Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Data Center Gateway

You can configure a QFX series device and an MX series router as a Data Center Gateway (DC-GW). DC-GW is an overlay role that is assigned to a QFX series switch or an MX series router to:

  • Extend private network

  • Extend public routable network

You can extend private network and extend public routable network with EVPN Type 5.

For more information on supported QFX series and MX series devices, see Contrail Networking Supported Hardware Platforms and Associated Roles And Node Profiles.

Configuring QFX Series Devices as Data Center Gateway

You can configure a QFX series device as a DC-GW. For more information on supported QFX series devices, see Contrail Networking Supported Hardware Platforms and Associated Roles And Node Profiles.

As an example, follow these steps to configure a QFX10000 device as a DC-GW.

Onboard Brownfield Devices

Follow the steps provided in the Onboard Brownfield Devices topic to onboard fabric devices and assign roles to devices.

See Table 1 for an example configuration of how you can assign roles to a device.

Table 1: Assign Roles to Devices

Device

Physical Role

Routing-Bridging Role

Spine devices

QFX10000

spine

CRB-Gateway, Route-Reflector, CRB-MCAST-Gateway, DC-Gateway

Leaf devices

leaf

CRB-Access

Ensure that you assign the DC-Gateway role to the QFX10000 device as shown in Table 1.

Add Bare Metal Server

Follow these steps to add an existing bare metal server (BMS) by using the Contrail Command UI:

  1. Click Workloads>Instances.

    The Instances page is displayed.

  2. Click Create to create a new instance.

    The Create Instance page is displayed.

  3. Select Existing Baremetal Server as the Server Type.
  4. Enter the following information in the Create Existing Baremetal Server pane:
    Table 2: Add Existing Bare Metal Server Information

    Field

    Action

    Instance Name

    Displays the name of the BMS instance.

    Baremetal Node

    Select a bare metal node.

    Interface

    Select an interface from the list.

    IP Address

    Enter IP address of the instance.

    Virtual Network

    Select a virtual network from the list.

    VLAN ID

    Enter VLAN ID.

    Select Security Groups

    Select default security group from the list.

    Port Profile

    Select a port profile from the list.

    Native/Untagged

    Select this check box to receive untagged packets without native VLAN ID.

    Figure 1: Existing Bare Metal ServerExisting Bare Metal Server
  5. Click Create to confirm.

Create Tenant Virtual Network

A virtual network is a collection of endpoints, such as virtual machine instances, that can communicate with each other. You can also connect virtual networks to your on-premises network. A virtual network in a EVPN VXLAN data center corresponds to a bridge domain for one tenant in a multi-tenant data center fabric.

Follow these steps to create a tenant virtual network from the Contrail Command user interface (UI).

  1. Navigate to Overlay>Virtual Networks.

    The All Networks page is displayed.

  2. Click Create to create a network.

    The Create Virtual Network page is displayed.

  3. Enter a name for the network in the Name field.
  4. Select VN Fabric Type.

    Select Routed to enable routed virtual network functionality. A routed virtual network represents a layer 3 subnet between the fabric (border gateway) and the third-party physical network device. For more information, see Using Static, eBGP, PIM, and OSPF Protocols to Connect to Third-Party Network Devices.

    Select Switched (default option) for tenant virtual network on leaf, bare metal server, or vRouter.

  5. Select network policies from the Network Policies list. You can select more than one network policy.

    Network policies provide connectivity between virtual networks by allowing or denying specified traffic. They define the access control lists to virtual networks. To create a new network policy, navigate to Overlay>Network Policies.

    For more information on creating network policies, see Create Network Policy.

    Note:

    You can attach a network policy to the virtual network after you have created the virtual network.

  6. Select any one of the following preferred allocation mode.
    • Flat subnet only

    • Flat subnet preferred

    • (Default) User defined subnet only

    • User defined subnet preferred

    An allocation mode indicates how you choose a subnet. You select Flat subnet only or Flat subnet preferred allocation mode when the subnet is shared by multiple virtual networks. However, you select (Default) User defined subnet only or User defined subnet preferred allocation mode when you want to define a subnet range.

  7. Enter subnet information as given in Table 3.
    Table 3: Subnet Information

    Field

    Action

    Network IPAM

    Select the IP address management method that controls IP address allocation, DNS, and DHCP for the subnet.

    CIDR

    Enter the overlay subnet CIDR.

    Allocation Pools

    Enter a list of ranges of IP addresses for vRouter-specific allocation.

    Gateway

    Enter the gateway IP address of the overlay subnet. This field is disabled by default. To configure this field, uncheck Auto Gateway.

    Service Address

    Specify the user configured IP address for DNS Service instead of the default system allocated one.

    Auto Gateway

    This check box is enabled by default and gateway address is allocated by the system. When this box is unchecked, gateway address is user configurable.

    DHCP

    Select this check box if you want Contrail to provide DHCP service.

    DNS

    Select this check box if you want the vRouter agent to provide DNS service.

  8. Enter host route information.

    Host routes are a list of prefixes and next hops that are passed to the virtual machine through DHCP.

    1. Route Prefix—Enter a full CIDR value with an IP address and a subnet mask. For example, 10.0.0.0/24.

    2. Next Hop—Enter next hop address.

  9. Enter floating IP pool information.

    A floating IP address is an IP address (typically public) that can be dynamically assigned to a running virtual instance. You can configure floating IP address pools in project networks, then allocate floating IP addresses from the pool to virtual machine instances in other virtual networks.

    1. Pool Name—Enter pool name.

    2. Projects—Select project from the list.

  10. Enter fat flows information. See Table 4.

    You can apply fat flows to all VMIs under the configured VN. Fat flows help reduce the number of flows that are handled by Contrail.

    Table 4: Configure Fat Flow

    Field

    Action

    Protocol

    Select the application protocol.

    Port

    Enter a value between 0 through 65,535. Enter 0 to ignore both source and destination port numbers.

    Note:

    If you select ICMP as the protocol, the Port field is not enabled.

    Ignore Address

    Configure fat flows to support aggregation of multiple flows into a single flow by ignoring source and destination ports or IP addresses. If you select Destination, only the Prefix Aggregation Source fields are enabled. If you select Source, only the Prefix Aggregation Destination fields are enabled. If you select the None (selected by default), both Prefix Aggregation Source and Prefix Aggregation Destination fields are enabled.

    Prefix Aggregation Source

    Source Subnet

    Enter the source IP address.

    Ensure that the source subnet of the flows match. For example, enter 10.1.0.0/24 to create fat flows with 10.1.0.0/24 as the subnet. The valid subnet mask range is /8 through /32.

    Note:

    For packets from the local virtual machine, source refers to the source IP of the packet. For packets from the physical interface, source refers to the destination IP of the packet.

    Prefix

    Enter source subnet prefix length.

    The prefix length you enter is used to aggregate flows matching the source subnet. For example, when the source subnet is 10.1.0.0/16 and prefix length is 24, the flows matching the source subnet is aggregated to 10.1.x.0/24 flows. The valid the prefix length range is /(subnet mask of the source subnet) through /32.

    Prefix Aggregation Destination

    Destination Subnet

    Enter the destination IP address.

    Ensure that the destination subnet of the flows match. Enter 10.1.0.0/24 to create fat flows with 10.1.0.0/24 as the subnet. The valid subnet mask range is /8 through /32.

    Note:

    For packets from the local virtual machine, destination refers to the destination IP of the packet. For packets from the physical interface, destination refers to the source IP of the packet.

    Prefix

    Enter the destination subnet prefix length.

    The prefix length you enter is used to aggregate flows matching the destination subnet. For example, when the source subnet is 10.1.0.0/16 and prefix length is 24, the flows matching the source subnet is aggregated to 10.1.x.0/24 flows. The valid prefix length range is /(subnet mask of the destination subnet) through /32.

  11. Enter routing policy and bridge domain information as given below.
    1. Select routing policy from the Routing Policies list.

      To create a routing policy, navigate to Overlay>Routing>Routing Policy.

    2. Define a list of route target prefixes.

      Enter an IP address in the ASN field and Target in the range 0 through 65,535, or ASN in the range 1 through 65,535 and Target in the range 1 through 4,294,967,295 if 4-byte ASN is disabled. If 4-byte ASN is enabled, enter ASN in the range 1 through 4,294,967,295 and Target in the range 0 through 65,535.

    3. Define export route targets.

      You can advertise the matched routes from the local virtual routing and forwarding (VRF) table to the MPLS routing table.

      Enter an IP address in the ASN field and Target in the range 0 through 65,535, or ASN in the range 1 through 65,535 and Target in the range 1 through 4,294,967,295 if 4-byte ASN is disabled. If 4-byte ASN is enabled, enter ASN in the range 1 through 4,294,967,295 and Target in the range 0 through 65,535.

    4. Define import route targets.

      Import the matched routes from the MPLS routing table and to the local virtual routing and forwarding (VRF) table.

      Enter an IP address in the ASN field and Target in the range 0 through 65,535, or ASN in the range 1 through 65,535 and Target in the range 1 through 4,294,967,295 if 4-byte ASN is disabled. If 4-byte ASN is enabled, enter ASN in the range 1 through 4,294,967,295 and Target in the range 0 through 65,535.

    5. Enter bridge domain information. See Table 5.

      A bridge domain is a set of logical interfaces that share the same flooding or broadcast characteristics.

      Table 5: Bridge Domains

      Field

      Action

      Name

      Enter a name for the Layer 2 or Layer 3 bridge domain.

      I-SID

      Enter a Service Identifier in the range from 1 through 16777215.

      MAC Learning

      Enable or disable MAC learning.

      MAC learning is the process of obtaining the MAC addresses of all the nodes in a virtual network. It is enabled by default.

      MAC Limit

      Configure the maximum number of MAC addresses that can be learned.

      MAC Move Limit

      Configure the maximum number of times a MAC address move occurs in the MAC move time window.

      A MAC move is when a MAC address appears on a different physical interface or within a different unit of the same physical interface.

      Time Window (secs)

      Configure the period of time over which the MAC address move occurs.

      The default period is 10 seconds.

      Aging Time (secs)

      Configure the MAC table aging time, the maximum time that an entry can remain in the Ethernet Switching table before it is removed.

      The default time period is 300 seconds.

  12. Enter advanced configuration information as given in Table 6.
    Table 6: Advanced Configuration

    Field

    Action

    Admin State

    Select the administrative state of the virtual network.

    Reverse Path Forwarding

    Enable or disable Reverse Path Forwarding (RPF) check for the virtual network.

    Shared

    Select to share the virtual network with all tenants.

    External

    Select the check box to make the virtual networks reachable externally.

    Allow Transit

    Select to enable the transitive property for route imports.

    Mirroring

    Select to mark the virtual network as a mirror destination network.

    Flood Unknown Unicast

    Select to flood the network with packets with unknown unicast MAC address.

    By default, the packets are dropped.

    Multiple Service Chains

    Select to allow multiple service chains within two networks in a cluster.

    IP Fabric Forwarding

    Select to enable fabric based forwarding.

    Forwarding Mode

    Select the packet forwarding mode for the virtual network.

    Extend to Physical Router(s)

    Select the physical router to which you want to extend the logical router.

    The physical router provides routing capability to the logical router.

    Static Route(s)

    Select the static routes to be added to this virtual network.

    QoS

    Select the QoS to be used for this forwarding class.

    Security Logging Object(s)

    Select the security logging object configuration for specifying session logging criteria.

    ECMP Hashing Fields

    Configure one or more ECMP hashing fields.

    When configured all traffic destined to that VN will be subject to the customized hash field selection during forwarding over ECMP paths by vRouters.

    PBB Encapsulation

    Select to enable Provider Backbone Bridging (PBB) EVPN tunneling on the network.

    PBB ETree

    Select to enable PBB ETREE mode on the virtual network which allows L2 communication between two end points connected to the vRouters.

    When the check box is deselected, end point communication happens through an L3 gateway provisioned in the remote PE site.

    Layer2 Control Word

    Select to enable adding control word to the Layer 2 encapsulation.

    SNAT

    Select to provide connectivity to the underlay network by port mapping.

    MAC Learning

    Enable or disable MAC learning.

    MAC learning is the process of obtaining the MAC addresses of all the nodes in a virtual network. It is enabled by default.

    Provider Network

    Select the provider network.

    The provider network specifies VLAN tag and the physical network name.

    IGMP enable

    Enable or disable IGMP.

    Multicast Policies

    Select the multicast policies.

    To create a policy, navigate to Overlay>Multicast Policies.

    Max Flows

    Enter the maximum number of flows permitted on each virtual machine interface of the virtual network.

  13. Click Create.

    The All Networks page is displayed. The virtual network that you created is displayed on this page.

Add CSN Nodes

Follow these steps to add CSN Nodes to the fabric by using the Contrail Command UI:

Navigate to the EVPN fabric you provisioned.

  1. Click the fabric name, and then click the fabric device.

    The Fabric Device page is displayed.

  2. Enter the following information:
    Table 7: Add CSN Node to Fabric Device Information

    Field

    Action

    Management IP

    Enter management IP address.

    VTEP Address

    Enter VTEP address.

    Loopback IP

    Enter loopback IP address.

    BGP Router

    Select BGP router from the list.

    Virtual Router Type

    Select virtual router type from the list.

    Existing CSN

    Select existing CSN from the list.

  3. Click Save to confirm changes to the fabric.

Create Logical Routers

A logical router replicates the functions of a physical router. It connects multiple virtual networks. A logical router performs a set of tasks that can be handled by a physical router, and contains multiple routing instances and routing tables.

Follow these steps to create a logical router (LR).

  1. Click Overlay>Logical Routers.

    The Logical Routers page is displayed.

  2. Click Create.

    The Create Logical Router page is displayed.

  3. Enter the following information.

    Field

    Action

    Name

    Enter a name for the Logical Router.

    Admin State

    Select the administrative state that you want the device to be in when the router is activated.

    Up is selected by default.

    Extend to Physical Router

    Select the physical router(s) to which you want to extend virtual networks or routed virtual networks to, from the Extend to Physical Router list.

    A physical router provides routing capability to the logical router.

    Logical Router Type

    Select SNAT Routing or VXLAN Routing from the list.

    Connected Networks

    Select the networks that you want to connect this logical router to.

    Public Logical Router

    (Optional) Select this check box if you want the logical router to function as a public logical router.

    VxLAN Network Identifier

    Enter VXLAN network identifier in the range from 1 through 16,777,215.

    This field is disabled by default.

    Route Target(s)

    Click +Add to add route targets.

    Enter Autonomous System (AS) number in the ASN field.

    • Enter ASN in the range of 1-4,294,967,295, when 4 Byte ASN is enabled in Global Config.

    • Enter ASN in the range of 1-65,535, when 4 Byte ASN is disabled.

    • You can also add suffix L or l (lower-case L) at the end of a value in the ASN field to assign an AS number in 4-byte range. Even if the value provided in the ASN field is in the range of 1-65,535, adding L or l (lower-case L) at the end of the value assigns the AS number in 4-byte range. If you assign the ASN field a value in the 4-byte range, you must enter a value in the range of 0-65,535 in the Target field.

    Enter route target in the Target field.

    • Enter route target in the range of 0-65,535, when 4 Byte ASN is enabled and ASN field is assigned a 4-byte value.

    • Enter route target in the range of 0-4,294,967,295, when the ASN field is assigned a 2-byte value.

  4. Click Create to create the logical router.

    The Logical Routers page is displayed.

  5. Repeat Step 3 and Step 4 to create another logical router.
Note:

The router_interface object (Virtual Port) is created as part of the LR creation. While planning the Virtual Network IP address scheme, you must be aware that an extra one IP address is required for the router_interface object which gets created automatically.

Verification

EVPN type 5 configuration is pushed to QFX10000 switch as a DC-GW.

Figure 2: EVPN Type 5 ConfigurationEVPN Type 5 Configuration

Configuring MX Series Routers as Data Center Gateway

You can configure an MX series router as a DC-GW. You must ensure that you assign the DC-Gateway routing-bridging role to the MX series router during device onboarding. For more information on supported MX series routers, see Contrail Networking Supported Hardware Platforms and Associated Roles And Node Profiles.

Follow these steps to configure an MX series router as a DC-GW.

Onboard Brownfield Devices

Follow the steps provided in the Onboard Brownfield Devices topic to onboard fabric devices and assign roles to devices.

Ensure that you also assign DC-Gateway routing-bridging role to the MX series router (spine device) while assigning device roles.

Create Virtual Network

After you have onboarded fabric devices and assigned roles to devices, you create a virtual network and extend it to the MX series router.

Follow these steps to create a virtual network and extend it to MX series router.

  1. Navigate to Overlay>Virtual Networks and click Create.

    The Create Virtual Network page is displayed.

  2. Enter a name for the network in the Name field.
  3. Select VN Fabric Type.

    Select Routed to enable routed virtual network functionality. A routed virtual network represents a layer 3 subnet between the fabric (border gateway) and the third-party physical network device. For more information, see Using Static, eBGP, PIM, and OSPF Protocols to Connect to Third-Party Network Devices.

    Select Switched (default option) for tenant virtual network on leaf, bare metal server, or vRouter.

  4. Enter subnet information as given in Table 8.
    Table 8: Subnet Information

    Field

    Action

    Network IPAM

    Select the IP address management method that controls IP address allocation, DNS, and DHCP for the subnet.

    CIDR

    Enter the overlay subnet CIDR.

  5. Click Advanced to view the advance configuration section.
  6. Select the External check box to make the virtual network reachable externally.
  7. Select the MX series router from the Extend to Physical Router(s) list.
  8. Click Create to save configuration.

    The MX series router is now configured as a DC-GW.

After you configure an MX series router as a DC-GW, you can enable DNAT. For more information on enabling DNAT in a DC-GW, see Destination Network Address Translation for Bare Metal Servers.