Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Extending an MC-LAG Topology Using EVPN-MPLS

 

Understanding EVPN-MPLS Interworking with Junos Fusion Enterprise and MC-LAG

Starting with Junos OS Release 17.4R1, you can use Ethernet VPN (EVPN) to extend a Junos Fusion Enterprise or multichassis link aggregation group (MC-LAG) network over an MPLS network to a data center or campus network. With the introduction of this feature, you can now interconnect dispersed campus and data center sites to form a single Layer 2 virtual bridge.

Figure 1 shows a Junos Fusion Enterprise topology with two EX9200 switches that serve as aggregation devices (PE2 and PE3) to which the satellite devices are multihomed. The two aggregation devices use an interchassis link (ICL) and the Inter-Chassis Control Protocol (ICCP) protocol from MC-LAG to connect and maintain the Junos Fusion Enterprise topology. PE1 in the EVPN-MPLS environment interworks with PE2 and PE3 in the Junos Fusion Enterprise with MC-LAG.

Figure 1: EVPN-MPLS Interworking with Junos Fusion Enterprise
EVPN-MPLS Interworking with Junos
Fusion Enterprise

Figure 2 shows an MC-LAG topology in which customer edge (CE) device CE1 is multihomed to PE2 and PE3. PE2 and PE3 use an ICL and the ICCP protocol from MC-LAG to connect and maintain the topology. PE1 in the EVPN-MPLS environment interworks with PE2 and PE3 in the MC-LAG environment.

Figure 2: EVPN-MPLS Interworking with MC-LAG
EVPN-MPLS Interworking with MC-LAG

Throughout this topic, Figure 1 and Figure 2 serve as references to illustrate various scenarios and points.

The use cases depicted in Figure 1 and Figure 2 require the configuration of both EVPN multihoming in active-active mode and MC-LAG on PE2 and PE3. EVPN with multihoming active-active and MC-LAG have their own forwarding logic for handling traffic, in particular, broadcast, unknown unicast, and multicast (BUM) traffic. At times, the forwarding logic for EVPN with multihoming active-active and MC-LAG contradict each other and causes issues. This topic describes the issues and how the EVPN-MPLS interworking feature resolves these issues.

Note

Other than the EVPN-MPLS interworking-specific implementations described in this topic, EVPN-MPLS, Junos Fusion Enterprise, and MC-LAG offer the same functionality and function the same as the standalone features.

Benefits of Using EVPN-MPLS with Junos Fusion Enterprise and MC-LAG

Use EVPN-MPLS with Junos Fusion Enterprise and MC-LAG to interconnect dispersed campus and data center sites to form a single Layer 2 virtual bridge.

BUM Traffic Handling

In the use cases shown in Figure 1 and Figure 2, PE1, PE2, and PE3 are EVPN peers, and PE2 and PE3 are MC-LAG peers. Both sets of peers exchange control information and forward traffic to each other, which causes issues. Table 1 outlines the issues that arise, and how Juniper Networks resolves the issues in its implementation of the EVPN-MPLS interworking feature.

Table 1: BUM Traffic: Issues and Resolutions

BUM Traffic Direction

EVPN Interworking with Junos Fusion Enterprise and MC-LAG Logic

Issue

Juniper Networks Implementation Approach

North bound (PE2 receives BUM packet from a locally attached single- or dual-homed interfaces).

PE2 floods BUM packet to the following:

  • All locally attached interfaces, including the ICL, for a particular broadcast domain.

  • All remote EVPN peers for which PE2 has received inclusive multicast routes.

Between PE2 and PE3, there are two BUM forwarding paths—the MC-LAG ICL and an EVPN-MPLS path. The multiple forwarding paths result in packet duplication and loops.

  • BUM traffic is forwarded on the ICL only.

  • Incoming traffic from the EVPN core is not forwarded on the ICL.

  • Incoming traffic from the ICL is not forwarded to the EVPN core.

South bound (PE1 forwards BUM packet to PE2 and PE3).

PE2 and PE3 both receive a copy of the BUM packet and flood the packet out of all of their local interfaces, including the ICL.

PE2 and PE3 both forward the BUM packet out of the ICL, which results in packet duplication and loops.

Split Horizon

In the use cases shown in Figure 1 and Figure 2, split horizon prevents multiple copies of a BUM packet from being forwarded to a CE device (satellite device). However, the EVPN-MPLS and MC-LAG split horizon implementations contradict each other, which causes an issue. Table 2 explains the issue and how Juniper Networks resolves it in its implementation of the EVPN-MPLS interworking feature.

Table 2: BUM Traffic: Split Horizon-Related Issue and Resolution

BUM Traffic Direction

EVPN Interworking with Junos Fusion Enterprise and MC-LAG Logic

Issue

Juniper Networks Implementation Approach

North bound (PE2 receives BUM packet from a locally attached dual-homed interface).

  • Per EVPN-MPLS forwarding logic:

    • Only the designated forwarder (DF) for the Ethernet segment (ES) can forward BUM traffic.

    • The local bias rule, in which the local peer forwards the BUM packet and the remote peer drops it, is not supported.

  • Per MC-LAG forwarding logic, local bias is supported.

The EVPN-MPLS and MC-LAG forwarding logic contradicts each other and can prevent BUM traffic from being forwarded to the ES.

Support local bias, thereby ignoring the DF and non-DF status of the port for locally switched traffic.

South bound (PE1 forwards BUM packet to PE2 and PE3).

Traffic received from PE1 follows the EVPN DF and non-DF forwarding rules for a mulithomed ES.

None.

Not applicable.

MAC Learning

EVPN and MC-LAG use the same method for learning MAC addresses—namely, a PE device learns MAC addresses from its local interfaces and synchronizes the addresses to its peers. However, given that both EVPN and MC-LAG are synchronizing the addresses, an issue arises.

Table 3 describes the issue and how the EVPN-MPLS interworking implementation prevents the issue. The use cases shown in Figure 1 and Figure 2 illustrate the issue. In both use cases, PE1, PE2, and PE3 are EVPN peers, and PE2 and PE3 are MC-LAG peers.

Table 3: MAC Learning: EVPN and MC-LAG Synchronization Issue and Implementation Details

MAC Synchronization Use Case

EVPN Interworking with Junos Fusion Enterprise and MC-LAG Logic

Issue

Juniper Networks Implementation Approach

MAC addresses learned locally on single- or dual-homed interfaces on PE2 and PE3.

  • Between the EVPN peers, MAC addresses are synchronized using the EVPN BGP control plane.

  • Between the MC-LAG peers, MAC addresses are synchronized using the MC-LAG ICCP control plane.

PE2 and PE3 function as both EVPN peers and MC-LAG peers, which result in these devices having multiple MAC synchronization paths.

  • For PE1: use MAC addresses synchronized by EVPN BGP control plane.

  • For PE2 and PE3: use MAC addresses synchronized by MC-LAG ICCP control plane.

MAC addresses learned locally on single- or dual-homed interfaces on PE1.

Between the EVPN peers, MAC addresses are synchronized using the EVPN BGP control plane.

None.

Not applicable.

Handling Down Link Between Cascade and Uplink Ports in Junos Fusion Enterprise

Note

This section applies only to EVPN-MPLS interworking with a Junos Fusion Enterprise.

In the Junos Fusion Enterprise shown in Figure 1, assume that aggregation device PE2 receives a BUM packet from PE1 and that the link between the cascade port on PE2 and the corresponding uplink port on satellite device SD1 is down. Regardless of whether the BUM packet is handled by MC-LAG or EVPN multihoming active-active, the result is the same—the packet is forwarded via the ICL interface to PE3, which forwards it to dual-homed SD1.

To further illustrate how EVPN with multihoming active-active handles this situation with dual-homed SD1, assume that the DF interface resides on PE2 and is associated with the down link and that the non-DF interface resides on PE3. Typically, per EVPN with multihoming active-active forwarding logic, the non-DF interface drops the packet. However, because of the down link associated with the DF interface, PE2 forwards the BUM packet via the ICL to PE3, and the non-DF interface on PE3 forwards the packet to SD1.

Layer 3 Gateway Support

The EVPN-MPLS interworking feature supports the following Layer 3 gateway functionality for extended bridge domains and VLANs:

  • Integrated routing and bridging (IRB) interfaces to forward traffic between the extended bridge domains or VLANs.

  • Default Layer 3 gateways to forward traffic from a physical (bare-metal) server in an extended bridge domain or VLAN to a physical server or virtual machine in another extended bridge domain or VLAN.

Example: EVPN-MPLS Interworking With an MC-LAG Topology

This example shows how to use Ethernet VPN (EVPN) to extend a multichassis link aggregation (MC-LAG) network over an MPLS network to a data center network or geographically distributed campus network.

EVPN-MPLS interworking is supported with an MC-LAG topology in which two MX Series routers, two EX9200 switches, or a mix of the two Juniper Networks devices function as MC-LAG peers, which use the Inter-Chassis Control Protocol (ICCP) and an interchassis link (ICL) to connect and maintain the topology. The MC-LAG peers are connected to a provider edge (PE) device in an MPLS network. The PE device can be either an MX Series router or an EX9200 switch.

This example shows how to configure the MC-LAG peers and PE device in the MPLS network to interwork with each other.

Requirements

This example uses the following hardware and software components:

  • Three EX9200 switches:

    • PE1 and PE2, which both function as MC-LAG peers in the MC-LAG topology and EVPN BGP peers in the EVPN-MPLS overlay network.

    • PE3, which functions as an EVPN BGP peer in the EVPN-MPLS overlay network.

  • The EX9200 switches are running Junos OS Release 17.4R1 or later software.

Note

Although the MC-LAG topology includes two customer edge (CE) devices, this example focuses on the configuration of the PE1, PE2, and PE3.

Overview and Topology

Figure 3 shows an MC-LAG topology with provider edge devices PE1 and PE2 that are configured as MC-LAG peers. The MC-LAG peers exchange control information over an ICCP link and data traffic over an ICL. In this example, the ICL is an aggregated Ethernet interface that is comprised of two interfaces.

Figure 3: EVPN-MPLS Interworking With an MC-LAG Topology
EVPN-MPLS Interworking With an
MC-LAG Topology

The topology in Figure 3 also includes CE devices CE1 and CE2, which are both multihomed to each PE device. The links between CE1 and the two PE devices are bundled as an aggregated Ethernet interface on which MC-LAG in active-active mode is configured.

The topology in Figure 3 also includes PE3 at the edge of an MPLS network. PE3 functions as the gateway between the MC-LAG network and either a data center or a geographically distributed campus network. PE1, PE2, and PE3 run EVPN, which enables hosts in the MC-LAG network to communicate with hosts in the data center or other campus network by way of an intervening MPLS network.

From the perspective of the EVPN-MPLS interworking feature, PE3 functions solely as an EVPN BGP peer, and PE1 and PE2 in the MC-LAG topology have dual roles:

  • MC-LAG peers in the MC-LAG network.

  • EVPN BGP peers in the EVPN-MPLS network.

Because of the dual roles, PE1 and PE2 are configured with MC-LAG, EVPN, BGP, and MPLS attributes.

Table 4 outlines key MC-LAG and EVPN (BGP and MPLS) attributes configured on PE1, PE2, and PE3.

Table 4: Key MC-LAG and EVPN (BGP and MPLS) Attributes Configured on PE1, PE2, and PE3

Key Attributes

PE1

PE2

PE3

MC-LAG Attributes

Interfaces

ICL: aggregated Ethernet interface ae1, which is comprised of xe-2/1/1 and xe-2/1/2

ICCP: xe-2/1/0

ICL: aggregated Ethernet interface ae1, which is comprised of xe-2/1/1 and xe-2/1/2

ICCP: xe-2/1/0

Not applicable

EVPN-MPLS

Interfaces

Connection to PE3: xe-2/0/0

Connection to PE2: xe-2/0/2

Connection to PE3: xe-2/0/2

Connection to PE1: xe-2/0/0

Connection to PE1: xe-2/0/2

Connection to PE2: xe-2/0/3

IP addresses

BGP peer address: 198.51.100.1

BGP peer address: 198.51.100.2

BGP peer address: 198.51.100.3

Autonomous system

65000

65000

65000

Virtual switch routing instances

evpn1, evpn2, evpn3

evpn1, evpn2, evpn3

evpn1, evpn2, evpn3

Note the following about the EVPN-MPLS interworking feature and its configuration:

  • You must configure Ethernet segment identifiers (ESIs) on the dual-homed interfaces in the MC-LAG topology. The ESIs enable EVPN to identify the dual-homed interfaces.

  • The only type of routing instance that is supported is the virtual switch instance (set routing-instances name instance-type virtual-switch).

  • On the MC-LAG peers, you must include the bgp-peer configuration statement in the [edit routing-instances name protocols evpn mclag] hierarchy level. This configuration statement enables the interworking of EVPN-MPLS with MC-LAG on the MC-LAG peers.

  • Address Resolution Protocol (ARP) suppression is not supported.

PE1 and PE2 Configuration

To configure PE1 and PE2, perform these tasks:

CLI Quick Configuration

PE1: MC-LAG Configuration

PE1: EVPN-MPLS Configuration

PE2: MC-LAG Configuration

PE2: EVPN-MPLS Configuration

PE1: Configuring MC-LAG

Step-by-Step Procedure

  1. Set the number of aggregated Ethernet interfaces on PE1.

  2. Configure aggregated Ethernet interface ae0 on interface xe-2/0/1, and configure LACP and MC-LAG on ae0. Divide aggregated Ethernet interface ae0 into three logical interfaces (ae0.1, ae0.2, and ae0.3). For each logical interface, specify an ESI, place the logical interface is in MC-LAG active-active mode, and map the logical interface to a VLAN.

  3. Configure physical interface xe-2/0/6, and divide it into three logical interfaces (xe-2/0/6.1, xe-2/0/6.2, and xe-2/0/6.3). Map each logical interface to a VLAN.

  4. Configure physical interface xe-2/1/0 as a Layer 3 interface, on which you configure ICCP. Specify the interface with the IP address of 203.0.113.2 on PE2 as the ICCP peer to PE1.

  5. Configure aggregated Ethernet interface ae1 on interfaces xe-2/1/1 and xe-2/1/2, and configure LACP on ae1. Divide aggregated Ethernet interface ae1 into three logical interfaces (ae1.1, ae1.2, and ae1.3), and map each logical interface to a VLAN. Specify ae1 as the multichassis protection link between PE1 and PE2.

PE1: Configuring EVPN-MPLS

Step-by-Step Procedure

  1. Configure the loopback interface, and the interfaces connected to the other PE devices.

  2. Configure IRB interfaces irb.1, irb.2, and irb.3.

  3. Assign a router ID and the autonomous system in which PE1, PE2, and PE3 reside.

  4. Enable per-packet load-balancing for EVPN routes when EVPN multihoming active-active mode is used.

  5. Enable MPLS on interfaces xe-2/0/0.0 and xe-2/0/2.0.

  6. Configure an IBGP overlay that includes PE1, PE2, and PE3.

  7. Configure OSPF as the internal routing protocol for EVPN by specifying an area ID and interfaces on which EVPN-MPLS is enabled.

  8. Configure the Label Distribution Protocol (LDP) on the loopback interface and the interfaces on which EVPN-MPLS is enabled.

