Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Example: Interconnecting EVPN-VXLAN Data Center Networks Through a WAN Running EVPN-based MPLS

This example shows how to interconnect EVPN-VXLAN data center networks through a WAN running EVPN-MPLS to leverage the benefits of EVPN as a Data Center Interconnect (DCI) solution.

Requirements

This example uses the following hardware and software components:

  • Four Juniper Networks MX Series routers to be configured as data center gateways and WAN edge routers.

  • Four Juniper Networks MX Series routers to be configured as top-of-rack (ToR) routers.

  • Six customer edge (CE) devices.

  • Six host devices connected to each CE device that has the capability to configure multiple VLANs.

  • One provider (P) router part of the EVPN-MPLS WAN network.

  • Junos OS Release 17.2 or later.

Overview

You can interconnect different data center networks running Ethernet VPN (EVPN) with Virtual extensible LAN (VXLAN) encapsulation through a WAN running MPLS-based EVPN using the logical tunnel (lt-) interface.

Figure 1 illustrates the interconnection of data center networks running EVPN with VXLAN encapsulation through a WAN running MPLS-based EVPN. For the purposes of this example, the MX Series routers acting as data center gateways and as WAN edge routers are named MX11, MX12, MX21, and MX22. The MX Series routers acting as top-of-rack (ToR) routers are named ToR11, ToR12, ToR21, and ToR22. The customer edge (CE) devices connected to the data center network 1 (DC1) are named CE1, CE2, and CE3. The customer edge (CE) devices connected to the data center network 2 (DC2) are named CE4, CE5, and CE6. The host devices connected to each CE device should be able to configure multiple host VLANs. The WAN provider router is named P.

Note:

CE devices are part of the logical system of ToR devices.

Figure 1: EVPN-VXLAN Data Center Interconnect Through WAN Running EVPN-MPLS EVPN-VXLAN Data Center Interconnect Through WAN Running EVPN-MPLS

For the MX Series routers acting as data center gateways and WAN edge routers, configure the following information:

  • IRB interfaces, virtual gateway addresses, and loopback logical interfaces.

  • External BGP (EBGP) underlay connectivity between gateway and ToR routers, EVPN as the signaling protocol.

  • Routing policies to allow specific routes into the virtual-switch tables.

  • Routing instances (Layer 3 VRFs) for each virtual network, including a unique route-distinguisher, and a vrf-target value.

  • Virtual-switch instances (Layer 2 MAC-VRFs) for each virtual network, the VTEP source interface (always lo0.0), route distinguisher, and vrf-import policy.

  • EVPN protocol, encapsulation method, VNI list, and BUM traffic forwarding method for each virtual switch.

  • Bridge domain within each virtual switch that maps VNIDs to VLAN IDs, an IRB (Layer 3) interface, and the BUM forwarding method.

For the MX Series routers acting as top-of-rack (ToR) routers, configure the following information:

  • Host facing interfaces with VLANs, VLAN IDs, and loopback logical interfaces.

  • Link Aggregation Control Protocol (LACP)-enabled link aggregation group (LAG), Ethernet Segment ID (ESI), and all-active mode.

  • Multiprotocol external BGP (MP-EBGP) overlays between ToR and gateway routers using EVPN as the signaling protocol.

  • EVPN with VXLAN as the encapsulation method, extended-vni-list, multicast mode, and route targets for each VNI.

  • Vrf import policy, vtep-source-interface, route-distinguisher, and vrf import and target information.

  • VLANs, with VLAN IDs mapped to globally significant VNIs.

Note:

You can set the virtual gateway address as the default IPv4 or IPv6 gateway address for end hosts (virtual machines or servers).

Configuration

Configuring ToR11

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

Configure the MX router as ToR11:

Note: Follow similar steps for ToR12, ToR21, and ToR22. Refer to Figure 1 for interface name, IP address, and connectivity.

  1. Set the system hostname.

  2. Set the number of aggregated Ethernet interfaces.

  3. Configure the interfaces on the ToR11 device to connect to the MX12, CE-2, CE-1, ToR12, and MX11 devices to enable underlay connectivity.

  4. Configure a Link Aggregation Control Protocol (LACP)-enabled link aggregation group (LAG) interface towards the CE-1 end host device. The ESI value is globally unique across the entire EVPN domain. The all-active configuration enables ToR11 and ToR12 to forward traffic to, and from the CE devices, such that all CE links are actively used.

