<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font face="monospace">Hi Ondrej,</font><br>
<br>
Apologies on the delay, I'm testing when I have the brain space and
my lab is powered up.<br>
<br>
<div class="moz-cite-prefix">On 14/10/2025 3:02 am, Ondrej Zajicek
wrote:<br>
</div>
<blockquote type="cite" cite="mid:aO0ie_I8rGbMEwJq@feanor">
<pre class="moz-quote-pre" wrap="">On Sat, Oct 11, 2025 at 08:46:00AM +1100, William via Bird-users wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Hi Ondrej,
Thanks for the fast reply! Just noticed the assorted typo's in the email.
On 10/10/2025 11:42 pm, Ondrej Zajicek wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">On Fri, Oct 10, 2025 at 06:52:28PM +1100, William via Bird-users wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Hi BIRDians,
Been tinkering with EPVN in (built from git on Debian 13.1) hooked into an
Arista vEOS-LAB network, with an IPv6 underlay.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">Hi
I am glad to hear someone is playing with it. Do you use the 'evpn' branch?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Yes I'm using the evpn branch:
BIRD v2.13.1-161-gc5c9bd81-x ready.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
You could also try more recent branch 'oz-evpn' (although the following
patch related to VNIs is also not included there).
There are some configuration changes in this branch, encapsulation-specific options are in its own subblock:
protocol evpn {
eth { table etab2; };
evpn;
encapsulation vxlan {
tunnel device "vxlan2";
router address 10.1.1.1;
};
rd 1:12;
route target (rt, 1, 0);
tag 2;
vni 12;
};
</pre>
</blockquote>
I wonder if there is something different in the way the IMET routes
are put together there? The "encapsulation vxlan" stanza doesn't
exist in the main evpn branch which is making me think that might be
causing another issue...<br>
<blockquote type="cite" cite="mid:aO0ie_I8rGbMEwJq@feanor">
<pre class="moz-quote-pre" wrap="">
<span style="white-space: normal"><snip></span></pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Gotta love standards! So that brings an interesting side case I wouldn't have
thought of - the "usable" VNI range is trimmed due to this?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
No, not really. It is just that EVPN/MPLS (RFC 7432) uses high 20 bits
out of 24, while EVPN/VXLAN uses full 24 bits. But the BIRD EVPN BGP does
not really care about whether it is MPLS or VXLAN (it could be any encapsulation
if it is just an EVPN route reflector).
The attached patch switches BGP code to use full 24 bits.
</pre>
</blockquote>
Patched my code and it works nicely! Thank you :)<br>
<blockquote type="cite" cite="mid:aO0ie_I8rGbMEwJq@feanor"><snip><span
style="white-space: pre-wrap">
</span>
<pre class="moz-quote-pre" wrap="">rd / route distinguisher? It works for me even there:
protocol evpn {
...
# rd 1:13;
rd 1005001:10040;
route target (rt, 1, 0);
...
}
</pre>
</blockquote>
I've set the RD and RT back and it's working fine, not sure what was
going on there<br>
<br>
I've got mac-ip and imet routes floating around now, but the next
issue is that the wrong next-hop is being set on the imet (and
mac-ip) routes. Here's the evpn protocol definition:<br>
protocol evpn {<br>
eth {<br>
table etab;<br>
import all;<br>
};<br>
evpn { };<br>
rd 1005001:10040;<br>
import target (rt, 1004001, 10040);<br>
import target (rt, 1004003, 10040);<br>
export target (rt, 1005001, 10040);<br>
#encapsulation vxlan {<br>
tunnel device "vxlan100";<br>
router address 2001:db8:ffff:1ad::501;<br>
#};<br>
vni 10040;<br>
vid 40;<br>
debug all;<br>
};<br>
<br>
vxlan100 is tied to lo100 with IP 2001:db8:ffff:1ad::501, but the
EVPN session is tied to lo10 which has 2001:db8:ffff:1aa::501/128
(distributed via BGP IPv6 sessions to the spines).<br>
<br>
Here's the vxlan interface under the hood:<br>
# ip -d link show vxlan100<br>
13: vxlan100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue master br1 state UNKNOWN mode DEFAULT group default qlen
1000<br>
link/ether 42:a5:d1:11:88:4b brd ff:ff:ff:ff:ff:ff promiscuity 1
allmulti 1 minmtu 68 maxmtu 65535<br>
vxlan id 0 local 2001:db8:ffff:1ad::501 srcport 0 0 dstport 4789
ttl auto ageing 300 external nolearning<br>
<snip><br>
<br>
# bridge vlan show<br>
port vlan-id<br>
br1 1 PVID Egress Untagged<br>
vxlan100 40<br>
vl40 40 PVID Egress Untagged<br>
#<br>
<br>
However when I look at the Arista vEOS Lab nodes, I see this ('sh
bgp evpn vni 10040 detail', just the relevant portions pertaining to
bird):<br>
BGP routing table entry for mac-ip 42a5.d111.884b, Route
Distinguisher: 1005001:10040<br>
Paths: 1 available<br>
4201003001 4201005001<br>
2001:db8:ffff:1aa::501 from 2001:db8:ffff:1aa::1 (192.168.1.10)<br>
Origin IGP, metric -, localpref 100, weight 0, tag 0, valid,
external, best<br>
Extended Community: Route-Target-AS4:1005001:10040<br>
VNI: 10040 ESI: 0000:0000:0000:0000:0000<br>
BGP routing table entry for mac-ip 7e59.8de3.ed71, Route
Distinguisher: 1005001:10040<br>
Paths: 1 available<br>
4201003001 4201005001<br>
2001:db8:ffff:1aa::501 from 2001:db8:ffff:1aa::1 (192.168.1.10)<br>
Origin IGP, metric -, localpref 100, weight 0, tag 0, valid,
external, best<br>
Extended Community: Route-Target-AS4:1005001:10040<br>
VNI: 10040 ESI: 0000:0000:0000:0000:0000<br>
<snip><br>
BGP routing table entry for imet 2001:db8:ffff:1ad::501, Route
Distinguisher: 1005001:10040<br>
Paths: 1 available<br>
4201003001 4201005001<br>
2001:db8:ffff:1aa::501 from 2001:db8:ffff:1aa::1 (192.168.1.10)<br>
Origin IGP, metric -, localpref 100, weight 0, tag 0, valid,
external, best<br>
Extended Community: Route-Target-AS4:1005001:10040<br>
VNI: 10040<br>
PMSI Tunnel: Ingress Replication, MPLS Label: 10040, Leaf
Information Required: false, Tunnel ID: 2001:db8:ffff:1ad::501<br>
<br>
Looking at other imet and mac-ip routes I can see that the next hop
is correct for those nodes. Here's another example for one of the
Arista leafs:<br>
<br>
BGP routing table entry for mac-ip 0050.0000.2c01, Route
Distinguisher: 1004003:10040<br>
Paths: 2 available<br>
4201003001 4201004003<br>
2001:db8:ffff:1ad::403 from 2001:db8:ffff:1aa::1 (192.168.1.10)<br>
Origin IGP, metric -, localpref 100, weight 0, tag 0, valid,
external, ECMP head, ECMP, best, ECMP contributor<br>
Extended Community: Route-Target-AS4:1004003:10040
TunnelEncap:tunnelTypeVxlan<br>
VNI: 10040 ESI: 0000:0000:0000:0000:0000<br>
4201003001 4201004003<br>
2001:db8:ffff:1ad::403 from 2001:db8:ffff:1aa::2 (192.168.1.11)<br>
Origin IGP, metric -, localpref 100, weight 0, tag 0, valid,
external, ECMP, ECMP contributor<br>
Extended Community: Route-Target-AS4:1004003:10040
