Juniper vMX – Segment Routing L3VPN

You will need a trial license from Juniper for this lab, which can be obtained from the below URL.

https://www.juniper.net/gb/en/dm/vmx-trial-download.html

BGP is used between the CE & PE devices. Could use OSPF but would then need a sham link between CE devices to stop routes being shown as external routes.

https://www.juniper.net/gb/en/research-topics/what-is-segment-routing.html

PE1

set chassis network-services enhanced-ip
set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1/24
set interfaces ge-0/0/1 unit 0 family inet
set interfaces ge-0/0/2 unit 0 family inet address 1.1.1.1/30
set interfaces ge-0/0/2 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 5.5.5.5/32
set interfaces lo0 unit 0 family iso address 49.0000.5555.5555.5555.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 5.5.5.5
set routing-options autonomous-system 65400
set protocols mpls interface all
set protocols bgp group internal type internal
set protocols bgp group internal local-address 5.5.5.5
set protocols bgp group internal family inet unicast
set protocols bgp group internal family inet-vpn unicast
set protocols bgp group internal neighbor 8.8.8.8
set protocols isis source-packet-routing srgb start-label 800000
set protocols isis source-packet-routing srgb index-range 9000
set protocols isis source-packet-routing node-segment ipv4-index 500
set protocols isis level 1 disable
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/2.0
set protocols isis interface lo0.0
set routing-instances cust1 instance-type vrf
set routing-instances cust1 interface ge-0/0/0.0
set routing-instances cust1 route-distinguisher 5.5.5.5:1
set routing-instances cust1 vrf-target target:65400:1
set routing-instances cust1 vrf-table-label
set routing-instances cust1 protocols bgp group cust1 type external
set routing-instances cust1 protocols bgp group cust1 as-override
set routing-instances cust1 protocols bgp group cust1 neighbor 10.1.1.254 peer-as 65444

P1

set chassis network-services enhanced-ip
set interfaces ge-0/0/0 unit 0 family inet address 1.1.1.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 2.2.2.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 6.6.6.6/32
set interfaces lo0 unit 0 family iso address 49.0000.6666.6666.6666.00
set interfaces lo0 unit 0 family mpls
set protocols mpls interface all
set protocols isis source-packet-routing srgb start-label 800000
set protocols isis source-packet-routing srgb index-range 9000
set protocols isis source-packet-routing node-segment ipv4-index 501
set protocols isis level 1 disable
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/0.0
set protocols isis interface ge-0/0/1.0
set protocols isis interface lo0.0

P2

set chassis network-services enhanced-ip
set interfaces ge-0/0/0 unit 0 family inet address 2.2.2.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 3.3.3.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 33.33.33.33/32
set interfaces lo0 unit 0 family iso address 49.0000.3333.3333.0000.00
set interfaces lo0 unit 0 family mpls
set protocols mpls interface all
set protocols isis source-packet-routing srgb start-label 800000
set protocols isis source-packet-routing srgb index-range 9000
set protocols isis source-packet-routing node-segment ipv4-index 502
set protocols isis level 1 disable
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/0.0
set protocols isis interface ge-0/0/1.0
set protocols isis interface lo0.0

P3

set chassis network-services enhanced-ip
set interfaces ge-0/0/0 unit 0 family inet address 3.3.3.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 4.4.4.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 7.7.7.7/32
set interfaces lo0 unit 0 family iso address 49.0000.7777.7777.7777.00
set interfaces lo0 unit 0 family mpls
set protocols mpls interface all
set protocols isis source-packet-routing srgb start-label 800000
set protocols isis source-packet-routing srgb index-range 9000
set protocols isis source-packet-routing node-segment ipv4-index 503
set protocols isis level 1 disable
set protocols isis level 2 wide-metrics-only
set protocols isis interface ge-0/0/0.0
set protocols isis interface ge-0/0/1.0
set protocols isis interface lo0.0

PE2

set chassis network-services enhanced-ip
set interfaces ge-0/0/0 unit 0 family inet address 10.10.10.1/24
set interfaces ge-0/0/2 unit 0 family inet address 4.4.4.2/30
set interfaces ge-0/0/2 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 8.8.8.8/32
set interfaces lo0 unit 0 family iso address 49.0000.8888.8888.8888.00
set interfaces lo0 unit 0 family mpls
set routing-options autonomous-system 65400
set protocols mpls interface all
set protocols bgp group internal type internal
set protocols bgp group internal local-address 8.8.8.8
set protocols bgp group internal family inet unicast
set protocols bgp group internal family inet-vpn unicast
set protocols bgp group internal neighbor 5.5.5.5
set protocols isis source-packet-routing srgb start-label 800000
set protocols isis source-packet-routing srgb index-range 9000
set protocols isis source-packet-routing node-segment ipv4-index 504
set protocols isis level 1 disable
set protocols isis interface ge-0/0/2.0
set protocols isis interface lo0.0
set routing-instances cust1 instance-type vrf
set routing-instances cust1 interface ge-0/0/0.0
set routing-instances cust1 route-distinguisher 8.8.8.8:1
set routing-instances cust1 vrf-target target:65400:1
set routing-instances cust1 vrf-table-label
set routing-instances cust1 protocols bgp group cust1 type external
set routing-instances cust1 protocols bgp group cust1 as-override
set routing-instances cust1 protocols bgp group cust1 neighbor 10.10.10.254 peer-as 65444

The L3VPN will now be up and the CE devices receiving routes from each other. You may need to reboot the vMX devices before you see the routes.

Cisco IOS XE – MPLS EVPN

IS-IS is used for the underlay. The 2 CEs are Cisco vIOS switches with VLAN 2222 and OSPF configured on them.

https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/mpls/b-mpls/m-evpn-over-mpls.html

PE1

hostname pe1
  
mpls label protocol ldp
l2vpn evpn
replication-type ingress
mpls label mode per-ce
router-id Loopback0

l2vpn evpn instance 1 vlan-based
route-target export 65200:1
route-target import 65200:1
no auto-route-target

bridge-domain 1
member GigabitEthernet2 service-instance 1
member evpn-instance 1
  
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip router isis 1

interface GigabitEthernet1
ip address 1.1.1.1 255.255.255.252
ip router isis 1
mpls ip

interface GigabitEthernet2
no ip address
service instance 1 ethernet
encapsulation dot1q 2222
  
router isis 1
net 49.0000.5555.5555.5555.00

router bgp 65200
bgp router-id 5.5.5.5
bgp log-neighbor-changes
neighbor 9.9.9.9 remote-as 65200
neighbor 9.9.9.9 update-source Loopback0

address-family ipv4
neighbor 9.9.9.9 activate
exit-address-family

address-family l2vpn evpn
neighbor 9.9.9.9 activate
neighbor 9.9.9.9 send-community both
exit-address-family

