VXLAN BGP EVPN - 4 - Route type 5

Joyal Mendonca
Data Center
Page content

In this post, we will demonstrate the need for BGP EVPN Route type 5

Problem statement

If you’ve been following this series so far, then in the previous post we achieved inter-vlan routing. Now, this is great but there is a corner case for which you might just need a tiny bit of extra configuration.

So let me explain the corner case:

  • Imagine tom, the client connected to leaf 102 on VLAN 200 is a silent host.
  • Tom will not send a GARP when it connects to the network
  • Leaf 102 will not learn the MAC or IP address of Tom and ultimately Leaf 101 will not see 192.168.22.22/32 in its RIB as we saw in the previous post.
  • If Leaf 101 doesn’t have 192.168.22.22/32 in its RIB, then ping from Alice to tom will not work as Leaf 101 will not find any match for 192.168.22.22 in its RIB and packets will be dropped.

Let’s replicate this scenario in our lab.

  • I couldn’t find a way to turn off GARP from tom, so I just went and shut down tom for this corner case.
  • After a few minutes, you will see vrf’s RIB on leaf 101. You can see below that 192.168.22.22 is missing.
leaf-101# show ip route vrf PRD_Tenant 
IP Route Table for VRF "PRD_Tenant"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

192.168.11.0/24, ubest/mbest: 1/0, attached
    *via 192.168.11.1, Vlan10, [0/0], 00:57:23, direct
192.168.11.1/32, ubest/mbest: 1/0, attached
    *via 192.168.11.1, Vlan10, [0/0], 00:57:23, local
192.168.11.11/32, ubest/mbest: 1/0, attached
    *via 192.168.11.11, Vlan10, [190/0], 00:48:17, hmm

Now if you start a ping from Alice to tom:

Well, the below is expected since we shut down tom but if you start a PCAP and look at eth 1/1 and eth 1/2 on leaf 101, you will not see the ICMP request encapsulated and sent to leaf 102 as per symmetric IRB.

alice#ping 192.168.22.22 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.22.22, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Control plane - Route type 5

If we can somehow make the encapsulated ICMP request reach leaf 102, it will be able to wake up the silent host (tom) by generating an ARP request. Tom can then send an ARP reply and the fabric will learn about Tom and ultimately the balance is restored in the universe.

So the solution is pretty simple.

VXLAN_underlay

Remember we have used the above workflow in the previous post.

Observe the numbering cause we will be concentrating only on the RED highlighted part.

  1. At first, Leaf-102 redistributes the local network of SVI VLAN 200 (192.168.22.0/24) from RIB into BGP via route-map.

Leaf 102

route-map tom-SVI permit 10
  match tag 222 
      redistribute direct route-map tom-SVI


interface Vlan200
  no shutdown
  vrf member PRD_Tenant
  ip address 192.168.22.1/24 tag 222
  fabric forwarding mode anycast-gateway


router bgp 65501
  vrf PRD_Tenant
    address-family ipv4 unicast
      advertise l2vpn evpn
    redistribute direct route-map tom-SVI
  1. The update is sent as a BGP EVPN route-type 5 (Prefix advertisement route).

VXLAN_underlay

  1. BGP EVPN route-type 5 update carries only RT 65501:10099. The RD carried in NLRI is generated based on BGP RID and VRF Id.

The BGP RIB of Leaf-101 concerning 192.168.22.0/24.

leaf-101# show bgp l2vpn evpn 192.168.22.0

<snipped>

Route Distinguisher: 172.16.50.101:3    (L3VNI 10099)
BGP routing table entry for [5]:[0]:[0]:[24]:[192.168.22.0]/224, version 69
Paths: (1 available, best #1)
Flags: (0x000002) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW

  Advertised path-id 1
  Path type: internal, path is valid, is best path, no labeled nexthop
             Imported from 172.16.50.102:3:[5]:[0]:[0]:[24]:[192.168.22.0]/224 
  Gateway IP: 0.0.0.0
  AS-Path: NONE, path sourced internal to AS
    172.16.100.102 (metric 81) from 172.16.50.11 (172.16.50.11)
      Origin incomplete, MED 0, localpref 100, weight 0
      Received label 10099
      Extcommunity: RT:65501:10099 ENCAP:8 Router MAC:5002.0000.1b08
      Originator: 172.16.50.102 Cluster list: 172.16.50.11 

  Path-id 1 not advertised to any peer
  1. Leaf-101 checks if the Next Hop received in the above NLRI is reachable. If yes, it installs a route into RIB from the BGP RIB.
leaf-101# show ip route vrf PRD_Tenant 
IP Route Table for VRF "PRD_Tenant"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

192.168.11.0/24, ubest/mbest: 1/0, attached
    *via 192.168.11.1, Vlan10, [0/0], 01:00:34, direct
192.168.11.1/32, ubest/mbest: 1/0, attached
    *via 192.168.11.1, Vlan10, [0/0], 01:00:34, local
192.168.11.11/32, ubest/mbest: 1/0, attached
    *via 192.168.11.11, Vlan10, [190/0], 00:51:28, hmm
192.168.22.0/24, ubest/mbest: 1/0
    *via 172.16.100.102%default, [200/0], 00:00:03, bgp-65501, internal, tag 655
01, segid: 10099 tunnelid: 0xac106466 encap: VXLAN

Data plane

Now let’s ping tom from Alice.

alice#ping 192.168.22.22 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.22.22, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

The ping still fails since I have shut down tom but this time we can see Leaf 101 encapsulating the ICMP request and sending it across to Leaf 102 to carry out the rest of the steps for symmetric IRB and ultimately waking up Tom to respond to the ping request.

The below PCAP was captured on the uplink of Leaf 101.

VXLAN_underlay