[j-nsp] EVPN on QFX5200

Andrey Kostin ankost at podolsk.ru
Fri Sep 20 11:47:50 EDT 2019 

Hi Vincent,

Thank you for elaborating on this, I had the same question when read 
your reply.
It may be not an issue for a small deployment but definitely should be 
considered in terms of BCP.

Could you advise about various external connectivity options for 
EVPN-VXLAN fabric? Let's say there are two spines that centrally route 
VXLAN vnis and some leaves. Spines are CEs from core MPLS network 
perspective. I understand that EVPN can be extended to the PE router and 
L3-gateways run on them, but probably not right now. What is a proper 
way to connect spines to PE router or pair of PE routers? I'm looking 
into running EBGP from each spine to [each] PE router over routed P2P 
interface. Are there possible flaws in this topology? Is direct 
connection needed between spines in this case?

Kins regards,
Andrey


Vincent Bernat писал 2019-09-20 02:25:
> ❦ 20 septembre 2019 11:55 +12, Liam Farr <liam at maxumdata.com>:
> 
>> I'm running VXLAN with ingress-node-replication in prod, can you
>> explain what you mean by havoc?
> 
> When using EVPN, prefer using "set protocols evpn multicast-mode
> ingress-replication". Using "set vlans XXX vxlan
> ingress-node-replication" will send replicated packets to all VTEP,
> including the ones not advertising the Type 3 route. See
> <https://www.juniper.net/documentation/en_US/junos/topics/example/evpn-vxlan-collapsed-topology.html>:
> 
>> Retains the QFX10000 switch’s default setting of disabled for ingress
>> node replication for EVPN-VXLAN. With this feature disabled, if a
>> QFX10000 switch that functions as a VTEP receives a BUM packet
>> intended, for example, for a physical server in a VLAN with the VNI of
>> 1001, the VTEP replicates and sends the packet only to VTEPs on which
>> the VNI of 1001 is configured. If this feature is enabled, the VTEP
>> replicates and sends this packet to all VTEPs in its database,
>> including those that do not have VNI 1001 configured. To prevent a
>> VTEP from needlessly flooding BUM traffic throughout an EVPN-VXLAN
>> overlay network, we strongly recommend that if not already disabled,
>> you disable ingress node replication on each of the leaf devices by
>> specifying the delete vlans vlan-name vxlan ingress-node-replication
>> command.
> 
> In turn, this may exhaust the resources of the Broadcom
> chipset (Trident2 or Trident2+) if you have a lot of VLANs and/or a lot
> of VTEPs.

More information about the juniper-nsp mailing list