Zach Gibbs, Content Developer, Juniper Networks

Configuring MAC VRF – Isolated Tenants External Interconnect Route Leaking

Learning Bytes Data Center
Zach Gibbs Headshot
The still image is a screenshot of the MAC VRF configuration process on a desktop computer. It’s a black computer screen with white code from top to bottom.

Just 15 minutes to a MAC VRF configuration

In this 15-minute demo video presented by Juniper’s Zach Gibbs, you’ll learn how to configure MAC virtual routing and forwarding (VRF) Layer 2 and Layer 3 isolated tenants with an external interconnect and route leaking in the data center. If you’re already familiar with data center technologies, this video will be helpful. Also, be sure to check out the companion video to this one on verifying MAC VRF isolated tenants external interconnect route leaking. 

Show more

You’ll learn

  • An example of the topology and devices used in the MAC VRF configuration 

  • The benefit of configuring MAC VRF with route leaking 

Who is this for?

Network Professionals Business Leaders


Zach Gibbs Headshot
Zach Gibbs
Content Developer, Juniper Networks


0:00 [Music]

0:09 thank you

0:11 hello my name is Zach Gibbs and I'm a

0:14 Content developer within Education

0:16 Services inside Juniper Networks

0:20 and today we will be going through the

0:22 configuring macverf isolated tenants

0:25 external interconnect route leaking

0:28 learning byte

0:30 all right so here is our topology and we

0:34 have a few devices that I want to talk

0:36 about we have spine one spine two Leaf

0:39 one leaf two the Gateway router and host

0:42 one and host 3. now the spines and

0:45 leaves are obviously part of the IP

0:48 Fabric in the data center and we already

0:51 have vxlan configured and things like

0:55 that and we also have the Mac verbs

0:59 configured as well I've also

1:01 pre-configured some of the other verbs

1:03 as well but what I want to point out

1:06 here is I want to point out first the

1:09 V10 VR and this is going to be

1:12 connecting with the V10 berf so the V10

1:16 verf is a Mac Verve and it's going to be

1:18 connecting into the V10 VR which is a

1:21 Virtual Router routing instance type and

1:24 the rb10 interface which is the default

1:26 gateway for host one is going to be in

1:28 that V10 VR Virtual Router

1:31 and then we have the v20 T5 verf which

1:36 is a standard verf and it'll have the

1:39 irb20 interface which is the default

1:42 gateway for host 3. and host one just

1:44 real quick host one's using VLAN V10 IP

1:47 address and vni 520

1:52 which might seem a little strange if

1:54 you've gone through my other learning

1:55 bytes with macver but I'll explain that

1:57 a little bit and then we have VLAN v20

2:00 for host 3 IP address and also

2:03 vni 5020 and so something else I do want

2:08 to point out is we have this common T5

2:10 uh verf which is going to be a standard

2:13 verf that the v20 T5 verf connects into

2:17 okay so what is going on here so what's

2:20 going to happen here is this is

2:23 beneficial if well first let me start by

2:25 saying if we were to configure T5 verse

2:29 for the V10 verf and the v20 verf leaf 2

2:34 would need a one-to-one mapping as far

2:36 as T5 verbs what we're getting away with

2:39 here is we're only configuring one

2:41 common T5 Verve and so that reduces the

2:44 amount of configuration you need to do

2:46 instead of having a V10 uh verf that or

2:50 type 5 verb that it connects into a type

2:53 5 V10 verf over here and then a v20 T5

2:56 Earth that connects into a v20 T5 Verve

2:58 over here on leaf 2. we don't have to do

3:01 that we only need one T5 verf

3:04 on Leaf two so that's going to save us a

3:06 lot of time especially if you're

3:07 configuring lots of T5 verbs yeah and so

3:11 what happens here what happens is we

3:13 have

3:14 first of all we have the v25 Verve that

3:17 connects into the common T5 verf on leaf

3:19 2. and that's just your normal

3:22 connection there with T5 verbs but what

3:26 we're doing here that's a little special

3:27 is the V10 VR what's going on there is

3:30 traffic from host one is being that is

3:33 destined to something outside that

3:35 subnet is going into the V10 VR

3:38 and then through route leaking we're

3:41 sending that traffic to the v20 T5 verf

