Hello Joe, could you please provide more details on the role of the virtual MAC address in the packet forwarding process and clarify in which direction it becomes relevant?
@null_zero Жыл бұрын
Hi, it is used for symmetrical IRB, it is called the EVPN Router’s MAC in the RFC and it is advertised in EVPN updates. With symmetrical IRB, the ingress node does not have knowledge of the destination MAC, it just needs to know the destination EVPN peer to send the traffic to, the egress node will do the destination MAC L2 lookup. That means that the ingress devices does not have a destination MAC to populate in the inner headers; that DMAC, for L2VNI would be the actual destination MAC for the client, if the ingress had knowledge of the destination broadcast domain, but it doesn’t, so it needs something here. Instead the ingress uses the virtual MAC/Router’s MAC, encapsulates the packets, forwards to the egress, which decaps and sees that in the inner headers, the DMAC is its own virtual MAC, it then does a lookup for the destination and forwards. I write about this here: www.nullzero.co.uk/evpn-vxlan-explainer-6-symmetrical-irb/
@mattpatrick9862 жыл бұрын
Joe, what version are running here? I have tried in 10.08, .09 and .10 on a Virtual CX device and under "vrf a" I don't have the route-target command, only rd. Thanks.
@null_zero2 жыл бұрын
I think I'm using 10.9 or 10.10 but the problem is most probably because I'm using hardware, not the virtual image. The image doesn't have parity of features with hardware, I'm afraid.
@mattpatrick9862 жыл бұрын
@@null_zero Fair enough, I was afraid that was the issue. Thanks for confirming and keep up the great videos!
@pubjohndoe35992 жыл бұрын
Is there a way to filter advertisements for VNIs that are not configured on the switch? I've configured an aggregation switch similar to our MPLS setup where the switch only should get routes for VRFs that are configure for it. With EVPN/VXLAN setup I get all route type 2/3 routes even if there is no such VNI on the switch
@null_zero2 жыл бұрын
Good question, checking the config guide, there is a route-map 'match vni' statement, which suggests this is possible to permit and deny VNI's on a BGP session. I've got some customer work to complete this week, I'll check in the lab after that.
@null_zero2 жыл бұрын
Tested in the lab, configure a route-map to permit and deny with 'match vni' statements, apply that to the neighbor commend under the address-family l2vpn evpn.
@pubjohndoe35992 жыл бұрын
@@null_zero a bit manual process compared to some other vendor (where it is a default setting that you block all the advertisements when you don't have the VNI configured) but it is good that there is something that can be done to limit the table sizes