EVPN Duplicate MAC Detection Exclusion Lists
Use the EVPN duplicate detection MAC exclusion lists to bypass the duplicate detection process in scenarios where legitimate MAC movements are frequent.
The MAC Exclusion List for Duplicate Detection in EVPN environments enables you to configure specific MAC addresses that should be excluded from duplicate MAC detection. This feature is particularly beneficial for scenarios involving legitimate MAC address movements, such as VRRP virtual MAC configurations in redundant setups. You can bind exclusion lists to specific EVPN instances, providing granular control over MAC address monitoring. The feature also supports prefix length for MAC addresses, facilitating the management of larger address sets with fewer commands. Comprehensive CLI commands are available for configuring and displaying exclusion lists, ensuring clear visibility and management of network configurations.
Support for MAC address with prefix length was added in Junos 25.2R1. This changed the MAC address CLI format for the EVPN mac-list and will cause a validation error when upgrading from an image that doesn't support the MAC address with prefix length format, if the previous image has EVPN mac-list configured.
Use the following steps to prevent a validation error during the upgrade.
Benefits of MAC Exclusion List for Duplicate Detection
-
Prevents legitimate MAC address movements from being flagged as duplicates, ensuring smooth network operations without unnecessary traffic disruptions.
-
Enhances network reliability and robustness by accurately distinguishing between genuine duplicate MAC situations and legitimate MAC mobility scenarios.
-
Enables precise control over MAC address exclusion by supporting configuration with prefix lengths, facilitating the management of MAC address ranges rather than individual addresses.
-
Provides granular control over MAC address monitoring by enabling the binding of exclusion lists to specific EVPN instances, facilitating precise network management.
Overview
The MAC Exclusion List for Duplicate Detection feature in EVPN environments gives you the ability to exclude specific MAC addresses from being flagged as duplicates. This is particularly useful in scenarios where frequent and legitimate MAC address movements occur, such as in redundant configurations using VRRP virtual MACs. By configuring an exclusion list, you ensure that necessary traffic movements are not mistakenly identified as duplicate MAC addresses, thus preventing unnecessary network disruptions and maintaining smooth operations.
To configure the MAC Exclusion List, use the CLI command set protocols evpn mac-list
list_name mac-address
mac_address_with_prefix_len. With this command you define a
list of MAC addresses, with prefix lengths for more granular control. For example, to
exclude a range of MAC addresses, you might enter set protocols evpn mac-list test mac-address
00:00:00:00:00:01/24. Once the MAC list is defined, you can bind it to a specific
EVPN instance using the command set routing-instances
instance_name protocols evpn duplicate-mac-detection
exclude-list list_name. This binding ensures that the
exclusion logic is applied only where necessary, preventing unintended impacts on unrelated
instances.
Action commands such as set routing-instances instance_name
protocols evpn duplicate-mac-detection action block or shutdown allow
you to dictate specific actions when a MAC address is marked as a duplicate. These commands
offer flexibility in handling duplicate MAC addresses, letting you choose to block the MAC
or shut down the port. Show commands like show evpn mac-lists and
show evpn instance
extensive help in diagnosing and managing the MAC lists and their bindings.
Please refer to Feature Explorer for a complete list of the products that support this feature.
Configuration and Management
Use the set protocols evpn mac-list statement to create one or more MAC
Exclusion Lists. A single mac-list can be bound to different EVPN instances. But each EVPN instance can only
use one mac-list.
[edit] set protocols evpn mac-list test description "Mac list description" set protocols evpn mac-list test mac-address 00:00:00:00:00:01/24 set protocols evpn mac-list test mac-address 11:00:00:00:00:02/48 set protocols evpn mac-list test mac-address 12:00:00:00:00:03/16
Use the set protocols evpn duplicate-mac-detection exclude-list statement to bind the list to an
EVPN Instance.
QFX5K platforms supporting the default-switch-instance:
[edit] set protocols evpn duplicate-mac-detection exclude-list test
Platforms supporting routing instances:
[edit] set routing-instances vs1 protocol evpn duplicate-mac-detection exclude-list test
You can view the configured MAC lists and their instance bindings with the following commands:
show evpn instance
extensive
Additionally, a commit check in the system prevents configuration conflicts. It ensures you
don't configure duplicate-mac-detection no-mac-suppression and duplicate-mac-detection
exclude-list statements simultaneously. These statements serve similar functions
but differ in logging. This check maintains your network configuration's integrity.
Usage Scenarios
When using the MAC Exclusion List for Duplicate Detection, it is essential to understand the behavior of the system in different scenarios. For example, if a MAC address is added to the exclusion list after being marked as a duplicate, the duplicate state will be cleared automatically. Conversely, if a MAC address is removed from the exclusion list, it will be subject to duplicate detection again if it moves. This dynamic handling ensures that the MAC Exclusion List remains effective in both preventing false positives and maintaining accurate duplicate detection.
By understanding and utilizing these configurations, you can effectively manage MAC address movements in your network, ensuring stability and performance in environments with frequent legitimate MAC movements.
Table 1 lists the expected behaviors for each scenario .
|
Scenario |
Marked as Duplicate |
Expected Behavior |
|---|---|---|
|
MAC address added to an exclude list after the MAC is marked as a duplicate. |
Yes |
Clear the MAC mobility record and the duplicate state on the system. |
|
MAC address removed from an exclude list. |
Yes |
Clear the MAC mobility history. |
|
MAC address added to an exclude list before the MAC is marked as duplicate. |
No |
Clear the MAC mobility history |
|
MAC address removed from an exclude list before it reaches the duplicate detect threshold limit. |
No |
Clear the MAC mobility history |