API Guide
Using the L3 VNI associated with each tenant VRF, an ingress VTEP routes all traffic for the prefix to an egress VTEP on the L3 VNI. The
egress VTEP routes from the L3 VNI to the destination virtual network or bridge domain. The L3 VNI does not have to be associated with
an IP address; routing is set up in the data plane using the egress VTEP's MAC address. This behavior is known as IP-VRF to IP-VRF
interface-less routing.
The ingress VTEP does not have to be configured with every destination virtual network; it must have the ARP and MAC addresses only
to the egress VTEP, not to each host connected to the VTEP. For this reason, symmetric IRB routing allows the overlay network to scale
larger than asymmetric routing. Assign the same router MAC address to each VLT peer in a VTEP VLT domain.
Each VTEP learns host MAC and MAC-to-IP bindings using ARP snooping for local addresses, and type-2 and type-5 route
advertisements from remote VTEPs. In addition to L3 VNI-connected networks, type-5 route advertisements communicate external
routes from a border leaf VTEP to all other VTEPs.
For a VXLAN BGP EVPN example that uses symmetric IRB and Type-5 route, see Example: VXLAN BGP EVPN — Symmetric IRB.
Configure Symmetric IRB for VXLAN BGP EVPN
Before you start
1. Follow the procedure in Configure VXLAN to:
• Configure the VXLAN overlay network.
• Enable routing for VXLAN virtual networks. Integrated Routing and Bridging (IRB) is automatically enabled.
• Enable an overlay routing profile with the number of reserved ARP table entries for VXLAN overlay routing.
2. Follow the procedure in Configure BGP EVPN for VXLAN to:
• Configure BGP to advertise EVPN routes.
• Configure EVPN for VXLAN virtual networks.
For a sample configuration, see Example: VXLAN with BGP EVPN.
Configure symmetric IRB
1. (Optional) If the switch is a VTEP VLT peer, configure a local router MAC that is used by remote VTEPs as the destination address in
VXLAN encapsulated packets sent to the switch in EVPN mode.
If you assign a unique VLT MAC address on each pair of VLT peers, use the same MAC address as the local router MAC. By default,
the router MAC is derived as an offset from the local system MAC address.
In a VLT VTEP pair, the router mac configured in both the VLT peers must be same. Router MAC configuration is mandatory for VTEP
VLT peers.
OS10(config)# evpn
OS10(config-evpn)# router-mac nn:nn:nn:nn:nn:nn
2. Configure a non-default VRF with a dedicated VXLAN VNI for each tenant VRF in EVPN mode. The tenant VRF is created using the
ip vrf command when you enable overlay routing with IRB; see Enable overlay routing between virtual networks. The VXLAN VNI
associated with the tenant VRF for EVPN symmetric IRB must be unique on the switch.
By default, the route distinguisher value is auto-generated. To reconfigure it, use the rd A.B.C.D:[1-65535]command. The route
target value is a mandatory entry.
OS10(config-evpn)# vrf tenant-vrf-name
OS10(config-evpn-vrf-vrf-tenant)# vni vxlan-vni
OS10(config-evpn-vrf-vrf-tenant)# rd {A.B.C.D:[1-65535]}
OS10(config-evpn-vrf-vrf-tenant)# route-target {auto | value {import | export | both}
[asn4]}
OS10(config-evpn-vrf-vrf-tenant)# exit
3. (Optional) Advertise the IP prefixes learned from external networks and directly connected networks into EVPN type-5 route
advertisements in EVPN-VRF mode; for example:
OS10(config)# evpn
OS10(config-evpn)# vrf vrf-tenant1
OS10(config-evpn-vrf-vrf-tenant1)# advertise {ipv4 | ipv6} {connected | static| ospf |
bgp} [route-map map-name]
BGP EVPN for VXLAN
55