EVPN Type 5 Configuration Example – Juniper MX

Introduction

In this example, we will show how to configure L2 and L3 EVPN service on Juniper MX devices.

If you are not familiar with EVPN, please review our introductory articles on EVPN.

In this lab, we will leverage our previous example, where we delivered L2 connectivity between multiple sites, and will augment it with L3 site-to-site connectivity options.

One shared broadcast domain with IP range 1.1.1.0/24 is used on PE-CE interfaces across the entire network. Each CE site is assigned a unique subnet on LAN interface.

EVPN Type 5 Lab Topology
EVPN Type 5 Lab Topology

In order to originate IP routes, each PE device is configured with L3 VRF, IRB interface and static route pointing to directly attached CE. CE devices are configured with static default routes pointing to the closest PE. Please note that EVPN allows to use shared gateway across all PE devices, instead of configuring unique IPs on each PE. We will cover this scenario in one of the next articles.

PE Configuration

We will use site 2 for our examples. PE2’s configuration is shown below.

CE2-facing Layer 2 Interface

ge-0/0/1 {
    description CE2;
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 100 {
        encapsulation vlan-bridge;
        vlan-id 100;
    }
}

Layer 2 EVPN Instance

BD100 {
    instance-type evpn;
    vlan-id 100;
    interface ge-0/0/1.100;
    routing-interface irb.100;
    route-distinguisher 120.0.2.2:100;
    vrf-target target:100:100;
    protocols {
        evpn;
    }
}

Layer 3 IRB Interface

irb {
    unit 100 {
        family inet {
            address 1.1.1.102/24;
        }
    }
}

 

Layer 3 EVPN Instance

BD100-L3 {
    instance-type vrf;
    interface irb.100;
    route-distinguisher 120.0.2.2:101;
    vrf-target target:100:100;
    vrf-table-label;
    routing-options {
        static {
            route 2.0.0.0/24 next-hop 1.1.1.2;
        }
    }
    protocols {
        evpn {
            ip-prefix-routes {
                advertise direct-nexthop;
            }
        }
    }
}

Advertised Routes

root@PE2-vMX> show route advertising-protocol bgp 120.0.2.7


BD100-L3.evpn.0: 24 destinations, 24 routes (24 active, 0 holddown, 0 hidden)

  Prefix                Nexthop            MED     Lclpref    AS path

  5:120.0.2.2:101::0::1.1.1.0::24/304
*                         Self                         100        I

  5:120.0.2.2:101::0::2.0.0.0::24/304
*                         Self                         100        I




BD100.evpn.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)

  Prefix                Nexthop            MED     Lclpref    AS path

  2:120.0.2.2:100::100::00:05:86:23:a6:f0/304 MAC/IP
*                         Self                         100        I

  2:120.0.2.2:100::100::00:0c:29:8a:79:e8/304 MAC/IP
*                         Self                         100        I

  2:120.0.2.2:100::100::00:05:86:23:a6:f0::1.1.1.102/304 MAC/IP
*                         Self                         100        I

  2:120.0.2.2:100::100::00:0c:29:8a:79:e8::1.1.1.2/304 MAC/IP
*                         Self                         100        I

  3:120.0.2.2:100::100::120.0.2.2/304 IM
*                         Self                         100        I

Please note two Type 2 prefixes advertised by PE2:

  2:120.0.2.2:100::100::00:05:86:23:a6:f0::1.1.1.102
  2:120.0.2.2:100::100::00:0c:29:8a:79:e8::1.1.1.2

And two Type 5 advertisements (IPv4 prefixes) advertised by PE2:

  5:120.0.2.2:101::0::1.1.1.0::24
  5:120.0.2.2:101::0::2.0.0.0::24

 

We can now launch end-to-end ping between CE devices:

root@CE2-Downstream2> ping 7.0.0.1 source 2.0.0.1 count 5

PING 7.0.0.1 (7.0.0.1): 56 data bytes

64 bytes from 7.0.0.1: icmp_seq=0 ttl=62 time=9.884 ms
64 bytes from 7.0.0.1: icmp_seq=1 ttl=62 time=40.390 ms
64 bytes from 7.0.0.1: icmp_seq=2 ttl=62 time=10.230 ms
64 bytes from 7.0.0.1: icmp_seq=3 ttl=62 time=10.359 ms
64 bytes from 7.0.0.1: icmp_seq=4 ttl=62 time=55.309 ms

--- 7.0.0.1 ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 9.884/25.234/55.309/19.059 ms

End-to-End LSP

If we look a little dipper into advertised routes originated by PE2, we will notice that three labels are associated with our EVPN instance – Label 16 to handle L3 traffic, Label 299,776 to handle L2 traffic and Label 299,840 to deliver BUM traffic to the EVPN instance.

root@PE2-vMX> show route advertising-protocol bgp 120.0.2.7 extensive

 

BD100-L3.evpn.0: 24 destinations, 24 routes (24 active, 0 holddown, 0 hidden)

* 5:120.0.2.2:101::0::1.1.1.0::24/304 (1 entry, 1 announced)
 BGP group IBGP-PE type Internal
     Route Distinguisher: 120.0.2.2:101
     Route Label: 16
     Overlay gateway address: 0.0.0.0
     Nexthop: Self
     Flags: Nexthop Change
     Localpref: 100
     AS path: [100] I
     Communities: target:100:100

 

* 5:120.0.2.2:101::0::2.0.0.0::24/304 (1 entry, 1 announced)
 BGP group IBGP-PE type Internal
     Route Distinguisher: 120.0.2.2:101
     Route Label: 16
     Overlay gateway address: 0.0.0.0
     Nexthop: Self
     Flags: Nexthop Change
     Localpref: 100
     AS path: [100] I
     Communities: target:100:100
 

BD100.evpn.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)

* 2:120.0.2.2:100::100::00:05:86:23:a6:f0/304 MAC/IP (1 entry, 1 announced)
 BGP group IBGP-PE type Internal
     Route Distinguisher: 120.0.2.2:100
     Route Label: 299776
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: Self
     Flags: Nexthop Change
     Localpref: 100
     AS path: [100] I
     Communities: target:100:100 evpn-default-gateway

* 2:120.0.2.2:100::100::00:0c:29:8a:79:e8/304 MAC/IP (1 entry, 1 announced)
 BGP group IBGP-PE type Internal
     Route Distinguisher: 120.0.2.2:100
     Route Label: 299776
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: Self
     Flags: Nexthop Change
     Localpref: 100
     AS path: [100] I
     Communities: target:100:100
 

* 2:120.0.2.2:100::100::00:05:86:23:a6:f0::1.1.1.102/304 MAC/IP (1 entry, 1 announced)
 BGP group IBGP-PE type Internal
     Route Distinguisher: 120.0.2.2:100
     Route Label: 299776
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: Self
     Flags: Nexthop Change
     Localpref: 100
     AS path: [100] I
     Communities: target:100:100 evpn-default-gateway

* 2:120.0.2.2:100::100::00:0c:29:8a:79:e8::1.1.1.2/304 MAC/IP (1 entry, 1 announced)
 BGP group IBGP-PE type Internal
     Route Distinguisher: 120.0.2.2:100
     Route Label: 299776
     ESI: 00:00:00:00:00:00:00:00:00:00
     Nexthop: Self
     Flags: Nexthop Change
     Localpref: 100
     AS path: [100] I
     Communities: target:100:100
 

* 3:120.0.2.2:100::100::120.0.2.2/304 IM (1 entry, 1 announced)
 BGP group IBGP-PE type Internal
     Route Distinguisher: 120.0.2.2:100
     Route Label: 299840
     PMSI: Flags 0x0: Label 299840: Type INGRESS-REPLICATION 120.0.2.2
     Nexthop: Self
     Flags: Nexthop Change
     Localpref: 100
     AS path: [100] I
     Communities: target:100:100
     PMSI: Flags 0x0: Label 299840: Type INGRESS-REPLICATION 120.0.2.2

Looking into ‘2.0.0.0/24’ on PE7 reveals that two labels are being pushed by the router – top label 800,202 to deliver frames to PE2 and bottom label 16 to signify the routing instance.

root@PE7> show route 2.0.0.0/24

BD100-L3.inet.0: 10 destinations, 14 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2.0.0.0/24         *[EVPN/170] 00:42:20

                    > to 120.0.3.32 via ge-0/0/1.570, Push 16, Push 800202(top)

Complete Configuration and Packet Captures

You can download complete Configuration from GitHub repository:

https://github.com/bgphelp/blueprints/tree/master/evpn/evpn-type5-mx

You can download EVPN L2 and L3 Dataplane Packet Captures.

Leave a Reply

Your email address will not be published. Required fields are marked *