Re: [j-nsp] VXLAN, BGP EVPN, remote VTEP

[Vincent Bernat]

Hi Nitzan!

I already had the second bit. I've removed the
"ingress-node-replication" from "vlans", like you suggested and it works
as expected. Thanks!
-- 
A banker is a fellow who lends you his umbrella when the sun is shining
and wants it back the minute it begins to rain.
-- Mark Twain

 ――― Original Message ―――
 From: Nitzan Tzelniker 
 Sent: 11 avril 2018 21:02 GMT
 Subject: Re: [j-nsp] VXLAN, BGP EVPN, remote VTEP
 To: Vincent Bernat
 Cc: juniper-nsp@puck.nether.net

> Try to remove the  "ingress-node-replication" from the vlans and add " set
> protocols evpn multicast-mode ingress replication "
> few months ago a TAC engineer told it to me
>
> "This knob will add all the remote VTEPs under the VNIs on local device
> even though the remote devices do not have these VNIs configured. This
> causes unnecessary flooding from local device to the remote."
>
> But to be honest I didn't check it yet
>
> Thanks
>
> Nitzan
>
> On Tue, Apr 10, 2018 at 12:42 PM Vincent Bernat  wrote:
>
>> Hey!
>>
>> I am noticing an odd behaviour when using BGP EVPN on a vQFX: it assumes
>> that all VTEP have all the local VNIs. For example, on the local system,
>> I have VNI 654, 655 and 656. However, on the remote VTEP, I have only
>> 654 and 655. However, the local system still assumes VNI 656 should be
>> present:
>>
>> juniper@QFX1> show version
>> fpc0:
>> --
>> Hostname: QFX1
>> Model: vqfx-1
>> Junos: 17.4R1.16 limited
>> JUNOS Base OS boot [17.4R1.16]
>> JUNOS Base OS Software Suite [17.4R1.16]
>> JUNOS Crypto Software Suite [17.4R1.16]
>> JUNOS Online Documentation [17.4R1.16]
>> JUNOS Kernel Software Suite [17.4R1.16]
>> JUNOS Packet Forwarding Engine Support (qfx-10-f) [17.4R1.16]
>> JUNOS Routing Software Suite [17.4R1.16]
>> JUNOS jsd [i386-17.4R1.16-jet-1]
>> JUNOS SDN Software Suite [17.4R1.16]
>> JUNOS Enterprise Software Suite [17.4R1.16]
>> JUNOS Web Management [17.4R1.16]
>> JUNOS py-base-i386 [17.4R1.16]
>> JUNOS py-extensions-i386 [17.4R1.16]
>>
>> {master:0}
>> juniper@QFX1> show ethernet-switching vxlan-tunnel-end-point remote
>> Logical System Name   Id  SVTEP-IP IFL   L3-Idx
>>  0   192.0.2.11   lo0.00
>>  RVTEP-IP IFL-Idx   NH-Id
>>  192.0.2.13   570   1749
>> VNID  MC-Group-IP
>> 656   0.0.0.0
>> 655   0.0.0.0
>> 654   0.0.0.0
>>
>> {master:0}
>> juniper@QFX1> show route table default-switch.evpn.0
>>
>> default-switch.evpn.0: 11 destinations, 11 routes (11 active, 0 holddown,
>> 0 hidden)
>> + = Active Route, - = Last Active, * = Both
>>
>> 1:192.0.2.11:1::010101010101010101::0/192 AD/EVI
>>*[EVPN/170] 00:03:49
>>   Indirect
>> 2:192.0.2.11:1::654::50:54:33:00:00:0f/304 MAC/IP
>>*[EVPN/170] 00:02:43
>>   Indirect
>> 2:192.0.2.11:1::655::50:54:33:00:00:0f/304 MAC/IP
>>*[EVPN/170] 00:01:20
>>   Indirect
>> 2:192.0.2.11:1::656::50:54:33:00:00:0f/304 MAC/IP
>>*[EVPN/170] 00:03:54
>>   Indirect
>> 2:192.0.2.13:1::654::50:54:33:00:00:11/304 MAC/IP
>>*[BGP/170] 00:02:41, localpref 100, from 192.0.2.100
>>   AS path: I, validation-state: unverified
>> > to 203.0.113.13 via xe-0/0/0.0
>> 2:192.0.2.13:1::655::50:54:33:00:00:11/304 MAC/IP
>>*[BGP/170] 00:02:04, localpref 100, from 192.0.2.100
>>   AS path: I, validation-state: unverified
>> > to 203.0.113.13 via xe-0/0/0.0
>> 3:192.0.2.11:1::654::192.0.2.11/248 IM
>>*[EVPN/170] 00:04:08
>>   Indirect
>> 3:192.0.2.11:1::655::192.0.2.11/248 IM
>>*[EVPN/170] 00:04:07
>>   Indirect
>> 3:192.0.2.11:1::656::192.0.2.11/248 IM
>>*[EVPN/170] 00:04:07
>>   Indirect
>> 3:192.0.2.13:1::654::192.0.2.13/248 IM
>>*[BGP/170] 00:03:55, localpref 100, from 192.0.2.100
>>   AS path: I, validation-state: unverified
>> > to 203.0.113.13 via xe-0/0/0.0
>> 3:192.0.2.13:1::655::192.0.2.13/248 IM
>>*[BGP/170] 00:03:55, localpref 100, from 192.0.2.100
>>   AS path: I, validation-state: unverified
>> > to 203.0.113.13 via xe-0/0/0.0
>>
>> The remote system, 192.0.2.13 (also a vQFX), never send anything that
>> would hint it can handle VNI 656. I have also verified by sniffing on
>> the wire that the remote system is in fact receiving VXLAN packets for
>> VNI 656:
>>
>> Frame 807: 106 bytes on wire (848 bits), 106 bytes captured (848 bits)
>> Ethernet II, Src: MS-NLB-PhysServer-05_86:71:7e:03 (02:05:86:71:7e:03),
>> Dst: MS-NLB-PhysServer-05_86:71:69:03 (02:05:86:71:69:03)
>> Inter

