vMX setup guide for Network Engineerwho use request system power-off instead of shutdown h nowpmchan@juniper.netJune, 2014

VersionDescription

1.0Initial release on June, 2014

ContentsAbout this document4Building the KVM Linux host5Prepare the hardware5Install Linux base OS5Prepare CentOS Linux and install KVM8Basic configuration & Operation of KVM12Administrate KVM via Virsh commands12vMX Virtual Machine XML configuration13Virtual Network XML configuration19Basic configuration & Operation of vMX24Interface Configuration24Upgrade vMX JUNOS version25Some more advanced tasks26Blind VLAN tag interface into vMX26Attach windows client into testing network30Example: Create a 4 PE node eVPN network inside a single physical server35Network Diagram35Virtual Machine and Virtual Network XML37vMX Configuration38Running vMX over VirtualBox Hypervisor39Assumption & Background39Convert vMX image to VirtualBox format39Load the vMX in VirtualBox39JUNOS configuration in vMX47Other hints47JUNOS firmware upgrade47Additional NIC card in vMX48VLAN tagging48Duplicate disk image/duplicated UUID issue48

About this document

vMX is a solution to run a complete MX (including control and forwarding plane) in software environment.Starting from JUNOS 14.1, vMX will be available on every JUNOS release. In 14.1, the vMX is in phase 1 format which basically try to emulate MX80 (single ASIC, single RE). In phase 2 of vMX, multiple line card & RE support will be added to try to emulate more complex product like MX480. However, even for MX80 emulation alone, the vMX come with complete control and forwarding plane to make it ideal for solution testing. SE no longer need to have multiple MX on hand for feature testing or run multipe logical system in a physical box and do those hair pin patching. All they need is a PC with modern CPU and enough memory.

Unfortunately, the vMX is designed to run over KVM platform. There are some document in Matrix talk about using vMX but most of them are not written for network engieer who do not have background on KVM. As a result, I create this document to fill-up the blank for network engieer without prior KVM knowledge. So that they can make use of vMX as a powerful tool for their internal testing.

The majority of the document will focus on running vMX over KVM. This is because vMX itself is designed to run over KVM. However, not every network engineer have additional spare linux PC to run KVM. As a result, in second part of document, we will also share the trick to run vMX over VirtualBox hypervisor which is free of charge and support Windows/MacOS as host OS. Although VirtualBox is not a supported configuration and it run slower than KVM, running vMX over VirtualBox allows SE to use their own notebook for network simulation without building a dedicated KVM machine. Also VirtualBox hypervisor come with a easy to use GUI. So if you do not have any Linux knowledge, you may want to jump to VirtualBox section instead.

Building the KVM Linux hostPrepare the hardwareKVM run over Linux. Before install the Linux, we need to make sure there is hardware virtualization acceleration support enabled. Otherwise, the hypervisor will run under software emulation mode which is extremely slow.Most modern CPU support hardware virtualization acceleration, what you need to do is goto system BIOS to make sure something like Intel VT or AMD-V is enabled. Also, you may want to make sure you get enough RAM in your server to host enough vMX for your testing. The official memory requirement for vMX is 4GB. In reality, I found it can work well in 2GB. So if you want to emulate a network with 4 vMX in your server, you need to make sure your server got minimum 8GB RAM.

Install Linux base OSKVM is supported in most Linux distribution. In this document, I use CentOS as example because it closely follows RedHat Enterprise Linux and being used extensively in the industry. I use CentOS 6.5 in this example but it should work in other CentOS release as well. You can download CentOS6.5 from:http://isoredirect.centos.org/centos/6/isos/x86_64/CentOS-6.5-x86_64-bin-DVD1.isoAfter boot-up from the CentOS DVD, can follow following screen-shot for basic OS installation.

Configure the NIC card IPv4 info if needed. Default is DHCP.

Select Basic server is okay. We will add KVM related packages in future.Prepare CentOS Linux and install KVMAfter CentOS is installed and boot-up, you can login to the host. You need to disable SELinux which is enabled by default. To switch-off SELinux:Vi /etc/selinux/config

Change SELINUX=disable as:# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - No SELinux policy is loaded.SELINUX=disabled# SELINUXTYPE= can take one of these two values:# targeted - Targeted processes are protected,# mls - Multi Level Security protection.SELINUXTYPE=targeted

After that, reboot the linux OS for change to take effect.Once rebooted, assume you got Internet connectivity from your server, you can install KVM and related packages with following command:yum install kvm libvirt python-virtinst qemu-kvm bridge-utils

Then you can start the libvirt daemon as:/etc/init.d/libvirtd start

To ensure you are running KVM under hardware mode, you can run following command:[root@server1 ~]# lsmod | grep kvmkvm_intel 54285 6 kvm 333172 1 kvm_intel

The command output should indicate KVM_intel module is loaded (assume you are using Intel CPU).To ensure there is no potential blocking of network access, we also recommend to disable the IPTable firewall in the Linux host which is enabled by default:[root@server4 qemu]# iptables --flush[root@server4 qemu]# chkconfig iptables off

In KVM environment, there are several method to connect guest VMs network interface into host NIC like macvtap and others. I tried several of them and found the easiest and most compatible way to do that is via creating a network bridge interface and assign VM to the network bridge. In order to create a network bridge interface in the host PC, we have to change the interface configuration as below:1. Create a network bridge interfacevi /etc/sysconfig/network-scripts/ifcfg-br0

With following content:DEVICE="br0"NM_CONTROLLED="no"ONBOOT=yesTYPE=BridgeBOOTPROTO=noneIPADDR=192.168.0.100PREFIX=24GATEWAY=192.168.0.1DNS1=8.8.8.8DNS2=8.8.4.4DEFROUTE=yesIPV4_FAILURE_FATAL=yesIPV6INIT=noNAME="System br0"

You may want to change RED text to suit your environment. 2. Modify existing physical interface to map to newly created network bridge interfacevi /etc/sysconfig/network-scripts/ifcfg-eth0

Assume your servers physical NIC is eth0 in above example.You will need to comment out BOOTPROTO, IPADDR, PREFIX, GATEWAY, DNS1, DNS2 and add BRIDGE=br0 as follow example:DEVICE="eth0"#BOOTPROTO=noneNM_CONTROLLED="yes"ONBOOT=yesTYPE="Ethernet"UUID="73cb0b12-1f42-49b0-ad69-731e888276ff"HWADDR=00:1E:90:F3:F0:02#IPADDR=192.168.0.100#PREFIX=24#GATEWAY=192.168.0.1#DNS1=8.8.8.8#DNS2=8.8.4.4DEFROUTE=yesIPV4_FAILURE_FATAL=yesIPV6INIT=noNAME="System eth0"BRIDGE=br0

After that, restart the network to make sure the configuration change is effective:[root@server1 network-scripts]# service network restart

You can also run brctl show to verify the output, it should looks like:[root@server4 ~]# brctl showbridge name bridge id STP enabled interfacesbr0 8000.002590a9ddcb no eth0 br1 8000.002590a9ddca no eth1

The br0 is the bridge network interface and you will assign VM into the bridge interface in the future if you want them to access to outside world. If you got other physical interface (e.g. eth1) want to blind VMs NIC into it, you can re-use above procedure to create more bridge interface like br1 and assign eth1 into br1.From time to time, you may also want to do a system-wide update to make your system up to date for security patch and software bug fix, you can do that easily in CentOS via yum update:[root@server4 qemu]# yum update

Basic configuration & Operation of KVMAdministrate KVM via Virsh commandsThe Linux hypervisor can be administrated via GUI and several CLI commands. In following section, I will introduce virsh command which is good enough to complete most common hypervisor related tasks.Virsh means virtual shell. To access the virtual shell, simple type virsh in command prompt:[root@server4 ~]# virshWelcome to virsh, the virtualization interactive terminal.

Type: 'help' for help with commands 'quit' to quit

virsh #

There are several useful administrative commons like:virsh # list

vMX1 eth0 of hostInterface 2: br1 -> eth1 of hostInterface 3: br0 -> eth0 of hostInterface 4: br1 -> eth1 of hostInterface 5: br0 -> eth0 of hostInterface6: virbr0Interface7: virbr1Please note that each interface was defined with unique MAC address and PCI slot #.

Once saved, remember to re-define the vMX XML and restart the vMX instance for it to take effect.

