@Saurabh actually I was able to get EVPN working but with one limitation:
ARP requests originated from CE succeed in ~5-10 seconds which is acceptable. But the ARPs originated from mx104 are failing - the only way to make pings work is to originate them from CEs.
>>>>>>>> show evpn flood extensive
Name: evpn-stage
CEs: 0
VEs: 7
Flood route prefix: 0x3000b/51
Flood route type: FLOOD_GRP_COMP_NH
Flood route owner: __re_flood__
Flood group name: __re_flood__
Flood group index: 65534
Nexthop type: comp
Nexthop index: 8515
Flooding to:
Name Type NhType Index
__ves__ Group comp 8514
Composition: flood-to-all
Flooding to:
Name Type NhType Index
vtep.32772 CORE_FACING venh 7923
vtep.32774 CORE_FACING venh 7073
vtep.32775 CORE_FACING venh 6732
vtep.32770 CORE_FACING venh 7871
vtep.32769 CORE_FACING venh 7554
vtep.32773 CORE_FACING venh 8675
EVPN config is provided in the previous post. Remove VTEPs are reachable from the master routing instance by means of route leaking from the native routing instance for these routes. It's just one VNI with irb participating.
Any suggestions on why MX might fail egress flooding to remote VTEPs?
Would appreciate any input on this.
------------------------------
Den
------------------------------
Original Message:
Sent: 02-18-2022 14:47
From: Saurabh Joshi
Subject: EVPN/VXLAN: ARP issues on MX104
Could you provide more information here ? Topology indicating path of the arp, source/destination? Specific config for all nodes across the path would be helpful too.
Are you trying inter-vni or is this just within vni within box? More info may help narrow this down.
------------------------------
Saurabh Joshi
Original Message:
Sent: 02-18-2022 11:45
From: D
Subject: EVPN/VXLAN: ARP issues on MX104
@MEHMET SUEL thanks for your suggestion. EVPN instance-type seems to require configuration knobs that are incompatible with instance-type virtual-switch:
set routing-instances evpn-stage instance-type virtual-switch commit check re0: [edit routing-instances evpn-stage] 'vxlan' vxlan must be configured within bridge-domains for 'instance-type virtual-switch'[edit routing-instances evpn-stage vlan-id] 'vlan-id 102' 'vlan-id' statement can be included only for a VPLS or EVPN instance[edit routing-instances evpn-stage protocols evpn] 'mac-table-size' mac-table-size needs to be specified under switch-options for a virtual-switch instance[edit routing-instances evpn-stage protocols evpn] 'interface-mac-limit' interface-mac-limit needs to be specified under switch-options for a virtual-switch instance[edit routing-instances evpn-stage routing-interface] 'routing-interface irb.102' routing-interface must be configured within bridge-domains for 'instance-type virtual-switch'error: configuration check-out failed: (statements constraint check failed)
So I had to deactivate evpn-stage temporarily and recreate virtual-switch and vrf instances from scratch:
show | compare rollback 1[edit routing-instances]! inactive: evpn-stage { ... }+ evpn-stage-l2 {+ protocols {+ evpn {+ encapsulation vxlan;+ extended-vni-list 1067;+ multicast-mode ingress-replication;+ }+ }+ vtep-source-interface lo0.100;+ instance-type virtual-switch;+ bridge-domains {+ v102 {+ vlan-id 102;+ routing-interface irb.102;+ vxlan {+ vni 1067;+ }+ }+ }+ route-distinguisher 208.113.156.211:1111;+ vrf-import stage-evpn-imp;+ vrf-target target:26000:1067;+ }+ evpn-stage-l3 {+ instance-type vrf;+ route-distinguisher 208.113.156.211:1;+ vrf-target target:26000:1067;+ }
No luck with those changes also, ARP is still failing for unknown reason.
------------------------------
Den
Original Message:
Sent: 02-18-2022 02:03
From: MEHMET SUEL
Subject: EVPN/VXLAN: ARP issues on MX104
Hi,
With EVPN/VXLAN instance type should be virtual-switch.
Could you try with changing the instance type to virtual-switch ?
set routing-instances evpn-stage instance-type virtual-switch
------------------------------
MEHMET SUEL
Original Message:
Sent: 02-17-2022 04:09
From: D
Subject: EVPN/VXLAN: ARP issues on MX104
So we have run into an interesting problem with ARP failing on our MX104 that has EVPN enabled:
> show configuration routing-instances evpn-stage protocols { evpn { traceoptions { file evpn-dbg size 30m files 10 world-readable; flag all; } mac-table-size { 8192; } interface-mac-limit { 8192; } encapsulation vxlan; default-gateway no-gateway-community; }}vtep-source-interface lo0.100;instance-type evpn;vlan-id 102;routing-interface irb.102;vxlan { vni 1067; ingress-node-replication;}route-distinguisher 208.113.156.211:1;vrf-target target:26000:1067;
irb.102 does not respond to ARP requests from the other VTEPs, and evpn arp-table contains local addresses only:
> show evpn arp-table INET MAC Logical Routing Bridgingaddress address interface instance domain208.113.201.65 fe:ed:de:ad:be:ef irb.102 evpn-stage __evpn-stage__208.113.201.129 fe:ed:de:ad:be:ef irb.102 evpn-stage __evpn-stage__
I'm not sure what the resolution would be here. We've been seeing this issue on both 17.3R3 and 19.4R3-S7.3.
Any input or information would be extremely helpful here!
Thanks