Configuring MAC VRF – Isolated Tenants External Interconnect Route Leaking

0:00 [Music]

0:09 thank you

0:11 hello my name is Zach Gibbs and I'm a

0:14 Content developer within Education

0:16 Services inside Juniper Networks

0:20 and today we will be going through the

0:22 configuring macverf isolated tenants

0:25 external interconnect route leaking

0:28 learning byte

0:30 all right so here is our topology and we

0:34 have a few devices that I want to talk

0:36 about we have spine one spine two Leaf

0:39 one leaf two the Gateway router and host

0:42 one and host 3. now the spines and

0:45 leaves are obviously part of the IP

0:48 Fabric in the data center and we already

0:51 have vxlan configured and things like

0:55 that and we also have the Mac verbs

0:59 configured as well I've also

1:01 pre-configured some of the other verbs

1:03 as well but what I want to point out

1:06 here is I want to point out first the

1:09 V10 VR and this is going to be

1:12 connecting with the V10 berf so the V10

1:16 verf is a Mac Verve and it's going to be

1:18 connecting into the V10 VR which is a

1:21 Virtual Router routing instance type and

1:24 the rb10 interface which is the default

1:26 gateway for host one is going to be in

1:28 that V10 VR Virtual Router

1:31 and then we have the v20 T5 verf which

1:36 is a standard verf and it'll have the

1:39 irb20 interface which is the default

1:42 gateway for host 3. and host one just

1:44 real quick host one's using VLAN V10 IP

1:47 address 10.1.1.1 and vni 520

1:52 which might seem a little strange if

1:54 you've gone through my other learning

1:55 bytes with macver but I'll explain that

1:57 a little bit and then we have VLAN v20

2:00 for host 3 IP address 10.1.2.3 and also

2:03 vni 5020 and so something else I do want

2:08 to point out is we have this common T5

2:10 uh verf which is going to be a standard

2:13 verf that the v20 T5 verf connects into

2:17 okay so what is going on here so what's

2:20 going to happen here is this is

2:23 beneficial if well first let me start by

2:25 saying if we were to configure T5 verse

2:29 for the V10 verf and the v20 verf leaf 2

2:34 would need a one-to-one mapping as far

2:36 as T5 verbs what we're getting away with

2:39 here is we're only configuring one

2:41 common T5 Verve and so that reduces the

2:44 amount of configuration you need to do

2:46 instead of having a V10 uh verf that or

2:50 type 5 verb that it connects into a type

2:53 5 V10 verf over here and then a v20 T5

2:56 Earth that connects into a v20 T5 Verve

2:58 over here on leaf 2. we don't have to do

3:01 that we only need one T5 verf

3:04 on Leaf two so that's going to save us a

3:06 lot of time especially if you're

3:07 configuring lots of T5 verbs yeah and so

3:11 what happens here what happens is we

3:13 have

3:14 first of all we have the v25 Verve that

3:17 connects into the common T5 verf on leaf

3:19 2. and that's just your normal

3:22 connection there with T5 verbs but what

3:26 we're doing here that's a little special

3:27 is the V10 VR what's going on there is

3:30 traffic from host one is being that is

3:33 destined to something outside that

3:35 subnet is going into the V10 VR

3:38 and then through route leaking we're

3:41 sending that traffic to the v20 T5 verf

3:44 which then can make it out to Leaf 2 in

3:48 the common T5 verf and then from there

3:49 it can go to the Gateway router and then

3:51 to the internet

3:52 and communication can happen there

3:55 and another benefit of this and

3:58 depending on what you're trying to do it

4:00 might not be a benefit but it's

4:01 something to be aware of is by doing

4:03 this host one can reach host three but

4:07 it doesn't need to go to the Gateway

4:08 router to do so and that's going to be

4:10 we're going to see that through the

