Ask the Expert

  • 1.  Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-05-2021 20:26
    I have the following topology:
    The dotted lines shows the iBGP peering for EVPN/vXLAN.  Based on my understanding, without the red line, no loop would occur. As the BUM traffic advertised to the peer vtep would not be forwarded to other vteps.

    With the red line, a loop could occur. As the BUM traffic learnt from VTEP-3 might be forwarded to VTEP-4 via the red line, then it will be advertised back to the original vtep.

    Am I right  or anything I have missed ?

    With the red line, what are the best way to prevent the loop?

    thanks for any insights and coaching !!!


  • 2.  RE: Anyone can help to take a look at my topology to see any issues with it?
    Best Answer

    Posted 04-25-2021 06:19
    Hi

    First let's have a look at the EVPN RFC 7432:

    "If a bridged network is multihomed to more than one PE in an EVPN network via switches, then the support of All-Active redundancy mode
    requires the bridged network to be connected to two or more PEs using a LAG.

    If a bridged network does not connect to the PEs using a LAG, then only one of the links between the bridged network and the PEs must be
    the active link for a given <ES, VLAN> or <ES, VLAN bundle>."

    Basically if it's multihomed it must be a LAG, if it's multihomed without a LAG it must be Active/Standby.

    In your topology the switch on the left should be connected using ESI-LAG to avoid any loops.

    The switches on the right should be stacked so they act as one logical device then multihomed using ESI-LAG.

    If they can't be stacked then the red line describes a common miswiring scenario. 
    This will trigger a MAC flap between QFX3 and QFX4, EVPN handles this with duplicate-address-detection:
    Changing Duplicate MAC Address Detection Settings | EVPN User Guide | Juniper Networks TechLibrary
    Note that DAD till only solve the control plane, BUM traffic will still loop between QFX3, QFX4 and the switches/red line behind.

    What you want to do here is to enable the new EVPN loop-detect feature on the ports facing the switches:
    loop-detect (EVPN) | EVPN User Guide | Juniper Networks TechLibrary

    Hope this helps.






    ------------------------------
    ROGER WIKLUND
    ------------------------------



  • 3.  RE: Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-25-2021 17:26
    thanks a lot for your clear explanation !!


  • 4.  RE: Anyone can help to take a look at my topology to see any issues with it?

    Posted 04-25-2021 17:26
    thanks for your clear explanation !!