*** if you want LA and DNVR to be EVPN L2 connected and NYC to stay IP connected only, then this is how I did it
*** this way you can have the L2 bridging between LA and DNVR and also the /32 optimal host routing from NYC via inet.0 (i've tested that by adding another ip like (10.10.10.10 and 10.10.10.11) and then traceroute from NYC to show that when .10 is in LA and .11 is in DNVR, NYC will optimally route to each /32 appropriately, and not sub optimally tromboning like back in the FHRP (vrrp) days...
*** ...but for the 10.10.10.10 move scenario you mentioned, here's what I have....
*** i'm using 172.223.10.0/24 instead of your 10.10.10.0/24...
*** i tried to name my routers like your sites...
SRX1-LA
SRX2-DNVR
MX-NYC
*** i'm using 17.4R1.16 vmx for all 3 nodes in this lab scenario
*** both srx's are participating in a EVPN-MPLS ELAN
*** both srx's are exporting EVPN routes into inet.0 via an ospf export policy, as you will see below
*** MX-NYC is only connected to those SRX nodes via inet.0 core routing
*** i tested moving an ip from one dc to the other... 172.223.10.10/32
*** i'm exporting those evpn reachable devices at the EVPN speakers (LA and DNVR) into ospf with this export policy...
me@SRX1-LA> show configuration protocols ospf | display set
set protocols ospf export my-ospf-export-policy
set protocols ospf area 0.0.0.1 interface lo0.0 passive
set protocols ospf area 0.0.0.1 interface ae0.0
set protocols ospf area 0.0.0.1 interface ae1.0
set protocols ospf area 0.0.0.1 interface ae50.0
set protocols ospf area 0.0.0.1 interface irb.10 passive
me@SRX1-LA> show configuration policy-options policy-statement my-ospf-export-policy | display set
set policy-options policy-statement my-ospf-export-policy term 1 from protocol evpn
set policy-options policy-statement my-ospf-export-policy term 1 then accept
me@SRX2-DNVR> show configuration protocols ospf | display set
set protocols ospf export my-ospf-export-policy
set protocols ospf area 0.0.0.1 interface lo0.0 passive
set protocols ospf area 0.0.0.1 interface ae0.0
set protocols ospf area 0.0.0.1 interface ae1.0
set protocols ospf area 0.0.0.1 interface ae50.0
set protocols ospf area 0.0.0.1 interface irb.10 passive
me@SRX2-DNVR> show configuration policy-options policy-statement my-ospf-export-policy | display set
set policy-options policy-statement my-ospf-export-policy term 1 from protocol evpn
set policy-options policy-statement my-ospf-export-policy term 1 then accept
*** initially 172.223.10.10/32 was here at SRX1-LA ...
me@SRX1-LA> show route table inet.0 172.223.10.0/24
inet.0: 30 destinations, 30 routes (30 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.223.10.0/24 *[Direct/0] 1d 15:18:59
> via irb.10
172.223.10.1/32 *[Local/0] 1d 15:18:59
Local via irb.10
172.223.10.10/32 *[EVPN/7] 00:15:40
> via irb.10 <<<--- seen locally in LA
*** other DC SRX2-DNVR sees it via evpn but also via the remote dc's ospf export policy via inet.0
me@SRX2-DNVR> show route table inet.0 172.223.10.0/24
inet.0: 30 destinations, 31 routes (30 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.223.10.0/24 *[Direct/0] 1d 07:29:03
> via irb.10
172.223.10.1/32 *[Local/0] 1d 07:29:03
Local via irb.10
172.223.10.10/32 *[EVPN/7] 01:05:13
> to 10.103.129.17 via ae1.0, Push 16, Push 299776(top) <<<--- seen remotely via EVPN
[OSPF/150] 00:21:04, metric 0, tag 0 <<<--- also seen via inet.0 ospf)
> to 10.103.129.17 via ae1.0
*** here is router MX-NYC not participating in the evpn, but is learning this route via core routing table (inet.0) using OSPF
me@MX-NYC> show route table inet.0 172.223.10.0/24 | refresh 1
......
inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.223.10.0/24 *[OSPF/10] 00:26:30, metric 3
to 10.103.129.6 via ae0.0
> to 10.103.129.1 via ae1.0
172.223.10.10/32 *[OSPF/150] 00:23:18, metric 0, tag 0 <<<---- been here for 23 minutes
> to 10.103.129.6 via ae0.0 <<<---- x.x.129.6 next hop
---(refreshed at 2020-12-11 14:43:10 CST)---
*** at this moment i switched 172.223.10.10/32 over to other DC....
inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.223.10.0/24 *[OSPF/10] 00:26:31, metric 3
to 10.103.129.6 via ae0.0
> to 10.103.129.1 via ae1.0
172.223.10.10/32 *[OSPF/150] 00:00:00, metric 0, tag 0 <<<--- been here for 0 seconds, just got here
> to 10.103.129.1 via ae1.0 <<<--- x.x.129.1 next hop
*** after moving 172.223.10.10/32 to SRX2-DNVR it's seen like this...
me@SRX1-LA> show route table inet.0 172.223.10.0/24
inet.0: 30 destinations, 31 routes (30 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.223.10.0/24 *[Direct/0] 1d 15:21:41
> via irb.10
172.223.10.1/32 *[Local/0] 1d 15:21:41
Local via irb.10
172.223.10.10/32 *[EVPN/7] 00:00:12
> to 10.103.129.14 via ae0.0, Push 299776, Push 300000(top) <<<--- seen remotely via EVPN
[OSPF/150] 00:00:13, metric 0, tag 0 <<<--- also seen via inet.0 ospf)
> to 10.103.129.14 via ae0.0
me@SRX2-DNVR> show route table inet.0 172.223.10.0/24
inet.0: 30 destinations, 30 routes (30 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.223.10.0/24 *[Direct/0] 1d 07:31:27
> via irb.10
172.223.10.1/32 *[Local/0] 1d 07:31:27
Local via irb.10
172.223.10.10/32 *[EVPN/7] 00:00:10
> via irb.10 <<<--- seen locally in DNVR
------------------------------
Aaron Gould
Senior Network Engineer
aaron@gvtc.comhttps://www.linkedin.com/in/agould123/------------------------------
Original Message:
Sent: 12-10-2020 23:50
From: Unknown User
Subject: Conditional advertisement in OSPF
Hi everybody,
We have two data centers at Denver and LA, We have a dedicated link for vMotion between two data centers.
We have following design requirement:
1) VM should use same IP i.e 10.10.10.10 regardless of data center location as shown below.
2) When VM is at Denver data center, SRX2 should advertise 10.10.10.10/32 into OSPF. Similarly, when VM is at LA data center, SRX1 should advertise 10.10.10.10/32 into OSPF.
It will be very easy with static route with probe condition and redistribute static route into OSPF if probe succeeds, but my headache is 10.10.10.0/24 is directly connected subnet on SRX.
Any ideas?
Have a good weekend!!
VM is moved to LA data center, still using the same IP: