Data Center

I have a scenario where I need to get a /32 host route that exist in a instance-type VRF (vrf.inet.0) but this same vrf serves as the L3GW vrf for the evpn-vxlan instance(instance-type virtual-switch...(this is a vlan-aware instance)).  I have all of the vxlan connectivity working inside the evpn-vxlan and the connectivity within the VRF is working, but I can not get this /32 host in the VRF to be accessible to the host inside the evpn-vxlan virtual-switch instance.  The irb interface (when sourced) can ping host in each instance but  not /32 host(vrf.inet.0) to host in evpn-vxlan instance(bgp.evpn.0).  Is there a "knob" i'm missing?  I've tried playing around w/ route-targets as well, but to no avail.  Any insight/thoughts/help would be greatly appreciated!!

We would need more information about your setup and configs to understand what you're trying to accomplish and help you resolve this issue, but did you have a look at rib-groups? They're meant to leak routes between routing tables
https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/rg-understanding-tn.pdf

------------------------------
Ridha Hamidi
------------------------------

Original Message:
Sent: 01-25-2021 15:18
From: Unknown User
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

I have a scenario where I need to get a /32 host route that exist in a instance-type VRF (vrf.inet.0) but this same vrf serves as the L3GW vrf for the evpn-vxlan instance(instance-type virtual-switch...(this is a vlan-aware instance)).  I have all of the vxlan connectivity working inside the evpn-vxlan and the connectivity within the VRF is working, but I can not get this /32 host in the VRF to be accessible to the host inside the evpn-vxlan virtual-switch instance.  The irb interface (when sourced) can ping host in each instance but  not /32 host(vrf.inet.0) to host in evpn-vxlan instance(bgp.evpn.0).  Is there a "knob" i'm missing?  I've tried playing around w/ route-targets as well, but to no avail.  Any insight/thoughts/help would be greatly appreciated!!

Ridha...Thanks for the reply....The issue when I try using rib-groups is I'm taking moreless placeing L3-routes into an L2-table(and vice-versa).  I'm not sure if in my EVE-NG test environment that the vQFXs and vMXs are not behaving properly, but it doesn't appear rib-groups will help in this scenario.
Original Message:
Sent: 01-25-2021 23:12
From: Ridha Hamidi
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

We would need more information about your setup and configs to understand what you're trying to accomplish and help you resolve this issue, but did you have a look at rib-groups? They're meant to leak routes between routing tables
https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/rg-understanding-tn.pdf

------------------------------
Ridha Hamidi

Original Message:
Sent: 01-25-2021 15:18
From: Unknown User
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

I have a scenario where I need to get a /32 host route that exist in a instance-type VRF (vrf.inet.0) but this same vrf serves as the L3GW vrf for the evpn-vxlan instance(instance-type virtual-switch...(this is a vlan-aware instance)).  I have all of the vxlan connectivity working inside the evpn-vxlan and the connectivity within the VRF is working, but I can not get this /32 host in the VRF to be accessible to the host inside the evpn-vxlan virtual-switch instance.  The irb interface (when sourced) can ping host in each instance but  not /32 host(vrf.inet.0) to host in evpn-vxlan instance(bgp.evpn.0).  Is there a "knob" i'm missing?  I've tried playing around w/ route-targets as well, but to no avail.  Any insight/thoughts/help would be greatly appreciated!!

Do you have vrf-table-label configured? 

Regards, 

Yasmin...thanks for the reply....I do have vrf-table-label configured for the vrf routing-instance.  I'm questioning if this is even possible to do as I've tried numerous different ways but to no avail.
Original Message:
Sent: 01-25-2021 23:16
From: Yasmin Lara
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

Do you have vrf-table-label configured? 

Regards, 

------------------------------
Yasmin Lara
Juniper Ambassador
JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT

Original Message:
Sent: 01-25-2021 15:18
From: Unknown User
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

I have a scenario where I need to get a /32 host route that exist in a instance-type VRF (vrf.inet.0) but this same vrf serves as the L3GW vrf for the evpn-vxlan instance(instance-type virtual-switch...(this is a vlan-aware instance)).  I have all of the vxlan connectivity working inside the evpn-vxlan and the connectivity within the VRF is working, but I can not get this /32 host in the VRF to be accessible to the host inside the evpn-vxlan virtual-switch instance.  The irb interface (when sourced) can ping host in each instance but  not /32 host(vrf.inet.0) to host in evpn-vxlan instance(bgp.evpn.0).  Is there a "knob" i'm missing?  I've tried playing around w/ route-targets as well, but to no avail.  Any insight/thoughts/help would be greatly appreciated!!

Well, at a high level we have something like this: 
Where the remote hosts network is learned as l3vpn routes.  I have not tested this, but I am wondering if some of the commands I am using under protocols evpn in the routing instance might help. 

Regards, 

Yasmin...this is great stuff, thank you!!  I've tried to update the scenario drawing as best as I could  using your drawing.  The .150 host IP resides in the vrf (instance-type vrf) all while all others reside in the evpn-vxlan instance(instance-type Virt Sw.).  I'm needing to make the .150 host accessible from the evpn-vxlan hosts.  I have tried playing around rib-groups, import/export policies and had no luck.  I've started playing around w/ some of the evpn ip-prefix-routes statement and have been able to create and populate the vrf.evpn.0 table and populate with the Type 5 .150 route, as well as see the evpn-vxlan hosts show up as Type 5s.  In the vrf.inet.0 table I see the evpn-vxlan hosts(.2 and .4) as [EVPN/7]  routes.  I however can not seem to get the evpn-vxlan.evpn.0 table populated with the .150 host.  I feel I may be making progress .  Is there anything you have to do to get the Type 5s to appear as Type 2s or even just appear in the evpn-vlan virtual-switch instance?
Original Message:
Sent: 01-27-2021 15:42
From: Yasmin Lara
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

Well, at a high level we have something like this: 

Communication is possible between the hosts in the EVPN and the host behind R2, but the BGP session you see in the picture terminates inside the VRF instance.  

We had to configure these commands under the routing instance, to allow route advertisements from the VRF to R2: 

set protocols evpn ip-prefix-routes advertise direct-nexthop
set protocols evpn ip-prefix-routes encapsulation vxlan
set protocols evpn ip-prefix-routes vni 100
set protocols evpn ip-prefix-routes export EVPN-host-routes

Your setup , if I am understanding well,  is more like this: 

Where the remote hosts network is learned as l3vpn routes.  I have not tested this, but I am wondering if some of the commands I am using under protocols evpn in the routing instance might help. 

Regards, 

------------------------------
Yasmin Lara
Juniper Ambassador
JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT

Original Message:
Sent: 01-26-2021 22:30
From: Unknown User
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

Yasmin...thanks for the reply....I do have vrf-table-label configured for the vrf routing-instance.  I'm questioning if this is even possible to do as I've tried numerous different ways but to no avail.
Original Message:
Sent: 01-25-2021 23:16
From: Yasmin Lara
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

Do you have vrf-table-label configured? 

Regards, 

------------------------------
Yasmin Lara
Juniper Ambassador
JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT

Original Message:
Sent: 01-25-2021 15:18
From: Unknown User
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

I have a scenario where I need to get a /32 host route that exist in a instance-type VRF (vrf.inet.0) but this same vrf serves as the L3GW vrf for the evpn-vxlan instance(instance-type virtual-switch...(this is a vlan-aware instance)).  I have all of the vxlan connectivity working inside the evpn-vxlan and the connectivity within the VRF is working, but I can not get this /32 host in the VRF to be accessible to the host inside the evpn-vxlan virtual-switch instance.  The irb interface (when sourced) can ping host in each instance but  not /32 host(vrf.inet.0) to host in evpn-vxlan instance(bgp.evpn.0).  Is there a "knob" i'm missing?  I've tried playing around w/ route-targets as well, but to no avail.  Any insight/thoughts/help would be greatly appreciated!!

I have been banging on this all week and have made some progress although I'm unsure if its correct or not.  I've managed to be able to get the learned .150 address from within the VRF instances placed into EVPN as a type 5 route and learned on the leaf.  I however can not ping the .150 from a host that's on the same subnet but in the EVPN-VXLAN instance.  Each host whether in VRF or EVPN-VXLAN can ping the gateway on the irb interface.
Original Message:
Sent: 01-27-2021 23:53
From: Unknown User
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

Yasmin...this is great stuff, thank you!!  I've tried to update the scenario drawing as best as I could  using your drawing.  The .150 host IP resides in the vrf (instance-type vrf) all while all others reside in the evpn-vxlan instance(instance-type Virt Sw.).  I'm needing to make the .150 host accessible from the evpn-vxlan hosts.  I have tried playing around rib-groups, import/export policies and had no luck.  I've started playing around w/ some of the evpn ip-prefix-routes statement and have been able to create and populate the vrf.evpn.0 table and populate with the Type 5 .150 route, as well as see the evpn-vxlan hosts show up as Type 5s.  In the vrf.inet.0 table I see the evpn-vxlan hosts(.2 and .4) as [EVPN/7]  routes.  I however can not seem to get the evpn-vxlan.evpn.0 table populated with the .150 host.  I feel I may be making progress .  Is there anything you have to do to get the Type 5s to appear as Type 2s or even just appear in the evpn-vlan virtual-switch instance?
Original Message:
Sent: 01-27-2021 15:42
From: Yasmin Lara
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

Well, at a high level we have something like this: 

Communication is possible between the hosts in the EVPN and the host behind R2, but the BGP session you see in the picture terminates inside the VRF instance.  

We had to configure these commands under the routing instance, to allow route advertisements from the VRF to R2: 

set protocols evpn ip-prefix-routes advertise direct-nexthop
set protocols evpn ip-prefix-routes encapsulation vxlan
set protocols evpn ip-prefix-routes vni 100
set protocols evpn ip-prefix-routes export EVPN-host-routes

Your setup , if I am understanding well,  is more like this: 

Where the remote hosts network is learned as l3vpn routes.  I have not tested this, but I am wondering if some of the commands I am using under protocols evpn in the routing instance might help. 

Regards, 

------------------------------
Yasmin Lara
Juniper Ambassador
JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT

Original Message:
Sent: 01-26-2021 22:30
From: Unknown User
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

Yasmin...thanks for the reply....I do have vrf-table-label configured for the vrf routing-instance.  I'm questioning if this is even possible to do as I've tried numerous different ways but to no avail.
Original Message:
Sent: 01-25-2021 23:16
From: Yasmin Lara
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

Do you have vrf-table-label configured? 

Regards, 

------------------------------
Yasmin Lara
Juniper Ambassador
JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT

Original Message:
Sent: 01-25-2021 15:18
From: Unknown User
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

I have a scenario where I need to get a /32 host route that exist in a instance-type VRF (vrf.inet.0) but this same vrf serves as the L3GW vrf for the evpn-vxlan instance(instance-type virtual-switch...(this is a vlan-aware instance)).  I have all of the vxlan connectivity working inside the evpn-vxlan and the connectivity within the VRF is working, but I can not get this /32 host in the VRF to be accessible to the host inside the evpn-vxlan virtual-switch instance.  The irb interface (when sourced) can ping host in each instance but  not /32 host(vrf.inet.0) to host in evpn-vxlan instance(bgp.evpn.0).  Is there a "knob" i'm missing?  I've tried playing around w/ route-targets as well, but to no avail.  Any insight/thoughts/help would be greatly appreciated!!

I'll take a look tomorrow, see if I can help. 

I was thinking that it might be an encapsulation problem or a bug! I've had some issues with EVPN on QFX. 

Regards, 

From your configuration this is what it seems you are doing, which honestly seems  a little strange  because the server is in the same subnet but is advertised by  a router via BGP? 


In this scenario, wouldn't the hosts assume that 10.150.10.150 is directly connected and ARP for the MAC address of 10.150.10.150? Do the hosts have an ARP entry to reach 10.150.10.150?  Or do the hosts have a route to 10.150.10.150 pointing to 10.150.10.254? 
proxy arp on the spine might help here. 

Also, try this: set routing-options forwarding-table chained-composite-next-hop ingress evpn (just a wild guess). This command seems to does some magic with pure type 5 routes - it broke a few things in my setup the other day, because suddenly I had a bunch of /32 routes that I was not expecting and longest match took over ;-)   

Regards, 

diagrams attached, in case you want to edit it. 

Regards,

HOLY SMOKES!!!  It's working!!  PROXY-ARP, PROXY-ARP, PROXY-ARP!!!!  

ping 10.150.10.150 routing-instance S4-10 source 10.150.10.4
PING 10.150.10.150 (10.150.10.150): 56 data bytes
64 bytes from 10.150.10.150: icmp_seq=0 ttl=64 time=209.060 ms
64 bytes from 10.150.10.150: icmp_seq=1 ttl=64 time=209.872 ms
64 bytes from 10.150.10.150: icmp_seq=2 ttl=64 time=218.420 ms
64 bytes from 10.150.10.150: icmp_seq=3 ttl=64 time=210.427 ms
^C
--- 10.150.10.150 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 209.060/211.945/218.420/3.770 ms

Now I got to figure out what configuration is unnecessary as I've configured so many different things in an attempt to make this work!! 

YASMIN'S THE BEST!!!  :)
Original Message:
Sent: 02-01-2021 10:55
From: Yasmin Lara
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

From your configuration this is what it seems you are doing, which honestly seems  a little strange  because the server is in the same subnet but is advertised by  a router via BGP? 


In this scenario, wouldn't the hosts assume that 10.150.10.150 is directly connected and ARP for the MAC address of 10.150.10.150? Do the hosts have an ARP entry to reach 10.150.10.150?  Or do the hosts have a route to 10.150.10.150 pointing to 10.150.10.254? 
proxy arp on the spine might help here. 

Also, try this: set routing-options forwarding-table chained-composite-next-hop ingress evpn (just a wild guess). This command seems to does some magic with pure type 5 routes - it broke a few things in my setup the other day, because suddenly I had a bunch of /32 routes that I was not expecting and longest match took over ;-)   

Regards, 




------------------------------
Yasmin Lara
Juniper Ambassador
JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT

Original Message:
Sent: 01-30-2021 16:22
From: Unknown User
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

I have been banging on this all week and have made some progress although I'm unsure if its correct or not.  I've managed to be able to get the learned .150 address from within the VRF instances placed into EVPN as a type 5 route and learned on the leaf.  I however can not ping the .150 from a host that's on the same subnet but in the EVPN-VXLAN instance.  Each host whether in VRF or EVPN-VXLAN can ping the gateway on the irb interface.
Original Message:
Sent: 01-27-2021 23:53
From: Unknown User
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

Yasmin...this is great stuff, thank you!!  I've tried to update the scenario drawing as best as I could  using your drawing.  The .150 host IP resides in the vrf (instance-type vrf) all while all others reside in the evpn-vxlan instance(instance-type Virt Sw.).  I'm needing to make the .150 host accessible from the evpn-vxlan hosts.  I have tried playing around rib-groups, import/export policies and had no luck.  I've started playing around w/ some of the evpn ip-prefix-routes statement and have been able to create and populate the vrf.evpn.0 table and populate with the Type 5 .150 route, as well as see the evpn-vxlan hosts show up as Type 5s.  In the vrf.inet.0 table I see the evpn-vxlan hosts(.2 and .4) as [EVPN/7]  routes.  I however can not seem to get the evpn-vxlan.evpn.0 table populated with the .150 host.  I feel I may be making progress .  Is there anything you have to do to get the Type 5s to appear as Type 2s or even just appear in the evpn-vlan virtual-switch instance?
Original Message:
Sent: 01-27-2021 15:42
From: Yasmin Lara
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

Well, at a high level we have something like this: 

Communication is possible between the hosts in the EVPN and the host behind R2, but the BGP session you see in the picture terminates inside the VRF instance.  

