Page MenuHomePhabricator
Paste P17716

Example EVPN config
ActivePublic
Actions

Authored by cmooney on Nov 10 2021, 1:21 PM.
Tags
None
Referenced Files
F34740750: Example EVPN config
Nov 10 2021, 1:21 PM
Subscribers
None
system {
host-name ASW1;
root-authentication {
encrypted-password "$6$gcnspscc$mF8B4D7wfqLdeyZ/Tx0pruwpGvEzpume7rJpU9hb.DQGBGlGU2s6pvCdByGYhPfSVPptROE9MGTxbO9PdvMQn1"; ## SECRET-DATA
}
login {
user cathal {
uid 2000;
class super-user;
authentication {
ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH8GQKaT22CZdxJcpLNsq1LYm9bTeI7xnblYrrx8HXQH"; ## SECRET-DATA
}
}
}
services {
ssh {
root-login allow;
}
}
arp {
aging-timer 10;
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
extensions {
providers {
juniper {
license-type juniper deployment-scope commercial;
}
chef {
license-type juniper deployment-scope commercial;
}
}
}
}
interfaces {
xe-0/0/0 {
description "SPINE1 xe-0/0/0";
unit 0 {
family inet {
address 10.1.1.1/31;
}
family inet6;
}
}
xe-0/0/2 {
description "SPINE2 xe-0/0/0";
unit 0 {
family inet {
address 10.1.2.1/31;
}
family inet6;
}
}
xe-0/0/3 {
description debian1;
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members RACK_E1;
}
}
}
}
xe-0/0/4 {
description debian5;
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members ROW_E;
}
}
}
}
em0 {
unit 0 {
family inet {
address 100.66.0.4/24;
}
}
}
em1 {
description "LINK TO vQFX PFE";
unit 0 {
family inet {
address 169.254.0.2/24;
}
}
}
irb {
unit 101 {
description "RACK_E1 GW";
family inet {
address 198.18.101.1/24;
}
family inet6 {
address 2001:0470:6a7f:0091::1/64;
}
}
unit 201 {
virtual-gateway-accept-data;
description "ROW_E GW";
family inet {
address 198.18.201.251/24 {
virtual-gateway-address 198.18.201.1;
}
}
family inet6 {
address 2001:0470:6a7f:0090::251/64 {
virtual-gateway-address 2001:0470:6a7f:0090::1;
}
}
}
}
lo0 {
unit 0 {
description "System Loopback";
family inet {
address 11.11.11.11/32;
}
}
unit 1 {
description "WMF_PROD Instance";
family inet;
family inet6;
}
}
}
forwarding-options {
storm-control-profiles default {
all;
}
##
## Warning: configuration block ignored: unsupported platform (vqfx-10000)
##
vxlan-routing {
overlay-ecmp;
}
}
policy-options {
policy-statement DEFAULT_EVPN {
term DEFAULT_V4 {
from {
protocol evpn;
route-filter 0.0.0.0/0 exact;
}
then accept;
}
term DEFAULT_V6 {
from {
protocol evpn;
route-filter ::/0 exact;
}
then accept;
}
}
policy-statement ECMP_ON {
then {
load-balance per-packet;
}
}
policy-statement EXPORT_EVPN {
term TERM_1 {
from {
protocol evpn;
route-filter 0.0.0.0/0 prefix-length-range /32-/32;
}
then accept;
}
term TERM_2 {
from protocol direct;
then accept;
}
term TERM_3 {
from protocol static;
then accept;
}
term TERM_4 {
from {
family inet6;
protocol evpn;
route-filter 0::0/0 prefix-length-range /128-/128;
}
then accept;
}
term TERM_5 {
from protocol bgp;
then accept;
}
term TERM_6 {
from protocol local;
then accept;
}
}
policy-statement EXTV6_OUT {
term EVPN_LVS {
from {
protocol evpn;
as-path LOCAL_LVS;
}
then accept;
}
term EVPN_NETWORKS {
from {
protocol evpn;
route-filter ::/0 prefix-length-range /0-/64;
}
then accept;
}
}
policy-statement EXT_OUT {
term EVPN_LVS {
from {
protocol evpn;
as-path LOCAL_LVS;
}
then accept;
}
term EVPN_NETWORKS {
from {
protocol evpn;
route-filter 0.0.0.0/0 prefix-length-range /0-/29;
}
then accept;
}
}
policy-statement NONE {
then reject;
}
as-path LOCAL_LVS "^64600$";
}
firewall {
family inet {
filter BLOCK1111 {
term BLOCK1111 {
from {
destination-address {
1.1.1.1/32;
}
}
then {
reject;
}
}
}
}
family inet6 {
filter BLOCKUS {
term BLOCKUS {
from {
destination-address {
2605:3a40:3::1fa/128;
}
}
then {
reject;
}
}
}
}
}
routing-instances {
WMF_PROD {
routing-options {
multipath;
}
protocols {
evpn {
ip-prefix-routes {
advertise direct-nexthop;
encapsulation vxlan;
vni 5000;
export EXPORT_EVPN;
}
}
bgp {
group DYNAMIC_PEERS_V4 {
type external;
family inet {
unicast;
}
authentication-key "$9$5T6AB1hrK8EcVw2gJZ69C"; ## SECRET-DATA
export DEFAULT_EVPN;
peer-as 64600;
dynamic-neighbor RACK_E1 {
allow 198.18.101.0/24;
}
dynamic-neighbor ROW_E {
allow 198.18.201.0/24;
}
}
group DYNAMIC_PEERS_V6 {
type external;
family inet6 {
unicast;
}
authentication-key "$9$5T6AB1hrK8EcVw2gJZ69C"; ## SECRET-DATA
export DEFAULT_EVPN;
peer-as 64600;
dynamic-neighbor RACK_E1 {
allow 2001:470:6a7f:91::/64;
}
dynamic-neighbor ROW_E {
allow 2001:470:6a7f:90::/64;
}
}
local-as 65187;
}
}
instance-type vrf;
forwarding-options {
dhcp-relay {
relay-option-82 {
circuit-id {
prefix {
host-name;
}
}
}
forward-only;
server-group {
INSTALL-SERVER {
198.18.67.1;
}
}
group DHCP-RELAY {
active-server-group INSTALL-SERVER;
interface irb.101;
interface irb.201;
}
}
}
interface irb.101;
interface irb.201;
interface lo0.1;
route-distinguisher 11.11.11.11:5000;
vrf-target target:65187:5000;
}
}
routing-options {
forwarding-table {
export ECMP_ON;
chained-composite-next-hop {
ingress {
evpn;
}
}
}
router-id 11.11.11.11;
autonomous-system 65187;
}
protocols {
ospf {
area 0.0.0.0 {
interface xe-0/0/0.0 {
interface-type p2p;
}
interface xe-0/0/2.0 {
interface-type p2p;
}
interface lo0.0 {
passive;
}
}
}
evpn {
encapsulation vxlan;
multicast-mode ingress-replication;
extended-vni-list all;
}
bgp {
group EVPN_RR {
type internal;
local-address 11.11.11.11;
family evpn {
signaling;
}
multipath;
bfd-liveness-detection {
minimum-interval 30000;
multiplier 3;
session-mode automatic;
}
neighbor 1.1.1.1;
neighbor 2.2.2.2;
}
}
l2-learning {
global-mac-table-aging-time 1200;
global-mac-ip-table-aging-time 600;
}
lldp {
interface all;
}
igmp-snooping {
vlan default;
}
}
switch-options {
vtep-source-interface lo0.0;
route-distinguisher 11.11.11.11:65187;
vrf-target {
target:65187:9999;
auto;
}
}
vlans {
RACK_E1 {
vlan-id 101;
l3-interface irb.101;
vxlan {
vni 101000;
}
}
ROW_E {
vlan-id 201;
l3-interface irb.201;
vxlan {
vni 201000;
}
}
default {
vlan-id 1;
}
}
{master:0}
root@ASW1>
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL