Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

How to Configure a Campus Network using EVPN Multihoming

 

Requirements

This configuration example uses the following devices:

  • Two EX4650 switches or two QFX5120 switches as collapsed core devices. Software version: Junos OS Release 20.2R2 or later

    Note

    EX4650 and QFX5120 switches are similar and can be used interchangeably.

  • One EX4300 or EX4400 switch as the access layer. In your configuration, this can be a Juniper Networks switch or a third-party switch.

  • Mist Access Point.

Overview

Use this network configuration example to deploy a single campus fabric with a Layer 3 IP-based underlay network that uses EVPN as the control plane protocol and VXLAN as the data plane protocol in the overlay network.

You can use BGP or OSPF as the underlay routing protocol to exchange loopback routes. In this example, you will first configure BGP as the underlay routing protocol. You will then configure iBGP between the core and distribution devices in the overlay to share reachability information about endpoints in the fabric.

Topology

In this example, each device is configured with a /32 loopback address. Figure 1 shows the physical topology and the IP addressing scheme used in this example.

Figure 1: EVPN-VXLAN Campus Fabric
EVPN-VXLAN Campus
Fabric

Details

In this NCE, we design the network for three different types of users and devices (Employees, Guests, and IoT devices) that will be connecting to network through wired and wireless access. Employees, Guests, and IoT devices are mapped to different virtual networks and VNIs. Table 1 displays the configuration information for this NCE.

Table 1: NCE Configuration Information

Virtual Network

Wired Network

Wireless Network

VRF

Loopback

Route Distinguisher

Employees

IRB: 101

Subnet: 192.168.101.3/24

IRB: 102

Subnet: 192.168.102.3/24

JNPR_2_VRF

Lo0.102/192.168.251.14/32

102

Guests

IRB: 201

Subnet: 192.168.201.3/24

IRB: 202

Subnet: 192.168.202.3/24

JNPR_1_VRF

Lo0.101/192.168.251.13/32

101

IoT Devices

IRB: 301

Subnet: 192.168.210.3/24

IRB: 302

Subnet: 192.168.212.3/24

JNPR_3_VRF

Lo0.103/192.168.251.15/32

103

Configure the Underlay IP Fabric

Overview

This section illustrates how to configure the IP fabric underlay on the collapsed core switches using BGP.

Interface and Underlay Configuration

Use this section to configure the underlay on the collapsed core switches.

This section shows the step-by-step configuration procedures for each device.

Collapsed Core 1 Configuration

Step-by-Step Procedure

  1. Configure the interfaces connected to the collapsed core switches. To avoid a split-brain state in the network, we recommend configuring at least two links between the collapsed core switches and configuring multihoming from the access switches to the collapsed core switches.
  2. Configure the loopback interface and router ID and enable per-packet load balancing.
  3. Configure the BGP underlay network.

Collapsed Core 2 Configuration

Step-by-Step Procedure

  1. Configure the interfaces connected to the collapsed core devices. To avoid a split-brain state in the network, we recommend configuring at least two links between the collapsed core switches and configuring multihoming from the access switches to the collapsed core switches.
  2. Configure the loopback interface and router ID and enable per-packet load balancing.
  3. Configure the BGP underlay network.

Configure the Overlay

Overview

This section shows how to configure the overlay. It includes iBGP peerings, the VLAN to VXLAN mappings, and the IRB interface configurations for the virtual networks.

Topology

In this example, there are three virtual networks: (a “separate” network for employees, guests, and IoT). The IRB interfaces for these virtual networks are on the core switches. All IRB interfaces are placed in the same routing instance. Place IRB interfaces in different routing instances for network segmentation if needed in your deployment.

Figure 2 shows the overlay virtual network topology.

Figure 2: Overlay Virtual Network Topology
Overlay Virtual Network
Topology

Overlay and Virtual Network Configuration

Use this section to configure the overlay and virtual networks on the collapsed core layer switches.

This section shows the step-by-step configuration procedures for each device.

Collapsed Core 1 Configuration

Step-by-Step Procedure

  1. Configure iBGP neighbors from the collapsed core switch to the core switches.
  2. Configure switch options on the collapsed core switch.
  3. Enable VXLAN encapsulation.
  4. Configure VLANs and VXLAN mappings.
  5. Configure the IRB interfaces for the Employees, Guests, and the IoT devices VLANs.
  6. Configure the VRF instances.
  7. (Optional) Enable IGMP snooping to constrain the flooding of IPv4 multicast traffic on the VLANs.

Collapsed Core 2 Configuration

Step-by-Step Procedure

  1. Configure iBGP neighbors from the collapsed core switch to the core switches.
  2. Configure switch options on the collapsed core switch.
  3. Enable VXLAN encapsulation.
  4. Configure VLANs and VXLAN mappings.
  5. Configure the IRB interfaces for the Employees, Guests, and the IoT devices VLANs.
  6. Configure the VRF instances.
  7. (Optional) Enable IGMP snooping to constrain the flooding of IPv4 multicast traffic on the VLANs.

Configure Multihoming Between the Access Layer Switch and Collapsed Core Switches

This section illustrates the configurations necessary to multihome uplink interfaces from an access layer switch to collapsed core layer switches. Use this example to configure the multihome access layer uplink interfaces in the same aggregated Ethernet interface to multiple collapsed core switches.

When you configure EVPN multihoming, use the same ESI value to configure a multihomed segment on the different collapsed core switch interfaces that connect to the same access switch. ESI values are encoded as 10-byte integers and are used to identify a multihomed segment. We recommend using an ESI value that uses the same values on the first 8 bytes and changes only the 9th and 10th bytes per EVPN LAG.

Topology

The access layer supports Layer 2 for VLANs. The uplink from the access layer is an aggregated Ethernet link bundle or LAG configured as a trunk port that carries the VLANs from the access layer switch to the collapsed core layer switches.

Figure 3 shows the physical topology for connectivity between one access layer switch and the Collapsed Core 1 switch.

Figure 3: Multihoming Topology
Multihoming Topology

Configuration

Use this example to configure the collapsed core layer for EVPN multihoming and the access layer switch.

This section shows the step-by-step configuration procedures for each device.

Collapsed Core 1 Configuration

Step-by-Step Procedure

  1. Specify which members to include in the aggregated Ethernet bundle. Note

    We recommend that you use a minimum 10-Gigabit Ethernet interface.

  2. Configure the aggregated Ethernet interface, including the Ethernet segment identifier (ESI), which assigns the multihomed interface on this switch to an Ethernet segment. The ESI value must be the same on the different multihomed interfaces.Note

    In this example, we use ESI 00:11:11:11:11:11:11:11:11:01 to connect to Access Switch 1 and ESI 00:11:11:11:11:11:11:11:11:02 to connect to Access Switch 2.

Collapsed Core 2 Configuration

Step-by-Step Procedure

  1. Specify which members to include in the aggregated Ethernet bundle.Note

    We recommend that you use a minimum 10-Gigabit Ethernet interface.

  2. Configure the aggregated Ethernet interface, including the Ethernet segment identifier (ESI), which assigns the multihomed interface on this switch to an Ethernet segment. The ESI value must be the same on the different multihomed interfaces.Note

    In this example, we use ESI 00:11:11:11:11:11:11:11:11:01 to connect to Access Switch 1 and ESI 00:11:11:11:11:11:11:11:11:02 to connect to Access Switch 2.

Access Switch Configuration

Step-by-Step Procedure

  1. Specify which members to include in the aggregated Ethernet bundle.
  2. Configure the aggregated Ethernet interface.
  3. Configure the VLANs.

    You now have multihomed the uplink interfaces from the access layer switch to the collapsed core devices.

    If you have multiple access layer switches in your network, repeat this configuration procedure for each switch.

Note

For more information on configuring ports for PoE, trunk ports for Access Point, and configuring 802.1X, see How to Configure the SRX Router.

Verification

Overview

Log in to each device and verify that the EVPN-VXLAN fabric has been configured.

Verification

Collapsed Core 1: Verifying BGP Sessions

Purpose

Verify the state of the BGP sessions with the core devices.

Action

Verify that the Collapsed Core 1 iBGP sessions are established with the loopbacks of the core devices, which have IP addresses 192.168.0.4 and 192.168.0.5.

Meaning

The iBGP sessions are established with the loopbacks of the core devices using MP-iBGP with EVPN signaling in the overlay layer to enable the exchange of EVPN routes.

Collapsed Core 2: Verifying BGP Sessions

Purpose

Verify the state of the BGP sessions with the Collapsed Core 2.

Action

Verify that BGP sessions are established with the core devices. The IP addresses of the core devices are 192.168.0.4 and 192.168.0.5.

Meaning

The iBGP sessions are established with the loopbacks of the core devices using MP-iBGP with EVPN signaling in the overlay layer to enable the exchange of EVPN routes.

Collapsed Core 1: Verifying EVPN Database Information

Purpose

Verify that the EVPN database has been populated correctly.

Action

Verify that the EVPN database is installing MAC address information for locally attached hosts and receiving advertisements from other leaf devices with information about remote hosts.

Meaning

The output above confirms that the EVPN database is properly learning and installing MAC routes for all endpoints. It also shows the relationship between MAC addresses and their associated VNIs: 5101, 5102, 5201, 5202 , 5301 and 5302.

Collapsed Core 2: Verifying EVPN Database Information

Purpose

Verify that the EVPN database has been populated correctly.

Action

Verify that the EVPN database is installing MAC address information for locally attached hosts and receiving advertisements from the other leaf devices with information about remote hosts.

Meaning

The output above confirms that the EVPN database is properly learning and installing MAC routes for all endpoints. It also shows the relationship between MAC addresses and their associated VNIs: 5101, 5102, 5201, 5202 , 5301 and 5302.

Collapsed Core 1: Verifying Local Switching Table Information

Purpose

Verify that the local switching table has been populated correctly.

Action

Verify that the local switching table is installing MAC address information for locally attached hosts and receiving advertisements from the other leaf devices with information about remote hosts.

Meaning

The output above confirms that the local switching table is correctly learning and installing MAC addresses for all endpoints. It also shows the relationship between MAC addresses, VLANs they are associated to (in this case, VLANs 101,102, 201,202, 301 and 302), and their next-hop interface.

Collapsed Core 2: Verifying Local Switching Table Information

Purpose

Verify that the local switching table has been populated correctly.

Action

Verify that the local switching table is installing MAC address information for locally attached hosts and receiving advertisements from the other leaf devices with information about remote hosts.

Meaning

The output above confirms that the local switching table is correctly learning and installing MAC addresses for all endpoints. It also shows the relationship between MAC addresses, VLANs they are associated to (in this case, VLANs 101,102, 201,202, 301 and 302), and their next-hop interface.

Collapsed Core1: Verifying Multihomed Ethernet Segment

Purpose

Check the multihomed connection from Access Switch 1 to the collapsed core devices.

Action

Verify the local interfaces that are part of the Ethernet segment, other collapsed core devices that are part of the same Ethernet segment, the bridge domains that are part of the Ethernet segment, and the designated forwarder for the Ethernet segment.

Meaning

Interface ae11.0 is part of this Ethernet segment. The virtual networks (Employees, Guests, and IoT) are part of this Ethernet segment. The remote PE or collapsed core device participating in this Ethernet segment is 192.168.1.11.

Collapsed Core 2: Verifying Multihomed Ethernet Segment

Purpose

Check the multihomed connection from Access Switch 1 to the collapsed core.

Action

Verify that the local interfaces that are part of the Ethernet segment, other collapsed core devices that are part of the same Ethernet segment, the bridge domains that are part of the Ethernet segment, and the designated forwarder for the Ethernet segment.

Meaning

Interface ae11.0 is part of this Ethernet segment. The virtual networks 1, 2, and 3 are part of this Ethernet segment. The remote PE, or collapsed core device, participating in this Ethernet segment is 192.168.1.12.