Configuring Ethernet Over Secure Vector Routing
Use the following procedures to configure an SSR network to use Ethernet over SVR (EoSVR). Any network interface can be configured to use Ethernet over SVR.
When configuring EoSVR on a STEP-enabled router, it is a best practice to clear all existing sessions so the routers begin using the STEP-based routes. This is especially important for EoSVR configurations, to prevent stuck flows and traffic from being dropped. Use the command delete sessions service <eosvr-service-name>
to clear sessions.
Interface Redundancy on Ethernet over SVR
Important Configuration Note for EoSVR Interface Redundancy
When configuring EOSVR for interface redundancy, it is crucial to set the ethernet-over-svr encapsulate-all-traffic
field to true
. Failure to enable this mode may result in continued traffic transmission to the old active interface from the switch during an interface or node failover. This may continue until the ARP times out on the switch side.
Enabling the encapsulate-all-traffic
mode ensures that the reverse traffic from the remote peer utilizes a separate session from the forward traffic. This mechanism allows the reverse flow to rectify the ARP entries in the switch and resume normal operation.
Juniper recommends verifying ethernet-over-svr encapsulate-all-traffic
is set to true
to ensure seamless interface redundancy.
Configure an Ethernet over SVR Bridge
-
On the Configuration home screen, select a Router.
-
Scroll down and select a Node.
-
Scroll down to Device Interfaces and select the device interface (the LAN interface) that connects to the peer SSR router.
-
Scroll down to Network Interfaces, and select the network interface (the LAN interface) that connects to the peer SSR router.
-
Scroll down to the Ethernet Over SVR Bridge tile, and click it.
-
Enter a name for the bridge.
-
Set Enabled to true.
noteEnabling the Encapsulate All switch encapsulates all traffic, including IP traffic.
-
In the Peer Info panel, select ADD.
-
Enter LAN IP address of the corresponding peer SSR router where the same bridge name is configured.
-
From the Name drop down, select the Peer router, and click SAVE.
-
Repeat this process for the Peer router, using the same name for the bridge and adding the appropriate Peer IP address and name.
Create a Service For Ethernet over SVR
Use the following procedure to create a service on each router for layer 2 traffic. For IP traffic, use the Create a Service procedure.
- On the Configuration home screen, scroll down to Services and click ADD.
- Name the service and click SAVE.
- Under Service Applies To, click New and select router from the drop down.
- Click SAVE.
- In the Router Name panel, select ADD.
- Select the router name from the drop down, and click SAVE.
- Return to the Service panel, and scroll to the Service Transport pane.
- Click ADD, select UDP from the drop down, and click SAVE.
- In the Service Transport: UDP window, under Port Ranges click ADD.
- Set the Start Port to 1281 and click SAVE.
- Return to the Service Panel, and scroll down to the Service Addresses panel.
- Click ADD, and enter the IP address of the EthOverSVR interface (the LAN interface for the router for which you are currently configuring the service.)
- Click SAVE.
- Create another service for the other router - perform the same steps, but in step 6, choose the Peer router.
- Return to the Configuration home screen.
Assign the Service Route
-
On the Configuration home screen, select the first router configured for EoSVR.
-
Scroll down to the Service Route panel and click ADD.
-
Name the Service Route and click SAVE.
-
Under Service Route Information, select the EoSVR service you created prevoiusly.
-
Under Service Route Type, select the drop down, scroll down and select Eosvr Bridge.
-
In the To EoSVR Bridge field, use the drop down to select the EoSVR Bridge you configured earlier.
-
Repeat the procedure for the second router configured for EoSVR.
Peer List
The Peer list (created as part of the EoSVR config process) consists of peers with the same EoSVR bridge name and network interface IP.