Re: [j-nsp] QFX5110 / EVPN-VXLAN with IPv6 underlay

2023-11-28 Thread Aaron1 via juniper-nsp 
…which is probably why you can configure it as “0” and Junos expands it to 
“0.0.0.0”

Aaron

> On Nov 28, 2023, at 10:07 AM, Christian Scholz via juniper-nsp 
>  wrote:
> 
> Also might be worth mentioning that the Router-ID - although it might look 
> like one and you would usually use one you already have on your loopback - is 
> technically not an IP(v4)-Address. 
> 
> 
> See: 
> https://www.juniper.net/documentation/us/en/software/junos/static-routing/topics/ref/statement/router-id-edit-routing-options.html
> 
> Even if you run only OSPF3 or IPv6 BGP peering in a routing instance, a 
> 32-bit router-id must be configured in the instance. This is because IPv6 
> routing protocols use the router-id for handshaking. The router ID must be 
> configured as a 4 octet (32 bit) unsigned non-zero integer value. 
> It's often convenient to use an IPv4 address as the router ID. However, a 
> valid IPv4 address is not required. The RID does not have to be a routable 
> IPv4 address. You can configure any 32-bit value that is unique within the 
> routing domain. If you do not configure the router-id in an IPv6 OSPF or BGP 
> routing instance the IPv6 protocols will use an invalid value for the router 
> ID (0.0.0.0) and the adjacency and connections will fail
> 
> CHS
> 
> 
> 
>> Am 28.11.2023 um 16:14 schrieb Roger Wiklund via juniper-nsp 
>> :
>> 
>> For the QFX5110 specifically, MAC-VRF is supported:
>> https://apps.juniper.net/feature-explorer/feature-info.html?fKey=9788&fn=MAC+VRF+with+EVPN-VXLAN
>> 
>> But IPv6 underlay is not:
>> https://apps.juniper.net/feature-explorer/feature-info.html?fKey=11165&fn=EVPN-VXLAN+fabric+with+an+IPv6+underlay
>> 
>> So maybe it's an ASIC limitation as QFX5110 is using Trident 2+ and
>> QFX5120/EX4400 is using Trident 3.
>> 
>> Regards
>> Roger
>> 
>> 
>> 
>>> On Tue, Nov 28, 2023 at 3:48 PM Roger Wiklund 
>>> wrote:
>>> 
>>> Hey
>>> 
>>> You're interpreting the default switch limitation incorrectly.
>>> 
>>> It doesn't mean the QFX5120 can't support MAC-VRFs, it means even if you
>>> implement MAC-VRFs you still only have a single switch domain and can't
>>> have overlapping VLANs in the different MAC-VRFs. (MX does not have this
>>> limitation. It supports 32k VLANs)
>>> 
>>> IPv6 underlay is supported on QFX5120 in MAC-VRF from Junos 21.2R2:
>>> Explore Features by Product | Juniper Networks Pathfinder Feature Explorer
>>> 
>>> 
>>> You can configure an EVPN-VXLAN fabric with an IPv6 underlay. You can use
>>> this feature only with MAC-VRF routing instances (all service types). You
>>> must configure either an IPv4 or an IPv6 underlay across the EVPN instances
>>> in the fabric; you can’t mix IPv4 and IPv6 underlays in the same fabric.
>>> To enable this feature, include these steps when you configure the EVPN
>>> underlay:
>>> • Configure the underlay VXLAN tunnel endpoint (VTEP) source interface as
>>> an IPv6 address:
>>> • Even though the underlay uses the IPv6 address family, for BGP
>>> handshaking to work in the underlay, you must configure the router ID in
>>> the routing instance with an IPv4 address:
>>> • Enable the Broadcom VXLAN flexible flow feature, release where the
>>> feature is not enabled by default:
>>> We support the following EVPN-VXLAN features with an IPv6 underlay:
>>> • EVPN Type 1, Type 2, Type 3, Type 4, and Type 5 routes(excluding EX9200
>>> for type 5).
>>> • Shared VTEP tunnels (required with MAC-VRF instances).
>>> • All-active multihoming, including Ethernet segment ID (ESI)
>>> auto-generation and preferencebased DF (DF) election.
>>> • EVPN core isolation.
>>> • Bridged overlays.
>>> • Layer 3 gateway functions in ERB and CRB overlays with IPv4 or IPv6
>>> traffic.
>>> • Underlay and overlay load balancing.
>>> • Layer 3 protocols over IRB interfaces—BFD, BGP, OSPF.
>>> • Data center interconnect (DCI)—over-the-top (OTT) full mesh only.
>>> • EVPN proxy ARP and ARP suppression, and proxy NDP and NDP suppression.
>>> 
>>> Regards
>>> Roger
>>> 
>>> On Mon, Nov 27, 2023 at 11:31 AM Denis Fondras via juniper-nsp <
>>> juniper-nsp@puck.nether.net> wrote:
>>> 
 Hello,
 
