Hello, we have bought a few QFX5120 switches,
Our company is going to offer colocation in our new datacenter, and I intend to use evpn with vxlan in this setup.
I will not route any customer traffic on my switches, because I/they will do all routing externally.
Therefor, each customer needs to be able to use their own vlans.
I have a spine and leaf topology. I am using eBGP for underlay to distribute loopbacks. I use iBGP in a full mesh between leafes to exchange EVPN information.
Take note, I did get evpn with vxlan working when I used regular "trunk" interfaces. However, using that approach, I cannot have overlapping VLANS on the same switch, which I need to work in my colo-case.
To my understanding, I need to use encapsulation flexible-ethernet-services, and put every one customer interface in a vlan configuration, with encapsulation vlan-bridge. I understand this as creating seperate bridges for each vlan configuration? Finally I use encapsulate-inner-vlan on the bridge-vxlan config, something like this;
olof@o12-ls01> show configuration interfaces xe-0/0/7 | display set
set interfaces xe-0/0/7 description "TEST Customer123"
set interfaces xe-0/0/7 vlan-tagging
set interfaces xe-0/0/7 mtu 9000
set interfaces xe-0/0/7 encapsulation flexible-ethernet-services
set interfaces xe-0/0/7 unit 100 description TEST
set interfaces xe-0/0/7 unit 100 encapsulation vlan-bridge
set interfaces xe-0/0/7 unit 100 vlan-id-list 1-4094
olof@o12-ls01> show configuration vlans Customer123_test | display set
set vlans Customer123_test interface xe-0/0/7.100
set vlans Customer123_test vxlan vni 200123
set vlans Customer123_test vxlan encapsulate-inner-vlan
set vlans Customer123_test vxlan ingress-node-replication
set protocols evpn encapsulation vxlan
set protocols evpn multicast-mode ingress-replication
set protocols evpn extended-vni-list all
set protocols l2-learning decapsulate-accept-inner-vlan
I do see records in evpn database showing up from my customers, who are sending me vlan tagged frames.
However, they are unable to contact each other.
olof@o12-ls01> show evpn database
Instance: default-switch
VLAN DomainId MAC address Active source Timestamp IP address
200123 00:50:56:a7:52:c1 10.18.255.35 Mar 24 18:08:15 172.18.66.22
200123 00:50:56:a7:56:8b xe-0/0/7.100 Mar 24 18:07:50 172.18.66.14
200123 00:50:56:a7:66:46 xe-0/0/7.100 Mar 24 18:07:49 172.18.66.13
olof@o12-ls01> show ethernet-switching table
...
name address flags interface source
Customer123_test 00:50:56:a7:52:c1 D vtep.32769 10.18.255.35
Customer123_test 00:50:56:a7:56:8b D xe-0/0/7.100
Customer123_test 00:50:56:a7:66:46 D xe-0/0/7.100
And this is my system version.
olof@o12-ls01> show version
...
Hostname: o12-ls01
Model: qfx5120-48y-8c
Junos: 18.3R1.11 flex
JUNOS OS Kernel 64-bit FLEX [20180816.8630ec5_builder_stable_11]
I used forwarding-options analyzer, but I was only able to see traffic one way. I could see Q in the vxlan packet, which is great, however, no traffic was still being exchanged between hosts.
#vxlan#QinQ