SlideShare ist ein Scribd-Unternehmen logo

EVPN Introduction

Bangladesh Network Operators Group
Bangladesh Network Operators Group

EVPN Introduction

Internet
1 von 75
Downloaden Sie, um offline zu lesen
EVPN Introduction • Nurul Islam Roman, Optus, Australia
What is EVPN? • Full form is Ethernet VPN • Carry layer 2 traffic over (Overlay) a Layer 3 network (Underlay) • In theory EVPN could use any data plane encapsulation method • MPLS, VXLAN, MPLS-over-GRE/UDP etc • In practise it is used with MPLS and VXLAN data plane encapsulation so far. • So EVPN is a control plane technology and data plane can be MPLS or VXLAN
Traditional Network • L2 Segmentation using VLAN • Multiple VLAN on a switch • One IP subnet for each VLAN • SVI/Sub-if to do inter-VLAN routing
Challenges for New Demand • Dot 1Q encap/Q-in-Q tunnel to extend VLAN across multiple physical Switches • Redundant path is STP block • Etherchannel to bundle multiple link • No control plane to learn MAC • Dataplane support MAC learning (ARP)
Challenges for New Demand • Expand L2 network across DC, Sites or wider geographic region • Can we extend the trunk link or is this a practical solution? • Current infrastructure is a routed network and proven to be very stable. • Can a tunnelling technology address these challenges? • MAC address learning- Control Plane • Data (Frame) forwarding- Data Plane
Do we already have a solution for these? • Cisco FabricPath • IETF TRILL (TRansparent Interconnection of Lots of Links) • Need a link state routing protocol • VPWS/VPLS and so on • BGP base to exchange label • L2 MAC learning still data plane driven • No large-scale deployment
VPLS (Martini & Kompella)Model • Each tenant is represented by a VSI or similar • Each VSI is an extended bridge domain within a carrier MPLS network • Full mesh VC tunnel among VSI • MP-BGP l2-vpn address family control plane protocol is to exchange VPN labels only • Tunnel label and VC label • MAC address learning is still Flooding/Forwarding based • Scaling issue for carrier network for large scale deployment • Bandwidth cost limiting the scale • Need separate control plane protocol for L3 VPN
VPLS (Martini & Kompella)Model- Continue • L2 and L3 VPN on different address family • VPNv4 AFI • l2VPN AFI • Client L2 and L3 gateways are not integrated • Gateway deployment design introduce scalability issue for future growth • Introduce new integrated control plane protocol EVPN to address these challenges
Will EVPN be a Replacement of Current L2 VPN Technologies? • Current Layer 2 VPN technologies experiencing limitations • VPWS, VPLS has scaling issues for large scale deployment • Use dataplane forwarding to learn MAC address • Routing services require separate config which sometime can cause hairpin routing limitation • Improved Network Efficiency • No more data plane traffic to simulate ARP flooding instead use MP-BGP to exchange MAC address via L3 underlay • Integrated Layer 2/Layer 3 Functionality introducing IRB
Will EVPN be an Open Standard? • There are a number of RFC covers EVPN technology • BGP based widely used EVPN RFC is RFC7432 • A number of vendors started implementing EVPN since the early stage of the RFC process. • E.g. draft-ietf-l2vpn-evpn stage • Juniper QFX, MX and EX product range • Cisco Nexus product range • Interoperability among the vendors are still a challenge
VxLAN
VxLAN Data Plane Encapsulation Protocol • VXLAN - Virtual eXtensible Local Area Network • VNI - VXLAN Network Identifier • VXLAN Segment ID 24bit will map to VLAN ID • VTEP -VXLAN Tunnel End Point • A device (E.G. a PE) originates and/or terminates VXLAN tunnels • VXLAN Segment • VXLAN Layer 2 overlay network span across VTEP • VXLAN Gateway • L2: Forward L2 traffic across same VLANs on VTEP • L3: Forward L3 traffic between different VLAN on VTEP
VxLAN Data Plane- Inside VxLAN Header • 64 bit length • VNI 24 bit • I flag bit is set to 1 for valid VNI • R flag is reserved and need to be 0
VXLAN End Host Discovery • Option 1: Flood & Learn • Similar to VPLS, the original implementation of VxLAN relies on the data plane flood and learn discovery scheme. • Option 2: Separate Control Plane Learning • To address the scalability concern of flood and learn discovery, other controller-less control plane discovery scheme such BGP EVPN and OVSDB have been defined by IETF • Other SDN controller-based discovery scheme such as Cisco APIC or Juniper Contrail is an example.
EVPN Data Plane Encapsulation Options
MPLS Label for Data Plane Encapsulation • Probably be a topic for future bdNOG tutorial/Workshop
BGP EVPN Building Blocks • EVPN – Ethernet VPN • EVI -EVPN Instance • Span customer EVPN across PE devices • MAC-VRF • Virtual Routing and Forwarding table for MAC addresses on a PE • IP-VRF • Virtual Routing and Forwarding table for IP addresses on a PE • ES -Ethernet Segment • Multihome customer site via a set of Ethernet links • DF –Designated Forwarder
BGP EVPN Building Blocks- Continue • VTEP -VXLAN Tunnel End Point • A device (E.G. a PE) originates and/or terminates VXLAN tunnels • NVE -Network Virtualization Edges • Tunnel interface for VTEP • NVGRE -Network Virtualization using Generic Routing Encapsulation
Overlay and Underlay Network • Underlay • The underlay is the Layer 3 IP network that routes encapsulated frame/packet as normal IP traffic • Overlay • An overlay network is a service built on top of a physical network. It decouples network services from the underlaying infrastructure by further encapsulation of packet/frame inside another packet
BUM Traffic • Broadcast • Unknown Unicast • Multicast • Two way to facilitate host MAC address learning • Flood & learn • BGP EVPN control plane
BUM Traffic • Flood and learn is old way • BGP EVPN is new way • Facilitate only for known MAC • BUM traffic steel need a solution • IP Multicast underlay. L2 VNI mapped to IP multicast group. VTEP send PIM join/prune message • Enable Ingress Replication (IR) or Head-End Replication (HER). Ingress router build as a flood list to forward BUM traffic to all remote VTEP (Recently introduced)
EVPN Service Model • EVPN service model or deployment scenarios specifies 3 ways VLAN-to- VNI Mapping can be achieved 1. VLAN-Based Service Interface 2. VLAN Bundle Service Interface / Port-Based Service Interface 3. VLAN-Aware Bundle Service Interface • Most vendors however, only support option 1 and 3 from the list above
EVPN Service Model 1. VLAN-Based Service Interface • Has a one-to-one mapping between a VLAN ID on the interface and a MAC-VRF • EVPN instance consists of only a single broadcast domain. 2. VLAN Bundle Service Interface • Has a many-to-one mapping between VLANs and a MAC-VRF, and the MAC-VRF consists of a single bridge table. • EVPN instance corresponds to multiple broadcast domains 3. VLAN-Aware Bundle Service Interface • EVPN instance consists of multiple broadcast domains with • Each VLAN having its own bridge table.
EVPN Route Types
EVPN Route Types 1 • Known as Ethernet Auto-Discovery Route • Used for remote VTEP auto discovery • Used for advertising split-horizon label • Provides fast convergence through mass withdrawal • An Ethernet Tag ID is a 32-bit field containing either a 12-bit or 24-bit identifier • Identifies a particular broadcast domain for instance VLAN in an EVPN instance.
EVPN Route Types 2 • Known as MAC/IP advertisement route • Used to provides end-host reachability information
EVPN Route Types 3 • Known as Inclusive Multicast Ethernet Tag (IMET) route • Used to create the distribution list for ingress replication • Used to set up paths for BUM traffic per VLAN per EVI basis • Used to discover the multicast tunnels among the endpoints associated with a given EVI
EVPN Route Types 4 • Known as Ethernet segment Route • Used for Ethernet Segment auto- discovery by allowing VNE with the same ESI to discover each other • It allows for designated forwarder (DF) election
EVPN Route Types 5 • Known as IP Prefix Route • Used to decouple IP Prefix from MAC/IP route to provide IP prefix advertisement
Distributed Anycast Gateway • Gateway is closer to the end-hosts • Eliminate traffic hair pinning and unnecessary traffic backhauling to centralized gateway • Uses Anycast Gateway MAC (AGM) address to prevent traffic block-holed resulting from MAC mobility
Ethernet Segment Identifier (ESI) LAG • Gateway is closer to the end-hosts • Eliminate traffic hair pinning and unnecessary traffic backhauling to centralized gateway • Use an Ethernet Segment Identifier to tag the MAC on local interface • Uses Anycast Gateway MAC (AGM) address to prevent traffic block-holed resulting from MAC mobility
Integrated Routing and Bridging (IRB) • (IRB) allows the device in an EVPN to perform both bridging and routing on single bridge domain. • Bridge domain performs bridging when it forwards traffic to the same subnet & VLAN • Bridge Domain Interface performs routing when it forwards traffic to a different subnet & VLAN
Integrated Routing and Bridging (IRB) • Two Types of IRB Operation • Asymmetric IRB- via L2 VRF • Symmetric IRB- via L3 VRF by exchanging routes
Hands on • Lets do a quick LAB demo
Hands on • L2 VPN
Lab Topology • Two Spine • Two Leaves • Four Host • Two VLANs • VLAN 10 • VLAN 20 • Two Subnets • VLAN 10: 10.10.1.0/24 • VLAN 20: 10.20.1.0/24
Underlay Config • Interface interface eth1/1 no switchport ip unnumbered loop0 mtu 9216 no shut interface eth1/2 no switchport ip unnumbered loop0 mtu 9216 no shut interface loopback 0 description *** VTEP *** ip address 192.168.0.1/32
Underlay Config • OSPF router ospf OSPF_UNDERLAY log-adjacency-change interface loopback 0 ip router ospf OSPF_UNDERLAY area 0.0.0.0 interface ethernet1/1-2 medium p2p ip router ospf OSPF_UNDERLAY area 0.0.0.0
Underlay Config • Forward BUM Traffic using IP Multicast (PIM) int loopback 1 ip address 1.2.3.4/32 ip router ospf OSPF_UNDERLAY area 0.0.0.0 ip pim sparse-mode ip pim rp-address 1.2.3.4 group-list 224.0.0.0/4 ip pim ssm range 232.0.0.0/8 ip pim anycast-rp 1.2.3.4 192.168.0.1 ip pim anycast-rp 1.2.3.4 192.168.0.2 interface loopback 0 ip pim sparse-mode interface e1/1-2 ip pim sparse-mode
Overlay Config- L2 VPN • Spine to be used for overlay RR only router bgp 64520 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn retain route-target all template peer VXLAN_OVERLAY remote-as 64520 update-source loop0 address-family ipv4 unicast send-community extended route-reflector-client soft-reconfiguration inbound address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 192.168.0.3 inherit peer VXLAN_OVERLAY neighbor 192.168.0.4 inherit peer VXLAN_OVERLAY
Overlay Config- Leaf Contain Main EVPN Config • Enable VTEP Interface Interface nve1 no shut host-reachability protocol bgp source-interface loop0 sh interface nve1 (Verify)
Overlay Config- Leaf Contain Main EVPN Config • Verify VTEP Interface Leaf-1# sh interface nve 1 nve1 is up admin state is up, Hardware: NVE MTU 9216 bytes Encapsulation VXLAN Auto-mdix is turned off RX ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes TX ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes
Overlay Config- Leaf Contain Main EVPN Config • BGP EVPN Config router bgp 64520 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn retain route-target all template peer VXLAN_RR_OVERLAY remote-as 64520 update-source loop0
Overlay Config- Leaf Contain Main EVPN Config • BGP EVPN Config address-family ipv4 unicast send-community extended soft-reconfiguration inbound address-family l2vpn evpn send-community send-community extended neighbor 192.168.0.1 inherit peer VXLAN_RR_OVERLAY neighbor 192.168.0.2 inherit peer VXLAN_RR_OVERLAY
Overlay Config- Leaf Contain Main EVPN Config • Verify BGP EVPN Signalling Status Leaf-1# sh bgp ipv4 uni nei 192.168.0.1 | inc "Address family L2VPN EVPN" Address family L2VPN EVPN: advertised received Leaf-1# sh bgp ipv4 uni nei 192.168.0.2 | inc "Address family L2VPN EVPN" Address family L2VPN EVPN: advertised received
Anycast Gateway • Configuration & Verification hardware access-list tcam region arp-ether 256 fabric forwarding anycast-gateway-mac 0000.0011.1234 Leaf-1# show fabric forwarding internal topo-info | grep Anycast Forward Mode : Anycast Gateway Forward Mode : Anycast Gateway
Switch VLAN & VxLAN Related Config • Required VLAN and VNI Map vlan 10 vn-segment 100010 vlan 20 vn-segment 100020
Switch VLAN & VxLAN Related Config • L2 Gateway interface vlan10 no shutdown ip address 10.10.1.254/24 fabric forwarding mode anycast-gateway interface vlan20 no shutdown ip address 10.20.1.254/24 fabric forwarding mode anycast-gateway
Switch VLAN & VxLAN Related Config • L2 VRF/MAC VRF evpn vni 100010 l2 rd auto route-target import auto route-target export auto evpn vni 100020 l2 rd auto route-target import auto route-target export auto
Switch VLAN & VxLAN Related Config • Access port config interface e1/7 switchport mode access switchport access vlan 10 no shut interface e1/6 switchport mode access switchport access vlan 20 no shut
Switch VLAN & VxLAN Related Config • Verify L2VRF table for each VNI Leaf-1# show bgp l2vpn evpn vni-id 100010 [*** Snip ***] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.3:32777 (L2VNI 100010) *>l[2]:[0]:[0]:[48]:[0050.7966.6805]:[0]:[0.0.0.0]/216 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216 192.168.0.4 100 0 i *>l[2]:[0]:[0]:[48]:[0050.7966.6805]:[32]:[10.10.1.1]/272 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[10.10.1.2]/272 192.168.0.4 100 0 i
Switch VLAN & VxLAN Related Config • Verify L2VRF table for each VNI Leaf-1# show bgp l2vpn evpn vni-id 100020 [*** Snip ***] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.3:32787 (L2VNI 100020) *>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216 192.168.0.4 100 0 i *>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[32]:[10.20.1.1]/272 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[10.20.1.2]/272 192.168.0.4 100 0 i
Switch VLAN & VxLAN Related Config • Verify MAC VRF Table Leaf-1# sh system internal l2fwder mac [*** Snip ***] VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ * 20 0050.7966.6808 static - F F (0x47000001) nve-peer1 192.168 * 10 0050.7966.6805 dynamic 00:00:26 F F Eth1/7 G 20 5001.0003.0007 static - F F sup-eth1(R) G 10 5001.0003.0007 static - F F sup-eth1(R) * 20 0050.7966.6806 dynamic 00:03:56 F F Eth1/6 * 10 0050.7966.6807 static - F F (0x47000001) nve-peer1 192.168 G 555 5001.0003.0007 static - F F sup-eth1(R) 1 1 -00:00:00:11:12:34 - 1
