SlideShare uma empresa Scribd logo
EVPN Introduction
• Nurul Islam Roman, Optus, Australia
What is EVPN?
• Full form is Ethernet VPN
• Carry layer 2 traffic over (Overlay) a Layer 3 network (Underlay)
• In theory EVPN could use any data plane encapsulation method
• MPLS, VXLAN, MPLS-over-GRE/UDP etc
• In practise it is used with MPLS and VXLAN data plane encapsulation
so far.
• So EVPN is a control plane technology and data plane can be MPLS or
VXLAN
Traditional Network
• L2 Segmentation using VLAN
• Multiple VLAN on a switch
• One IP subnet for each VLAN
• SVI/Sub-if to do inter-VLAN routing
Challenges for New Demand
• Dot 1Q encap/Q-in-Q tunnel to
extend VLAN across multiple physical
Switches
• Redundant path is STP block
• Etherchannel to bundle multiple link
• No control plane to learn MAC
• Dataplane support MAC learning
(ARP)
Challenges for New Demand
• Expand L2 network across DC, Sites
or wider geographic region
• Can we extend the trunk link or is
this a practical solution?
• Current infrastructure is a routed
network and proven to be very
stable.
• Can a tunnelling technology address
these challenges?
• MAC address learning- Control Plane
• Data (Frame) forwarding- Data Plane
Do we already have a solution for these?
• Cisco FabricPath
• IETF TRILL (TRansparent
Interconnection of Lots of Links)
• Need a link state routing protocol
• VPWS/VPLS and so on
• BGP base to exchange label
• L2 MAC learning still data plane driven
• No large-scale deployment
VPLS (Martini & Kompella)Model
• Each tenant is represented by a VSI or similar
• Each VSI is an extended bridge domain within a
carrier MPLS network
• Full mesh VC tunnel among VSI
• MP-BGP l2-vpn address family control plane
protocol is to exchange VPN labels only
• Tunnel label and VC label
• MAC address learning is still
Flooding/Forwarding based
• Scaling issue for carrier network for large scale
deployment
• Bandwidth cost limiting the scale
• Need separate control plane protocol for L3
VPN
VPLS (Martini & Kompella)Model- Continue
• L2 and L3 VPN on different address
family
• VPNv4 AFI
• l2VPN AFI
• Client L2 and L3 gateways are not
integrated
• Gateway deployment design introduce
scalability issue for future growth
• Introduce new integrated control plane
protocol EVPN to address these
challenges
Will EVPN be a Replacement of Current L2
VPN Technologies?
• Current Layer 2 VPN technologies experiencing limitations
• VPWS, VPLS has scaling issues for large scale deployment
• Use dataplane forwarding to learn MAC address
• Routing services require separate config which sometime can cause hairpin
routing limitation
• Improved Network Efficiency
• No more data plane traffic to simulate ARP flooding instead use MP-BGP to
exchange MAC address via L3 underlay
• Integrated Layer 2/Layer 3 Functionality introducing IRB
Will EVPN be an Open Standard?
• There are a number of RFC covers EVPN technology
• BGP based widely used EVPN RFC is RFC7432
• A number of vendors started implementing EVPN since the early
stage of the RFC process.
• E.g. draft-ietf-l2vpn-evpn stage
• Juniper QFX, MX and EX product range
• Cisco Nexus product range
• Interoperability among the vendors are still a challenge
VxLAN
VxLAN Data Plane Encapsulation Protocol
• VXLAN - Virtual eXtensible Local Area Network
• VNI - VXLAN Network Identifier
• VXLAN Segment ID 24bit will map to VLAN ID
• VTEP -VXLAN Tunnel End Point
• A device (E.G. a PE) originates and/or terminates
VXLAN tunnels
• VXLAN Segment
• VXLAN Layer 2 overlay network span across VTEP
• VXLAN Gateway
• L2: Forward L2 traffic across same VLANs on VTEP
• L3: Forward L3 traffic between different VLAN on
VTEP
VxLAN Data Plane- Inside VxLAN Header
• 64 bit length
• VNI 24 bit
• I flag bit is set to 1
for valid VNI
• R flag is reserved
and need to be 0
VXLAN End Host Discovery
• Option 1: Flood & Learn
• Similar to VPLS, the original implementation
of VxLAN relies on the data plane flood and
learn discovery scheme.
• Option 2: Separate Control Plane Learning
• To address the scalability concern of flood and
learn discovery, other controller-less control
plane discovery scheme such BGP EVPN and
OVSDB have been defined by IETF
• Other SDN controller-based discovery scheme
such as Cisco APIC or Juniper Contrail is an
example.
EVPN Data Plane Encapsulation Options
MPLS Label for Data Plane Encapsulation
• Probably be a topic for future
bdNOG tutorial/Workshop
BGP EVPN Building Blocks
• EVPN – Ethernet VPN
• EVI -EVPN Instance
• Span customer EVPN across PE devices
• MAC-VRF
• Virtual Routing and Forwarding table for
MAC addresses on a PE
• IP-VRF
• Virtual Routing and Forwarding table for IP
addresses on a PE
• ES -Ethernet Segment
• Multihome customer site via a set of
Ethernet links
• DF –Designated Forwarder
BGP EVPN Building Blocks- Continue
• VTEP -VXLAN Tunnel End Point
• A device (E.G. a PE) originates
and/or terminates VXLAN tunnels
• NVE -Network Virtualization Edges
• Tunnel interface for VTEP
• NVGRE -Network Virtualization
using Generic Routing
Encapsulation
Overlay and Underlay Network
• Underlay
• The underlay is the Layer 3 IP network
that routes encapsulated frame/packet
as normal IP traffic
• Overlay
• An overlay network is a service built on
top of a physical network. It decouples
network services from the underlaying
infrastructure by further encapsulation
of packet/frame inside another packet
BUM Traffic
• Broadcast
• Unknown Unicast
• Multicast
• Two way to facilitate host MAC address
learning
• Flood & learn
• BGP EVPN control plane
BUM Traffic
• Flood and learn is old way
• BGP EVPN is new way
• Facilitate only for known MAC
• BUM traffic steel need a solution
• IP Multicast underlay. L2 VNI mapped to IP
multicast group. VTEP send PIM join/prune
message
• Enable Ingress Replication (IR) or Head-End
Replication (HER). Ingress router build as a flood
list to forward BUM traffic to all remote VTEP
(Recently introduced)
EVPN Service Model
• EVPN service model or deployment scenarios specifies 3 ways VLAN-to-
VNI Mapping can be achieved
1. VLAN-Based Service Interface
2. VLAN Bundle Service Interface / Port-Based Service Interface
3. VLAN-Aware Bundle Service Interface
• Most vendors however, only support option 1 and 3 from the list above
EVPN Service Model
1. VLAN-Based Service Interface
• Has a one-to-one mapping between a VLAN ID on the interface and a MAC-VRF
• EVPN instance consists of only a single broadcast domain.
2. VLAN Bundle Service Interface
• Has a many-to-one mapping between VLANs and a MAC-VRF, and the MAC-VRF consists of a single bridge
table.
• EVPN instance corresponds to multiple broadcast domains
3. VLAN-Aware Bundle Service Interface
• EVPN instance consists of multiple broadcast domains with
• Each VLAN having its own bridge table.
EVPN Route Types
EVPN Route Types 1
• Known as Ethernet Auto-Discovery
Route
• Used for remote VTEP auto discovery
• Used for advertising split-horizon label
• Provides fast convergence through
mass withdrawal
• An Ethernet Tag ID is a 32-bit field
containing either a 12-bit or 24-bit
identifier
• Identifies a particular broadcast domain
for instance VLAN in an EVPN instance.
EVPN Route Types 2
• Known as MAC/IP advertisement route
• Used to provides end-host reachability
information
EVPN Route Types 3
• Known as Inclusive Multicast Ethernet
Tag (IMET) route
• Used to create the distribution list for
ingress replication
