Ask the Expert

  • 1.  Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-05-2021 20:26
    I have the following topology.
    I have four QFXs connected via EVPN/vXLAN.  The dotted lines show the peer relationship.  Based on my understanding, with the red line, a possible loop could occur. Without the red line, no loop could occur.  Am I right ?   As the BUM traffic advertised to the peer vtep would not be forwarded to other VTEPs.  Right ?

    With the Red line, A BUM from VTEP-3 might be learnt by VTEP-4 via the Red line, the loop then occurs. Right ?

    thanks for your insights and coaching !!


  • 2.  RE: Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-25-2021 06:19
    Edited by ROGER WIKLUND 04-26-2021 00:23
    Hi

    First let's have a look at the EVPN RFC 7432:

    "If a bridged network is multihomed to more than one PE in an EVPN network via switches, then the support of All-Active redundancy mode
    requires the bridged network to be connected to two or more PEs using a LAG.

    If a bridged network does not connect to the PEs using a LAG, then only one of the links between the bridged network and the PEs must be
    the active link for a given <ES, VLAN> or <ES, VLAN bundle>."

    Basically if it's multihomed it must be a LAG, if it's multihomed without a LAG it must be Active/Standby.

    In your topology the switch on the left should be connected using ESI-LAG to avoid any loops.

    The switches on the right should be stacked so they act as one logical device then multihomed using ESI-LAG.

    If they can't be stacked then the red line describes a common miswiring scenario. 
    This will trigger a MAC flap between QFX3 and QFX4, EVPN handles this with duplicate-address-detection:
    Changing Duplicate MAC Address Detection Settings | EVPN User Guide | Juniper Networks TechLibrary
    Note that DAD till only solve the control plane, BUM traffic will still loop between QFX3, QFX4 and the switches/red line behind.

    What you want to do here is to enable the new EVPN loop-detect feature on the ports facing the switches:
    loop-detect (EVPN) | EVPN User Guide | Juniper Networks TechLibrary

    Hope this helps.


    ------------------------------
    ROGER WIKLUND
    ------------------------------



  • 3.  RE: Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-25-2021 17:26
    thanks a lot !!

    I tested and noticed the issues.