ghostwire.me

networking n stuff

Wednesday, August 5, 2020

DHCP Relay in VxLAN BGP EVPN

Do you really need to make any special configurations when you implement VxLAN EVPN and you need to configure DHCP Relay? All Cisco's guides say you do..but as I found out recently it's not exactly like that. I'm going to address several scenarios here so we'll find out where we need special tweaks for DHCP Relay to work and where we don't. All tested on a real N9Ks + NX-OSv.

When Default Config Is Fine

Every Cisco's guide on this topic starts with saying that he challenge initially is that every Leaf has the same anycast gateway configured, so we can't really use this address as source address for relay and we need unique address (such as loopback). In fact, there's nothing stopping from using non-unique address as source. Personally I think there's still more convenient to use unique address wherever it's possible and it's certainly how I recommend to have it done - for several reasons like troubleshooting and security, but still, there is a possibility to make it work another way. Also keep in mind using unique address is the only recommended validated design by Cisco. Still, this configuration works as well, so if you can't use unique addresses for some reason (like you're in the middle of migration to your new fancy VxLAN EVPN fabric and you suddenly realize all your DHCP servers are running Windows Server 2012 (which will require a several kilometers (depending of your fabric size) of a duct tape to work with new DHCP options for EVPN which are a must if you use unique loopback addresses) this might be a way to go.

So, in this part we're going to consider scenario where you are fine with using non-unique Anycast Gateway address as source address.
How will response packet be routed back to the correct Leaf? Let's consider these possible scenarios:

1. DHCP Server is external network located somewhere behind BGW. BGW is a L3 only, so there's no L2 VNIs configured on it, only L3 VNIs for Routing. We assume client and server are within the same VRF.



































Read more »
Posted by at 9 comments:
Labels: , , , , ,

Friday, April 10, 2020

Demystifying BFD intervals

If I was to make a list of most wide-used and still very poorly-documented protocols, I'd definitely put BFD in it. In this post I'll try to answer several questions I was looking answers for.

TLDR: by default when you enable BFD there's both Echo and Asynchronous BFD modes running simultaneously (so there's two different types of packets your devices exchange with each other). The one's responsible for failure detection is Echo Mode and it's the one you are configuring intervals and multipliers for. In outputs you'll also see intervals for Asynchronous Mode packets which are significantly higher but you don't have to worry because Echo Mode packets are used for failure detection.

Let's say you configured BFD as follows (I'm using CSR1000V with IOS XE 16.04.03 for this example):

interface GigabitEthernet2
<...>
 bfd interval 50 min_rx 50 multiplier 3
!
router ospf 1
 bfd all-interfaces

So we're all good, setting our timers for minimal possible values. But when you start to check things out, you see this:

Core3#sh bfd nei details 

 IPv4 Sessions
NeighAddr                              LD/RD         RH/RS     State     Int
10.30.1.30                           4097/4097       Up        Up        Gi2
Session state is UP and using echo function with 50 ms interval.
Session Host: Software
OurAddr: 10.30.1.29     
Handle: 1
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 1000000, MinRxInt: 1000000, Multiplier: 3
Received MinRxInt: 1000000, Received Multiplier: 3
Holddown (hits): 0(0), Hello (hits): 1000(1590)
Rx Count: 1587, Rx Interval (ms) min/max/avg: 2/1003/875 last: 358 ms ago
Tx Count: 1594, Tx Interval (ms) min/max/avg: 2/1004/871 last: 315 ms ago
Elapsed time watermarks: 0 0 (last: 0)
Registered protocols: OSPF CEF 
Uptime: 00:23:09
Last packet: Version: 1                  - Diagnostic: 0
             State bit: Up               - Demand bit: 0
             Poll bit: 0                 - Final bit: 0
             C bit: 0                                   
             Multiplier: 3               - Length: 24
             My Discr.: 4097             - Your Discr.: 4097
             Min tx interval: 1000000    - Min rx interval: 1000000
             Min Echo interval: 50000  

What's this? Why do we have Rx/TxInt of 1 second? And what's echo? OK, let's figure out how exactly BFD works.

Read more »
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)