• Used to set up paths for BUM traffic
per VLAN per EVI basis
• Used to discover the multicast tunnels
among the endpoints associated with a
given EVI
EVPN Route Types 4
• Known as Ethernet segment Route
• Used for Ethernet Segment auto-
discovery by allowing VNE with the
same ESI to discover each other
• It allows for designated forwarder (DF)
election
EVPN Route Types 5
• Known as IP Prefix Route
• Used to decouple IP Prefix from
MAC/IP route to provide IP prefix
advertisement
Distributed Anycast Gateway
• Gateway is closer to the end-hosts
• Eliminate traffic hair pinning and
unnecessary traffic backhauling to
centralized gateway
• Uses Anycast Gateway MAC (AGM)
address to prevent traffic block-holed
resulting from MAC mobility
Ethernet Segment Identifier (ESI) LAG
• Gateway is closer to the end-hosts
• Eliminate traffic hair pinning and
unnecessary traffic backhauling to
centralized gateway
• Use an Ethernet Segment Identifier to
tag the MAC on local interface
• Uses Anycast Gateway MAC (AGM)
address to prevent traffic block-holed
resulting from MAC mobility
Integrated Routing and Bridging (IRB)
• (IRB) allows the device in an EVPN to
perform both bridging and routing on
single bridge domain.
• Bridge domain performs bridging when
it forwards traffic to the same subnet &
VLAN
• Bridge Domain Interface performs
routing when it forwards traffic to a
different subnet & VLAN
Integrated Routing and Bridging (IRB)
• Two Types of IRB Operation
• Asymmetric IRB- via L2 VRF
• Symmetric IRB- via L3 VRF by exchanging routes
Hands on
• Lets do a quick LAB demo
Hands on
• L2 VPN
Lab Topology
• Two Spine
• Two Leaves
• Four Host
• Two VLANs
• VLAN 10
• VLAN 20
• Two Subnets
• VLAN 10: 10.10.1.0/24
• VLAN 20: 10.20.1.0/24
Underlay Config
• Interface
interface eth1/1
no switchport
ip unnumbered loop0
mtu 9216
no shut
interface eth1/2
no switchport
ip unnumbered loop0
mtu 9216
no shut
interface loopback 0
description *** VTEP ***
ip address 192.168.0.1/32
Underlay Config
• OSPF
router ospf OSPF_UNDERLAY
log-adjacency-change
interface loopback 0
ip router ospf
OSPF_UNDERLAY area 0.0.0.0
interface ethernet1/1-2
medium p2p
ip router ospf
OSPF_UNDERLAY area 0.0.0.0
Underlay Config
• Forward BUM Traffic using IP Multicast (PIM)
int loopback 1
ip address 1.2.3.4/32
ip router ospf OSPF_UNDERLAY area
0.0.0.0
ip pim sparse-mode
ip pim rp-address 1.2.3.4 group-list
224.0.0.0/4
ip pim ssm range 232.0.0.0/8
ip pim anycast-rp 1.2.3.4 192.168.0.1
ip pim anycast-rp 1.2.3.4 192.168.0.2
interface loopback 0
ip pim sparse-mode
interface e1/1-2
ip pim sparse-mode
Overlay Config- L2 VPN
• Spine to be used for overlay RR only
router bgp 64520
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
retain route-target all
template peer VXLAN_OVERLAY
remote-as 64520
update-source loop0
address-family ipv4 unicast
send-community extended
route-reflector-client
soft-reconfiguration inbound
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 192.168.0.3
inherit peer VXLAN_OVERLAY
neighbor 192.168.0.4
inherit peer VXLAN_OVERLAY
Overlay Config- Leaf Contain Main EVPN Config
• Enable VTEP Interface
Interface nve1
no shut
host-reachability
protocol bgp
source-interface loop0
sh interface nve1
(Verify)
Overlay Config- Leaf Contain Main EVPN Config
• Verify VTEP Interface
Leaf-1# sh interface nve 1
nve1 is up
admin state is up, Hardware: NVE
MTU 9216 bytes
Encapsulation VXLAN
Auto-mdix is turned off
RX
ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes
TX
ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes
Overlay Config- Leaf Contain Main EVPN Config
• BGP EVPN Config
router bgp 64520
log-neighbor-changes
address-family ipv4
unicast
address-family l2vpn evpn
retain route-target all
template peer
VXLAN_RR_OVERLAY
remote-as 64520
update-source loop0
Overlay Config- Leaf Contain Main EVPN Config
• BGP EVPN Config
address-family ipv4 unicast
send-community extended
soft-reconfiguration
inbound
address-family l2vpn evpn
send-community
send-community extended
neighbor 192.168.0.1
inherit peer VXLAN_RR_OVERLAY
neighbor 192.168.0.2
inherit peer VXLAN_RR_OVERLAY
Overlay Config- Leaf Contain Main EVPN Config
• Verify BGP EVPN Signalling Status
Leaf-1# sh bgp ipv4 uni nei 192.168.0.1 | inc "Address
family L2VPN EVPN"
Address family L2VPN EVPN: advertised received
Leaf-1# sh bgp ipv4 uni nei 192.168.0.2 | inc "Address
family L2VPN EVPN"
Address family L2VPN EVPN: advertised received
Anycast Gateway
• Configuration & Verification
hardware access-list tcam region arp-ether 256
fabric forwarding anycast-gateway-mac 0000.0011.1234
Leaf-1# show fabric forwarding internal topo-info |
grep Anycast
Forward Mode : Anycast Gateway
Forward Mode : Anycast Gateway
Switch VLAN & VxLAN Related Config
• Required VLAN and VNI Map
vlan 10
vn-segment 100010
vlan 20
vn-segment 100020
Switch VLAN & VxLAN Related Config
• L2 Gateway
interface vlan10
no shutdown
ip address 10.10.1.254/24
fabric forwarding mode
anycast-gateway
interface vlan20
no shutdown
ip address 10.20.1.254/24
fabric forwarding mode
anycast-gateway
Switch VLAN & VxLAN Related Config
• L2 VRF/MAC VRF
evpn
vni 100010 l2
rd auto
route-target import auto
route-target export auto
evpn
vni 100020 l2
rd auto
route-target import auto
route-target export auto
Switch VLAN & VxLAN Related Config
• Access port config
interface e1/7
switchport mode access
switchport access vlan 10
no shut
interface e1/6
switchport mode access
switchport access vlan 20
no shut
Switch VLAN & VxLAN Related Config
• Verify L2VRF table for each VNI
Leaf-1# show bgp l2vpn evpn vni-id 100010
[*** Snip ***]
Network Next Hop Metric LocPrf Weight
Path
Route Distinguisher: 192.168.0.3:32777 (L2VNI 100010)
*>l[2]:[0]:[0]:[48]:[0050.7966.6805]:[0]:[0.0.0.0]/216
192.168.0.3 100 32768 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
192.168.0.4 100 0 i
*>l[2]:[0]:[0]:[48]:[0050.7966.6805]:[32]:[10.10.1.1]/272
192.168.0.3 100 32768 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[10.10.1.2]/272
192.168.0.4 100 0 i
Switch VLAN & VxLAN Related Config
• Verify L2VRF table for each VNI
Leaf-1# show bgp l2vpn evpn vni-id 100020
[*** Snip ***]
Network Next Hop Metric LocPrf Weight
Path
Route Distinguisher: 192.168.0.3:32787 (L2VNI 100020)
*>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216
192.168.0.3 100 32768 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
192.168.0.4 100 0 i
*>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[32]:[10.20.1.1]/272
192.168.0.3 100 32768 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[10.20.1.2]/272
192.168.0.4 100 0 i
Switch VLAN & VxLAN Related Config
• Verify MAC VRF Table
Leaf-1# sh system internal l2fwder mac
[*** Snip ***]
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 20 0050.7966.6808 static - F F (0x47000001) nve-peer1
192.168
* 10 0050.7966.6805 dynamic 00:00:26 F F Eth1/7
G 20 5001.0003.0007 static - F F sup-eth1(R)
G 10 5001.0003.0007 static - F F sup-eth1(R)
* 20 0050.7966.6806 dynamic 00:03:56 F F Eth1/6
* 10 0050.7966.6807 static - F F (0x47000001) nve-peer1
192.168
G 555 5001.0003.0007 static - F F sup-eth1(R)
1 1 -00:00:00:11:12:34 - 1
Switch VLAN & VxLAN Related Config
• Verify MAC VRF Table
Leaf-2# sh system internal l2fwder mac
[*** Snip ***]
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 20 0050.7966.6808 dynamic 00:04:57 F F Eth1/6
* 10 0050.7966.6805 static - F F (0x47000001) nve-peer1
192.168
G 20 5001.0003.0007 static - F F sup-eth1(R)
G 10 5001.0003.0007 static - F F sup-eth1(R)
* 20 0050.7966.6806 static - F F (0x47000001) nve-peer1
192.168
* 10 0050.7966.6807 dynamic 00:00:55 F F Eth1/7
G 555 5001.0003.0007 static - F F sup-eth1(R)
1 1 -00:00:00:11:12:34 - 1
Hands on
• L3 VPN
Overlay Config- L3 VPN
• L3 gateway VLAN & VNI
VLAN 555
vn-segment 500555
Overlay Config- L3 VPN
• L3 VRF config
vrf context CUST1
vni 500555
rd auto
address-family ipv4
unicast
route-target both auto
route-target both auto
evpn
Overlay Config- L3 VPN
• IRB Interface config
interface vlan 555
no shutdown
vrf member CUST1
ip forward
Overlay Config- L3 VPN
• Allow L3 VNI through the VTEP
interface nve1
member vni 500555
associate-vrf
Overlay Config- L3 VPN
• BGP config VRF context
router bgp 64520
vrf CUST1
log-neighbor-change
address-family ipv4
unicast
network 10.10.1.0/24
network 10.20.1.0/24
advertise l2vpn evpn
Overlay Config- L3 VPN
• Assign anycast GW to L3 VRF
interface vlan10
vrf member CUST1
ip address 10.10.1.254/24
fabric forwarding mode
anycast-gateway
interface vlan20
vrf member CUST1
ip address 10.20.1.254/24
fabric forwarding mode
anycast-gateway
Config Verification- L3 VPN
• Verify L3VRF table for each VNI
Leaf-1# show bgp l2vpn evpn vni-id 500555
[Snip]
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 192.168.0.3:3 (L3VNI 500555)
*>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[10.10.1.2]/272
192.168.0.4 100 0 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[10.20.1.2]/272
192.168.0.4 100 0 i
* i[5]:[0]:[0]:[24]:[10.10.1.0]:[0.0.0.0]/224
192.168.0.4 100 0 i
*>l 192.168.0.3 100 32768 i
* i[5]:[0]:[0]:[24]:[10.20.1.0]:[0.0.0.0]/224
192.168.0.4 100 0 i
*>l 192.168.0.3 100 32768 i
Config Verification- L3 VPN
• Verify L3VRF table for each VNI
Leaf-2# show bgp l2vpn evpn vni-id 500555
[Snip]
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 192.168.0.4:3 (L3VNI 500555)
*>i[2]:[0]:[0]:[48]:[0050.7966.6805]:[32]:[10.10.1.1]/272
192.168.0.3 100 0 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6806]:[32]:[10.20.1.1]/272
192.168.0.3 100 0 i
*>l[5]:[0]:[0]:[24]:[10.10.1.0]:[0.0.0.0]/224
192.168.0.4 100 32768 i
* i 192.168.0.3 100 0 i
*>l[5]:[0]:[0]:[24]:[10.20.1.0]:[0.0.0.0]/224
192.168.0.4 100 32768 i
* i 192.168.0.3 100 0 i
Hands on
• L3 VPN Juniper vQFX10K
Juniper vQFX10K- Config
• Underlay (Spine Interface)
set interfaces lo0 unit 0 description "*** SPINE LOOPBACK ***"
set interfaces lo0 unit 0 family inet address 172.16.0.1/32
set interfaces xe-0/0/0 mtu 9216
set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-1***"
set interfaces xe-0/0/0 unit 0 family inet address
192.168.0.1/30
set interfaces xe-0/0/1 mtu 9216
set interfaces xe-0/0/1 unit 0 description "SPINE-1-LEAF-2***"
set interfaces xe-0/0/1 unit 0 family inet address
192.168.0.5/30
Juniper vQFX10K- Config
• Underlay (Spine OSPF)
set routing-options router-id 172.16.0.1
set protocols ospf area 0.0.0.0 interface lo0.0
passive
set protocols ospf area 0.0.0.0 interface xe-0/0/0.0
set protocols ospf area 0.0.0.0 interface xe-0/0/0.0
interface-type p2p
set protocols ospf area 0.0.0.0 interface xe-0/0/1.0
set protocols ospf area 0.0.0.0 interface xe-0/0/1.0
interface-type p2p
Juniper vQFX10K- Config
• Underlay (Leaf Interface)
• Leaf 1
set interfaces lo0 unit 0 description "*** VTEP NEXT-HOP ***"
set interfaces lo0 unit 0 family inet address 172.16.1.1/32
set interfaces xe-0/0/0 mtu 9216
set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-1***"
set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.2/30
• Leaf 2
set interfaces lo0 unit 0 description "*** VTEP NEXT-HOP ***"
set interfaces lo0 unit 0 family inet address 172.16.1.2/32
set interfaces xe-0/0/0 mtu 9216
set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-2***"
set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.6/30
Juniper vQFX10K- Config
• Underlay (Leaf OSPF)
• Leaf 1
set routing-options router-id 172.16.1.1
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface xe-0/0/0.0
set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface-
type p2p
• Leaf 2
set routing-options router-id 172.16.1.2
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface xe-0/0/0.0
set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface-
type p2p
Juniper vQFX10K- Config
• Overlay (Leaf BGP)
• Leaf 1
set protocols bgp group OVERLAY type internal
set protocols bgp group OVERLAY local-address 172.16.1.1
set protocols bgp group OVERLAY family evpn signaling
set protocols bgp group OVERLAY neighbor 172.16.1.2 description LEAF-2
set protocols bgp group OVERLAY neighbor 172.16.1.2 peer-as 65500
set protocols bgp group OVERLAY neighbor 172.16.1.2 local-as 65500
• Leaf 2
set protocols bgp group OVERLAY type internal
set protocols bgp group OVERLAY local-address 172.16.1.2
set protocols bgp group OVERLAY family evpn signaling
set protocols bgp group OVERLAY neighbor 172.16.1.1 description LEAF-2
set protocols bgp group OVERLAY neighbor 172.16.1.1 peer-as 65500
set protocols bgp group OVERLAY neighbor 172.16.1.1 local-as 65500
Juniper vQFX10K- Config
• Overlay (Leaf VxLAN Encap)
• Leaf 1
set protocols evpn encapsulation vxlan
set protocols evpn multicast-mode ingress-replication
• Leaf 2
set protocols evpn encapsulation vxlan
set protocols evpn multicast-mode ingress-replication
Juniper vQFX10K- Config
• Overlay (Leaf L3 VRF Config)
• Leaf 1
set routing-instances CUST_A instance-type vrf
set routing-instances CUST_A interface irb.100
set routing-instances CUST_A interface lo0.1
set routing-instances CUST_A route-distinguisher 172.16.1.1:5000
set routing-instances CUST_A vrf-target target:300:5000
set routing-instances CUST_A protocols evpn ip-prefix-routes advertise direct-nexthop
set routing-instances CUST_A protocols evpn ip-prefix-routes encapsulation vxlan
set routing-instances CUST_A protocols evpn ip-prefix-routes vni 5000
• Leaf 2
set routing-instances CUST_A instance-type vrf
set routing-instances CUST_A interface irb.400
set routing-instances CUST_A interface lo0.1
set routing-instances CUST_A route-distinguisher 172.16.1.2:5000
set routing-instances CUST_A vrf-target target:300:5000
set routing-instances CUST_A protocols evpn ip-prefix-routes advertise direct-nexthop
set routing-instances CUST_A protocols evpn ip-prefix-routes encapsulation vxlan
set routing-instances CUST_A protocols evpn ip-prefix-routes vni 5000
Juniper vQFX10K- Config
• Overlay (Leaf Switch Option Config)
• Leaf 1
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 172.16.1.1:1
set switch-options vrf-target target:7777:7777
• Leaf 2
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 172.16.1.2:1
set switch-options vrf-target target:7777:7777
Juniper vQFX10K- Config
• Overlay (Leaf VLAN to VNI Map Config)
• Leaf 1
set vlans v100 vlan-id 100
set vlans v100 l3-interface irb.100
set vlans v100 vxlan vni 10010
set vlans v100 vxlan ingress-node-replication
• Leaf 2
set vlans v400 vlan-id 400
set vlans v400 l3-interface irb.400
set vlans v400 vxlan vni 10040
set vlans v400 vxlan ingress-node-replication
Juniper vQFX10K- Config
• Overlay (Leaf Host Switchport Config)
• Leaf 1
set interfaces irb unit 100 family inet address
10.10.10.254/24
set interfaces xe-0/0/11 unit 0 family ethernet-
switching vlan members v100
• Leaf 2
set interfaces irb unit 400 family inet address
40.40.40.254/24
set interfaces xe-0/0/11 unit 0 family ethernet-
switching vlan members v400
Question?

