0% found this document useful (0 votes)

20 views592 pages

Ocnos DC Vxlan Guide

The Virtual Extensible Local Area Network Guide by IP Infusion Inc. provides comprehensive documentation on VxLAN technology, including configuration, command line interface, and various network setups. It contains detailed chapters on topics such as data forwarding, VLAN mapping, and quality of service configuration. The document is proprietary and subject to licensing agreements, with support contact information provided.

Uploaded by

kolossemoreno

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

20 views592 pages

Ocnos DC Vxlan Guide

Uploaded by

kolossemoreno

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 592

Virtual Extensible Local Area Network Guide

November 2024

IP Infusion Inc. Proprietary

This documentation is subject to change without notice. The software described in this document and this documentation
are furnished under a license agreement or nondisclosure agreement. The software and documentation may be used or
copied only in accordance with the terms of the applicable agreement. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and
recording for any purpose other than the purchaser's internal use without the written permission of IP Infusion Inc.

IP Infusion Inc.
3979 Freedom Circle
Suite 900
Santa Clara, California 95054
http://www.ipinfusion.com/

For support, questions, or comments via E-mail, contact:

[email protected]

Trademarks:
IP Infusion and OcNOS are trademarks or registered trademarks of IP Infusion. All other trademarks, service marks,
registered trademarks, or registered service marks are the property of their respective owners.

Use of certain software included in this equipment is subject to the IP Infusion, Inc. End User License Agreement at http://
www.ipinfusion.com/license. By using the equipment, you accept the terms of the End User License Agreement.

IP Infusion Inc. Proprietary 2

Contents

Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
IP Maestro Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Chapter Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Migration Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Feature Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Command Line Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Command Line Interface Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Command Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Command Line Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Command Negation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Variable Placeholders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Command Description Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Keyboard Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Show Command Modifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
String Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Transaction-based Command-line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Virtual eXtensible Local Area Network Configuration . . . . . . . . . . . . . . . . . . . . 21

CHAPTER 1 VxLAN Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

VxLAN - Data Forwarding Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

CHAPTER 1 VxLAN Unicast Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Port Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Intermediate Non-VxLAN Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

CHAPTER 2 VLAN to VNID Mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
VLAN VNID Mapping Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

VxLAN - Ethernet Virtual Private Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

© 2024 IP Infusion Inc. Proprietary 3

Contents

CHAPTER 1 VXLAN-EVPN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
LAG as Access Port with ECMP on the Network Side . . . . . . . . . . . . . . . . . . . . . . . . . .55

CHAPTER 2 VXLAN Multi-homing Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . 71

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

CHAPTER 3 VXLAN Hybrid Access Port Configuration. . . . . . . . . . . . . . . . . . . . 108

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
CHAPTER 4 VXLAN Trunk Access Port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120

CHAPTER 5 EVPN-VXLAN Hybrid Port Support . . . . . . . . . . . . . . . . . . . . . . . . . 141

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
VXLAN-EVPN Hybrid Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

CHAPTER 6 VXLAN Quality of Service Configuration . . . . . . . . . . . . . . . . . . . . . 161

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
COS-DSCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161

VxLAN - EVPN with Integrated Routing and Bridging Deployment Mode . . . 172
CHAPTER 1 VXLAN-EVPN with IRB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Base Configuration - L2 VXLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
Centralized Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190
IRB Configuration for Centralized Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190
Anycast Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Distributed Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216
VXLAN IRB ECMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223

CHAPTER 2 EVPN IRB - Anycast Support for Multiple Subnets . . . . . . . . . . . . . 231

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231

CHAPTER 3 VxLAN-EVPN Symmetric IRB Support with Connected host . . . . . 256

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256
Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .262

CHAPTER 4 VXLAN-IRB-Inter-VRF Route Leaking . . . . . . . . . . . . . . . . . . . . . . 263

Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263

CHAPTER 5 DHCP Relay Over IRB Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302

© 2024 IP Infusion Inc. Proprietary 4

Contents

Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .302

CHAPTER 6 VXLAN-EVPN with IRB QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309
Base Configuration - L2 VXLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309
Centralized Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
IRB Configuration for Centralized Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
Anycast Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .331
IRB Configuration for Anycast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .331
Distributed Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .352
IRB QoS Configuration for Distributed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .352

CHAPTER 7 Single Home VxLAN IRB with OSPF or ISIS . . . . . . . . . . . . . . . . . 365

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Topology for OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .366
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .366
Topology for ISIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372
Implementation Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379
New CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379
Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .379
Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .397
Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .397

CHAPTER 8 Multi Home VxLAN-EVPN IRB with OSPF or ISIS . . . . . . . . . . . . . 399

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399
Topology for OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .399
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .400
Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432
Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .432

VxLAN - EVPN for Service Provider Network . . . . . . . . . . . . . . . . . . . . . . . . . . 433

CHAPTER 1 VXLAN EVPN EVC Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 434
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .434
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .434
Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .437

CHAPTER 2 EVPN VXLAN E-Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .446
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .447
Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .451
Implementation Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466
E-Tree CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467
Revised CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .468
Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .468

© 2024 IP Infusion Inc. Proprietary 5

Contents

CHAPTER 3 VXLAN Tunnel Over SVI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470
Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .487

VxLAN Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494

CHAPTER 1 VXLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
arp-cache disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .497
arp-nd flood-suppress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .498
arp-nd refresh timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .499
clear mac address table dynamic vxlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .500
clear nvo vxlan counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .501
clear nvo vxlan tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .502
clear nvo vxlan mac-stale-entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .503
description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .504
dynamic-learning disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .505
encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .506
evpn esi holdtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .507
evpn vxlan multi-homing enable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .508
evpn multi-homed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .509
evpn-vlan-service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .510
garp-gna enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
load-balance rtag7 vxlan inner-l2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .512
load-balance rtag7 vxlan inner-l3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .513
mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .514
mac vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .515
mac-holdtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .516
map vnid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .517
nd-cache disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .518
no nvo vxlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .519
nvo vxlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .520
nvo vxlan id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .521
nvo vxlan access-if . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .523
nvo vxlan mac-ageing-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .525
nvo vxlan max-cache-disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .526
nvo vxlan vtep-ip-global . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .527
show nvo vxlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .528
show nvo vxlan access-if-config. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .530
show nvo vxlan arp-cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531
show nvo vxlan counters access-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .533
show nvo vxlan counters network-port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .536
show nvo vxlan mac-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .538
show nvo vxlan nd-cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .541
show nvo vxlan static host state. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .543
show nvo vxlan tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .545
show running-config nvo vxlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .546

© 2024 IP Infusion Inc. Proprietary 6

Contents

show evpn multi-homing all. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .548

show evpn multihoming-status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .549
show nvo vxlan route-count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .550
show nvo vxlan vni-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .552
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .553
vxlan host-reachability-protocol evpn-bgp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .554
vlan-xlate-1 large . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .555

CHAPTER 2 VXLAN - IRB Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556

evpn irb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .557
evpn irb-forwarding anycast-gateway-mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .558
evpn irb-if-forwarding anycast-gateway-mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .559
interface irb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .560
l3vni . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .561
nvo vxlan irb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .562
show interface irb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .563
show evpn l3vni-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .564
show evpn irb-status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .565
show running-config interface irb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .566

CHAPTER 3 VXLAN Quality of Service Commands . . . . . . . . . . . . . . . . . . . . . . 567

clear nvo vxlan tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .568
cos queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .569
dscp queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570
map qos-profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .571
map qos-profile cos-to-queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .572
map qos-profile queue-color-to-cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .573
nvo vxlan disable-arp-storm-control-for-cpu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .574
nvo vxlan tunnel qos-map-mode cos-dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .575
qos profile cos-to-queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .576
qos profile dscp-to-queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .577
qos profile queue-color-to-cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .578
qos profile queue-color-to-dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .579
queue cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .580
queue dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .581

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582

© 2024 IP Infusion Inc. Proprietary 7

Preface

Preface
This guide describes how to configure OcNOS.

IP Maestro Support
Monitor devices running OcNOS Release 6.3.4-70 and above using IP Maestro software.

Audience
This guide is intended for network administrators and other engineering professionals who configure OcNOS.

Conventions
Table P-1 shows the conventions used in this guide.

Table P-1: Conventions

Convention Description

Italics Emphasized terms; titles of books

Note: Special instructions, suggestions, or warnings

monospaced type Code elements such as commands, parameters, files, and directories

Chapter Organization
The chapters in command references are organized as described in Command Description Format.
The chapters in configuration guides are organized into these major sections:
• An overview that explains a configuration in words
• Topology with a diagram that shows the devices and connections used in the configuration
• Configuration steps in a table for each device where the left-hand side shows the commands you enter and the
right-hand side explains the actions that the commands perform
• Validation which shows commands and their output that verify the configuration

Related Documentation
For information about installing of OcNOS, see the Installation Guide for your platform.

© 2024 IP Infusion Inc. Proprietary 8

Preface

Migration Guide
Check the Migration Guide for configuration changes to make when migrating from one version of OcNOS to another.

Feature Availability
The features described in this document that are available depend upon the OcNOS SKU that you purchased. See the
Application Notes for a description of the OcNOS SKUs.

Support
For support-related questions, contact [email protected].

Comments
If you have comments, or need to report a problem with the content, contact [email protected].

© 2024 IP Infusion Inc. Proprietary 9

Command Line Interface

This chapter introduces the OcNOS Command Line Interface (CLI) and how to use its features.

Overview
You use the CLI to configure, monitor, and maintain OcNOS devices. The CLI is text-based and each command is
usually associated with a specific task.
You can give the commands described in this manual locally from the console of a device running OcNOS or remotely
from a terminal emulator such as putty or xterm. You can also use the commands in scripts to automate
configuration tasks.

Command Line Interface Help

You access the CLI help by entering a full or partial command string and a question mark “?”. The CLI displays the
command keywords or parameters along with a short description. For example, at the CLI command prompt, type:
> show ?
The CLI displays this keyword list with short descriptions for each keyword:
show ?
application-priority Application Priority
arp Internet Protocol (IP)
bfd Bidirectional Forwarding Detection (BFD)
bgp Border Gateway Protocol (BGP)
bi-lsp Bi-directional lsp status and configuration
bridge Bridge group commands
ce-vlan COS Preservation for Customer Edge VLAN
class-map Class map entry
cli Show CLI tree of current mode
clns Connectionless-Mode Network Service (CLNS)
control-adjacency Control Adjacency status and configuration
control-channel Control Channel status and configuration
cspf CSPF Information
customer Display Customer spanning-tree
cvlan Display CVLAN information
debugging Debugging functions (see also 'undebug')
etherchannel LACP etherchannel
ethernet Layer-2
...
If you type the ? in the middle of a keyword, the CLI displays help for that keyword only.
> show de?
debugging Debugging functions (see also 'undebug')
If you type the ? in the middle of a keyword, but the incomplete keyword matches several other keywords, OcNOS
displays help for all matching keywords.
> show i? (CLI does not display the question mark).
interface Interface status and configuration
ip IP information
isis ISIS information

© 2024 IP Infusion Inc. Proprietary 10

Command Line Interface

Command Completion
The CLI can complete the spelling of a command or a parameter. Begin typing the command or parameter and then
press the tab key. For example, at the CLI command prompt type sh:
> sh
Press the tab key. The CLI displays:
> show
If the spelling of a command or parameter is ambiguous, the CLI displays the choices that match the abbreviation. Type
show i and press the tab key. The CLI displays:
> show i
interface ip ipv6 isis
> show i
The CLI displays the interface and ip keywords. Type n to select interface and press the tab key. The CLI
displays:
> show in
> show interface
Type ? and the CLI displays the list of parameters for the show interface command.
> show interface
IFNAME Interface name
| Output modifiers
> Output redirection
<cr>
The CLI displays the only parameter associated with this command, the IFNAME parameter.

Command Abbreviations
The CLI accepts abbreviations that uniquely identify a keyword in commands. For example:
> sh int xe0
is an abbreviation for:
> show interface xe0

Command Line Errors

Any unknown spelling causes the CLI to display the error Unrecognized command in response to the ?. The CLI
displays the command again as last entered.
> show dd?
% Unrecognized command
> show dd
When you press the Enter key after typing an invalid command, the CLI displays:
(config)#router ospf here
^
% Invalid input detected at '^' marker.
where the ^ points to the first character in error in the command.

© 2024 IP Infusion Inc. Proprietary 11

Command Line Interface

If a command is incomplete, the CLI displays the following message:

> show
% Incomplete command.
Some commands are too long for the display line and can wrap mid-parameter or mid-keyword, as shown below. This
does not cause an error and the command performs as expected:
area 10.10.0.18 virtual-link 10.10.0.19 authent
ication-key 57393

Command Negation
Many commands have a no form that resets a feature to its default value or disables the feature. For example:
• The ip address command assigns an IPv4 address to an interface
• The no ip address command removes an IPv4 address from an interface

Syntax Conventions
Table P-2 describes the conventions used to represent command syntax in this reference.

Table P-2: Syntax conventions

Convention Description Example

monospaced Command strings entered on a command line show ip ospf

font

lowercase Keywords that you enter exactly as shown in the show ip ospf
command syntax.

UPPERCASE See Variable Placeholders IFNAME

() Optional parameters, from which you must select (A.B.C.D|<0-4294967295>)

one. Vertical bars delimit the selections. Do not
enter the parentheses or vertical bars as part of the
command.

() Optional parameters, from which you select one or (A.B.C.D|<0-4294967295>|)

none. Vertical bars delimit the selections. Do not
enter the parentheses or vertical bars as part of the
command.

() Optional parameter which you can specify or omit. (IFNAME|)

Do not enter the parentheses or vertical bar as part
of the command.

{} Optional parameters, from which you must select {intra-area <1-255>|inter-area

one or more. Vertical bars delimit the selections. Do <1-255>|external <1-255>}
not enter the braces or vertical bars as part of the
command.

© 2024 IP Infusion Inc. Proprietary 12

Command Line Interface

Table P-2: Syntax conventions (Continued)

Convention Description Example

[] Optional parameters, from which you select zero or [<1-65535>|AA:NN|internet|local-AS|

more. Vertical bars delimit the selections. Do not no-advertise|no-export]
enter the brackets or vertical bars as part of the
command.

? Nonrepeatable parameter. The parameter that ?route-map WORD

follows a question mark can only appear once in a
command string. Do not enter the question mark as
part of the command.

. Repeatable parameter. The parameter that follows a set as-path prepend .<1-65535>
period can be repeated more than once. Do not
enter the period as part of the command.

Variable Placeholders
Table P-3 shows the tokens used in command syntax use to represent variables for which you supply a value.

Table P-3: Variable placeholders

Token Description

WORD A contiguous text string (excluding spaces)

LINE A text string, including spaces; no other parameters can follow this parameter

IFNAME Interface name whose format varies depending on the platform; examples are: eth0,
Ethernet0, ethernet0, xe0

A.B.C.D IPv4 address

A.B.C.D/M IPv4 address and mask/prefix

X:X::X:X IPv6 address

X:X::X:X/M IPv6 address and mask/prefix

HH:MM:SS Time format

AA:NN BGP community value

XX:XX:XX:XX:XX:XX MAC address

<1-5> Numeric range

<1-65535>
<0-2147483647>
<0-4294967295>

© 2024 IP Infusion Inc. Proprietary 13

Command Line Interface

Command Description Format

Table P-4 explains the sections used to describe each command in this reference.

Table P-4: Command descriptions

Section Description

Command Name The name of the command, followed by what the command does and when should it be used

Command Syntax The syntax of the command

Parameters Parameters and options for the command

Default The state before the command is executed

Command Mode The mode in which the command runs; see Command Modes

Example An example of the command being executed

Keyboard Operations
Table P-5 lists the operations you can perform from the keyboard.

Table P-5: Keyboard operations

Key combination Operation

Left arrow or Ctrl+b Moves one character to the left. When a command extends beyond a single line, you can press left
arrow or Ctrl+b repeatedly to scroll toward the beginning of the line, or you can press Ctrl+a to go
directly to the beginning of the line.

Right arrow or Ctrl-f Moves one character to the right. When a command extends beyond a single line, you can press right
arrow or Ctrl+f repeatedly to scroll toward the end of the line, or you can press Ctrl+e to go directly to
the end of the line.

