Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Edge-Routed Bridging Overlay Design and Implementation

 

A second overlay option for this reference design is the edge-routed bridging overlay, as shown in Figure 1.

Figure 1: Edge-Routed Bridging Overlay
Edge-Routed Bridging Overlay

The edge-routed bridging overlay performs routing at IRB interfaces located at the edge of the overlay (most often at the leaf devices). This allows for Ethernet bridging and IP routing to happen as close to the end systems as possible, but still support Ethernet dependent applications at the end system level.

This style of overlay was validated in this reference design using the QFX10000 line of switches and the QFX5110 switch as the leaf devices.

On the spine devices, configure EVPN in the default instance, apply a policy that imports global community routes, establish virtual routing and forwarding (VRF) instances to keep traffic segmented from different tenants, configure IP prefix route properties for EVPN Type 5 to advertise ARP routes to the leaf devices, and set up a default instance with the loopback interface as a VTEP source interface.

On the leaf devices, configure a leaf-to-end system aggregated Ethernet interface as a trunk to carry multiple VLANs, establish LACP and ESI functionality, map VLANs to VNIs, configure proxy-macip-advertisement. virtual gateways, and static MAC addresses on the IRB interfaces, configure EVPN/VXLAN in the default instance, enable VRF routing instances and IP prefix route properties for EVPN Type 5, and configure a default instance with the loopback interface as a VTEP source interface.

For an overview of edge-routed bridging overlays, see the Edge-Routed Bridging Overlay section in Data Center Fabric Blueprint Architecture Components.

The following sections show the steps of how to configure and verify the edge-routed bridging overlay:

Configuring an Edge-Routed Bridging Overlay on a Spine Device

To enable the edge-routed bridging overlay on a spine device, perform the following:

Note

The following example shows the configuration for Spine 1, as shown in Figure 2.

Figure 2: Edge-Routed Bridging Overlay – Spine Devices
Edge-Routed Bridging Overlay – Spine
Devices
  1. Ensure the IP fabric underlay is in place. To see the steps required to configure an IP fabric on a spine device, see IP Fabric Underlay Network Design and Implementation.
  2. Confirm that your IBGP overlay is up and running. To configure an IBGP overlay on your spine device, see Configuring IBGP for the Overlay.
  3. Configure the loopback interface as a VTEP source interface within the default instance.

    Spine 1:

  4. Configure EVPN in the default instance. This example shows the configuration for Spine 1.

    Spine 1:

  5. Configure VRF routing instances to accept traffic from the leaf devices and the tenant end systems. One VRF routing instance accepts target:62273:50000 (containing VNIs 50000 and 60000), while the second accepts target:62273:60000 (containing VNIs 70000 and 80000). Additionally, configure IP prefix route properties for EVPN Type 5 to advertise ARP routes to the leaf devices.Note

    These VRF routing instances can be used for north-south traffic flow and will be explained in a future version of this guide.

    Spine 1:

Verifying the Edge-Routed Bridging Overlay on a Spine Device

To verify the edge-routed bridging overlay on a spine device, perform the following:

  1. Verify that ARP routes learned by the leaf devices appear in the spine device VRF routing instance table.
    user@spine-1> show route table VRF_3
  2. Verify that end system routes appear in the EVPN database.
    user@spine-1> show evpn ip-prefix-database l3-context VRF_3

Configuring an Edge-Routed Bridging Overlay on a Leaf Device

To enable the edge-routed bridging overlay on a leaf device, perform the following:

Note

The following example shows the configuration for Leaf 10, as shown in Figure 3.

Figure 3: Edge-Routed Bridging Overlay – Leaf Devices
Edge-Routed Bridging Overlay – Leaf
Devices
  1. Ensure the IP fabric underlay is in place. To see the steps required to configure an IP fabric on a leaf device, see IP Fabric Underlay Network Design and Implementation.
  2. Confirm that your IBGP overlay is up and running. To configure an IBGP overlay on your leaf device, see Configuring IBGP for the Overlay.
  3. Configure the loopback interface as a VTEP source interface within the default instance.

    Leaf 10:

  4. Configure the leaf-to-end system aggregated Ethernet interface as a trunk carrying four VLANs. Include the appropriate ESI and LACP values for your topology. This example shows the configuration for Leaf 10 (QFX10002 switch).

    Leaf 10:

  5. Configure the mapping of VLANs to VNIs and associate one IRB interface per VLAN.

    Leaf 10:

  6. Configure the IRB interfaces for VNIs 50000 and 60000 with both IPv4 and IPv6 dual stack addresses for both the IRB IP address and virtual gateway IP address.

    There are three ways to configure gateways for IRB interfaces; we are showing two of them as follows:

    • Unique IRB IP Address with Virtual Gateway IP Address (shown in step 6).

    • IRB with Anycast IP Address and MAC Address (shown in step 7).

    Leaf 10:

  7. Configure the IRB interfaces for VNIs 70000 and 80000 with a dual stack Anycast IP address.

    Leaf 10:

    For more information about IRB and virtual gateway IP address configuration, see the IRB Addressing Models in Bridging Overlays section of the

    https://uat.juniper.net/documentation/test/en_US/release-independent/solutions/topics/concept/solution-cloud-data-center-components.html#irb-addressing-overlays

  8. Configure EVPN VXLAN on the leaf device in the default instance.

    Leaf 10:

  9. Configure a policy called EXPORT_HOST_ROUTES to match on /32 and /128 host routes and accept them. You will use this policy in the next step.
  10. Configure the loopback interface with two logical interfaces. (You will assign one logical interface to each VRF routing instance in the next step).
  11. Configure two tenant VRF routing instances, one for VNIs 50000 and 60000 (VRF 3), and one for VNIs 70000 and 80000 (VRF 4). Assign one logical interface from the loopback to each routing instance so that the VXLAN gateway can resolve ARP requests. Additionally, configure IP prefix route properties for EVPN type-5 to advertise ARP routes to the spine devices.

    Leaf 10:

  12. If you are configuring a QFX5110 switch, you must perform this step to support pure EVPN Type 5 routes on ingress EVPN traffic.
    Note

    Entering the overlay-ecmp statement causes the Packet Forwarding Engine to restart, which interrupts forwarding operations. We recommend using this configuration statement before the EVPN-VXLAN network becomes operational.

  13. If you are configuring a QFX5110 switch, and you expect that there will be more than 8000 ARP table entries and IPv6 neighbor entries, perform this step.

    Configure the maximum number of next hops reserved for use in the EVPN-VXLAN overlay network. By default, the switch allocates 8000 next hops for use in the overlay network. See next-hop for more details.

    Note

    Changing the number of next hops causes the Packet Forwarding Engine to restart, which interrupts forwarding operations. We recommend using this configuration statement before the EVPN-VXLAN network becomes operational.

Verifying the Edge-Routed Bridging Overlay on a Leaf Device

To verify that the edge-routed bridging overlay is working, perform the following:

  1. Verify that the aggregated Ethernet interface is operational.
    user@leaf-10> show interfaces terse ae11
  2. Verify the VLAN information (associated ESIs, VTEPs, etc.).
    user@leaf-10> show vlans

    Note: esi.7585 is the ESI of the remote aggregated Ethernet link for Leaf 4, Leaf 5, and Leaf 6.

    user@leaf-10> show ethernet-switching vxlan-tunnel-end-point esi | find esi.7585

    Note: esi.7587 is the ESI for all leaf devices that have the same VNI number (Leaf 4, Leaf 5, Leaf 6, Leaf 11, and Leaf 12).

    user@leaf-10> show ethernet-switching vxlan-tunnel-end-point esi | find esi.7587

    Note: esi.8133 is the ESI for the local aggregated Ethernet interface shared with Leaf 11 and Leaf 12.

    user@leaf-10> show ethernet-switching vxlan-tunnel-end-point esi | find esi.8133
  3. Verify the ARP table.

    Note: 10.1.4.201 and 10.1.5.201 are remote end systems connected to the QFX5110 switches; and 10.1.4.202 and 10.1.5.202 are local end systems connected to Leaf 10 through interface ae11.

    user@leaf-10> show arp no-resolve vpn VRF_3
    user@leaf-10> show arp no-resolve vpn VRF_4
    user@leaf-10> show ipv6 neighbors
  4. Verify the MAC addresses and ARP information in the EVPN database.
    user@leaf-10> show evpn database mac-address 02:0c:10:04:02:01 extensive
    user@leaf-10> show evpn database mac-address 02:0c:10:04:02:02 extensive
  5. Verify the IPv4 and IPv6 end system routes appear in the forwarding table.
    user@leaf-10> show route forwarding-table table VRF_1 destination 10.1.4.202 extensive
    user@leaf-10> show route forwarding-table table VRF_1 destination 2001:db8::10:1:4:202 extensive

Edge-Routed Bridging Overlay — Release History

Table 1 provides a history of all of the features in this section and their support within this reference design.

Table 1: Edge-Routed Bridging Overlay in the Cloud Data Center Reference Design– Release History

Release

Description

17.3R1-S1

Edge-routed bridging overlays are supported on QFX10002 switches running Junos 17.3R1-S1.

18.1R3-S5

Edge-routed bridging overlays are supported on QFX5110 switches running junos OS Release 18.1R3-S5