close

keyboard_arrow_left

Table of Contents Expand all

play_arrow Features Common to EVPN-VXLAN, EVPN-MPLS, and EVPN-VPWS
- play_arrow Configuring Interfaces
  - VLAN ID Ranges and Lists in an EVPN Environment
- play_arrow MAC Address Features with EVPN Networks
- play_arrow Configuring Routing Instances for EVPN
- play_arrow Configuring Route Targets
- play_arrow Routing Policies for EVPN
  - Routing policies for EVPN
  - Example: Using Policy Filters to Filter EVPN Routes
- play_arrow Layer 3 Gateways with Integrated Routing and Bridging for EVPN Overlays
  - Understanding the MAC Addresses For a Default Virtual Gateway in an EVPN-VXLAN or EVPN-MPLS Overlay Network
- play_arrow EVPN Multihoming
- play_arrow Link States and Network Isolation Conditions in EVPN Networks
- play_arrow EVPN Proxy ARP and ARP Suppression, and NDP and NDP Suppression
  - EVPN Proxy ARP and ARP Suppression, and Proxy NDP and NDP Suppression
  - ARP and NDP Request with a proxy MAC address
- play_arrow Configuring DHCP Relay Agents
  - DHCP Relay Agent in EVPN-MPLS Network
  - DHCP Relay Agent over EVPN-VXLAN
- play_arrow High Availability in EVPN
- play_arrow Monitoring EVPN Networks
  - Connectivity Fault Management Support for EVPN and Layer 2 VPN Overview
  - Configure a MEP to Generate and Respond to CFM Protocol Messages
- play_arrow Layer 2 Control Protocol Transparency
  - Layer 2 Control Protocol Transparency for EVPN
play_arrow EVPN-VXLAN
- play_arrow Overview
- play_arrow Configuring EVPN-VXLAN Interfaces
- play_arrow Configuring VLAN-Aware Bundle Services, VLAN-Based Services, and Virtual Switch Support
- play_arrow Load Balancing with EVPN-VXLAN Multihoming
  - Dynamic Load Balancing in an EVPN-VXLAN Network
  - Fast Reroute for Egress Link Protection with EVPN-VXLAN Multihoming
- play_arrow Setting Up a Layer 3 VXLAN Gateway
- play_arrow Configuring an EVPN-VXLAN Centrally-Routed Bridged Overlay
  - Example: Configure an EVPN-VXLAN Centrally-Routed Bridging Fabric
  - Example: Configure an EVPN-VXLAN Centrally-Routed Bridging Fabric Using MX Routers as Spines
- play_arrow Configuring an EVPN-VXLAN Edge-Routed Bridging Overlay
- play_arrow IPv6 Underlay for VXLAN Overlays
  - EVPN-VXLAN with an IPv6 Underlay
  - Example: Configure an IPv6 Underlay for Layer 2 VXLAN Gateway Leaf Devices
- play_arrow Multicast Features with EVPN-VXLAN
- play_arrow Configuring the Tunneling of Q-in-Q Traffic
  - Examples: Tunneling Q-in-Q Traffic in an EVPN-VXLAN Overlay Network
- play_arrow Tunnel Traffic Inspection on SRX Series Devices
  - Tunnel Inspection for EVPN-VXLAN by SRX Series Devices
- play_arrow Fault Detection and Isolation in EVPN-VXLAN Fabrics
play_arrow EVPN-MPLS
- play_arrow Overview
- play_arrow Convergence in an EVPN MPLS Network
  - Convergence in a Multihomed EVPN-MPLS Network
- play_arrow Pseudowire Termination at an EVPN
- play_arrow Configuring the Distribution of Routes
- play_arrow Configuring VLAN Services and Virtual Switch Support
- play_arrow Configuring Integrated Bridging and Routing
- play_arrow Configuring IGMP or MLD Snooping with EVPN-MPLS
play_arrow EVPN E-LAN Services
play_arrow EVPN-VPWS
- play_arrow Configuring VPWS Service with EVPN Mechanisms
play_arrow EVPN-ETREE
- play_arrow Overview
  - EVPN-ETREE Overview
- play_arrow Configuring EVPN-ETREE
  - Example: Configuring EVPN E-Tree Service
play_arrow Using EVPN for Interconnection
- play_arrow Interconnecting VXLAN Data Centers With EVPN
  - VXLAN Data Center Interconnect Using EVPN Overview
  - Example: Configuring VXLAN Data Center Interconnect Using EVPN
- play_arrow Interconnecting EVPN-VXLAN Data Centers Through an EVPN-MPLS WAN
- play_arrow Extending a Junos Fusion Enterprise Using EVPN-MPLS
play_arrow PBB-EVPN
- play_arrow Configuring PBB-EVPN Integration
- play_arrow Configuring MAC Pinning for PBB-EVPNs
  - PBB-EVPN MAC Pinning Overview
  - Configuring PBB-EVPN MAC Pinning
play_arrow EVPN Standards
- play_arrow Supported EVPN Standards
  - Supported EVPN Standards
play_arrow VXLAN-Only Features
- play_arrow Flexible VXLAN Tunnels
  - Understanding Programmable Flexible VXLAN Tunnels
- play_arrow Static VXLAN
  - Static VXLAN
play_arrow Configuration Statements and Operational Commands
- Junos CLI Reference Overview

