Training and Certification

 View Only
last person joined: yesterday 

How to get the most from Juniper's education services and get advice on your certification journey.
Expand all | Collapse all

vMX evpn/vxlan virtual-gateway configuration questions

  • 1.  vMX evpn/vxlan virtual-gateway configuration questions

    Posted 05-14-2020 21:29

    I configured evpn/vlxan virtual gateways on QFX10008, it works fine.

    I am doing some training lab where vMX is used. I could not get it working.

    set interfaces irb unit 100 virtual-gateway-accept-data   (training material)
    set interfaces irb unit 100 family inet address 10.200.100.250/24 virtual-gateway-address 10.200.100.254
    set interfaces irb unit 101 proxy-macip-advertisement   (JNCIE Tech site)
    set interfaces irb unit 101 family inet address 10.200.101.250/24 virtual-gateway-address 10.200.101.254
    

    which is a right approach? what differences ?

    On the client, I can see the arp.

    Server-3#show arp
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  10.200.101.3            -   aabb.cc00.b000  ARPA   Ethernet0/0.101
    Internet  10.200.101.250          5   2c6b.f57b.b3f0  ARPA   Ethernet0/0.101
    Internet  10.200.101.254        125   0000.5e00.0101  ARPA   Ethernet0/0.101
    

    On vMX, I can see MAC for server-3

    root@vMX7# run show bridge mac-table
    
    MAC flags       (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
        O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)
    
    Routing instance : overlay
     Bridging domain : BD-101, VLAN : 101
       MAC                 MAC      Logical                Active
       address             flags    interface              source
       aa:bb:cc:00:b0:00   DL       ae0.0
    

    But ping does not work.

    Server-3#ping 10.200.101.254
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.200.101.254, timeout is 2 seconds:
    .....
    Success rate is 0 percent (0/5)
    

    vxlan configuration

    root@vMX7# show routing-instances | display set
    set routing-instances overlay vtep-source-interface lo0.0
    set routing-instances overlay instance-type virtual-switch
    set routing-instances overlay interface ae0.0
    set routing-instances overlay interface ae1.0
    set routing-instances overlay route-distinguisher 10.200.0.7:7
    set routing-instances overlay vrf-target target:64513:1
    set routing-instances overlay vrf-target auto
    set routing-instances overlay protocols evpn encapsulation vxlan
    set routing-instances overlay protocols evpn extended-vni-list all
    set routing-instances overlay protocols evpn multicast-mode ingress-replication
    set routing-instances overlay protocols evpn default-gateway no-gateway-community
    set routing-instances overlay bridge-domains BD-100 vlan-id 100
    set routing-instances overlay bridge-domains BD-100 routing-interface irb.100
    set routing-instances overlay bridge-domains BD-100 vxlan vni 5100
    set routing-instances overlay bridge-domains BD-100 vxlan ingress-node-replication
    set routing-instances overlay bridge-domains BD-101 vlan-id 101
    set routing-instances overlay bridge-domains BD-101 routing-interface irb.101
    set routing-instances overlay bridge-domains BD-101 vxlan vni 5101
    

    thanks in advance !!



  • 2.  RE: vMX evpn/vxlan virtual-gateway configuration questions
    Best Answer

     
    Posted 05-15-2020 00:41
    Hi Gentlemen,

    The accept data knob is paramount to allow ICMPs towards the Virtual gateway, I don't see you have that configured for IRB 101.

    The difference is that the macip-advertisement makes the Layer 3 gateway advertises the host MAC and IP routes along with the next hop, which is set to the Layer 2 gateway to which the host is attached.

    If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \Smiley Happy/

    Regards,

    Lil Dexx
    JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB


  • 3.  RE: vMX evpn/vxlan virtual-gateway configuration questions

    Posted 05-15-2020 06:29

    thanks for taking a look.

    I did have this line

    set interfaces irb unit 101 virtual-gateway-accept-data.

    But it did not work, I removed and tried proxy-macip-advertisement;

    Unfortunately, not work either.

    Not sure whether because of vMX image.

    Can you see any configuration issue if I add virtual-gateway-accept-data back ?

     

    thanks !!

     



  • 4.  RE: vMX evpn/vxlan virtual-gateway configuration questions

     
    Posted 05-15-2020 11:35

    Hey 

     

    Something else you could try is to upgrade to the latest and greatest. then I would have the following knob configured: virtual-gateway-v4-mac.

