Mailing List Archive

Here is my config :

Switch1 :
---------
```
set version 22.2R3-S1.9
set system host-name sw1
set system services ssh
set system syslog file interactive-commands interactive-commands any
set system syslog file messages any notice
set system syslog file messages authorization info
set interfaces xe-0/0/0 unit 0 family inet6
set interfaces xe-0/0/47 flexible-vlan-tagging
set interfaces xe-0/0/47 native-vlan-id 2110
set interfaces xe-0/0/47 encapsulation extended-vlan-bridge
set interfaces xe-0/0/47 unit 2110 vlan-id 2110
set interfaces xe-0/0/47 unit 2111 vlan-id 2111
set interfaces em0 unit 0 family inet6 address 2001:db8:ffff:ffff:ffff:ffff:69:1/112
set interfaces lo0 unit 0 family inet6 address 2001:db8:ffff::69:1/128
set forwarding-options storm-control-profiles default all
set forwarding-options evpn-vxlan shared-tunnels
set policy-options policy-statement send-direct term 1 from protocol direct
set policy-options policy-statement send-direct term 1 from interface lo0.0
set policy-options policy-statement send-direct term 1 then accept
set routing-instances Cust1 instance-type mac-vrf
set routing-instances Cust1 protocols evpn encapsulation vxlan
set routing-instances Cust1 vtep-source-interface lo0.0
set routing-instances Cust1 vtep-source-interface inet6
set routing-instances Cust1 service-type vlan-aware
set routing-instances Cust1 route-distinguisher 4200069001L:1
set routing-instances Cust1 vrf-target target:63001:1
set routing-instances Cust1 vlans V2110 interface xe-0/0/47.2110
set routing-instances Cust1 vlans V2110 vxlan vni 472110
set routing-instances Cust1 vlans V2111 interface xe-0/0/47.2111
set routing-instances Cust1 vlans V2111 vxlan vni 472111
set routing-options router-id 10.255.69.1
set routing-options autonomous-system 4200069001
set protocols bgp group underlay type external
set protocols bgp group underlay family inet6 unicast
set protocols bgp group underlay export send-direct
set protocols bgp group underlay neighbor fe80::e65d:37ff:fec2:cb03 local-interface xe-0/0/0.0
set protocols bgp group underlay neighbor fe80::e65d:37ff:fec2:cb03 peer-as 4200069002
set protocols bgp group evpn_overlay type external
set protocols bgp group evpn_overlay multihop no-nexthop-change
set protocols bgp group evpn_overlay local-address 2001:db8:ffff::69:1
set protocols bgp group evpn_overlay family evpn signaling
set protocols bgp group evpn_overlay neighbor 2001:db8:ffff::69:2 accept-remote-nexthop
set protocols bgp group evpn_overlay neighbor 2001:db8:ffff::69:2 peer-as 4200069002
set protocols bgp bfd-liveness-detection minimum-interval 1000
set vlans default vlan-id 1
```

Switch2 :
---------
```
set version 22.2R3-S1.9
set system host-name sw2
set system services ssh
set system syslog file interactive-commands interactive-commands any
set system syslog file messages any notice
set system syslog file messages authorization info
set interfaces xe-0/0/0 unit 0 family inet6
set interfaces xe-0/0/47 flexible-vlan-tagging
set interfaces xe-0/0/47 native-vlan-id 2110
set interfaces xe-0/0/47 encapsulation extended-vlan-bridge
set interfaces xe-0/0/47 unit 2110 vlan-id 2110
set interfaces xe-0/0/47 unit 2111 vlan-id 2111
set interfaces em0 unit 0 family inet6 address 2001:db8:ffff:ffff:ffff:ffff:69:2/112
set interfaces lo0 unit 0 family inet6 address 2001:db8:ffff::69:2/128
set forwarding-options storm-control-profiles default all
set forwarding-options evpn-vxlan shared-tunnels
set policy-options policy-statement send-direct term 1 from protocol direct
set policy-options policy-statement send-direct term 1 from interface lo0.0
set policy-options policy-statement send-direct term 1 then accept
set routing-instances Cust1 instance-type mac-vrf
set routing-instances Cust1 protocols evpn encapsulation vxlan
set routing-instances Cust1 vtep-source-interface lo0.0
set routing-instances Cust1 vtep-source-interface inet6
set routing-instances Cust1 service-type vlan-aware
set routing-instances Cust1 route-distinguisher 4200069002L:1
set routing-instances Cust1 vrf-target target:63001:1
set routing-instances Cust1 vlans V2110 interface xe-0/0/47.2110
set routing-instances Cust1 vlans V2110 vxlan vni 472110
set routing-instances Cust1 vlans V2111 interface xe-0/0/47.2111
set routing-instances Cust1 vlans V2111 vxlan vni 472111
set routing-options router-id 10.255.69.2
set routing-options autonomous-system 4200069002
set protocols bgp group underlay type external
set protocols bgp group underlay family inet6 unicast
set protocols bgp group underlay export send-direct
set protocols bgp group underlay neighbor fe80::b68a:5fff:fee1:7c03 local-interface xe-0/0/0.0
set protocols bgp group underlay neighbor fe80::b68a:5fff:fee1:7c03 peer-as 4200069001
set protocols bgp group evpn_overlay type external
set protocols bgp group evpn_overlay multihop no-nexthop-change
set protocols bgp group evpn_overlay local-address 2001:db8:ffff::69:2
set protocols bgp group evpn_overlay family evpn signaling
set protocols bgp group evpn_overlay neighbor 2001:db8:ffff::69:1 accept-remote-nexthop
set protocols bgp group evpn_overlay neighbor 2001:db8:ffff::69:1 peer-as 4200069001
set protocols bgp bfd-liveness-detection minimum-interval 1000
set vlans default vlan-id 1
```

# run show bgp summary

Threading mode: BGP I/O
Default eBGP mode: advertise - accept, receive - accept
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet6.0
1 1 0 0 0 0
bgp.evpn.0
2 2 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
2001:db8:ffff::69:1 4200069001 58 62 0 0 24:15 Establ
bgp.evpn.0: 2/2/2/0
Cust1.evpn.0: 2/2/2/0
__default_evpn__.evpn.0: 0/0/0/0
fe80::b68a:5fff:fee1:7c03%xe-0/0/0.0 4200069001 83 82 0 0 35:33 Establ
inet6.0: 1/1/1/0

# run show route table Cust1.evpn.0

Cust1.evpn.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2:4200069002L:1::472110::3c:ec:ef:af:4a:24/304 MAC/IP
*[EVPN/170] 00:00:21
Indirect
2:4200069002L:1::472110::3c:ec:ef:af:4a:24::192.168.88.2/304 MAC/IP
*[EVPN/170] 00:00:21
Indirect
3:4200069001L:1::472110::2001:db8:ffff::69:1/248 IM
*[BGP/170] 00:24:30, localpref 100, from 2001:db8:ffff::69:1
AS path: 4200069001 I, validation-state: unverified
> to fe80::b68a:5fff:fee1:7c03 via xe-0/0/0.0
3:4200069001L:1::472111::2001:db8:ffff::69:1/248 IM
*[BGP/170] 00:24:30, localpref 100, from 2001:db8:ffff::69:1
AS path: 4200069001 I, validation-state: unverified
> to fe80::b68a:5fff:fee1:7c03 via xe-0/0/0.0
3:4200069002L:1::472110::2001:db8:ffff::69:2/248 IM
*[EVPN/170] 00:29:32
Indirect
3:4200069002L:1::472111::2001:db8:ffff::69:2/248 IM
*[EVPN/170] 00:29:32
Indirect


`192.168.88.2` is one of the client device.

Regards,

>
> From: juniper-nsp <juniper-nsp-bounces@puck.nether.net> on behalf of Denis Fondras via juniper-nsp <juniper-nsp@puck.nether.net>
> Date: Saturday, 25 November 2023 at 14:27
> To: juniper-nsp@puck.nether.net <juniper-nsp@puck.nether.net>
> Subject: [j-nsp] QFX5110 / EVPN-VXLAN with IPv6 underlay
> Hello,
>
> I am trying to make work EVPN-VXLAN with an IPv6 (eBGP) underlay between a
> couple of QFX5110 with JunOS version 22.2R3 (following
> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/topic-map/vxlan-ipv6-underlay-overview.html)
> When I check the status, it seems everything is working as expected (I can see
> routes and MACs in to the VRF table on both side). But I cannot ping from one
> client device on side A to another one on side B.
> The routing table shows the MAC and IPv4 are learned on both side but it seems
> no traffic reaches the client devices (arp table on client device shows the
> remote device is "incomplete").
>
> Can you give a clue ? I haven't found any information on wether it could work on
> QFX5110.
> Maybe you could share a working config ?
>
> Thank you in advance,
> Denis
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Dennis,

On Sat, 25 Nov 2023 at 15:26, Denis Fondras via juniper-nsp
<juniper-nsp@puck.nether.net> wrote:
> Can you give a clue ? I haven't found any information on wether it could work on
> QFX5110.

