0% found this document useful (0 votes)

221 views27 pages

Vxlan Evpn Notes

This document provides configuration examples for a VxLAN BGP EVPN multi-site topology with three NX-OS switches (DC.A-Spine-01, DC.A-Spine-02, DC.A-Leaf-01). Key aspects of the configuration include VXLAN VLAN mapping, EVPN route distribution using BGP, underlay routing with IS-IS, and multisite settings for ingress replication and border gateway tracking across sites.

Uploaded by

Joshua Limakwe

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

221 views27 pages

Vxlan Evpn Notes

Uploaded by

Joshua Limakwe

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 27

bestpath-network.

com

VxLAN BGP EVPN MULTI-SITE

For some reason, I changed the topology from my previous post.

And here is the topology that I use, technically there is no significant
difference for the VxLAN EVPN configuration.
You can download the eve-ng and nx-os files that I use at the following link.
https://1drv.ms/u/s!Akle2gacCiDjgrU6CvPtLw_Cbps0pA?e=5uUwdN
And for this document, I will share the config and some examples of
verification.

Page | 1
bestpath-network.com

• DC.A-Spine-01

hostname DC.A-Spine-01

feature telnet
nv overlay evpn
feature bgp
feature pim
feature isis
feature fabric forwarding
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
evpn multisite border-gateway 500
delay-restore time 300

ip pim rp-address 1.1.1.10 group-list 224.0.0.0/4

ip pim ssm range 232.0.0.0/8
ip pim anycast-rp 1.1.1.10 1.1.1.1
vlan 1,1000-1002
vlan 1000
vn-segment 100000
vlan 1001
vn-segment 101001
vlan 1002
vn-segment 101002

route-map REDIST-CONNECT permit 10

match tag 8910
vrf context EVPN_Multi-Site
vni 100000
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn

hardware access-list tcam region racl 512

hardware access-list tcam region arp-ether 256 double-wide

interface Vlan1000
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip forward
no ipv6 redirects

interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback102
multisite border-gateway interface loopback103
member vni 100000 associate-vrf
member vni 101001
multisite ingress-replication
ingress-replication protocol bgp
member vni 101002
multisite ingress-replication
ingress-replication protocol bgp

interface Ethernet1/1

Page | 2
bestpath-network.com

no switchport
mtu 9000
ip address 10.1.1.2/30
evpn multisite dci-tracking
no shutdown

interface Ethernet1/3
no switchport
mtu 9000
ip address 10.0.1.5/30
ip router isis UNDERLAY
ip pim sparse-mode
evpn multisite fabric-tracking
no shutdown

interface Ethernet1/5
no switchport
mtu 9000
ip address 10.0.1.1/30
ip router isis UNDERLAY
ip pim sparse-mode
evpn multisite fabric-tracking
no shutdown

interface loopback0
ip address 1.1.1.1/32
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback1
description Anycast-RP
ip address 1.1.1.10/32
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback101
ip address 1.1.1.101/32 tag 8910
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback102
ip address 1.1.1.102/32 tag 8910
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback103
description Anycast-VTEP-Multi_Site
ip address 1.1.1.103/32 tag 8910
ip router isis UNDERLAY
ip pim sparse-mode

boot nxos bootflash:/nxos.9.3.3.bin sup-1

router isis UNDERLAY
net 49.0000.0000.0000.0000.0111.00
is-type level-2
router bgp 65001
router-id 1.1.1.1
address-family ipv4 unicast
redistribute direct route-map REDIST-CONNECT
maximum-paths 64
address-family l2vpn evpn

Page | 3
bestpath-network.com

neighbor 3.3.3.3
remote-as 65001
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 4.4.4.4
remote-as 65001
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 5.5.5.101
remote-as 65002
update-source loopback101
ebgp-multihop 255
peer-type fabric-external
address-family l2vpn evpn
send-community
send-community extended
rewrite-evpn-rt-asn
neighbor 6.6.6.101
remote-as 65002
update-source loopback101
ebgp-multihop 255
peer-type fabric-external
address-family l2vpn evpn
send-community
send-community extended
rewrite-evpn-rt-asn
neighbor 10.1.1.1
remote-as 65000
update-source Ethernet1/1
address-family ipv4 unicast
next-hop-self

Page | 4
bestpath-network.com

• DC.A-Spine-02

hostname DC.A-Spine-02

ip pim rp-address 1.1.1.10 group-list 224.0.0.0/4

ip pim ssm range 232.0.0.0/8
ip pim anycast-rp 1.1.1.10 2.2.2.2
vlan 1,1000-1002
vlan 1000
vn-segment 100000
vlan 1001
vn-segment 101001
vlan 1002
vn-segment 101002

route-map REDIST-CONNECT permit 10

match tag 8910
vrf context EVPN_Multi-Site
vni 100000
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn

hardware access-list tcam region racl 512

hardware access-list tcam region arp-ether 256 double-wide

interface Vlan1000
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip forward
no ipv6 redirects

interface Ethernet1/2

Page | 5
bestpath-network.com

no switchport
mtu 9000
ip address 10.1.1.6/30
evpn multisite dci-tracking
no shutdown

interface Ethernet1/4
no switchport
mtu 9000
ip address 10.0.1.9/30
ip router isis UNDERLAY
ip pim sparse-mode
evpn multisite fabric-tracking
no shutdown

interface Ethernet1/6
no switchport
mtu 9000
ip address 10.0.1.13/30
ip router isis UNDERLAY
ip pim sparse-mode
evpn multisite fabric-tracking
no shutdown

interface loopback0
ip address 2.2.2.2/32
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback1
description Anycast-RP
ip address 1.1.1.10/32
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback101
ip address 2.2.2.101/32 tag 8910
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback102
ip address 2.2.2.102/32 tag 8910
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback103
description Anycast-VTEP-Multi_Site
ip address 1.1.1.103/32 tag 8910
ip router isis UNDERLAY
ip pim sparse-mode

boot nxos bootflash:/nxos.9.3.3.bin sup-1

router isis UNDERLAY
net 49.0000.0000.0000.0000.0222.00
is-type level-2
router bgp 65001
router-id 2.2.2.2
address-family ipv4 unicast
redistribute direct route-map REDIST-CONNECT
maximum-paths 64
address-family l2vpn evpn

Page | 6
bestpath-network.com

neighbor 3.3.3.3
remote-as 65001
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 4.4.4.4
remote-as 65001
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 5.5.5.101
remote-as 65002
update-source loopback101
ebgp-multihop 255
peer-type fabric-external
address-family l2vpn evpn
send-community
send-community extended
rewrite-evpn-rt-asn
neighbor 6.6.6.101
remote-as 65002
update-source loopback101
ebgp-multihop 255
peer-type fabric-external
address-family l2vpn evpn
send-community
send-community extended
rewrite-evpn-rt-asn
neighbor 10.1.1.5
remote-as 65000
update-source Ethernet1/2
address-family ipv4 unicast
next-hop-self

Page | 7
bestpath-network.com

• DC.A-Leaf-01

hostname DC.A-Leaf-01

feature telnet
nv overlay evpn
feature bgp
feature pim
feature isis
feature fabric forwarding
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay

fabric forwarding anycast-gateway-mac 0000.1111.1111

ip pim rp-address 1.1.1.10 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
vlan 1,1000-1002
vlan 1000
vn-segment 100000
vlan 1001
vn-segment 101001
vlan 1002
vn-segment 101002

vrf context EVPN_Multi-Site

vni 100000
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn

hardware access-list tcam region racl 512

hardware access-list tcam region arp-ether 256 double-wide

interface Vlan1000
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip forward
no ipv6 redirects

interface Vlan1001
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip address 172.16.101.1/24
no ipv6 redirects
fabric forwarding mode anycast-gateway

interface Vlan1002
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip address 172.16.102.1/24
no ipv6 redirects
fabric forwarding mode anycast-gateway

Page | 8
bestpath-network.com

interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 100000 associate-vrf
member vni 101001
suppress-arp
mcast-group 239.0.0.1
member vni 101002
suppress-arp
mcast-group 239.0.0.1

interface Ethernet1/1
switchport access vlan 1001
spanning-tree port type edge

interface Ethernet1/4
no switchport
mtu 9000
ip address 10.0.1.10/30
ip router isis UNDERLAY
ip pim sparse-mode
no shutdown

interface Ethernet1/5
no switchport
mtu 9000
ip address 10.0.1.2/30
ip router isis UNDERLAY
ip pim sparse-mode
no shutdown

interface loopback0
ip address 3.3.3.3/32
ip router isis UNDERLAY
ip pim sparse-mode

boot nxos bootflash:/nxos.9.3.3.bin sup-1

router isis UNDERLAY
net 49.0000.0000.0000.0000.0333.00
is-type level-2
router bgp 65001
router-id 3.3.3.3
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 1.1.1.1
remote-as 65001
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
neighbor 2.2.2.2
remote-as 65001
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
vrf EVPN_Multi-Site
address-family ipv4 unicast

Page | 9
bestpath-network.com

advertise l2vpn evpn

evpn
vni 101001 l2
rd auto
route-target import auto
route-target export auto
vni 101002 l2
rd auto
route-target import auto
route-target export auto

• DC.A-Leaf-02

hostname DC.A-Leaf-02

feature telnet
nv overlay evpn
feature bgp
feature pim
feature isis
feature fabric forwarding
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay

fabric forwarding anycast-gateway-mac 0000.1111.1111

ip pim rp-address 1.1.1.10 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
vlan 1,1000-1002
vlan 1000
vn-segment 100000
vlan 1001
vn-segment 101001
vlan 1002
vn-segment 101002

vrf context EVPN_Multi-Site

vni 100000
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn

hardware access-list tcam region racl 512

hardware access-list tcam region arp-ether 256 double-wide

interface Vlan1000
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip forward
no ipv6 redirects

interface Vlan1001
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip address 172.16.101.1/24

Page | 10
bestpath-network.com

no ipv6 redirects
fabric forwarding mode anycast-gateway

interface Vlan1002
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip address 172.16.102.1/24
no ipv6 redirects
fabric forwarding mode anycast-gateway

interface Ethernet1/1
switchport access vlan 1002
spanning-tree port type edge

interface Ethernet1/3
no switchport
mtu 9000
ip address 10.0.1.6/30
ip router isis UNDERLAY
ip pim sparse-mode
no shutdown

interface Ethernet1/6
no switchport
mtu 9000
ip address 10.0.1.14/30
ip router isis UNDERLAY
ip pim sparse-mode
no shutdown

interface loopback0
ip address 4.4.4.4/32
ip router isis UNDERLAY
ip pim sparse-mode

boot nxos bootflash:/nxos.9.3.3.bin sup-1

router isis UNDERLAY
net 49.0000.0000.0000.0000.0444.00
is-type level-2
router bgp 65001
router-id 4.4.4.4
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 1.1.1.1
remote-as 65001
update-source loopback0
address-family ipv4 unicast

Page | 11
bestpath-network.com

address-family l2vpn evpn

send-community
send-community extended
neighbor 2.2.2.2
remote-as 65001
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
vrf EVPN_Multi-Site
address-family ipv4 unicast
advertise l2vpn evpn
evpn
vni 101001 l2
rd auto
route-target import auto
route-target export auto
vni 101002 l2
rd auto
route-target import auto
route-target export auto

• DC.B-Spine-01

hostname DC.B-Spine-01

ip pim rp-address 5.5.5.10 group-list 224.0.0.0/4

ip pim ssm range 232.0.0.0/8
ip pim anycast-rp 5.5.5.10 5.5.5.5
vlan 1,1000-1002
vlan 1000
vn-segment 100000
vlan 1001
vn-segment 101001
vlan 1002
vn-segment 101002

route-map REDIST-CONNECT permit 10

match tag 8910
vrf context EVPN_Multi-Site
vni 100000
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn

hardware access-list tcam region racl 512

Page | 12
bestpath-network.com

hardware access-list tcam region arp-ether 256 double-wide

interface Vlan1000
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip forward
no ipv6 redirects

interface Ethernet1/1
no switchport
mtu 9000
ip address 10.1.2.2/30
evpn multisite dci-tracking
no shutdown

interface Ethernet1/3
no switchport
mtu 9000
ip address 10.0.2.5/30
ip router isis UNDERLAY
ip pim sparse-mode
evpn multisite fabric-tracking
no shutdown

interface Ethernet1/5
no switchport
mtu 9000
ip address 10.0.2.1/30
ip router isis UNDERLAY
ip pim sparse-mode
evpn multisite fabric-tracking
no shutdown

interface loopback0
ip address 5.5.5.5/32
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback1
description Anycast-RP
ip address 5.5.5.10/32
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback101
ip address 5.5.5.101/32 tag 8910

Page | 13
bestpath-network.com

ip router isis UNDERLAY

ip pim sparse-mode

interface loopback102
ip address 5.5.5.102/32 tag 8910
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback103
description Anycast-VTEP-Multi_Site
ip address 5.5.5.103/32 tag 8910
ip router isis UNDERLAY
ip pim sparse-mode

boot nxos bootflash:/nxos.9.3.3.bin sup-1

router isis UNDERLAY
net 49.0000.0000.0000.0000.0555.00
is-type level-2
router bgp 65002
router-id 5.5.5.5
address-family ipv4 unicast
redistribute direct route-map REDIST-CONNECT
maximum-paths 64
address-family l2vpn evpn
neighbor 1.1.1.101
remote-as 65001
update-source loopback101
ebgp-multihop 255
peer-type fabric-external
address-family l2vpn evpn
send-community
send-community extended
rewrite-evpn-rt-asn
neighbor 2.2.2.101
remote-as 65001
update-source loopback101
ebgp-multihop 255
peer-type fabric-external
address-family l2vpn evpn
send-community
send-community extended
rewrite-evpn-rt-asn
neighbor 7.7.7.7
remote-as 65002
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 8.8.8.8
remote-as 65002
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 10.1.2.1
remote-as 65000
update-source Ethernet1/1

Page | 14
bestpath-network.com

address-family ipv4 unicast

next-hop-self

• DC.B-Spine-02

hostname DC.B-Spine-02

ip pim rp-address 5.5.5.10 group-list 224.0.0.0/4

ip pim ssm range 232.0.0.0/8
ip pim anycast-rp 5.5.5.10 6.6.6.6
vlan 1,1000-1002
vlan 1000
vn-segment 100000
vlan 1001
vn-segment 101001
vlan 1002
vn-segment 101002

route-map REDIST-CONNECT permit 10

match tag 8910
vrf context EVPN_Multi-Site
vni 100000
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn

hardware access-list tcam region racl 512

hardware access-list tcam region arp-ether 256 double-wide

interface Vlan1000
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip forward
no ipv6 redirects

interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback102
multisite border-gateway interface loopback103
member vni 100000 associate-vrf
member vni 101001
suppress-arp
multisite ingress-replication
ingress-replication protocol bgp

Page | 15
bestpath-network.com

member vni 101002

suppress-arp
multisite ingress-replication
ingress-replication protocol bgp

interface Ethernet1/2
no switchport
mtu 9000
ip address 10.1.2.6/30
evpn multisite dci-tracking
no shutdown

interface Ethernet1/4
no switchport
mtu 9000
ip address 10.0.2.9/30
ip router isis UNDERLAY
ip pim sparse-mode
evpn multisite fabric-tracking
no shutdown

interface Ethernet1/6
no switchport
mtu 9000
ip address 10.0.2.13/30
ip router isis UNDERLAY
ip pim sparse-mode
evpn multisite fabric-tracking
no shutdown

interface loopback0
ip address 6.6.6.6/32
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback1
description Anycast-RP
ip address 5.5.5.10/32
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback101
ip address 6.6.6.101/32 tag 8910
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback102
ip address 6.6.6.102/32 tag 8910
ip router isis UNDERLAY
ip pim sparse-mode

interface loopback103
description Anycast-VTEP-Multi_Site
ip address 5.5.5.103/32 tag 8910
ip router isis UNDERLAY
ip pim sparse-mode

boot nxos bootflash:/nxos.9.3.3.bin sup-1

router isis UNDERLAY
net 49.0000.0000.0000.0000.0666.00
is-type level-2

Page | 16
bestpath-network.com

router bgp 65002

router-id 6.6.6.6
address-family ipv4 unicast
redistribute direct route-map REDIST-CONNECT
maximum-paths 64
address-family l2vpn evpn
neighbor 1.1.1.101
remote-as 65001
update-source loopback101
ebgp-multihop 255
peer-type fabric-external
address-family l2vpn evpn
send-community
send-community extended
rewrite-evpn-rt-asn
neighbor 2.2.2.101
remote-as 65001
update-source loopback101
ebgp-multihop 255
peer-type fabric-external
address-family l2vpn evpn
send-community
send-community extended
rewrite-evpn-rt-asn
neighbor 7.7.7.7
remote-as 65002
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 8.8.8.8
remote-as 65002
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 10.1.2.5
remote-as 65000
update-source Ethernet1/2
address-family ipv4 unicast
next-hop-self

• DC.B-Leaf-01

hostname DC.B-Leaf-01

feature telnet
nv overlay evpn
feature bgp
feature pim
feature isis
feature fabric forwarding
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay

Page | 17
bestpath-network.com

fabric forwarding anycast-gateway-mac 0000.1111.1111

ip pim rp-address 5.5.5.10 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
vlan 1,1000-1002
vlan 1000
vn-segment 100000
vlan 1001
vn-segment 101001
vlan 1002
vn-segment 101002

vrf context EVPN_Multi-Site

vni 100000
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn

hardware access-list tcam region racl 512

hardware access-list tcam region arp-ether 256 double-wide

interface Vlan1000
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip forward
no ipv6 redirects

interface Vlan1001
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip address 172.16.101.1/24
no ipv6 redirects
fabric forwarding mode anycast-gateway

interface Vlan1002
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip address 172.16.102.1/24
no ipv6 redirects
fabric forwarding mode anycast-gateway

interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 100000 associate-vrf
member vni 101001
suppress-arp
mcast-group 239.100.1.1
member vni 101002
suppress-arp
mcast-group 239.100.1.1

interface Ethernet1/1
switchport access vlan 1001

Page | 18
bestpath-network.com

spanning-tree port type edge

interface Ethernet1/4
no switchport
mtu 9000
ip address 10.0.2.10/30
ip router isis UNDERLAY
ip pim sparse-mode
no shutdown

interface Ethernet1/5
no switchport
mtu 9000
ip address 10.0.2.2/30
ip router isis UNDERLAY
ip pim sparse-mode
no shutdown

interface loopback0
ip address 7.7.7.7/32
ip router isis UNDERLAY
ip pim sparse-mode

boot nxos bootflash:/nxos.9.3.3.bin sup-1

router isis UNDERLAY
net 49.0000.0000.0000.0000.0777.00
is-type level-2
router bgp 65002
router-id 7.7.7.7
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 5.5.5.5
remote-as 65002
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
neighbor 6.6.6.6
remote-as 65002
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
vrf EVPN_Multi-Site
address-family ipv4 unicast
advertise l2vpn evpn
evpn
vni 101001 l2
rd auto
route-target import auto
route-target export auto
vni 101002 l2
rd auto
route-target import auto
route-target export auto

Page | 19
bestpath-network.com

• DC.B-Leaf-02

hostname DC.B-Leaf-02

feature telnet
nv overlay evpn
feature bgp
feature pim
feature isis
feature fabric forwarding
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay

fabric forwarding anycast-gateway-mac 0000.1111.1111

ip pim rp-address 5.5.5.10 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
vlan 1,1000-1002
vlan 1000
vn-segment 100000
vlan 1001
vn-segment 101001
vlan 1002
vn-segment 101002

vrf context EVPN_Multi-Site

vni 100000
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
vrf context management
hardware access-list tcam region racl 512
hardware access-list tcam region arp-ether 256 double-wide

interface Vlan1000
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip forward
no ipv6 redirects

interface Vlan1001
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip address 172.16.101.1/24
no ipv6 redirects
fabric forwarding mode anycast-gateway

interface Vlan1002
no shutdown
mtu 9216
vrf member EVPN_Multi-Site
no ip redirects
ip address 172.16.102.1/24
no ipv6 redirects
fabric forwarding mode anycast-gateway

Page | 20
bestpath-network.com

interface Ethernet1/1
switchport access vlan 1002
spanning-tree port type edge

interface Ethernet1/3
no switchport
mtu 9000
ip address 10.0.2.6/30
ip router isis UNDERLAY
ip pim sparse-mode
no shutdown

interface Ethernet1/6
no switchport
mtu 9000
ip address 10.0.2.14/30
ip router isis UNDERLAY
ip pim sparse-mode
no shutdown

interface loopback0
ip address 8.8.8.8/32
ip router isis UNDERLAY
ip pim sparse-mode

boot nxos bootflash:/nxos.9.3.3.bin sup-1

router isis UNDERLAY
net 49.0000.0000.0000.0000.0888.00
is-type level-2
router bgp 65002
router-id 8.8.8.8
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 5.5.5.5
remote-as 65002
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
neighbor 6.6.6.6
remote-as 65002
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
vrf EVPN_Multi-Site
address-family ipv4 unicast

Page | 21
bestpath-network.com

advertise l2vpn evpn

evpn
vni 101001 l2
rd auto
route-target import auto
route-target export auto
vni 101002 l2
rd auto
route-target import auto
route-target export auto

• DC.A-BGW-01

hostname DC.A-BGW-01

interface Loopback0
no shutdown
ip address 10.10.10.10 255.255.255.255

interface GigabitEthernet0/0
no shutdown
mtu 9000
ip address 30.0.1.1 255.255.255.252
duplex auto
speed auto
media-type rj45

interface GigabitEthernet0/1
no shutdown
mtu 9000
ip address 10.1.1.1 255.255.255.252
duplex auto
speed auto
media-type rj45

interface GigabitEthernet0/2
no shutdown
mtu 9000
ip address 10.1.1.5 255.255.255.252
duplex auto
speed auto
media-type rj45

router bgp 65000

bgp router-id 10.10.10.10
bgp log-neighbor-changes
redistribute connected
redistribute static
neighbor 10.1.1.2 remote-as 65001
neighbor 10.1.1.2 next-hop-self
neighbor 10.1.1.2 soft-reconfiguration inbound
neighbor 10.1.1.6 remote-as 65001
neighbor 10.1.1.6 next-hop-self
neighbor 10.1.1.6 soft-reconfiguration inbound
neighbor 20.20.20.20 remote-as 65000
neighbor 20.20.20.20 update-source Loopback0
neighbor 20.20.20.20 soft-reconfiguration inbound

ip route 20.20.20.20 255.255.255.255 30.0.1.2

Page | 22
bestpath-network.com

• DC.B-BGW-01

hostname DC.B-BGW-01

interface Loopback0
no shutdown
ip address 20.20.20.20 255.255.255.255

interface GigabitEthernet0/1
no shutdown
mtu 9000
ip address 10.1.2.1 255.255.255.252
duplex auto
speed auto
media-type rj45

interface GigabitEthernet0/2
no shutdown
mtu 9000
ip address 10.1.2.5 255.255.255.252
duplex auto
speed auto
media-type rj45

interface GigabitEthernet0/3
no shutdown
mtu 9000
ip address 30.0.1.2 255.255.255.252
duplex auto
speed auto
media-type rj45

router bgp 65000

bgp router-id 20.20.20.20
bgp log-neighbor-changes
redistribute connected
redistribute static
neighbor 10.1.2.2 remote-as 65002
neighbor 10.1.2.2 next-hop-self
neighbor 10.1.2.2 soft-reconfiguration inbound
neighbor 10.1.2.6 remote-as 65002
neighbor 10.1.2.6 next-hop-self
neighbor 10.1.2.6 soft-reconfiguration inbound
neighbor 10.10.10.10 remote-as 65000
neighbor 10.10.10.10 update-source Loopback0
neighbor 10.10.10.10 soft-reconfiguration inbound

ip route 10.10.10.10 255.255.255.255 30.0.1.1

Page | 23
bestpath-network.com

• WAN Private

hostname Switch

interface GigabitEthernet0/0
no shutdown
mtu 9000
media-type rj45
negotiation auto

interface GigabitEthernet0/3
no shutdown
mtu 9000
media-type rj45
negotiation auto

• Example Verification
a. Verification IS-IS routing protocol

For this verification, you can use command show isis adjacency and make
sure stete of ISIS neighbor is “UP”
b. Verification MP-BGP for L2VPN EVPN
On this lab, we have two BGP neighbor, neighbor IPv4 unicast & neighbor for
EVPN. So we for this verification we can use “show bgp ipv4 unicast
summary” to verify BGP IPv4 stete

“show bgp l2vpn evpn summary” to verify EVPN state.

Page | 24
bestpath-network.com

Make sure BGP IPv4 unicsat & EVPN are established.