     

    You can explicitly configure an IPv4 or IPv6 MAC address for a default gateway by using the virtual-gateway-v4-mac or virtual-gateway-v6-mac configuration statement at the [edit interfaces name irb unit logical-unit-number] hierarchy level. After you perform this configuration, the automatically generated MAC address is overridden by the configured MAC address. 

     

    If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/

    Regards,

     

    Lil Dexx
    JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB



  • 5.  RE: vMX evpn/vxlan virtual-gateway configuration questions

    Posted 05-15-2020 14:44

    Sorry it is my bad.  I found my vtep-source-interface wrong. It should be lo0.0. I entered lo0 instead in one of the routers.



  • 6.  RE: vMX evpn/vxlan virtual-gateway configuration questions

    Posted 05-15-2020 14:45

    thanks so much !!

     



  • 7.  RE: vMX evpn/vxlan virtual-gateway configuration questions

    Posted 01-30-2022 07:26

    I have 100% the same issue not resolved 

    Hostname: SPINE1
    Model: vmx
    Junos: 18.3R3.8

    My hosts some times get a single ping response ( then no more ) 
    Everything else is good,  arp ect the MXs are even routing correctly.


    root@HOST1> ping 192.168.10.254
    PING 192.168.10.254 (192.168.10.254): 56 data bytes
    64 bytes from 192.168.10.254: icmp_seq=1 ttl=64 time=11.274 ms  # < THIS WAS THE ONE PING THAT WORKING ALL ELSE FAILED
    ^C
    --- 192.168.10.254 ping statistics ---
    135 packets transmitted, 1 packets received, 99% packet loss
    round-trip min/avg/max/stddev = 11.274/11.274/11.274/0.000 ms

    set system host-name SPINE1
    set system services ssh root-login allow
    set chassis fpc 0 lite-mode
    set chassis network-services ip
    set interfaces ge-0/0/0 unit 0 family bridge interface-mode trunk
    set interfaces ge-0/0/0 unit 0 family bridge vlan-id-list 10
    set interfaces ge-0/0/0 unit 0 family bridge vlan-id-list 20
    set interfaces ge-0/0/1 unit 0 family inet address 172.16.0.0/31
    set interfaces ge-0/0/2 unit 0 family inet address 172.16.0.2/31
    set interfaces ge-0/0/3 unit 0 family inet address 172.16.0.4/31
    set interfaces ge-0/0/4 unit 0 family bridge interface-mode trunk
    set interfaces ge-0/0/4 unit 0 family bridge vlan-id-list 10
    set interfaces ge-0/0/4 unit 0 family bridge vlan-id-list 20
    set interfaces fxp0 unit 0 family inet dhcp
    set interfaces irb unit 10 proxy-macip-advertisement
    set interfaces irb unit 10 virtual-gateway-accept-data
    set interfaces irb unit 10 virtual-gateway-esi 00:22:22:22:22:22:22:22:22:22
    set interfaces irb unit 10 virtual-gateway-esi all-active
    set interfaces irb unit 10 family inet address 192.168.10.201/24 virtual-gateway-address 192.168.10.254
    set interfaces irb unit 10 virtual-gateway-v4-mac 00:00:5e:00:01:01
    set interfaces irb unit 20 virtual-gateway-accept-data
    set interfaces irb unit 20 family inet address 192.168.20.201/24 virtual-gateway-address 192.168.20.254
    set interfaces lo0 unit 0 family inet address 10.0.255.1/32
    set routing-options ppm no-delegate-processing
    set routing-options ppm no-inline-processing
    set routing-options router-id 10.0.255.1
    set protocols bgp group underlay export LOOPBACK>UNDERLAY
    set protocols bgp group underlay local-as 65101
    set protocols bgp group underlay multipath multiple-as
    set protocols bgp group underlay neighbor 172.16.0.1 peer-as 65103
    set protocols bgp group underlay neighbor 172.16.0.3 peer-as 65104
    set protocols bgp group underlay neighbor 172.16.0.5 peer-as 65105
    set protocols bgp group overlay local-address 10.0.255.1
    set protocols bgp group overlay family evpn signaling
    set protocols bgp group overlay cluster 1.1.1.1
    set protocols bgp group overlay peer-as 65200
    set protocols bgp group overlay local-as 65200
    set protocols bgp group overlay neighbor 10.0.255.3
    set protocols bgp group overlay neighbor 10.0.255.4
    set protocols bgp group overlay neighbor 10.0.255.5
    set protocols bgp group overlay neighbor 10.0.255.2
    set policy-options policy-statement LOAD_BALANCE term LOADBAL then load-balance per-packet
    set policy-options policy-statement LOAD_BALANCE term LOADBAL then accept
    set policy-options policy-statement LOOPBACK>UNDERLAY term LOOPBACK from protocol direct
    set policy-options policy-statement LOOPBACK>UNDERLAY term LOOPBACK from route-filter 10.0.255.0/24 orlonger
    set policy-options policy-statement LOOPBACK>UNDERLAY term LOOPBACK then accept
    set routing-instances VS_ALL vtep-source-interface lo0.0
    set routing-instances VS_ALL instance-type virtual-switch
    set routing-instances VS_ALL interface ge-0/0/0.0
    set routing-instances VS_ALL interface ge-0/0/4.0
    set routing-instances VS_ALL route-distinguisher 10.0.255.1:1
    set routing-instances VS_ALL vrf-target target:65200:1
    set routing-instances VS_ALL vrf-target auto
    set routing-instances VS_ALL protocols evpn encapsulation vxlan
    set routing-instances VS_ALL protocols evpn extended-vni-list all
    set routing-instances VS_ALL protocols evpn multicast-mode ingress-replication
    set routing-instances VS_ALL protocols evpn default-gateway advertise
    set routing-instances VS_ALL bridge-domains vlan10 vlan-id 10
    set routing-instances VS_ALL bridge-domains vlan10 routing-interface irb.10
    set routing-instances VS_ALL bridge-domains vlan10 vxlan vni 2010
    set routing-instances VS_ALL bridge-domains vlan20 vlan-id 20
    set routing-instances VS_ALL bridge-domains vlan20 routing-interface irb.20
    set routing-instances VS_ALL bridge-domains vlan20 vxlan vni 2020


    There are a few bits in there I tried like the delegate processing but nothing worked. ​



    ------------------------------
    Simon Bingham
    ------------------------------



  • 8.  RE: vMX evpn/vxlan virtual-gateway configuration questions

    Posted 01-31-2022 05:34
    Hi Simon,
    With MX devices running EVPN-VXLAN and using irb with virtual-gateway i think you do not need esi and virtual-gateway-v4-mac configurations for the device to run properly. also you may need to add multipath to overlay bgp configuration. Could you please check these configurations.
    Regards,

    ------------------------------
    MEHMET SUEL
    ------------------------------



  • 9.  RE: vMX evpn/vxlan virtual-gateway configuration questions

    Posted 01-31-2022 08:01

    Hi , that was config where I was trying a few things to try and force it work. with or without virtual-gateway-v4-mac

    The .254 and the IRB DO respond to arp the DO route traffic , it just seems they reject ICMP / SSH does it does feel like this is CPU bound traffic that has this issue. 

    I read in the MX book that this traffic handled by the line card, I wonder if these is a issues here ( this why I had the line 

    set routing-options ppm no-delegate-processing
    set routing-options ppm no-inline-processing


    but still same result. 

    Regards

    Simon



    ------------------------------
    Simon Bingham
    ------------------------------



  • 10.  RE: vMX evpn/vxlan virtual-gateway configuration questions

    Posted 02-01-2022 03:46

    I upgraded my vMX to 20.4R3.8 and instantly it started working.  so there is a bug here somewhere. 


    root@HOST3> ping 192.168.10.254
    PING 192.168.10.254 (192.168.10.254): 56 data bytes
    64 bytes from 192.168.10.254: icmp_seq=0 ttl=64 time=117.861 ms
    64 bytes from 192.168.10.254: icmp_seq=1 ttl=64 time=115.983 ms
    64 bytes from 192.168.10.254: icmp_seq=2 ttl=64 time=116.792 ms
    64 bytes from 192.168.10.254: icmp_seq=3 ttl=64 time=116.717 ms
    64 bytes from 192.168.10.254: icmp_seq=4 ttl=64 time=115.853 ms



    ------------------------------
    Simon Bingham
    ------------------------------



  • 11.  RE: vMX evpn/vxlan virtual-gateway configuration questions

     
    Posted 02-02-2022 06:44
    Hmm interesting. To be honest I do recall there being a sizable number of EVPN issues being resolved going from 18.4 to 19.4 (in our network), so quite frankly I am not very surprised seeing your previous version of 18.3, but still odd that it didnt work. Glad to see it's working now though, guess there was either a bug or a change in some of how EVPN-VXLAN needs to be configured (I know there were some fairly fundamental changes between Junos 18 and 19 in this regard, though I wouldnt be able to point you to specifics at the moment)