Mais conteúdo relacionado

Mais procurados

Mpls technology
Mpls technologyMpls technology
Mpls technology
Naveen Sihag
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5   finalVxlan deep dive session rev0.5   final
Vxlan deep dive session rev0.5 final
KwonSun Bae
 
MENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionMENOG-Segment Routing Introduction
MENOG-Segment Routing Introduction
Rasoul Mesghali, CCIE RS
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2
Cumulus Networks
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
Bertrand Duvivier
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
Indonesia Network Operators Group
 
Ccnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] ClassCcnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] Class
SagarR24
 
Mpls
MplsMpls
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
APNIC
 
VXLAN
VXLANVXLAN
VXLAN
SAliyev1
 
Mpls L3_vpn
Mpls L3_vpnMpls L3_vpn
Mpls L3_vpn
Reza Farahani
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab Guide
Salachudin Emir
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGP
Duane Bodle
 
Mobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLSMobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLS
Cisco Canada
 
IS-IS Protocol Introduction
IS-IS Protocol IntroductionIS-IS Protocol Introduction
IS-IS Protocol Introduction
NetProtocol Xpert
 
IOS Zone based Firewall
IOS Zone based FirewallIOS Zone based Firewall
IOS Zone based Firewall
Netwax Lab
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & James
Febrian ‎
 
Chapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routingChapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routing
teknetir
 
Cisco nx os
Cisco nx os Cisco nx os
Cisco nx os
Utpal Sinha
 
VPLS Fundamental
VPLS FundamentalVPLS Fundamental
VPLS Fundamental
Reza Farahani
 

Mais procurados (20)

Mpls technology
Mpls technologyMpls technology
Mpls technology
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5   finalVxlan deep dive session rev0.5   final
Vxlan deep dive session rev0.5 final
 
MENOG-Segment Routing Introduction
MENOG-Segment Routing IntroductionMENOG-Segment Routing Introduction
MENOG-Segment Routing Introduction
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
 
Ccnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] ClassCcnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] Class
 
Mpls
MplsMpls
Mpls
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
 
VXLAN
VXLANVXLAN
VXLAN
 
Mpls L3_vpn
Mpls L3_vpnMpls L3_vpn
Mpls L3_vpn
 
CCNA Lab Guide
CCNA Lab GuideCCNA Lab Guide
CCNA Lab Guide
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGP
 
Mobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLSMobile Transport Evolution with Unified MPLS
Mobile Transport Evolution with Unified MPLS
 
IS-IS Protocol Introduction
IS-IS Protocol IntroductionIS-IS Protocol Introduction
IS-IS Protocol Introduction
 
IOS Zone based Firewall
IOS Zone based FirewallIOS Zone based Firewall
IOS Zone based Firewall
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & James
 
Chapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routingChapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routing
 
