[j-nsp] EVPN

Chuck Anderson cra at WPI.EDU
Wed Jan 27 10:26:15 EST 2016 

On Thu, May 07, 2015 at 05:54:43PM -0400, Chuck Anderson wrote:
> On Thu, May 07, 2015 at 10:41:18PM +0200, Sebastian Wiesinger wrote:
> > * Chuck Anderson <cra at WPI.EDU> [2015-05-05 16:51]:
> > > On Fri, May 01, 2015 at 05:53:54PM -0400, Chuck Anderson wrote:
> > > > Is anyone doing EVPN in production yet?
> > > 
> > > I take it from the deafening silence that either no one is doing EVPN
> > > in production, or no one is willing to admit it.
> > > 
> > > Is anyone willing to share any experiences with EVPN, such as results
> > > from testing in the lab?  I'm spinning up my lab now.
> > 
> > Hi,
> > 
> > we don't have it live but looking into it. What surprised me was that
> > you cannot put EVPN irb routes directly into inet.0 at the moment,
> > only into an vrf.
> 
> Interesting.  I guess I could move my main network into a VRF.

So I finally got around to testing EVPN here.  I have a somewhat
eclectic environment, so ideally I would like to do EVPN in a
preexisting logical system, but this isn't supported yet.  As an
alternative, I can do the EVPN part in the main LSYS but I'm running
into some snags with the IRB interfaces.

Here is what I want to do.  The purpose is to backhaul a few
customers' traffic to the VRF that only lives in the logical system on
PE3/PE4 and provide default gateway redundancy without eating up 2
additional IP addresses and compute cycles using VRRP.

- 4 MX PE routers with Junos 14.2R3, 1 CE switch.

- CE1 multihomed single-active to PE1/PE2 which have no EVI IRBs.  CE1
  is using RTG uplink.  RTG primary link matches with the ESI active
  link.

- PE3/PE4 with EVI IRBs configured with the same IP/MAC, but no
  directly attached CEs.

- EVI IRBs assigned to a different LSYS/VRF.

Here are the problems I encountered:

1. IRBs won't go operationally up if there is no physical interface in
   the EVI.  There is no equivalent to the VPLS feature
   "connectivity-type irb".

2. Cheating #1 by putting a dummy LT interface in the EVI does allow
   the IRB to go up, but I can't ping the far end device from the IRB
   IP.  I tried with the IRB in the main instance and then in a
   virtual-router instance (both in the default logical system).

3. Assigning the IRBs to a different LSYS doesn't work either, because
   then the L3 Context field in the EVI doesn't get filled in.  I
   guess this means it just isn't a supported config.

4. Finally, I got something working by eschewing IRB and instead using
   LT interfaces (vlan-bridge on one side, vlan w/family inet on the
   other side) to connect the EVI with the other LSYS/VRF, but then
   you lose the nice shared virtual IP/ARP proxy ability of EVPN.

Did I miss anything?  Is it required that a local IRB and real
physical interface exist in every PE router participating in the EVPN
EVI?

More information about the juniper-nsp mailing list