TunnelEncap:tunnelTypeVxlan<br>
VNI: 10040 ESI: 0000:0000:0000:0000:0000<br>
<br>
BGP routing table entry for imet 2001:db8:ffff:1ad::403, Route
Distinguisher: 1004003:10040<br>
Paths: 2 available<br>
4201003001 4201004003<br>
2001:db8:ffff:1ad::403 from 2001:db8:ffff:1aa::2 (192.168.1.11)<br>
Origin IGP, metric -, localpref 100, weight 0, tag 0, valid,
external, ECMP head, ECMP, best, ECMP contributor<br>
Extended Community: Route-Target-AS4:1004003:10040
TunnelEncap:tunnelTypeVxlan<br>
VNI: 10040<br>
PMSI Tunnel: Ingress Replication, MPLS Label: 10040, Leaf
Information Required: false, Tunnel ID: 2001:db8:ffff:1ad::403<br>
4201003001 4201004003<br>
2001:db8:ffff:1ad::403 from 2001:db8:ffff:1aa::1 (192.168.1.10)<br>
Origin IGP, metric -, localpref 100, weight 0, tag 0, valid,
external, ECMP, ECMP contributor<br>
Extended Community: Route-Target-AS4:1004003:10040
TunnelEncap:tunnelTypeVxlan<br>
VNI: 10040<br>
PMSI Tunnel: Ingress Replication, MPLS Label: 10040, Leaf
Information Required: false, Tunnel ID: 2001:db8:ffff:1ad::403<br>
<br>
It shows the proper next-hop IP for remote hosts. That information
is happily put into the bridge FDB:<br>
00:50:00:00:12:01 dev vxlan100 vlan 40 extern_learn master br1<br>
00:50:00:00:2c:01 dev vxlan100 vlan 40 extern_learn master br1<br>
42:a5:d1:11:88:4b dev vxlan100 vlan 40 master br1 permanent<br>
42:a5:d1:11:88:4b dev vxlan100 master br1 permanent<br>
00:50:00:00:2c:01 dev vxlan100 dst 2001:db8:ffff:1ad::403 vni 10040
self extern_learn permanent<br>
00:50:00:00:12:01 dev vxlan100 dst 2001:db8:ffff:1ad::401 vni 10040
self extern_learn permanent<br>
00:00:00:00:00:00 dev vxlan100 dst 2001:db8:ffff:1ad::403 vni 10040
self extern_learn permanent<br>
7e:59:8d:e3:ed:71 dev vl40 vlan 40 master br1 permanent<br>
7e:59:8d:e3:ed:71 dev vl40 master br1 permanent<br>
33:33:00:00:00:01 dev vl40 self permanent<br>
01:00:5e:00:00:01 dev vl40 self permanent<br>
<br>
bird> sh route table etab<br>
Table etab:<br>
7e:59:8d:e3:ed:71 vlan 40 unicast [bridge1 18:45:27.117] * L (0)<br>
dev vl40<br>
00:00:00:00:00:00 vlan 40 unicast [evpn1 18:58:54.908] * (80)<br>
via 2001:db8:ffff:1ad::403 on vxlan100 mpls 10040<br>
42:a5:d1:11:88:4b vlan 40 unicast [bridge1 18:45:27.117] * L (0)<br>
dev vxlan100<br>
06:06:4f:2b:a5:e6 vlan 1 unicast [bridge1 18:45:27.117] * L (0)<br>
dev br1<br>
00:50:00:00:2c:01 vlan 40 unicast [evpn1 21:41:13.227] * (80)<br>
via 2001:db8:ffff:1ad::403 on vxlan100 mpls 10040<br>
00:50:00:00:12:01 vlan 40 unicast [evpn1 21:43:01.278] * (80)<br>
via 2001:db8:ffff:1ad::401 on vxlan100 mpls 10040<br>
<br>
bird> sh route table evpntab<br>
Table evpntab:<br>
evpn imet 1005001:10040 0 2001:db8:ffff:1ad::501 [evpn1
18:58:54.908] * (120)<br>
evpn imet 1004003:10040 0 2001:db8:ffff:1ad::401 [SPINE1_EVPN
17:52:18.800 from 2001:db8:ffff:1aa::1] * (100) [AS4201004001i]<br>
evpn imet 1004003:10040 0 2001:db8:ffff:1ad::403 [SPINE1_EVPN
17:52:18.800 from 2001:db8:ffff:1aa::1] * (100) [AS4201004003i]<br>
evpn mac 1005001:10040 0 42:a5:d1:11:88:4b * mpls 10040 [evpn1
18:58:54.908] * (120)<br>
evpn mac 1005001:10040 0 7e:59:8d:e3:ed:71 * mpls 10040 [evpn1
18:58:54.908] * (120)<br>
evpn mac 1004003:10040 0 00:50:00:00:2c:01 * unicast [SPINE1_EVPN
21:41:13.227 from 2001:db8:ffff:1aa::1] * (100/?) [AS4201004003i]<br>
via 2001:db8:ffff:1f3::8 on ens4 mpls 10040<br>
evpn mac 1004003:10040 0 00:50:00:00:12:01 * unicast [SPINE1_EVPN
21:43:01.278 from 2001:db8:ffff:1aa::1] * (100/?) [AS4201004001i]<br>
via 2001:db8:ffff:1f3::8 on ens4 mpls 10040<br>
bird><br>
<br>
bird> sh route table master6<br>
Table master6:<br>
2001:db8:ffff:1aa::1/128 unicast [SPINE1_BGP 17:52:15.287] * (100)
[AS4201003001i]<br>
via 2001:db8:ffff:1f3::8 on ens4<br>
2001:db8:ffff:1ad::501/128 unicast [direct1 17:52:13.958] * (240)<br>
dev lo100<br>
2001:db8:ffff:1aa::401/128 unicast [SPINE1_BGP 17:52:15.287] * (100)
[AS4201004001i]<br>
via 2001:db8:ffff:1f3::8 on ens4<br>
2001:db8:ffff:1ad::401/128 unicast [SPINE1_BGP 17:52:15.287] * (100)
[AS4201004001i]<br>
via 2001:db8:ffff:1f3::8 on ens4<br>
2001:db8:ffff:1aa::501/128 unicast [direct1 17:52:13.958] * (240)<br>
dev lo10<br>
2001:db8:ffff:1aa::402/128 unicast [SPINE1_BGP 17:52:15.287] * (100)
[AS4201004001i]<br>
via 2001:db8:ffff:1f3::8 on ens4<br>
2001:db8:ffff:1ad::403/128 unicast [SPINE1_BGP 17:52:15.287] * (100)
[AS4201004003i]<br>
via 2001:db8:ffff:1f3::8 on ens4<br>
2001:db8:ffff:1f3::8/127 unicast [direct1 17:52:13.958] * (240)<br>
dev ens4<br>
2001:db8:ffff:1aa::2/128 unicast [SPINE1_BGP 17:52:15.331] * (100)
[AS4201003001i]<br>
via 2001:db8:ffff:1f3::8 on ens4<br>
2001:db8:ffff:1aa::403/128 unicast [SPINE1_BGP 17:52:15.287] * (100)
[AS4201004003i]<br>
via 2001:db8:ffff:1f3::8 on ens4<br>
bird><br>
<br>
I don't know if it's something weird I've done or if my
implementation is just whacked out but this seems to be the last
hurdle<br>
<br>
I'm seeing BUM coming through from one of the hosts attached to a
leaf:<br>
<br>
21:43:47.974972 IP6 2001:db8:ffff:1ad::401.60846 >
2001:db8:ffff:1ad::501.4789: VXLAN, flags [I] (0x08), vni 10040<br>
ARP, Request who-has 100.64.40.254 tell 100.64.40.18, length 46<br>
21:43:47.976451 IP6 2001:db8:ffff:1ad::401.60846 >
2001:db8:ffff:1aa::501.4789: VXLAN, flags [I] (0x08), vni 10040<br>
ARP, Request who-has 100.64.40.254 tell 100.64.40.18, length 46<br>
<br>
but it's going to both loopback addresses (the BGP one and the vxlan
terminator)<br>
<br>
For what it's worth, 'bridge vlan add dev vxlan100 vid 40
tunnel_info id 40' errors out. The readme on
<a class="moz-txt-link-freetext" href="https://gitlab.nic.cz/labs/bird-tools/-/tree/master/netlab/cf-evpn-bgp">https://gitlab.nic.cz/labs/bird-tools/-/tree/master/netlab/cf-evpn-bgp</a>
has typos in the commands too.<br>
<br>
Feel free to bug me off-list for more detail, this is getting
long-winded...<br>
<br>
<span style="white-space: pre-wrap">Regards,
William
</span>
<div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br /><table style="border-top: 1px solid #D3D4DE;"><tr><td style="width: 55px; padding-top: 13px;"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" target="_blank"><img src="https://s-install.avcdn.net/ipm/preview/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" alt="" width="46" height="29" style="width: 46px; height: 29px;"/></a></td><td style="width: 470px; padding-top: 12px; color: #41424e; font-size: 13px; font-family: Arial, Helvetica, sans-serif; line-height: 18px;">Virus-free.<a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" target="_blank" style="color: #4453ea;">www.avast.com</a></td></tr></table><a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"> </a></div></body>
</html>