Users Guide
The ingress VTEP is configured with all destination virtual networks, and has the ARP entries and MAC addresses for all
destination hosts in its hardware tables. Each VTEP learns the host MAC and MAC-to-IP bindings using ARP snooping for local
addresses and type-2 route advertisements from remote VTEPs.
For VXLAN BGP EVPN examples that use asymmetric IRB, see Example: VXLAN with BGP EVPN and Example: VXLAN BGP
EVPN — Multiple AS topology.
Symmetric IRB routing
In symmetric IRB routing, both ingress and egress VTEPs perform IRB routing and bridging for a tenant subnet. The ingress
VTEP routes packets to an egress VTEP MAC address in an intermediate virtual-network VNI. The egress VTEP then routes the
packet again to the destination host in the destination virtual-network VNI.
Using the L3 VNI associated with each tenant VRF, an ingress VTEP routes all traffic for the prefix to an egress VTEP on the L3
VNI. The egress VTEP routes from the L3 VNI to the destination virtual network or bridge domain. The L3 VNI does not have to
be associated with an IP address; routing is set up in the data plane using the egress VTEP's MAC address. This behavior is
known as IP-VRF to IP-VRF interface-less routing.
The ingress VTEP does not have to be configured with every destination virtual network; it must have the ARP and MAC
addresses only to the egress VTEP, not to each host connected to the VTEP. For this reason, symmetric IRB routing allows the
overlay network to scale larger than asymmetric routing. Assign the same router MAC address to each VLT peer in a VTEP VLT
domain.
Each VTEP learns host MAC and MAC-to-IP bindings using ARP snooping for local addresses, and type-2 and type-5 route
advertisements from remote VTEPs. In addition to L3 VNI-connected networks, type-5 route advertisements communicate
external routes from a border leaf VTEP to all other VTEPs.
For a VXLAN BGP EVPN example that uses symmetric IRB and Type-5 route, see Example: VXLAN BGP EVPN — Symmetric
IRB.
Configure Symmetric IRB for VXLAN BGP EVPN
Before you start
1. Follow the procedure in Configure VXLAN to:
● Configure the VXLAN overlay network.
● Enable routing for VXLAN virtual networks. Integrated Routing and Bridging (IRB) is automatically enabled.
● Enable an overlay routing profile with the number of reserved ARP table entries for VXLAN overlay routing.
2. Follow the procedure in Configure BGP EVPN for VXLAN to:
● Configure BGP to advertise EVPN routes.
● Configure EVPN for VXLAN virtual networks.
For a sample configuration, see Example: VXLAN with BGP EVPN.
Configure symmetric IRB
1. (Optional) If the switch is a VTEP VLT peer, configure a local router MAC that is used by remote VTEPs as the destination
address in VXLAN encapsulated packets sent to the switch in EVPN mode.
If you assign a unique VLT MAC address on each pair of VLT peers, use the same MAC address as the local router MAC. By
default, the router MAC is derived as an offset from the local system MAC address.
In a VLT VTEP pair, the router MAC configured in both the VLT peers must be the same. Router MAC configuration is
mandatory for VTEP VLT peers.
OS10(config)# evpn
OS10(config-evpn)# router-mac nn:nn:nn:nn:nn:nn
2. Configure a non-default VRF with a dedicated VXLAN VNI for each tenant VRF in EVPN mode. The tenant VRF is created
using the ip vrf command when you enable overlay routing with IRB; see Enable overlay routing between virtual networks.
The VXLAN VNI associated with the tenant VRF for EVPN symmetric IRB must be unique on the switch.
By default, the route distinguisher value is auto-generated. To reconfigure it, use the rd A.B.C.D:[1-65535]command.
The route target value is a mandatory entry.
OS10(config-evpn)# vrf tenant-vrf-name
OS10(config-evpn-vrf-vrf-tenant)# vni vxlan-vni
OS10(config-evpn-vrf-vrf-tenant)# rd {A.B.C.D:[1-65535]}
VXLAN
1185