[FROG] l2vpn evpn, vxlan without bridge.

Alexis Bauvin abauvin at scaleway.com
Mon May 18 06:16:41 EDT 2020


Hi,

Short answer: no, you cannot avoid the bridge. You can however avoid the
dummy interface.

Long answer: the bridge is a requirement set by how vxlan works in general,
and more specifically in the Linux kernel. VXLAN with BGP-EVPN works with
type-2 and type-3 routes to announce VTEPS and remote MACs.
On your machine, the kernel needs to store them in a way or another. And it
so happens that it already had a mechanism for storing where a MAC has been
seen, where it is and on which port: enter the FDB.
Rather than duplicating this mechanism for VXLAN interfaces, kernel guys
decided to extend bridges’ FDB to contain VXLAN type-2 and type-3 routes.
When FRR receives one such route, it is sent over to the kernel, into the
bridge’s FDB.

You can see the entries with the `bridge fdb show` command, where you’ll
see entries like

00:00:00:00:00:00 dev vxlan3052 dst 10.42.74.39 self permanent
00:00:00:00:00:00 dev vxlan3052 dst 10.42.74.167 self permanent
00:00:00:00:00:00 dev vxlan3052 dst 10.42.74.207 self permanent

which are type-3 routes once inserted into the kernel, indicating that
the vxlan3052 port of the parent bridge has several remote vteps (they
will catch BUM packets), and entries like

02:00:00:aa:bb:cc dev vxlan3052 dst 10.42.78.167 self extern_learn
02:00:00:aa:bb:cc dev vxlan3052 extern_learn master br3052

which are type-2 routes once inserted into the kernel, in br3052’s fdb.
it indicates to the bridge that the MAC 02:00:00:aa:bb:cc should be sent
through it’s vxlan3052 port (just like any old bridge port), with the extra
metadata of it being sent to a specific IP address.

So to sum up, the bridge is required because it’s what holds evpn routes
in the kernel.

Alexis


> Le 18 mai 2020 à 09:50, Erwan David <erwan at rail.eu.org> a écrit :
> 
> Hi,
> 
> I set up FRR routers as VTEP for a setting where all trafic on the vxlan
> will originate on the routers.
> I setup the BGP l2vpn evpn family address, but I cannot get FRR to
> announce its routes (type 2 or type 3) if the vxlan interface is not in
> bridge.
> I end up bridging it with a dummy interface, but for me it is an ugly
> workaround.
> Is there a way to avoid this bridge ?
> 
> -- 
> Erwan David
> 
> _______________________________________________
> frog mailing list
> frog at lists.frrouting.org
> https://lists.frrouting.org/listinfo/frog




More information about the frog mailing list