Re: [j-nsp] Going Juniper

[James Harrison]

On 11/04/2018 10:51, James Bensley wrote:
> I would agree with
> you that low port coun't, good, and reasonably priced mixed 1G/10G
> devices aren't plentiful in choice from vendors. We open a lot of
> small PoPs so stuff like ME3600X/ASR920s, ASR9001, MX104 are great for
> us but each with their own caveats.

Particularly if you include the requirement for temperature hardening -
we deploy a lot of street cabinet sites, and MX104s and ASR902s are
basically the only boxes in town that have reasonable 10G density and a
sensible temperature range for external boxes. We don't need the full
capability of a 104 (and feature-wise the 920 and 902s are chock full of
unfortunate compromises) but sadly the higher bandwidth stuff based
around x86 and BRCM silicon isn't yet entering the temp-hardened space.

We have a few 104s out in prod doing fairly basic bits of EVPN and
they're very capable boxes - just pricey for the ports we need.

-- 
Cheers,
James Harrison
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Going Juniper

[James Bensley]

>>> On 11 April 2018 at 13:43, Ola Thoresen  wrote:
>>> Granted at least JNPR offering allows you to run same device as pure
>>> L2, with Cisco offering it is satellite-only box, cannot be used as
>>> L2.
>>
>> I know what you mean, but I must say that this time it seems like they have 
>> more or less managed to do it right.  They use pretty standard protocols for 
>> everything, it is just "packaged" so you don't need to think about it.
>>
>> But as you say, you can easily use the exact same hardware in a regular L2 
>> setup, the thing you gain from the satellite setup is central management of 
>> only the routers, which can be a time and management saver.

I have to say, I completely disagree.

On 11 April 2018 at 13:12, Alexandre Guimaraes
 wrote:
> Last notice that I have about Junos fusion, some features doesn’t work in to 
> satellite ports, like ethernet ccc.

^ This is the reason why.

Fusion is a layer 1 extension, my 1st question to Juniper is why is
there a DC version and a Service Provider version?

https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000523-en.pdf:

"Junos Fusion Provider Edge is a technology enabler that overcomes
optical pluggable p hysical limitations by delegating low-speed
optical interfaces to a cost-appropriate switch, virtually expanding
connectivity to thousands of ports from a single Juniper Networks MX
Series 3D Universal Edge Router."

"Junos Fusion Data Center provides automated network configuration and
operational simplicity for medium to large data centers with up to
four QFX1 switches deployed in the spine layer and any combination
of up to 64 QFX5100, QFX5110-48S, QFX5200-32C, and EX4300 top-of-rack
switches deployed as satellite devices."

Basically the same justification for both technology variants - more
ports for less money with zero touch deployment. Both scenarios can
benefit from those proposed advantages so no need to make them
separate products. Obviously they will to make more money, but it
looked back it you have an Ethernet based layer 1 extension technology
and there is more than one variant of it, in 2018 we're only using one
kind of Ethernet here.

OK, 2nd question, and this is my real annoyance, and why I believe
Juniper haven't done it right; Why are certain features, e.g. Inter-AS
MPLS Option B connections, not support over the Service Provider
version? We're heavy users of OptB interconnects and these devices are
supposed to be layer 1 extensions. Can they pass an Ethernet frame,
yes or no? The answer is yes so anything higher level should be
ignored in my opinion.

After pressing Juniper they said that certain traffic types aren't
support because when they release new Fusion version, they test the
most common traffic types and they "can't test everything", and MPLS
OptB's are on the "no time for testing" list. It is possible that it
would work just fine, but if any issues arise they won't support it.
Surely they should test that Ethernet frames pass OK and then support
anything that runs over Ethernet?

If you're selling a layer 1 extension service for Ethernet and a
certain kind of traffic isn't support that runs over the top of
Ethernet - that is a great big red flag to me. We only have Fusion
because they wanted more people to run it - they sold it to us for
cheaper than vanilla layer 2 switches.

I feel dirty.

Cheers,
James.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Going Juniper

[Ola Thoresen]

On 11. april 2018 14:12, Alexandre Guimaraes wrote:


Hello everyone!

Last notice that I have about Junos fusion, some features doesn’t work in to 
satellite ports, like ethernet ccc.

Did you guys that use, can confirm that, or all features are available?



I did set up a l2circuit between a vlan (interface xe-100/0/0.100, vlan 
100 on a MX204 with a QFX5100 as satellite) and a remote MX80 a few days 
ago, and it worked flawlessly.




Rgds.

Ola Thoresen
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp