Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[QFX] Example Configuration for VXLAN in QFX5100

0

1

Article ID: KB30315 KB Last Updated: 02 May 2018Version: 2.0
Summary:

This article provides information about the configuration of VXLAN (multicast based) for QFX5100.

Symptoms:

Configure a VXLAN in QFX5100 with the following topology:

|Ex4200-A| xe-0/1/0 --- xe-0/0/3 |QFX5100-A| xe-0/0/4 --- xe-0/0/2 |QFX5100-B| xe-0/0/4 -- xe-0/1/0 |Ex4200-B|

Ex4200-A - 50 network (50.0.0.1/8) / 60 network (60.0.0.1/8)

Ex4200-B - 50 network (50.0.0.2/8) / 60 network (60.0.0.2/8)

QFX5100-A --- 20 network --- QFX5100-B

 

Solution:

For further details, please refer to the documentation on VXLAN Constraints on QFX Series Switches

Notes:
  • VXLAN, multicast based, supports only sparse mode.
  • PIM-BIDIR and PIM-SSM are not supported with VXLANs.

 

Example configuration

EX4200-A configuration

set vlans vlan100 vlan-id 100
set vlans vlan200 vlan-id 200
set interfaces xe-0/1/0 vlan-tagging
set interfaces xe-0/1/0 unit 100 vlan-id 100
set interfaces xe-0/1/0 unit 100 family inet address 50.0.0.1/8
set interfaces xe-0/1/0 unit 200 vlan-id 200
set interfaces xe-0/1/0 unit 200 family inet address 60.0.0.1/8

QFX5100-A configuration:

set vlans vlan100 vlan-id 100

Map the VLAN with the VXLAN:

set vlans vlan100 vxlan vni 100 

Assign a Multicast group for the VXLAN:

set vlans vlan100 vxlan multicast-group 224.1.1.1

Configure the switch to retain the original VLAN tag (in the inner Ethernet packet) after VXLAN encapsulation:

set vlans vlan100 vxlan encapsulate-inner-vlan 
 

Optional: Configure the system to age out the address for the remote VTEP (the other QFX5100 switch) if all the MAC addresses learned from that VTEP age out. The address for the remote VTEP expires the configured number of seconds after the last learned MAC address expires:

set vlans vlan100 vxlan unreachable-vtep-aging-timer 600

set vlans vlan200 vlan-id 200
set vlans vlan200 vxlan vni 200
set vlans vlan200 vxlan multicast-group 224.1.1.1
set vlans vlan200 vxlan encapsulate-inner-vlan
set vlans vlan200 vxlan unreachable-vtep-aging-timer 600

Configure the switch to de-encapsulate and accept original VLAN tags in VXLAN packets:

set protocols l2-learning decapsulate-accept-inner-vlan

Make that loopback address as tunnel source:

set switch-options vtep-source-interface lo0.0

Configures PIM sparse mode:

set protocols pim rp local family inet address 30.0.0.1
set protocols pim interface xe-0/0/4.0 mode sparse

Required to carry the tagged traffic:

set interfaces xe-0/0/3 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/3 unit 0 family ethernet-switching vlan members vlan100
set interfaces xe-0/0/3 unit 0 family ethernet-switching vlan members vlan200

QFX5100-A egress interface:

set interfaces xe-0/0/4 unit 0 family inet address 20.0.0.1/8

Create a reachable IPv4 address:

set interfaces lo0 unit 0 family inet address 30.0.0.1/8 

For loopback reachability:

set protocols ospf area 0.0.0.0 interface xe-0/0/4.0
set protocols ospf area 0.0.0.0 interface lo0.0

QFX5100-B configuration:

set vlans vlan100 vlan-id 100
set vlans vlan100 vxlan vni 100
set vlans vlan100 vxlan multicast-group 224.1.1.1
set vlans vlan100 vxlan encapsulate-inner-vlan
set vlans vlan100 vxlan unreachable-vtep-aging-timer 600
set vlans vlan200 vlan-id 200
set vlans vlan200 vxlan vni 200
set vlans vlan200 vxlan multicast-group 224.1.1.1
set vlans vlan200 vxlan encapsulate-inner-vlan
set vlans vlan200 vxlan unreachable-vtep-aging-timer 600
set protocols l2-learning decapsulate-accept-inner-vlan
set switch-options vtep-source-interface lo0.0
set protocols pim rp static address 30.0.0.1

set protocols pim interface xe-0/0/2.0 mode sparse
set interfaces xe-0/0/2 unit 0 family inet address 20.0.0.2/8
set interfaces xe-0/0/4 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members vlan100
set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members vlan200
set interfaces lo0 unit 0 family inet address 40.0.0.1/8
set protocols ospf area 0.0.0.0 interface xe-0/0/2.0
set protocols ospf area 0.0.0.0 interface lo0.0
 

