Hello!
My question is: should it be made possible (or maybe it is already possible?) to set default attributes for VRF/EVPNs that FRR autodetects? So that one could add something like this just once:
The issue with this is, with several VNIs provisioned in the VRF, how would you know which one is to be the L3VNI? As far as the interface "topology" goes in the Kernel, nothing differentiates a L2VNI from a L3VNI, except that a L2VNI may eventually have other interfaces enslaved to its bridge to be useful. But there can always be a moment where even a L2VNI only has a single interface, the VXLAN one (e.g. during provisioning). TL;DR: how do you reliably discriminate the proper VNI?
On a related note, I understand that currently FRR can fetch FDB only from 'bridge' interfaces, but not directly from VxLAN interfaces.
Partially correct: only bridges interfaces have a FDB (Forwarding DataBase), because a FDB is what makes a bridge a switch, and VXLAN interfaces don’t. The FDB is needed because type 3 (VTEP) routes are installed in the FDB on the port corresponding to the VXLAN interface. And in L3VNI mode, to be able to route a packet, the data needed comes from three places: - Next hop IP comes from the routing table - Next hop MAC comes from the neighbor table - VTEP IP comes from the FDB, where the router’s MAC (or the type 3 route) is installed So sadly, the bridge is needed.
Thank you, and don't get too angry if I am messing things up: I am pretty new to this.
Don’t worry, EVPN L3 is tricky :) Alexis
Le 15 juil. 2019 à 12:13, Eugene Crosser <crosser@average.org> a écrit :
Hello all,
we are trying use BGP-EVPN + VRF on Linux in L3 mode. For each VPN instance, we add two snippets into the FRR configuration:
Snippet 1: ==== vrf <vrf-iface-name> vni <vni> prefix-routes-only exit-vrf ====
Snippet 2: ==== router bgp 64512 vrf <vrf-iface-name> bgp router-id 169.254.0.1 ! address-family ipv4 unicast redistribute kernel exit-address-family ! address-family l2vpn evpn advertise ipv4 unicast exit-address-family ====
Our use case requires dynamic creation and removal of VRF instances on demand. I understand that FRRouting can autodetect VRF+VxLAN interface groups that are already present in the system and start serving them, but only as "classic" L2VPNs.
My question is: should it be made possible (or maybe it is already possible?) to set default attributes for VRF/EVPNs that FRR autodetects? So that one could add something like this just once:
==== vrf DEFAULT vni AUTODETECT prefix-routes-only exit-vrf ==== ==== router bgp 64512 vrf DEFAULT bgp router-id 169.254.0.1 ! address-family ipv4 unicast redistribute kernel exit-address-family ! address-family l2vpn evpn advertise ipv4 unicast exit-address-family ====
and then all newly created VRF+VxLAN groups would be automatically picked up by FRR and configured as L3 EVPNs, without the need to rewrite configuration file and restart the daemon.
Does this make sense or am I missing something?
On a related note, I understand that currently FRR can fetch FDB only from 'bridge' interfaces, but not directly from VxLAN interfaces. So VxLAN interface cannot be directly enslaved into the VRF interface, but instead we have to add an intermediate bridge: "vrfXX---brXX---vxlanXX". (while client interfaces are directly enslaved into the VRF interface). In such setup, 'br' interface seems unnecessary. Should it be made possible to avoid this redundant 'br' interface?
Thank you, and don't get too angry if I am messing things up: I am pretty new to this.
Eugene
_______________________________________________ frog mailing list frog@lists.frrouting.org https://lists.frrouting.org/listinfo/frog