Switch VLAN & VxLAN Related Config • Verify MAC VRF Table Leaf-2# sh system internal l2fwder mac [*** Snip ***] VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ * 20 0050.7966.6808 dynamic 00:04:57 F F Eth1/6 * 10 0050.7966.6805 static - F F (0x47000001) nve-peer1 192.168 G 20 5001.0003.0007 static - F F sup-eth1(R) G 10 5001.0003.0007 static - F F sup-eth1(R) * 20 0050.7966.6806 static - F F (0x47000001) nve-peer1 192.168 * 10 0050.7966.6807 dynamic 00:00:55 F F Eth1/7 G 555 5001.0003.0007 static - F F sup-eth1(R) 1 1 -00:00:00:11:12:34 - 1
Hands on • L3 VPN
Overlay Config- L3 VPN • L3 gateway VLAN & VNI VLAN 555 vn-segment 500555
Overlay Config- L3 VPN • L3 VRF config vrf context CUST1 vni 500555 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn
Overlay Config- L3 VPN • IRB Interface config interface vlan 555 no shutdown vrf member CUST1 ip forward
Overlay Config- L3 VPN • Allow L3 VNI through the VTEP interface nve1 member vni 500555 associate-vrf
Overlay Config- L3 VPN • BGP config VRF context router bgp 64520 vrf CUST1 log-neighbor-change address-family ipv4 unicast network 10.10.1.0/24 network 10.20.1.0/24 advertise l2vpn evpn
Overlay Config- L3 VPN • Assign anycast GW to L3 VRF interface vlan10 vrf member CUST1 ip address 10.10.1.254/24 fabric forwarding mode anycast-gateway interface vlan20 vrf member CUST1 ip address 10.20.1.254/24 fabric forwarding mode anycast-gateway
Config Verification- L3 VPN • Verify L3VRF table for each VNI Leaf-1# show bgp l2vpn evpn vni-id 500555 [Snip] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.3:3 (L3VNI 500555) *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[10.10.1.2]/272 192.168.0.4 100 0 i *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[10.20.1.2]/272 192.168.0.4 100 0 i * i[5]:[0]:[0]:[24]:[10.10.1.0]:[0.0.0.0]/224 192.168.0.4 100 0 i *>l 192.168.0.3 100 32768 i * i[5]:[0]:[0]:[24]:[10.20.1.0]:[0.0.0.0]/224 192.168.0.4 100 0 i *>l 192.168.0.3 100 32768 i
Config Verification- L3 VPN • Verify L3VRF table for each VNI Leaf-2# show bgp l2vpn evpn vni-id 500555 [Snip] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.4:3 (L3VNI 500555) *>i[2]:[0]:[0]:[48]:[0050.7966.6805]:[32]:[10.10.1.1]/272 192.168.0.3 100 0 i *>i[2]:[0]:[0]:[48]:[0050.7966.6806]:[32]:[10.20.1.1]/272 192.168.0.3 100 0 i *>l[5]:[0]:[0]:[24]:[10.10.1.0]:[0.0.0.0]/224 192.168.0.4 100 32768 i * i 192.168.0.3 100 0 i *>l[5]:[0]:[0]:[24]:[10.20.1.0]:[0.0.0.0]/224 192.168.0.4 100 32768 i * i 192.168.0.3 100 0 i
Hands on • L3 VPN Juniper vQFX10K
Juniper vQFX10K- Config • Underlay (Spine Interface) set interfaces lo0 unit 0 description "*** SPINE LOOPBACK ***" set interfaces lo0 unit 0 family inet address 172.16.0.1/32 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-1***" set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.1/30 set interfaces xe-0/0/1 mtu 9216 set interfaces xe-0/0/1 unit 0 description "SPINE-1-LEAF-2***" set interfaces xe-0/0/1 unit 0 family inet address 192.168.0.5/30
Juniper vQFX10K- Config • Underlay (Spine OSPF) set routing-options router-id 172.16.0.1 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface-type p2p set protocols ospf area 0.0.0.0 interface xe-0/0/1.0 set protocols ospf area 0.0.0.0 interface xe-0/0/1.0 interface-type p2p
Juniper vQFX10K- Config • Underlay (Leaf Interface) • Leaf 1 set interfaces lo0 unit 0 description "*** VTEP NEXT-HOP ***" set interfaces lo0 unit 0 family inet address 172.16.1.1/32 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-1***" set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.2/30 • Leaf 2 set interfaces lo0 unit 0 description "*** VTEP NEXT-HOP ***" set interfaces lo0 unit 0 family inet address 172.16.1.2/32 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-2***" set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.6/30
Juniper vQFX10K- Config • Underlay (Leaf OSPF) • Leaf 1 set routing-options router-id 172.16.1.1 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface- type p2p • Leaf 2 set routing-options router-id 172.16.1.2 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface- type p2p
Juniper vQFX10K- Config • Overlay (Leaf BGP) • Leaf 1 set protocols bgp group OVERLAY type internal set protocols bgp group OVERLAY local-address 172.16.1.1 set protocols bgp group OVERLAY family evpn signaling set protocols bgp group OVERLAY neighbor 172.16.1.2 description LEAF-2 set protocols bgp group OVERLAY neighbor 172.16.1.2 peer-as 65500 set protocols bgp group OVERLAY neighbor 172.16.1.2 local-as 65500 • Leaf 2 set protocols bgp group OVERLAY type internal set protocols bgp group OVERLAY local-address 172.16.1.2 set protocols bgp group OVERLAY family evpn signaling set protocols bgp group OVERLAY neighbor 172.16.1.1 description LEAF-2 set protocols bgp group OVERLAY neighbor 172.16.1.1 peer-as 65500 set protocols bgp group OVERLAY neighbor 172.16.1.1 local-as 65500
Juniper vQFX10K- Config • Overlay (Leaf VxLAN Encap) • Leaf 1 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication • Leaf 2 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication
Juniper vQFX10K- Config • Overlay (Leaf L3 VRF Config) • Leaf 1 set routing-instances CUST_A instance-type vrf set routing-instances CUST_A interface irb.100 set routing-instances CUST_A interface lo0.1 set routing-instances CUST_A route-distinguisher 172.16.1.1:5000 set routing-instances CUST_A vrf-target target:300:5000 set routing-instances CUST_A protocols evpn ip-prefix-routes advertise direct-nexthop set routing-instances CUST_A protocols evpn ip-prefix-routes encapsulation vxlan set routing-instances CUST_A protocols evpn ip-prefix-routes vni 5000 • Leaf 2 set routing-instances CUST_A instance-type vrf set routing-instances CUST_A interface irb.400 set routing-instances CUST_A interface lo0.1 set routing-instances CUST_A route-distinguisher 172.16.1.2:5000 set routing-instances CUST_A vrf-target target:300:5000 set routing-instances CUST_A protocols evpn ip-prefix-routes advertise direct-nexthop set routing-instances CUST_A protocols evpn ip-prefix-routes encapsulation vxlan set routing-instances CUST_A protocols evpn ip-prefix-routes vni 5000
Juniper vQFX10K- Config • Overlay (Leaf Switch Option Config) • Leaf 1 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 172.16.1.1:1 set switch-options vrf-target target:7777:7777 • Leaf 2 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 172.16.1.2:1 set switch-options vrf-target target:7777:7777
Juniper vQFX10K- Config • Overlay (Leaf VLAN to VNI Map Config) • Leaf 1 set vlans v100 vlan-id 100 set vlans v100 l3-interface irb.100 set vlans v100 vxlan vni 10010 set vlans v100 vxlan ingress-node-replication • Leaf 2 set vlans v400 vlan-id 400 set vlans v400 l3-interface irb.400 set vlans v400 vxlan vni 10040 set vlans v400 vxlan ingress-node-replication
Juniper vQFX10K- Config • Overlay (Leaf Host Switchport Config) • Leaf 1 set interfaces irb unit 100 family inet address 10.10.10.254/24 set interfaces xe-0/0/11 unit 0 family ethernet- switching vlan members v100 • Leaf 2 set interfaces irb unit 400 family inet address 40.40.40.254/24 set interfaces xe-0/0/11 unit 0 family ethernet- switching vlan members v400
Question?

