Juniper Openstack

DM: EVPN configuration should be updated based on highest encapsulation

Bug #1610587 reported by chhandak
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
Trunk
Fix Committed
High
Suresh Balineni
Juniper Openstack r4.0.0.0-fcs "r4.0.0.0"

Bug Description

Device manager only programs EVPN with VXLAN encapsulation in MX configuration. This will work only when VXLAN is the highest encapsulation. If MPLSoGRE is the highest encapsulation MX configuration need to be modified. EVPN routing instance should get programmed with MPLS. I have checked the communication working between VM and BMS behind MX is working with EVPN MPLSoGRE. In Contrail we have configured MPLSoGRE as highest encapsulation. Please find the required configuration below.

Topology
-----------

VM--Contrail-Cluster-----xe-0/0/0--MX---xe-0/0/1.0--- BMS

VM(112.1.1.5) is pinging BMS (112.1.1.4)

ARP Request From VM to BMS: (7.7.7.77 is MX lo0 address and 172.17.90.9 is compute IP )
-----------------------------------------------------------------------------------------
12:53:37.343943 IP 172.17.90.9 > 7.7.7.77: GREv0, length 50: MPLS (label 300240, exp 0, [S], ttl 64)
        0x0000: ffff ffff ffff 02e2 7766 c2b7 0806 0001 ........wf......
        0x0010: 0800 0604 0001 02e2 7766 c2b7 7001 0105 ........wf..p...
        0x0020: 0000 0000 0000 7001 0104
              ......p...
ARP Reply From BMS to VM:
---------------------------
12:53:37.344068 IP 7.7.7.77 > 172.17.90.9: GREv0, length 64: MPLS (label 17, exp 0, [S], ttl 255)
        0x0000: 02e2 7766 c2b7 0011 0101 0101 0806 0001 ..wf............
        0x0010: 0800 0604 0002 0011 0101 0101 7001 0104 ............p...
        0x0020: 02e2 7766 c2b7 7001 0105 0000 0000 0000 ..wf..p.........
        0x0030: 0000 0000 0000 0000

ICMP
-----
12:57:48.149700 IP 172.17.90.9 > 7.7.7.77: GREv0, length 106: MPLS (label 300176, exp 0, [S], ttl 64)
        0x0000: 0c86 103c 2b00 90e2 baa7 2fd0 0800 4500
        0x0010: 007e 3586 0000 402f 305d ac11 5a09 0707
        0x0020: 074d 0000 8847 4949 0140 0011 0101 0101
        0x0030: 02e2 7766 c2b7 0800 4500 0054 3586 4000
        0x0040: 4001 2318 7001 0105 7001 0104 0800 2a9e
        0x0050: 5f70 0008 3b41 a657 0000 0000 c77d 0600
        0x0060: 0000 0000 1011 1213 1415 1617 1819 1a1b
        0x0070: 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b
        0x0080: 2c2d 2e2f 3031 3233 3435 3637
12:57:48.149826 IP 7.7.7.77 > 172.17.90.9: GREv0, length 106: MPLS (label 17, exp 0, [S], ttl 255)
        0x0000: 90e2 baa7 2fd0 0c86 103c 2b00 0800 4500
        0x0010: 007e 9a40 4000 3f2f 8ca2 0707 074d ac11
        0x0020: 5a09 0000 8847 0001 11ff 02e2 7766 c2b7
        0x0030: 0011 0101 0101 0800 4500 0054 6340 0000
        0x0040: 4001 355e 7001 0104 7001 0105 0000 329e
        0x0050: 5f70 0008 3b41 a657 0000 0000 c77d 0600
        0x0060: 0000 0000 1011 1213 1415 1617 1819 1a1b
        0x0070: 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b
        0x0080: 2c2d 2e2f 3031 3233 3435 3637

VM ARP table
--------------
root@vm-test1:/home/ubuntu# arp -n
Address HWtype HWaddress Flags Mask Iface
112.1.1.3 (incomplete) eth0
112.1.1.4 ether 00:11:01:01:01:01 C eth0
192.168.0.4 ether 00:50:cc:44:55:55 CM eth0
112.1.1.1 (incomplete) eth0
112.1.1.2 ether 00:00:5e:00:01:00 C eth0

root@5b7-mx80-2# run show route advertising-protocol bgp 172.17.90.2

_contrail_l3_4_vn-mx-test.inet.0: 3 destinations, 4 routes (3 active, 0 holddown, 0 hidden)
  Prefix Nexthop MED Lclpref AS path
* 112.1.1.0/24 Self 100 I

bgp.rtarget.0: 1 destinations, 3 routes (1 active, 0 holddown, 0 hidden)
  Prefix Nexthop MED Lclpref AS path
  64513:64513:8000001/96
* Self 100 I

