I have setup EVPN multihoming in a lab and managed to get it working. This is my topology:
https://drive.google.com/file/d/1Sj4l477AFJVmx1qsD4yqxGqd8oEHvcNN/view?usp=sharing
Here is my config if you wish to see but for the most part it's more of a conceptual question:
https://www.reddit.com/r/networking/comments/q1fhxa/juniper_evpn_multihoming_activestandby/
I have one IRB setup on both routers (irb.107 - 100.100.100.1/30) between the two routers with EVPN Multihoming.
MX1 is the Designated forwarder and MX2 is the Backup Forwarder. My understanding this is achieved through a DF election process and one device is elected to be active for the ESI.
If I try and ping my CE device (100.100.100.2) from MX1 this works fine. If I try and ping from MX2 this does not work but I believe this is correct but this device is the Backup Forwarder.
On both routers I have a connected 100.100.100.0/30 for the IRB. On only the Designated forwarder (MX1) I also have an EVPN route for the CE (100.100.100.2/32)
100.100.100.2/32 *[EVPN/7] 00:46:51 > via irb.107 So far all good, I can ping from the CE to 100.100.100.1 (irb.107) fine.
I would like to eBGP peer from both MX devices with an upstream router (outside of EVPN) and advertise the connected IRB interfaces for inbound traffic. What I was hoping when reading the EVPN Multihoming documentation was that irb.107 (and thus the connected route) would not be up on the Backup Router.
Quote:
If you specify an ESI on a physical or aggregated Ethernet interface, keep in mind that an ESI is a factor in the designated forwarder (DF) election process. For example, assume that you configure EVPN multihoming active-standby on aggregated Ethernet interface ae0, and given the ESI configured on ae0 and other determining factors, the DF election results in ae0 being in the down state.
From here:
So basically now I will be advertising the /30 from both MX1 and MX2 to the upstream device. From what I'm seeing, If the upstream device sends traffic to MX2 (Backup Forwarder) I think it might not work (just because of the fact that it is the Backup Forwarder and the ping testing I did)
The /32 route for the CE is only on the Designated forwarder so I could advertise that route as being more specific to hit the correct router but that doesn't seem scalable at all.
What is the best way to achieve this? I was really hoping that the Backup Router would not have the connected route for the IRB interface and thus not advertise the connected route but unfortunately it doesn't behave like that. My other hope was that MX2 should know about the 100.100.100.2/32 EVPN route via MX1 but it seems this is not the case. If you do a show route 100.100.100.2/32 on MX2 it shows the route as the connected interface (local)
Any suggestions or comments welcome. I'm sure this has been done before so don't think it's anything out of the ordinary.
Thanks
No comments:
Post a Comment