[j-nsp] evpn irb default gateway
Baldur Norddahl
baldur at gigabit.dk
Wed May 12 18:33:31 EDT 2021
Hello
My evpn with irb on an acx5448 is going ok except for one very strange
problem. The router refuses to use the default route 0.0.0.0/0 when routing
traffic via the irb interface.
The router itself will ping just fine:
baldur at formervangen-core3> ping routing-instance internet 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=122 time=24.574 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=12.770 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 12.770/18.672/24.574/5.902 ms
baldur at formervangen-core3> show route table internet.inet.0 8.8.8.8
internet.inet.0: 16 destinations, 46 routes (16 active, 0 holddown, 0
hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[BGP/170] 00:11:57, localpref 100, from 10.0.0.248
AS path: I, validation-state: unverified
> to 10.99.0.18 via xe-0/0/0.0, Push 17, Push 1228(top)
[BGP/170] 1w2d 20:16:40, localpref 100, from 10.0.0.249
AS path: I, validation-state: unverified
> to 10.99.0.18 via xe-0/0/0.0, Push 17, Push 1228(top)
[BGP/170] 1w2d 20:30:50, localpref 100, from 10.0.0.249
AS path: I, validation-state: unverified
> to 10.99.0.18 via xe-0/0/0.0, Push 21, Push 1223(top)
[BGP/170] 00:11:46, localpref 100, from 10.0.0.248
AS path: I, validation-state: unverified
> to 10.99.0.18 via xe-0/0/0.0, Push 21, Push 1223(top)
But done from a host connected to the evpn nothing happens:
root at lab2:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2029ms
However I made a dummy 128.0.0.0/1 route and now I can ping half of the
internet?
root at lab2:~# ping 185.107.12.60
PING 185.107.12.60 (185.107.12.60) 56(84) bytes of data.
64 bytes from 185.107.12.60: icmp_seq=1 ttl=61 time=0.902 ms
64 bytes from 185.107.12.60: icmp_seq=2 ttl=61 time=0.860 ms
64 bytes from 185.107.12.60: icmp_seq=3 ttl=61 time=0.898 ms
^C
--- 185.107.12.60 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.860/0.886/0.902/0.018 ms
This 128.0.0.0/1 route looks just the same as the 0.0.0.0/0 route:
baldur at formervangen-core3> show route table internet.inet.0 128.0.0.0/1
exact
internet.inet.0: 16 destinations, 46 routes (16 active, 0 holddown, 0
hidden)
+ = Active Route, - = Last Active, * = Both
128.0.0.0/1 *[BGP/170] 00:15:12, localpref 100, from 10.0.0.248
AS path: I, validation-state: unverified
> to 10.99.0.18 via xe-0/0/0.0, Push 17, Push 1228(top)
The irb interface is simple:
baldur at formervangen-core3> show configuration interfaces irb.15
virtual-gateway-accept-data;
family inet {
address 185.24.168.180/26 {
virtual-gateway-address 185.24.168.129;
}
}
family inet6 {
address 2a00:7660:0:24::1044/64 {
virtual-gateway-address 2a00:7660:0:24::1;
}
}
root at lab2:~# ip route
default via 185.24.168.129 dev v15
185.24.168.128/26 dev v15 proto kernel scope link src 185.24.168.181
root at lab2:~# ip neigh show 185.24.168.129
185.24.168.129 dev v15 lladdr 00:00:5e:00:01:01 REACHABLE
I noticed that the host can access everything that formervangen-core3 has
in the routing table except for 0.0.0.0/0. This includes the 128.0.0.0/1
static reject route I created on one of the route reflectors.
The rest of the configuration:
baldur at formervangen-core3> show configuration routing-instances server15
instance-type evpn;
protocols {
evpn {
default-gateway no-gateway-community;
}
}
vlan-id 15;
l3-interface irb.15;
interface xe-0/0/10.15;
vrf-target target:60876:15;
baldur at formervangen-core3> show configuration routing-instances internet
instance-type vrf;
routing-options {
auto-export;
}
interface irb.15;
interface lo0.1;
vrf-target target:60876:0;
inactive: vrf-table-label;
Thanks,
Baldur
More information about the juniper-nsp
mailing list