EVPN VXLAN: DM changing rt value in QFX 5100 config once policy is applied in VN
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| Juniper Openstack | Status tracked in Trunk | |||||
| R4.0 |
Fix Committed
|
Critical
|
Suresh Balineni | |||
| Trunk |
Fix Committed
|
Critical
|
Suresh Balineni | |||
Bug Description
DM is messing up with the config once we are adding policy to VN and vn has 2 import targets. Ideally policy should not have any impact on Leaf as it is L2 domain. Can you please take a look?
Steps to recreate:
Create a VN . It has RT value target:
Adding policy to VN which allow traffic between VN and New VN. Now VN has 2 RT value target:
Chenge in config after applying policy in contrail VN
-------
root@5b11-qfx2# show | compare rollback 1
[edit groups __contrail__ protocols evpn vni-options vni 4]
- vrf-target target:
+ vrf-target target:
[edit groups __contrail__ policy-options policy-statement _contrail_
- community _contrail_
+ community [ _contrail_
[edit groups __contrail__ policy-options]
+ community _contrail_
http://
Setup Details:
env.roledefs = {
'all': [host1, host2, host3],
'cfgm': [host1],
'openstack': [host1],
'control': [host1],
'compute': [host1, host2, host3],
'collector': [host1],
'webui': [host1],
'database': [host1],
'build': [host_build],
'tsn': [host1, host3],
}
#Hostnames
env.hostnames = {
host1: '5b11s14',
host2: '5b11s15',
host2: '5b11s17',
}
| Changed in juniperopenstack: | |
| importance: | Undecided → Critical |
| assignee: | nobody → Hari Prasad Killi (haripk) |
| milestone: | none → r4.0.1.0 |
| information type: | Proprietary → Public |
| summary: |
- EVPN VXLAN: TSN HA: After applying policy to the VN qfx is getti ng - removed from composite next hop + EVPN VXLAN: TSN HA: After applying policy to the VN qfx is getting + removed from TSN composite next hop |
| tags: | added: vrouter |
| Changed in juniperopenstack: | |
| assignee: | Hari Prasad Killi (haripk) → Manish Singh (manishs) |
| summary: |
- EVPN VXLAN: TSN HA: After applying policy to the VN qfx is getting + EVPN VXLAN: TSN HA: After applying policy to the VN, qfx is getting removed from TSN composite next hop |
| Manish Singh (manishs) wrote Re: EVPN VXLAN: TSN HA: After applying policy to the VN, qfx is getting removed from TSN composite next hop | #1 |
| Manish Singh (manishs) wrote | #2 |
| Changed in juniperopenstack: | |
| assignee: | Manish Singh (manishs) → chhandak (chhandak) |
| description: | updated |
| Changed in juniperopenstack: | |
| assignee: | chhandak (chhandak) → Suresh Balineni (sbalineni) |
| summary: |
- EVPN VXLAN: TSN HA: After applying policy to the VN, qfx is getting - removed from TSN composite next hop + EVPN VXLAN: DM changing rt value in QFX 5100 config once policy is + applied in VN |
| tags: |
added: blocker device-manager removed: vrouter |
| OpenContrail Admin (ci-admin-f) wrote [Review update] master | #3 |
| OpenContrail Admin (ci-admin-f) wrote [Review update] R4.0 | #5 |
| OpenContrail Admin (ci-admin-f) wrote A change has been merged | #7 |
| OpenContrail Admin (ci-admin-f) wrote | #8 |
| OpenContrail Admin (ci-admin-f) wrote | #9 |
| OpenContrail Admin (ci-admin-f) wrote | #10 |
Here is further analysis. Does not seem to be agent issue.
On QFX please explain following:
Qfx2:
root@5b11-qfx2> show ethernet-switching instance |grep contrail
vlan Default default-switch contrail_
{master:0}
root@5b11-qfx2> show configuration |display set |grep contrail |grep vni-optio
set groups __contrail__ protocols evpn vni-options vni 4 vrf-target target:
qfx3:
root@5b11-qfx3> show ethernet-switching instance |grep contrail
vlan Default default-switch contrail_
{master:0}
root@5b11-qfx3> show configuration |display set |grep contrail |grep vni-optio
set groups __contrail__ protocols evpn vni-options vni 5 vrf-target target:
{master:0}
root@5b11-qfx3>
Above it is seen that vrf-target for both are 65000:8000003 but I don’t see any config for 65000:8000002.
In contrail 8000002 belongs to vn-test-2 while 8000003 belongs to vn-test-1.
Since both QFX do not have any config for 800002 we don’t see any replication list for same in contrail.
If you check for vn-test-2 you will find both QFX in replication list. Though there is one more config issue. Why on Qfx2 vni 4 matches to 800003 and not 8000002.
So am not sure how it was working before and its relation to policy. Any idea?