[j-nsp] EVPN all-active toward large layer 2?
Rob Foehl
rwf at loonybin.net
Thu Apr 18 01:43:05 EDT 2019
I've been experimenting with EVPN all-active multihoming toward some large
legacy layer 2 domains, and running into some fairly bizarre behavior...
First and foremost, is a topology like this even a valid use case?
EVPN PE <-> switch <-> switch <-> EVPN PE
...where both switches are STP root bridges and have a pile of VLANs and
other switches behind them. All of the documentation seems to hint at
LACP toward a single CE device being the expected config here -- is that
accurate? If so, are there any options to make the above work?
If I turn up EVPN virtual-switch routing instances on both PEs as above
with config on both roughly equivalent to the following:
interfaces {
xe-0/1/2 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
esi {
00:11:11:11:11:11:11:11:11:11;
all-active;
}
unit 12 {
encapsulation vlan-bridge;
vlan-id 12;
}
}
}
routing-instances {
test {
instance-type virtual-switch;
vrf-target target:65000:1;
protocols {
evpn {
extended-vlan-list 12;
}
}
bridge-domains {
test-vlan12 {
vlan-id 12;
interface xe-0/1/2.12;
}
}
}
}
Everything works fine for a few minutes -- exact time varies -- then what
appears to be thousands of packets of unknown unicast traffic starts
flowing between the PEs, and doesn't stop until one or the other is
disabled. Same behavior on this particular segment with or without any
remote PEs connected.
Both PEs are MX204s running 18.1R3-S4, automatic route distinguishers,
full mesh RSVP LSPs between, direct BGP with family evpn allowed, no LDP.
I'm going to try a few more tests with single-active and enabling MAC
accounting to try to nail down what this traffic actually is, but figure
I'd better first ask whether I'm nuts for trying this at all...
-Rob
More information about the juniper-nsp
mailing list