[j-nsp] EVPN on QFX5200
Vincent Bernat
bernat at luffy.cx
Fri Sep 20 02:25:22 EDT 2019
❦ 20 septembre 2019 11:55 +12, Liam Farr <liam at maxumdata.com>:
> I'm running VXLAN with ingress-node-replication in prod, can you
> explain what you mean by havoc?
When using EVPN, prefer using "set protocols evpn multicast-mode
ingress-replication". Using "set vlans XXX vxlan
ingress-node-replication" will send replicated packets to all VTEP,
including the ones not advertising the Type 3 route. See
<https://www.juniper.net/documentation/en_US/junos/topics/example/evpn-vxlan-collapsed-topology.html>:
> Retains the QFX10000 switch’s default setting of disabled for ingress
> node replication for EVPN-VXLAN. With this feature disabled, if a
> QFX10000 switch that functions as a VTEP receives a BUM packet
> intended, for example, for a physical server in a VLAN with the VNI of
> 1001, the VTEP replicates and sends the packet only to VTEPs on which
> the VNI of 1001 is configured. If this feature is enabled, the VTEP
> replicates and sends this packet to all VTEPs in its database,
> including those that do not have VNI 1001 configured. To prevent a
> VTEP from needlessly flooding BUM traffic throughout an EVPN-VXLAN
> overlay network, we strongly recommend that if not already disabled,
> you disable ingress node replication on each of the leaf devices by
> specifying the delete vlans vlan-name vxlan ingress-node-replication
> command.
In turn, this may exhaust the resources of the Broadcom
chipset (Trident2 or Trident2+) if you have a lot of VLANs and/or a lot
of VTEPs.
--
Talkers are no good doers.
-- William Shakespeare, "Henry VI"
More information about the juniper-nsp
mailing list