Ex4200-B configuration:

set vlans vlan100 vlan-id 100
set vlans vlan200 vlan-id 200
set interfaces xe-0/1/0 vlan-tagging
set interfaces xe-0/1/0 unit 100 vlan-id 100
set interfaces xe-0/1/0 unit 100 family inet address 50.0.0.2/8
set interfaces xe-0/1/0 unit 200 vlan-id 200
set interfaces xe-0/1/0 unit 200 family inet address 60.0.0.2/8
 

Output verification:

root@EX4200-B# run ping 50.0.0.1 source 50.0.0.2 rapid count 100
PING 50.0.0.2 (50.0.0.2): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

--- 50.0.0.1 ping statistics ---
100 packets transmitted, 100 packets received, 0% packet loss
round-trip min/avg/max/stddev = 7.894/12.045/98.700/8.880 ms

root@EX4200-B# run ping 60.0.0.1 source 60.0.0.2 rapid count 100
PING 60.0.0.2 (60.0.0.2): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

--- 60.0.0.1 ping statistics ---
100 packets transmitted, 100 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.001/12.838/109.692/13.557 ms


root@QFX5100-A# run show ethernet-switching vxlan-tunnel-end-point source
Logical System Name       Id  SVTEP-IP         IFL   L3-Idx

<default>                 0   30.0.0.1         lo0.0    0 
    L2-RTT                   Bridge Domain              VNID     MC-Group-IP
    default-switch           vlan100+100                100      224.1.1.1     
    default-switch           vlan200+200                200      224.1.1.1

root@QFX5100-B# run show ethernet-switching vxlan-tunnel-end-point source
Logical System Name       Id  SVTEP-IP         IFL   L3-Idx

<default>                 0   40.0.0.1         lo0.0    0 
    L2-RTT                   Bridge Domain              VNID     MC-Group-IP
    default-switch           vlan100+100                100      224.1.1.1     
    default-switch           vlan200+200                200      224.1.1.1     
 

The following output is required to confirm if the VXLAN tunnels are formed or not:

root@QFX5100-A# run show ethernet-switching vxlan-tunnel-end-point remote
Logical System Name       Id  SVTEP-IP         IFL   L3-Idx

<default>                 0   30.0.0.1         lo0.0    0 
 RVTEP-IP         IFL-Idx   NH-Id
 40.0.0.1         563       1764    
    VNID          MC-Group-IP     
    200           224.1.1.1      
    100           224.1.1.1

root@QFX5100-B# run show ethernet-switching vxlan-tunnel-end-point remote
Logical System Name       Id  SVTEP-IP         IFL   L3-Idx

<default>                 0   40.0.0.1         lo0.0    0 
 RVTEP-IP         IFL-Idx   NH-Id
 30.0.0.1         562       1772    
    VNID          MC-Group-IP     
    200           224.1.1.1      
    100           224.1.1.1

root@QFX5100-A# run show vlans

Routing instance        VLAN name             Tag          Interfaces

default-switch          default               1       
                                                           
default-switch          vlan100               100     
                                                           ge-0/0/3.0*
                                                           vtep.32769*
default-switch          vlan200               200     
                                                           ge-0/0/3.0*
                                                           vtep.32769*

root@QFX5100-B# run show vlans

Routing instance        VLAN name             Tag          Interfaces

default-switch          default               1       
                                                           
default-switch          vlan100               100     
                                                           ge-0/0/4.0*
                                                           vtep.32769*
default-switch          vlan200               200     
                                                           ge-0/0/4.0*
                                                           vtep.32769*
 
 
{master:0}[edit]
root@QFX5100-A# run show ethernet-switching table
 
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static
           SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
 
 
Ethernet switching table : 2 entries, 2 learned
Routing instance : default-switch
    Vlan                MAC                 MAC         Age    Logical
    name                address             flags              interface
    vlan100             64:c3:d6:8f:45:64   D             -   ge-0/0/3.0          
    vlan100             64:c3:d6:8f:4f:64   D             -   vtep.32769          
 
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static
           SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
 
 
Ethernet switching table : 2 entries, 2 learned
Routing instance : default-switch      
    Vlan                MAC                 MAC         Age    Logical
    name                address             flags              interface
    vlan200             64:c3:d6:8f:45:64   D             -   ge-0/0/3.0          
    vlan200             64:c3:d6:8f:4f:64   D             -   vtep.32769 
 
{master:0}[edit]
root@QFX5100-B# run show ethernet-switching table
 
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static
           SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
 
