Data Center

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about Data Center Architecture and approaches.

Does "Type VRF" and the default switch play ok together? QFX EVPN VXLAN campus.

  • 1.  Does "Type VRF" and the default switch play ok together? QFX EVPN VXLAN campus.

    Posted 26 days ago
    Edited by Simon Bingham (technical debt collector) 26 days ago

    Does "Type VRF" and the default switch play ok together? QFX
    In a nutshell, I do not want to convert the bridge overlay to mac-vrf.


    Migration

    Bridge Overlay
    ( Before )

    Bridge overlay
    ( After )

    Layer 3

    ( Before )

    Layer 3
    ( Afte

    Core  ( MX )

    Type virtual switch

    Type virtual switch
    ( will eventually be shutdown )

    Type Virtual Router

    Type VRF

    ( will eventually be shutdown )

    Edge ( QFX )

    Default switch ( no routing instance )

    Default switch ( no routing instance )

    N/A no Layer 3

    Type VRF



    I'm planning a customer migration of an EVPN VXLAN CRB design to ERB architecture.

    This is currently configured as a virtual router and a virtual switch on the pair of core MX devices, and on the edge Just the default switch for the bridge overlay. This was the best practice at the time of deployment. There are several Layer3 routing instances for security on the core. 

    Most of the ERB examples from Juniper combine.

    Instance type "vrf"   with  Instance type "mac-vrf"

    The customer has a single bridged overlay. I can see no pressing need for mac-vrf. Changing this would be a huge challenge , probably requiring downtime for the whole network (  complete impossibility ). 

    I've tested this combination in a virtual environment ( EVE-NG ), and it works perfectly.

    However, I would NOT wish to stray too far from what Juniper would consider their reference designs. 

     root@LAB-DIST-B_LAB# show routing-instances 
    CAMPUS-VRF {
        instance-type vrf;
        protocols {
            evpn {
                irb-symmetric-routing {
                    vni 100007;
                }
                ip-prefix-routes {
                    advertise direct-nexthop;
                    encapsulation vxlan;
                    vni 100007;
                }
            }
        }
        interface irb.778;
        route-distinguisher 10.245.123.12:7;
        vrf-target target:65123:7;
    }
    
    [edit]
    root@LAB-DIST-B_LAB# show protocols evpn 
    encapsulation vxlan;
    default-gateway no-gateway-community;
    extended-vni-list all;
    
    [edit]
    root@LAB-DIST-B_LAB# show switch-options 
    vtep-source-interface lo0.0;
    route-distinguisher 10.245.123.12:1;
    vrf-import EVPN_IMPORT;
    vrf-target {
        target:65123:9999;
        auto;
    }
    
    [edit]
    
    root@LAB-DIST-B_LAB# show vlans 
    VLAN10 {
        vlan-id 10;
        vxlan {
            vni 10;
        }
    }
    VLAN1234 {
        vlan-id 1234;
        vxlan {
            vni 1234;
        }
    }



    ------------------------------
    JNCIE-ENT 907
    ------------------------------