Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[QFX] Unable to ping the IRB Virtual Gateway Address from the host in EVPN-VXLAN setup

0

0

Article ID: KB34355 KB Last Updated: 13 Jun 2019Version: 1.0
Summary:

This is related to the EVPN-VXLAN setup in the SPINE/LEAF architecture. If we have the IRB/L3 gateway for the VLANs on the spines, we configure the Virtual Gateway Address for the IRB along with the Physical IP address for the IRB.

The issue is seen even with the parameter 'virtual-gateway-accept-data' configured:

#set interfaces irb unit 100 virtual-gateway-accept-data
Symptoms:

Conditions:

  • This is related to the EVPN-VXLAN setup in the leaf-spine architecture.
  • The IRB/L3 gateway for the VLANs is on the spines.
  • The Virtual Gateway Address for the IRB is configured along with the Physical IP address for the IRB. 
  • The issue is seen even with the parameter "virtual-gateway-accept-data" configured.
    #set interfaces irb unit 100 virtual-gateway-accept-data

Ping failures:

  1. The hosts (e.g. Server A) are unable to ping the Virtual Gateway Address/Virtual IP (VIP) for the IRB.
     
  2. Ping from the spine, sourced from the VIP (192.168.10.1 in this case) of the IRB fails.
    root@SPN01> ping 192.168.10.10 source 192.168.10.1 routing-instance TEST
    Apr 25 12:19:00
    PING 192.168.10.10 (192.168.10.10): 56 data bytes
    ^C
    --- 192.168.10.10 ping statistics ---
    5 packets transmitted, 0 packets received, 100% packet loss
  3. The physical IP address (e.g. 192.168.10.2) of the IRB is pingable from the host for both the spines and vice-versa.
     
  4. ARP requests from the host are not received on the Spine's RE.
Cause:

In an VXLAN-EVPN environment, it is mandatory to have the loopback interface configured for each routing-instance for the layer 3 connectivity to function as expected.

Note: When setting up a routing instance for EVPN-VXLAN, you must include a loopback interface. You must also specify an IP address for the interface using set interfaces lo0 unit logical-unit-number family inet address ip-address/prefix. If you inadvertently omit the loopback interface and associated IP address, EVPN control packets cannot be processed.

Solution:

On the spine, configure the loopback interface under the routing-instance as follows:

# set interfaces irb unit 100 virtual-gateway-accept-data 
# set interface lo0 unit 1 family inet
# set routing-instance TEST interface lo0.1
# commit

For more information, refer to Example: Configuring IRB Interfaces in an EVPN-VXLAN Environment to Provide Layer 3 Connectivity for Hosts in a Data Center.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search