Looking at the two pages below.
1. The QFX5120 (assuming this also applies to the QFX5120-32C model)
*only* supports the default-switch forwarding instance.
2. And IPv6 underlays seem to be *exactly not* supported for the
default-switch forwarding instance.

If I take this from what it reads. It looks like you cannot archive
what you are trying atm.

Try asking JTAC to confirm this?

From:
https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/concept/mac-vrf-routing-instance-overview.html#xd_4081e20476f017c2--1e138ae7-1795628658a--7dbc__subsection_mac-vrf-service-types
"""
EX4400, QFX5100, QFX5110, QFX5120, QFX5200, QFX5130-32CD, and QFX5700
switches, and PTX10001-36MR, PTX10004, PTX10008, PTX10016 routers
These devices support only one forwarding instance (default-switch). (...)
"""

From:
https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/topic-map/vxlan-ipv6-underlay-overview.html
"""
(QFX Series switches) You must use MAC-VRF routing instances with EVPN
protocol and VXLAN encapsulation. We don't support IPv6 underlays with
other instance types such as evpn, evpn-vpws, virtual-switch or the
default switching instance.
"""
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Hello,

Thank you very much everyone for the help.

It seems that `netraven` nailed it.
I missed the part where QFX5110 could not support multiple forwarding instances.

I will have to go back to the legacy protocol then :/
Replacing IPv6 addresses with IPv4 addresses, keeping the same config, worked on
first try.

Thank you again !
Denis


Le Mon, Nov 27, 2023 at 10:52:52AM +0100, netravnen+nsplist@gmail.com a ?crit :
> Dennis,
>
> On Sat, 25 Nov 2023 at 15:26, Denis Fondras via juniper-nsp
> <juniper-nsp@puck.nether.net> wrote:
> > Can you give a clue ? I haven't found any information on wether it could work on
> > QFX5110.
>
> Looking at the two pages below.
> 1. The QFX5120 (assuming this also applies to the QFX5120-32C model)
> *only* supports the default-switch forwarding instance.
> 2. And IPv6 underlays seem to be *exactly not* supported for the
> default-switch forwarding instance.
>
> If I take this from what it reads. It looks like you cannot archive
> what you are trying atm.
>
> Try asking JTAC to confirm this?
>
> From:
> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/concept/mac-vrf-routing-instance-overview.html#xd_4081e20476f017c2--1e138ae7-1795628658a--7dbc__subsection_mac-vrf-service-types
> """
> EX4400, QFX5100, QFX5110, QFX5120, QFX5200, QFX5130-32CD, and QFX5700
> switches, and PTX10001-36MR, PTX10004, PTX10008, PTX10016 routers
> These devices support only one forwarding instance (default-switch). (...)
> """
>
> From:
> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/topic-map/vxlan-ipv6-underlay-overview.html
> """
> (QFX Series switches) You must use MAC-VRF routing instances with EVPN
> protocol and VXLAN encapsulation. We don't support IPv6 underlays with
> other instance types such as evpn, evpn-vpws, virtual-switch or the
> default switching instance.
> """
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Hey

You're interpreting the default switch limitation incorrectly.

It doesn't mean the QFX5120 can't support MAC-VRFs, it means even if you
implement MAC-VRFs you still only have a single switch domain and can't
have overlapping VLANs in the different MAC-VRFs. (MX does not have this
limitation. It supports 32k VLANs)

IPv6 underlay is supported on QFX5120 in MAC-VRF from Junos 21.2R2:
Explore Features by Product | Juniper Networks Pathfinder Feature Explorer
<https://apps.juniper.net/feature-explorer/select-platform.html?typ=1&category=Switching&pid=31705120&platform=QFX5120-48Y&swName=Junos%20OS&rel=23.2R1&sid=1277&swtab=Junos%20OS>

You can configure an EVPN-VXLAN fabric with an IPv6 underlay. You can use
this feature only with MAC-VRF routing instances (all service types). You
must configure either an IPv4 or an IPv6 underlay across the EVPN instances
in the fabric; you can’t mix IPv4 and IPv6 underlays in the same fabric.
To enable this feature, include these steps when you configure the EVPN
underlay:
• Configure the underlay VXLAN tunnel endpoint (VTEP) source interface as
an IPv6 address:
• Even though the underlay uses the IPv6 address family, for BGP
handshaking to work in the underlay, you must configure the router ID in
the routing instance with an IPv4 address:
• Enable the Broadcom VXLAN flexible flow feature, release where the
feature is not enabled by default:
We support the following EVPN-VXLAN features with an IPv6 underlay:
• EVPN Type 1, Type 2, Type 3, Type 4, and Type 5 routes(excluding EX9200
for type 5).
• Shared VTEP tunnels (required with MAC-VRF instances).
• All-active multihoming, including Ethernet segment ID (ESI)
auto-generation and preferencebased DF (DF) election.
• EVPN core isolation.
• Bridged overlays.
• Layer 3 gateway functions in ERB and CRB overlays with IPv4 or IPv6
traffic.
• Underlay and overlay load balancing.
• Layer 3 protocols over IRB interfaces—BFD, BGP, OSPF.
• Data center interconnect (DCI)—over-the-top (OTT) full mesh only.
• EVPN proxy ARP and ARP suppression, and proxy NDP and NDP suppression.

Regards
Roger

On Mon, Nov 27, 2023 at 11:31?AM Denis Fondras via juniper-nsp <
juniper-nsp@puck.nether.net> wrote:

> Hello,
>
> Thank you very much everyone for the help.
>
> It seems that `netraven` nailed it.
> I missed the part where QFX5110 could not support multiple forwarding
> instances.
>
> I will have to go back to the legacy protocol then :/
> Replacing IPv6 addresses with IPv4 addresses, keeping the same config,
> worked on
> first try.
>
> Thank you again !
> Denis
>
>
> Le Mon, Nov 27, 2023 at 10:52:52AM +0100, netravnen+nsplist@gmail.com a
> écrit :
> > Dennis,
> >
> > On Sat, 25 Nov 2023 at 15:26, Denis Fondras via juniper-nsp
> > <juniper-nsp@puck.nether.net> wrote:
> > > Can you give a clue ? I haven't found any information on wether it
> could work on
> > > QFX5110.
> >
> > Looking at the two pages below.
> > 1. The QFX5120 (assuming this also applies to the QFX5120-32C model)
> > *only* supports the default-switch forwarding instance.
> > 2. And IPv6 underlays seem to be *exactly not* supported for the
> > default-switch forwarding instance.
> >
> > If I take this from what it reads. It looks like you cannot archive
> > what you are trying atm.
> >
> > Try asking JTAC to confirm this?
> >
> > From:
> >
> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/concept/mac-vrf-routing-instance-overview.html#xd_4081e20476f017c2--1e138ae7-1795628658a--7dbc__subsection_mac-vrf-service-types
> > """
> > EX4400, QFX5100, QFX5110, QFX5120, QFX5200, QFX5130-32CD, and QFX5700
> > switches, and PTX10001-36MR, PTX10004, PTX10008, PTX10016 routers
> > These devices support only one forwarding instance (default-switch).
> (...)
> > """
> >
> > From:
> >
> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/topic-map/vxlan-ipv6-underlay-overview.html
> > """
> > (QFX Series switches) You must use MAC-VRF routing instances with EVPN
> > protocol and VXLAN encapsulation. We don't support IPv6 underlays with
> > other instance types such as evpn, evpn-vpws, virtual-switch or the
> > default switching instance.
> > """
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

For the QFX5110 specifically, MAC-VRF is supported:
https://apps.juniper.net/feature-explorer/feature-info.html?fKey=9788&fn=MAC+VRF+with+EVPN-VXLAN

But IPv6 underlay is not:
https://apps.juniper.net/feature-explorer/feature-info.html?fKey=11165&fn=EVPN-VXLAN+fabric+with+an+IPv6+underlay

So maybe it's an ASIC limitation as QFX5110 is using Trident 2+ and
QFX5120/EX4400 is using Trident 3.

Regards
Roger



On Tue, Nov 28, 2023 at 3:48?PM Roger Wiklund <roger.wiklund@gmail.com>
wrote:

> Hey
>
> You're interpreting the default switch limitation incorrectly.
>
> It doesn't mean the QFX5120 can't support MAC-VRFs, it means even if you
> implement MAC-VRFs you still only have a single switch domain and can't
> have overlapping VLANs in the different MAC-VRFs. (MX does not have this
> limitation. It supports 32k VLANs)
>
> IPv6 underlay is supported on QFX5120 in MAC-VRF from Junos 21.2R2:
> Explore Features by Product | Juniper Networks Pathfinder Feature Explorer
> <https://apps.juniper.net/feature-explorer/select-platform.html?typ=1&category=Switching&pid=31705120&platform=QFX5120-48Y&swName=Junos%20OS&rel=23.2R1&sid=1277&swtab=Junos%20OS>
>
> You can configure an EVPN-VXLAN fabric with an IPv6 underlay. You can use
> this feature only with MAC-VRF routing instances (all service types). You
> must configure either an IPv4 or an IPv6 underlay across the EVPN instances
> in the fabric; you can’t mix IPv4 and IPv6 underlays in the same fabric.
> To enable this feature, include these steps when you configure the EVPN
> underlay:
> • Configure the underlay VXLAN tunnel endpoint (VTEP) source interface as
> an IPv6 address:
> • Even though the underlay uses the IPv6 address family, for BGP
> handshaking to work in the underlay, you must configure the router ID in
> the routing instance with an IPv4 address:
> • Enable the Broadcom VXLAN flexible flow feature, release where the
> feature is not enabled by default:
> We support the following EVPN-VXLAN features with an IPv6 underlay:
> • EVPN Type 1, Type 2, Type 3, Type 4, and Type 5 routes(excluding EX9200
> for type 5).
> • Shared VTEP tunnels (required with MAC-VRF instances).
> • All-active multihoming, including Ethernet segment ID (ESI)
> auto-generation and preferencebased DF (DF) election.
> • EVPN core isolation.
> • Bridged overlays.
> • Layer 3 gateway functions in ERB and CRB overlays with IPv4 or IPv6
> traffic.
> • Underlay and overlay load balancing.
> • Layer 3 protocols over IRB interfaces—BFD, BGP, OSPF.
> • Data center interconnect (DCI)—over-the-top (OTT) full mesh only.
> • EVPN proxy ARP and ARP suppression, and proxy NDP and NDP suppression.
>
> Regards
> Roger
>
> On Mon, Nov 27, 2023 at 11:31?AM Denis Fondras via juniper-nsp <
> juniper-nsp@puck.nether.net> wrote:
>
>> Hello,
>>
>> Thank you very much everyone for the help.
>>
>> It seems that `netraven` nailed it.
>> I missed the part where QFX5110 could not support multiple forwarding
>> instances.
>>
>> I will have to go back to the legacy protocol then :/
>> Replacing IPv6 addresses with IPv4 addresses, keeping the same config,
>> worked on
>> first try.
>>
>> Thank you again !
>> Denis
>>
>>
>> Le Mon, Nov 27, 2023 at 10:52:52AM +0100, netravnen+nsplist@gmail.com a
>> écrit :
>> > Dennis,
>> >
>> > On Sat, 25 Nov 2023 at 15:26, Denis Fondras via juniper-nsp
>> > <juniper-nsp@puck.nether.net> wrote:
>> > > Can you give a clue ? I haven't found any information on wether it
>> could work on
>> > > QFX5110.
>> >
>> > Looking at the two pages below.
>> > 1. The QFX5120 (assuming this also applies to the QFX5120-32C model)
>> > *only* supports the default-switch forwarding instance.
>> > 2. And IPv6 underlays seem to be *exactly not* supported for the
>> > default-switch forwarding instance.
>> >
>> > If I take this from what it reads. It looks like you cannot archive
>> > what you are trying atm.
>> >
>> > Try asking JTAC to confirm this?
>> >
>> > From:
>> >
>> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/concept/mac-vrf-routing-instance-overview.html#xd_4081e20476f017c2--1e138ae7-1795628658a--7dbc__subsection_mac-vrf-service-types
>> > """
>> > EX4400, QFX5100, QFX5110, QFX5120, QFX5200, QFX5130-32CD, and QFX5700
>> > switches, and PTX10001-36MR, PTX10004, PTX10008, PTX10016 routers
>> > These devices support only one forwarding instance (default-switch).
>> (...)
>> > """
>> >
>> > From:
>> >
>> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/topic-map/vxlan-ipv6-underlay-overview.html
>> > """
>> > (QFX Series switches) You must use MAC-VRF routing instances with EVPN
>> > protocol and VXLAN encapsulation. We don't support IPv6 underlays with
>> > other instance types such as evpn, evpn-vpws, virtual-switch or the
>> > default switching instance.
>> > """
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Also might be worth mentioning that the Router-ID - although it might look like one and you would usually use one you already have on your loopback - is technically not an IP(v4)-Address.