  9. Configure virtual switch routing instances for VLAN v1, which is assigned VLAN IDs of 1, 2, and 3, and include the interfaces and other entities associated with the VLAN.

PE2: Configuring MC-LAG

Step-by-Step Procedure

  1. Set the number of aggregated Ethernet interfaces on PE2.

  2. Configure aggregated Ethernet interface ae0 on interface xe-2/0/1, and configure LACP and MC-LAG on ae0. Divide aggregated Ethernet interface ae0 into three logical interfaces (ae0.1, ae0.2, and ae0.3). For each logical interface, specify an ESI, place the logical interface is in MC-LAG active-active mode, and map the logical interface to a VLAN.

  3. Configure physical interface xe-2/0/6, and divide it into three logical interfaces (xe-2/0/6.1, xe-2/0/6.2, and xe-2/0/6.3). Map each logical interface to a VLAN.

  4. Configure physical interface xe-2/1/0 as a Layer 3 interface, on which you configure ICCP. Specify the interface with the IP address of 203.0.113.1 on PE1 as the ICCP peer to PE2.

  5. Configure aggregated Ethernet interface ae1 on interfaces xe-2/1/1 and xe-2/1/2, and configure LACP on ae1. Divide aggregated Ethernet interface ae1 into three logical interfaces (ae1.1, ae1.2, and ae1.3), and map each logical interface to a VLAN. Specify ae1 as the multichassis protection link between PE1 and PE2.

PE2: Configuring EVPN-MPLS

Step-by-Step Procedure

  1. Configure the loopback interface, and the interfaces connected to the other PE devices.

  2. Configure IRB interfaces irb.1, irb.2, and irb.3.

  3. Assign a router ID and the autonomous system in which PE1, PE2, and PE3 reside.

  4. Enable per-packet load-balancing for EVPN routes when EVPN multihoming active-active mode is used.

  5. Enable MPLS on interfaces xe-2/0/0.0 and xe-2/0/2.0.

  6. Configure an IBGP overlay that includes PE1, PE2, and PE3.

  7. Configure OSPF as the internal routing protocol for EVPN by specifying an area ID and interfaces on which EVPN-MPLS is enabled.

  8. Configure the Label Distribution Protocol (LDP) on the loopback interface and the interfaces on which EVPN-MPLS is enabled.

  9. Configure virtual switch routing instances for VLAN v1, which is assigned VLAN IDs of 1, 2, and 3, and include the interfaces and other entities associated with the VLAN.

PE3 Configuration

CLI Quick Configuration

PE3: EVPN-MPLS Configuration

PE3: Configuring EVPN-MPLS

Step-by-Step Procedure

  1. Configure the loopback interface, and the interfaces connected to the other PE devices.

  2. Configure interface xe-2/0/6, which is connected to the host.

  3. Configure IRB interfaces irb.1, irb.2, and irb.3.

  4. Assign a router ID and the autonomous system in which PE1, PE2, and PE3 reside.

  5. Enable per-packet load-balancing for EVPN routes when EVPN multihoming active-active mode is used.

  6. Enable MPLS on interfaces xe-2/0/2.0 and xe-2/0/3.0.

  7. Configure an IBGP overlay that includes PE1, PE2, and PE3.

  8. Configure OSPF as the internal routing protocol for EVPN by specifying an area ID and interfaces on which EVPN-MPLS is enabled.

  9. Configure the LDP on the loopback interface and the interfaces on which EVPN-MPLS is enabled.

  10. Configure virtual switch routing instances for VLAN v1, which is assigned VLAN IDs of 1, 2, and 3, and include the interfaces and other entities associated with the VLAN.

Release History Table
Release
Description
Starting with Junos OS Release 17.4R1, you can use Ethernet VPN (EVPN) to extend a Junos Fusion Enterprise or multichassis link aggregation group (MC-LAG) network over an MPLS network to a data center or campus network.