Empfohlen

Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routingWilfredzeng
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalKwonSun Bae
 
Mpls L3_vpn
Mpls L3_vpnMpls L3_vpn
Mpls L3_vpnReza Farahani
 
Ethernet VPN (EVPN) EVerything Provider Needs
Ethernet VPN (EVPN) EVerything Provider NeedsEthernet VPN (EVPN) EVerything Provider Needs
Ethernet VPN (EVPN) EVerything Provider NeedsCSUC - Consorci de Serveis Universitaris de Catalunya
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Febrian ‎
 
Implementing cisco mpls
Implementing cisco mplsImplementing cisco mpls
Implementing cisco mplsMatiullah Jamil
 

Empfohlen

Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routingWilfredzeng
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalKwonSun Bae
 
Mpls L3_vpn
Mpls L3_vpnMpls L3_vpn
Mpls L3_vpnReza Farahani
 
Ethernet VPN (EVPN) EVerything Provider Needs
Ethernet VPN (EVPN) EVerything Provider NeedsEthernet VPN (EVPN) EVerything Provider Needs
Ethernet VPN (EVPN) EVerything Provider NeedsCSUC - Consorci de Serveis Universitaris de Catalunya
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Febrian ‎
 
Implementing cisco mpls
Implementing cisco mplsImplementing cisco mpls
Implementing cisco mplsMatiullah Jamil
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsShawn Zandi
 
Segment Routing: A Tutorial
Segment Routing: A TutorialSegment Routing: A Tutorial
Segment Routing: A TutorialAPNIC
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN DeploymentAPNIC
 
VPLS Fundamental
VPLS FundamentalVPLS Fundamental
VPLS FundamentalReza Farahani
 
Deploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringDeploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringAPNIC
 
MPLS (Multiprotocol Label Switching)
MPLS (Multiprotocol Label Switching)MPLS (Multiprotocol Label Switching)
MPLS (Multiprotocol Label Switching)Netwax Lab
 
EVPN-Presentation.pptx
EVPN-Presentation.pptxEVPN-Presentation.pptx
EVPN-Presentation.pptxVimalMallick
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorialrakiva29
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic EngineeringAPNIC
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab Cisco Canada
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bullsSwapnil Kapate
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1ronsito
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Jisc
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS PresentationUnni Kannan VijayaKumar
 
Bgp
BgpBgp
BgpFebrian ‎
 
Layer-2 VPN
Layer-2 VPNLayer-2 VPN
Layer-2 VPNrosmida
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISPWahyu Nasution
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGPDuane Bodle
 
Inter-AS MPLS VPN Deployment
Inter-AS MPLS VPN DeploymentInter-AS MPLS VPN Deployment
Inter-AS MPLS VPN DeploymentBangladesh Network Operators Group
 
Vlan
VlanVlan
VlanArdhendu Nandi
 
evpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdfevpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdfThanhTrungBui5
 

Weitere ähnliche Inhalte

Was ist angesagt?

MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsShawn Zandi
 
Segment Routing: A Tutorial
Segment Routing: A TutorialSegment Routing: A Tutorial
Segment Routing: A TutorialAPNIC
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN DeploymentAPNIC
 
Deploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringDeploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringAPNIC
 
MPLS (Multiprotocol Label Switching)
MPLS (Multiprotocol Label Switching)MPLS (Multiprotocol Label Switching)
MPLS (Multiprotocol Label Switching)Netwax Lab
 
EVPN-Presentation.pptx
EVPN-Presentation.pptxEVPN-Presentation.pptx
EVPN-Presentation.pptxVimalMallick
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorialrakiva29
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic EngineeringAPNIC
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab Cisco Canada
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bullsSwapnil Kapate
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1ronsito
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Jisc
 
Layer-2 VPN
Layer-2 VPNLayer-2 VPN
Layer-2 VPNrosmida
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGPDuane Bodle
 

Was ist angesagt? (20)

MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and Fundamentals
 
Segment Routing: A Tutorial
Segment Routing: A TutorialSegment Routing: A Tutorial
Segment Routing: A Tutorial
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN Deployment
 
VPLS Fundamental
VPLS FundamentalVPLS Fundamental
VPLS Fundamental
 
Deploy MPLS Traffic Engineering
Deploy MPLS Traffic EngineeringDeploy MPLS Traffic Engineering
Deploy MPLS Traffic Engineering
 
MPLS (Multiprotocol Label Switching)
MPLS (Multiprotocol Label Switching)MPLS (Multiprotocol Label Switching)
MPLS (Multiprotocol Label Switching)
 