Esc, b Moves back one word

Esc, f Moves forward one word

Ctrl+e Moves to end of the line

Ctrl+a Moves to the beginning of the line

Ctrl+u Deletes the line

Ctrl+w Deletes from the cursor to the previous whitespace

Alt+d Deletes the current word

Ctrl+k Deletes from the cursor to the end of line

Ctrl+y Pastes text previously deleted with Ctrl+k, Alt+d, Ctrl+w, or Ctrl+u at the cursor

© 2024 IP Infusion Inc. Proprietary 14

Command Line Interface

Table P-5: Keyboard operations (Continued)

Key combination Operation

Ctrl+t Transposes the current character with the previous character

Ctrl+c Ignores the current line and redisplays the command prompt

Ctrl+z Ends configuration mode and returns to exec mode

Ctrl+l Clears the screen

Up Arrow or Ctrl+p Scroll backward through command history

Down Arrow or Ctrl+n Scroll forward through command history

Show Command Modifiers

You can use two tokens to modify the output of a show command. Enter a question mark to display these tokens:
# show users ?
| Output modifiers
> Output redirection
You can type the | (vertical bar character) to use output modifiers. For example:
> show bgp | ?
begin Begin with the line that matches
exclude Exclude lines that match
include Include lines that match
last Last few lines
redirect Redirect output

Begin Modifier
The begin modifier displays the output beginning with the first line that contains the input string (everything typed after
the begin keyword). For example:
# show running-config | begin xe1
...skipping
interface xe1
ipv6 address fe80::204:75ff:fee6:5393/64
!
interface xe2
ipv6 address fe80::20d:56ff:fe96:725a/64
!
line con 0
login
!
end
You can specify a regular expression after the begin keyword, This example begins the output at a line with either
“xe2” or “xe4”:
# show running-config | begin xe[3-4]

© 2024 IP Infusion Inc. Proprietary 15

Command Line Interface

...skipping
interface xe3
shutdown
!
interface xe4
shutdown
!
interface svlan0.1
no shutdown
!
route-map myroute permit 3
!
route-map mymap1 permit 10
!
route-map rmap1 permit 3
!
line con 0
login
line vty 0 4
login
!
end

Include Modifier
The include modifier includes only those lines of output that contain the input string. In the output below, all lines
containing the word “input” are included:
# show interface xe1 | include input
input packets 80434552, bytes 2147483647, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 1, missed 0
You can specify a regular expression after the include keyword. This examples includes all lines with “input” or
“output”:
#show interface xe0 | include (in|out)put
input packets 597058, bytes 338081476, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 613147, bytes 126055987, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0

Exclude Modifier
The exclude modifier excludes all lines of output that contain the input string. In the following output example, all lines
containing the word “input” are excluded:
# show interface xe1 | exclude input
Interface xe1
Scope: both
Hardware is Ethernet, address is 0004.75e6.5393
index 3 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
VRF Binding: Not bound
Administrative Group(s): None
DSTE Bandwidth Constraint Mode is MAM
inet6 fe80::204:75ff:fee6:5393/64
output packets 4438, bytes 394940, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0

© 2024 IP Infusion Inc. Proprietary 16

Command Line Interface

collisions 0
You can specify a regular expression after the exclude keyword. This example excludes lines with “output” or “input”:
# show interface xe0 | exclude (in|out)put
Interface xe0
Scope: both
Hardware is Ethernet Current HW addr: 001b.2139.6c4a
Physical:001b.2139.6c4a Logical:(not set)
index 2 metric 1 mtu 1500 duplex-full arp ageing timeout 3000
<UP,BROADCAST,RUNNING,MULTICAST>
VRF Binding: Not bound
Bandwidth 100m
DHCP client is disabled.
inet 10.1.2.173/24 broadcast 10.1.2.255
VRRP Master of : VRRP is not configured on this interface.
inet6 fe80::21b:21ff:fe39:6c4a/64
collisions 0

Redirect Modifier
The redirect modifier writes the output into a file. The output is not displayed.
# show cli history | redirect /var/frame.txt
The output redirection token (>) does the same thing:
# show cli history >/var/frame.txt

Last Modifier
The last modifier displays the output of last few number of lines (As per the user input). The last number ranges from
1 to 9999.
For example:
#show running-config | last 10

© 2024 IP Infusion Inc. Proprietary 17

Command Line Interface

String Parameters
The restrictions in Table P-6 apply for all string parameters used in OcNOS commands, unless some other restrictions
are noted for a particular command.

Table P-6: String parameter restrictions

Restriction Description

Input length 1965 characters or less

Restricted special characters “?”, “,”, “>”, “|”, and “=”

The “|” is allowed only for description CLI in interface mode.

Command Modes
Commands are grouped into modes arranged in a hierarchy. Each mode has its own set of commands. Table P-7 lists
the command modes common to all protocols.

Table P-7: Common command modes

Name Description

Executive Also called view mode, this is the first mode to appear after you start the CLI. It is a base mode from where you
mode can perform basic commands such as show, exit, quit, help, and enable.

Privileged Also called enable mode, in this mode you can run additional basic commands such as debug, write, and
executive show.
mode

Configure Also called configure terminal mode, in this mode you can run configuration commands and go into other
mode modes such as interface, router, route map, key chain, and address family.

Configure mode is single user. Only one user at a time can be in configure mode.

Interface In this mode you can configure protocol-specific settings for a particular interface. Any setting you configure in
mode this mode overrides a setting configured in router mode.

Router This mode is used to configure router-specific settings for a protocol such as BGP or OSPF.
mode

© 2024 IP Infusion Inc. Proprietary 18

Command Line Interface

Command Mode Tree

The diagram below shows the common command mode hierarchy.

Start in
executive
mode
enable (password)
Privileged
executive
mode
configure terminal

Configure
mode

interface xe0 router ospf

Interface Router
mode mode

Figure P-1: Common command modes

To change modes:

1. Enter privileged executive mode by entering enable in Executive mode.

2. Enter configure mode by entering configure terminal in Privileged Executive mode.

The example below shows moving from executive mode to privileged executive mode to configure mode and finally to
router mode:
> enable mypassword
# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
(config)# router ospf
(config-router)#
Note: Each protocol can have modes in addition to the common command modes. See the command reference for
the respective protocol for details.

© 2024 IP Infusion Inc. Proprietary 19

Command Line Interface

Transaction-based Command-line Interface

The OcNOS command line interface is transaction based:
• Any changes done in configure mode are stored in a separate candidate configuration that you can view with the
show transaction current command.
• When a configuration is complete, apply the candidate configuration to the running configuration with the commit
command.
• If a commit fails, no configuration is applied as the entire transaction is considered failed. You can continue to
change the candidate configuration and then retry the commit.
• Discard the candidate configuration with the abort transaction command.
• Check the last aborted transaction with the show transaction last-aborted command.
• Multiple configurations cannot be removed with a single commit. You must remove each configuration followed by
a commit.
Note: All commands MUST be executed only in the default CML shell (cmlsh). If you log in as root and start
imish then the system configurations will go out of sync. The imish shell is not supported and should not be
started manually.

© 2024 IP Infusion Inc. Proprietary 20

Virtual eXtensible Local Area Network Configuration

Virtual eXtensible Local Area Network

Configuration

© 2024 IP Infusion Inc. Proprietary 21

VxLAN Overview

CHAPTER 1 VxLAN Overview

This chapter provides an overview of Virtual Extensible Local Area Network (VxLAN) and its implementation within
OcNOS.

VxLAN
Virtual eXtensible Local Area Network (VxLAN) is widely used in Data Centers (DC) networks. VxLAN is an overlay
transport virtualization technology commonly used in cloud networks to support the ever-increasing Virtual LAN (VLAN)
and multi-tenant networks in data centers. It enables the "stretching" of a Layer 2 network over a physical Layer 3
network.

Overlay Network
VxLAN creates an overlay of virtual L2 LAN segments using a MAC address, and L4 UDP packets in IP encapsulation
on top of the physical underlay L3 infrastructure. Technically, it encapsulates L2 Ethernet frames received from a host
with L3 IP/UDP packets in a VxLAN header and sends it to the destination in the data center network using IP tunnels.
This allows for the extension of L2 networks across data center without changing the underlying physical infrastructure.

EVPN - VxLAN
VxLAN creates LAN segments using MAC-in-IP encapsulation. The encapsulation carries the original L2 frame
received from a host to the destination in another host using IP tunnels. The endpoints of the virtualized tunnel formed
using VxLAN are called VXLAN Tunnel End Points (VTEPs). The VxLAN segments carry tenant data in L3 tunnels over
the network which permits the network to support multiple tenants.The tenant data is not used in routing or switching.
This aids in tenant machine movement and allows the tenants to have the same IP or MAC addresses.
Ethernet Virtual Private Network (EVPN) is a protocol based on industry standards used for network virtualization in
multi-tenant data center and service provider networks. When used with VxLAN networks, it provides a control plane to
create L2 overlays across a L3 network. This enables seamless communication between virtual machines (VMs) or
containers across different physical locations as though they are on the same Ethernet segment. EVPN leverages BGP
for scalable routing information exchange and distribution of L2 and L3 reachability information across a large network.
It also tracks and updates the location of devices based on MAC and IP addresses as they move across the network. It
is a critical feature in virtualized environments where VMs or containers may frequently migrate.
Additionally, EVPN supports redundant and active-active multi-homing for robust failover and high availability, by
allowing a host to connect to multiple VTEPs. Thus, EVPN ensures, that the traffic is rerouted through an alternate
VTEP if a connection to VTEP fails. EVPN is essential for scalable, resilient, and efficient multi-tenant network
virtualization when deployed in conjunction with VxLAN in modern data center environments.

