EVPN
-
Static configuration of MAC-IP bindings with EVPN-VXLAN (EX4100-24MP, EX4300-MP, EX4400-48MP, EX4650, MX204, MX240, MX480, MX960, MX10004, MX10008, MX2010, and QFX10002-60C)—Starting in Junos OS Release 23.4R1, we’ve added the functionality to allow static configuration of MAC-IP bindings on an interface, similar to configuring static MACs on an interface. This feature enables the static configuration of IP and MAC entries for crucial services provided by management and infrastructure hosts. It proves particularly advantageous in Internet Exchange Point (IXP) networks where participant Customer Edge routers (CEs) remain well-known and static, not transitioning to different Provider Edge (PE) devices.
You can now utilize a new feature that establishes a static link between an IP address and a MAC for a logical interface within a bridge domain or VLAN. When you provision a static MAC-IP entry on a PE, the PE will initiate a probe following an exponential backoff pattern. The probe will use an all-zero sender IP address on the associated interface. If the entity owning the IP to MAC entry responds to the probe, the system will learn the IP to MAC binding as static. Subsequently, it will be propagated to remote PEs through the BGP/EVPN Type 2 MAC advertisement route. The corresponding MAC will be recognized as a dynamic entry. If you want to deactivate the probing mechanism for learning the IP to MAC binding, you can do so by configuring a new configuration option [arp-nd-probe-disable]. Without probing, both the MAC and IP to MAC binding will be acquired from network traffic and communicated using EVPN.
We’ve introduced the following commands and configuration statements:
-
Configuration of static IP to MAC bindings
Note:A maximum of 8 MACs can be configured per static IP address.
-
QFX:
set vlans vlan-name switch-options interface interface-name static-mac-ip ip-address [MAC1 MAC2 … MACn]
-
MX instance-type virtual-switch:
set routing-instances routing-instance-name bridge-domains bridge-domain-name bridge-options interface interface-name static-mac-ip ip-address [MAC1 MAC2 … MACn]
-
MX instance-type evpn:
set routing-instances routing-instance-name protocols evpn interface interface-name static-mac-ip ip-address [MAC1 MAC2 … MACn]
The aforementioned commands provide an option to configure
router
andoverride
bits for IPV6 entries. For example:QFX:
set vlans vlan-name switch-options interface interface-name static-mac-ip ip-address [MAC1 MAC2 … MACn] <router | override>
-
-
Disable probing on configuration of static IP to MAC entries:
To turn off the default probing on configuration of static IP to MAC entries, you can use the global configuration statement
arp-nd-probe-disable
.set protocols l2-learning arp-nd-probe-disable
-
Enable logging for failed probing of static IP to MAC entries:
To turn on the logging, configure the global configuration statement
arp-nd-probe-failed-log
.set protocols l2-learning arp-nd-probe-failed-log
-
Enable GARP/unsolicited-NA for local and remote static entries
If this feature is required, you must configure the global configuration statement
garp-na-enable
.set protocols l2-learning garp-na-enable
-
Disable dynamic learning [all static provisioning]
If dynamic learning of MAC-IP entries is not required, configure the statement
drop-unknown-macip
under BD/VLAN.-
QFX:
set vlans vlan-name switch-options drop-unknown-macip
-
MX instance-type virtual-switch:
set routing-instances routing-instance-name bridge-domains bridge-domain-name bridge-options drop-unknown-macip
-
MX instance-type evpn:
set routing-instances routing-instance-name protocols evpn drop-unknown-macip
-
-
Drop unicast ARP request
To drop unicast address resolution requests (for instance, NUD NS messages), you can configure the statement
block-unicast-arp
at global level for QFX and per BD level for MX.-
QFX:
set protocols l2-learning block-unicast-arp
-
MX instance-type virtual-switch:
set routing-instances routing-instance-name bridge-domains bridge-domain-name bridge-options block-unicast-arp
-
MX instance-type evpn:
set routing-instances routing-instance-name protocols evpn block-unicast-arp
-
[See EVPN Proxy ARP and ARP Suppression, and Proxy NDP and NDP Suppression and interface-mac-ip-limit.]
-