EVPN-Presentation.pptx
EVPN-Presentation.pptxEVPN-Presentation.pptx
EVPN-Presentation.pptx
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorial
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic Engineering
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bulls
 
06 evpn use-case_reviewv1
06 evpn use-case_reviewv106 evpn use-case_reviewv1
06 evpn use-case_reviewv1
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS Presentation
 
Bgp
BgpBgp
Bgp
 
Layer-2 VPN
Layer-2 VPNLayer-2 VPN
Layer-2 VPN
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGP
 
Inter-AS MPLS VPN Deployment
Inter-AS MPLS VPN DeploymentInter-AS MPLS VPN Deployment
Inter-AS MPLS VPN Deployment
 

Ähnlich wie EVPN Introduction

evpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdfevpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdfThanhTrungBui5
 
Automate programmable fabric in seconds with an open standards based solution
Automate programmable fabric in seconds with an open standards based solutionAutomate programmable fabric in seconds with an open standards based solution
Automate programmable fabric in seconds with an open standards based solutionTony Antony
 
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data CenterPLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data CenterPROIDEA
 
PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PROIDEA
 
VXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdfVXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdfNelAlv1
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesCumulus Networks
 
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Gade Gowtham
 
Vlan.pdf
Vlan.pdfVlan.pdf
Vlan.pdfitwkd
 
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram SnehiVLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram SnehiMR. VIKRAM SNEHI
 
OTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOMEOTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOMEnetworkershome
 
Branching out with SDN
Branching out with SDNBranching out with SDN
Branching out with SDNAPNIC
 

Ähnlich wie EVPN Introduction (20)

Vlan
VlanVlan
Vlan
 
evpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdfevpn_in_service_provider_network-web.pdf
evpn_in_service_provider_network-web.pdf
 
Automate programmable fabric in seconds with an open standards based solution
Automate programmable fabric in seconds with an open standards based solutionAutomate programmable fabric in seconds with an open standards based solution
Automate programmable fabric in seconds with an open standards based solution
 
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data CenterPLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
PLNOG 13: Emil Gągała: EVPN – rozwiązanie nie tylko dla Data Center
 
Network Virtualization
Network VirtualizationNetwork Virtualization
Network Virtualization
 
PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...PLNOG15: Is there something less complicated than connecting two LAN networks...
PLNOG15: Is there something less complicated than connecting two LAN networks...
 
VXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdfVXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdf
 
Demystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode seriesDemystifying EVPN in the data center: Part 1 in 2 episode series
Demystifying EVPN in the data center: Part 1 in 2 episode series
 
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
Mondaygeneralhankinsvpn2 140605100226-phpapp01 (1)
 
Vlan
VlanVlan
Vlan
 
10 sdn-vir-6up
10 sdn-vir-6up10 sdn-vir-6up
10 sdn-vir-6up
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
Day 14.2 inter vlan
Day 14.2 inter vlanDay 14.2 inter vlan
Day 14.2 inter vlan
 
VXLAN
VXLANVXLAN
VXLAN
 
Vlan.pdf
Vlan.pdfVlan.pdf
Vlan.pdf
 
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram SnehiVLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
 
Network virtualization
Network virtualizationNetwork virtualization
Network virtualization
 
OTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOMEOTV PPT by NETWORKERS HOME
OTV PPT by NETWORKERS HOME
 
Branching out with SDN
Branching out with SDNBranching out with SDN
Branching out with SDN
 
Introduction to vxlan
Introduction to vxlanIntroduction to vxlan
Introduction to vxlan
 

Mehr von Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceBangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaBangladesh Network Operators Group
 

Mehr von Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 

Kürzlich hochgeladen

Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 

Kürzlich hochgeladen (20)

Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 

EVPN Introduction

  • 1. EVPN Introduction • Nurul Islam Roman, Optus, Australia
  • 2. What is EVPN? • Full form is Ethernet VPN • Carry layer 2 traffic over (Overlay) a Layer 3 network (Underlay) • In theory EVPN could use any data plane encapsulation method • MPLS, VXLAN, MPLS-over-GRE/UDP etc • In practise it is used with MPLS and VXLAN data plane encapsulation so far. • So EVPN is a control plane technology and data plane can be MPLS or VXLAN
  • 3. Traditional Network • L2 Segmentation using VLAN • Multiple VLAN on a switch • One IP subnet for each VLAN • SVI/Sub-if to do inter-VLAN routing
  • 4. Challenges for New Demand • Dot 1Q encap/Q-in-Q tunnel to extend VLAN across multiple physical Switches • Redundant path is STP block • Etherchannel to bundle multiple link • No control plane to learn MAC • Dataplane support MAC learning (ARP)
  • 5. Challenges for New Demand • Expand L2 network across DC, Sites or wider geographic region • Can we extend the trunk link or is this a practical solution? • Current infrastructure is a routed network and proven to be very stable. • Can a tunnelling technology address these challenges? • MAC address learning- Control Plane • Data (Frame) forwarding- Data Plane
  • 6. Do we already have a solution for these? • Cisco FabricPath • IETF TRILL (TRansparent Interconnection of Lots of Links) • Need a link state routing protocol • VPWS/VPLS and so on • BGP base to exchange label • L2 MAC learning still data plane driven • No large-scale deployment
  • 7. VPLS (Martini & Kompella)Model • Each tenant is represented by a VSI or similar • Each VSI is an extended bridge domain within a carrier MPLS network • Full mesh VC tunnel among VSI • MP-BGP l2-vpn address family control plane protocol is to exchange VPN labels only • Tunnel label and VC label • MAC address learning is still Flooding/Forwarding based • Scaling issue for carrier network for large scale deployment • Bandwidth cost limiting the scale • Need separate control plane protocol for L3 VPN
  • 8. VPLS (Martini & Kompella)Model- Continue • L2 and L3 VPN on different address family • VPNv4 AFI • l2VPN AFI • Client L2 and L3 gateways are not integrated • Gateway deployment design introduce scalability issue for future growth • Introduce new integrated control plane protocol EVPN to address these challenges
  • 9. Will EVPN be a Replacement of Current L2 VPN Technologies? • Current Layer 2 VPN technologies experiencing limitations • VPWS, VPLS has scaling issues for large scale deployment • Use dataplane forwarding to learn MAC address • Routing services require separate config which sometime can cause hairpin routing limitation • Improved Network Efficiency • No more data plane traffic to simulate ARP flooding instead use MP-BGP to exchange MAC address via L3 underlay • Integrated Layer 2/Layer 3 Functionality introducing IRB
  • 10. Will EVPN be an Open Standard? • There are a number of RFC covers EVPN technology • BGP based widely used EVPN RFC is RFC7432 • A number of vendors started implementing EVPN since the early stage of the RFC process. • E.g. draft-ietf-l2vpn-evpn stage • Juniper QFX, MX and EX product range • Cisco Nexus product range • Interoperability among the vendors are still a challenge
  • 11. VxLAN
  • 12. VxLAN Data Plane Encapsulation Protocol • VXLAN - Virtual eXtensible Local Area Network • VNI - VXLAN Network Identifier • VXLAN Segment ID 24bit will map to VLAN ID • VTEP -VXLAN Tunnel End Point • A device (E.G. a PE) originates and/or terminates VXLAN tunnels • VXLAN Segment • VXLAN Layer 2 overlay network span across VTEP • VXLAN Gateway • L2: Forward L2 traffic across same VLANs on VTEP • L3: Forward L3 traffic between different VLAN on VTEP
  • 13. VxLAN Data Plane- Inside VxLAN Header • 64 bit length • VNI 24 bit • I flag bit is set to 1 for valid VNI • R flag is reserved and need to be 0
  • 14. VXLAN End Host Discovery • Option 1: Flood & Learn • Similar to VPLS, the original implementation of VxLAN relies on the data plane flood and learn discovery scheme. • Option 2: Separate Control Plane Learning • To address the scalability concern of flood and learn discovery, other controller-less control plane discovery scheme such BGP EVPN and OVSDB have been defined by IETF • Other SDN controller-based discovery scheme such as Cisco APIC or Juniper Contrail is an example.
  • 15. EVPN Data Plane Encapsulation Options
  • 16. MPLS Label for Data Plane Encapsulation • Probably be a topic for future bdNOG tutorial/Workshop
  • 17. BGP EVPN Building Blocks • EVPN – Ethernet VPN • EVI -EVPN Instance • Span customer EVPN across PE devices • MAC-VRF • Virtual Routing and Forwarding table for MAC addresses on a PE • IP-VRF • Virtual Routing and Forwarding table for IP addresses on a PE • ES -Ethernet Segment • Multihome customer site via a set of Ethernet links • DF –Designated Forwarder
  • 18. BGP EVPN Building Blocks- Continue • VTEP -VXLAN Tunnel End Point • A device (E.G. a PE) originates and/or terminates VXLAN tunnels • NVE -Network Virtualization Edges • Tunnel interface for VTEP • NVGRE -Network Virtualization using Generic Routing Encapsulation
  • 19. Overlay and Underlay Network • Underlay • The underlay is the Layer 3 IP network that routes encapsulated frame/packet as normal IP traffic • Overlay • An overlay network is a service built on top of a physical network. It decouples network services from the underlaying infrastructure by further encapsulation of packet/frame inside another packet
  • 20. BUM Traffic • Broadcast • Unknown Unicast • Multicast • Two way to facilitate host MAC address learning • Flood & learn • BGP EVPN control plane
  • 21. BUM Traffic • Flood and learn is old way • BGP EVPN is new way • Facilitate only for known MAC • BUM traffic steel need a solution • IP Multicast underlay. L2 VNI mapped to IP multicast group. VTEP send PIM join/prune message • Enable Ingress Replication (IR) or Head-End Replication (HER). Ingress router build as a flood list to forward BUM traffic to all remote VTEP (Recently introduced)
  • 22. EVPN Service Model • EVPN service model or deployment scenarios specifies 3 ways VLAN-to- VNI Mapping can be achieved 1. VLAN-Based Service Interface 2. VLAN Bundle Service Interface / Port-Based Service Interface 3. VLAN-Aware Bundle Service Interface • Most vendors however, only support option 1 and 3 from the list above
  • 23. EVPN Service Model 1. VLAN-Based Service Interface • Has a one-to-one mapping between a VLAN ID on the interface and a MAC-VRF • EVPN instance consists of only a single broadcast domain. 2. VLAN Bundle Service Interface • Has a many-to-one mapping between VLANs and a MAC-VRF, and the MAC-VRF consists of a single bridge table. • EVPN instance corresponds to multiple broadcast domains 3. VLAN-Aware Bundle Service Interface • EVPN instance consists of multiple broadcast domains with • Each VLAN having its own bridge table.
  • 25. EVPN Route Types 1 • Known as Ethernet Auto-Discovery Route • Used for remote VTEP auto discovery • Used for advertising split-horizon label • Provides fast convergence through mass withdrawal • An Ethernet Tag ID is a 32-bit field containing either a 12-bit or 24-bit identifier • Identifies a particular broadcast domain for instance VLAN in an EVPN instance.
