EVPN

DHCP security on Layer 3 VXLAN gateways in an EVPN-VXLAN edge-routed overlay (EX4300-MP, EX4300-MP VC, EX4400, EX4400 VC)—Starting in Junos OS Release 22.1R1, you can configure DHCP security features on devices that function as Layer 3 VXLAN gateways in an EVPN-VXLAN edge-routed overlay. DHCP security is supported on customer edge (CE)-facing interfaces, and DHCP relay handles Layer 3 routing. The listed devices support the following features:

• DHCPv4 and DHCPv6 snooping. [See Enabling DHCP Snooping.]
• Dynamic ARP inspection. [See Enabling Dynamic ARP Inspection.]
• Neighbor discovery inspection. [See Enabling ND Inspection.]
• IPv4 and IPv6 source guard. [See Configuring IP Source Guard.]

Loop detection for EVPN-VXLAN fabrics (EX4650)—Starting in Junos OS Release 22.1R1, you can configure loop detection on the server-facing Layer 2 interfaces on EX4300-48MP leaf devices in an EVPN-VXLAN fabric. This feature can detect the following types of Ethernet loops:

• A loop between two interfaces with different Ethernet segment identifiers (ESIs), usually caused if you miswire fabric components.
• A loop between two interfaces with the same ESI, usually caused if you miswire a third-party switch to the fabric.

After you enable loop detection, the interfaces periodically send multicast loop-detection protocol data units (PDUs). If a loop detection-enabled interface receives a PDU, the device detects a loop, which triggers the configured action to break the loop. For example, if you configure the interface-down action, the device brings down the interface. After the revert-interval timer expires, the device reverts the action and brings the interface back up again.

[See loop-detect (EVPN).]