MX EVPN IRB functionality
First note – QFX5100 series doesn’t support EVPN-VXLAN inter-VXLAN routing, and doesn’t support EVPN-MPLS at all. So all information in this post applicable only to MX devices.
For EVPN-MPLS there is two types of IRB implementation:
- configuration of same MAC address on every IRB interface;
- default gateway MAC synchronization using EVPN default-gateway community.
In EVPN-MPLS it is expected, that if IRB functionality necessary for this L2 domain, then IRB interfaces should be configured on every participating PE router.
Configuration example for the first option:
irb {
unit 100 {
family inet {
address 100.1.1.1/24;
}
mac 00:00:00:01:01:01; #same MAC on every IRB in this VLAN
}
}
}
routing-instances {
EVPN-1 {
protocols {
evpn {
default-gateway do-not-advertise;
}
}
}
}
And config for the second option:
irb {
unit 100 {
family inet {
address 100.1.1.1/24;
}
}
}
}
routing-instances {
EVPN-1 {
protocols {
evpn {
default-gateway advertise; #Optional, default option
}
}
}
}
In EVPN-VXLAN case some devices doesn’t support IRB functionality, so for correct functioning of L3 forwarding operations additional tricks are required. This is explained well in this VMTO whitepaper.
IRB config for VMTO for EVPN-VXLAN:
set interfaces irb unit 4 family inet address 10.14.1.12/24 virtual-gateway-address 10.14.1.10 #Required
set interfaces irb unit 4 virtual-gateway-esi 00:11:dd:dd:dd:dd:dd:dd:dd:dd ###Optional
set interfaces irb unit 4 virtual-gateway-esi all-active ###Optional
set interfaces irb unit 4 virtual-gateway-v4-mac ###Optional
set routing-instances evpn protocols evpn default-gateway no-gateway-community #Required
In the EVPN/VXLAN topology where not all PE devices are L3-capable, the advertisement of the default gateway should not be disabled. Instead IRB-specific MAC address is advertised to the Layer 2 PE device, but without the extended community option of default-gateway (default-gateway no-gateway-community).
With EVPN/VXLAN, when the proxy-macip-advertisement statement is not enabled, only the MAC routes are sent between PE devices; when enabled, both the IP and MAC host routes are installed on the receiving PE devices.
Virtual-gateway-v4-mac – This static virtual MAC address will be the MAC address used for forwarding inter-VNI traffic. This will now allow Layer 2 switches between the Layer 2-only PE devices and a host to learn the virtual MAC address and prevent flooding.
So this is complete IRB interface configuration for EVPN-VXLAN service:
unit 100 {
proxy-macip-advertisement;
virtual-gateway-esi {
00:77:77:77:77:77:77:77:77:77;
all-active;
}
family inet {
address 172.16.0.251/24 {
virtual-gateway-address 172.16.0.254;
}
}
family inet6 {
address 2001:dead:beef:100::1/64 {
virtual-gateway-address 2001:dead:beef:100::a;
}
}
virtual-gateway-v4-mac 00:44:44:44:44:44;
virtual-gateway-v6-mac 00:66:66:66:66:66;
}
unit 200 {
proxy-macip-advertisement;
virtual-gateway-esi {
00:88:88:77:77:77:77:77:77:77;
all-active;
}
family inet {
address 172.16.1.251/24 {
virtual-gateway-address 172.16.1.254;
}
}
family inet6 {
address 2001:dead:beef:200::1/64 {
virtual-gateway-address 2001:dead:beef:200::a;
}
}
virtual-gateway-v4-mac 00:00:00:44:44:44;
virtual-gateway-v6-mac 00:00:00:66:66:66;
}
}