Routing

Back to discussions
Expand all | Collapse all

Juniper MX: how to populate VRF RIB with EVPN Type 2 MAC+IP routes

  • 1.  Juniper MX: how to populate VRF RIB with EVPN Type 2 MAC+IP routes

    Posted 11-25-2020 14:43

    I have a Juniper MX router at the edge of EVPN/VXLAN domain.

    Let's suppose that MX performs routing only, no any kind of switching/bridging instances on it. I want to exchange EVPN VRF routes (type5 pure routes from MX, type2 MAC+IP routes from the switches) between MX and other switches in the domain.

    VRF configuration on MX:

    root@MX-1# show routing-instances VRF3000
routing-options {
    static {
        route 0.0.0.0/0 discard;
    }
}
protocols {
    evpn {
        ip-prefix-routes {
            advertise direct-nexthop;
            encapsulation vxlan;
            vni 3000;
        }
    }
}
instance-type vrf;
interface lo0.3000;
route-distinguisher 2.2.2.2:3000;
vrf-target target:65001:3000;
vrf-table-label;


    The problem is that MX does not import Type2 MAC+IP routes from switches into VRF3000.inet.0 table (but the same routes are into VRF3000.evpn.0)

    root@MX-1# run show route table VRF3000.evpn.0 detail

VRF3000.evpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
2:1.1.1.1:100::0::50:01:00:05:00:00::192.168.0.2/304 MAC/IP (1 entry, 0 announced)
        *BGP    Preference: 170/-101
                Route Distinguisher: 1.1.1.1:100
                Next hop type: Indirect, Next hop index: 0
                Address: 0xc12ae24
                Next-hop reference count: 2
                Source: 1.1.1.1
                Protocol next hop: 1.1.1.1
                Indirect next hop: 0x2 no-forward INH Session ID: 0x0
                State: <Secondary Active Int Ext>
                Local AS: 65001 Peer AS: 65001
                Age: 39:01      Metric2: 2
                Validation State: unverified
                Task: BGP_65001.1.1.1.1
                AS path: I
                Communities: target:65001:100 target:65001:3000 encapsulation:vxlan(0x8) router-mac:50:01:00:04:00:07
                Import Accepted
                Route Label: 100
                Route Label: 3000
                ESI: 00:00:00:00:00:00:00:00:00:00
                Localpref: 100
                Router ID: 1.1.1.1
                Primary Routing Table: bgp.evpn.0



root@MX-1> show route table VRF3000.inet.0 exact 192.168.0.2/32

root@MX-1>


    As you can see, the route has the right route target for this VRF, but not imported as /32 into VRF3000.inet.0.

    If I redistribute type2 route into type5 route on the far-end switch, MX will accept that type5 route into VRF3000.inet.0 and all will work fine. That's not a perfect solution, because I need to double all my /32 routes inside EVPN domain (1st time as type2 and 2nd time as type5). Maybe someone knows the way how to import type2 routes into VRF3000.inet.0?

    Routing tables after redistribution type2 into type5 on the far-end switch:

    root@MX-1> show route table VRF3000.inet.0 exact 192.168.0.2/32

VRF3000.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.2/32     *[EVPN/170] 00:00:08
                    >  to 10.1.0.2 via ge-0/0/0.0


root@MX-1> show route table VRF3000.evpn.0 detail

5:1.1.1.1:3000::0::192.168.0.2::32/248 (1 entry, 1 announced)
        *BGP    Preference: 170/-101
                Route Distinguisher: 1.1.1.1:3000
                Next hop type: Indirect, Next hop index: 0
                Address: 0xc12ae24
                Next-hop reference count: 4
                Source: 1.1.1.1
                Protocol next hop: 1.1.1.1
                Indirect next hop: 0x2 no-forward INH Session ID: 0x0
                State: <Secondary Active Int Ext>
                Local AS: 65001 Peer AS: 65001
                Age: 1:20       Metric: 0       Metric2: 2
                Validation State: unverified
                Task: BGP_65001.1.1.1.1
                Announcement bits (1): 0-VRF3000-EVPN-L3-context
                AS path: ?
                Communities: target:65001:1000 target:65001:3000 encapsulation:vxlan(0x8) router-mac:50:01:00:04:00:07
                Import Accepted
                Route Label: 3000
                Overlay gateway address: 0.0.0.0
                ESI 00:00:00:00:00:00:00:00:00:00
                Localpref: 100
                Router ID: 1.1.1.1
                Primary Routing Table: bgp.evpn.0


  • 2.  RE: Juniper MX: how to populate VRF RIB with EVPN Type 2 MAC+IP routes

    Posted 11-25-2020 15:28
    Hi Anton,

    do you have forwarding-table chained-composite-next-hop ingress evpn statement configured under the routing-options hierarchy on this device? If not, try to enable it and re-check result.

    ------------------------------
    Regards,
    Elchin
    ------------------------------

    Original Message


  • 3.  RE: Juniper MX: how to populate VRF RIB with EVPN Type 2 MAC+IP routes

    Posted 11-25-2020 15:45
    Hi Elchin,

    yes, I have tried composite next-hop, still no any change. 
    root@MX-1# show routing-options forwarding-table
    dynamic-list-next-hop;
    chained-composite-next-hop {
        ingress {
           evpn;
           l3vpn;
        }
    }


    ------------------------------
    ANTON MYASNIKOV
    ------------------------------

    Original Message


  • 4.  RE: Juniper MX: how to populate VRF RIB with EVPN Type 2 MAC+IP routes

    Posted 11-25-2020 16:16
    Just re-checked configuration you've provided. As you try to import ip+mac routes, I think you have to configure separate instances with type evpn and vrf on the receiving PE router so it will install MAC into the EVPN instance (EVI) table and IP into the associated VRF

    ------------------------------
    Regards,
    Elchin
    ------------------------------

    Original Message


  • 5.  RE: Juniper MX: how to populate VRF RIB with EVPN Type 2 MAC+IP routes

    Posted 11-26-2020 02:41
    Yes, if I'll configure an EVI and an IRB interface with 192.168.0.0/24, the /32 will be placed in VRF3000, but this is not the way how things should work in symmetric IRB.

    192.168.0.2/32 *[EVPN/7] 00:00:26
    > via irb.100

    One of the biggest advantages of symmetric IRB is that I don't have to configure all the EVIs on all the PEs to allow L3-communication between hosts.
    Let's imagine PE1 with EVI 10 and associated VRF100. At the opposite side there is PE2 with EVI 20 and the same associated VRF100. In symmetric IRB mode hosts from EVI 10 can communicate with hosts at EVI 20 at L3 through VRF 100 and L3VNI.
    My problem it's just some corner case of symmetric IRB.

    ------------------------------
    ANTON MYASNIKOV
    ------------------------------

    Original Message


  • 6.  RE: Juniper MX: how to populate VRF RIB with EVPN Type 2 MAC+IP routes

     
    Posted 11-25-2020 16:42
    Type 2 routes include the MAC address.  You need type 5 routes =prefixes to be able to place then in inet.0 and then export them to other devices.  

    2:1.1.1.1:100::0::50:01:00:05:00:00::192.168.0.2/304 MAC/IP
    5:1.1.1.1:3000::0::192.168.0.2::32/248

    I think of it as having  IPv4-vpn vs IPv4 routes (they

    193.168.2.2:6:10.0.21.0/24 => IPv4-vpn => bgp.l3vpn.0
    10.0.21.0/24                                  => IPv4          => inet.0

    This is how we have it configured : 


    set routing-instances VRF1 protocols evpn ip-prefix-routes export EVPN_HOSTS

    set routing-instances VRF1 protocols bgp group EBGP _VRF neighbor a.b.c.d export EVPN_PREFIXES

    set policy-options policy-statement EVPN_HOSTS term accept from protocol evpn

    set policy-options policy-statement EVPN_HOSTS term accept from route-filter 0.0.0.0/0 prefix-length-range /32-/32

    set policy-options policy-statement EVPN_HOSTS term accept then accept

    set policy-options policy-statement EVPN_HOSTS term reject then reject

    set policy-options policy-statement EVPN_PREFIXES term accept from protocol direct

    set policy-options policy-statement EVPN_PREFIXES term accept from protocol evpn

    set policy-options policy-statement EVPN_PREFIXES term accept from route-filter ….

    set policy-options policy-statement EVPN_PREFIXES term accept then accept

    set policy-options policy-statement EVPN_PREFIXES term reject then reject


    Regards,

    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------

    Original Message


  • 7.  RE: Juniper MX: how to populate VRF RIB with EVPN Type 2 MAC+IP routes

    Posted 11-26-2020 03:04
    Did you mean that Juniper can't import Type2 MAC+IP route into VRF.inet.0 table? Other vendors (cisco, huawei) don't have any problems with it. And importing type2 routes into IP-VRF RIB is the basic way how symmetric IRB in VXLAN-EVPN should work.

    ------------------------------
    ANTON MYASNIKOV
    ------------------------------

    Original Message