[j-nsp] irb output filters with EVPN
Bob
sideshowbob at xs4all.nl
Thu Feb 25 04:07:19 EST 2016
Hello,
Consider the following evpn topology:
PE3
|
CE1 — PE1 — (ae2) -- PE2 — CE2
CE1 = 10.0.0.2/24
CE2 = 10.0.0.3/24
PE1 and PE2 both have a evpn routing-instance
configured.
Both have the same ip-adress configured
on the irb (default gw) and same mac-address.
Traffic towards CE2 flows via PE3 -> PE1 -> PE2 -> CE2
PE1 has a evpn route towards CE2:
PE1#
10.0.0.3/32 *[EVPN/7] 1d 23:14:48
> to 10.10.10.2 via ae2.0, Push 301472
The prefix for CE2 on PE2:
PE2#
10.0.0.3/32 *[EVPN/7] 1d 23:14:50
> via irb.100
The IRB interface on PE2 has a output filter
set interfaces irb unit 100 family inet filter output COUNT-AND-ACCEPT
filter COUNT-AND-ACCEPT
term count-and-accept
then count COUNT-AND-ACCEPT
then accept
The filter is not matching packets, it seems that packets
entering via an EVPN route from PE1, bypass the IRB output filter
on PE2 (no filter lookup)
All evpn routes reside in inet.0, no separate l3-vpn vrf.
Any insight is appreciated.
Thanks,
Bob
More information about the juniper-nsp
mailing list