Mailing List Archive

evpn irb default gateway
Hello

My evpn with irb on an acx5448 is going ok except for one very strange
problem. The router refuses to use the default route 0.0.0.0/0 when routing
traffic via the irb interface.

The router itself will ping just fine:

baldur@formervangen-core3> ping routing-instance internet 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=122 time=24.574 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=12.770 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 12.770/18.672/24.574/5.902 ms

baldur@formervangen-core3> show route table internet.inet.0 8.8.8.8

internet.inet.0: 16 destinations, 46 routes (16 active, 0 holddown, 0
hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[BGP/170] 00:11:57, localpref 100, from 10.0.0.248
AS path: I, validation-state: unverified
> to 10.99.0.18 via xe-0/0/0.0, Push 17, Push 1228(top)
[BGP/170] 1w2d 20:16:40, localpref 100, from 10.0.0.249
AS path: I, validation-state: unverified
> to 10.99.0.18 via xe-0/0/0.0, Push 17, Push 1228(top)
[BGP/170] 1w2d 20:30:50, localpref 100, from 10.0.0.249
AS path: I, validation-state: unverified
> to 10.99.0.18 via xe-0/0/0.0, Push 21, Push 1223(top)
[BGP/170] 00:11:46, localpref 100, from 10.0.0.248
AS path: I, validation-state: unverified
> to 10.99.0.18 via xe-0/0/0.0, Push 21, Push 1223(top)

But done from a host connected to the evpn nothing happens:

root@lab2:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2029ms

However I made a dummy 128.0.0.0/1 route and now I can ping half of the
internet?

root@lab2:~# ping 185.107.12.60
PING 185.107.12.60 (185.107.12.60) 56(84) bytes of data.
64 bytes from 185.107.12.60: icmp_seq=1 ttl=61 time=0.902 ms
64 bytes from 185.107.12.60: icmp_seq=2 ttl=61 time=0.860 ms
64 bytes from 185.107.12.60: icmp_seq=3 ttl=61 time=0.898 ms
^C
--- 185.107.12.60 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.860/0.886/0.902/0.018 ms

This 128.0.0.0/1 route looks just the same as the 0.0.0.0/0 route:

baldur@formervangen-core3> show route table internet.inet.0 128.0.0.0/1
exact

internet.inet.0: 16 destinations, 46 routes (16 active, 0 holddown, 0
hidden)
+ = Active Route, - = Last Active, * = Both

128.0.0.0/1 *[BGP/170] 00:15:12, localpref 100, from 10.0.0.248
AS path: I, validation-state: unverified
> to 10.99.0.18 via xe-0/0/0.0, Push 17, Push 1228(top)

The irb interface is simple:

baldur@formervangen-core3> show configuration interfaces irb.15
virtual-gateway-accept-data;
family inet {
address 185.24.168.180/26 {
virtual-gateway-address 185.24.168.129;
}
}
family inet6 {
address 2a00:7660:0:24::1044/64 {
virtual-gateway-address 2a00:7660:0:24::1;
}
}

root@lab2:~# ip route
default via 185.24.168.129 dev v15
185.24.168.128/26 dev v15 proto kernel scope link src 185.24.168.181
root@lab2:~# ip neigh show 185.24.168.129
185.24.168.129 dev v15 lladdr 00:00:5e:00:01:01 REACHABLE

I noticed that the host can access everything that formervangen-core3 has
in the routing table except for 0.0.0.0/0. This includes the 128.0.0.0/1
static reject route I created on one of the route reflectors.

The rest of the configuration:

baldur@formervangen-core3> show configuration routing-instances server15
instance-type evpn;
protocols {
evpn {
default-gateway no-gateway-community;
}
}
vlan-id 15;
l3-interface irb.15;
interface xe-0/0/10.15;
vrf-target target:60876:15;

baldur@formervangen-core3> show configuration routing-instances internet
instance-type vrf;
routing-options {
auto-export;
}
interface irb.15;
interface lo0.1;
vrf-target target:60876:0;
inactive: vrf-table-label;

Thanks,

Baldur
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: evpn irb default gateway [ In reply to ]
When I add this to the configuration the acx5448 irb will route traffic:

set routing-instances internet routing-options static route 0.0.0.0/1
next-hop 128.0.0.0 resolve no-readvertise

However this does not work:

set routing-instances internet routing-options static route 0.0.0.0/0
next-hop 128.0.0.0 resolve no-readvertise

I can apparently have a working system by splitting my 0.0.0.0/0 into two
halves 0.0.0.0/1 and 128.0.0.0/1. Not very satisfying. There has to be an
explanation and fix?

Regards,

Baldur



Den tor. 13. maj 2021 kl. 00.33 skrev Baldur Norddahl <baldur@gigabit.dk>:

> Hello
>
> My evpn with irb on an acx5448 is going ok except for one very strange
> problem. The router refuses to use the default route 0.0.0.0/0 when
> routing traffic via the irb interface.
>
> The router itself will ping just fine:
>
> baldur@formervangen-core3> ping routing-instance internet 8.8.8.8
> PING 8.8.8.8 (8.8.8.8): 56 data bytes
> 64 bytes from 8.8.8.8: icmp_seq=0 ttl=122 time=24.574 ms
> 64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=12.770 ms
> ^C
> --- 8.8.8.8 ping statistics ---
> 2 packets transmitted, 2 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 12.770/18.672/24.574/5.902 ms
>
> baldur@formervangen-core3> show route table internet.inet.0 8.8.8.8
>
> internet.inet.0: 16 destinations, 46 routes (16 active, 0 holddown, 0
> hidden)
> + = Active Route, - = Last Active, * = Both
>
> 0.0.0.0/0 *[BGP/170] 00:11:57, localpref 100, from 10.0.0.248
> AS path: I, validation-state: unverified
> > to 10.99.0.18 via xe-0/0/0.0, Push 17, Push
> 1228(top)
> [BGP/170] 1w2d 20:16:40, localpref 100, from 10.0.0.249
> AS path: I, validation-state: unverified
> > to 10.99.0.18 via xe-0/0/0.0, Push 17, Push
> 1228(top)
> [BGP/170] 1w2d 20:30:50, localpref 100, from 10.0.0.249
> AS path: I, validation-state: unverified
> > to 10.99.0.18 via xe-0/0/0.0, Push 21, Push
> 1223(top)
> [BGP/170] 00:11:46, localpref 100, from 10.0.0.248
> AS path: I, validation-state: unverified
> > to 10.99.0.18 via xe-0/0/0.0, Push 21, Push
> 1223(top)
>
> But done from a host connected to the evpn nothing happens:
>
> root@lab2:~# ping 8.8.8.8
> PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
> ^C
> --- 8.8.8.8 ping statistics ---
> 3 packets transmitted, 0 received, 100% packet loss, time 2029ms
>
> However I made a dummy 128.0.0.0/1 route and now I can ping half of the
> internet?
>
> root@lab2:~# ping 185.107.12.60
> PING 185.107.12.60 (185.107.12.60) 56(84) bytes of data.
> 64 bytes from 185.107.12.60: icmp_seq=1 ttl=61 time=0.902 ms
> 64 bytes from 185.107.12.60: icmp_seq=2 ttl=61 time=0.860 ms
> 64 bytes from 185.107.12.60: icmp_seq=3 ttl=61 time=0.898 ms
> ^C
> --- 185.107.12.60 ping statistics ---
> 3 packets transmitted, 3 received, 0% packet loss, time 2003ms
> rtt min/avg/max/mdev = 0.860/0.886/0.902/0.018 ms
>
> This 128.0.0.0/1 route looks just the same as the 0.0.0.0/0 route:
>
> baldur@formervangen-core3> show route table internet.inet.0 128.0.0.0/1
> exact
>
> internet.inet.0: 16 destinations, 46 routes (16 active, 0 holddown, 0
> hidden)
> + = Active Route, - = Last Active, * = Both
>
> 128.0.0.0/1 *[BGP/170] 00:15:12, localpref 100, from 10.0.0.248
> AS path: I, validation-state: unverified
> > to 10.99.0.18 via xe-0/0/0.0, Push 17, Push
> 1228(top)
>
> The irb interface is simple:
>
> baldur@formervangen-core3> show configuration interfaces irb.15
> virtual-gateway-accept-data;
> family inet {
> address 185.24.168.180/26 {
> virtual-gateway-address 185.24.168.129;
> }
> }
> family inet6 {
> address 2a00:7660:0:24::1044/64 {
> virtual-gateway-address 2a00:7660:0:24::1;
> }
> }
>
> root@lab2:~# ip route
> default via 185.24.168.129 dev v15
> 185.24.168.128/26 dev v15 proto kernel scope link src 185.24.168.181
> root@lab2:~# ip neigh show 185.24.168.129
> 185.24.168.129 dev v15 lladdr 00:00:5e:00:01:01 REACHABLE
>
> I noticed that the host can access everything that formervangen-core3 has
> in the routing table except for 0.0.0.0/0. This includes the 128.0.0.0/1
> static reject route I created on one of the route reflectors.
>
> The rest of the configuration:
>
> baldur@formervangen-core3> show configuration routing-instances server15
> instance-type evpn;
> protocols {
> evpn {
> default-gateway no-gateway-community;
> }
> }
> vlan-id 15;
> l3-interface irb.15;
> interface xe-0/0/10.15;
> vrf-target target:60876:15;
>
> baldur@formervangen-core3> show configuration routing-instances internet
> instance-type vrf;
> routing-options {
> auto-export;
> }
> interface irb.15;
> interface lo0.1;
> vrf-target target:60876:0;
> inactive: vrf-table-label;
>
> Thanks,
>
> Baldur
>
>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: evpn irb default gateway [ In reply to ]
Hi Baldur,

There is PR1551063 for this case listed in the Release Notes, please
check.

Kind regards,

Andrey

Baldur Norddahl ????? 2021-05-12 19:34:
> When I add this to the configuration the acx5448 irb will route
> traffic:
>
> set routing-instances internet routing-options static route 0.0.0.0/1
> next-hop 128.0.0.0 resolve no-readvertise
>
> However this does not work:
>
> set routing-instances internet routing-options static route 0.0.0.0/0
> next-hop 128.0.0.0 resolve no-readvertise
>

>>
>> Thanks,
>>
>> Baldur
>>
>>
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp