Cisco device configuration tutorials and networking fundamentals
Cisco configuration tutorials
EVPN VXLAN uses the Route Type 3 for dynamic ingress replication, in order to advertise the PMSI tunnel attribute for a specific VNI. In other words, the VTEP informs the other VTEPs that it can accept broadcast, unknown-unicast, and multicast (BUM) traffic at a specific IP address. This is not unique to VXLAN, Route Type 3 is also used in EVPN-MPLS. The following capture shows a Route Type 3 used with VXLAN.
Each Route Type is summarized in an EVPN introduction blog post. For example, EVPN uses the Route Type 2, which is also called a MAC advertisement route. It is used with VXLAN and also with MPLS in order to advertise MAC addresses over BGP Update messages. The following capture shows an EVPN MAC advertisement route specific to VXLAN, because a VNI is added under the BGP NLRI (instead of an MPLS label), and the "VXLAN Encapsulation" Extended Community is also attached.
While EVPN is used in the control plane, the data plane consists of a Layer-2 tunneling mechanism over UDP transport. Between VTEP devices frames are encapsulated in UDP with a VXLAN header, this method is also called MAC-in-UDP. The VXLAN header includes the VNI to indentify the virtual (overlay) network. Encryption is not natively supported, by default traffic is sent in cleartext as shown in the following capture.
Option | Description |
---|---|
Use of Route Reflector (BGP RR) |
For improved scalability of the EVPN control plane, Route Reflectors can be deployed. This means, iBGP neighborships are configured (same BGP ASN) between the VTEP and RR. |
Use of iBGP or eBGP |
BGP can be configured in the VXLAN underlay network (instead of OSPF or IS-IS), and BGP can be configured in the VXLAN overlay (EVPN control plane uses MP-BGP). Focusing on the EVPN control plane, you can use auto-RD and auto-RT which is a feature to automatically derive (generate) the Route Distinguisher and the Route Target values. This feature is described in RFC 8365, and is available on the NX-OS and IOS XR platforms. However, if you deploy EVPN-VXLAN overlay with eBGP you cannot use auto-RT because the generated import/export RT values for different BGP ASN would not match on two VTEPs (no prefix will be imported). RD and RT values can be manually/statically configured as shown later in this blog post. |
Ingress replication or multicast core |
This relates to how BUM (broadcast, unknown-unicast and multicast) traffic is handled, and is relevant to VXLAN with or without the EVPN control plane. Multicast core (PIM) is more scalable, in which case a L2VNI with EVPN will only advertise Route Type 2 containing MAC addresses. On the other hand, with ingress replication (also called headend replication) the EVPN Route Type 3 (IMET route) is used alongside Route Type 2. |
EVPN adds several benefits to VXLAN. For example, the VTEP devices no longer have a static flood list configured for ingress replication, but instead the EVPN Route Type 3 (IMET route) is used to dynamically advertise VTEP peer PMSI tunnel identifiers. The PMSI tunnel endpoints are used (for ingress replication) as the destination of BUM traffic which is transported across the VXLAN overlay network.
Another benefit is that EVPN enables advertising MAC addresses to remote VTEP devices. This means, VTEP SW1 learns the MAC address of a locally originated frame (traffic sent from Host1), and advertises the MAC address to the remote VTEP SW2 using EVPN Route Type 2 . This is called dynamic MAC learning, and is an improvement over the flood and learn approach (which used without EVPN).
