Junos OS

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about Junos OS.
Back to discussions
Expand all | Collapse all

Failover with different subnets in the same EVPN/VXLAN bridge-domain

  • 1.  Failover with different subnets in the same EVPN/VXLAN bridge-domain

    Posted 21 days ago
    Edited by Jodi Meier 18 days ago

    Hello,

    I have two MX204 routers here to play around, both configured with EVPN/VXLAN, which is working fine so far. Now I wanted to test when both routers participate in the same VLAN/VNI with different subnets, not sharing the same IP-address.

    Both routers share the same uplink to a single switch with LACP(ae0), when I disable one routers uplink, the /31 IP address is not reachable any longer thru the other router. However, when both are in same /24 prefix with different IP addresses and MACs, it's working fine.


    Configuration router1
    =================
    `show routing-instances evpn`

    instance-type virtual-switch;
protocols {
    evpn {
        encapsulation vxlan;
        extended-vni-list all;
        multicast-mode ingress-replication;
    }
}
vtep-source-interface lo0.0;
bridge-domains {
    test {
        vlan-id 384;
        routing-interface irb.384;
        vxlan { 
            vni 384;
        }
    }
interface ae0.0;
route-distinguisher 65000:10;
vrf-target target:65000:10;

    `show interfaces irb`

    unit 384 {
    description test;
    family inet {
        address 10.77.78.1/31;
    }
}

    Configuration router2
    =================

    `show routing-instances evpn`

    instance-type virtual-switch;
protocols {
    evpn {
        encapsulation vxlan;
        extended-vni-list all;
        multicast-mode ingress-replication;
    }
}
vtep-source-interface lo0.0;
bridge-domains {
    test {
        vlan-id 384;
        routing-interface irb.384;
        vxlan { 
            vni 384;
        }
    }
interface ae0.0;
route-distinguisher 65000:10;
vrf-target target:65000:10;

    `show interfaces irb`

    unit 384 {
    description test;
    family inet {
        address 10.77.78.9/31;
    }
}


    I've noticed that when only one router has an IP address assigned in the VLAN and the other has no "routing-interface" defined, it's working fine with one uplink down; so it seems that the problem has to do with both having an IP-address (routing-interface configured) in the same VLAN at the same time, in different subnets.

    When only one router has an IP assigned in the vlan(and then it works), I see a difference in the bridge-domain flags:

       IP                           MAC                  Flags              GBP    Logical            Active
   address                      address                                 Tag    Interface          source
   10.77.78.9                88:30:37:d2:fa:fc    SR,K,RGw                  vtep.32769         10.255.255.0
   10.77.78.8                c0:d6:82:7e:f0:22    DL,K,AD                   ae0.0


    When it's not working (both routers have an routing-interface and the counterpart IP address flags look like this:

    DLp,K,AD,RE

    the "Remote proxy" (Rp - Remote Proxy) and RE-Arp (RE - Re-ARP/ND) flag seems to cause the blackhole, which config-options solved this?

    kind regards

    Update: fixed with "set routing-instances evpn protocols evpn default-gateway do-not-announce"



    ------------------------------
    Klaus Peter Schnarch
    ------------------------------