Firstly, QFX5100 series doesn’t support EVPN-VXLAN inter-VXLAN routing, so I practice all IRB related topics on vMX devices. vQFXs acts as a simple L2 EVPN gateways. This post continues the EVPN-VXLAN lab from the previous ones. Full vMX IRB interfaces configuration: alex@vMX1# show interfaces irb unit 100 { proxy-macip-advertisement; family inet { address 172.16.0.251/24 { virtual-gateway-address 172.16.0.254; } } …
This post continues the EVPN-VXLAN lab from the previous one. For now I configured the simplest possible variant of RT assignment – one vrf-target for all ES and VNI routes (vrf-target target:65000:1): alex@vQFX1# show switch-options service-id 1; vtep-source-interface lo0.0; route-distinguisher 11.11.11.11:1; vrf-target target:65000:1; ### This RT applies to ALL EVPN routes alex@vMX1# show routing-instances evpn { vtep-source-interface lo0.0; instance-type virtual-switch; interface ge-0/0/4.0; interface ae0.0; route-distinguisher 1.1.1.1:1; …
My EVPN-VXLAN lab topology: There is IP Fabric in DC1 (2 vMX and 2 vQFX), and 2 vMX_v14 to emulate CE devices. Each CE device connected to EVPN via LACP LAG ae0 (EVPN Active-Active ethernet segment on service side). vMX_old-1 also has sigle-homed interface ge-0/0/4 (just to show you the difference). Each CE device split into two logical systems for more convenient testing of routing functionality (global device context for Vlan100 and logical-system second for Vlan200). You could also use…
For simplified Layer 3 gateway services, where Layer 3 routing protocols are not run on the MC-LAG peers, you simply configure the same Layer 3 gateway IP address on both MC-LAG peers and enable IRB MAC address synchronization. This IP address is used as the default gateway for the MC-LAG servers or hosts. For more advanced Layer 3 gateway services, where Layer 3 routing protocols and Layer 3 multicast operations are required on the MC-LAG peers, you configure unique IRB…
My topology for MC-LAG practice: I already configured IP fabric between vQFX and vMX nodes using EBGP (to save space, I show the configuration for only one device – the rest are configured the same way): alex@vMX1> show configuration protocols bgp group underlay type external; export direct; local-as 65001; multipath multiple-as; neighbor 192.168.0.1 { ###vQFX1 peer-as 65011; } neighbor 192.168.0.3 { ###vQFX2 peer-as 65022; } alex@vMX1> show configuration policy-options policy-statement direct term…
So I think I’m done with theory, and now it’s time to practice some of the most important topics – firstly MC-LAG and EVPN. Unfortunately I don’t have access to real QFX5100 gear, so I’m using vMX and vQFX virtual appliances. I built my lab in GNS3 using my home PC with 4-core CPU and 32 GB of RAM. I’m using vMX v17 (v16 doesn’t support all required EVPN functionality), vQFX v15; and also vMX v14 in CE and MPLS PE…
For full configuration eample of EVPN-VXLAN to EVPN-MPLS stitching refer to MX Layer 2 VPNs Feature Guide, Chapter 28. First of all, you need to configure Logical Tunnel (lt-) interface for traffic between EVPN-VXLAN and EVPN-MPLS instances: interfaces lt-1/0/10 { esi { 36:36:36:36:36:36:36:36:36:36; all-active; } unit 3 { encapsulation ethernet-bridge; peer-unit 4; family bridge { …
Four Data Center InterConnect (DCI) options for EVPN-VXLAN service are described in detail in the Advanced Data Center Switching (ADCX) course materials. These options are: EVPN-VXLAN session over L3VPN-MPLS service; EVPN-VXLAN to EVPN-MPLS stitching; EVPN-VXLAN to EVPN-VXLAN stitching; EVPN-VXLAN session over dark fiber. First and last options are not so interesting – simple EVPN-VXLAN session between DC devices over direct IP connectivity or via L3VPN service. Basic L3VPN/MPLS stuff. But EVPN stitching is a slightly different story. Resembles Inter-AS VRF Option-A….
First note – QFX5100 series doesn’t support EVPN-VXLAN inter-VXLAN routing, and doesn’t support EVPN-MPLS at all. So all information in this post applicable only to MX devices. For EVPN-MPLS there is two types of IRB implementation: configuration of same MAC address on every IRB interface; default gateway MAC synchronization using EVPN default-gateway community. In EVPN-MPLS it is expected, that if IRB functionality necessary for this L2 domain, then IRB interfaces should be configured on every participating PE router. …
The general route target configured under vrf-target will be used by type 1 EVPN routes: MX: set routing-instances VS_VLAN100 vrf-target target:1:100 QFX: set switch-options vrf-target target:65000:2 If you configure vrf-target auto, then type 2 and type 3 EVPN routes will use the auto-derived per-VNI route target for export and import. Community numbers based on autonomous system number defined in routing-options stanza. MX: set routing-instances VS_VLAN100 switch-options vrf-target auto QFX: set switch-options vrf-target auto If you prefer…