VXLAN est un protocol de tunnelisation qui permet d’encapsuler une trame de couche 2 dans un paquet udp de couche 4 permettant ainsi d’étendre un vlan au dessus d’un réseau routé. Il existe plusieurs manières de configurer VXLAN, dans ce tutoriel nous allons apprendre à le configurer sur juniper de manière static. Il faudra manuellement associer la source du tunnel avec sa destination.
Topologie

VTEP : VLAN Tunnel EndPoint
VNI : VXLAN Network Identifier
Encapsulation d’un paquet par VXLAN

Schéma d’architecture

Juniper : Configuration de base
SPIN-1
set system host-name SPIN-1
set interfaces ge-0/0/2 description "TO LEAF-1"
set interfaces ge-0/0/2 mtu 9500
set interfaces ge-0/0/2 unit 0 family inet address 10.0.0.0/31
set interfaces ge-0/0/4 description "TO LEAF-2"
set interfaces ge-0/0/4 mtu 9500
set interfaces ge-0/0/4 unit 0 family inet address 10.0.0.2/31
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols lldp interface all
SPIN-2
set system host-name SPIN-2
set interfaces ge-0/0/4 description "TO LEAF-1"
set interfaces ge-0/0/4 mtu 9500
set interfaces ge-0/0/4 unit 0 family inet address 10.0.0.4/31
set interfaces ge-0/0/5 description "TO LEAF-2"
set interfaces ge-0/0/5 mtu 9500
set interfaces ge-0/0/5 unit 0 family inet address 10.0.0.6/31
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface ge-0/0/5.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols lldp interface all
LEAF-1
set system host-name LEAF-1
set interfaces ge-0/0/2 description "TO SPIN-1"
set interfaces ge-0/0/2 mtu 9500
set interfaces ge-0/0/2 unit 0 family inet address 10.0.0.1/31
set interfaces ge-0/0/4 description "TO SPIN-2"
set interfaces ge-0/0/4 mtu 9500
set interfaces ge-0/0/4 unit 0 family inet address 10.0.0.5/31
set interfaces lo0 unit 0 family inet address 3.3.3.3/32
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols lldp interface all
set interfaces ge-0/0/6 description CE-1
LEAF-2
set system host-name LEAF-2
set interfaces ge-0/0/4 description "TO SPIN-1"
set interfaces ge-0/0/4 mtu 9500
set interfaces ge-0/0/4 unit 0 family inet address 10.0.0.3/31
set interfaces ge-0/0/5 description "TO SPIN-2"
set interfaces ge-0/0/5 mtu 9500
set interfaces ge-0/0/5 unit 0 family inet address 10.0.0.7/31
set interfaces lo0 unit 0 family inet address 4.4.4.4/32
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface ge-0/0/5.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols lldp interface all
set interfaces ge-0/0/6 description CE-4
Juniper : Static VXLAN configuration
LEAF-1
On configure la source et la destination de notre tunnel :
set switch-options vtep-source-interface lo0.0
set switch-options remote-vtep-list 4.4.4.4
On map notre vlan-id avec notre VNI
set bridge-domains VNI-5000 vlan-id 100
set bridge-domains VNI-5000 interface ge-0/0/6.100
set bridge-domains VNI-5000 vxlan vni 5000
set bridge-domains VNI-5000 vxlan ingress-node-replication
On propage le vlan 100 vers le CE-1
set interfaces ge-0/0/6 description CE-1
set interfaces ge-0/0/6 vlan-tagging
set interfaces ge-0/0/6 mtu 9500
set interfaces ge-0/0/6 encapsulation flexible-ethernet-services
set interfaces ge-0/0/6 unit 100 encapsulation vlan-bridge
set interfaces ge-0/0/6 unit 100 vlan-id 100
LEAF-2
On configure la source et la destination de notre tunnel :
set switch-options vtep-source-interface lo0.0
set switch-options remote-vtep-list 3.3.3.3
On map notre vlan-id avec notre VNI
set bridge-domains VNI-5000 vlan-id 100
set bridge-domains VNI-5000 interface ge-0/0/6.100
set bridge-domains VNI-5000 vxlan vni 5000
set bridge-domains VNI-5000 vxlan ingress-node-replication
