Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring Edge Virtual Bridging for Use with VEPA Technology

    Virtual machines (VMs) can use a physical switch that is adjacent to the VMs’ server to send packets both to other VMs and to the rest of the network when two conditions have been met:

    • Virtual Ethernet packet aggregator (VEPA) is configured on the VM server.
    • Edge virtual bridging (EVB) is configured on the switch.

    This example shows how to configure EVB on the switch so that packets can flow to and from the virtual machines.

    Requirements

    This example uses the following hardware and software components:

    • One EX4500 or EX8200 switch
    • Junos OS Release 12.1 or later for EX Series switches

    Before you configure EVB on a switch, be sure you have configured the server with virtual machines, the VLANs, and VEPA:

    Note: The following are the numbers of components used in this example, but you can use fewer or more to configure the feature.

    • On the server, configure six virtual machines, VM 1 through VM 6 as shown in Figure 1. See your server documentation.
    • On the server, configure three VLANs named VLAN_Purple, VLAN_Orange, and VLAN_Blue, and add two virtual machines to each VLAN. See your server documentation.
    • On the server, install and configure VEPA to aggregate the virtual machine packets.
    • On the switch, configure one interface with the same three VLANs as the server (VLAN_Purple, VLAN_Orange, and VLAN_Blue). See Configuring VLANs for EX Series Switches (CLI Procedure).

    Overview and Topology

    EVB is a software capability that provides multiple virtual end stations that communicate with each other and with external switches in the Ethernet network environment.

    This example demonstrates the configuration that takes place on a switch when that switch is connected to a server with VEPA configured. In this example, a switch is already connected to a server hosting six virtual machines (VMs) and configured with VEPA for aggregating packets. The server’s six virtual machines are VM 1 through VM 6, and each virtual machine belongs to one of the three server VLANs—VLAN_Purple, VLAN_Orange, or VLAN_Blue. Because VEPA is configured on the server, no two VMs can communicate directly—all communication between VMs must happen via the adjacent switch. Figure 1 shows the topology for this example.

    Edge Virtual Bridging Example Topology

    Figure 1: Topology

    Topology

    The VEPA component of the server pushes all packets from any VM, regardless of whether the packets are destined to other VMs on the same server or to any external host, to the adjacent switch. The adjacent switch applies policies to incoming packets based on the interface configuration and then forwards the packets to appropriate interfaces based on the MAC learning table. If the switch has not yet learned a destination MAC, it floods the packet to all interfaces, including the source port on which the packet arrived.

    Table 1 shows the components used in this example.

    Table 1: Components of the Topology for Configuring EVB

    ComponentDescription

    EX Series switch

    For a list of switches that support this feature, see EX Series Switch Software Features Overview.

    ge-0/0/20

    Switch interface to the server.

    Server

    Server with virtual machines and VEPA technology.

    Virtual machines

    Six virtual machines located on the server, named VM 1, VM 2, VM 3, VM 4, VM 5, and VM 6.

    VLANs

    Three VLANs, named VLAN_Purple, VLAN_Orange, and VLAN_Blue. Each VLAN has two virtual machine members.

    VEPA

    A virtual Ethernet port aggregator (VEPA) is a software capability on a server that collaborates with an adjacent, external switch to provide bridging support between multiple virtual machines and with external networks. The VEPA collaborates with the switch by forwarding all VM-originated frames to the adjacent bridge for frame processing and frame relay (including hairpin forwarding) and by steering and replicating frames received from the VEPA uplink to the appropriate destinations.

    Note: Configuring EVB also enables Virtual Station Interface (VSI) Discovery and Configuration Protocol (VDP).

    Configuration

    CLI Quick Configuration

    To quickly configure EVB, copy the following commands and paste them into the switch’s CLI at the [edit] hierarchy level.

    set interfaces ge-0/0/20 unit 0 family ethernet-switching port-mode tagged-access
    set protocols lldp interface ge-0/0/20.0
    set vlans vlan_purple interface ge-0/0/20.0
    set vlans vlan_orange interface ge-0/0/20.0
    set vlans vlan_blue interface ge-0/0/20.0
    set protocols edge-virtual-bridging vsi-discovery interface ge-0/0/20.0
    set policy-options vsi-policy P1 from vsi-manager 98 vsi-type 998 vsi-version 4 vsi-instance 09b11c53-8b5c-4eeb-8f00-c84ebb0bb998
    set policy-options vsi-policy P1 then filter f2
    set policy-options vsi-policy P3 from vsi-manager 97 vsi-type 997 vsi-version 3 vsi-instance 09b11c53-8b5c-4eeb-8f00-c84ebb0bb997
    set policy-options vsi-policy P3 then filter f3
    set firewall family ethernet-switching filter f2 term t1 then accept
    set firewall family ethernet-switching filter f2 term t1 then count f2_accept
    set firewall family ethernet-switching filter f3 term t1 then accept
    set firewall family ethernet-switching filter f3 term t1 then count f3_accept
    set protocols edge-virtual-bridging vsi-discovery vsi-policy P1
    set protocols edge-virtual-bridging vsi-discovery vsi-policy P3

    Step-by-Step Procedure

    To configure EVB on the switch:

    1. Configure tagged-access mode for the interfaces on which you will enable EVB:
      [edit interfaces ge-0/0/20]
      user@switch# set unit 0 family ethernet-switching port-mode tagged-access
    2. Enable the Link Layer Discovery Protocol (LLDP) on the ports interfaces on which you will enable EVB:
      [edit protocols]
      user@switch# set lldp interface ge-0/0/20.0
    3. Configure the interface as a member of all VLANs located on the virtual machines.
      [edit]
      user@switch# set vlans vlan_purple interface ge-0/0/20.0
      user@switch# set vlans vlan_orange interface ge-0/0/20.0
      user@switch# set vlans vlan_blue interface ge-0/0/20.0
    4. Enable the VSI Discovery and Control Protocol (VDP) on the interface:
      [edit protocols]
      user@switch# set edge-virtual-bridging vsi-discovery interface ge-0/0/20.0
    5. Define policies for VSI information. VSI information is based on a VSI manager ID, VSI type, VSI version, and VSI instance ID:
      [edit policy-options]
      user@switch# set vsi-policy P1 from vsi-manager 98 vsi-type 998 vsi-version 4 vsi-instance 09b11c53-8b5c-4eeb-8f00-c84ebb0bb998
      user@switch# set vsi-policy P1 then filter f2
      user@switch# set vsi-policy P3 from vsi-manager 97 vsi-type 997 vsi-version 3 vsi-instance 09b11c53-8b5c-4eeb-8f00-c84ebb0bb997
      user@switch# set vsi-policy P3 then filter f3
    6. Two VSI policies were defined in the previous step, each of them mapping to different firewall filters. Define the firewall filters:
      [edit firewall family ethernet-switching]
      user@switch# set filter f2 term t1 then accept
      user@switch# set filter f2 term t1 then count f2_accept
      user@switch# set filter f3 term t1 then accept
      user@switch# set filter f3 term t1 then count f3_accept
    7. Associate VSI policies with VSI-discovery protocol
      [edit]
      user@switch# set protocols edge-virtual-bridging vsi-discovery vsi-policy P1
      user@switch# set protocols edge-virtual-bridging vsi-discovery vsi-policy P3

    Results

    user@switch# show protocols
    edge-virtual-bridging {
    vsi-discovery {
        interface {
            ge-0/0/20.0;
        }
        vsi-policy {
            P1;
            P3;
        }
    }
}
lldp {
    interface ge-0/0/20.0;
    user@switch# show policy-options
    vsi-policy P1 {
    from {
        vsi-manager 98 vsi-type 998 vsi-version 4 vsi-instance 09b11c53-8b5c-4ee
b-8f00-c84ebb0bb998;
    }
    then {
        filter f2;
    }
}
vsi-policy P3 {
    from {
        vsi-manager 97 vsi-type 997 vsi-version 3 vsi-instance 09b11c53-8b5c-4ee
b-8f00-c84ebb0bb997;
    }
    then {
        filter f3;
    }
}
    user@switch# show vlans
    vlan_blue {
    interface {
        ge-0/0/20.0;
    }
}
vlan_orange {
    interface {
        ge-0/0/20.0;
    }
}
vlan_purple {
    interface {
        ge-0/0/20.0;
        interface;
    }
}
    user@switch# show firewall
    family ethernet-switching {
        filter f2 {
        term t1 {
            then {
                accept;
                count f2_accept;
            }
        }
    }
    filter f3 {
        term t1 {
            then {
                accept;
                count f3_accept;
            }
        }
    }
}

    Verification

    To confirm that EVB is enabled and working correctly, perform these tasks:

    Verifying That EVB is Correctly Configured

    Purpose

    Verify that EVB is correctly configured

    Action

    user@switch# show edge-virtual-bridging
    Interface     Forwarding Mode      RTE   Number of VSIs  Protocols 
    ge-0/0/20.0   Reflective-relay     25    400             ECP, VDP, RTE

    Meaning

    When LLDP is first enabled, an EVB LLDP exchange takes place between switch and server using LLDP. As part of this exchange the following parameters are negotiated: Number of VSIs supported, Forwarding mode, ECP support, VDP support, and Retransmission Timer Exponent (RTE). If the output has values for the negotiated parameters, EVB is correctly configured.

    Verifying That the Virtual Machine Successfully Associated With the Switch

    Purpose

    Verify that the virtual machine successfully associated with the switch. After successful association of VSI Profile with the switch interface, verify the learning of the VM’s MAC address on MAC-Table or Forwarding database Table. The learn type of the VM’s MAC addresses will be VDP, and upon successful shutdown of VM the corresponding MAC-VLAN entry will get flushed out from FDB table otherwise it will never shutdown.

    Action

    user@switch# run show ethernet-switching table
    Ethernet-switching table: 10 entries, 4 learned
VLAN	MAC address	     Type	 Age	 Interfaces
v3 	* 		     Flood        -      All-members
v3      00:02:a6:11:bb:1a    VDP          -      ge-1/0/10.0
v3      00:02:a6:11:cc:1a    VDP          -      ge-1/0/10.0
v3 	00:23:9c:4f:70:01    Static       -      Router
v4      *                    Flood        -      All-members
v4      00:02:a6:11:bb:bb    VDP          -      ge-1/0/10.0
v4      00:23:9c:4f:70:01    Static       -      Router
v5      *                    Flood        -      All-members
v5      00:23:9c:4f:70:01    Static       -      Router
v5      52:54:00:d5:49:11    VDP          -      ge-1/0/20.0

    Verifying That VSI Profiles Are Being Learned at the Switch

    Purpose

    Verify that VSI profiles are being learned at the switch.

    Action

    user@switch# show edge-virtual-bridging vsi-profiles
    Interface: ge-0/0/20.0 
    Manager: 97, Type: 997, Version: 3, VSI State: Associate 
     Instance: 09b11c53-8b5c-4eeb-8f00-c84ebb0bb997   
          MAC                       VLAN   
          00:10:94:00:00:04         3

    Meaning

    Whenever VMs configured for VEPA are started at the server, the VMs start sending VDP messages. As part of this protocol VSI profiles are learned at the switch.

    If the output has values for Manager, Type, Version, VSI State, and Instance, VSI profiles are being learned at the switch.

     

    Related Documentation

     

    Published: 2013-07-08

    Previous Page Next Page