 
Ethernet switching table : 2 entries, 2 learned
Routing instance : default-switch
    Vlan                MAC                 MAC         Age    Logical
    name                address             flags              interface
    vlan100             64:c3:d6:8f:45:64   D             -   vtep.32769          
    vlan100             64:c3:d6:8f:4f:64   D             -   ge-0/0/4.0          
 
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static
           SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
 
 
Ethernet switching table : 2 entries, 2 learned
Routing instance : default-switch      
    Vlan                MAC                 MAC         Age    Logical
    name                address             flags              interface
    vlan200             64:c3:d6:8f:45:64   D             -   vtep.32769          
    vlan200             64:c3:d6:8f:4f:64   D             -   ge-0/0/4.0
 
{master:0}[edit]
root@QFX5100-A# run show interfaces vtep  
Physical interface: vtep, Enabled, Physical link is Up
  Interface index: 641, SNMP ifIndex: 506
  Type: Software-Pseudo, Link-level type: VxLAN-Tunnel-Endpoint, MTU: Unlimited,
  Speed: Unlimited
  Device flags   : Present Running
  Link type      : Full-Duplex
  Link flags     : None
  Last flapped   : Never
    Input packets : 0
    Output packets: 0
 
  Logical interface vtep.32768 (Index 553) (SNMP ifIndex 523)
    Flags: Up SNMP-Traps Encapsulation: ENET2
    VXLAN Endpoint Type: Source, VXLAN Endpoint Address: 30.0.0.1, L2 Routing Instance: default-switch, L3 Routing Instance: default
    Input packets : 0
    Output packets: 0
 
  Logical interface vtep.32769 (Index 563) (SNMP ifIndex 528)
    Flags: Up SNMP-Traps Encapsulation: ENET2
    VXLAN Endpoint Type: Remote, VXLAN Endpoint Address: 40.0.0.1, L2 Routing Instance: default-switch, L3 Routing Instance: default
    Input packets : 568
    Output packets: 408                
    Protocol eth-switch, MTU: Unlimited
      Flags: Trunk-Mode
 
{master:0}[edit]
root@QFX5100-B# run show interfaces vtep
Physical interface: vtep, Enabled, Physical link is Up
  Interface index: 641, SNMP ifIndex: 506
  Type: Software-Pseudo, Link-level type: VxLAN-Tunnel-Endpoint, MTU: Unlimited,
  Speed: Unlimited
  Device flags   : Present Running
  Link type      : Full-Duplex
  Link flags     : None
  Last flapped   : Never
    Input packets : 0
    Output packets: 0
 
  Logical interface vtep.32768 (Index 554) (SNMP ifIndex 520)
    Flags: Up SNMP-Traps Encapsulation: ENET2
    VXLAN Endpoint Type: Source, VXLAN Endpoint Address: 40.0.0.1, L2 Routing Instance: default-switch, L3 Routing Instance: default
    Input packets : 0
    Output packets: 0
 
  Logical interface vtep.32769 (Index 562) (SNMP ifIndex 524)
    Flags: Up SNMP-Traps Encapsulation: ENET2
    VXLAN Endpoint Type: Remote, VXLAN Endpoint Address: 30.0.0.1, L2 Routing Instance: default-switch, L3 Routing Instance: default
    Input packets : 405
    Output packets: 402                
    Protocol eth-switch, MTU: Unlimited
      Flags: Trunk-Mode
 
{master:0}[edit]
root@QFX5100-A# run show pim join extensive | no-more   
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
 
Group: 224.1.1.1
    Source: *
    RP: 30.0.0.1
    Flags: sparse,rptree,wildcard
    Upstream interface: Local                
    Upstream neighbor: Local
    Upstream state: Local RP
    Uptime: 00:26:28
    Downstream neighbors:
        Interface: xe-0/0/4.0 (assert winner)
            20.0.0.2 State: Join Flags: SRW Timeout: 209
            Uptime: 00:26:01 Time since last Join: 00:00:01
            Assert Winner: 20.0.0.1 Metric: 0 Pref: 2147483648 Timeout: 50
        Interface: Pseudo-VXLAN          
    Number of downstream interfaces: 2
 
Group: 224.1.1.1
    Source: 30.0.0.1
    Flags: sparse,spt
    Upstream interface: Local                
    Upstream neighbor: Local
    Upstream state: Local Source, Local RP, No Prune to RP
    Keepalive timeout: 0
    Uptime: 00:22:00
    Downstream neighbors:
        Interface: xe-0/0/4.0            
            20.0.0.2 State: Join Flags: S Timeout: 209
            Uptime: 00:21:59 Time since last Join: 00:00:01
        Interface: Pseudo-VXLAN          
    Number of downstream interfaces: 2
 