EVPN.evpn.0: 5 destinations, 8 routes (5 active, 0 holddown, 0 hidden)
  Prefix Nexthop MED Lclpref AS path
  2:7.7.7.77:100::0::00:11:01:01:01:01/304 >>>>>>>>>>>MX advertising BMS route.
* Self 100 I
  3:7.7.7.77:100::0::7.7.7.77/304
* Self 100 I

[edit]

root@5b7-mx80-2# run show evpn mac-table

MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
    O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)

Routing instance : EVPN
 Bridging domain : __EVPN__, VLAN : none
   MAC MAC Logical NH RTR
   addresssss flags interface Index ID
   00:11:01:01:01:01 D xe-0/0/1.0 >>>>>>>>>>>>>>>>>>>>>>BMS MAC
   02:e2:77:66:c2:b7 DC 1048574 1048574 >>>>>VM MAC

root@5b7-mx80-2# run show route table bgp.evpn.0

bgp.evpn.0: 3 destinations, 6 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2:172.17.90.9:1::0::02:e2:77:66:c2:b7/304
                   *[BGP/170] 18:04:00, MED 100, localpref 200, from 172.17.90.2
                      AS path: ?, validation-state: unverified
                    > via gr-0/0/0.32770
                    [BGP/170] 18:04:00, MED 100, localpref 200, from 172.17.90.3
                      AS path: ?, validation-state: unverified
                    > via gr-0/0/0.32770
2:172.17.90.9:1::0::02:e2:77:66:c2:b7::112.1.1.5/304
                   *[BGP/170] 18:04:00, MED 100, localpref 200, from 172.17.90.2
                      AS path: ?, validation-state: unverified
                    > via gr-0/0/0.32770
                    [BGP/170] 18:04:00, MED 100, localpref 200, from 172.17.90.3
                      AS path: ?, validation-state: unverified
                    > via gr-0/0/0.32770
3:172.17.90.9:1::0::172.17.90.9/304
                   *[BGP/170] 18:04:01, MED 200, localpref 100, from 172.17.90.2
                      AS path: ?, validation-state: unverified
                    > via gr-0/0/0.32770
                    [BGP/170] 18:04:01, MED 200, localpref 100, from 172.17.90.3
                      AS path: ?, validation-state: unverified
                    > via gr-0/0/0.32770

[edit]

root@5b7-mx80-2# run show route table EVPN.evpn.0

EVPN.evpn.0: 5 destinations, 8 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2:7.7.7.77:100::0::00:11:01:01:01:01/304
                   *[EVPN/170] 00:36:00
                      Indirect
2:172.17.90.9:1::0::02:e2:77:66:c2:b7/304
                   *[BGP/170] 02:09:48, MED 100, localpref 200, from 172.17.90.2
                      AS path: ?, validation-state: unverified
                    > via gr-0/0/0.32770
                    [BGP/170] 02:09:48, MED 100, localpref 200, from 172.17.90.3
                      AS path: ?, validation-state: unverified
                    > via gr-0/0/0.32770
2:172.17.90.9:1::0::02:e2:77:66:c2:b7::112.1.1.5/304
                   *[BGP/170] 02:09:48, MED 100, localpref 200, from 172.17.90.2
                      AS path: ?, validation-state: unverified
                    > via gr-0/0/0.32770
                    [BGP/170] 02:09:48, MED 100, localpref 200, from 172.17.90.3
                      AS path: ?, validation-state: unverified
                    > via gr-0/0/0.32770
3:7.7.7.77:100::0::7.7.7.77/304
                   *[EVPN/170] 02:09:47
                      Indirect
3:172.17.90.9:1::0::172.17.90.9/304
                   *[BGP/170] 02:09:48, MED 200, localpref 100, from 172.17.90.2
                      AS path: ?, validation-state: unverified
                    > via gr-0/0/0.32770
                    [BGP/170] 02:09:48, MED 200, localpref 100, from 172.17.90.3
                      AS path: ?, validation-state: unverified
                    > via gr-0/0/0.32770

