[j-nsp] MX VRRP on VXLAN enviroment

[Nathan Ward]

Hi,

> On 20/07/2021, at 12:23 AM, Cristian Cardoso via juniper-nsp <juniper-nsp at puck.nether.net> wrote:
> 
> I have a scenario here where I use EVPN-VXLAN with qfx5120 switches
> and until then I was using the gateways on the switches, but as the
> switch does not have the possibility to use any kind of firewall on
> the irb interfaces, I had the idea to migrate the networks to two
> routers MX80.
> But I caught a problem with these routers, when using VRRP over VXLAN.
> I configured the two MX80 routers with VRRP in IPv4 and IPv6,
> sometimes IPv4 dies and the virtual IP stops responding, generating
> timeout in network accesses.
> Apparently it seems that the mac address of the virtual IP and the
> table of mac's of the VXLAN are lost, causing the problem.
> Does anyone happen to have a scenario like this and faced this problem?

I’m not sure exactly what is causing your problem, though there are certainly a lot of curly edge cases in EVPN where this sort of thing can happen.
Do you have a specific need to run VRRP?

One of the benefits of EVPN is “virtual-gateway-address” which advertises the gateway address from all IRBs with that configured - and they are all “active” rather than VRRP’s active/standby.
If you don’t have a need for VRRP specifically, this might be a better solution for you.

Incidentally, by default it uses the VRRP group 1 MAC, but it is not running VRRP at all. You can configure it to use a different MAC, if required (i.e. if you have other devices on that broadcast domain running VRRP group 1 perhaps).

--
Nathan Ward