See: https://www.juniper.net/documentation/us/en/software/junos/static-routing/topics/ref/statement/router-id-edit-routing-options.html

Even if you run only OSPF3 or IPv6 BGP peering in a routing instance, a 32-bit router-id must be configured in the instance. This is because IPv6 routing protocols use the router-id for handshaking. The router ID must be configured as a 4 octet (32 bit) unsigned non-zero integer value.
It's often convenient to use an IPv4 address as the router ID. However, a valid IPv4 address is not required. The RID does not have to be a routable IPv4 address. You can configure any 32-bit value that is unique within the routing domain. If you do not configure the router-id in an IPv6 OSPF or BGP routing instance the IPv6 protocols will use an invalid value for the router ID (0.0.0.0) and the adjacency and connections will fail

CHS



> Am 28.11.2023 um 16:14 schrieb Roger Wiklund via juniper-nsp <juniper-nsp@puck.nether.net>:
>
> ?For the QFX5110 specifically, MAC-VRF is supported:
> https://apps.juniper.net/feature-explorer/feature-info.html?fKey=9788&fn=MAC+VRF+with+EVPN-VXLAN
>
> But IPv6 underlay is not:
> https://apps.juniper.net/feature-explorer/feature-info.html?fKey=11165&fn=EVPN-VXLAN+fabric+with+an+IPv6+underlay
>
> So maybe it's an ASIC limitation as QFX5110 is using Trident 2+ and
> QFX5120/EX4400 is using Trident 3.
>
> Regards
> Roger
>
>
>
>> On Tue, Nov 28, 2023 at 3:48?PM Roger Wiklund <roger.wiklund@gmail.com>
>> wrote:
>>
>> Hey
>>
>> You're interpreting the default switch limitation incorrectly.
>>
>> It doesn't mean the QFX5120 can't support MAC-VRFs, it means even if you
>> implement MAC-VRFs you still only have a single switch domain and can't
>> have overlapping VLANs in the different MAC-VRFs. (MX does not have this
>> limitation. It supports 32k VLANs)
>>
>> IPv6 underlay is supported on QFX5120 in MAC-VRF from Junos 21.2R2:
>> Explore Features by Product | Juniper Networks Pathfinder Feature Explorer
>> <https://apps.juniper.net/feature-explorer/select-platform.html?typ=1&category=Switching&pid=31705120&platform=QFX5120-48Y&swName=Junos%20OS&rel=23.2R1&sid=1277&swtab=Junos%20OS>
>>
>> You can configure an EVPN-VXLAN fabric with an IPv6 underlay. You can use
>> this feature only with MAC-VRF routing instances (all service types). You
>> must configure either an IPv4 or an IPv6 underlay across the EVPN instances
>> in the fabric; you can’t mix IPv4 and IPv6 underlays in the same fabric.
>> To enable this feature, include these steps when you configure the EVPN
>> underlay:
>> • Configure the underlay VXLAN tunnel endpoint (VTEP) source interface as
>> an IPv6 address:
>> • Even though the underlay uses the IPv6 address family, for BGP
>> handshaking to work in the underlay, you must configure the router ID in
>> the routing instance with an IPv4 address:
>> • Enable the Broadcom VXLAN flexible flow feature, release where the
>> feature is not enabled by default:
>> We support the following EVPN-VXLAN features with an IPv6 underlay:
>> • EVPN Type 1, Type 2, Type 3, Type 4, and Type 5 routes(excluding EX9200
>> for type 5).
>> • Shared VTEP tunnels (required with MAC-VRF instances).
>> • All-active multihoming, including Ethernet segment ID (ESI)
>> auto-generation and preferencebased DF (DF) election.
>> • EVPN core isolation.
>> • Bridged overlays.
>> • Layer 3 gateway functions in ERB and CRB overlays with IPv4 or IPv6
>> traffic.
>> • Underlay and overlay load balancing.
>> • Layer 3 protocols over IRB interfaces—BFD, BGP, OSPF.
>> • Data center interconnect (DCI)—over-the-top (OTT) full mesh only.
>> • EVPN proxy ARP and ARP suppression, and proxy NDP and NDP suppression.
>>
>> Regards
>> Roger
>>
>> On Mon, Nov 27, 2023 at 11:31?AM Denis Fondras via juniper-nsp <
>> juniper-nsp@puck.nether.net> wrote:
>>
>>> Hello,
>>>
>>> Thank you very much everyone for the help.
>>>
>>> It seems that `netraven` nailed it.
>>> I missed the part where QFX5110 could not support multiple forwarding
>>> instances.
>>>
>>> I will have to go back to the legacy protocol then :/
>>> Replacing IPv6 addresses with IPv4 addresses, keeping the same config,
>>> worked on
>>> first try.
>>>
>>> Thank you again !
>>> Denis
>>>
>>>
>>> Le Mon, Nov 27, 2023 at 10:52:52AM +0100, netravnen+nsplist@gmail.com a
>>> écrit :
>>>> Dennis,
>>>>
>>>> On Sat, 25 Nov 2023 at 15:26, Denis Fondras via juniper-nsp
>>>> <juniper-nsp@puck.nether.net> wrote:
>>>>> Can you give a clue ? I haven't found any information on wether it
>>> could work on
>>>>> QFX5110.
>>>>
>>>> Looking at the two pages below.
>>>> 1. The QFX5120 (assuming this also applies to the QFX5120-32C model)
>>>> *only* supports the default-switch forwarding instance.
>>>> 2. And IPv6 underlays seem to be *exactly not* supported for the
>>>> default-switch forwarding instance.
>>>>
>>>> If I take this from what it reads. It looks like you cannot archive
>>>> what you are trying atm.
>>>>
>>>> Try asking JTAC to confirm this?
>>>>
>>>> From:
>>>>
>>> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/concept/mac-vrf-routing-instance-overview.html#xd_4081e20476f017c2--1e138ae7-1795628658a--7dbc__subsection_mac-vrf-service-types
>>>> """
>>>> EX4400, QFX5100, QFX5110, QFX5120, QFX5200, QFX5130-32CD, and QFX5700
>>>> switches, and PTX10001-36MR, PTX10004, PTX10008, PTX10016 routers
>>>> These devices support only one forwarding instance (default-switch).
>>> (...)
>>>> """
>>>>
>>>> From:
>>>>
>>> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/topic-map/vxlan-ipv6-underlay-overview.html
>>>> """
>>>> (QFX Series switches) You must use MAC-VRF routing instances with EVPN
>>>> protocol and VXLAN encapsulation. We don't support IPv6 underlays with
>>>> other instance types such as evpn, evpn-vpws, virtual-switch or the
>>>> default switching instance.
>>>> """
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

…which is probably why you can configure it as “0” and Junos expands it to “0.0.0.0”

Aaron

> On Nov 28, 2023, at 10:07 AM, Christian Scholz via juniper-nsp <juniper-nsp@puck.nether.net> wrote:
>
> ?Also might be worth mentioning that the Router-ID - although it might look like one and you would usually use one you already have on your loopback - is technically not an IP(v4)-Address.
>
>
> See: https://www.juniper.net/documentation/us/en/software/junos/static-routing/topics/ref/statement/router-id-edit-routing-options.html
>
> Even if you run only OSPF3 or IPv6 BGP peering in a routing instance, a 32-bit router-id must be configured in the instance. This is because IPv6 routing protocols use the router-id for handshaking. The router ID must be configured as a 4 octet (32 bit) unsigned non-zero integer value.
> It's often convenient to use an IPv4 address as the router ID. However, a valid IPv4 address is not required. The RID does not have to be a routable IPv4 address. You can configure any 32-bit value that is unique within the routing domain. If you do not configure the router-id in an IPv6 OSPF or BGP routing instance the IPv6 protocols will use an invalid value for the router ID (0.0.0.0) and the adjacency and connections will fail
>
> CHS
>
>
>
>> Am 28.11.2023 um 16:14 schrieb Roger Wiklund via juniper-nsp <juniper-nsp@puck.nether.net>:
>>
>> ?For the QFX5110 specifically, MAC-VRF is supported:
>> https://apps.juniper.net/feature-explorer/feature-info.html?fKey=9788&fn=MAC+VRF+with+EVPN-VXLAN
>>
>> But IPv6 underlay is not:
>> https://apps.juniper.net/feature-explorer/feature-info.html?fKey=11165&fn=EVPN-VXLAN+fabric+with+an+IPv6+underlay
>>
>> So maybe it's an ASIC limitation as QFX5110 is using Trident 2+ and
>> QFX5120/EX4400 is using Trident 3.
>>
>> Regards
>> Roger
>>
>>
>>
>>> On Tue, Nov 28, 2023 at 3:48?PM Roger Wiklund <roger.wiklund@gmail.com>
>>> wrote:
>>>
>>> Hey
>>>
>>> You're interpreting the default switch limitation incorrectly.
>>>
>>> It doesn't mean the QFX5120 can't support MAC-VRFs, it means even if you
>>> implement MAC-VRFs you still only have a single switch domain and can't
>>> have overlapping VLANs in the different MAC-VRFs. (MX does not have this
>>> limitation. It supports 32k VLANs)
>>>
>>> IPv6 underlay is supported on QFX5120 in MAC-VRF from Junos 21.2R2:
>>> Explore Features by Product | Juniper Networks Pathfinder Feature Explorer
>>> <https://apps.juniper.net/feature-explorer/select-platform.html?typ=1&category=Switching&pid=31705120&platform=QFX5120-48Y&swName=Junos%20OS&rel=23.2R1&sid=1277&swtab=Junos%20OS>
>>>
>>> You can configure an EVPN-VXLAN fabric with an IPv6 underlay. You can use
>>> this feature only with MAC-VRF routing instances (all service types). You
>>> must configure either an IPv4 or an IPv6 underlay across the EVPN instances
>>> in the fabric; you can’t mix IPv4 and IPv6 underlays in the same fabric.
>>> To enable this feature, include these steps when you configure the EVPN
>>> underlay:
>>> • Configure the underlay VXLAN tunnel endpoint (VTEP) source interface as
>>> an IPv6 address:
>>> • Even though the underlay uses the IPv6 address family, for BGP
>>> handshaking to work in the underlay, you must configure the router ID in