list Table of Contents

English

Backup Liveness Detection on EVPN Dual Homing

date_range 16-Jan-25

arrow_backward

arrow_forward

By default, spine-and-leaf devices in an EVPN network implement the core isolation feature. When a device loses all of its EVPN BGP peering sessions it triggers the core isolation feature. Using the LACP, the core isolation feature shuts down all L2 ESI LAG interfaces.

In some situations, the core isolation feature produces a favorable outcome. In other situations, the core isolation feature produces an undesired outcome, which you can prevent by disabling it. However, in a dual-homed architecture, disabling the core isolation feature on one or both peers can cause other issues. You can address these issues by configuring node liveness detection along with the default core isolation feature.

Please refer to Feature Explorer for a complete list of the products that support the Backup liveness detection on EVPN dual homed peers feature.

EVPN Core Isolation Configurations

Figure 1 displays an EVPN-VXLAN topology with two spine devices with the default configuration for core isolation. The switches acting as leaf devices are multihomed in active/active mode through ESI-LAG interfaces to the spine devices.

Figure 1: EVPN-VXLAN Default Core Isolation

If the link between Spine 0 and Spine 1 goes down, the last established BGP peering session also goes down. The default core isolation feature triggers LACP to set the leaf-facing interfaces on Spines 0 and 1 to standby mode. This causes data traffic to and from both leaf devices to be dropped halting traffic within the data center, which is an undesired outcome.

Figure 2 displays an EVPN-VXLAN topology with two spine devices with no-core-isolation configured. The switches acting as leaf devices are multihomed in active/active mode through ESI-LAG interfaces to the spine devices.

Figure 2: EVPN-VXLAN No Core Isolation

Disabling the core isolation feature could cause the following issues:

With no-core-isolation configured on both Spine devices the links to the leaf devices will remain up even when BGP is down. But L3 traffic might fail because ARP/ND resolution will fail. When Spine 0 generates an ARP/ND request, the ARP/ND reply might get load balanced to Spine 1. But since BGP is down, the control plane will not synchronize resulting in ARP resolution failures.

With no-core-isolation configured only on Spine 0, only Spine 1 would shut down its leaf facing interface when BGP is down. However, if Spine 0 goes down, Spine 1 still brings its leaf facing interfaces down stopping the data traffic to and from both leaf devices.

Figure 3 displays an EVPN-VXLAN topology with two spine devices with node-detection (backup liveness detection) configured. The switches acting as leaf devices are multihomed in active/active mode through ESI-LAG interfaces to the spine devices.

Figure 3: EVPN Node Detection (Backup Liveness Detection)

The node liveness detection uses BFD configured between the EVPN peers with one side configured to take action based on the BFD and BGP status. This action ensures traffic forwarding continues through the network. The BFD liveness session can run over standard interfaces or over the management interfaces between the EVPN BGP peer devices. Node liveness needs to be detected even when the link between the Spines is down. So, node liveness detection should run over a separate network.

Note:

Junos OS Evolved platforms do not support BFD over management ports.

Benefits of Backup Liveness Detection

Can keep the leaf facing links up on one of the devices in a dual-homed environment during a core isolation event.
Ensures internal traffic continues even with a BGP failure on the Spine devices.

Behavior

The node liveness feature behaves as follows. When the BGP session is up, both peers keep their leaf facing ESI-LAG interfaces up. When the BGP session is down but the BFD session is up. The Spine with the action configured brings its leaf facing ESI-LAG interfaces down. The Spine which has no action configured will keep its ESI-LAG facing the leaf devices up. When the BGP session and the BFD session tracking the node liveness are down, it indicates one of the Spine devices has gone down. Then the Spine with the action configured will keep its leaf facing ESI-LAG interfaces up if it is active. When the BFD session comes back up, the Spine with action configured will again bring its leaf facing ESI-LAG interfaces down.

Table 1 summarizes the state on each of the Spine devices in the different scenarios. The actions configured will be either laser-off or trigger-node-isolation. With laser-off as the action the leaf facing ESI-LAG would receive a laser-off signal on core-isolation. If the action configured is trigger-node-isolation the l2 process will place the leaf facing ESI-LAG links in link-down state.

