[FROG] Setting defaults for autodetected VRFs/VxLANx

Alexis Bauvin abauvin at scaleway.com
Mon Jul 15 07:57:54 EDT 2019


Hello!

> My question is: should it be made possible (or maybe it is already
> possible?) to set default attributes for VRF/EVPNs that FRR autodetects?
> So that one could add something like this just once:

The issue with this is, with several VNIs provisioned in the VRF, how would
you know which one is to be the L3VNI? As far as the interface "topology" goes
in the Kernel, nothing differentiates a L2VNI from a L3VNI, except that a
L2VNI may eventually have other interfaces enslaved to its bridge to be useful.
But there can always be a moment where even a L2VNI only has a single
interface, the VXLAN one (e.g. during provisioning).
TL;DR: how do you reliably discriminate the proper VNI?

> On a related note, I understand that currently FRR can fetch FDB only
> from 'bridge' interfaces, but not directly from VxLAN interfaces.

Partially correct: only bridges interfaces have a FDB (Forwarding DataBase),
because a FDB is what makes a bridge a switch, and VXLAN interfaces don’t.
The FDB is needed because type 3 (VTEP) routes are installed in the FDB on
the port corresponding to the VXLAN interface. And in L3VNI mode, to be able
to route a packet, the data needed comes from three places:
- Next hop IP comes from the routing table
- Next hop MAC comes from the neighbor table
- VTEP IP comes from the FDB, where the router’s MAC (or the type 3 route) is
  installed
So sadly, the bridge is needed.

> Thank you, and don't get too angry if I am messing things up: I am
> pretty new to this.

Don’t worry, EVPN L3 is tricky :)

Alexis

> Le 15 juil. 2019 à 12:13, Eugene Crosser <crosser at average.org> a écrit :
> 
> Hello all,
> 
> we are trying use BGP-EVPN + VRF on Linux in L3 mode. For each VPN
> instance, we add two snippets into the FRR configuration:
> 
> Snippet 1:
> ====
> vrf <vrf-iface-name>
>  vni <vni> prefix-routes-only
> exit-vrf
> ====
> 
> Snippet 2:
> ====
> router bgp 64512 vrf <vrf-iface-name>
>  bgp router-id 169.254.0.1
>  !
>  address-family ipv4 unicast
>    redistribute kernel
>  exit-address-family
>  !
>  address-family l2vpn evpn
>    advertise ipv4 unicast
>  exit-address-family
> ====
> 
> Our use case requires dynamic creation and removal of VRF instances on
> demand. I understand that FRRouting can autodetect VRF+VxLAN interface
> groups that are already present in the system and start serving them,
> but only as "classic" L2VPNs.
> 
> My question is: should it be made possible (or maybe it is already
> possible?) to set default attributes for VRF/EVPNs that FRR autodetects?
> So that one could add something like this just once:
> 
> ====
> vrf DEFAULT
>  vni AUTODETECT prefix-routes-only
> exit-vrf
> ====
> ====
> router bgp 64512 vrf DEFAULT
>  bgp router-id 169.254.0.1
>  !
>  address-family ipv4 unicast
>    redistribute kernel
>  exit-address-family
>  !
>  address-family l2vpn evpn
>    advertise ipv4 unicast
>  exit-address-family
> ====
> 
> and then all newly created VRF+VxLAN groups would be automatically
> picked up by FRR and configured as L3 EVPNs, without the need to rewrite
> configuration file and restart the daemon.
> 
> Does this make sense or am I missing something?
> 
> On a related note, I understand that currently FRR can fetch FDB only
> from 'bridge' interfaces, but not directly from VxLAN interfaces. So
> VxLAN interface cannot be directly enslaved into the VRF interface, but
> instead we have to add an intermediate bridge: "vrfXX---brXX---vxlanXX".
> (while client interfaces are directly enslaved into the VRF interface).
> In such setup, 'br' interface seems unnecessary. Should it be made
> possible to avoid this redundant 'br' interface?
> 
> Thank you, and don't get too angry if I am messing things up: I am
> pretty new to this.
> 
> Eugene
> 
> _______________________________________________
> frog mailing list
> frog at lists.frrouting.org
> https://lists.frrouting.org/listinfo/frog




More information about the frog mailing list