P1

hostname p1

mpls label protocol ldp
  
interface Loopback0
ip address 6.6.6.6 255.255.255.255
ip router isis 1

interface GigabitEthernet1
ip address 1.1.1.2 255.255.255.252
ip router isis 1
mpls ip

interface GigabitEthernet2
ip address 2.2.2.1 255.255.255.252
ip router isis 1
mpls ip

router isis 1
net 49.0000.6666.6666.6666.00

P2

hostname p2

mpls label protocol ldp
  
interface Loopback0
ip address 7.7.7.7 255.255.255.255
ip router isis 1

interface GigabitEthernet1
ip address 2.2.2.2 255.255.255.252
ip router isis 1
mpls ip

interface GigabitEthernet2
ip address 3.3.3.1 255.255.255.252
ip router isis 1
mpls ip

router isis 1
net 49.0000.7777.7777.7777.00

P3

hostname p3

mpls label protocol ldp
  
interface Loopback0
ip address 8.8.8.8 255.255.255.255
ip router isis 1

interface GigabitEthernet1
ip address 3.3.3.2 255.255.255.252
ip router isis 1
mpls ip

interface GigabitEthernet2
ip address 4.4.4.1 255.255.255.252
ip router isis 1
mpls ip

router isis 1
net 49.0000.8888.8888.8888.00

PE2

hostname pe2
  
mpls label protocol ldp

l2vpn evpn
replication-type ingress
mpls label mode per-ce
router-id Loopback0

l2vpn evpn instance 1 vlan-based
route-target export 65200:1
route-target import 65200:1
no auto-route-target

bridge-domain 1
member GigabitEthernet2 service-instance 1
member evpn-instance 1
  
interface Loopback0
ip address 9.9.9.9 255.255.255.255
ip router isis 1

interface GigabitEthernet1
ip address 4.4.4.2 255.255.255.252
ip router isis 1
mpls ip

interface GigabitEthernet2
no ip address
service instance 1 ethernet
encapsulation dot1q 2222
  
router isis 1
net 49.0000.9999.9999.9999.00

router bgp 65200
bgp router-id 9.9.9.9
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 65200
neighbor 5.5.5.5 update-source Loopback0

address-family ipv4
neighbor 5.5.5.5 activate
exit-address-family

address-family l2vpn evpn
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community both
exit-address-family

OSPF will now be up between the 2 CEs and MAC addresses being learnt on the 2 PE devices.

Arista – Segment Routing MPLS EVPN

IS-IS used for the segment routing. 2 Cisco vIOS devices for the CE’s, with OSPF configured on each

https://www.arista.com/en/solutions/mpls-segment-routing

PE1

service routing protocols model multi-agent

hostname pe1
  
vlan 3333

interface Ethernet1
switchport trunk allowed vlan 3333
switchport mode trunk

interface Ethernet2
no switchport
ip address 1.1.1.1/30
isis enable 1

interface Loopback0
ip address 5.5.5.5/32
node-segment ipv4 index 10
isis enable 1
  
ip routing

mpls ip

router bgp 65400
router-id 5.5.5.5
neighbor 9.9.9.9 remote-as 65400
neighbor 9.9.9.9 update-source Loopback0
neighbor 9.9.9.9 rib-in pre-policy retain all
neighbor 9.9.9.9 send-community extended

vlan-aware-bundle customer1
rd 5.5.5.5:1
route-target both 65400:1
redistribute learned
vlan 3333

address-family evpn
neighbor default encapsulation mpls next-hop-self source-interface Loopback0
neighbor 9.9.9.9 activate

router isis 1
net 49.0000.5555.5555.5555.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

P1

service routing protocols model multi-agent

hostname p1
  
interface Ethernet1
no switchport
ip address 1.1.1.2/30
isis enable 1

interface Ethernet2
no switchport
ip address 2.2.2.1/30
isis enable 1

interface Loopback0
ip address 6.6.6.6/32
node-segment ipv4 index 20
isis enable 1
  
ip routing

mpls ip

router isis 1
net 49.0000.6666.6666.6666.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

P2

service routing protocols model multi-agent

hostname p2
  
interface Ethernet1
no switchport
ip address 2.2.2.2/30
isis enable 1

interface Ethernet2
no switchport
ip address 3.3.3.1/30
isis enable 1

interface Loopback0
ip address 7.7.7.7/32
node-segment ipv4 index 30
isis enable 1
  
ip routing

mpls ip

router isis 1
net 49.0000.7777.7777.7777.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

P3

service routing protocols model multi-agent

hostname p3
  
interface Ethernet1
no switchport
ip address 3.3.3.2/30
isis enable 1
  
interface Ethernet2
no switchport
ip address 4.4.4.1/30
isis enable 1

interface Loopback0
ip address 8.8.8.8/32
node-segment ipv4 index 40
isis enable 1

ip routing

mpls ip

router isis 1
net 49.0000.8888.8888.8888.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

PE2

service routing protocols model multi-agent

hostname pe2
  
vlan 3333

interface Ethernet1
switchport trunk allowed vlan 3333
switchport mode trunk

interface Ethernet2
no switchport
ip address 4.4.4.2/30
isis enable 1

interface Loopback0
ip address 9.9.9.9/32
node-segment ipv4 index 50
isis enable 1
  
ip routing

mpls ip

router bgp 65400
router-id 9.9.9.9
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 rib-in pre-policy retain all
neighbor 5.5.5.5 send-community extended

vlan-aware-bundle customer1
rd 9.9.9.9:1
route-target both 65400:1
redistribute learned
vlan 3333

address-family evpn
neighbor default encapsulation mpls next-hop-self source-interface Loopback0
neighbor 5.5.5.5 activate

router isis 1
net 49.0000.9999.9999.9999.00
is-type level-2
segment-routing mpls
no shutdown
address-family ipv4 unicast

OSPF should now be up between the 2 CE devices.

Juniper Carrier of Carriers BGP L2VPN

Establish a layer 2 circuit between the 2 CE devices, traversing 3 separate AS’s.

https://www.juniper.net/documentation/us/en/software/junos/vpn-l3/topics/topic-map/l3-vpns-carrier-carrier.html

PE1

set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 encapsulation flexible-ethernet-services
set interfaces ge-0/0/0 unit 3222 encapsulation vlan-ccc
set interfaces ge-0/0/0 unit 3222 vlan-id 3222
set interfaces ge-0/0/2 unit 0 family inet address 1.1.1.1/30
set interfaces ge-0/0/2 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 5.5.5.5/32
set interfaces lo0 unit 0 family iso address 49.0000.5555.5555.5555.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 5.5.5.5
set routing-options autonomous-system 65200
set protocols mpls interface all
set protocols bgp group external type external
set protocols bgp group external multihop
set protocols bgp group external local-address 5.5.5.5
set protocols bgp group external family l2vpn signaling
set protocols bgp group external peer-as 65600
set protocols bgp group external neighbor 11.11.11.11
set protocols bgp group internal type internal
set protocols bgp group internal local-address 5.5.5.5
set protocols bgp group internal family inet labeled-unicast resolve-vpn
set protocols bgp group internal neighbor 6.6.6.6
set protocols isis interface ge-0/0/2.0
set protocols isis interface lo0.0
set protocols ldp interface all
set routing-instances cust1 instance-type l2vpn
set routing-instances cust1 interface ge-0/0/0.3222
set routing-instances cust1 route-distinguisher 5.5.5.5:1
set routing-instances cust1 vrf-target target:65200:1
set routing-instances cust1 protocols l2vpn encapsulation-type ethernet-vlan
set routing-instances cust1 protocols l2vpn site cust1 site-identifier 1
set routing-instances cust1 protocols l2vpn site cust1 interface ge-0/0/0.3222