Configuration:
SW1# show run | sec ^nv nv overlay evpn SW1# show run | sec feature feature ospf feature bgp feature vn-segment-vlan-based feature nv overlay SW1# show run vlan | sec vlan !Command: show running-config vlan vlan 1,100 vlan 100 name VLAN100 vn-segment 5000 SW1# show run | sec ^evpn evpn vni 5000 l2 rd 65001:1 route-target import 65001:2 route-target export 65001:1 SW1# show run int Eth1/1 | sec int !Command: show running-config interface Ethernet1/1 interface Ethernet1/1 description ** to SW3 ** switchport switchport mode trunk switchport trunk allowed vlan 100 no shutdown SW1# show run int Eth1/2 | sec int !Command: show running-config interface Ethernet1/2 interface Ethernet1/2 description ** to R1 ** ip address 10.1.0.1/30 ip router ospf 10 area 0.0.0.0 no shutdown SW1# show run int Lo10 | sec int !Command: show running-config interface loopback10 interface loopback10 ip address 10.1.1.1/32 ip router ospf 10 area 0.0.0.0 SW1# show run int nve1 | sec int !Command: show running-config interface nve1 interface nve1 no shutdown host-reachability protocol bgp source-interface loopback10 member vni 5000 ingress-replication protocol bgp SW1# show run bgp | sec ^router router bgp 65001 neighbor 4.4.4.4 remote-as 65001 update-source loopback10 address-family l2vpn evpn send-community send-community extended neighbor 5.5.5.5 remote-as 65001 update-source loopback10 address-family l2vpn evpn send-community send-community extended SW1# show run ospf | sec ^router router ospf 10 router-id 10.1.1.1
SW2# show run | sec ^nv nv overlay evpn SW2# show run | sec feature feature ospf feature bgp feature vn-segment-vlan-based feature nv overlay SW2# show run vlan | sec vlan !Command: show running-config vlan vlan 1,100 vlan 100 name VLAN100 vn-segment 5000 SW2# show run | sec ^evpn evpn vni 5000 l2 rd 65001:2 route-target import 65001:1 route-target export 65001:2 SW2# show run int Eth1/1 | sec int !Command: show running-config interface Ethernet1/1 interface Ethernet1/1 description ** to SW4 ** switchport switchport mode trunk switchport trunk allowed vlan 100 no shutdown SW2# show run int Eth1/2 | sec int !Command: show running-config interface Ethernet1/2 interface Ethernet1/2 description ** to R3 ** ip address 10.5.0.1/30 ip router ospf 10 area 0.0.0.0 no shutdown SW2# show run int Lo10 | sec int !Command: show running-config interface loopback10 interface loopback10 ip address 10.2.2.2/32 ip router ospf 10 area 0.0.0.0 SW2# show run int nve1 | sec int !Command: show running-config interface nve1 interface nve1 no shutdown host-reachability protocol bgp source-interface loopback10 member vni 5000 ingress-replication protocol bgp SW2# show run bgp | sec ^router router bgp 65001 neighbor 4.4.4.4 remote-as 65001 update-source loopback10 address-family l2vpn evpn send-community send-community extended neighbor 5.5.5.5 remote-as 65001 update-source loopback10 address-family l2vpn evpn send-community send-community extended SW2# show run ospf | sec ^router router ospf 10 router-id 10.2.2.2
R1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to VTEP SW1 ** ip address 10.1.0.2 255.255.255.252 duplex auto speed auto media-type rj45 R1#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R2 ** ip address 10.2.0.1 255.255.255.252 duplex auto speed auto media-type rj45 R1#show run | sec ^router router ospf 10 router-id 1.1.1.1 network 10.1.0.0 0.0.0.3 area 0 network 10.2.0.0 0.0.0.3 area 0
R2#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R1 ** ip address 10.2.0.2 255.255.255.252 duplex auto speed auto media-type rj45 R2#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R3 ** ip address 10.4.0.2 255.255.255.252 duplex auto speed auto media-type rj45 R2#show run int Gi0/2 | sec int interface GigabitEthernet0/2 description ** to BGP RR devices ** ip address 10.3.0.1 255.255.255.248 duplex auto speed auto media-type rj45 R2#show run | sec ^router router ospf 10 router-id 2.2.2.2 network 10.2.0.0 0.0.0.3 area 0 network 10.3.0.0 0.0.0.7 area 0 network 10.4.0.0 0.0.0.3 area 0
R4#show run int Gi0/0 | sec int interface GigabitEthernet0/0 ip address 10.3.0.2 255.255.255.248 duplex auto speed auto media-type rj45 R4#show run int Lo10 | sec int interface Loopback10 ip address 4.4.4.4 255.255.255.255 R4#show run | sec ^router ospf router ospf 10 router-id 4.4.4.4 network 4.4.4.4 0.0.0.0 area 0 network 10.3.0.0 0.0.0.7 area 0 R4#show run | sec ^router bgp router bgp 65001 bgp router-id 4.4.4.4 bgp log-neighbor-changes neighbor 10.1.1.1 remote-as 65001 neighbor 10.1.1.1 update-source Loopback10 neighbor 10.2.2.2 remote-as 65001 neighbor 10.2.2.2 update-source Loopback10 ! address-family l2vpn evpn neighbor 10.1.1.1 activate neighbor 10.1.1.1 send-community both neighbor 10.1.1.1 route-reflector-client neighbor 10.2.2.2 activate neighbor 10.2.2.2 send-community both neighbor 10.2.2.2 route-reflector-client exit-address-family
SW5# show run | sec ^nv nv overlay evpn SW5# show run | sec feature feature ospf feature bgp SW5# show run int Eth1/1 | sec int !Command: show running-config interface Ethernet1/1 interface Ethernet1/1 ip address 10.3.0.3/29 ip router ospf 10 area 0.0.0.0 no shutdown SW5# show run int Lo10 | sec int !Command: show running-config interface loopback10 interface loopback10 ip address 5.5.5.5/32 ip router ospf 10 area 0.0.0.0 SW5# show run bgp | sec ^router router bgp 65001 neighbor 10.1.1.1 remote-as 65001 update-source loopback10 address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 10.2.2.2 remote-as 65001 update-source loopback10 address-family l2vpn evpn send-community send-community extended route-reflector-client SW5# show run ospf | sec ^router router ospf 10 router-id 5.5.5.5
SW3#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to Host1 ** switchport access vlan 100 switchport mode access negotiation auto SW3#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to VTEP SW1 ** switchport trunk allowed vlan 100 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto
Host1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to SW3 **
mac-address 0000.0000.0001
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
SW1# show nve peers Interface Peer-IP State LearnType Uptime Route r-Mac --------- -------------------------------------- ----- --------- -------- ----- ------------ nve1 10.2.2.2 Up CP 00:02:21 n/a « VTEP peer IP address learned with EVPN Control Plane (CP) SW1# show nve vni 5000 Codes: CP - Control Plane DP - Data Plane UC - Unconfigured SA - Suppress ARP SU - Suppress Unknown Unicast Xconn - Crossconnect MS-IR - Multisite Ingress Replication Interface VNI Multicast-group State Mode Type [BD/VRF] Flags --------- -------- ----------------- ----- ---- ------------------ ----- nve1 5000 UnicastBGP Up CP L2 [100] « EVPN Control Plane uses BGP SW1# show nve interface nve1 Interface: nve1, State: Up, encapsulation: VXLAN VPC Capability: VPC-VIP-Only [not-notified] Local Router MAC: 5204.bacd.1b08 Host Learning Mode: Control-Plane Source-Interface: loopback10 (primary: 10.1.1.1, secondary: 0.0.0.0) SW1# show mac address-table Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link, (T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ * 100 0000.0000.0001 dynamic 0 F F Eth1/1 C 100 0000.0000.0002 dynamic 0 F F nve1(10.2.2.2) « Remote MAC address dynamically learnt with EVPN Control Plane G - 5204.bacd.1b08 static - F F sup-eth1(R) SW1# show nve peers detail Details of nve Peers: ---------------------------------------- Peer-Ip: 10.2.2.2 « Remote VTEP SW2 IP address NVE Interface : nve1 Peer State : Up « VTEP remote peer state is Up Peer Uptime : 00:02:08 Router-Mac : n/a Peer First VNI : 5000 Time since Create : 00:02:08 Configured VNIs : 5000 « L2VNI 5000 is configured between VTEP SW1 and SW2 Provision State : peer-add-complete Learnt CP VNIs : 5000 vni assignment mode : SYMMETRIC Peer Location : N/A SW1# show bgp l2vpn evpn summary | beg Ne Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 4.4.4.4 4 65001 82 74 20 0 0 01:07:59 2 « EVPN BGP neigborship with Route Reflector R4 5.5.5.5 4 65001 18 15 20 0 0 00:08:46 2 SW1# show bgp l2vpn evpn | beg Ne Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 65001:1 (L2VNI 5000) *>l[2]:[0]:[0]:[48]:[0000.0000.0001]:[0]:[0.0.0.0]/216 10.1.1.1 100 32768 i *>i[2]:[0]:[0]:[48]:[0000.0000.0002]:[0]:[0.0.0.0]/216 10.2.2.2 100 0 i *>l[3]:[0]:[32]:[10.1.1.1]/88 10.1.1.1 100 32768 i *>i[3]:[0]:[32]:[10.2.2.2]/88 10.2.2.2 100 0 i Route Distinguisher: 65001:2 « EVPN routes advertised by SW2 have RD 65001:2 assigned * i[2]:[0]:[0]:[48]:[0000.0000.0002]:[0]:[0.0.0.0]/216 « This is an EVPN Route Type 2 (MAC advertisement route) 10.2.2.2 100 0 i *>i 10.2.2.2 100 0 i * i[3]:[0]:[32]:[10.2.2.2]/88 « This is an EVPN Route Type 3 (IMET route for ingress replication) 10.2.2.2 100 0 i *>i 10.2.2.2 100 0 i SW1# show bgp l2vpn evpn 0000.0000.0002 BGP routing table information for VRF default, address family L2VPN EVPN Route Distinguisher: 65001:1 (L2VNI 5000) « SW1 uses the RD 65001:1 for local routes BGP routing table entry for [2]:[0]:[0]:[48]:[0000.0000.0002]:[0]:[0.0.0.0]/216, « MAC address of the remote Host2, received with EVPN version 19 Paths: (1 available, best #1) Flags: (0x000212) (high32 00000000) on xmit-list, is in l2rib/evpn, is not in HW Advertised path-id 1 Path type: internal, path is valid, is best path, no labeled nexthop, in rib Imported from 65001:2:[2]:[0]:[0]:[48]:[0000.0000.0002]:[0]:[0.0.0. « Host2 MAC route has RD 65001:2, it was received from SW2 0]/216 AS-Path: NONE, path sourced internal to AS 10.2.2.2 (metric 44) from 4.4.4.4 (4.4.4.4) « Next-hop to reach Host2 MAC address is through VTEP SW2 Origin IGP, MED not set, localpref 100, weight 0 Received label 5000 Extcommunity: RT:65001:2 ENCAP:8 Originator: 10.2.2.2 Cluster list: 4.4.4.4 « Route Reflector adds this information, EVPN route originator is SW2, Cluster list shows RR R4 Path-id 1 not advertised to any peer Route Distinguisher: 65001:2 « RD assigned by SW2, two routes are visible to Host2 MAC, before best route selected on SW1 BGP routing table entry for [2]:[0]:[0]:[48]:[0000.0000.0002]:[0]:[0.0.0.0]/216, version 20 Paths: (2 available, best #2) Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i n HW Path type: internal, path is valid, not best reason: Neighbor Address, no labe led nexthop AS-Path: NONE, path sourced internal to AS 10.2.2.2 (metric 44) from 5.5.5.5 (5.5.5.5) « MAC advertisement route received from RR R5 (not best path) Origin IGP, MED not set, localpref 100, weight 0 Received label 5000 Extcommunity: RT:65001:2 ENCAP:8 Originator: 10.2.2.2 Cluster list: 5.5.5.5 Advertised path-id 1 Path type: internal, path is valid, is best path, no labeled nexthop Imported to 1 destination(s) Imported paths list: L2-5000 AS-Path: NONE, path sourced internal to AS 10.2.2.2 (metric 44) from 4.4.4.4 (4.4.4.4) « MAC advertisement route received from RR R4 (selected best path) Origin IGP, MED not set, localpref 100, weight 0 Received label 5000 Extcommunity: RT:65001:2 ENCAP:8 Originator: 10.2.2.2 Cluster list: 4.4.4.4 Path-id 1 not advertised to any peer Host1#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 10/11/12 ms « Host1 can ping Host2 through VXLAN tunnel Host1#show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.1.1 - 0000.0000.0001 ARPA GigabitEthernet0/0 Internet 192.168.1.2 5 0000.0000.0002 ARPA GigabitEthernet0/0 « Host1 learns MAC address of Host2 through EVPN
However, in the same NVE interface configuration on each VTEP, a multicast group is added under the VNI. In other words, instead of using EVPN IMET routes (RT 3) for ingress replication, a multicast core is enabled with PIM Sparse Mode between the VTEP devices.
SW1# SW1# configure Enter configuration commands, one per line. End with CNTL/Z. SW1(config)# SW1(config)# interface nve1 SW1(config-if-nve)# host-reachability protocol bgp SW1(config-if-nve)# source-interface loopback10 SW1(config-if-nve)# member vni 5000 SW1(config-if-nve-vni)# mcast-group 239.1.1.1 SW1(config-if-nve-vni)# exit SW1(config-if-nve)# SW1(config-if-nve)# no shutdown SW1(config-if-nve)# SW1(config-if-nve)# exit SW1(config)# exit SW1#
Configuration:
SW1# show run | sec ^nv nv overlay evpn SW1# show run | sec feature feature ospf feature bgp feature pim feature vn-segment-vlan-based feature nv overlay SW1# show run | grep rp-address ip pim rp-address 2.2.2.2 group-list 224.0.0.0/4 SW1# show run vlan | sec vlan !Command: show running-config vlan vlan 1,100 vlan 100 name VLAN100 vn-segment 5000 SW1# show run | sec ^evpn evpn vni 5000 l2 rd 65001:1 route-target import 65001:2 route-target export 65001:1 SW1# show run int Eth1/1 | sec int !Command: show running-config interface Ethernet1/1 interface Ethernet1/1 description ** to Host1 ** switchport switchport access vlan 100 no shutdown SW1# show run int Eth1/2 | sec int !Command: show running-config interface Ethernet1/2 interface Ethernet1/2 description ** to SW2 ** ip address 10.1.0.1/30 ip router ospf 10 area 0.0.0.0 ip pim sparse-mode no shutdown SW1# show run int Lo10 | sec int !Command: show running-config interface loopback10 interface loopback10 ip address 1.1.1.1/32 ip router ospf 10 area 0.0.0.0 ip pim sparse-mode SW1# show run int nve1 | sec int !Command: show running-config interface nve1 interface nve1 no shutdown host-reachability protocol bgp source-interface loopback10 member vni 5000 mcast-group 239.1.1.1 SW1# show run bgp | sec ^router router bgp 65001 template peer EXAMPLE-TEMPLATE remote-as 65001 update-source loopback10 address-family l2vpn evpn send-community send-community extended neighbor 3.3.3.3 inherit peer EXAMPLE-TEMPLATE SW1# show run ospf | sec ^router router ospf 10 router-id 1.1.1.1
SW2# show run | sec feature feature ospf feature pim SW2# show run | grep rp-address ip pim rp-address 2.2.2.2 group-list 224.0.0.0/4 SW2# show run int Eth1/1 | sec int !Command: show running-config interface Ethernet1/1 interface Ethernet1/1 description ** to VTEP SW1 ** ip address 10.1.0.2/30 ip router ospf 10 area 0.0.0.0 ip pim sparse-mode no shutdown SW2# show run int Eth1/2 | sec int !Command: show running-config interface Ethernet1/2 interface Ethernet1/2 description ** to VTEP SW3 ** ip address 10.2.0.2/30 ip router ospf 10 area 0.0.0.0 ip pim sparse-mode no shutdown SW2# show run int Lo10 | sec int !Command: show running-config interface loopback10 interface loopback10 ip address 2.2.2.2/32 ip router ospf 10 area 0.0.0.0 ip pim sparse-mode SW2# show run ospf | sec ^router router ospf 10 router-id 2.2.2.2
SW3# show run | sec ^nv nv overlay evpn SW3# show run | sec feature feature ospf feature bgp feature pim feature vn-segment-vlan-based feature nv overlay SW3# show run | grep rp-address ip pim rp-address 2.2.2.2 group-list 224.0.0.0/4 SW3# show run vlan | sec vlan !Command: show running-config vlan vlan 1,100 vlan 100 name VLAN100 vn-segment 5000 SW3# show run | sec ^evpn evpn vni 5000 l2 rd 65001:2 route-target import 65001:1 route-target export 65001:2 SW3# show run int Eth1/1 | sec int !Command: show running-config interface Ethernet1/1 interface Ethernet1/1 description ** to Host2 ** switchport switchport access vlan 100 no shutdown SW3# show run int Eth1/2 | sec int !Command: show running-config interface Ethernet1/2 interface Ethernet1/2 description ** to SW2 ** ip address 10.2.0.1/30 ip router ospf 10 area 0.0.0.0 ip pim sparse-mode no shutdown SW3# show run int Lo10 | sec int !Command: show running-config interface loopback10 interface loopback10 ip address 3.3.3.3/32 ip router ospf 10 area 0.0.0.0 ip pim sparse-mode SW3# show run int nve1 | sec int !Command: show running-config interface nve1 interface nve1 no shutdown host-reachability protocol bgp source-interface loopback10 member vni 5000 mcast-group 239.1.1.1 SW3# show run bgp | sec ^router router bgp 65001 template peer EXAMPLE-TEMPLATE remote-as 65001 update-source loopback10 address-family l2vpn evpn send-community send-community extended neighbor 1.1.1.1 inherit peer EXAMPLE-TEMPLATE SW3# show run ospf | sec ^router router ospf 10 router-id 3.3.3.3
Host1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to SW1 **
mac-address 0000.0000.0001
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
SW1# show nve vni 5000 Codes: CP - Control Plane DP - Data Plane UC - Unconfigured SA - Suppress ARP SU - Suppress Unknown Unicast Xconn - Crossconnect MS-IR - Multisite Ingress Replication Interface VNI Multicast-group State Mode Type [BD/VRF] Flags --------- -------- ----------------- ----- ---- ------------------ ----- nve1 5000 239.1.1.1 Up CP L2 [100] « Control Plane (EVPN) enabled with multicast core SW1# show ip mroute IP Multicast Routing Table for VRF "default" (*, 232.0.0.0/8), uptime: 04:07:36, pim ip Incoming interface: Null, RPF nbr: 0.0.0.0 Outgoing interface list: (count: 0) (*, 239.1.1.1/32), uptime: 04:07:34, nve pim ip Incoming interface: Ethernet1/2, RPF nbr: 10.1.0.2 Outgoing interface list: (count: 1) nve1, uptime: 04:07:34, nve « VXLAN NVE is in the multicast OIL (Outgoing Interface List) (1.1.1.1/32, 239.1.1.1/32), uptime: 04:07:34, nve mrib pim ip Incoming interface: loopback10, RPF nbr: 1.1.1.1 Outgoing interface list: (count: 1) Ethernet1/2, uptime: 03:34:37, pim SW1# show bgp l2vpn evpn | beg Ne Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 65001:1 (L2VNI 5000) *>l[2]:[0]:[0]:[48]:[0000.0000.0001]:[0]:[0.0.0.0]/216 « Only EVPN Route Type 2 (MAC advertisements) are exchanged 1.1.1.1 100 32768 i *>i[2]:[0]:[0]:[48]:[0000.0000.0002]:[0]:[0.0.0.0]/216 3.3.3.3 100 0 i Route Distinguisher: 65001:2 *>i[2]:[0]:[0]:[48]:[0000.0000.0002]:[0]:[0.0.0.0]/216 3.3.3.3 100 0 i
The L2VNI 5000 is configured, and the VXLAN tunnel encapsulates traffic between Host1 and Host2 in VLAN 100. For BUM traffic between VTEP devices, ingress replication is used which relies on the EVPN Route Type 3 (IMET route).
There are two ways to configure IS-IS on NX-OS shown in this example topology. VTEP SW1 uses the ip router isis EXAMPLE-ISIS command under the Loopback interface. Meanwhile, VTEP SW3 has advertise interface loopback10 added under the address-family within the IS-IS router configuration mode.
Configuration:
SW1# show run | sec ^nv nv overlay evpn SW1# show run | sec ^feature feature bgp feature isis feature vn-segment-vlan-based feature nv overlay SW1# show run vlan | sec vlan !Command: show running-config vlan vlan 1,100 vlan 100 name VLAN100 vn-segment 5000 SW1# show run | sec ^evpn evpn vni 5000 l2 rd 65001:1 route-target import 65001:2 route-target export 65001:1 SW1# show run int Eth1/1 | sec int !Command: show running-config interface Ethernet1/1 interface Ethernet1/1 description ** to Host1 ** switchport switchport access vlan 100 no shutdown SW1# show run int Eth1/2 | sec int !Command: show running-config interface Ethernet1/2 interface Ethernet1/2 description ** to SW2 ** ip address 10.1.0.1/30 isis network point-to-point ip router isis EXAMPLE-ISIS no shutdown SW1# show run int Lo10 | sec int !Command: show running-config interface loopback10 interface loopback10 ip address 10.1.1.1/32 ip router isis EXAMPLE-ISIS SW1# show run int nve1 | sec int !Command: show running-config interface nve1 interface nve1 no shutdown host-reachability protocol bgp source-interface loopback10 member vni 5000 ingress-replication protocol bgp SW1# show run isis | sec ^router router isis EXAMPLE-ISIS net 49.0010.0000.0000.0001.00 is-type level-2 log-adjacency-changes SW1# show run bgp | sec ^router router bgp 65001 neighbor 10.2.2.2 remote-as 65001 update-source loopback10 address-family l2vpn evpn send-community send-community extended
SW2# show run | sec ^feature feature isis SW2# show run int eth1/1 | sec int !Command: show running-config interface Ethernet1/1 interface Ethernet1/1 description ** to SW1 ** ip address 10.1.0.2/30 isis network point-to-point ip router isis EXAMPLE-ISIS no shutdown SW2# show run int eth1/2 | sec int !Command: show running-config interface Ethernet1/2 interface Ethernet1/2 description ** to SW3 ** ip address 10.2.0.2/30 isis network point-to-point ip router isis EXAMPLE-ISIS no shutdown SW2# show run isis | sec ^router router isis EXAMPLE-ISIS net 49.0010.0000.0000.0002.00 is-type level-2 log-adjacency-changes
SW3# show run | sec ^nv nv overlay evpn SW3# show run | sec ^feature feature bgp feature isis feature vn-segment-vlan-based feature nv overlay SW3# show run vlan | sec vlan !Command: show running-config vlan vlan 1,100 vlan 100 name VLAN100 vn-segment 5000 SW3# show run | sec ^evpn evpn vni 5000 l2 rd 65001:2 route-target import 65001:1 route-target export 65001:2 SW3# show run int Eth1/1 | sec int !Command: show running-config interface Ethernet1/1 interface Ethernet1/1 description ** to Host2 ** switchport switchport access vlan 100 no shutdown SW3# show run int Eth1/2 | sec int !Command: show running-config interface Ethernet1/2 interface Ethernet1/2 description ** to SW2 ** ip address 10.2.0.1/30 isis network point-to-point ip router isis EXAMPLE-ISIS no shutdown SW3# show run int Lo10 | sec int !Command: show running-config interface loopback10 interface loopback10 ip address 10.2.2.2/32 SW3# show run int nve1 | sec int !Command: show running-config interface nve1 interface nve1 no shutdown host-reachability protocol bgp source-interface loopback10 member vni 5000 ingress-replication protocol bgp SW3# show run isis | sec ^router router isis EXAMPLE-ISIS net 49.0010.0000.0000.0003.00 is-type level-2 log-adjacency-changes address-family ipv4 unicast advertise interface loopback10 SW3# show run bgp | sec ^router router bgp 65001 address-family l2vpn evpn neighbor 10.1.1.1 remote-as 65001 update-source loopback10 address-family l2vpn evpn send-community send-community extended
Host1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to VTEP SW1 **
mac-address 0000.0000.0001
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
SW1# show isis interface Loopback10 IS-IS process: EXAMPLE-ISIS VRF: default loopback10, Interface status: protocol-up/link-up/admin-up IP address: 10.1.1.1, IP subnet: 10.1.1.1/32 IPv6 routing is disabled Level1 No auth type and keychain Auth check set Level2 No auth type and keychain Auth check set Index: 0x0002, Local Circuit ID: 0x01, Circuit Type: L2 « IS-IS Level-2 area is used BFD IPv4 is locally disabled for Interface loopback10 BFD does not support AF IPv4 BFD IPv6 is locally disabled for Interface loopback10 BFD does not support AF IPv6 MTR is disabled Passive level: level-1 Level Metric 1 1 2 1 Topologies enabled: L MT Metric MetricCfg Fwdng IPV4-MT IPV4Cfg IPV6-MT IPV6Cfg 1 0 1 no DN DN no DN no 2 0 1 no UP UP yes DN no SW3# show isis interface Loopback10 IS-IS process: EXAMPLE-ISIS VRF: default loopback10, Interface status: protocol-up/link-up/admin-up IP address: 10.2.2.2, IP subnet: 10.2.2.2/32 IPv6 routing is disabled Advertise command AF IPv4 L1-2, IPv6 NONE, combined L1-2 « The "Advertise" command is used on SW3 Level1 No auth type and keychain Auth check set Level2 No auth type and keychain Auth check set Index: 0x0001, Local Circuit ID: 0x01, Circuit Type: L2 BFD IPv4 is locally disabled for Interface loopback10 BFD does not support AF IPv4 BFD IPv6 is locally disabled for Interface loopback10 BFD does not support AF IPv6 MTR is disabled Passive level: level-1 Level Metric 1 1 2 1 Topologies enabled: L MT Metric MetricCfg Fwdng IPV4-MT IPV4Cfg IPV6-MT IPV6Cfg 1 0 1 no DN DN no DN no 2 0 1 no UP UP yes DN no « IS-IS Level-2 topology for IPv4 is enabled SW3# show isis topology IS-IS process: EXAMPLE-ISIS VRF: default Topology ID: 0 IS-IS Level-1 IS routing table IS-IS Level-2 IS routing table « IS-IS being a link-state protocol knows about SW1 and SW2 in same Level-2 topology SW1.00, Instance 0x0000001F *via SW2, Ethernet1/2, metric 80 SW2.00, Instance 0x0000001F *via SW2, Ethernet1/2, metric 40 SW1# show ip route isis IP Route Table for VRF "default" '*' denotes best ucast next-hop '**' denotes best mcast next-hop '[x/y]' denotes [preference/metric] '%' in via output denotes VRF 10.2.0.0/30, ubest/mbest: 1/0 *via 10.1.0.2, Eth1/2, [115/80], 01:20:57, isis-EXAMPLE-ISIS, L2 10.2.2.2/32, ubest/mbest: 1/0 « SW1 receives Loopback IP address of SW3 through IS-IS *via 10.1.0.2, Eth1/2, [115/81], 01:20:50, isis-EXAMPLE-ISIS, L2 « Next-hop is SW2 SW2# show isis adjacency IS-IS process: EXAMPLE-ISIS VRF: default IS-IS adjacency database: Legend: '!': No AF level connectivity in given topology System ID SNPA Level State Hold Time Interface SW1 N/A 2 UP 00:00:27 Ethernet1/1 « IS-IS neighborship is established SW3 N/A 2 UP 00:00:26 Ethernet1/2 SW1# show bgp l2vpn evpn summary | beg Ne Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.2.2.2 4 65001 85 83 9 0 0 01:17:58 2 « BGP neighborship established, two EVPN routes received SW1# show bgp l2vpn evpn | beg Ne Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 65001:1 (L2VNI 5000) *>l[2]:[0]:[0]:[48]:[0000.0000.0001]:[0]:[0.0.0.0]/216 10.1.1.1 100 32768 i *>i[2]:[0]:[0]:[48]:[0000.0000.0002]:[0]:[0.0.0.0]/216 10.2.2.2 100 0 i *>l[3]:[0]:[32]:[10.1.1.1]/88 10.1.1.1 100 32768 i *>i[3]:[0]:[32]:[10.2.2.2]/88 10.2.2.2 100 0 i Route Distinguisher: 65001:2 *>i[2]:[0]:[0]:[48]:[0000.0000.0002]:[0]:[0.0.0.0]/216 « SW1 receives MAC address from remote VTEP through EVPN RT 2 10.2.2.2 100 0 i *>i[3]:[0]:[32]:[10.2.2.2]/88 « SW1 receives VTEP PMSI tunnel endpoint IP for ingress replication 10.2.2.2 100 0 i SW1# show nve vni 5000 Codes: CP - Control Plane DP - Data Plane UC - Unconfigured SA - Suppress ARP SU - Suppress Unknown Unicast Xconn - Crossconnect MS-IR - Multisite Ingress Replication Interface VNI Multicast-group State Mode Type [BD/VRF] Flags --------- -------- ----------------- ----- ---- ------------------ ----- nve1 5000 UnicastBGP Up CP L2 [100] « Peer status between VTEP devices is Up with EVPN Control Plane
Disclaimer: You download and use files from networkstudysite.com at your own risk.
Lab YAML file:
Packet captures:
How to use these files:
With YAML files you can easily recreate the example labs on networkstudysite.com. Learn more in this short guide.
Explore 313 packet captures
You can find more information at the following external links:
By clicking on the links below, you are leaving the networkstudysite.com website.
Cisco - Chapter: Information About Layer 2 EVPN VXLAN
Cisco - Chapter: Configuring EVPN VXLAN Layer 2 Overlay Network
Cisco - A Modern, Open, and Scalable Fabric: VXLAN EVPN
Cisco Community - VXLAN EVPN Just with L2VNI
RFC 8365 - A Network Virtualization Overlay Solution Using Ethernet VPN (EVPN)
Disclaimer:
Use at your own risk: networkstudysite.com makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information found on this website. Full disclaimer on the About page.
Privacy Policy:
networkstudysite.com does not install browser cookies to collect or store your data.
Thank you for your interest in this blog post!
Looking for something else? View infographics, explore the archives or read the recommended posts below: