Understanding When to Disable EVPN-VXLAN Core Isolation
By default, QFX10000, QFX5100, QFX5110, QFX5200, and QFX5210 switches that act as spine and leaf devices in an EVPN-VXLAN overlay network implement the core isolation feature. If one of these QFX switches loses all of its EVPN internal BGP (IBGP) peering sessions, the core isolation feature, working in conjunction with Link Aggregation Control Protocol (LACP), automatically brings down all Layer 2 Ethernet Switch Identifier (ESI) link aggregation group (LAG) interfaces on the switch.
In some situations, the core isolation feature produces a favorable outcome. However, in other situations, the feature produces an undesired outcome, which you can prevent by disabling the feature.
This topic provides the following information:
Use Case 1: When to Use the Core Isolation Feature
Figure 1 displays a topology in which two QFX10000 switches act as spine devices that form an EVPN-VXLAN core. In this topology, six QFX5110 switches that act as leaf devices are multihomed in active-active mode to the spine devices, and in turn, each server is multihomed through ESI-LAG interfaces to two leaf devices.
LACP, which is configured on the spine and leaf devices, monitors the links for failures. If the links between Leaf 1 and the two spine devices go down, the IBGP peering sessions established over the links also go down. With the core isolation feature enabled by default, LACP sets the server-facing interface on Leaf 1 to standby mode, which blocks all traffic from the server. In this situation, the default implementation of the core isolation feature provides the following benefits:
With the links from Leaf 1 to both spine devices down, it does not make sense for the server to continue forwarding traffic to Leaf 1.
Traffic from the server is diverted to Leaf 2 until the links between Leaf 1 and the two spine devices are up again.
Use Case 2: When to Disable the Core Isolation Feature
The topology shown in Figure 2 is migrating from multichassis link aggregation (MC-LAG) and Virtual Chassis environments to an EVPN-VXLAN environment. In this topology, the only EVPN-VXLAN components are two QFX10000 switches that act as spine devices. The QFX5110 switches that act as leaf (MC-LAG and Virtual Chassis) devices are multihomed in active-active mode through ESI-LAG interfaces to the spine devices.
LACP, which is configured on the spine and leaf devices, monitors the links for failures. If the link between Spine 0 and Spine 1 goes down, the last established IBGP peering session also goes down. With the core isolation feature enabled by default, LACP sets the leaf-facing interfaces on Spines 0 and 1 to standby mode, which causes data traffic to and from both leaf devices to be dropped. With the core isolation feature implemented at the leaf device level, traffic within the data center would essentially be halted, which is an undesired outcome.
Starting with Junos OS Release 17.3R3 on QFX10000, QFX5100, QFX5110, and QFX5200 switches, you can issue the no-core-isolation configuration statement at the [edit protocols evpn] hierarchy level on each spine device to disable the core isolation feature.
When you issue the no-core-isolation configuration statement at the [edit protocols evpn] hierarchy level, the configuration statement is included in the default-switch routing instance of the QFX switches.