On propage le vlan 100 vers le CE-4
set interfaces ge-0/0/6 description CE-4
set interfaces ge-0/0/6 vlan-tagging
set interfaces ge-0/0/6 mtu 9500
set interfaces ge-0/0/6 encapsulation flexible-ethernet-services
set interfaces ge-0/0/6 unit 100 encapsulation vlan-bridge
set interfaces ge-0/0/6 unit 100 vlan-id 100
Vérifications :
On valide maintenant la communication de nos deux vtep pour le vni 5000 sur le réseau d’overlay grâce à la commande ping overlay
LEAF-1 > ping overlay tunnel-type vxlan vni 5000 tunnel-src 3.3.3.3 tunnel-dst 4.4.4.4 count 5
LEAF-2 > ping overlay tunnel-type vxlan vni 5000 tunnel-src 4.4.4.4 tunnel-dst 3.3.3.3 count 5
ping overlay tunnel-type vxlan vni 5000 tunnel-src 3.3.3.3 tunnel-dst 4.4.4.4 mac 00:50:79:66:68:01 count 5
Testons maintenant la communication entre notre PC-A et notre PC-B
PC-A > ping 192.168.0.100
PC-A > 84 bytes from 192.168.0.100 icmp_seq=1 ttl=64 time=6.272 ms
PC-A > 84 bytes from 192.168.0.100 icmp_seq=2 ttl=64 time=14.578 ms
root@LEAF-1> show bridge mac-table vlan-id all-vlan
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC, P -Pinned MAC)
Routing instance : default-switch
Bridging domain : VNI-5000, VLAN : 100
MAC MAC Logical NH MAC
address flags interface Index property
00:50:79:66:68:02 D vtep.32769
00:50:79:66:68:03 D ge-0/0/6.100
LEAF-1 : fichier de configuration complet
set version 17.1R1.8
set system host-name LEAF-1
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/2 description "TO SPIN-1"
set interfaces ge-0/0/2 mtu 9500
set interfaces ge-0/0/2 unit 0 family inet address 10.0.0.1/31
set interfaces ge-0/0/4 description "TO SPIN-2"
set interfaces ge-0/0/4 mtu 9500
set interfaces ge-0/0/4 unit 0 family inet address 10.0.0.5/31
set interfaces ge-0/0/6 description CE-1
set interfaces ge-0/0/6 vlan-tagging
set interfaces ge-0/0/6 mtu 9500
set interfaces ge-0/0/6 encapsulation flexible-ethernet-services
set interfaces ge-0/0/6 unit 100 encapsulation vlan-bridge
set interfaces ge-0/0/6 unit 100 vlan-id 100
set interfaces lo0 unit 0 family inet address 3.3.3.3/32
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols lldp interface all
set bridge-domains VNI-5000 vlan-id 100
set bridge-domains VNI-5000 interface ge-0/0/6.100
set bridge-domains VNI-5000 vxlan vni 5000
set bridge-domains VNI-5000 vxlan ingress-node-replication
set switch-options vtep-source-interface lo0.0
set switch-options remote-vtep-list 4.4.4.4
LEAF-2 : fichier de configuration complet
set version 17.1R1.8
set system host-name LEAF-2
set interfaces ge-0/0/4 description "TO SPIN-1"
set interfaces ge-0/0/4 mtu 9500
set interfaces ge-0/0/4 unit 0 family inet address 10.0.0.3/31
set interfaces ge-0/0/5 description "TO SPIN-2"
set interfaces ge-0/0/5 mtu 9500
set interfaces ge-0/0/5 unit 0 family inet address 10.0.0.7/31
set interfaces ge-0/0/6 description CE-4
set interfaces ge-0/0/6 vlan-tagging
set interfaces ge-0/0/6 mtu 9500
set interfaces ge-0/0/6 encapsulation flexible-ethernet-services
set interfaces ge-0/0/6 unit 100 encapsulation vlan-bridge
set interfaces ge-0/0/6 unit 100 vlan-id 100
set interfaces lo0 unit 0 family inet address 4.4.4.4/32
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface ge-0/0/5.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols lldp interface all
set bridge-domains VNI-5000 vlan-id 100
set bridge-domains VNI-5000 interface ge-0/0/6.100
set bridge-domains VNI-5000 vxlan vni 5000
set bridge-domains VNI-5000 vxlan ingress-node-replication
set switch-options vtep-source-interface lo0.0
set switch-options remote-vtep-list 3.3.3.3