Relavant Config
---------------
root@5b7-mx80-2> show configuration routing-instances EVPN
instance-type evpn;
vlan-id none;
interface xe-0/0/1.0;
route-distinguisher 7.7.7.77:100;
vrf-target target:64513:8000001;
protocols {
    evpn {
        interface xe-0/0/1.0;
    }
}

root@5b7-mx80-2# run show configuration interfaces xe-0/0/1
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 0 {
    encapsulation vlan-bridge;
    vlan-id 10;
}

root@5b7-mx80-2> show configuration groups __contrail__ protocols mpls
interface all;

root@5b7-mx80-2> show configuration groups __contrail__ routing-options
router-id 7.7.7.77;
route-distinguisher-id 7.7.7.77;
autonomous-system 64513;
forwarding-table {
    chained-composite-next-hop {
        ingress {
            evpn;
        }
    }
}
dynamic-tunnels {
    __contrail__ {
        source-address 7.7.7.77;
        gre;
        destination-networks {
            172.17.90.0/24;
            172.18.90.0/24;
            7.7.7.77/32;
            172.17.90.2/32;
            172.17.90.3/32;
        }
    }
}

root@5b7-mx80-2# run show configuration groups __contrail__ protocols bgp
group __contrail__ {
    type internal;
    multihop;
    local-address 7.7.7.77;
    hold-time 90;
    keep all;
    family inet-vpn {
        unicast;
    }
    family inet6-vpn {
        unicast;
    }
    family evpn {
        signaling;
    }
    family route-target;
    neighbor 172.17.90.2 {
        peer-as 64513;
    }
    neighbor 172.17.90.3 {
        peer-as 64513;
    }

}

group __contrail_external__ {
    type external;
    multihop;
    local-address 7.7.7.77;
    hold-time 90;
    keep all;
    family inet-vpn {
        unicast;
    }
    family inet6-vpn {
        unicast;
    }
    family evpn {
        signaling;
    }
    family route-target;
}

Full Config
--------------
## Last commit: 2016-08-06 18:49:09 UTC by root
version 14.2R6.5;
groups {
    _contrail__ {
        routing-instances {
            _contrail_l2_4_vn-mx-test {
                protocols {
                    evpn;
                }
            }
        }
    }
    __contrail__ {
        interfaces {
            irb {
                gratuitous-arp-reply;
                unit 4 {
                    family inet {
                        address 112.1.1.9/24 {
                            virtual-gateway-address 112.1.1.1;
                        }
                    }
                }
            }
            lo0 {
                unit 0 {
                    family inet {
                        address 7.7.7.77/32 {
                            primary;
                            preferred;
                        }
                    }
                }
            }
        }
        routing-options {
            router-id 7.7.7.77;
            route-distinguisher-id 7.7.7.77;
            autonomous-system 64513;
            forwarding-table {
                chained-composite-next-hop {
                    ingress {
                        evpn;
                    }
                }
            }
            dynamic-tunnels {
                __contrail__ {
                    source-address 7.7.7.77;
                    gre;
                    destination-networks {
                        172.17.90.0/24;
                        172.18.90.0/24;
                        7.7.7.77/32;
                        172.17.90.2/32;
                        172.17.90.3/32;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group __contrail__ {
                    type internal;
                    multihop;
                    local-address 7.7.7.77;
                    hold-time 90;
                    keep all;
                    family inet-vpn {
                        unicast;
                    }
                    family inet6-vpn {
                        unicast;
                    }
                    family evpn {
                        signaling;
                    }
                    family route-target;
                    neighbor 172.17.90.2 {
                        peer-as 64513;
                    }
                    neighbor 172.17.90.3 {
                        peer-as 64513;
                    }
                }
                group __contrail_external__ {
                    type external;
                    multihop;
                    local-address 7.7.7.77;
                    hold-time 90;
                    keep all;
                    family inet-vpn {
                        unicast;
                    }
                    family inet6-vpn {
                        unicast;
                    }
                    family evpn {
                        signaling;
                    }
                    family route-target;
                }
            }
        }
        policy-options {
            policy-statement _contrail_l2_4_vn-mx-test-export {
                term t1 {
                    then {
                        community add target_64513_8000001;
                        accept;
                    }
                }
            }
            policy-statement _contrail_l2_4_vn-mx-test-import {
                term t1 {
                    from community target_64513_8000001;
                    then accept;
                }
                then reject;
            }
            policy-statement _contrail_l3_4_vn-mx-test-export {
                term t1 {
                    then {
                        community add target_64513_8000001;
                        accept;
                    }
                }
            }
            policy-statement _contrail_l3_4_vn-mx-test-import {
                term t1 {
                    from community target_64513_8000001;
                    then accept;
                }
                then reject;
            }
            community target_64513_8000001 members target:64513:8000001;
        }
        routing-instances {
            inactive: _contrail_l2_4_vn-mx-test {
                instance-type virtual-switch;
                interface xe-0/0/1.0;
                vrf-import _contrail_l2_4_vn-mx-test-import;
                vrf-export _contrail_l2_4_vn-mx-test-export;
                protocols {
                    evpn;
                }
                bridge-domains {
                    bd-12345 {
                        vlan-id none;
                        interface xe-0/0/1.0;
                        routing-interface irb.4;
                    }
                }
            }
            _contrail_l3_4_vn-mx-test {
                instance-type vrf;
                interface irb.4;
                vrf-import _contrail_l3_4_vn-mx-test-import;
                vrf-export _contrail_l3_4_vn-mx-test-export;
                vrf-table-label;
                routing-options {
                    static {
                        route 112.1.1.0/24 discard;
                    }
                    auto-export {
                        family inet {
                            unicast;
                        }
                    }
                }
            }
        }
    }
}
apply-groups __contrail__;
system {
    host-name 5b7-mx80-2;
    root-authentication {
        encrypted-password "$1$sdUdkvMi$YCr4PIUXDRSMScXEppBoW0"; ## SECRET-DATA
    }
    services {
        ssh {
            root-login allow;
        }
        telnet;
        netconf {
            ssh;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
chassis {
    fpc 0 {
        pic 0 {
            tunnel-services;
        }
    }
    fpc 1 {
        pic 0 {
            tunnel-services;
        }
    }
    network-services all-ethernet;
}
interfaces {
    xe-0/0/0 {
        unit 0 {
            family inet {
                address 172.18.90.77/24;
            }
        }
    }
    xe-0/0/1 {
        flexible-vlan-tagging;
        encapsulation flexible-ethernet-services;
        unit 0 {
            encapsulation vlan-bridge;
            vlan-id 10;
        }
    }
    ge-1/0/0 {
        unit 0 {
            family inet {
                address 10.87.123.243/23;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 7.7.7.77/32;
            }
        }
    }
}

routing-options {
    static {
        route 0.0.0.0/0 next-hop 10.87.123.254;
        route 172.17.90.0/24 next-hop 172.18.90.254;
        route 33.33.33.33/32 next-hop 172.18.90.254;
        route 32.32.32.32/32 next-hop 172.18.90.254;
        route 31.31.31.31/32 next-hop 172.18.90.254;
        route 34.34.34.34/32 next-hop 172.18.90.254;
    }
}
protocols {
    lldp {
        interface all;
    }
}
routing-instances {
    EVPN {
        instance-type evpn;
        vlan-id none;
        interface xe-0/0/1.0;
        route-distinguisher 7.7.7.77:100;
        vrf-target target:64513:8000001;
        protocols {
            evpn {
                interface xe-0/0/1.0;
            }
        }
    }
}

See original description
chhandak (chhandak)
information type: Proprietary → Private
information type: Private → Public
chhandak (chhandak)
description: updated
Nischal Sheth (nsheth)
summary: - Device Manager: EVPN configuration should be updated based on highest
- encapsulation
+ DM: EVPN configuration should be updated based on highest encapsulation
Revision history for this message
chhandak (chhandak) wrote :
Revision history for this message
amit surana (asurana-t) wrote :

currently, EVPN + MPLS data path does not work correctly due to JUNOS PR: 1123498. Once this bug is resolved, EVPN labels will allocated for [evi,esi] rather than one label per EVI.

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/26276
Submitter: Suresh Balineni (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/26276
Committed: http://github.org/Juniper/contrail-controller/commit/85896735b4c735aa6628db6d0cde118d554aa5dc
Submitter: Zuul (<email address hidden>)
Branch: master

commit 85896735b4c735aa6628db6d0cde118d554aa5dc
Author: sbalineni <email address hidden>
Date: Fri Nov 18 10:48:42 2016 -0800

[DM]: Configure EVPN Instance based on highest encapsulation

MX EVPN instance configuration should be based on highest encapsulation
configured in Contrail.

Earlier, contrail always used to Generate VXLAN Evpn configuration.
This fix will generate new config if highest encap is MPLSoGRE/MPLSoUDP.

Sample config generated for MPLSoGRE/MPLSoUDP

routing-instances {
_contrail_l2_4_vn-mx-test {
instance-type evpn;
vlan-id none;
interface xe-0/0/1.0;
routing-interface irb.4;
protocols {
evpn {
interface xe-0/0/1.0;
}
}
}
}

VXLAN Config:
routing-instances {
_contrail_l2_4_vn-mx-test {
instance-type virtual-switch;
interface xe-0/0/1.0;
vrf-import _contrail_l2_4_vn-mx-test-import;
vrf-export _contrail_l2_4_vn-mx-test-export;
protocols {
evpn;
}
bridge-domains {
bd-12345 {
vlan-id none;
interface xe-0/0/1.0;
routing-interface irb.4;
}
}
}

Change-Id: Iba8db455c883e84415be6c6cf03ccf03ee0bf9dc
Closes-Bug: #1610587

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.