Basic configuration & Operation of vMXInterface ConfigurationInside vMX, all interfaces you mapped in KVM appear as em interface. There is a default mapping of em-X interface to ge-0/0/Y interface defined under /etc/rpio.conf as:Em0 Connect to REEm1 Connect to REEm2 ge-0/0/0Em3 ge-0/0/1Em4 ge-0/0/2Em5 ge-0/0/3Em6 ge-0/0/4Em7 ge-0/0/5Em8 ge-0/0/6Em9 ge-0/0/7Em10 ge-0/0/8Em11 ge-0/0/9The Em0 is the first NIC defined in vMX XML and Em1 is the second NIC and so on. So by referring to above table, you will be able to locate which GE port in vMX is mapped to which virtual NIC in KVM. vMXs GE interface by default come with Juniper MAC which is not equal to the MAC you defined in vMX XML configuration. As a result, we need to specify the MAC address of GE interface manually and JUNOS interface configuration will looks like:interfaces { ge-0/0/0 { mac 52:54:00:08:ee:31; activate -> commit the MAC portion of configuration seems to solve it. Upgrade vMX JUNOS versionInside JTAC tools server, every JUNOS release after 14.1 should come with 2 files namely:Jinstall-vmx-.img andJinstall-vmx-.tgzThe former file is disk image for you to start the vMX from factory default. Once started and configured, if you want to upgrade the vMX server to later release, you can simply download and copy the jinstall-vmx-.tgz file into the vMX RE and use ordinary request system software add method to upgrade your vMX installation.You can also download the tgz image from following intranet server:http://backup.kdc.jnpr.net/vMX/jinstall-vmx-14.1R1.10-domestic.tgz

root@vMX2> request system software add /var/tmp/jinstall-vmx-14.1R1.4-domestic-signed.tgz NOTICE: Validating configuration against jinstall-vmx-14.1R1.4-domestic-signed.tgz.NOTICE: Use the 'no-validate' option to skip this if desired.Checking compatibility with configurationInitializing...Using jbase-14.1B2.3veriexec: accepting signer: PackageDevelopmentEc_2014

Some more advanced tasksBlind VLAN tag interface into vMXIn previous example, you blind the host NIC into network bridge (br0). We assume the host NIC is running in untagged mode. If you want to connect vMX to multiple external interfaces while you dont want to install multiple NIC card, the better idea is to run host NIC in VLAN tagged mode and assign each sub-interface into separated network bridge.

In order to do this, we have to enable VLAN tagging in Linux interface and create sub-interface for different VLAN tag.First we need to ensure 802.1q kernel module is loaded:[root@server4 sysconfig]# lsmod | grep 8021q /etc/rc.modules && chmod +x /etc/rc.modules em1. Basically, we are not going to use this interface so just enable it but do not attach to anything.

Adapter 3-> em2 -> ge-0/0/0 in vMX. Here we attach it to a internal network name intnet. This is a private network inter-connect multiple VM together inside VirtualBox. We can use this like virbr in KVM to inter-connect multiple vMX together.

Adapter4-> em3 -> ge-0/0/1. Here we attach to another internal network called intnet2. For detail explanation on VM NIC mapping, please refer to interface configuration of page 23.

By default, console of vMX show up on com1. So we are going to re-direct com1 of vMX to host. We can do that in VirtualBox as:

Please note the port/file_path is in format: \\.\pipe\ There is no space before and after the text. Once the network and console property is configured, you can start the vMX VM in VirtualBox. To access to vMX console, you can open putty and use following setting to connect to the host pipe:

Select serial then input \\.\pipe\ into the serial line.

JUNOS configuration in vMXSimilar to what we mentioned in KVM section: interface configuration page 23, we need to configure MAC address of ge-0/0/x manually for traffic to pass-through. For details, please refer back to KVM section.

Other hintsJUNOS firmware upgradeOnce the vMX is up and running, it can be upgraded via traditional method via request system software add . For details, please refer to Upgrade vMX JUNOS version in page 24.

Additional NIC card in vMXVirtualBox UI supports maximum 4 NIC. In order to create more NIC on vMX, you have to use VBoxManage modifyvm command. For details, please refer to:http://www.virtualbox.org/manual/ch08.html#vboxmanage-modifyvmThe maximum # of NIC currently supported is 8. If more inter-connect is needed, you may consider to use VLAN tagging to create more IFL for vMX inter-connection.VLAN taggingThe Internal Network bridge in VirtualBox support VLAN tagging natively. It will forward VLAN tagged frame without problem. It works like a bridge which forward traffic base on MAC only without looking at VLAN tag. So you just need to enable VLAN tag in vMX for it to work. Duplicate disk image/duplicated UUID issueIt is a common practice to copy vMX disk image file (the vdi file) if we want to create additional vMX under VirtualBox. However, this will create duplicated UUID error when we try to create the VM as below:

This is because every virtual disk image contains a UUID to identify itself. VirtualBox do not allow 2 virtual disks with the identical UUID. To resolve this issue, you have to change the UUID of the VDI copy with VBoxManage.exe comand:VBoxManage.exe internalcomands sethduuid

This is the end of this doc. Free to email me if you have any suggestion/comment. Welcome to the world of software & virtualization. Enjoy.

--- End ---1 | Page

vMX1 b72e1b16-bb2d-a81a-88af-3cd325f46463 2097152 2097152 4 hvm destroy restart restart /usr/libexec/qemu-kvm

winxp1 31eb6792-f469-6c55-b01e-f41399ccec55 1048576 1048576 2 hvm destroy restart restart /usr/libexec/qemu-kvm

vMX2 2d5ec7e3-be8d-1be9-4ff4-8b083490c684 2097152 2097152 4 hvm destroy restart restart /usr/libexec/qemu-kvm

winxp2 e8d3bf15-37a1-2282-939f-4febfaf3335e 1048576 1048576 2 hvm destroy restart restart /usr/libexec/qemu-kvm

vMX3 2097152 2097152 4 hvm destroy restart restart /usr/libexec/qemu-kvm

winxp3 96d769c0-07bb-33a7-586c-a52e4769bb3b 1048576 1048576 2 hvm destroy restart restart /usr/libexec/qemu-kvm

vMX4 2097152 2097152 4 hvm destroy restart restart /usr/libexec/qemu-kvm

winxp4 f3bc4397-65fd-2576-d2e2-d7b5db4bfa04 1048576 1048576 2 hvm destroy restart restart /usr/libexec/qemu-kvm

private1 fe14b77c-186e-5fb2-b650-2aae6e4c1ee8

private2 e12054dd-f22e-512f-e3fa-1ac4dd698f8f

private3 d03abd19-cd0a-beac-5600-16ebe1651c14

private4 9512a4f8-4583-c1f6-0902-1b8e997d66c1

private5 85f82081-0087-4477-cb27-23f424f5108c

private6 3f7590fe-07e3-2f8c-322d-1b3a84abce91

private7 edcb65a6-5f16-036a-5681-bfb2dbc0a66a

private8 294a3efc-3d28-44c0-c3e5-7ce6ebedd140

## Last changed: 2014-05-23 07:32:26 UTCversion 14.1R1.4;system { host-name eVPN-vMX1; root-authentication { encrypted-password "$1$5AxQsMGQ$8MhbO5KmQzpfY8HK1QwND1"; ## SECRET-DATA } services { ssh; } syslog { user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } ntp { server 172.27.169.23; }}interfaces { ge-0/0/0 { encapsulation ethernet-bridge; esi { 01:00:00:00:00:00:00:00:00:00; single-active; } mac 52:54:02:01:00:03; unit 0 { family bridge { interface-mode access; vlan-id 10; } } } ge-0/0/1 { encapsulation ethernet-bridge; esi { 02:00:00:00:00:00:00:00:00:00; single-active; } mac 52:54:02:01:00:04; unit 0 { family bridge { interface-mode access; vlan-id 20; } } } ge-0/0/2 { mac 52:54:02:01:00:05; unit 0 { family inet { address 192.168.7.1/24; } family mpls; } } ge-0/0/3 { mac 52:54:02:01:00:06; unit 0 { family inet { address 192.168.5.1/24; } family mpls; } } em0 { unit 0 { family inet { address 172.27.62.137/24; } } } irb { unit 0 { family inet { address 10.0.10.254/24; } } unit 1 { family inet { address 10.0.20.254/24; } } } lo0 { unit 0 { family inet { address 1.1.1.1/32; } } }}routing-options { graceful-restart; static { route 172.0.0.0/8 next-hop 172.27.62.1; } router-id 1.1.1.1; autonomous-system 64514; forwarding-table { chained-composite-next-hop { ingress { evpn; } } }}protocols { mpls { interface ge-0/0/2.0; interface ge-0/0/3.0; } bgp { group internal { type internal; local-address 1.1.1.1; family inet-vpn { unicast; } family evpn { signaling; } neighbor 1.1.1.2; neighbor 1.1.1.3; neighbor 1.1.1.4; } } ospf { area 0.0.0.0 { interface all; interface em0.0 { disable; } } } ldp { interface ge-0/0/2.0; interface ge-0/0/3.0; interface lo0.0; }}routing-instances { evpna { instance-type virtual-switch; interface ge-0/0/0.0; interface ge-0/0/1.0; route-distinguisher 1.1.1.1:1; vrf-target target:64514:1; protocols { evpn { extended-vlan-list [ 10 20 ]; } } bridge-domains { bda { domain-type bridge; vlan-id 10; routing-interface irb.0; bridge-options { interface ge-0/0/0.0; } } bdb { domain-type bridge; vlan-id 20; routing-interface irb.1; bridge-options { interface ge-0/0/1.0; } } } } vrf { instance-type vrf; interface irb.0; interface irb.1; route-distinguisher 1.1.1.1:2; vrf-target target:64514:2; vrf-table-label; }}

## Last changed: 2014-05-23 07:23:12 UTCversion 14.1R1.4;system { host-name eVPN-vMX3; root-authentication { encrypted-password "$1$zqsScHDf$n8qvssK2VQmIldGC.fF4/0"; ## SECRET-DATA } services { ssh; } syslog { user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } ntp { server 172.27.169.23; }}interfaces { ge-0/0/0 { encapsulation ethernet-bridge; esi { 03:00:00:00:00:00:00:00:00:00; single-active; } mac 52:54:02:03:00:03; unit 0 { family bridge { interface-mode access; vlan-id 10; } } } ge-0/0/1 { encapsulation ethernet-bridge; esi { 04:00:00:00:00:00:00:00:00:00; single-active; } mac 52:54:02:03:00:04; unit 0 { family bridge { interface-mode access; vlan-id 20; } } } ge-0/0/2 { mac 52:54:02:03:00:05; unit 0 { family inet { address 192.168.8.1/24; } family mpls; } } ge-0/0/3 { mac 52:54:02:03:00:06; unit 0 { family inet { address 192.168.5.2/24; } family mpls; } } em0 { unit 0 { family inet { address 172.27.62.135/24; } } } irb { unit 0 { family inet { address 10.0.10.254/24; } } unit 1 { family inet { address 10.0.20.254/24; } } } lo0 { unit 0 { family inet { address 1.1.1.3/32; } } }}routing-options { graceful-restart; static { route 172.0.0.0/8 next-hop 172.27.62.1; } router-id 1.1.1.3; autonomous-system 64514; forwarding-table { chained-composite-next-hop { ingress { evpn; } } }}protocols { mpls { interface ge-0/0/2.0; interface ge-0/0/3.0; } bgp { group internal { type internal; local-address 1.1.1.3; family inet-vpn { unicast; } family evpn { signaling; } neighbor 1.1.1.1; neighbor 1.1.1.2; neighbor 1.1.1.4; } } ospf { area 0.0.0.0 { interface all; interface em0.0 { disable; } } } ldp { interface ge-0/0/2.0; interface ge-0/0/3.0; interface lo0.0; }}routing-instances { evpna { instance-type virtual-switch; interface ge-0/0/0.0; interface ge-0/0/1.0; route-distinguisher 1.1.1.3:1; vrf-target target:64514:1; protocols { evpn { extended-vlan-list [ 10 20 ]; } } bridge-domains { bda { domain-type bridge; vlan-id 10; routing-interface irb.0; bridge-options { interface ge-0/0/0.0; } } bdb { domain-type bridge; vlan-id 20; routing-interface irb.1; bridge-options { interface ge-0/0/1.0; } } } } vrf { instance-type vrf; interface irb.0; interface irb.1; route-distinguisher 1.1.1.3:2; vrf-target target:64514:2; vrf-table-label; }}

## Last changed: 2014-05-23 07:32:17 UTCversion 14.1R1.4;system { host-name eVPN-vMX2; root-authentication { encrypted-password "$1$PbjAu2yH$ykkYc8Y2CB7jM1GezRk7O/"; ## SECRET-DATA } services { ssh; } syslog { user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } ntp { server 172.27.169.23; }}interfaces { ge-0/0/0 { encapsulation ethernet-bridge; esi { 01:00:00:00:00:00:00:00:00:00; single-active; } mac 52:54:02:02:00:03; unit 0 { family bridge { interface-mode access; vlan-id 10; } } } ge-0/0/1 { encapsulation ethernet-bridge; esi { 02:00:00:00:00:00:00:00:00:00; single-active; } mac 52:54:02:02:00:04; unit 0 { family bridge { interface-mode access; vlan-id 20; } } } ge-0/0/2 { mac 52:54:02:02:00:05; unit 0 { family inet { address 192.168.7.2/24; } family mpls; } } ge-0/0/3 { mac 52:54:02:02:00:06; unit 0 { family inet { address 192.168.6.1/24; } family mpls; } } em0 { unit 0 { family inet { address 172.27.62.136/24; } } } irb { unit 0 { family inet { address 10.0.10.254/24; } } unit 1 { family inet { address 10.0.20.254/24; } } } lo0 { unit 0 { family inet { address 1.1.1.2/32; } } }}routing-options { graceful-restart; static { route 172.0.0.0/8 next-hop 172.27.62.1; } router-id 1.1.1.2; autonomous-system 64514; forwarding-table { chained-composite-next-hop { ingress { evpn; } } }}protocols { mpls { interface ge-0/0/2.0; interface ge-0/0/3.0; } bgp { group internal { type internal; local-address 1.1.1.2; family inet-vpn { unicast; } family evpn { signaling; } neighbor 1.1.1.1; neighbor 1.1.1.3; neighbor 1.1.1.4; } } ospf { area 0.0.0.0 { interface all; interface em0.0 { disable; } } } ldp { interface ge-0/0/2.0; interface ge-0/0/3.0; interface lo0.0; }}routing-instances { evpna { instance-type virtual-switch; interface ge-0/0/0.0; interface ge-0/0/1.0; route-distinguisher 1.1.1.2:1; vrf-target target:64514:1; protocols { evpn { extended-vlan-list [ 10 20 ]; } } bridge-domains { bda { domain-type bridge; vlan-id 10; routing-interface irb.0; bridge-options { interface ge-0/0/0.0; } } bdb { domain-type bridge; vlan-id 20; routing-interface irb.1; bridge-options { interface ge-0/0/1.0; } } } } vrf { instance-type vrf; interface irb.0; interface irb.1; route-distinguisher 1.1.1.2:2; vrf-target target:64514:2; vrf-table-label; }}

## Last changed: 2014-05-23 07:23:14 UTCversion 14.1R1.4;system { host-name eVPN-vMX4; root-authentication { encrypted-password "$1$MmJqHVZ5$AfRBS7GGXMCobbysB72pO/"; ## SECRET-DATA } services { ssh; } syslog { user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } ntp { server 172.27.169.23; }}interfaces { ge-0/0/0 { encapsulation ethernet-bridge; esi { 03:00:00:00:00:00:00:00:00:00; single-active; } mac 52:54:02:04:00:03; unit 0 { family bridge { interface-mode access; vlan-id 10; } } } ge-0/0/1 { encapsulation ethernet-bridge; esi { 04:00:00:00:00:00:00:00:00:00; single-active; } mac 52:54:02:04:00:04; unit 0 { family bridge { interface-mode access; vlan-id 20; } } } ge-0/0/2 { mac 52:54:02:04:00:05; unit 0 { family inet { address 192.168.8.2/24; } family mpls; } } ge-0/0/3 { mac 52:54:02:04:00:06; unit 0 { family inet { address 192.168.6.2/24; } family mpls; } } em0 { unit 0 { family inet { address 172.27.62.134/24; } } } irb { unit 0 { family inet { address 10.0.10.254/24; } } unit 1 { family inet { address 10.0.20.254/24; } } } lo0 { unit 0 { family inet { address 1.1.1.4/32; } } }}routing-options { graceful-restart; static { route 172.0.0.0/8 next-hop 172.27.62.1; } router-id 1.1.1.4; autonomous-system 64514; forwarding-table { chained-composite-next-hop { ingress { evpn; } } }}protocols { mpls { interface ge-0/0/2.0; interface ge-0/0/3.0; } bgp { group internal { type internal; local-address 1.1.1.4; family inet-vpn { unicast; } family evpn { signaling; } neighbor 1.1.1.1; neighbor 1.1.1.2; neighbor 1.1.1.3; } } ospf { area 0.0.0.0 { interface all; interface em0.0 { disable; } } } ldp { interface ge-0/0/2.0; interface ge-0/0/3.0; interface lo0.0; }}routing-instances { evpna { instance-type virtual-switch; interface ge-0/0/0.0; interface ge-0/0/1.0; route-distinguisher 1.1.1.4:1; vrf-target target:64514:1; protocols { evpn { extended-vlan-list [ 10 20 ]; } } bridge-domains { bda { domain-type bridge; vlan-id 10; routing-interface irb.0; bridge-options { interface ge-0/0/0.0; } } bdb { domain-type bridge; vlan-id 20; routing-interface irb.1; bridge-options { interface ge-0/0/1.0; } } } } vrf { instance-type vrf; interface irb.0; interface irb.1; route-distinguisher 1.1.1.4:2; vrf-target target:64514:2; vrf-table-label; }}