Routing

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

mpls-evpn vlan-based vpn L3 gateway assistance

  • 1.  mpls-evpn vlan-based vpn L3 gateway assistance

    Posted 06-25-2021 13:23
    I have the following topology

    I am learning how L3 Gateway  works in mpls-evpn environment.  The issue I have now is I can ping 172.16.1.5 from 192.168.1.1 and 172.16.1.6 from 192.168.1.2, but I can't ping 172.16.1.5 from 192.168.1.2 and 172.16.1.6 from 192.168.1.1.

    When I ping 172.16.1.5 form 192.168.1.2, icmp request reaches 172.16.1.5, but icmp reply comes back through R5 ---> R1 , R1 sends ARP out on the interface facing CE1,  I do not know why not R5 ---> R1 ---->R2 ?

    thanks !!

    R1
    root@vMX-1# show | display set     
    set groups mpls-lsp protocols mpls label-switched-path <*> primary pri
    set groups mpls-lsp protocols mpls label-switched-path <*> secondary sec standby
    set apply-groups mpls-lsp
    set system host-name vMX-1
    set interfaces ge-0/0/0 vlan-tagging
    set interfaces ge-0/0/0 unit 2 vlan-id 2
    set interfaces ge-0/0/0 unit 2 family inet address 172.16.0.1/30
    set interfaces ge-0/0/0 unit 2 family mpls
    set interfaces ge-0/0/3 flexible-vlan-tagging
    set interfaces ge-0/0/3 encapsulation flexible-ethernet-services
    set interfaces ge-0/0/3 unit 110 encapsulation vlan-bridge
    set interfaces ge-0/0/3 unit 110 vlan-id 110
    set interfaces ge-0/0/5 vlan-tagging
    set interfaces ge-0/0/5 unit 2 vlan-id 2
    set interfaces ge-0/0/5 unit 2 family inet address 172.16.0.13/30
    set interfaces ge-0/0/5 unit 2 family mpls
    set interfaces irb unit 110 family inet address 192.168.1.254/24
    set interfaces lo0 unit 0 family inet address 172.16.1.1/32
    set routing-options route-distinguisher-id 172.16.1.1
    set routing-options autonomous-system 65000
    set protocols rsvp interface ge-0/0/0.2
    set protocols rsvp interface ge-0/0/5.2
    set protocols mpls label-switched-path vmx1-to-vmx2 to 172.16.1.2
    set protocols mpls path pri
    set protocols mpls path sec
    set protocols mpls interface ge-0/0/0.2
    set protocols mpls interface ge-0/0/5.2
    set protocols bgp group iBGP type internal
    set protocols bgp group iBGP local-address 172.16.1.1
    set protocols bgp group iBGP family inet unicast
    set protocols bgp group iBGP family inet-vpn unicast
    set protocols bgp group iBGP family evpn signaling
    set protocols bgp group iBGP authentication-key "$9$XjjNVYq.5F39JGkP"
    set protocols bgp group iBGP neighbor 172.16.1.2
    set protocols ospf traffic-engineering
    set protocols ospf area 0.0.0.0 interface lo0.0 passive
    set protocols ospf area 0.0.0.0 interface ge-0/0/5.2 interface-type p2p
    set protocols ospf area 0.0.0.0 interface ge-0/0/0.2 interface-type p2p
    set protocols ospf area 0.0.0.0 interface irb.110 passive
    set routing-instances jncie-blue-evpn instance-type evpn
    set routing-instances jncie-blue-evpn vlan-id 110
    set routing-instances jncie-blue-evpn interface ge-0/0/3.110
    set routing-instances jncie-blue-evpn routing-interface irb.110
    set routing-instances jncie-blue-evpn vrf-target target:110:110
    set routing-instances jncie-blue-evpn protocols evpn
    
    ​
    R2
    root@vMX2# show | display set 
    set groups mpls-lsp protocols mpls label-switched-path <*> primary pri
    set groups mpls-lsp protocols mpls label-switched-path <*> secondary sec standby
    set apply-groups mpls-lsp
    set system host-name vMX2
    set interfaces ge-0/0/0 vlan-tagging
    set interfaces ge-0/0/0 unit 2 vlan-id 2
    set interfaces ge-0/0/0 unit 2 family inet address 172.16.0.2/30
    set interfaces ge-0/0/0 unit 2 family mpls
    set interfaces ge-0/0/2 flexible-vlan-tagging
    set interfaces ge-0/0/2 encapsulation flexible-ethernet-services
    set interfaces ge-0/0/2 unit 110 encapsulation vlan-bridge
    set interfaces ge-0/0/2 unit 110 vlan-id 110
    set interfaces ge-0/0/5 vlan-tagging
    set interfaces ge-0/0/5 unit 2 vlan-id 2
    set interfaces ge-0/0/5 unit 2 family inet address 172.16.0.21/30
    set interfaces ge-0/0/5 unit 2 family mpls
    set interfaces irb unit 110 family inet address 192.168.1.254/24
    set interfaces lo0 unit 0 family inet address 172.16.1.2/32
    set routing-options route-distinguisher-id 172.16.1.2
    set routing-options autonomous-system 65000
    set protocols rsvp interface ge-0/0/0.2
    set protocols rsvp interface ge-0/0/5.2
    set protocols mpls label-switched-path vmx1-to-vmx2 to 172.16.1.1
    set protocols mpls path pri
    set protocols mpls path sec
    set protocols mpls interface ge-0/0/0.2
    set protocols mpls interface ge-0/0/5.2
    set protocols bgp group iBGP type internal
    set protocols bgp group iBGP local-address 172.16.1.2
    set protocols bgp group iBGP family inet unicast
    set protocols bgp group iBGP family inet-vpn unicast
    set protocols bgp group iBGP family evpn signaling
    set protocols bgp group iBGP authentication-key "$9$QUUW3/tleWx7V1Rrv"
    set protocols bgp group iBGP neighbor 172.16.1.1
    set protocols ospf traffic-engineering
    set protocols ospf area 0.0.0.0 interface lo0.0 passive
    set protocols ospf area 0.0.0.0 interface ge-0/0/5.2 interface-type p2p
    set protocols ospf area 0.0.0.0 interface ge-0/0/0.2 interface-type p2p
    set protocols ospf area 0.0.0.0 interface irb.110 passive
    set routing-instances CE1-Blue instance-type evpn
    set routing-instances CE1-Blue vlan-id 110
    set routing-instances CE1-Blue interface ge-0/0/2.110
    set routing-instances CE1-Blue routing-interface irb.110
    set routing-instances CE1-Blue vrf-target target:110:110
    set routing-instances CE1-Blue protocols evpn
    ​


    I have the following,  00:05:86:71:1c:02 is CE2's mac.

    root@vMX-1# run show evpn mac-table instance jncie-blue-evpn         
    
    MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
               SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)
    
    Routing instance : jncie-blue-evpn
     Bridging domain : __jncie-blue-evpn__, VLAN : 110
       MAC                 MAC      Logical          NH     RTR
       address             flags    interface        Index  ID
       00:05:86:71:1c:02   DC                        1048578 1048578 
       00:05:86:71:1c:03   D        ge-0/0/3.110    
       00:05:86:71:bd:02   DC                        1048583 1048583 


    thanks a lot !!



  • 2.  RE: mpls-evpn vlan-based vpn L3 gateway assistance

    Posted 06-25-2021 14:30
    The following are the routing tables
    R1
    root@vMX-1# run show route 172.16.1/24 
    
    inet.0: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    172.16.1.1/32      *[Direct/0] 13:49:06
                        > via lo0.0
    172.16.1.2/32      *[OSPF/10] 13:47:31, metric 1
                        > to 172.16.0.2 via ge-0/0/0.2
    172.16.1.3/32      *[OSPF/10] 13:47:41, metric 2
                        > to 172.16.0.14 via ge-0/0/5.2
    172.16.1.4/32      *[OSPF/10] 13:47:31, metric 3
                          to 172.16.0.2 via ge-0/0/0.2
                        > to 172.16.0.14 via ge-0/0/5.2
    172.16.1.5/32      *[OSPF/10] 13:47:41, metric 1
                        > to 172.16.0.14 via ge-0/0/5.2
    172.16.1.6/32      *[OSPF/10] 13:47:31, metric 2
                        > to 172.16.0.2 via ge-0/0/0.2
                          to 172.16.0.14 via ge-0/0/5.2
    
    inet.3: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    172.16.1.2/32      *[RSVP/7/1] 13:47:13, metric 1
                        > to 172.16.0.2 via ge-0/0/0.2, label-switched-path vmx1-to-vmx2
                          to 172.16.0.2 via ge-0/0/0.2, label-switched-path vmx1-to-vmx2
    172.16.1.3/32      *[RSVP/7/1] 13:47:36, metric 2
                        > to 172.16.0.14 via ge-0/0/5.2, label-switched-path vmx1-to-vmx3
    172.16.1.4/32      *[RSVP/7/1] 13:47:36, metric 3
                        > to 172.16.0.14 via ge-0/0/5.2, label-switched-path vmx1-to-vmx4
    
    [edit]
    root@vMX-1# run show route 192.168.1/24   
    
    inet.0: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    192.168.1.0/24     *[Direct/0] 04:35:05
                        > via irb.110
    192.168.1.254/32   *[Local/0] 04:57:55
                          Local via irb.110​

    R2

    root@vMX2# run show route 172.16.1/24 
    
    inet.0: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    172.16.1.1/32      *[OSPF/10] 13:49:25, metric 1
                        > to 172.16.0.1 via ge-0/0/0.2
    172.16.1.2/32      *[Direct/0] 13:50:57
                        > via lo0.0
    172.16.1.3/32      *[OSPF/10] 13:49:25, metric 3
                        > to 172.16.0.1 via ge-0/0/0.2
                          to 172.16.0.22 via ge-0/0/5.2
    172.16.1.4/32      *[OSPF/10] 13:49:25, metric 2
                        > to 172.16.0.22 via ge-0/0/5.2
    172.16.1.5/32      *[OSPF/10] 13:49:25, metric 2
                          to 172.16.0.1 via ge-0/0/0.2
                        > to 172.16.0.22 via ge-0/0/5.2
    172.16.1.6/32      *[OSPF/10] 13:49:25, metric 1
                        > to 172.16.0.22 via ge-0/0/5.2
    
    inet.3: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    172.16.1.1/32      *[RSVP/7/1] 13:49:00, metric 1
                        > to 172.16.0.1 via ge-0/0/0.2, label-switched-path vmx1-to-vmx2
                          to 172.16.0.1 via ge-0/0/0.2, label-switched-path vmx1-to-vmx2
    172.16.1.3/32      *[RSVP/7/1] 13:49:01, metric 3
                        > to 172.16.0.1 via ge-0/0/0.2, label-switched-path vmx1-to-vmx3
                          to 172.16.0.1 via ge-0/0/0.2, label-switched-path vmx1-to-vmx3
    172.16.1.4/32      *[RSVP/7/1] 13:49:01, metric 2
                        > to 172.16.0.1 via ge-0/0/0.2, label-switched-path vmx1-to-vmx4
                          to 172.16.0.1 via ge-0/0/0.2, label-switched-path vmx1-to-vmx4
    
    [edit]
    root@vMX2# run show route 192.168.1/24   
    
    inet.0: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    192.168.1.0/24     *[Direct/0] 04:31:27
                        > via irb.110
    192.168.1.254/32   *[Local/0] 04:31:27
                          Local via irb.110


    One thing I am not clear is:
    network in evpn instance can communicate with the global instance by default or I need to do some work for them to be able to communicate ?

    thanks a lot !!




  • 3.  RE: mpls-evpn vlan-based vpn L3 gateway assistance

    Posted 06-26-2021 16:39
    Hi Gongyayu, based on your config you should be able to ping 192.168.1.254 (the gateway) from both CE1 and CE2. Interface irb.110 is the anycast gateway ip of the evpn domain, however it still participates in global routing table, this explains why they show up under inet.0. You can also add the irb interface to other instances of you need them to resolve in another table.

    Set routing-instance x interface irb.110​





  • 4.  RE: mpls-evpn vlan-based vpn L3 gateway assistance

    Posted 06-26-2021 21:04
    thanks a lot !!
    I will give some tries.


  • 5.  RE: mpls-evpn vlan-based vpn L3 gateway assistance

    Posted 06-29-2021 11:07
    My issue is CE2 (192.168.1.2) can ping R6 172.16.1.6 and CE1 (192.168.1.1) can ping R5172.16.1.5, but CE2 can't ping R5 172.16.1.5 and CE1 can't ping R6 172.16.1.6.

    When I monitored the traffic, I noticed when I pinged R5 from CE2, the traffic forwarded CE2 ----> R2 ----->R6 ------->R5 --------> R1 ------->CE1

    I  am lost here.

    thanks for any insights !!


  • 6.  RE: mpls-evpn vlan-based vpn L3 gateway assistance

    Posted 06-30-2021 09:10
    Hi Gongyayu,
    there seem to be a typo somewhere, please confirm 172.16.1.1 is R1, and 172.16.1.2 is R2. so you can ping R1 from CE1 and R2 from CE2. so far so good.  the issue you are reporting is you can not ping R5/R6 from CE1/CE2, please correct me if this is not the case. 
     if I understood you correctly, then you should do some investigation on routing. check for routes to 192.168.1/24 prefix from R5/R6. you should be able to at least ping 192.168.1.254 from both R5/R6 (if R5/R6 participate in the same OSPF Area0 as R1/.R2). if this is the case, then check CE's routing table. how does your routing table look like on CE1/CE2? it might be useful to share configuration and routing table of R5/R6 as well.


  • 7.  RE: mpls-evpn vlan-based vpn L3 gateway assistance

    Posted 07-01-2021 09:56
    thanks !
    here are the configuration
    CE1 and CE2
    root@CE-LS7# show logical-systems | display set | match Blue      
    set logical-systems CE1-Blue interfaces ge-0/0/3 unit 110 vlan-id 110
    set logical-systems CE1-Blue interfaces ge-0/0/3 unit 110 family inet address 192.168.1.1/24
    set logical-systems CE1-Blue routing-options static route 0.0.0.0/0 next-hop 192.168.1.254
    set logical-systems CE2-Blue interfaces ge-0/0/2 unit 110 vlan-id 110
    set logical-systems CE2-Blue interfaces ge-0/0/2 unit 110 family inet address 192.168.1.2/24
    set logical-systems CE2-Blue routing-options static route 0.0.0.0/0 next-hop 192.168.1.254
    
    R5
    root@vMX5-P1# show | display set 
    set version 14.1R1.10
    set system host-name vMX5-P1
    set interfaces ge-0/0/0 vlan-tagging
    set interfaces ge-0/0/0 unit 2 vlan-id 2
    set interfaces ge-0/0/0 unit 2 family inet address 172.16.0.5/30
    set interfaces ge-0/0/0 unit 2 family mpls
    set interfaces ge-0/0/1 vlan-tagging
    set interfaces ge-0/0/1 unit 2 vlan-id 2
    set interfaces ge-0/0/1 unit 2 family inet address 172.16.0.14/30
    set interfaces ge-0/0/1 unit 2 family mpls
    set interfaces ge-0/0/3 vlan-tagging
    set interfaces ge-0/0/3 unit 2 vlan-id 2
    set interfaces ge-0/0/3 unit 2 family inet address 172.16.0.18/30
    set interfaces ge-0/0/3 unit 2 family mpls
    set interfaces lo0 unit 0 family inet address 172.16.1.5/32
    set protocols rsvp interface ge-0/0/0.2
    set protocols rsvp interface ge-0/0/1.2
    set protocols rsvp interface ge-0/0/3.2
    set protocols mpls interface ge-0/0/0.2
    set protocols mpls interface ge-0/0/1.2
    set protocols mpls interface ge-0/0/3.2
    set protocols ospf traffic-engineering
    set protocols ospf area 0.0.0.0 interface lo0.0 passive
    set protocols ospf area 0.0.0.0 interface ge-0/0/1.2 interface-type p2p
    set protocols ospf area 0.0.0.0 interface ge-0/0/0.2 interface-type p2p
    set protocols ospf area 0.0.0.0 interface ge-0/0/3.2 interface-type p2p
    set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
    
    R6
    root@vMX5-P2# show | display set 
    set version 14.1R1.10
    set interfaces ge-0/0/0 vlan-tagging
    set interfaces ge-0/0/0 unit 2 vlan-id 2
    set interfaces ge-0/0/0 unit 2 family inet address 172.16.0.6/30
    set interfaces ge-0/0/0 unit 2 family mpls
    set interfaces ge-0/0/2 vlan-tagging
    set interfaces ge-0/0/2 unit 2 vlan-id 2
    set interfaces ge-0/0/2 unit 2 family inet address 172.16.0.22/30
    set interfaces ge-0/0/2 unit 2 family mpls
    set interfaces ge-0/0/4 vlan-tagging
    set interfaces ge-0/0/4 unit 2 vlan-id 2
    set interfaces ge-0/0/4 unit 2 family inet address 172.16.0.26/30
    set interfaces ge-0/0/4 unit 2 family mpls
    set interfaces lo0 unit 0 family inet address 172.16.1.6/32
    set protocols rsvp interface ge-0/0/0.2
    set protocols rsvp interface ge-0/0/1.2
    set protocols rsvp interface ge-0/0/3.2
    set protocols mpls interface ge-0/0/0.2
    set protocols mpls interface ge-0/0/2.2
    set protocols mpls interface ge-0/0/4.2
    set protocols ospf traffic-engineering
    set protocols ospf area 0.0.0.0 interface lo0.0 passive
    set protocols ospf area 0.0.0.0 interface ge-0/0/2.2 interface-type p2p
    set protocols ospf area 0.0.0.0 interface ge-0/0/0.2 interface-type p2p
    set protocols ospf area 0.0.0.0 interface ge-0/0/4.2 interface-type p2p​

    thanks !!