Re: [j-nsp] EVPN

Mon, 10 Aug 2015 13:15:26 -0700 

On 08/08/2015 22:01, Chuck Anderson wrote:

On Wed, May 06, 2015 at 12:13:41PM +0100, Matt Bernstein via juniper-nsp wrote:


I'm looking at a 10Gb/s L2 DCI over the Internet. EVPN (I think
MPLSoGRE pseudowires), then over IPsec, using active/active MX240
routers in each location. Looks elegant on paper, although if our
PoC turns up any gremlins we can fall back to boring (but obviously
less elegant) VPLSoGREoIPsec.



Do you have any news to report on your EVPN deployment?  Did you have
to fall back to VPLS?



I hope to have news in the next few days; we're still working on the 
multi-homing-CE and resilience elements. We are largely basing our 
config on the Day One guide, but with the added encryption layer. I'm 
pretty confident we can stick with EVPN, but at one end we've got the 
PEs being in different campus buildings and so the same ESI is hitting 
different CE switches.



It's a bit fiddly with so much in inet.0; we took the encryption layer 
and stuffed it in its own msmic.inet.0 table, which seems to help 
protocols higher up the stack find the lo0 addresses they are expecting.



I can report latency is lower than I had feared: 4ms 1000-byte pings 
from my campus PC to a host on a VLAN over EVPN/MPLSoGREoIPsec:


        [mb@hogwash ~]$ ping  -s 1000 172.24.31.4 -i 0.2 -c 100 -q
        PING 172.24.31.4 (172.24.31.4) 1000(1028) bytes of data.

        --- 172.24.31.4 ping statistics ---
        100 packets transmitted, 100 received, 0% packet loss, time 19849ms
        rtt min/avg/max/mdev = 3.758/4.016/6.218/0.328 ms


The local end of that VLAN is 2ms away (four short-distance L3 hops, the 
last of which being the campus SRX firewall)


        [mb@hogwash ~]$ ping  -s 1000 172.24.31.1 -i 0.2 -c 100 -q
        PING 172.24.31.1 (172.24.31.1) 1000(1028) bytes of data.

        --- 172.24.31.1 ping statistics ---
        100 packets transmitted, 100 received, 0% packet loss, time 19835ms
        rtt min/avg/max/mdev = 1.769/2.041/3.824/0.259 ms


Throughput was tested with an Ixia in a 3rd-party lab: we broke 3Gb/s 
for IMIX and nudged 9Gb/s for a single stream of large frames.



Hope that's of some use for now. Plenty more testing to do. Will get 
back when we're looking to go into production.


Cheers,

Matt


_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp






















					Reply via email to