Hi Rob, RFC 7432, Section 8.5:
If a bridged network is multihomed to more than one PE in an EVPN network via switches, then the support of All-Active redundancy mode requires the bridged network to be connected to two or more PEs using a LAG. So, have you MC-LAG (facing EVPN PEs) configured on your switches? Thanks, Krzysztof > On 2019-Apr-18, at 07:43, Rob Foehl <[email protected]> wrote: > > I've been experimenting with EVPN all-active multihoming toward some large > legacy layer 2 domains, and running into some fairly bizarre behavior... > > First and foremost, is a topology like this even a valid use case? > > EVPN PE <-> switch <-> switch <-> EVPN PE > > ...where both switches are STP root bridges and have a pile of VLANs and > other switches behind them. All of the documentation seems to hint at LACP > toward a single CE device being the expected config here -- is that accurate? > If so, are there any options to make the above work? > > If I turn up EVPN virtual-switch routing instances on both PEs as above with > config on both roughly equivalent to the following: > > interfaces { > xe-0/1/2 { > flexible-vlan-tagging; > encapsulation flexible-ethernet-services; > esi { > 00:11:11:11:11:11:11:11:11:11; > all-active; > } > unit 12 { > encapsulation vlan-bridge; > vlan-id 12; > } > } > } > routing-instances { > test { > instance-type virtual-switch; > vrf-target target:65000:1; > protocols { > evpn { > extended-vlan-list 12; > } > } > bridge-domains { > test-vlan12 { > vlan-id 12; > interface xe-0/1/2.12; > } > } > } > } > > Everything works fine for a few minutes -- exact time varies -- then what > appears to be thousands of packets of unknown unicast traffic starts flowing > between the PEs, and doesn't stop until one or the other is disabled. Same > behavior on this particular segment with or without any remote PEs connected. > > Both PEs are MX204s running 18.1R3-S4, automatic route distinguishers, full > mesh RSVP LSPs between, direct BGP with family evpn allowed, no LDP. > > I'm going to try a few more tests with single-active and enabling MAC > accounting to try to nail down what this traffic actually is, but figure I'd > better first ask whether I'm nuts for trying this at all... > > -Rob > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
