[j-nsp] Collapse spine EVPN type 5 routes issue

Saku Ytti saku at ytti.fi
Tue Nov 15 07:57:54 EST 2022 

Hey Niklas,

My apologies, I do not understand your topology or what you are trying
to do, and would need a lot more context.

In my ignorance I would still ask, have you considered 'as-override' -
https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/ref/statement/as-override-edit-protocols-bgp.html
this is somewhat common in another use-case, which may or may not be
near to yours. Say you want to connect arbitrarily many CE routers to
MPLS VPN cloud with BGP, but you don't want to get unique ASNs to
them, you'd use a single ASN on every CE and use 'as-override' on the
core side.

Another point I'd like to make, not all implementations even verify AS
loops in iBGP, for example Cisco does not, while Juniper does. This
implementation detail creates bias on what people consider 'clean' and
'dirty' solution, as in Cisco network it's enough to allow loop at the
edge interfaces it feels more 'clean' while in Juniper network you'd
have to allow them in all iBGP sessions too, which suddenly makes the
solution appear somehow more 'dirty'.


On Tue, 15 Nov 2022 at 12:48, niklas rehnberg via juniper-nsp
<juniper-nsp at puck.nether.net> wrote:
>
> Hi all,
> I have the following setup and need to know the best practices to solve
> EVPN type 5 issues.
>
> Setup:
> Two ACX7100 as collapse spine with EVPN/VXLAN
> Using type 5 routes between the spines so iBGP can be avoided in
> routing-instance.
> Both spines has same bgp as number in the routing-instance WAN
> See below for a part of configuration
>
> Problem:
> Incoming routes from WAN router into spine1 will be advertised to spine2 as
> type 5 routes
> spine2 will not accept them due to AS number exit in the as-path already.
>
> Solution:
> I can easily fix it with "loop 2" config in the routing-options part, but
> is this the right way?
> Does there exist any command to change the EVPN Type 5 behavior from eBGP
> to iBGP?
> Different AS number in routing-instance?
> What are the best practices?
>
> Config part:
> show routing-instances WAN protocols evpn
> ip-prefix-routes {
>     advertise direct-nexthop;
>     encapsulation vxlan;
>     reject-asymmetric-vni;
>     vni 99100;
>     export EXPORT-T5-WAN;
> }
> policy-statement EXPORT-T5-WAN {
>     term 1 {
>         from protocol direct;
>         then accept;
>     }
>     term 2 {
>         from protocol bgp;
>         then accept;
>     }
> }
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



-- 
  ++ytti

More information about the juniper-nsp mailing list