3:44 which then can make it out to Leaf 2 in

3:48 the common T5 verf and then from there

3:49 it can go to the Gateway router and then

3:51 to the internet

3:52 and communication can happen there

3:55 and another benefit of this and

3:58 depending on what you're trying to do it

4:00 might not be a benefit but it's

4:01 something to be aware of is by doing

4:03 this host one can reach host three but

4:07 it doesn't need to go to the Gateway

4:08 router to do so and that's going to be

4:10 we're going to see that through the

4:12 route leaking and whatnot so just keep

4:13 that in mind that that might be a good

4:16 thing might be a bad thing depending on

4:18 what you're trying to do okay so with

4:19 that being said let's go ahead and jump

4:21 to the CLI of leaf one and leaf 2 and

4:23 get this going

4:25 all right so here is the CLI of leaf one

4:29 and let's go ahead and jump into routing

4:31 instances and we'll go to V10 VR and we

4:35 have a little bit pre-configured here

4:36 have instance type Virtual Router have

4:38 the interface rb.10 already placed in

4:40 there but we need to uh get the route

4:43 leaking going and so let's go to routing

4:45 options and then rib group I mean

4:49 interface routes with group

4:52 if I could type there we go rev group

4:53 right we go to there then we can set

4:57 inet

4:59 and we'll just call this group one we

5:00 could call it anything we want and the

5:02 whole idea here is that what we're going

5:04 to do is we're going to use this regroup

5:06 that will will configure next taking the

5:08 route of the I IRB 10 subnet that would

5:11 be the

5:12 subnet and putting that in

5:15 the v20 T5 inet.0 table and then so

5:20 let's go ahead and set the routing

5:22 options and we have to do this in the

5:24 main routing instance

5:25 rip groups I'll call this group one

5:29 set up our import rib and that's going

5:32 to be V10

5:33 underscore

5:35 vr.inet.0 and then that's going to go to

5:38 the 20 underscore

5:40 t5.inet.0 and that will allow for the

5:43 route linking of the interface routes

5:45 which we're primarily concerned with

5:46 that IRB interface we want to get the

5:49 subnet associated with irb.10 into the

5:52 v20 dot or excuse me the v20 underscore

5:56 t5.inet.0 routing instance or a routing

5:59 table that is okay so we're still under

6:01 go up a little bit we're still under

6:03 routing Options under the V10 VR routing

6:05 instance now we have to configure a

6:07 static route and so static default route

6:10 and what we're going to say here is next

6:12 table the 20 underscore

6:15 t5.inet.0 so what we're saying here is

6:18 we're going to configure a default route

6:19 for any traffic that comes in you know

6:21 any unknown traffic or so traffic

6:23 outside the local subnet for the V10

6:27 vlab we're going to send that to the

6:31 v20t5.inet.0 route table and that should

6:35 be all we need to do there so we're good

6:37 configuring that Virtual Router and then

6:39 let's go up to the

6:42 v20 T5 Virtual Router or not Virtual

6:46 Router excuse me verf and we need to

6:48 configure the evpn protocol there now

6:50 we've configured a few things here the

6:52 instance type interface rb20 the route

6:54 distinguisher needs to be unique and the

6:56 vrf Target or route Target that needs to

6:59 match with the common T5 Verve on Leaf

7:03 2. so that's already been pre-configured

7:04 to save some time and we'll set

7:06 protocols

7:08 uh evpn IP prefix routes advertise

7:13 direct next top and then we need to say

7:15 encapsulation vxlan vni this needs to

7:19 match remember that the V and I we're

7:20 using here is 2020. so this will need to

7:23 match on Leaf 2 as well and then we need

7:25 to set an export we're going to say v20

7:28 T5 and that's already been

7:30 pre-configured to save some time

7:32 and so you can see our configuration

7:34 here everything looks good and so then

7:36 let's look at that that policy and we'll

7:40 say what is that v20 T5 you can see here

7:43 what we're doing here is we're sending

7:45 those two routes that represent the

7:48 subnets of host one and host 3 or Irv 10

7:52 and IRB 20 respectively and we're

7:55 sending that along now you might ask

7:57 yourself how are we getting the subnet

8:01 for host one which is the 24.

8:05 in this route table for v20 T5 how are

8:09 we doing that and recall that is from

8:10 that rib group that we configured with

8:13 the V10

8:14 VR routing instance we configured a rib

8:17 group here to say hey take my interface

8:20 routes and put that into the v20 T5

8:24 routing instance or routing table that

8:26 inet.0 routing table for that routing

8:29 instance and so that's how that's

8:30 getting there and so now that we have

8:32 the export policy we set up v20 T5 we

8:35 can advertise that to Leaf two so let's

8:39 go ahead and commit the configuration

8:40 see if I'm missing something here

8:43 and commits just fine that's great so

8:45 let's go ahead and jump to Leaf too

8:47 alright so here is the CLI for leaf2

8:49 let's first go into the routing

8:51 instances call this common underscore T5

8:55 and you see here nothing is configured

8:57 so we need to fully configure this we'll

8:59 set uh the instance type to

9:03 birth uh then we'll say a route

9:06 extinguisher this needs to be unique of

9:08 course we're going to base this off the

9:09 loopback address of leaf two and then we

9:12 need to set the set the route Target

9:16 excuse me the yeah the route Target was

9:19 the vrf target command say Target colon

9:22 one two three colon 20. recall this

9:24 needs to match what was what we have for

9:26 the v20 T5 verf on Leaf one

9:29 and so there's important matches and

9:31 then when you set the protocols evpn

9:33 this is going to be very similar to what

9:35 we just configured on Leaf one advertise

9:37 direct next hop encapsulation vxlan uh V

9:41 and I of course needs to match and then

9:43 the export now this export T5 what we're

9:48 doing here is we're taking the default

9:50 route that we're getting from the

9:51 Gateway router and setting that to Leaf

9:54 one and that'll attract any unknown

9:56 Destin or traffic that's for destined

9:59 for unknown destinations that'll Attract

10:02 it towards leaf2 which will then send it

10:05 to the Gateway router because we're

10:06 getting a default route from that

10:07 Gateway router and we can look at that

10:09 policy real quick

10:11 and you can see it's just grabbing a

10:12 default route and exporting it so it'll

10:14 take that default route and Export it as

10:17 a T5 evpn route okay so cool that's done

10:21 so let's we need to go to

10:23 the routing options here in the main

10:26 routing instance and we need to

10:28 configure some static routes because we

10:30 need to be able to tell

10:34 any return traffic how to get to host

10:36 one and host 3. and so we'll configure

10:39 static route for those subnets

10:42 1.1.0 24 and next table

10:47 common underscore T5 Dot inet.0 and then

10:52 we'll do the same thing for the host

10:54 three subnet

10:56 and of course this is for the return

10:57 traffic say host one ping something like

11:00 well when responds it's

11:05 going to make it to Leaf two which then

11:08 needs to know how to get to

11:12 which is host one and it'll look

11:15 at the route table see the static route

11:16 says use common

11:19 t5.inet.0 and send it along to Leaf one

11:21 now why is that route there recall that

11:23 on Leaf one we created an export policy

11:26 that sends that traffic or sends those

11:29 routes to Leaf two and recall we use

11:32 route leaking to get host one subnet

11:35 into the v20 T5 verf on Leaf one so a

11:42 little complicated but uh that's how it

11:45 works okay so now we need to configure

11:46 the rib group

11:48 and we'll just call this group one for

11:50 lack of imagination on my part and then

11:53 configure the import rib we'll say

11:54 inet.0 to Common underscore T5 Dot

11:59 inet.0 and why do we need to do this

12:02 well we need to do this because that

12:05 default route that is being sent from

12:07 the Gateway router is making it into the

12:09 inet.0 table well we need to get that

12:11 default route into the common

12:15 t5.inet.0 table so then that default

12:18 route can be exported as a type 5 evpn

12:21 route towards Leaf one and so just keep

12:25 in mind that's how that's working there

12:26 and then let's go to protocols uh bgp

12:29 group Gateway router and have a look at

12:31 things there do you need to configure a

12:33 little bit here this is all set up we've

12:35 got an export policy it looks good we'll

12:37 look at that export policy here in just

12:38 a moment but we need to set or apply

12:42 that rib group we just created since we

12:44 will be getting that route through bgp

12:45 as we'll say set family inet unicast rib

12:51 group and specify group one

12:54 and so we're good there and let's take a

12:56 quick look at that policy statement

13:00 and we can see here what this is doing

13:02 here is this is taking the routes for

13:05 24 host one and host three

13:09 subnets and sending that to the Gateway

13:12 router now how is leaf2 getting those

13:15 routes in the main routing instance

13:17 we'll recall we configured some static

13:20 routes

13:23 and those static routes are now in or

13:26 will be once we commit the configuration

13:28 they will be in the main routing

13:30 instance in the inet.0 route table and

13:33 so that's how those are making it

13:34 towards the Gateway router and so let's

13:37 go ahead and commit the configuration

13:39 and unless I forgot something this

13:41 should commit just fine and now the

13:43 configuration is complete for this

13:46 learning byte

13:48 so that does bring us to the end of this

13:50 learning byte in this learning bite we

13:51 demonstrate how to configure isolated

13:52 tents within external interconnect and

13:54 Route leaking with macverf in a data

13:57 center so as always thanks for watching

14:00 visit the Juniper Education Services

14:03 website to learn more about courses

14:06 if you are full range of classroom

14:08 online and e-learning courses learning

14:12 paths industry segment and

14:14 technology-specific training paths

14:17 Juniper Networks certification program

14:19 the ultimate demonstration of your

14:22 competence and the training Community

14:24 from forums to social media join the

14:27 discussion

Show more