ASBR1

set interfaces ge-0/0/0 unit 0 family inet address 1.1.1.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 2.2.2.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 6.6.6.6/32
set interfaces lo0 unit 0 family iso address 49.0000.6666.6666.6666.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 6.6.6.6
set routing-options autonomous-system 65200
set protocols mpls interface all
set protocols bgp group internal type internal
set protocols bgp group internal local-address 6.6.6.6
set protocols bgp group internal family inet labeled-unicast
set protocols bgp group internal neighbor 5.5.5.5
set protocols bgp group external type external
set protocols bgp group external family inet labeled-unicast
set protocols bgp group external export PE1_LOOPBACK
set protocols bgp group external peer-as 65400
set protocols bgp group external neighbor 2.2.2.2
set protocols isis interface ge-0/0/0.0
set protocols isis interface lo0.0
set protocols ldp interface all
set policy-options policy-statement PE1_LOOPBACK from route-filter 5.5.5.5/32 exact
set policy-options policy-statement PE1_LOOPBACK then accept

CoC ASBR1

set interfaces ge-0/0/0 unit 0 family inet address 2.2.2.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 3.3.3.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 7.7.7.7/32
set interfaces lo0 unit 0 family iso address 49.0000.7777.7777.0000.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 7.7.7.7
set routing-options autonomous-system 65400
set protocols mpls interface all
set protocols bgp group external type external
set protocols bgp group external family inet labeled-unicast
set protocols bgp group external peer-as 65200
set protocols bgp group external neighbor 2.2.2.1
set protocols bgp group internal type internal
set protocols bgp group internal local-address 7.7.7.7
set protocols bgp group internal family inet labeled-unicast
set protocols bgp group internal neighbor 8.8.8.8 
set protocols isis interface ge-0/0/1.0
set protocols isis interface ge-0/0/2.0
set protocols isis interface lo0.0
set protocols ldp interface all

CoC Core

set interfaces ge-0/0/0 unit 0 family inet address 3.3.3.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 4.4.4.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 8.8.8.8/32
set interfaces lo0 unit 0 family iso address 49.0000.8888.8888.0000.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 8.8.8.8
set routing-options autonomous-system 65400
set protocols mpls interface all
set protocols bgp group internal type internal
set protocols bgp group internal local-address 8.8.8.8
set protocols bgp group internal family inet labeled-unicast
set protocols bgp group internal cluster 8.8.8.8
set protocols bgp group internal neighbor 9.9.9.9
set protocols bgp group internal neighbor 7.7.7.7
set protocols isis interface ge-0/0/0.0
set protocols isis interface ge-0/0/1.0
set protocols isis interface lo0.0
set protocols ldp interface all

CoC ASBR2

set interfaces ge-0/0/0 unit 0 family inet address 4.4.4.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 5.5.5.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 9.9.9.9/32
set interfaces lo0 unit 0 family iso address 49.0000.9999.9999.0000.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 9.9.9.9
set routing-options autonomous-system 65400
set protocols mpls interface all
set protocols bgp group int type internal
set protocols bgp group int local-address 9.9.9.9
set protocols bgp group int family inet labeled-unicast
set protocols bgp group int neighbor 8.8.8.8
set protocols bgp group external type external
set protocols bgp group external family inet labeled-unicast
set protocols bgp group external peer-as 65600
set protocols bgp group external neighbor 5.5.5.2
set protocols isis interface ge-0/0/0.0
set protocols isis interface lo0.0
set protocols ldp interface all

ASBR2

set interfaces ge-0/0/0 unit 0 family inet address 5.5.5.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 6.6.6.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 10.10.10.10/32
set interfaces lo0 unit 0 family iso address 49.0000.1010.1010.0000.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 10.10.10.10
set routing-options autonomous-system 65600
set protocols mpls interface all
set protocols bgp group internal type internal
set protocols bgp group internal local-address 10.10.10.10
set protocols bgp group internal family inet labeled-unicast
set protocols bgp group internal neighbor 11.11.11.11
set protocols bgp group external type external
set protocols bgp group external family inet labeled-unicast
set protocols bgp group external export PE2_LOOPBACK
set protocols bgp group external peer-as 65400
set protocols bgp group external neighbor 5.5.5.1
set protocols isis interface ge-0/0/1.0
set protocols isis interface lo0.0
set protocols ldp interface all
set policy-options policy-statement PE2_LOOPBACK from route-filter 11.11.11.11/32 exact
set policy-options policy-statement PE2_LOOPBACK then accept

PE2

set interfaces ge-0/0/0 unit 0 family inet address 6.6.6.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/1 encapsulation flexible-ethernet-services
set interfaces ge-0/0/1 unit 3222 encapsulation vlan-ccc
set interfaces ge-0/0/1 unit 3222 vlan-id 3222
set interfaces lo0 unit 0 family inet address 11.11.11.11/32
set interfaces lo0 unit 0 family iso address 49.0000.1111.1111.0000.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 11.11.11.11
set routing-options autonomous-system 65600
set protocols mpls interface all
set protocols bgp group internal type internal
set protocols bgp group internal local-address 11.11.11.11
set protocols bgp group internal family inet labeled-unicast resolve-vpn
set protocols bgp group internal neighbor 10.10.10.10
set protocols bgp group external type external
set protocols bgp group external multihop
set protocols bgp group external local-address 11.11.11.11
set protocols bgp group external family l2vpn signaling
set protocols bgp group external peer-as 65200
set protocols bgp group external neighbor 5.5.5.5
set protocols isis interface ge-0/0/0.0
set protocols isis interface lo0.0
set protocols ldp interface all
set routing-instances cust1 instance-type l2vpn
set routing-instances cust1 interface ge-0/0/1.3222
set routing-instances cust1 route-distinguisher 11.11.11.11:1
set routing-instances cust1 vrf-target target:65200:1
set routing-instances cust1 protocols l2vpn encapsulation-type ethernet-vlan
set routing-instances cust1 protocols l2vpn site cust1 site-identifier 2
set routing-instances cust1 protocols l2vpn site cust1 interface ge-0/0/1.3222

OSPF has been configured on both CE devices and a neighbourship has formed confirming that the layer 2 circuit is up.