Because we use VxLAN-EVPN, the prefix that will appear more in
the BGP EVPN table.
make sure the BGP EVPN status on the spine for the internal fabric
and for multi-site has been established, because this BGP EVPN will
be used to exchange routing between DC.A & DC.B
c. Verification VTEP for multi-site

Make sure the admin & oper status is "UP" and multi-site
VTEP verification we can check on the spine device because this
spine will communicate directly between DC.A and DC.B

Page | 25
bestpath-network.com

if the oper status is “down”, make sure the BGP is used between DC.A
& DC.B is established, and make sure the spine DC.A & DC.B loopback
102 & 103 can communicate.
d. verification EVPN table

For this verification, you can use the command "show bgp l2vpn evpn"
And in this table, you can see prefixes from clients advertised by
leaf devices into EVPN.
e. verification L2ROUTE
On this l2route, you can see IP as well as client mac address
advertised by leaf device to EVPN, in this table all prefixes
advertised from local DC or remote DC will appear.
And it can be confirmed when the prefix client is from DC.A
(172.16.101.100 & 172.16.102.100) appears here, it means that our
multi-site configuration has been successful and the clients between
DC.A & DC.B can communicate with each other.

Page | 26
bestpath-network.com

The red mark is the prefix that comes from DC.A

And to make sure again, you can check on the next-hop section, where
the prefix comes from.
f. verification between client under DC.A & DC.B

You can see the IP configuration used by the client in the topology

VLAN-1001 client on DC.A can communicate with VLAN-1001 & VLAN-1002

clients on DC.B.