  5. Configure the loopback interface address and routing options.

  6. Apply the load balancing policy to the forwarding table.

  7. Configure routing policy to accept the direct loopback address route.

  8. Configure the NO-EXPORT community.

  9. Configure the load balancing and TEST policies.

  10. Configure EVPN routing instances for each virtual network. Define the VTEP source interface, route distinguisher (used to identify and advertise EVPN routes), and vrf-target (exports and tags all routes for that local VRF using the defined route target). Configure the EVPN protocol, encapsulation method, VNI list, and BUM traffic forwarding method. Finally, configure a bridge domain for each virtual router that maps VNIDs to VLAN IDs, and identify the BUM forwarding method.

Configuring Data Center Gateway and WAN Edge 1 Router (MX11)

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

Configure an MX Series router as the data center gateway and WAN edge router and name it as MX11:

Note: Follow similar steps for MX12, MX21, and MX22. Refer to Figure 1 for interface name, IP address, and connectivity.

  1. Set the system hostname.

  2. Configure the interfaces on the MX11 router (DC GW/WAN Edge1) to enable the underlay connectivity to the MX12, ToR11, ToR12, and P devices, which is the EVPN-VXLAN part of DC1 network.

  3. Configure external BGP (EBGP) underlay connectivity between the gateway routers (MX11 and MX12) and ToR (ToR11 and ToR12).

  4. Configure a multiprotocol external BGP (MP-EBGP) overlay connectivity between the gateway routers (MX11 and MX12) and ToR (ToR11 and ToR12) and set EVPN as the signaling protocol.

  5. Configure integrated routing and bridging (IRB) interfaces that advertise the MAC and IP routes (MAC+IP type 2 routes) for hosts in the topology. The IRB configuration is the gateway for the VLANs on the hosts.

    Step-by-Step Procedure

    1. The following is the IRB gateway configuration for the VLAN-1 on MX11 (which is the host part of VLAN-1):

    2. The following is the IRB gateway configuration for the VLAN-2 on MX11 (which is the host part of VLAN-2):

    3. The following is the IRB gateway configuration for the VLAN-3 on MX11 (which is the host part of VLAN-3):

    4. The following is the IRB gateway configuration for the VLAN-4 on MX11 (which is the host part of VLAN-4):

    5. The following is the IRB gateway configuration for the VLAN-5 on MX11 (which is the host part of VLAN-5):

  6. Configure routing policy to accept the direct loopback address route.

  7. Configure the NO-EXPORT community.

  8. Configure the load balancing and TEST policies.

  9. Configure an ESI value on the logical tunnel interface. Use the same ESI value on all other gateway/WAN edge routers in the DC1 network.

  10. Configure active-active multihoming on the logical tunnel interface by including the all-active statement.

  11. Configure a pair of logical tunnel (lt-) interfaces on the MX11 gateway router to interconnect the EVPN-VXLAN instance of the data center network with the MPLS-based EVPN instance of the WAN. One logical tunnel (lt-) interface is configured as the access interface for EVPN-VXLAN and the other logical tunnel (lt-) interface is configured as the access interface for MPLS-based EVPN.

  12. Configure the loopback interface address and routing options.

  13. Apply the load balancing policy to the forwarding table.

  14. Enable MPLS, BGP, and OSPF protocols on the core interfaces. Create MPLS LSPs and specify the address of the other gateway and WAN edge routers (MX12, P, MX21, MX22).

  15. Configure EVPN-based MPLS routing instances on the MX11 router for each virtual network. Define the route distinguisher (used to identify and advertise EVPN-MPLS routes) and vrf-target (exports and tags all routes for that local VRF using the defined route target). Configure a bridge domain for each virtual router that maps VLAN IDs.

  16. Configure EVPN-VXLAN routing instances on the MX11 router for each virtual network. Define the VTEP source interface, route distinguisher (used to identify and advertise EVPN routes), and vrf-target (exports and tags all routes for that local VRF using the defined route target). Configure the EVPN protocol, encapsulation method, VNI list, and BUM traffic forwarding method. Finally, configure a bridge domain for each virtual router that maps VNIDs to VLAN IDs, and identify the BUM forwarding method.

Configuring WAN Router (P)

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

Configure an MX Series router as the WAN edge router and name it as P:

  1. Set the system hostname.

  2. Configure the interfaces on the P router (WAN) to interconnect different data center networks running Ethernet VPN (EVPN) with Virtual extensible LAN (VXLAN) encapsulation through a WAN running MPLS-based EVPN.