Table 1: Backup Liveness Behavior
BGP State	Node Liveness BFD State	On Spine with `action` Configured	On Spine with `action` Not Configured	Comments
Up -> Down	Down	ESI-LAG remains up	ESI-LAG remains up	For example, on Spine 0 both BGP and liveness are down Which means that Spine 1 is unavailable. Keep ESI LAG UP regardless of action configuration
Up -> Down	Up	Bring ESI-LAG down	ESI-LAG remains up	BGP state is down. But BFD is up. This indicates a split-brain scenario. Only one ESI LAG must be up. So shut down the ESI LAG on the device with the action configured.
Down -> Up	Down	If ESI LAG is down, bring it up.	ESI-LAG remains up	BGP status takes precedence
Down -> Up	Up	If ESI LAG is down, bring it up.	ESI-LAG remains up	BGP status takes precedence

Limitations

Junos OS Evolved platforms do not support BFD over management ports, due to a Junos OS Evolved limitation that prevents sending protocol packets over a management port.
EVPN node liveness detection does not support Multihop BFD. Configure node liveness detection over directly connected interfaces.
Configuring no-core-isolation overrides node-detection configurations.

Configure EVPN Backup Liveness Detection

Configure the following elements to enable the backup liveness detection feature for an EVPN peer:

1. Configure node-detection on both EVPN peers with the action configured only on one peer.

Peer 1 with action configured

content_copy zoom_out_map
[edit]
set protocols evpn node-detection next-hop interface;
set protocols evpn node-detection action (laser-off | trigger-node-isolation);
set protocols evpn node-detection bfd-liveness-detection minimum-interval interval;
set protocols evpn node-detection bfd-liveness-detection multiplier number;
set protocols evpn node-detection bfd-liveness-detection neighbor ip address;

Peer 2 without action configured

content_copy zoom_out_map
[edit]
set protocols evpn node-detection next-hop interface;
set protocols evpn node-detection bfd-liveness-detection minimum-interval interval;
set protocols evpn node-detection bfd-liveness-detection multiplier number;
set protocols evpn node-detection bfd-liveness-detection neighbor ip address;

2. If the laser-off statement is used, then you must configure asychronous-notification for the members of the ESI LAG.

content_copy zoom_out_map
[edit]
set interfaces interface gigether-options asynchronous-notification;

3. If the trigger-node-isolation statement is used, then you must configure network-isolation with the link-down action to bring the necessary interfaces down on core isolation.

content_copy zoom_out_map
[edit]
set protocols network-isolation group name detection hold-time up milliseconds;
set protocols network-isolation group name detection service-tracking core-isolation;
set protocols network-isolation group name service-tracking-action (link-down | lacp-oos);

Verifying Status

You can view the BFD from the peer devices by using the show bfd session command.

content_copy zoom_out_map
> show bfd session
                                                 Detect   Transmit
Address                  State     Interface      Time     Interval  Multiplier
1.0.0.2                  Up        ge-0/0/3.0     0.300     0.100        3   

1 sessions, 1 clients
Cumulative transmit rate 10.0 pps, cumulative receive rate 10.0 pps

When the action set is laser-off, you can examine the system log messages for state information.

content_copy zoom_out_map
> show log messages | match isolat
Sep  6 17:48:55  Core1 18956[EVPN_CORE_ISOLATED]:
Sep  6 17:48:55  Core1 18956[EVPN_vmm _ISOLATED]:
Sep  6 17:48:59  Core1 18956[EVPN_CORE_ISOLATED]:
Sep  6 17:48:59  Core1 18956[EVPN_CORE_ISOLATED]:
Sep  6 17:49:55  Core1 18956[EVPN_CORE_ISOLATION_CLEARED]:
Sep  6 17:50:05  Core1 18956[EVPN_CORE_ISOLATION_CLEARED]:
Sep  6 17:50:05  Core1 18956[EVPN_CORE_ISOLATION_CLEARED]:

arrow_backward PREVIOUS Understanding When to Disable EVPN-VXLAN Core Isolation

NEXT arrow_forward Determine IRB Interface State Changes from Local L2 Interface or Remote Connectivity Status in EVPN Fabrics

EVPN User Guide

ON THIS PAGE

Backup Liveness Detection on EVPN Dual Homing

EVPN Core Isolation Configurations

Benefits of Backup Liveness Detection

Behavior

Limitations

Configure EVPN Backup Liveness Detection

Verifying Status

Stay in touch

Helped me install or use the product
Accelerated my deployment

Discuss the product with a co-worker
Make a purchase inquiry

EVPN User Guide

ON THIS PAGE

Backup Liveness Detection on EVPN Dual Homing

EVPN Core Isolation Configurations

Benefits of Backup Liveness Detection

Behavior

Limitations

Configure EVPN Backup Liveness Detection

Verifying Status

Related Documentation

Stay in touch