Mailing List Archive: evpn trouble

evpn trouble

baldur at gigabit

May 7, 2021, 7:45 AM

Post #1 of 6 (1566 views)

Hello

I am deploying EVPN and while it works, we are having some issues. Here is
the first one:

An EVPN instance configured for testing on a MX204 and an ACX5448 both
running 21.1R1. The have the same exact configuration except for the IP
address of the IRB interface:

baldur@formervangen-core3# show interfaces irb.20
family inet {
address 185.24.168.92/29;
}

[edit]
baldur@formervangen-core3# show routing-instances evpntest
instance-type evpn;
protocols {
evpn;
}
vlan-id 20;
routing-interface irb.20;
interface xe-0/0/42.20;
vrf-target target:60876:20;

[edit]
baldur@formervangen-core3# show interfaces xe-0/0/42
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 20 {
encapsulation vlan-bridge;
vlan-id 20;
}

Also irb.20 is in a layer 3 VRF called "internet".

On the MX204 the interface irb.20 comes online but on the ACX5448 the
irb.20 interface stays in the state hardware-down:

baldur@formervangen-core3# run show interfaces irb.20
Logical interface irb.20 (Index 76) (SNMP ifIndex 563)
Flags: Hardware-Down Up SNMP-Traps 0x4004000 Encapsulation: ENET2
Bandwidth: 1Gbps
Routing Instance: None Bridging Domain: None
Input packets : 0
Output packets: 0
Protocol inet, MTU: 1514
Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 0, Curr
new hold cnt: 0, NH drop cnt: 0
Flags: Sendbcast-pkt-to-re, Is-Primary
Addresses, Flags: Dest-route-down Is-Preferred Is-Primary
Destination: 185.24.168.88/29, Local: 185.24.168.92, Broadcast:
185.24.168.95
Protocol multiservice, MTU: Unlimited

In fact I can not get the irb interface to go up at all on the ACX5448
platform. Is IRB unsupported? Without it a lot of EVPN features are not
available.

In our production environment the mx204 routers do not have any servers
directly connected. The irb interface will therefore not come online. But
since the acx5448 switches refuse to have their own irb interfaces, I need
the mx204 to do the task. My solution right now is to add a dummy interface
to the evpn instance on the mx204. Is there a better way? Why did Juniper
not include a knop to bring irb up even without any physical interfaces
active in the vpn?

Thanks,

Baldur
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: evpn trouble [ In reply to ]

baldur at gigabit

May 7, 2021, 3:07 PM

Post #2 of 6 (1565 views)

Hello

I found the answer to this one. On ACX5448 and ACX710 the routing-interface
statement does absolutely nothing. Instead you need to use the undocumented
l3-interface statement at the same place. On the MX204 platform the
l3-interface statement does not exist. I will list the two configs below
for those that might need to know.

Compare mx204 config:

baldur@formervangen-edge1# show routing-instances evpntest
instance-type evpn;
protocols {
evpn {
default-gateway advertise;
}
}
vlan-id 20;
routing-interface irb.20;
interface xe-0/1/7.21;
vrf-target target:60876:20;

And acx710 / acx5448:

baldur@formervangen-core4# show routing-instances evpntest
instance-type evpn;
protocols {
evpn {
default-gateway advertise;
}
}
vlan-id 20;
l3-interface irb.20;
interface xe-0/0/0.20;
vrf-target target:60876:20;

Regards,

Baldur
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: evpn trouble [ In reply to ]

roger.wiklund at gmail

May 11, 2021, 6:45 AM

Post #3 of 6 (1556 views)

Hi

What data plane are you using, MPLS or VXLAN?

Instance-type evpn is VLAN-Based Service. I.E one VLAN per EVPN instance,
is this what you want?
Configuring EVPN with VLAN-Based Service | EVPN User Guide | Juniper
Networks TechLibrary
<https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/task/evpn-routing-instance-vlan-based-configuring.html>

If you want to run multiple VLANs in one EVPN instance you can use
VLAN-Aware Service (instance-type virtual-switch or in default
virtual-switch) where each VLAN/VNI will have a unique RT.
Understanding VLAN-Aware Bundle and VLAN-Based Service for EVPN | EVPN User
Guide | Juniper Networks TechLibrary
<https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/concept/evpn-vlan-services-overview-qfx-series.html>

With that said from Junos 20.4R1 there's a new mac-vrf instance-type where
you can more clearly define the different services
instance-type mac-vrf
service-type vlan-aware / vlan-based / vlan-bundle
Microsoft Word - EVPN_VxLAN_MAC-VRF_NCE.docx (juniper.net)
<https://www.juniper.net/documentation/en_US/release-independent/nce/information-products/pathway-pages/nce/EVPN_VxLAN_MAC-VRF.pdf>

Not sure when MX/ACX will gain this feature though.

Regards
Roger

On Sat, May 8, 2021 at 12:12 AM Baldur Norddahl <baldur@gigabit.dk> wrote:

> Hello
>
> I found the answer to this one. On ACX5448 and ACX710 the routing-interface
> statement does absolutely nothing. Instead you need to use the undocumented
> l3-interface statement at the same place. On the MX204 platform the
> l3-interface statement does not exist. I will list the two configs below
> for those that might need to know.
>
> Compare mx204 config:
>
> baldur@formervangen-edge1# show routing-instances evpntest
> instance-type evpn;
> protocols {
> evpn {
> default-gateway advertise;
> }
> }
> vlan-id 20;
> routing-interface irb.20;
> interface xe-0/1/7.21;
> vrf-target target:60876:20;
>
> And acx710 / acx5448:
>
> baldur@formervangen-core4# show routing-instances evpntest
> instance-type evpn;
> protocols {
> evpn {
> default-gateway advertise;
> }
> }
> vlan-id 20;
> l3-interface irb.20;
> interface xe-0/0/0.20;
> vrf-target target:60876:20;
>
> Regards,
>
> Baldur
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: evpn trouble [ In reply to ]

baldur at gigabit

May 11, 2021, 11:49 AM

Post #4 of 6 (1553 views)

Hello Roger

Thank you for the comment. I will research mac-vrf which is new to me. We
are using MPLS and are migrating from VPLS. The ACX5448 / ACX710 do not
have virtual-switch support (but mac-vrf appears to be available). Aside
from mac-vrf my choices are evpn and evpn-vpws. Apparently subscriber
management, which we use, only supports evpn-vpws at this time.

This thread was about our server / vm hosting setup however. We only have
four server vlans and so I created one evpn instance per vlan.

Customer traffic is q-in-q. Not a problem for evpn-vpws but that has
limitations which may be a problem for me. I wish Juniper had made support
for more than just evpn-vpws as transport interface for "ps" interfaces. I
may be forced to stay with VPLS for the time being.

Thanks,

Baldur

Den tir. 11. maj 2021 kl. 15.45 skrev Roger Wiklund <roger.wiklund@gmail.com
>:

> Hi
>
> What data plane are you using, MPLS or VXLAN?
>
> Instance-type evpn is VLAN-Based Service. I.E one VLAN per EVPN instance,
> is this what you want?
> Configuring EVPN with VLAN-Based Service | EVPN User Guide | Juniper
> Networks TechLibrary
> <https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/task/evpn-routing-instance-vlan-based-configuring.html>
>
> If you want to run multiple VLANs in one EVPN instance you can use
> VLAN-Aware Service (instance-type virtual-switch or in default
> virtual-switch) where each VLAN/VNI will have a unique RT.
> Understanding VLAN-Aware Bundle and VLAN-Based Service for EVPN | EVPN
> User Guide | Juniper Networks TechLibrary
> <https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/concept/evpn-vlan-services-overview-qfx-series.html>
>
> With that said from Junos 20.4R1 there's a new mac-vrf instance-type where
> you can more clearly define the different services
> instance-type mac-vrf
> service-type vlan-aware / vlan-based / vlan-bundle
> Microsoft Word - EVPN_VxLAN_MAC-VRF_NCE.docx (juniper.net)
> <https://www.juniper.net/documentation/en_US/release-independent/nce/information-products/pathway-pages/nce/EVPN_VxLAN_MAC-VRF.pdf>
>
> Not sure when MX/ACX will gain this feature though.
>
> Regards
> Roger
>
>
>
> On Sat, May 8, 2021 at 12:12 AM Baldur Norddahl <baldur@gigabit.dk> wrote:
>
>> Hello
>>
>> I found the answer to this one. On ACX5448 and ACX710 the
>> routing-interface
>> statement does absolutely nothing. Instead you need to use the
>> undocumented
>> l3-interface statement at the same place. On the MX204 platform the
>> l3-interface statement does not exist. I will list the two configs below
>> for those that might need to know.
>>
>> Compare mx204 config:
>>
>> baldur@formervangen-edge1# show routing-instances evpntest
>> instance-type evpn;
>> protocols {
>> evpn {
>> default-gateway advertise;
>> }
>> }
>> vlan-id 20;
>> routing-interface irb.20;
>> interface xe-0/1/7.21;
>> vrf-target target:60876:20;
>>
>> And acx710 / acx5448:
>>
>> baldur@formervangen-core4# show routing-instances evpntest
>> instance-type evpn;
>> protocols {
>> evpn {
>> default-gateway advertise;
>> }
>> }
>> vlan-id 20;
>> l3-interface irb.20;
>> interface xe-0/0/0.20;
>> vrf-target target:60876:20;
>>
>> Regards,
>>
>> Baldur
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: evpn trouble [ In reply to ]

May 11, 2021, 12:06 PM

Post #5 of 6 (1553 views)

I connected 2 dc's using evpn-mpls using the virtual-switch instance type...
as I think Roger mentioned it allows for multiple vlans via one evpn

The limitation you mention with ACX-type boxes is another reason why the
MX204 is becoming more attractive of an option... well, I'm saying that not
really knowing all that the mx204 can/cannot support, but, thinking that
since it's MX, then I'll get more SP-like... MX feature parity

Yeah, I think the MX204 may cost more than ACX5448, but, anyway, not sure
how much more... forgot how much acx5448 is... I think mx204 is about 25k

-Aaron

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: evpn trouble [ In reply to ]

baldur at gigabit

May 11, 2021, 12:24 PM

Post #6 of 6 (1553 views)

We have two datacenter locations each with a mx204 and a pair of acx5448.
The mx204 is used for ip transit, peering and subscriber management. The
acx5448 is for connecting servers. Remember the mx204 does not have a lot
of ports.

We also have an outside plant currently with 26 locations, each with an
acx710 and a gpon switch from another vendor. This forms a 100G / 25G MPLS
backbone with multiple rings and other complex topology. We are currently
replacing older MPLS switches from another vendor with the acx710.

Juniper managed to bring down the price of both mx204 and acx710 to a level
where we could switch from using chinese equipment. I would not say it is
exactly cheap however :-). The acx710 box is significantly cheaper than
mx204 and I do not think we could afford this project without it.

Regards,

Baldur
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp