VXLAN and BGP EVPN Configuration Guide for Dell EMC SmartFabric OS10 Release 10.5.2 09 2020 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: VXLAN .........................................................................................................................6 VXLAN concepts..................................................................................................................................................................7 VXLAN as NVO solution.....................................................................................................................................................
show mac address-table nve.................................................................................................................................... 34 show mac address-table virtual-network.............................................................................................................. 35 Example: VXLAN with static VTEP...............................................................................................................................36 BGP EVPN for VXLAN...................
show evpn evi............................................................................................................................................................. 210 show evpn mac...........................................................................................................................................................210 show evpn mac-ip.....................................................................................................................................................
1 VXLAN A virtual extensible LAN (VXLAN) extends Layer 2 (L2) server connectivity over an underlying Layer 3 (L3) transport network in a virtualized data center. A virtualized data center consists of virtual machines (VMs) in a multi-tenant environment. OS10 supports VXLAN as described in RFC 7348. VXLAN provides a L2 overlay mechanism on an existing L3 network by encapsulating the L2 frames in L3 packets.
● Z9332F-ON Configuration notes In a static VXLAN, overlay routing is supported on: ● ● ● ● ● S4100-ON Series S4200-ON Series S5200-ON Series S4048T-ON S6010-ON VXLAN concepts Network virtualization overlay (NVO) An overlay network extends L2 connectivity between server virtual machines (VMs) in a tenant segment over an underlay L3 IP network. A tenant segment can be a group of hosts or servers that are spread across an underlay network.
Port-scoped VLAN A Port,VLAN pair that maps to a virtual network ID (VNID) in OS10. Assign an individual member interface to a virtual network either with an associated tagged VLAN or as an untagged member. Using a portscoped VLAN, you can configure: ● The same VLAN ID on different access interfaces to different virtual networks. ● Different VLAN IDs on different access interfaces to the same virtual network.
3. Return to CONFIGURATION mode. exit 4. Enter NVE mode from CONFIGURATION mode. NVE mode allows you to configure the VXLAN tunnel endpoint on the switch. nve 5. Configure the Loopback interface as the source tunnel endpoint for all virtual networks on the switch in NVE mode. source-interface loopback number 6. Return to CONFIGURATION mode. exit Configure a VXLAN virtual network To create a VXLAN, assign a VXLAN segment ID (VNI) to a virtual network ID (VNID) and configure a remote VTEP.
2. Configure port interfaces as trunk members of the VLAN in Interface mode. interface ethernet node/slot/port[:subport] switchport mode trunk switchport trunk allowed-vlan vlan-id exit The local physical ports assigned to the VLAN transmit packets over the virtual network. NOTE: A switch-scoped VLAN assigned to a virtual network cannot have a configured IP address and cannot participate in L3 routing; for example: OS10(config)# interface vlan 102 OS10(conf-if-vlan-102)# ip address 1.1.1.
2. Configure port interfaces as trunk members and remove the access VLAN in Interface mode. interface ethernet node/slot/port[:subport] switchport mode trunk no switchport access vlan exit 3. Assign the trunk interfaces as untagged members of the virtual network in VIRTUAL-NETWORK mode. You cannot use the reserved VLAN ID for a legacy VLAN or for tagged traffic on member interfaces of virtual networks.
network IP addresses in different subnets. If you do not assign the virtual-network interface to a tenant VRF, it is assigned to the default VRF. interface virtual-network vn-id ip vrf forwarding tenant-vrf-name ip address ip-address/mask no shutdown exit 4. Configure an anycast gateway IPv4 or IPv6 address for each virtual network in INTERFACE-VIRTUAL-NETWORK mode. This anycast IP address must be in the same subnet as the IP address of the virtual-network interface in Step 3.
Table 1. MAC address for all VTEPs (continued) Virtual network VNID 13 VTEP Anycast gateway MAC address VTEP 2 00.11.22.33.44.55 VTEP 3 00.11.22.33.44.55 VTEP 1 00.11.22.33.44.55 VTEP 2 00.11.22.33.44.55 VTEP 3 00.11.22.33.44.55 ● Configure a unique IP address on the virtual-network interface on each VTEP across all virtual networks. Configure the same anycast gateway IP address on all VTEPs in a virtual-network subnet. For example: Table 2.
Configure VLT (Optional) To use VXLAN in a VLT domain, configure the VLT domain — including the VLT Interconnect (VLTi) interfaces, backup heartbeat, and VLT MAC address — as described in the OS10 Enterprise Edition User Guide in the Virtual link trunking section. Required VLT VXLAN configuration: ● The IP address of the VTEP source Loopback interface must be same on the VLT peers.
VLAN 137 ---------MAC 00:00:00:00:00:02 is missing from Node(s) 2 Run "show vlt d1 mismatch ..." commands to identify configuration issues L3 VXLAN route scaling The S4100-ON series, S5200-ON series, S4048T-ON, S4248-ON series, and S6010-ON switches support native VxLAN routing — routing in and out of tunnels (RIOT). RIOT requires dedicated hardware resources reserved for overlay routing. You cannot use these dedicated resources for underlay routing.
● View the hardware resources available for overlay routing in different profiles; for example, in the S5200-ON series: OS10# show hardware overlay-routing-profile mode all Mode Overlay Next-hop Underlay Next-hop Underlay L3 RIF Entries Entries default-overlay-routing 8192 57344 14336 disable-overlay-routing 0 65536 16384 balanced-overlay-routing 32768 32768 8192 scaled-overlay-routing 53248 12288 Overlay L3 RIF Entries 2048 Entries 0 8192 12288 4096 ● View the currently configured overlay routing prof
VLAN 2500: port-channel1000 VxLAN Virtual Network Identifier: 16775000 Source Interface: loopback100(222.222.222.222) Remote-VTEPs (flood-list): 55.55.55.55(DP),77.1.1.
10.10.10.10 20.20.20.20 857/8570 457/3570 257/23709 277/13709 View the VXLAN virtual network by VNID OS10# show nve vxlan-vni VNI Virtual-Network Source-IP Remote-VTEPs -----------------------------------------------------101 101 44.44.44.44 11.11.11.11,22.22.22.22,33.33.33.33 102 102 44.44.44.44 11.11.11.11,22.22.22.22,33.33.33.33 103 103 44.44.44.44 11.11.11.11,22.22.22.22,33.33.33.33 104 104 44.44.44.44 11.11.11.11,22.22.22.22,33.33.33.
VXLAN MAC addresses Use the show mac address-table virtual-network or show mac address-table extended commands to display the MAC addresses learned on a VXLAN virtual network or learned on both VXLAN virtual networks and legacy VLANs. Use the clear mac address-table dynamic virtual-network and clear mac address-table dynamic nve remote-vtep commands to delete address entries from the MAC address virtual-network table.
Table 4. Display VXLAN MAC addresses (continued) Command Description local: Displays the number of locally-learned MAC addresses. remote: Displays the number of remote MAC addresses learned on all or a specified virtual network. static: Displays the number of static MAC addresses learned on all or a specified virtual network. interface ethernet node/slot/port:subport: Displays the number of MAC addresses learned on the specified interface.
VXLAN commands hardware overlay-routing-profile Configures the number of reserved ARP table entries for VXLAN overlay routing.
Example Supported releases OS10(config)# interface virtual-network 10000 OS10(config-if-vn-10000)# ip vrf forwarding tenant1 OS10(config-if-vn-10000)# ip address 10.1.0.1/16 OS10(config-if-vn-10000)# no shutdown 10.4.3.0 or later ip virtual-router address Configures an anycast gateway IP address for a VXLAN virtual network. Syntax ip virtual-router address ip-address Parameters address ipaddress Enter the IP address of the anycast L3 gateway.
Parameters ethernet node/slot/ port[:subport ] Assign the specified interface to a virtual network. port-channel number Assign the specified port channel to a virtual network. untagged Assign untagged traffic on an interface or port channel to a virtual network. vlan-tag vlan-id Assign tagged traffic on the specified VLAN to a virtual network.
Example Supported releases OS10(config-vn-vxlan-vni)# remote-vtep 20.20.20.1 OS10(config-vn-vxlan-vni-remote-vtep)# exit OS10(config-vn-vxlan-vni)# remote-vtep 30.20.20.1 10.4.2.0 or later show hardware overlay-routing-profile mode Displays the number of hardware resources available for overlay routing in different profiles. Syntax show hardware overlay-routing-profile mode [all] Parameters all View the number of tenant entries available in each hardware partition for overlay routing profiles.
Interface index is 66 Internet address is 12.12.12.2/24 Mode of IPv4 Address Assignment: MANUAL Interface IPv6 oper status: Enabled Link local IPv6 address: fe80::1618:77ff:fe25:6eb9/64 MTU 1532 bytes, IP MTU 1500 bytes ARP type: ARPA, ARP Timeout: 60 Last clearing of "show interface" counters: 10:24:21 Queuing strategy: fifo Input statistics: 89 packets, 10056 octets Output statistics: 207 packets, 7376 octets Time since last interface status change: 10:23:21 Supported releases 10.4.3.
Usage information Example Supported releases Use this command to display input and output statistics for VXLAN traffic on a remote VTEP. A VTEP is identified by its IP address. Use the clear nve remote-vtep [ip-address] counters command to clear VXLAN packet statistics. OS10# show nve remote-vtep counters Peer Input (Packets/Bytes) 10.10.10.10 857/8570 20.20.20.20 457/3570 Output (Packets/Bytes) 257/23709 277/13709 10.4.2.
Source Interface: loopback100(222.222.222.222) Remote-VTEPs (flood-list): 55.55.55.55(DP),77.1.1.1(DP) Supported releases 10.4.2.0 or later show virtual-network counters Displays packet statistics for virtual networks. Syntax Parameters show virtual-network [vn-id] counters vn-id Enter a virtual-network ID, from 1 to 65535. Default Not configured Command mode EXEC Usage information Use this command to monitor the packet throughput on virtual networks, including VXLANs.
Supported releases 10.4.2.0 or later show virtual-network interface Displays the VXLAN virtual networks and server VLANs where a port is assigned. Syntax show virtual-network interface {ethernet node/slot/port:subport | portchannel number} Parameters interface ethernet node/slot/ port[:subport ] Enter the port information for an Ethernet interface. interface port-channel number Enter a port-channel number, from 1 to 128.
show vlan (virtual network) Displays the VLANs assigned to virtual networks. Syntax show vlan Parameters None Default Not configured Command mode EXEC Usage information Use this command to display the VLAN port interfaces that transmit VXLAN packets over a virtual network.
virtual-network Creates a virtual network for VXLAN tunneling. Syntax virtual-network vn-id Parameters vn-id Enter the virtual-network ID, from 1 to 65535. Default Not configured Command mode CONFIGURATION Usage information The virtual network operates as a L2 bridging domain. To add a VXLAN to the virtual network, use the vxlan-vni command. The no version of this command removes the configured virtual network. Example Supported releases OS10(config)# virtual-network 1000 OS10(config-vn)# 10.4.
VXLAN MAC commands clear mac address-table dynamic nve remote-vtep Clears all MAC addresses learned from a remote VTEP. Syntax Parameters clear mac address-table dynamic nve remote-vtep ip-address remote-vtep ip-address Clear MAC addresses learned from the specified remote VTEP. Default Not configured Command mode EXEC Usage information To display the MAC addresses learned from a remote VTEP, use the show mac address-table nve remote-vtep command.
Example Supported releases OS10# clear mac address-table dynamic virtual-network 10.4.2.0 or later show mac address-table count extended Displays the number of MAC addresses learned on all VLANs and VXLAN virtual networks. Syntax show mac address-table count extended [interface {ethernet node/slot/ port:subport | port-channel number}] Parameters interface ethernet node/slot/ port[:subport ] Display the number of MAC addresses learned on all VLANs and VXLANs on the specified interface.
Static Address (User-defined) Count : Total MAC Addresses in Use: 0 1 OS10# show mac address-table count nve remote-vtep 32.1.1.1 MAC Entries for all vlans : Dynamic Address Count : 2 Static Address (User-defined) Count : 0 Total MAC Addresses in Use: 2 Supported releases 10.4.2.0 or later show mac address-table count virtual-network Displays the number of MAC addresses learned on virtual networks.
Parameters address macaddress Display only information about the specified MAC address. interface ethernet node/slot/ port[:subport ] Display only MAC addresses learned on the specified interface. interface port-channel number Display only MAC addresses learned on the specified port channel. static Display only static MAC addresses. dynamic Display only dynamic MAC addresses. Default Not configured Command mode EXEC Usage information By default, MAC learning from a remote VTEP is enabled.
Example OS10# show mac address-table nve remote-vtep 32.1.1.1 Virtual-Network VNI MAC Address Type Remote-VTEP --------------------------------------------------------------10000 9999 00:00:00:00:00:77 dynamic VxLAN(32.1.1.1) 20000 19999 00:00:00:00:00:88 dynamic VxLAN(32.1.1.1) OS10# show mac address-table nve vxlan-vni 9999 Virtual-Network VNI MAC Address Type Remote-VTEP --------------------------------------------------------------10000 9999 00:00:00:00:00:77 dynamic VxLAN(32.1.1.
Supported releases 10.4.2.0 or later Example: VXLAN with static VTEP This example uses a typical Clos leaf-spine topology with static VXLAN tunnel endpoints (VTEPs) in VLT dual-homing domains. The individual switch configuration shows how to set up an end-to-end VXLAN. The underlay IP network routes advertise using OSPF. ● On VTEPs 1 and 2, access ports are assigned to the virtual network using a switch-scoped VLAN configuration.