Page | 27

Vlan
100% (2)
Vlan
93 pages
ZXA10 C300 Configuration Manual
69% (13)
ZXA10 C300 Configuration Manual
301 pages
Arista Layer 2 VTEP EVPN VxLAN Route Type-1 Support
No ratings yet
Arista Layer 2 VTEP EVPN VxLAN Route Type-1 Support
49 pages
Routing Policy
No ratings yet
Routing Policy
2,936 pages
ICND1 Practice Exam
100% (2)
ICND1 Practice Exam
208 pages
ICND1 Practice Exam
100% (2)
ICND1 Practice Exam
208 pages
Config Guide Policy PDF
No ratings yet
Config Guide Policy PDF
2,720 pages
BGP Mpls With Evpn 1677998611
No ratings yet
BGP Mpls With Evpn 1677998611
58 pages
L3EVPN
No ratings yet
L3EVPN
21 pages
Virtual Networking Concepts
100% (4)
Virtual Networking Concepts
12 pages
Fabric Connect (SPBM) & DCN
No ratings yet
Fabric Connect (SPBM) & DCN
47 pages
Part-05 (l2 Vxlan Configuration Using MP-BGP Evpn)
No ratings yet
Part-05 (l2 Vxlan Configuration Using MP-BGP Evpn)
23 pages
3.5.2.4 Packet Tracer - Learn To Use Packet Tracer
100% (1)
3.5.2.4 Packet Tracer - Learn To Use Packet Tracer
2 pages
JNCIE-SP-12.a LG v2
No ratings yet
JNCIE-SP-12.a LG v2
296 pages
JMF 15.a SG
100% (1)
JMF 15.a SG
374 pages
Border
No ratings yet
Border
12 pages
Presentation On TCP-IP Vulnerabilities
88% (8)
Presentation On TCP-IP Vulnerabilities
35 pages
Day One:: Junos Pyez Cookbook
No ratings yet
Day One:: Junos Pyez Cookbook
200 pages
Implementing BGP EVPN On IOS-XR
No ratings yet
Implementing BGP EVPN On IOS-XR
16 pages
CUBE Configuration Guide
No ratings yet
CUBE Configuration Guide
930 pages
JN0 664 Demo
No ratings yet
JN0 664 Demo
9 pages
3 Ieee802 3
No ratings yet
3 Ieee802 3
3 pages
NACC SG 2of2
No ratings yet
NACC SG 2of2
288 pages
Evpn Vxlan Interop Between Nxos and Junos Os - 230521 - 053618
No ratings yet
Evpn Vxlan Interop Between Nxos and Junos Os - 230521 - 053618
68 pages
MobaXterm R1 20240206 091919
No ratings yet
MobaXterm R1 20240206 091919
5 pages
Flexibilis Redundant Switch (FRS) : Manual
No ratings yet
Flexibilis Redundant Switch (FRS) : Manual
68 pages
Windows Server 2008 r2 Interview Questions and Answers Part1
No ratings yet
Windows Server 2008 r2 Interview Questions and Answers Part1
6 pages
Engineer
No ratings yet
Engineer
104 pages
Building Data Centers With VXLAN BGP EVPN A Cisco NX-OS Perspective - 401-End
No ratings yet
Building Data Centers With VXLAN BGP EVPN A Cisco NX-OS Perspective - 401-End
77 pages
Brkaci 2301
No ratings yet
Brkaci 2301
133 pages
ADC Guide
No ratings yet
ADC Guide
122 pages
PracticeExam 2016
No ratings yet
PracticeExam 2016
6 pages
Design and Simulation of A Banking Netwo
No ratings yet
Design and Simulation of A Banking Netwo
13 pages
Binatone User Guide
No ratings yet
Binatone User Guide
8 pages
AJSPR 10.a-R LGD PDF
No ratings yet
AJSPR 10.a-R LGD PDF
304 pages
GOLF Configuration Steps
No ratings yet
GOLF Configuration Steps
40 pages
Cisco H VXLAN Sd-Wan EVE UD v1
No ratings yet
Cisco H VXLAN Sd-Wan EVE UD v1
54 pages
Entropy Label With EVPN Deep-Dive Technical Presentation
No ratings yet
Entropy Label With EVPN Deep-Dive Technical Presentation
22 pages
dc2 n7k1
No ratings yet
dc2 n7k1
5 pages
CN Lab Assignment 10
No ratings yet
CN Lab Assignment 10
6 pages
UCOPIA White Paper PDF
100% (1)
UCOPIA White Paper PDF
85 pages
Guide For Junos Upgrade
No ratings yet
Guide For Junos Upgrade
19 pages
Cisco Catalyst QoS Simplified Presentation
No ratings yet
Cisco Catalyst QoS Simplified Presentation
58 pages
Configuration and Verification VXLAN Wit
No ratings yet
Configuration and Verification VXLAN Wit
19 pages
Brkewn-3011 Troubleshooting Wireless Lans With Centralized Controllers1
No ratings yet
Brkewn-3011 Troubleshooting Wireless Lans With Centralized Controllers1
120 pages
CFM Tac Toi1
No ratings yet
CFM Tac Toi1
161 pages
The All New Switch Book (Dragged)
No ratings yet
The All New Switch Book (Dragged)
1 page
JSEC 12.a-R LD PDF
No ratings yet
JSEC 12.a-R LD PDF
16 pages
Chapter 10: Planning and Cabling Networks
No ratings yet
Chapter 10: Planning and Cabling Networks
5 pages
Using Rib-Groups or Auto-Export For Route Leaking - J-Net Community
No ratings yet
Using Rib-Groups or Auto-Export For Route Leaking - J-Net Community
8 pages
Moquery Cheat Sheet: Bridge Domain
No ratings yet
Moquery Cheat Sheet: Bridge Domain
6 pages
Command Line Interface Cross-Reference Guide: Extremexos, Eos, Voss, Boss, Cisco Ios
No ratings yet
Command Line Interface Cross-Reference Guide: Extremexos, Eos, Voss, Boss, Cisco Ios
120 pages
SG 010 Contrail Networking Arch Guide
No ratings yet
SG 010 Contrail Networking Arch Guide
53 pages
PPPoE Layer 3 Wholesale For Subscriber Services Feature Guide - 13.3
No ratings yet
PPPoE Layer 3 Wholesale For Subscriber Services Feature Guide - 13.3
196 pages
PT Activity 1.3.1: Review of Concepts From Exploration 1: Topology Diagram
No ratings yet
PT Activity 1.3.1: Review of Concepts From Exploration 1: Topology Diagram
3 pages
ACN FILE KC
No ratings yet
ACN FILE KC
59 pages
Jncia Lab Guide
No ratings yet
Jncia Lab Guide
18 pages
CCNP SP Adv Route Configurations
No ratings yet
CCNP SP Adv Route Configurations
41 pages
Trouble Ticket Labs
100% (2)
Trouble Ticket Labs
15 pages
Trouble Ticket Labs
100% (2)
Trouble Ticket Labs
15 pages
CCNA301 Module1 PDF
No ratings yet
CCNA301 Module1 PDF
37 pages
Juniper Networks - (M - MX - T-Series) Troubleshooting Checklist - Routing Engine High CPU
No ratings yet
Juniper Networks - (M - MX - T-Series) Troubleshooting Checklist - Routing Engine High CPU
5 pages
Fabric Path Switching
No ratings yet
Fabric Path Switching
1 page
CSPF
No ratings yet
CSPF
38 pages
(Updated Constantly) : CCNA 1 (v5.1 + v6.0) Chapter 6 Exam Answers Full
No ratings yet
(Updated Constantly) : CCNA 1 (v5.1 + v6.0) Chapter 6 Exam Answers Full
16 pages
(3-In-1 Combo Package) : Cisco ACI + Cisco SDWAN + Cisco NEXUS
No ratings yet
(3-In-1 Combo Package) : Cisco ACI + Cisco SDWAN + Cisco NEXUS
11 pages
DO Deploying Basic QoS
100% (1)
DO Deploying Basic QoS
66 pages
B Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide 7x Chapter 0100
No ratings yet
B Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide 7x Chapter 0100
44 pages
(Fortigate) Summary of Various Status Confirmation Commands in Cli
No ratings yet
(Fortigate) Summary of Various Status Confirmation Commands in Cli
16 pages
Determine The Class of Your Network.: 2 - 2 Number of Subnets Required
No ratings yet
Determine The Class of Your Network.: 2 - 2 Number of Subnets Required
8 pages
Www.98t.la@ SexuallyBroken
No ratings yet
Www.98t.la@ SexuallyBroken
8 pages
Isis
No ratings yet
Isis
57 pages
Next-Generation switching OS configuration and management: Troubleshooting NX-OS in Enterprise Environments
From Everand
Next-Generation switching OS configuration and management: Troubleshooting NX-OS in Enterprise Environments
Mamta Devi
No ratings yet
Juniper MPLS
No ratings yet
Juniper MPLS
9 pages
Infusion Zebos Advanced Routing Suite: June, 2003
No ratings yet
Infusion Zebos Advanced Routing Suite: June, 2003
118 pages
Network Flow Analysis
No ratings yet
Network Flow Analysis
51 pages
Ans - Internet MCQ
No ratings yet
Ans - Internet MCQ
4 pages
Configuring Inter-AS VPN Option C in Multivendor Environment
No ratings yet
Configuring Inter-AS VPN Option C in Multivendor Environment
27 pages
JSEC EX InstructorNotes 30may2010
No ratings yet
JSEC EX InstructorNotes 30may2010
9 pages
BGP Labeled-Unicast, On Juniper Routers
No ratings yet
BGP Labeled-Unicast, On Juniper Routers
8 pages
UCPE (4) UCPE Acting As Remote Inet GW
No ratings yet
UCPE (4) UCPE Acting As Remote Inet GW
13 pages
LTRSEC-3001 FTD Integration in ACI Aug 2019
No ratings yet
LTRSEC-3001 FTD Integration in ACI Aug 2019
68 pages
Nexus 7000 FAQ
No ratings yet
Nexus 7000 FAQ
11 pages
Auto Export Understanding PDF
No ratings yet
Auto Export Understanding PDF
12 pages
IOS XR Routing Policy Language
No ratings yet
IOS XR Routing Policy Language
17 pages
10.a-R LD
No ratings yet
10.a-R LD
14 pages
Auto Export Understanding
No ratings yet
Auto Export Understanding
12 pages
AMR-300 VNPT - User - Manual - Rev2.01
No ratings yet
AMR-300 VNPT - User - Manual - Rev2.01
70 pages
Cheat
No ratings yet
Cheat
1 page
Technical Test
No ratings yet
Technical Test
4 pages
Jncis SP
No ratings yet
Jncis SP
3 pages
Mini Project Sem 2 ACN 1
No ratings yet
Mini Project Sem 2 ACN 1
21 pages
H3C绿洲平台无线部署手册 5W100 正文
No ratings yet
H3C绿洲平台无线部署手册 5W100 正文
55 pages
BGP Peers
No ratings yet
BGP Peers
4 pages
Safely Debug IOS
No ratings yet
Safely Debug IOS
8 pages
Security Advisory Remote IO Fieldbus Couplers IP20 Affected by INFRA HALT Vulnerabilities
No ratings yet
Security Advisory Remote IO Fieldbus Couplers IP20 Affected by INFRA HALT Vulnerabilities
3 pages
Advanced Modelling and Simulation Methods For Communication Networks
No ratings yet
Advanced Modelling and Simulation Methods For Communication Networks
6 pages
Unit 4 CN
No ratings yet
Unit 4 CN
2 pages

Vxlan Evpn Notes

Uploaded by

Vxlan Evpn Notes

Uploaded by

bestpath-network.

VxLAN BGP EVPN MULTI-SITE

For some reason, I changed the topology from my previous post.

ip pim rp-address 1.1.1.10 group-list 224.0.0.0/4

route-map REDIST-CONNECT permit 10

hardware access-list tcam region racl 512

boot nxos bootflash:/nxos.9.3.3.bin sup-1

ip pim rp-address 1.1.1.10 group-list 224.0.0.0/4

route-map REDIST-CONNECT permit 10

hardware access-list tcam region racl 512

boot nxos bootflash:/nxos.9.3.3.bin sup-1

fabric forwarding anycast-gateway-mac 0000.1111.1111

vrf context EVPN_Multi-Site

hardware access-list tcam region racl 512

boot nxos bootflash:/nxos.9.3.3.bin sup-1

advertise l2vpn evpn

fabric forwarding anycast-gateway-mac 0000.1111.1111

vrf context EVPN_Multi-Site

hardware access-list tcam region racl 512

boot nxos bootflash:/nxos.9.3.3.bin sup-1

address-family l2vpn evpn

ip pim rp-address 5.5.5.10 group-list 224.0.0.0/4

route-map REDIST-CONNECT permit 10

hardware access-list tcam region racl 512

hardware access-list tcam region arp-ether 256 double-wide

ip router isis UNDERLAY

boot nxos bootflash:/nxos.9.3.3.bin sup-1

address-family ipv4 unicast

ip pim rp-address 5.5.5.10 group-list 224.0.0.0/4

route-map REDIST-CONNECT permit 10

hardware access-list tcam region racl 512

member vni 101002

boot nxos bootflash:/nxos.9.3.3.bin sup-1

router bgp 65002

fabric forwarding anycast-gateway-mac 0000.1111.1111

vrf context EVPN_Multi-Site

hardware access-list tcam region racl 512

spanning-tree port type edge

boot nxos bootflash:/nxos.9.3.3.bin sup-1

fabric forwarding anycast-gateway-mac 0000.1111.1111

vrf context EVPN_Multi-Site

boot nxos bootflash:/nxos.9.3.3.bin sup-1

advertise l2vpn evpn

router bgp 65000

ip route 20.20.20.20 255.255.255.255 30.0.1.2

router bgp 65000

ip route 10.10.10.10 255.255.255.255 30.0.1.1

“show bgp l2vpn evpn summary” to verify EVPN state.

Make sure BGP IPv4 unicsat & EVPN are established.

The red mark is the prefix that comes from DC.A

VLAN-1001 client on DC.A can communicate with VLAN-1001 & VLAN-1002

You might also like