[j-nsp] EVPN

Matt Bernstein mb+jnsp at bernstein.org.uk
Mon Aug 10 16:14:26 EDT 2015 

On 08/08/2015 22:01, Chuck Anderson wrote:
> On Wed, May 06, 2015 at 12:13:41PM +0100, Matt Bernstein via juniper-nsp wrote:
>>
>> I'm looking at a 10Gb/s L2 DCI over the Internet. EVPN (I think
>> MPLSoGRE pseudowires), then over IPsec, using active/active MX240
>> routers in each location. Looks elegant on paper, although if our
>> PoC turns up any gremlins we can fall back to boring (but obviously
>> less elegant) VPLSoGREoIPsec.

> Do you have any news to report on your EVPN deployment?  Did you have
> to fall back to VPLS?

I hope to have news in the next few days; we're still working on the 
multi-homing-CE and resilience elements. We are largely basing our 
config on the Day One guide, but with the added encryption layer. I'm 
pretty confident we can stick with EVPN, but at one end we've got the 
PEs being in different campus buildings and so the same ESI is hitting 
different CE switches.

It's a bit fiddly with so much in inet.0; we took the encryption layer 
and stuffed it in its own msmic.inet.0 table, which seems to help 
protocols higher up the stack find the lo0 addresses they are expecting.

I can report latency is lower than I had feared: 4ms 1000-byte pings 
from my campus PC to a host on a VLAN over EVPN/MPLSoGREoIPsec:

	[mb at hogwash ~]$ ping  -s 1000 172.24.31.4 -i 0.2 -c 100 -q
	PING 172.24.31.4 (172.24.31.4) 1000(1028) bytes of data.

	--- 172.24.31.4 ping statistics ---
	100 packets transmitted, 100 received, 0% packet loss, time 19849ms
	rtt min/avg/max/mdev = 3.758/4.016/6.218/0.328 ms

The local end of that VLAN is 2ms away (four short-distance L3 hops, the 
last of which being the campus SRX firewall)

	[mb at hogwash ~]$ ping  -s 1000 172.24.31.1 -i 0.2 -c 100 -q
	PING 172.24.31.1 (172.24.31.1) 1000(1028) bytes of data.

	--- 172.24.31.1 ping statistics ---
	100 packets transmitted, 100 received, 0% packet loss, time 19835ms
	rtt min/avg/max/mdev = 1.769/2.041/3.824/0.259 ms

Throughput was tested with an Ixia in a 3rd-party lab: we broke 3Gb/s 
for IMIX and nudged 9Gb/s for a single stream of large frames.

Hope that's of some use for now. Plenty more testing to do. Will get 
back when we're looking to go into production.

Cheers,

Matt

More information about the juniper-nsp mailing list