>>> the routing instance with an IPv4 address:
>>> • Enable the Broadcom VXLAN flexible flow feature, release where the
>>> feature is not enabled by default:
>>> We support the following EVPN-VXLAN features with an IPv6 underlay:
>>> • EVPN Type 1, Type 2, Type 3, Type 4, and Type 5 routes(excluding EX9200
>>> for type 5).
>>> • Shared VTEP tunnels (required with MAC-VRF instances).
>>> • All-active multihoming, including Ethernet segment ID (ESI)
>>> auto-generation and preferencebased DF (DF) election.
>>> • EVPN core isolation.
>>> • Bridged overlays.
>>> • Layer 3 gateway functions in ERB and CRB overlays with IPv4 or IPv6
>>> traffic.
>>> • Underlay and overlay load balancing.
>>> • Layer 3 protocols over IRB interfaces—BFD, BGP, OSPF.
>>> • Data center interconnect (DCI)—over-the-top (OTT) full mesh only.
>>> • EVPN proxy ARP and ARP suppression, and proxy NDP and NDP suppression.
>>>
>>> Regards
>>> Roger
>>>
>>> On Mon, Nov 27, 2023 at 11:31?AM Denis Fondras via juniper-nsp <
>>> juniper-nsp@puck.nether.net> wrote:
>>>
>>>> Hello,
>>>>
>>>> Thank you very much everyone for the help.
>>>>
>>>> It seems that `netraven` nailed it.
>>>> I missed the part where QFX5110 could not support multiple forwarding
>>>> instances.
>>>>
>>>> I will have to go back to the legacy protocol then :/
>>>> Replacing IPv6 addresses with IPv4 addresses, keeping the same config,
>>>> worked on
>>>> first try.
>>>>
>>>> Thank you again !
>>>> Denis
>>>>
>>>>
>>>> Le Mon, Nov 27, 2023 at 10:52:52AM +0100, netravnen+nsplist@gmail.com a
>>>> écrit :
>>>>> Dennis,
>>>>>
>>>>> On Sat, 25 Nov 2023 at 15:26, Denis Fondras via juniper-nsp
>>>>> <juniper-nsp@puck.nether.net> wrote:
>>>>>> Can you give a clue ? I haven't found any information on wether it
>>>> could work on
>>>>>> QFX5110.
>>>>>
>>>>> Looking at the two pages below.
>>>>> 1. The QFX5120 (assuming this also applies to the QFX5120-32C model)
>>>>> *only* supports the default-switch forwarding instance.
>>>>> 2. And IPv6 underlays seem to be *exactly not* supported for the
>>>>> default-switch forwarding instance.
>>>>>
>>>>> If I take this from what it reads. It looks like you cannot archive
>>>>> what you are trying atm.
>>>>>
>>>>> Try asking JTAC to confirm this?
>>>>>
>>>>> From:
>>>>>
>>>> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/concept/mac-vrf-routing-instance-overview.html#xd_4081e20476f017c2--1e138ae7-1795628658a--7dbc__subsection_mac-vrf-service-types
>>>>> """
>>>>> EX4400, QFX5100, QFX5110, QFX5120, QFX5200, QFX5130-32CD, and QFX5700
>>>>> switches, and PTX10001-36MR, PTX10004, PTX10008, PTX10016 routers
>>>>> These devices support only one forwarding instance (default-switch).
>>>> (...)
>>>>> """
>>>>>
>>>>> From:
>>>>>
>>>> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/topic-map/vxlan-ipv6-underlay-overview.html
>>>>> """
>>>>> (QFX Series switches) You must use MAC-VRF routing instances with EVPN
>>>>> protocol and VXLAN encapsulation. We don't support IPv6 underlays with
>>>>> other instance types such as evpn, evpn-vpws, virtual-switch or the
>>>>> default switching instance.
>>>>> """
>>>> _______________________________________________
>>>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>
>>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp