[j-nsp] evpn irb default gateway

Baldur Norddahl baldur at gigabit.dk
Wed May 12 19:34:35 EDT 2021 

When I add this to the configuration the acx5448 irb will route traffic:

set routing-instances internet routing-options static route 0.0.0.0/1
next-hop 128.0.0.0 resolve no-readvertise

However this does not work:

set routing-instances internet routing-options static route 0.0.0.0/0
next-hop 128.0.0.0 resolve no-readvertise

I can apparently have a working system by splitting my 0.0.0.0/0 into two
halves 0.0.0.0/1 and 128.0.0.0/1. Not very satisfying. There has to be an
explanation and fix?

Regards,

Baldur



Den tor. 13. maj 2021 kl. 00.33 skrev Baldur Norddahl <baldur at gigabit.dk>:

> Hello
>
> My evpn with irb on an acx5448 is going ok except for one very strange
> problem. The router refuses to use the default route 0.0.0.0/0 when
> routing traffic via the irb interface.
>
> The router itself will ping just fine:
>
> baldur at formervangen-core3> ping routing-instance internet 8.8.8.8
> PING 8.8.8.8 (8.8.8.8): 56 data bytes
> 64 bytes from 8.8.8.8: icmp_seq=0 ttl=122 time=24.574 ms
> 64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=12.770 ms
> ^C
> --- 8.8.8.8 ping statistics ---
> 2 packets transmitted, 2 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 12.770/18.672/24.574/5.902 ms
>
> baldur at formervangen-core3> show route table internet.inet.0 8.8.8.8
>
> internet.inet.0: 16 destinations, 46 routes (16 active, 0 holddown, 0
> hidden)
> + = Active Route, - = Last Active, * = Both
>
> 0.0.0.0/0          *[BGP/170] 00:11:57, localpref 100, from 10.0.0.248
>                       AS path: I, validation-state: unverified
>                     >  to 10.99.0.18 via xe-0/0/0.0, Push 17, Push
> 1228(top)
>                     [BGP/170] 1w2d 20:16:40, localpref 100, from 10.0.0.249
>                       AS path: I, validation-state: unverified
>                     >  to 10.99.0.18 via xe-0/0/0.0, Push 17, Push
> 1228(top)
>                     [BGP/170] 1w2d 20:30:50, localpref 100, from 10.0.0.249
>                       AS path: I, validation-state: unverified
>                     >  to 10.99.0.18 via xe-0/0/0.0, Push 21, Push
> 1223(top)
>                     [BGP/170] 00:11:46, localpref 100, from 10.0.0.248
>                       AS path: I, validation-state: unverified
>                     >  to 10.99.0.18 via xe-0/0/0.0, Push 21, Push
> 1223(top)
>
> But done from a host connected to the evpn nothing happens:
>
> root at lab2:~# ping 8.8.8.8
> PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
> ^C
> --- 8.8.8.8 ping statistics ---
> 3 packets transmitted, 0 received, 100% packet loss, time 2029ms
>
> However I made a dummy 128.0.0.0/1 route and now I can ping half of the
> internet?
>
> root at lab2:~# ping 185.107.12.60
> PING 185.107.12.60 (185.107.12.60) 56(84) bytes of data.
> 64 bytes from 185.107.12.60: icmp_seq=1 ttl=61 time=0.902 ms
> 64 bytes from 185.107.12.60: icmp_seq=2 ttl=61 time=0.860 ms
> 64 bytes from 185.107.12.60: icmp_seq=3 ttl=61 time=0.898 ms
> ^C
> --- 185.107.12.60 ping statistics ---
> 3 packets transmitted, 3 received, 0% packet loss, time 2003ms
> rtt min/avg/max/mdev = 0.860/0.886/0.902/0.018 ms
>
> This 128.0.0.0/1 route looks just the same as the 0.0.0.0/0 route:
>
> baldur at formervangen-core3> show route table internet.inet.0 128.0.0.0/1
> exact
>
> internet.inet.0: 16 destinations, 46 routes (16 active, 0 holddown, 0
> hidden)
> + = Active Route, - = Last Active, * = Both
>
> 128.0.0.0/1        *[BGP/170] 00:15:12, localpref 100, from 10.0.0.248
>                       AS path: I, validation-state: unverified
>                     >  to 10.99.0.18 via xe-0/0/0.0, Push 17, Push
> 1228(top)
>
> The irb interface is simple:
>
> baldur at formervangen-core3> show configuration interfaces irb.15
> virtual-gateway-accept-data;
> family inet {
>     address 185.24.168.180/26 {
>         virtual-gateway-address 185.24.168.129;
>     }
> }
> family inet6 {
>     address 2a00:7660:0:24::1044/64 {
>         virtual-gateway-address 2a00:7660:0:24::1;
>     }
> }
>
> root at lab2:~# ip route
> default via 185.24.168.129 dev v15
> 185.24.168.128/26 dev v15 proto kernel scope link src 185.24.168.181
> root at lab2:~# ip neigh show 185.24.168.129
> 185.24.168.129 dev v15 lladdr 00:00:5e:00:01:01 REACHABLE
>
> I noticed that the host can access everything that formervangen-core3 has
> in the routing table except for 0.0.0.0/0. This includes the 128.0.0.0/1
> static reject route I created on one of the route reflectors.
>
> The rest of the configuration:
>
> baldur at formervangen-core3> show configuration routing-instances server15
> instance-type evpn;
> protocols {
>     evpn {
>         default-gateway no-gateway-community;
>     }
> }
> vlan-id 15;
> l3-interface irb.15;
> interface xe-0/0/10.15;
> vrf-target target:60876:15;
>
> baldur at formervangen-core3> show configuration routing-instances internet
> instance-type vrf;
> routing-options {
>     auto-export;
> }
> interface irb.15;
> interface lo0.1;
> vrf-target target:60876:0;
> inactive: vrf-table-label;
>
> Thanks,
>
> Baldur
>
>
>

More information about the juniper-nsp mailing list