We had to configure these commands under the routing instance, to allow route advertisements from the VRF to R2: 

set protocols evpn ip-prefix-routes advertise direct-nexthop
set protocols evpn ip-prefix-routes encapsulation vxlan
set protocols evpn ip-prefix-routes vni 100
set protocols evpn ip-prefix-routes export EVPN-host-routes

Your setup , if I am understanding well,  is more like this: 

Where the remote hosts network is learned as l3vpn routes.  I have not tested this, but I am wondering if some of the commands I am using under protocols evpn in the routing instance might help. 

Regards, 

------------------------------
Yasmin Lara
Juniper Ambassador
JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT

Original Message:
Sent: 01-26-2021 22:30
From: Unknown User
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

Yasmin...thanks for the reply....I do have vrf-table-label configured for the vrf routing-instance.  I'm questioning if this is even possible to do as I've tried numerous different ways but to no avail.
Original Message:
Sent: 01-25-2021 23:16
From: Yasmin Lara
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

Do you have vrf-table-label configured? 

Regards, 

------------------------------
Yasmin Lara
Juniper Ambassador
JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT

Original Message:
Sent: 01-25-2021 15:18
From: Unknown User
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

I have a scenario where I need to get a /32 host route that exist in a instance-type VRF (vrf.inet.0) but this same vrf serves as the L3GW vrf for the evpn-vxlan instance(instance-type virtual-switch...(this is a vlan-aware instance)).  I have all of the vxlan connectivity working inside the evpn-vxlan and the connectivity within the VRF is working, but I can not get this /32 host in the VRF to be accessible to the host inside the evpn-vxlan virtual-switch instance.  The irb interface (when sourced) can ping host in each instance but  not /32 host(vrf.inet.0) to host in evpn-vxlan instance(bgp.evpn.0).  Is there a "knob" i'm missing?  I've tried playing around w/ route-targets as well, but to no avail.  Any insight/thoughts/help would be greatly appreciated!!

LOL!!!!!  

Glad I could help! 

Hi

Would you be able to clarify a little bit more what you are trying to achieve?

I have looked over your config and it seems to me that you have everything pretty much there.
You have your irb.10 in a VRF.  This is for a /24 route.
Yet you seem to want a /32 route from that subnet installed into EVPN.  The question is "As what type of EVPN route?" Are you working on VTMO ?

You should have a Type 2 route/s for the Host 10.150.10.50, but I cant see it listed.
So if the hosts cannot speak to each other inside the same broadcast domain, then you may have an issue somewhere else.

As far as I know you should have EVPN type 2 routes for the MAC and the MAC/IP combo of hosts inside that subnet.


------------------------------
William Jackson
------------------------------

Original Message:
Sent: 01-25-2021 15:18
From: Unknown User
Subject: VRF.inet.0 route into bgp.evpn.0 - CBR Design

I have a scenario where I need to get a /32 host route that exist in a instance-type VRF (vrf.inet.0) but this same vrf serves as the L3GW vrf for the evpn-vxlan instance(instance-type virtual-switch...(this is a vlan-aware instance)).  I have all of the vxlan connectivity working inside the evpn-vxlan and the connectivity within the VRF is working, but I can not get this /32 host in the VRF to be accessible to the host inside the evpn-vxlan virtual-switch instance.  The irb interface (when sourced) can ping host in each instance but  not /32 host(vrf.inet.0) to host in evpn-vxlan instance(bgp.evpn.0).  Is there a "knob" i'm missing?  I've tried playing around w/ route-targets as well, but to no avail.  Any insight/thoughts/help would be greatly appreciated!!