Filtering EVPN Routes with PyEZ

Leave a comment


From the previous EVPN Blog post, the next logical thing was to do is to filter out EVPN routes from the device and have them analyzed for a task.

I have made the program to analyze Type 2 and Type 3 routes

Things to take-away:

-> Understand what module has what advantages – For example OP here has route-table level calls which can extract routing information from the device, while Device has the specific usecase of opening a connection to the device.

-> Understand there are many more efficient ways of doing the same thing, but goal here is to make the script work, there is no impact on the Device as the script parses the data offline once we get it, so even if there was a better way, just do the things the way you want.

Below is the sample program which is written to analyze the routes from vQFX series



Am not a Programmer by any stretch of imagination as you can see my code ;), but this helps and gets my tasks done, if any one of you want to download this here is the below github link




Rakesh M




VxLan – Short Story Lab

Leave a comment


Note: Its perfectly possible to do VXLAN/EVPN on VQFX and VMX, all you have to do is to setup a good lab over ESXI or if you want you can do it over Eve-ng emulator. I personally did it via ESXI.

Am not covering the petty BGP configuration of Full-Mesh and Evpn-BGP configuration, its very simple, this post mainly Aims at show-casing the quick and short way of setting up EVPN/VXLAN in Vqfx and over vMX

On the way to some DC Lab Practise, I wanted to quickly show you guys how to lab up Vxlan on Vqfx and Vmx.

Intention – I was reading on VxLan and as most of my learning comes around seeing things first and understanding the later, I felt uncomfortable too soon reading at the Documentation, I wanted to learn it by doing.

Here is the topology



Goal – Build Vxlan / Evpn with a very small set-up to under the workings.

First things first

-> In order to build any VxLan, you need to have some underlay and some overlay. Our underlay is BGP (It can be anything you see, as long as it can exchange Loopback Space and establish IP connectivity between all nodes)

->Overlay – Where your Lan information is carried through a specific Control plane which you have defined.

Lets examine the underlay


Now lets examine the overlay

This is how you will configure Vqfx


Finally, the way to check.

Ping may be perfect, but we will do a check on vqfx


Next Post would aim to cover some Pyez aspects of verificaiton



Rakesh M












Everyone  mostly know what MC-Lag does, for the benefit its a variant of LAG where the Down stream Devices share LAG interface on two Physical devices instead of One, I know its confusing let see a  sample topology



Vqfx1 will see the upstream as 1 ae1 instead of two different VMX devices, this has its own advantage and the entire discussion is something out of scope of this blog post.


Blog Post Goal – Demonstrate MC-Lag on VMX and Quickly highlight the options Common and different in MC-LAG, a ready reference for someone going for an exam or a implementation.



-> ICCP is the protocol between the nodes


  • Uses TCP/IP to replicates control plane and forwarding traffic between peers
  • One stand-by and one active (active responsible status control)
  • ICCP messages exchange configuration information to ensure both peers use correct LACP Parameters
  • ICL-PL (interface between Mx1 and Mx2 ex) supports Multiple MC-Lag Between the peers so its recommended to be a AE.




  • A Keep-alive message is exchanged between MC-LAG peers which is recommended to be the management connection
  • If ICL-PL fails, keep alive is still through the management connection and in that scenario, the stand-by brings down its local member link to avoid split-brain scenarios


-> MC-LAG Modes


  • Active/Stand-by & Active-Active (QFX Only supports Active/Active MC-LAG Mode)
  • A/A supports traffic distribution and if one link fails, the traffic will be through ICL-PL connection as ICL-PL will have all the VLANS allowed
  • All Mac-Addresses are shared among MC-LAG Peers using ICCP
  • Mcast Flooding happens on all the links if MC-LAG peers are members of VLANS associated with traffic
  • IRB routing is possible


Phase-1 - Setting up ICCP (ICL Peers)

Two things here


-> If you are operating at VMX level, if you want this to work

     – Configure Static ARP for IRB else ICCP will not establish

     – Configure LACP Session-ID else LACP will not form

     – I have seen LACP session getting initiated with different ID’s at different flaps which resulted in AE0 Flaps.