4:12 route leaking and whatnot so just keep

4:13 that in mind that that might be a good

4:16 thing might be a bad thing depending on

4:18 what you're trying to do okay so with

4:19 that being said let's go ahead and jump

4:21 to the CLI of leaf one and leaf 2 and

4:23 get this going

4:25 all right so here is the CLI of leaf one

4:29 and let's go ahead and jump into routing

4:31 instances and we'll go to V10 VR and we

4:35 have a little bit pre-configured here

4:36 have instance type Virtual Router have

4:38 the interface rb.10 already placed in

4:40 there but we need to uh get the route

4:43 leaking going and so let's go to routing

4:45 options and then rib group I mean

4:49 interface routes with group

4:52 if I could type there we go rev group

4:53 right we go to there then we can set

4:57 inet

4:59 and we'll just call this group one we

5:00 could call it anything we want and the

5:02 whole idea here is that what we're going

5:04 to do is we're going to use this regroup

5:06 that will will configure next taking the

5:08 route of the I IRB 10 subnet that would

5:11 be the

5:12 10.1.1.024 subnet and putting that in

5:15 the v20 T5 inet.0 table and then so

5:20 let's go ahead and set the routing

5:22 options and we have to do this in the

5:24 main routing instance

5:25 rip groups I'll call this group one

5:29 set up our import rib and that's going

5:32 to be V10

5:33 underscore

5:35 vr.inet.0 and then that's going to go to

5:38 the 20 underscore

5:40 t5.inet.0 and that will allow for the

5:43 route linking of the interface routes

5:45 which we're primarily concerned with

5:46 that IRB interface we want to get the

5:49 subnet associated with irb.10 into the

5:52 v20 dot or excuse me the v20 underscore

5:56 t5.inet.0 routing instance or a routing

5:59 table that is okay so we're still under

6:01 go up a little bit we're still under

6:03 routing Options under the V10 VR routing

6:05 instance now we have to configure a

6:07 static route and so static default route

6:10 and what we're going to say here is next

6:12 table the 20 underscore

6:15 t5.inet.0 so what we're saying here is

6:18 we're going to configure a default route

6:19 for any traffic that comes in you know

6:21 any unknown traffic or so traffic

6:23 outside the local subnet for the V10

6:27 vlab we're going to send that to the

6:31 v20t5.inet.0 route table and that should

6:35 be all we need to do there so we're good

6:37 configuring that Virtual Router and then

6:39 let's go up to the

6:42 v20 T5 Virtual Router or not Virtual

6:46 Router excuse me verf and we need to

6:48 configure the evpn protocol there now

6:50 we've configured a few things here the

6:52 instance type interface rb20 the route

6:54 distinguisher needs to be unique and the

6:56 vrf Target or route Target that needs to

6:59 match with the common T5 Verve on Leaf

7:03 2. so that's already been pre-configured

7:04 to save some time and we'll set

7:06 protocols

7:08 uh evpn IP prefix routes advertise

7:13 direct next top and then we need to say

7:15 encapsulation vxlan vni this needs to

7:19 match remember that the V and I we're

7:20 using here is 2020. so this will need to

7:23 match on Leaf 2 as well and then we need

7:25 to set an export we're going to say v20

7:28 T5 and that's already been

7:30 pre-configured to save some time

7:32 and so you can see our configuration

7:34 here everything looks good and so then

7:36 let's look at that that policy and we'll

7:40 say what is that v20 T5 you can see here

7:43 what we're doing here is we're sending

7:45 those two routes that represent the

7:48 subnets of host one and host 3 or Irv 10

7:52 and IRB 20 respectively and we're

7:55 sending that along now you might ask

7:57 yourself how are we getting the subnet

8:01 for host one which is the 10.1.1.0 24.

8:05 in this route table for v20 T5 how are

8:09 we doing that and recall that is from

8:10 that rib group that we configured with

8:13 the V10

8:14 VR routing instance we configured a rib

8:17 group here to say hey take my interface

8:20 routes and put that into the v20 T5

8:24 routing instance or routing table that

8:26 inet.0 routing table for that routing

8:29 instance and so that's how that's

8:30 getting there and so now that we have

8:32 the export policy we set up v20 T5 we

8:35 can advertise that to Leaf two so let's

8:39 go ahead and commit the configuration

8:40 see if I'm missing something here

8:43 and commits just fine that's great so

8:45 let's go ahead and jump to Leaf too

8:47 alright so here is the CLI for leaf2

8:49 let's first go into the routing

8:51 instances call this common underscore T5

8:55 and you see here nothing is configured

8:57 so we need to fully configure this we'll

8:59 set uh the instance type to

9:03 birth uh then we'll say a route

9:06 extinguisher this needs to be unique of

9:08 course we're going to base this off the

9:09 loopback address of leaf two and then we

9:12 need to set the set the route Target

9:16 excuse me the yeah the route Target was

9:19 the vrf target command say Target colon

9:22 one two three colon 20. recall this

9:24 needs to match what was what we have for

9:26 the v20 T5 verf on Leaf one

9:29 and so there's important matches and

9:31 then when you set the protocols evpn

9:33 this is going to be very similar to what

9:35 we just configured on Leaf one advertise

9:37 direct next hop encapsulation vxlan uh V

9:41 and I of course needs to match and then

9:43 the export now this export T5 what we're

9:48 doing here is we're taking the default

9:50 route that we're getting from the

9:51 Gateway router and setting that to Leaf

9:54 one and that'll attract any unknown

9:56 Destin or traffic that's for destined

9:59 for unknown destinations that'll Attract

10:02 it towards leaf2 which will then send it

10:05 to the Gateway router because we're

10:06 getting a default route from that

10:07 Gateway router and we can look at that

10:09 policy real quick

10:11 and you can see it's just grabbing a

10:12 default route and exporting it so it'll

10:14 take that default route and Export it as

10:17 a T5 evpn route okay so cool that's done

10:21 so let's we need to go to

10:23 the routing options here in the main

10:26 routing instance and we need to

10:28 configure some static routes because we

10:30 need to be able to tell

10:34 any return traffic how to get to host

10:36 one and host 3. and so we'll configure

10:39 static route for those subnets

10:42 1.1.0 24 and next table

10:47 common underscore T5 Dot inet.0 and then

10:52 we'll do the same thing for the host

10:54 three subnet

10:56 and of course this is for the return

10:57 traffic say host one ping something like

11:00 8.8.8.8 well when 8.8.8.8 responds it's

11:05 going to make it to Leaf two which then

11:08 needs to know how to get to

11:12 1.1.1.1 which is host one and it'll look

11:15 at the route table see the static route

11:16 says use common

11:19 t5.inet.0 and send it along to Leaf one

11:21 now why is that route there recall that

11:23 on Leaf one we created an export policy

11:26 that sends that traffic or sends those

11:29 routes to Leaf two and recall we use

11:32 route leaking to get host one subnet

11:35 into the v20 T5 verf on Leaf one so a

11:42 little complicated but uh that's how it

11:45 works okay so now we need to configure

11:46 the rib group

11:48 and we'll just call this group one for

11:50 lack of imagination on my part and then

11:53 configure the import rib we'll say

11:54 inet.0 to Common underscore T5 Dot

11:59 inet.0 and why do we need to do this

12:02 well we need to do this because that

12:05 default route that is being sent from

12:07 the Gateway router is making it into the

12:09 inet.0 table well we need to get that

12:11 default route into the common

12:15 t5.inet.0 table so then that default

12:18 route can be exported as a type 5 evpn

12:21 route towards Leaf one and so just keep

12:25 in mind that's how that's working there

12:26 and then let's go to protocols uh bgp

12:29 group Gateway router and have a look at

12:31 things there do you need to configure a

12:33 little bit here this is all set up we've

12:35 got an export policy it looks good we'll

12:37 look at that export policy here in just

12:38 a moment but we need to set or apply

12:42 that rib group we just created since we

12:44 will be getting that route through bgp

12:45 as we'll say set family inet unicast rib

12:51 group and specify group one

12:54 and so we're good there and let's take a

12:56 quick look at that policy statement

13:00 and we can see here what this is doing

13:02 here is this is taking the routes for

13:05 10.1.1.024.2 24 host one and host three

13:09 subnets and sending that to the Gateway

13:12 router now how is leaf2 getting those

13:15 routes in the main routing instance

13:17 we'll recall we configured some static

13:20 routes

13:23 and those static routes are now in or

13:26 will be once we commit the configuration

13:28 they will be in the main routing

13:30 instance in the inet.0 route table and

13:33 so that's how those are making it

13:34 towards the Gateway router and so let's

13:37 go ahead and commit the configuration

13:39 and unless I forgot something this

13:41 should commit just fine and now the

13:43 configuration is complete for this

13:46 learning byte

13:48 so that does bring us to the end of this

13:50 learning byte in this learning bite we

13:51 demonstrate how to configure isolated

13:52 tents within external interconnect and

13:54 Route leaking with macverf in a data

13:57 center so as always thanks for watching

14:00 visit the Juniper Education Services

14:03 website to learn more about courses

14:06 if you are full range of classroom

14:08 online and e-learning courses learning

14:12 paths industry segment and

14:14 technology-specific training paths

14:17 Juniper Networks certification program

14:19 the ultimate demonstration of your

14:22 competence and the training Community

14:24 from forums to social media join the

14:27 discussion