EVPN-VXLAN with an IPv6 Underlay

SUMMARY This topic describes how to set up an IPv6 underlay for the VXLAN overlay tunneling in an EVPN-VXLAN fabric.

IPv6 Underlay Support in EVPN-VXLAN Fabrics

Ethernet VPNs (EVPNs) connect devices with Layer 2 virtual bridges. Virtual Extensible LANs (VXLANs) establish overlay tunnels that stretch the Layer 2 connections over a Layer 3 network. In EVPN-VXLAN network configurations, a leaf or spine device can function as a VXLAN gateway at Layer 2, Layer 3, or both layers. The underlay network for the VXLAN overlay can be an IPv4 or an IPv6 network. This topic describes using an IPv6 underlay instead of an IPv4 underlay.

Benefits of Using an IPv6 Underlay with a VXLAN Overlay
Platform Support
Overview
Underlay Routing Protocols with an IPv6 Underlay
EVPN-VXLAN Features Supported with an IPv6 Underlay
Limitations in IPv6 Underlay Support

Benefits of Using an IPv6 Underlay with a VXLAN Overlay

With an IPv6 underlay VXLAN tunnel configuration, you can take advantage of the expanded addressing capabilities and efficient packet processing that the IPv6 protocol offers.

Platform Support

For information on supported platforms and Junos releases, see Feature Explorer.

Overview

In EVPN-VXLAN installations, you configure a VXLAN overlay on Layer 2 or Layer 3 VXLAN gateway devices called virtual tunnel endpoints (VTEPs). The VXLAN overlay extends virtual tunnels between VTEPs over the underlying IP fabric. On supporting platforms, you can configure the IP underlay with IPv6 addressing to support the VXLAN overlay tunnels. For example:

Figure 1: EVPN-VXLAN Fabric with an IPv6 Underlay

When you use an IPv6 underlay, the VTEPs encapsulate VXLAN packets with an IPv6 outer header and tunnel the packets through an IPv6 underlay network.

Figure 2: IPv6 Underlay VXLAN Packet Encapsulation

IPv6 underlay configurations are similar to IPv4 underlay configurations, except you set the VTEP source addresses as IPv6 addresses. You also assign IPv6 addresses in the underlay and establish reachability using the IPv6 protocol.

Underlay Routing Protocols with an IPv6 Underlay

We've qualified an IPv6 underlay with the following routing protocols in the underlay configuration:

BGP—Internal BGP (iBGP) and external BGP (eBGP)
OSPFv3—Open Shortest Path First (OSPF) routing protocol for IPv6

EVPN-VXLAN Features Supported with an IPv6 Underlay

We support the following EVPN-VXLAN features with an IPv6 underlay:

EVPN Type 1, Type 2, Type 3, and Type 4 routes.

(QFX Series devices and ACX Series devices) EVPN Type 5 routes.

See EVPN Type 5 Route with VXLAN Encapsulation for EVPN-VXLAN for more about these EVPN route types.
(QFX Series switches only) Shared VTEP tunnels.

On QFX series switches, we support an EVPN-VXLAN IPv6 underlay only with MAC-VRF EVPN routing instances. The MAC-VRF implementation relies on the shared VTEP tunnels feature to avoid VTEP scaling issues on some devices. On the devices that require shared tunnels but don't have the feature enabled by default, when you configure an IPv6 underlay, you must enable the shared-tunnels option at the [edit forwarding-options evpn-vxlan] hierarchy level. See MAC-VRF Routing Instance Type Overview for more about MAC-VRF instances.

Note:
After you configure the shared-tunnels option, you must reboot the device for the setting to take effect.
(All devices) VLAN-aware bundle, VLAN-based, and VLAN bundle Ethernet service types.

(MX Series routers, additionally) Port-based service, a VLAN bundle service where all VLANs for a port are part of the same VLAN bundle.

See Understanding VLAN-Aware Bundle and VLAN-Based Service for EVPN and MAC-VRF Routing Instance Type Overview for more about MAC-VRF instances and these service types.
All-active multihoming.

See EVPN Multihoming Overview.
EVPN core isolation.

See Understanding When to Disable EVPN-VXLAN Core Isolation.
Bridged overlays.

See Bridged Overlay Design and Implementation.
IPv4 and IPv6 multicast.
Layer 3 gateway functions in ERB and CRB overlays with IPv4 or IPv6 traffic.
Underlay and overlay load balancing.

See Load Balancing VXLAN Traffic and Dynamic Load Balancing in an EVPN-VXLAN Network.
Layer 3 protocols over IRB interfaces—BFD, BGP, OSPF.

See Supported Protocols on an IRB Interface in EVPN-VXLAN.
(QFX5130-32CD, QFX5700, and ACX Series devices) EVPN Type 2 and type 5 route coexistence.
DCI—Over-the-top (OTT) full mesh DCI only.

See Over-the-Top Data Center Interconnect in an EVPN Network for details on the OTT DCI method.
EVPN proxy ARP and ARP suppression, as well as EVPN proxy NDP and NDP suppression.

See EVPN Proxy ARP and ARP Suppression, and Proxy NDP and NDP Suppression for more information on these features.

Limitations in IPv6 Underlay Support

Note the following limitations in IPv6 underlay support:

You can't mix IPv4 and IPv6 underlay configurations for the VXLAN overlays across the EVPN instances in the same fabric.
We don't support the Open vSwitch database (OVSDB) management protocol for IPv6 underlays.
(MX Series routers and EX9200 switches) We don't support EVPN Type 5 routes with an IPv6 underlay.
(QFX10002-60C switches) You can only use enterprise style interface configuration; we don't support service provider style interface configuration and Q-in-Q tunneling with IPv4 or IPv6 underlays on these switches.
(QFX Series and ACX devices) You must use MAC-VRF routing instances with EVPN protocol and VXLAN encapsulation. We don't support IPv6 underlays with other instance types such as evpn, evpn-vpws, virtual-switch or the default switching instance.
We don't support IPv6 underlays with:
- Optimized intersubnet multicast (OISM)
- DCI for EVPN-VXLAN in the data center to EVPN-VXLAN in a WAN using the gateway interconnection model.
- (QFX5130-32CD and QFX5700 switches) Port mirroring and analyzers.

Configure an IPv6 Underlay with EVPN-VXLAN

This section describes the key steps to configure the IP underlay for the VXLAN tunnels in an EVPN-VXLAN fabric to use the IPv6 protocol (instead of an IPv4 underlay). You can use an IPv6 underlay in many different EVPN-VXLAN configurations and use cases. See Example: Configure an IPv6 Underlay for Layer 2 VXLAN Gateway Leaf Devices for a simple example that uses OSPFv3 in the underlay and iBGP for the overlay connectivity.

Keep the following configuration options and requirements in mind:

You can configure your EVPN-VXLAN fabric with any of the underlay routing protocols that support IPv6 underlays. See Underlay Routing Protocols with an IPv6 Underlay.
QFX Series switches support IPv6 underlays only with MAC-VRF routing instances in EVPN-VXLAN fabrics. You must configure your EVPN instances with VXLAN encapsulation in all MAC-VRF routing instances. The routing instances mentioned in the steps here are always EVPN-VXLAN MAC-VRF instances. See MAC-VRF Routing Instance Type Overview for more about MAC-VRF instances.

To enable an IPv6 underlay for VXLAN tunneling, include these items in your EVPN-VXLAN fabric configuration:

Assign an IPv6 address to the loopback interface on the devices that serve as Layer 2 or Layer 3 VXLAN gateway VTEPs.
Configure the underlay and EVPN instance device connectivity for the overlay using any of the supported routing protocols with IPv6 addressing. (See Underlay Routing Protocols with an IPv6 Underlay.)
In the EVPN routing instance, configure the underlay VTEP source interface as the device's loopback IPv6 address. On ACX Series and QFX Series devices, for example:
The underlay uses the IPv6 address family. IPv6 protocols also need a 32-bit router ID to function properly. The router ID must be a 4 octet unsigned non zero integer that is unique in the routing domain. Configure the router ID using dotted quad notation. The IPv6-based overlay uses the IPv6 loopback address for the VTEP local address.
(QFX Series Broadcom-based switches in Junos OS Release 21.2R2 only) Enable the Broadcom VXLAN flexible flow feature. You don’t need this step in later releases, which have this option enabled in the default configuration on any affected Junos devices. After you set this option, you must reboot the device for the change to take effect.
(ACX Series devices) To enable an IPv6 underlay, you need to enable the vxlan-extended statement at the [edit system packet-forwarding-options system-profile] hierarchy.
For example:
After you enable this profile, the Packet Forwarding Engine restarts. Traffic might drop if any traffic is running.

On ACX devices, you can use this feature only with MAC-VRF routing instances (all service types). You must configure either an IPv4 or an IPv6 underlay across the EVPN instances in the fabric; you can’t mix IPv4 and IPv6 underlays in the same fabric.

To go back to using the default system profile, issue the delete system packet-forwarding-options system-profile vxlan-extended command. The PFE restarts after you revert to the default system profile. During this process, any traffic that's running might drop.

ON THIS PAGE