Re: [j-nsp] BGP EVPN, VXLAN and ECMP
❦ 29 mars 2018 15:36 +0100, : > Ok so you have the FIB level load-sharing enabled > Do you have BGP multipath configured with the multiple-as option too? > set protocols bgp group foo123 multipath multiple-as > > -Though from the outputs it seem like everything is set up right. > You have the same metric2 (cause ebgp) so should be fine. > And the next-hop is copied form the inactive route to active one. I am using iBGP, so everything comes from the same AS. Each neighbor is a route reflector distributing a distinct set of routes. I have tried to add multiple-as nonetheless, but no change. The good news is that half of the VTEP are using one next-hop and the other half the others one. If I put down a BGP session and back, the next hops are still distributed over the sets of VTEP. This is not ideal, but this enough for my situation. -- Go not to the elves for counsel, for they will say both yes and no. -- J.R.R. Tolkien ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
Ok so you have the FIB level load-sharing enabled
Do you have BGP multipath configured with the multiple-as option too?
set protocols bgp group foo123 multipath multiple-as
-Though from the outputs it seem like everything is set up right.
You have the same metric2 (cause ebgp) so should be fine.
And the next-hop is copied form the inactive route to active one.
adam
netconsultings.com
::carrier-class solutions for the telecommunications industry::
> -Original Message-
> From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf
> Of Vincent Bernat
> Sent: Thursday, March 29, 2018 12:01 PM
> To: juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] BGP EVPN, VXLAN and ECMP
>
> ❦ 29 mars 2018 12:22 +0200, Sebastian Wiesinger :
>
> >> # run show route 10.16.39.3
> >>
> >> inet.0: 240 destinations, 1808 routes (240 active, 0 holddown, 0
> >> hidden)
> >> + = Active Route, - = Last Active, * = Both
> >>
> >> 10.16.39.3/32 *[BGP/140] 00:38:24, localpref 500, from 10.64.0.5
> >> AS path: I, validation-state: unverified
> >> to 10.64.0.23 via xe-0/0/46.181
> >> > to 10.64.128.23 via xe-0/0/47.183
> >
> > Can you do a 'run show route 10.16.39.3 extensive'?
>
> Here is the full output. There are two selected paths (and two additional
> paths which are not used due to lower preference).
>
> vbe@net-connect001.gv2> show route 10.16.39.3 extensive
>
> inet.0: 236 destinations, 908 routes (236 active, 0 holddown, 0 hidden)
> 10.16.39.3/32 (4 entries, 1 announced)
> TSI:
> KRT in-kernel 10.16.39.3/32 -> {list:indirect(131094), indirect(131205)}
> *BGPPreference: 140/-501
> Next hop type: Indirect, Next hop index: 0
> Address: 0xb21c210
> Next-hop reference count: 3
> Source: 10.64.0.5
> Next hop type: Router, Next hop index: 1885
> Next hop: 10.64.0.23 via xe-0/0/46.181
> Session Id: 0x0
> Next hop type: Router, Next hop index: 1767
> Next hop: 10.64.128.23 via xe-1/0/47.183, selected
> Session Id: 0x0
> Protocol next hop: 10.64.0.23
> Indirect next hop: 0xc5ceb00 131205 INH Session ID: 0x0
> Protocol next hop: 10.64.128.23
> Indirect next hop: 0xc5b8780 131094 INH Session ID: 0x0
> State:
> Local AS: 65199 Peer AS: 65098
> Age: 2:15:52Metric2: 0
> Validation State: unverified
> Task: BGP_65098_65098.10.64.0.5
> Announcement bits (4): 0-KRT 2-BGP_Listen.0.0.0.0+179
> 4-Resolve
> tree 2 6-Resolve tree 3
> AS path: I (Originator)
> Cluster list: 10.64.0.0
> Originator ID: 100.64.0.23
> Accepted Multipath
> Localpref: 500
> Router ID: 10.64.0.5
> Indirect next hops: 2
> Protocol next hop: 10.64.0.23
> Indirect next hop: 0xc5ceb00 131205 INH Session ID:
> 0x0
> Indirect path forwarding next hops: 1
> Next hop type: Router
> Next hop: 10.64.0.23 via xe-0/0/46.181
> Session Id: 0x0
> 10.64.0.0/18 Originating RIB: inet.0
> Node path count: 1
> Forwarding nexthops: 1
> Next hop type: Interface
> Nexthop: via xe-0/0/46.181
> Protocol next hop: 10.64.128.23
> Indirect next hop: 0xc5b8780 131094 INH Session ID:
> 0x0
> Indirect path forwarding next hops: 1
> Next hop type: Router
> Next hop: 10.64.128.23 via xe-1/0/47.183
> Session Id: 0x0
> 10.64.128.0/18 Originating RIB: inet.0
> Node path count: 1
> Forwarding nexthops: 1
> Next hop type: Interface
> Nexthop: via xe-1/0/47.183
> BGPPreference: 140/-501
> Next hop type: Indirect, Next hop index: 0
> Address: 0xb3a3730
> Next-hop reference count: 2
> Source: 10.64.128.4
> Next hop type: Ro
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
❦ 29 mars 2018 13:40 +0200, Sebastian Wiesinger :
>> vbe@net-connect001.gv2> show route 10.16.39.3 extensive
>>
>> inet.0: 236 destinations, 908 routes (236 active, 0 holddown, 0 hidden)
>> 10.16.39.3/32 (4 entries, 1 announced)
>> TSI:
>> KRT in-kernel 10.16.39.3/32 -> {list:indirect(131094), indirect(131205)}
>> *BGPPreference: 140/-501
>> Next hop type: Indirect, Next hop index: 0
>> Address: 0xb21c210
>> Next-hop reference count: 3
>> Source: 10.64.0.5
>> Next hop type: Router, Next hop index: 1885
>> Next hop: 10.64.0.23 via xe-0/0/46.181
>> Session Id: 0x0
>> Next hop type: Router, Next hop index: 1767
>> Next hop: 10.64.128.23 via xe-1/0/47.183, selected
>> Session Id: 0x0
>> Protocol next hop: 10.64.0.23
>> Indirect next hop: 0xc5ceb00 131205 INH Session ID: 0x0
>> Protocol next hop: 10.64.128.23
>> Indirect next hop: 0xc5b8780 131094 INH Session ID: 0x0
>
> Interesting, which JunOS version is that? It looks slightly different
> here:
>
> root@storage-leaf-1# run show route 172.16.0.11/32 extensive
>
> inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
> 172.16.0.11/32 (1 entry, 1 announced)
> TSI:
> KRT in-kernel 172.16.0.11/32 -> {list:172.17.1.0, 172.17.2.0}
> *IS-IS Preference: 18
> Level: 2
> Next hop type: Router, Next hop index: 0
> Address: 0xb21c290
> Next-hop reference count: 5
> Next hop: 172.17.1.0 via et-0/0/48.0 weight 0x1, selected
> Session Id: 0x0
> Next hop: 172.17.2.0 via et-0/0/49.0 weight 0x1
> Session Id: 0x0
> State:
This is:
Model: qfx5100-48s-6q
Junos: 17.3R2.10
Maybe because this is a route learnt from a route reflector?
--
Format a program to help the reader understand it.
- The Elements of Programming Style (Kernighan & Plauger)
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
* Vincent Bernat [2018-03-29 13:01]:
> Here is the full output. There are two selected paths (and two
> additional paths which are not used due to lower preference).
>
> vbe@net-connect001.gv2> show route 10.16.39.3 extensive
>
> inet.0: 236 destinations, 908 routes (236 active, 0 holddown, 0 hidden)
> 10.16.39.3/32 (4 entries, 1 announced)
> TSI:
> KRT in-kernel 10.16.39.3/32 -> {list:indirect(131094), indirect(131205)}
> *BGPPreference: 140/-501
> Next hop type: Indirect, Next hop index: 0
> Address: 0xb21c210
> Next-hop reference count: 3
> Source: 10.64.0.5
> Next hop type: Router, Next hop index: 1885
> Next hop: 10.64.0.23 via xe-0/0/46.181
> Session Id: 0x0
> Next hop type: Router, Next hop index: 1767
> Next hop: 10.64.128.23 via xe-1/0/47.183, selected
> Session Id: 0x0
> Protocol next hop: 10.64.0.23
> Indirect next hop: 0xc5ceb00 131205 INH Session ID: 0x0
> Protocol next hop: 10.64.128.23
> Indirect next hop: 0xc5b8780 131094 INH Session ID: 0x0
Interesting, which JunOS version is that? It looks slightly different
here:
root@storage-leaf-1# run show route 172.16.0.11/32 extensive
inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
172.16.0.11/32 (1 entry, 1 announced)
TSI:
KRT in-kernel 172.16.0.11/32 -> {list:172.17.1.0, 172.17.2.0}
*IS-IS Preference: 18
Level: 2
Next hop type: Router, Next hop index: 0
Address: 0xb21c290
Next-hop reference count: 5
Next hop: 172.17.1.0 via et-0/0/48.0 weight 0x1, selected
Session Id: 0x0
Next hop: 172.17.2.0 via et-0/0/49.0 weight 0x1
Session Id: 0x0
State:
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
❦ 29 mars 2018 12:22 +0200, Sebastian Wiesinger :
>> # run show route 10.16.39.3
>>
>> inet.0: 240 destinations, 1808 routes (240 active, 0 holddown, 0 hidden)
>> + = Active Route, - = Last Active, * = Both
>>
>> 10.16.39.3/32 *[BGP/140] 00:38:24, localpref 500, from 10.64.0.5
>> AS path: I, validation-state: unverified
>> to 10.64.0.23 via xe-0/0/46.181
>> > to 10.64.128.23 via xe-0/0/47.183
>
> Can you do a 'run show route 10.16.39.3 extensive'?
Here is the full output. There are two selected paths (and two
additional paths which are not used due to lower preference).
vbe@net-connect001.gv2> show route 10.16.39.3 extensive
inet.0: 236 destinations, 908 routes (236 active, 0 holddown, 0 hidden)
10.16.39.3/32 (4 entries, 1 announced)
TSI:
KRT in-kernel 10.16.39.3/32 -> {list:indirect(131094), indirect(131205)}
*BGPPreference: 140/-501
Next hop type: Indirect, Next hop index: 0
Address: 0xb21c210
Next-hop reference count: 3
Source: 10.64.0.5
Next hop type: Router, Next hop index: 1885
Next hop: 10.64.0.23 via xe-0/0/46.181
Session Id: 0x0
Next hop type: Router, Next hop index: 1767
Next hop: 10.64.128.23 via xe-1/0/47.183, selected
Session Id: 0x0
Protocol next hop: 10.64.0.23
Indirect next hop: 0xc5ceb00 131205 INH Session ID: 0x0
Protocol next hop: 10.64.128.23
Indirect next hop: 0xc5b8780 131094 INH Session ID: 0x0
State:
Local AS: 65199 Peer AS: 65098
Age: 2:15:52Metric2: 0
Validation State: unverified
Task: BGP_65098_65098.10.64.0.5
Announcement bits (4): 0-KRT 2-BGP_Listen.0.0.0.0+179 4-Resolve
tree 2 6-Resolve tree 3
AS path: I (Originator)
Cluster list: 10.64.0.0
Originator ID: 100.64.0.23
Accepted Multipath
Localpref: 500
Router ID: 10.64.0.5
Indirect next hops: 2
Protocol next hop: 10.64.0.23
Indirect next hop: 0xc5ceb00 131205 INH Session ID: 0x0
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 10.64.0.23 via xe-0/0/46.181
Session Id: 0x0
10.64.0.0/18 Originating RIB: inet.0
Node path count: 1
Forwarding nexthops: 1
Next hop type: Interface
Nexthop: via xe-0/0/46.181
Protocol next hop: 10.64.128.23
Indirect next hop: 0xc5b8780 131094 INH Session ID: 0x0
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 10.64.128.23 via xe-1/0/47.183
Session Id: 0x0
10.64.128.0/18 Originating RIB: inet.0
Node path count: 1
Forwarding nexthops: 1
Next hop type: Interface
Nexthop: via xe-1/0/47.183
BGPPreference: 140/-501
Next hop type: Indirect, Next hop index: 0
Address: 0xb3a3730
Next-hop reference count: 2
Source: 10.64.128.4
Next hop type: Router, Next hop index: 1767
Next hop: 10.64.128.23 via xe-1/0/47.183, selected
Session Id: 0x0
Protocol next hop: 10.64.128.23
Indirect next hop: 0xc5b8780 131094 INH Session ID: 0x0
State:
Inactive reason: Not Best in its group - Cluster list length
Local AS: 65199 Peer AS: 65098
Age: 2:16:00Metric2: 0
Validation State: unverified
Task: BGP_65098_65098.10.64.128.4
AS path: I (Originator)
Cluster list: 10.64.128.1 10.64.128.0
Originator ID: 100.64.0.23
Accepted MultipathContrib
Localpref: 500
Router ID: 10.64.128.4
Indirect next hops: 1
Protocol next hop: 10.64.128.23
Indirect next hop: 0xc5b8780 131094 INH Session ID: 0x0
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 10.64.128.23 via xe-1/0/47.183
Session Id: 0x0
10.64.128.0/18 Originat
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
* Vincent Bernat [2018-03-28 16:26]: > Hey! > > I am trying to setup a Juniper QFX5100 as a VTEP with a very classic > setup. Everything works as expected, but the setup is only using one > possible path from the underlay network. > > I have the route to the other VTEP like this: > > # run show route 10.16.39.3 > > inet.0: 240 destinations, 1808 routes (240 active, 0 holddown, 0 hidden) > + = Active Route, - = Last Active, * = Both > > 10.16.39.3/32 *[BGP/140] 00:38:24, localpref 500, from 10.64.0.5 > AS path: I, validation-state: unverified > to 10.64.0.23 via xe-0/0/46.181 > > to 10.64.128.23 via xe-0/0/47.183 Can you do a 'run show route 10.16.39.3 extensive'? For the record this work on JunOS 17.3 here (ISIS as underlay): Bridging domain: EVPN-TEST-1.evpn-vxlan [Index 7] VPLS: Enabled protocols: Bridging, ACKed by all peers, EVPN VXLAN, Destination: 3c:8a:b0:db:28:83/48 Learn VLAN: 0Route type: user Route reference: 0 Route interface-index: 558 Multicast RPF nh index: 0 P2mpidx: 0 IFL generation: 136598 Epoch: 0 Sequence Number: 0 Learn Mask: 0x4100 L2 Flags: control_dyn Flags: sent to PFE Nexthop: Next-hop type: composite Index: 1723 Reference: 509 Next-hop type: indirect Index: 131073 Reference: 3 Next-hop type: unilist Index: 131070 Reference: 3 Nexthop: 172.17.1.0 Next-hop type: unicast Index: 1721 Reference: 6 Next-hop interface: et-0/0/48.0 Weight: 0x1 Nexthop: 172.17.2.0 Next-hop type: unicast Index: 1722 Reference: 6 Next-hop interface: et-0/0/49.0 Weight: 0x1 One thing we discovered is that QFX5100 can only loadbalance in the underlay (ECMP for the VTEP IP address) but not in the overlay for ESIs. When you have an ESI that is reachable through two VTEPs, only one will be used for forwarding. If that is a problem for you in practice depends on where you attach stuff. If you have something attached to the Spines (for example L3 to external) this might hit you performance-wise. It seems QFX5100 will do some sort of load-balancing for Destination-MACs per ESI (reach MAC-A trough VTEP 1, reach MAC-B trough VTEP 2) but I haven't tested that. QFX10k on the other hand will install multiple next-hops for ESIs. BTW: We're also seeing problems with third-party optics in JunOS 17.3 on QFX5k. CRC errors and problems with interfaces not coming up instantly. Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
❦ 29 mars 2018 02:08 GMT, Nikolas Geyer : > As someone else has mentioned are you sure you have per-packet load > balancing policy exported in forwarding-options for all protocols? What do you mean by "all protocols"? I just have: set routing-options forwarding-table export loadbalance set policy-options policy-statement loadbalance then load-balance per-packet I have nothing in "forwarding-options". -- Make sure all variables are initialised before use. - The Elements of Programming Style (Kernighan & Plauger) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
So, after trying 17.3R2 and 14.1X53-D63, I have the same behavior with 17.3 and rpd is crashing with 14.1X53. I have also looked at what the FPC thinks, but I am unsure how the lookup is done: TFXPC0(net-connect001.gv2 vty)# show l2 manager mac-table detail [...] route table name : default-switch.4 mac counters maximum count 0 3 mac address 0a:e3:40:00:00:d9 bd_index 3 learn vlan 0 FwdEntry Addr0x297ee932 entry flags 0x14 need sync flag False retry count 0 In ifl list, In RTT Table entry iflvtep.32769 entry hw ifl vtep.32769 entry seq number 0 entry epoch 0 stp_index0 hardware information pfe id 0 [...] TFXPC0(net-connect001.gv2 vty)# show interfaces vtep.32769 Completes command statisticsInterface statistics targeting Show ae link targeting TFXPC0(net-connect001.gv2 vty)# show interfaces vtep.32769 Logical interface vtep.32769 (Index 570, Alias-Index 0 Peer-Index 0 ifl address 0x297ee478) Channel Mode DISABLED (channel1 6 channel2 0) Flags: (0x8000) Up SNMP-Traps GEN Flags: (0x) Addresses: Media address: Family: Unspecified (0), Chan: 0, Length: 0 IRB ifl BD index 65535 VTEP IP address 10.16.39.3 VTEP L2 RTT index 4 VTEP L3 RTT index 0 VTEP interface type (remote) Vxlan encapsulation NH id 0 VTEP flags 0x0x0 Reroute Ref: 0, Restore Ref: 0, LRID: 0 Residue Stats in: 0 out: 0 Protocols: Protocol: BRIDGE, MTU: 65535 bytes, TCP MSS 0 bytes, Flags: 0x01400c00, Route table: 4 Maximum labels: 0 Mesh-group index: 0 Input filter: 0, Output filter: 0, Interface class: 0, Dialer Filter: 0 Input Simple Filter: 0, Output Simple Filter: 0 Input implicit filters: None Output implicit filters: None L2 Input policer: 0, L2 Output policer: 0 Input policer: 0, Output policer: 0 RPF fail-filter: 0, Reroute Ref: 0, Restore Ref: 0 STP Index: 0, Unicast nh_id: 0, Unicast Token: 98 L2 IFF multi BD : 1, Forwarding Nexthop : 0, Flags 0x0 Media: Type: VxLAN End Point, Encapsulation: Ethernet (0x000E) MTU: 4294967295 bytes, Flags: 0x Dependencies: Parent ifl index: 570 Storm control: BC: 0, UC: 0, Flags: 0x1 Creation time: Mar 29 08:40:19 2018 So, from here, I don't know where to go. TFXPC0(net-connect001.gv2 vty)# show route ip prefix 10.16.39.3 IPv4 Route Table 0, default.0, 0x8: Destination NH IP Addr Type NH ID Interface - --- - - 10.16.39.3 Unilist 131332 RT-ifl 0 [...] IPv4 Route Table 7, :vxlan.7, 0x0: Destination NH IP Addr Type NH ID Interface - --- - - 10.16.39.310.64.128.23Indirect 131457 RT-ifl 0 xe-1/0/47.183 ifl 566 So, if it uses the table 7, there is only one next-hop. If it uses the table 0, there are two hops. TFXPC0(net-connect001.gv2 vty)# show nhdb id 131457 extensive ID Type InterfaceNext Hop AddrProtocol Encap MTU Flags PFE internal Flags - - --- -- -- -- 131457 Indirect xe-1/0/47.183 - IPv4 Ethernet 0 0x 0x BFD Session Id: 0 Indirect Target: (no-jtree) ID Type InterfaceNext Hop AddrProtocol Encap MTU Flags PFE internal Flags - - --- -- -- -- 1767 Unicast xe-1/0/47.183 10.64.128.23 IPv4 Ethernet 0 0x 0x Routing-table id: 0 -- Watch out for off-by-one errors. - The Elements of Programming Style (Kernighan & Plauger) ――― Original Message ――― From: Nitzan Tzelniker Sent: 28 mars 2018 19:44 GMT Subject: Re: [j-nsp] BGP EVPN, VXLAN and ECMP To: ber...@luffy.cx Cc: juniper-nsp@puck.nether.net > Not sure I understand you but both can run 17.3R2 (just time of > installation ) > > > On Wed, Mar 28, 2018 at 10:16 PM Vincent Bernat wrote: > >> ❦ 28 mars 2018 19:06 GMT, Nitzan Tzelniker : >> >> > The 5100 run 15.1X53-D63 and the 5110 17.3R2 >> >> Do you mean the other way around? No 15.1X53 for the 5100. >> -- >> Use statement labels that mean something. >> - The Elements of Programming Style (Kernighan & Plauger) >> ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
A quick word of caution, if you use third party optics be very careful moving to Junos 17. We have found a bunch of ours unusable in Junos 17 and while our account team has been fantastic in trying to find out what’s changed in the code the official response has been “non Juniper optic, go away” and we literally run hundreds if not thousands of the QFX5ks which has put us in a difficult position. That said, I was recently doing QFX5100 testing of VXLAN on various trains from Junos 14 through Junos 16 (17 bombed out due to above mentioned optic issue) and cant recall a problem with ECMP. I’ll pull the configs in the morning and send them through off list. As someone else has mentioned are you sure you have per-packet load balancing policy exported in forwarding-options for all protocols? Sent from my iPhone > On 28 Mar 2018, at 3:45 pm, Nitzan Tzelniker > wrote: > > Not sure I understand you but both can run 17.3R2 (just time of > installation ) > > >> On Wed, Mar 28, 2018 at 10:16 PM Vincent Bernat wrote: >> >> ❦ 28 mars 2018 19:06 GMT, Nitzan Tzelniker : >> >>> The 5100 run 15.1X53-D63 and the 5110 17.3R2 >> >> Do you mean the other way around? No 15.1X53 for the 5100. >> -- >> Use statement labels that mean something. >>- The Elements of Programming Style (Kernighan & Plauger) >> > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
Not sure I understand you but both can run 17.3R2 (just time of installation ) On Wed, Mar 28, 2018 at 10:16 PM Vincent Bernat wrote: > ❦ 28 mars 2018 19:06 GMT, Nitzan Tzelniker : > > > The 5100 run 15.1X53-D63 and the 5110 17.3R2 > > Do you mean the other way around? No 15.1X53 for the 5100. > -- > Use statement labels that mean something. > - The Elements of Programming Style (Kernighan & Plauger) > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
❦ 28 mars 2018 19:06 GMT, Nitzan Tzelniker : > The 5100 run 15.1X53-D63 and the 5110 17.3R2 Do you mean the other way around? No 15.1X53 for the 5100. -- Use statement labels that mean something. - The Elements of Programming Style (Kernighan & Plauger) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
Thanks! I'll try with 15.1X53 too. -- For courage mounteth with occasion. -- William Shakespeare, "King John" ――― Original Message ――― From: Nitzan Tzelniker Sent: 28 mars 2018 19:06 GMT Subject: Re: [j-nsp] BGP EVPN, VXLAN and ECMP To: ber...@luffy.cx Cc: juniper-nsp@puck.nether.net > Yes I have two routes in vxlan.inet.0 > > nitzan@qfx5100> show route 10.111.44.222 > > inet.0: 111 destinations, 111 routes (111 active, 0 holddown, 0 hidden) > + = Active Route, - = Last Active, * = Both > > 10.111.44.222/32*[OSPF/10] 1w5d 21:39:34, metric 4 > > to 10.111.33.99 via et-0/0/48.0 > to 10.111.33.100 via et-0/0/49.0 > > :vxlan.inet.0: 77 destinations, 77 routes (77 active, 0 holddown, 0 hidden) > + = Active Route, - = Last Active, * = Both > > 10.111.44.222/32*[Static/1] 1w1d 01:48:50, metric2 4 > > to 10.111.33.99 via et-0/0/48.0 > to 10.111.33.100 via et-0/0/49.0 > > > The 5100 run 15.1X53-D63 and the 5110 17.3R2 > > Nitzan > > > On Wed, Mar 28, 2018 at 9:54 PM Vincent Bernat wrote: > >> Hey! >> >> Which version of JunOS are you running? I am on 17.4R1. I see that >> 18.1R1 was just released, I may try it tomorrow. Do you also have >> a :vxlan.inet.0 table and does it show two paths too? >> >> In my configuration, I have: >> >> set routing-options forwarding-table export loadbalance >> set policy-options policy-statement loadbalance then load-balance >> per-packet >> set protocols bgp group v4-UNDERLAY multipath >> set protocols bgp group v4-EVPN multipath >> >> The PDF document is helpful. It says: >> >> > The QFX5100/QFX5110 can only install VTEP next hops in the PFE; it >> > cannot install ESI next hops. This means that, for any given overlay >> > destination, only one remote VTEP can be selected. To send traffic to >> > the selected VTEP, traffic can be load balanced at the underlay layer >> > through the two spine nodes. >> >> I need to do more tests, as the other provided commands may hint this is >> just a display issue. >> -- >> The lunatic, the lover, and the poet, >> Are of imagination all compact... >> -- Wm. Shakespeare, "A Midsummer Night's Dream" >> >> ――― Original Message ――― >> From: Nitzan Tzelniker >> Sent: 28 mars 2018 18:36 GMT >> Subject: Re: [j-nsp] BGP EVPN, VXLAN and ECMP >> To: ber...