Can I do this in EVPN? (Multihome to more different CEs)
athompson at merlin.mb.ca
Thu Feb 9 21:46:44 UTC 2023
The solution we've deployed is to use a VXLAN termination device at each location requiring multi-path redundancy.
Run VXLAN over isolated L3 domains, let IS-IS or OSPF handle path selection, including ECMP if desired.
If multi-chassis redundancy is required, pick a platform that can do MLAG or similar.
So for example, I have two sites with multiple VLANs needing to be interconnected, and for whatever reason I can't just use a LAG (distance, lack of transparent L2 service, whatever).
We would put an Arista 7k-series pizzabox at each end, one end could be an MLAG pair. Terminate two L2 or L3 services on the singleton box, terminate each service onto one half of the MLAG pair at the other site. Run an IGP (ideally IS-IS with BFD, but YMNV) and ECMP and happens automatically, as does handling single-path failures.
This could equally be a MLAG-to-MLAG setup if you have too much money and need to use some up.
Cisco vPC does essentially the same thing, as does Juniper's VC. Extreme has something similar, too.
STP does not get transported across the VXLAN transport, so you now avoid all the inherent problems with long-distance or multi-site STP bridging.
Consultant, Infrastructure Services
100 - 135 Innovation Drive
Winnipeg, MB R3T 6A8
(204) 977-6824 or 1-800-430-6404 (MB only)
Chat with me on Teams: athompson at merlin.mb.ca
> -----Original Message-----
> From: NANOG <nanog-bounces+athompson=merlin.mb.ca at nanog.org> On
> Behalf Of Jason R. Rokeach via NANOG
> Sent: February 9, 2023 1:11 PM
> Cc: nanog at nanog.org
> Subject: Re: Can I do this in EVPN? (Multihome to more different CEs)
> VPLS doesn't handle loop avoidance. At least, not apart from split
> horizon rules.
> I assume that them properly connecting routers only and doing dynamic
> routing over your service is out of the question? (Even _just_ doing
> this doesn't completely solve the challenge though.)
> It sounds to me like your customer is needing two separate services.
> One to provide connectivity to other sites at layer 2, and another to
> provide backup connectivity within their single campus at layer 2. I
> would suggest that you treat these as two separate services, because
> there's nothing in EVPN that's going to notice on the PE side of the
> equation that the customer has a break in the middle of their
> Maybe consider offering these two services in combination:
> 1) layer 2 VPN service (VPWS / single pseudowire) between the two
> sides of their campus. You would need to ensure L2CP transparency (or
> tunneling) for STP and they would need to run STP across the link to
> keep their campus whole
> 2) EVPN with ESI in single-active mode, as you had mentioned.
> ------- Original Message -------
> On Thursday, February 9th, 2023 at 11:56 AM, Simon Lockhart
> <simon at slimey.org> wrote:
> > On Thu Feb 09, 2023 at 11:54:28AM -0500, Shawn L wrote:
> > > You should be able to setup a VPLS between 3 (or more) devices.
> Something like this --
> > [snip]
> > Thanks - I'm not committed to EVPN, so VPLS could work too. Would
> > handle loop avoidance for me? (i.e. if I have two VPLS PE
> connections into
> > the same broadcast domain on the customer side)
> > Simon
> Jason R. Rokeach
> m: 603.969.5549
> e: jason at rokea.ch
> tg: jasonrokeach
> Sent with ProtonMail secure email. Get my PGP Public Key.
More information about the NANOG