VTEP 1 Leaf Switch 1. Configure the underlay OSPF protocol. Do not configure the same IP address for the router ID and the source loopback interface in Step 2. OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 172.16.0.1 OS10(config-router-ospf-1)# exit 2. Configure a Loopback interface. OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# ip ospf 1 area 0.0.0.0 OS10(conf-if-lo-0)# exit 3.
OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethernet1/1/6 no shutdown channel-group 20 mode active no switchport exit 7. Configure upstream network-facing ports. OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 172.16.1.0/31 ip ospf 1 area 0.0.0.
OS10(conf-uplink-state-group-1)# upstream port-channel10 OS10(conf-uplink-state-group-1)# upstream port-channel20 OS10(conf-uplink-state-group-1)# exit 9. Configure overlay IP routing Create the tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure the anycast L3 gateway MAC address for all VTEPs. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing with an anycast gateway IP address for each virtual network.
OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 5. Assign a switch-scoped VLAN to a virtual network. OS10(config)# interface OS10(config-if-vl-100)# OS10(config-if-vl-100)# OS10(config-if-vl-100)# OS10(config)# interface OS10(config-if-vl-100)# OS10(config-if-vl-100)# OS10(config-if-vl-100)# vlan100 virtual-network 10000 no shutdown exit vlan200 virtual-network 20000 no shutdown exit 6. Configure access ports as VLAN members.
Configure a VLT port channel. OS10(config)# interface port-channel10 OS10(conf-if-po-10)# vlt port-channel 10 OS10(conf-if-po-10)# exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# vlt port-channel 20 OS10(conf-if-po-20)# exit Configure VLTi member links.
VTEP 3 Leaf Switch 1. Configure the underlay OSPF protocol. Do not configure the same IP address for the router ID and the source loopback interface in Step 2. OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 172.18.0.1 OS10(config-router-ospf-1)# exit 2. Configure a Loopback interface. OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.2.1/32 OS10(conf-if-lo-0)# ip ospf 1 area 0.0.0.0 OS10(conf-if-lo-0)# exit 3.
7. Add access ports to the VXLAN virtual networks. OS10(config)# virtual-network 10000 OS10(config-vn-10000)# member-interface port-channel 10 vlan-tag 100 OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# member-interface port-channel 20 untagged OS10(config-vn-20000)# exit NOTE: This step shows how to add access ports using port-scoped VLAN-to-VNI mapping. You can also add access ports using a switch-scoped VLAN-to-VNI mapping.
OS10(conf-if-eth1/1/4)# no switchport OS10(conf-if-eth1/1/4)# exit Configure a VLT domain. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.3 OS10(conf-vlt-1)# discovery-interface ethernet1/1/3,1/1/4 OS10(conf-vlt-1)# vlt-mac aa:bb:dd:cc:ff:ee OS10(conf-vlt-1)# exit Configure UFD with uplink VLT ports and downlink network ports.
3. Configure the Loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 4. Configure VXLAN virtual networks with a static VTEP.
OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# ethernet1/1/2 no shutdown no switchport mtu 1650 ip address 172.19.2.0/31 ip ospf 1 area 0.0.0.0 exit 9. Configure VLT Configure VLTi VLAN for the VXLAN virtual network.
Create a tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast L3 gateway for all VTEPs in all virtual networks. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing with an anycast gateway IP address for each virtual network. OS10(config)# interface virtual-network 10000 OS10(config-if-vn-10000)# ip vrf forwarding tenant1 OS10(config-if-vn-10000)# ip address 10.1.0.234/16 OS10(config-if-vn-10000)# ip virtual-router address 10.1.0.
Spine Switch 2 1. Configure downstream ports on underlay links to leaf switches. OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport ip address 172.16.2.1/31 ip ospf 1 area 0.0.0.
Configure and operate static VXLANs and BGP EVPNs for VXLAN in the same way: ● ● ● ● Manually configure the overlay and underlay networks. Manually configure each virtual network and VNI. Manually configure access port membership in a virtual network. Existing routing protocols provision and learn underlay reachability to VTEP peers. However, static VXLANs and BGP EVPNs for VXLAN differ as described: Table 6.
Figure 3. BGP EVPN topology Leaf nodes Leaf nodes are typically top-of-rack (ToR) switches in a data center network. They act as the VXLAN tunnel endpoints and perform VXLAN encapsulation and decapsulation. Leaf nodes also participate in the MP-BGP EVPN to support control plane and data plane functions. Control plane functions include: ● Initiate and maintain route adjacencies using any routing protocol in the underlay network. ● Advertise locally learned routes to all MP-BGP EVPN peers.
● Does not perform VXLAN encapsulation or decapsulation. The BGP EVPN running on each VTEP listens to the exchange of route information in the local overlay, encodes the learned routes as BGP EVPN routes, and injects them into BGP to advertise to the peers. Tunnel endpoints advertise as Type 3 EVPN routes. MAC/IP addresses advertise as Type 2 EVPN routes. EVPN instance An EVPN instance (EVI) spans across the VTEPs that participate in an Ethernet VPN.
Configure BGP EVPN for VXLAN To set up BGP EVPN service in a VXLAN overlay network: 1. Configure the VXLAN overlay network. If you enable routing for VXLAN virtual networks, Integrated Routing and Bridging (IRB) for BGP EVPN is automatically enabled. For more information, see Configure VXLAN. 2. Configure BGP to advertise EVPN routes. 3. Configure EVPN, including the VNI, RD, and RT values associated with the EVPN instance. 4. Verify the BGP EVPN configuration. Configuration 1.
c. Use the local Loopback address as the source address in BGP packets sent to the neighbor in ROUTER-BGP-NEIGHBOR mode. update-source loopback0 d. Send an extended community attribute to the BGP neighbor in ROUTER-BGP-NEIGHBOR mode. send-community extended e. Enable the peer session with the BGP neighbor in ROUTER-BGP-NEIGHBOR mode. no shutdown f. Configure the L2 VPN EVPN address family for VXLAN host-based routing to the BGP peer in ROUTER-BGP-NEIGHBOR mode. address-family l2vpn evpn g.
a. Enable the EVPN control plane in CONFIGURATION mode. evpn b. Enable auto-EVI creation for overlay virtual networks in EVPN mode. Auto-EVI creation is supported only if BGP EVPN is used with 2-byte AS numbers and if at least one BGP instance is enabled with the EVPN address family. No further manual configuration is allowed in auto-EVI mode. auto-evi ● Manual EVI configuration mode a. Enable the EVPN control plane in CONFIGURATION mode. evpn b. Manually create an EVPN instance in EVPN mode.
Display the BGP neighbors in the EVPN instances OS10# show ip bgp neighbors 110.111.170.102 BGP neighbor is 110.111.170.102, remote AS 100, local AS 100 internal link BGP version 4, remote router ID 110.111.170.
50 50 00:00:00:aa:aa:aa 00:00:00:cc:cc:cc rmt lcl 0 0 55.1.1.3 ethernet1/1/8:1 VXLAN BGP EVPN routing This section describes how EVPN implements overlay routing between L2 segments associated with EVIs belonging to the same tenant on a VTEP. IETF draft draft-ietf-bess-evpn-inter-subnet-forwarding-05 describes EVPN inter-subnet forwarding, Integrated Routing and Bridging (IRB), and how to use EVPN with IP routing between L2 tenant domains.
be associated with an IP address; routing is set up in the data plane using the egress VTEP's MAC address. This behavior is known as IP-VRF to IP-VRF interface-less routing. The ingress VTEP does not have to be configured with every destination virtual network; it must have the ARP and MAC addresses only to the egress VTEP, not to each host connected to the VTEP. For this reason, symmetric IRB routing allows the overlay network to scale larger than asymmetric routing.
4. (Optional) To redistribute EVPN routes to a BGP or OSPF neighbor, configure the redistribution of L2VPN EVPN routes into BGP or OSPF IPv4/IPv6 routes on a border leaf VTEP in ROUTER-BGP or ROUTER-OSPF mode; for example: OS10(config)# router bgp 101 OS10(conf-router-bgp-101)# vrf blue OS10(conf-router-bgp-101-vrf)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# redistribute l2vpn evpn [route-map map-name] 5. Verify the VXLAN BGP EVPN with symmetric IRB configuration.
4.4.4.4 5.5.5.5 14:18:77:25:6f:4d 00:00:01:00:a3:b4 Display the learned EVPN Type 5 routes OS10# show ip bgp l2vpn evpn BGP local RIB : Routes to be Added , Replaced , Withdrawn BGP local router ID is 95.0.0.4 Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed/network, S - stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight *>r Route distinguisher: 4.4.4.
Both VTEPs in a VLT pair advertise identical EVPN routes, which provides redundancy if one of the VTEP peers fails. To set up redundant EVPN route advertisement, configure the same EVI, RD, and RT values for each VNI on both VTEPs in a VLT pair, including: ● In auto-EVI mode, this identical configuration is automatically ensured if the VNID-to-VNI association is the same on both VTEP peers. ● In manual EVI mode, you must configure the same EVI-to-VNID association on both VTEP peers.
VXLAN BGP commands activate (l2vpn evpn) Enables the exchange of L2 VPN EVPN address family information with a BGP neighbor or peer group. Syntax activate Parameters None Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information Use this command to exchange L2 VPN EVPN address information for VXLAN host-based routing with a BGP neighbor. The IPv4 unicast address family is enabled by default. Use the no activate command to disable an address family with a neighbor.
Example (IPv4) Example (IPv6) Example (l2vpn) Supported Releases OS10(config-router-neighbor)# address-family ipv4 unicast OS10(conf-router-bgp-neighbor-af)# allowas-in 5 OS10(conf-router-template)# address-family ipv6 unicast OS10(conf-router-bgp-template-af)# allowas-in 5 OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# allowas-in 3 10.3.0E or later sender-side-loop-detection Enables the sender-side loop detection process for a BGP neighbor.
Usage information Examples Use this command to display the BGP routes used for the L2VPN EVPN address family in EVPN instances on the switch. OS10# show ip bgp l2vpn evpn BGP local RIB : Routes to be Added , Replaced , Withdrawn BGP local router ID is 110.111.170.
BGP neighbor is fe80::76e6:e2ff:fef6:99a9 via vlan30, remote AS 100, local AS 200 external link BGP version 4, remote router ID 125.12.57.
Invalid Nexthop 0, Invalid AS-PATH length 0 Wellknown community 0, Locally originated 0 Local host: fe80::76e6:e2ff:fef5:a43e, Local port: 45926 Foreign host: fe80::76e6:e2ff:fef6:99a9, Foreign port: 179 OS10# show ip bgp l2vpn evpn summary BGP router identifier 89.101.17.125 local AS number 100 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx ethernet1/1/1 200 19 19 00:15:34 0 Supported releases 10.4.2.
Example advertise IPv6 OSPF routes to L2VPN EVPN OS10# configure terminal OS10(config)# route-map redis-inactive-routes OS10(config-route-map)# match inactive-path-additive OS10(config)# evpn OS10(config-evpn)# vrf vrf-blue OS10(config-evpn-vrf-vrf-blue)# advertise ipv6 ospf route-map redisinactive-routes Supported Releases 10.5.1 or later auto-evi Creates an EVPN instance automatically, including Route Distinguisher (RD) and Route Target (RT) values.
In such eBGP EVPN scenarios, use the disable-rt-asn command to automatically provision route targets in the leaf nodes. When you use this command, the export route-target has the ASN value set to 0 and ensures that identical route targets are generated on all the leaf nodes. The leaf VTEPs can import EVPN routes only based on VNI, even though the leaf VTEPs are on different ASNs. This command is applicable when you use the auto-evi or route-target auto commands for EVIs, symmetric IRB VRFs, or both.
Example Supported releases OS10(config)# evpn OS10(config-evpn)# 10.4.2.0 or later rd Configures the Route Distinguisher (RD) value that EVPN routes use. Syntax rd {A.B.C.D:[1-65535] | auto} Parameters A.B.C.D: [1-65535] Manually configure the RD with a 4-octet IPv4 address, then a 2-octet-number from 1 to 65535. auto Configure the RD to automatically generate.
OS10(conf-router-bgp-101-vrf)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# redistribute l2vpn evpn OS10(config)# router ospf 1 vrf GREEN OS10(config-router-ospf-1)# redistribute l2vpn evpn OS10(config)# router ospfv3 2 vrf GREEN OS10(config-router-ospfv3-2)# redistribute l2vpn evpn Supported Releases 10.5.1 or later route-target Configures the Route Target (RT) values that EVPN routes use.
router-mac Configure the local router MAC address that is used by remote VTEPs as the destination address in VXLAN encapsulated packets sent to the switch. Syntax router-mac mac-address Parameters mac-address Enter the MAC address in nn:nn:nn:nn:nn:nn format. Default Not configured Command mode EVPN Usage information The EVPN router MAC address is encoded in the router's MAC extended community in MAC/IP Type 2 and IP-prefix Type 5 route updates.
● evi id — Displays the host MAC addresses and next hops in a specified EVPN instance, from 1 to 65535. To filter the output, display information on the host MAC address count for an EVPN ID or for a next-hop IP address, and BGP routes for a specified MAC address. Default Not configured Command mode EXEC Usage information Use this command to display the BGP routes for host MAC addresses in EVPN instances.
