vMX
Highlighted
vMX

vMX evpn/vxlan L3 gateway

a month ago

evpn.PNG

 

This is my topology. I am trying to configure VGA on spine-6 and spine-7. The following is my configuration. I can't ping the gateway, also no route work.  vxlan L2 works fine. vServer-4 can reach vServer-5 with the same subnet.  But not in different subnets.

Appreciate any insight.

spine-6
set routing-options router-id 192.168.100.6
set routing-options autonomous-system 64513
set routing-options forwarding-table export LB

set policy-options policy-statement LB term 1 then load-balance per-packet
set policy-options policy-statement exp2bgp term 1 from interface lo0.0
set policy-options policy-statement exp2bgp term 1 then accept

set protocols bgp group underlay type external
set protocols bgp group underlay export exp2bgp
set protocols bgp group underlay local-as 65101
set protocols bgp group underlay multipath multiple-as
set protocols bgp group underlay neighbor 172.16.61.1 peer-as 65201
set protocols bgp group underlay neighbor 172.16.62.2 peer-as 65202
set protocols bgp group underlay neighbor 172.16.63.3 peer-as 65203
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 192.168.100.6
set protocols bgp group overlay family evpn signaling
set protocols bgp group overlay cluster 6.6.6.6
set protocols bgp group overlay multipath
set protocols bgp group overlay neighbor 192.168.100.1
set protocols bgp group overlay neighbor 192.168.100.2
set protocols bgp group overlay neighbor 192.168.100.3

set routing-instances inst-evpn vtep-source-interface lo0.0
set routing-instances inst-evpn instance-type virtual-switch
set routing-instances inst-evpn route-distinguisher 192.168.100.6:6
set routing-instances inst-evpn vrf-target target:64513:64513
set routing-instances inst-evpn protocols evpn encapsulation vxlan
set routing-instances inst-evpn protocols evpn extended-vni-list all
set routing-instances inst-evpn bridge-domains bd10 vlan-id 10
set routing-instances inst-evpn bridge-domains bd10 routing-interface irb.10
set routing-instances inst-evpn bridge-domains bd10 vxlan vni 5010
set routing-instances inst-evpn bridge-domains bd20 vlan-id 20
set routing-instances inst-evpn bridge-domains bd20 routing-interface irb.20
set routing-instances inst-evpn bridge-domains bd20 vxlan vni 5020

set interfaces irb unit 10 virtual-gateway-accept-data
set interfaces irb unit 10 family inet address 10.1.1.101/24 virtual-gateway-address 10.1.1.100
set interfaces irb unit 20 virtual-gateway-accept-data
set interfaces irb unit 20 family inet address 10.1.2.101/24 virtual-gateway-address 10.1.2.100

----------------------------------------------------------------------------
vtep-1
set routing-options router-id 192.168.100.1
set routing-options autonomous-system 64513
set routing-options forwarding-table export LB

set policy-options policy-statement LB term 1 then load-balance per-packet
set policy-options policy-statement exp2bgp term 1 from interface lo0.0
set policy-options policy-statement exp2bgp term 1 then accept

set protocols bgp group underlay type external
set protocols bgp group underlay export exp2bgp
set protocols bgp group underlay local-as 65201
set protocols bgp group underlay multipath multiple-as
set protocols bgp group underlay neighbor 172.16.71.7 peer-as 65102
set protocols bgp group underlay neighbor 172.16.61.6 peer-as 65101
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 192.168.100.1
set protocols bgp group overlay family evpn signaling
set protocols bgp group overlay neighbor 192.168.100.6
set protocols bgp group overlay neighbor 192.168.100.7

set protocols evpn encapsulation vxlan
set protocols evpn extended-vni-list all

set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 192.168.100.1:1
set switch-options vrf-target target:64513:64513
set switch-options vrf-target auto

set vlans v10 vlan-id 10
set vlans v10 vxlan vni 5010
set vlans v20 vlan-id 20
set vlans v20 vxlan vni 5020

Spine-7
set routing-options router-id 192.168.100.7
set routing-options autonomous-system 64513
set routing-options forwarding-table export LB

set policy-options policy-statement LB term 1 then load-balance per-packet
set policy-options policy-statement exp2bgp term 1 from interface lo0.0
set policy-options policy-statement exp2bgp term 1 then acceptrun s

set protocols bgp group underlay type external
set protocols bgp group underlay export exp2bgp
set protocols bgp group underlay local-as 65102
set protocols bgp group underlay multipath multiple-as
set protocols bgp group underlay neighbor 172.16.71.1 peer-as 65201
set protocols bgp group underlay neighbor 172.16.72.2 peer-as 65202
set protocols bgp group underlay neighbor 172.16.72.3 peer-as 65203
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 192.168.100.7
set protocols bgp group overlay family evpn signaling
set protocols bgp group overlay cluster 7.7.7.7
set protocols bgp group overlay multipath
set protocols bgp group overlay neighbor 192.168.100.1
set protocols bgp group overlay neighbor 192.168.100.2
set protocols bgp group overlay neighbor 192.168.100.3

set routing-instances inst-evpn vtep-source-interface lo0.0
set routing-instances inst-evpn instance-type virtual-switch
set routing-instances inst-evpn route-distinguisher 192.168.100.7:7
set routing-instances inst-evpn vrf-target target:64513:64513
set routing-instances inst-evpn protocols evpn encapsulation vxlan
set routing-instances inst-evpn protocols evpn extended-vni-list all
set routing-instances inst-evpn bridge-domains bd10 vlan-id 10
set routing-instances inst-evpn bridge-domains bd10 routing-interface irb.10
set routing-instances inst-evpn bridge-domains bd10 vxlan vni 5010
set routing-instances inst-evpn bridge-domains bd20 vlan-id 20
set routing-instances inst-evpn bridge-domains bd20 routing-interface irb.20
set routing-instances inst-evpn bridge-domains bd20 vxlan vni 5020

set interfaces irb unit 10 virtual-gateway-accept-data
set interfaces irb unit 10 family inet address 10.1.1.102/24 virtual-gateway-address 10.1.1.100
set interfaces irb unit 20 virtual-gateway-accept-data
set interfaces irb unit 20 family inet address 10.1.2.102/24 virtual-gateway-address 10.1.2.100

----------------------------------------------------------------------------------------
vtep-3
set routing-options router-id 192.168.100.3
set routing-options autonomous-system 64513
set routing-options forwarding-table export LB

set policy-options policy-statement LB term 1 then load-balance per-packet
set policy-options policy-statement exp2bgp term 1 from interface lo0.0
set policy-options policy-statement exp2bgp term 1 then accept

set protocols bgp group underlay type external
set protocols bgp group underlay export exp2bgp
set protocols bgp group underlay local-as 65201
set protocols bgp group underlay multipath multiple-as
set protocols bgp group underlay neighbor 172.16.71.7 peer-as 65102
set protocols bgp group underlay neighbor 172.16.61.6 peer-as 65101
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 192.168.100.3
set protocols bgp group overlay family evpn signaling
set protocols bgp group overlay neighbor 192.168.100.6
set protocols bgp group overlay neighbor 192.168.100.7

set protocols evpn encapsulation vxlan
set protocols evpn extended-vni-list all

set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 192.168.100.3:3
set switch-options vrf-target target:64513:64513
set switch-options vrf-target auto

set vlans v10 vlan-id 10
set vlans v10 vxlan vni 5010
set vlans v20 vlan-id 20
set vlans v20 vxlan vni 5020
root@vtep-3# run show evpn database l2-domain-id 5020
Instance: default-switch
VLAN  DomainId  MAC address        Active source                  Timestamp        IP address
     5020       00:00:5e:00:01:01  05:00:00:fc:01:00:00:13:9c:00  Jul 15 22:40:30
     5020       00:05:86:71:8e:00  xe-0/0/2.0                     Jul 15 19:55:33  10.1.2.51
     5020       2c:6b:f5:36:c4:f0  192.168.100.7                  Jul 15 21:47:15  10.1.2.100
                                                                                   10.1.2.102
     5020       2c:6b:f5:8b:f7:f0  192.168.100.6                  Jul 15 22:41:08  10.1.2.100
                                                                                   10.1.2.101

root@vtep-3# run show evpn database l2-domain-id 5010
Instance: default-switch
VLAN  DomainId  MAC address        Active source                  Timestamp        IP address
     5010       00:00:5e:00:01:01  05:00:00:fc:01:00:00:13:92:00  Jul 15 21:47:16
     5010       00:05:86:71:8e:00  xe-0/0/2.0                     Jul 15 19:50:13  10.1.1.51
     5010       00:05:86:71:af:c0  192.168.100.1                  Jul 15 22:16:15  10.1.1.1
     5010       2c:6b:f5:36:c4:f0  192.168.100.7                  Jul 15 21:47:15  10.1.1.100
                                                                                   10.1.1.102
     5010       2c:6b:f5:8b:f7:f0  192.168.100.6                  Jul 15 20:55:53  10.1.1.100
                                                                                   10.1.1.101



root@vtep-1# run show evpn database l2-domain-id 5020
Instance: default-switch
VLAN  DomainId  MAC address        Active source                  Timestamp        IP address
     5020       00:00:5e:00:01:01  05:00:00:fc:01:00:00:13:9c:00  Jul 15 22:40:29
     5020       00:05:86:71:8e:00  192.168.100.3                  Jul 15 19:55:33  10.1.2.51
     5020       2c:6b:f5:36:c4:f0  192.168.100.7                  Jul 15 21:47:14  10.1.2.100
                                                                                   10.1.2.102
     5020       2c:6b:f5:8b:f7:f0  192.168.100.6                  Jul 15 22:41:07  10.1.2.100
                                                                                   10.1.2.101

root@vtep-1# run show evpn database l2-domain-id 5010
Instance: default-switch
VLAN  DomainId  MAC address        Active source                  Timestamp        IP address
     5010       00:00:5e:00:01:01  05:00:00:fc:01:00:00:13:92:00  Jul 15 21:47:17
     5010       00:05:86:71:8e:00  192.168.100.3                  Jul 15 19:50:13  10.1.1.51
     5010       00:05:86:71:af:c0  ae0.0                          Jul 15 22:16:13  10.1.1.1
     5010       2c:6b:f5:36:c4:f0  192.168.100.7                  Jul 15 21:47:14  10.1.1.100
                                                                                   10.1.1.102
     5010       2c:6b:f5:8b:f7:f0  192.168.100.6                  Jul 15 20:55:53  10.1.1.100
                                                                                   10.1.1.101

11 REPLIES 11
Highlighted
vMX

Re: vMX evpn/vxlan L3 gateway

a month ago

maybe licenses ?

Highlighted
vMX

Re: vMX evpn/vxlan L3 gateway

a month ago

I just added the 60-day trial license.

root@spine-6# run show system license
License usage:
                                 Licenses     Licenses    Licenses    Expiry
  Feature name                       used    installed      needed
  scale-subscriber                      0           10           0    permanent
  scale-l2tp                            0         1000           0    permanent
  scale-mobile-ip                       0         1000           0    permanent
  VMX-BANDWIDTH                         0       500000           0    60 days
  VMX-SCALE                             3            3           0    59 days
  vmx-subscriber-accounting             0            1           0    60 days
  vmx-subscriber-authentication         0            1           0    60 days
  vmx-subscriber-address-assignment        0         1           0    60 days
  vmx-service-dc                        0            1           0    60 days
  vmx-service-accounting                0            1           0    60 days
  vmx-subscriber-secure-policy          0            1           0    60 days
  vmx-pcrf-subscriber-provisioning        0          1           0    60 days
  vmx-ocs-charging                      0            1           0    60 days
  vmx-nasreq-auth-authorization         0            1           0    60 days
  vmx-service-qos                       0            1           0    60 days
  vmx-service-ancp                      0            1           0    60 days
  vmx-service-cbsp                      0            1           0    60 days

Licenses installed:
  License identifier: E435890758
  License version: 4
  Software Serial Number: 20180209
  Customer ID: vMX-JuniperEval
  Features:
    vmx-bandwidth-500g - vmx-bandwidth-500g
      count-down, Original validity: 60 days
    vmx-feature-premium - vmx-feature-premium
      count-down, Original validity: 60 days
Highlighted
vMX

Re: vMX evpn/vxlan L3 gateway

a month ago

Hi Gongyayu,

 

I noticed that you are missing the ingress-replication config knob on spines and leafes. Could you add it and check again ?

 

set protocols evpn multicast-mode ingress-replication
set vlans xxx vxlan ingress-node-replication
set routing-instances xxxx bridge-domains xxxx vxlan ingress-node-replication

Here is evpn/vxlan config example as well:

 

https://www.juniper.net/documentation/en_US/junos/topics/example/evpn-vxlan-mx-qfx-configuring.html

https://www.juniper.net/documentation/en_US/junos/topics/example/evpn-vxlan-irb-within-data-center.h...

 

If this solves your problem, please consider to mark this post as "Accepted Solution".

Best Regards,

Mohamed

Highlighted
vMX

Re: vMX evpn/vxlan L3 gateway

[ Edited ]
4 weeks ago

thanks for taking a look.  I added them but it still does not work.

root@vtep-1# show vlans | display set
set vlans default vlan-id 1
set vlans v10 vlan-id 10
set vlans v10 vxlan vni 5010
set vlans v10 vxlan ingress-node-replication
set vlans v20 vlan-id 20
set vlans v20 vxlan vni 5020
set vlans v20 vxlan ingress-node-replication

root@spine-6# show routing-instances | display set
set routing-instances inst-evpn vtep-source-interface lo0.0
set routing-instances inst-evpn instance-type virtual-switch
set routing-instances inst-evpn interface ge-0/0/4.0
set routing-instances inst-evpn route-distinguisher 192.168.100.6:6
set routing-instances inst-evpn vrf-target target:64513:64513
set routing-instances inst-evpn protocols evpn encapsulation vxlan
set routing-instances inst-evpn protocols evpn extended-vni-list 5010
set routing-instances inst-evpn protocols evpn extended-vni-list 5020
set routing-instances inst-evpn protocols evpn multicast-mode ingress-replication
set routing-instances inst-evpn protocols evpn default-gateway no-gateway-community
set routing-instances inst-evpn bridge-domains bd10 vlan-id 10
set routing-instances inst-evpn bridge-domains bd10 routing-interface irb.10
set routing-instances inst-evpn bridge-domains bd10 vxlan vni 5010
set routing-instances inst-evpn bridge-domains bd10 vxlan ingress-node-replication
set routing-instances inst-evpn bridge-domains bd20 vlan-id 20
set routing-instances inst-evpn bridge-domains bd20 routing-interface irb.20
set routing-instances inst-evpn bridge-domains bd20 vxlan vni 5020
set routing-instances inst-evpn bridge-domains bd20 vxlan ingress-node-replication

root@spine-6# show interfaces irb | display set
set interfaces irb unit 10 proxy-macip-advertisement
set interfaces irb unit 10 virtual-gateway-accept-data
set interfaces irb unit 10 family inet address 10.1.1.101/24 virtual-gateway-address 10.1.1.100
set interfaces irb unit 20 proxy-macip-advertisement
set interfaces irb unit 20 virtual-gateway-accept-data
set interfaces irb unit 20 family inet address 10.1.2.101/24 virtual-gateway-address 10.1.2.100

 

 

Highlighted
vMX

Re: vMX evpn/vxlan L3 gateway

4 weeks ago

Hi gongyayu,

 

Could you try to add bgp neighbourship between the spines for the overlay bgp, and try this again ?

 

example:

 

spine-6

set protocols bgp group overlay neighbor 192.168.100.5

Spine-7
set protocols bgp group overlay neighbor 192.168.100.6

 

If this solves your problem, please consider to mark this post as "Accepted Solution".

Best Regards,

Mohamed

Highlighted
vMX

Re: vMX evpn/vxlan L3 gateway

4 weeks ago

Hi gongyayu,

 

Also please add multipath to all nodes on overlay bgp group

 

If this solves your problem, please consider to mark this post as "Accepted Solution".

Best Regards,

Mohamed

Highlighted
vMX

Re: vMX evpn/vxlan L3 gateway

4 weeks ago

I just added them. still no luck.

root@spine-6# show protocols bgp | display set | match overlay
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 192.168.100.6
set protocols bgp group overlay family evpn signaling
set protocols bgp group overlay cluster 6.6.6.6
set protocols bgp group overlay multipath
set protocols bgp group overlay neighbor 192.168.100.1
set protocols bgp group overlay neighbor 192.168.100.2
set protocols bgp group overlay neighbor 192.168.100.3
set protocols bgp group overlay neighbor 192.168.100.7


root@spine-7# show protocols bgp | display set | match overlay
set protocols bgp group overlay type internal
set protocols bgp group overlay local-address 192.168.100.7
set protocols bgp group overlay family evpn signaling
set protocols bgp group overlay cluster 7.7.7.7
set protocols bgp group overlay neighbor 192.168.100.1
set protocols bgp group overlay neighbor 192.168.100.2
set protocols bgp group overlay neighbor 192.168.100.3
set protocols bgp group overlay neighbor 192.168.100.6

 

thanks for taking a look and insights. 

Highlighted
vMX

Re: vMX evpn/vxlan L3 gateway

4 weeks ago

Just added. no luck.

root@spine-6# ...ng-table destination 192.168.100.7/32
Routing table: default.inet
Internet:
Enabled protocols: Bridging,
Destination        Type RtRef Next hop           Type Index    NhRef Netif
192.168.100.7/32   user     1                    ulst  1048575     3
                              172.16.61.1        ucst      635     6 ge-0/0/0.0
                              172.16.62.2        ucst      636     6 ge-0/0/1.0
                              172.16.63.3        ucst      637     6 ge-0/0/2.0
Highlighted
vMX

Re: vMX evpn/vxlan L3 gateway

4 weeks ago

Hi gongyayu,

 

Please remove the auto vrf-target from the vteps as well.

 

Remove this config:

set switch-options vrf-target auto

 

Best Regards,

Mohamed

Highlighted
vMX

Re: vMX evpn/vxlan L3 gateway

4 weeks ago

You got it.

I missed that.

 

thanks a million!  

Highlighted
vMX

Re: vMX evpn/vxlan L3 gateway

4 weeks ago

Hi gongyay,

 

No problem :). Please consider to mark this post as "Accepted Solution",  as the problem is fixed.

 

 

Best Regards,

Mohamed

Feedback