Deployment Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4128F-ON/S4128T-ON

50 00:00:00:aa:aa:aa rmt 0 55.1.1.3

50 00:00:00:cc:cc:cc lcl 0 ethernet1/1/8:1

VXLAN BGP EVPN routing

Configure BGP EVPN for VXLAN describes how EVPN facilitates traffic switching within the same L2 tenant segment virtual network on

a VTEP for virtual networks that associate with EVIs. This section describes how EVPN implements overlay routing between L2 segments

associated with EVIs belonging to the

same tenant on a VTEP. IETF draft draft-ietf-bess-evpn-inter-subnet-forwarding-05 describes

EVPN inter-subnet forwarding, Integrated Routing and Bridging (IRB), and how to use EVPN with IP routing between L2 tenant domains.

As described in Configure VXLAN — Enable overlay routing between virtual networks, you set up overlay routing by assigning a VRF to

each tenant, creating a virtual-network interface, and assigning an IP subnet in the VRF to each virtual-network interface. The VTEP acts

as the L3 gateway that routes traffic from one tenant subnet to another in the overlay before encapsulating it in the VXLAN header and

transporting it over the underlay fabric. On virtual networks that associate with EVIs, EVPN IRB is enabled only after you create a virtual-

network interface.

When you enable IRB for a virtual network/EVI, EVPN operation on each VTEP also advertises the local tenant IP-MAC bindings learned

on the EVPN-enabled virtual networks to all other VTEPs. The local tenant IP-MAC bindings are learned from ARP or ICMPv6 protocol

operation. They advertise as EVPN Type-2 BGP route updates to other VTEPs, each of whom then imports and installs them as ARP/

IPv6 neighbor entries in the dataplane.

To enable efficient traffic forwarding on a VTEP, OS10 supports distributed gateway routing. A distributed gateway allows multiple VTEPs

to act as the gateway router for a tenant subnet. The VTEP that is located nearest to a host acts as its gateway router.

To enable L3 gateway/IRB functionality for BGP EVPN, configure a VXLAN overlay network and enable routing on a switch:

1. Create a non-default VRF instance for overlay routing. For multi-tenancy, create a VRF instance for each tenant.

2. Cconfigure globally the anycast gateway MAC address used by all VTEPs.

3. Configure a virtual-network interface for each virtual network, (optional) assign it to the tenant VRF, and configure an IP address.

Then enable the interface.

4. Configure an anycast gateway IP address for each virtual network. OS10 supports distributed gateway routing.

For more information, see Configure VXLAN — Enable overlay routing between virtual networks.

EVPN supports different types of IRB routing for tenants, VMs and servers, that connect to each VTEP in a tenant network.

• Asymmetric routing: IP routing is performed on ingress VTEPs. L2 bridging is performed on egress VTEPs. You must configure an

ingress VTEP with a virtual network even for destination IP subnets that have no locally attached hosts. EVPN asymmetric IRB installs

ARP entries to associate each tenant VM IP address with its corresponding VM MAC address in the overlay.

• Symmetric routing: IP routing is performed on both ingress and egress VTEPs. You do not have to configure an ingress VTEP with a

virtual network for destination IP subnets that have no locally attached hosts. EVPN symmetric IRB installs ARP entries to associate

each tenant VM destination IP address with the MAC address of the VTEP where the VM is located, reducing the number of required

hardware next-hop routing resources.

NOTE:

In release 10.4.3.0, OS10 supports only distributed asymmetric routing mode.

For a sample BGP EVPN routing configuration, see Example: VXLAN with BGP EVPN.

BGP EVPN with VLT

OS10 supports BGP EVPN operation between VLT peers that you configure as VTEPs. For more information about configurations and

best practices to set up VLT for VXLAN, see Configure VXLAN — Configure VLT. This information also applies to BGP EVPN for VXLAN.

Dell EMC recommends configuring iBGP peering for the IPv4 address family between the VTEPs in a VLT pair on a dedicated L3 VLAN

that is used when connectivity to the underlay L3 network is lost. It is NOT required to enable the EVPN address family on the iBGP

peering session between the VTEPs in a VLT pair because EVPN peering to the spine switch is performed on Loopback interfaces.

Both VTEPs in a VLT pair advertise identical EVPN routes, which provides redundancy if one of the VTEP peers fails. To set up redundant

EVPN route advertisement, configure the same EVI, RD, and RT values for each VNI on both VTEPs in a VLT pair, including:

• In auto-EVI mode, this identical configuration is automatically ensured if the VNID-to-VNI association is the same on both VTEP peers.

• In manual EVI mode, you must configure the same EVI-to-VNID association on both VTEP peers.

• In manual EVI mode, you must configure the same RD and RT values on both VTEP peers.

In an EVPN configuration, increase the VLT delay-restore timer to allow for BGP EVPN adjacency to establish and for the remote MAC

and neighbor entries to download by EVPN and install in the dataplane. The VLT delay-restore determines the amount of time the VLT

LAGs are kept operationally down at bootup to allow the dataplane to set up and forward traffic, resulting in minimal traffic loss as the VLT

peer node boots up and joins the VLT domain.

BGP EVPN for VXLAN