Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Layer 2 Interface Status Tracking and Shutdown Actions for EVPN Core Isolation Conditions

You can configure a device in an EVPN network to track the status of Layer 2 (L2) device interfaces, detect EVPN core isolation conditions, and take action to shut down the associated interfaces.

Starting in Junos OS and Junos OS Evolved Release 23.2R1, you can configure a provider edge (PE) device in an EVPN network to:

  • Enable L2 interface service tracking to detect when the device becomes isolated from the EVPN core (a core isolation condition).

  • Immediately take action to perform a hard shutdown or set Link Aggregation Control Protocol (LACP) out-of-sync state on the associated interface or interfaces to single-homed or multihomed customer edge (CE) devices.

    The interfaces might be single physical links, single-homed link aggregation group (LAG) interface bundles, or EVPN segment identifier (ESI) LAG interface bundles.

  • Set a timer to delay before bringing associated interfaces up again when the device is no longer isolated from the core.

Benefits

  • Provides configurable settings to help avoid traffic loss for single-homed or multihomed CE devices during route convergence when a PE device becomes isolated from the EVPN core.

Overview

In EVPN networks, a PE device can become isolated from the EVPN core. That device might have single-homed or multihomed CE devices connected to it.

When the PE device detects it is in a core isolation condition, usually the LACP protocol sets the ESI LAG interfaces to LACP out-of-sync state. That state should trigger the CE device to bring down the interface on the CE side as well. However, the CE device might not bring down the link immediately. Slower LACP responsiveness on the CE side can cause a delay in route convergence and, as a result, some traffic loss. To similarly avoid traffic loss, single-homed CE devices with active-backup link bundles to a PE device also need an immediate action on the active link to trigger a switchover to the backup link.

With this feature, to avoid traffic loss in these core isolation situations, you can configure an immediate action the PE device takes on the associated interface or interfaces to the attached CE devices. You can set the action to either bring an interface down immediately with a hard shutdown, or continue to rely on LACP out-of-sync signaling.

When the PE device recovers its BGP sessions to the EVPN core and is no longer isolated, the LACP protocol on the device immediately brings the associated ESI LAG interfaces up. However, the PE device might still be synchronizing routes from its multhoming peer PE devices. In that case, the multihomed CE device can also lose traffic.

As a result, with this feature you can also set a delay time before the device brings the interface up again after the device becomes reconnected to the core.

To set up core isolation service tracking, you configure a network isolation group at the [edit protocols network-isolation group network-isolation-group-name] hierarchy level. In the network isolation group configuration, set options in the detection and service-tracking-action stanzas, as follows (see the highlighted statements):

Note:

The configuration hierarchy above shows only the options relevant to the core isolation service tracking feature. The [edit protocols network-isolation group network-isolation-group-name] hierarchy includes other options for other features that we don't cover here.

You assign the network isolation group as a network isolation profile to the interface or interfaces the device should shut down upon detecting a core isolation condition. To do this, you configure the network-isolation-profile network-isolation-group-name statement at the [edit interfaces interface-name] hierarchy.

You can enable core isolation service tracking for the following types of Layer 2 (L2) interfaces:

  • A logical single link or aggregated Ethernet (AE) link bundle (LAG) to a single-homed customer edge device in the network.

  • An Ethernet segment identifier (ESI) LAG interface to a multihomed customer edge device in the network.

  • A physical interface.

See Configure Core Isolation Service Tracking and Actions for an L2 Interface for the steps to configure this feature.

Behavior and Limitations

Note the following runtime behaviors and limitations with this feature:

  • The network isolation group configuration detection stanza also has a link-tracking option to determine the state of a Layer 3 (L3) integrated routing and bridging (IRB) interface after network isolation conditions change. (See Set Network Isolation Status Parameters Used to Determine the IRB Interface State).

    In contrast, the service-tracking option tracks L2 interface status and performs the configured service-tracking-action on those L2 interfaces.

    You can only configure either the link-tracking option or the service-tracking option in a particular network isolation group and assign that as a network isolation profile. You can't configure both options in the same network isolation group.

  • When you configure this feature on a LAG or ESI LAG interface bundle, the device takes the configured action on each of its member links.

  • If the device is in already in a core isolation state and you configure core isolation service tracking with action link-down for a new interface, the device immediately brings that interface down.

  • The network isolation group configuration includes a hold timer (hold-time up) to delay before bringing the interfaces up when the core isolation state is resolved.

    The device maintains only one hold-time up timer for each network isolation group you configure. As a result, if you associate the network isolation group with a new interface while the timer is already running, the device brings up all of the interfaces in the group when the timer expires. The device doesn't reset the timer when you add another interface to the group.

    Note:

    We don't support the hold-time down timer option in the detection stanza with this core isolation service tracking feature.

  • If you enable core isolation service tracking when you also have configured the no-core-isolation option, the device will not bring any interfaces down upon detecting a core isolation condition. See Understanding When to Disable EVPN-VXLAN Core Isolation for details on using that option.

  • If you delete a network isolation group profile configuration from an interface, the device brings the interface up again immediately if it had previously brought the interface down due to a core isolation condition.

Configure Core Isolation Service Tracking and Actions for an L2 Interface

Configure the following elements to enable the core isolation service tracking feature for an interface:

  1. Configure the network isolation group:

    1. Enable core isolation service tracking in the detection stanza.

    2. Set a hold-time up timer value in the detection stanza. The device waits this number of milliseconds before setting the interface state to up again upon detecting that the core isolation condition is resolved.

      This feature has no default hold time, so you usually want to set a hold time greater than 0 so the device isn't excessively processing rapid status changes. Specify a value of 1 or more milliseconds.

    3. Set the service tracking action in the network-isolation group network-isolation-group-name stanza. The available core isolation interface actions are to either do a hard shutdown on the interface or interfaces, or set interface status to LACP out-of-sync.

  2. Assign the network isolation group to the desired interface or interfaces using the network-isolation-profile network-isolation-group-name statement at the [edit interfaces interface-name] hierarchy level.

    For example, the following sample configuration stanza shows a network isolation profile assigned simply to a physical interface:

    and the following sample configuration stanza shows a network isolation profile assigned to an ESI-LAG interface bundle:

Related Documentation