Data Center

 View Only
last person joined: 9 days ago 

Ask questions and share experiences about Data Center Architecture and approaches.
  • 1.  Question about protocols evpn stanza options

    Posted 07-16-2021 17:33
    I came across  the following from Juniper Docs.
    vni-options vni vxlan-network-identifier {
        designated-forwarder-election-hold-time seconds; 
        vrf-target {
            community;
            auto;
            import community-name;
            export community-name;
        }
    }​

    But I could not see auto and import/export options from my devices (QFX5100, QFX5200 and QFX10008 and vQFX.

    Where can I see these options ?

    the following line allows both import and export, right ?
    set protocols evpn vni-options vni 100 vrf-target target:100:100

    thanks !!



  • 2.  RE: Question about protocols evpn stanza options

    Posted 07-16-2021 23:34
    If I have the following configuration
    root@vQFX-3# show protocols evpn | display set 
    set protocols evpn vni-options vni 102 vrf-target target:102:102
    set protocols evpn encapsulation vxlan
    set protocols evpn multicast-mode ingress-replication
    set protocols evpn extended-vni-list 100
    set protocols evpn extended-vni-list 101
    set protocols evpn extended-vni-list 102
    
    {master:0}[edit]
    root@vQFX-3# show switch-options | display set    
    set switch-options vtep-source-interface lo0.0
    set switch-options route-distinguisher 192.168.1.3:3
    set switch-options vrf-target target:1:1
    set switch-options vrf-target auto
    
    {master:0}[edit]​

    As I do not have export/import option under protocols evpn stanza,  set protocols evpn vni-options vni 102 vrf-target target:102:102 will import and export, right ?
    The following seems YES

    root@vQFX-3# run show policy __vrf-import-autoderive-default-switch-internal__                                                     
    Policy __vrf-import-autoderive-default-switch-internal__:
        Term 100:
            from community __vrf-community-default-switch-100-internal__ [target:65500:268435556 ]
            then accept
        Term 101:
            from community __vrf-community-default-switch-101-internal__ [target:65500:268435557 ]
            then accept
        Term bd-override-102:
            from community __vrf-community-bd-override-102-export-internal__ [target:102:102 ]
            then accept
        Term unnamed:
            from community __vrf-community-default-switch-common-internal__ [target:1:1 ]
            then accept
        Term unnamed:
            then reject

    Appreciate any coaching !!




  • 3.  RE: Question about protocols evpn stanza options
    Best Answer

    Posted 07-20-2021 05:39
    Seeing as you're using the vrf-target auto feature under switch options, then you don't need to explicitly define the VNI target under protocols EVPN. However, by explicitly defining the VNI community you are simply overwriting the automatically derived community. 

    With regards to the import policy, the autoderived policy is automatically updated as you noted above. Meaning any VPN routes for that VNI that are received with the manual target are accepted. The autodervied export policy is not automatically updated. Although the default behaviour is to advertise the route anyway.

    When using manual targets, you must ensure your remote devices are updated with an import policy to match your manual assignments. Otherwise they will not be imported into the switch instance. You'll see them in the BGP RIB-IN but they wont be imported to the EVPN database.

    ------------------------------
    DANIEL HEARTY
    Principal Engineer
    ------------------------------



  • 4.  RE: Question about protocols evpn stanza options

    Posted 07-20-2021 09:09
    thanks a lot !!