The final post in EVPN Lab series is VXLAN and EVPN configuration. f you missed the other posts that got our environment setup until tis point, they are liked below:
This is the one we have all waited for, so buckle up and let’s jump right into the EVPN Lab – VXLAN and EVPN configuration.
What are we working with?
The physical diagram was shared in our previous post {{ internal link }}. When we are done configuring VXLAN and EVPN, the logical topology should look like this
The Setup
As with the others, there is lots of repetition on the leaf switches, the spines are not configured in this instance as they are just passing the L2 VPN information via BGP to the leaf switches. We will be focusing on Leaf-01 for this whole post.
What are the parameters for configuration
These are our tenants with their relevant configuration
| Tenant Name | Tenant_Red | Tenant_Blue | Tenant_Green |
|---|---|---|---|
| Layer 2 VLAN | 100 | 150 | 350 |
| Layer 3 VNI | 200 | 250 | 450 |
| Layer 2 VXLAN | 21000 | 21500 | 23500 |
| Layer 3 VXLAN | 32000 | 32500 | 34500 |
| Subnet | 172.16.24.0/24 | 172.18.24.0/24 | 172.16.26.0/24 |
| Multicast Group | 225.1.0.100 | 225.1.0.150 | 225.1.1.150 |
The configuration requirements are broken out into the tabs below
- VLAN
- VRF
- L2 VNI VLANs
- L3 VNI Interface VLAN
- BGP and EVPN
- Network Virtualization Edge (NVE) Interface
- Configure VLANS with appropriate vn-segments
- VLAN 100 VXLAN21000
- VLAN 200 VXLAN32000
- VLAN 150 VXLAN21500
- VLAN 250 VXLAN32500
- VLAN 350 VXLAN23500
- VLAN 450 VXLAN34500- Configure VRFs for each tenant
- Set VNI to L3 VNI
- Set RD to Auto
- Under address family ipv4 unicast
- Set route-targets to auto for ipv4 and evpn- Add to appropriate VRF
- Configure fabric forwarding anycast gateway with MAC 0000.dead.beef- Configure L3 VXLAN interfaces
- Assign appropriate VRF to VLAN
- Configure IP forward- Add VRFs to BGP process
- Advertise network via BGP
- Configure l2 VNIs
- Set all rotue distingushers and route targets to auto- Configure BGP as the host reachability protocol
- Source interface should be loopback 20
- Create L2 member VNIs
- Suppress ARP
- configure multicast groups for each tenant
- Configure L3 member VNIsConfiguration
OK, without further ado, let’s get to the fun part! Let’s Configure Leaf-01!
1 – Enable Features for VXLAN and EVPN
feature fabric forwarding
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay2 – Configure VLANs and VN-Segments
vlan 100,200,150,250,350,450
vlan 100
name TENANT_RED-L2-VLAN
vn-segment 21000
vlan 200
name TENANT_RED-L3-VNI
vn-segment 32000
vlan 150
name TENANT_BLUE-L2-VLAN
vn-segment 21500
vlan 250
name TENANT_BLUE-L3-VNI
vn-segment 32500
vlan 350
name TENANT_GREEN-L2-VLAN
vn-segment 23500
vlan 450
name TENANT_GREEN-L3-VNI
vn-segment 345003 – Configure VRFs and Fabric-Forwarding
vrf context TENANT_RED
vni 32000
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
vrf context TENANT_BLUE
vni 32500
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
vrf context TENANT_GREEN
vni 34500
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
fabric forwarding anycast-gateway-mac 0000.dead.beef4 – Configure VLAN Interfaces and Assign IP Addresses
interface Vlan100
description TENANT_RED VL100
no shutdown
mtu 9216
vrf member TENANT_RED
ip address 172.16.24.1/24
fabric forwarding mode anycast-gateway
interface Vlan150
description TENANT_BLUE VL150
no shutdown
mtu 9216
vrf member TENANT_BLUE
ip address 172.18.24.1/24
fabric forwarding mode anycast-gateway
interface Vlan350
description TENANT_GREEN VL350
no shutdown
mtu 9216
vrf member TENANT_GREEN
ip address 172.18.26.1/24
fabric forwarding mode anycast-gateway
interface Vlan200
description TENANT_RED VL200 L3VNI
no shutdown
mtu 9216
vrf member TENANT_RED
ip forward
interface Vlan250
description TENANT_BLUE VL250 L3VNI
no shutdown
mtu 9216
vrf member TENANT_BLUE
ip forward
interface Vlan450
description TENANT_GREEN VL450 L3VNI
no shutdown
mtu 9216
vrf member TENANT_GREEN
ip forward5 – Add VRFs to BGP along with EVPN Configuration
router bgp 64512
vrf TENANT_RED
address-family ipv4 unicast
network 172.16.24.0/24
advertise l2vpn evpn
vrf TENANT_BLUE
address-family ipv4 unicast
network 172.18.24.0/24
advertise l2vpn evpn
vrf TENANT_GREEN
address-family ipv4 unicast
network 172.18.26.0/24
advertise l2vpn evpn
evpn
vni 21000 l2
rd auto
route-target import auto
route-target export auto
vni 21500 l2
rd auto
route-target import auto
route-target export auto
vni 23500 l2
rd auto
route-target import auto
route-target export auto6 – Configure NVE Interface
I know this might be new to a lot of people, so I wanted to break down each part of this configuration
- This is the VTEP on the leaf switch
- We are using BGP as the control protocol to advertise host information
- The source interface of the NVE interface is going to be the IP address assigned to Loopback20
- For our layer 2 VNI’s we are suppressing ARP
- We are using a special multicast group for the Layer 2 VNIs
interface nve1
no shutdown
description VTEP
host-reachability protocol bgp
source-interface loopback20
member vni 21000
suppress-arp
mcast-group 225.1.0.100
member vni 21500
suppress-arp
mcast-group 225.1.0.150
member vni 23500
suppress-arp
mcast-group 225.1.1.150
member vni 32000 associate-vrf
member vni 32500 associate-vrf
member vni 34500 associate-vrfSee I told you, that was ALOT… But now we get to the fun part which is verification time!
Verification
show ip mroute
We are verifying one of the multicast routes from the VRF that us used for BUM traffic
Leaf-01# show ip mroute 225.1.1.150
IP Multicast Routing Table for VRF "default"
(*, 225.1.1.150/32), uptime: 00:07:38, nve ip pim
Incoming interface: Ethernet1/2, RPF nbr: 10.0.0.29
Outgoing interface list: (count: 1)
nve1, uptime: 00:07:38, nve
(10.10.10.3/32, 225.1.1.150/32), uptime: 00:07:38, nve mrib ip pim
Incoming interface: loopback20, RPF nbr: 10.10.10.3
Outgoing interface list: (count: 2)
Ethernet1/2, uptime: 00:06:59, pim
Ethernet1/1, uptime: 00:06:59, pimshow nve peers
Ensure that the VTEP is peering with other VTEPs in the fabric
Leaf-01# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- -------------------------------------- ----- --------- -------- -----------------
nve1 10.10.10.4 Up CP 00:02:59 5004.0000.1b08
nve1 10.10.10.5 Up CP 00:02:58 5005.0000.1b08
nve1 10.10.10.6 Up CP 00:03:00 5006.0000.1b08
nve1 10.10.10.7 Up CP 00:03:00 5007.0000.1b08
nve1 10.10.10.8 Up CP 00:02:59 5019.0000.1b08
nve1 10.10.10.9 Up CP 00:03:00 5012.0000.1b08show nve vni
Shows all VNI interfaces attached to NVE interfac
Leaf-01# show nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP
S-ND - Suppress ND
SU - Suppress Unknown Unicast
Xconn - Crossconnect
MS-IR - Multisite Ingress Replication
HYB - Hybrid IRB mode
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1 21000 225.1.0.100 Up CP L2 [100] SA
nve1 21500 225.1.0.150 Up CP L2 [150] SA
nve1 23500 225.1.1.150 Up CP L2 [350] SA
nve1 32000 n/a Up CP L3 [TENANT_RED]
nve1 32500 n/a Up CP L3 [TENANT_BLUE]
nve1 34500 n/a Up CP L3 [TENANT_GREEN]
show vxlan
Show VXLAN information
Leaf-01# show vxlan
Vlan VN-Segment
==== ==========
100 21000
150 21500
200 32000
250 32500
350 23500
450 34500show bgp l2vpn evpn summary
This will now show NLRI’s being learned along with what type they are
Leaf-01# show bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 10.1.0.3, local AS number 64512
BGP table version is 58, L2VPN EVPN config peers 2, capable peers 2
21 network entries and 57 paths using 8028 bytes of memory
BGP attribute entries [57/20976], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [12/48]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/
PfxRcd
10.10.10.1 4 64512 25 7 58 0 0 00:01:58 18
10.10.10.2 4 64512 25 7 58 0 0 00:01:57 18
Neighbor T AS Type-1 Type-2 Type-3 Type-4 Type-5 Type-12
10.10.10.1 I 64512 0 0 0 0 18 0
10.10.10.2 I 64512 0 0 0 0 18 0There we have it. Just like that this series comes to an end. This was an interesting one for me as I have not messed around with EVPN since 2017 and it was a great refresher to get back into it. What did you think of this series? Is there anything in particular you want to see next? I created a short survey that is going to help me with content like this in the future. You can access it here, and thank you for taking the time out to give some guidance. Let me know in the comments below or over on my socials! Thanks for following along and see you on the next one!