Switching

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  VXLAN irb virtual-gateway-address

     
    Posted 11-21-2020 12:35
    Hi All--

    I have a edge switch connected to a pair of EVPN/VXLAN leafs with an ESI-LAG interface:

    On the leafs I have a number of irb interfaces each with a virtual-gateway-address. As noted here, these VGA's are assigned 00:00:5e:00:01:01:

    https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/virtual-gateway-v4-mac-edit-interfaces.html

    As the user guide also states: "The automatically generated virtual MAC is not included as the source MAC address in packets generated by the Layer 3 VXLAN gateway. Instead, data packets and the source MAC address field in the outer Ethernet header of Address Resolution Protocol (ARP) replies and neighbor advertisement packets include the MAC address for the IRB interface."

    A packet capture confirms this:

    This means that my downstream switch never sees 00:00:5e:00:01:01 and it is therefore not entered into its switching table.

    As a result, all gateway-bound traffic from the access switch is treated as unknown unicast, which floods all ports and triggers storm control.

    One solution is to add a static MAC entry for 00:00:5e:00:01:01 with next-hop ae0 to every VLAN, but this isn't ideal :

        v80 {
            vlan-id 80;
            l3-interface irb.80;
            switch-options {
                interface ae0.0 {
                    static-mac 00:00:5e:00:01:01;
                }
            }
        }

    Is this behavior expected? Is there a better solution?

    --Paul





  • 2.  RE: VXLAN irb virtual-gateway-address

    Posted 11-22-2020 01:18
    Hi Paul,

    sorry if I missed something, but have you tried to configure same static mac-address on irb interface itself on both leafs?  If not, here you can check 2 methods and example: https://www.juniper.net/documentation/en_US/junos/topics/example/evpn-vxlan-collapsed-topology.html#jd0e58

    ------------------------------
    Regards,
    Elchin
    ------------------------------



  • 3.  RE: VXLAN irb virtual-gateway-address

    Posted 11-22-2020 14:45
    If this what you are trying to do?  
    And if it is, is the link between the leaf nodes L2?  (that would cause a loop)

    I think manually configuring the virtual mac using  virtual-gateway-v4-mac on the leaf devices might help (which I think is what E.KH was suggesting). 

    If that doesn't work I don't think there is any other way but to add the static mac entry that you described. 

    https://www.juniper.net/documentation/en_US/junos/topics/concept/evpn-vxlan-mac-virtual-gateway.html

    Regards,


  • 4.  RE: VXLAN irb virtual-gateway-address

     
    Posted 11-23-2020 10:14
    Yes, exactly. The inter-leaf cross-connect is layer 3, and is the underlay.

    Thanks all for the documentation links, it looks like there's a few different ways to approach the issue.

    This article also gives good explanations on each option: https://danhearty.wordpress.com/2019/10/12/evpn-vxlan-layer-3-gateway-irb-junos/


  • 5.  RE: VXLAN irb virtual-gateway-address

    Posted 01-05-2021 07:48
    What do you have configured under the protocols evpn 

    the key will be what you configure for the default-gateway option.

    I have VGA with both IP/MAC ( my MAC is manually defined but yours is the default VRRP address )
    I have :

    protocols evpn default-gateway no-gateway-community

    I second the dan hearty links - good walkthrough

    ------------------------------
    William Jackson
    ------------------------------