  • 26. EVPN Route Types 2 • Known as MAC/IP advertisement route • Used to provides end-host reachability information
  • 27. EVPN Route Types 3 • Known as Inclusive Multicast Ethernet Tag (IMET) route • Used to create the distribution list for ingress replication • Used to set up paths for BUM traffic per VLAN per EVI basis • Used to discover the multicast tunnels among the endpoints associated with a given EVI
  • 28. EVPN Route Types 4 • Known as Ethernet segment Route • Used for Ethernet Segment auto- discovery by allowing VNE with the same ESI to discover each other • It allows for designated forwarder (DF) election
  • 29. EVPN Route Types 5 • Known as IP Prefix Route • Used to decouple IP Prefix from MAC/IP route to provide IP prefix advertisement
  • 30. Distributed Anycast Gateway • Gateway is closer to the end-hosts • Eliminate traffic hair pinning and unnecessary traffic backhauling to centralized gateway • Uses Anycast Gateway MAC (AGM) address to prevent traffic block-holed resulting from MAC mobility
  • 31. Ethernet Segment Identifier (ESI) LAG • Gateway is closer to the end-hosts • Eliminate traffic hair pinning and unnecessary traffic backhauling to centralized gateway • Use an Ethernet Segment Identifier to tag the MAC on local interface • Uses Anycast Gateway MAC (AGM) address to prevent traffic block-holed resulting from MAC mobility
  • 32. Integrated Routing and Bridging (IRB) • (IRB) allows the device in an EVPN to perform both bridging and routing on single bridge domain. • Bridge domain performs bridging when it forwards traffic to the same subnet & VLAN • Bridge Domain Interface performs routing when it forwards traffic to a different subnet & VLAN
  • 33. Integrated Routing and Bridging (IRB) • Two Types of IRB Operation • Asymmetric IRB- via L2 VRF • Symmetric IRB- via L3 VRF by exchanging routes
  • 34. Hands on • Lets do a quick LAB demo
  • 36. Lab Topology • Two Spine • Two Leaves • Four Host • Two VLANs • VLAN 10 • VLAN 20 • Two Subnets • VLAN 10: 10.10.1.0/24 • VLAN 20: 10.20.1.0/24
  • 37. Underlay Config • Interface interface eth1/1 no switchport ip unnumbered loop0 mtu 9216 no shut interface eth1/2 no switchport ip unnumbered loop0 mtu 9216 no shut interface loopback 0 description *** VTEP *** ip address 192.168.0.1/32
  • 38. Underlay Config • OSPF router ospf OSPF_UNDERLAY log-adjacency-change interface loopback 0 ip router ospf OSPF_UNDERLAY area 0.0.0.0 interface ethernet1/1-2 medium p2p ip router ospf OSPF_UNDERLAY area 0.0.0.0
  • 39. Underlay Config • Forward BUM Traffic using IP Multicast (PIM) int loopback 1 ip address 1.2.3.4/32 ip router ospf OSPF_UNDERLAY area 0.0.0.0 ip pim sparse-mode ip pim rp-address 1.2.3.4 group-list 224.0.0.0/4 ip pim ssm range 232.0.0.0/8 ip pim anycast-rp 1.2.3.4 192.168.0.1 ip pim anycast-rp 1.2.3.4 192.168.0.2 interface loopback 0 ip pim sparse-mode interface e1/1-2 ip pim sparse-mode
  • 40. Overlay Config- L2 VPN • Spine to be used for overlay RR only router bgp 64520 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn retain route-target all template peer VXLAN_OVERLAY remote-as 64520 update-source loop0 address-family ipv4 unicast send-community extended route-reflector-client soft-reconfiguration inbound address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 192.168.0.3 inherit peer VXLAN_OVERLAY neighbor 192.168.0.4 inherit peer VXLAN_OVERLAY
  • 41. Overlay Config- Leaf Contain Main EVPN Config • Enable VTEP Interface Interface nve1 no shut host-reachability protocol bgp source-interface loop0 sh interface nve1 (Verify)
  • 42. Overlay Config- Leaf Contain Main EVPN Config • Verify VTEP Interface Leaf-1# sh interface nve 1 nve1 is up admin state is up, Hardware: NVE MTU 9216 bytes Encapsulation VXLAN Auto-mdix is turned off RX ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes TX ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes
  • 43. Overlay Config- Leaf Contain Main EVPN Config • BGP EVPN Config router bgp 64520 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn retain route-target all template peer VXLAN_RR_OVERLAY remote-as 64520 update-source loop0
  • 44. Overlay Config- Leaf Contain Main EVPN Config • BGP EVPN Config address-family ipv4 unicast send-community extended soft-reconfiguration inbound address-family l2vpn evpn send-community send-community extended neighbor 192.168.0.1 inherit peer VXLAN_RR_OVERLAY neighbor 192.168.0.2 inherit peer VXLAN_RR_OVERLAY
  • 45. Overlay Config- Leaf Contain Main EVPN Config • Verify BGP EVPN Signalling Status Leaf-1# sh bgp ipv4 uni nei 192.168.0.1 | inc "Address family L2VPN EVPN" Address family L2VPN EVPN: advertised received Leaf-1# sh bgp ipv4 uni nei 192.168.0.2 | inc "Address family L2VPN EVPN" Address family L2VPN EVPN: advertised received
  • 46. Anycast Gateway • Configuration & Verification hardware access-list tcam region arp-ether 256 fabric forwarding anycast-gateway-mac 0000.0011.1234 Leaf-1# show fabric forwarding internal topo-info | grep Anycast Forward Mode : Anycast Gateway Forward Mode : Anycast Gateway
  • 47. Switch VLAN & VxLAN Related Config • Required VLAN and VNI Map vlan 10 vn-segment 100010 vlan 20 vn-segment 100020
  • 48. Switch VLAN & VxLAN Related Config • L2 Gateway interface vlan10 no shutdown ip address 10.10.1.254/24 fabric forwarding mode anycast-gateway interface vlan20 no shutdown ip address 10.20.1.254/24 fabric forwarding mode anycast-gateway
  • 49. Switch VLAN & VxLAN Related Config • L2 VRF/MAC VRF evpn vni 100010 l2 rd auto route-target import auto route-target export auto evpn vni 100020 l2 rd auto route-target import auto route-target export auto
  • 50. Switch VLAN & VxLAN Related Config • Access port config interface e1/7 switchport mode access switchport access vlan 10 no shut interface e1/6 switchport mode access switchport access vlan 20 no shut
  • 51. Switch VLAN & VxLAN Related Config • Verify L2VRF table for each VNI Leaf-1# show bgp l2vpn evpn vni-id 100010 [*** Snip ***] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.3:32777 (L2VNI 100010) *>l[2]:[0]:[0]:[48]:[0050.7966.6805]:[0]:[0.0.0.0]/216 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216 192.168.0.4 100 0 i *>l[2]:[0]:[0]:[48]:[0050.7966.6805]:[32]:[10.10.1.1]/272 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[10.10.1.2]/272 192.168.0.4 100 0 i
  • 52. Switch VLAN & VxLAN Related Config • Verify L2VRF table for each VNI Leaf-1# show bgp l2vpn evpn vni-id 100020 [*** Snip ***] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.3:32787 (L2VNI 100020) *>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216 192.168.0.4 100 0 i *>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[32]:[10.20.1.1]/272 192.168.0.3 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[10.20.1.2]/272 192.168.0.4 100 0 i
  • 53. Switch VLAN & VxLAN Related Config • Verify MAC VRF Table Leaf-1# sh system internal l2fwder mac [*** Snip ***] VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ * 20 0050.7966.6808 static - F F (0x47000001) nve-peer1 192.168 * 10 0050.7966.6805 dynamic 00:00:26 F F Eth1/7 G 20 5001.0003.0007 static - F F sup-eth1(R) G 10 5001.0003.0007 static - F F sup-eth1(R) * 20 0050.7966.6806 dynamic 00:03:56 F F Eth1/6 * 10 0050.7966.6807 static - F F (0x47000001) nve-peer1 192.168 G 555 5001.0003.0007 static - F F sup-eth1(R) 1 1 -00:00:00:11:12:34 - 1
  • 54. Switch VLAN & VxLAN Related Config • Verify MAC VRF Table Leaf-2# sh system internal l2fwder mac [*** Snip ***] VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ * 20 0050.7966.6808 dynamic 00:04:57 F F Eth1/6 * 10 0050.7966.6805 static - F F (0x47000001) nve-peer1 192.168 G 20 5001.0003.0007 static - F F sup-eth1(R) G 10 5001.0003.0007 static - F F sup-eth1(R) * 20 0050.7966.6806 static - F F (0x47000001) nve-peer1 192.168 * 10 0050.7966.6807 dynamic 00:00:55 F F Eth1/7 G 555 5001.0003.0007 static - F F sup-eth1(R) 1 1 -00:00:00:11:12:34 - 1
  • 56. Overlay Config- L3 VPN • L3 gateway VLAN & VNI VLAN 555 vn-segment 500555
  • 57. Overlay Config- L3 VPN • L3 VRF config vrf context CUST1 vni 500555 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn
  • 58. Overlay Config- L3 VPN • IRB Interface config interface vlan 555 no shutdown vrf member CUST1 ip forward
  • 59. Overlay Config- L3 VPN • Allow L3 VNI through the VTEP interface nve1 member vni 500555 associate-vrf
  • 60. Overlay Config- L3 VPN • BGP config VRF context router bgp 64520 vrf CUST1 log-neighbor-change address-family ipv4 unicast network 10.10.1.0/24 network 10.20.1.0/24 advertise l2vpn evpn
  • 61. Overlay Config- L3 VPN • Assign anycast GW to L3 VRF interface vlan10 vrf member CUST1 ip address 10.10.1.254/24 fabric forwarding mode anycast-gateway interface vlan20 vrf member CUST1 ip address 10.20.1.254/24 fabric forwarding mode anycast-gateway
  • 62. Config Verification- L3 VPN • Verify L3VRF table for each VNI Leaf-1# show bgp l2vpn evpn vni-id 500555 [Snip] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.3:3 (L3VNI 500555) *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[10.10.1.2]/272 192.168.0.4 100 0 i *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[10.20.1.2]/272 192.168.0.4 100 0 i * i[5]:[0]:[0]:[24]:[10.10.1.0]:[0.0.0.0]/224 192.168.0.4 100 0 i *>l 192.168.0.3 100 32768 i * i[5]:[0]:[0]:[24]:[10.20.1.0]:[0.0.0.0]/224 192.168.0.4 100 0 i *>l 192.168.0.3 100 32768 i
  • 63. Config Verification- L3 VPN • Verify L3VRF table for each VNI Leaf-2# show bgp l2vpn evpn vni-id 500555 [Snip] Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 192.168.0.4:3 (L3VNI 500555) *>i[2]:[0]:[0]:[48]:[0050.7966.6805]:[32]:[10.10.1.1]/272 192.168.0.3 100 0 i *>i[2]:[0]:[0]:[48]:[0050.7966.6806]:[32]:[10.20.1.1]/272 192.168.0.3 100 0 i *>l[5]:[0]:[0]:[24]:[10.10.1.0]:[0.0.0.0]/224 192.168.0.4 100 32768 i * i 192.168.0.3 100 0 i *>l[5]:[0]:[0]:[24]:[10.20.1.0]:[0.0.0.0]/224 192.168.0.4 100 32768 i * i 192.168.0.3 100 0 i
  • 64. Hands on • L3 VPN Juniper vQFX10K
  • 65. Juniper vQFX10K- Config • Underlay (Spine Interface) set interfaces lo0 unit 0 description "*** SPINE LOOPBACK ***" set interfaces lo0 unit 0 family inet address 172.16.0.1/32 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-1***" set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.1/30 set interfaces xe-0/0/1 mtu 9216 set interfaces xe-0/0/1 unit 0 description "SPINE-1-LEAF-2***" set interfaces xe-0/0/1 unit 0 family inet address 192.168.0.5/30
  • 66. Juniper vQFX10K- Config • Underlay (Spine OSPF) set routing-options router-id 172.16.0.1 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface-type p2p set protocols ospf area 0.0.0.0 interface xe-0/0/1.0 set protocols ospf area 0.0.0.0 interface xe-0/0/1.0 interface-type p2p
  • 67. Juniper vQFX10K- Config • Underlay (Leaf Interface) • Leaf 1 set interfaces lo0 unit 0 description "*** VTEP NEXT-HOP ***" set interfaces lo0 unit 0 family inet address 172.16.1.1/32 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-1***" set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.2/30 • Leaf 2 set interfaces lo0 unit 0 description "*** VTEP NEXT-HOP ***" set interfaces lo0 unit 0 family inet address 172.16.1.2/32 set interfaces xe-0/0/0 mtu 9216 set interfaces xe-0/0/0 unit 0 description "SPINE-1-LEAF-2***" set interfaces xe-0/0/0 unit 0 family inet address 192.168.0.6/30
  • 68. Juniper vQFX10K- Config • Underlay (Leaf OSPF) • Leaf 1 set routing-options router-id 172.16.1.1 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface- type p2p • Leaf 2 set routing-options router-id 172.16.1.2 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface- type p2p
  • 69. Juniper vQFX10K- Config • Overlay (Leaf BGP) • Leaf 1 set protocols bgp group OVERLAY type internal set protocols bgp group OVERLAY local-address 172.16.1.1 set protocols bgp group OVERLAY family evpn signaling set protocols bgp group OVERLAY neighbor 172.16.1.2 description LEAF-2 set protocols bgp group OVERLAY neighbor 172.16.1.2 peer-as 65500 set protocols bgp group OVERLAY neighbor 172.16.1.2 local-as 65500 • Leaf 2 set protocols bgp group OVERLAY type internal set protocols bgp group OVERLAY local-address 172.16.1.2 set protocols bgp group OVERLAY family evpn signaling set protocols bgp group OVERLAY neighbor 172.16.1.1 description LEAF-2 set protocols bgp group OVERLAY neighbor 172.16.1.1 peer-as 65500 set protocols bgp group OVERLAY neighbor 172.16.1.1 local-as 65500
  • 70. Juniper vQFX10K- Config • Overlay (Leaf VxLAN Encap) • Leaf 1 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication • Leaf 2 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication
  • 71. Juniper vQFX10K- Config • Overlay (Leaf L3 VRF Config) • Leaf 1 set routing-instances CUST_A instance-type vrf set routing-instances CUST_A interface irb.100 set routing-instances CUST_A interface lo0.1 set routing-instances CUST_A route-distinguisher 172.16.1.1:5000 set routing-instances CUST_A vrf-target target:300:5000 set routing-instances CUST_A protocols evpn ip-prefix-routes advertise direct-nexthop set routing-instances CUST_A protocols evpn ip-prefix-routes encapsulation vxlan set routing-instances CUST_A protocols evpn ip-prefix-routes vni 5000 • Leaf 2 set routing-instances CUST_A instance-type vrf set routing-instances CUST_A interface irb.400 set routing-instances CUST_A interface lo0.1 set routing-instances CUST_A route-distinguisher 172.16.1.2:5000 set routing-instances CUST_A vrf-target target:300:5000 set routing-instances CUST_A protocols evpn ip-prefix-routes advertise direct-nexthop set routing-instances CUST_A protocols evpn ip-prefix-routes encapsulation vxlan set routing-instances CUST_A protocols evpn ip-prefix-routes vni 5000
  • 72. Juniper vQFX10K- Config • Overlay (Leaf Switch Option Config) • Leaf 1 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 172.16.1.1:1 set switch-options vrf-target target:7777:7777 • Leaf 2 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 172.16.1.2:1 set switch-options vrf-target target:7777:7777
  • 73. Juniper vQFX10K- Config • Overlay (Leaf VLAN to VNI Map Config) • Leaf 1 set vlans v100 vlan-id 100 set vlans v100 l3-interface irb.100 set vlans v100 vxlan vni 10010 set vlans v100 vxlan ingress-node-replication • Leaf 2 set vlans v400 vlan-id 400 set vlans v400 l3-interface irb.400 set vlans v400 vxlan vni 10040 set vlans v400 vxlan ingress-node-replication
  • 74. Juniper vQFX10K- Config • Overlay (Leaf Host Switchport Config) • Leaf 1 set interfaces irb unit 100 family inet address 10.10.10.254/24 set interfaces xe-0/0/11 unit 0 family ethernet- switching vlan members v100 • Leaf 2 set interfaces irb unit 400 family inet address 40.40.40.254/24 set interfaces xe-0/0/11 unit 0 family ethernet- switching vlan members v400