Re: [j-nsp] Mirroring IPv6 neighbor advertisements
Thanks Jason, that question was for Crist Clark since he mentioned logging. -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EVPN/VXLAN experience
Hello, For some reason, we had a lot of issue with ISIS with evpn-vxlan on Broadcom chipset. We had a ticket running for months with Juniper about this. ECMP wasn't working, mac boucing and so on. We moved to OSPF and ... no more issue since then. The topology was not a basic leaf-spine but a ring ( not officially supported by the SI team @juniper ) This was on QFX5100 Raphael On 25/03/2019 10:50, "juniper-nsp on behalf of Sebastian Wiesinger" wrote: * Andrey Kostin [2019-03-22 16:16]: > One more question just came to mind: what routing protocol do you use for > underlay, eBGP/iBGP/IGP? Design guides show examples with eBGP but looks > like for deployment that's not very big ISIS could do everything needed. > What are pros and cons for BGP vs IGP? We use ISIS. It's easier for people to understand and I don't expect any scalability issues with our size of fabrics. We did not encounter any drawbacks by using ISIS instead of BGP. Regards Sebastian -- GPG Key: 0x58A2D94A93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EVPN/VXLAN experience (was: EX4600 or QFX5110)
I dont see these warnings in 17.3R3 It looks like you should configure it under routing-instance type virtual-switch https://www.juniper.net/documentation/en_US/junos/topics/concept/evpn-virtual-switch-overview.html Nitzan On Mon, Mar 25, 2019 at 12:01 PM Sebastian Wiesinger wrote: > * Rob Foehl [2019-03-22 18:40]: > > Huh, that's potentially bad... Can you elaborate on the config a bit > more? > > Are you hitting a limit around ~16k bridge domains total? > > Well we're just putting VLANs on LACP trunks like this: > > ae0 { > mtu 9216; > esi { > 00:00:00:00:00:00:00:01:01:01; > all-active; > } > aggregated-ether-options { > lacp { > active; > system-id 00:00:00:01:01:01; > hold-time up 2; > } > } > unit 0 { > family ethernet-switching { > interface-mode trunk; > vlan { > members STORAGE1; > } > } > } > } > > VLANs are configured "as ususal": > > vlans { > STORAGE1 { > vlan-id 402; > vxlan { > vni 402; > } > } > } > > > If you have 30 AEs you will start hitting this when you put around 500 > vlans on the vlan members list of all AEs. > > What I find irritating are the warnings around the evpn configuration: > > evpn { > ## Warning: Encapsulation can only be configured for an EVPN > instance > ## Warning > encapsulation vxlan; > ## Warning: multicast-mode can only be configured in a virtual > switch instance > ## Warning: Multicast mode can only be configured if > route-distinguisher is configured > multicast-mode ingress-replication; > ## Warning: Extended VNI list can only be configured in a virtual > switch instance > extended-vni-list all; > } > > This config works without problems and was the configuration we got > from Juniper in the beginning as well. Did not find an explanation for > the warnings when we initally provisioned this. > > Regards > > Sebastian > > -- > GPG Key: 0x58A2D94A93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 > B9CE) > 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE > SCYTHE. > -- Terry Pratchett, The Fifth Elephant > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Mirroring IPv6 neighbor advertisements
Can you log DHCPv6 PD (Prefix Delegation) also ? -Aaron ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EVPN/VXLAN experience (was: EX4600 or QFX5110)
* Rob Foehl [2019-03-22 18:40]: > Huh, that's potentially bad... Can you elaborate on the config a bit more? > Are you hitting a limit around ~16k bridge domains total? Well we're just putting VLANs on LACP trunks like this: ae0 { mtu 9216; esi { 00:00:00:00:00:00:00:01:01:01; all-active; } aggregated-ether-options { lacp { active; system-id 00:00:00:01:01:01; hold-time up 2; } } unit 0 { family ethernet-switching { interface-mode trunk; vlan { members STORAGE1; } } } } VLANs are configured "as ususal": vlans { STORAGE1 { vlan-id 402; vxlan { vni 402; } } } If you have 30 AEs you will start hitting this when you put around 500 vlans on the vlan members list of all AEs. What I find irritating are the warnings around the evpn configuration: evpn { ## Warning: Encapsulation can only be configured for an EVPN instance ## Warning encapsulation vxlan; ## Warning: multicast-mode can only be configured in a virtual switch instance ## Warning: Multicast mode can only be configured if route-distinguisher is configured multicast-mode ingress-replication; ## Warning: Extended VNI list can only be configured in a virtual switch instance extended-vni-list all; } This config works without problems and was the configuration we got from Juniper in the beginning as well. Did not find an explanation for the warnings when we initally provisioned this. Regards Sebastian -- GPG Key: 0x58A2D94A93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EVPN/VXLAN experience (was: EX4600 or QFX5110)
* Richard McGovern via juniper-nsp [2019-03-22 17:53]: > Sebastian, a couple of questions. > > 1. Your design is pure QFX5100 Leaf/Spine today? If yes, I assume > you maybe only have 1 flat VXLAN network, that is you have no L3 > VXLAN, yes? Exactly, the fabric is completely contained. > 2. You stated you need 17.4 for improved LACP operation. Which > exact 17.4 are you using, and what version were you using > previously? I am wondering if you were ever on 17.3-R3-S3? We started with 17.4 in production. :) Regards Sebastian -- GPG Key: 0x58A2D94A93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] EVPN/VXLAN experience
* Andrey Kostin [2019-03-22 16:16]: > One more question just came to mind: what routing protocol do you use for > underlay, eBGP/iBGP/IGP? Design guides show examples with eBGP but looks > like for deployment that's not very big ISIS could do everything needed. > What are pros and cons for BGP vs IGP? We use ISIS. It's easier for people to understand and I don't expect any scalability issues with our size of fabrics. We did not encounter any drawbacks by using ISIS instead of BGP. Regards Sebastian -- GPG Key: 0x58A2D94A93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp