Switching

Expand all | Collapse all

VXLAN irb virtual-gateway-address

  • 1.  VXLAN irb virtual-gateway-address

     
    Posted 4 days ago
    Hi All--

    I have a edge switch connected to a pair of EVPN/VXLAN leafs with an ESI-LAG interface:

    On the leafs I have a number of irb interfaces each with a virtual-gateway-address. As noted here, these VGA's are assigned 00:00:5e:00:01:01:

    https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/virtual-gateway-v4-mac-edit-interfaces.html

    As the user guide also states: "The automatically generated virtual MAC is not included as the source MAC address in packets generated by the Layer 3 VXLAN gateway. Instead, data packets and the source MAC address field in the outer Ethernet header of Address Resolution Protocol (ARP) replies and neighbor advertisement packets include the MAC address for the IRB interface."

    A packet capture confirms this:

    This means that my downstream switch never sees 00:00:5e:00:01:01 and it is therefore not entered into its switching table.

    As a result, all gateway-bound traffic from the access switch is treated as unknown unicast, which floods all ports and triggers storm control.

    One solution is to add a static MAC entry for 00:00:5e:00:01:01 with next-hop ae0 to every VLAN, but this isn't ideal :

        v80 {
            vlan-id 80;
            l3-interface irb.80;
            switch-options {
                interface ae0.0 {
                    static-mac 00:00:5e:00:01:01;
                }
            }
        }

    Is this behavior expected? Is there a better solution?

    --Paul





  • 2.  RE: VXLAN irb virtual-gateway-address

    Posted 3 days ago
    Hi Paul,

    sorry if I missed something, but have you tried to configure same static mac-address on irb interface itself on both leafs?  If not, here you can check 2 methods and example: https://www.juniper.net/documentation/en_US/junos/topics/example/evpn-vxlan-collapsed-topology.html#jd0e58

    ------------------------------
    Regards,
    Elchin
    ------------------------------



  • 3.  RE: VXLAN irb virtual-gateway-address

     
    Posted 3 days ago
    If this what you are trying to do?  
    And if it is, is the link between the leaf nodes L2?  (that would cause a loop)

    I think manually configuring the virtual mac using  virtual-gateway-v4-mac on the leaf devices might help (which I think is what E.KH was suggesting). 

    If that doesn't work I don't think there is any other way but to add the static mac entry that you described. 

    https://www.juniper.net/documentation/en_US/junos/topics/concept/evpn-vxlan-mac-virtual-gateway.html

    Regards,

    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 4.  RE: VXLAN irb virtual-gateway-address

     
    Posted 2 days ago
    Yes, exactly. The inter-leaf cross-connect is layer 3, and is the underlay.

    Thanks all for the documentation links, it looks like there's a few different ways to approach the issue.

    This article also gives good explanations on each option: https://danhearty.wordpress.com/2019/10/12/evpn-vxlan-layer-3-gateway-irb-junos/