EVPN solution provides support for the IRB interfaces on EX9200 switches to facilitate optimal Layer 2 and Layer 3 forwarding along with virtual machine mobility. The IRB interfaces are configured on each configured VLAN including the default VLAN for an EVPN instance.
IRB is the ability to do Layer 2 switching and Layer 3 routing within a single node, thus avoiding extra hops for inter-subnet traffic. The EVPN IRB solution eliminates the default gateway problem using the gateway MAC and IP synchronization, and avoids the triangular routing problem with Layer 3 interworking by creating IP host routes for virtual machines (VMs) in the tenant VRFs.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
CE1
PE1
PE2
CE2
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode.
To configure Router PE1:
Repeat this procedure for Router PE2, after modifying the appropriate interface names, addresses, and other parameters.
- Configure Router PE1 interfaces.[edit interfaces]user@PE1# set ge-1/0/8 unit 0 family inet address 192.0.2.1/24user@PE1# set ge-1/0/8 unit 0 family mplsuser@PE1# set ge-1/1/8 flexible-vlan-tagginguser@PE1# set ge-1/1/8 encapsulation flexible-ethernet-servicesuser@PE1# set ge-1/1/8 unit 0 encapsulation vlan-bridgeuser@PE1# set ge-1/1/8 unit 0 vlan-id 10user@PE1# set irb unit 0 family inet address 10.0.0.251/24user@PE1# set lo0 unit 0 family inet address 203.0.113.1/32
- Set the router ID and autonomous system number for Router
PE1.[edit routing-options]user@PE1# set router-id 203.0.113.1user@PE1# set autonomous-system 100
- Configure the chained composite next hop for EVPN.[edit routing-options]user@PE1# set forwarding-table chained-composite-next-hop ingress evpn
- Enable LDP on all interfaces of Router PE1, excluding
the management interface.[edit protocols]user@PE1# set ldp interface alluser@PE1# set ldp interface fxp0.0 disable
- Enable MPLS on all the interfaces of Router PE1, excluding
the management interface.[edit protocols]user@PE1# set mpls interface alluser@PE1# set mpls mpls interface fxp0.0 disable
- Configure the BGP group for Router PE1.[edit protocols]user@PE1# set bgp group ibgp type internal
- Assign local and neighbor addresses to the ibgp BGP group
for Router PE1 to peer with Router PE2.[edit protocols]user@PE1# set bgp group ibgp local-address 203.0.113.1user@PE1# set bgp group ibgp neighbor 203.0.113.2
- Include the EVPN signaling Network Layer Reachability
Information (NLRI) to the ibgp BGP group.[edit protocols]user@PE1# set bgp group ibgp family evpn signaling
- Configure OSPF on all the interfaces of Router PE1, excluding
the management interface.[edit protocols]user@PE1# set ospf area 0.0.0.0 interface alluser@PE1# set ospf area 0.0.0.0 interface fxp0.0 disable
- Configure the EVPN routing instance.[edit routing-instances]user@PE1# set evpna instance-type evpn
- Set the VLAN identifier for the bridging domain in the
evpna routing instance.[edit routing-instances]user@PE1# set evpna vlan-id 10
- Configure the interface name for the evpna routing instance.[edit routing-instances]user@PE1# set evpna interface ge-1/1/8.0
- Configure the IRB interface as the routing interface for
the evpna routing instance.[edit routing-instances]user@PE1# set evpna l3-interface irb.0
- Configure the route distinguisher for the evpna routing
instance.[edit routing-instances]user@PE1# set evpna route-distinguisher 203.0.113.1:100
- Configure the VPN routing and forwarding (VRF) target
community for the evpna routing instance.[edit routing-instances]user@PE1# set evpna vrf-target target:100:100
- Assign the interface name that connects the PE1 site to
the VPN.[edit routing-instances]user@PE1# set evpna protocols evpn interface ge-1/1/8.0
- Configure the VRF routing instance.[edit routing-instances]user@PE1# set vrf instance-type vrf
- Configure the IRB interface as the routing interface for
the vrf routing instance.[edit routing-instances]user@PE1# set vrf interface irb.0
- Configure the route distinguisher for the vrf routing
instancee.[edit routing-instances]user@PE1# set vrf route-distinguisher 203.0.113.1:300
- Configure the VRF label for the vrf routing instance.[edit routing-instances]user@PE1# set vrf vrf-table-label
Results
From configuration mode, confirm your configuration by entering the show interfaces, show routing-options, show protocols, and show routing-instances commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
Verification
Confirm that the configuration is working properly.
Verifying Local IRB MACs
Purpose
Verify that the local IRB MACs are learned from L2ALD.
Action
On Router PE1, determine the MAC address of the local IRB interface.
From operational mode, run the show interfaces irb extensive | match "Current address" command.
user@PE1> show interfaces irb extensive | match
"Current address"Current address: a8:d0:e5:54:0d:10, Hardware address: a8:d0:e5:54:0d:10
From operational mode, run the show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10" command.
user@PE1> show route table evpna.evpn.0 extensive
| find "a8:d0:e5:54:0d:10"2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10/384 (1 entry, 1 announced)
TSI:
Page 0 idx 0, (group PE type Internal) Type 1 val 0x2736568 (adv_entry)
Advertised metrics:
Flags: Nexthop Change
Nexthop: Self
Localpref: 100
AS path: [100] I
Communities: target:100:100 evpn-default-gateway
Path 2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10 Vector len 4. Val: 0
*EVPN Preference: 170
Next hop type: Indirect
Address: 0x26f8354
Next-hop reference count: 6
Protocol next hop: 10.255.0.1
Indirect next hop: 0x0 - INH Session ID: 0x0
State: <Active Int Ext>
Age: 23:29:08
Validation State: unverified
Task: evpna-evpn
Announcement bits (1): 1-BGP_RT_Background
AS path: I
Communities: evpn-default-gateway
Route Label: 299776Meaning
The MAC-only route for the local IRB interface appears in the EVPN instance route table on Router PE1 and is learned from EVPN and tagged with the default gateway extended community.
Verifying Remote IRB MACs
Purpose
Verify that the remote IRB MACs are learned from BGP.
Action
On Router PE1, determine the MAC address of the local IRB interface.
From operational mode, run the show interfaces irb extensive | match "Current address" command.
user@PE1> show interfaces irb extensive | match
"Current address"Current address: a8:d0:e5:54:0d:10, Hardware address: a8:d0:e5:54:0d:10
On Router PE2, verify that the remote IRB MACs are learned.
From operational mode, run the show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10" command.
user@PE2> show route table evpna.evpn.0 extensive
| find "a8:d0:e5:54:0d:10"2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10/384 (1 entry, 1 announced)
*BGP Preference: 170/-101
Route Distinguisher: 2.91.223.24:100
Next hop type: Indirect
Address: 0x26f8d6c
Next-hop reference count: 10
Source: 10.255.0.1
Protocol next hop: 10.255.0.1
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
State: <Secondary Active Int Ext>
Local AS: 100 Peer AS: 100
Age: 23:22:17 Metric2: 1
Validation State: unverified
Task: BGP_100.10.255.0.1
Announcement bits (1): 0-evpna-evpn
AS path: I
Communities: target:100:100 evpn-default-gateway
Import Accepted
Route Label: 299776
Localpref: 100
Router ID: 10.255.0.1
Primary Routing Table bgp.evpn.0
Indirect next hops: 1
Protocol next hop: 10.255.0.1 Metric: 1
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 1.0.0.1 via ge-1/0/8.0
Session Id: 0x1
10.255.0.1/32 Originating RIB: inet.3
Metric: 1 Node path count: 1
Forwarding nexthops: 1
Nexthop: 1.0.0.1 via ge-1/0/8.0
Meaning
The MAC-only route for the remote IRB interface appears in the EVPN instance route table on Router PE2 and is learned from BGP and tagged with the default gateway extended community.
Verifying Local IRB IPs
Purpose
Verify that the local IRB IPs are learned locally by RPD.
Action
On Router PE1, determine the MAC and IP addresses of the local IRB interface.
From operational mode, run the show interfaces irb extensive | match "Current address" command.
user@PE1> show interfaces irb extensive | match
"Current address"Current address: a8:d0:e5:54:0d:10, Hardware address: a8:d0:e5:54:0d:10
From operational mode, run the show interfaces irb.0 terse | match inet command.
user@PE1> show interfaces irb.0 terse | match
inetirb.0 up up inet 10.0.0.251/24
From operational mode, run the show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10::10.0.0.251" command.
user@PE2> show route table evpna.evpn.0 extensive
| find "a8:d0:e5:54:0d:10::10.0.0.251"2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10::10.0.0.251/384 (1 entry, 1 announced)
TSI:
Page 0 idx 0, (group PE type Internal) Type 1 val 0x27365a0 (adv_entry)
Advertised metrics:
Flags: Nexthop Change
Nexthop: Self
Localpref: 100
AS path: [100] I
Communities: target:100:100 evpn-default-gateway
Path 2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10::10.0.0.251 Vector len 4. Val: 0
*EVPN Preference: 170 <<<<<
Next hop type: Indirect
Address: 0x26f8354
Next-hop reference count: 6
Protocol next hop: 10.255.0.1
Indirect next hop: 0x0 - INH Session ID: 0x0
State: <Active Int Ext>
Age: 23:48:46
Validation State: unverified
Task: evpna-evpn
Announcement bits (1): 1-BGP_RT_Background
AS path: I
Communities: evpn-default-gateway
Route Label: 299776
Meaning
The MAC plus IP route for the local IRB interface appears in the EVPN instance route table on Router PE1 and is learned from EVPN and tagged with the default gateway extended community.
Verifying Remote IRB IPs
Purpose
Verify that the remote IRB IPs are learned from BGP.
Action
On Router PE1, determine the MAC and IP addresses of the local IRB interface.
From operational mode, run the show interfaces irb extensive | match "Current address" command.
user@PE1> show interfaces irb extensive | match
"Current address"Current address: a8:d0:e5:54:0d:10, Hardware address: a8:d0:e5:54:0d:10
From operational mode, run the show interfaces irb.0 terse | match inet command.
user@PE1> show interfaces irb.0 terse | match
inetirb.0 up up inet 10.0.0.251/24
On Router PE2, verify that the remote IRB IPs are learnt.
From operational mode, run the show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10::10.0.0.251" command.
user@PE2> show route table evpna.evpn.0 extensive
| find "a8:d0:e5:54:0d:10::10.0.0.251"2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10::10.0.0.251/384 (1 entry, 1 announced)
*BGP Preference: 170/-101
Route Distinguisher: 2.91.223.216:100
Next hop type: Indirect
Address: 0x26f8d6c
Next-hop reference count: 10
Source: 10.255.0.1
Protocol next hop: 10.255.0.1
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
State: <Secondary Active Int Ext>
Local AS: 100 Peer AS: 100
Age: 23:56:36 Metric2: 1
Validation State: unverified
Task: BGP_100.10.255.0.1
Announcement bits (1): 0-evpna-evpn
AS path: I
Communities: target:100:100 evpn-default-gateway
Import Accepted
Route Label: 299776
Localpref: 100
Router ID: 10.255.0.1
Primary Routing Table bgp.evpn.0
Indirect next hops: 1
Protocol next hop: 10.255.0.1 Metric: 1
Indirect next hop: 0x2 no-forward INH Session ID: 0x0
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 1.0.0.1 via ge-1/0/8.0
Session Id: 0x1
10.255.0.1/32 Originating RIB: inet.3
Metric: 1 Node path count: 1
Forwarding nexthops: 1
Nexthop: 1.0.0.1 via ge-1/0/8.0
Meaning
The MAC plus IP route for the remote IRB interface appears in the EVPN instance route table on Router PE2 and is tagged with the default gateway extended community.
Verifying CE-CE Inter-Subnet Forwarding
Purpose
Verify inter-subnet forwarding between Routers CE1 and CE2.
Action
From operational mode, run the show route table inet.0 command.
user@CE1> show route table inet.0inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:15:09
> to 10.0.0.251 via ge-1/1/7.0
10.0.0.0/24 *[Direct/0] 1d 23:24:30
> via ge-1/1/7.0
10.0.0.1/32 *[Local/0] 1d 23:24:38
Local via ge-1/1/7.0
From operational mode, run the ping command.
user@CE1> ping 198.51.100.2 interval 0.1 count 10PING 198.51.100.2 (20.0.0.2): 56 data bytes 64 bytes from 198.51.100.2: icmp_seq=0 ttl=63 time=0.919 ms 64 bytes from 198.51.100.2: icmp_seq=1 ttl=63 time=0.727 ms 64 bytes from 198.51.100.2: icmp_seq=2 ttl=63 time=0.671 ms 64 bytes from 198.51.100.2: icmp_seq=3 ttl=63 time=0.671 ms 64 bytes from 198.51.100.2: icmp_seq=4 ttl=63 time=0.666 ms 64 bytes from 198.51.100.2: icmp_seq=5 ttl=63 time=0.704 ms 64 bytes from 198.51.100.2: icmp_seq=6 ttl=63 time=0.763 ms 64 bytes from 198.51.100.2: icmp_seq=7 ttl=63 time=0.750 ms 64 bytes from 198.51.100.2: icmp_seq=8 ttl=63 time=12.967 ms 64 bytes from 198.51.100.2: icmp_seq=9 ttl=63 time=0.752 ms --- 198.51.100.2 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.666/1.959/12.967/3.670 ms
Meaning
Ping from Router CE1 to Router CE2 is successful.