Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Setting Up a VXLAN Layer 2 Gateway and OVSDB Connections in a Contrail Environment (Trunk Interfaces That Support Untagged Packets)

 

In a physical network, a Juniper Networks switch that supports Virtual Extensible LAN (VXLAN) can function as a hardware virtual tunnel endpoint (VTEP). In this role, the Juniper Networks switch encapsulates in VXLAN packets Layer 2 Ethernet frames received from software applications that run directly on a physical server. The VXLAN packets are tunneled over a Layer 3 transport network. Upon receipt of the VXLAN packets, software VTEPs in the virtual network de-encapsulate the packets and forward them to virtual machines (VMs).

In this VXLAN environment, you can also include Contrail controllers and implement the Open vSwitch Database (OVSDB) management protocol on the Juniper Networks switch that functions as a hardware VTEP.

The Junos OS implementation of OVSDB provides a means through which Contrail controllers and Juniper Networks switches can exchange MAC addresses of entities in the physical and virtual networks. This exchange of MAC addresses enables the Juniper Networks switch that functions as a hardware VTEP to forward traffic to software VTEPs in the virtual network and software VTEPs in the virtual network to forward traffic to the Juniper Networks switch in the physical network.

This example explains how to configure a Juniper Networks switch as a hardware VTEP, which serves as a Layer 2 gateway, and set up this switch with an OVSDB connection to a Contrail controller.

In this example, only one VXLAN is deployed. Given this scenario, the packets exchanged between an application running on a physical server and a VM in the VXLAN are untagged. Therefore, in this example, a trunk interface is used for the connection between the physical server and the switch, as well as a native VLAN. The native VLAN enables the trunk interface to handle the untagged packets.

Requirements

This example includes the following hardware and software components:

  • A physical server on which software applications directly run.

  • A QFX10002 switch running Junos OS Release 15.1X53-D30 or later.

  • On the Juniper Networks switch, physical interface ge-1/0/0 provides a connection to physical server 1.

  • A Contrail controller.

  • Contrail Web user interface.

  • A vRouter that includes VMs managed by a hypervisor, which includes a software VTEP.

Note

All components in the Contrail environment (Contrail controller, TSN, Contrail Web user interface, and vRouters must be running Contrail Release 2.20 or later.

For information about the Contrail components, see Using TOR Switches and OVSDB to Extend the Contrail Cluster to Other Instances..

Before you begin:

Overview and Topology

Figure 1 shows a topology in which a software application running directly on physical server 1 in the physical network needs to communicate with virtual machine VM 1 in VXLAN 1 and vice versa.

Figure 1: VXLAN-OVSDB Layer 2 Gateway Topology with a Contrail Controller

To establish communication between the software application on physical server 1 and VM 1 in VXLAN 1, a connection with a Contrail controller is configured on the management interface of the Juniper Networks switch.

Some entities in the OVSDB-VXLAN topology must be configured in both the Contrail Web user interface and on the Juniper Networks switch. Table 1 provides a summary of the entities that must be configured and where they must be configured.

Note

The term used for an entity configured in the Contrail Web user interface can differ from the term used for essentially the same entity that is configured on the Juniper Networks switch. To prevent confusion, Table 1 shows the Contrail Web user interface and Junos OS entities side-by-side.

Table 1: Contrail and Junos OS Entities That Must Be Configured for a VXLAN Layer 2 Gateway Topology with OVSDB Connections and Trunk Interfaces Supporting Untagged Packets

Entity

Entity to Be Configured in the Contrail Web User Interface

Entity to Be Configured on the Juniper Networks Switch

VXLAN 1

Virtual network for VXLAN 1

VXLAN 1

Note: The Juniper Networks switch dynamically configures this VXLAN.

Physical interface (ge-1/0/0) between physical server 1 and Juniper Networks switch

OVSDB management. Specify that interface ge-1/0/0 is managed by OVSDB.

One logical interface (ge-1/0/0.0) associated with VXLAN 1

One logical interface for VXLAN 1. For this interface, specify VLAN ID 0.

Note: A VLAN ID of 0 indicates that the interface must handle untagged packets.

One logical interface (ge-1/0/0.0) for VXLAN 1.

Note: The Juniper Networks switch dynamically configures this logical interface.

Juniper Networks switch (hardware VTEP 1)

Physical router

Hardware VTEP functionality. Configure the Juniper Networks switch to function as a hardware VTEP.

In the Contrail Web user interface, a virtual network is configured. In this configuration, a VXLAN identifier of 100 is specified. Also, the universally unique identifier (UUID) assigned to the virtual network is Contrail-28805c1d-0122-495d-85df-19abd647d772. Based on this configuration, the Juniper Networks switch dynamically creates the following configuration for a Junos OS-equivalent VXLAN:

Based on the logical interface configuration (VLAN number 0) in the Contrail Web user interface, the Juniper Networks switch dynamically creates the following configuration for a Junos OS-equivalent interface:

This sample configuration does the following:

  • Configures physical interface ge-1/0/0 as a Layer 2 trunk interface.

  • Creates a native VLAN with an ID of 4094.

  • Creates logical interface ge-1/0/0.0, and specifies that it is a member of the native VLAN.

  • Associates logical interface ge-1/0/0.0 with VXLAN Contrail-28805c1d-0122-495d-85df-19abd647d772.

As a result of the above configuration, logical interface ge-1/0/0.0 handles incoming untagged packets.

Table 2 provides a summary of the VXLAN-OVSDB topology components that are configured on the Juniper Networks switch and the configuration settings for each component.

Table 2: Components Configured on the Juniper Networks Switch (Hardware VTEP) in a VXLAN Layer 2 Gateway Topology with OVSDB Connections and Trunk Interfaces Supporting Untagged Packets

Component

Setting

Contrail controller

IP address: 10.94.184.1

OVSDB-managed physcal interface

Interface name: ge-1/0/0

Native VLAN ID: 4094

VXLAN 1 and associated logical interface

Note: The Juniper Networks switch dynamically configures the VXLAN and associated logical interface, which are based on the virtual network and associated logical interface configurations in the Contrail Web user interface. Therefore, no manual configuration is required.

VXLAN name: Contrail-28805c1d-0122-495d-85df-19abd647d772

VNI: 100

Logical interface name: ge-1/0/0.0

Interface type: trunk

Member of native VLAN 4094

Associated with VXLAN Contrail-28805c1d-0122-495d-85df-19abd647d772

OVSDB tracing operations

Filename: /var/log/ovsdb

File size: 10 MB

Flag: All

Hardware VTEP

Hostname: hw-vtep1

Source interface: loopback (lo0.0)

Source IP address: 10.17.17.17/32

Handling of Layer 2 BUM traffic in VXLAN Contrail-28805c1d-0122-495d-85df-19abd647d772

TSN

Note: By default, one or more TSNs handle Layer 2 BUM traffic within a VXLAN; therefore, no manual configuration is required.

Non-OVSDB and Non-VXLAN Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

To configure the Layer 3 network over which the packets exchanged between physical server 1 and VM 1 are tunneled:

  1. Configure the Layer 3 interface.

  2. Set the routing options.

  3. Configure the routing protocol.

OVSDB and VXLAN Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

To configure the Juniper Networks switch as a hardware VTEP with an OVSDB connection to a Contrail controller:

  1. Configure a unique hostname for the Juniper Networks switch.

  2. Enable the Juniper Networks switch to dynamically configure OVSDB-managed VXLANs and associated interfaces.

  3. Configure a connection with a Contrail controller.

  4. Specify that the interface between hardware VTEP 1 and physical server 1 is managed by OVSDB.

  5. Set up OVSDB tracing operations.

  6. Specify an IP address for the loopback interface. This IP address serves as the source IP address in the outer header of any VXLAN-encapsulated packet.

  7. Set the loopback interface as the interface that identifies hardware VTEP 1.

  8. In the Contrail Web user interface, configure a virtual network for VXLAN 1. See Contrail Configuration for Juniper Networks Devices That Function as Hardware VTEPs.
  9. In the Contrail Web user interface, configure a logical interface for the virtual network that you created in step 6. See Contrail Configuration for Juniper Networks Devices That Function as Hardware VTEPs.
  10. In the Contrail Web user interface, configure a physical router, which enables the Contrail controller to recognize the Juniper Networks switch as a VTEP. See Contrail Configuration for Juniper Networks Devices That Function as Hardware VTEPs.

Verification

Confirm that the configuration is working properly:

Verifying the Logical Switch Configuration

Purpose

In the Contrail Web user interface, you configured a virtual network for VXLAN 1. Using the same terminology as in the OVSDB schema for physical devices, the virtual network is also known as a logical switch. Verify that the configuration of the logical switch with the UUID of Contrail-28805c1d-0122-495d-85df-19abd647d772 is present in the OVSDB schema and that the Flags field for the logical switch is Created by both.

Action

From the operational mode, enter the show ovsdb logical-switch command.

user@switch> show ovsdb logical-switch

Meaning

The output verifies that the configuration for the logical switch is present. The Created by both state indicates that the virtual network was configured in the Contrail Web user interface, and that the Juniper Networks switch dynamically created the corresponding VXLAN. In this state, the virtual network and the VXLAN are operational.

If the state of the logical switch is something other than Created by both, see Troubleshooting a Nonoperational Logical Switch and Corresponding Junos OS OVSDB-Managed VXLAN.

Verifying the MAC Address of VM 1

Purpose

Verify that the MAC address of VM 1 is present in the OVSDB schema.

Action

From operational mode, enter the show ovsdb mac remote command.

user@switch> show ovsdb mac remote

Meaning

The output shows that the MAC address for VM 1 is present and is associated with the logical switch with the UUID of Contrail-28805c1d-0122-495d-85df-19abd647d772. Given that the MAC address is present, VM 1 is reachable through the Juniper Networks switch, which functions as a hardware VTEP.

Verifying the Contrail Controller Connection

Purpose

Verify that the connection with the Contrail controller is up.

Action

From operational mode, enter the show ovsdb controller command to verify that the Contrail controller connection state is up.

user@switch> show ovsdb controller

Meaning

The output shows that the state of the connection is up, in addition to other information about the connection. The up state indicates that OVSDB is enabled on the Juniper Networks switch.

Verifying the OVSDB-Managed Interface

Purpose

Verify that interface ge-1/0/0.0 is managed by OVSDB.

Action

From operational mode, enter the show ovsdb interface command to verify that interface ge-1/0/0.0 is managed by OVSDB.

user@switch> show ovsdb interface

Meaning

The output shows that interface ge-1/0/0 is managed by OVSDB. It also indicates that the interface is associated with VXLAN Contrail-28805c1d-0122-495d-85df-19abd647d772, which has a VLAN ID of 0.