Data Center

 View Only
last person joined: 9 days ago 

Ask questions and share experiences about Data Center Architecture and approaches.
  • 1.  Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-13-2021 17:40
    I have the following topology:
    The dotted lines shows the iBGP peering for EVPN/vXLAN.  Based on my understanding, without the red line, no loop would occur. As the BUM traffic advertised to the peer vtep would not be forwarded to other vteps.

    With the red line, a loop could occur. As the BUM traffic learnt from VTEP-3 might be forwarded to VTEP-4 via the red line, then it will be advertised back to the original vtep.

    Am I right  or anything I have missed ?

    With the red line, what are the best way to prevent the loop?

    thanks for any insights and coaching !!!


  • 2.  RE: Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-04-2021 07:55
    https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/example/example-evpn-active-active-multihoming-configuring.html
    I think you should configure evpn active active multihoming. in active-active multihoming topology only DF role forwarding BUM traffic, so it would not loop.

    The designated forwarder (DF) election process involves selecting the designated forwarder (DF) PE router and the backup designated forwarder (BDF) or a non-DF (non-designated forwarder PE router roles.

    • DF-The MAC address from the customer site is reachable only through the PE router announcing the associated MAC advertisement route. This PE router is the primary PE router that is selected to forward BUM traffic to the multihomed CE device, and is called the designated forwarder (DF) PE router.




  • 3.  RE: Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-04-2021 11:04
    thanks so much.
    If I remove the red link, do I still have the same concerns for the loop ?


  • 4.  RE: Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-04-2021 09:15
    Ensure that you configure ESI on the VTEP-3 and -4 QFX's for the links going to the switches on the right, and your BUM issues you mention should resolve themselves.  The link provided by xinhui jiang should help as a guide to configuring this....B.O.L.!!


  • 5.  RE: Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-04-2021 11:04
    thanks so much.
    If I remove the red link, do I still have the same concerns for the loop ?


  • 6.  RE: Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-04-2021 11:55
    There is no loop that to be concerned between vtep3 and vtep4. But you still need to concerned vtep1 and vtep2 loop. you must deploy multihoming.


  • 7.  RE: Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-04-2021 12:07
    thanks a lot !!


  • 8.  RE: Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-04-2021 12:26
    The Doc indicates ESI is configured on logical interface, but my QFX only allows me to configure on physical interface. They should be the same ?

    thanks !!


  • 9.  RE: Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-04-2021 13:01
    Can you help me to confirm the following configuration should be enough ?

    On VTEP-1
    set interfaces xe-0/0/0 esi 00:01:01:01:01:01:01:01:01:02
    set interfaces xe-0/0/0 esi all-active
    
    On VTEP-2
    set interfaces xe-0/0/1 esi 00:01:01:01:01:01:01:01:01:02
    set interfaces xe-0/0/1 esi all-active
    
    On VTEP-3
    set interfaces xe-0/0/2 esi 00:01:01:01:01:01:01:01:01:01
    set interfaces xe-0/0/2 esi all-active
    
    On VTEP-4
    set interfaces xe-0/0/1 esi 00:01:01:01:01:01:01:01:01:01
    set interfaces xe-0/0/1 esi all-active​

    I do not have any ae interfaces configured here.

    After I configured these, I do not see the backup-forwarder.

    root@vtep-1# run show evpn instance designated-forwarder    
    Instance: default-switch
      Number of ethernet segments: 2
        ESI: 00:01:01:01:01:01:01:01:01:01
        ESI: 00:01:01:01:01:01:01:01:01:02
          Designated forwarder: 10.68.191.233
    
    {master:0}[edit]
    root@vtep-1# run show evpn instance backup-forwarder        
    Instance: default-switch
      Number of ethernet segments: 2
        ESI: 00:01:01:01:01:01:01:01:01:01
        ESI: 00:01:01:01:01:01:01:01:01:02
    
    root@vtep-2# run show evpn instance designated-forwarder    
    Instance: default-switch
      Number of ethernet segments: 2
        ESI: 00:01:01:01:01:01:01:01:01:01
        ESI: 00:01:01:01:01:01:01:01:01:02
          Designated forwarder: 10.68.191.205
    
    {master:0}[edit]
    root@vtep-2# run show evpn instance backup-forwarder        
    Instance: default-switch
      Number of ethernet segments: 2
        ESI: 00:01:01:01:01:01:01:01:01:01
        ESI: 00:01:01:01:01:01:01:01:01:02

    I do see the type 4 

    root@vtep-1# run show route table bgp.evpn.0 | find ^4 
    4:10.68.191.197:0::010101010101010101:10.68.191.197/296 ES            
                       *[BGP/170] 00:26:27, localpref 100, from 10.68.191.197  (vtep-3)
                          AS path: I, validation-state: unverified
                        >  to 10.50.10.13 via xe-0/0/1.10
    4:10.68.191.201:0::010101010101010101:10.68.191.201/296 ES            
                       *[BGP/170] 00:26:27, localpref 100, from 10.68.191.201  (vtep-4)
                          AS path: I, validation-state: unverified
                        >  to 10.50.10.13 via xe-0/0/1.10
    
    root@vtep-2# run show route table bgp.evpn.0 | find ^4 
    4:10.68.191.197:0::010101010101010101:10.68.191.197/296 ES            
                       *[BGP/170] 00:26:18, localpref 100, from 10.68.191.197
                          AS path: I, validation-state: unverified
                        >  to 192.168.168.1 via irb.5
    4:10.68.191.201:0::010101010101010101:10.68.191.201/296 ES            
                       *[BGP/170] 00:26:20, localpref 100, from 10.68.191.201
                          AS path: I, validation-state: unverified
                        >  to 192.168.168.1 via irb.5
    
    root@vtep-3# run show route table bgp.evpn.0 | find ^4 
    4:10.68.191.205:0::010101010101010102:10.68.191.205/296 ES            
                       *[BGP/170] 00:26:32, localpref 100, from 10.68.191.205   (vtep-2)
                          AS path: I, validation-state: unverified
                        >  to 10.51.10.51 via xe-0/0/4.10
    4:10.68.191.233:0::010101010101010102:10.68.191.233/296 ES            
                       *[BGP/170] 00:27:05, localpref 100, from 10.68.191.233   (vtep-1)
                          AS path: I, validation-state: unverified
                        >  to 10.51.10.51 via xe-0/0/4.10
    
    root@vtep-4# run show route table bgp.evpn.0 | find ^4      
    4:10.68.191.205:0::010101010101010102:10.68.191.205/296 ES            
                       *[BGP/170] 00:31:10, localpref 100, from 10.68.191.205
                          AS path: I, validation-state: unverified
                        >  to 192.168.168.1 via irb.5
    4:10.68.191.233:0::010101010101010102:10.68.191.233/296 ES            
                       *[BGP/170] 00:31:43, localpref 100, from 10.68.191.233
                          AS path: I, validation-state: unverified
                        >  to 192.168.168.1 via irb.5
    


    Thanks very much for coaching !!!