I can't for the life of me figure out how to do a very basic l2vpn between Arista and Juniper (assymetric irb, l3 terminating at leafs). This is a lab environment for the time being, and I just can't figure out the Juniper side of things. Does anyone have a very basic example?
Here's what I have that's working. (for lab, using ospf underlay which is excluded).
Arista Spine:
peer-filter LEAF-FILTER 10 match as-range 1-4294967295 result accept ! router bgp 65000.0 bgp asn notation asdot router-id 1.1.1.1 maximum-paths 4 ecmp 4 bgp listen range 2.2.2.0/24 peer-group LEAF_EVPN peer-filter LEAF-FILTER neighbor LEAF_EVPN peer-group neighbor LEAF_EVPN next-hop-unchanged neighbor LEAF_EVPN update-source Loopback0 neighbor LEAF_EVPN ebgp-multihop 5 neighbor LEAF_EVPN send-community extended neighbor LEAF_EVPN maximum-routes 12000 redistribute connected ! address-family evpn neighbor LEAF_EVPN activate Arista Leaf:
vlan 3304 interface Ethernet2 switchport access vlan 3304 interface Loopback0 description "router-id" ip address 2.2.2.2/32 ip ospf area 0.0.0.0 interface Loopback1 description "vtep-source" ip address 9.9.9.2/32 ip address 69.69.69.69/32 secondary ip ospf area 0.0.0.0 ! interface Vlan3304 ip address virtual 192.168.104.1/24 ! interface Vxlan1 vxlan source-interface Loopback1 vxlan udp-port 4789 vxlan vlan 3304 vni 3304 ! ip virtual-router mac-address 00:1c:73:00:00:99 ! ip routing ! router bgp 65000.2 bgp asn notation asdot router-id 2.2.2.2 maximum-paths 4 ecmp 4 neighbor SPINE_EVPN peer-group neighbor SPINE_EVPN remote-as 65000.0 neighbor SPINE_EVPN next-hop-unchanged neighbor SPINE_EVPN update-source Loopback0 neighbor SPINE_EVPN ebgp-multihop 5 neighbor SPINE_EVPN send-community extended neighbor SPINE_EVPN maximum-routes 12000 neighbor 1.1.1.1 peer-group SPINE_EVPN vlan 3304 rd 9.9.9.2:3304 route-target both 1:3304 redistribute learned address-family evpn neighbor SPINE_EVPN activate router ospf 1 router-id 2.2.2.2 max-lsa 12000 This works great, for a simple L2 stretched fabric. No issues with Arista leafs to Spine, to another Arista Leaf.
On the Juniper the following config seems to establish peering with no issues to the Arista Spine:
set protocols bgp family evpn signaling set protocols bgp group evpn type external set protocols bgp group evpn multihop ttl 5 set protocols bgp group evpn multihop no-nexthop-change set protocols bgp group evpn local-address 2.2.2.3 set protocols bgp group evpn family evpn signaling set protocols bgp group evpn local-as 65000.3 set protocols bgp group evpn multipath set protocols bgp group evpn neighbor 1.1.1.1 peer-as 65000.0 And then the basic config:
set routing-options router-id 2.2.2.3 set routing-options autonomous-system 65000.3 set routing-options autonomous-system asdot-notation set interfaces xe-0/0/8 unit 0 family ethernet-switching interface-mode access set interfaces xe-0/0/8 unit 0 family ethernet-switching vlan members VXLAN3304 set interfaces irb unit 3304 family inet address 192.168.104.2/24 virtual-gateway-address 192.168.104.1 set vlans VXLAN3304 vlan-id 3304 set vlans VXLAN3304 l3-interface irb.3304 set vlans VXLAN3304 vxlan vni 3304 set vlans VXLAN3304 vxlan ingress-node-replication and the part that is NOT working (where I think my config is falling apart) is where I tie VXLAN into EVPN:
set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 2.2.2.3:1 set switch-options vrf-import EVPN-VRF-VXLAN set switch-options vrf-target target:7777:7777 set switch-options vrf-target auto set policy-options policy-statement EVPN-VRF-VXLAN then accept set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication set protocols evpn default-gateway do-not-advertise set protocols evpn extended-vni-list all
The Arista spine is both receiving and sending evpn routes:
spine1#show bgp neighbors 2.2.2.3 evpn advertised-routes BGP routing table information for VRF default Router identifier 1.1.1.1, local AS number 4259840000 Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP S - Stale, c - Contributing to ECMP, b - backup, q - Queued for advertisement % - Pending BGP convergence Origin codes: i - IGP, e - EGP, ? - incomplete AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop Network Next Hop Metric LocPref Weight Path * > RD: 9.9.9.1:3304 mac-ip 001c.7300.0099 69.69.69.69 - - 0 4259840000 4259840001 i * > RD: 9.9.9.2:3304 mac-ip 001c.7300.0099 69.69.69.69 - - 0 4259840000 4259840002 i * > RD: 9.9.9.1:3304 imet 9.9.9.1 9.9.9.1 - - 0 4259840000 4259840001 i * > RD: 9.9.9.2:3304 imet 9.9.9.2 9.9.9.2 - - 0 4259840000 4259840002 i * > RD: 9.9.9.1:3304 imet 69.69.69.69 9.9.9.1 - - 0 4259840000 4259840001 i * > RD: 9.9.9.2:3304 imet 69.69.69.69 9.9.9.2 - - 0 4259840000 4259840002 i spine1#show bgp neighbors 2.2.2.3 evpn received-routes BGP routing table information for VRF default Router identifier 1.1.1.1, local AS number 4259840000 Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP S - Stale, c - Contributing to ECMP, b - backup % - Pending BGP convergence Origin codes: i - IGP, e - EGP, ? - incomplete AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop Network Next Hop Metric LocPref Weight Path * > RD: 2.2.2.3:0 auto-discovery 05fd:e800:0300:000c:e800 2.2.2.3 - - 0 4259840003 i * > RD: 2.2.2.3:1 mac-ip 3304 0000.5e00.0101 2.2.2.3 - - 0 4259840003 i * > RD: 2.2.2.3:1 mac-ip 3304 0000.5e00.0101 192.168.104.1 2.2.2.3 - - 0 4259840003 i * > RD: 2.2.2.3:1 mac-ip 3304 0050.7966.6807 2.2.2.3 - - 0 4259840003 i * > RD: 2.2.2.3:1 mac-ip 3304 0050.7966.6807 192.168.104.102 2.2.2.3 - - 0 4259840003 i * > RD: 2.2.2.3:1 imet 3304 2.2.2.3 2.2.2.3 - - 0 4259840003 i
My best guess, it's probably something to do with the virtual-vtep (69.69.69.69) and the virtual router mac (001c.7300.0099).
I can ping my real-ip gateway 192.168.104.2, but can't ping the other host nodes (192.168.104.100, 192.168.104.101, and 192.168.104.102)
I've tried a few things, such as:
set interfaces lo0 unit 0 family inet address 2.2.2.3/32 set interfaces lo0 unit 0 family inet address 9.9.9.3/32 primary set interfaces lo0 unit 0 family inet address 69.69.69.69/32 set switch-options vtep-source-interface inet preferred 9.9.9.3 But I can't seem to figure it out. I'm trying to keep everything inside the global route table for the time being, as this is a learning exercise.
No comments:
Post a Comment