Posted on February 11, 2019 10:42 pm
 |  Asked by Carlo Taddei
 |  302 views
0
0
Print Friendly, PDF & Email

Hi,

I have the following setup:

2 Arista switches are configured as a MLAG Peer; the MLAG is participating in an EVPN environment and capable to successfully exchange L2 EVPN via VXLAN for the several defined VLANs / VNIs pairs (MAC Adresses are learned and exchanged over the VXLAN fabric).

A VRF was defined on both MLAG Units and a SVI Interface (VLAN X) was subsequently configured. OSPF was started on both switches (simply assigning 2 different ip addresses as well as manually setting 2 different router Ids for both OSPF processes); OSPF was also activated on another device placed in the same VLAN X (that is, reachable across the VXLAN environment);

OSPF do not seem to work in this case.

Is there any special configuration when it comes to enabling OSPF locally on a MLAG Pair participating to a VTEP / EVPN environment that needs to be taken into account here ?

Is there also any reference documentation / configuration example that could be used in this case as a reference ?

Many Thanks in advance.

1
Posted by Ashish A Majumdar
Answered on February 12, 2019 1:20 am

Hi Carlo,

Have you added the vlan X to the EVPN configuration as a MAC-VRF and updated the VXLAN configuration to add the VLAN X to a VNI? Also are you able to ping the OSPF end-points? If you are then it should just work with the VXLAN VNI being considered a broadcast network type.

I tested two scenarios for you,

1. OSPF adjacency between two VTEP’s
2. OSPF adjacency between a VTEP and an external OSPF speaker over VXLAN

SCENARIO #1
———–
I have the 4 leaf/2 spine lab setup and I was able to get OSPF adjacency working with VLAN 100. I do agree that I do not have an MLAG based setup, though this should not get in the way of this setup workingIn my setup VTEP#1 and VTEP#4 are the OSPF speakers.

The configuration of the two VTEP’s in question is as below,

VTEP#1
——
vlan 100
name OSPF
!
interface Vlan100
description ***OSPF speaker***
ip address 100.100.100.1/24
!
router ospf 100
network 100.100.100.0/24 area 0.0.0.0
max-lsa 12000

!
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan vlan 10 vni 10010
vxlan vlan 11 vni 10011
vxlan vlan 100 vni 10100
vxlan vrf tenant-b vni 19000
!
router bgp 101
router-id 10.253.1.1
distance bgp 20 200 200
graceful-restart restart-time 300
graceful-restart
maximum-paths 4 ecmp 4
neighbor EVPN peer-group
neighbor EVPN remote-as 99
neighbor EVPN update-source Loopback0
neighbor EVPN ebgp-multihop 2
neighbor EVPN send-community extended
neighbor EVPN maximum-routes 12000
neighbor SPINE peer-group
neighbor SPINE remote-as 99
neighbor SPINE send-community
neighbor SPINE maximum-routes 25000
neighbor 10.0.0.0 peer-group SPINE
neighbor 10.0.0.8 peer-group SPINE
neighbor 10.254.1.1 peer-group EVPN
neighbor 10.254.1.2 peer-group EVPN
!
vlan 10
rd 1.1.1.1:10010
route-target both 10010:10010
redistribute learned
!
vlan 100
rd 1.1.1.1:10100
route-target both 10100:10100
redistribute learned

!
vlan 11
rd 1.1.1.1:10011
route-target both 10011:10011
redistribute learned
!
address-family evpn
bgp next-hop-unchanged
neighbor EVPN activate

VTEP#4
——

vlan 100
name OSPF

!
interface Vlan100
description ***OSPF speaker***
ip address 100.100.100.4/24

!
router ospf 100
network 100.100.100.0/24 area 0.0.0.0
max-lsa 12000

!
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan vlan 10 vni 10010
vxlan vlan 14 vni 10014
vxlan vlan 100 vni 10100
vxlan vrf tenant-b vni 19000
!
router bgp 104
router-id 10.253.1.4
distance bgp 20 200 200
graceful-restart restart-time 300
graceful-restart
maximum-paths 4 ecmp 4
neighbor EVPN peer-group
neighbor EVPN remote-as 99
neighbor EVPN update-source Loopback0
neighbor EVPN ebgp-multihop 2
neighbor EVPN send-community extended
neighbor EVPN maximum-routes 12000
neighbor SPINE peer-group
neighbor SPINE remote-as 99
neighbor SPINE send-community
neighbor SPINE maximum-routes 25000
neighbor 10.0.0.6 peer-group SPINE
neighbor 10.0.0.14 peer-group SPINE
neighbor 10.254.1.1 peer-group EVPN
neighbor 10.254.1.2 peer-group EVPN
!
vlan 10
rd 1.1.1.4:10010
route-target both 10010:10010
redistribute learned
!
vlan 100
rd 1.1.1.4:10100
route-target both 10100:10100
redistribute learned