 Thank you very much everyone for the help.
 
 It seems that `netraven` nailed it.
 I missed the part where QFX5110 could not support multiple forwarding
 instances.
 
 I will have to go back to the legacy protocol then :/
 Replacing IPv6 addresses with IPv4 addresses, keeping the same config,
 worked on
 first try.
 
 Thank you again !
 Denis
 
 
 Le Mon, Nov 27, 2023 at 10:52:52AM +0100, netravnen+nspl...@gmail.com a
 écrit :
> Dennis,
> 
> On Sat, 25 Nov 2023 at 15:26, Denis Fondras via juniper-nsp
>  wrote:
>> Can you give a clue ? I haven't found any information on wether it
 could work on
>> Q

Re: [j-nsp] QFX5110 / EVPN-VXLAN with IPv6 underlay

2023-11-28 Thread Christian Scholz via juniper-nsp 
Also might be worth mentioning that the Router-ID - although it might look like 
one and you would usually use one you already have on your loopback - is 
technically not an IP(v4)-Address. 


See: 
https://www.juniper.net/documentation/us/en/software/junos/static-routing/topics/ref/statement/router-id-edit-routing-options.html

Even if you run only OSPF3 or IPv6 BGP peering in a routing instance, a 32-bit 
router-id must be configured in the instance. This is because IPv6 routing 
protocols use the router-id for handshaking. The router ID must be configured 
as a 4 octet (32 bit) unsigned non-zero integer value. 
It's often convenient to use an IPv4 address as the router ID. However, a valid 
IPv4 address is not required. The RID does not have to be a routable IPv4 
address. You can configure any 32-bit value that is unique within the routing 
domain. If you do not configure the router-id in an IPv6 OSPF or BGP routing 
instance the IPv6 protocols will use an invalid value for the router ID 
(0.0.0.0) and the adjacency and connections will fail

CHS



> Am 28.11.2023 um 16:14 schrieb Roger Wiklund via juniper-nsp 
> :
> 
> For the QFX5110 specifically, MAC-VRF is supported:
> https://apps.juniper.net/feature-explorer/feature-info.html?fKey=9788&fn=MAC+VRF+with+EVPN-VXLAN
> 
> But IPv6 underlay is not:
> https://apps.juniper.net/feature-explorer/feature-info.html?fKey=11165&fn=EVPN-VXLAN+fabric+with+an+IPv6+underlay
> 
> So maybe it's an ASIC limitation as QFX5110 is using Trident 2+ and
> QFX5120/EX4400 is using Trident 3.
> 
> Regards
> Roger
> 
> 
> 
>> On Tue, Nov 28, 2023 at 3:48 PM Roger Wiklund 
>> wrote:
>> 
>> Hey
>> 
>> You're interpreting the default switch limitation incorrectly.
>> 
>> It doesn't mean the QFX5120 can't support MAC-VRFs, it means even if you
>> implement MAC-VRFs you still only have a single switch domain and can't
>> have overlapping VLANs in the different MAC-VRFs. (MX does not have this
>> limitation. It supports 32k VLANs)
>> 
>> IPv6 underlay is supported on QFX5120 in MAC-VRF from Junos 21.2R2:
>> Explore Features by Product | Juniper Networks Pathfinder Feature Explorer
>> 
>> 
>> You can configure an EVPN-VXLAN fabric with an IPv6 underlay. You can use
>> this feature only with MAC-VRF routing instances (all service types). You
>> must configure either an IPv4 or an IPv6 underlay across the EVPN instances
>> in the fabric; you can’t mix IPv4 and IPv6 underlays in the same fabric.
>> To enable this feature, include these steps when you configure the EVPN
>> underlay:
>> • Configure the underlay VXLAN tunnel endpoint (VTEP) source interface as
>> an IPv6 address:
>> • Even though the underlay uses the IPv6 address family, for BGP
>> handshaking to work in the underlay, you must configure the router ID in
>> the routing instance with an IPv4 address:
>> • Enable the Broadcom VXLAN flexible flow feature, release where the
>> feature is not enabled by default:
>> We support the following EVPN-VXLAN features with an IPv6 underlay:
>> • EVPN Type 1, Type 2, Type 3, Type 4, and Type 5 routes(excluding EX9200
>> for type 5).
>> • Shared VTEP tunnels (required with MAC-VRF instances).
>> • All-active multihoming, including Ethernet segment ID (ESI)
>> auto-generation and preferencebased DF (DF) election.
>> • EVPN core isolation.
>> • Bridged overlays.
>> • Layer 3 gateway functions in ERB and CRB overlays with IPv4 or IPv6
>> traffic.
>> • Underlay and overlay load balancing.
>> • Layer 3 protocols over IRB interfaces—BFD, BGP, OSPF.
>> • Data center interconnect (DCI)—over-the-top (OTT) full mesh only.
>> • EVPN proxy ARP and ARP suppression, and proxy NDP and NDP suppression.
>> 
>> Regards
>> Roger
>> 
>> On Mon, Nov 27, 2023 at 11:31 AM Denis Fondras via juniper-nsp <
>> juniper-nsp@puck.nether.net> wrote:
>> 
>>> Hello,
>>> 
>>> Thank you very much everyone for the help.
>>> 
>>> It seems that `netraven` nailed it.
>>> I missed the part where QFX5110 could not support multiple forwarding
>>> instances.
>>> 
>>> I will have to go back to the legacy protocol then :/
>>> Replacing IPv6 addresses with IPv4 addresses, keeping the same config,
>>> worked on
>>> first try.
>>> 
>>> Thank you again !
>>> Denis
>>> 
>>> 
>>> Le Mon, Nov 27, 2023 at 10:52:52AM +0100, netravnen+nspl...@gmail.com a
>>> écrit :
 Dennis,
 
 On Sat, 25 Nov 2023 at 15:26, Denis Fondras via juniper-nsp
  wrote:
> Can you give a clue ? I haven't found any information on wether it
>>> could work on
> QFX5110.
 
 Looking at the two pages below.
 1. The QFX5120 (assuming this also applies to the QFX5120-32C model)
 *only* supports the default-switch forwarding instance.
 2. And IPv6 underlays seem to be *exactly not* supported for the
 default-switch forwarding instance.
 
 If I

Re: [j-nsp] QFX5110 / EVPN-VXLAN with IPv6 underlay

2023-11-28 Thread Roger Wiklund via juniper-nsp 
For the QFX5110 specifically, MAC-VRF is supported:
https://apps.juniper.net/feature-explorer/feature-info.html?fKey=9788&fn=MAC+VRF+with+EVPN-VXLAN

But IPv6 underlay is not:
https://apps.juniper.net/feature-explorer/feature-info.html?fKey=11165&fn=EVPN-VXLAN+fabric+with+an+IPv6+underlay

So maybe it's an ASIC limitation as QFX5110 is using Trident 2+ and
QFX5120/EX4400 is using Trident 3.

Regards
Roger



On Tue, Nov 28, 2023 at 3:48 PM Roger Wiklund 
wrote:

