Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring VXLAN Data Center Interconnect Using EVPN

 

This example shows how to configure Virtual Extensible Local Area Network (VXLAN) data center connectivity using Ethernet VPN (EVPN) to leverage the benefits of EVPN as a data center interconnect (DCI) solution.

Requirements

This example uses the following hardware and software components:

  • Two provider edge (PE) devices in different data centers (DCs) acting as VXLAN tunnel endpoints (VTEPs).

  • Two customer edge (CE) devices.

  • Four host devices connected to each PE and CE device.

Before you begin:

  • Configure the device interfaces.

  • Configure an IGP, such as OSPF, on all the devices.

  • Establish a BGP session between the PE devices.

  • Configure MPLS and RSVP on the PE devices.

  • Configure PIM on the CE devices and in the routing instance of the PE devices.

Overview

VXLAN is a technology that provides intra data center connectivity using a tunneling scheme to stretch Layer 2 connections over an intervening Layer 3 network.

The Ethernet VPN (EVPN) technology, on the other hand, provides a solution for multipoint Layer 2 VPN services with advanced multihoming capabilities, using BGP control plane over MPLS/IP network.

Although several solutions are available for data center connectivity, the integration of EVPN with VXLAN in Junos OS Release 16.1 and later releases, provides an added advantage over the existing MPLS data center interconnect (DCI) technologies.

EVPN provides mechanisms for next generation DCI by adding extended control plane procedures to exchange Layer 2 MAC address and Layer 3 IP address information among the participating Data Center Border Routers (DCBRs). EVPN with its advanced features like active-active redundancy, aliasing, and mass MAC withdrawal helps in addressing the DCI challenges, such as seamless VM mobility and optimal IP routing, thus making it essential to provide VXLAN solutions over EVPN.

Figure 1 illustrates VXLAN data center interconnect using EVPN between devices PE1 and PE2 that are located in different data centers (DC1 and DC2, respectively). Each PE device is connected to one CE device and one host. All the PE and CE devices are configured under VLAN 10, and with the same VXLAN Network Identifier (VNI) of 10. Devices CE1 and PE1 belong to the multicast group of 192.168.1.10, and devices CE2 and PE2 belong to the multicast group of 172.16.1.10.

Topology

Figure 1: VXLAN Data Center Interconnect Using EVPN
VXLAN Data Center Interconnect Using EVPN

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

CE1

CE2

PE1

PE2

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode.

To configure Device CE1:

Note

Repeat this procedure for Device CE2 after modifying the appropriate interface names, addresses, and other parameters.

  1. Configure Device CE1 interfaces.
  2. Enable OSPF on Device CE1 interface, excluding the management interface.
  3. Enable PIM on all the interfaces of Device CE1.
  4. Configure an EVPN bridge domain, and assign VLAN ID and interface.
  5. Configure a VXLAN bridge domain, assign VXLAN ID, a multicast group address, and encapsulation and decapsulation parameters.

Step-by-Step Procedure

To configure Device PE1:

Note

Repeat this procedure for Device PE2 after modifying the appropriate interface names, addresses, and other parameters.

  1. Configure Device PE1 interfaces.
  2. Enable MPLS and RSVP on all the interfaces of Device PE1.
  3. Configure a label-switched-path from Device PE1 to Device PE2.
  4. Configure internal BGP peering between Devices PE1 and PE2, and enable EVPN signaling for the BGP session.
  5. Configure OSPF on Device PE1 interface, excluding the management interface.
  6. Configure an EVPN routing instance, assign the VXLAN tunnel endpoint source interface, VLAN ID, assign route distinguisher and VRF target values, and assign Device PE1 interface to the routing instance.
  7. Assign the VXLAN ID, multicast group address, and encapsulation and decapsulation parameters for the EVPN routing instance.
  8. Configure the first VPN routing and forwarding (VRF) routing instance, and assign route distinguisher and vrf-target values.
  9. Configure the second VRF routing instance, and assign Device PE1 interfaces, route distinguisher and vrf-target values.
  10. Configure OSPF and PIM protocols for the second VRF routing instance.

Results

From configuration mode, confirm your configuration by entering the show interfaces, show protocols, and show routing-instances commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

CE1

PE1

Verificatiton

Confirm that the configuration is working properly.

Verifying MAC Learning

Purpose

Verify the bridging and EVPN MAC table entries on CE and PE devices.

Action

On Device CE1, determine the bridging MAC table entries.

From operational mode, run the show bridge mac-table command.

user@CE1> show bridge mac-table

On Device PE1, determine the EVPN MAC table entries.

From operational mode, run the show evpn mac-table command.

user@PE1> show evpn mac-table

Meaning

The bridging and EVPN MAC tables have learned the VLAN configurations.

Verifying PIM Reachability

Purpose

Verify that the PIM configuration is working properly on the CE and PE devices.

Action

On Device CE1, verify PIM configuration.

From operational mode, run the show pim rps extensive command.

user@CE1> show pim rps extensive

From operational mode, run the show pim join extensive command.

user@CE1> show pim join extensive

Meaning

The device reachability using PIM is working as configured.

Verifying VXLAN Reachability

Purpose

Verify the connectivity between the VTEPs in the different data centers.

Action

From the operational mode, run the show l2-learning vxlan-tunnel-end-point source, show l2-learning vxlan-tunnel-end-point remote, and show interfaces vtep commands.

user@PE1> show l2-learning vxlan-tunnel-end-point source
user@PE2> show l2-learning vxlan-tunnel-end-point source
user@PE1> show l2-learning vxlan-tunnel-end-point remote
user@PE2> show l2-learning vxlan-tunnel-end-point remote
user@PE1> show interfaces vtep

Meaning

The output shows the correct tunnel source IP address (assigned to the loopback interface), VLAN, and multicast group for the VXLAN. Device PE1 is reachable because its IP address (the address assigned to the loopback interface) appears in the output. The output also shows that the VXLAN (VNI 10) and corresponding multicast group are configured correctly on the remote VTEP, Device PE2.