Mailing List Archive

I think your attachment has been stripped. Do you plan to have a L3
gateway somewhere? Be sure to read this page to understand what you can
and cannot do with VXLAN on each model:

https://www.juniper.net/documentation/en_US/junos/topics/concept/vxlan-constraints-qfx-series.html

Notably:

(QFX5100, QFX5200, QFX5210, EX4300-48MP, and EX4600 switches) Routing
traffic between different VXLANs is not supported.
--
Use variable names that mean something.
- The Elements of Programming Style (Kernighan & Plauger)

??????? Original Message ???????
From: Ian via juniper-nsp <juniper-nsp@puck.nether.net>
Sent: 16 avril 2019 05:13 +00
Subject: [j-nsp] EVPN-VXLAN: Mixing QFX and EX
To: juniper-nsp

> Experts,
>
> New to Junos, I am currently working on a small network with a
> spine-leaf design that would initially consist of two QFX5110 spine
> and four EX4600 leaf. Each leaf would connect to each spine with two
> 40GbE.
>
> The logical layout representation is as follow, only one link designed for simplicity
>
> [spine_leaf.png]
>
> I have been provided EX4600 for leaf and QFX5110 for spine. I plan on
> using EVPN-VXLAN and wanted to know, except for the large number of
> configuration and need for automation of VXLAN configuration, if
> somebody would see any problem mixing EX4600 and QFX5110 in such
> setup.
>
> Many thanks for feedbacks.
>
> I.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

? 16 avril 2019 11:04 +00, Ian <i2vanov@protonmail.com>:

> Thank you, Vincent.
>
> That is weird; it was a very simple layout illustration, I am attaching it again.
>
> Ultimate goal is to reduce broadcast domain size while having the
> resources be able to participate in L2 without over-sizing it and
> without using spanning-tree overheads and its risks.

OK. So, the main question is whatever you are expecting to route between
VXLAN (or between a VXLAN and a VLAN). EX4600 is only able to do L2
stuff with VXLAN. 5110 is able to route between VXLAN and may be able
under some conditions to route between a VLAN and a VXLAN.
--
10.0 times 0.1 is hardly ever 1.0.
- The Elements of Programming Style (Kernighan & Plauger)
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Much appreciated reply.

My understanding is EVPN-VXLAN uses anycast on all spines. All spines would have the same IP address (that is the gateway IP). Considering the limitations of the EX4600 you pointed out (which I assume is due to the Broadcom chipset), means in a case of mixing EX4600 with QFX5110, then the routing between VXLAN could only occur on the spines (assuming a QFX5110 or similar model supporting this) which effectively means traffic would trombone back and forth from the leaves to the spines rather than remain local to the switch even if the servers are on neighboring physical ports on the EX4600 leaves.

Am I making right assumptions?

I.

??????? Original Message ???????
On Tuesday, April 16, 2019 3:37 PM, Vincent Bernat <bernat@luffy.cx> wrote:

> ? 16 avril 2019 11:04 +00, Ian i2vanov@protonmail.com:
>
> OK. So, the main question is whatever you are expecting to route between
> VXLAN (or between a VXLAN and a VLAN). EX4600 is only able to do L2
> stuff with VXLAN. 5110 is able to route between VXLAN and may be able
> under some conditions to route between a VLAN and a VXLAN.
>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> 10.0 times 0.1 is hardly ever 1.0.
> - The Elements of Programming Style (Kernighan & Plauger)


_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

? 16 avril 2019 17:32 +00, Ian <i2vanov@protonmail.com>:

> Much appreciated reply.
>
> My understanding is EVPN-VXLAN uses anycast on all spines. All spines
> would have the same IP address (that is the gateway IP). Considering
> the limitations of the EX4600 you pointed out (which I assume is due
> to the Broadcom chipset), means in a case of mixing EX4600 with
> QFX5110, then the routing between VXLAN could only occur on the spines
> (assuming a QFX5110 or similar model supporting this) which
> effectively means traffic would trombone back and forth from the
> leaves to the spines rather than remain local to the switch even if
> the servers are on neighboring physical ports on the EX4600 leaves.
>
> Am I making right assumptions?

It depends on how you assign subnets to each leaves. For example, if
each leaf gets its own subnet, local traffic would be L2 only and stay
on the EX4600 leaves. On the other hand, if you assign two different
subnets, routing between them will require the traffic to go to the
spine, even if the source and destination are attached to the same leaf.

Also, note that if you plan to use QFX5110 as edge for your VXLAN
network, you may run into the following limitation:

(QFX5110 switches only) By default, routing traffic between a VXLAN and
a Layer 3 logical interface—for example, an interface configured with
the set interfaces interface-name unit logical-unit-number family inet
address ip-address/prefix-length command—is disabled. If this routing
functionality is required in your EVPN-VXLAN network, you can perform
some additional configuration to make it work. For more information, see
Understanding How to Configure VXLANs on QFX5110 Switches and Layer 3
Logical Interfaces to Interoperate.

<https://www.juniper.net/documentation/en_US/junos/topics/concept/vxlan-constraints-qfx-series.html>

It means a QFX5110 is not able to route between a family inet interface
and a family ethernet-switching interface when it implies doing VXLAN
encapsulation/decapsulation. QFX10k is able to do that without any
issue. Juniper provides a documented workaround, but it's quite recent.
--
Watch out for off-by-one errors.
- The Elements of Programming Style (Kernighan & Plauger)
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

5110, can NOT route between VLAN/IP and VXLAN, today. This is a future (some 19.x?).

I do believe that QFX5110 is not really "certified" as a EVPN/VXLAN Spine. Your design is what Juniper refers to as CRB - Centralized Route/Bridged. That is, VXLAN L3 at the core, versus the edge. The core is generally an IP Fabric.

Do matter what, you would need either MX or QFX10K model to talk to outside IP world, at least today. You could talk server to server with your DC, but not outside, which I assume is not what you want.

Rich

Richard McGovern
Sr Sales Engineer, Juniper Networks
978-618-3342


?On 4/16/19, 9:37 AM, "Vincent Bernat" <bernat@luffy.cx> wrote:

? 16 avril 2019 11:04 +00, Ian <i2vanov@protonmail.com>:

> Thank you, Vincent.
>
> That is weird; it was a very simple layout illustration, I am attaching it again.
>
> Ultimate goal is to reduce broadcast domain size while having the
> resources be able to participate in L2 without over-sizing it and
> without using spanning-tree overheads and its risks.

OK. So, the main question is whatever you are expecting to route between
VXLAN (or between a VXLAN and a VLAN). EX4600 is only able to do L2
stuff with VXLAN. 5110 is able to route between VXLAN and may be able
under some conditions to route between a VLAN and a VXLAN.
--
10.0 times 0.1 is hardly ever 1.0.
- The Elements of Programming Style (Kernighan & Plauger)



_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

? 16 avril 2019 20:09 +00, Richard McGovern <rmcgovern@juniper.net>:

> 5110, can NOT route between VLAN/IP and VXLAN, today. This is a
> future (some 19.x?).

It is believed to be able to do that now:
https://www.juniper.net/documentation/en_US/junos/topics/concept/evpn-vxlan-qfx5110-l2-vxlan-l3-logical.html

I was not able to reproduce with 17.4 but I'll try again with 18.1
tomorrow.
--
Identify bad input; recover if possible.
- The Elements of Programming Style (Kernighan & Plauger)
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

If you are going to try any code for EVPN/VXLAN testing, I would highly suggest using 18.1R3-S4, at least right now.

Rich

Richard McGovern
Sr Sales Engineer, Juniper Networks
978-618-3342


?On 4/16/19, 4:21 PM, "Vincent Bernat" <bernat@luffy.cx> wrote:

? 16 avril 2019 20:09 +00, Richard McGovern <rmcgovern@juniper.net>:

> 5110, can NOT route between VLAN/IP and VXLAN, today. This is a
> future (some 19.x?).

It is believed to be able to do that now:
https://www.juniper.net/documentation/en_US/junos/topics/concept/evpn-vxlan-qfx5110-l2-vxlan-l3-logical.html

I was not able to reproduce with 17.4 but I'll try again with 18.1
tomorrow.
--
Identify bad input; recover if possible.
- The Elements of Programming Style (Kernighan & Plauger)


_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Correction - QFX5110 can now route VLAN/IP to VNI via this configuration:

https://www.juniper.net/documentation/en_US/junos/topics/concept/evpn-vxlan-qfx5110-l2-vxlan-l3-logical.html

I was no aware this information had been put out there. Min SW would be 17.3R3, but 18.1R3-S[latest, now 4] would be recommended.

Please also note this functionality is not yet 100% supported as a Border Leaf for EVPN/VXLAN, so full "support" may not be yet available, despite the documentation. I think this may be major reason this support has not yet been announced. At least as far as I know, outside of this one link, I believe this is not announced or documented anywhere else.

Today I am using only 10K or MX as Border Leaf.

FYI


Richard McGovern
Sr Sales Engineer, Juniper Networks
978-618-3342


?On 4/16/19, 4:09 PM, "Richard McGovern" <rmcgovern@juniper.net> wrote:

5110, can NOT route between VLAN/IP and VXLAN, today. This is a future (some 19.x?).

I do believe that QFX5110 is not really "certified" as a EVPN/VXLAN Spine. Your design is what Juniper refers to as CRB - Centralized Route/Bridged. That is, VXLAN L3 at the core, versus the edge. The core is generally an IP Fabric.

Do matter what, you would need either MX or QFX10K model to talk to outside IP world, at least today. You could talk server to server with your DC, but not outside, which I assume is not what you want.

Rich

Richard McGovern
Sr Sales Engineer, Juniper Networks
978-618-3342


?On 4/16/19, 9:37 AM, "Vincent Bernat" <bernat@luffy.cx> wrote:

? 16 avril 2019 11:04 +00, Ian <i2vanov@protonmail.com>:

> Thank you, Vincent.
>
> That is weird; it was a very simple layout illustration, I am attaching it again.
>
> Ultimate goal is to reduce broadcast domain size while having the
> resources be able to participate in L2 without over-sizing it and
> without using spanning-tree overheads and its risks.

OK. So, the main question is whatever you are expecting to route between
VXLAN (or between a VXLAN and a VLAN). EX4600 is only able to do L2
stuff with VXLAN. 5110 is able to route between VXLAN and may be able
under some conditions to route between a VLAN and a VXLAN.
--
10.0 times 0.1 is hardly ever 1.0.
- The Elements of Programming Style (Kernighan & Plauger)





_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp