Data Center

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  EVPN/VXLAN: ARP issues on MX104

    Posted 02-17-2022 09:38
    So we have run into an interesting problem with ARP failing on our MX104 that has EVPN enabled:

    > show configuration routing-instances evpn-stage 
    
    protocols {
        evpn {
            traceoptions {
                file evpn-dbg size 30m files 10 world-readable;
                flag all;
            }
            mac-table-size {
                8192;
            }
            interface-mac-limit {
                8192;
            }
            encapsulation vxlan;
            default-gateway no-gateway-community;
        }
    }
    vtep-source-interface lo0.100;
    instance-type evpn;
    vlan-id 102;
    routing-interface irb.102;
    vxlan {
        vni 1067;
        ingress-node-replication;
    }
    route-distinguisher 208.113.156.211:1;
    vrf-target target:26000:1067;
    



    irb.102 does not respond to ARP requests from the other VTEPs, and evpn arp-table contains local addresses only:

    > show evpn arp-table 
    
    INET                MAC                Logical       Routing      Bridging
    address             address            interface     instance     domain
    208.113.201.65      fe:ed:de:ad:be:ef  irb.102       evpn-stage   __evpn-stage__
    208.113.201.129     fe:ed:de:ad:be:ef  irb.102       evpn-stage   __evpn-stage__
    



    I'm not sure what the resolution would be here. We've been seeing this issue on both 17.3R3 and 19.4R3-S7.3.

    Any input or information would be extremely helpful here!

     

    Thanks



  • 2.  RE: EVPN/VXLAN: ARP issues on MX104

    Posted 02-18-2022 09:40
    Hi,

    With EVPN/VXLAN instance type should be virtual-switch.
    Could you try with changing the instance type to virtual-switch ?

    set routing-instances evpn-stage instance-type virtual-switch​


    ------------------------------
    MEHMET SUEL
    ------------------------------



  • 3.  RE: EVPN/VXLAN: ARP issues on MX104

    Posted 02-18-2022 12:03


  • 4.  RE: EVPN/VXLAN: ARP issues on MX104

    Posted 02-18-2022 12:03
    @MEHMET SUEL thanks for your suggestion. EVPN instance-type seems to require configuration knobs that are incompatible with instance-type virtual-switch:​

    set routing-instances evpn-stage instance-type virtual-switch                                                                                                                             
                                                                                                                                                                                                                       
    commit check                                                                                                                                                                              
    re0:                                                                                                                                                                                                               
    [edit routing-instances evpn-stage]                   
      'vxlan'                                             
        vxlan must be configured within bridge-domains for 'instance-type virtual-switch'
    [edit routing-instances evpn-stage vlan-id]           
      'vlan-id 102'                                       
        'vlan-id' statement can be included only for a VPLS or EVPN instance
    [edit routing-instances evpn-stage protocols evpn]          
      'mac-table-size'                                    
        mac-table-size needs to be specified under switch-options for a virtual-switch instance
    [edit routing-instances evpn-stage protocols evpn]                     
      'interface-mac-limit'                               
        interface-mac-limit needs to be specified under switch-options for a virtual-switch instance
    [edit routing-instances evpn-stage routing-interface]          
      'routing-interface irb.102'                                    
        routing-interface must be configured within bridge-domains for 'instance-type virtual-switch'
    error: configuration check-out failed: (statements constraint check failed)
    ​

    So I had to deactivate evpn-stage temporarily and recreate virtual-switch and vrf instances from scratch:
    show | compare rollback 1
    
    [edit routing-instances]
    !    inactive: evpn-stage { ... }
    
    +   evpn-stage-l2 {
    +       protocols {
    +           evpn {
    +               encapsulation vxlan;
    +               extended-vni-list 1067;
    +               multicast-mode ingress-replication;
    +           }
    +       }
    +       vtep-source-interface lo0.100;
    +       instance-type virtual-switch;
    +       bridge-domains {
    +           v102 {
    +               vlan-id 102;
    +               routing-interface irb.102;
    +               vxlan {
    +                   vni 1067;
    +               }
    +           }
    +       }
    +       route-distinguisher 208.113.156.211:1111;
    +       vrf-import stage-evpn-imp;
    +       vrf-target target:26000:1067;
    +   }
    
    +   evpn-stage-l3 {
    +       instance-type vrf;
    +       route-distinguisher 208.113.156.211:1;
    +       vrf-target target:26000:1067;
    +   }
    ​


    No luck with those changes also, ARP is still failing for unknown reason.

    ------------------------------
    Den
    ------------------------------



  • 5.  RE: EVPN/VXLAN: ARP issues on MX104

     
    Posted 02-18-2022 15:48
    Could you provide more information here ? Topology indicating path of the arp, source/destination? Specific config for all nodes across the path would be helpful too. 

    Are you trying inter-vni or is this just within vni within box? More info may help narrow this down.

    ------------------------------
    Saurabh Joshi
    ------------------------------



  • 6.  RE: EVPN/VXLAN: ARP issues on MX104

    Posted 02-24-2022 05:22
    @Saurabh actually I was able to get EVPN working but with one limitation:

     ARP requests originated from CE succeed in ~5-10 seconds which is acceptable. But the ARPs originated from mx104 are failing - the only way to make pings work is to originate them from CEs.

     

    >>>>>>>> show evpn flood extensive

    Name: evpn-stage

    CEs: 0

    VEs: 7

     Flood route prefix: 0x3000b/51

     Flood route type: FLOOD_GRP_COMP_NH

     Flood route owner: __re_flood__

     Flood group name: __re_flood__

     Flood group index: 65534

     Nexthop type: comp

     Nexthop index: 8515

      Flooding to:

      Name       Type     NhType     Index

      __ves__     Group     comp      8514

        Composition: flood-to-all

        Flooding to:

        Name       Type     NhType     Index

        vtep.32772    CORE_FACING  venh      7923

        vtep.32774    CORE_FACING  venh      7073

        vtep.32775    CORE_FACING  venh      6732

        vtep.32770    CORE_FACING  venh      7871

        vtep.32769    CORE_FACING  venh      7554

        vtep.32773    CORE_FACING  venh      8675

     

     

    EVPN config is provided in the previous post. Remove VTEPs are reachable from the master routing instance by means of route leaking from the native routing instance for these routes. It's just one VNI with irb participating.
    Any suggestions on why MX might fail egress flooding to remote VTEPs?

     

    Would appreciate any input on this.



    ------------------------------
    Den
    ------------------------------