When Observed from vQFX, since its Active-standby, one interface will be attached, while the other is in distributing 


Values common on both the Peers

Mc-ae-id <1>

Mode active-active

lacp active

lacp admin-key <1>

lacp system-id <01:01:01:01:01:01>


Different on Both the peers

Chassis-id 0

Status-control active



My DC Virtual Lab Setup – Insights

1 Comment


I have been getting a lot of requests offline and online on the lab setup I use, I have to say I have tested many things and finally settled with Vmware ESXi 5.5. Eve-ng was good but not good enough when spawned with multiple instances of qemu, maybe because my host operating system might be slow enough for it.

I will cover the connectivity for two VMX devices but the logic Remains same for any device connectivity.

What I have Already

-> Vmware Esxi5.5

-> Dell R810

-> Insane amount of time to waste :), I hope you won’t fall into the same path.


You need to have the OVA files, all settings are straightforward, don’t even worry about Memory allocations yet, there is time for that and also the networking part, import the OVA

There will be two OVA images

Vfp – forwarding plane

VCP – Control Plane

General import – No Rocket science – Don’t worry about any settings as of now


This is how my VCP looks like – Again don’t worry about any networking here, catch here – VCP has only two networking Adapters – One for Fxp0 which is the first one and the other is the internal Interface for VCP and VFP



Let’s take a look at VFP – I might have given over-exaggerated RAM but it’s completely unnecessary, I had RAM to be burnt but honestly, it doesn’t make any difference.


Take Away – Network Adapter 2 is the important one which connects VMX-VCP and both of them have to be on the same network, again don’t worry too much about networking now.  Rest all you get the idea once we explore the connectivity aspect

******The Most important Thing do not mix the network for Network Adapter 2 with any of the other Networking Adapters in this router or any Router for that matter, you are bound to pay a lot of time to figure out why things are not going your way.


Let’s explore the networking


The one above is the final part as you can see I have created a virtual-switch and put VCP and VFP interfaces in the virtual-switch, and there are no other interfaces present here, which should be important.

Let’s explore the data Plane interface connectivity



In this case, this connects Xe-0/0/0 to Xe-0/0/0 and thus completes the connectivity.


Qfx10k is almost same in implementation except for the fact that VMX Data plane interfaces start from Network Adapter 3 while QFX10K interfaces would start from Network Adapter 4.


Feel free to ping me if you have any queries





PYEZ Script – Commit the configuration or Indicate the Diff

Leave a comment

Requirement – Connect to a MX device to commit a configuration on the Device, if there is any un-committed configuration, Script should hold and display the un-committed configuration.


JNPR.JUNOS – Device – helps us to connect to device

JNPR.JUNOS – Util.Config – helps to issue config related (Rollback/Config) etc

\033 – Helps the print statement to display in colored Format, [91m – Red , [1m – Bold , [0m indicates to end the color format



I have some uncommitted configuration on the device and hence we expect the script to indicate us the uncommitted configuration



Once i Fix the config, on the device, lets see if the configuration from the script gets fixed


This is an Intro to how we can start deploying or to check any devices which has any UnCommitted configuration on the Devices and Proceed Accordingly.



JAUT Course – Review Midweek

Leave a comment


Its been 3/5 Days in JAUT training and I should say Juniper has done a great job in introducing various training concept and methodologies towards Network scripting / automation.

Here are some-thing that helped

– No high stress on learning programming , they kept it to minimal and interestingly they made it more on how automation works and done instead of programming concepts – this is done in many courses

– Stress on PYEZ and Good Introduction to Ansible, simple labs  and then making the lab cover all the concepts is another great way Juniper helped to Learn us the course

– Main take-away till now is Ansible / intro to Jinja2 & YAML and templating configuration which i felt very refreshing and all my fears about templating has atleast vanished  till now.

I cant wait to blog on things that i have learnt during the training and implement it in my own lab, i will keep this topic alive for a while.



Rakesh M

J-AUT Course

Leave a comment

Hi ,

I have enrolled for Juniper-JAUT Course and looking forward to it.

Below are the details. Its a 5 Day course and am expecting more out of this course.


My main interest lies in YAML / JSON use cases with Juniper Devices and their interaction. I will let you know how the course goes as the day progresses and over all efficiency of the course.



Older Entries