Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Virtual-Switch and EVPN Routing Instances, and VLAN-Aware and VLAN-based Service

    Understanding VLAN-Aware Bundle and VLAN-Based Service for EVPN

    A Data Center Service Provider (DCSP) hosts the data center for its multiple customers on a common physical network. To each customer (also called a tenant), the service looks like a full-fledged data center that can expand to 4094 VLANs and all private subnets. For disaster recovery, high availability, and optimization of resource utilization, it is common for the DCSP to span across the data center to more than one site. When deploying the data center services, a DCSP faces the following main challenges:

    • Extending Layer 2 domains across more than one data center site. This requires optimal intra-subnet traffic forwarding.
    • Supporting optimal inter-subnet traffic forwarding and optimal routing in the event of virtual machine (VM).
    • Supporting multiple tenants with independent VLAN and subnet space.

    The DCSP might require Ethernet VLAN services to be extended over a WAN with a single EVPN instance (EVI). On the QFX Series, each EVPN and virtual switch routing instance corresponds to an EVI. The QFX Series supports VLAN-aware bundle service and VLAN-based service, which maintain data and control plane separation.

    Note: If you create VLANs that are not part of a routing instance, they become part of the Default Switch routing instance.

    VLAN-Aware Bundle Service

    VLAN-aware bundle services supports the mapping of one or more routing instances of type Virtual Switch to many VLAN IDs (VIDs) and multiple bridge tables, with each bridge table corresponding to a different VLAN. To enable VLAN-aware bundle service, configure a Virtual Switch routing instance. For service provider-related applications, where the VLAN ID is local to the Layer 2 logic interface, enable the flexible-vlan-tagging statement in your configuration. For enterprise-related applications, where the VLAN ID has global significance, enable the family ethernet-switching statement in your configuration. VLAN-aware bundle service supports up to 4000 VLANs per routing instance.

    VLAN-Based Service

    VLAN-based service supports the mapping of one routing instances of type EVPN to one VLAN. There is only one bridge table that corresponds to the one VLAN. If the VLAN consists of multiple VLAN IDs (VIDs)—for example, there is a different VID per Ethernet segment on a provider edge device—then VLAN translation is required for packets that are destined to the Ethernet segment. The Ethernet tag ID in To enable VLAN-based service, configure an EVPN routing instance. Up to 100 EVPN routing instances are supported.

    Virtual Switch Support for EVPN Overview

    Starting with Junos OS Release 14.1, VLAN-aware bundle service is introduced on MX Series routers. Starting with Junos OS Release 14.2, VLAN-aware bundle service is introduced on EX9200 switches. Starting with Junos OS Release 17.3, VLAN-aware bundle service is introduced on QFX Series switches. . This feature allows Ethernet VLANs over a WAN to share a single EVPN instance while maintaining data-plane separation between the different VLANs.

    Junos OS has a highly flexible and scalable virtual switch interface. With a virtual switch, a single router or switch can be divided into multiple logical switches. Layer 2 domains (also called bridge-domains or vlans) can be defined independently in each virtual switch. To configure VLAN-aware bundle service, an EVPN must run in a virtual-switch routing instance.

    On the EX Series and MX Series, a single EVPN instance can stretch up to 4094 bridge domains or VLANs defined in a virtual switch to remote sites. A virtual switch can have more than 4094 bridge domains or VLANs with a combination of none, single, and dual VLANs. However, because EVPN signaling deals only with single VLAN tags, a maximum of 4094 bridge domains or VLANs can be stretched. The EVPN virtual switch also provides support for trunk and access interfaces.

    Note:

    • The none VLAN option is supported with bridge domains or VLANs under the virtual switch instance type for EVPNs.
    • Dual VLANs are not supported with EVPN although they can be configured.

    There are two types of VLAN-aware bundle service:

    • VLAN-aware bundle without translation

      The service interface provides bundling of customer VLANs into a single Layer 2 VPN service instance with a guarantee end-to-end customer VLAN transparency. The data-plane separation between the customer VLANs is maintained by creating a dedicated bridge-domain for each VLAN.

    • VLAN-aware bundle with translation

      The service interface provides bundling of customer VLANs into a single Layer 2 VPN service instance. The data-plane separation between the customer VLANs is maintained by creating a dedicated bridge-domain for each VLAN. The service interface supports customer VLAN translation to handle the scenario where different VLAN Identifiers (VIDs) are used on different interfaces to designate the same customer VLAN.

    EVPN with virtual switch provides support for VLAN-aware bundle with translation only.

    Configuring EVPN with Support for Virtual Switch

    You can configure an Ethernet VPN (EVPN) with virtual switch support to enable multiple tenants with independent VLAN and subnet space within an EVPN instance. Virtual switch provides the ability to extend Ethernet VLANs over a WAN using a single EVPN instance while maintaining data-plane separation between the various VLANs associated with that instance. A single EVPN instance can stretch up to 4094 bridge domains defined in a virtual switch to remote sites.

    When configuring virtual switch for EVPN, be aware of the following considerations:

    • Due to default ARP policing, some of the ARP packets not destined for the device can be missed. This can lead to delayed ARP learning and synchronization.
    • Clearing ARP for an EVPN can lead to inconsistency between the ARP table and the EVPN ARP table. To avoid this situation, clear both ARP and EVPN ARP tables.
    • The vlan-tag can be configured for local switching. However, vlan-tagged VLANs should not be extended over the EVPN cloud.

    This task explains how to configure one Virtual Switch instance that includes one VLAN.

    1. Configure the virtual switch routing instance.
      [edit routing-instances]
      user@PE1# set evpn-instance instance-type virtual-switch
    2. Configure the interface names for the virtual switch routing instance.
      [edit routing-instances]
      user@PE1# set evpn-instance interface interface-name
    3. Configure the route distinguisher for the virtual switch routing instance.
      [edit routing-instances]
      user@PE1# set evpn-instance route-distinguisher route-distinguisher-value
    4. Configure the VPN routing and forwarding (VRF) target community for the virtual switch routing instance.
      [edit routing-instances]
      user@PE1# set evpn-instance vrf-target vrf-target
    5. List the VLAN identifiers that are to be EVPN extended.
      [edit routing-instances]
      user@PE1# set evpn-instance protocols evpn extended-vni-list [vlan-id-range]
    6. Configure the VLAN and VLAN ID for the virtual switch routing instance.
      [edit routing-instances]
      user@PE1# set evpn-instance vlans name of VLAN vlan-id VLAN ID number
    7. Configure VXLAN encapsulation and Virtual Network Identifier for the virtual switch routing instance.
      [edit routing-instances]
      user@PE1# set evpn-instance vxlan vni VNI number
    8. Configure the virtual tunnel endpoint source interface for the virtual switch routing instance.
      [edit routing-instances]
      user@PE1# set evpn-instance vtep-source-interface interface-name
    9. Verify and commit the configuration.
      [edit]
      user@PE1# commit
      commit complete

    Configuring EVPN Routing Instances

    To configure an EVPN routing instance, complete the following configuration on the PE router (or on the MPLS edge switch or QFX Series switch) within the EVPN service provider’s network:

    1. Configure the EVPN routing instance name using the routing-instances statement at the [edit] hierarchy level:

      routing-instances routing-instance-name {...}
    2. Configure the evpn option for the instance-type statement at the [edit routing-instances routing-instance-name] hierarchy level:

      instance-type statementusage guidelines

      Note: For MX Series devices, EX Series, and QFX Series switches, you can include multiple IFLs of an Ethernet segment identifier (ESI) across different bridge-domains or VLANs of an EVPN routing instance in all-active mode. However, you cannot include multiple IFLs of the same ESI within the same bridge-domain or VLAN.

    3. Configure the interfaces for handling EVPN traffic between the MES or PEs and the CE device using the interface statement at the [edit routing-instances routing-instance-name] hierarchy level:

      interface interface-name;
    4. Configure a VLAN identifier for the EVPN routing instance using the vlan-id statement at the [edit routing-instances routing-instance-name] hierarchy level:

      Note: For QFX Series, set the VLAN ID to none.

      vlan-id (vlan-id | all | none);
    5. Configure a route distinguisher on a PE router by including the route-distinguisher statement:
      route-distinguisher (as-number:number | ip-address:number);

      Each routing instance that you configure on a PE router must have a unique route distinguisher associated with it. VPN routing instances need a route distinguisher to help BGP to distinguish between potentially identical network layer reachability information (NLRI) messages received from different VPNs. If you configure different VPN routing instances with the same route distinguisher, the commit fails.

      For a list of the hierarchy levels at which you can include this statement, see the statement summary for this statement.

      The route distinguisher is a 6-byte value that you can specify in one of the following formats:

      • as-number:number, where as-number is an autonomous system (AS) number (a 2-byte value) and number is any 4-byte value. The AS number can be in the range 1 through 65,535. We recommend that you use an Internet Assigned Numbers Authority (IANA)-assigned, nonprivate AS number, preferably the Internet service provider’s (ISP’s) own or the customer’s own AS number.

        Note: The automatic derivation of the BGP route target (auto-RT) for advertised prefixes is supported on a 2-byte AS number only.

      • ip-address:number, where ip-address is an IP address (a 4-byte value) and number is any 2-byte value. The IP address can be any globally unique unicast address. We recommend that you use the address that you configure in the router-id statement, which is a nonprivate address in your assigned prefix range.
    6. Configure either import and export policies for the EVPN routing table, or configure the default policies using the vrf-target statement configured at the [edit routing-instances routing-instance-name] hierarchy level.

      See Configuring Policies for the VRF Table on PE Routers in VPNs.

    7. Configure each EVPN interface for the EVPN routing instance:

      1. Configure each interface using the interface statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level.
      2. Configure interface encapsulation for the CE facing interfaces at the [edit interfaces interface-name encapsulation] hierarchy level. Supported encapsulations, except for EX9200 switches and QFX Series switches, are: (ethernet-bridge | vlan-bridge | extended-vlan-bridge). Supported encapsulations for EX9200 switches are: (extended-vlan-bridge | flexible-ethernet-services). Supported encapsulation for QFX Series switches is vxlan.
      3. (Optional) Allow the EVPN to establish a connection to the CE device even if the CE device interface encapsulation and the EVPN interface encapsulations do not match by including the ignore-encapsulation-mismatch statement at the [edit routing-instances routing-instance-name protocols evpn interface interface-name] hierarchy level.
      4. (Optional) (Not available on EX9200 switches) Specify a static MAC address for a logical interface in a bridge domain using the static-mac statement at the [edit routing-instances routing-instance-name protocols evpn interface interface-name] hierarchy level.
    8. Specify the maximum number of media access control (MAC) addresses that can be learned by the EVPN routing instance by including the interface-mac-limit statement.

      You can configure the same limit for all interfaces configured for a routing instance by including this statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level. You can also configure a limit for a specific interface by including this statement at the [edit routing-instances routing-instance-name protocols evpn interface interface-name] hierarchy level.

      By default, packets with new source MAC addresses are forwarded after the MAC address limit is reached. You can alter this behavior by including the packet-action drop statement at either the [edit routing-instances routing-instance-name protocols evpn interface-mac-limit] or the [edit routing-instances routing-instance-name protocols evpn interface interface-name] hierarchy level. If you configure this statement, packets from new source MAC addresses are dropped once the configured MAC address limit is reached.

    9. Specify the MPLS label allocation setting for the EVPN by including the label-allocation statement with the per-instance option at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level.

      If you configure this statement, one MPLS label is allocated for the specified EVPN routing instance.

    10. Enable MAC accounting for the EVPN by including the mac-statistics statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level.
    11. Specify the number of addresses that can be stored in the MAC routing table using the mac-table-size statement at the [edit routing-instances routing-instance-name protocols evpn] hierarchy level.

      You can optionally configure the packet-action drop option to specify that packets for new source MAC addresses be dropped once the MAC address limit is reached. If you do not configure this option, packets for new source MAC addresses are forwarded.

    12. Disable MAC learning by including the no-mac-learning statement at either the [edit routing-instances routing-instance-name protocols evpn] hierarchy level to apply this behavior to all of the devices configured for an EVPN routing instance or at the [edit routing-instances routing-instance-name protocols evpn interface interface-name] hierarchy level to apply this behavior to just one of the CE devices.

    routing-instances

    Syntax

    routing-instances routing-instance-name { ... }

    Hierarchy Level

    [edit],
    [edit logical-systems logical-system-name]

    Release Information

    Statement introduced before Junos OS Release 7.4.

    Description

    Configure an additional routing entity for a router or switch. You can create multiple instances of BGP, IS-IS, OSPF, OSPF version 3 (OSPFv3), and RIP for a router or switch.

    Default

    Routing instances are disabled for the router or switch.

    Options

    routing-instance-name—Name of the routing instance, a maximum of 31 characters. The remaining statements are explained separately.

    Required Privilege Level

    routing—To view this statement in the configuration.

    routing-control—To add this statement to the configuration.

    instance-type

    Syntax

    instance-type type;

    Hierarchy Level

    [edit logical-systems logical-system-name routing-instances routing-instance-name],
    [edit routing-instances routing-instance-name]

    Release Information

    Statement introduced before Junos OS Release 7.4.

    virtual-switch and layer2-control options introduced in Junos OS Release 8.4.

    Statement introduced in Junos OS Release 9.2 for EX Series switches.

    Statement introduced in Junos OS Release 11.3 for the QFX Series.

    Statement introduced in Junos OS Release 12.3 for ACX Series routers.

    mpls-internet-multicast option introduced in Junos OS Release 11.1 for the EX Series, M Series, MX Series, and T Series.

    evpn option introduced in Junos OS Release 13.2 for MX 3D Series routers.

    evpn option introduced in Junos OS Release 17.3 for the QFX Series.

    forwarding option introduced in Junos OS Release 14.2 for the PTX Series.

    mpls-forwarding option introduced in Junos OS Release 16.1 for the MX Series.

    evpn-vpws option introduced in Junos OS Release 17.1 for MX Series routers.

    Support for logical systems on MX Series routers added in Junos OS Release 17.4R1.

    Description

    Define the type of routing instance.

    Options

    Note: On ACX Series routers, you can configure only the forwarding, virtual router, and VRF routing instances.

    type—Can be one of the following:

    • evpn—(MX 3D Series routers, QFX switches, and EX9200 switches)—Enable an Ethernet VPN (EVPN) on the routing instance.
      hierarchy level.
    • evpn-vpws—Enable an Ethernet VPN (EVPN) Virtual Private Wire Service (VPWS) on the routing instance.
    • forwarding—Provide support for filter-based forwarding, where interfaces are not associated with instances. All interfaces belong to the default instance. Other instances are used for populating RPD learned routes. For this instance type, there is no one-to-one mapping between an interface and a routing instance. All interfaces belong to the default instance inet.0.
    • l2backhaul-vpn—Provide support for Layer 2 wholesale VLAN packets with no existing corresponding logical interface. When using this instance, the router learns both the outer tag and inner tag of the incoming packets, when the instance-role statement is defined as access, or the outer VLAN tag only, when the instance-role statement is defined as nni.
    • l2vpn—Enable a Layer 2 VPN on the routing instance. You must configure the interface, route-distinguisher, vrf-import, and vrf-export statements for this type of routing instance.
    • layer2-control—(MX Series routers only) Provide support for RSTP or MSTP in customer edge interfaces of a VPLS routing instance. This instance type cannot be used if the customer edge interface is multihomed to two provider edge interfaces. If the customer edge interface is multihomed to two provider edge interfaces, use the default BPDU tunneling.
    • mpls-forwarding—(MX Series routers only) Allow filtering and translation of route distinguisher (RD) values in IPv4 and IPv6 VPN address families on both routes received and routes sent for selected BGP sessions. In particular, for Inter-AS VPN Option-B networks, this option can prevent the malicious injection of VPN labels from one peer AS boundary router to another.
    • mpls-internet-multicast—(EX Series, M Series, MX Series, and T Series routers only) Provide support for ingress replication provider tunnels to carry IP multicast data between routers through an MPLS cloud, using MBGP or next-generation MVPN.
    • no-forwarding—This is the default routing instance. Do not create a corresponding forwarding instance. Use this routing instance type when a separation of routing table information is required. There is no corresponding forwarding table. All routes are installed into the default forwarding table. IS-IS instances are strictly nonforwarding instance types.
    • virtual-router—Enable a virtual router routing instance. This instance type is similar to a VPN routing and forwarding instance type, but used for non-VPN-related applications. You must configure the interface statement for this type of routing instance. You do not need to configure the route-distinguisher, vrf-import, and vrf-export statements.
    • virtual-switch—(MX Series routers, EX9200 switches, and QFX switches only) Provide support for Layer 2 bridging. Use this routing instance type to isolate a LAN segment with its Spanning Tree Protocol (STP) instance and to separate its VLAN identifier space.
    • vpls—Enable VPLS on the routing instance. Use this routing instance type for point-to-multipoint LAN implementations between a set of sites in a VPN. You must configure the interface, route-distinguisher, vrf-import, and vrf-export statements for this type of routing instance.
    • vrf—VPN routing and forwarding (VRF) instance. Provides support for Layer 3 VPNs, where interface routes for each instance go into the corresponding forwarding table only. Required to create a Layer 3 VPN. Create a VRF table (instance-name.inet.0) that contains the routes originating from and destined for a particular Layer 3 VPN. For this instance type, there is a one-to-one mapping between an interface and a routing instance. Each VRF instance corresponds with a forwarding table. Routes on an interface go into the corresponding forwarding table. You must configure the interface, route-distinguisher, vrf-import, and vrf-export statements for this type of routing instance.

    Required Privilege Level

    routing—To view this statement in the configuration.

    routing-control—To add this statement to the configuration.

    evpn

    Syntax

    evpn {
    default-gateway;
    duplicate-mac-detection {
    auto-recovery-time minutes;
    detection-threshold detection-threshold;
    detection-window seconds;
    }
    encapsulation encapslation-type;
    es-import-oldstyle;
    extended-vlan-list vlan-id | [vlan-id set];
    vni-options
    }
    mac-list name {
    mac-addresses;
    }
    mac-mobility {
    no-sequence-numbers;
    }
    multicast-mode client | ingress-replication;
    vni xxx vrf-target export target:xxx:xx
    vni xxx vrf-export name
    }
    }
    file filename <files number> <size size> <world-readable | no-world-readable>;
    flag flag <flag-modifier>;
    }
    }

    Hierarchy Level

    [edit protocols evpn],
    [edit routing-instances routing-instance-name protocols]

    Release Information

    Statement introduced in Junos OS Release 17.3R1 for QFX Series switches.

    Description

    Enable an Ethernet VPN (EVPN) on the routing instance.

    Required Privilege Level

    routing—To view this statement in the configuration.

    routing-control—To add this statement to the configuration.

    Configuring EVPN with VLAN-Based Service

    VLAN-based service supports the mapping of one or more routing instances of type EVPN to only one VLAN. There is only one bridge table that corresponds to the one VLAN. If the VLAN consists of multiple VLAN IDs (VIDs)—for example, there is a different VID per Ethernet segment on a provider edge device—then VLAN translation is required for packets that are destined to the Ethernet segment.

    To configure VLAN-based service and Layer 3 routing with two EVPN routing instances on a provider edge device.

    1. Configure the first routing instance of type evpn named evpn1.

      For example:

      [edit]
      user@switch# set routing-instances evpn1 instance-type evpn
    2. Configure the access interface for handling EVPN traffic.

      For example:

      [edit]
      user@switch# set routing-instances evpn1 interface xe-0/0/8.100
    3. Configure a Layer 3 integrated and routing (IRB) interface for the evpn1 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances evpn1 l3-interface irb.100
    4. Configure the Virtual Tunnel Endpoint interface for the evpn1 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances evpn1 vtep-source-interface lo0.0
    5. Configure a VLAN identifier for the evpn1 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances evpn1 vlan-id none
    6. Configure a route distinguisher for the evpn1 routing instance.

      For example:

      [edit]
      user@switch# routing-instances evpn1 route-distinguisher 1.2.3.11:1
    7. Configure the VPN routing and forwarding (VRF) target community for the evpn1 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances evpn1 vrf-target target:1234:11
    8. Configure the encapsulation type for the evpn1 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances evpn1 protocols evpn encapsulation vxlan
    9. Configure the VXLAN Network Identifier (VNI) for the evpn1 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances evpn1 vxlan vni 100
    10. Configure the second routing instance of type evpn named evpn2:

      For example:

      [edit]
      user@switch# set routing-instances evpn2 instance-type evpn
    11. Configure the access interface on the provider edge device (PE) for handling EVPN traffic.

      For example:

      [edit]
      user@switch# set routing-instances evpn2 interface xe-0/0/8.200
    12. Configure a Layer 3 integrated and routing (IRB) interface for the evpn2 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances evpn2 l3-interface irb.200
    13. Configure the loopback address as the virtual tunnel endpoint source interface for the evpn2 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances evpn2 vtep-source-interface lo0.0
    14. Configure the VLAN identifier for the evpn2 routing instance to be none.

      For example:

      [edit]
      user@switch# set routing-instances evpn2 vlan-id none
    15. Configure a route distinguisher for the evpn2 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances evpn2 route-distinguisher 1.2.3.11:2
    16. Configure the VPN routing and forwarding (VRF) target community for the evpn2 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances evpn2 vrf-target target:1234:24
    17. Configure the encapsulation type for the evpn2 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances evpn2 protocols evpn encapsulation vxlan
    18. Configure the VXLAN Network Identifier (VNI) for the evpn2 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances evpn2 vxlan vni 200
    19. Configure a VPN routing and forwarding (VRF) routing instance.

      For example:

      [edit]
      user@switch# set routing-instances vrf instance-type vrf
    20. Configure the first of two integrated routing and bridging (IRB) interface for the vrf instance.

      For example:

      [edit]
      user@switch# set routing-instances vrf interface irb.100
    21. Configure the second of two integrated routing and bridging (IRB) interface for the VPN routing and forwarding (VRF) instance.

      For example:

      [edit]
      user@switch# set routing-instances vrf interface irb.200
    22. Configure the loopback interface for the vrf instance.

      For example:

      [edit]
      user@switch# set routing-instances vrf interface lo0.1000
    23. Configure a unique route distinguisher for the VPN routing and forwarding (VRF) instance to identify from which EVPN the route belongs.

      For example:

      [edit]
      user@switch# set routing-instances vrf route-distinguisher 1.2.3.1:2
    24. Configure the VPN routing and forwarding (VRF) target community for the VPN routing and forwarding (VRF) routing instance.

      For example:

      [edit]
      user@switch# set routing-instances vrf vrf-target target:2222:22
    25. Configure the auto-export option to automatically derive the route target.

      For example:

      [edit]
      user@switch# set routing-instances vrf routing-options auto-export

    Configuring EVPN with VLAN-Aware Bundle Service

    VLAN-aware bundle services supports the mapping of one or more routing instances of type Virtual Switch to many VLAN IDs (VIDs) and multiple bridge tables, with each bridge table corresponding to a different VLAN. To enable VLAN-aware bundle service, configure a Virtual Switch routing instance. For service provider-related applications, where the VLAN ID is local to the Layer 2 logic interface, enable the flexible-vlan-tagging statement in your configuration. For enterprise-related applications (discussed in this topic), where the VLAN ID has global significance, enable the family ethernet-switching statement in your configuration.

    This configuration task explains how to configure Layer 2 switching and Layer 3 routing with two Virtual Switch routing instances and four VLANs on a provider edge device.

    1. Configure the xe-0/0/8 interface to be a trunk interface.

      For example:

      [edit]
      user@switch# set interfaces xe-0/0/8 unit 0 family ethernet-switching interface-mode trunk
    2. Configure the xe-0/0/8 interface to be included in VLANs v100 and v200.

      For example:

      [edit]
      user@switch# set interfaces xe-0/0/8 unit 0 family ethernet-switching vlan members v100
      user@switch# set interfaces xe-0/0/8 unit 0 family ethernet-switching vlan members v200
    3. Configure the xe-0/0/9 interface to be a trunk interface.

      For example:

      [edit]
      user@switch# set interfaces xe-0/0/9 unit 0 family ethernet-switching interface-mode trunk
    4. Configure the xe-0/0/9 interface to be included in VLANs v300 and v400.

      For example:

      [edit]
      user@switch# set interfaces xe-0/0/8 unit 0 family ethernet-switching vlan members v300
      user@switch# set interfaces xe-0/0/8 unit 0 family ethernet-switching vlan members v400
    5. Configure four IRB interfaces, each with unique IP addresses but with the same MAC address.

      For example:

      [edit]
      user@switch# set interfaces irb unit 100 family inet address 192.168.0.1/24
      user@switch# set interfaces irb unit 100 mac 00:00:ba:ba:00:01
      user@switch# set interfaces irb unit 200 family inet address 192.168.1.1/24
      user@switch# set interfaces irb unit 200 mac 00:00:ba:ba:00:01
      user@switch# set interfaces irb unit 300 family inet address 192.168.3.1/24
      user@switch# set interfaces irb unit 300 mac 00:00:ba:ba:00:01
      user@switch# set interfaces irb unit 400 family inet address 192.168.4.1/24
      user@switch# set interfaces irb unit 400 mac 00:00:ba:ba:00:01
    6. Configure the first of two routing instance of type virtual-switch.

      For example:

      [edit]
      user@switch# set routing-instances vs1 instance-type virtual-switch
    7. Configure the loopback address as the virtual tunnel endpoint source interface for the vs1 virtual switch routing instance.

      For example:

      [edit]
      user@switch# set routing-instances vs1 vtep-source-interface lo0.0
    8. Configure the access interface on the provider edge device (PE) for handling EVPN traffic.

      For example:

      [edit]
      user@switch# set routing-instances vs1 interface xe-0/0/8.0
    9. Configure a VLAN identifier for VLAN v100.

      For example:

      [edit]
      user@switch# set routing-instances vs1 vlans v100 vlan-id 100
    10. Configure a Layer 3 integrated and routing (IRB) interface for VLAN v100.

      For example:

      [edit]
      user@switch# set routing-instances vs1 vlans v100 l3-interface irb.100
    11. Configure a unique VXLAN Network Identifier for VLAN v100.

      For example:

      [edit]
      user@switch# set routing-instances vs1 vlans v100 vxlan vni 111
    12. Configure a VLAN identifier for VLAN v200.

      For example:

      [edit]
      user@switch# set routing-instances vs1 vlans v200 vlan-id 200
    13. Configure a Layer 3 integrated and routing (IRB) interface for VLAN v200.

      For example:

      [edit]
      user@switch# set routing-instances vs1 vlans v200 l3-interface irb.200
    14. Configure a unique VXLAN Network Identifier for VLAN v200.

      For example:

      [edit]
      user@switch# set routing-instances vs1 vlans v200 vxlan vni 222
    15. Configure a unique route distinguisher for the vs1 routing instance to identify from which EVPN the route belongs.

      For example:

      [edit]
      user@switch# routing-instances vs1 route-distinguisher 1.2.3.11:1
    16. Configure the VPN routing and forwarding (VRF) target community for the vs1 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances vs1 vrf-target target:65001:1
    17. Configure the encapsulation type for the vs1 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances vs1 protocols evpn encapsulation vxlan
    18. Specify that all VXLAN Network Identifiers (VNIs) for the vs1 routing instance are advertised.

      For example:

      [edit]
      user@switch# set routing-instances vs1 protocols evpn extended-vni-list all
    19. Disable advertisement of IRB interface MAC addresses in the EVPN control plane.

      Because you already specified in step 5 that each IRB interface is configured with the same MAC address, you do not need to advertise MAC addresses.

      For example:

      [edit]
      user@switch# set routing-instances vs1 protocols evpn default-gateway do-not-advertise
    20. Configure the second of two routing instance of type virtual-switch.

      For example:

      [edit]
      user@switch# set routing-instances vs2 instance-type virtual-switch
    21. Configure the loopback address as the virtual tunnel endpoint source interface for the vs2 virtual switch routing instance.

      For example:

      [edit]
      user@switch# set routing-instances vs2 vtep-source-interface lo0.0
    22. Configure the access interface on the provider edge device (PE) for handling EVPN traffic.

      For example:

      [edit]
      user@switch# set routing-instances vs2 interface xe-0/0/9.0
    23. Configure a VLAN identifier for VLAN v300.

      For example:

      [edit]
      user@switch# set routing-instances vs2 vlans v300 vlan-id 300
    24. Configure a Layer 3 integrated and routing (IRB) interface for VLAN v300.

      For example:

      [edit]
      user@switch# set routing-instances vs2 vlans v300 l3-interface irb.300
    25. Configure a unique VXLAN Network Identifier for VLAN v300.

      For example:

      [edit]
      user@switch# set routing-instances vs2 vlans v300 vxlan vni 333
    26. Configure a VLAN identifier for VLAN v400.

      For example:

      [edit]
      user@switch# set routing-instances vs2 vlans v400 vlan-id 400
    27. Configure a Layer 3 integrated and routing (IRB) interface for VLAN v400.

      For example:

      [edit]
      user@switch# set routing-instances vs2 vlans v400 l3-interface irb.400
    28. Configure a unique VXLAN Network Identifier for VLAN v400.

      For example:

      [edit]
      user@switch# set routing-instances vs2 vlans v400 vxlan vni 444
    29. Configure a unique route distinguisher for the vs2 routing instance to identify from which EVPN the route belongs.

      For example:

      [edit]
      user@switch# routing-instances vs2 route-distinguisher 1.2.3.11:2
    30. Configure the VPN routing and forwarding (VRF) target community for the vs2 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances vs2 vrf-target target:65001:2
    31. Configure the encapsulation type for the vs2 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances vs2 protocols evpn encapsulation vxlan
    32. Specify which VXLAN Network Identifier (VNI) lists are part of the vs2 routing instance.

      For example:

      [edit]
      user@switch# set routing-instances vs2 protocols evpn extended-vni-list 333
      user@switch# set routing-instances vs2 protocols evpn extended-vni-list 444
    33. Disable advertisement of IRB interface MAC addresses in the EVPN control plane.

      Because you already specified in step 5 that each IRB interface is configured with the same MAC address, you do not need to advertise MAC addresses.

      For example:

      [edit]
      user@switch# set routing-instances vs2 protocols evpn default-gateway do-not-advertise

    vlan-id (routing instance)

    Syntax

    vlan-id (vlan-id | all | none);

    Hierarchy Level

    [edit logical-systems logical-system-name routing-instances routing-instance-name],
    [edit routing-instances routing-instance-name]
    [edit routing-instances routing-instance-name instance-type]

    Release Information

    Statement introduced in Junos OS Release 13.2.

    Statement introduced in Junos OS Release 14.2 for EX Series switches.

    Description

    Specify 802.1Q VLAN tag IDs to a routing instance.

    Options

    vlan-id—A valid VLAN identifier.

    Range: For 4-port Fast Ethernet PICs, 512 through 1023. For 1-port and 10-port Gigabit Ethernet PICs configured to handle VPLS traffic, 512 through 4094.

    all—Include all VLAN identifiers specified on the logical interfaces included in the routing instance.

    none—Include no VLAN identifiers for the routing instance.

    Required Privilege Level

    routing—To view this statement in the configuration.

    routing-control—To add this statement to the configuration.

    Release History Table

    Release
    Description
    Starting with Junos OS Release 14.2, VLAN-aware bundle service is introduced on EX9200 switches.
    Starting with Junos OS Release 17.3, VLAN-aware bundle service is introduced on QFX Series switches.
    Starting with Junos OS Release 14.1, VLAN-aware bundle service is introduced on MX Series routers.

    Modified: 2017-11-29