Re: [j-nsp] EVPN on QFX5200

Fri, 20 Sep 2019 08:48:29 -0700 

Hi Vincent,
Thank you for elaborating on this, I had the same question when read your reply. It may be not an issue for a small deployment but definitely should be considered in terms of BCP. 


Could you advise about various external connectivity options for 
EVPN-VXLAN fabric? Let's say there are two spines that centrally route 
VXLAN vnis and some leaves. Spines are CEs from core MPLS network 
perspective. I understand that EVPN can be extended to the PE router and 
L3-gateways run on them, but probably not right now. What is a proper 
way to connect spines to PE router or pair of PE routers? I'm looking 
into running EBGP from each spine to [each] PE router over routed P2P 
interface. Are there possible flaws in this topology? Is direct 
connection needed between spines in this case?


Kins regards,
Andrey


Vincent Bernat писал 2019-09-20 02:25:

❦ 20 septembre 2019 11:55 +12, Liam Farr <l...@maxumdata.com>:


I'm running VXLAN with ingress-node-replication in prod, can you
explain what you mean by havoc?


When using EVPN, prefer using "set protocols evpn multicast-mode
ingress-replication". Using "set vlans XXX vxlan
ingress-node-replication" will send replicated packets to all VTEP,
including the ones not advertising the Type 3 route. See
<https://www.juniper.net/documentation/en_US/junos/topics/example/evpn-vxlan-collapsed-topology.html>:


Retains the QFX10000 switch’s default setting of disabled for ingress
node replication for EVPN-VXLAN. With this feature disabled, if a
QFX10000 switch that functions as a VTEP receives a BUM packet
intended, for example, for a physical server in a VLAN with the VNI of
1001, the VTEP replicates and sends the packet only to VTEPs on which
the VNI of 1001 is configured. If this feature is enabled, the VTEP
replicates and sends this packet to all VTEPs in its database,
including those that do not have VNI 1001 configured. To prevent a
VTEP from needlessly flooding BUM traffic throughout an EVPN-VXLAN
overlay network, we strongly recommend that if not already disabled,
you disable ingress node replication on each of the leaf devices by
specifying the delete vlans vlan-name vxlan ingress-node-replication
command.


In turn, this may exhaust the resources of the Broadcom
chipset (Trident2 or Trident2+) if you have a lot of VLANs and/or a lot
of VTEPs.

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp






















					Reply via email to