End reliance on Juniper MX for edge?

[lungdear]

End reliance on Juniper MX for edge?

• Mostly a problem with L2; irrelevant for L3 from your cloud
• Think MPLS interconnect
• May only be a small minority of the community that needs this

[randybias]

Since this only affects a minority of the community, we will table it for now.

[lungdear]

Now my team is working to do testing. We need to replace the MPLSoUDP with VxLAN (Type 5 prefix) for External IP (Floating IP) for instance to use. If it's working. We can select multi-vendor for edge routers like Arista, Cisco and other. So, we are setup the environment to testing has details as below. OpenStack version : Zed OpenSDN version : Master Juniper MX150 and JunOS version : 20.4R2.7 But we have the result is not working. So, we will be updated as soon as possible. if have the update.

[mkraposhin]

Hello, could you post sketches with physical and logical topologies?

[lungdear]

Yes, You can see the topology in the attached file.

[mkraposhin]

Can you please add IP addresses to this diagram for: com-01 and com-02 (addresses of compute nodes in underlay), the router, the VM (that is to be pinged) and the external machine (from which we ping).

This information is needed to verify that routing tables on the OpenSDN Controller and on the Router contain enough information to move packets between the VM and the external machine.

[phatanan-nipa]

Testing OpenSDN External Gateway with EVPN VXLAN

@mkraposhin @phatanan-nipa

OpenStack Version : Zed

OpenSDN Tag : 2024-04-04 (Master Branch build on 2024-04-04)

Gateway Router OS : VYOS

VYOS Router Configuration for EVPN VXLAN Routing

set interfaces ethernet eth0 description 'Internet Gateway'
set interfaces ethernet eth0 address '172.20.21.1/29'
set interfaces ethernet eth0 mtu '9000'

set interfaces ethernet eth2 description 'vhost0 Gateway' 
set interfaces ethernet eth2 address '10.20.4.254/24'
set interfaces ethernet eth2 mtu '9000'

set interfaces ethernet eth3 description 'mgmt_vyos'
set interfaces ethernet eth3 address '10.11.254.1/16'
set interfaces ethernet eth3 vrf 'mgmt_vyos'

set interfaces loopback lo address '10.20.7.1/32'

set interfaces vxlan vxlan100 mtu '9000'
set interfaces vxlan vxlan100 parameters nolearning
set interfaces vxlan vxlan100 port '4789'
set interfaces vxlan vxlan100 source-address '10.20.7.1'
set interfaces vxlan vxlan100 vni '100'

set interfaces bridge br100 address '10.20.8.1/24'
set interfaces bridge br100 address '202.129.205.185/32'
set interfaces bridge br100 description 'Bridge for Public Pool'
set interfaces bridge br100 member interface vxlan100
set interfaces bridge br100 mtu '9000'
set interfaces bridge br100 vrf 'public_pool'

set policy local-route rule 10 destination address '202.129.205.176/28'
set policy local-route rule 10 inbound-interface 'eth0'
set policy local-route rule 10 set table '100'

set policy prefix-list default_route rule 10 action 'permit'
set policy prefix-list default_route rule 10 prefix '0.0.0.0/0'
set policy prefix-list default_route rule 100 action 'deny'
set policy prefix-list default_route rule 100 ge '0'
set policy prefix-list default_route rule 100 le '32'
set policy prefix-list default_route rule 100 prefix '0.0.0.0/0'

set policy prefix-list public_pool rule 10 action 'permit'
set policy prefix-list public_pool rule 10 prefix '202.129.205.160/28'
set policy prefix-list public_pool rule 20 action 'permit'
set policy prefix-list public_pool rule 20 prefix '202.129.205.176/28'
set policy prefix-list public_pool rule 200 action 'deny'
set policy prefix-list public_pool rule 200 ge '0'
set policy prefix-list public_pool rule 200 le '32'
set policy prefix-list public_pool rule 200 prefix '0.0.0.0/0'

set policy route-map default_route_map rule 10 action 'permit'
set policy route-map default_route_map rule 10 match ip address prefix-list 'default_route'
set policy route-map default_route_map rule 20 action 'deny'

set policy route-map deny_all_route_map rule 10 action 'deny'

set protocols bgp address-family ipv4-unicast export vpn
set protocols bgp address-family ipv4-unicast import vpn
set protocols bgp address-family ipv4-unicast network 202.129.205.176/28
set protocols bgp address-family ipv4-unicast rd vpn export '10.20.7.1:100'
set protocols bgp address-family ipv4-unicast route-map vpn export 'default_route_map'
set protocols bgp address-family ipv4-unicast route-map vpn import 'deny_all_route_map'
set protocols bgp address-family ipv4-unicast route-target vpn both '10.20.9.1:100'
set protocols bgp address-family l2vpn-evpn advertise ipv4 unicast
set protocols bgp address-family l2vpn-evpn advertise-all-vni
set protocols bgp neighbor 10.11.4.11 peer-group 'opensdn'
set protocols bgp neighbor 172.20.21.3 peer-group 'Internet'
set protocols bgp neighbor 172.20.175.2 peer-group 'iBGP'
set protocols bgp parameters log-neighbor-changes
set protocols bgp parameters router-id '10.20.7.1'
set protocols bgp peer-group Internet address-family ipv4-unicast prefix-list export 'public_pool'
set protocols bgp peer-group Internet address-family ipv4-unicast prefix-list import 'default_route'
set protocols bgp peer-group Internet remote-as '65534'
set protocols bgp peer-group iBGP address-family ipv4-unicast
set protocols bgp peer-group iBGP remote-as '65515'
set protocols bgp peer-group opensdn address-family ipv4-unicast
set protocols bgp peer-group opensdn address-family l2vpn-evpn
set protocols bgp peer-group opensdn remote-as '65515'
set protocols bgp peer-group opensdn update-source '10.20.7.1'
set protocols bgp system-as '65515'

set protocols static route 10.11.4.11/32 next-hop 10.20.4.11

set service ssh vrf 'mgmt_vyos'

set vrf name mgmt_vyos protocols static route 0.0.0.0/0 next-hop 10.11.254.254
set vrf name mgmt_vyos table '101'

set vrf name public_pool description 'Public IP VRF'
set vrf name public_pool protocols bgp address-family ipv4-unicast export vpn
set vrf name public_pool protocols bgp address-family ipv4-unicast import vpn
set vrf name public_pool protocols bgp address-family ipv4-unicast rd vpn export '10.20.8.1:100'
set vrf name public_pool protocols bgp address-family ipv4-unicast redistribute connected
set vrf name public_pool protocols bgp address-family ipv4-unicast redistribute static
set vrf name public_pool protocols bgp address-family ipv4-unicast route-target vpn both '10.20.9.1:100'
set vrf name public_pool protocols bgp address-family l2vpn-evpn advertise ipv4 unicast
set vrf name public_pool protocols bgp system-as '65515'
set vrf name public_pool table '100'
set vrf name public_pool vni '100'

OpenSDN BGP Router Configuration Peering with VYOS Router

OpenSDN BGP Status

Create Private and Public Virtual Network for test evpn vxlan

Create Logical Router for VXLAN Routing

Create Openstack Instance

Controller Route Table

vRouter Route Table

Check VYOS Routing Table

EVPN Type 5

IPv4-Unicast

Test Case

• [x] Public IP can routing to External Router [VYOS]

Can ping to VYOS IP inside vrf public_pool on br100 interface

Can ping to Google DNS

• [x] Public IP can access from Internet

Can ssh from internet to instance inside openstack cluster

• [x] Can Using Virtual Network as Floating IP Pools

trick from matvey is connect the vn to lr first and flag external after that. then we can create floating ip pools now

Allocate Floating ip from Pool

Map floating ip to instance

• [x] live migrate to another compute and ping to the floating ip that attached to vmi

202.129.205.165 AAP Floating IP

202.129.205.161 Simple Floating IP

loss around 1 packet while live migration instance

• [x] Performance testing

Internet to Public Instance

Public Instance to Internet

• [x] BGPaas

Received Route from Instance

[randybias]

Can we get a writeup, like a HOW TO guide for someone to do this with VYOS?

Any writeup should include requirements such as FRR v8.5 or above.

You may want to writeup the simplest case: Ubuntu with FRR v8.5 instead of VYOS.