Cisco nx os
Cisco nx os Cisco nx os
Cisco nx os
 
VPLS Fundamental
VPLS FundamentalVPLS Fundamental
VPLS Fundamental
 

Semelhante a EVPN Introduction

Vlan
VlanVlan
evpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdfevpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdf
ThanhTrungBui5
 
Automate programmable fabric in seconds with an open standards based solution
Automate programmable fabric in seconds with an open standards based solutionAutomate programmable fabric in seconds with an open standards based solution
Automate programmable fabric in seconds with an open standards based solution
Tony Antony
 
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data CenterPLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PROIDEA
 
Network Virtualization
Network VirtualizationNetwork Virtualization
Network Virtualization
MusTufa Nullwala
 
PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...
PROIDEA
 
VXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdfVXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdf
NelAlv1
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode series
Cumulus Networks
 
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Gade Gowtham
 
Vlan
VlanVlan
10 sdn-vir-6up
10 sdn-vir-6up10 sdn-vir-6up
10 sdn-vir-6up
Sachin Siddappa
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Jide Akintola JNCIE-M&T/SP #496 CCIE-SP#28552
 
Day 14.2 inter vlan
Day 14.2 inter vlanDay 14.2 inter vlan
Day 14.2 inter vlan
CYBERINTELLIGENTS
 
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram SnehiVLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
MR. VIKRAM SNEHI
 
Vlan.pdf
Vlan.pdfVlan.pdf
Vlan.pdf
itwkd
 
Network virtualization
Network virtualizationNetwork virtualization
Network virtualization
Damian Parniewicz
 
OTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOMEOTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOME
networkershome
 
Branching out with SDN
Branching out with SDNBranching out with SDN
Branching out with SDN
APNIC
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWS
Zvika Gazit
 
VLAN
VLANVLAN

Semelhante a EVPN Introduction (20)

Vlan
VlanVlan
Vlan
 
evpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdfevpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdf
 
Automate programmable fabric in seconds with an open standards based solution
Automate programmable fabric in seconds with an open standards based solutionAutomate programmable fabric in seconds with an open standards based solution
Automate programmable fabric in seconds with an open standards based solution
 
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data CenterPLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
 
Network Virtualization
Network VirtualizationNetwork Virtualization
Network Virtualization
 
PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...
 
VXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdfVXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdf
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode series
 
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
 
Vlan
VlanVlan
Vlan
 
10 sdn-vir-6up
10 sdn-vir-6up10 sdn-vir-6up
10 sdn-vir-6up
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
Day 14.2 inter vlan
Day 14.2 inter vlanDay 14.2 inter vlan
Day 14.2 inter vlan
 
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram SnehiVLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
 
Vlan.pdf
Vlan.pdfVlan.pdf
Vlan.pdf
 
Network virtualization
Network virtualizationNetwork virtualization
Network virtualization
 
OTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOMEOTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOME
 
Branching out with SDN
Branching out with SDNBranching out with SDN
Branching out with SDN
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWS
 
VLAN
VLANVLAN
VLAN
 

Mais de Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Bangladesh Network Operators Group
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Bangladesh Network Operators Group
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
Bangladesh Network Operators Group
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
Bangladesh Network Operators Group
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
Bangladesh Network Operators Group
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
Bangladesh Network Operators Group
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
Bangladesh Network Operators Group
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia  2022IPv6 Deployment in South Asia  2022
IPv6 Deployment in South Asia 2022
Bangladesh Network Operators Group
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
Bangladesh Network Operators Group
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
Bangladesh Network Operators Group
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
Bangladesh Network Operators Group
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
Bangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
Bangladesh Network Operators Group
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
Bangladesh Network Operators Group
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
Bangladesh Network Operators Group
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
Bangladesh Network Operators Group
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
Bangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
Bangladesh Network Operators Group
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
Bangladesh Network Operators Group
 

Mais de Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia  2022IPv6 Deployment in South Asia  2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 

Último

KubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial IntelligentKubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial Intelligent
Emre Gündoğdu
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
GNAMBIKARAO
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APNIC
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
APNIC
 
How to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdfHow to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdf
Infosec train
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
thezot
 
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
dtagbe
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
Tarandeep Singh
 

Último (12)

KubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial IntelligentKubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial Intelligent
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
 
How to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdfHow to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdf
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
 