Type EVI 101 101 101 101 101 102 102 102 102 103 103 103 103 104 104 104 104 105 105 105 105 106 106 106 106 -(lcl): Local (rmt): remote Mac-Address 14:18:77:0c:e5:a3 14:18:77:0c:e5:a3 14:18:77:25:4e:84 14:18:77:25:6f:84 14:18:77:25:6f:84 14:18:77:0c:e5:a4 14:18:77:0c:e5:a4 14:18:77:25:4d:b9 14:18:77:25:6e:b9 14:18:77:25:4e:84 14:18:77:25:4e:84 14:18:77:25:6f:84 14:18:77:25:6f:84 14:18:77:25:4d:b9 14:18:77:25:4d:b9 14:18:77:25:6e:b9 14:18:77:25:6e:b9 14:18:77:25:4d:b9 14:18:77:25:4d:b9 14:18:77:25:6e:b9 14
Parameters vtep-ip-address — (Optional) Enter the IP address of a remote VTEP. Default Not configured Command mode EXEC Usage information Use the show evpn router-mac remote-vtep command to display the router MAC address used on the switch and on specified remote VTEPs. Use the router-mac command to create a local router MAC address. The show evpn router-mac command displays the local router mac and router mac of all remote VTEPs.
Example OS10# show evpn vrf l3-vni VRF : vrf_30, State : up L3-VNI : 3030 Route-Distinguisher : 1:80.80.1.1:3030(auto) Route-Targets : 0:200:268438486(auto) both Remote VTEP : 4.4.4.4 VRF : vrf_40, State : up L3-VNI : 4040 Route-Distinguisher : 1:80.80.1.1:4040(auto) Route-Targets : 0:200:268439496(auto) both Remote VTEP : 4.4.4.4 VRF : vrf_50, State : up L3-VNI : 5050 Route-Distinguisher : 1:80.80.1.1:5050(auto) Route-Targets : 0:200:268440506(auto) both Remote VTEP : 4.4.4.
Parameters vni Enter a VXLAN virtual-network ID, from 1 to 16,777,215. Default Not configured Command mode EVPN-EVI and EVPN-VRF Usage information Use this command: Example ● In EVPN-EVI mode to configure an EVPN instance with RD and RT values for an overlay VXLAN virtual network. ● In EVPN-VRF mode to configure a unique VXLAN VNI for EVPN symmetric IRB traffic in a tenant VRF.
Figure 5. VXLAN BGP EVPN use case VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer. OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2. Configure the Loopback interface as the VXLAN source tunnel interface.
3. Configure VXLAN virtual networks. OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4. Assign VLAN member interfaces to the virtual networks.
OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(config-router-bgp-af)# redistribute connected OS10(config-router-bgp-af)# exit 8. Configure eBGP for the IPv4 point-to-point peering. OS10(config-router-bgp-100)# neighbor 172.16.1.
12. Configure VLT. Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure. OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.0/31 OS10(config-if-vl-4000)# exit Configure the VLT port channel.
Configure routing on the virtual networks. OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network 10000 ip vrf forwarding tenant1 ip address 10.1.0.231/16 ip virtual-router address 10.1.0.
OS10(conf-if-eth1/1/5)# exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# switchport access vlan 200 OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethernet1/1/6 no shutdown channel-group 20 mode active no switchport exit 6. Configure upstream network-facing ports.
OS10(config-router-neighbor)# update-source loopback1 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# neighbor
OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ee:ff OS10(conf-vlt-1)# exit Configure UFD with uplink VLT ports and downlink network ports. OS10(config)# uplink-state-group OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# 1 enable downstream ethernet1/1/1-1/1/2 upstream port-channel10 upstream port-channel20 exit Configure iBGP IPv4 peering between VLT peers.
OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4. Configure unused VLAN ID for untagged membership. OS10(config)# virtual-network untagged-vlan 1000 5. Configure access ports as VLAN members for a port-scoped VLAN-to-VNI mapping.
OS10(configure-router-bgp-af)# redistribute connected OS10(configure-router-bgp-af)# exit 9. Configure eBGP for the IPv4 point-to-point peering. OS10(config-router-bgp-100)# neighbor 172.18.1.1 OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# neighbor 172.18.2.
OS10(config-evpn-evi-10000)# route-target auto OS10(config-evpn-evi-10000)# exit OS10(config-evpn)# evi 20000 OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn)# exit vni 20000 rd auto route-target auto exit 13. Configure VLT. Configure a VLTi VLAN for the virtual network.
Configure iBGP IPv4 peering between VLT peers. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.16.250.11 OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 14. Configure IP routing in the overlay network. Create the tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast gateway MAC address.
5. Configure access ports as VLAN members for a port-scoped VLAN-to-VNI mapping.
OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 10. Configure a Loopback interface for BGP EVPN peering different from the VLT peer IP address. OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.19.0.
Configure a VLTi VLAN for the virtual network. OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vlti-vlan 100 OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(conf-vn-20000)# vlti-vlan 200 OS10(conf-vn-20000)# exit Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure. OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Create a tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks. OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network 10000 ip vrf forwarding tenant1 ip address 10.1.0.234/16 ip virtual-router address 10.1.0.
OS10(conf-router-bgp-101)# neighbor 172.17.1.0 OS10(conf-router-neighbor)# remote-as 100 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# neighbor 172.18.1.
OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-101)# neighbor 172.19.0.
OS10(conf-router-bgp-101)# neighbor 172.18.2.0 OS10(conf-router-neighbor)# remote-as 100 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# neighbor 172.19.2.
OS10(conf-router-neighbor)# remote-as 100 OS10(conf-router-neighbor)# send-community extended OS10(conf-router-neighbor)# update-source loopback1 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit
64 bytes from 10.2.0.10: icmp_seq=4 ttl=63 time=0.944 ms 64 bytes from 10.2.0.10: icmp_seq=5 ttl=63 time=0.806 ms --- 10.2.0.10 ping statistics --5 packets transmitted, 5 received, 0% packet loss, time 4078ms rtt min/avg/max/mdev = 0.806/0.851/0.944/0.051 ms root@HOST-A:~# 5. Check connectivity between host A and host C. root@HOST-A:~# ping 10.1.0.20 -c 5 PING 10.1.0.20 (10.1.0.20) 56(84) bytes of 64 bytes from 10.1.0.20: icmp_seq=1 ttl=64 64 bytes from 10.1.0.20: icmp_seq=2 ttl=64 64 bytes from 10.1.0.
Figure 6. VXLAN BGP EVPN with multiple AS VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer. OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2. Configure the Loopback interface as the VXLAN source tunnel interface.
3. Configure VXLAN virtual networks. OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4. Assign VLAN member interfaces to the virtual networks.
OS10(config-router-bgp-99)# address-family ipv4 unicast OS10(config-router-bgp-af)# redistribute connected OS10(config-router-bgp-af)# exit 8. Configure eBGP for the IPv4 point-to-point peering. OS10(config-router-bgp-99)# neighbor 172.16.1.1 OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-99)# neighbor 172.16.2.
OS10(config-evpn-evi-20000)# route-target 100:20000 import OS10(config-evpn-evi-20000)#exit OS10(config-evpn)# 12. Configure VLT. Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure. OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.0/31 OS10(config-if-vl-4000)# exit Configure the VLT port channel.
Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks. OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.231/16 ip virtual-router address 10.1.0.
OS10(config)# interface OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# ethernet1/1/5 no shutdown channel-group 10 mode active no switchport exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# switchport access vlan 200 OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethern
OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-99)# neighbor 172.202.0.
OS10(conf-if-eth1/1/4)# no switchport OS10(conf-if-eth1/1/4)# exit Configure the VLT domain. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.2 OS10(conf-vlt-1)# discovery-interface ethernet1/1/3,1/1/4 OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ee:ff OS10(conf-vlt-1)# exit Configure UFD with uplink VLT ports and downlink network ports.
2. Configure the Loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure VXLAN virtual networks. OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(conf-if-eth1/1/1)# mtu 1650 OS10(conf-if-eth1/1/2)# ip address 172.18.2.0/31 OS10(conf-if-eth1/1/2)# exit 8. Configure eBGP. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# router-id 172.18.0.1 OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(configure-router-bgp-af)# redistribute connected OS10(configure-router-bgp-af)# exit 9. Configure eBGP for the IPv4 point-to-point peering. OS10(config-router-bgp-100)# neighbor 172.18.1.
OS10(config-evpn-evi-10000)# rd 192.168.2.1:10000 OS10(config-evpn-evi-10000)# route-target 99:10000 import OS10(config-evpn-evi-10000)# route-target 100:10000 both OS10(config-evpn-evi-10000)#exit OS10(config-evpn)# evi 20000 OS10(config-evpn-evi-20000)# vni 20000 OS10(config-evpn-evi-20000)# rd 192.168.2.1:20000 OS10(config-evpn-evi-20000)# route-target 99:20000 import OS10(config-evpn-evi-20000)# route-target 100:20000 both OS10(config-evpn-evi-20000)#exit OS10(config-evpn)# 13. Configure VLT.
Configure iBGP IPv4 peering between VLT peers. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.16.250.11 OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 14. Configure IP routing in the overlay network. Create the tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast gateway MAC address.
5. Configure access ports as VLAN members for a port-scoped VLAN-to-VNI mapping.
OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 10. Configure a Loopback interface for BGP EVPN peering different from the VLT peer IP address. OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.19.0.1/32 OS10(conf-if-lo-1)# exit 11. Configure BGP EVPN peering. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.201.0.
OS10(conf-vn-20000)# vlti-vlan 200 OS10(conf-vn-20000)# exit Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure. OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.11/31 OS10(config-if-vl-4000)# exit Configure VLT port channels.
Configure routing on the virtual networks. OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.234/16 ip virtual-router address 10.1.0.
OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# exit 4. Configure a Loopback interface for BGP EVPN peering. OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.201.0.1/32 OS10(conf-if-lo-1)# exit 5. Configure BGP EVPN peer sessions. OS10(config)# router bgp 101 OS10(conf-router-bgp-101)# neighbor 172.16.0.
Spine Switch 2 1. Configure downstream ports on the underlay links to the leaf switches.
OS10(conf-router-neighbor)# update-source loopback1 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-102)# neighbor 172.17.0.
2. Verify EVPN configurations and EVPN parameters. LEAF1# show evpn evi EVI : 10000, State : up Bridge-Domain : Route-Distinguisher : Route-Targets : Inclusive Multicast : IRB : EVI : 20000, State : up Bridge-Domain : Route-Distinguisher : Route-Targets : Inclusive Multicast : IRB : LEAF1# Virtual-Network 10000, VNI 10000 1:192.168.1.1:10000 0:99:10000 both, 0:100:10000 import 192.168.2.1 Enabled(tenant1) Virtual-Network 20000, VNI 20000 1:192.168.1.1:20000 0:99:10000 both, 0:100:10000 import 192.168.2.
rtt min/avg/max/mdev = 0.640/0.669/0.707/0.041 ms root@HOST-A:~# NOTE: Follow Steps 1 to 6 to check ping connectivity between combinations of other hosts, and between hosts through different virtual-network IP addresses. Example: VXLAN BGP EVPN — Centralized L3 gateway The following VXLAN with BGP EVPN example uses a centralized Layer 3 gateway to perform virtual-network routing. It is based on the sample configuration in Example: VXLAN BGP EVPN — Multiple AS topology.
Figure 7. VXLAN BGP EVPN with centralized L3 gateway NOTE: This centralized L3 gateway example for VXLAN BGP EVPN uses the same configuration steps as in Example: VXLAN BGP EVPN — Multiple AS topology. Configure each spine and leaf switch as in the Multiple AS topology example, except: ● Because VTEPs 1 and 2 operate only in Layer 2 VXLAN mode, do not configure IP switching in the overlay network.
Create a tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks. OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.233/16 ip virtual-router address 10.1.0.
S4048T-ON, S6010-ON, and the S4100-ON series, routing after decapsulation is performed only between virtual networks. You can connect an egress virtual network to a VLAN in an external router, which connects to the external network. In the following example, VLT domain 1 is a VLT VTEP. VLT domain 2 is the border leaf VLT VTEP pair. All virtual networks in the data center network are configured in all VTEPs with virtual-network IP and anycast IP gateway addresses.
Figure 8. VXLAN BGP EVPN with border leaf gateway NOTE: This border leaf gateway example for VXLAN BGP EVPN uses the same configuration steps as in Example: VXLAN BGP EVPN — Multiple AS topology. Configure each spine and leaf switch as in the Multiple AS topology example and add the following additional configuration steps on each VTEP. VTEP 1 Leaf Switch 1. Configure a dedicated VXLAN virtual network.
2. Configure routing on the virtual network. OS10(config)# interface virtual-network 500 OS10(conf-if-vn-10000)# ip vrf forwarding tenant1 OS10(conf-if-vn-10000)# ip address 10.5.0.231/16 3. Configure a static route for outbound traffic sent to the anycast MAC address of the dedicated virtual network. OS10(config)#ip route 0.0.0.0/0 10.5.0.100 VTEP 2 Leaf Switch 1. Configure a dedicated VXLAN virtual network.
5. Configure a static route for outbound traffic sent to VLAN 200. OS10(config)#ip route 0.0.0.0/0 10.10.0.3 VTEP 4 Leaf Switch 1. Configure a dedicated VXLAN virtual network. OS10(config)# virtual-network 500 OS10(config-vn-500)# vxlan-vni 500 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit 2. Configure an anycast gateway MAC address on the boder leaf VTEP. This MAC address must be different from the anycast gateway MAC address configured on non-border-leaf VTEPs.
VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer. OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2. Configure the Loopback interface as the VXLAN source tunnel interface.
3. Configure the VXLAN virtual network. OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit 4. Assign VLAN member interfaces to the virtual network. Use a switch-scoped VLAN-to-VNI mapping: OS10(config)# interface OS10(config-if-vl-100)# OS10(config-if-vl-100)# OS10(config-if-vl-100)# vlan100 virtual-network 10000 no shutdown exit 5. Configure access ports as VLAN members for a switch-scoped VLAN-to-VNI mapping.
OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 9. Configure a Loopback interface for BGP EVPN peering different from the VLT peer IP address. OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.16.0.1/32 OS10(conf-if-lo-1)# exit 10. Configure BGP EVPN peering. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.201.0.
OS10(conf-if-eth1/1/3)# no switchport OS10(conf-if-eth1/1/3)# exit OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet1/1/4 no shutdown no switchport exit Configure the VLT domain. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.1 OS10(conf-vlt-1)# discovery-interface ethernet1/1/3,1/1/4 OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ee:ff OS10(conf-vlt-1)# exit Configure UFD with uplink VLT ports and downlink network ports.
15. Configure advertisement of connected networks through EVPN type-5 routes. OS10(config)# evpn OS10(config-evpn)# vrf tenant1 OS10(config-evpn-vrf-tenant1)# advertise ipv4 connected OS10(config-evpn-vrf-tenant1)# exit VTEP 2 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using the same IP address as the VLT peer. OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2.
OS10(conf-if-eth1/1/2)# ip address 172.17.2.0/31 OS10(conf-if-eth1/1/2)# exit 7. Configure eBGP. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# router-id 172.17.0.1 OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(configure-router-bgp-af)# redistribute connected OS10(configure-router-bgp-af)# exit 8. Configure eBGP for the IPv4 point-to-point peering. OS10(config-router-bgp-100)# neighbor 172.17.1.
11. Configure EVPN for the VXLAN virtual network. Configure the EVPN instance, RD, and RT using auto-EVI mode. OS10(config)# evpn OS10(config-evpn)# auto-evi OS10(config-evpn)# exit 12. Configure VLT. Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure. OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.1/31 OS10(config-if-vl-4000)# exit Configure the VLT port channel.
Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual network. OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network 10000 ip vrf forwarding tenant1 ip address 10.1.0.232/16 ip virtual-router address 10.1.0.100 no shutdown exit 14. Configure symmetric IRB.
OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethernet1/1/6 no shutdown channel-group 20 mode active no switchport exit 6. Add the access ports to the virtual network. OS10(config)# virtual-network 20000 OS10(config-vn-20000)# member-interface port-channel 20 untagged OS10(config-vn-20000)# exit 7. Configure upstream network-facing ports.
OS10(config-router-neighbor)# update-source loopback1 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# neighbor
Configure the VLT domain. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.3 OS10(conf-vlt-1)# discovery-interface ethernet1/1/3,1/1/4 OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ff:ee OS10(conf-vlt-1)# exit Configure UFD with uplink VLT ports and downlink network ports.
OS10(conf-if-eth1/1/7)# switchport mode trunk OS10(conf-if-eth1/1/7)# switchport trunk allowed vlan 200 17. Configure advertisement of the connected networks via EVPN Type-5 routes. OS10(config)# evpn OS10(config-evpn)# vrf tenant1 OS10(config-evpn-vrf-tenant1)# advertise ipv4 connected OS10(config-evpn-vrf-tenant1)# exit 18. Configure BGP session with external router on the border-leaf VTEPs. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# vrf tenant1 OS10(config-router-bgp-100-vrf)# neighbor 10.
VTEP 4 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer. OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.2.1/32 OS10(conf-if-lo-0)# exit 2. Configure the Loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure the VXLAN virtual network.
OS10(configure-router-bgp-af)# redistribute connected OS10(configure-router-bgp-af)# exit 9. Configure eBGP for the IPv4 point-to-point peering. OS10(config-router-bgp-100)# neighbor 172.19.1.1 OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# neighbor 172.19.2.
OS10(config-evpn-evi-20000)# route-target auto OS10(config-evpn-evi-20000)# exit OS10(config-evpn)# exit 13. Configure VLT. Configure a VLTi VLAN for the virtual network. OS10(config)# virtual-network 20000 OS10(conf-vn-20000)# vlti-vlan 200 OS10(conf-vn-20000)# exit Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure. OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual network. OS10(config)# interface OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# virtual-network 20000 ip vrf forwarding tenant1 ip address 10.2.0.234/16 ip virtual-router address 10.2.0.100 no shutdown exit 15. Configure symmetric IRB.
With connected routes of virtual networks present in an individual VTEP advertised as type-5 routes, the border-leaf router has information about all the virtual networks present in the pod.
3. Configure eBGP IPv4 peer sessions on the P2P links. OS10(conf-router-bgp-101)# neighbor 172.16.1.0 OS10(conf-router-neighbor)# remote-as 100 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# neighbor 172.17.1.
OS10(conf-router-bgp-101)# neighbor 172.18.0.
OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# neighbor 172.17.2.0 OS10(conf-router-neighbor)# remote-as 100 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# neighbor 172.18.2.
OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-101)# neighbor 172.19.0.
4. Check connectivity between host A and host B. root@HOST-A:~# ping 10.2.0.20 -c 5 PING 10.2.0.10 (10.2.0.10) 56(84) bytes of 64 bytes from 10.2.0.10: icmp_seq=1 ttl=63 64 bytes from 10.2.0.10: icmp_seq=2 ttl=63 64 bytes from 10.2.0.10: icmp_seq=3 ttl=63 64 bytes from 10.2.0.10: icmp_seq=4 ttl=63 64 bytes from 10.2.0.10: icmp_seq=5 ttl=63 data. time=0.824 time=0.847 time=0.835 time=0.944 time=0.806 ms ms ms ms ms --- 10.2.0.
Example - VXLAN BGP EVPN symmetric IRB with unnumbered BGP peering The following BGP EVPN example uses a Clos leaf-spine topology with BGP over unnumbered interfaces. The following explains how the network is configured: ● External BGP (eBGP) over unnumbered interfaces is used to exchange both IPv4 routes and EVPN routes. ● You need not configure IP addresses on links that connect Spine and Leaf switches. BGP Unnumbered peering works without an IP address configuration on Spine-Leaf links.
● On leaf switches 1 and 2, access ports are assigned to a virtual network using a switch-scoped VLAN. EVPN for the overlay VXLAN is configured using auto-EVI mode. ● On leaf switches 3 and 4, access ports are assigned to a virtual network using a port-scoped VLAN. EVPN for the overlay VXLAN is configured using manual EVI mode with RT and RD values configured in auto mode.
OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-101)# neighbor interface ethernet1/1/4 OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit Spine Switch 2 configuration 1. Configure downstream ports as unnumbered interfaces.
OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit VTEP Leaf Switch 1 configuration 1. Configure a loopback interface for the VXLAN underlay using the same IP address as the VLT peer. OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2. Configure the loopback interface as the VXLAN source tunnel interface.
OS10(config-router-bgp-af)# redistribute connected OS10(config-router-bgp-af)# exit 8. Configure a BGP unnumbered neighbor over network facing ports. Use a template to simplify the configuration on multiple interfaces. These neighbors are configured to carry IPv4 address family (default) and L2VPN EVPN address family.
● Configure UFD with uplink VLT ports and downlink network ports. OS10(config)# uplink-state-group OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# 1 enable downstream ethernet1/1/1-1/1/2 upstream port-channel10 exit ● Configure iBGP unnumbered peering between VLT peers with both IPv4 and L2VPN EVPN address families.
2. Configure the loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure the VXLAN virtual network. OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn)# exit 4. Assign VLAN member interfaces to the virtual network. Use a switch-scoped VLAN-to-VNI mapping.
OS10(config-router-bgp-201)# neighbor interface ethernet1/1/2 OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit 9. Configure EVPN for the VXLAN virtual network. Configure the EVPN instances using Auto EVI mode and Disable ASN in the generated RT.
OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit 11. Configure IP routing in overlay network. ● Create a tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit ● Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 ● Configure routing on the virtual network.
OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# no switchport access vlan OS10(conf-if-po-20)# exit OS10(config)# interface ethernet1/1/6 OS10(conf-if-eth1/1/6)# no shutdown OS10(conf-if-eth1/1/6)# channel-group 20 mode active OS10(conf-if-eth1/1/6)# exit 6. Add the access ports to the virtual network. OS10(config)# virtual-network 20000 OS10(config-vn-20000)# member-interface port-channel 20 untagged OS10(config-vn-20000)# exit 7.
NOTE: Use the disable-rt-asn command to autoderive RT that does not include the ASN in the RT value. This allows auto RT to be used even if the Clos leaf-spine design has separate ASN for each leaf node. Configure this command only when all the VTEPs are OS10 switches. 11. Configure VLT. ● Configure a VLTi VLAN for the virtual network.
● Create the tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit ● Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 ● Configure routing on the virtual network. OS10(config)# interface OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# virtual-network 20000 ip vrf forwarding tenant1 ip address 10.2.0.233/16 ip virtual-router address 10.2.0.100 no shutdown exit 13.
4. Configure an unused VLAN ID for untagged membership. OS10(config)# virtual-network untagged-vlan 1000 5. Configure access ports as VLAN members for a port-scoped VLAN-to-VNI mapping.
OS10(config-evpn)# evi 20000 OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn)# exit vni 20000 rd auto route-target auto exit NOTE: Use the disable-rt-asn command to autoderive RT that does not include the ASN in the RT value. This allows auto RT to be used even if the Clos leaf-spine design has separate ASN for each leaf node. Configure this command only when all the VTEPs are OS10 switches. 11. Configure VLT.
OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit 12. Configure IP routing in the overlay network. ● Create a tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit ● Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 ● Configure routing on the virtual network.
Asymmetric to Symmetric IRB migration steps 1. Make the spines to send overlay traffic only to Leaf-2 by making Leaf-1 advertise VTEP IP with a higher metric in the underlay network. Leaf-1 configuration a. Configure route-map with prefix-list to set the metric higher for the VTEP IP. Leaf-1(config)# ip prefix-list vtep_ip seq 10 permit 10.10.10.
2. Spines would now send the overlay traffic destined to VLT domain 1 (Rack1) only to Leaf-2. 3. Configure Symmetric IRB mode in Leaf-2. Leaf-2 configuration a. Configure router-mac. Leaf-2(config)# evpn Leaf-2(config-evpn)# router-mac 02:10:10:10:10:10 b. Configure IP VRF with L3 VNI. Leaf-2(config-evpn)# vrf BLUE Leaf-2(config-evpn-vrf-VRF001)# vni 65001 c. Configure RT (auto or manual) and RD (optional, default is auto). Leaf-2(config-evpn-vrf-BLUE)# route-target auto d.
b. Default route configured in VTEPs pointing to border leaf using an intermediate VNI could be removed. Default route or external routes could now be advertised to the VTEPs from border leaf using advertise commands under EVPN-IPVRF mode. Example - Route leaking across VRFs in a VXLAN BGP EVPN symmetric IRB topology The following VXLAN with BGP EVPN example uses a Clos leaf-spine topology to show how to set up route leaking across VRF in a symmetric IRB topology.
● The individual switch configuration shows how to configure VRFs in the VTEPs and configure route leaking between VRFs. For other VXLAN and BGP EVPN configuration, see other examples and the VXLAN section. ● Route leaking is performed on the Border Leaf VTEP. ● There are three nondefault VRFs present in the network – Yellow, Green, and Red. ● Route leaking is done between: ○ VRF-Yellow and VRF-Green. ○ VRF-Yellow and VRF-Red.
OS10(config)# ip vrf Green OS10(conf-vrf)# exit 2. Configure Layer 3 virtual-network interfaces with VRFs and IP addresses. OS10(config)# interface OS10(conf-if-vn-10001)# OS10(conf-if-vn-10001)# OS10(conf-if-vn-10001)# OS10(conf-if-vn-10001)# OS10(config)# interface OS10(conf-if-vn-20001)# OS10(conf-if-vn-20001)# OS10(conf-if-vn-20001)# virtual-network 10001 ip vrf forwarding Yellow ip address 10.1.0.2/24 ip virtual-router address 10.1.0.254 virtual-network 20001 ip vrf forwarding Green ip address 10.2.0.
OS10(config-evpn-vrf-Red)# route-target auto OS10(config-evpn-vrf-Red)# advertise ipv4 connected OS10(config-evpn-vrf-Red)# exit 4. Configure the border-leaf to advertise the default route into the EVPN in each VRF. From the other VTEPs, any traffic to an external network and also to networks which are not within the local VRF reaches the Border Leaf router using this default route. a.
OS10(config)# ip vrf Green OS10(conf-vrf)# ip route-export OS10(conf-vrf)# ip route-import OS10(conf-vrf)# exit OS10(config)# ip vrf Red OS10(conf-vrf)# ip route-export OS10(conf-vrf)# ip route-import OS10(conf-vrf)# exit 2:2 route-map RouteMap_GreenVrf_Export 1:1 3:3 route-map RouteMap_RedVrf_Export 1:1 7.
OS10(config-evpn-vrf-Yellow)# vni 65001 OS10(config-evpn-vrf-Yellow)# route-target auto OS10(config-evpn-vrf-Yellow)# advertise ipv4 connected OS10(config-evpn-vrf-Yellow)# exit OS10(config-evpn)# vrf Green OS10(config-evpn-vrf-Green)# vni 65002 OS10(config-evpn-vrf-Green)# route-target auto OS10(config-evpn-vrf-Green)# advertise ipv4 connected OS10(config-evpn-vrf-Green)# exit OS10(config-evpn)# vrf Red OS10(config-evpn-vrf-Red)# vni 65003 OS10(config-evpn-vrf-Red)# route-target auto OS10(config-evpn-vrf-R
● Yellow VRF and Red VRF.
C 10.1.0.0/24 via 10.1.0.3 virtual-network10001 0/0 00:47:11 B EV 10.1.0.1/32 via 192.168.0.1 200/0 00:48:55 B EV 10.1.0.2/32 via 192.168.0.1 200/0 00:48:55 B EV 10.2.0.0/24 via 192.168.0.1,Green 200/0 00:35:48 C 10.3.0.0/24 via 10.3.0.1,Red virtual-network30001 0/0 00:35:48 C 10.10.0.0/24 via 10.10.0.
Gateway of last resort is not set Destination Gateway Dist/ Metric Last Change --------------------------------------------------------------------------------------------------------B EX 10.1.0.0/24 via 10.10.0.1 20/0 00:13:49 via 10.10.0.2 B EX 10.1.0.1/32 via 10.10.0.1 20/0 00:14:22 via 10.10.0.2 B EX 10.1.0.2/32 via 10.10.0.1 20/0 00:14:24 via 10.10.0.2 C 10.10.0.0/24 via 10.10.0.3 vlan100 0/0 00:23:16 B EX 172.16.1.1/32 via 10.10.0.1 20/0 00:22:58 via 10.10.0.2 B EX 172.16.1.2/32 via 10.10.0.
The NSX controller communicates with an OS10 VTEP using the OVSDB management protocol over a Secure Sockets Layer (SSL) connection. Establishing the communication between the controller and VTEP involves generating the SSL certificate at a VTEP and copying the certificate to the NSX controller. After SSL authentication, a secure connection over SSL is established between the controller and the VTEP. The VTEP then receives and processes the configuration data from the controller.
● ● ● ● NSX controller-provisioned VXLAN is not supported if an OS10 switch operates in OpenFlow-only mode. Only one mode of VxLAN provisioning is supported at a time: NSX controller-based, static VXLAN, or BGP EVPN. An OS10 switch does not send VXLAN access port statistics to the NSX controller. Controller-provisioned VXLAN is not supported on VTEPs configured as peers in a VLT domain. Only VTEPs in standalone mode are supported.
OS10(config-if-eth1/1/1)# no switchport access vlan 4. Assign the interface to the controller. OS10(config-if-eth1/1/1)# nve-controller To view the controller information and the ports the controller manages, use the show nve controller command. OS10# show nve controller Management IP Gateway IP Max Backoff Configured Controller Controller Cluster IP 10.16.140.173 10.16.140.171 10.16.140.172 Port 6640 6640 6640 : : : : 10.16.140.29/16 55.55.5.5 1000 10.16.140.
session between the VTEP and the service nodes. To establish a BFD session, enable the BFD on the controller and the VTEP. To enable BFD in the VTEP, use bfd enable command. NOTE: In controller-provisioned VXLAN, the VTEP establishes a BFD session with the service nodes using the controllerprovided parameters instead of the parameters configured at the VTEP. If BFD is not enabled in the VTEP, the VTEP uses IP reachability information to monitor connectivity to the service node.
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMlD4c4fWwy+5t6VScjizlkFsNzE BOK5PJyI3B6ReRK/J14Fdxio1YmzG0YObjxiwjpUYEsqPL3Nvh0f10KMqwqJVBdf 6sXWHUVw+9A7cIfRh0aRI+HIYyUC4YD48GlnVnaCqhxYaA0tcMzJm4r2k7AjwJUl 0pDXiqS3uJwGmfxlhvmFio8EeHM/Z79DkBRD6FUMwacAnb3yCIKZH50AWq7qRmmG NZOgYUT+8oaj5tO/hEQfDYuv32E5z4d3FhiBJMFT86T4YvpJYyJkiKmaQWInkthL V3VxEMXI5vJQclMhwYbKfPB4hh3+qdS5o+uVco76CVrcWi7rO3XmsBkbnQIDAQAB MA0GCSqGSIb3DQEBDQUAA4IBAQATuFVD20GcHD8zdpYf0YaP4b6TuonUzF0jwoV+ Qr9b4kOjEBGuoPdevX3AeV/dvAa2Q6o1iOBM5z74NgHizhr067pFP841N
3. Create a logical switch. You can create a logical network that acts as the forwarding domain for virtualized and nonvirtualized server workloads on the physical and virtual infrastructure. The following steps configure the logical switch for NSX controller management. a. Click Logical Switches from the left navigation pane. b. Click the green + icon under Logical Switches. The New Logical Switch dialog window opens. c. Enter a name and select Unicast as the replicate mode and click OK 4.
5. (Optional) Enable or disable BFD globally. The following steps enable or disable BFD configuration in the controller. a. Click Service Definitions from the left navigation pane. b. Click the Hardware Devices tab. c. Click the Edit button in the BFD Configuration. d. Check or clear the Enable BFD check box and provide the Probe interval, in milliseconds, if required. After you configure a VMware NSX controller on a server VM, connect to the controller from the VXLAN gateway switch.
To configure an NSX controller-provisioned VXLAN: ● Configure the controller and the interfaces to be managed by the controller, in the OS10 VTEPs ● Configure the NSX controller in VMware vCenter. For more information about configuring the NSX controller using the GUI, see the Configure and control VXLAN from the VMware vCenter. You must configure an OS10 VTEP with the controller configuration so that the VTEP can communicate with the NSX controller.
OS10(config-nve-ovsdb)# max-backoff 10000 OS10(config-nve-ovsdb)# exit 5. Assign interfaces to be managed by the controller. OS10(config)# interface ethernet 1/1/54:3 OS10(config-if-eth1/1/54:3)# switchport mode trunk OS10(config-if-eth1/1/54:3)# no switchport access vlan OS10(config-if-eth1/1/54:3)# nve-controller 6. (Optional) Enable BFD. OS10(config)# bfd enable VTEP 2 1. Configure the OSPF protocol in the underlay.
Gateway IP Max Backoff Configured Controller Controller Cluster IP 10.16.140.182 10.16.140.183 10.16.140.181 : 200.0.0.1 : 10000 : 10.16.140.181:6640 ssl (connected) Port 6640 6640 6640 Protocol ssl ssl ssl Connected true true true State ACTIVE ACTIVE ACTIVE Max-Backoff 10000 10000 10000 NVE Controller Ports ethernet1/1/54:3 To display the VNID, port members, source interface, and remote VTEPs of the VXLAN, use the show virtual-network command.
NVE Controller Ports ethernet1/1/25:3 To display the VNID, port members, source interface, and remote VTEPs of the VXLAN, use the show virtual-network command. OS10# show virtual-network Codes: DP - MAC-learn Dataplane, CP - MAC-learn Controlplane, UUD - Unknown-Unicast-Drop Virtual Network: 0 Members: Virtual Network: 6000 Members: VLAN 20: ethernet1/1/25:3 VxLAN Virtual Network Identifier: 6000 Source Interface: loopback1(202.0.0.1) Remote-VTEPs (flood-list): 13.0.0.
Example Supported releases OS10(config)# nve OS10(config-nve)# controller ovsdb 10.4.3.0 or later ip port ssl Configures the OVSDB controller reachability information such as IP address, port number, and the connection type of session, in the switch. Syntax ip ip-address port port-number ssl Parameters ● ip-address — Specify the IP address of the OVSDB controller to connect with. ● port-number — Specify the port number through which the connection to the OVSDB controller is made.
nve-controller Assigns the interfaces to be managed by the controller. Syntax nve-controller Parameters None Default None Command mode INTERFACE Usage information The interface must be in Switchport Trunk mode when adding the interface to the controller. If the interface is not in the Switchport Trunk mode, the system displays the following error message: % Error: Interface ethernet1/1/1, must be in switchport trunk for controller mode.
Management IP Gateway IP Max Backoff Configured Controller Controller Cluster IP Backoff 10.16.140.173 10.16.140.171 10.16.140.172 : : : : 10.16.140.29/16 55.55.5.5 1000 10.16.140.172:6640 ssl (connected) Port Protocol Connected State Max- 6640 6640 6640 ssl ssl ssl true false true ACTIVE BACKOFF ACTIVE 1000 1000 1000 NVE Controller Ports ethernet1/1/1:1 ethernet1/1/15 Supported releases 10.4.3.
Parameters None Default None Command mode EXEC Usage information When you specify the VNID, the output displays details about the service nodes available for the VNID. Example (without VNID) OS10# show nve replicators Codes: * - Active Replicator BFD Status:Enabled Replicators State ----------------------2.2.2.3 Up 2.2.2.
show ovsdb-tables mac-remote-ucast Displays information about remote MAC address entries including each MAC address, IP address, local switch name, and VNID. Syntax show ovsdb-tables mac-remote-ucast Parameters None Default None Command mode EXEC Usage information This command is available only for netadmin, sysadmin, and secadmin roles.
show ovsdb-tables tunnel Displays information about the tunnels created by the physical switch to the service nodes. Syntax show ovsdb-tables tunnel Parameters None Default None Command mode EXEC Usage information This command is available only for netadmin, sysadmin, and secadmin roles.
2 BGP EVPN for VXLAN Ethernet Virtual Private Network (EVPN) is a control plane for VXLAN that reduces flooding in the network and resolves scalability concerns. EVPN uses MP-BGP to exchange information between VTEPs. EVPN was introduced in RFC 7432 and is based on BGP MPLS-based VPNs. RFC 8365 describes VXLAN-based EVPN. The MP-BGP EVPN control plane provides protocol-based remote VTEP discovery, and MAC and ARP learning. This configuration reduces flooding related to L2 unknown unicast traffic.
To advertise underlay IP routes, eBGP peer sessions establish between the leaf and spine nodes using an interface IP address. To advertise EVPN routes, eBGP peer sessions between the leaf and spine nodes use a Loopback IP address. Figure 9. BGP EVPN topology Leaf nodes Leaf nodes are typically top-of-rack (ToR) switches in a data center network. They act as the VXLAN tunnel endpoints and perform VXLAN encapsulation and decapsulation.
Data plane functions include: ● Perform only underlay route processing based on the outer header in VXLAN encapsulated packets. ● Does not perform VXLAN encapsulation or decapsulation. The BGP EVPN running on each VTEP listens to the exchange of route information in the local overlay, encodes the learned routes as BGP EVPN routes, and injects them into BGP to advertise to the peers. Tunnel endpoints advertise as Type 3 EVPN routes. MAC/IP addresses advertise as Type 2 EVPN routes.
Configure BGP EVPN for VXLAN To set up BGP EVPN service in a VXLAN overlay network: 1. Configure the VXLAN overlay network. If you enable routing for VXLAN virtual networks, Integrated Routing and Bridging (IRB) for BGP EVPN is automatically enabled. For more information, see Configure VXLAN. 2. Configure BGP to advertise EVPN routes. 3. Configure EVPN, including the VNI, RD, and RT values associated with the EVPN instance. 4. Verify the BGP EVPN configuration. Configuration 1.
c. Use the local Loopback address as the source address in BGP packets sent to the neighbor in ROUTER-BGP-NEIGHBOR mode. update-source loopback0 d. Send an extended community attribute to the BGP neighbor in ROUTER-BGP-NEIGHBOR mode. send-community extended e. Enable the peer session with the BGP neighbor in ROUTER-BGP-NEIGHBOR mode. no shutdown f. Configure the L2 VPN EVPN address family for VXLAN host-based routing to the BGP peer in ROUTER-BGP-NEIGHBOR mode. address-family l2vpn evpn g.
a. Enable the EVPN control plane in CONFIGURATION mode. evpn b. Enable auto-EVI creation for overlay virtual networks in EVPN mode. Auto-EVI creation is supported only if BGP EVPN is used with 2-byte AS numbers and if at least one BGP instance is enabled with the EVPN address family. No further manual configuration is allowed in auto-EVI mode. auto-evi ● Manual EVI configuration mode a. Enable the EVPN control plane in CONFIGURATION mode. evpn b. Manually create an EVPN instance in EVPN mode.
Display the BGP neighbors in the EVPN instances OS10# show ip bgp neighbors 110.111.170.102 BGP neighbor is 110.111.170.102, remote AS 100, local AS 100 internal link BGP version 4, remote router ID 110.111.170.
50 50 00:00:00:aa:aa:aa 00:00:00:cc:cc:cc rmt lcl 0 0 55.1.1.3 ethernet1/1/8:1 VXLAN BGP EVPN routing This section describes how EVPN implements overlay routing between L2 segments associated with EVIs belonging to the same tenant on a VTEP. IETF draft draft-ietf-bess-evpn-inter-subnet-forwarding-05 describes EVPN inter-subnet forwarding, Integrated Routing and Bridging (IRB), and how to use EVPN with IP routing between L2 tenant domains.
Using the L3 VNI associated with each tenant VRF, an ingress VTEP routes all traffic for the prefix to an egress VTEP on the L3 VNI. The egress VTEP routes from the L3 VNI to the destination virtual network or bridge domain. The L3 VNI does not have to be associated with an IP address; routing is set up in the data plane using the egress VTEP's MAC address. This behavior is known as IP-VRF to IP-VRF interface-less routing.
4. (Optional) To redistribute EVPN routes to a BGP or OSPF neighbor, configure the redistribution of L2VPN EVPN routes into BGP or OSPF IPv4/IPv6 routes on a border leaf VTEP in ROUTER-BGP or ROUTER-OSPF mode; for example: OS10(config)# router bgp 101 OS10(conf-router-bgp-101)# vrf blue OS10(conf-router-bgp-101-vrf)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# redistribute l2vpn evpn [route-map map-name] 5. Verify the VXLAN BGP EVPN with symmetric IRB configuration.
4.4.4.4 5.5.5.5 14:18:77:25:6f:4d 00:00:01:00:a3:b4 Display the learned EVPN Type 5 routes OS10# show ip bgp l2vpn evpn BGP local RIB : Routes to be Added , Replaced , Withdrawn BGP local router ID is 95.0.0.4 Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed/network, S - stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight *>r Route distinguisher: 4.4.4.
Both VTEPs in a VLT pair advertise identical EVPN routes, which provides redundancy if one of the VTEP peers fails. To set up redundant EVPN route advertisement, configure the same EVI, RD, and RT values for each VNI on both VTEPs in a VLT pair, including: ● In auto-EVI mode, this identical configuration is automatically ensured if the VNID-to-VNI association is the same on both VTEP peers. ● In manual EVI mode, you must configure the same EVI-to-VNID association on both VTEP peers.
VXLAN BGP commands activate (l2vpn evpn) Enables the exchange of L2 VPN EVPN address family information with a BGP neighbor or peer group. Syntax activate Parameters None Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information Use this command to exchange L2 VPN EVPN address information for VXLAN host-based routing with a BGP neighbor. The IPv4 unicast address family is enabled by default. Use the no activate command to disable an address family with a neighbor.
Example (IPv4) Example (IPv6) Example (l2vpn) Supported Releases OS10(config-router-neighbor)# address-family ipv4 unicast OS10(conf-router-bgp-neighbor-af)# allowas-in 5 OS10(conf-router-template)# address-family ipv6 unicast OS10(conf-router-bgp-template-af)# allowas-in 5 OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# allowas-in 3 10.3.0E or later sender-side-loop-detection Enables the sender-side loop detection process for a BGP neighbor.
Usage information Examples Use this command to display the BGP routes used for the L2VPN EVPN address family in EVPN instances on the switch. OS10# show ip bgp l2vpn evpn BGP local RIB : Routes to be Added , Replaced , Withdrawn BGP local router ID is 110.111.170.
BGP neighbor is fe80::76e6:e2ff:fef6:99a9 via vlan30, remote AS 100, local AS 200 external link BGP version 4, remote router ID 125.12.57.
Invalid Nexthop 0, Invalid AS-PATH length 0 Wellknown community 0, Locally originated 0 Local host: fe80::76e6:e2ff:fef5:a43e, Local port: 45926 Foreign host: fe80::76e6:e2ff:fef6:99a9, Foreign port: 179 OS10# show ip bgp l2vpn evpn summary BGP router identifier 89.101.17.125 local AS number 100 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx ethernet1/1/1 200 19 19 00:15:34 0 Supported releases 10.4.2.
OS10(config-evpn-vrf-vrf-blue)# advertise ipv4 static route-map redisinactive-routes Example advertise IPv6 OSPF routes to L2VPN EVPN OS10# configure terminal OS10(config)# route-map redis-inactive-routes OS10(config-route-map)# match inactive-path-additive OS10(config)# evpn OS10(config-evpn)# vrf vrf-blue OS10(config-evpn-vrf-vrf-blue)# advertise ipv6 ospf route-map redisinactive-routes Supported Releases 10.5.
auto commands. The route target includes the ASN and the route targets derived on each of the leaf nodes differ from one another. In such eBGP EVPN scenarios, use the disable-rt-asn command to automatically provision route targets in the leaf nodes. When you use this command, the export route-target has the ASN value set to 0 and ensures that identical route targets are generated on all the leaf nodes. The leaf VTEPs can import EVPN routes only based on VNI, even though the leaf VTEPs are on different ASNs.
Command mode CONFIGURATION Usage information Enabling EVPN triggers BGP to advertise EVPN capability with AFI=25 and SAFI=70 to all BGP peers in an autonomous system. The no version of this command disables EVPN on the switch. Example Supported releases OS10(config)# evpn OS10(config-evpn)# 10.4.2.0 or later rd Configures the Route Distinguisher (RD) value that EVPN routes use. Syntax rd {A.B.C.D:[1-65535] | auto} Parameters A.B.C.
Example OS10(config)# router bgp 101 OS10(conf-router-bgp-101)# vrf blue OS10(conf-router-bgp-101-vrf)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# redistribute l2vpn evpn OS10(config)# router ospf 1 vrf GREEN OS10(config-router-ospf-1)# redistribute l2vpn evpn OS10(config)# router ospfv3 2 vrf GREEN OS10(config-router-ospfv3-2)# redistribute l2vpn evpn Supported Releases 10.5.1 or later route-target Configures the Route Target (RT) values that EVPN routes use.
router-mac Configure the local router MAC address that is used by remote VTEPs as the destination address in VXLAN encapsulated packets sent to the switch. Syntax router-mac mac-address Parameters mac-address Enter the MAC address in nn:nn:nn:nn:nn:nn format. Default Not configured Command mode EVPN Usage information The EVPN router MAC address is encoded in the router's MAC extended community in MAC/IP Type 2 and IP-prefix Type 5 route updates.
● evi id — Displays the host MAC addresses and next hops in a specified EVPN instance, from 1 to 65535. To filter the output, display information on the host MAC address count for an EVPN ID or for a next-hop IP address, and BGP routes for a specified MAC address. Default Not configured Command mode EXEC Usage information Use this command to display the BGP routes for host MAC addresses in EVPN instances.
Example OS10# show evpn mac-ip Type -(lcl): Local (rmt): remote EVI 101 101 101 101 101 102 102 102 102 103 103 103 103 104 104 104 104 105 105 105 105 106 106 106 106 Mac-Address 14:18:77:0c:e5:a3 14:18:77:0c:e5:a3 14:18:77:25:4e:84 14:18:77:25:6f:84 14:18:77:25:6f:84 14:18:77:0c:e5:a4 14:18:77:0c:e5:a4 14:18:77:25:4d:b9 14:18:77:25:6e:b9 14:18:77:25:4e:84 14:18:77:25:4e:84 14:18:77:25:6f:84 14:18:77:25:6f:84 14:18:77:25:4d:b9 14:18:77:25:4d:b9 14:18:77:25:6e:b9 14:18:77:25:6e:b9 14:18:77:25:4d:b9 14:1
show evpn router-mac remote-vtep Displays both the local and remote router MAC addresses used in symmetric IRB. Syntax show evpn router-mac {router-vtep [vtep-ip-address]} Parameters vtep-ip-address — (Optional) Enter the IP address of a remote VTEP. Default Not configured Command mode EXEC Usage information Use the show evpn router-mac remote-vtep command to display the router MAC address used on the switch and on specified remote VTEPs.
Command mode EXEC Usage information Use the show evpn vrf l3-vni command to display the configuration settings of each tenant VRF with its unique VXLAN VNI. Use the show evpn vrf command to display the tenant VRF instances used to exchange BGP EVPN routes in VXLANs. Example OS10# show evpn vrf l3-vni VRF : vrf_30, State : up L3-VNI : 3030 Route-Distinguisher : 1:80.80.1.1:3030(auto) Route-Targets : 0:200:268438486(auto) both Remote VTEP : 4.4.4.
vni Associates an EVPN instance with a VXLAN VNI or configures a VXLAN VNI to use for L3 EVPN symmetric IRB traffic. Syntax Parameters vni vni vni Enter a VXLAN virtual-network ID, from 1 to 16,777,215. Default Not configured Command mode EVPN-EVI and EVPN-VRF Usage information Use this command: Example ● In EVPN-EVI mode to configure an EVPN instance with RD and RT values for an overlay VXLAN virtual network.
● On VTEPs 3 and 4: Access ports are assigned to the virtual network using a port-scoped VLAN. The EVPN instance is configured using manual configuration mode. The RD and RT are configured using auto mode. All VTEPs perform asymmetric IRB routing, in which: ● IRB routing is performed only on ingress VTEPs. ● Egress VTEPs perform IRB bridging. Figure 11. VXLAN BGP EVPN use case VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer.
OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2. Configure the Loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure VXLAN virtual networks.
OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# no switchport mtu 1650 ip address 172.16.2.0/31 exit 7. Configure eBGP. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# router-id 172.16.0.1 OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(config-router-bgp-af)# redistribute connected OS10(config-router-bgp-af)# exit 8. Configure eBGP for the IPv4 point-to-point peering. OS10(config-router-bgp-100)# neighbor 172.16.1.
OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 11. Configure EVPN. Configure the EVPN instance, RD, and RT using auto-EVI mode: OS10(config)# evpn OS10(config-evpn)# auto-evi OS10(config-evpn)# exit 12. Configure VLT. Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure. OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Create a tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks. OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network 10000 ip vrf forwarding tenant1 ip address 10.1.0.231/16 ip virtual-router address 10.1.0.
5. Configure access ports as VLAN members for a switch-scoped VLAN-to-VNI mapping.
9. Configure a Loopback interface for BGP EVPN peering different from VLT peer IP address. OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.17.0.1/32 OS10(conf-if-lo-1)# exit 10. Configure BGP EVPN peering. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.201.0.
Configure VLTi member links. OOS10(config)# interface ethernet1/1/3 OS10(conf-if-eth1/1/3)# no shutdown OS10(conf-if-eth1/1/3)# no switchport OS10(conf-if-eth1/1/3)# exit OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet1/1/4 no shutdown no switchport exit Configure the VLT domain. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
VTEP 3 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer. OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.2.1/32 OS10(conf-if-lo-0)# exit 2. Configure the Loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure VXLAN virtual networks.
7. Configure upstream network-facing ports. OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 172.18.1.0/31 exit OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# ethernet1/1/2 no shutdown no switchport mtu 1650 ip address 172.18.2.0/31 exit 8. Configure eBGP.
OS10(config-router-neighbor)# send-community extended OS10(config-router-neighbor)# update-source loopback1 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-
Configure the VLT domain. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.3 OS10(conf-vlt-1)# discovery-interface ethernet1/1/3,1/1/4 OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ff:ee OS10(conf-vlt-1)# exit Configure UFD with uplink VLT ports and downlink network ports.
2. Configure the Loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure the VXLAN virtual networks. OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(conf-if-eth1/1/2)# mtu 1650 OS10(conf-if-eth1/1/2)# ip address 172.19.2.0/31 OS10(conf-if-eth1/1/2)# exit 8. Configure eBGP. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# router-id 172.19.0.1 OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(configure-router-bgp-af)# redistribute connected OS10(configure-router-bgp-af)# exit 9. Configure eBGP for the IPv4 point-to-point peering. OS10(config-router-bgp-100)# neighbor 172.19.1.
OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 12. Configure EVPN.
Configure UFD with uplink VLT ports and downlink network ports. OS10(config)# uplink-state-group OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# 1 enable downstream ethernet1/1/1-1/1/2 upstream port-channel10 upstream port-channel20 exit Configure iBGP IPv4 peering between the VLT peers. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.16.250.
OS10(conf-if-eth1/1/4)# ip address 172.19.1.1/31 OS10(conf-if-eth1/1/4)# exit 2. Configure eBGP. OS10(config)# router bgp 101 OS10(config-router-bgp-101)# router-id 172.201.0.1 OS10(config-router-bgp-101)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# redistribute connected OS10(configure-router-bgpv4-af)# exit 3. Configure eBGP IPv4 peer sessions on the P2P links. OS10(conf-router-bgp-101)# neighbor 172.16.1.
OS10(conf-router-neighbor)# ebgp-multihop 4 OS10(conf-router-neighbor)# remote-as 100 OS10(conf-router-neighbor)# send-community extended OS10(conf-router-neighbor)# update-source loopback1 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# a
OS10(config-router-bgp-101)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# redistribute connected OS10(configure-router-bgpv4-af)# exit 3. Configure eBGP IPv4 peer sessions on the P2P links. OS10(conf-router-bgp-101)# neighbor 172.16.2.
OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-101)# neighbor 172.18.0.
Inclusive Multicast : 192.168.2.1 IRB : Enabled(tenant1) LEAF1# 3. Verify BGP EVPN neighborship between leaf and spine nodes. LEAF1# show ip bgp l2vpn evpn summary BGP router identifier 172.16.0.1 local AS number 100 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx 172.201.0.1 101 1132 1116 13:29:00 27 172.202.0.1 101 1131 1118 13:29:02 28 LEAF1# 4. Check connectivity between host A and host B. root@HOST-A:~# ping 10.2.0.10 -c 5 PING 10.2.0.10 (10.2.0.10) 56(84) bytes of 64 bytes from 10.2.0.
● Egress VTEPs perform IRB bridging. In this example, each node in the spine network and each VTEP in the leaf network belongs to a different autonomous system. Spine switch 1 is in AS 101. Spine switch 2 is in AS 102. For leaf nodes, VLT domain 1 is in AS 99; VLT domain 2 is in AS 100. ● On VTEPs 1 and 2: Access ports are assigned to the virtual network using a switch-scoped VLAN. EVPN instance along with RD and RT values are configured in manual mode.
VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer. OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2. Configure the Loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure VXLAN virtual networks.
6. Configure upstream network-facing ports. OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 172.16.1.0/31 exit OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# ethernet1/1/2 no shutdown no switchport mtu 1650 ip address 172.16.2.0/31 exit 7. Configure eBGP.
OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 11. Configure EVPN. Configure the EVPN instance with RD and RT values in manual mode: OS10(config)# evpn OS10(config-evpn)# evi 10000 OS10(config-evpn-evi-10000)# vni 10000 OS10(config-evpn-evi-10000)# rd 192.168.1.
OS10(conf-uplink-state-group-1)# upstream port-channel20 OS10(conf-uplink-state-group-1)# exit Configure iBGP IPv4 peering between VLT peers. OS10(config)# router bgp 99 OS10(config-router-bgp-99)# neighbor 172.16.250.1 OS10(config-router-neighbor)# remote-as 99 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-99)# exit 13. Configure IP switching in the overlay network.
Use a switch-scoped VLAN-to-VNI mapping: OS10(config)# interface OS10(config-if-vl-100)# OS10(config-if-vl-100)# OS10(config-if-vl-100)# OS10(config)# interface OS10(config-if-vl-200)# OS10(config-if-vl-200)# OS10(config-if-vl-200)# vlan100 virtual-network 10000 no shutdown exit vlan200 virtual-network 20000 no shutdown exit 5. Configure access ports as VLAN members for a switch-scoped VLAN-to-VNI mapping.
OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-99)# exit 9. Configure a Loopback interface for BGP EVPN peering different from VLT peer IP address. OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.17.0.1/32 OS10(conf-if-lo-1)# exit 10. Configure BGP EVPN peering. OS10(config)# router bgp 99 OS10(config-router-bgp-99)# neighbor 172.201.0.
Configure the VLT port channel. OS10(config)# interface port-channel10 OS10(conf-if-po-10)# vlt-port-channel 10 OS10(conf-if-po-10)# exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# vlt-port-channel 20 OS10(conf-if-po-20)# exit Configure VLTi member links.
OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# ip address 10.2.0.232/16 ip virtual-router address 10.2.0.100 no shutdown exit VTEP 3 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer. OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.2.1/32 OS10(conf-if-lo-0)# exit 2. Configure the Loopback interface as the VXLAN source tunnel interface.
OS10(config)# virtual-network 20000 OS10(config-vn-20000)# member-interface port-channel 20 untagged OS10(config-vn-20000)# exit 7. Configure upstream network-facing ports. OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 172.18.1.
OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 12. Configure EVPN.
Configure the VLT domain. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.3 OS10(conf-vlt-1)# discovery-interface ethernet1/1/3,1/1/4 OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ff:ee OS10(conf-vlt-1)# exit Configure UFD with uplink VLT ports and downlink network ports.
2. Configure the Loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure the VXLAN virtual networks. OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(conf-if-eth1/1/2)# mtu 1650 OS10(conf-if-eth1/1/2)# ip address 172.19.2.0/31 OS10(conf-if-eth1/1/2)# exit 8. Configure eBGP. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# router-id 172.19.0.1 OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(configure-router-bgp-af)# redistribute connected OS10(configure-router-bgp-af)# exit 9. Configure eBGP for the IPv4 point-to-point peering. OS10(config-router-bgp-100)# neighbor 172.19.1.
OS10(config-evpn-evi-10000)# rd 192.168.2.1:10000 OS10(config-evpn-evi-10000)# route-target 99:10000 import OS10(config-evpn-evi-10000)# route-target 100:10000 both OS10(config-evpn-evi-10000)#exit OS10(config-evpn)# evi 20000 OS10(config-evpn-evi-20000)# vni 20000 OS10(config-evpn-evi-20000)# rd 192.168.2.1:20000 OS10(config-evpn-evi-20000)# route-target 99:20000 import OS10(config-evpn-evi-20000)# route-target 100:20000 both OS10(config-evpn-evi-20000)#exit OS10(config-evpn)# 13. Configure VLT.
Configure iBGP IPv4 peering between the VLT peers. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.16.250.10 OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 14. Configure IP routing in the overlay network. Create a tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast gateway MAC address.
3. Configure eBGP IPv4 peer sessions on the P2P links. OS10(conf-router-bgp-101)# neighbor 172.16.1.0 OS10(conf-router-neighbor)# remote-as 99 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# neighbor 172.17.1.0 OS10(conf-router-neighbor)# remote-as 99 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# neighbor 172.18.1.
OS10(conf-router-bgp-101)# neighbor 172.19.0.
4. Configure a Loopback interface for BGP EVPN peering. OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.202.0.1/32 OS10(conf-if-lo-1)# exit 5. Configure BGP EVPN peer sessions. OS10(config)# router bgp 102 OS10(conf-router-bgp-102)# neighbor 172.16.0.
Members: VLAN 100: port-channel10, port-channel1000 VxLAN Virtual Network Identifier: 10000 Source Interface: loopback0(192.168.1.1) Remote-VTEPs (flood-list): 192.168.2.1(CP) Virtual Network: 20000 Members: Untagged: port-channel20 VLAN 200: port-channel1000 VxLAN Virtual Network Identifier: 20000 Source Interface: loopback0(192.168.1.1) Remote-VTEPs (flood-list): 192.168.2.1(CP) LEAF1# 2. Verify EVPN configurations and EVPN parameters.
rtt min/avg/max/mdev = 0.737/0.783/0.866/0.047 ms root@HOST-A:~# 6. Check connectivity between host A and host D. root@HOST-A:~# ping 10.2.0.20 -c 5 PING 10.2.0.20 (10.2.0.20) 56(84) bytes of 64 bytes from 10.2.0.20: icmp_seq=1 ttl=63 64 bytes from 10.2.0.20: icmp_seq=2 ttl=63 64 bytes from 10.2.0.20: icmp_seq=3 ttl=63 64 bytes from 10.2.0.20: icmp_seq=4 ttl=63 64 bytes from 10.2.0.20: icmp_seq=5 ttl=63 data. time=0.707 time=0.671 time=0.687 time=0.640 time=0.644 ms ms ms ms ms --- 10.2.0.
Figure 13. VXLAN BGP EVPN with centralized L3 gateway NOTE: This centralized L3 gateway example for VXLAN BGP EVPN uses the same configuration steps as in Example: VXLAN BGP EVPN — Multiple AS topology. Configure each spine and leaf switch as in the Multiple AS topology example, except: ● Because VTEPs 1 and 2 operate only in Layer 2 VXLAN mode, do not configure IP switching in the overlay network.
Create a tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks. OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.233/16 ip virtual-router address 10.1.0.
S4048T-ON, S6010-ON, and the S4100-ON series, routing after decapsulation is performed only between virtual networks. You can connect an egress virtual network to a VLAN in an external router, which connects to the external network. In the following example, VLT domain 1 is a VLT VTEP. VLT domain 2 is the border leaf VLT VTEP pair. All virtual networks in the data center network are configured in all VTEPs with virtual-network IP and anycast IP gateway addresses.
Figure 14. VXLAN BGP EVPN with border leaf gateway NOTE: This border leaf gateway example for VXLAN BGP EVPN uses the same configuration steps as in Example: VXLAN BGP EVPN — Multiple AS topology. Configure each spine and leaf switch as in the Multiple AS topology example and add the following additional configuration steps on each VTEP. VTEP 1 Leaf Switch 1. Configure a dedicated VXLAN virtual network.
2. Configure routing on the virtual network. OS10(config)# interface virtual-network 500 OS10(conf-if-vn-10000)# ip vrf forwarding tenant1 OS10(conf-if-vn-10000)# ip address 10.5.0.231/16 3. Configure a static route for outbound traffic sent to the anycast MAC address of the dedicated virtual network. OS10(config)#ip route 0.0.0.0/0 10.5.0.100 VTEP 2 Leaf Switch 1. Configure a dedicated VXLAN virtual network.
5. Configure a static route for outbound traffic sent to VLAN 200. OS10(config)#ip route 0.0.0.0/0 10.10.0.3 VTEP 4 Leaf Switch 1. Configure a dedicated VXLAN virtual network. OS10(config)# virtual-network 500 OS10(config-vn-500)# vxlan-vni 500 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit 2. Configure an anycast gateway MAC address on the boder leaf VTEP. This MAC address must be different from the anycast gateway MAC address configured on non-border-leaf VTEPs.
VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer. OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.
2. Configure the Loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure the VXLAN virtual network. OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit 4. Assign VLAN member interfaces to the virtual network.
OS10(config-router-bgp-100)# neighbor 172.16.2.1 OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 9. Configure a Loopback interface for BGP EVPN peering different from the VLT peer IP address.
Configure the VLT port channel. OS10(config)# interface port-channel10 OS10(conf-if-po-10)# vlt-port-channel 10 OS10(conf-if-po-10)# exit Configure the VLTi member links. OOS10(config)# interface ethernet1/1/3 OS10(conf-if-eth1/1/3)# no shutdown OS10(conf-if-eth1/1/3)# no switchport OS10(conf-if-eth1/1/3)# exit OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet1/1/4 no shutdown no switchport exit Configure the VLT domain.
In EVPN mode, configure the router MAC used by remote VTEPs as the destination address in VXLAN encapsulated packets sent to the switch. Configure a dedicated VXLAN VNI for symmetric IRB for each tenant VRF. OS10(config)# evpn OS10(config-evpn)# router-mac 00:01:02:03:04:05 OS10(config-evpn)# vrf tenant1 OS10(config-evpn-vrf-tenant1)# vni 3000 OS10(config-evpn-vrf-tenant1)# route-target 65535:30000 both OS10(config-evpn-vrf-tenant1)# exit OS10(config-evpn)# exit OS10(config)# 15.
6. Configure upstream network-facing ports. OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 172.17.1.0/31 exit OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# ethernet1/1/2 no shutdown no switchport mtu 1650 ip address 172.17.2.0/31 exit 7. Configure eBGP.
OS10(config-router-neighbor)# send-community extended OS10(config-router-neighbor)# update-source loopback1 OS10(config-router-neighbor)# no shutdown OS10(config-router-bgp-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-rou
OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 13. Configure IP routing in overlay network. Create a tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual network.
4. Configure unused VLAN ID for untagged membership. OS10(config)# virtual-network untagged-vlan 1000 5. Configure access ports as VLAN members for a port-scoped VLAN-to-VNI mapping.
10. Configure a Loopback interface for BGP EVPN peering different from VLT peer IP address. OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.18.0.1/32 OS10(conf-if-lo-1)# exit 11. Configure BGP EVPN peering. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.201.0.
Configure the VLT port channel. OS10(config)# interface port-channel20 OS10(conf-if-po-20)# vlt-port-channel 20 OS10(conf-if-po-20)# exit Configure VLTi member links. OOS10(config)# interface ethernet1/1/3 OS10(conf-if-eth1/1/3)# no shutdown OS10(conf-if-eth1/1/3)# no switchport OS10(conf-if-eth1/1/3)# exit OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet1/1/4 no shutdown no switchport exit Configure the VLT domain.
In EVPN mode, configure the router MAC used by remote VTEPs as the destination address in VXLAN encapsulated packets sent to the switch. Configure a dedicated VXLAN VNI for symmetric IRB for each tenant VRF. OS10(config)# evpn OS10(config-evpn)# router-mac 00:01:02:03:04:06 OS10(config-evpn)# vrf tenant1 OS10(config-evpn-vrf-tenant1)# vni 3000 OS10(config-evpn-vrf-tenant1)# route-target 65535:30000 both OS10(config-evpn-vrf-tenant1)# exit OS10(config-evpn)# exit OS10(config)# 16.
OS10(config-route-map)# match ip address prefix-list deny_v4_host_routes OS10(config-route-map)# exit OS10(config)# router bgp 100 OS10(config-router-bgp-100)# vrf tenant1 OS10(config-router-bgp-100-vrf)# address-family ipv4 unicast OS10(configure-router-bgpv4-vrf-af)# redistribute l2vpn evpn route-map deny_v4_host_routes OS10(configure-router-bgpv4-vrf-af)# end Use the following configuration to advertise the local connected routes on the border-leaf switches to external device: OS10(config)# router bgp 10
7. Configure upstream network-facing ports. OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 172.19.1.0/31 exit OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# ethernet1/1/2 no shutdown no switchport mtu 1650 ip address 172.19.2.0/31 exit 8. Configure eBGP.
OS10(config-router-neighbor)# send-community extended OS10(config-router-neighbor)# update-source loopback1 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-
OS10(conf-uplink-state-group-1)# downstream ethernet1/1/1-1/1/2 OS10(conf-uplink-state-group-1)# upstream port-channel20 OS10(conf-uplink-state-group-1)# exit Configure iBGP IPv4 peering between the VLT peers. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.16.250.10 OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 14. Configure IP routing in the overlay network.
18. Configure BGP session with external router on the border-leaf VTEPs. OS10(config)# router bgp 100 OS10(config-router-bgp-100)# vrf tenant1 OS10(config-router-bgp-100-vrf)# neighbor 10.10.0.3 OS10(config-router-vrf-neighbor)# remote-as 102 OS10(config-router-vrf-neighbor)# no shutdown OS10(config-router-vrf-neighbor)# end 19. Import external routes in to EVPN on the border-leaf switches.
OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# no switchport ip address 172.17.1.1/31 exit ethernet1/1/3 no shutdown no switchport ip address 172.18.1.1/31 exit ethernet1/1/4 no shutdown no switchport ip address 172.19.1.1/31 exit 2.
OS10(conf-router-neighbor)# update-source loopback1 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-101)# neighbor 172.17.0.
OS10(conf-if-eth1/1/3)# OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# exit ethernet1/1/4 no shutdown no switchport ip address 172.19.2.1/31 exit 2. Configure eBGP. OS10(config)# router bgp 101 OS10(config-router-bgp-101)# router-id 172.202.0.1 OS10(config-router-bgp-101)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# redistribute connected OS10(configure-router-bgpv4-af)# exit 3.
OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-101)# neighbor 172.17.0.
LEAF1# LEAF1# show evpn vrf l3-vni VRF : tenant1, State : up L3-VNI : 3000 Route-Distinguisher : 1:192.168.1.1:3000(auto) Route-Targets : 0:65535:30000 both Remote VTEP : 192.168.2.1 LEAF1# 3. Verify BGP EVPN neighborship between leaf and spine nodes. LEAF1# show ip bgp l2vpn evpn summary BGP router identifier 172.16.0.1 local AS number 100 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx 172.201.0.1 101 1132 1116 13:29:00 27 172.202.0.1 101 1131 1118 13:29:02 28 LEAF1# 4.
Example - VXLAN BGP EVPN symmetric IRB with unnumbered BGP peering The following BGP EVPN example uses a Clos leaf-spine topology with BGP over unnumbered interfaces. The following explains how the network is configured: ● External BGP (eBGP) over unnumbered interfaces is used to exchange both IPv4 routes and EVPN routes. ● You need not configure IP addresses on links that connect Spine and Leaf switches. BGP Unnumbered peering works without an IP address configuration on Spine-Leaf links.
● On leaf switches 1 and 2, access ports are assigned to a virtual network using a switch-scoped VLAN. EVPN for the overlay VXLAN is configured using auto-EVI mode. ● On leaf switches 3 and 4, access ports are assigned to a virtual network using a port-scoped VLAN. EVPN for the overlay VXLAN is configured using manual EVI mode with RT and RD values configured in auto mode.
OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-101)# neighbor interface ethernet1/1/4 OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit Spine Switch 2 configuration 1. Configure downstream ports as unnumbered interfaces.
OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit VTEP Leaf Switch 1 configuration 1. Configure a loopback interface for the VXLAN underlay using the same IP address as the VLT peer. OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2. Configure the loopback interface as the VXLAN source tunnel interface.
OS10(config-router-bgp-af)# redistribute connected OS10(config-router-bgp-af)# exit 8. Configure a BGP unnumbered neighbor over network facing ports. Use a template to simplify the configuration on multiple interfaces. These neighbors are configured to carry IPv4 address family (default) and L2VPN EVPN address family.
● Configure UFD with uplink VLT ports and downlink network ports. OS10(config)# uplink-state-group OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# 1 enable downstream ethernet1/1/1-1/1/2 upstream port-channel10 exit ● Configure iBGP unnumbered peering between VLT peers with both IPv4 and L2VPN EVPN address families.
2. Configure the loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure the VXLAN virtual network. OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn)# exit 4. Assign VLAN member interfaces to the virtual network. Use a switch-scoped VLAN-to-VNI mapping.
OS10(config-router-bgp-201)# neighbor interface ethernet1/1/2 OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit 9. Configure EVPN for the VXLAN virtual network. Configure the EVPN instances using Auto EVI mode and Disable ASN in the generated RT.
OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit 11. Configure IP routing in overlay network. ● Create a tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit ● Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 ● Configure routing on the virtual network.
OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# no switchport access vlan OS10(conf-if-po-20)# exit OS10(config)# interface ethernet1/1/6 OS10(conf-if-eth1/1/6)# no shutdown OS10(conf-if-eth1/1/6)# channel-group 20 mode active OS10(conf-if-eth1/1/6)# exit 6. Add the access ports to the virtual network. OS10(config)# virtual-network 20000 OS10(config-vn-20000)# member-interface port-channel 20 untagged OS10(config-vn-20000)# exit 7.
NOTE: Use the disable-rt-asn command to autoderive RT that does not include the ASN in the RT value. This allows auto RT to be used even if the Clos leaf-spine design has separate ASN for each leaf node. Configure this command only when all the VTEPs are OS10 switches. 11. Configure VLT. ● Configure a VLTi VLAN for the virtual network.
● Create the tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit ● Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 ● Configure routing on the virtual network. OS10(config)# interface OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# OS10(conf-if-vn-20000)# virtual-network 20000 ip vrf forwarding tenant1 ip address 10.2.0.233/16 ip virtual-router address 10.2.0.100 no shutdown exit 13.
4. Configure an unused VLAN ID for untagged membership. OS10(config)# virtual-network untagged-vlan 1000 5. Configure access ports as VLAN members for a port-scoped VLAN-to-VNI mapping.
OS10(config-evpn)# evi 20000 OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn)# exit vni 20000 rd auto route-target auto exit NOTE: Use the disable-rt-asn command to autoderive RT that does not include the ASN in the RT value. This allows auto RT to be used even if the Clos leaf-spine design has separate ASN for each leaf node. Configure this command only when all the VTEPs are OS10 switches. 11. Configure VLT.
OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit 12. Configure IP routing in the overlay network. ● Create a tenant VRF. OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit ● Configure an anycast gateway MAC address. OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 ● Configure routing on the virtual network.
Asymmetric to Symmetric IRB migration steps 1. Make the spines to send overlay traffic only to Leaf-2 by making Leaf-1 advertise VTEP IP with a higher metric in the underlay network. Leaf-1 configuration a. Configure route-map with prefix-list to set the metric higher for the VTEP IP. Leaf-1(config)# ip prefix-list vtep_ip seq 10 permit 10.10.10.
2. Spines would now send the overlay traffic destined to VLT domain 1 (Rack1) only to Leaf-2. 3. Configure Symmetric IRB mode in Leaf-2. Leaf-2 configuration a. Configure router-mac. Leaf-2(config)# evpn Leaf-2(config-evpn)# router-mac 02:10:10:10:10:10 b. Configure IP VRF with L3 VNI. Leaf-2(config-evpn)# vrf BLUE Leaf-2(config-evpn-vrf-VRF001)# vni 65001 c. Configure RT (auto or manual) and RD (optional, default is auto). Leaf-2(config-evpn-vrf-BLUE)# route-target auto d.
b. Default route configured in VTEPs pointing to border leaf using an intermediate VNI could be removed. Default route or external routes could now be advertised to the VTEPs from border leaf using advertise commands under EVPN-IPVRF mode.
3 Controller-provisioned VXLAN OS10 supports VXLAN provisioning using an Open vSwitch Database (OVSDB) controller. Currently, the only supported OVSDB controller is the VMware NSX controller. In a controller-provisioned VXLAN, the controller manages VXLAN-related configurations and other control-plane operations, such as MAC address propagation. NOTE: Controller-provisioned VXLAN is not supported on S3048-ON switches.
Configure controller-provisioned VXLAN To configure the NSX controller, follow these steps on each OS10 VTEP: 1. Configure the source interface used for controller-based VXLAN provisioning. Assign an IPv4 address to a loopback interface. Assign the loopback interface to an NVE instance. The loopback interface must belong to the default VRF. For detailed information, see the Configure source IP address on VTEP. 2. Configure NSX controller reachability. 3.
When the above conditions are not met when assigning the interfaces to be managed by the controller, the system returns error messages. When the interface is assigned, you cannot: ● remove the interface from Switchport Trunk mode ● add the interface as a member of any VLAN ● remove the interface from the controller configuration if the interface has active port-scoped VLAN (Port,VLAN) pairs configured by the controller To assign an interface to be managed by the OVSDB controller: 1.
Since VTEP relies on service nodes to replicate BUM traffic, we need a mechanism to monitor the connectivity between the VTEP and the service nodes. BFD can be used to monitor the connectivity between the VTEP and service nodes, and detects failures. The NSX controller provides parameters, such as the minimum TX and RX interval, and the multiplier, to initiate the BFD session between the VTEP and the service nodes. To establish a BFD session, enable the BFD on the controller and the VTEP.
● Show output with details about the replicators available for the VNID. OS10# show nve replicators vnid 10009 Codes: * - Active Replicator BFD Status:Enabled Replicators State ----------------------2.2.2.3 Up 2.2.2.2* Up *— indicates the replicator to which the VTEP sends the BUM traffic for the specific VNID. Configure and control VXLAN from VMware vCenter You can configure and control VXLAN from the VMware vCenter GUI. Complete the following steps: 1.
If successfully establishing connectivity between the VTEP and the NSX controller, the console displays the current connection status between the controller and the management IP address of the VTEP. 3. Create a logical switch. You can create a logical network that acts as the forwarding domain for virtualized and nonvirtualized server workloads on the physical and virtual infrastructure. The following steps configure the logical switch for NSX controller management. a.
4. Create a logical switch port that provides a logical connection point for a VM interface (VIF) and a L2 gateway connection to an external network. 5. (Optional) Enable or disable BFD globally. The following steps enable or disable BFD configuration in the controller. a. Click Service Definitions from the left navigation pane. b. Click the Hardware Devices tab. c. Click the Edit button in the BFD Configuration. d.
After you configure a VMware NSX controller on a server VM, connect to the controller from the VXLAN gateway switch. For more information about the NSX controller configuration in the VTEP, see Configure a connection to an OVSDB controller. For more information about NSX controller configuration, see the NSX User Guide from VMware. Example: VXLAN with a controller configuration This example shows a simple NSX controller and an hardware OS10 VTEP deployed in VXLAN environment.
● Configure the NSX controller in VMware vCenter. For more information about configuring the NSX controller using the GUI, see the Configure and control VXLAN from the VMware vCenter. You must configure an OS10 VTEP with the controller configuration so that the VTEP can communicate with the NSX controller. The NSX controller handles configurations and control plane operations in the VXLAN environment. VTEP 1 1. Configure the OSPF protocol in the underlay.
3. Create an NVE instance and configure a Loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback 1 4. Specify the NSX controller reachability information. OS10(config-nve)# controller ovsdb OS10(config-nve-ovsdb)# ip 10.16.140.182 port 6640 ssl OS10(config-nve-ovsdb)# max-backoff 10000 OS10(config-nve-ovsdb)# exit 5. Assign interfaces to be managed by the controller.
Replicators State ----------------------13.0.0.5 Up 13.0.0.3 Up 13.0.0.2 Up To view the remote VTEP status, use the show nve remote-vtep command. OS10# show nve remote-vtep IP Address: 13.0.0.2, State: up, Encap: VxLAN VNI list: ,6000 IP Address: 13.0.0.3, State: up, Encap: VxLAN VNI list: ,6000 IP Address: 13.0.0.5, State: up, Encap: VxLAN VNI list: ,6000 IP Address: 202.0.0.
VNI list: ,6000 IP Address: 13.0.0.3, VNI list: ,6000 IP Address: 13.0.0.5, VNI list: ,6000 IP Adress: 200.0.0.1, VNI list: 6000 State: up, Encap: VxLAN State: up, Encap: VxLAN State: up, Encap: Vxlan VXLAN Controller commands controller ovsdb Changes the mode to CONFIGURATION-NVE-OVSDB from where you can configure the controller parameters.
Example Supported releases OS10(config)# nve OS10(config-nve)# controller ovsdb OS10(config-nve-ovsdb)# ip 10.11.66.110 port 6640 ssl 10.4.3.0 or later max-backoff Configures a time interval, in milliseconds (ms). This is the duration the switch waits between the connection attempts to the controller. Syntax max-backoff interval Parameters interval—Enter the amount of time, in ms. This is the duration the switch waits between the connection attempts to the controller, from 1000 to 180000 ms.
nve controller ssl-key-generate Generates the SSL certificate for the OVSDB server to setup the SSL connection with the controller. Syntax nve controller ssl-key-generate Parameters None Default None Command mode EXEC Usage information This command is available only for the sysadmin and secadmin roles. This command generates the SSL certificate and restarts the OVSDB server to start using the newly generated certificate. Example Supported releases OS10# nve controller ssl-key-generate 10.4.3.
Usage information Example Supported releases This command is available only for sysadmin and secadmin roles.
Supported releases 10.4.3.0 or later show ovsdb-tables mac-local-ucast Displays information about local MAC address entries including each MAC address, IP address, local switch name, and VNID. Syntax show ovsdb-tables mac-local-ucast Parameters None Default None Command mode EXEC Usage information This command is available only for netadmin, sysadmin, and secadmin roles.
Command mode EXEC Usage information This command is available only for netadmin, sysadmin, and secadmin roles. Example Supported releases OS10# show ovsdb-tables manager Count : 3 Manager table _uuid inactivity_probe is_connected max_backoff other_config status target ------------------------------------ ---- ------------ ---------------------- ------------------------------478ec8ca-9c5a-4d29-9069-633af6c48002 [] false 1000 {} {state=BACKOFF} "ssl:10.16.140.
4 Support resources The Dell EMC Support site provides a range of documents and tools to assist you with effectively using Dell EMC devices. Through the support site you can obtain technical information regarding Dell EMC products, access software upgrades and patches, download available management software, and manage your open cases. The Dell EMC support site provides integrated, secure access to these services. To access the Dell EMC Support site, go to www.dell.com/support/.
Index B bgp unnumbered 146, 286