Recently I was asked to assist with setting up a BGP+EVPN+VXLAN network where Juniper MX204 routers would be the gateways in the VNI and the rest of the network would consist of Spine and Leaf switches running Cumulus Linux.
The actual workload would run on Proxmox servers which would also run Frrouting. I wrote a post about this earlier.
I’ll make this a short post as you are probably reading this to find a solution to your problem, I’ll make it short and post the configuration.
Interoperability
BGP and EVPN are standardised protocols and they should work between vendors. EVPN is however still fairly new and vendors sometimes implement features differently.
I noticed this with the route-targets/communities set by FRR and JunOS for EVPN routes. These would not match and thus JunOS and FRR would not learn eachothers EVPN routes.
Solution / Configuration
In this case the solution was to set the route-target/community/vrf-target for all EVPN routes (and thus VNI) to 100:100 (something I chose).
JunOS
wido@juniper-mx204> show configuration routing-instances evpn
instance-type virtual-switch;
protocols {
evpn {
encapsulation vxlan;
extended-vni-list all;
multicast-mode ingress-replication;
}
}
vtep-source-interface lo0.0;
bridge-domains {
v1500 {
vlan-id none;
routing-interface irb.1500;
vxlan {
vni 1500;
ingress-node-replication;
}
}
v1501 {
vlan-id none;
routing-interface irb.1501;
vxlan {
vni 1501;
ingress-node-replication;
}
}
}
route-distinguisher 10.255.0.1:100;
vrf-target target:100:100;
wido@juniper-mx204>
frrouting
router bgp 65118
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
no bgp network import-check
neighbor upstream peer-group
neighbor upstream remote-as external
neighbor enp129s0f0np0 interface peer-group upstream
neighbor enp129s0f1np1 interface peer-group upstream
!
address-family ipv4 unicast
network 10.255.0.17/32
neighbor upstream activate
exit-address-family
!
address-family ipv6 unicast
network 28xx:xxx::17/128
neighbor upstream activate
exit-address-family
!
address-family l2vpn evpn
neighbor upstream activate
advertise-all-vni
vni 1500
route-target import 100:100
route-target export 100:100
exit-vni
vni 1499
route-target import 100:100
route-target export 100:100
exit-vni
vni 1498
route-target import 100:100
route-target export 100:100
exit-vni
advertise-svi-ip
exit-address-family
exit
This now resulted in JunOS and Frr learning the EVPN routes and this then also showed in the EVPN database of JunOS. The VMs in Proxmox were now able to reach the internet!
wido@juniper-mx204> show evpn database l2-domain-id 1500
Instance: evpn
VLAN DomainId MAC address Active source Timestamp IP address
1500 00:00:5e:00:01:01 05:00:00:fd:e9:00:00:05:dc:00 May 22 06:57:59 xx.124.220.3
1500 00:00:5e:00:02:01 05:00:00:fd:e9:00:00:05:dc:00 May 22 06:57:59 xx:xx:2::3
1500 46:50:13:6d:5d:bb 10.255.0.17 May 23 05:44:20
1500 74:e7:98:30:8c:e0 irb.1500 May 18 06:29:04 xx.124.220.1
xx:xx:2::1
fe80::76e7:9805:dc30:8ce0
1500 80:db:17:eb:d5:d0 10.255.0.2 May 22 06:57:59 xx.124.220.2
xx:xx:2::2
fe80::82db:1705:dceb:d5d0
1500 9a:9a:94:80:1a:3a 10.255.0.17 May 23 06:02:25
1500 ca:f0:03:fe:d6:dd 10.255.0.17 May 22 18:18:43
1500 f6:db:10:b6:5b:c4 10.255.0.17 May 23 05:58:39 xx.124.220.6
wido@juniper-mx204>