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
 

EVPN Introduction

  • 1. EVPN Introduction • Nurul Islam Roman, Optus, Australia
  • 2. What is EVPN? • Full form is Ethernet VPN • Carry layer 2 traffic over (Overlay) a Layer 3 network (Underlay) • In theory EVPN could use any data plane encapsulation method • MPLS, VXLAN, MPLS-over-GRE/UDP etc • In practise it is used with MPLS and VXLAN data plane encapsulation so far. • So EVPN is a control plane technology and data plane can be MPLS or VXLAN
  • 3. Traditional Network • L2 Segmentation using VLAN • Multiple VLAN on a switch • One IP subnet for each VLAN • SVI/Sub-if to do inter-VLAN routing
  • 4. Challenges for New Demand • Dot 1Q encap/Q-in-Q tunnel to extend VLAN across multiple physical Switches • Redundant path is STP block • Etherchannel to bundle multiple link • No control plane to learn MAC • Dataplane support MAC learning (ARP)
  • 5. Challenges for New Demand • Expand L2 network across DC, Sites or wider geographic region • Can we extend the trunk link or is this a practical solution? • Current infrastructure is a routed network and proven to be very stable. • Can a tunnelling technology address these challenges? • MAC address learning- Control Plane • Data (Frame) forwarding- Data Plane
  • 6. Do we already have a solution for these? • Cisco FabricPath • IETF TRILL (TRansparent Interconnection of Lots of Links) • Need a link state routing protocol • VPWS/VPLS and so on • BGP base to exchange label • L2 MAC learning still data plane driven • No large-scale deployment
  • 7. VPLS (Martini & Kompella)Model • Each tenant is represented by a VSI or similar • Each VSI is an extended bridge domain within a carrier MPLS network • Full mesh VC tunnel among VSI • MP-BGP l2-vpn address family control plane protocol is to exchange VPN labels only • Tunnel label and VC label • MAC address learning is still Flooding/Forwarding based • Scaling issue for carrier network for large scale deployment • Bandwidth cost limiting the scale • Need separate control plane protocol for L3 VPN
  • 8. VPLS (Martini & Kompella)Model- Continue • L2 and L3 VPN on different address family • VPNv4 AFI • l2VPN AFI • Client L2 and L3 gateways are not integrated • Gateway deployment design introduce scalability issue for future growth • Introduce new integrated control plane protocol EVPN to address these challenges
  • 9. Will EVPN be a Replacement of Current L2 VPN Technologies? • Current Layer 2 VPN technologies experiencing limitations • VPWS, VPLS has scaling issues for large scale deployment • Use dataplane forwarding to learn MAC address • Routing services require separate config which sometime can cause hairpin routing limitation • Improved Network Efficiency • No more data plane traffic to simulate ARP flooding instead use MP-BGP to exchange MAC address via L3 underlay • Integrated Layer 2/Layer 3 Functionality introducing IRB
  • 10. Will EVPN be an Open Standard? • There are a number of RFC covers EVPN technology • BGP based widely used EVPN RFC is RFC7432 • A number of vendors started implementing EVPN since the early stage of the RFC process. • E.g. draft-ietf-l2vpn-evpn stage • Juniper QFX, MX and EX product range • Cisco Nexus product range • Interoperability among the vendors are still a challenge
  • 11. VxLAN
  • 12. VxLAN Data Plane Encapsulation Protocol • VXLAN - Virtual eXtensible Local Area Network • VNI - VXLAN Network Identifier • VXLAN Segment ID 24bit will map to VLAN ID • VTEP -VXLAN Tunnel End Point • A device (E.G. a PE) originates and/or terminates VXLAN tunnels • VXLAN Segment • VXLAN Layer 2 overlay network span across VTEP • VXLAN Gateway • L2: Forward L2 traffic across same VLANs on VTEP • L3: Forward L3 traffic between different VLAN on VTEP
  • 13. VxLAN Data Plane- Inside VxLAN Header • 64 bit length • VNI 24 bit • I flag bit is set to 1 for valid VNI • R flag is reserved and need to be 0
  • 14. VXLAN End Host Discovery • Option 1: Flood & Learn • Similar to VPLS, the original implementation of VxLAN relies on the data plane flood and learn discovery scheme. • Option 2: Separate Control Plane Learning • To address the scalability concern of flood and learn discovery, other controller-less control plane discovery scheme such BGP EVPN and OVSDB have been defined by IETF • Other SDN controller-based discovery scheme such as Cisco APIC or Juniper Contrail is an example.
  • 15. EVPN Data Plane Encapsulation Options
  • 16. MPLS Label for Data Plane Encapsulation • Probably be a topic for future bdNOG tutorial/Workshop
  • 17. BGP EVPN Building Blocks • EVPN – Ethernet VPN • EVI -EVPN Instance • Span customer EVPN across PE devices • MAC-VRF • Virtual Routing and Forwarding table for MAC addresses on a PE • IP-VRF • Virtual Routing and Forwarding table for IP addresses on a PE • ES -Ethernet Segment • Multihome customer site via a set of Ethernet links • DF –Designated Forwarder
  • 18. BGP EVPN Building Blocks- Continue • VTEP -VXLAN Tunnel End Point • A device (E.G. a PE) originates and/or terminates VXLAN tunnels • NVE -Network Virtualization Edges • Tunnel interface for VTEP • NVGRE -Network Virtualization using Generic Routing Encapsulation
  • 19. Overlay and Underlay Network • Underlay • The underlay is the Layer 3 IP network that routes encapsulated frame/packet as normal IP traffic • Overlay • An overlay network is a service built on top of a physical network. It decouples network services from the underlaying infrastructure by further encapsulation of packet/frame inside another packet
  • 20. BUM Traffic • Broadcast • Unknown Unicast • Multicast • Two way to facilitate host MAC address learning • Flood & learn • BGP EVPN control plane
  • 21. BUM Traffic • Flood and learn is old way • BGP EVPN is new way • Facilitate only for known MAC • BUM traffic steel need a solution • IP Multicast underlay. L2 VNI mapped to IP multicast group. VTEP send PIM join/prune message • Enable Ingress Replication (IR) or Head-End Replication (HER). Ingress router build as a flood list to forward BUM traffic to all remote VTEP (Recently introduced)
  • 22. EVPN Service Model • EVPN service model or deployment scenarios specifies 3 ways VLAN-to- VNI Mapping can be achieved 1. VLAN-Based Service Interface 2. VLAN Bundle Service Interface / Port-Based Service Interface 3. VLAN-Aware Bundle Service Interface • Most vendors however, only support option 1 and 3 from the list above
  • 23. EVPN Service Model 1. VLAN-Based Service Interface • Has a one-to-one mapping between a VLAN ID on the interface and a MAC-VRF • EVPN instance consists of only a single broadcast domain. 2. VLAN Bundle Service Interface • Has a many-to-one mapping between VLANs and a MAC-VRF, and the MAC-VRF consists of a single bridge table. • EVPN instance corresponds to multiple broadcast domains 3. VLAN-Aware Bundle Service Interface • EVPN instance consists of multiple broadcast domains with • Each VLAN having its own bridge table.
  • 25. EVPN Route Types 1 • Known as Ethernet Auto-Discovery Route • Used for remote VTEP auto discovery • Used for advertising split-horizon label • Provides fast convergence through mass withdrawal • An Ethernet Tag ID is a 32-bit field containing either a 12-bit or 24-bit identifier • Identifies a particular broadcast domain for instance VLAN in an EVPN instance.
