Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. nsp>
  3. juniper
EVPN/VXLAN over IPsec over Internet
ilovebgp4 at gmail
Jun 1, 2019, 5:43 AM
Post #1 of 3 (672 views)
Permalink
Hi! Experts

Sorry for disturbing, we know that EVPN/VXLAN cannot fragment packets, but
we want to use IPsec/Internet as backup EVPN/VXLAN path, is there any
workaround to forwarding such packets in EVPN/VXLAN over IPsec over
Internet?

Thanks in advance.

--
BR!



James Chen
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: EVPN/VXLAN over IPsec over Internet [ In reply to ]
jackson.tim at gmail
Jun 1, 2019, 6:06 AM
Post #2 of 3 (672 views)
Permalink
I've done some hacks with an MX to do inline GRE frag+reassembly over the
internet with a looped macsec GigE port to get encrypted traffic with full
MTU. You could add VXLAN to that and get what you want kinda. MX GRE inline
frag/reassembly works well.



On Sat, Jun 1, 2019, 7:44 AM Chen Jiang <ilovebgp4@gmail.com> wrote:

> Hi! Experts
>
> Sorry for disturbing, we know that EVPN/VXLAN cannot fragment packets, but
> we want to use IPsec/Internet as backup EVPN/VXLAN path, is there any
> workaround to forwarding such packets in EVPN/VXLAN over IPsec over
> Internet?
>
> Thanks in advance.
>
> --
> BR!
>
>
>
> James Chen
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: EVPN/VXLAN over IPsec over Internet [ In reply to ]
ilovebgp4 at gmail
Jun 2, 2019, 1:21 AM
Post #3 of 3 (668 views)
Permalink
Hi! Tim

Thanks for the advice, is it means encapsulated ethernet frames 1st in GRE,
then in EVPN/VXLAN tunnel?

Or 1st in EVPN/VXLAN, then in GRE tunnel?


On Sat, Jun 1, 2019 at 9:06 PM Tim Jackson <jackson.tim@gmail.com> wrote:

> I've done some hacks with an MX to do inline GRE frag+reassembly over the
> internet with a looped macsec GigE port to get encrypted traffic with full
> MTU. You could add VXLAN to that and get what you want kinda. MX GRE inline
> frag/reassembly works well.
>
>
>
> On Sat, Jun 1, 2019, 7:44 AM Chen Jiang <ilovebgp4@gmail.com> wrote:
>
>> Hi! Experts
>>
>> Sorry for disturbing, we know that EVPN/VXLAN cannot fragment packets, but
>> we want to use IPsec/Internet as backup EVPN/VXLAN path, is there any
>> workaround to forwarding such packets in EVPN/VXLAN over IPsec over
>> Internet?
>>
>> Thanks in advance.
>>
>> --
>> BR!
>>
>>
>>
>> James Chen
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>

--
BR!



James Chen
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal