Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

How to Configure an EVPN-VXLAN Fabric for a Campus Network With ERB

 

Requirements

This configuration example uses the following devices:

  • Two EX9200 switches as core devices. Software version: Junos OS Release 20.2R2.

  • Two EX4650/QFX5120 switches as distribution devices. Software version: Junos OS Release 20.2R2.

  • One EX4300 or EX4400 switch as the access layer. In your configuration, this can be a Juniper Networks switch or a third-party switch.

  • One SRX Series device.

  • One WAN router.

  • Mist Access Points

Overview

Use this NCE to deploy a single campus fabric with a Layer 3 IP-based underlay network that uses EVPN as the control plane protocol and VXLAN as the data plane protocol in the overlay network. In this example you deploy an Edge-routing bridging (ERB) architecture. See EVPN-VXLAN Campus Architectures for details on supported EVPN-VXLAN campus architectures. Refer to Technology Primer: EVPN-VXLAN Fabrics for the Campus for background information on the benefits of EVPN-VXLAN technology for a campus network.

First, configure EBGP as the underlay routing protocol to exchange loopback routes. Then, configure IBGP between the core and distribution devices in the overlay to share reachability information about endpoints in the fabric.

In this NCE, design the network for three different types of users and devices (Employees, Guests, and IoT devices) that will be connecting to network through wired and wireless access. Employees, Guests, and IoT devices are mapped to different virtual networks and VNIs. Table 1 displays the configuration information for this NCE.

Table 1: EVPN-VXLAN Fabric Configuration Information

Virtual Network

Wired Network

Wireless Network

VRF

Loopback

Route Distinguisher

Employees

IRB: 101

Gateway IP Address: 192.168.101.3/24

IRB: 102

Subnet: 192.168.102.3/24

JNPR_2_VRF

Lo0.102/192.168.251.14/32

102

Guests

IRB: 201

Gateway IP Address: 192.168.201.3/24

IRB: 202

Subnet: 192.168.202.3/24

JNPR_1_VRF

Lo0.101/192.168.251.13/32

101

IoT Devices

IRB: 301

Gateway IP Address: 192.168.210.3/24

IRB: 302

Subnet: 192.168.212.3/24

JNPR_3_VRF

Lo0.103/192.168.251.15/32

103

Topology

In this example, each device is configured with a /32 loopback address. Figure 1 shows the physical topology and the IP addressing scheme used in this example.

Figure 1: EVPN-VXLAN Fabric
EVPN-VXLAN Fabric

Configure the Underlay IP Fabric

Overview

This section shows how to configure the IP fabric underlay on the core and distribution layer switches using EBGP.

Interface and Underlay Configuration

Use this section to configure the underlay on the core and distribution layer switches.

Core 1 Configuration

Step-by-Step Procedure

  1. Configure the interconnect interfaces between the two core devices and the connectivity to the distribution switches.
  2. Configure the loopback interface and router ID.
  3. Enable per-packet load balancing.
  4. Configure the BGP underlay network.

Core 2 Configuration

Step-by-Step Procedure

  1. Configure the interconnect interfaces between the two core devices and the connectivity to distribution switches.
  2. Configure the loopback interface and router ID.
  3. Enable per-packet load balancing.
  4. Configure the BGP underlay network.

Distribution 1 Configuration

Step-by-Step Procedure

  1. Configure the interfaces connected to the core devices.
  2. Configure the loopback interface and router ID and enable per-packet load balancing.
  3. Configure the EBGP underlay network.

Distribution 2 Configuration

Step-by-Step Procedure

  1. Configure the interfaces connected to the core devices.
  2. Configure the loopback interface and router ID and enable per-packet load balancing.
  3. Configure the EBGP underlay network.

Configure the Overlay

Overview

This section shows how to configure the overlay. It includes IBGP peerings, the VLAN to VXLAN mappings, and the IRB interface configurations for the virtual networks.

Topology

In this example, there are three virtual networks: 1, 2, and 3. The IRB interfaces for these virtual networks are defined on the distribution switches in keeping with an ERB architecture. All IRB interfaces are placed in the same routing instance on the distribution switches. Place IRB interfaces in different routing instances for network segmentation if needed in your deployment.

Figure 2 shows the overlay virtual network topology.

Figure 2: Overlay Virtual Network Topology
Overlay Virtual Network
Topology

Overlay and Virtual Network Configuration

Use this section to configure the overlay and virtual networks on the core and distribution layer switches.

Core 1 Configuration

Set the AS number and configure IBGP neighbors between core and distribution devices.

You do not need to configure IBGP neighbors between Core 1 and Core 2 because they receive all BGP updates from Distribution 1 and Distribution 2.

Configure the core devices as route reflectors to eliminate the need for a full IBGP mesh between all distribution layer switches. This also makes the configuration on the distribution layer devices simple and consistent.

Step-by-Step Procedure

Core 2 Configuration

Set the AS number and configure IBGP neighbors between core and distribution devices. Configure the core devices as route reflectors to eliminate the need for full mesh IBGP configuration between all distribution layer devices.

Step-by-Step Procedure

Distribution 1 Configuration

Step-by-Step Procedure

  1. Configure IBGP neighbors from the distribution switch to the core switches.
  2. Configure Layer 3 IRB interfaces for the virtual networks. IRB interface 101 and 102 will be used to send employee traffic and IRB interface 201 and 202 for guest traffic and IRB interface 301 and 302 will be used for IOT traffic.
  3. Configure VRF under the routing instance.
  4. Configure switch options on the distribution switch.
  5. Enable VXLAN encapsulation.
  6. Configure VLANs and VXLAN mappings.

Distribution 2 Configuration

Step-by-Step Procedure

  1. Configure IBGP neighbors from the distribution switch to the core switches.
  2. Configure Layer 3 IRB interfaces for the virtual networks. IRB interface 101 and 102 will be used to send employee traffic and IRB interface 201 and 202 for guest traffic and IRB interface 301 and 302 will be used for IOT traffic.
  3. Configure VRF under the routing instance.
  4. Configure switch options on the distribution switch.
  5. Enable VXLAN encapsulation.
  6. Configure VLANs and VXLAN mappings.

Configure Multihoming Between Access Layer Switch and Distribution Layer Devices

Overview

This section shows how to configure multihome uplink interfaces from an access layer switch to distribution layer devices. Use this example to multihome access layer uplink interfaces in the same aggregated Ethernet interface to multiple distribution layer devices.

Topology

The access layer supports Layer 2 for VLANs. The uplink from the access layer is an aggregated Ethernet link bundle or LAG configured as a trunk port that carries the VLANs from the access layer switch to the distribution layer switches.

Figure 3 shows the physical topology.

Figure 3: Multihoming Topology
Multihoming Topology

Configuration

Use this example to configure the distribution layer for EVPN multihoming and the access layer switch.

Distribution 1 Configuration

Step-by-Step Procedure

  1. Specify which members to include in the aggregated Ethernet bundle.
  2. Configure the aggregated Ethernet interface. This includes the Ethernet segment identifier (ESI), which assigns multihomed interfaces into an Ethernet segment and must match on all multihomed interfaces.
  3. Configure the IRB interfaces for Mist AP VLAN-ID 125 mapped to VNI 1000125.
  4. Configure the aggregated Ethernet interface ae11 between the distribution and access switches.
  5. Configure DHCP relay on the IRB interfaces to forward the DHCP requests for the AP management.

Distribution 2 Configuration

Step-by-Step Procedure

  1. Specify which members to include in the aggregated Ethernet bundle.
  2. Configure the aggregated Ethernet interface, including the ESI.
  3. Configure the IRB interfaces for Mist AP VLAN-ID 125 mapped to VNI 1000125.
  4. Configure the aggregated Ethernet interface ae11 between the distribution and access switches.
  5. Configure DHCP relay on the IRB interfaces to forward the DHCP requests for the AP management.

Access Switch Configuration

Step-by-Step Procedure

  1. Specify which members to include in the aggregated Ethernet bundle.
  2. Configure the aggregated Ethernet interface.
  3. Configure the VLANs. VLAN 125 sends management traffic from Mist APs to the Internet. Configure VLAN 101-102, VLAN 201-202, and VLAN 301-302 to connect wired and wireless client devices.
  4. Configure the Access Ports as trunk ports to connect Mist Access Points. For example, you can configure an SSID for employees, guests and IOT and map them to VLAN 102, VLAN 202, and VLAN 302 respectively.

    Note that Mist AP receives the IP address from native VLAN 125.

    You have now multihomed the uplink interfaces from the access layer switch to the distribution layer devices.

    If you have multiple access layer switches in your network, repeat this configuration procedure for each switch.

Verification

Overview

Log in to each device and verify that the EVPN-VXLAN fabric has been configured.

Verification

Distribution 1: Verifying BGP Sessions

Purpose

Verify the state of the BGP sessions with the core devices.

Action

Verify the Distribution 1 IBGP sessions are established with the loopbacks of the core devices, which have IP addresses 192.168.0.1 and 192.168.0.2.

Meaning

The IBGP sessions are established with the loopback interfaces of the core devices using MP-IBGP with EVPN signaling to form the overlay layer and exchange EVPN routes.

Distribution 1: Verifying EVPN Database Information

Purpose

Verify that the EVPN database has been populated correctly.

Action

Verify that the EVPN database is installing MAC address information for locally attached hosts and receiving advertisements from the other leaf devices with information about remote hosts.

Meaning

The output above confirms that the EVPN database is properly learning and installing MAC routes for all endpoints. It also shows the relationship between MAC addresses and their associated VNIs: 100101, 100102, and 100201.

Distribution 1: Verifying Local Switching Table Information

Purpose

Verify that the local switching table has been populated correctly.

Action

Verify that the local switching table is installing MAC address information for locally attached hosts and receiving advertisements from the other leaf devices with information about remote hosts.

Meaning

The output above confirms that the local switching table is correctly learning and installing MAC addresses for all endpoints. It also shows the relationship between MAC addresses, VLANs they are associated to (in this case, VLANs 101,102, 201, 202), and their next-hop interface.

Distribution 1: Verifying Multihomed Ethernet Segment

Purpose

Check the multihome connection from Access Switch 1 to the distribution devices.

Action

Verify the local interfaces that are part of the Ethernet segment, other distribution devices that are part of the same Ethernet segment, the bridge domains that are part of the Ethernet segment, and the designated forwarder for the Ethernet segment.

Meaning

Interface ae11.0 is part of this Ethernet segment. The virtual networks 101, 102,201,202, 301 and 302 are part of this Ethernet segment. The remote PE or distribution device participating in this Ethernet segment is 192.168.1.2. In this multihomed Ethernet segment, the local distribution device Distribution 1 is the designated forwarder for broadcast, unknown unicast, and multicast (BUM) traffic. This means only Distribution 1 will forward BUM traffic into this Ethernet segment.

Distribution 2: Verifying BGP Sessions

Purpose

Verify the state of the BGP sessions with the core devices.

Action

Verify that BGP sessions are established with the core devices. The IP addresses of the core devices are 192.168.0.1 and 192.168.0.2.

Meaning

The IBGP sessions are established with the loopbacks of the core devices using MP-IBGP with EVPN signaling to form the overlay layer and enable the exchange of EVPN routes.

Distribution 2: Verifying EVPN Database Information

Purpose

Verify that the EVPN database has been populated correctly.

Action

Verify that the EVPN database is installing MAC address information for locally attached hosts and receiving advertisements from the other leaf devices with information about remote hosts.

Meaning

The output above confirms that the EVPN database is properly learning and installing MAC routes for all endpoints. It also shows the relationship between MAC addresses and their associated VNIs: 100101, 100102, and 100201.

Distribution 2: Verifying Local Switching Table Information

Purpose

Verify that the local switching table has been populated correctly.

Action

Verify that the local switching table is installing MAC address information for locally attached hosts and receiving advertisements from the other leaf devices with information about remote hosts.

Meaning

The output above confirms that the local switching table is correctly learning and installing MAC addresses for all endpoints. It also shows the relationship between the MAC addresses, their associated VLANs (VLANs 101, 102, 201, 202, 301, and 302), and their next-hop interfaces.

Distribution 2: Verifying Multihomed Ethernet Segment

Purpose

Check the multihome connection from Access Switch 1 to the distribution devices. In this example, ESI 00:00:22:22:33:33:44:44:00:01 provides this multihoming for Access Switch 1.

Action

Verify the local interfaces that are part of the Ethernet segment, other distribution devices that are part of the same Ethernet segment, the bridge domains that are part of the Ethernet segment, and the designated forwarder for the Ethernet segment.

Meaning

Interface ae11.0 is part of this Ethernet segment. The virtual networks 101,102,201, 202, 301, and 302 are part of this Ethernet segment. The remote PE, or distribution device, participating in this Ethernet segment is 192.168.1.2. In this multihomed Ethernet segment, the remote distribution device Distribution 1 is the designated forwarder for BUM traffic. This means only Distribution 1 will forward BUM traffic into this Ethernet segment.

Core 1: Verifying BGP Sessions

Purpose

Verify the state of BGP sessions with the core devices and distribution devices.

Action

Verify that IBGP sessions are established with the loopbacks of the distribution devices.

Meaning

The IBGP sessions are established with the loopback interfaces of the distribution devices using MP-IBGP with EVPN signaling to form the overlay layer and enable the exchange of EVPN routes.

Core 2: Verifying BGP Sessions

Purpose

Verify the state of the BGP sessions with the distribution devices.

Action

Verify that IBGP sessions are established with the loopbacks of the distribution devices.

Meaning

The IBGP sessions are established with the loopbacks of the distribution devices using MP-IBGP with EVPN signaling to form the overlay layer and enable the exchange of EVPN routes.