  • 26. EVPN Route Types 2 • Known as MAC/IP advertisement route • Used to provides end-host reachability information
  • 27. EVPN Route Types 3 • Known as Inclusive Multicast Ethernet Tag (IMET) route • Used to create the distribution list for ingress replication • Used to set up paths for BUM traffic per VLAN per EVI basis • Used to discover the multicast tunnels among the endpoints associated with a given EVI
  • 28. EVPN Route Types 4 • Known as Ethernet segment Route • Used for Ethernet Segment auto- discovery by allowing VNE with the same ESI to discover each other • It allows for designated forwarder (DF) election
  • 29. EVPN Route Types 5 • Known as IP Prefix Route • Used to decouple IP Prefix from MAC/IP route to provide IP prefix advertisement
  • 30. Distributed Anycast Gateway • Gateway is closer to the end-hosts • Eliminate traffic hair pinning and unnecessary traffic backhauling to centralized gateway • Uses Anycast Gateway MAC (AGM) address to prevent traffic block-holed resulting from MAC mobility
  • 31. Ethernet Segment Identifier (ESI) LAG • Gateway is closer to the end-hosts • Eliminate traffic hair pinning and unnecessary traffic backhauling to centralized gateway • Use an Ethernet Segment Identifier to tag the MAC on local interface • Uses Anycast Gateway MAC (AGM) address to prevent traffic block-holed resulting from MAC mobility
  • 32. Integrated Routing and Bridging (IRB) • (IRB) allows the device in an EVPN to perform both bridging and routing on single bridge domain. • Bridge domain performs bridging when it forwards traffic to the same subnet & VLAN • Bridge Domain Interface performs routing when it forwards traffic to a different subnet & VLAN
  • 33. Integrated Routing and Bridging (IRB) • Two Types of IRB Operation • Asymmetric IRB- via L2 VRF • Symmetric IRB- via L3 VRF by exchanging routes
  • 34. Hands on • Lets do a quick LAB demo
  • 36. Lab Topology • Two Spine • Two Leaves • Four Host • Two VLANs • VLAN 10 • VLAN 20 • Two Subnets • VLAN 10: 10.10.1.0/24 • VLAN 20: 10.20.1.0/24
  • 37. Underlay Config • Interface interface eth1/1 no switchport ip unnumbered loop0 mtu 9216 no shut interface eth1/2 no switchport ip unnumbered loop0 mtu 9216 no shut interface loopback 0 description *** VTEP *** ip address 192.168.0.1/32
  • 38. Underlay Config • OSPF router ospf OSPF_UNDERLAY log-adjacency-change interface loopback 0 ip router ospf OSPF_UNDERLAY area 0.0.0.0 interface ethernet1/1-2 medium p2p ip router ospf OSPF_UNDERLAY area 0.0.0.0
  • 39. Underlay Config • Forward BUM Traffic using IP Multicast (PIM) int loopback 1 ip address 1.2.3.4/32 ip router ospf OSPF_UNDERLAY area 0.0.0.0 ip pim sparse-mode ip pim rp-address 1.2.3.4 group-list 224.0.0.0/4 ip pim ssm range 232.0.0.0/8 ip pim anycast-rp 1.2.3.4 192.168.0.1 ip pim anycast-rp 1.2.3.4 192.168.0.2 interface loopback 0 ip pim sparse-mode interface e1/1-2 ip pim sparse-mode
  • 40. Overlay Config- L2 VPN • Spine to be used for overlay RR only router bgp 64520 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn retain route-target all template peer VXLAN_OVERLAY remote-as 64520 update-source loop0 address-family ipv4 unicast send-community extended route-reflector-client soft-reconfiguration inbound address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 192.168.0.3 inherit peer VXLAN_OVERLAY neighbor 192.168.0.4 inherit peer VXLAN_OVERLAY
  • 41. Overlay Config- Leaf Contain Main EVPN Config • Enable VTEP Interface Interface nve1 no shut host-reachability protocol bgp source-interface loop0 sh interface nve1 (Verify)
  • 42. Overlay Config- Leaf Contain Main EVPN Config • Verify VTEP Interface Leaf-1# sh interface nve 1 nve1 is up admin state is up, Hardware: NVE MTU 9216 bytes Encapsulation VXLAN Auto-mdix is turned off RX ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes TX ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes
  • 43. Overlay Config- Leaf Contain Main EVPN Config • BGP EVPN Config router bgp 64520 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn retain route-target all template peer VXLAN_RR_OVERLAY remote-as 64520 update-source loop0
  • 44. Overlay Config- Leaf Contain Main EVPN Config • BGP EVPN Config address-family ipv4 unicast send-community extended soft-reconfiguration inbound address-family l2vpn evpn send-community send-community extended neighbor 192.168.0.1 inherit peer VXLAN_RR_OVERLAY neighbor 192.168.0.2 inherit peer VXLAN_RR_OVERLAY
  • 45. Overlay Config- Leaf Contain Main EVPN Config • Verify BGP EVPN Signalling Status Leaf-1# sh bgp ipv4 uni nei 192.168.0.1 | inc "Address family L2VPN EVPN" Address family L2VPN EVPN: advertised received Leaf-1# sh bgp ipv4 uni nei 192.168.0.2 | inc "Address family L2VPN EVPN" Address family L2VPN EVPN: advertised received
  • 46. Anycast Gateway • Configuration & Verification hardware access-list tcam region arp-ether 256 fabric forwarding anycast-gateway-mac 0000.0011.1234 Leaf-1# show fabric forwarding internal topo-info | grep Anycast Forward Mode : Anycast Gateway Forward Mode : Anycast Gateway
  • 47. Switch VLAN & VxLAN Related Config • Required VLAN and VNI Map vlan 10 vn-segment 100010 vlan 20 vn-segment 100020
  • 48. Switch VLAN & VxLAN Related Config • L2 Gateway interface vlan10 no shutdown ip address 10.10.1.254/24 fabric forwarding mode anycast-gateway interface vlan20 no shutdown ip address 10.20.1.254/24 fabric forwarding mode anycast-gateway
  • 49. Switch VLAN & VxLAN Related Config • L2 VRF/MAC VRF evpn vni 100010 l2 rd auto route-target import auto route-target export auto evpn vni 100020 l2 rd auto route-target import auto route-target export auto
  • 50. Switch VLAN & VxLAN Related Config • Access port config interface e1/7 switchport mode access switchport access vlan 10 no shut interface e1/6 switchport mode access switchport access vlan 20 no shut
  • 51. Switch VLAN & VxLAN Related Config • Verify L2VRF table for each VNI Leaf-1# show bgp l2vpn evpn vni-id 100010 [*** Snip ***] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.3:32777 (L2VNI 100010) *>l[2]:[0]:[0]:[48]:[0050.7966.6805]:[0]:[0.0.0.0]/216 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216 192.168.0.4 100 0 i *>l[2]:[0]:[0]:[48]:[0050.7966.6805]:[32]:[10.10.1.1]/272 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[10.10.1.2]/272 192.168.0.4 100 0 i
  • 52. Switch VLAN & VxLAN Related Config • Verify L2VRF table for each VNI Leaf-1# show bgp l2vpn evpn vni-id 100020 [*** Snip ***] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.3:32787 (L2VNI 100020) *>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216 192.168.0.4 100 0 i *>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[32]:[10.20.1.1]/272 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[10.20.1.2]/272 192.168.0.4 100 0 i
  • 53. Switch VLAN & VxLAN Related Config • Verify MAC VRF Table Leaf-1# sh system internal l2fwder mac [*** Snip ***] VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ * 20 0050.7966.6808 static - F F (0x47000001) nve-peer1 192.168 * 10 0050.7966.6805 dynamic 00:00:26 F F Eth1/7 G 20 5001.0003.0007 static - F F sup-eth1(R) G 10 5001.0003.0007 static - F F sup-eth1(R) * 20 0050.7966.6806 dynamic 00:03:56 F F Eth1/6 * 10 0050.7966.6807 static - F F (0x47000001) nve-peer1 192.168 G 555 5001.0003.0007 static - F F sup-eth1(R) 1 1 -00:00:00:11:12:34 - 1
  • 54. Switch VLAN & VxLAN Related Config • Verify MAC VRF Table Leaf-2# sh system internal l2fwder mac [*** Snip ***] VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ * 20 0050.7966.6808 dynamic 00:04:57 F F Eth1/6 * 10 0050.7966.6805 static - F F (0x47000001) nve-peer1 192.168 G 20 5001.0003.0007 static - F F sup-eth1(R) G 10 5001.0003.0007 static - F F sup-eth1(R) * 20 0050.7966.6806 static - F F (0x47000001) nve-peer1 192.168 * 10 0050.7966.6807 dynamic 00:00:55 F F Eth1/7 G 555 5001.0003.0007 static - F F sup-eth1(R) 1 1 -00:00:00:11:12:34 - 1
  • 56. Overlay Config- L3 VPN • L3 gateway VLAN & VNI VLAN 555 vn-segment 500555
  • 57. Overlay Config- L3 VPN • L3 VRF config vrf context CUST1 vni 500555 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn
  • 58. Overlay Config- L3 VPN • IRB Interface config interface vlan 555 no shutdown vrf member CUST1 ip forward
  • 59. Overlay Config- L3 VPN • Allow L3 VNI through the VTEP interface nve1 member vni 500555 associate-vrf
  • 60. Overlay Config- L3 VPN • BGP config VRF context router bgp 64520 vrf CUST1 log-neighbor-change address-family ipv4 unicast network 10.10.1.0/24 network 10.20.1.0/24 advertise l2vpn evpn
  • 61. Overlay Config- L3 VPN • Assign anycast GW to L3 VRF interface vlan10 vrf member CUST1 ip address 10.10.1.254/24 fabric forwarding mode anycast-gateway interface vlan20 vrf member CUST1 ip address 10.20.1.254/24 fabric forwarding mode anycast-gateway
  • 62. Config Verification- L3 VPN • Verify L3VRF table for each VNI Leaf-1# show bgp l2vpn evpn vni-id 500555 [Snip] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.3:3 (L3VNI 500555) *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[10.10.1.2]/272 192.168.0.4 100 0 i *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[10.20.1.2]/272 192.168.0.4 100 0 i * i[5]:[0]:[0]:[24]:[10.10.1.0]:[0.0.0.0]/224 192.168.0.4 100 0 i *>l 192.168.0.3 100 32768 i * i[5]:[0]:[0]:[24]:[10.20.1.0]:[0.0.0.0]/224 192.168.0.4 100 0 i *>l 192.168.0.3 100 32768 i
  • 63. Config Verification- L3 VPN • Verify L3VRF table for each VNI Leaf-2# show bgp l2vpn evpn vni-id 500555 [Snip] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.4:3 (L3VNI 500555) *>i[2]:[0]:[0]:[48]:[0050.7966.6805]:[32]:[10.10.1.1]/272 192.168.0.3 100 0 i *>i[2]:[0]:[0]:[48]:[0050.7966.6806]:[32]:[10.20.1.1]/272 192.168.0.3 100 0 i *>l[5]:[0]:[0]:[24]:[10.10.1.0]:[0.0.0.0]/224 192.168.0.4 100 32768 i * i 192.168.0.3 100 0 i *>l[5]:[0]:[0]:[24]:[10.20.1.0]:[0.0.0.0]/224 192.168.0.4 100 32768 i * i 192.168.0.3 100 0 i
  • 64. Hands on • L3 VPN Juniper vQFX10K
  • 65. Juniper vQFX10K- Config • Underlay (Spine Interface) set interfaces lo0 unit 0 description "*** SPINE LOOPBACK ***" set interfaces lo0 unit 0 family inet address 172.16.0.1/32 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-1***" set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.1/30 set interfaces xe-0/0/1 mtu 9216 set interfaces xe-0/0/1 unit 0 description "SPINE-1-LEAF-2***" set interfaces xe-0/0/1 unit 0 family inet address 192.168.0.5/30
  • 66. Juniper vQFX10K- Config • Underlay (Spine OSPF) set routing-options router-id 172.16.0.1 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface-type p2p set protocols ospf area 0.0.0.0 interface xe-0/0/1.0 set protocols ospf area 0.0.0.0 interface xe-0/0/1.0 interface-type p2p
  • 67. Juniper vQFX10K- Config • Underlay (Leaf Interface) • Leaf 1 set interfaces lo0 unit 0 description "*** VTEP NEXT-HOP ***" set interfaces lo0 unit 0 family inet address 172.16.1.1/32 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-1***" set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.2/30 • Leaf 2 set interfaces lo0 unit 0 description "*** VTEP NEXT-HOP ***" set interfaces lo0 unit 0 family inet address 172.16.1.2/32 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-2***" set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.6/30
  • 68. Juniper vQFX10K- Config • Underlay (Leaf OSPF) • Leaf 1 set routing-options router-id 172.16.1.1 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface- type p2p • Leaf 2 set routing-options router-id 172.16.1.2 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface- type p2p
  • 69. Juniper vQFX10K- Config • Overlay (Leaf BGP) • Leaf 1 set protocols bgp group OVERLAY type internal set protocols bgp group OVERLAY local-address 172.16.1.1 set protocols bgp group OVERLAY family evpn signaling set protocols bgp group OVERLAY neighbor 172.16.1.2 description LEAF-2 set protocols bgp group OVERLAY neighbor 172.16.1.2 peer-as 65500 set protocols bgp group OVERLAY neighbor 172.16.1.2 local-as 65500 • Leaf 2 set protocols bgp group OVERLAY type internal set protocols bgp group OVERLAY local-address 172.16.1.2 set protocols bgp group OVERLAY family evpn signaling set protocols bgp group OVERLAY neighbor 172.16.1.1 description LEAF-2 set protocols bgp group OVERLAY neighbor 172.16.1.1 peer-as 65500 set protocols bgp group OVERLAY neighbor 172.16.1.1 local-as 65500
  • 70. Juniper vQFX10K- Config • Overlay (Leaf VxLAN Encap) • Leaf 1 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication • Leaf 2 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication
  • 71. Juniper vQFX10K- Config • Overlay (Leaf L3 VRF Config) • Leaf 1 set routing-instances CUST_A instance-type vrf set routing-instances CUST_A interface irb.100 set routing-instances CUST_A interface lo0.1 set routing-instances CUST_A route-distinguisher 172.16.1.1:5000 set routing-instances CUST_A vrf-target target:300:5000 set routing-instances CUST_A protocols evpn ip-prefix-routes advertise direct-nexthop set routing-instances CUST_A protocols evpn ip-prefix-routes encapsulation vxlan set routing-instances CUST_A protocols evpn ip-prefix-routes vni 5000 • Leaf 2 set routing-instances CUST_A instance-type vrf set routing-instances CUST_A interface irb.400 set routing-instances CUST_A interface lo0.1 set routing-instances CUST_A route-distinguisher 172.16.1.2:5000 set routing-instances CUST_A vrf-target target:300:5000 set routing-instances CUST_A protocols evpn ip-prefix-routes advertise direct-nexthop set routing-instances CUST_A protocols evpn ip-prefix-routes encapsulation vxlan set routing-instances CUST_A protocols evpn ip-prefix-routes vni 5000
  • 72. Juniper vQFX10K- Config • Overlay (Leaf Switch Option Config) • Leaf 1 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 172.16.1.1:1 set switch-options vrf-target target:7777:7777 • Leaf 2 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 172.16.1.2:1 set switch-options vrf-target target:7777:7777
  • 73. Juniper vQFX10K- Config • Overlay (Leaf VLAN to VNI Map Config) • Leaf 1 set vlans v100 vlan-id 100 set vlans v100 l3-interface irb.100 set vlans v100 vxlan vni 10010 set vlans v100 vxlan ingress-node-replication • Leaf 2 set vlans v400 vlan-id 400 set vlans v400 l3-interface irb.400 set vlans v400 vxlan vni 10040 set vlans v400 vxlan ingress-node-replication
  • 74. Juniper vQFX10K- Config • Overlay (Leaf Host Switchport Config) • Leaf 1 set interfaces irb unit 100 family inet address 10.10.10.254/24 set interfaces xe-0/0/11 unit 0 family ethernet- switching vlan members v100 • Leaf 2 set interfaces irb unit 400 family inet address 40.40.40.254/24 set interfaces xe-0/0/11 unit 0 family ethernet- switching vlan members v400