ON THIS PAGE
APPENDIX: Junos Configuration for this IP-Clos Fabric (Optional)
In this chapter we have documented the entire configuration Mist Cloud has pushed to all Fabric nodes. It is not required that you read this chapter. You may optionally refer to it if you are interested in the details of the configuration a new Fabric would receive by January 2025 built. If your Fabric has been built before this date some of the configurations may not be pushed the same way.
The best way to retrieve the actual configuration that is pushed to each switch is to use the Utilities-Tab > Download Junos Config .
Figure 1: Download Junos Config
In all below, examples we’ve reorganized the Junos configuration into different buckets and commented those. This will better help to understand the individual configuration option Junos uses.
Service1 Switch Junos Configuration
# global system housekeeping
set system host-name service1
set system time-zone UTC
set system commit synchronize
set protocols lldp interface all
set protocols lldp port-id-subtype interface-name
set protocols lldp port-description-type interface-alias
set protocols lldp-med interface all
set protocols rstp interface all
set protocols rstp bpdu-block-on-edge
set groups top system commit no-delta-synchronize
set groups top system name-server 8.8.8.8
set groups top system name-server 9.9.9.9
set groups top system ntp server 192.168.10.1
set groups top system syslog file messages authorization any
set groups top system syslog file messages archive files 5
set groups top system syslog file messages archive size 2m
set groups top system syslog file interactive-commands match "!(.*mist.*)"
set groups top system syslog file interactive-commands archive files 5
set groups top system syslog file interactive-commands archive size 2m
set groups top system syslog file escript.log archive files 5
set groups top system syslog file escript.log archive size 2m
set groups top system syslog file op-script.log archive files 5
set groups top system syslog file op-script.log archive size 2m
set groups top system syslog file snapshot archive files 5
set groups top system syslog file snapshot archive size 2m
set apply-groups top
#
# up or downlink interfaces to other fabric nodes
set interfaces et-0/0/52 unit 0 family inet address 10.255.240.2/31
set interfaces et-0/0/52 description evpn_downlink-to-182ad301e1d0
set interfaces et-0/0/53 unit 0 family inet address 10.255.240.4/31
set interfaces et-0/0/53 description evpn_downlink-to-384f49f33ffc
#
# Underlay Loopback interface, router ID, and AS number
set groups top interfaces lo0 unit 0 family inet address 172.16.254.1/32
set groups top routing-options router-id 172.16.254.1
set groups top routing-options autonomous-system 65001
#
# Per-packet load balancing
set groups top policy-options policy-statement ecmp_policy then load-balance per-packet
set groups top policy-options policy-statement ecmp_policy then accept
set groups top routing-options forwarding-table export ecmp_policy
set groups top forwarding-options vxlan-routing overlay-ecmp
set routing-options forwarding-table ecmp-fast-reroute
set routing-options forwarding-table chained-composite-next-hop ingress evpn
#
# BGP underlay network to other fabric nodes
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_export term 02-default then reject
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_import term 02-default then reject
set protocols bgp group evpn_underlay type external
set protocols bgp group evpn_underlay local-as 65001
set protocols bgp group evpn_underlay multipath multiple-as
set protocols bgp group evpn_underlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_underlay family inet unicast
set protocols bgp group evpn_underlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_underlay log-updown
set protocols bgp group evpn_underlay export evpn_underlay_export
set protocols bgp group evpn_underlay import evpn_underlay_import
set protocols bgp group evpn_underlay neighbor 10.255.240.3 peer-as 65003
set protocols bgp group evpn_underlay neighbor 10.255.240.5 peer-as 65004
set protocols bgp graceful-restart
#
# EVPN signalling to other fabric nodes
set groups top switch-options vrf-target target:65000:1
set protocols bgp group evpn_overlay type external
set protocols bgp group evpn_overlay local-address 172.16.254.1
set protocols bgp group evpn_overlay local-as 65001
set protocols bgp group evpn_overlay multipath multiple-as
set protocols bgp group evpn_overlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_overlay family evpn signaling loops 2
set protocols bgp group evpn_overlay log-updown
set protocols bgp group evpn_overlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic
set protocols bgp group evpn_overlay multihop ttl 1
set protocols bgp group evpn_overlay multihop no-nexthop-change
set protocols bgp group evpn_overlay neighbor 172.16.254.3 peer-as 65003
set protocols bgp group evpn_overlay neighbor 172.16.254.4 peer-as 65004
#
# EVPN type2/5 coexistence
set groups top policy-options policy-statement evpn_export_type5 term 01_ipv4 from protocol evpn
set groups top policy-options policy-statement evpn_export_type5 term 01_ipv4 from route-filter 0.0.0.0/0 prefix-length-range /32-/32
set groups top policy-options policy-statement evpn_export_type5 term 01_ipv4 then accept
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 from protocol evpn
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 from family inet6
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 from route-filter 0::0/0 prefix-length-range /128-/128
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 then accept
set groups top policy-options policy-statement evpn_export_type5 term 03_direct from protocol direct
set groups top policy-options policy-statement evpn_export_type5 term 03_direct then accept
set groups top policy-options policy-statement evpn_export_type5 term 04_bgp from protocol bgp
set groups top policy-options policy-statement evpn_export_type5 term 04_bgp then accept
#
# interface housekeeping
set interfaces interface-range default apply-groups default
set interfaces interface-range default member et-0/0/[0-51]
set interfaces interface-range default member et-0/0/[54-55]
set interfaces interface-range default member ge-0/0/[0-47]
set interfaces interface-range default member xe-0/0/[0-35]
set interfaces interface-range default member xe-0/0/[37-47]
set interfaces interface-range evpn_downlink apply-groups evpn_downlink
set interfaces interface-range evpn_downlink member et-0/0/52
set interfaces interface-range evpn_downlink member et-0/0/53
set interfaces vme unit 0 family inet dhcp vendor-id Juniper
set interfaces vme unit 0 family inet dhcp force-discover
set interfaces vme unit 0 family inet dhcp retransmission-attempt 60
set interfaces vme unit 0 family inet dhcp client-identifier user-id ascii 74e79806d100-M4aLquH9
set interfaces irb unit 0 family inet dhcp vendor-id Juniper
set interfaces irb unit 0 family inet dhcp force-discover
set interfaces irb unit 0 family inet dhcp retransmission-attempt 60
set interfaces irb unit 0 family inet dhcp client-identifier user-id ascii 74e79806d100-0
set interfaces irb unit 0 family inet mtu 9000
set interfaces irb unit 0 description default
set groups default interfaces <*> unit 0 family ethernet-switching vlan members [ default ]
set groups evpn_downlink interfaces <*> mtu 9192
set groups top forwarding-options storm-control-profiles default all
#
# first VRF (includes BGP-peering with WAN-Router and DHCP-Relay)
set groups top routing-instances corp-it instance-type vrf
set groups top routing-instances corp-it interface xe-0/0/36.1099
set groups top routing-instances corp-it protocols bgp group corp-it0 type external
set groups top routing-instances corp-it protocols bgp group corp-it0 log-updown
set groups top routing-instances corp-it protocols bgp group corp-it0 multipath multiple-as
set groups top routing-instances corp-it protocols bgp group corp-it0 neighbor 10.255.224.0 peer-as 64901
set groups top routing-instances corp-it protocols bgp group corp-it0 neighbor 10.255.224.0 hold-time 90
set groups top routing-instances corp-it protocols bgp group corp-it0 local-as 64911
set groups top routing-instances corp-it protocols bgp group corp-it0 hold-time 90
set groups top routing-instances corp-it protocols bgp group corp-it0 import import-default
set groups top routing-instances corp-it protocols bgp group corp-it0 export export-vrfs
set groups top routing-instances corp-it protocols bgp group corp-it0 bfd-liveness-detection minimum-interval 1000
set groups top routing-instances corp-it protocols bgp group corp-it0 bfd-liveness-detection multiplier 3
set groups top routing-instances corp-it protocols bgp group corp-it0 bfd-liveness-detection session-mode automatic
set groups top routing-instances corp-it protocols evpn ip-prefix-routes advertise direct-nexthop
set groups top routing-instances corp-it protocols evpn ip-prefix-routes encapsulation vxlan
set groups top routing-instances corp-it protocols evpn ip-prefix-routes vni 11284517
set groups top routing-instances corp-it protocols evpn ip-prefix-routes export evpn_export_type5
set groups top routing-instances corp-it route-distinguisher 172.16.254.1:101
set groups top routing-instances corp-it vrf-target target:65000:101
set groups top routing-instances corp-it vrf-table-label
set groups top routing-instances corp-it routing-options auto-export
set groups top routing-instances corp-it routing-options multipath
set groups top routing-instances corp-it interface lo0.1
#
# second VRF (includes BGP-peering with WAN-Router and DHCP-Relay)
set groups top routing-instances developers instance-type vrf
set groups top routing-instances developers interface xe-0/0/36.1088
set groups top routing-instances developers protocols bgp group developers0 type external
set groups top routing-instances developers protocols bgp group developers0 log-updown
set groups top routing-instances developers protocols bgp group developers0 multipath multiple-as
set groups top routing-instances developers protocols bgp group developers0 neighbor 10.255.224.2 peer-as 64901
set groups top routing-instances developers protocols bgp group developers0 neighbor 10.255.224.2 hold-time 90
set groups top routing-instances developers protocols bgp group developers0 local-as 64911
set groups top routing-instances developers protocols bgp group developers0 hold-time 90
set groups top routing-instances developers protocols bgp group developers0 import import-default
set groups top routing-instances developers protocols bgp group developers0 export export-vrfs
set groups top routing-instances developers protocols bgp group developers0 bfd-liveness-detection minimum-interval 1000
set groups top routing-instances developers protocols bgp group developers0 bfd-liveness-detection multiplier 3
set groups top routing-instances developers protocols bgp group developers0 bfd-liveness-detection session-mode automatic
set groups top routing-instances developers protocols evpn ip-prefix-routes advertise direct-nexthop
set groups top routing-instances developers protocols evpn ip-prefix-routes encapsulation vxlan
set groups top routing-instances developers protocols evpn ip-prefix-routes vni 15600414
set groups top routing-instances developers protocols evpn ip-prefix-routes export evpn_export_type5
set groups top routing-instances developers route-distinguisher 172.16.254.1:102
set groups top routing-instances developers vrf-target target:65000:102
set groups top routing-instances developers vrf-table-label
set groups top routing-instances developers routing-options auto-export
set groups top routing-instances developers routing-options multipath
set groups top routing-instances developers interface lo0.2
#
# third VRF (includes BGP-peering with WAN-Router and DHCP-Relay)
set groups top routing-instances guest-wifi instance-type vrf
set groups top routing-instances guest-wifi interface xe-0/0/36.1033
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 type external
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 log-updown
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 multipath multiple-as
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 neighbor 10.255.224.4 peer-as 64901
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 neighbor 10.255.224.4 hold-time 90
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 local-as 64911
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 hold-time 90
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 import import-default
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 export export-vrfs
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 bfd-liveness-detection minimum-interval 1000
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 bfd-liveness-detection multiplier 3
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 bfd-liveness-detection session-mode automatic
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes advertise direct-nexthop
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes encapsulation vxlan
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes vni 15560868
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes export evpn_export_type5
set groups top routing-instances guest-wifi route-distinguisher 172.16.254.1:103
set groups top routing-instances guest-wifi vrf-target target:65000:103
set groups top routing-instances guest-wifi vrf-table-label
set groups top routing-instances guest-wifi routing-options auto-export
set groups top routing-instances guest-wifi routing-options multipath
set groups top routing-instances guest-wifi interface lo0.3
#
# Overlay loopbacks for DHCP-Relay
set groups top interfaces lo0 unit 3 family inet address 172.16.192.3/32
set groups top interfaces lo0 unit 3 family inet6 address fd33:ab00:2::3/128
set groups top interfaces lo0 unit 2 family inet address 172.16.192.2/32
set groups top interfaces lo0 unit 2 family inet6 address fd33:ab00:2::2/128
set groups top interfaces lo0 unit 1 family inet address 172.16.192.1/32
set groups top interfaces lo0 unit 1 family inet6 address fd33:ab00:2::1/128
#
# uplink interfaces to WAN-Router
set interfaces xe-0/0/36 flexible-vlan-tagging
set interfaces xe-0/0/36 unit 1033 family inet address 10.255.224.5/31
set interfaces xe-0/0/36 unit 1033 description VLAN1033
set interfaces xe-0/0/36 unit 1033 vlan-id 1033
set interfaces xe-0/0/36 mtu 9018
set interfaces xe-0/0/36 unit 1088 family inet address 10.255.224.3/31
set interfaces xe-0/0/36 unit 1088 description VLAN1088
set interfaces xe-0/0/36 unit 1088 vlan-id 1088
set interfaces xe-0/0/36 unit 1099 family inet address 10.255.224.1/31
set interfaces xe-0/0/36 unit 1099 description VLAN1099
set interfaces xe-0/0/36 unit 1099 vlan-id 1099
set groups inet interfaces <*> mtu 9018
set interfaces interface-range inet apply-groups inet
set interfaces interface-range inet member xe-0/0/36
#
# BGP route policies for WAN-Router integration
set groups top policy-options route-filter-list 10-99-99-0_24 10.99.99.0/24 exact
set groups top policy-options policy-statement export-vrfs term 01_VLAN1099 from route-filter-list 10-99-99-0_24
set groups top policy-options policy-statement export-vrfs term 01_VLAN1099 then accept
set groups top policy-options policy-statement export-vrfs term 02_VLAN1088 from route-filter-list 10-88-88-0_24
set groups top policy-options policy-statement export-vrfs term 02_VLAN1088 then accept
set groups top policy-options policy-statement export-vrfs term 03_VLAN1033 from route-filter-list 10-33-33-0_24
set groups top policy-options policy-statement export-vrfs term 03_VLAN1033 then accept
set groups top policy-options policy-statement export-vrfs term 04_overlaylo0 from route-filter-list 172-16-192-0_24-32
set groups top policy-options policy-statement export-vrfs term 04_overlaylo0 then accept
set groups top policy-options route-filter-list 10-88-88-0_24 10.88.88.0/24 exact
set groups top policy-options route-filter-list 10-33-33-0_24 10.33.33.0/24 exact
set groups top policy-options route-filter-list 172-16-192-0_24-32 172.16.192.0/24 upto /32
set groups top policy-options route-filter-list 0-0-0-0_0 0.0.0.0/0 exact
set groups top policy-options policy-statement import-default term 01_default from protocol [ bgp ]
set groups top policy-options policy-statement import-default term 01_default from route-filter-list 0-0-0-0_0
set groups top policy-options policy-statement import-default term 01_default then accept
#
# VXLAN global settings
set groups top protocols evpn encapsulation vxlan
set groups top protocols evpn default-gateway do-not-advertise
set groups top protocols evpn extended-vni-list all
set groups top switch-options vtep-source-interface lo0.0
set groups top switch-options route-distinguisher 172.16.254.1:1
#
# VXLAN tuneing parameters based on device model
set groups top forwarding-options vxlan-routing next-hop 45056
set groups top forwarding-options vxlan-routing interface-num 8192
#
# VLAN to VNI mapping
set vlans VLAN1033 vlan-id 1033
set vlans VLAN1033 vxlan vni 11033
set vlans VLAN1088 vlan-id 1088
set vlans VLAN1088 vxlan vni 11088
set vlans VLAN1099 vlan-id 1099
set vlans VLAN1099 vxlan vni 11099
set vlans default vlan-id 1
set vlans default l3-interface irb.0
set vlans default vxlan vni 10001Service2 Switch Junos Configuration
# global system housekeeping
set system host-name service2
set system time-zone UTC
set system commit synchronize
set protocols lldp interface all
set protocols lldp port-id-subtype interface-name
set protocols lldp port-description-type interface-alias
set protocols lldp-med interface all
set protocols rstp interface all
set protocols rstp bpdu-block-on-edge
set groups top system commit no-delta-synchronize
set groups top system name-server 8.8.8.8
set groups top system name-server 9.9.9.9
set groups top system ntp server 192.168.10.1
set groups top system syslog file messages authorization any
set groups top system syslog file messages archive files 5
set groups top system syslog file messages archive size 2m
set groups top system syslog file interactive-commands match "!(.*mist.*)"
set groups top system syslog file interactive-commands archive files 5
set groups top system syslog file interactive-commands archive size 2m
set groups top system syslog file escript.log archive files 5
set groups top system syslog file escript.log archive size 2m
set groups top system syslog file op-script.log archive files 5
set groups top system syslog file op-script.log archive size 2m
set groups top system syslog file snapshot archive files 5
set groups top system syslog file snapshot archive size 2m
set apply-groups top
#
# up or downlink interfaces to other fabric nodes
set interfaces et-0/0/53 unit 0 family inet address 10.255.240.6/31
set interfaces et-0/0/53 description evpn_downlink-to-182ad301e1d0
set interfaces et-0/0/52 unit 0 family inet address 10.255.240.8/31
set interfaces et-0/0/52 description evpn_downlink-to-384f49f33ffc
#
# Underlay Loopback interface, router ID, and AS number
set groups top interfaces lo0 unit 0 family inet address 172.16.254.2/32
set groups top routing-options router-id 172.16.254.2
set groups top routing-options autonomous-system 65002
#
# Per-packet load balancing
set groups top policy-options policy-statement ecmp_policy then load-balance per-packet
set groups top policy-options policy-statement ecmp_policy then accept
set groups top routing-options forwarding-table export ecmp_policy
set groups top forwarding-options vxlan-routing overlay-ecmp
set routing-options forwarding-table ecmp-fast-reroute
set routing-options forwarding-table chained-composite-next-hop ingress evpn
#
# BGP underlay network to other fabric nodes
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_export term 02-default then reject
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_import term 02-default then reject
set protocols bgp group evpn_underlay type external
set protocols bgp group evpn_underlay local-as 65002
set protocols bgp group evpn_underlay multipath multiple-as
set protocols bgp group evpn_underlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_underlay family inet unicast
set protocols bgp group evpn_underlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_underlay log-updown
set protocols bgp group evpn_underlay export evpn_underlay_export
set protocols bgp group evpn_underlay import evpn_underlay_import
set protocols bgp group evpn_underlay neighbor 10.255.240.7 peer-as 65003
set protocols bgp group evpn_underlay neighbor 10.255.240.9 peer-as 65004
set protocols bgp graceful-restart
#
# EVPN signalling to other fabric nodes
set groups top switch-options vrf-target target:65000:1
set protocols bgp group evpn_overlay type external
set protocols bgp group evpn_overlay local-address 172.16.254.2
set protocols bgp group evpn_overlay local-as 65002
set protocols bgp group evpn_overlay multipath multiple-as
set protocols bgp group evpn_overlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_overlay family evpn signaling loops 2
set protocols bgp group evpn_overlay log-updown
set protocols bgp group evpn_overlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic
set protocols bgp group evpn_overlay multihop ttl 1
set protocols bgp group evpn_overlay multihop no-nexthop-change
set protocols bgp group evpn_overlay neighbor 172.16.254.3 peer-as 65003
set protocols bgp group evpn_overlay neighbor 172.16.254.4 peer-as 65004
#
# EVPN type2/5 coexistence
set groups top policy-options policy-statement evpn_export_type5 term 01_ipv4 from protocol evpn
set groups top policy-options policy-statement evpn_export_type5 term 01_ipv4 from route-filter 0.0.0.0/0 prefix-length-range /32-/32
set groups top policy-options policy-statement evpn_export_type5 term 01_ipv4 then accept
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 from protocol evpn
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 from family inet6
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 from route-filter 0::0/0 prefix-length-range /128-/128
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 then accept
set groups top policy-options policy-statement evpn_export_type5 term 03_direct from protocol direct
set groups top policy-options policy-statement evpn_export_type5 term 03_direct then accept
set groups top policy-options policy-statement evpn_export_type5 term 04_bgp from protocol bgp
set groups top policy-options policy-statement evpn_export_type5 term 04_bgp then accept
#
# interface housekeeping
set interfaces interface-range default apply-groups default
set interfaces interface-range default member et-0/0/[0-51]
set interfaces interface-range default member et-0/0/[54-55]
set interfaces interface-range default member ge-0/0/[0-47]
set interfaces interface-range default member xe-0/0/[0-35]
set interfaces interface-range default member xe-0/0/[37-47]
set interfaces interface-range evpn_downlink apply-groups evpn_downlink
set interfaces interface-range evpn_downlink member et-0/0/53
set interfaces interface-range evpn_downlink member et-0/0/52
set interfaces vme unit 0 family inet dhcp vendor-id Juniper
set interfaces vme unit 0 family inet dhcp force-discover
set interfaces vme unit 0 family inet dhcp retransmission-attempt 60
set interfaces vme unit 0 family inet dhcp client-identifier user-id ascii 74e7980fa000-M4aLquH9
set interfaces irb unit 0 family inet dhcp vendor-id Juniper
set interfaces irb unit 0 family inet dhcp force-discover
set interfaces irb unit 0 family inet dhcp retransmission-attempt 60
set interfaces irb unit 0 family inet dhcp client-identifier user-id ascii 74e7980fa000-0
set interfaces irb unit 0 family inet mtu 9000
set interfaces irb unit 0 description default
set groups default interfaces <*> unit 0 family ethernet-switching vlan members [ default ]
set groups evpn_downlink interfaces <*> mtu 9192
set groups top forwarding-options storm-control-profiles default all
#
# first VRF (includes BGP-peering with WAN-Router and DHCP-Relay)
set groups top routing-instances corp-it instance-type vrf
set groups top routing-instances corp-it interface xe-0/0/36.1099
set groups top routing-instances corp-it protocols bgp group corp-it0 type external
set groups top routing-instances corp-it protocols bgp group corp-it0 log-updown
set groups top routing-instances corp-it protocols bgp group corp-it0 multipath multiple-as
set groups top routing-instances corp-it protocols bgp group corp-it0 neighbor 10.255.226.0 peer-as 64901
set groups top routing-instances corp-it protocols bgp group corp-it0 neighbor 10.255.226.0 hold-time 90
set groups top routing-instances corp-it protocols bgp group corp-it0 local-as 64911
set groups top routing-instances corp-it protocols bgp group corp-it0 hold-time 90
set groups top routing-instances corp-it protocols bgp group corp-it0 import import-default
set groups top routing-instances corp-it protocols bgp group corp-it0 export export-vrfs
set groups top routing-instances corp-it protocols bgp group corp-it0 bfd-liveness-detection minimum-interval 1000
set groups top routing-instances corp-it protocols bgp group corp-it0 bfd-liveness-detection multiplier 3
set groups top routing-instances corp-it protocols bgp group corp-it0 bfd-liveness-detection session-mode automatic
set groups top routing-instances corp-it protocols evpn ip-prefix-routes advertise direct-nexthop
set groups top routing-instances corp-it protocols evpn ip-prefix-routes encapsulation vxlan
set groups top routing-instances corp-it protocols evpn ip-prefix-routes vni 11284517
set groups top routing-instances corp-it protocols evpn ip-prefix-routes export evpn_export_type5
set groups top routing-instances corp-it route-distinguisher 172.16.254.2:101
set groups top routing-instances corp-it vrf-target target:65000:101
set groups top routing-instances corp-it vrf-table-label
set groups top routing-instances corp-it routing-options auto-export
set groups top routing-instances corp-it routing-options multipath
set groups top routing-instances corp-it interface lo0.1
#
# second VRF (includes BGP-peering with WAN-Router and DHCP-Relay)
set groups top routing-instances developers instance-type vrf
set groups top routing-instances developers interface xe-0/0/36.1088
set groups top routing-instances developers protocols bgp group developers0 type external
set groups top routing-instances developers protocols bgp group developers0 log-updown
set groups top routing-instances developers protocols bgp group developers0 multipath multiple-as
set groups top routing-instances developers protocols bgp group developers0 neighbor 10.255.226.2 peer-as 64901
set groups top routing-instances developers protocols bgp group developers0 neighbor 10.255.226.2 hold-time 90
set groups top routing-instances developers protocols bgp group developers0 local-as 64911
set groups top routing-instances developers protocols bgp group developers0 hold-time 90
set groups top routing-instances developers protocols bgp group developers0 import import-default
set groups top routing-instances developers protocols bgp group developers0 export export-vrfs
set groups top routing-instances developers protocols bgp group developers0 bfd-liveness-detection minimum-interval 1000
set groups top routing-instances developers protocols bgp group developers0 bfd-liveness-detection multiplier 3
set groups top routing-instances developers protocols bgp group developers0 bfd-liveness-detection session-mode automatic
set groups top routing-instances developers protocols evpn ip-prefix-routes advertise direct-nexthop
set groups top routing-instances developers protocols evpn ip-prefix-routes encapsulation vxlan
set groups top routing-instances developers protocols evpn ip-prefix-routes vni 15600414
set groups top routing-instances developers protocols evpn ip-prefix-routes export evpn_export_type5
set groups top routing-instances developers route-distinguisher 172.16.254.2:102
set groups top routing-instances developers vrf-target target:65000:102
set groups top routing-instances developers vrf-table-label
set groups top routing-instances developers routing-options auto-export
set groups top routing-instances developers routing-options multipath
set groups top routing-instances developers interface lo0.2
#
# third VRF (includes BGP-peering with WAN-Router and DHCP-Relay)
set groups top routing-instances guest-wifi instance-type vrf
set groups top routing-instances guest-wifi interface xe-0/0/36.1033
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 type external
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 log-updown
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 multipath multiple-as
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 neighbor 10.255.226.4 peer-as 64901
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 neighbor 10.255.226.4 hold-time 90
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 local-as 64911
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 hold-time 90
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 import import-default
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 export export-vrfs
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 bfd-liveness-detection minimum-interval 1000
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 bfd-liveness-detection multiplier 3
set groups top routing-instances guest-wifi protocols bgp group guest-wifi0 bfd-liveness-detection session-mode automatic
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes advertise direct-nexthop
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes encapsulation vxlan
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes vni 15560868
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes export evpn_export_type5
set groups top routing-instances guest-wifi route-distinguisher 172.16.254.2:103
set groups top routing-instances guest-wifi vrf-target target:65000:103
set groups top routing-instances guest-wifi vrf-table-label
set groups top routing-instances guest-wifi routing-options auto-export
set groups top routing-instances guest-wifi routing-options multipath
set groups top routing-instances guest-wifi interface lo0.3
#
# Overlay loopbacks for DHCP-Relay
set groups top interfaces lo0 unit 3 family inet address 172.16.192.12/32
set groups top interfaces lo0 unit 3 family inet6 address fd33:ab00:2::c/128
set groups top interfaces lo0 unit 2 family inet address 172.16.192.11/32
set groups top interfaces lo0 unit 2 family inet6 address fd33:ab00:2::b/128
set groups top interfaces lo0 unit 1 family inet address 172.16.192.10/32
set groups top interfaces lo0 unit 1 family inet6 address fd33:ab00:2::a/128
#
# uplink interfaces to WAN-Router
set interfaces xe-0/0/36 flexible-vlan-tagging
set interfaces xe-0/0/36 unit 1033 family inet address 10.255.226.5/31
set interfaces xe-0/0/36 unit 1033 description VLAN1033
set interfaces xe-0/0/36 unit 1033 vlan-id 1033
set interfaces xe-0/0/36 mtu 9018
set interfaces xe-0/0/36 unit 1088 family inet address 10.255.226.3/31
set interfaces xe-0/0/36 unit 1088 description VLAN1088
set interfaces xe-0/0/36 unit 1088 vlan-id 1088
set interfaces xe-0/0/36 unit 1099 family inet address 10.255.226.1/31
set interfaces xe-0/0/36 unit 1099 description VLAN1099
set interfaces xe-0/0/36 unit 1099 vlan-id 1099
set groups inet interfaces <*> mtu 9018
set interfaces interface-range inet apply-groups inet
set interfaces interface-range inet member xe-0/0/36
#
# BGP route policies for WAN-Router integration
set groups top policy-options route-filter-list 10-99-99-0_24 10.99.99.0/24 exact
set groups top policy-options policy-statement export-vrfs term 01_VLAN1099 from route-filter-list 10-99-99-0_24
set groups top policy-options policy-statement export-vrfs term 01_VLAN1099 then accept
set groups top policy-options policy-statement export-vrfs term 02_VLAN1088 from route-filter-list 10-88-88-0_24
set groups top policy-options policy-statement export-vrfs term 02_VLAN1088 then accept
set groups top policy-options policy-statement export-vrfs term 03_VLAN1033 from route-filter-list 10-33-33-0_24
set groups top policy-options policy-statement export-vrfs term 03_VLAN1033 then accept
set groups top policy-options policy-statement export-vrfs term 04_overlaylo0 from route-filter-list 172-16-192-0_24-32
set groups top policy-options policy-statement export-vrfs term 04_overlaylo0 then accept
set groups top policy-options route-filter-list 10-88-88-0_24 10.88.88.0/24 exact
set groups top policy-options route-filter-list 10-33-33-0_24 10.33.33.0/24 exact
set groups top policy-options route-filter-list 172-16-192-0_24-32 172.16.192.0/24 upto /32
set groups top policy-options route-filter-list 0-0-0-0_0 0.0.0.0/0 exact
set groups top policy-options policy-statement import-default term 01_default from protocol [ bgp ]
set groups top policy-options policy-statement import-default term 01_default from route-filter-list 0-0-0-0_0
set groups top policy-options policy-statement import-default term 01_default then accept
#
# VXLAN global settings
set groups top protocols evpn encapsulation vxlan
set groups top protocols evpn default-gateway do-not-advertise
set groups top protocols evpn extended-vni-list all
set groups top switch-options vtep-source-interface lo0.0
set groups top switch-options route-distinguisher 172.16.254.2:1
#
# VXLAN tuneing parameters based on device model
set groups top forwarding-options vxlan-routing next-hop 45056
set groups top forwarding-options vxlan-routing interface-num 8192
#
# VLAN to VNI mapping
set vlans VLAN1033 vlan-id 1033
set vlans VLAN1033 vxlan vni 11033
set vlans VLAN1088 vlan-id 1088
set vlans VLAN1088 vxlan vni 11088
set vlans VLAN1099 vlan-id 1099
set vlans VLAN1099 vxlan vni 11099
set vlans default vlan-id 1
set vlans default l3-interface irb.0
set vlans default vxlan vni 10001Core1 Switch Junos Configuration
# global system housekeeping
set system host-name core1
set system time-zone UTC
set system commit synchronize
set protocols lldp interface all
set protocols lldp port-id-subtype interface-name
set protocols lldp port-description-type interface-alias
set protocols lldp-med interface all
set protocols rstp interface all
set protocols rstp bpdu-block-on-edge
set groups top system commit no-delta-synchronize
set groups top system name-server 8.8.8.8
set groups top system name-server 9.9.9.9
set groups top system ntp server 192.168.10.1
set groups top system syslog file messages authorization any
set groups top system syslog file messages archive files 5
set groups top system syslog file messages archive size 2m
set groups top system syslog file interactive-commands match "!(.*mist.*)"
set groups top system syslog file interactive-commands archive files 5
set groups top system syslog file interactive-commands archive size 2m
set groups top system syslog file escript.log archive files 5
set groups top system syslog file escript.log archive size 2m
set groups top system syslog file op-script.log archive files 5
set groups top system syslog file op-script.log archive size 2m
set groups top system syslog file snapshot archive files 5
set groups top system syslog file snapshot archive size 2m
set apply-groups top
#
# up or downlink interfaces to other fabric nodes
set interfaces et-0/0/7 unit 0 family inet address 10.255.240.10/31
set interfaces et-0/0/7 description evpn_downlink-to-d8539a64a6c0
set interfaces et-0/0/6 unit 0 family inet address 10.255.240.12/31
set interfaces et-0/0/6 description evpn_downlink-to-d8539a6519c0
set interfaces et-0/0/8 unit 0 family inet address 10.255.240.3/31
set interfaces et-0/0/8 description evpn_uplink-to-74e79806d100
set interfaces et-0/0/9 unit 0 family inet address 10.255.240.7/31
set interfaces et-0/0/9 description evpn_uplink-to-74e7980fa000
#
# Underlay Loopback interface, router ID, and AS number
set groups top interfaces lo0 unit 0 family inet address 172.16.254.3/32
set groups top routing-options router-id 172.16.254.3
set groups top routing-options autonomous-system 65003
#
# Per-packet load balancing
set groups top policy-options policy-statement ecmp_policy then load-balance per-packet
set groups top policy-options policy-statement ecmp_policy then accept
set groups top routing-options forwarding-table export ecmp_policy
set routing-options forwarding-table ecmp-fast-reroute
set routing-options forwarding-table chained-composite-next-hop ingress evpn
#
# BGP underlay network to other fabric nodes
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_export term 02-default then reject
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_import term 02-default then reject
set protocols bgp group evpn_underlay type external
set protocols bgp group evpn_underlay local-as 65003
set protocols bgp group evpn_underlay multipath multiple-as
set protocols bgp group evpn_underlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_underlay family inet unicast
set protocols bgp group evpn_underlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_underlay log-updown
set protocols bgp group evpn_underlay export evpn_underlay_export
set protocols bgp group evpn_underlay import evpn_underlay_import
set protocols bgp group evpn_underlay neighbor 10.255.240.2 peer-as 65001
set protocols bgp group evpn_underlay neighbor 10.255.240.6 peer-as 65002
set protocols bgp group evpn_underlay neighbor 10.255.240.11 peer-as 65005
set protocols bgp group evpn_underlay neighbor 10.255.240.13 peer-as 65006
set protocols bgp graceful-restart
#
# EVPN signalling to other fabric nodes
set protocols bgp group evpn_overlay type external
set protocols bgp group evpn_overlay local-address 172.16.254.3
set protocols bgp group evpn_overlay local-as 65003
set protocols bgp group evpn_overlay multipath multiple-as
set protocols bgp group evpn_overlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_overlay family evpn signaling loops 2
set protocols bgp group evpn_overlay log-updown
set protocols bgp group evpn_overlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic
set protocols bgp group evpn_overlay multihop ttl 1
set protocols bgp group evpn_overlay multihop no-nexthop-change
set protocols bgp group evpn_overlay neighbor 172.16.254.1 peer-as 65001
set protocols bgp group evpn_overlay neighbor 172.16.254.2 peer-as 65002
set protocols bgp group evpn_overlay neighbor 172.16.254.5 peer-as 65005
set protocols bgp group evpn_overlay neighbor 172.16.254.6 peer-as 65006
#
# interface housekeeping
set interfaces interface-range default apply-groups default
set interfaces interface-range default member et-0/0/[0-5]
set interfaces interface-range default member et-0/0/[10-35]
set interfaces interface-range evpn_downlink apply-groups evpn_downlink
set interfaces interface-range evpn_downlink member et-0/0/7
set interfaces interface-range evpn_downlink member et-0/0/6
set interfaces interface-range evpn_uplink apply-groups evpn_uplink
