Switching

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

Q in VNI and overlapping vlans in a evpn/vxlan ip fabric - is this configuration supposed to work?!

Jump to Best Answer
  • 1.  Q in VNI and overlapping vlans in a evpn/vxlan ip fabric - is this configuration supposed to work?!

    Posted 03-24-2019 11:30

    Hello, we have bought a few QFX5120 switches, 

    Our company is going to offer colocation in our new datacenter, and I intend to use evpn with vxlan in this setup.

    I will not route any customer traffic on my switches, because I/they will do all routing externally. 

    Therefor, each customer needs to be able to use their own vlans. 

     

    I have a spine and leaf topology. I am using eBGP for underlay to distribute loopbacks. I use iBGP in a full mesh between leafes to exchange EVPN information.

     

    Take note, I did get evpn with vxlan working when I used regular "trunk" interfaces. However, using that approach, I cannot have overlapping VLANS on the same switch, which I need to work in my colo-case.

     

    To my understanding, I need to use encapsulation flexible-ethernet-services, and put every one customer interface in a vlan configuration, with encapsulation vlan-bridge. I understand this as creating seperate bridges for each vlan configuration? Finally I use encapsulate-inner-vlan on the bridge-vxlan config, something like this;

     

     

    olof@o12-ls01> show configuration interfaces xe-0/0/7 | display set 
    set interfaces xe-0/0/7 description "TEST Customer123"
    set interfaces xe-0/0/7 vlan-tagging
    set interfaces xe-0/0/7 mtu 9000
    set interfaces xe-0/0/7 encapsulation flexible-ethernet-services
    set interfaces xe-0/0/7 unit 100 description TEST
    set interfaces xe-0/0/7 unit 100 encapsulation vlan-bridge
    set interfaces xe-0/0/7 unit 100 vlan-id-list 1-4094
    
    olof@o12-ls01> show configuration vlans Customer123_test | display set 
    set vlans Customer123_test interface xe-0/0/7.100
    set vlans Customer123_test vxlan vni 200123
    set vlans Customer123_test vxlan encapsulate-inner-vlan
    set vlans Customer123_test vxlan ingress-node-replication
    
    set protocols evpn encapsulation vxlan
    set protocols evpn multicast-mode ingress-replication
    set protocols evpn extended-vni-list all
    set protocols l2-learning decapsulate-accept-inner-vlan

     

     

     

    I do see records in evpn database showing up from my customers, who are sending me vlan tagged frames.

    However, they are unable to contact each other.

     

    olof@o12-ls01> show evpn database 
    Instance: default-switch
    VLAN DomainId MAC address Active source Timestamp IP address
    200123 00:50:56:a7:52:c1 10.18.255.35 Mar 24 18:08:15 172.18.66.22
    200123 00:50:56:a7:56:8b xe-0/0/7.100 Mar 24 18:07:50 172.18.66.14
    200123 00:50:56:a7:66:46 xe-0/0/7.100 Mar 24 18:07:49 172.18.66.13
    
    olof@o12-ls01> show ethernet-switching table
    ...
    name address flags interface source
    Customer123_test 00:50:56:a7:52:c1 D vtep.32769 10.18.255.35 
    Customer123_test 00:50:56:a7:56:8b D xe-0/0/7.100 
    Customer123_test 00:50:56:a7:66:46 D xe-0/0/7.100

     

     

     

    And this is my system version.

    olof@o12-ls01> show version 
    ...
    Hostname: o12-ls01
    Model: qfx5120-48y-8c
    Junos: 18.3R1.11 flex
    JUNOS OS Kernel 64-bit FLEX [20180816.8630ec5_builder_stable_11]

     

     

    I used forwarding-options analyzer, but I was only able to see traffic one way. I could see Q in the vxlan packet, which is great, however, no traffic was still being exchanged between hosts. 

     


    #vxlan
    #QinQ


  • 2.  RE: Q in VNI and overlapping vlans in a evpn/vxlan ip fabric - is this configuration supposed to work?!

    Posted 03-24-2019 17:02

    I changed my vlan-id-list to NOT include vlan id 1. Now I successfully can ping the other side, with Q in VNI. 

     

    olof@o12-ls01# show interfaces xe-0/0/7 | display set
    set interfaces xe-0/0/7 vlan-tagging
    set interfaces xe-0/0/7 mtu 9000
    set interfaces xe-0/0/7 encapsulation flexible-ethernet-services
    set interfaces xe-0/0/7 unit 100 encapsulation vlan-bridge
    set interfaces xe-0/0/7 unit 100 vlan-id-list 2-4094

    leaf switch 2. Just testing slightly different config, but is compatible with above evpn.

    olof@o12-ls02# show interfaces xe-0/0/7 | display set
    set interfaces xe-0/0/7 flexible-vlan-tagging
    set interfaces xe-0/0/7 mtu 9000
    set interfaces xe-0/0/7 encapsulation extended-vlan-bridge
    set interfaces xe-0/0/7 unit 100 vlan-id-list 2-4094


    https://imgur.com/a/rotXxpJ TAG: 0x8100 vlan id 59 - traffic works! 

     

    *However* if I include vlan ID 1 in the vlan id list, I somehow get vlan tag 3 in the packets?!, and everything breaks... Im confused? 

    https://imgur.com/a/ASVsU77

     

     



  • 3.  RE: Q in VNI and overlapping vlans in a evpn/vxlan ip fabric - is this configuration supposed to work?!
    Best Answer

     
    Posted 03-24-2019 21:05

    Hi OlofL,

     

    If flexible-vlan-tagging achieves your desired operation, then please its supported configuration is outlined here and the config you have looks alright:

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/evpn-vxlan-flexible-vlan-tag.html

     

    Regarding VLAN 1, please check the VXLAN constraints part for this note:

    https://www.juniper.net/documentation/en_US/junos/topics/concept/vxlan-constraints-qfx-series.html

     

    "When configuring a VLAN ID for a VXLAN, we strongly recommend using a VLAN ID of 3 or higher. If you use a VLAN ID of 1 or 2, replicated broadcast, multicast, and unknown unicast (BUM) packets for these VXLANs might be untagged, which in turn might result in the packets being dropped by a device that receives the packets."

     

    Hope this helps.

     

    Regards,
    -r.

    --------------------------------------------------

    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).



  • 4.  RE: Q in VNI and overlapping vlans in a evpn/vxlan ip fabric - is this configuration supposed to work?!

    Posted 07-09-2021 05:33
    Hi mriyaz,

    We intend to build a similar setup to the one described above.

    Having read the documentation, I was wondering if this only works for P2P (tunneling traffic from a single ingress VTEP to a single egress VTEP) or also for MP2MP (multiple ingress and egress VTEPs mapping customer VLANs to a common S-VLAN/VNI)?

    Many thanks in advance,
    Josef