Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring EVPN Active-Standby Multihoming

 

This example shows how to configure Ethernet VPN (EVPN) for multihomed customer edge (CE) devices in an EVPN, virtual switch, and VRF routing instance, and with an integrated routing and bridging (IRB) interface configuration.

Requirements

This example uses the following hardware and software components:

  • Four MX Series 5G Universal Routing Platforms with MPC interfaces only, where:

    • Two devices are configured as provider edge (PE) routers connected to a common multihomed customer site.

    • One device is configured as a remote PE router connected to a single-homed customer site.

  • Eight customer edge (CE) devices, where:

    • Two CE devices are multihomed.

    • Two CE devices are single-homed for each of the PE routers.

  • Junos OS Release 14.1 or later running on all the PE routers.

    Note

    Junos OS Release 14.1 and later releases are based on the EVPN draft-ietf-l2vpn-evpn-03. Releases prior to 14.1, support the older version of the EVPN draft, causing interoperability issues when Junos OS Release 14.1 and a previous release are running.

Before you begin:

  1. Configure the router interfaces.

  2. Configure OSPF or any other IGP protocol.

  3. Configure BGP.

  4. Configure LDP.

  5. Configure MPLS.

  6. Configure RSVP MPLS LSP or GRE tunnels.

Overview and Topology

Starting with Junos OS Release 14.1, the EVPN solution on MX Series routers with MPC interfaces is extended to provide multihoming functionality with active-standby mode of operation. The multihoming functions include autodiscovery of Ethernet segments, Ethernet segment route construction, and Ethernet segment identifier (ESI) label assignment.

Note

Prior to Junos OS Release 15.1, the EVPN functionaliy support on MX Series Routers was limited to routers using MPC and MIC interfaces only. However, starting with Junos OS Release 15.1, MX Series Routers using DPCs can be leveraged to provide EVPN support on the CE device-facing interface.

The DPC support for EVPN is provided with the following considerations:

  • DPCs provide support for EVPN in the active-standby mode of operation including support for the following:

    1. EVPN instance (EVI)

    2. Virtual switch (VS)

    3. Integrated routing and bridging (IRB) interfaces

  • DPCs intended for providing the EVPN active-standby support should be the CE device-facing line card. The PE device interfaces in the EVPN domain should use only MPC and MIC interfaces.

Note

When configuring active-standby EVPN multihoming, be aware of the following limitations:

  • An interface or ESI can be attached to more than one EVI, with a maximum limit of 200 EVIs per ESI.

  • For an EVPN routing instance, only one logical interface per physical interface or ESI can be attached to an EVI.

  • For a virtual switch routing instance, only one logical interface per physical interface or ESI can be configured under a bridge domain.

  • All the PE routers in the network topology should be running Junos OS Release 14.1 or later releases, which are based on the EVPN draft-ietf-l2vpn-evpn-03. Junos OS releases prior to 14.1 support the older version of the EVPN draft, causing interoperability issues when Junos OS Release 14.1 and a previous release are running.

Figure 1: EVPN Active-Standby Multihoming
EVPN Active-Standby Multihoming

In Figure 1, Routers PE1 and PE2 are provider edge (PE) routers connected to multihomed customer edge (CE) devices, Device CE1 and CE2. Router PE3 is a remote PE router connected to a single-homed customer site, and Router P is the provider router connected to Routers PE1, PE2, and PE3.

There are three routing instances running in the topology – ALPHA, BETA, and DELTA, with the virtual switch, EVPN, and VRF type of routing instance, respectively. All the PE routers are connected to one single-homed CE device each for the ALPHA and BETA routing instances. Device CE1 belongs to the ALPHA routing instance, and Device CE2 belongs to the BETA routing instance.

For Router PE1, Device CE-A1 and Device CE-B1 are the single-homed CE devices for the routing instances ALPHA and BETA, respectively. In the same way, Device CE-A2 and Device CE-A3 belong to the ALPHA routing instance, and Device CE-B2 and Device CE-B3 belong to the BETA routing instances connected to Routers PE2 and PE3, respectively.

Note

The active-standby multihoming can be configured under any EVPN routing-instance. Both evpn and virtual-switch instance types are supported in active-standby EVPN multihoming. The vrf routing-instance is configured to illustrate the EVPN IRB functionality, in addition to multihoming, and is not mandatory for the active-standby EVPN multihoming feature to work.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

CE1

CE-A1

CE-A2

CE-A3

CE2

CE-B1

CE-B2

CE-B3

PE1

PE2

PE3

P

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode.

To configure Router PE1:

Note

Repeat this procedure for Router PE2 after modifying the appropriate interface names, addresses, and other parameters.

  1. Configure Router PE1 interfaces.
  2. Configure the loopback address of Router PE1 as the router ID.
  3. Set the autonomous system number for Router PE1.
  4. Enable chained composite next hop for the EVPN.
  5. Enable MPLS on the loopback interface of Router PE1 and the interface connecting PE1 to Router P.
  6. Configure the BGP group for Router PE1.
  7. Assign local and neighbor addresses to the EVPN-PE BGP group for Router PE1 to peer with Routers PE2 and PE3.
  8. Include the EVPN signaling Network Layer Reachability Information (NLRI) to the EVPN-PE group.
  9. Configure OSPF on the loopback interface of Router PE1 and the interface connecting PE1 to Router P.
  10. Enable LDP on the loopback interface of Router PE1 and the interface connecting PE1 to Router P.
  11. Configure the virtual switch routing instance – ALPHA.
  12. Configure the extended VLAN list for the ALPHA routing instance.
  13. Set the type for the bridging domain in the ALPHA routing instance.
  14. Set the VLAN for the bridging domain in the ALPHA routing instance.
  15. Configure the interface names for the ALPHA routing instance.
  16. Configure the route distinguisher for the ALPHA routing instance.
  17. Configure the VPN routing and forwarding (VRF) target community for the ALPHA routing instance.
  18. Configure the EVPN routing instance – BETA.
  19. Set the VLAN identifier for the bridging domain in the BETA routing instance.
  20. Configure the interface names for the BETA routing instance.
  21. Configure the route distinguisher for the BETA routing instance.
  22. Configure the VPN routing and forwarding (VRF) target community for the BETA routing instance.
  23. Configure the VRF routing instance – DELTA.
  24. Configure the interface names for the DELTA routing instance.
  25. Configure the route distinguisher for the DELTA routing instance.
  26. Configure the VPN routing and forwarding (VRF) target community for the DELTA routing instance.

Results

From configuration mode, confirm your configuration by entering the show interfaces, show routing-options, show protocols, and show routing-instances commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Verification

Confirm that the configuration is working properly in the following different areas on all the PE routers, where Router PE1 is the designated forwarder (DF), Router PE2 is the non-DF, and Router PE3 is the remote PE:

  1. EVPN routing instance configuration

  2. EVPN multihoming routes

  3. DF election process

  4. IRB and virtual switch routing instance configuration

  5. Host route entries

Verifying the EVPN Instance Status

Purpose

Verify the EVPN routing instances and their status.

Action

Router PE1

From operational mode, run the show evpn instance extensive command.

user@PE1> show evpn instance extensive

Router PE2

From operational mode, run the show evpn instance extensive command.

user@PE2> show evpn instance extensive

Router PE3

From operational mode, run the show evpn instance extensive command.

user@PE3> show evpn instance extensive

Meaning

The output provides the following information:

  • List of EVPN and virtual switch routing instances.

  • Mode of operation of each interface

  • Neighbors of each routing instance.

  • Number of different routes received from each neighbor.

  • ESI attached to each routing instance.

  • Number of Ethernet segments on each routing instance.

  • DF election roles for each ESI in an EVI.

  • VLAN ID and MAC labels for each routing instance.

  • IRB interface details

  • Number of default gateway MAC addresses received for the virtual switch routing instance (ALPHA).

Verifying the Autodiscovery Routes per Ethernet Segment

Purpose

Verify that the autodiscovery routes per Ethernet segment are received.

Action

Router PE1

From operational mode, run the show route table ALPHA.evpn.0 command.

user@PE1> show route table ALPHA.evpn.0

Router PE2

From operational mode, run the show route table ALPHA.evpn.0 command.

user@PE2> show show route table ALPHA.evpn.0

Router PE3

From operational mode, run the show route table ALPHA.evpn.0 command.

user@PE3> show route table ALPHA.evpn.0

Meaning

The remote type 1 autodiscovery route is received for the ESI attached to Router PE2, which is the other PE router connected to the multihomed CE device.

Verifying the Ethernet Segment Route

Purpose

Verify that the local and advertised autodiscovery routes per Ethernet segment and the Ethernet segment routes are received.

Action

Router PE1

From operational mode, run the show route table __default_evpn__.evpn.0 command.

user@PE1> show route table __default_evpn__.evpn.0

Router PE2

From operational mode, run the show route table __default_evpn__.evpn.0 command.

user@PE2> show route table __default_evpn__.evpn.0

Meaning

The output displays the local and remote type 1 (autodiscovery) and type 4 (Ethernet segment) routes:

  • 1:10.255.0.1:0::112233445566778899::0/304—Autodiscovery route per Ethernet segment for each local ESI attached to Router PE1 and Router PE2.

  • 4:10.255.0.1:0::112233445566778899:10.255.0.1/304—Ethernet segment route for each local ESI attached to Router PE1 and Router PE2.

  • 4:10.255.0.2:0::112233445566778899:10.255.0.2/304—Remote Ethernet segment route from Router PE2.

Verifying the DF Status

Purpose

Confirm which PE router is the designated forwarder (DF).

Action

From operational mode, run the show evpn instance ALPHA esi esi designated-forwarder command.

user@PE1> show evpn instance ALPHA esi 00:11:22:33:44:55:66:77:88:99 designated-forwarder

Meaning

Router PE1 is the DF for the ALPHA routing instance.

Verifying the BDF Status

Purpose

Confirm which PE router is the backup designated forwarder (BDF).

Action

From operational mode, run the show evpn instance ALPHA esi esi backup-forwarder command.

user@PE1> show evpn instance ALPHA esi 00:11:22:33:44:55:66:77:88:99 backup-forwarder

Meaning

Router PE2 is the BDF for the ALPHA routing instance.

Verifying Remote IRB MAC

Purpose

Verify that the remote gateway MAC addresses are synchronized among all the PE routers.

Action

Router PE1

From operational mode, run the show bridge evpn peer-gateway-mac command.

user@PE1> show bridge evpn peer-gateway-mac

Router PE2

From operational mode, run the show bridge evpn peer-gateway-mac command.

user@PE2> show bridge evpn peer-gateway-mac

Router PE3

From operational mode, run the show bridge evpn peer-gateway-mac command.

user@PE2> show bridge evpn peer-gateway-mac

Meaning

The remote gateway MAC addresses are synchronized:

  • Router PE3 gateway MAC is installed in Routers PE1 and PE2 peer-gateway-mac table.

  • Routers PE1 and PE2 gateway MAC addresses are installed in Router PE3 peer-gateway-mac table.

Verifying Remote IRB and Host IP

Purpose

Verify that the remote IRB IP and the host IP are received.

Action

Router PE1

From operational mode, run the show route table DELTA command.

user@PE1> show route table DELTA

Router PE2

From operational mode, run the show route table DELTA command.

user@PE2> show route table DELTA

Router PE3

From operational mode, run the show route table DELTA command.

user@PE3> show route table DELTA

Meaning

The output displays the local and remote IRB interfaces. It also displays the local and remote hosts that are installed in the VRF table:

On Router PE1:

  • 10.0.0.1/32—Local host in the virtual switch routing instance.

  • 10.0.0.2/32 and 10.0.0.3/32—Remote host in the virtual switch routing instance.

  • 10.0.0.250/32—Local IRB in the virtual switch routing instance.

  • 10.0.0.253/32—Remote IRB in the virtual switch routing instance.

Verifying ARP Table

Purpose

Verify the ARP table entries.

Action

Router PE1

From operational mode, run the show evpn arp-table command.

user@PE1> show evpn arp-table

Router PE2

From operational mode, run the show evpn arp-table command.

user@PE2> show evpn arp-table

Router PE3

From operational mode, run the show evpn arp-table command.

user@PE3> show evpn arp-table

Meaning

The EVPN instance and ARP are synchronized with the host MAC and IP address for local hosts.

Verifying Bridge ARP Table

Purpose

Verify the bridge ARP table entries.

Action

Router PE1

From operational mode, run the show bridge evpn arp-table command.

user@PE3> show bridge evpn arp-table

Router PE2

From operational mode, run the show bridge evpn arp-table command.

user@PE3> show bridge evpn arp-table

Router PE3

From operational mode, run the show bridge evpn arp-table command.

user@PE3> show bridge evpn arp-table

Meaning

The virtual switch instance and ARP are synchronized with the local host MAC and IP address.

Verifying Bridge MAC Table

Purpose

Verify the bridge MAC table entries.

Action

Router PE1

From operational mode, run the show bridge mac-table command.

user@PE1> show bridge mac-table

Router PE2

From operational mode, run the show bridge mac-table command.

user@PE2> show bridge mac-table

Router PE3

From operational mode, run the show bridge mac-table command.

user@PE3> show bridge mac-table

Meaning

The virtual switch instance installed local and remote host MAC addresses in the bridge MAC table.

Related Documentation