With Juniper EX9200s you can map vlans into a specific VXLAN tunnel or VTEP (Vxlan Tunnel End Point) The original L2 frame gets encapsulated into a VXLAN header. The outer header is an IP frame.
This allows it to cross a L3 network while retaining the original L2 frame. Communication to setup the tunnel is done through multicast.
Note: VXLAN tunnels can originate from the Hypervisor itself using vShield in VMware. This is another method if you want to have the tunnels originate in the underlay.
The EXs will need to be configured for PIM and an RP will be needed to build the Multicast tree. Multicast is used to interconnect the different VTEPs. It's used to optimize network traffic. Only End points listening for the multicast traffic will be forwarded frames. Other devices in the network will not receive this traffic.
Each VTEP will need to have two things.
1) A VXLAN Network Identifier (aka VNI) which is like a dlci in Frame relay or vc-id in Point to Point Psuedo-wires in MPLS.
2) An IP multicast address
When a L2 packet hits the switch, it will be encapsulated into an ip mulicast address + a vxlan header. This packet will then go to the RP to do the replication to all the "receivers". In our case we only have 2 end points so the RP will only see 2 receivers.
Here's config snippets of how this is built.
EX1
First build the interface connecting to the LEAF switch.
set interfaces et-2/2/1 description TO-LEAF1
set interfaces et-2/2/1 unit 0 family ethernet-switching interface-mode trunkset interfaces et-2/2/1 unit 0 family ethernet-switching vlan members v100
set interfaces et-2/0/0 description TO-CORE1
set interfaces et-2/0/0 unit 0 family inet address 192.168.24.4/24
set interfaces et-2/0/0 unit 0 family iso
setup the EX to use a tunneling resource
set chassis fpc 9 pic 1 tunnel-services
Add your IGP flavor of choice and it's related config to exchange L3 information through the network.
set interfaces lo0 unit 0 family inet address 4.4.4.4/32
set interfaces lo0 unit 0 family iso address 49.0001.0040.0400.4004.00
set protocols isis interface all
set protocols isis interface fxp0.0 disable
set protocols isis interface lo0.0 passive
Configure PIM and point it to the RP
set protocols pim rp static address 192.168.0.1
set protocols pim interface lo0.0 mode bidirectional-sparse
set protocols pim interface et-2/0/0.0 mode bidirectional-sparse
Then map your VLAN into a VTEP
set vlans v100 vlan-id 100
set vlans v100 l3-interface irb.0
set vlans v100 vxlan vni 1
set vlans v100 vxlan multicast-group 239.1.1.1
set vlans v100 vxlan encapsulate-inner-vlan
set vlans v100 vxlan decapsulate-accept-inner-vlan
Then setup the switch to use it's ip address as the source of the tunnel
set switch-options vtep-source-interface lo0.0
On the RP you would only need to setup your IPs addresses and PIM configuration
set chassis fpc 1 pic 2 tunnel-services
set interfaces et-2/0/0 description TO-EX2
set interfaces et-2/0/0 unit 0 family inet address 192.168.35.3/24
set interfaces et-2/0/0 unit 0 family iso
set interfaces et-3/2/0 description TO-CORE1
set interfaces et-3/2/0 unit 0 family inet address 192.168.23.3/24
set interfaces et-3/2/0 unit 0 family iso
set interfaces et-3/2/1 description TO-CORE1
set interfaces et-3/2/1 unit 0 family inet address 192.168.123.3/24
set interfaces et-3/2/1 unit 0 family iso
set interfaces lo0 unit 0 family inet address 3.3.3.3/32 primary
set interfaces lo0 unit 0 family inet address 192.168.0.1/32
set interfaces lo0 unit 0 family iso address 49.0001.0030.0300.3003.00
set protocols isis interface all
set protocols isis interface fxp0.0 disable
set protocols isis interface lo0.0 passive
set protocols pim rp local family inet address 192.168.0.1
set protocols pim interface all mode bidirectional-sparse
set protocols pim interface fxp0.0 disable
You would create a similar VTEP on the remote EX
set chassis fpc 3 pic 0 tunnel-services
set interfaces et-2/0/0 description TO-CORE2
set interfaces et-2/0/0 unit 0 family inet address 192.168.35.5/24
set interfaces et-2/0/0 unit 0 family iso
set interfaces et-2/2/1 unit 0 family ethernet-switching interface-mode trunk
set interfaces et-2/2/1 unit 0 family ethernet-switching vlan members v100
set interfaces irb unit 0 family inet address 100.1.1.2/24
set interfaces lo0 unit 0 family inet address 5.5.5.5/32
set interfaces lo0 unit 0 family iso address 49.0001.0050.0500.5005.00
set protocols isis reference-bandwidth 40g
set protocols isis interface et-2/0/0.0
set protocols isis interface all
set protocols isis interface fxp0.0 disable
set protocols isis interface lo0.0 passive
set protocols pim rp static address 192.168.0.1
set protocols pim interface lo0.0 mode bidirectional-sparse
set protocols pim interface et-2/0/0.0 mode bidirectional-sparse
set protocols lldp interface all
set switch-options vtep-source-interface lo0.0
set vlans v100 vlan-id 100
set vlans v100 l3-interface irb.0
set vlans v100 vxlan vni 1
set vlans v100 vxlan multicast-group 239.1.1.1
set vlans v100 vxlan encapsulate-inner-vlan
set vlans v100 vxlan decapsulate-accept-inner-vlan
-----------------------
Once that is done you can check the connectivity
EX1
Check the PIM state and see if the Mcast Join was sent to the RP and if the multicast route is seen by the pim neighbor
user@EX1# run show pim join detail
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
Group: 239.1.1.1
Source: *
RP: 192.168.0.1
Flags: sparse,rptree,wildcard
Upstream interface: et-2/0/0.0
Downstream neighbors:
Interface: Pseudo-VXLAN
Group: 239.1.1.1
Source: 4.4.4.4
Flags: sparse,spt
Upstream interface: Local
Downstream neighbors:
Interface: pe-9/1/0.32770
Interface: Pseudo-VXLAN
Group: 239.1.1.1
Source: 5.5.5.5
Flags: sparse,spt
Upstream interface: et-2/0/0.0
Downstream neighbors:
Interface: Pseudo-VXLAN
Once traffic is flowing from the LEAF switches, you can then check the vtep to see traffic statistics
user@EX1# run show vlans
Routing instance VLAN name Tag Interfaces
default-switch v100 100
et-2/2/1.0*
vtep.32768*
user@EX1# run show interfaces vtep.32768 detail
Logical interface vtep.32768 (Index 324) (SNMP ifIndex 604) (Generation 239)
Flags: Up SNMP-Traps Encapsulation: ENET2
VXLAN Endpoint Type: Remote, VXLAN Endpoint Address: 5.5.5.5, L2 Routing Instance: default-switch, L3 Routing Instance: default
Traffic statistics:
Input bytes : 508486320
Output bytes : 509589960
Input packets: 498516
Output packets: 499598
Local statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Transit statistics:
Input bytes : 508486320 8158304 bps
Output bytes : 509589960 8158280 bps
Input packets: 498516 999 pps
Output packets: 499598 999 pps
Protocol eth-switch, MTU: 1600, Generation: 331, Route table: 6
Flags: Trunk-Mode
The EX is acting as a switch so you can see the mac table and find out where the macs are learned
user@EX1# run show ethernet-switching table
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static, C - Control MAC
SE - statistics enabled, NM - non configured MAC, R - remote PE MAC)
Ethernet switching table : 2 entries, 2 learned
Routing instance : default-switch
Vlan MAC MAC Age Logical NH RTR
name address flags interface Index ID
v100 00:00:05:ed:ad:49 D - et-2/2/1.0 <<<< local
v100 00:00:05:ed:ae:01 D - vtep.32768 <<< over the vxlan tunnel
Here are some useful vxlan commands to check when the number of vteps grow larger
user@EX1# run show ethernet-switching vxlan-tunnel-end-point source
Logical System Name Id SVTEP-IP IFL L3-Idx
<default> 0 4.4.4.4 lo0.0 0
L2-RTT Bridge Domain VNID MC-Group-IP
default-switch v100+100 1 239.1.1.1
user@EX1# run show ethernet-switching vxlan-tunnel-end-point remote
Logical System Name Id SVTEP-IP IFL L3-Idx
<default> 0 4.4.4.4 lo0.0 0
RVTEP-IP IFL-Idx NH-Id
5.5.5.5 324 597
VNID MC-Group-IP
1 239.1.1.1
user@EX1# run show ethernet-switching vxlan-tunnel-end-point remote mac-table
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)
Logical system : <default>
Routing instance : default-switch
Bridging domain : v100+100, VLAN : 100, VNID : 1
MAC MAC Logical Remote VTEP
address flags interface IP address
00:00:05:ed:ae:01 D vtep.32768 5.5.5.5
On the RP, you'll need to make sure Multicast is working.
CORE2
user@CORE2# run show pim join detail
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
Group: 239.1.1.1
Source: *
RP: 192.168.0.1
Flags: sparse,rptree,wildcard
Upstream interface: Local
Downstream neighbors:
Interface: et-2/0/0.0
Interface: et-3/2/0.0
Group: 239.1.1.1
Source: 4.4.4.4
Flags: sparse
Upstream interface: et-3/2/1.0
Downstream neighbors:
Interface: et-3/2/0.0 (pruned)
Group: 239.1.1.1
Source: 5.5.5.5
Flags: sparse,spt
Upstream interface: et-2/0/0.0
Downstream neighbors:
Interface: et-3/2/0.0
Now the question you might ask is why use EVPN + MPLS as there are a lot of configuration invovled. Well that's like comparing apples to oranges. VXLAN and MPLS should be compared a little more as they are both transport mechanisms. MPLS is far more superior to VXLAN as MPLS can do traffic engineering, bandwidth reservation and ~ 50 ms convergence on failure, while VXLAN relies on the underlying IGP for much of the decision making.
No comments:
Post a Comment