@luffy.cx >> Cc: juniper-nsp@puck.nether.net >> >> > Hi, >> > >> > Just check with 5110 and 5100 and on both I see two next hops >> > but I am using OSPF for the underlay >> > I think that you have multipath under BGP from the fact that we see two >> > paths under inet.0 but do you have forwarding-table policy with >> > "load-balance per-packet" ? >> > >> > BTW take a look here >> > >> https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/lb-evpn-vxlan-tn.pdf >> > >> > >> > Thanks >> > >> > Nitzan >> > >> > >> > On Wed, Mar 28, 2018 at 5:27 PM Vincent Bernat wrote: >> > >> >> Hey! >> >> >> >> I am trying to setup a Juniper QFX5100 as a VTEP with a very classic >> >> setup. Everything works as expected, but the setup is only using one >> >> possible path from the underlay network. >> >> >> >> I have the route to the other VTEP like this: >> >> >> >> # run show route 10.16.39.3 >> >> >> >> inet.0: 240 destinations, 1808 routes (240 active, 0 holddown, 0 hidden) >> >> + = Active Route, - = Last Active, * = Both >> >> >> >> 10.16.39.3/32 *[BGP/140] 00:38:24, localpref 500, from 10.64.0.5 >> >> AS path: I, validation-state: unverified >> >> to 10.64.0.23 via xe-0/0/46.181 >> >> > to 10.64.128.23 via xe-0/0/47.183 >> >> [BGP/140] 00:38:24, localpref 500, from 10.64.128.6 >> >> AS path: I, validation-state: unverified >> >> > to 10.64.128.23 via xe-0/0/47.183 >> >> [BGP/140] 00:38:24, localpref 500, from 10.64.0.3 >> >> AS path: I, validation-state: unverified >> >> > to 10.64.0.23 via xe-0/0/46.181 >&
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
Yes I have two routes in vxlan.inet.0 nitzan@qfx5100> show route 10.111.44.222 inet.0: 111 destinations, 111 routes (111 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.111.44.222/32*[OSPF/10] 1w5d 21:39:34, metric 4 > to 10.111.33.99 via et-0/0/48.0 to 10.111.33.100 via et-0/0/49.0 :vxlan.inet.0: 77 destinations, 77 routes (77 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.111.44.222/32*[Static/1] 1w1d 01:48:50, metric2 4 > to 10.111.33.99 via et-0/0/48.0 to 10.111.33.100 via et-0/0/49.0 The 5100 run 15.1X53-D63 and the 5110 17.3R2 Nitzan On Wed, Mar 28, 2018 at 9:54 PM Vincent Bernat wrote: > Hey! > > Which version of JunOS are you running? I am on 17.4R1. I see that > 18.1R1 was just released, I may try it tomorrow. Do you also have > a :vxlan.inet.0 table and does it show two paths too? > > In my configuration, I have: > > set routing-options forwarding-table export loadbalance > set policy-options policy-statement loadbalance then load-balance > per-packet > set protocols bgp group v4-UNDERLAY multipath > set protocols bgp group v4-EVPN multipath > > The PDF document is helpful. It says: > > > The QFX5100/QFX5110 can only install VTEP next hops in the PFE; it > > cannot install ESI next hops. This means that, for any given overlay > > destination, only one remote VTEP can be selected. To send traffic to > > the selected VTEP, traffic can be load balanced at the underlay layer > > through the two spine nodes. > > I need to do more tests, as the other provided commands may hint this is > just a display issue. > -- > The lunatic, the lover, and the poet, > Are of imagination all compact... > -- Wm. Shakespeare, "A Midsummer Night's Dream" > > ――――――― Original Message ――― > From: Nitzan Tzelniker > Sent: 28 mars 2018 18:36 GMT > Subject: Re: [j-nsp] BGP EVPN, VXLAN and ECMP > To: ber...@luffy.cx > Cc: juniper-nsp@puck.nether.net > > > Hi, > > > > Just check with 5110 and 5100 and on both I see two next hops > > but I am using OSPF for the underlay > > I think that you have multipath under BGP from the fact that we see two > > paths under inet.0 but do you have forwarding-table policy with > > "load-balance per-packet" ? > > > > BTW take a look here > > > https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/lb-evpn-vxlan-tn.pdf > > > > > > Thanks > > > > Nitzan > > > > > > On Wed, Mar 28, 2018 at 5:27 PM Vincent Bernat wrote: > > > >> Hey! > >> > >> I am trying to setup a Juniper QFX5100 as a VTEP with a very classic > >> setup. Everything works as expected, but the setup is only using one > >> possible path from the underlay network. > >> > >> I have the route to the other VTEP like this: > >> > >> # run show route 10.16.39.3 > >> > >> inet.0: 240 destinations, 1808 routes (240 active, 0 holddown, 0 hidden) > >> + = Active Route, - = Last Active, * = Both > >> > >> 10.16.39.3/32 *[BGP/140] 00:38:24, localpref 500, from 10.64.0.5 > >> AS path: I, validation-state: unverified > >> to 10.64.0.23 via xe-0/0/46.181 > >> > to 10.64.128.23 via xe-0/0/47.183 > >> [BGP/140] 00:38:24, localpref 500, from 10.64.128.6 > >> AS path: I, validation-state: unverified > >> > to 10.64.128.23 via xe-0/0/47.183 > >> [BGP/140] 00:38:24, localpref 500, from 10.64.0.3 > >> AS path: I, validation-state: unverified > >> > to 10.64.0.23 via xe-0/0/46.181 > >> > >> :vxlan.inet.0: 17 destinations, 21 routes (17 active, 0 holddown, 0 > hidden) > >> + = Active Route, - = Last Active, * = Both > >> > >> 10.16.39.3/32 *[Static/1] 00:31:10, metric2 0 > >> > to 10.64.128.23 via xe-0/0/47.183 > >> > >> So, from an IP point of view, I have two available routes to the other > >> VTEP. In the :vxlan.inet.0 table, only one route is kept. I suppose the > >> problem is at this point. > >> > >> Looking at the forwarding table, I have only one indirect next-hop too: > >> > >> # show route forwarding-table family ethernet-switching bridge-domain > >> vlan-client1-543
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
Hey! Which version of JunOS are you running? I am on 17.4R1. I see that 18.1R1 was just released, I may try it tomorrow. Do you also have a :vxlan.inet.0 table and does it show two paths too? In my configuration, I have: set routing-options forwarding-table export loadbalance set policy-options policy-statement loadbalance then load-balance per-packet set protocols bgp group v4-UNDERLAY multipath set protocols bgp group v4-EVPN multipath The PDF document is helpful. It says: > The QFX5100/QFX5110 can only install VTEP next hops in the PFE; it > cannot install ESI next hops. This means that, for any given overlay > destination, only one remote VTEP can be selected. To send traffic to > the selected VTEP, traffic can be load balanced at the underlay layer > through the two spine nodes. I need to do more tests, as the other provided commands may hint this is just a display issue. -- The lunatic, the lover, and the poet, Are of imagination all compact... -- Wm. Shakespeare, "A Midsummer Night's Dream" ――― Original Message ――― From: Nitzan Tzelniker Sent: 28 mars 2018 18:36 GMT Subject: Re: [j-nsp] BGP EVPN, VXLAN and ECMP To: ber...@luffy.cx Cc: juniper-nsp@puck.nether.net > Hi, > > Just check with 5110 and 5100 and on both I see two next hops > but I am using OSPF for the underlay > I think that you have multipath under BGP from the fact that we see two > paths under inet.0 but do you have forwarding-table policy with > "load-balance per-packet" ? > > BTW take a look here > https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/lb-evpn-vxlan-tn.pdf > > > Thanks > > Nitzan > > > On Wed, Mar 28, 2018 at 5:27 PM Vincent Bernat wrote: > >> Hey! >> >> I am trying to setup a Juniper QFX5100 as a VTEP with a very classic >> setup. Everything works as expected, but the setup is only using one >> possible path from the underlay network. >> >> I have the route to the other VTEP like this: >> >> # run show route 10.16.39.3 >> >> inet.0: 240 destinations, 1808 routes (240 active, 0 holddown, 0 hidden) >> + = Active Route, - = Last Active, * = Both >> >> 10.16.39.3/32 *[BGP/140] 00:38:24, localpref 500, from 10.64.0.5 >> AS path: I, validation-state: unverified >> to 10.64.0.23 via xe-0/0/46.181 >> > to 10.64.128.23 via xe-0/0/47.183 >> [BGP/140] 00:38:24, localpref 500, from 10.64.128.6 >> AS path: I, validation-state: unverified >> > to 10.64.128.23 via xe-0/0/47.183 >> [BGP/140] 00:38:24, localpref 500, from 10.64.0.3 >> AS path: I, validation-state: unverified >> > to 10.64.0.23 via xe-0/0/46.181 >> >> :vxlan.inet.0: 17 destinations, 21 routes (17 active, 0 holddown, 0 hidden) >> + = Active Route, - = Last Active, * = Both >> >> 10.16.39.3/32 *[Static/1] 00:31:10, metric2 0 >> > to 10.64.128.23 via xe-0/0/47.183 >> >> So, from an IP point of view, I have two available routes to the other >> VTEP. In the :vxlan.inet.0 table, only one route is kept. I suppose the >> problem is at this point. >> >> Looking at the forwarding table, I have only one indirect next-hop too: >> >> # show route forwarding-table family ethernet-switching bridge-domain >> vlan-client1-543 extensive >>Routing table: default-switch.bridge [Index 4] >>Bridging domain: vlan-client1-543.bridge [Index 3] >>VPLS: >>Enabled protocols: Bridging, ACKed by all peers, >> >> [...] >>Destination: 0a:e3:40:00:00:d9/48 >> Learn VLAN: 0Route type: user >> Route reference: 0 Route interface-index: 575 >> Multicast RPF nh index: 0 >> P2mpidx: 0 >> IFL generation: 142 Epoch: 0 >> Sequence Number: 0 Learn Mask: >> 0x4000 >> L2 Flags: control_dyn >> Flags: sent to PFE >> Next-hop type: composite Index: 2045 Reference: 6 >> Next-hop type: indirect Index: 131317 Reference: 3 >> Nexthop: 10.64.128.23 >> Next-hop type: unicast Index: 1928 Reference: 4 >> Next-hop interface: xe-0/0/47.183 >> >> So, how to ensure the two possible next-hops are copied to the >> ":vxlan.inet.0" table? >> -- >> Make input easy to prepare and output self-explanatory. >> - The Elements of Programming Style (Kernighan & Plauger) >> ___ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] BGP EVPN, VXLAN and ECMP
Hi, Just check with 5110 and 5100 and on both I see two next hops but I am using OSPF for the underlay I think that you have multipath under BGP from the fact that we see two paths under inet.0 but do you have forwarding-table policy with "load-balance per-packet" ? BTW take a look here https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/lb-evpn-vxlan-tn.pdf Thanks Nitzan On Wed, Mar 28, 2018 at 5:27 PM Vincent Bernat wrote: > Hey! > > I am trying to setup a Juniper QFX5100 as a VTEP with a very classic > setup. Everything works as expected, but the setup is only using one > possible path from the underlay network. > > I have the route to the other VTEP like this: > > # run show route 10.16.39.3 > > inet.0: 240 destinations, 1808 routes (240 active, 0 holddown, 0 hidden) > + = Active Route, - = Last Active, * = Both > > 10.16.39.3/32 *[BGP/140] 00:38:24, localpref 500, from 10.64.0.5 > AS path: I, validation-state: unverified > to 10.64.0.23 via xe-0/0/46.181 > > to 10.64.128.23 via xe-0/0/47.183 > [BGP/140] 00:38:24, localpref 500, from 10.64.128.6 > AS path: I, validation-state: unverified > > to 10.64.128.23 via xe-0/0/47.183 > [BGP/140] 00:38:24, localpref 500, from 10.64.0.3 > AS path: I, validation-state: unverified > > to 10.64.0.23 via xe-0/0/46.181 > > :vxlan.inet.0: 17 destinations, 21 routes (17 active, 0 holddown, 0 hidden) > + = Active Route, - = Last Active, * = Both > > 10.16.39.3/32 *[Static/1] 00:31:10, metric2 0 > > to 10.64.128.23 via xe-0/0/47.183 > > So, from an IP point of view, I have two available routes to the other > VTEP. In the :vxlan.inet.0 table, only one route is kept. I suppose the > problem is at this point. > > Looking at the forwarding table, I have only one indirect next-hop too: > > # show route forwarding-table family ethernet-switching bridge-domain > vlan-client1-543 extensive >Routing table: default-switch.bridge [Index 4] >Bridging domain: vlan-client1-543.bridge [Index 3] >VPLS: >Enabled protocols: Bridging, ACKed by all peers, > > [...] >Destination: 0a:e3:40:00:00:d9/48 > Learn VLAN: 0Route type: user > Route reference: 0 Route interface-index: 575 > Multicast RPF nh index: 0 > P2mpidx: 0 > IFL generation: 142 Epoch: 0 > Sequence Number: 0 Learn Mask: > 0x4000 > L2 Flags: control_dyn > Flags: sent to PFE > Next-hop type: composite Index: 2045 Reference: 6 > Next-hop type: indirect Index: 131317 Reference: 3 > Nexthop: 10.64.128.23 > Next-hop type: unicast Index: 1928 Reference: 4 > Next-hop interface: xe-0/0/47.183 > > So, how to ensure the two possible next-hops are copied to the > ":vxlan.inet.0" table? > -- > Make input easy to prepare and output self-explanatory. > - The Elements of Programming Style (Kernighan & Plauger) > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] BGP EVPN, VXLAN and ECMP
Hey! I am trying to setup a Juniper QFX5100 as a VTEP with a very classic setup. Everything works as expected, but the setup is only using one possible path from the underlay network. I have the route to the other VTEP like this: # run show route 10.16.39.3 inet.0: 240 destinations, 1808 routes (240 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.16.39.3/32 *[BGP/140] 00:38:24, localpref 500, from 10.64.0.5 AS path: I, validation-state: unverified to 10.64.0.23 via xe-0/0/46.181 > to 10.64.128.23 via xe-0/0/47.183 [BGP/140] 00:38:24, localpref 500, from 10.64.128.6 AS path: I, validation-state: unverified > to 10.64.128.23 via xe-0/0/47.183 [BGP/140] 00:38:24, localpref 500, from 10.64.0.3 AS path: I, validation-state: unverified > to 10.64.0.23 via xe-0/0/46.181 :vxlan.inet.0: 17 destinations, 21 routes (17 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.16.39.3/32 *[Static/1] 00:31:10, metric2 0 > to 10.64.128.23 via xe-0/0/47.183 So, from an IP point of view, I have two available routes to the other VTEP. In the :vxlan.inet.0 table, only one route is kept. I suppose the problem is at this point. Looking at the forwarding table, I have only one indirect next-hop too: # show route forwarding-table family ethernet-switching bridge-domain vlan-client1-543 extensive Routing table: default-switch.bridge [Index 4] Bridging domain: vlan-client1-543.bridge [Index 3] VPLS: Enabled protocols: Bridging, ACKed by all peers, [...] Destination: 0a:e3:40:00:00:d9/48 Learn VLAN: 0Route type: user Route reference: 0 Route interface-index: 575 Multicast RPF nh index: 0 P2mpidx: 0 IFL generation: 142 Epoch: 0 Sequence Number: 0 Learn Mask: 0x4000 L2 Flags: control_dyn Flags: sent to PFE Next-hop type: composite Index: 2045 Reference: 6 Next-hop type: indirect Index: 131317 Reference: 3 Nexthop: 10.64.128.23 Next-hop type: unicast Index: 1928 Reference: 4 Next-hop interface: xe-0/0/47.183 So, how to ensure the two possible next-hops are copied to the ":vxlan.inet.0" table? -- Make input easy to prepare and output self-explanatory. - The Elements of Programming Style (Kernighan & Plauger) ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