set interfaces interface-range evpn_uplink member et-0/0/8
set interfaces interface-range evpn_uplink member et-0/0/9
set interfaces em0 unit 0 family inet dhcp vendor-id Juniper
set interfaces em0 unit 0 family inet dhcp force-discover
set interfaces em0 unit 0 family inet dhcp retransmission-attempt 60
set interfaces em0 unit 0 family inet dhcp client-identifier user-id ascii 182ad301e1d0-YGXs1ox4
set interfaces irb unit 0 family inet dhcp vendor-id Juniper
set interfaces irb unit 0 family inet dhcp force-discover
set interfaces irb unit 0 family inet dhcp retransmission-attempt 60
set interfaces irb unit 0 family inet dhcp client-identifier user-id ascii 182ad301e1d0-0
set interfaces irb unit 0 description default
set groups default interfaces <*> unit 0 family ethernet-switching vlan members [ default ]
set groups evpn_downlink interfaces <*> mtu 9192
set groups evpn_uplink interfaces <*> mtu 9192
set groups top forwarding-options storm-control-profiles default all
set vlans default vlan-id 1
set vlans default l3-interface irb.0
#
# additional CLI
set interfaces em0.0 family inet dhcpCore2 Switch Junos Configuration
# global system housekeeping
set system host-name core2
set system time-zone UTC
set system commit synchronize
set protocols lldp interface all
set protocols lldp port-id-subtype interface-name
set protocols lldp port-description-type interface-alias
set protocols lldp-med interface all
set protocols rstp interface all
set protocols rstp bpdu-block-on-edge
set groups top system commit no-delta-synchronize
set groups top system name-server 8.8.8.8
set groups top system name-server 9.9.9.9
set groups top system ntp server 192.168.10.1
set groups top system syslog file messages authorization any
set groups top system syslog file messages archive files 5
set groups top system syslog file messages archive size 2m
set groups top system syslog file interactive-commands match "!(.*mist.*)"
set groups top system syslog file interactive-commands archive files 5
set groups top system syslog file interactive-commands archive size 2m
set groups top system syslog file escript.log archive files 5
set groups top system syslog file escript.log archive size 2m
set groups top system syslog file op-script.log archive files 5
set groups top system syslog file op-script.log archive size 2m
set groups top system syslog file snapshot archive files 5
set groups top system syslog file snapshot archive size 2m
set apply-groups top
#
# up or downlink interfaces to other fabric nodes
set interfaces et-0/0/6 unit 0 family inet address 10.255.240.14/31
set interfaces et-0/0/6 description evpn_downlink-to-d8539a64a6c0
set interfaces et-0/0/7 unit 0 family inet address 10.255.240.16/31
set interfaces et-0/0/7 description evpn_downlink-to-d8539a6519c0
set interfaces et-0/0/9 unit 0 family inet address 10.255.240.5/31
set interfaces et-0/0/9 description evpn_uplink-to-74e79806d100
set interfaces et-0/0/8 unit 0 family inet address 10.255.240.9/31
set interfaces et-0/0/8 description evpn_uplink-to-74e7980fa000
#
# Underlay Loopback interface, router ID, and AS number
set groups top interfaces lo0 unit 0 family inet address 172.16.254.4/32
set groups top routing-options router-id 172.16.254.4
set groups top routing-options autonomous-system 65004
#
# Per-packet load balancing
set groups top policy-options policy-statement ecmp_policy then load-balance per-packet
set groups top policy-options policy-statement ecmp_policy then accept
set groups top routing-options forwarding-table export ecmp_policy
set routing-options forwarding-table ecmp-fast-reroute
set routing-options forwarding-table chained-composite-next-hop ingress evpn
#
# BGP underlay network to other fabric nodes
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_export term 02-default then reject
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_import term 02-default then reject
set protocols bgp group evpn_underlay type external
set protocols bgp group evpn_underlay local-as 65004
set protocols bgp group evpn_underlay multipath multiple-as
set protocols bgp group evpn_underlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_underlay family inet unicast
set protocols bgp group evpn_underlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_underlay log-updown
set protocols bgp group evpn_underlay export evpn_underlay_export
set protocols bgp group evpn_underlay import evpn_underlay_import
set protocols bgp group evpn_underlay neighbor 10.255.240.4 peer-as 65001
set protocols bgp group evpn_underlay neighbor 10.255.240.8 peer-as 65002
set protocols bgp group evpn_underlay neighbor 10.255.240.15 peer-as 65005
set protocols bgp group evpn_underlay neighbor 10.255.240.17 peer-as 65006
set protocols bgp graceful-restart
#
# EVPN signalling to other fabric nodes
set protocols bgp group evpn_overlay type external
set protocols bgp group evpn_overlay local-address 172.16.254.4
set protocols bgp group evpn_overlay local-as 65004
set protocols bgp group evpn_overlay multipath multiple-as
set protocols bgp group evpn_overlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_overlay family evpn signaling loops 2
set protocols bgp group evpn_overlay log-updown
set protocols bgp group evpn_overlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic
set protocols bgp group evpn_overlay multihop ttl 1
set protocols bgp group evpn_overlay multihop no-nexthop-change
set protocols bgp group evpn_overlay neighbor 172.16.254.1 peer-as 65001
set protocols bgp group evpn_overlay neighbor 172.16.254.2 peer-as 65002
set protocols bgp group evpn_overlay neighbor 172.16.254.5 peer-as 65005
set protocols bgp group evpn_overlay neighbor 172.16.254.6 peer-as 65006
#
# interface housekeeping
set interfaces interface-range default apply-groups default
set interfaces interface-range default member et-0/0/[0-5]
set interfaces interface-range default member et-0/0/[10-35]
set interfaces interface-range evpn_downlink apply-groups evpn_downlink
set interfaces interface-range evpn_downlink member et-0/0/6
set interfaces interface-range evpn_downlink member et-0/0/7
set interfaces interface-range evpn_uplink apply-groups evpn_uplink
set interfaces interface-range evpn_uplink member et-0/0/9
set interfaces interface-range evpn_uplink member et-0/0/8
set interfaces em0 unit 0 family inet dhcp vendor-id Juniper
set interfaces em0 unit 0 family inet dhcp force-discover
set interfaces em0 unit 0 family inet dhcp retransmission-attempt 60
set interfaces em0 unit 0 family inet dhcp client-identifier user-id ascii 384f49f33ffc-YGXs1ox4
set interfaces irb unit 0 family inet dhcp vendor-id Juniper
set interfaces irb unit 0 family inet dhcp force-discover
set interfaces irb unit 0 family inet dhcp retransmission-attempt 60
set interfaces irb unit 0 family inet dhcp client-identifier user-id ascii 384f49f33ffc-0
set interfaces irb unit 0 description default
set groups default interfaces <*> unit 0 family ethernet-switching vlan members [ default ]
set groups evpn_downlink interfaces <*> mtu 9192
set groups evpn_uplink interfaces <*> mtu 9192
set groups top forwarding-options storm-control-profiles default all
set vlans default vlan-id 1
set vlans default l3-interface irb.0
#
# additional CLI
set interfaces em0.0 family inet dhcpDist1 Switch Junos Configuration
# global system housekeeping
set system host-name dist1
set system time-zone UTC
set system commit synchronize
set protocols lldp interface all
set protocols lldp port-id-subtype interface-name
set protocols lldp port-description-type interface-alias
set protocols lldp-med interface all
set protocols rstp interface all
set protocols rstp bpdu-block-on-edge
set groups top system commit no-delta-synchronize
set groups top system name-server 8.8.8.8
set groups top system name-server 9.9.9.9
set groups top system ntp server 192.168.10.1
set groups top system syslog file messages authorization any
set groups top system syslog file messages archive files 5
set groups top system syslog file messages archive size 2m
set groups top system syslog file interactive-commands match "!(.*mist.*)"
set groups top system syslog file interactive-commands archive files 5
set groups top system syslog file interactive-commands archive size 2m
set groups top system syslog file escript.log archive files 5
set groups top system syslog file escript.log archive size 2m
set groups top system syslog file op-script.log archive files 5
set groups top system syslog file op-script.log archive size 2m
set groups top system syslog file snapshot archive files 5
set groups top system syslog file snapshot archive size 2m
set apply-groups top
#
# up or downlink interfaces to other fabric nodes
set interfaces et-0/0/52 unit 0 family inet address 10.255.240.13/31
set interfaces et-0/0/52 description evpn_uplink-to-182ad301e1d0
set interfaces et-0/0/53 unit 0 family inet address 10.255.240.17/31
set interfaces et-0/0/53 description evpn_uplink-to-384f49f33ffc
set interfaces xe-0/0/37 unit 0 family inet address 10.255.240.22/31
set interfaces xe-0/0/37 description evpn_downlink-to-bc0ffe157080
set interfaces xe-0/0/36 unit 0 family inet address 10.255.240.24/31
set interfaces xe-0/0/36 description evpn_downlink-to-f8c116415c00
#
# Underlay Loopback interface, router ID, and AS number
set groups top interfaces lo0 unit 0 family inet address 172.16.254.6/32
set groups top routing-options router-id 172.16.254.6
set groups top routing-options autonomous-system 65006
#
# Per-packet load balancing
set groups top policy-options policy-statement ecmp_policy then load-balance per-packet
set groups top policy-options policy-statement ecmp_policy then accept
set groups top routing-options forwarding-table export ecmp_policy
set routing-options forwarding-table ecmp-fast-reroute
set routing-options forwarding-table chained-composite-next-hop ingress evpn
#
# BGP underlay network to other fabric nodes
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_export term 02-default then reject
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_import term 02-default then reject
set protocols bgp group evpn_underlay type external
set protocols bgp group evpn_underlay local-as 65006
set protocols bgp group evpn_underlay multipath multiple-as
set protocols bgp group evpn_underlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_underlay family inet unicast
set protocols bgp group evpn_underlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_underlay log-updown
set protocols bgp group evpn_underlay export evpn_underlay_export
set protocols bgp group evpn_underlay import evpn_underlay_import
set protocols bgp group evpn_underlay neighbor 10.255.240.12 peer-as 65003
set protocols bgp group evpn_underlay neighbor 10.255.240.16 peer-as 65004
set protocols bgp group evpn_underlay neighbor 10.255.240.23 peer-as 65007
set protocols bgp group evpn_underlay neighbor 10.255.240.25 peer-as 65008
set protocols bgp graceful-restart
#
# EVPN signalling to other fabric nodes
set protocols bgp group evpn_overlay type external
set protocols bgp group evpn_overlay local-address 172.16.254.6
set protocols bgp group evpn_overlay local-as 65006
set protocols bgp group evpn_overlay multipath multiple-as
set protocols bgp group evpn_overlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_overlay family evpn signaling loops 2
set protocols bgp group evpn_overlay log-updown
set protocols bgp group evpn_overlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic
set protocols bgp group evpn_overlay multihop ttl 1
set protocols bgp group evpn_overlay multihop no-nexthop-change
set protocols bgp group evpn_overlay neighbor 172.16.254.3 peer-as 65003
set protocols bgp group evpn_overlay neighbor 172.16.254.4 peer-as 65004
set protocols bgp group evpn_overlay neighbor 172.16.254.7 peer-as 65007
set protocols bgp group evpn_overlay neighbor 172.16.254.8 peer-as 65008
#
# interface housekeeping
set interfaces interface-range default apply-groups default
set interfaces interface-range default member et-0/0/[0-51]
set interfaces interface-range default member et-0/0/[54-55]
set interfaces interface-range default member ge-0/0/[0-47]
set interfaces interface-range default member xe-0/0/[0-35]
set interfaces interface-range default member xe-0/0/[38-47]
set interfaces interface-range evpn_uplink apply-groups evpn_uplink
set interfaces interface-range evpn_uplink member et-0/0/52
set interfaces interface-range evpn_uplink member et-0/0/53
set interfaces interface-range evpn_downlink apply-groups evpn_downlink
set interfaces interface-range evpn_downlink member xe-0/0/37
set interfaces interface-range evpn_downlink member xe-0/0/36
set interfaces vme unit 0 family inet dhcp vendor-id Juniper
set interfaces vme unit 0 family inet dhcp force-discover
set interfaces vme unit 0 family inet dhcp retransmission-attempt 60
set interfaces vme unit 0 family inet dhcp client-identifier user-id ascii d8539a6519c0-M4aLquH9
set interfaces irb unit 0 family inet dhcp vendor-id Juniper
set interfaces irb unit 0 family inet dhcp force-discover
set interfaces irb unit 0 family inet dhcp retransmission-attempt 60
set interfaces irb unit 0 family inet dhcp client-identifier user-id ascii d8539a6519c0-0
set interfaces irb unit 0 description default
set groups default interfaces <*> unit 0 family ethernet-switching vlan members [ default ]
set groups evpn_uplink interfaces <*> mtu 9192
set groups evpn_downlink interfaces <*> mtu 9192
set groups top forwarding-options storm-control-profiles default all
set vlans default vlan-id 1
set vlans default l3-interface irb.0
#
# additional CLI
set chassis fpc 0 pic 0 port 0 speed 1G
set chassis fpc 0 pic 0 port 8 speed 1G
set interfaces et-0/0/48 disable
set interfaces et-0/0/49 disableDist2 Switch Junos Configuration
# global system housekeeping
set system host-name dist2
set system time-zone UTC
set system commit synchronize
set protocols lldp interface all
set protocols lldp port-id-subtype interface-name
set protocols lldp port-description-type interface-alias
set protocols lldp-med interface all
set protocols rstp interface all
set protocols rstp bpdu-block-on-edge
set groups top system commit no-delta-synchronize
set groups top system name-server 8.8.8.8
set groups top system name-server 9.9.9.9
set groups top system ntp server 192.168.10.1
set groups top system syslog file messages authorization any
set groups top system syslog file messages archive files 5
set groups top system syslog file messages archive size 2m
set groups top system syslog file interactive-commands match "!(.*mist.*)"
set groups top system syslog file interactive-commands archive files 5
set groups top system syslog file interactive-commands archive size 2m
set groups top system syslog file escript.log archive files 5
set groups top system syslog file escript.log archive size 2m
set groups top system syslog file op-script.log archive files 5
set groups top system syslog file op-script.log archive size 2m
set groups top system syslog file snapshot archive files 5
set groups top system syslog file snapshot archive size 2m
set apply-groups top
#
# up or downlink interfaces to other fabric nodes
set interfaces et-0/0/53 unit 0 family inet address 10.255.240.11/31
set interfaces et-0/0/53 description evpn_uplink-to-182ad301e1d0
set interfaces et-0/0/52 unit 0 family inet address 10.255.240.15/31
set interfaces et-0/0/52 description evpn_uplink-to-384f49f33ffc
set interfaces xe-0/0/36 unit 0 family inet address 10.255.240.18/31
set interfaces xe-0/0/36 description evpn_downlink-to-bc0ffe157080
set interfaces xe-0/0/37 unit 0 family inet address 10.255.240.20/31
set interfaces xe-0/0/37 description evpn_downlink-to-f8c116415c00
#
# Underlay Loopback interface, router ID, and AS number
set groups top interfaces lo0 unit 0 family inet address 172.16.254.5/32
set groups top routing-options router-id 172.16.254.5
set groups top routing-options autonomous-system 65005
#
# Per-packet load balancing
set groups top policy-options policy-statement ecmp_policy then load-balance per-packet
set groups top policy-options policy-statement ecmp_policy then accept
set groups top routing-options forwarding-table export ecmp_policy
set routing-options forwarding-table ecmp-fast-reroute
set routing-options forwarding-table chained-composite-next-hop ingress evpn
#
# BGP underlay network to other fabric nodes
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_export term 02-default then reject
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_import term 02-default then reject
set protocols bgp group evpn_underlay type external
set protocols bgp group evpn_underlay local-as 65005
set protocols bgp group evpn_underlay multipath multiple-as
set protocols bgp group evpn_underlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_underlay family inet unicast
set protocols bgp group evpn_underlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_underlay log-updown
set protocols bgp group evpn_underlay export evpn_underlay_export
set protocols bgp group evpn_underlay import evpn_underlay_import
set protocols bgp group evpn_underlay neighbor 10.255.240.10 peer-as 65003
set protocols bgp group evpn_underlay neighbor 10.255.240.14 peer-as 65004
set protocols bgp group evpn_underlay neighbor 10.255.240.19 peer-as 65007
set protocols bgp group evpn_underlay neighbor 10.255.240.21 peer-as 65008
set protocols bgp graceful-restart
#
# EVPN signalling to other fabric nodes
set protocols bgp group evpn_overlay type external
set protocols bgp group evpn_overlay local-address 172.16.254.5
set protocols bgp group evpn_overlay local-as 65005
set protocols bgp group evpn_overlay multipath multiple-as
set protocols bgp group evpn_overlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_overlay family evpn signaling loops 2
set protocols bgp group evpn_overlay log-updown
set protocols bgp group evpn_overlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic
set protocols bgp group evpn_overlay multihop ttl 1
set protocols bgp group evpn_overlay multihop no-nexthop-change
set protocols bgp group evpn_overlay neighbor 172.16.254.3 peer-as 65003
set protocols bgp group evpn_overlay neighbor 172.16.254.4 peer-as 65004
set protocols bgp group evpn_overlay neighbor 172.16.254.7 peer-as 65007
set protocols bgp group evpn_overlay neighbor 172.16.254.8 peer-as 65008
#
# interface housekeeping
set interfaces interface-range default apply-groups default
set interfaces interface-range default member et-0/0/[0-51]
set interfaces interface-range default member et-0/0/[54-55]
set interfaces interface-range default member ge-0/0/[0-47]
set interfaces interface-range default member xe-0/0/[0-35]
set interfaces interface-range default member xe-0/0/[38-47]
set interfaces interface-range evpn_uplink apply-groups evpn_uplink
set interfaces interface-range evpn_uplink member et-0/0/53
set interfaces interface-range evpn_uplink member et-0/0/52
set interfaces interface-range evpn_downlink apply-groups evpn_downlink
set interfaces interface-range evpn_downlink member xe-0/0/36
set interfaces interface-range evpn_downlink member xe-0/0/37
set interfaces vme unit 0 family inet dhcp vendor-id Juniper
set interfaces vme unit 0 family inet dhcp force-discover
set interfaces vme unit 0 family inet dhcp retransmission-attempt 60
set interfaces vme unit 0 family inet dhcp client-identifier user-id ascii d8539a64a6c0-M4aLquH9
set interfaces irb unit 0 family inet dhcp vendor-id Juniper
set interfaces irb unit 0 family inet dhcp force-discover
set interfaces irb unit 0 family inet dhcp retransmission-attempt 60
set interfaces irb unit 0 family inet dhcp client-identifier user-id ascii d8539a64a6c0-0
set interfaces irb unit 0 description default
set groups default interfaces <*> unit 0 family ethernet-switching vlan members [ default ]
set groups evpn_uplink interfaces <*> mtu 9192
set groups evpn_downlink interfaces <*> mtu 9192
set groups top forwarding-options storm-control-profiles default all
set vlans default vlan-id 1
set vlans default l3-interface irb.0
#
# additional CLI
set chassis fpc 0 pic 0 port 0 speed 1G
set chassis fpc 0 pic 0 port 8 speed 1G
set interfaces et-0/0/48 disable
set interfaces et-0/0/49 disableAccess1 Switch Junos Configuration
# global system housekeeping
set system host-name access1
set system time-zone UTC
set system commit synchronize
set protocols lldp interface all
set protocols lldp port-id-subtype interface-name
set protocols lldp port-description-type interface-alias
set protocols lldp-med interface all
set protocols rstp interface all
set protocols rstp bpdu-block-on-edge
set groups top system commit no-delta-synchronize
set groups top system name-server 8.8.8.8
set groups top system name-server 9.9.9.9
set groups top system ntp server 192.168.10.1
set groups top system syslog file messages authorization any
set groups top system syslog file messages archive files 5
set groups top system syslog file messages archive size 2m
set groups top system syslog file interactive-commands match "!(.*mist.*)"
set groups top system syslog file interactive-commands archive files 5
set groups top system syslog file interactive-commands archive size 2m
set groups top system syslog file escript.log archive files 5
set groups top system syslog file escript.log archive size 2m
set groups top system syslog file op-script.log archive files 5
set groups top system syslog file op-script.log archive size 2m
set groups top system syslog file snapshot archive files 5
set groups top system syslog file snapshot archive size 2m
set apply-groups top
#
# up or downlink interfaces to other fabric nodes
set interfaces mge-0/0/37 unit 0 family inet address 10.255.240.21/31
set interfaces mge-0/0/37 description evpn_uplink-to-d8539a64a6c0
set interfaces mge-0/0/36 unit 0 family inet address 10.255.240.25/31
set interfaces mge-0/0/36 description evpn_uplink-to-d8539a6519c0
#
# Underlay Loopback interface, router ID, and AS number
set groups top interfaces lo0 unit 0 family inet address 172.16.254.8/32
set groups top routing-options router-id 172.16.254.8
set groups top routing-options autonomous-system 65008
#
# Per-packet load balancing
set groups top policy-options policy-statement ecmp_policy then load-balance per-packet
set groups top policy-options policy-statement ecmp_policy then accept
set groups top routing-options forwarding-table export ecmp_policy
set routing-options forwarding-table ecmp-fast-reroute
set routing-options forwarding-table chained-composite-next-hop ingress evpn
set groups top forwarding-options vxlan-routing overlay-ecmp
#
# BGP underlay network to other fabric nodes
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_export term 02-default then reject
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_import term 02-default then reject
set protocols bgp group evpn_underlay type external
set protocols bgp group evpn_underlay local-as 65008
set protocols bgp group evpn_underlay multipath multiple-as
set protocols bgp group evpn_underlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_underlay family inet unicast
set protocols bgp group evpn_underlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_underlay log-updown
set protocols bgp group evpn_underlay export evpn_underlay_export
set protocols bgp group evpn_underlay import evpn_underlay_import
set protocols bgp group evpn_underlay neighbor 10.255.240.20 peer-as 65005
set protocols bgp group evpn_underlay neighbor 10.255.240.24 peer-as 65006
set protocols bgp graceful-restart
#
# EVPN signalling to other fabric nodes
set groups top switch-options vrf-target target:65000:1
set protocols bgp group evpn_overlay type external
set protocols bgp group evpn_overlay local-address 172.16.254.8
set protocols bgp group evpn_overlay local-as 65008
set protocols bgp group evpn_overlay multipath multiple-as
set protocols bgp group evpn_overlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_overlay family evpn signaling loops 2
set protocols bgp group evpn_overlay log-updown
set protocols bgp group evpn_overlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic
set protocols bgp group evpn_overlay multihop ttl 1
set protocols bgp group evpn_overlay multihop no-nexthop-change
set protocols bgp group evpn_overlay neighbor 172.16.254.5 peer-as 65005
set protocols bgp group evpn_overlay neighbor 172.16.254.6 peer-as 65006
#
# EVPN type2/5 coexistence
set groups top policy-options policy-statement evpn_export_type5 term 01_ipv4 from protocol evpn
set groups top policy-options policy-statement evpn_export_type5 term 01_ipv4 from route-filter 0.0.0.0/0 prefix-length-range /32-/32
set groups top policy-options policy-statement evpn_export_type5 term 01_ipv4 then accept
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 from protocol evpn
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 from family inet6
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 from route-filter 0::0/0 prefix-length-range /128-/128
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 then accept
set groups top policy-options policy-statement evpn_export_type5 term 03_direct from protocol direct
set groups top policy-options policy-statement evpn_export_type5 term 03_direct then accept
#
# interface housekeeping
set interfaces interface-range default apply-groups default
set interfaces interface-range default member et-0/1/[0-3]
set interfaces interface-range default member mge-0/0/[0-10]
set interfaces interface-range default member mge-0/0/12
set interfaces interface-range default member mge-0/0/15
set interfaces interface-range default member mge-0/0/[17-35]
set interfaces interface-range default member mge-0/0/[38-47]
set interfaces interface-range vlan1099-no-auth apply-groups vlan1099-no-auth
set interfaces interface-range vlan1099-no-auth member mge-0/0/11
set interfaces interface-range vlan1099-no-auth member mge-0/0/14
set interfaces interface-range vlan1088-no-auth apply-groups vlan1088-no-auth
set interfaces interface-range vlan1088-no-auth member mge-0/0/13
set interfaces interface-range access-point apply-groups access-point
set interfaces interface-range access-point member mge-0/0/16
set interfaces interface-range evpn_uplink apply-groups evpn_uplink
set interfaces interface-range evpn_uplink member mge-0/0/37
set interfaces interface-range evpn_uplink member mge-0/0/36
set interfaces vme unit 0 family inet dhcp vendor-id Juniper
set interfaces vme unit 0 family inet dhcp force-discover
set interfaces vme unit 0 family inet dhcp retransmission-attempt 60
set interfaces vme unit 0 family inet dhcp client-identifier user-id ascii f8c116415c00-M4aLquH9
set interfaces irb unit 0 family inet dhcp vendor-id Juniper
set interfaces irb unit 0 family inet dhcp force-discover
set interfaces irb unit 0 family inet dhcp retransmission-attempt 60
set interfaces irb unit 0 family inet dhcp client-identifier user-id ascii f8c116415c00-0
set interfaces irb unit 0 family inet mtu 9000
set interfaces irb unit 0 description default
set groups default interfaces <*> unit 0 family ethernet-switching vlan members [ default ]
set groups vlan1099-no-auth interfaces <*> unit 0 family ethernet-switching vlan members [ VLAN1099 ]
set groups vlan1088-no-auth interfaces <*> unit 0 family ethernet-switching vlan members [ VLAN1088 ]
set groups access-point interfaces <*> unit 0 family ethernet-switching interface-mode trunk
set groups access-point interfaces <*> unit 0 family ethernet-switching vlan members [ all ]
set groups access-point interfaces <*> native-vlan-id 1033
set groups evpn_uplink interfaces <*> mtu 9192
set groups top poe interface all
set groups top forwarding-options storm-control-profiles default all
#
# IRB's and default GW's for VLANs
set interfaces irb unit 1033 family inet address 10.33.33.1/24
set interfaces irb unit 1033 family inet mtu 9000
set interfaces irb unit 1033 description VLAN1033
set interfaces irb unit 1033 no-dhcp-flood
set interfaces irb unit 1033 mac 00:00:5e:e4:31:57
set interfaces irb unit 1088 family inet address 10.88.88.1/24
set interfaces irb unit 1088 family inet mtu 9000
set interfaces irb unit 1088 description VLAN1088
set interfaces irb unit 1088 no-dhcp-flood
set interfaces irb unit 1088 mac 00:00:5e:e4:31:57
set interfaces irb unit 1099 family inet address 10.99.99.1/24
set interfaces irb unit 1099 family inet mtu 9000
set interfaces irb unit 1099 description VLAN1099
set interfaces irb unit 1099 no-dhcp-flood
set interfaces irb unit 1099 mac 00:00:5e:e4:31:57
#
# first VRF (includes IRB and DHCP-Relay)
set groups top routing-instances developers instance-type vrf
set groups top routing-instances developers interface irb.1088
set groups top routing-instances developers forwarding-options dhcp-relay server-group VLAN1088 192.168.10.11
set groups top routing-instances developers forwarding-options dhcp-relay group VLAN1088 interface irb.1088
set groups top routing-instances developers forwarding-options dhcp-relay group VLAN1088 active-server-group VLAN1088
set groups top routing-instances developers forwarding-options dhcp-relay group VLAN1088 relay-option-82 circuit-id vlan-id-only
set groups top routing-instances developers forwarding-options dhcp-relay group VLAN1088 relay-option-82 server-id-override
set groups top routing-instances developers forwarding-options dhcp-relay group VLAN1088 route-suppression destination
set groups top routing-instances developers forwarding-options dhcp-relay group VLAN1088 overrides relay-source lo0.2
set groups top routing-instances developers forwarding-options dhcp-relay forward-only
set groups top routing-instances developers route-distinguisher 172.16.254.8:102
set groups top routing-instances developers vrf-target target:65000:102
set groups top routing-instances developers vrf-table-label
set groups top routing-instances developers routing-options auto-export
set groups top routing-instances developers routing-options multipath
set groups top routing-instances developers protocols evpn ip-prefix-routes advertise direct-nexthop
set groups top routing-instances developers protocols evpn ip-prefix-routes encapsulation vxlan
set groups top routing-instances developers protocols evpn ip-prefix-routes vni 15600414
set groups top routing-instances developers protocols evpn ip-prefix-routes export evpn_export_type5
set groups top routing-instances developers interface lo0.2
#
# second VRF (includes IRB and DHCP-Relay)
set groups top routing-instances corp-it instance-type vrf
set groups top routing-instances corp-it interface irb.1099
set groups top routing-instances corp-it forwarding-options dhcp-relay server-group VLAN1099 192.168.10.11
set groups top routing-instances corp-it forwarding-options dhcp-relay group VLAN1099 interface irb.1099
set groups top routing-instances corp-it forwarding-options dhcp-relay group VLAN1099 active-server-group VLAN1099
set groups top routing-instances corp-it forwarding-options dhcp-relay group VLAN1099 relay-option-82 circuit-id vlan-id-only
set groups top routing-instances corp-it forwarding-options dhcp-relay group VLAN1099 relay-option-82 server-id-override
set groups top routing-instances corp-it forwarding-options dhcp-relay group VLAN1099 route-suppression destination
set groups top routing-instances corp-it forwarding-options dhcp-relay group VLAN1099 overrides relay-source lo0.1
set groups top routing-instances corp-it forwarding-options dhcp-relay forward-only
set groups top routing-instances corp-it route-distinguisher 172.16.254.8:101
set groups top routing-instances corp-it vrf-target target:65000:101
set groups top routing-instances corp-it vrf-table-label
set groups top routing-instances corp-it routing-options auto-export
set groups top routing-instances corp-it routing-options multipath
set groups top routing-instances corp-it protocols evpn ip-prefix-routes advertise direct-nexthop
set groups top routing-instances corp-it protocols evpn ip-prefix-routes encapsulation vxlan
set groups top routing-instances corp-it protocols evpn ip-prefix-routes vni 11284517
set groups top routing-instances corp-it protocols evpn ip-prefix-routes export evpn_export_type5
set groups top routing-instances corp-it interface lo0.1
#
# third VRF (includes IRB and DHCP-Relay)
set groups top routing-instances guest-wifi instance-type vrf
set groups top routing-instances guest-wifi interface irb.1033
set groups top routing-instances guest-wifi forwarding-options dhcp-relay server-group VLAN1033 192.168.10.10
set groups top routing-instances guest-wifi forwarding-options dhcp-relay group VLAN1033 interface irb.1033
set groups top routing-instances guest-wifi forwarding-options dhcp-relay group VLAN1033 active-server-group VLAN1033
set groups top routing-instances guest-wifi forwarding-options dhcp-relay group VLAN1033 relay-option-82 circuit-id vlan-id-only
set groups top routing-instances guest-wifi forwarding-options dhcp-relay group VLAN1033 relay-option-82 server-id-override
set groups top routing-instances guest-wifi forwarding-options dhcp-relay group VLAN1033 route-suppression destination
set groups top routing-instances guest-wifi forwarding-options dhcp-relay group VLAN1033 overrides relay-source lo0.3
set groups top routing-instances guest-wifi forwarding-options dhcp-relay forward-only
set groups top routing-instances guest-wifi route-distinguisher 172.16.254.8:103
set groups top routing-instances guest-wifi vrf-target target:65000:103
set groups top routing-instances guest-wifi vrf-table-label
set groups top routing-instances guest-wifi routing-options auto-export
set groups top routing-instances guest-wifi routing-options multipath
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes advertise direct-nexthop
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes encapsulation vxlan
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes vni 15560868
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes export evpn_export_type5
set groups top routing-instances guest-wifi interface lo0.3
#
# Overlay loopbacks for DHCP-Relay
set groups top interfaces lo0 unit 3 family inet address 172.16.192.6/32
set groups top interfaces lo0 unit 3 family inet6 address fd33:ab00:2::6/128
set groups top interfaces lo0 unit 2 family inet address 172.16.192.5/32
set groups top interfaces lo0 unit 2 family inet6 address fd33:ab00:2::5/128
set groups top interfaces lo0 unit 1 family inet address 172.16.192.4/32
set groups top interfaces lo0 unit 1 family inet6 address fd33:ab00:2::4/128
#
# VXLAN global settings
set groups top protocols evpn encapsulation vxlan
set groups top protocols evpn default-gateway do-not-advertise
set groups top protocols evpn extended-vni-list all
set groups top switch-options vtep-source-interface lo0.0
set groups top switch-options route-distinguisher 172.16.254.8:1
#
# VXLAN tuneing parameters based on device model
set groups top forwarding-options vxlan-routing next-hop 16384
set groups top forwarding-options vxlan-routing interface-num 6144
#
# VLAN to IRB+VNI mapping
set vlans VLAN1033 vlan-id 1033
set vlans VLAN1033 l3-interface irb.1033
set vlans VLAN1033 vxlan vni 11033
set vlans VLAN1088 vlan-id 1088
set vlans VLAN1088 l3-interface irb.1088
set vlans VLAN1088 vxlan vni 11088
set vlans VLAN1099 vlan-id 1099
set vlans VLAN1099 l3-interface irb.1099
set vlans VLAN1099 vxlan vni 11099
set vlans default vlan-id 1
set vlans default l3-interface irb.0
set vlans default vxlan vni 10001Access2 Switch Junos Configuration
# global system housekeeping
set system host-name access2
set system time-zone UTC
set system commit synchronize
set protocols lldp interface all
set protocols lldp port-id-subtype interface-name
set protocols lldp port-description-type interface-alias
set protocols lldp-med interface all
set protocols rstp interface all
set protocols rstp bpdu-block-on-edge
set groups top system commit no-delta-synchronize
set groups top system name-server 8.8.8.8
set groups top system name-server 9.9.9.9
set groups top system ntp server 192.168.10.1
set groups top system syslog file messages authorization any
set groups top system syslog file messages archive files 5
set groups top system syslog file messages archive size 2m
set groups top system syslog file interactive-commands match "!(.*mist.*)"
set groups top system syslog file interactive-commands archive files 5
set groups top system syslog file interactive-commands archive size 2m
set groups top system syslog file escript.log archive files 5
set groups top system syslog file escript.log archive size 2m
set groups top system syslog file op-script.log archive files 5
set groups top system syslog file op-script.log archive size 2m
set groups top system syslog file snapshot archive files 5
set groups top system syslog file snapshot archive size 2m
set apply-groups top
#
# virtual chassis configuration
set protocols layer2-control nonstop-bridging
delete virtual-chassis
set virtual-chassis preprovisioned
set virtual-chassis member 0 role routing-engine serial-number ZG4723340069
set virtual-chassis member 1 role line-card serial-number ZG4723350034
set virtual-chassis member 2 role routing-engine serial-number ZG4723350187
set virtual-chassis member 3 role line-card serial-number ZF4321500037
set chassis redundancy graceful-switchover
set routing-options nonstop-routing
#
# up or downlink interfaces to other fabric nodes
set interfaces xe-2/2/0 unit 0 family inet address 10.255.240.19/31
set interfaces xe-2/2/0 description evpn_uplink-to-d8539a64a6c0
set interfaces xe-1/2/0 unit 0 family inet address 10.255.240.23/31
set interfaces xe-1/2/0 description evpn_uplink-to-d8539a6519c0
#
# Underlay Loopback interface, router ID, and AS number
set groups top interfaces lo0 unit 0 family inet address 172.16.254.7/32
set groups top routing-options router-id 172.16.254.7
set groups top routing-options autonomous-system 65007
#
# Per-packet load balancing
set groups top policy-options policy-statement ecmp_policy then load-balance per-packet
set groups top policy-options policy-statement ecmp_policy then accept
set groups top routing-options forwarding-table export ecmp_policy
set routing-options forwarding-table ecmp-fast-reroute
set routing-options forwarding-table chained-composite-next-hop ingress evpn
set groups top forwarding-options vxlan-routing overlay-ecmp
#
# BGP underlay network to other fabric nodes
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_export term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_export term 02-default then reject
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback from route-filter 172.16.254.0/23 orlonger
set groups top policy-options policy-statement evpn_underlay_import term 01-loopback then accept
set groups top policy-options policy-statement evpn_underlay_import term 02-default then reject
set protocols bgp group evpn_underlay type external
set protocols bgp group evpn_underlay local-as 65007
set protocols bgp group evpn_underlay multipath multiple-as
set protocols bgp group evpn_underlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_underlay family inet unicast
set protocols bgp group evpn_underlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_underlay log-updown
set protocols bgp group evpn_underlay export evpn_underlay_export
set protocols bgp group evpn_underlay import evpn_underlay_import
set protocols bgp group evpn_underlay neighbor 10.255.240.18 peer-as 65005
set protocols bgp group evpn_underlay neighbor 10.255.240.22 peer-as 65006
set protocols bgp graceful-restart
#
# EVPN signalling to other fabric nodes
set groups top switch-options vrf-target target:65000:1
set protocols bgp group evpn_overlay type external
set protocols bgp group evpn_overlay local-address 172.16.254.7
set protocols bgp group evpn_overlay local-as 65007
set protocols bgp group evpn_overlay multipath multiple-as
set protocols bgp group evpn_overlay authentication-key <not-disclosed-here>
set protocols bgp group evpn_overlay family evpn signaling loops 2
set protocols bgp group evpn_overlay log-updown
set protocols bgp group evpn_overlay bfd-liveness-detection minimum-interval 1000
set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3
set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic
set protocols bgp group evpn_overlay multihop ttl 1
set protocols bgp group evpn_overlay multihop no-nexthop-change
set protocols bgp group evpn_overlay neighbor 172.16.254.5 peer-as 65005
set protocols bgp group evpn_overlay neighbor 172.16.254.6 peer-as 65006
#
# EVPN type2/5 coexistence
set groups top policy-options policy-statement evpn_export_type5 term 01_ipv4 from protocol evpn
set groups top policy-options policy-statement evpn_export_type5 term 01_ipv4 from route-filter 0.0.0.0/0 prefix-length-range /32-/32
set groups top policy-options policy-statement evpn_export_type5 term 01_ipv4 then accept
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 from protocol evpn
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 from family inet6
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 from route-filter 0::0/0 prefix-length-range /128-/128
set groups top policy-options policy-statement evpn_export_type5 term 02_ipv6 then accept
set groups top policy-options policy-statement evpn_export_type5 term 03_direct from protocol direct
set groups top policy-options policy-statement evpn_export_type5 term 03_direct then accept
#
# interface housekeeping
set interfaces interface-range default apply-groups default
set interfaces interface-range default member et-0/1/[0-3]
set interfaces interface-range default member mge-0/0/[0-23]
set interfaces interface-range default member et-1/1/[0-3]
set interfaces interface-range default member mge-1/0/[0-23]
set interfaces interface-range default member et-2/1/[0-3]
set interfaces interface-range default member mge-2/0/[0-23]
set interfaces interface-range default member et-3/1/[0-3]
set interfaces interface-range default member mge-3/0/[0-11]
set interfaces interface-range default member mge-3/0/[14-15]
set interfaces interface-range default member mge-3/0/[17-47]
set interfaces interface-range vlan1088-no-auth apply-groups vlan1088-no-auth
set interfaces interface-range vlan1088-no-auth member mge-3/0/12
set interfaces interface-range vlan1099-no-auth apply-groups vlan1099-no-auth
set interfaces interface-range vlan1099-no-auth member mge-3/0/13
set interfaces interface-range access-point apply-groups access-point
set interfaces interface-range access-point member mge-3/0/16
set interfaces interface-range evpn_uplink apply-groups evpn_uplink
set interfaces interface-range evpn_uplink member xe-2/2/0
set interfaces interface-range evpn_uplink member xe-1/2/0
set interfaces vme unit 0 family inet dhcp vendor-id Juniper
set interfaces vme unit 0 family inet dhcp force-discover
set interfaces vme unit 0 family inet dhcp retransmission-attempt 60
set interfaces vme unit 0 family inet dhcp client-identifier user-id ascii bc0ffe157080-M4aLquH9
set interfaces irb unit 0 family inet dhcp vendor-id Juniper
set interfaces irb unit 0 family inet dhcp force-discover
set interfaces irb unit 0 family inet dhcp retransmission-attempt 60
set interfaces irb unit 0 family inet dhcp client-identifier user-id ascii bc0ffe157080-0
set interfaces irb unit 0 family inet mtu 9000
set interfaces irb unit 0 description default
set groups default interfaces <*> unit 0 family ethernet-switching vlan members [ default ]
set groups vlan1088-no-auth interfaces <*> unit 0 family ethernet-switching vlan members [ VLAN1088 ]
set groups vlan1099-no-auth interfaces <*> unit 0 family ethernet-switching vlan members [ VLAN1099 ]
set groups access-point interfaces <*> unit 0 family ethernet-switching interface-mode trunk
set groups access-point interfaces <*> unit 0 family ethernet-switching vlan members [ all ]
set groups access-point interfaces <*> native-vlan-id 1033
set groups evpn_uplink interfaces <*> mtu 9192
set groups top poe interface all
set groups top forwarding-options storm-control-profiles default all
#
# IRB's and default GW's for VLANs
set interfaces irb unit 1033 family inet address 10.33.33.1/24
set interfaces irb unit 1033 family inet mtu 9000
set interfaces irb unit 1033 description VLAN1033
set interfaces irb unit 1033 no-dhcp-flood
set interfaces irb unit 1033 mac 00:00:5e:e4:31:57
set interfaces irb unit 1088 family inet address 10.88.88.1/24
set interfaces irb unit 1088 family inet mtu 9000
set interfaces irb unit 1088 description VLAN1088
set interfaces irb unit 1088 no-dhcp-flood
set interfaces irb unit 1088 mac 00:00:5e:e4:31:57
set interfaces irb unit 1099 family inet address 10.99.99.1/24
set interfaces irb unit 1099 family inet mtu 9000
set interfaces irb unit 1099 description VLAN1099
set interfaces irb unit 1099 no-dhcp-flood
set interfaces irb unit 1099 mac 00:00:5e:e4:31:57
#
# first VRF (includes IRB and DHCP-Relay)
set groups top routing-instances corp-it instance-type vrf
set groups top routing-instances corp-it interface irb.1099
set groups top routing-instances corp-it forwarding-options dhcp-relay server-group VLAN1099 192.168.10.11
set groups top routing-instances corp-it forwarding-options dhcp-relay group VLAN1099 interface irb.1099
set groups top routing-instances corp-it forwarding-options dhcp-relay group VLAN1099 active-server-group VLAN1099
set groups top routing-instances corp-it forwarding-options dhcp-relay group VLAN1099 relay-option-82 circuit-id vlan-id-only
set groups top routing-instances corp-it forwarding-options dhcp-relay group VLAN1099 relay-option-82 server-id-override
set groups top routing-instances corp-it forwarding-options dhcp-relay group VLAN1099 route-suppression destination
set groups top routing-instances corp-it forwarding-options dhcp-relay group VLAN1099 overrides relay-source lo0.1
set groups top routing-instances corp-it forwarding-options dhcp-relay forward-only
set groups top routing-instances corp-it route-distinguisher 172.16.254.7:101
set groups top routing-instances corp-it vrf-target target:65000:101
set groups top routing-instances corp-it vrf-table-label
set groups top routing-instances corp-it routing-options auto-export
set groups top routing-instances corp-it routing-options multipath
set groups top routing-instances corp-it protocols evpn ip-prefix-routes advertise direct-nexthop
set groups top routing-instances corp-it protocols evpn ip-prefix-routes encapsulation vxlan
set groups top routing-instances corp-it protocols evpn ip-prefix-routes vni 11284517
set groups top routing-instances corp-it protocols evpn ip-prefix-routes export evpn_export_type5
set groups top routing-instances corp-it interface lo0.1
#
# second VRF (includes IRB and DHCP-Relay)
set groups top routing-instances developers instance-type vrf
set groups top routing-instances developers interface irb.1088
set groups top routing-instances developers forwarding-options dhcp-relay server-group VLAN1088 192.168.10.11
set groups top routing-instances developers forwarding-options dhcp-relay group VLAN1088 interface irb.1088
set groups top routing-instances developers forwarding-options dhcp-relay group VLAN1088 active-server-group VLAN1088
set groups top routing-instances developers forwarding-options dhcp-relay group VLAN1088 relay-option-82 circuit-id vlan-id-only
set groups top routing-instances developers forwarding-options dhcp-relay group VLAN1088 relay-option-82 server-id-override
set groups top routing-instances developers forwarding-options dhcp-relay group VLAN1088 route-suppression destination
set groups top routing-instances developers forwarding-options dhcp-relay group VLAN1088 overrides relay-source lo0.2
set groups top routing-instances developers forwarding-options dhcp-relay forward-only
set groups top routing-instances developers route-distinguisher 172.16.254.7:102
set groups top routing-instances developers vrf-target target:65000:102
set groups top routing-instances developers vrf-table-label
set groups top routing-instances developers routing-options auto-export
set groups top routing-instances developers routing-options multipath
set groups top routing-instances developers protocols evpn ip-prefix-routes advertise direct-nexthop
set groups top routing-instances developers protocols evpn ip-prefix-routes encapsulation vxlan
set groups top routing-instances developers protocols evpn ip-prefix-routes vni 15600414
set groups top routing-instances developers protocols evpn ip-prefix-routes export evpn_export_type5
set groups top routing-instances developers interface lo0.2
#
# third VRF (includes IRB and DHCP-Relay)
set groups top routing-instances guest-wifi instance-type vrf
set groups top routing-instances guest-wifi interface irb.1033
set groups top routing-instances guest-wifi forwarding-options dhcp-relay server-group VLAN1033 192.168.10.10
set groups top routing-instances guest-wifi forwarding-options dhcp-relay group VLAN1033 interface irb.1033
set groups top routing-instances guest-wifi forwarding-options dhcp-relay group VLAN1033 active-server-group VLAN1033
set groups top routing-instances guest-wifi forwarding-options dhcp-relay group VLAN1033 relay-option-82 circuit-id vlan-id-only
set groups top routing-instances guest-wifi forwarding-options dhcp-relay group VLAN1033 relay-option-82 server-id-override
set groups top routing-instances guest-wifi forwarding-options dhcp-relay group VLAN1033 route-suppression destination
set groups top routing-instances guest-wifi forwarding-options dhcp-relay group VLAN1033 overrides relay-source lo0.3
set groups top routing-instances guest-wifi forwarding-options dhcp-relay forward-only
set groups top routing-instances guest-wifi route-distinguisher 172.16.254.7:103
set groups top routing-instances guest-wifi vrf-target target:65000:103
set groups top routing-instances guest-wifi vrf-table-label
set groups top routing-instances guest-wifi routing-options auto-export
set groups top routing-instances guest-wifi routing-options multipath
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes advertise direct-nexthop
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes encapsulation vxlan
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes vni 15560868
set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes export evpn_export_type5
set groups top routing-instances guest-wifi interface lo0.3
#
# Overlay loopbacks for DHCP-Relay
set groups top interfaces lo0 unit 3 family inet address 172.16.192.9/32
set groups top interfaces lo0 unit 3 family inet6 address fd33:ab00:2::9/128
set groups top interfaces lo0 unit 2 family inet address 172.16.192.8/32
set groups top interfaces lo0 unit 2 family inet6 address fd33:ab00:2::8/128
set groups top interfaces lo0 unit 1 family inet address 172.16.192.7/32
set groups top interfaces lo0 unit 1 family inet6 address fd33:ab00:2::7/128
#
# VXLAN global settings
set groups top protocols evpn encapsulation vxlan
set groups top protocols evpn default-gateway do-not-advertise
set groups top protocols evpn extended-vni-list all
set groups top switch-options vtep-source-interface lo0.0
set groups top switch-options route-distinguisher 172.16.254.7:1
#
# VXLAN tuneing parameters based on device model
set groups top forwarding-options vxlan-routing next-hop 16384
set groups top forwarding-options vxlan-routing interface-num 6144
#
# VLAN to IRB+VNI mapping
set vlans VLAN1033 vlan-id 1033
set vlans VLAN1033 l3-interface irb.1033
set vlans VLAN1033 vxlan vni 11033
set vlans VLAN1088 vlan-id 1088
set vlans VLAN1088 l3-interface irb.1088
set vlans VLAN1088 vxlan vni 11088
set vlans VLAN1099 vlan-id 1099
set vlans VLAN1099 l3-interface irb.1099
set vlans VLAN1099 vxlan vni 11099
set vlans default vlan-id 1
set vlans default l3-interface irb.0
set vlans default vxlan vni 10001
#
# additional CLI
set chassis fpc 0 pic 2 port 0 speed 10g
set chassis fpc 1 pic 2 port 0 speed 10g
set chassis fpc 2 pic 2 port 0 speed 10g
set chassis fpc 3 pic 2 port 0 speed 10gWAN-Router Junos Configuration
We obtained the following example configuration from the SRX1500 as WAN-Router.
root@wanrouter> show configuration | display set | no-more # global system housekeeping set system host-name wanrouter set system services ssh root-login allow set system services telnet set system services netconf ssh set system name-server 8.8.8.8 set system name-server 8.8.4.4 set system syslog user * any emergency set system syslog file interactive-commands interactive-commands any set system syslog file messages any notice set system syslog file messages authorization info set system max-configurations-on-flash 5 set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval set security log mode stream set protocols lldp port-id-subtype interface-name set protocols lldp port-description-type interface-alias set protocols lldp interface all set protocols lldp-med interface all # # default screen setting set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land # # SNAT with exclusion of 192.168.10.0/24 to DHCP-Server set security nat source rule-set trust-to-untrust from zone trust set security nat source rule-set trust-to-untrust to zone untrust set security nat source rule-set trust-to-untrust rule source-nat-rule1 match destination-address 192.168.10.0/24 set security nat source rule-set trust-to-untrust rule source-nat-rule1 then source-nat off set security nat source rule-set trust-to-untrust rule source-nat-rule2 match source-address 0.0.0.0/0 set security nat source rule-set trust-to-untrust rule source-nat-rule2 then source-nat interface # # default trust and untrust zone communication set security policies from-zone trust to-zone trust policy default-permit match source-address any set security policies from-zone trust to-zone trust policy default-permit match destination-address any set security policies from-zone trust to-zone trust policy default-permit match application any set security policies from-zone trust to-zone trust policy default-permit then permit set security policies from-zone trust to-zone untrust policy default-permit match source-address any set security policies from-zone trust to-zone untrust policy default-permit match destination-address any set security policies from-zone trust to-zone untrust policy default-permit match application any set security policies from-zone trust to-zone untrust policy default-permit then permit set security policies pre-id-default-policy then log session-close # # bind interfaces to security zones set security zones security-zone trust host-inbound-traffic system-services all set security zones security-zone trust host-inbound-traffic protocols all set security zones security-zone trust interfaces xe-0/0/16.1099 set security zones security-zone trust interfaces xe-0/0/16.1088 set security zones security-zone trust interfaces xe-0/0/16.1033 set security zones security-zone trust interfaces xe-0/0/17.1099 set security zones security-zone trust interfaces xe-0/0/17.1088 set security zones security-zone trust interfaces xe-0/0/17.1033 set security zones security-zone untrust screen untrust-screen set security zones security-zone untrust host-inbound-traffic system-services all set security zones security-zone untrust host-inbound-traffic protocols all set security zones security-zone untrust interfaces ge-0/0/0.0 # # uplink to lab and downlink interfaces to fabric nodes set interfaces ge-0/0/0 unit 0 family inet address 192.168.10.99/24 set interfaces xe-0/0/16 flexible-vlan-tagging set interfaces xe-0/0/16 mtu 9014 set interfaces xe-0/0/16 unit 1033 description vlan1033 set interfaces xe-0/0/16 unit 1033 vlan-id 1033 set interfaces xe-0/0/16 unit 1033 family inet address 10.255.224.4/31 set interfaces xe-0/0/16 unit 1088 description vlan1088 set interfaces xe-0/0/16 unit 1088 vlan-id 1088 set interfaces xe-0/0/16 unit 1088 family inet address 10.255.224.2/31 set interfaces xe-0/0/16 unit 1099 description vlan1099 set interfaces xe-0/0/16 unit 1099 vlan-id 1099 set interfaces xe-0/0/16 unit 1099 family inet address 10.255.224.0/31 set interfaces xe-0/0/17 flexible-vlan-tagging set interfaces xe-0/0/17 mtu 9014 set interfaces xe-0/0/17 unit 1033 description vlan1033 set interfaces xe-0/0/17 unit 1033 vlan-id 1033 set interfaces xe-0/0/17 unit 1033 family inet address 10.255.226.4/31 set interfaces xe-0/0/17 unit 1088 description vlan1088 set interfaces xe-0/0/17 unit 1088 vlan-id 1088 set interfaces xe-0/0/17 unit 1088 family inet address 10.255.226.2/31 set interfaces xe-0/0/17 unit 1099 description vlan1099 set interfaces xe-0/0/17 unit 1099 vlan-id 1099 set interfaces xe-0/0/17 unit 1099 family inet address 10.255.226.0/31 # # Per-packet load balancing set routing-options forwarding-table export ECMP set policy-options policy-statement ECMP then load-balance per-packet set policy-options policy-statement ECMP then accept # # filters to announce default route and import fabric routes set policy-options policy-statement fabric term 1 from protocol bgp set policy-options policy-statement fabric term 1 from route-filter 0.0.0.0/0 orlonger set policy-options policy-statement fabric term 1 then accept set policy-options policy-statement fabric term 2 then reject set policy-options policy-statement internet term 1 from protocol static set policy-options policy-statement internet term 1 from route-filter 0.0.0.0/0 exact set policy-options policy-statement internet term 1 then accept set policy-options policy-statement internet term 2 then reject # # virtual router with up/downlink interfaces set routing-instances public-int instance-type virtual-router set routing-instances public-int interface ge-0/0/0.0 set routing-instances public-int interface xe-0/0/16.1033 set routing-instances public-int interface xe-0/0/16.1088 set routing-instances public-int interface xe-0/0/16.1099 set routing-instances public-int interface xe-0/0/17.1033 set routing-instances public-int interface xe-0/0/17.1088 set routing-instances public-int interface xe-0/0/17.1099 set routing-instances public-int routing-options static route 0.0.0.0/0 next-hop 192.168.10.1 # # BGP peering to first fabric VRF neigbours set routing-instances public-int protocols bgp group corp-it type external set routing-instances public-int protocols bgp group corp-it hold-time 90 set routing-instances public-int protocols bgp group corp-it import fabric set routing-instances public-int protocols bgp group corp-it family inet unicast set routing-instances public-int protocols bgp group corp-it export internet set routing-instances public-int protocols bgp group corp-it local-as 64901 set routing-instances public-int protocols bgp group corp-it multipath multiple-as set routing-instances public-int protocols bgp group corp-it bfd-liveness-detection minimum-interval 1000 set routing-instances public-int protocols bgp group corp-it bfd-liveness-detection multiplier 3 set routing-instances public-int protocols bgp group corp-it bfd-liveness-detection session-mode automatic set routing-instances public-int protocols bgp group corp-it neighbor 10.255.224.1 peer-as 64911 set routing-instances public-int protocols bgp group corp-it neighbor 10.255.226.1 peer-as 64911 # # BGP peering to second fabric VRF neigbours set routing-instances public-int protocols bgp group developers type external set routing-instances public-int protocols bgp group developers hold-time 90 set routing-instances public-int protocols bgp group developers import fabric set routing-instances public-int protocols bgp group developers family inet unicast set routing-instances public-int protocols bgp group developers export internet set routing-instances public-int protocols bgp group developers local-as 64901 set routing-instances public-int protocols bgp group developers multipath multiple-as set routing-instances public-int protocols bgp group developers bfd-liveness-detection minimum-interval 1000 set routing-instances public-int protocols bgp group developers bfd-liveness-detection multiplier 3 set routing-instances public-int protocols bgp group developers bfd-liveness-detection session-mode automatic set routing-instances public-int protocols bgp group developers neighbor 10.255.224.3 peer-as 64911 set routing-instances public-int protocols bgp group developers neighbor 10.255.226.3 peer-as 64911 # # BGP peering to third fabric VRF neigbours set routing-instances public-int protocols bgp group guest-wifi type external set routing-instances public-int protocols bgp group guest-wifi hold-time 90 set routing-instances public-int protocols bgp group guest-wifi import fabric set routing-instances public-int protocols bgp group guest-wifi family inet unicast set routing-instances public-int protocols bgp group guest-wifi export internet set routing-instances public-int protocols bgp group guest-wifi local-as 64901 set routing-instances public-int protocols bgp group guest-wifi multipath multiple-as set routing-instances public-int protocols bgp group guest-wifi bfd-liveness-detection minimum-interval 1000 set routing-instances public-int protocols bgp group guest-wifi bfd-liveness-detection multiplier 3 set routing-instances public-int protocols bgp group guest-wifi bfd-liveness-detection session-mode automatic set routing-instances public-int protocols bgp group guest-wifi neighbor 10.255.224.5 peer-as 64911 set routing-instances public-int protocols bgp group guest-wifi neighbor 10.255.226.5 peer-as 64911