I am running a spine-leaf architecture within a residential estate to carry FTTH traffic between the internet service providers and their end-users. I am using the QFX5100-48S device for both the spine and leaf and running Junos version 17.3R3-S4. I have deployed EVPN-VXLAN as the overlay to deliver the services between the different end-points. I have successfully deployed services (single tag and double tag) between different leaf devices at different locations but the issue I am experiencing is as follows:
I have an ISP whose NNI (ingress) and the FTTH OLT NNI (egress) terminate on the same leaf device. Both the ports have been configured as q-in-q with the packet flow ISP (any c-vlan) -> Leaf-1 ge-0/0/3 (encapsulate c-vlan in s-vlan) -> Leaf-1 xe-0/0/0 (maintain s-vlan and c-vlan) -> FTTH OLT -> End-User. Both the ports are configured within the same VLAN and VNI.
I am learning the mac addresses of the connected devices on each port but they are unable to send traffic between. The config being used is below.
set interfaces xe-0/0/0 flexible-vlan-taggingset interfaces xe-0/0/0 encapsulation extended-vlan-bridgeset interfaces xe-0/0/0 unit 3333 vlan-id 3333set interfaces xe-0/0/0 unit 3333 input-vlan-map popset interfaces xe-0/0/0 unit 3333 output-vlan-map push
set interfaces ge-0/0/3 flexible-vlan-taggingset interfaces ge-0/0/3 encapsulation extended-vlan-bridgeset interfaces ge-0/0/3 unit 3333 vlan-id-list 1-4094
set vlans S-VL3333 interface ge-0/0/3.3333set vlans S-VL3333 interface xe-0/0/0.3333set vlans S-VL3333 vxlan vni 53333set vlans S-VL3333 vxlan encapsulate-inner-vlanset vlans S-VL3333 vxlan ingress-node-replication
set policy-options community COMM-S-VL3333 members target:64647:3333set policy-options policy-statement VRF-IMPORT-VXLAN term t1 from community COMM-S-VL3333set policy-options policy-statement VRF-IMPORT-VXLAN term t1 then acceptset policy-options policy-statement VRF-IMPORT-VXLAN term t10000 then reject
set protocols evpn extended-vni-list 53333 multicast-mode ingress-replication vni-options vni 53333 vrf-target export target:64647:3333
Any assistance or advice would greatly appreciated. Thanks.
Please try to add this config and test again:
Hope this helps.
If this solves your problem, please mark this post as "Accepted Solution."Kudos are always appreciated :).
sorry I forget to mention that I already have this statement under the global l2-learning config. it made no difference.
if i remove the interfaces from the vni / vxlan and run it as normal native ethernet ports, it works without any issues. so it looks like an issue with the vxlan config but i cant seem to isolate it.
You may try to put the native-vlan as the outer vlan on the interfaces configuration.
Do you have a mix of VLANS with and without "encapsulate-inner-vlan" knob in the device? I remember about some inconsistency in such scenario. Can you please try deactivating and reactivating the "enacapsulate-inner-vlan" knob in both the vxlan 3300 and also globally in the l2-learning?
Hi @fibreweb-tech. You wrote:
I am using the QFX5100-48S device for both the spine and leaf and running Junos version 17.3R3-S4. I have deployed EVPN-VXLAN as the overlay to deliver the services between the different end-points.
The QFX5100-48S only supports L2 VXLAN, and is actually not certified for combo spine/leaf operation, even if it might work. I am not sure how you expect different VXLAN VNI's to talk to each other, as QFX5100 can not route VXLAN.
QFX5110 and other products can, but not QFX5100. See:
"(QFX5100, QFX5200, QFX5210, EX4300-48MP, and EX4600 switches) Routing traffic between different VXLANs is not supported."
thanks. yes i do have and i tried this and it seems to have rectified the issue.
appreciate the help.