Understanding the MAC Addresses For a Default Virtual Gateway in an EVPN-VXLAN Overlay Network
In an Ethernet VPN-Virtual Extensible LAN (EVPN-VXLAN) centrally-routed bridging overlay (EVPN-VXLAN topology with a two-layer IP fabric), an MX Series router or a QFX10000 switch can function as a Layer 3 VXLAN gateway on which you can configure integrated routing and bridging (IRB) interfaces. The configuration of each IRB interface can also include a virtual gateway address (VGA), which creates a default Layer 3 virtual gateway with the specified IP address. Through the IRB interface with which it is configured, the default virtual gateway enables the communication between non-virtualized hosts, virtual machines (VMs), and servers in different VXLANs or IP subnetworks.
When you configure a VGA for an IRB interface, the Layer 3 VXLAN gateway automatically generates IPv4 media access control (MAC) address 00:00:5E:00:01:01 or IPV6 MAC address 00:00:5E:00:02:01 for that particular virtual gateway. (This topic refers to the virtual gateway MAC address as a virtual MAC.) The automatically generated virtual MAC is not included as the source MAC address in packets generated by the Layer 3 VXLAN gateway. Instead, data packets and the source MAC address field in the outer Ethernet header of Address Resolution Protocol (ARP) replies and neighbor advertisement packets include the MAC address for the IRB interface. (This topic refers to the MAC address for the IRB interface as the IRB MAC.)
When an ARP reply includes the IRB MAC as the source MAC address instead of the virtual MAC, an issue might arise in a centrally-routed bridging overlay. For example, in the overlay network shown in Figure 1, an MX Series router and a QFX10000 switch function as Layer 3 VXLAN gateways, and four QFX5100 switches function as Layer 2 VXLAN gateways. Also included in the overlay network are three intermediary Layer 2 switches, in this case, EX4300 switches, to which hosts are connected.
On the MX Series router, an IRB interface named irb.1 has a MAC address of 00:05:85:00:53:01 and a VGA of 10.2.1.254. The MX Series router automatically generates the MAC address 00:00:5e:00:01:01 for the default virtual gateway.
In this overlay network, irb.1 on the MX Series router receives an ARP request from host 1. In its ARP reply, the MX Series router includes the following:
Source MAC address in outer Ethernet header: 00:05:85:00:53:01 (IRB MAC) → intermediary Layer 2 switch EX1 learns this MAC address.
Sender MAC address within ARP reply packet: 00:00:5e:00:01:01 (virtual MAC) → intermediary Layer 2 switch EX1 cannot see this MAC address, and therefore, does not learn it.
When intermediary Layer 2 switch EX1 receives the ARP reply, it learns only the source MAC address (IRB MAC). As a result, if host 1 sends packets that include the virtual MAC in the header, EX1 is unable to find the virtual MAC in its MAC table. Therefore, EX1 floods the domain with unknown-unicast packets.
The flooding of unknown-unicast packets is not an issue in EVPN-VXLAN edge-routed bridging overlays (EVPN-VXLAN topologies with a collapsed IP fabric), in which a single layer of QFX10000 switches function as both Layer 3 and Layer 2 VXLAN gateways. In the edge-routed bridging overlay, hosts are directly connected to the Layer 3 and Layer 2 VXLAN gateways. Further, each IRB interface is typically configured with an IP address and a static MAC address. The configuration of each IRB interface on a particular VXLAN gateway is repeated on each gateway in the edge-routed bridging overlay. With the same MAC address configured for each IRB interface on each VXLAN gateway, each host uses the same MAC address when sending inter-VXLAN traffic regardless of where the host is located or which VXLAN gateway receives the traffic. These factors make the configuration of a default virtual gateway unnecessary. For more information about the edge-routed bridging overlay, see Example: Configuring an EVPN-VXLAN Edge-Routed Bridging Overlay Within a Data Center.
Starting with Junos OS Release 14.2R5 for MX Series routers and Junos OS Release 15.1X53-D63 for QFX10000 switches, you can explicitly configure an IPv4 or IPv6 MAC address for a default virtual gateway by using the virtual-gateway-v4-mac or virtual-gateway-v6-mac configuration statement at the [edit interfaces name irb unit logical-unit-number] hierarchy level. After you perform this configuration, the automatically generated virtual MAC is overridden by the configured virtual MAC. That is, when Layer 3 VXLAN gateway MX1 sends data packets, ARP replies, and neighbor advertisement packets, the configured virtual MAC is in the outer Ethernet header of these packets. As a result, interrmediary Layer 2 switch EX1 also learns the configured virtual MAC, thereby eliminating the possibility that the switch floods the domain with unknown-unicast packets.