!
vlan 14
rd 1.1.1.4:10014
route-target both 10014:10014
redistribute learned
!
address-family evpn
bgp next-hop-unchanged
neighbor EVPN activate
!
address-family ipv4
no neighbor EVPN activate
network 1.1.1.4/32
network 10.253.1.4/32
!
vrf tenant-b
rd 1.1.1.4:19000
route-target import 19000:19000
route-target export 19000:19000
redistribute connected

The following output verifies the OSPF adjacency,
DC1-Leaf-01.11:09:57# show ip ospf neighbor
Neighbor ID VRF Pri State Dead Time Address Interface
10.253.1.4 default 1 FULL/DR 00:00:32 100.100.100.4 Vlan100

DC1-Leaf-04.11:11:10#show ip ospf neighbor
Neighbor ID VRF Pri State Dead Time Address Interface
10.253.1.1 default 1 FULL/BDR 00:00:36 100.100.100.1 Vlan100

SCENARIO #2
———–

We now remove VTEP4 as an OSPF speaker and connect an external router to the VTEP 4 front panel ports via VLAN 100 and check if the OSPF adjacency comes up.

The configuration of VTEP#1 remains as is. We have modified the configuration of VTEP#4 and connected an external OSPF speaker via ethernet 6 on VTEP#4. The modified configuration of VTEP#4 is as below,

vlan 100
name OSPF

!
interface Vlan100
description ***OSPF speaker***
ip address 100.100.100.4/24

!
router ospf 100
network 100.100.100.0/24 area 0.0.0.0
max-lsa 12000

!
interface Ethernet6
switchport access vlan 100

!
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan vlan 10 vni 10010
vxlan vlan 14 vni 10014
vxlan vlan 100 vni 10100
vxlan vrf tenant-b vni 19000
!
router bgp 104
router-id 10.253.1.4
distance bgp 20 200 200
graceful-restart restart-time 300
graceful-restart
maximum-paths 4 ecmp 4
neighbor EVPN peer-group
neighbor EVPN remote-as 99
neighbor EVPN update-source Loopback0
neighbor EVPN ebgp-multihop 2
neighbor EVPN send-community extended
neighbor EVPN maximum-routes 12000
neighbor SPINE peer-group
neighbor SPINE remote-as 99
neighbor SPINE send-community
neighbor SPINE maximum-routes 25000
neighbor 10.0.0.6 peer-group SPINE
neighbor 10.0.0.14 peer-group SPINE
neighbor 10.254.1.1 peer-group EVPN
neighbor 10.254.1.2 peer-group EVPN
!
vlan 10
rd 1.1.1.4:10010
route-target both 10010:10010
redistribute learned
!
vlan 100
rd 1.1.1.4:10100
route-target both 10100:10100
redistribute learned

!
vlan 14
rd 1.1.1.4:10014
route-target both 10014:10014
redistribute learned
!
address-family evpn
bgp next-hop-unchanged
neighbor EVPN activate
!
address-family ipv4
no neighbor EVPN activate
network 1.1.1.4/32
network 10.253.1.4/32
!
vrf tenant-b
rd 1.1.1.4:19000
route-target import 19000:19000
route-target export 19000:19000
redistribute connected

DC1-Leaf-01.12:05:43#show ip ospf neighbor
Neighbor ID VRF Pri State Dead Time Address Interface
10.253.1.3 default 1 FULL/DR 00:00:30 100.100.100.3 Vlan100

Hi Ashish,

thank you very much for your detailed example – this helped me better understanding OSPF peering capabilities over a transfer vlan which is vxlan bridged (EVPN setup).

Nevertheless OSPF peering between 2 MLAG Pair Members using SVI interfaces carried over the MLAG peer link is not working in my production environment (DCS-7280SRAM-48C6-F, running EOS vers. 4.21.3F-10977770.4213F).

I have attempted to establish an OSPF adjaciency using SVIs as well as loopback interfaces – carried over the MLAG Peer link between the 2 MLAG Pair Members – without any success.

The OSPF Processes on the 2 MLAG peer members are stuck in “Exchange Start” and do not move into a FULL State.

What is also interesting, is that I have tested this very same Scenario in a GNS3 environment (using vEOS vers. 4.21.1F) and I can have 2 OSPF Processes running on the MLAG pair members moving into a FULL state using the MLAG Peer link.

Am I here missing something ? any suggestion ? is there any limitation that I should be aware of ?

thanks

(Carlo Taddei at May 18, 2019 6:33 am)

Post your Answer

You must be logged in to post an answer.