  3. Configure the community.

  4. Configure policies.

  5. Configure the loopback interface address and routing options.

  6. Enable MPLS, BGP, and OSPF protocols on the core interfaces. Create MPLS LSPs between P and other gateway and WAN edge routers (MX11, MX12, P, MX22).

Configuring CE1

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

Configure the MX router CE1:

Note: Follow similar steps for CE2, CE3, CE4, CE5, and CE6. Refer to Figure 1 for interface name, IP address, and connectivity.

  1. Set the system hostname.

  2. Configure the interfaces on the CE1 device to connect to the host and TOR12. Enables forwarding traffic between host and TOR12.

  3. Define bridge domains and associate it with a VLAN ID.

Verification

After you configure both the underlay and EVPN overlay we recommend that you verify that the configurations work as you intended.

Verify EVPN-VXLAN and EVPN-MPLS EVI stitching using Logical Tunnel interface

Purpose

Confirm the EVPN-VXLAN and EVPN-MPLS EVPN instances (EVIs) are configured for stitching using logical tunnel interfaces.

Action

On any gateway device, issue the show routing-instances evpn-vxlan-instance and the show routing-instances evpn-mpls-instance commands to see the logical tunnel interfaces assigned to the respective EVIs. Issue the show interfaces lt-interface command to verify the EVIs are stitched using the assigned LT interface.

Note: The output is truncated for brevity

Meaning

The EVPN-VXLAN-1 and the EVPN-MPLS-1 EVIs are stitched using lt-5/1/0 interface.

Verify flooding in bridge domains

Purpose

Verify bridge domain flood information for both EVPN-MPLS and EVPN-VXLAN instances any gateway device.

Action

On any gateway device (MX11), issue the show bridge flood extensive instance instance-name command.

Note: The output is truncated for brevity

Meaning

The output shows that EVPN-MPLS-1 is actively participating in BUM traffic flooding for the associated bridge domains. It uses composite next-hop groups to flood traffic to other gateway devices in the MPLS core, which is MX12 (192.0.2.22), MX21 (198.51.100.21), and MX22 (198.51.100.22). Meanwhile, the EVPN-MPLS instance EVPN-MPLS-1 has bridge domains configured for EVPN extension with active endpoints to neighboring gateway devices.

Verify MAC learning

Purpose

Verify the MAC learning between gateway devices.

Action

On any leaf device (TOR11), issue the show evpn database instance routing-instance-name l2-domain-id 1 command to verify the learned MAC addresses.

Meaning

The host MAC/IP binding is learned from a remote VTEP (192.0.2.21 which is MX11), showing active host participation in the EVPN fabric.

Verify MAC Address Forwarding Table

Purpose

Verify MAC learning and flooding behavior in the bridging environment.

Action

On any gateway device, issue the show bridge mac-table mac-address instance evpn-instance.

Meaning

For the EVPN-VXLAN-1 instance, the MAC address 2c:6b:f5:c2:ff:f0 is dynamically learned (D flag) and associated with Bridge Domain BD-1 (VLAN 1) in the EVPN instance EVPN-VXLAN-1. It was learned from a lt-5/1/0.1 logical tunnel interface, with the remote source IP 192.0.2.22 (MX12), indicating that this MAC belongs to a host connected to a remote device in the EVPN fabric.

For the EVPN-MPLS-1 instance, the MAC address 2c:6b:f5:c2:ff:f0 is present in Bridge Domain BD-1 (VLAN 1) under the EVPN instance EVPN-MPLS-1. It is marked with flags D (Dynamically learned) and C (Control MAC), indicating that it was learned via the EVPN control plane rather than data plane snooping. The MAC is associated with a next-hop index 1048581, which maps to a remote router, confirming that this MAC belongs to a host reachable via EVPN/MPLS from a remote site.

Appendix 1: Set Commands on All Devices

Set command output on all devices.

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

ToR11

ToR12

Data Center Gateway and WAN Edge 1 Router (MX11)

Data Center Gateway and WAN Edge 2 Router (MX12)

Data Center Gateway and WAN Edge 3 Router (MX21)

Data Center Gateway and WAN Edge 4 Router (MX22)

ToR21

ToR22

P

CE1

CE2

CE3

CE4

CE5

CE6

Appendix 2: Show Configuration Output on DUT

Show command output on the DUT (MX11 and ToR11)

From configuration mode, confirm your configuration by entering the show configuration command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

MX11

ToR11

Related Documentation