2/21/2022

EVPN VxLAN Centralized Routing: redistribute VARP MAC to prevent unnecessary flooded traffic

https://www.arista.com/en/um-eos/eos-evpn-vxlan-single-gateway-centralized-routing

In the below EVPN VxLAN Centralized Routing topology

There are 2 centralized routers, both have default gateway SVI - Vlan100 (100.1.0.1/24) with a virtual MAC (00dc.0000.0001)

interface Vlan100
   mtu 9214
   ip address virtual 100.1.0.1/24
!
ip virtual-router mac-address 00:dc:00:00:00:01

The hostA (100.1.0.201) pings the default GW address and receives duplicated ICMP response like below:

HostA.10:07:37#ping vrf Vlan100 100.1.0.1
PING 100.1.0.1 (100.1.0.1) 72(100) bytes of data.
80 bytes from 100.1.0.1: icmp_seq=1 ttl=64 time=0.181 ms
80 bytes from 100.1.0.1: icmp_seq=1 ttl=64 time=0.318 ms (DUP!)
80 bytes from 100.1.0.1: icmp_seq=1 ttl=64 time=0.345 ms (DUP!)
80 bytes from 100.1.0.1: icmp_seq=2 ttl=64 time=0.103 ms
80 bytes from 100.1.0.1: icmp_seq=2 ttl=64 time=0.119 ms (DUP!)
80 bytes from 100.1.0.1: icmp_seq=2 ttl=64 time=0.135 ms (DUP!)
80 bytes from 100.1.0.1: icmp_seq=2 ttl=64 time=0.149 ms (DUP!)

And the tcpdump shows the same, duplicated replies from both gateways:

[admin@HostA ~]$ sudo ip netns exec ns-Vlan100 tcpdump -nvvi vlan100
10:07:46.165380 44:4c:a8:80:c1:c8 > 00:dc:00:00:00:01, ethertype IPv4 (0x0800), length 114: (tos 0x0, ttl 64, id 20298, offset 0, flags [none], proto ICMP (1), length 100) <<< req to VARP MAC 00dc.0000.0001
    100.1.0.201 > 100.1.0.1: ICMP echo request, id 6062, seq 2, length 80
10:07:46.165446 44:4c:a8:a5:11:41 > 44:4c:a8:80:c1:c8, ethertype IPv4 (0x0800), length 114: (tos 0x0, ttl 64, id 8443, offset 0, flags [none], proto ICMP (1), length 100) <<< reply1 from 444c.a8a5.1141
    100.1.0.1 > 100.1.0.201: ICMP echo reply, id 6062, seq 2, length 80
10:07:46.165467 44:4c:a8:a5:11:40 > 44:4c:a8:80:c1:c8, ethertype IPv4 (0x0800), length 114: (tos 0x0, ttl 64, id 60002, offset 0, flags [none], proto ICMP (1), length 100) <<< reply2 from 444c.a8a5.1140
    100.1.0.1 > 100.1.0.201: ICMP echo reply, id 6062, seq 2, length 80

Why does it happen? It is because the L2 VTEP doesn't learn the MAC address

L2VTEPa.10:07:17#sh mac address-table vlan 100
          Mac Address Table
------------------------------------------------------------------

Vlan    Mac Address       Type        Ports      Moves   Last Move
----    -----------       ----        -----      -----   ---------
 100    444c.a86c.6dd9    DYNAMIC     Vx1        1       0:00:49 ago
 100    444c.a87c.d809    DYNAMIC     Vx1        1       0:34:40 ago
 100    444c.a880.c1c8    DYNAMIC     Po1        1       0:05:44 ago

Thus, no type-2 update for 00dc.0000.0001

L2VTEPa.10:07:22#show bgp evpn route-type mac-ip 00dc.0000.0001
BGP routing table information for VRF default
Router identifier 10.0.0.11, local AS number 65011
Route status codes: * - valid, > - active, S - Stale, E - ECMP head, e - ECMP
                    c - Contributing to ECMP, % - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop

          Network                Next Hop              Metric  LocPref Weight  Path
L2VTEPa.10:09:42#

Per https://www.arista.com/en/um-eos/eos-evpn-vxlan-single-gateway-centralized-routing, CLI - "redistribute router-mac next-hop vtep primary" to generate type-2 udpate for VARP MAC. 

router bgp 65017
   vlan 100
      rd 10.0.0.17:100
      route-target both 100:100
      redistribute learned
      redistribute router-mac next-hop vtep primary

Now the pings are not dup'ed anymore. 

HostA.10:07:46#ping vrf Vlan100 100.1.0.1
PING 100.1.0.1 (100.1.0.1) 72(100) bytes of data.
80 bytes from 100.1.0.1: icmp_seq=1 ttl=64 time=0.208 ms
80 bytes from 100.1.0.1: icmp_seq=2 ttl=64 time=0.155 ms
80 bytes from 100.1.0.1: icmp_seq=3 ttl=64 time=0.111 ms
80 bytes from 100.1.0.1: icmp_seq=4 ttl=64 time=0.093 ms
80 bytes from 100.1.0.1: icmp_seq=5 ttl=64 time=0.160 ms

L2VTEPa.10:19:14#sh mac address-table vlan 100
          Mac Address Table
------------------------------------------------------------------

Vlan    Mac Address       Type        Ports      Moves   Last Move
----    -----------       ----        -----      -----   ---------
 100    00dc.0000.0001    STATIC      Vx1

L2VTEPa#show bgp evpn route-type mac-ip 00dc.0000.0001
BGP routing table information for VRF default
Router identifier 10.0.0.11, local AS number 65011
Route status codes: * - valid, > - active, S - Stale, E - ECMP head, e - ECMP
                    c - Contributing to ECMP, % - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop

          Network                Next Hop              Metric  LocPref Weight  Path
 * >Ec    RD: 10.0.0.17:100 mac-ip 00dc.0000.0001
                                 10.0.0.17             -       100     0       65001 65017 i
 *  ec    RD: 10.0.0.17:100 mac-ip 00dc.0000.0001
                                 10.0.0.17             -       100     0       65001 65017 i
 *  ec    RD: 10.0.0.17:100 mac-ip 00dc.0000.0001
                                 10.0.0.17             -       100     0       65001 65017 i
 *  ec    RD: 10.0.0.17:100 mac-ip 00dc.0000.0001
                                 10.0.0.17             -       100     0       65001 65017 i
 * >Ec    RD: 10.0.0.18:100 mac-ip 00dc.0000.0001
                                 10.0.0.18             -       100     0       65001 65018 i
 *  ec    RD: 10.0.0.18:100 mac-ip 00dc.0000.0001
                                 10.0.0.18             -       100     0       65001 65018 i
 *  ec    RD: 10.0.0.18:100 mac-ip 00dc.0000.0001
                                 10.0.0.18             -       100     0       65001 65018 i
 *  ec    RD: 10.0.0.18:100 mac-ip 00dc.0000.0001
                                 10.0.0.18             -       100     0       65001 65018 i


Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)