[j-nsp] EVPN all-active toward large layer 2?

Krzysztof Szarkowicz kszarkowicz at gmail.com
Thu Apr 18 02:24:34 EDT 2019 

Hi Rob,

RFC 7432, Section 8.5:

   If a bridged network is multihomed to more than one PE in an EVPN
   network via switches, then the support of All-Active redundancy mode
   requires the bridged network to be connected to two or more PEs using
   a LAG.


So, have you MC-LAG (facing EVPN PEs) configured on your switches?

Thanks,
Krzysztof


> On 2019-Apr-18, at 07:43, Rob Foehl <rwf at loonybin.net> wrote:
> 
> I've been experimenting with EVPN all-active multihoming toward some large legacy layer 2 domains, and running into some fairly bizarre behavior...
> 
> First and foremost, is a topology like this even a valid use case?
> 
> EVPN PE <-> switch <-> switch <-> EVPN PE
> 
> ...where both switches are STP root bridges and have a pile of VLANs and other switches behind them.  All of the documentation seems to hint at LACP toward a single CE device being the expected config here -- is that accurate?  If so, are there any options to make the above work?
> 
> If I turn up EVPN virtual-switch routing instances on both PEs as above with config on both roughly equivalent to the following:
> 
> interfaces {
>    xe-0/1/2 {
>        flexible-vlan-tagging;
>        encapsulation flexible-ethernet-services;
>        esi {
>            00:11:11:11:11:11:11:11:11:11;
>            all-active;
>        }
>        unit 12 {
>            encapsulation vlan-bridge;
>            vlan-id 12;
>        }
>    }
> }
> routing-instances {
>    test {
>        instance-type virtual-switch;
>        vrf-target target:65000:1;
>        protocols {
>            evpn {
>                extended-vlan-list 12;
>            }
>        }
>        bridge-domains {
>            test-vlan12 {
>                vlan-id 12;
>                interface xe-0/1/2.12;
>            }
>        }
>    }
> }
> 
> Everything works fine for a few minutes -- exact time varies -- then what appears to be thousands of packets of unknown unicast traffic starts flowing between the PEs, and doesn't stop until one or the other is disabled.  Same behavior on this particular segment with or without any remote PEs connected.
> 
> Both PEs are MX204s running 18.1R3-S4, automatic route distinguishers, full mesh RSVP LSPs between, direct BGP with family evpn allowed, no LDP.
> 
> I'm going to try a few more tests with single-active and enabling MAC accounting to try to nail down what this traffic actually is, but figure I'd better first ask whether I'm nuts for trying this at all...
> 
> -Rob
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list