❦ 20 septembre 2019 11:55 +12, Liam Farr <l...@maxumdata.com>: > I'm running VXLAN with ingress-node-replication in prod, can you > explain what you mean by havoc?
When using EVPN, prefer using "set protocols evpn multicast-mode ingress-replication". Using "set vlans XXX vxlan ingress-node-replication" will send replicated packets to all VTEP, including the ones not advertising the Type 3 route. See <https://www.juniper.net/documentation/en_US/junos/topics/example/evpn-vxlan-collapsed-topology.html>: > Retains the QFX10000 switch’s default setting of disabled for ingress > node replication for EVPN-VXLAN. With this feature disabled, if a > QFX10000 switch that functions as a VTEP receives a BUM packet > intended, for example, for a physical server in a VLAN with the VNI of > 1001, the VTEP replicates and sends the packet only to VTEPs on which > the VNI of 1001 is configured. If this feature is enabled, the VTEP > replicates and sends this packet to all VTEPs in its database, > including those that do not have VNI 1001 configured. To prevent a > VTEP from needlessly flooding BUM traffic throughout an EVPN-VXLAN > overlay network, we strongly recommend that if not already disabled, > you disable ingress node replication on each of the leaf devices by > specifying the delete vlans vlan-name vxlan ingress-node-replication > command. In turn, this may exhaust the resources of the Broadcom chipset (Trident2 or Trident2+) if you have a lot of VLANs and/or a lot of VTEPs. -- Talkers are no good doers. -- William Shakespeare, "Henry VI" _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
