Creating an Exclusion List for MAC Pinning
SUMMARY Use an exclusion list to exclude MAC addresses from being pinned in an EVPN network.
MAC pinning allows you to control the movement of MAC addresses and prevents the creation of network loops by pinning a virtual machine’s MAC address to an interface. When you enable MAC pinning on an interface in an EVPN network, the MAC addresses that are learned on the interface are identified as pinned MAC addresses on that interface and in the MAC advertisement message. This prevents virtual machines (MAC addresses) from being moved to another interface in the EVPN network. However, in some cases, you might not want to pin all the MAC addresses for an interface; instead, you might want to exclude a few MAC addresses. For example, the Virtual Router Redundancy Protocol (VRRP) provides redundancy with the primary and backup router sharing a virtual MAC address. The network needs to know when the VRRP virtual MAC address has moved from the primary VRRP router to the backup VRRP router, so in this case, you would want to exclude the VRRP virtual MAC address from being pinned.
While MAC pinning is enabled separately on individual interfaces, the exclusion list is configured globally on the device. When you configure an exclusion list, the l2ald process verifies the newly learned addresses on the interface against the MAC addresses on the exclusion list. Addresses that are not on the exclusion list are identified as pinned MAC addresses. Addresses that are in the exclusion list are identified as dynamically learned MAC addresses. When the device sends the MAC IP advertisement route message to other devices, the pinned MAC addresses will be identified with the static flag in the extended community set to 1.
When you add a MAC address to the exclusion list that was previously identified as a pinned address, the l2ald process removes the pinned MAC address from the MAC address tables, adds it back in as a dynamic nonpinned MAC address, and sends an updated MAC route advertisement messages to the other devices. A similar process happens when you remove a MAC address from the exclusion list.
To configure an exclusion list, include a list of MAC addresses
with the exclusive-mac
parameter at the [edit protocols
l2-learning global-mac-move]
hierarchy level.
For example, if you want to set an exclusion list for MAC addresses
00:00:5E:00:01:01 and 00:00:5E:00:01:20, you include the following
configuration. The output for show bridge mac-table
displays
the following
User@PE1# set protocols l2-learning global-mac-move exclusive-mac 00:00:5E:00:01:01 User@PE1# set protocols l2-learning global-mac-move exclusive-mac 00:00:5E:00:01:20
To remove a MAC address from the exclusion list, use the delete
configuration mode command at the [edit protocols
l2-learning global-mac-move]
hierarchy. For example, delete
protocols l2-learning global-mac-move exclusive-mac 00:00:5E:00:01:01
.
The following show bridge mac-table
output shows
how MAC addresses are learned by other PE devices and identifies the
excluded MAC addresses and pinned MAC addresses.
User@PE1> show bridge mac-table MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC, P -Pinned MAC) Routing instance : EVPN Bridging domain : bd100, VLAN : 100 MAC MAC Logical NH MAC active address flags interface Index property source 00:00:5E:00:01:01 DL ge-0/0/1.0 #Excluded MAC Address 00:50:56:93:f8:ff DC 1048575 10.1.1.3 00:50:56:93:c2:60 DC 1048575 10.1.1.3 00:50:56:93:d9:fb DP ge-0/0/1.0 #Pinned MAC Address
The following features supports exclusion lists for EVPN MAC pinning:
EVPN-MPLS, EVPN-VXLAN, EVPN, ELAN, and EVPN E-tree.
EVPN routing instances and virtual-switch routing instances.
All-active and single-active EVPN routing instances.
MAC mobility extended community support for EVPN Type 5 routes.
Static MAC addresses.
MC-LAG.
Benefits of Using an Exclusion List for MAC pinning
Exclusion lists allows you to have more flexibility and more control in configuring devices and interfaces on your network.