Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
817
Views
0
Helpful
4
Replies

ASR9000 EVPN MPLS IRB ANYCAST

rs lasersailing
Level 1
Level 1

‎05-11-2022 07:23 AM

Hi

 

I have 2 ASR9000 running 6.4.2 SP10 which im trying to bring up an EVPN Anycast IRB setup in the default routing table.

 

Ive created the EVPN and have 2 hosts, one behind either PE and they can see each other at layer2 and communicate across the EVPN fine.  Ive also added anycast IRB GW's on both of the PE's but PE-A cant see the ARP for the test host behind PE-B and vice-versa.

 

PE-1

----

RP/0/RSP0/CPU0:PE-A#show evpn evi mac
Wed May 11 15:10:39.115 BST

EVI        MAC address    IP address                               Nexthop                                 Label
---------- -------------- ---------------------------------------- --------------------------------------- --------
1000       0015.c546.ffb6 xxx.xxx.17.51                             Bundle-Ether1000.400                    24073
1000       0021.70c6.435a xxx.xxx.17.50                             xxx.xxx.115.216                         24012
RP/0/RSP0/CPU0:PE-A#sh arp
Wed May 11 15:12:11.018 BST

-------------------------------------------------------------------------------
0/1/CPU0
-------------------------------------------------------------------------------
Address         Age        Hardware Addr   State      Type  Interface
xxx.xxx.17.49    -          0000.3030.0001  Interface  ARPA  BVI1000
xxx.xxx.17.51    00:00:24   0015.c546.ffb6  Dynamic    ARPA  BVI1000
RP/0/RSP0/CPU0:PE-A#
interface BVI1000
interface BVI1000 host-routing
interface BVI1000 ipv4 address xxx.xxx.17.49/29
interface BVI1000 mac-address 0.3030.1

l2vpn bridge group CUST-1000
l2vpn bridge group CUST-1000 bridge-domain CUST-1000
l2vpn bridge group CUST-1000 bridge-domain CUST-1000 mac withdraw state-down
l2vpn bridge group CUST-1000 bridge-domain CUST-1000 interface Bundle-Ether1000.400
l2vpn bridge group CUST-1000 bridge-domain CUST-1000 routed interface BVI1000
l2vpn bridge group CUST-1000 bridge-domain CUST-1000 evi 1000

evpn evi 1000
evpn evi 1000 bgp
evpn evi 1000 bgp route-target import 1000:1
evpn evi 1000 bgp route-target export 1000:1
RP/0/RSP0/CPU0:PE-A#sh run int BVI1000
Wed May 11 15:18:24.560 BST
interface BVI1000
 host-routing
 ipv4 address xxx.xxx.17.49/29
 mac-address 0.3030.1
!

Then on PE-B I see the opposite in terms of the ARP:

RP/0/RSP0/CPU0:PE-B#sh arp
Wed May 11 15:15:34.789 BST

-------------------------------------------------------------------------------
0/3/CPU0
-------------------------------------------------------------------------------
Address         Age        Hardware Addr   State      Type  Interface
xxx.xxx.17.49    -          0000.3030.0001  Interface  ARPA  BVI1000
xxx.xxx.17.50    00:00:10   0021.70c6.435a  Dynamic    ARPA  BVI1000
RP/0/RSP0/CPU0:PE-B#show evpn evi mac
Wed May 11 15:16:40.858 BST

EVI        MAC address    IP address                               Nexthop                                 Label
---------- -------------- ---------------------------------------- --------------------------------------- --------
1000       0015.c546.ffb6 xxx.xxx.17.51                             xxx.xxx.175.229                          24073
1000       0021.70c6.435a xxx.xxx.17.50                             Bundle-Ether1000                        24012

Im sure im missing something simple but would be keen to hear from others as to what it is ive missed??

RP/0/RSP0/CPU0:PE-B#sh run int BVI1000
Wed May 11 15:18:58.245 BST
interface BVI1000
 host-routing
 ipv4 address xxx.xxx.17.49/29
 mac-address 0.3030.1
!

I can see all of the Routes in EVPN and that shows that I can ping from test host xxx.xxx.17.50 to xxx.xxx.17.51 but it seems to be an ARP mapping from the BVI to the MAC's learnt in EVPN.

 

Any assistance would be gratefully received or if any further info needed can provide.

 

Thanks

 

Richard

Labels:
0 Helpful
4 Replies 4

tkarnani
Cisco Employee
Cisco Employee

‎05-11-2022 09:01 AM

can you try adding "split-horizon group core" just to see if it makes a difference?

 

0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# l2vpn  
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group irb
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain irb1
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface bundle-Ether3.1001
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# routed interface BVI100
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-bvi)# split-horizon group core
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-bvi)# evi 10001

https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5xx/l2vpn/65x/b-l2vpn-cg-65x-ncs540/b-l2vpn-cg-65x-ncs540_chapter_01000.html

 

thanks

0 Helpful

rs lasersailing
Level 1
Level 1
In response to tkarnani

‎05-11-2022 09:52 AM

Hi @tkarnani 

Thanks for the suggestion, just added that and no luck. still no ARP

 

RP/0/RSP0/CPU0:PE-1#sh arp
Wed May 11 17:50:18.991 BST

-------------------------------------------------------------------------------
0/1/CPU0
-------------------------------------------------------------------------------
Address         Age        Hardware Addr   State      Type  Interface
xxx.xxx.17.49    -          0000.3030.0001  Interface  ARPA  BVI1000
xxx.xxx.17.51    00:00:28   0015.c546.ffb6  Dynamic    ARPA  BVI1000
l2vpn bridge group CUST-1000
l2vpn bridge group CUST-1000 bridge-domain CUST-1000
l2vpn bridge group CUST-1000 bridge-domain CUST-1000 mac withdraw state-down
l2vpn bridge group CUST-1000 bridge-domain CUST-1000 interface Bundle-Ether1000.400
l2vpn bridge group CUST-1000 bridge-domain CUST-1000 routed interface BVI1000
l2vpn bridge group CUST-1000 bridge-domain CUST-1000 routed interface BVI1000 split-horizon group core
l2vpn bridge group CUST-1000 bridge-domain CUST-1000 evi 1000

 

 

0 Helpful

tkarnani
Cisco Employee
Cisco Employee
In response to rs lasersailing

‎05-11-2022 10:23 AM - edited ‎05-11-2022 10:33 AM

can we check, i want to verify that the local/remote ESI are the same

 

show evpn evi vpn-id 1000 mac ipv4 x.x.x.x detail

 

did you also have this?

 

evpn evi 1000
evpn evi 1000 bgp
<<<< advertise-mac >>>

 

Thanks

 

thanks

0 Helpful

rs lasersailing
Level 1
Level 1

‎05-12-2022 09:38 AM

Hi @tkarnani 

 

Maybe ive mis-understood but the ESI should be unique to the Datacenter where the hosts are multi-homed.  Ive created the diagram to show the setup that im trying to get working:

 

EVPN IRB Anycast.png

 

Here is the output:

 

RP/0/RSP0/CPU0:PE1#show evpn evi vpn-id 1000 mac ipv4 xxx.xxx.17.50 detail
Thu May 12 17:21:05.469 BST

EVI        MAC address    IP address                               Nexthop                                 Label
---------- -------------- ---------------------------------------- --------------------------------------- --------
1000       0021.70c6.435a xxx.xxx.17.50                             xxx.xxx.115.216                         24012
   Ethernet Tag                            : 0
   Multi-paths Resolved                    : True
   Local Static                            : No
   Remote Static                           : No
   Local Ethernet Segment                  : N/A
   Remote Ethernet Segment                 : 00aa.aaaa.0333.1122.1000
   Local Sequence Number                   : N/A
   Remote Sequence Number                  : 0
   Local Encapsulation                     : N/A
   Remote Encapsulation                    : MPLS
RP/0/RSP0/CPU0:PE1#show evpn evi vpn-id 1000 mac ipv4 xxx.xxx.17.51 detail
Thu May 12 17:21:11.168 BST

EVI        MAC address    IP address                               Nexthop                                 Label
---------- -------------- ---------------------------------------- --------------------------------------- --------
1000       0015.c546.ffb6 xxx.xxx.17.51                             Bundle-Ether1000.400                    24073
   Ethernet Tag                            : 0
   Multi-paths Resolved                    : False
   Local Static                            : No
   Remote Static                           : No
   Local Ethernet Segment                  : 00aa.aaaa.0344.1122.1000
   Remote Ethernet Segment                 : N/A
   Local Sequence Number                   : 744
   Remote Sequence Number                  : N/A
   Local Encapsulation                     : N/A
   Remote Encapsulation                    : N/A

I did try with the advertise-mac command but as per the lab guide here on page 19 it says for anycast GW that the advertise-mac should not be enabled:

 

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/LTRSPG-2968-LG.pdf

 

Ive also been doing some further testing and when I shutdown BVI1000 on PE2 everything works and both test laptops can ping each other and all hosts on the wider internet.  As soon as I bring up BVI1000 on PE2 things stop working again.

 

Maybe im missing something but from the docs from what I have read that is the whole point of having anycast gatyeway across multiple DC's.

 

See what you think of the above and let me know what you think?

 

Thanks again for you assistance on this one and happy to provide any more debug if required.

 

Richard

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents