Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Implementing EVPN-VXLAN for Data Centers

Although there are various Data center interconnect (DCI) technologies available, EVPN has an added advantage over other MPLS technologies because of its unique features, such as active/active redundancy, aliasing, and mass MAC withdrawal. To provide a DCI solution, VXLAN is integrated with EVPN.

There are different options for using EVPN-VXLAN with DCI:

  • DCI can connect multiple data centers in your WAN using MX Series edge routers with a Layer 3 VPN MPLS network between them. QFX10000 switches start and stop the VXLAN tunnel. This option requires no changes to your WAN.

    Figure 1: DCI Option: Layer 3 VPN-MPLSDCI Option: Layer 3 VPN-MPLS

  • A second option connects multiple data centers in your WAN using either MX Series edge routers or supported QFX Series switches with an EVPN-MPLS network between them. This option uses an EVPN control plane and an MPLS data plane and requires changes to your WAN. You must change your LAN architecture to natively support EVPN, and you must implement EVPN stitching between each MX router/QFX Series switch and the corresponding QFX10000 switch. For details about releases where QFX Series switches are supported, see https://pathfinder.juniper.net/feature-explorer and then search on EVPN.

    Figure 2: DCI Option: EVPN-MPLSDCI Option: EVPN-MPLS

  • You can also tunnel two branch locations across the Internet. In this case, implementation requires neither a traditional WAN nor MPLS. This method can use the Internet or an IP tunnel, where VXLAN rides on top of IP and EVPN is used throughout.

    Figure 3: DCI Option: EVPN-VXLAN over the InternetDCI Option: EVPN-VXLAN over the Internet

  • If you do not have a branch router or a peering router, you can simply connect the data centers directly and EVPN is again used natively throughout. This implementation requires neither a traditional WAN nor MPLS, but you typically need a dark fiber connection.

    Figure 4: DCI Option: Layer 3 VPN-MPLS Direct ConnectionDCI Option: Layer 3 VPN-MPLS Direct Connection

You can alternately create an EVPN-VXLAN fabric internally in the data center using bare-metal servers and/or virtual servers and using OpenClos for management. Here you also use VXLAN L2 gateways and L3 gateways on switches such as a QFX10000 switch. The underlying fabric is built on BGP.

EVPN-VXLAN uses both routers and switches—the configurations are the same for both devices but they are located in different areas of the Junos OS CLI. MX Series routers are configured under a routing instance with the instance type virtual switch. QFX Series switches are configured under global switching-options and global protocol evpn. See Table 1 for a list of CLI commands used by EVPN-VXLAN.

Table 1: CLI Commands for EVPN-VXLAN

Function

CLI Command

Specifies an identifier attached to a route. This enables you to distinguish to which VPN or VPLS the route belongs. Each routing instance must have a unique route distinguisher (RD) associated with it. The RD is used to place bounds around a VPN so that the same IP address prefixes can be used in different VPNs without having them overlap.

route-distinguisher

Specifies a VRF target community. In effect, this statement configures a single policy for import and a single policy for export to replace the per-VRF policies for every community. The options import and export apply to both routers and QFX Series switches. The option auto applies to QFX Series switches only.

vrf-target

Specifies how routes are imported into the VRF table of the local PE router or switch from the remote PE router.

vrf-import

Specifies how routes are exported from the local PE router’s VRF table to the remote PE router.

vrf-export

A designated forwarder (DF) is required when CEs are multihomed to more than one PE. Without a designated forwarder, multihomed hosts would receive duplicate packets. Designated forwarders are chosen for an Ethernet segment identifier (ESI) based on type-4 route advertisements.

designated-forwarder-election-hold-time

Configures a logical link-layer encapsulation type.

encapsulation

Establishes which VXLAN virtual network identifiers (VNIs) will be part of the EVPN-VXLAN MP-BGP domain. There are different BUM replication options available in EVPN—using extended-vni-list forgoes a multicast underlay in favor of EVPN-VXLAN ingress replication.

extended-vni-list

You configure different route targets (RTs) for each VNI instance under vni-options.

vni-options (QFX Series switches only)

Displays both imported EVPN routes and export/import EVPN routes for the default switch routing instances.

show route table

Displays results of the configuration commands extended-vni-list and vni-options.

show configuration protocols evpn

Related Documentation