> Hey
>
> You're interpreting the default switch limitation incorrectly.
>
> It doesn't mean the QFX5120 can't support MAC-VRFs, it means even if you
> implement MAC-VRFs you still only have a single switch domain and can't
> have overlapping VLANs in the different MAC-VRFs. (MX does not have this
> limitation. It supports 32k VLANs)
>
> IPv6 underlay is supported on QFX5120 in MAC-VRF from Junos 21.2R2:
> Explore Features by Product | Juniper Networks Pathfinder Feature Explorer
> 
>
> You can configure an EVPN-VXLAN fabric with an IPv6 underlay. You can use
> this feature only with MAC-VRF routing instances (all service types). You
> must configure either an IPv4 or an IPv6 underlay across the EVPN instances
> in the fabric; you can’t mix IPv4 and IPv6 underlays in the same fabric.
> To enable this feature, include these steps when you configure the EVPN
> underlay:
> • Configure the underlay VXLAN tunnel endpoint (VTEP) source interface as
> an IPv6 address:
> • Even though the underlay uses the IPv6 address family, for BGP
> handshaking to work in the underlay, you must configure the router ID in
> the routing instance with an IPv4 address:
> • Enable the Broadcom VXLAN flexible flow feature, release where the
> feature is not enabled by default:
> We support the following EVPN-VXLAN features with an IPv6 underlay:
> • EVPN Type 1, Type 2, Type 3, Type 4, and Type 5 routes(excluding EX9200
> for type 5).
> • Shared VTEP tunnels (required with MAC-VRF instances).
> • All-active multihoming, including Ethernet segment ID (ESI)
> auto-generation and preferencebased DF (DF) election.
> • EVPN core isolation.
> • Bridged overlays.
> • Layer 3 gateway functions in ERB and CRB overlays with IPv4 or IPv6
> traffic.
> • Underlay and overlay load balancing.
> • Layer 3 protocols over IRB interfaces—BFD, BGP, OSPF.
> • Data center interconnect (DCI)—over-the-top (OTT) full mesh only.
> • EVPN proxy ARP and ARP suppression, and proxy NDP and NDP suppression.
>
> Regards
> Roger
>
> On Mon, Nov 27, 2023 at 11:31 AM Denis Fondras via juniper-nsp <
> juniper-nsp@puck.nether.net> wrote:
>
>> Hello,
>>
>> Thank you very much everyone for the help.
>>
>> It seems that `netraven` nailed it.
>> I missed the part where QFX5110 could not support multiple forwarding
>> instances.
>>
>> I will have to go back to the legacy protocol then :/
>> Replacing IPv6 addresses with IPv4 addresses, keeping the same config,
>> worked on
>> first try.
>>
>> Thank you again !
>> Denis
>>
>>
>> Le Mon, Nov 27, 2023 at 10:52:52AM +0100, netravnen+nspl...@gmail.com a
>> écrit :
>> > Dennis,
>> >
>> > On Sat, 25 Nov 2023 at 15:26, Denis Fondras via juniper-nsp
>> >  wrote:
>> > > Can you give a clue ? I haven't found any information on wether it
>> could work on
>> > > QFX5110.
>> >
>> > Looking at the two pages below.
>> > 1. The QFX5120 (assuming this also applies to the QFX5120-32C model)
>> > *only* supports the default-switch forwarding instance.
>> > 2. And IPv6 underlays seem to be *exactly not* supported for the
>> > default-switch forwarding instance.
>> >
>> > If I take this from what it reads. It looks like you cannot archive
>> > what you are trying atm.
>> >
>> > Try asking JTAC to confirm this?
>> >
>> > From:
>> >
>> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/concept/mac-vrf-routing-instance-overview.html#xd_4081e20476f017c2--1e138ae7-1795628658a--7dbc__subsection_mac-vrf-service-types
>> > """
>> > EX4400, QFX5100, QFX5110, QFX5120, QFX5200, QFX5130-32CD, and QFX5700
>> > switches, and PTX10001-36MR, PTX10004, PTX10008, PTX10016 routers
>> > These devices support only one forwarding instance (default-switch).
>> (...)
>> > """
>> >
>> > From:
>> >
>> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/topic-map/vxlan-ipv6-underlay-overview.html
>> > """
>> > (QFX Series switches) You must use MAC-VRF routing instances with EVPN
>> > protocol and VXLAN encapsulation. We don't support IPv6 underlays with
>> > other instance types such as evpn, evpn-vpws, virtual-switch or the
>> > default switching instance.
>> > """
>> ___
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
___
juniper-ns

Re: [j-nsp] QFX5110 / EVPN-VXLAN with IPv6 underlay

2023-11-28 Thread Roger Wiklund via juniper-nsp 
Hey

You're interpreting the default switch limitation incorrectly.

It doesn't mean the QFX5120 can't support MAC-VRFs, it means even if you
implement MAC-VRFs you still only have a single switch domain and can't
have overlapping VLANs in the different MAC-VRFs. (MX does not have this
limitation. It supports 32k VLANs)

IPv6 underlay is supported on QFX5120 in MAC-VRF from Junos 21.2R2:
Explore Features by Product | Juniper Networks Pathfinder Feature Explorer


You can configure an EVPN-VXLAN fabric with an IPv6 underlay. You can use
this feature only with MAC-VRF routing instances (all service types). You
must configure either an IPv4 or an IPv6 underlay across the EVPN instances
in the fabric; you can’t mix IPv4 and IPv6 underlays in the same fabric.
To enable this feature, include these steps when you configure the EVPN
underlay:
• Configure the underlay VXLAN tunnel endpoint (VTEP) source interface as
an IPv6 address:
• Even though the underlay uses the IPv6 address family, for BGP
handshaking to work in the underlay, you must configure the router ID in
the routing instance with an IPv4 address:
• Enable the Broadcom VXLAN flexible flow feature, release where the
feature is not enabled by default:
We support the following EVPN-VXLAN features with an IPv6 underlay:
• EVPN Type 1, Type 2, Type 3, Type 4, and Type 5 routes(excluding EX9200
for type 5).
• Shared VTEP tunnels (required with MAC-VRF instances).
• All-active multihoming, including Ethernet segment ID (ESI)
auto-generation and preferencebased DF (DF) election.
• EVPN core isolation.
• Bridged overlays.
• Layer 3 gateway functions in ERB and CRB overlays with IPv4 or IPv6
traffic.
• Underlay and overlay load balancing.
• Layer 3 protocols over IRB interfaces—BFD, BGP, OSPF.
• Data center interconnect (DCI)—over-the-top (OTT) full mesh only.
• EVPN proxy ARP and ARP suppression, and proxy NDP and NDP suppression.

Regards
Roger

On Mon, Nov 27, 2023 at 11:31 AM Denis Fondras via juniper-nsp <
juniper-nsp@puck.nether.net> wrote:

> Hello,
>
> Thank you very much everyone for the help.
>
> It seems that `netraven` nailed it.
> I missed the part where QFX5110 could not support multiple forwarding
> instances.
>
> I will have to go back to the legacy protocol then :/
> Replacing IPv6 addresses with IPv4 addresses, keeping the same config,
> worked on
> first try.
>
> Thank you again !
> Denis
>
>
> Le Mon, Nov 27, 2023 at 10:52:52AM +0100, netravnen+nspl...@gmail.com a
> écrit :
> > Dennis,
> >
> > On Sat, 25 Nov 2023 at 15:26, Denis Fondras via juniper-nsp
> >  wrote:
> > > Can you give a clue ? I haven't found any information on wether it
> could work on
> > > QFX5110.
> >
> > Looking at the two pages below.
> > 1. The QFX5120 (assuming this also applies to the QFX5120-32C model)
> > *only* supports the default-switch forwarding instance.
> > 2. And IPv6 underlays seem to be *exactly not* supported for the
> > default-switch forwarding instance.
> >
> > If I take this from what it reads. It looks like you cannot archive
> > what you are trying atm.
> >
> > Try asking JTAC to confirm this?
> >
> > From:
> >
> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/concept/mac-vrf-routing-instance-overview.html#xd_4081e20476f017c2--1e138ae7-1795628658a--7dbc__subsection_mac-vrf-service-types
> > """
> > EX4400, QFX5100, QFX5110, QFX5120, QFX5200, QFX5130-32CD, and QFX5700
> > switches, and PTX10001-36MR, PTX10004, PTX10008, PTX10016 routers
> > These devices support only one forwarding instance (default-switch).
> (...)
> > """
> >
> > From:
> >
> https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/topic-map/vxlan-ipv6-underlay-overview.html
> > """
> > (QFX Series switches) You must use MAC-VRF routing instances with EVPN
> > protocol and VXLAN encapsulation. We don't support IPv6 underlays with
> > other instance types such as evpn, evpn-vpws, virtual-switch or the
> > default switching instance.
> > """
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp