i setup a quick lab, hopefully to be like yours. i have irb.10 on pe2 and pe3... i did not put irb.10 on pe1.... (i think that's what you said yours is like)
info...
Original Message:
Sent: 12-22-2020 17:07
From: Unknown User
Subject: EVPN virtual gateway
Hi Aaron, this seems to be a typo here - in my lab all IPs are within range.
Update: I decided to move away form virtual gateway and use anycast gateway. so PE1/PE2 have this config now:
set interfaces irb unit 1010 proxy-macip-advertisement
set interfaces irb unit 1010 family inet address 30.30.30.9/24
CE1 still has the same issue. it cant ping .9 (irb IP on remote PE).
Original Message:
Sent: 12-22-2020 14:57
From: AARON GOULD
Subject: EVPN virtual gateway
are all virtual gateways supposed to be 30.30.30.9 ? if so, is this a typo on PE3 ? I see second octet is 20. should second octet be 30 for both the address and vga ?
PE3:
...
set interfaces irb unit 1010 family inet address 30.20.30.4/24 virtual-gateway-address 30.20.30.9
------------------------------
Aaron Gould
Senior Network Engineer
aaron@gvtc.com
https://www.linkedin.com/in/agould123/
Original Message:
Sent: 12-21-2020 19:06
From: Unknown User
Subject: EVPN virtual gateway
Hello everyone. I am having a hard time deploying evpn with virtual-gateway. lets say we have routers PE1,PE2,PE3 - then CE1 off of PE1, CE2 and CE3 each multi-homed off of PE2 and PE3. so far we have L2/L3 connectivity between all 3 customer sites. then configured PE2 and PE3 with the virtual gateway config.
PE2:
set interfaces irb unit 1010 proxy-macip-advertisement
set interfaces irb unit 1010 virtual-gateway-accept-data
set interfaces irb unit 1010 family inet address 30.30.30.3/24 virtual-gateway-address 30.30.30.9
PE3:
set interfaces irb unit 1010 proxy-macip-advertisement
set interfaces irb unit 1010 virtual-gateway-accept-data
set interfaces irb unit 1010 family inet address 30.20.30.4/24 virtual-gateway-address 30.20.30.9
CE2 and CE3 have no issues, everything works! I can ping .3/.4 (being the irb IPs), I can ping .9 and can pass traffic to external subnets. CE1 on the other hand can ping CE2 and CE3 but cant ping any of the remote gateway/virtual gateway (being .3/ .4/ .9). I tested this by applying below config to PE1:
set interfaces irb unit 1010 proxy-macip-advertisement
set interfaces irb unit 1010 virtual-gateway-accept-data
set interfaces irb unit 1010 family inet address 30.30.30.2/24 virtual-gateway-address 30.30.30.9
CE1 can now ping everything else just like CE2/CE3. below is sample config from my two routing instances incase needed, captured from PE2:
set routing-instances SW1 protocols evpn interface ge-0/0/9.1010
set routing-instances SW1 protocols evpn default-gateway no-gateway-community
set routing-instances SW1 vtep-source-interface lo0.0
set routing-instances SW1 instance-type evpn
set routing-instances SW1 vlan-id 1010
set routing-instances SW1 routing-interface irb.1010
set routing-instances SW1 interface ge-0/0/9.1010
set routing-instances SW1 route-distinguisher 1.1.1.1:1010
set routing-instances SW1 vrf-target target:100:1010
set routing-instances vrf instance-type vrf
set routing-instances vrf interface irb.1010
set routing-instances vrf interface lo0.1
set routing-instances vrf route-distinguisher 1.1.1.1:1111
set routing-instances vrf vrf-target target:100:1111
set routing-instances vrf vrf-table-label
I must be missing something - should I be able to ping gateways that are on remote PE nodes?
any help is appreciated!