Juniper Inter-AS MPLS EVPN Option C

This topology is Option C utilising BGP-LU. IS-IS in the underlay and OSPF between the 2 CE Cisco devices. Can use other devices as CE’s if you prefer.

https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/mpls-vpn-option3-configuration.html

PE1

set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 encapsulation flexible-ethernet-services
set interfaces ge-0/0/0 unit 674 encapsulation vlan-bridge
set interfaces ge-0/0/0 unit 674 vlan-id 674
set interfaces ge-0/0/0 unit 674 family bridge
set interfaces ge-0/0/2 unit 0 family inet address 1.1.1.1/30
set interfaces ge-0/0/2 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 5.5.5.5/32
set interfaces lo0 unit 0 family iso address 49.0000.5555.5555.5555.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 5.5.5.5
set routing-options autonomous-system 65200
set protocols mpls interface all
set protocols bgp group int type internal
set protocols bgp group int local-address 5.5.5.5
set protocols bgp group int family inet unicast
set protocols bgp group int family inet-vpn unicast
set protocols bgp group int family evpn signaling
set protocols bgp group int export nhs
set protocols bgp group int neighbor 6.6.6.6
set protocols bgp group int neighbor 33.33.33.33 local-address 5.5.5.5
set protocols bgp group int neighbor 33.33.33.33 family inet labeled-unicast resolve-vpn
set protocols bgp group external type external
set protocols bgp group external multihop
set protocols bgp group external local-address 5.5.5.5
set protocols bgp group external family evpn signaling
set protocols bgp group external peer-as 65400
set protocols bgp group external neighbor 8.8.8.8
set protocols isis interface ge-0/0/2.0
set protocols isis interface lo0.0
set protocols ldp interface all
set policy-options policy-statement nhs term 1 from protocol bgp
set policy-options policy-statement nhs term 1 then next-hop self
set routing-instances cust1 instance-type evpn
set routing-instances cust1 vlan-id 674
set routing-instances cust1 interface ge-0/0/0.674
set routing-instances cust1 route-distinguisher 5.5.5.5:1
set routing-instances cust1 vrf-target target:65200:1
set routing-instances cust1 protocols evpn interface ge-0/0/0.674

P1

set interfaces ge-0/0/0 unit 0 family inet address 1.1.1.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 2.2.2.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 6.6.6.6/32
set interfaces lo0 unit 0 family iso address 49.0000.6666.6666.6666.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 6.6.6.6
set routing-options autonomous-system 65200
set protocols mpls interface all
set protocols bgp group int type internal
set protocols bgp group int local-address 6.6.6.6
set protocols bgp group int family inet unicast
set protocols bgp group int family inet-vpn unicast
set protocols bgp group int family evpn signaling
set protocols bgp group int export nhs
set protocols bgp group int cluster 6.6.6.6
set protocols bgp group int neighbor 5.5.5.5
set protocols bgp group int neighbor 33.33.33.33
set protocols isis interface ge-0/0/0.0
set protocols isis interface ge-0/0/1.0
set protocols isis interface lo0.0
set protocols ldp interface all
set policy-options policy-statement nhs term 1 from protocol bgp
set policy-options policy-statement nhs term 1 then next-hop self

ASBR1

set interfaces ge-0/0/0 unit 0 family inet address 2.2.2.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 3.3.3.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 33.33.33.33/32
set interfaces lo0 unit 0 family iso address 49.0000.3333.3333.0000.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 33.33.33.33
set routing-options autonomous-system 65200
set protocols mpls traffic-engineering mpls-forwarding
set protocols mpls interface all
set protocols bgp group int type internal
set protocols bgp group int local-address 33.33.33.33
set protocols bgp group int family inet unicast
set protocols bgp group int family inet-vpn unicast
set protocols bgp group int family evpn signaling
set protocols bgp group int neighbor 6.6.6.6
set protocols bgp group int neighbor 5.5.5.5 local-address 33.33.33.33
set protocols bgp group int neighbor 5.5.5.5 family inet labeled-unicast
set protocols bgp group int neighbor 5.5.5.5 export nhs
set protocols bgp group external type external
set protocols bgp group external family inet labeled-unicast
set protocols bgp group external export PE1_LOOPBACK
set protocols bgp group external peer-as 65400
set protocols bgp group external neighbor 3.3.3.2
set protocols isis interface ge-0/0/0.0
set protocols isis interface lo0.0
set protocols ldp interface all
set policy-options policy-statement PE1_LOOPBACK term 1 from route-filter 5.5.5.5/32 exact
set policy-options policy-statement PE1_LOOPBACK term 1 then accept
set policy-options policy-statement PE1_LOOPBACK term 2 from route-filter 6.6.6.6/32 exact
set policy-options policy-statement PE1_LOOPBACK then accept
set policy-options policy-statement nhs term 1 from protocol bgp
set policy-options policy-statement nhs term 1 then next-hop self

ASBR2

set interfaces ge-0/0/0 unit 0 family inet address 3.3.3.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 4.4.4.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 7.7.7.7/32
set interfaces lo0 unit 0 family iso address 49.0000.7777.7777.7777.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 7.7.7.7
set routing-options autonomous-system 65400
set protocols mpls traffic-engineering mpls-forwarding
set protocols mpls interface all
set protocols bgp group int type internal
set protocols bgp group int local-address 7.7.7.7
set protocols bgp group int family inet unicast
set protocols bgp group int family inet-vpn unicast
set protocols bgp group int family evpn signaling
set protocols bgp group int neighbor 9.9.9.9
set protocols bgp group int neighbor 8.8.8.8 local-address 7.7.7.7
set protocols bgp group int neighbor 8.8.8.8 family inet labeled-unicast
set protocols bgp group int neighbor 8.8.8.8 export nhs
set protocols bgp group external type external
set protocols bgp group external family inet labeled-unicast
set protocols bgp group external export PE2_LOOPBACK
set protocols bgp group external peer-as 65200
set protocols bgp group external neighbor 3.3.3.1
set protocols isis interface ge-0/0/1.0
set protocols isis interface lo0.0
set protocols ldp interface all
set policy-options policy-statement PE2_LOOPBACK term 1 from route-filter 8.8.8.8/32 exact
set policy-options policy-statement PE2_LOOPBACK term 1 then accept
set policy-options policy-statement PE2_LOOPBACK term 2 from route-filter 9.9.9.9/32 exact
set policy-options policy-statement PE2_LOOPBACK then accept
set policy-options policy-statement nhs term 1 from protocol bgp
set policy-options policy-statement nhs term 1 then next-hop self

P2

set interfaces ge-0/0/0 unit 0 family inet address 4.4.4.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 5.5.5.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 9.9.9.9/32
set interfaces lo0 unit 0 family iso address 49.0000.9999.9999.0000.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 9.9.9.9
set routing-options autonomous-system 65400
set protocols mpls interface all
set protocols bgp group int type internal
set protocols bgp group int local-address 9.9.9.9
set protocols bgp group int family inet unicast
set protocols bgp group int family inet-vpn unicast
set protocols bgp group int family evpn signaling
set protocols bgp group int export nhs
set protocols bgp group int cluster 9.9.9.9
set protocols bgp group int neighbor 7.7.7.7
set protocols bgp group int neighbor 8.8.8.8
set protocols isis interface all
set protocols ldp interface ge-0/0/0.0
set protocols ldp interface ge-0/0/1.0
set policy-options policy-statement nhs term 1 from protocol bgp
set policy-options policy-statement nhs term 1 then next-hop self

