Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Optional Add-Ins to an EVPN-VXLAN Fabric With CRB

This section shows how to configure optional features in an EVPN-VXLAN fabric.

What's Next

Juniper’s campus solution, based on a VXLAN overlay with EVPN control plane, is an efficient and scalable way to build and interconnect multiple campuses across a core network. With a robust BGP/EVPN implementation, Juniper is well-positioned to harness the full potential of EVPN technology.

For more information on available EVPN features and how to configure them, see EVPN User Guide.

How to Configure DHCP

Requirements

Configure DHCP on the following devices that you configured in the How to Configure an EVPN-VXLAN Fabric for a Campus Network With CRB configuration example:

  • Two EX9251 switches as core devices running Junos OS Release 18.4R2-S4.5.

  • Two EX4600 switches as distribution devices running Junos OS Release 18.4R2-S4.5.

  • Two hosts to represent a DHCP server and a client.

    • Re-validated using Junos OS Release 21.2R.3.

    • See the Feature Explorer for supported platforms.

Overview

Use this section to configure DHCP on the network. This example uses segmentation by placing the IRB interfaces in separate routing instances. The DHCP server is connected to one of the IRB interfaces in a service VRF instance. Figure 1 shows the virtual network topology with a DHCP server.

To ensure the client gets an IP address from the DHCP server, you can use a device like an SRX Series security device to provide inter-VRF routing, or you can use inter-VRF routing between VRFs locally on the core devices. This example shows how to use inter-VRF routing on the core devices.

Figure 1: Overlay Virtual Network Topology with a DHCP Server Overlay Virtual Network Topology with a DHCP Server

Configuration

We are only showing the DHCP relay configuration steps for the Core 1 device. The steps for the Core 2 device are the same. The inter-VRF routing configuration is shown in steps 5, 6 and 7 of the Overlay and Virtual Network Configuration example.

  1. Configure the DHCP relay option forward-only-replies on the core devices under the routing instance vrf_103, which is associated with the DHCP server. This DHCP relay option is used when the server and client are in different routing instances.

  2. Configure the DHCP relay option forward-only routing-instance vrf_103 on the core devices under the routing instance vrf_102, which is associated with the DHCP client.

  3. Create a server group under the routing instance vrf_102 to specify the IP address of the DHCP server.

  4. Configure the server group as the active server group and the interface connected to the client under the routing instance vrf_102.

  5. (Optional) Configure DHCP traceoptions.

  6. Configure the DHCP server.

    Note:

    In this example, we are using an SRX Series device to represent the DHCP server. The host IP address range is between 101 and 200. We provide a default route with the next-hop of the virtual gateway address (VGA) for VLAN 102.

Verify DHCP

Log in to the applicable devices and verify DHCP is working.

  1. Verify DHCP relay is working on the core devices. Confirm DHCP relay in the traceoptions log.

    Note:

    A DHCP relay binding will not be maintained on the core devices. The Core 2 device is the active gateway in this example. You might have to release and renew your IP on the client to see the logs in the traceoptions if you added traceoptions after the client and server configuration. We are only showing a snippet of the traceoptions log.

  2. Verify DHCP relay in the statistics output.

    The Core 2 device received the request and forwarded the reply and offer.

  3. Verify DHCP is working on the server and the client. First, confirm the server has a binding for the client.

    The server has a binding matching the client's MAC.

  4. Confirm the client has an IP address and route.

    The client has an IP address and a default route.

  5. Ping from the client to Server A for end-to-end verification.

    The client can ping Server A.

How to Configure Loop Protection

Requirements

You can configure loop protection on the following devices that you configured in the How to Configure an EVPN-VXLAN Fabric for a Campus Network With CRB configuration example:

  • Two EX4600 switch as the distribution devices. Software version: Junos OS Release 18.4R2-S4.5.

  • Two access layer switches. This can be a Juniper Networks access switch or a third-party switch.

    • Re-validated using Junos OS Release 21.2R.3.

    • See the Feature Explorer for supported platforms.

Overview

EVPN protects the network against Layer 2 loops through split horizon, as described in RFC 7432. However, you might want to configure additional loop protection on your network. A Spanning Tree Protocol (xSTP) prevents accidentally created loops between the access and distribution layers when a network administrator or user adds a new device to the network.

Figure 2: Access Layer Topology Access Layer Topology

Configuration

Use this section to configure loop protection on the distribution and access layers. We are only showing the Access 1 switch configuration. The distribution and the other access switch configuration is the same.

  1. Configure the distribution and access switches.

    All Layer 2 ports on the distribution and access layers that are not part of EVPN ESIs must be configured under RSTP as edge ports. Enable the option to bpdu-block-on-edge.

Verify Loop Protection

Log in to the applicable devices to verify spanning tree is working and there are no blocked ports. Check on the distribution and access switches. We are only showing the outputs from Access 1.

  1. Show the details for the spanning tree interfaces.

  2. Show the details of the spanning tree bridge.

    The outputs show Access 1 is forwarding on all ports and is a root bridge. There are no blocked ports.