vMX
Highlighted
vMX

EVPN/vXLAN Multihome assistance

3 weeks ago

I am taking ADCX training. I created a similar topology as follows:

Multihome.PNG

LS-A is vMX with a logical system on it. Lag is on the default system.

I have the following configurations on vtep-1 and vtep-2

root@vtep-1# show interfaces ae0 | display set
set interfaces ae0 esi auto-derive lacp
set interfaces ae0 esi all-active
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp system-id 01:01:01:01:01:01
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members all

root@vtep-2# show interfaces ae0 | display set
set interfaces ae0 esi auto-derive lacp
set interfaces ae0 esi all-active
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp system-id 01:01:01:01:01:01
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members all

root@LS-A> show lacp interfaces
Aggregated interface: ae0
    LACP state:       Role   Exp   Def  Dist  Col  Syn  Aggr  Timeout  Activity
      ge-0/0/0       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
      ge-0/0/0     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
      ge-0/0/3       Actor    No    No   Yes  Yes  Yes   Yes     Fast    Active
      ge-0/0/3     Partner    No    No   Yes  Yes  Yes   Yes     Fast    Active
    LACP protocol:        Receive State  Transmit State          Mux State
      ge-0/0/0                  Current   Fast periodic Collecting distributing
      ge-0/0/3                  Current   Fast periodic Collecting distributing

Everything works until I added ESI.

What did I miss here ?

It works in Juniper training lab with the same configuration except the CE in the training is ubuntu host.

thanks in advance !!

5 REPLIES 5
Highlighted
vMX

Re: EVPN/vXLAN Multihome assistance

3 weeks ago

 

hi gongyayu,

 

Greetings look like you are missing the ESI #, it needs to be the same at both sides, and it can't bee all zeros.

 

example:  

 

set interfaces ae0 esi 00:11:11:11:11:11:11:11:11:11

 

 

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/

 

Regards,

 

Lil Dexx
JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB

Highlighted
vMX

Re: EVPN/vXLAN Multihome assistance

3 weeks ago

I added it manually, it did not work. Then I changed to use auto-derive. Can I do that way ?

 

thanks !!

Highlighted
vMX

Re: EVPN/vXLAN Multihome assistance

3 weeks ago

I tested again to find ae0 on LS-A working for the same bridge domain, but not work for L3 VGA.

The logical system on LS-A works for both.

root@LS-A# run ping 10.10.2.2 count 1
PING 10.10.2.2 (10.10.2.2): 56 data bytes
64 bytes from 10.10.2.2: icmp_seq=0 ttl=64 time=192.694 ms

--- 10.10.2.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 192.694/192.694/192.694/0.000 ms

[edit]
root@LS-A# run ping 10.10.2.2 count 1 logical-system vServer-1
PING 10.10.2.2 (10.10.2.2): 56 data bytes
64 bytes from 10.10.2.2: icmp_seq=0 ttl=64 time=714.677 ms

--- 10.10.2.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 714.677/714.677/714.677/0.000 ms

[edit]
root@LS-A# run ping 10.10.1.3 count 1
PING 10.10.1.3 (10.10.1.3): 56 data bytes
^C
--- 10.10.1.3 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss

[edit]
root@LS-A# run ping 10.10.1.3 count 1 logical-system vServer-1
PING 10.10.1.3 (10.10.1.3): 56 data bytes
64 bytes from 10.10.1.3: icmp_seq=0 ttl=63 time=233.086 ms

--- 10.10.1.3 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 233.086/233.086/233.086/0.000 ms

Not enough knowledge to find the reason.

Appreciate any insights !!

Highlighted
vMX

Re: EVPN/vXLAN Multihome assistance

[ Edited ]
3 weeks ago

I saw icmp reply on spine-7 interface ge-0/0/3, but not on interface ge-0/0/1 or ge-0/0/0, So the icmp is lost on spine-7.

 

On spine-7

 

 

 

 

root@spine-7# run show route 10.10.2.1

inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.10.2.0/24       *[Direct/0] 00:17:08
                    >  via irb.20

:vxlan.inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.10.2.0/24       *[Direct/0] 00:17:08
                    >  via irb.20

root@spine-7# run show route forwarding-table destination 10.10.2.1/32
Routing table: default.inet
Internet:
Enabled protocols: Bridging,
Destination        Type RtRef Next hop           Type Index    NhRef Netif
10.10.2.1/32       dest     0 0:5:86:71:45:c0    ucst     1773     1

Routing table: __juniper_services__.inet
Internet:
Enabled protocols: Bridging,
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    dscd     1664     2

Routing table: __pfe_private__.inet
Internet:
Enabled protocols: Bridging,
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    dscd     1677     2

Routing table: __master.anon__.inet
Internet:
Enabled protocols: Bridging, Dual VLAN,
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    rjct     1703     1

Routing table: :vxlan.inet
Internet:
Enabled protocols: Bridging, Dual VLAN,
Destination        Type RtRef Next hop           Type Index    NhRef Netif
10.10.2.0/24       user     0                    rtbl        1    10

root@spine-7# run show ethernet-switching table | match 71:45
   v20                 00:05:86:71:45:c0   DR       esi.1769               01:00:78:78:78:78:01:00:01:00

root@spine-7# run show route table bgp.evpn.0 | match ESI
1:192.168.100.1:0::01007878787801000100::FFFF:FFFF/192 AD/ESI
1:192.168.100.2:0::01007878787801000100::FFFF:FFFF/192 AD/ESI
1:192.168.100.7:0::050000fc010000139200::FFFF:FFFF/192 AD/ESI
1:192.168.100.7:0::050000fc010000139c00::FFFF:FFFF/192 AD/ESI

root@vtep-1# run show ethernet-switching table | match 71:45
   v20                 00:05:86:71:45:c0   DLR      ae0.0

root@vtep-2> show ethernet-switching table | match 71:45
   v20                 00:05:86:71:45:c0   DLR      ae0.0


 

Does spine-7 have enough information to send icmp back ?

The issue seems this:

arp.PNG

If I remove esi from vtep-1 and vtep-2, everything works fine.

Highlighted
vMX

Re: EVPN/vXLAN Multihome assistance

3 weeks ago

Anything wrong in the followings?

root@spine-7# run show evpn instance extensive
Instance: __default_evpn__
  Route Distinguisher: 192.168.100.7:0
  Number of bridge domains: 0
  Number of neighbors: 0

Instance: default-switch
  Route Distinguisher: 192.168.100.7:7
  Encapsulation type: VXLAN
  Duplicate MAC detection threshold: 5
  Duplicate MAC detection window: 180
  MAC database status                     Local  Remote
    MAC advertisements:                       2       7
    MAC+IP advertisements:                    4       5
    Default gateway MAC advertisements:       4       0
  Number of local interfaces: 1 (1 up)
    Interface name  ESI                            Mode             Status     AC-Role
    .local..5       00:00:00:00:00:00:00:00:00:00  single-homed     Up         Root
  Number of IRB interfaces: 2 (2 up)
    Interface name  VLAN   VNI    Status  L3 context
    irb.10                 5010    Up     master
    irb.20                 5020    Up     master
  Number of protect interfaces: 0
  Number of bridge domains: 2
    VLAN  Domain ID   Intfs / up    IRB intf   Mode      MAC sync  IM route label  IPv4 SG sync  IPv4 IM core nexthop  IPv6 SG sync  IPv6 IM core nexthop
    10    5010           0    0     irb.10     Extended         Enabled   5010            Disabled                    Disabled
    20    5020           0    0     irb.20     Extended         Enabled   5020            Disabled                    Disabled
  Number of neighbors: 4
    Address               MAC    MAC+IP        AD        IM        ES Leaf-label
    192.168.100.1           1         1         2         2         0
    192.168.100.2           3         2         2         2         0
    192.168.100.3           2         2         0         2         0
    192.168.100.4           1         1         0         2         0
  Number of ethernet segments: 3
    ESI: 01:00:78:78:78:78:01:00:01:00
      Status: Resolved
      Number of remote PEs connected: 2
        Remote PE        MAC label  Aliasing label  Mode
        192.168.100.2    5020       0               all-active
        192.168.100.1    5020       0               all-active
    ESI: 05:00:00:fc:01:00:00:13:92:00
      Local interface: irb.10, Status: Up/Forwarding
    ESI: 05:00:00:fc:01:00:00:13:9c:00
      Local interface: irb.20, Status: Up/Forwarding
  Router-ID: 192.168.100.7
  SMET Forwarding: Disabled

 

Feedback