Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring EVPN with Support for Virtual Switch

 

Example: Configuring EVPN with Support for Virtual Switch

This example shows how to configure a virtual switch in an Ethernet VPN (EVPN) deployment.

Requirements

This example uses the following hardware and software components:

  • Two MX Series 5G Universal Routing Platforms containing MPC FPCs.

  • Two customer edge (CE) routers.

  • Junos OS Release 14.1 or later.

Before you begin:

  1. Configure the router interfaces.

  2. Configure OSPF or any other IGP protocol.

  3. Configure BGP.

  4. Configure RSVP or LDP.

  5. Configure MPLS.

Overview

Starting with Junos OS Release 14.1, the Ethernet VPN (EVPN) solution on MX Series routers with MPC interfaces is extended to provide virtual switch support that enables multiple tenants with independent VLAN and subnet space within an EVPN instance. Virtual switch provides the ability to extend Ethernet VLANs over a WAN using a single EVPN instance while maintaining data-plane separation between the various VLANs associated with that instance. A single EVPN instance can stretch up to 4094 bridge domains defined in a virtual switch to remote sites.

When configuring virtual switch for EVPN, be aware of the following considerations:

  • Due to default ARP policing, some of the ARP packets not destined for the device can be missed. This can lead to delayed ARP learning and synchronization.

  • Clearing ARP for an EVPN can lead to inconsistency between the ARP table and the EVPN ARP table. To avoid this situation, clear both ARP and EVPN ARP tables.

  • The vlan-tag can be configured for local switching. However, vlan-tagged VLANs should not be extended over the EVPN cloud.

Topology

Figure 1 illustrates a simple EVPN topology with virtual switch support. Routers PE1 and PE2 are the provider edge (PE) routers that connect to one customer edge (CE) router each – CE1 and CE2.

Figure 1: EVPN with Virtual Switch Support
EVPN with Virtual Switch
Support

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

PE1

PE2

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode.

To configure Router PE1:

Note

Repeat this procedure for Router PE2, after modifying the appropriate interface names, addresses, and other parameters.

  1. Configure the PE1 interfaces.
  2. Set the router ID and autonomous system number for Router PE1.
  3. Configure the chained composite next hop for EVPN.
  4. Enable RSVP on all the interfaces of Router PE1, excluding the management interface.
  5. Create label-switched paths for PE1 to reach PE2.
  6. Enable MPLS on all the interfaces of Router PE1, excluding the management interface.
  7. Configure the BGP group for Router PE1.
  8. Assign local and neighbor addresses to the ibgp BGP group for Router PE1 to peer with Router PE2.
  9. Include the EVPN signaling Network Layer Reachability Information (NLRI) to the ibgp BGP group.
  10. Configure OSPF on all the interfaces of Router PE1, excluding the management interface.
  11. Configure the virtual switch routing instance.
  12. Configure the interface name for the evpna routing instance.
  13. Configure the route distinguisher for the evpna routing instance.
  14. Configure the VPN routing and forwarding (VRF) target community for the evpna routing instance.
  15. List the VLAN identifiers that are to be EVPN extended.
  16. Configure the bridge domains for the evpna routing instance.
  17. Assign the VLAN ID for the bda bridge domain.
  18. Configure the IRB interface as the routing interface for the bda bridge domain.
  19. Configure the interface name for the bda bridge domain.
  20. Configure the bridge domains for the evpna routing instance.
  21. Assign the VLAN ID for the bdb bridge domain.
  22. Configure the IRB interface as the routing interface for the bda bridge domain.
  23. Configure the interface name for bdb bridge domain.
  24. Configure the VRF routing instance.
  25. Configure the IRB interface as the routing interface for the vrf routing instance.
  26. Configure the route distinguisher for the vrf routing instance.
  27. Configure the VRF target community for the vrf routing instance.
  28. Configure VRF label for the vrf routing instance.

Results

From configuration mode, confirm your configuration by entering the show interfaces, show routing-options, show protocols, and show routing-instances commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Verification

Confirm that the configuration is working properly.

Verifying the Bridge Domain Configuration

Purpose

Verify the bridge domain configuration for the evpna routing instance.

Action

From operational mode, run the show bridge domain extensive command.

user@PE1> show bridge domain extensive

Meaning

The configured bridge domains bda and bdb and their associated VLAN IDs and interfaces are displayed. The bridge domains are also extended with EVPN.

Verifying MAC Table Routes

Purpose

Verify the MACs learned in the data plane and control plane.

Action

From operational mode, run the show bridge mac-table command.

user@PE1> show bridge mac-table

Meaning

The configured static MACs for the bridge domains are displayed.

Verifying the Bridge EVPN Peer Gateway MAC

Purpose

Verify the bridge EVPN peer gateway MAC for the evpna routing instance.

Action

From operational mode, run the show bridge evpn peer-gateway-macs command.

user@PE1> show bridge evpn peer-gateway-macs

Meaning

The gateway MACs of the EVPN peers for the evpna routing instance are displayed.