Group: 224.1.1.1
    Source: 40.0.0.1
    Flags: sparse,spt
    Upstream interface: xe-0/0/4.0           
    Upstream neighbor: 20.0.0.2
    Upstream state: Local RP, Join to Source, No Prune to RP
    Keepalive timeout: 105
    Uptime: 00:26:01
    Downstream neighbors:
        Interface: xe-0/0/4.0 (pruned)
            20.0.0.2 State: Prune Flags: SR Timeout: 209
            Uptime: 00:26:01 Time since last Prune: 00:00:01
        Interface: Pseudo-VXLAN          
    Number of downstream interfaces: 2
 
Instance: PIM.master Family: INET6
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
 
{master:0}[edit]
root@QFX5100-A# run show multicast route extensive | no-more
Instance: master Family: INET
 
Group: 224.1.1.1
    Source: 30.0.0.1/32
    Upstream interface: local
    Downstream interface list:
        xe-0/0/4.0
    Number of outgoing interfaces: 1
    Session description: NOB Cross media facilities
    Statistics: 0 kBps, 0 pps, 1 packets
    Next-hop ID: 131074
    Upstream protocol: PIM
    Route state: Active
    Forwarding state: Forwarding
    Cache lifetime/timeout: forever
    Wrong incoming interface notifications: 0
    Uptime: 00:22:07
 
Group: 224.1.1.1
    Source: 40.0.0.1/32
    Upstream interface: xe-0/0/4.0
    Downstream interface list:
        Pseudo-VXLAN
    Number of outgoing interfaces: 1
    Session description: NOB Cross media facilities
    Statistics: 0 kBps, 0 pps, 215 packets
    Next-hop ID: 131070
    Upstream protocol: PIM
    Route state: Active
    Forwarding state: Forwarding
    Cache lifetime/timeout: forever
    Wrong incoming interface notifications: 1
    Uptime: 00:26:04
 
Instance: master Family: INET6
 
{master:0}[edit]
root@QFX5100-B# run show pim join extensive | no-more          
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
 
Group: 224.1.1.1
    Source: *
    RP: 30.0.0.1
    Flags: sparse,rptree,wildcard
    Upstream interface: xe-0/0/2.0           
    Upstream neighbor: 20.0.0.1 (assert winner)
    Upstream state: Join to RP
    Uptime: 00:27:19
    Downstream neighbors:
        Interface: Pseudo-VXLAN          
    Number of downstream interfaces: 1
 
Group: 224.1.1.1
    Source: 30.0.0.1
    Flags: sparse,spt
    Upstream interface: xe-0/0/2.0           
    Upstream neighbor: 20.0.0.1
    Upstream state: Join to Source, No Prune to RP
    Keepalive timeout: 175
    Uptime: 00:23:17
    Downstream neighbors:
        Interface: Pseudo-VXLAN          
    Number of downstream interfaces: 1
 
Group: 224.1.1.1
    Source: 40.0.0.1
    Flags: sparse,spt
    Upstream interface: Local                
    Upstream neighbor: Local
    Upstream state: Local Source, Prune to RP
    Keepalive timeout: 0
    Uptime: 00:29:38
    Downstream neighbors:
        Interface: xe-0/0/2.0            
            20.0.0.1 State: Join Flags: S Timeout: 195
            Uptime: 00:27:15 Time since last Join: 00:00:15
        Interface: Pseudo-VXLAN          
    Number of downstream interfaces: 2
 
Instance: PIM.master Family: INET6
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
 
{master:0}[edit]
root@QFX5100-B# run show multicast route extensive | no-more   
Instance: master Family: INET
 
Group: 224.1.1.1
    Source: 30.0.0.1/32
    Upstream interface: xe-0/0/2.0
    Downstream interface list:
        Pseudo-VXLAN
    Number of outgoing interfaces: 1
    Session description: NOB Cross media facilities
    Statistics: 0 kBps, 0 pps, 2 packets
    Next-hop ID: 131070
    Upstream protocol: PIM
    Route state: Active
    Forwarding state: Forwarding
    Cache lifetime/timeout: forever
    Wrong incoming interface notifications: 0
    Uptime: 00:23:20
 
Group: 224.1.1.1
    Source: 40.0.0.1/32
    Upstream interface: local
    Downstream interface list:
        xe-0/0/2.0
    Number of outgoing interfaces: 1
    Session description: NOB Cross media facilities
    Statistics: 0 kBps, 0 pps, 0 packets
    Next-hop ID: 131075
    Upstream protocol: PIM
    Route state: Active
    Forwarding state: Forwarding
    Cache lifetime/timeout: forever
    Wrong incoming interface notifications: 0
    Uptime: 00:29:41
 
Instance: master Family: INET6

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search