MX EVPN-VXLAN basic config
Basic config for EVPN-VXLAN service on Juniper MX.
Important BGP configuration statements:
set protocols bgp group EVPN_VXLAN family evpn signaling
set protocols bgp group EVPN_VXLAN multipath
set protocols bgp group EVPN_VXLAN multipath
Routing instance configuration:
VS_VLAN100 {
vtep-source-interface lo0.0;
instance-type virtual-switch;
route-distinguisher 1.255.255.0:100;
vrf-import VS_VLAN100_IMP;
vrf-target target:1:100;
protocols {
evpn {
encapsulation vxlan;
extended-vni-list 1100;
multicast-mode ingress-replication;
}
}
bridge-domains {
bd1100 {
vlan-id 100;
routing-interface irb.1100;
vxlan {
vni 1100;
ingress-node-replication;
}
}
}
}
vtep-source-interface lo0.0;
instance-type virtual-switch;
route-distinguisher 1.255.255.0:100;
vrf-import VS_VLAN100_IMP;
vrf-target target:1:100;
protocols {
evpn {
encapsulation vxlan;
extended-vni-list 1100;
multicast-mode ingress-replication;
}
}
bridge-domains {
bd1100 {
vlan-id 100;
routing-interface irb.1100;
vxlan {
vni 1100;
ingress-node-replication;
}
}
}
}
NOTE: Only Vlan-Aware configuration style is supported for EVPN-VXLAN.
Pay attention to vtep-source-interface, extended-vni-list and vrf-import configuration statements.
Policy and community configuration:
policy-statement VS_VLAN100_IMP {
term ESI {
from community comm-leaf_esi;
then accept;
}
term VS_VLAN100 {
from community comm-VS_VLAN100;
then accept;
}
}
community comm-VS_VLAN100 members target:1:100;
community comm-leaf_esi members target:9999:9999;
term ESI {
from community comm-leaf_esi;
then accept;
}
term VS_VLAN100 {
from community comm-VS_VLAN100;
then accept;
}
}
community comm-VS_VLAN100 members target:1:100;
community comm-leaf_esi members target:9999:9999;
This policy allows to import all routes with default ESI community (comm-leaf_esi target:9999:9999), as well as routes with community specific for this virtual-switch (comm-VS_VLAN100 target:1:100).
I plan to write separate post later about route-target community assignments (automatic vs manual route-target), this is pretty intricate topic.
Some useful show commands:
show bridge mac-table instance VS_VLAN100
show route forwarding-table family bridge vpn VS_VLAN100
show l2-learning vxlan-tunnel-end-point remote
show l2-learning vxlan-tunnel-end-point esi
ping overlay tunnel-src 100.0.0.23 tunnel-dst 100.0.0.21 mac deadbee10010
show route table :vxlan.inet.0
traceroute overlay tunnel-src 100.0.0.23 tunnel-dst 100.0.0.21 mac deadbee10010
show route forwarding-table family bridge vpn VS_VLAN100
show l2-learning vxlan-tunnel-end-point remote
show l2-learning vxlan-tunnel-end-point esi
ping overlay tunnel-src 100.0.0.23 tunnel-dst 100.0.0.21 mac deadbee10010
show route table :vxlan.inet.0
traceroute overlay tunnel-src 100.0.0.23 tunnel-dst 100.0.0.21 mac deadbee10010
3 thoughts on “MX EVPN-VXLAN basic config”
Hi, which kind of release did you use for vMX?
I’m currently using the vMX 14.1R1.10 and I’m not able to set the multicast mode ingress replication into evpn vxlan of the virtual switch routing-instance.
Thanks
I’m used vMX v17 for EVPN PE role because vMX v14 doesn’t support EVPN-VXLAN. More info here: http://jncie.tech/2017/07/28/my-jncie-dc-virtual-lab/
can you also add the config for type 5 routes?