Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring LACP for EVPN VXLAN Active-Active Multihoming

 

This example shows how to configure the Link Aggregation Control Protocol (LACP) on multihomed customer edge (CE) and provider edge (PE) devices in an Ethernet VPN (EVPN) VXLAN active-active multihomed network.

Requirements

This example uses the following hardware and software components:

  • Three QFX10002, QFX5100, QFX5110, QFX5200 switches, or QFX5100 Virtual Chassis configured as PE devices, and one QFX5100 switch configured as a CE device.

  • Junos OS Release 17.1 or later running on all switches.

Overview

For another level of redundancy, you can configure EVPN VXLAN active-active multihoming by configuring LACP on both the endpoints of the multihomed CE-PE link. The multihomed devices are configured with aggregated trunk links, where the link aggregation group (LAG) interfaces of the CE-PE link can either be in the active or in the standby state. When the LAG interface is in the active state, data traffic is transmitted over the CE-PE link. When the LAG interface is in the standby state, data traffic is blocked and only control traffic for communicating LAG interface state is transmitted over the link.

LACP monitors and operates the LAG interface to ensure fast convergence on isolation of a multihomed PE device from the core. When there is a core failure, a traffic black hole can occur at the isolated PE device. However, with the support for LACP on the CE-PE link, at the time of core isolation, the CE-facing interface of the multihomed PE device is set to the standby state, thereby blocking data traffic transmission from and toward the multihomed PE device. After the core recovers from the failure, the interface state is switched back from standby to active.

Note

On QFX10002 and QFX10008 switches, only LACP for EVPN active-active multihoming with VXLAN is supported.

When you configure LACP on the CE-PE link, isolation of the multihomed PE device from the core is handled as follows:

  1. The LACP peers synchronize the configuration and operational data.

    The LACP peers synchronize by exchanging control PDUs, and is required for the following reasons:

    • To determine the state of the links in the Ethernet bundle—all-active or standby.

    • To detect and handle CE device misconfiguration when LACP Port Key is configured on the PE device.

    • To detect and handle miswiring between CE and PE devices when LACP Port Key is configured on the PE device.

    • To detect and react to actor or partner churn when the LACP speakers are not able to converge.

  2. When the peers are null for a multihomed PE device, the PE device is isolated from the core. In this case, the isolated PE device notifies the CE devices that are connected to the isolated PE device that there is a core failure.
  3. Data traffic is not forwarded from the CE device to the isolated multihomed PE device. Instead, the traffic is diverted to the other multihomed PE devices that belong to the same LAG. This prevents traffic black holes at the isolated PE device.
  4. If the multihomed CE device uses the LAG for load balancing traffic to multiple active multihomed PE devices, then the LACP configuration along with the same system ID configured on all the multihomed PE devices for that given LAG, triggers an LACP out-of-sync to all the attached multihomed CE links.

When configuring LACP on the multihomed devices, be aware of the following considerations:

  • The LAG link can operate either in the active or in the standby state regardless of the UP/DOWN operational state.

  • When you reboot the system, the LACP link on the multihomed PE device is in the active state.

  • When the control plane goes down, LACP is notified to run multiplexer state machine for the aggregation port and move the link from active to standby.

  • An interface is not treated as up unless it operates in the active state and its operational state is also up.

Topology

Figure 1 illustrates an EVPN VXLAN active-active multihoming network with LACP configured on the multi-homed CE and PE devices. Device CE1 is single-homed and is connected to remote PE1 and PE2 devices. Device CE2 is multi-homed to PE1 and PE2 devices.

Figure 1: LACP Support in EVPN Active-Active Multihoming
LACP Support in EVPN Active-Active Multihoming

Core isolation of Device PE1, for example, is handled as follows:

  1. After PE2 and PE1 establish a BGP session, LACP sets the state of the CE-PE link to unblocking mode.
  2. When there is a core failure, this can cause a traffic black hole at Device CE1.

    To prevent this situation, the LAG interface that is facing Device CE2 is changed from the active state to the standby state by LACP.

  3. LACP sends an out of-sync notification on the attached multihomed CE2 link to block traffic transmission between Device CE2 and Device PE1.
  4. When the control plane recovers, Device PE2 is switched back from standby to active by LACP.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Device PE3

Device PE1

Device PE2

Device CE2

Configuring LACP for EVPN Active-Active Multihoming on PE3

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure Device PE3:

  1. Configure uplink interfaces towards PE1 and PE2 devices.
  2. Configure xe-0/0/8 as a Layer 2 interface.
  3. Configure a loopback interface.
  4. Create VLANs v100 and v200.
  5. Map VLANs v100 and v200 to VNIs 100 and 200.
  6. Configure the router ID and autonomous system number.
  7. Specify the loopback interface as the source address for the VTEP tunnel.
  8. Specify a route distinguisher to uniquely identify routes sent from this device.
  9. Specify the global VRF export policy.
  10. Configure an internal BGP group for PE3 to peer with PE1 and PE2.
  11. Configure an OSPF area.
  12. Set VXLAN as the data plane encapsulation for EVPN.
  13. Specify that all VNI(s) are advertised by EVPN.

Results

From configuration mode, confirm your configuration by entering the show chassis, show interfaces, show routing-options, show protocols, and show routing-instances commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.

Configuring LACP for EVPN Active-Active Multihoming on PE1

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure Device PE1:

  1. Specify the number of aggregated Ethernet interfaces to be created on Device PE1.
  2. Configure the interfaces that connect to the CE device.
  3. Configure xe-0/0/9 as a Layer 2 interface.
  4. Configure ae0 as a Layer 2 interface.
  5. Configure the interface towards the multihomed device, CE2.

    Use the same ESI value on all PE devices where the CE2 is multihomed.

  6. Configure LACP on the ae0.

    Use the same system ID value on all PE devices where the CE2 is multihomed.

  7. Configure a loopback interface.
  8. Create VLANs v100 and v200.
  9. Map VLANs v100 and v200 to VNIs 100 and 200.
  10. Configure a router ID and autonomous system number.
  11. Specify the loopback interface as the source address for the VTEP tunnel.
  12. Specify a route distinguisher to uniquely identify routes sent from this device.
  13. Specify the global VRF export policy.
  14. Configure an internal BGP group for PE3 to peer with PE1 and PE2.
  15. Configure an OSPF area.
  16. Set VXLAN as the data plane encapsulation for EVPN.
  17. Specify that all VNI(s) are advertised by EVPN.

Results

From configuration mode, confirm your configuration by entering the show chassis, show interfaces, show routing-options, show protocols, and show routing-instances commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.

Configuring LACP for EVPN Active-Active Multihoming on PE2

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure Device PE2:

  1. Specify the number of aggregated Ethernet interfaces to be created on Device PE1.
  2. Configure the interface that connects to the CE device.
  3. Configure xe-0/0/5 as a Layer 2 interface.
  4. Configure ae0 as a Layer 2 interface.
  5. Configure the interface towards the multihomed device, CE2.

    Use the same ESI value on all PE devices where the CE2 is multihomed.

  6. Configure LACP on the ae0.

    Use the same system ID value on all PE devices where the CE2 is multihomed.

  7. Configure a loopback interface.
  8. Create VLANs v100 and v200.
  9. Map VLANs v100 and v200 to VNIs 100 and 200.
  10. Configure a router ID and autonomous system number.
  11. Specify the loopback interface as the source address for the VTEP tunnel.
  12. Specify a route distinguisher to uniquely identify routes sent from this device.
  13. Specify the global VRF export policy.
  14. Configure an internal BGP group for PE3 to peer with PE1 and PE2.
  15. Configure an OSPF area.
  16. Set VXLAN as the data plane encapsulation for EVPN.
  17. Specify that all VNI(s) are advertised by EVPN.

Results

From configuration mode, confirm your configuration by entering the show chassis, show interfaces, show routing-options, show protocols, and show routing-instances commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.

Configuring LACP for EVPN Active-Active Multihoming on CE2

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure Device CE1:

  1. Configure VLANs v100 and v200.
  2. Configure xe-0/0/3 as a Layer 2 interface.
  3. Add member interfaces to ae0.
  4. Configure ae0 as a Layer 2 interface.
  5. Configure LACP as active for ae0.

Results

From configuration mode, confirm your configuration by entering the show chassis, show interfaces, show routing-options, show protocols, and show routing-instances commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying LACP Interface Status of PE1

Purpose

Verify the LACP interface state on Device PE1.

Action

From operational mode, run the show lacp interfaces command.

user@PE1> show lacp interfaces

Meaning

The LACP LAG interface state is active.

Note

Core isolation state down (CDN) in LACP interface indicates that the LACP interface is down because all the eBGP sessions for Ethernet VPN (EVPN) are down.

Verifying LACP Interface Status of PE2

Purpose

Verify the LACP interface state on Device PE2.

Action

From operational mode, run the show lacp interfaces command.

user@PE2> show lacp interfaces

Meaning

The LACP LAG interface state is active.

Note

Core isolation state down (CDN) in LACP interface indicates that the LACP interface is down because all the eBGP sessions for Ethernet VPN (EVPN) are down.