Juniper Logo

Juniper : VXLAN static configuration

Juniper

VXLAN est un protocol de tunnelisation qui permet d’encapsuler une trame de couche 2 dans un paquet udp de couche 4 permettant ainsi d’étendre un vlan au dessus d’un réseau routé. Il existe plusieurs manières de configurer VXLAN, dans ce tutoriel nous allons apprendre à le configurer sur juniper de manière static. Il faudra manuellement associer la source du tunnel avec sa destination.

Topologie

topologie vxlan

VTEP : VLAN Tunnel EndPoint

VNI : VXLAN Network Identifier

Encapsulation d’un paquet par VXLAN

Transite d'un paquet icmp dans l'architecture VXLAN

Schéma d’architecture

Juniper : Configuration de base

SPIN-1

set system host-name SPIN-1
set interfaces ge-0/0/2 description "TO LEAF-1"
set interfaces ge-0/0/2 mtu 9500
set interfaces ge-0/0/2 unit 0 family inet address 10.0.0.0/31
set interfaces ge-0/0/4 description "TO LEAF-2"
set interfaces ge-0/0/4 mtu 9500
set interfaces ge-0/0/4 unit 0 family inet address 10.0.0.2/31
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols lldp interface all

SPIN-2

set system host-name SPIN-2
set interfaces ge-0/0/4 description "TO LEAF-1"
set interfaces ge-0/0/4 mtu 9500
set interfaces ge-0/0/4 unit 0 family inet address 10.0.0.4/31
set interfaces ge-0/0/5 description "TO LEAF-2"
set interfaces ge-0/0/5 mtu 9500
set interfaces ge-0/0/5 unit 0 family inet address 10.0.0.6/31
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface ge-0/0/5.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols lldp interface all

LEAF-1

set system host-name LEAF-1
set interfaces ge-0/0/2 description "TO SPIN-1"
set interfaces ge-0/0/2 mtu 9500
set interfaces ge-0/0/2 unit 0 family inet address 10.0.0.1/31
set interfaces ge-0/0/4 description "TO SPIN-2"
set interfaces ge-0/0/4 mtu 9500
set interfaces ge-0/0/4 unit 0 family inet address 10.0.0.5/31
set interfaces lo0 unit 0 family inet address 3.3.3.3/32
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols lldp interface all
set interfaces ge-0/0/6 description CE-1

LEAF-2

set system host-name LEAF-2
set interfaces ge-0/0/4 description "TO SPIN-1"
set interfaces ge-0/0/4 mtu 9500
set interfaces ge-0/0/4 unit 0 family inet address 10.0.0.3/31
set interfaces ge-0/0/5 description "TO SPIN-2"
set interfaces ge-0/0/5 mtu 9500
set interfaces ge-0/0/5 unit 0 family inet address 10.0.0.7/31
set interfaces lo0 unit 0 family inet address 4.4.4.4/32
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface ge-0/0/5.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols lldp interface all
set interfaces ge-0/0/6 description CE-4

Juniper : Static VXLAN configuration

LEAF-1

On configure la source et la destination de notre tunnel : 

set switch-options vtep-source-interface lo0.0
set switch-options remote-vtep-list 4.4.4.4

On map notre vlan-id avec notre VNI

set bridge-domains VNI-5000 vlan-id 100
set bridge-domains VNI-5000 interface ge-0/0/6.100
set bridge-domains VNI-5000 vxlan vni 5000
set bridge-domains VNI-5000 vxlan ingress-node-replication

On propage le vlan 100 vers le CE-1

set interfaces ge-0/0/6 description CE-1
set interfaces ge-0/0/6 vlan-tagging
set interfaces ge-0/0/6 mtu 9500
set interfaces ge-0/0/6 encapsulation flexible-ethernet-services
set interfaces ge-0/0/6 unit 100 encapsulation vlan-bridge
set interfaces ge-0/0/6 unit 100 vlan-id 100

LEAF-2

On configure la source et la destination de notre tunnel :

set switch-options vtep-source-interface lo0.0
set switch-options remote-vtep-list 3.3.3.3

On map notre vlan-id avec notre VNI

set bridge-domains VNI-5000 vlan-id 100
set bridge-domains VNI-5000 interface ge-0/0/6.100
set bridge-domains VNI-5000 vxlan vni 5000
set bridge-domains VNI-5000 vxlan ingress-node-replication

On propage le vlan 100 vers le CE-4

set interfaces ge-0/0/6 description CE-4
set interfaces ge-0/0/6 vlan-tagging
set interfaces ge-0/0/6 mtu 9500
set interfaces ge-0/0/6 encapsulation flexible-ethernet-services
set interfaces ge-0/0/6 unit 100 encapsulation vlan-bridge
set interfaces ge-0/0/6 unit 100 vlan-id 100

Vérifications :

On valide maintenant la communication de nos deux vtep pour le vni 5000 sur le réseau d’overlay grâce à la commande ping overlay

LEAF-1 > ping overlay tunnel-type vxlan vni 5000 tunnel-src 3.3.3.3 tunnel-dst 4.4.4.4 count 5
LEAF-2 > ping overlay tunnel-type vxlan vni 5000 tunnel-src 4.4.4.4 tunnel-dst 3.3.3.3 count 5

ping overlay tunnel-type vxlan vni 5000 tunnel-src 3.3.3.3 tunnel-dst 4.4.4.4 mac 00:50:79:66:68:01 count 5

Testons maintenant la communication entre notre PC-A et notre PC-B

PC-A > ping 192.168.0.100
PC-A > 84 bytes from 192.168.0.100 icmp_seq=1 ttl=64 time=6.272 ms
PC-A > 84 bytes from 192.168.0.100 icmp_seq=2 ttl=64 time=14.578 ms

root@LEAF-1> show bridge mac-table vlan-id all-vlan

MAC flags       (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
    O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC, P -Pinned MAC)

Routing instance : default-switch
 Bridging domain : VNI-5000, VLAN : 100
   MAC                 MAC      Logical          NH     MAC
   address             flags    interface        Index  property
   00:50:79:66:68:02   D        vtep.32769
   00:50:79:66:68:03   D        ge-0/0/6.100

LEAF-1 : fichier de configuration complet

set version 17.1R1.8
set system host-name LEAF-1
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/2 description "TO SPIN-1"
set interfaces ge-0/0/2 mtu 9500
set interfaces ge-0/0/2 unit 0 family inet address 10.0.0.1/31
set interfaces ge-0/0/4 description "TO SPIN-2"
set interfaces ge-0/0/4 mtu 9500
set interfaces ge-0/0/4 unit 0 family inet address 10.0.0.5/31
set interfaces ge-0/0/6 description CE-1
set interfaces ge-0/0/6 vlan-tagging
set interfaces ge-0/0/6 mtu 9500
set interfaces ge-0/0/6 encapsulation flexible-ethernet-services
set interfaces ge-0/0/6 unit 100 encapsulation vlan-bridge
set interfaces ge-0/0/6 unit 100 vlan-id 100
set interfaces lo0 unit 0 family inet address 3.3.3.3/32
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols lldp interface all
set bridge-domains VNI-5000 vlan-id 100
set bridge-domains VNI-5000 interface ge-0/0/6.100
set bridge-domains VNI-5000 vxlan vni 5000
set bridge-domains VNI-5000 vxlan ingress-node-replication
set switch-options vtep-source-interface lo0.0
set switch-options remote-vtep-list 4.4.4.4

LEAF-2 : fichier de configuration complet

set version 17.1R1.8
set system host-name LEAF-2
set interfaces ge-0/0/4 description "TO SPIN-1"
set interfaces ge-0/0/4 mtu 9500
set interfaces ge-0/0/4 unit 0 family inet address 10.0.0.3/31
set interfaces ge-0/0/5 description "TO SPIN-2"
set interfaces ge-0/0/5 mtu 9500
set interfaces ge-0/0/5 unit 0 family inet address 10.0.0.7/31
set interfaces ge-0/0/6 description CE-4
set interfaces ge-0/0/6 vlan-tagging
set interfaces ge-0/0/6 mtu 9500
set interfaces ge-0/0/6 encapsulation flexible-ethernet-services
set interfaces ge-0/0/6 unit 100 encapsulation vlan-bridge
set interfaces ge-0/0/6 unit 100 vlan-id 100
set interfaces lo0 unit 0 family inet address 4.4.4.4/32
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0
set protocols ospf area 0.0.0.0 interface ge-0/0/5.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols lldp interface all
set bridge-domains VNI-5000 vlan-id 100
set bridge-domains VNI-5000 interface ge-0/0/6.100
set bridge-domains VNI-5000 vxlan vni 5000
set bridge-domains VNI-5000 vxlan ingress-node-replication
set switch-options vtep-source-interface lo0.0
set switch-options remote-vtep-list 3.3.3.3

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.