[j-nsp] Collapse spine EVPN type 5 routes issue
niklas rehnberg
niklas.rehnberg at gmail.com
Thu Dec 15 03:59:38 EST 2022
Hi all,
I think following command is the best way to only get loop 2 for EVPN
routes, eBGP routes will still have loop 1 as control.
set protocols bgp group OVERLAY-EVPN family evpn signaling loops 2
Regards Niklas
Den fre 18 nov. 2022 kl 12:38 skrev Roger Wiklund <roger.wiklund at gmail.com>:
> Hi Niklas
>
> We always use unique ASNs per device in the VRFs.
> Loop 2 should work fine, as-override also as previously mentioned.
>
> There's also a few knobs for RT5 you can play with:
>
> root at qfx5120-48y-02# set routing-instances test protocols evpn
> ip-prefix-routes route-attributes ?
> Possible completions:
> + apply-groups Groups from which to inherit configuration data
> + apply-groups-except Don't inherit configuration data from these groups
> > as-path AS-PATH Attribute
> > community Community Attribute
> > preference Preference Attribute
>
> Regards
> Roger
>
> On Tue, Nov 15, 2022 at 2:53 PM Saku Ytti via juniper-nsp <
> juniper-nsp at puck.nether.net> wrote:
>
>> I would still consider as-override, or at least I would figure out the
>> reason why it is not a good solution.
>>
>> On Tue, 15 Nov 2022 at 15:40, niklas rehnberg via juniper-nsp
>> <juniper-nsp at puck.nether.net> wrote:
>> >
>> > Hi,
>> > Thanks for the quick reply, I hope following very simple picture may
>> help
>> >
>> > Clients Clients
>> >
>> > | |
>> > | EVPN/VXLAN |
>> > | Overlay AS 6555 |
>> > spine1 --- type 5--- spine2
>> > vrf WAN AS X | | vrf WAN AS X
>> > eBGP | | eBGP
>> > | |
>> > PE AS Y PE AS Y
>> > | |
>> >
>> > ----Core Network---
>> >
>> > route example when loop occur
>> > show route hidden table bgp.evpn extensive
>> >
>> > bgp.evpn.0: 156 destinations, 156 routes (153 active, 0 holddown, 3
>> hidden)
>> > 5:10.254.0.2:100::0::5.0.0.0::16/248 (1 entry, 0 announced)
>> > BGP /-101
>> > Route Distinguisher: 10.254.0.2:100
>> > Next hop type: Indirect, Next hop index: 0
>> > Address: 0x55a1fd2d2cdc
>> > Next-hop reference count: 108, key opaque handle: (nil),
>> > non-key opaque handle: (nil)
>> > Source: 10.254.0.2
>> > Protocol next hop: 10.254.0.2
>> > Indirect next hop: 0x2 no-forward INH Session ID: 0
>> > State: <Hidden Int Ext Changed>
>> > Peer AS: 65555
>> > Age: 1:14 Metric2: 0
>> > Validation State: unverified
>> > Task: BGP_65555_65555.10.254.0.2
>> > AS path: 65263 xxx I (Looped: 65263)
>> > Communities: target:10:100 encapsulation:vxlan(0x8)
>> > router-mac:34:11:8e:16:52:b2
>> > Import
>> > Route Label: 99100
>> > Overlay gateway address: 0.0.0.0
>> > ESI 00:00:00:00:00:00:00:00:00:00
>> > Localpref: 100
>> > Router ID: 10.254.0.2
>> > Hidden reason: AS path loop
>> > Secondary Tables: WAN.evpn.0
>> > Thread: junos-main
>> > Indirect next hops: 1
>> > Protocol next hop: 10.254.0.2
>> > Indirect next hop: 0x2 no-forward INH Session
>> ID: 0
>> > Indirect path forwarding next hops: 2
>> > Next hop type: Router
>> > Next hop: 10.0.0.1 via et-0/0/46.1000
>> > Session Id: 0
>> > Next hop: 10.0.0.11 via et-0/0/45.1000
>> > Session Id: 0
>> > 10.254.0.2/32 Originating RIB: inet.0
>> > Node path count: 1
>> > Forwarding nexthops: 2
>> > Next hop type: Router
>> > Next hop: 10.0.0.1 via
>> > et-0/0/46.1000
>> > Session Id: 0
>> > Next hop: 10.0.0.11 via
>> > et-0/0/45.1000
>> > Session Id: 0
>> >
>> >
>> > // Niklas
>> >
>> >
>> >
>> >
>> > Den tis 15 nov. 2022 kl 13:58 skrev Saku Ytti <saku at ytti.fi>:
>> >
>> > > Hey Niklas,
>> > >
>> > > My apologies, I do not understand your topology or what you are trying
>> > > to do, and would need a lot more context.
>> > >
>> > > In my ignorance I would still ask, have you considered 'as-override' -
>> > >
>> > >
>> https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/ref/statement/as-override-edit-protocols-bgp.html
>> > > this is somewhat common in another use-case, which may or may not be
>> > > near to yours. Say you want to connect arbitrarily many CE routers to
>> > > MPLS VPN cloud with BGP, but you don't want to get unique ASNs to
>> > > them, you'd use a single ASN on every CE and use 'as-override' on the
>> > > core side.
>> > >
>> > > Another point I'd like to make, not all implementations even verify AS
>> > > loops in iBGP, for example Cisco does not, while Juniper does. This
>> > > implementation detail creates bias on what people consider 'clean' and
>> > > 'dirty' solution, as in Cisco network it's enough to allow loop at the
>> > > edge interfaces it feels more 'clean' while in Juniper network you'd
>> > > have to allow them in all iBGP sessions too, which suddenly makes the
>> > > solution appear somehow more 'dirty'.
>> > >
>> > >
>> > > On Tue, 15 Nov 2022 at 12:48, niklas rehnberg via juniper-nsp
>> > > <juniper-nsp at puck.nether.net> wrote:
>> > > >
>> > > > Hi all,
>> > > > I have the following setup and need to know the best practices to
>> solve
>> > > > EVPN type 5 issues.
>> > > >
>> > > > Setup:
>> > > > Two ACX7100 as collapse spine with EVPN/VXLAN
>> > > > Using type 5 routes between the spines so iBGP can be avoided in
>> > > > routing-instance.
>> > > > Both spines has same bgp as number in the routing-instance WAN
>> > > > See below for a part of configuration
>> > > >
>> > > > Problem:
>> > > > Incoming routes from WAN router into spine1 will be advertised to
>> spine2
>> > > as
>> > > > type 5 routes
>> > > > spine2 will not accept them due to AS number exit in the as-path
>> already.
>> > > >
>> > > > Solution:
>> > > > I can easily fix it with "loop 2" config in the routing-options
>> part, but
>> > > > is this the right way?
>> > > > Does there exist any command to change the EVPN Type 5 behavior
>> from eBGP
>> > > > to iBGP?
>> > > > Different AS number in routing-instance?
>> > > > What are the best practices?
>> > > >
>> > > > Config part:
>> > > > show routing-instances WAN protocols evpn
>> > > > ip-prefix-routes {
>> > > > advertise direct-nexthop;
>> > > > encapsulation vxlan;
>> > > > reject-asymmetric-vni;
>> > > > vni 99100;
>> > > > export EXPORT-T5-WAN;
>> > > > }
>> > > > policy-statement EXPORT-T5-WAN {
>> > > > term 1 {
>> > > > from protocol direct;
>> > > > then accept;
>> > > > }
>> > > > term 2 {
>> > > > from protocol bgp;
>> > > > then accept;
>> > > > }
>> > > > }
>> > > > _______________________________________________
>> > > > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > > > https://puck.nether.net/mailman/listinfo/juniper-nsp
>> > >
>> > >
>> > >
>> > > --
>> > > ++ytti
>> > >
>> > _______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>>
>> --
>> ++ytti
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
More information about the juniper-nsp
mailing list