PE2

set interfaces ge-0/0/0 unit 0 family inet address 3.3.3.2/30
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 unit 0 family inet address 4.4.4.1/30
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 7.7.7.7/32
set interfaces lo0 unit 0 family iso address 49.0000.7777.7777.7777.00
set interfaces lo0 unit 0 family mpls
set routing-options router-id 7.7.7.7
set routing-options autonomous-system 65400
set protocols mpls traffic-engineering mpls-forwarding
set protocols mpls interface all
set protocols bgp group int type internal
set protocols bgp group int local-address 7.7.7.7
set protocols bgp group int family inet unicast
set protocols bgp group int family inet-vpn unicast
set protocols bgp group int family evpn signaling
set protocols bgp group int neighbor 9.9.9.9
set protocols bgp group int neighbor 8.8.8.8 local-address 7.7.7.7
set protocols bgp group int neighbor 8.8.8.8 family inet labeled-unicast
set protocols bgp group int neighbor 8.8.8.8 export nhs
set protocols bgp group external type external
set protocols bgp group external family inet labeled-unicast
set protocols bgp group external export PE2_LOOPBACK
set protocols bgp group external peer-as 65200
set protocols bgp group external neighbor 3.3.3.1
set protocols isis interface ge-0/0/1.0
set protocols isis interface lo0.0
set protocols ldp interface all
set policy-options policy-statement PE2_LOOPBACK term 1 from route-filter 8.8.8.8/32 exact
set policy-options policy-statement PE2_LOOPBACK term 1 then accept
set policy-options policy-statement PE2_LOOPBACK term 2 from route-filter 9.9.9.9/32 exact
set policy-options policy-statement PE2_LOOPBACK then accept
set policy-options policy-statement nhs term 1 from protocol bgp
set policy-options policy-statement nhs term 1 then next-hop self

Your CE’s will now have a layer 2 circuit between them. In this example, OSPF has been configured on them and you can see from the routing tables that an adjacency has formed and they are learning each other’s routes.

Arista L3VPN

Another L3VPN and the usual topology. IS-IS in the underlay and BGP between PE’s & CE’s.

vEOS1

hostname veos1
  
vrf instance cust1

interface Ethernet1
no switchport
vrf cust1
ip address 10.1.1.1/30

interface Ethernet2
no switchport
ip address 1.1.1.1/30
isis enable 1
  
interface Loopback0
ip address 5.5.5.5/32
isis enable 1
  
ip routing
ip routing vrf cust1
  
mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 send-community extended

address-family ipv4
neighbor 6.6.6.6 activate

address-family vpn-ipv4
neighbor 6.6.6.6 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

vrf cust1
rd 5.5.5.5:1
route-target import vpn-ipv4 65400:1
route-target export vpn-ipv4 65400:1
neighbor 10.1.1.2 remote-as 65500
redistribute connected

router isis 1
net 49.0000.5555.5555.5555.00

address-family ipv4 unicast

vEOS2

hostname veos2
  
interface Ethernet1
no switchport
ip address 1.1.1.2/30
isis enable 1

interface Ethernet2
no switchport
ip address 2.2.2.1/30
isis enable 1

interface Loopback0
ip address 6.6.6.6/32
isis enable 1
  
ip routing

mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source Loopback0
neighbor 5.5.5.5 route-reflector-client
neighbor 5.5.5.5 send-community extended
neighbor 7.7.7.7 remote-as 65400
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 send-community extended

address-family ipv4
neighbor 5.5.5.5 activate
neighbor 7.7.7.7 activate

address-family vpn-ipv4
neighbor 5.5.5.5 activate
neighbor 7.7.7.7 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

router isis 1
net 49.0000.6666.6666.6666.00

address-family ipv4 unicast

vEOS3

hostname veos3
  
interface Ethernet1
no switchport
ip address 2.2.2.2/30
isis enable 1

interface Ethernet2
no switchport
ip address 3.3.3.1/30
isis enable 1

interface Loopback0
ip address 7.7.7.7/32
isis enable 1
  
ip routing

mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source Loopback0
neighbor 6.6.6.6 route-reflector-client
neighbor 6.6.6.6 send-community extended
neighbor 8.8.8.8 remote-as 65400
neighbor 8.8.8.8 update-source Loopback0
neighbor 8.8.8.8 route-reflector-client
neighbor 8.8.8.8 send-community extended

address-family ipv4
neighbor 6.6.6.6 activate
neighbor 8.8.8.8 activate

address-family vpn-ipv4
neighbor 6.6.6.6 activate
neighbor 8.8.8.8 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

router isis 1
net 49.0000.7777.7777.7777.00

address-family ipv4 unicast

vEOS4

hostname veos4
  
interface Ethernet1
no switchport
ip address 3.3.3.2/30
isis enable 1
  
interface Ethernet2
no switchport
ip address 4.4.4.1/30
isis enable 1

interface Loopback0
ip address 8.8.8.8/32
isis enable 1
  
ip routing

mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 7.7.7.7 remote-as 65400
neighbor 7.7.7.7 update-source Loopback0
neighbor 7.7.7.7 send-community extended
neighbor 9.9.9.9 remote-as 65400
neighbor 9.9.9.9 update-source Loopback0
neighbor 9.9.9.9 route-reflector-client
neighbor 9.9.9.9 send-community extended
  
address-family ipv4
neighbor 7.7.7.7 activate
neighbor 9.9.9.9 activate

address-family vpn-ipv4
neighbor 7.7.7.7 activate
neighbor 9.9.9.9 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

router isis 1
net 49.0000.8888.8888.8888.00

address-family ipv4 unicast

vEOS5

hostname veos5
  
vrf instance cust1

interface Ethernet1
no switchport
vrf cust1
ip address 10.10.10.1/30

interface Ethernet2
no switchport
ip address 4.4.4.2/30
isis enable 1

interface Loopback0
ip address 9.9.9.9/32
isis enable 1

ip routing
ip routing vrf cust1
  
mpls ip

mpls ldp
router-id interface Loopback0
no shutdown

router bgp 65400
neighbor 8.8.8.8 remote-as 65400
neighbor 8.8.8.8 update-source Loopback0
neighbor 8.8.8.8 send-community extended

address-family ipv4
neighbor 8.8.8.8 activate

address-family vpn-ipv4
neighbor 8.8.8.8 activate
neighbor default encapsulation mpls next-hop-self source-interface Loopback0

vrf cust1
rd 9.9.9.9:1
route-target import vpn-ipv4 65400:1
route-target export vpn-ipv4 65400:1
neighbor 10.10.10.2 remote-as 65500
redistribute connected

router isis 1
net 49.0000.9999.9999.9999.00
!
address-family ipv4 unicast

Cisco vIOS routers used as the CE’s. It doesn’t appear that Arista has the ‘as-override’ command so you will need to use ‘allowas-in’ on the CE’s otherwise routes from the opposing CE will not be imported. This is due to the AS already being in the path and is standard BGP loop protection.

Loopbacks of 11.11.11.11 (ce1) & 12.12.12.12 (ce2) have been configured on the CE’s, redistributed into BGP and visible in the opposing CE’s route table.

OcNOS – L3VPN

OcNOS is an open network operating system produced by IP Infusion. A copy of the software to use with EVE-NG or GNS3 can be downloaded from their website (click below).

This lab is a simple L3VPN. IS-IS used as the underlay and iBGP between PE1 & PE2. If not familiar with OcNOS, the CLI is very similar to Cisco IOS but with a commit so don’t forget to issue that after you have applied the commands!

PE1

conf t
hostname pe1

ip vrf cust1
rd 5.5.5.5:1
route-target both 65200:1
  
router ldp
inter-area-lsp eth1

interface lo
ip address 5.5.5.5/32 secondary
ip router isis 1
  
interface eth1
ip address 1.1.1.1/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip vrf forwarding cust1
ip address 10.1.1.1/24

router isis 1
is-type level-2-only
net 49.0000.1111.1111.1111.00

router bgp 65200
neighbor 9.9.9.9 remote-as 65200
neighbor 9.9.9.9 update-source lo

address-family ipv4 unicast
redistribute connected
neighbor 9.9.9.9 activate
exit-address-family

address-family vpnv4 unicast
neighbor 9.9.9.9 activate
exit-address-family

address-family ipv4 vrf cust1
neighbor 10.1.1.100 remote-as 65222
neighbor 10.1.1.100 activate
neighbor 10.1.1.100 as-override
exit-address-family

P1

conf t
hostname p1
  
router ldp
inter-area-lsp eth1
  
interface lo
ip address 6.6.6.6/32 secondary
ip router isis 1
  
interface eth1
ip address 1.1.1.2/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip address 2.2.2.1/30
label-switching
ip router isis 1
enable-ldp ipv4

router isis 1
is-type level-2-only
net 49.0000.2222.2222.2222.00

P2

conf t
hostname p2

router ldp

interface lo
ip address 7.7.7.7/32 secondary
ip router isis 1
  
interface eth1
ip address 2.2.2.2/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip address 3.3.3.1/30
label-switching
ip router isis 1
enable-ldp ipv4

router isis 1
is-type level-2-only
net 49.0000.7777.7777.7777.00

P3

conf t
hostname p3

router ldp
  
interface lo
ip address 8.8.8.8/32 secondary
ip router isis 1

interface eth1
ip address 3.3.3.2/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip address 4.4.4.1/30
label-switching
ip router isis 1
enable-ldp ipv4

router isis 1
is-type level-2-only
net 49.0000.8888.8888.8888.00

PE2

conf t
hostname pe2

ip vrf cust1
rd 9.9.9.9:1
route-target both 65200:1

router ldp
inter-area-lsp eth1

hostname pe2

interface lo
ip address 9.9.9.9/32 secondary
ip router isis 1

interface eth1
ip address 4.4.4.2/30
label-switching
ip router isis 1
enable-ldp ipv4

interface eth2
ip vrf forwarding cust1
ip address 10.10.10.1/24
  
router isis 1
is-type level-2-only
net 49.0000.9999.9999.9999.00

router bgp 65200
neighbor 5.5.5.5 remote-as 65200
neighbor 5.5.5.5 update-source lo

address-family ipv4 unicast
redistribute connected
neighbor 5.5.5.5 activate
exit-address-family

address-family vpnv4 unicast
neighbor 5.5.5.5 activate
exit-address-family

address-family ipv4 vrf cust1
neighbor 10.10.10.100 remote-as 65222
neighbor 10.10.10.100 activate
neighbor 10.10.10.100 as-override
exit-address-family

BGP is configured between the CE (Cisco vIOS) & PE devices and loopbacks have been configured on the CE’s with addresses of 22.22.22.22 & 33.33.33.33 respectively. These are being redistributed into BGP and you should now see the opposing loopback in the route table.

Juniper vJunosEvolved – L3VPN

An example Juniper L3VPN configuration example. IS-IS underlay and BGP between PE’s & CE’s.

https://www.juniper.net/documentation/us/en/software/junos/vpn-l3/topics/example/mpls-qfx-series-vpn-layer3.html

vEVO1

set interfaces et-0/0/0 unit 0 family inet address 1.1.1.1/30
set interfaces et-0/0/0 unit 0 family iso
set interfaces et-0/0/0 unit 0 family mpls
set interfaces et-0/0/1 unit 0 family inet address 6.6.6.2/30
set interfaces et-0/0/1 unit 0 family iso
set interfaces et-0/0/1 unit 0 family mpls
set interfaces et-0/0/2 unit 0 family inet address 10.1.1.1/24
set interfaces lo0 unit 0 family inet address 5.5.5.5/32
set interfaces lo0 unit 0 family iso address 49.0000.5555.5555.5555.00
set interfaces lo0 unit 0 family mpls
set policy-options policy-statement nhs term 1 from protocol bgp
set policy-options policy-statement nhs term 1 then next-hop self
set routing-instances cust1 instance-type vrf
set routing-instances cust1 protocols bgp group cust1 type external
set routing-instances cust1 protocols bgp group cust1 as-override
set routing-instances cust1 protocols bgp group cust1 neighbor 10.1.1.254 peer-as 65444
set routing-instances cust1 interface et-0/0/2.0
set routing-instances cust1 route-distinguisher 5.5.5.5:1
set routing-instances cust1 vrf-target target:65400:1
set routing-instances cust1 vrf-table-label
set routing-options router-id 5.5.5.5
set routing-options autonomous-system 65400
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 5.5.5.5
set protocols bgp group overlay family inet unicast
set protocols bgp group overlay family inet-vpn unicast
set protocols bgp group overlay export nhs
set protocols bgp group overlay neighbor 6.6.6.6
set protocols bgp group overlay neighbor 8.8.8.8
set protocols isis interface all
set protocols isis level 1 disable
set protocols isis level 2 wide-metrics-only
set protocols ldp interface all
set protocols mpls interface all

vEVO2

set interfaces et-0/0/0 unit 0 family inet address 6.6.6.1/30
set interfaces et-0/0/0 unit 0 family iso
set interfaces et-0/0/0 unit 0 family mpls
set interfaces et-0/0/1 unit 0 family inet address 2.2.2.1/30
set interfaces et-0/0/1 unit 0 family iso
set interfaces et-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 6.6.6.6/32
set interfaces lo0 unit 0 family iso address 49.0000.6666.6666.6666.00
set interfaces lo0 unit 0 family mpls
set policy-options policy-statement nhs term 1 from protocol bgp
set policy-options policy-statement nhs term 1 then next-hop self
set routing-options router-id 6.6.6.6
set routing-options autonomous-system 65400
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 6.6.6.6
set protocols bgp group overlay family inet unicast
set protocols bgp group overlay family inet-vpn unicast
set protocols bgp group overlay export nhs
set protocols bgp group overlay cluster 6.6.6.6
set protocols bgp group overlay neighbor 5.5.5.5
set protocols bgp group overlay neighbor 9.9.9.9
set protocols isis interface all
set protocols isis level 1 disable
set protocols isis level 2 wide-metrics-only
set protocols ldp interface all
set protocols mpls interface all

vEVO3

set interfaces et-0/0/0 unit 0 family inet address 1.1.1.2/30
set interfaces et-0/0/0 unit 0 family iso
set interfaces et-0/0/0 unit 0 family mpls
set interfaces et-0/0/1 unit 0 family inet address 3.3.3.2/30
set interfaces et-0/0/1 unit 0 family iso
set interfaces et-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 8.8.8.8/32
set interfaces lo0 unit 0 family iso address 49.0000.8888.8888.8888.00
set interfaces lo0 unit 0 family mpls
set policy-options policy-statement nhs term 1 from protocol bgp
set policy-options policy-statement nhs term 1 then next-hop self
set routing-options router-id 8.8.8.8
set routing-options autonomous-system 65400
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 8.8.8.8
set protocols bgp group overlay family inet unicast
set protocols bgp group overlay family inet-vpn unicast
set protocols bgp group overlay export nhs
set protocols bgp group overlay cluster 8.8.8.8
set protocols bgp group overlay neighbor 7.7.7.7
set protocols bgp group overlay neighbor 5.5.5.5
set protocols isis interface all
set protocols isis level 1 disable
set protocols isis level 2 wide-metrics-only
set protocols ldp interface all
set protocols mpls interface all

vEVO4

set interfaces et-0/0/0 unit 0 family inet address 3.3.3.1/30
set interfaces et-0/0/0 unit 0 family iso
set interfaces et-0/0/0 unit 0 family mpls
set interfaces et-0/0/1 unit 0 family inet address 4.4.4.2/30
set interfaces et-0/0/1 unit 0 family iso
set interfaces et-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 7.7.7.7/32
set interfaces lo0 unit 0 family iso address 49.0000.7777.7777.7777.00
set interfaces lo0 unit 0 family mpls
set policy-options policy-statement nhs term 1 from protocol bgp
set policy-options policy-statement nhs term 1 then next-hop self
set routing-options router-id 7.7.7.7
set routing-options autonomous-system 65400
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 7.7.7.7
set protocols bgp group overlay family inet unicast
set protocols bgp group overlay family inet-vpn unicast
set protocols bgp group overlay export nhs
set protocols bgp group overlay neighbor 9.9.9.9
set protocols bgp group overlay neighbor 8.8.8.8
set protocols isis interface all
set protocols isis level 1 disable
set protocols isis level 2 wide-metrics-only
set protocols ldp interface all
set protocols mpls interface all

vEVO5

set interfaces et-0/0/0 unit 0 family inet address 4.4.4.1/30
set interfaces et-0/0/0 unit 0 family iso
set interfaces et-0/0/0 unit 0 family mpls
set interfaces et-0/0/1 unit 0 family inet address 2.2.2.2/30
set interfaces et-0/0/1 unit 0 family iso
set interfaces et-0/0/1 unit 0 family mpls
set interfaces et-0/0/2 unit 0 family inet address 10.10.10.1/24
set interfaces lo0 unit 0 family inet address 9.9.9.9/32
set interfaces lo0 unit 0 family iso address 49.0000.9999.9999.9999.00
set interfaces lo0 unit 0 family mpls
set policy-options policy-statement nhs term 1 from protocol bgp
set policy-options policy-statement nhs term 1 then next-hop self
set routing-instances cust1 instance-type vrf
set routing-instances cust1 protocols bgp group cust1 type external
set routing-instances cust1 protocols bgp group cust1 as-override
set routing-instances cust1 protocols bgp group cust1 neighbor 10.10.10.254 peer-as 65444
set routing-instances cust1 interface et-0/0/2.0
set routing-instances cust1 route-distinguisher 9.9.9.9:1
set routing-instances cust1 vrf-target target:65400:1
set routing-instances cust1 vrf-table-label
set routing-options router-id 9.9.9.9
set routing-options autonomous-system 65400
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 9.9.9.9
set protocols bgp group overlay family inet unicast
set protocols bgp group overlay family inet-vpn unicast
set protocols bgp group overlay export nhs
set protocols bgp group overlay neighbor 7.7.7.7
set protocols bgp group overlay neighbor 6.6.6.6
set protocols isis interface all
set protocols isis level 1 disable
set protocols isis level 2 wide-metrics-only
set protocols ldp interface all
set protocols mpls interface all

BGP is configured between the CE & PE devices and loopbacks have been configured on the CE’s with addresses of 111.111.111.111 & 222.222.222.222 respectively. These are being redistributed into BGP and you should now see the opposing loopback in the route table.

Cisco IOS-XE EVPN/VPWS

Aim of this lab is to create a layer 2 circuit between switch6 & switch7 and form an OSPF adjacency. IS-IS is used for the underlay as it’s better (it really is!).

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l2_vpns/configuration/xe-3s/asr903/mp-l2-vpns-xe-3s-asr903-book/epvn_vpws_single_homed.html

CSR1

conf t
hostname csr1
mpls label protocol ldp
l2vpn evpn logging vc-state
l2vpn
router-id 5.5.5.5

interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip router isis 1

interface GigabitEthernet1
ip address 1.1.1.1 255.255.255.252
ip router isis 1
mpls ip

interface GigabitEthernet2
no ip address
service instance 1 ethernet
encapsulation dot1q 1000
rewrite ingress tag pop 1 symmetric
  
router isis 1
net 49.0000.5555.5555.5555.00

router bgp 65200
bgp log-neighbor-changes
neighbor 6.6.6.6 remote-as 65200
neighbor 6.6.6.6 update-source Loopback0

address-family ipv4
neighbor 6.6.6.6 activate
exit-address-family

address-family l2vpn evpn
neighbor 6.6.6.6 activate
exit-address-family

l2vpn evpn instance 1 point-to-point

vpws context cust1
service target 1 source 2
member GigabitEthernet2 service-instance 1

CSR2

conf t
hostname csr2
mpls label protocol ldp
  
interface Loopback0
ip address 6.6.6.6 255.255.255.255
ip router isis 1
  
interface GigabitEthernet1
ip address 1.1.1.2 255.255.255.252
ip router isis 1
mpls ip

interface GigabitEthernet2
ip address 2.2.2.1 255.255.255.252
ip router isis 1
mpls ip
  
router isis 1
net 49.0000.6666.6666.6666.00

router bgp 65200
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 65200
neighbor 5.5.5.5 update-source Loopback0
neighbor 7.7.7.7 remote-as 65200
neighbor 7.7.7.7 update-source Loopback0

address-family ipv4
neighbor 5.5.5.5 activate
neighbor 7.7.7.7 activate
exit-address-family

address-family l2vpn evpn
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 route-reflector-client
neighbor 7.7.7.7 activate
exit-address-family

CSR3

conf t
hostname csr3
mpls label protocol ldp

interface Loopback0
ip address 7.7.7.7 255.255.255.255
ip router isis 1

interface GigabitEthernet1
ip address 2.2.2.2 255.255.255.252
ip router isis 1
mpls ip

interface GigabitEthernet2
ip address 3.3.3.1 255.255.255.252
ip router isis 1
mpls ip
  
router isis 1
net 49.0000.7777.7777.7777.00

router bgp 65200
bgp log-neighbor-changes
neighbor 6.6.6.6 remote-as 65200
neighbor 6.6.6.6 update-source Loopback0
neighbor 8.8.8.8 remote-as 65200
neighbor 8.8.8.8 update-source Loopback0

address-family ipv4
neighbor 6.6.6.6 activate
neighbor 8.8.8.8 activate
exit-address-family

address-family l2vpn evpn
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 route-reflector-client
neighbor 8.8.8.8 activate
neighbor 8.8.8.8 route-reflector-client
exit-address-family

CSR4

conf t
hostname csr4
mpls label protocol ldp
  
interface Loopback0
ip address 8.8.8.8 255.255.255.255
ip router isis 1

interface GigabitEthernet1
ip address 3.3.3.2 255.255.255.252
ip router isis 1
mpls ip
 
interface GigabitEthernet2
ip address 4.4.4.1 255.255.255.252
ip router isis 1
mpls ip
  
router isis 1
net 49.0000.8888.8888.8888.00
  
router bgp 65200
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 65200
neighbor 7.7.7.7 update-source Loopback0
neighbor 9.9.9.9 remote-as 65200
neighbor 9.9.9.9 update-source Loopback0

address-family ipv4
neighbor 7.7.7.7 activate
neighbor 9.9.9.9 activate
exit-address-family

address-family l2vpn evpn
neighbor 7.7.7.7 activate
neighbor 9.9.9.9 activate
neighbor 9.9.9.9 route-reflector-client
exit-address-family

CSR5

conf t
hostname csr5
mpls label protocol ldp
l2vpn
router-id 9.9.9.9
  
interface Loopback0
ip address 9.9.9.9 255.255.255.255
ip router isis 1

interface GigabitEthernet1
ip address 4.4.4.2 255.255.255.252
ip router isis 1
mpls ip
  
interface GigabitEthernet2
no ip address
service instance 1 ethernet
encapsulation dot1q 1000
rewrite ingress tag pop 1 symmetric

router isis 1
net 49.0000.9999.9999.9999.00

router bgp 65200
bgp log-neighbor-changes
neighbor 8.8.8.8 remote-as 65200
neighbor 8.8.8.8 update-source Loopback0

address-family ipv4
neighbor 8.8.8.8 activate
exit-address-family
 
address-family l2vpn evpn
neighbor 8.8.8.8 activate
exit-address-family

mpls ldp router-id Loopback0
l2vpn evpn instance 1 point-to-point

vpws context cust1
service target 2 source 1
member GigabitEthernet2 service-instance 1

Once all devices configured, run ‘show l2vpn evpn vc id 1‘ to confirm circuit is up and then configure OSPF on your CE devices (use whatever you prefer) and the adjacency will come up.

Aruba VXLAN/EVPN

Another VXLAN/EVPN lab but this time from Aruba. Usual spine/leaf topology and OSPF used as underlay because IS-IS is not supported by the CX image.

Spine1

conf t
hostname spine1

interface 1/1/1
no shutdown
ip address 1.1.1.1/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 2.2.2.1/30
ip ospf 1 area 0.0.0.0

interface 1/1/3
no shutdown
ip address 3.3.3.1/30
ip ospf 1 area 0.0.0.0

interface loopback 0
ip address 5.5.5.5/32
ip ospf 1 area 0.0.0.0

router ospf 1
router-id 5.5.5.5
area 0.0.0.0

router bgp 65400
neighbor 7.7.7.7 remote-as 65400
neighbor 7.7.7.7 update-source loopback 0
neighbor 8.8.8.8 remote-as 65400
neighbor 8.8.8.8 update-source loopback 0
neighbor 9.9.9.9 remote-as 65400
neighbor 9.9.9.9 update-source loopback 0
address-family l2vpn evpn
neighbor 7.7.7.7 route-reflector-client
neighbor 7.7.7.7 send-community extended
neighbor 7.7.7.7 activate
neighbor 8.8.8.8 route-reflector-client
neighbor 8.8.8.8 send-community extended
neighbor 8.8.8.8 activate
neighbor 9.9.9.9 route-reflector-client
neighbor 9.9.9.9 send-community extended
neighbor 9.9.9.9 activate
exit-address-family

Spine2

conf t
hostname spine2

interface 1/1/1
no shutdown
ip address 11.11.11.1/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 12.12.12.1/30
ip ospf 1 area 0.0.0.0

interface 1/1/3
no shutdown
ip address 13.13.13.1/30
ip ospf 1 area 0.0.0.0
 
interface loopback 0
ip address 6.6.6.6/32
ip ospf 1 area 0.0.0.0

router ospf 1
router-id 6.6.6.6
area 0.0.0.0

router bgp 65400
neighbor 7.7.7.7 remote-as 65400
neighbor 7.7.7.7 update-source loopback 0
neighbor 8.8.8.8 remote-as 65400
neighbor 8.8.8.8 update-source loopback 0
neighbor 9.9.9.9 remote-as 65400
neighbor 9.9.9.9 update-source loopback 0
address-family l2vpn evpn
neighbor 7.7.7.7 route-reflector-client
neighbor 7.7.7.7 send-community extended
neighbor 7.7.7.7 activate
neighbor 8.8.8.8 route-reflector-client
neighbor 8.8.8.8 send-community extended
neighbor 8.8.8.8 activate
neighbor 9.9.9.9 route-reflector-client
neighbor 9.9.9.9 send-community extended
neighbor 9.9.9.9 activate
exit-address-family

Leaf1

conf t
hostname leaf1

vlan  77
evpn
vlan 77
rd 7.7.7.7:1
route-target export 65400:1
route-target import 65400:1

interface 1/1/1
no shutdown
ip address 1.1.1.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 11.11.11.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/3
no shutdown
no routing
vlan access 77

interface loopback 0
ip address 7.7.7.7/32
ip ospf 1 area 0.0.0.0

interface vxlan 1
source ip 7.7.7.7
no shutdown
vni 77
vlan 77

router ospf 1
router-id 7.7.7.7
area 0.0.0.0

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source loopback 0
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source loopback 0
address-family l2vpn evpn
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 activate
exit-address-family

Leaf2

conf t
hostname leaf2

vlan 144
evpn
vlan 144
rd 8.8.8.8:1
route-target export 65400:2
route-target import 65400:2

interface 1/1/1
no shutdown
ip address 2.2.2.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 12.12.12.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/4
no shutdown
no routing
vlan access 144

interface loopback 0
ip address 8.8.8.8/32
ip ospf 1 area 0.0.0.0

interface vxlan 1
source ip 8.8.8.8
no shutdown
vni 144
vlan 144

router ospf 1
router-id 8.8.8.8
area 0.0.0.0

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source loopback 0
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source loopback 0
address-family l2vpn evpn
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 activate
exit-address-family

Leaf3

hostname leaf3

vlan 77,144
evpn
vlan 77
rd 9.9.9.9:1
route-target export 65400:1
route-target import 65400:1
vlan 144
rd 9.9.9.9:2
route-target export 65400:2
route-target import 65400:2

interface 1/1/1
no shutdown
ip address 3.3.3.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/2
no shutdown
ip address 13.13.13.2/30
ip ospf 1 area 0.0.0.0

interface 1/1/3
no shutdown
no routing
vlan access 77

interface 1/1/4
no shutdown
no routing
vlan access 144

interface loopback 0
ip address 9.9.9.9/32
ip ospf 1 area 0.0.0.0

interface vxlan 1
source ip 9.9.9.9
no shutdown
vni 77
vlan 77
vni 144
vlan 144

router ospf 1
router-id 9.9.9.9
area 0.0.0.0

router bgp 65400
neighbor 5.5.5.5 remote-as 65400
neighbor 5.5.5.5 update-source loopback 0
neighbor 6.6.6.6 remote-as 65400
neighbor 6.6.6.6 update-source loopback 0
address-family l2vpn evpn
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 activate
exit-address-family

vPC6 & vPC8 are in VLAN 77. vPC7 & vPC9 are in VLAN 144. Apply IP addresses from the same subnet on each device in each VLAN and happy days!