Underlay Network
The underlay network consists of a physical L3 infrastructure, which provides the foundation for communication in the
network. The underlay network is abstracted in the overlay network, allowing seamless communication of the large
virtualized L2 network.

VxLAN Architecture
Typically, VxLAN network operates as an overlay network over an IP underlay network based on a Spine-Leaf CLOS
architecture. The underlay network is often referred to as IP fabric or CLOS fabric.
VxLAN allows the network to support several tenants with minimum changes in the network. They carry tenant data in
virtual tunnels over the network. The tenant data is not used in routing or switching. This aids in tenant machine
movement and allows the tenants to have the same IP or MAC addresses on end devices, hosts, or VMs.

© 2024 IP Infusion Inc. Proprietary 22

VxLAN Overview

Each overlay tunnel is referred to as a VxLAN segment. VMs can only communicate with each other within the same
VxLAN segment, similar to how communication occurs within a traditional VLAN. Each VxLAN segment is identified
through a 24-bit segment ID termed the VxLAN Network Identifier (VNI). This allows up to 16 million VxLAN segments
to coexist within the same administrative domain. For VMs on different VxLAN segments to communicate, inter-VxLAN
routing can be performed on a VxLAN-enabled router or distributed gateway. This is similar to routing between VLANs
in a traditional L2 network.
The VNI determines the scope of the inner MAC frame originated from the individual VM. This ensures there can be
overlapping MAC addresses across segments, but traffic remains isolated due to the VNI preventing cross-segment
interference.

Figure 1-1: VxLAN Deployment - VTEPs across a L3 Network

Features
• Leaf nodes act as VTEP for hosts to connect to the data center and provide VPN services
• With multihoming facility load distribution, link and node level redundancies of the CLOS fabric are extended to
hosts
• Hosts are identified using either the port number, port number with VLAN ID or VLAN range, or the port number
with a stacked VLAN ID.
• Any packets (including ARP-ND) that are uplifted to the VxLAN CPU queue from any port are rate limited to 500
packets per second. This is done to protect the system and CPU during an ARP storm.
• OcNOS supports VxLAN IPv4 tunnels, but both IPv4 and IPv6 hosts.

© 2024 IP Infusion Inc. Proprietary 23

VxLAN Overview

• VxLAN works over UDP, with destination port 4789. Source port can be randomized based on L2 frame information
carried, hence provides good hashing input for load-sharing on ECMP/LAG paths in the L3 fabric.
• EVPN uses multiprotocol BGP with AFI=25 (L2VPN) and SAFI=70 (EVPN).
• EVPN is used with VxLAN data-plane encapsulations in OcNOS Data Center.
• EVPN helps with discovering VTEPs and learning MAC and IP addresses of the connected hosts in a VxLAN
network.
• EVPN is used to implement Integrated routing and bridging (IRB), and E-Tree in OcNOS Data Center. It’s
becoming umbrella for multiple service types.
• EVPN provides multihoming service, with redundancy and more bandwidth with multihoming facility load
distribution, extends link and node level redundancies of the CLOS fabric to hosts.

Terminology
Terms related to VxLAN configuration are defined in the table below.

VLAN Virtual Local Area Network

VM Virtual Machine

VNI VxLAN Network Identifier (or VxLAN Segment ID)

VTEP VxLAN Tunnel End Point. An entity that originates and/or terminates VxLAN tunnels

VxLAN Virtual eXtensible Local Area Network

VxLAN Segment VxLAN L2 overlay network over which VMs communicate

© 2024 IP Infusion Inc. Proprietary 24

VxLAN - Data Forwarding Configuration

© 2024 IP Infusion Inc. Proprietary 23

VxLAN Unicast Configuration

CHAPTER 1 VxLAN Unicast Configuration

This chapter contains basic Static-VxLAN unicast configuration examples.

Port Mapping
In this example each VTEP (VTEP1 and VTEP2) is a multilayer switch where xe2 is an access port while xe1 is
network port.
After we start sending a packet (say untagged ipv4 packet) from VM1, it hits the VTEP1,VTEP1 does encapsulation
based on the VNID configured and send it on xe1. Now the packet reaches VTEP2 and it does decapsulation of the
packet. Now based on VNID packet is sent out on access port and it reaches destination VM, VM2.

Topology
The procedures in this section use the topology in Figure 1-2

Figure 1-2: VxLAN unicast

VTEP1

#configure terminal Enter the configure mode

(config)#interface xe2 Enter interface mode
(config-if)#switchport Configure the interface as switchport
(config-if)#no shutdown Bring the interface into operation with the no shutdown

© 2024 IP Infusion Inc. Proprietary 26

VxLAN Unicast Configuration

(config-if)#exit Exit interface mode

(config)#interface lo Enter the configure mode
(config-if)#ip address 1.1.1.1/32 Configure IP address on the interface xe1
secondary
(config-if)#no shutdown Bring the interface into operation with the no shutdown
(config-if)#exit Exit interface mode
(config)#interface xe1 Enter the configure mode
(config-if)#ip address 5.5.5.2/24 Configure IP address on the interface xe1
(config-if)#no shutdown Bring the interface into operation with the no shutdown
(config-if)#exit Exit interface mode
(config)#ip route 2.2.2.2/32 5.5.5.4 Configure static route
(config)#nvo vxlan enable Enable VxLAN globally on this vtep
(config)#interface tunnel 4 Specify the interface (Tunnel4)to be configured and Enter
interface mode
(config-if)#tunnel mode vxlan Assign this tunnel mode as VxLAN
(config-if)#tunnel source 1.1.1.1 Configure the source IP of this tunnel as an IP address which is
configured on the interface xe1 of VTEP1
(config-if)#tunnel destination 2.2.2.2 Configure the destination IP of this tunnel as an IP address
which is configured on the interface xe1 of VTEP2.
(config-if)#exit Exit interface mode
(config)#nvo vxlan id 2 Configure a VNID on this VTEP and enter the nvo mode.
(config-nvo)#vxlan map-network tunnel Map the tunnel 4 with VNID 2
Tunnel4
(config-nvo)#vxlan static-entry host-mac Configure a static entry for remote VM with MAC address and IP
0000.0000.aaaa remote-vtep-ip 2.2.2.2 address.
(config-nvo)#exit Exit the nvo mode
(config)#nvo vxlan access-if port xe2 Map the access port xe2 of this VTEP
(config-nvo-acc-if)#map vnid 2 Map the VNID 2 to access-port xe2
(config-nvo-acc-if)#exit Exit the nvo access-if mode
(config)#commit Perform commit operation for the changes to take effect.

VTEP2

#configure terminal Enter the configure mode

(config)#interface xe2 Enter interface mode
(config-if)#switchport Configure the interface as switchport
(config-if)#no shutdown Bring the interface into operation with the no shutdown
(config-if)#exit Exit interface mode
(config)#interface lo Enter the configure mode
(config-if)#ip address 2.2.2.2/32 Configure IP address on the interface xe1
secondary
(config-if)#no shutdown Bring the interface into operation with the no shutdown
(config-if)#exit Exit interface mode
(config)#interface xe1 Enter the configure mode

© 2024 IP Infusion Inc. Proprietary 27

VxLAN Unicast Configuration

(config-if)#ip address 5.5.5.4/24 Configure IP address on the interface xe1

(config-if)#no shutdown Bring the interface into operation with the no shutdown
(config-if)#exit Exit interface mode
(config)#ip route 1.1.1.1/32 5.5.5.2 Configure static route
(config)#nvo vxlan enable Enable VxLAN globally on this vtep
(config)#interface tunnel 4 Specify the interface (Tunnel4)to be configured and Enter
interface mode.
(config-if)#tunnel mode vxlan Assign this tunnel mode as VxLAN
(config-if)#tunnel source 2.2.2.2 Configure the source IP of this tunnel as an IP address which is
configured on the interface xe1 of VTEP1.
(config-if)#tunnel destination 1.1.1.1 Configure the destination IP of this tunnel as an IP address
which is configured on the interface xe1 of VTEP2.
(config-if)#exit Exit interface mode.
(config)#nvo vxlan id 2 Configure a VNID on this VTEP and enter the nvo mode.
(config-nvo)#vxlan map-network tunnel Map the tunnel 4 with VNID 2
Tunnel4
(config-nvo)#vxlan static-entry host-mac Configure a static entry for remote VM with MAC address and IP
0000.0000.bbbb remote-vtep-ip 1.1.1.1 address.
(config-nvo)#exit Exit the nvo mode.
(config)#nvo vxlan access-if port xe2 Map the access port xe2 of this VTEP
(config-nvo-acc-if)#map vnid 2 Map the VNID 2 to access-port xe2
(config-nvo-acc-if)#exit Exit the nvo access-if mode
(config)#commit Perform commit operation for the changes to take effect.

Validation
VTEP1
VTEP1#show nvo vxlan tunnel
VVXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
2.2.2.4 3.3.3.4 Installed 00:37:56 00:37:56

Total number of entries are 1

VTEP1#

VTEP1#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Status Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________

© 2024 IP Infusion Inc. Proprietary 28

VxLAN Unicast Configuration

3 ---- L2 NW ---- ------ ---- --

-- 2.2.2.4 3.3.3.4
3 ---- -- AC xe2 --- Single Homed Port --- ---- ----
---- ----

Total number of entries are 2

VTEP1#show nvo vxlan mac-table

=======================================================================================
========================================================
======
VXLAN MAC Entries
=======================================================================================
========================================================
======
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
________________________________________________________
______

3 ---- ---- ---- 0000.0000.aaaa 3.3.3.4

Static Remote ------- -------
3 xe2 ---- ---- 0000.0000.bbbb Local Dynamic
Local ------- -------

Total number of entries are : 2

VTEP1#show nvo vxlan mac-table vnid 3

3 ---- ---- ---- 0000.0000.aaaa 3.3.3.4

Static Remote ------- -------
3 xe2 ---- ---- 0000.0000.bbbb Local Dynamic
Local ------- -------

Total number of entries are : 2

RTR1
RTR1#show ip igmp groups
IGMP Connected Group Membership
Group Address Interface Uptime Expires State Last Reporter

© 2024 IP Infusion Inc. Proprietary 29

VxLAN Unicast Configuration

2.2.2.1 xe1 00:11:25 00:03:44 Active 2.2.2.4

3.3.3.1 xe2 00:01:36 00:04:17 Active 3.3.3.4

VTEP2
VTEP2#show nvo vxlan tunnel
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Status Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
3 ---- L2 NW ---- ------ ---- --
-- 3.3.3.4 2.2.2.4
3 ---- L2 NW ---- ------ ---- --
-- 3.3.3.4 239.10.10.9
3 ---- -- AC xe1 --- Single Homed Port --- ---- --
-- ---- ----
Total number of entries are 3
VTEP2#

VTEP#2show nvo vxlan vnid 3

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Total number of entries are 2

VTEP#show vno vxlan mac-table
=======================================================================================
========================================================
======
VXLAN MAC Entries
=======================================================================================
========================================================
======
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
________________________________________________________

© 2024 IP Infusion Inc. Proprietary 30

VxLAN Unicast Configuration

______

3 xe2 ---- ---- 0000.0000.aaaa Local

Dynamic Local ------- -------
3 ---- ---- ---- 0000.0000.bbbb 2.2.2.4
Static Remote ------- -------

Total number of entries are : 2

VTEP2#show nvo vxlan mac-table vnid 3

3 xe2 ---- ---- 0000.0000.aaaa Local

Dynamic Local ------- -------
3 ---- ---- ---- 0000.0000.bbbb 2.2.2.4
Static Remote ------- -------

Total number of entries are : 2

Intermediate Non-VxLAN Router

This example is same as port mapping but we have an intermediate non VxLAN router. It does forwarding based on IP
header.

Topology
The procedures in this section use the topology in Figure 1-3

© 2024 IP Infusion Inc. Proprietary 31

VxLAN Unicast Configuration

Figure 1-3: VxLAN unicast

VTEP1

#configure terminal Enter the configure mode.

(config)#interface xe2 Enter interface mode.
(config-if)#switchport Configure the interface as switchport.
(config-if)#no shutdown Bring the interface into operation with the no shutdown
(config-if)#exit Exit interface mode.
(config)#interface xe1 Enter the configure mode.
(config-if)#ip address 2.2.2.4/24 Configure IP address on the interface xe1.
(config-if)#no shutdown Bring the interface into operation with the no shutdown
(config-if)#exit Exit interface mode.
(config)#ip route 3.3.3.0/24 2.2.2.1 Configuring static route
(config)#nvo vxlan enable Enable VxLAN globally on this vtep.
(config)#interface tunnel 4 Specify the interface (Tunnel4)to be configured and Enter
interface mode.
(config-if)#tunnel mode vxlan Assign this tunnel mode as VxLAN .
(config-if)#tunnel source 2.2.2.4 Configure the source IP of this tunnel as an IP address which is
configured on the interface xe1 of VTEP1.
(config-if)#tunnel destination 3.3.3.4 Configure the destination IP of this tunnel as an IP address
which is configured on the interface xe1 of VTEP2.
(config-if)#exit Exit interface mode.
(config)#nvo vxlan id 3 Configure a VNID on this VTEP and enter the nvo mode.

© 2024 IP Infusion Inc. Proprietary 32

VxLAN Unicast Configuration

(config-nvo)#vxlan map-network tunnel Map the tunnel 4 with this VNID

Tunnel4
(config-nvo)#vxlan static-entry host-mac Configure a static entry for remote VM with MAC address and IP
0000.0000.aaaa remote-vtep-ip 3.3.3.4 address.
(config)#nvo vxlan access-if port xe2 Map the access port xe2 of this VTEP
(config-nvo-acc-if)#map vnid 3 Map the VNID 2 to access-port xe2
(config-nvo-acc-if)#exit Exit NVO access-interface mode
(config)#commit Perform commit operation for the changes to take effect.

RTR1

(config)#interface xe1 Enter the configure mode.

(config-if)#ip address 2.2.2.1/24 Configure IP address on the interface xe1.
(config-if)#no shutdown Bring the interface into operation with the no shutdown
(config-if)#exit Exit interface mode.
(config)#interface xe2 Enter the configure mode.
(config-if)#ip address 3.3.3.1/24 Configure IP address on the interface xe2.
(config-if)#no shutdown Bring the interface into operation with the no shutdown
(config-if)#exit Exit interface mode.
(config)#commit Perform commit operation for the changes to take effect.

VTEP2

#configure terminal Enter the configure mode.

(config)#interface xe2 Enter interface mode.
(config-if)#switchport Configure the interface as switchport.
(config-if)#no shutdown Bring the interface into operation with the no shutdown
(config-if)#exit Exit interface mode.
(config)#interface xe1 Enter the configure mode.
(config-if)#ip address 3.3.3.4/24 Configure IP address on the interface xe1.
(config-if)#no shutdown Bring the interface into operation with the no shutdown
(config-if)#exit Exit interface mode.
(config)#ip route 2.2.2.0/24 3.3.3.1 Configuring static route
(config)#nvo vxlan enable Enable VxLAN globally on this vtep.
(config)#interface tunnel 4 Specify the interface (Tunnel4)to be configured and Enter
interface mode.
(config-if)#tunnel mode vxlan Assign this tunnel mode as VxLAN .
(config-if)#tunnel source 3.3.3.4 Configure the source IP of this tunnel as an IP address which is
configured on the interface xe1 of VTEP1.
(config-if)#tunnel destination 2.2.2.4 Configure the destination IP of this tunnel as an IP address
which is configured on the interface xe1 of VTEP2.
(config-if)#exit Exit interface mode.
(config)#nvo vxlan id 3 Configure a VNID on this VTEP and enter the nvo mode.

© 2024 IP Infusion Inc. Proprietary 33

VxLAN Unicast Configuration

(config-nvo)#vxlan map-network tunnel Map the tunnel 4 with this VNID

Tunnel4
(config-nvo)#vxlan static-entry host-mac Configure a static entry for remote VM with MAC address and IP
0000.0000.bbbb remote-vtep-ip 2.2.2.4 address.
(config)#nvo vxlan access-if port xe2 Map the access port xe2 of this VTEP
(config-nvo-acc-if)#map vnid 3 Map the VNID 3 to access-port xe2
(config-nvo-acc-if)#exit Exit the NVO access interface mode
(config)#commit Perform commit operation for the changes to take effect.

Validation
VTEP1
VTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
2.2.2.4 3.3.3.4 Installed 00:37:56 00:37:56
Total number of entries are 1
VTEP1#
VTEP1#
VTEP1#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Status Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
3 ---- L2 NW ---- ------ ---- --
-- 2.2.2.4 3.3.3.4
3 ---- -- AC xe2 --- Single Homed Port --- ---- ----
---- ----
Total number of entries are 2
VTEP1#
VTEP1#show nvo vxlan mac-table
=======================================================================================
========================================================
======
VXLAN MAC Entries
=======================================================================================
========================================================
======
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
________________________________________________________
______

© 2024 IP Infusion Inc. Proprietary 34

VxLAN Unicast Configuration

3 ---- ---- ---- 0000.0000.aaaa 3.3.3.4

Static Remote ------- -------
3 xe2 ---- ---- 0000.0000.bbbb Local Dynamic
Local ------- -------

Total number of entries are : 2

VTEP1#
VTEP1#
VTEP1#sh nvo vxlan mac-table vnid 3
=======================================================================================
========================================================
======
VXLAN MAC Entries
=======================================================================================
========================================================
======
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
________________________________________________________
______

3 ---- ---- ---- 0000.0000.aaaa 3.3.3.4

Static Remote ------- -------
3 xe2 ---- ---- 0000.0000.bbbb Local Dynamic
Local ------- -------

Total number of entries are : 2

VTEP1#

VTEP2
VTEP2#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
3.3.3.4 2.2.2.4 Installed 00:34:02 00:34:02
Total number of entries are 1
VTEP2#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Status Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________

© 2024 IP Infusion Inc. Proprietary 35

VxLAN Unicast Configuration

3 ---- L2 NW ---- ------ ---- --

-- 3.3.3.4 2.2.2.4
3 ---- -- AC xe1 --- Single Homed Port --- ---- --
-- ---- ----
Total number of entries are 2
VTEP2#sh nvo vxlan mac-table
=======================================================================================
========================================================
======
VXLAN MAC Entries
=======================================================================================
========================================================
======
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
________________________________________________________
______

3 xe1 ---- ---- 0000.0000.aaaa Local

Dynamic Local ------- -------
3 ---- ---- ---- 0000.0000.bbbb 2.2.2.4
Static Remote ------- -------

Total number of entries are : 2

VTEP2#sh nvo vxlan mac-table vnid 3

3 xe1 ---- ---- 0000.0000.aaaa Local

Dynamic Local ------- -------
3 ---- ---- ---- 0000.0000.bbbb 2.2.2.4
Static Remote ------- -------

Total number of entries are : 2

VTEP2#

© 2024 IP Infusion Inc. Proprietary 36

VLAN to VNID Mapping

CHAPTER 2 VLAN to VNID Mapping

Overview
OcNOS supports mapping Virtual Local Area Network Identifier (VLAN ID) to Virtual Extensible Local Area Network
Identifier (VNID) to extend the Layer 2 VLAN over to the Layer 3 VxLAN. The VLAN ID is a unique number assigned to
a specific VLAN, and the VNID is the same for a specific VxLAN. The Virtual Tunnel Endpoint (VTEP) is a network
device or a software component that encapsulates the ethernet frames from a specific VLAN ID into a VXLAN VxLAN
header that contains the VNID. This encapsulated frame is the VxLAN VxLAN packet, which is again encapsulated in
the UDP packet and wrapped in an outer IP header to transport it to the IP network.

Feature Characteristics
• The VLAN ID to VNID communication is regardless the physical and logical port.
• Each VNID is allowed to map with a single VLAN ID.
• VLAN is removed over the tunnel and re-added when egressing out of the host-connected port.

Benefits
The feature enhances the scalability and flexibility by extending the VLAN to VXLAN VxLAN boundaries.

Configuration
This section shows the procedure for configuring VxLAN VxLAN using VLAN to VNI mapping.

Topology
This topology demonstrates the configuration necessary to enable VxLAN VxLAN VLAN-to-VNID mapping. Leaf1 and
Leaf2 are VxLAN VxLAN VTEPs in the Autonomous System (ASN) 100, and the Spine1 resides in a different
Autonomous System (ASN) 200. The setup involves establishing eBGP IPv4 (underlay) neighborship between
interface addresses and L2VPN EVPN (overlay) neighborship between loopback interfaces.
Once the underlay and overlay neighborships are established, configure the VxLAN VxLAN tunnel between Leaf1 and
Leaf2. The global VTEP IP is the loopback address.

© 2024 IP Infusion Inc. Proprietary 37

VLAN to VNID Mapping

Figure 2-4: VLAN to VNID mapping

Configuring VLAN to VNID mapping

Follow the steps to configure the VxLAN VxLAN EVPN using VLAN to VNI mapping. The detailed configuration
procedure demonstrates how access-if vxlan VxLAN is configured on a switchport in trunk mode.
Note: The configuration of access-if vxlan VxLAN is allowed in the access mode also. The example is as
follows:
(config)#interface xe12
(config-if)# switchport
(config-if)# bridge-group 1 spanning-tree disable
(config-if)# switchport mode access
(config-if)# switchport access vlan 20
(config-if)# access-if-vxlan
(config-if)#exit

Configure the Leaf1 and Leaf2:

The parameters used in the configuration procedure are as present for Leaf1. Use the same commands with the Leaf2
parameters to configure the Leaf2.

1. Configure the hostname of the VTEP.

(config)#hostname Leaf1
(config)#commit
2. Configure the bridge type using the bridge 1 protocol rstp vlan-bridge command. This command
enables the RSTP VLAN bridge type.

© 2024 IP Infusion Inc. Proprietary 38

VLAN to VNID Mapping

(config)#bridge 1 protocol rstp vlan-bridge

3. Enter the VLAN database using the vlan database command and associate the VLAN with a bridge.
(config)#vlan database
(config-vlan)#vlan 10 bridge 1 state enable
4. Enable the VXLAN VxLAN globally on the VTEP.
(config)#nvo vxlan VxLAN enable
Note: Save and reboot the system to enable the VXLAN VxLAN in the hardware.

5. Create the MAC VRF and name it using mac vrf vrf10. Configure the VLAN-based service type using evpn-
vlan-service vlan-based command, assign a unique route distinguisher and route target value using rd
1.1.1.1:10 and route-target both 100:10 commands respectively.
(config)#mac vrf vrf10
(config-vrf)#evpn-vlan-service vlan-based
(config-vrf)#rd 1.1.1.1:10
(config-vrf)#route-target both 100:10
6. Configure a global IP to the VTEP. This IP address uniquely identifies the VTEP.
(config)#nvo vxlan VxLAN vtep-ip-global 1.1.1.1
7. Create a VNID and map it with the bridge VLAN using nvo vxlan VxLAN id 10 ingress-replication
bridge-vlan 10. Configure the host-reachability-protocol as BGP-EVPN and associate the MAC VRF.
(config)#nvo vxlan VxLAN id 10 ingress-replication bridge-vlan 10
(config-nvo)#vxlan VxLAN host-reachability-protocol evpn-bgp vrf10
8. Assign the IP addresses to the physical and loopback interfaces of the Leaf1 to connect to the Spine.
(config)#interface ce49
(config-if)#ip address 11.10.1.1/24
(config-if)#exit
(config)#interface lo
(config-if)#ip address 1.1.1.1/32 secondary
9. Configure the interface xe11 as a switchport. Use the command bridge-group 1 spanning-tree disable
to associate the bridge group to this interface and disable the Spanning Tree Protocol (STP) to avoid the port block.
Configure the switching characteristic of this interface to trunk mode using the switchport mode trunk
command and this allows multiple VLANs to run in the interface. Use the command switchport trunk
allowed vlan add 10 to enable VLAN 10 through this interface. Map this interface with the VXLAN VxLAN
using access-if-vxlan VxLAN command.
(config)#interface xe11
(config-if)#switchport
(config-if)# bridge-group 1 spanning-tree disable
(config-if)#switchport mode trunk
(config-if)#switchport trunk allowed vlan add 10
(config-if)#access-if-vxlan
10. Configure the BGP and specify the autonomous number (ASN).
(config)#router bgp 100
11. Configure the router ID.
(config-router)#bgp router-id 1.1.1.1
12. Configure the neighboring eBGP peers in a different ASN.
(config-router)#neighbor 11.10.1.2 remote-as 200
(config-router)#neighbor 11.11.11.11 remote-as 200
13. Configure eBGP multihop as the neighboring peer is not directly connected.
(config-router)#neighbor 11.11.11.11 ebgp-multihop

© 2024 IP Infusion Inc. Proprietary 39

VLAN to VNID Mapping

14. Configure the source loopback address.

(config-router)#neighbor 11.11.11.11 update-source lo
15. Configure the IPv4 address family and activate the neighbor.
(config-router)#address-family ipv4 unicast
(config-router-af)#network 1.1.1.1/32
(config-router)#neighbor 11.10.1.2 activate
(config-router-af)#neighbor 11.10.1.2 allowas-in 1
(config-router-af)#exit-address-family
16. Configure the Layer 2 VPN address family and activate the neighbor.
(config-router)#address-family l2vpn evpn
(config-router-af)#neighbor 11.11.11.11 activate
(config-router-af)#neighbor 11.11.11.11 allowas-in 1
(config-router-af)#exit-address-family
(config-router)#exit
(config)#commit

Configure the Spine1:

1. Configure the hostname of the Spine.
(config)#hostname Spine1
(config)#commit
2. Assign the IP addresses to the physical and loopback interfaces of the Spine.
(config)#interface ce1
(config-if)#ip address 11.10.1.2/24
(config-if)#exit
(config)#interface ce24
(config-if)#ip address 21.10.1.2/24
(config-if)#exit
(config)#interface lo
(config-if)#ip address 11.11.11.11/32 secondary
(config-if)#exit
3. Configure the BGP and specify the ASN.
(config)#router bgp 200
4. Configure the router ID.
(config-router)#bgp router-id 11.11.11.11
5. Disable the inbound route filter.
(config-router)#no bgp inbound-route-filter
6. Configure the neighboring eBGP neighbor in a different ASN.
(config-router)#neighbor 11.10.1.1 remote-as 100
(config-router)#neighbor 21.10.1.1 remote-as 100
(config-router)#neighbor 1.1.1.1 remote-as 100
(config-router)#neighbor 2.2.2.2 remote-as 100
7. Configure eBGP multihop as the neighboring peer might not be directly connected.
(config-router)#neighbor 1.1.1.1 ebgp-multihop
(config-router)#neighbor 2.2.2.2 ebgp-multihop
8. Configure the source loopback address.
(config-router)#neighbor 1.1.1.1 update-source
(config-router)#neighbor 2.2.2.2 update-source
9. Configure the IPv4 address family and activate the neighbor.

© 2024 IP Infusion Inc. Proprietary 40

VLAN to VNID Mapping

(config-router)#address-family ipv4 unicast

(config-router-af)#network 11.11.11.11/32
(config-router-af)#neighbor 11.10.1.1 activate
(config-router-af)#neighbor 21.10.1.1 activate
(config-router-af)#exit-address-family
10. Configure the Layer 2 VPN address family and activate the neighbor.
(config-router)#address-family l2vpn evpn
(config-router-af)#neighbor 1.1.1.1 activate
(config-router-af)#neighbor 2.2.2.2 activate
(config-router-af)#exit-address-family
(config-router)#exit
(config)#commit

Running configurations

The running configuration for the Leaf1 is as follows:

hostname Leaf1
bridge 1 protocol rstp vlan-bridge
tfo Disable
!
vlan database
vlan 10 bridge 1 state enable
!
nvo vxlan VxLAN enable
!
mac vrf vrf10
evpn-vlan-service vlan-based
rd 1.1.1.1:10
route-target both 100:10
!
nvo vxlan VxLAN vtep-ip-global 1.1.1.1
!
nvo vxlan VxLAN id 10 ingress-replication bridge-vlan 10
vxlan VxLAN host-reachability-protocol evpn-bgp vrf10
!
interface ce49
ip address 11.10.1.1/24
!
interface lo
ip address 1.1.1.1/32 secondary
!
interface xe11
switchport
bridge-group 1 spanning-tree disable
switchport mode trunk
switchport trunk allowed vlan add 10
access-if-vxlan
!
exit
!
router bgp 100
bgp router-id 1.1.1.1
neighbor 11.10.1.2 remote-as 200
neighbor 11.11.11.11 remote-as 200
neighbor 11.11.11.11 ebgp-multihop

© 2024 IP Infusion Inc. Proprietary 41

VLAN to VNID Mapping

neighbor 11.11.11.11 update-source lo

!
address-family ipv4 unicast
network 1.1.1.1/32
neighbor 11.10.1.2 activate
neighbor 11.10.1.2 allowas-in 1
exit-address-family
!
address-family l2vpn evpn
neighbor 11.11.11.11 activate
neighbor 11.11.11.11 allowas-in 1
exit-address-family
!
exit
!
end

The running configuration for the Spine1 is as follows:

hostname Spine1
!
interface ce1
ip address 11.10.1.2/24
!
interface ce24
ip address 21.10.1.2/24
lldp-agent
!
interface lo
ip address 11.11.11.11/32 secondary
!
router bgp 200
bgp router-id 11.11.11.11
no bgp inbound-route-filter
neighbor 1.1.1.1 remote-as 100
neighbor 2.2.2.2 remote-as 100
neighbor 11.10.1.1 remote-as 100
neighbor 21.10.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop
neighbor 1.1.1.1 update-source lo
neighbor 2.2.2.2 ebgp-multihop
neighbor 2.2.2.2 update-source lo
!
address-family ipv4 unicast
network 11.11.11.11/32
neighbor 11.10.1.1 activate
neighbor 21.10.1.1 activate
exit-address-family
!
address-family l2vpn evpn
neighbor 1.1.1.1 activate
neighbor 2.2.2.2 activate
exit-address-family

© 2024 IP Infusion Inc. Proprietary 42

VLAN to VNID Mapping

!
exit
end

Validation
Validate the show output after configuration as shown below.

Leaf1:

Leaf1#show ip bgp summary

BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 7
3 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down

State/PfxRcd Desc
11.10.1.2 4 200 266 264 7 0 0 01:37:50
2

Total number of neighbors 1

Total number of Established sessions 1

Leaf1#show bgp l2vpn evpn summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 8
3 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down

State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
11.11.11.11 4 200 237 235 8 0 0 01:36:10
3 0 1 2 0 0

Total number of neighbors 1

Total number of Established sessions 1

Leaf1#show nvo vxlan VxLAN tunnel
VXLAN VxLAN Network tunnel Entries
Source Destination Status Up/Down Update Redund
Description
=======================================================================================
==================
1.1.1.1 2.2.2.2 Installed 01:35:22 01:35:22 ---- ----

Total number of entries are 1

Leaf1#show nvo vxlan VxLAN vlan-vnid bridge-vlan 10
VLAN VNID Interface
__________________________________________________________
10 10 xe11

© 2024 IP Infusion Inc. Proprietary 43

VLAN to VNID Mapping

Total number of entries are 1

Leaf1#show nvo vxlan VxLAN vlan-vnid vnid 10

VLAN VNID Interface
__________________________________________________________
10 10 xe11

Total number of entries are 1

Leaf1#show nvo vxlan VxLAN vlan-vnid

VLAN VNID Interface
__________________________________________________________
10 10 xe11

Total number of entries are 2

Leaf1#

Leaf1#show nvo vxlan

VXLAN VxLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Status Src-Addr Dst-Addr Redund Description
_______________________________________________________________________________________
_________________________________________________________________
10 ---- L2 NW ---- ---- ---- -
--- 1.1.1.1 2.2.2.2 ---- ----
10 ---- -- AC xe11 --- Single Homed Port --- 10 -
--- ---- ----

Total number of entries are 2

Spine1:

Spine1#show ip bgp summary

BGP router identifier 11.11.11.11, local AS number 200
BGP table version is 3
2 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down

State/PfxRcd Desc
11.10.1.1 4 100 247 246 3 0 0 01:44:11
1
21.10.1.1 4 100 249 247 3 0 0 01:44:11
1

Total number of neighbors 2

© 2024 IP Infusion Inc. Proprietary 44

VLAN to VNID Mapping

Total number of Established sessions 2

Spine1#
Spine1#show bgp l2vpn evpn summary
BGP router identifier 11.11.11.11, local AS number 200
BGP table version is 9
2 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down

State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
1.1.1.1 4 100 249 252 9 0 0 01:42:31
3 0 1 2 0 0
2.2.2.2 4 100 251 250 9 0 0 01:42:01
3 0 1 2 0 0

Total number of neighbors 2

Total number of Established sessions 2

VLAN VNID Mapping Command

The VLAN VNID mapping feature introduces the following configuration command.

access-if-vxlan
Use this command to create a logical port per parent interface for egress VLAN translation.
Use no form of this command to unconfigure the access-if-vxlan.

Command Syntax
access-if-vxlan
no access-if-vxlan

Parameters
None

Default
None

Command Mode
Interface mode

Applicability
Introduced in OcNOS version 6.5.2.

Example
The below example shows how to configure a logical port per parent interface:
OcNOS#configure terminal

© 2024 IP Infusion Inc. Proprietary 45

VLAN to VNID Mapping

OcNOS(config)#interface xe1
OcNOS(config-if)#access-if-vxlan

show nvo vxlan VxLAN vlan-vnid

Use this command to display the VLAIN ID to VNID mapping.

Command Syntax
show nvo vxlan VxLAN vlan-vnid (bridge-vlan <VLAN ID> (summary |) | vnid <VNID> |
summary)

Parameters

vnid <VNID> (Optional) Displays all the VLAN ID to VNID mapping.

bridge-vlan (Optional) Displays all the VLAN ID to VNID mapping.
<VLAN ID>
summary (Optional) Displays the total count of VLAN to VNID mapping.

Default
None

Command Mode
Exec mode

Applicability
Introduced in OcNOS version 6.5.2.

Example
The below examples show the output of VLAN to VNID mapping:
OcNOS#show nvo vxlan VxLAN vlan-vnid
VLAN VNID Interface
__________________________________________________________
10 10 xe11

Total number of entries are 1

OcNOS#

OcNOS#show nvo vxlan VxLAN vlan-vnid bridge-vlan 10

VLAN VNID Interface
__________________________________________________________
10 10 xe11

Total number of entries are 1

OcNOS#

© 2024 IP Infusion Inc. Proprietary 46

VLAN to VNID Mapping

Table P-2-1 explains the output fields.

Table 2-1: VLAN VNID fields

Field Description

VLAN VLAN Identifier.

VNID VxLAN VxLAN Identifier.

Interface Name of the interface.

Glossary
The following provides definitions for key terms or abbreviations and their meanings used throughout this document:

Key Terms/Acronym Description

Virtual Local Area Network Virtual Local Area Network Identifier is a 12-bit unique identifier assigned to a VLAN to identify it
Identifier (VLAN ID) in a network.

Virtual Extensible Local Virtual Extensible Local Area Network Identifier is a unique 24-bit identifier assigned to a VxLAN
Area Network Identifier VxLAN to identify it in a network.
(VNID)

Virtual Local Area Network Virtual Local Area Network in a network configuration creates a separate and isolated virtual
(VLAN) network with other virtual networks over a single physical interface.

Virtual Extensible Local Virtual Extensible Local Area Network (VxLAN) enables the creation of a virtualized Layer 2
Area Network (VxLAN) network over the Layer 3 infrastructure. This is an overlay network on Layer 3 designed to
overcome the limitations of VLANs.

Virtual Tunnel Endpoint Virtual Tunnel Endpoint is a significant component in VxLAN VxLAN that encapsulates
(VTEP) or decapsulates the VxLAN VxLAN traffic as it enters or leaves the VxLAN VxLAN
overlay network respectively.

© 2024 IP Infusion Inc. Proprietary 47

VxLAN - Ethernet Virtual Private Network

© 2024 IP Infusion Inc. Proprietary 35

VXLAN-EVPN Configuration

CHAPTER 1 VXLAN-EVPN Configuration

This section contains basic VXLAN-EVPN configuration examples.
VXLAN (Virtual eXtended LAN) creates LAN segments using a MAC-in-IP encapsulation. The encapsulation carries
the original L2 frame received from a host to the destination in another host using IP tunnels. The endpoints of the
virtualized tunnel formed using VXLAN are called VTEPs (VXLAN Tunnel End Points). The VTEPs carry tenant data in
L3 tunnels over the network which permits the network to support multiple tenants.The tenant data is not used in
routing or switching. This aids in tenant machine movement and allows the tenants to have same IP/MAC addresses.
Information about the given VM to get to the VTEP is crucial in VXLAN protocol; therefore BGP-MP is used to carry this
information across VTEPS.
Note: For port-channel/Static-channel interface, storm control will be applied on each member port. For Example: if
Interface eth1 and interface eth2 is part of port-channel i.e. po1 and storm control 2mbps is applied for
broadcast traffic, then the storm control settings will be applied on each member port and broadcast traffic on
each member port will be rate limited to 2mbps each.

Topology
The procedures in this section use the topology in Figure 1-5.

Figure 1-5: VXLAN EVPN

VTEP1

#configure terminal Enter configure mode

(config)#interface xe1 Enter interface mode
(config-if)#switchport Configure the interface as a switch port.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode
(config)#interface xe2 Enter interface mode
(config-if)#switchport Configure the interface as switch port.
(config-if)#no shutdown Bring the interface into operation.
(config-if)#exit Exit interface mode.
(config)#interface xe22 Enter interface mode.
(config-if)#ip address 10.1.1.1/24 Set an IP address on the interface.

© 2024 IP Infusion Inc. Proprietary 49

VXLAN-EVPN Configuration

(config-if)#no shutdown Bring the interface into operation.

(config-if)#exit Exit interface mode.
(config)#interface lo Enter interface mode.
(config-if)#ip address 1.1.1.1/32 Set an IP address on the interface.
secondary
(config-if)#no shutdown Bring the interface into operation.
(config-if)#exit Exit interface mode.
(config)#router isis ABC Create an IS-IS routing instance (ABC).
(config-router)#is-type level-1 Configure instance as level-1-only routing.
(config-router)#net Set a Network Entity Title for this instance, specifying the area
49.0001.1111.1111.1111.00 address and the system ID.
(config-router)#exit Exit router mode.
(config)#interface xe22 Enter interface mode
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#interface lo Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface for area 49 (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#mac vrf vrf_evpn_100 Configure a new VRF named vrf_evpn_100.
(config-vrf)#rd 1.1.1.1:1 Assign the Route Distinguisher value.
(config-vrf)#route-target both 100:1 Configure route target to import and export the routes.
(config-vrf)#exit Exit VRF mode.
(config)#router bgp 1 Define the routing process. The number 1 specifies the AS
number of VTEP1.
(config-router)#bgp router-id 1.1.1.1 Configure router-id for this BGP process.
(config-router)#neighbor 2.2.2.2 remote-as Define BGP neighbor: 2.2.2.2 is the IP address of the neighbor
1 (VTEP2), and 1 is the neighbor’s AS number.
(config-router)# neighbor 2.2.2.2 update- Define BGP neighbor: 1.1.1.1 is the peer interface.
source 1.1.1.1
(config-router)#address-family l2vpn evpn Configure address-family L2VPN EVPN.
(config-router-af)#neighbor 2.2.2.2 Activate the neighbor in the EVPN address family.
activate
(config-router-af)#exit-address-family Exit the address-family mode.
(config-router)#exit Exit router mode.
(config)#nvo vxlan enable Enable VXLAN globally on this VTEP.
(config)#nvo vxlan vtep-ip-global 1.1.1.1 Assign a global IP to the VTEP.
(config)#nvo vxlan id 100 ingress- Configure a VNID on this VTEP and enter NVO mode.
replication
(config-nvo)#vxlan host-reachability- Configure host-reachability-protocol as BGP-EVPN and
protocol evpn-bgp vrf_evpn_100 associate the VNID with vrf_evpn_100.
(config-nvo)#exit Exit NVO mode.

© 2024 IP Infusion Inc. Proprietary 50

VXLAN-EVPN Configuration

(config)#nvo vxlan access-if port-vlan xe1 Configure access-port xe1 and map vlan 2
2
(config-nvo-acc-if)#map vnid 100 Map VNID 100 to access-port xe1.
(config-nvo-acc-if)#exit Exit NVO access-if mode.
(config)#nvo vxlan id 200 ingress- Configure second VNID on this VTEP and enter NVO mode.
replication
(config-nvo)#vxlan host-reachability- Configure host-reachability-protocol as BGP-EVPN and
protocol evpn-bgp vrf_evpn_100 associate the VNID with vrf_evpn_100
(config-nvo)#exit Exit NVO mode.
(config)#nvo vxlan access-if port-vlan xe2 Configure access-port xe2 and map vlan 3
3
(config-nvo-acc-if)#map vnid 200 Map VNID 200 to access-port xe2.
(config-nvo-acc-if)#exit Exit NVO access-if mode.
(config)#commit Commit the configurations

#configure terminal Enter configure mode.

(config)#interface xe22 Enter interface mode.
(config-if)#ip address 10.1.1.2/24 Set an IP address on the interface.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe11 Enter interface mode.
(config-if)#ip address 20.1.1.2/24 Set an IP address on the interface.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#router isis ABC Create an IS-IS routing instance (ABC).
(config-router)#is-type level-1 Configure instance as level-1-only routing.
(config-router)#net Set a Network Entity Title for this instance, specifying the area
49.0001.3333.3333.3333.00 address and the system ID.
(config-router)#exit Exit router mode.
(config)#interface xe22 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#interface xe11 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#commit Commit the configurations

© 2024 IP Infusion Inc. Proprietary 51

VXLAN-EVPN Configuration

VTEP2

#configure terminal Enter configure mode.

(config)#interface xe1 Enter interface mode.
(config-if)#switchport Configure the interface as switchport.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe2 Enter interface mode.
(config-if)#switchport Configure the interface as switchport.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe11 Enter interface mode.
(config-if)#ip address 20.1.1.1/24 Set an IP address on the interface.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface lo Enter interface mode.
(config-if)#ip address 2.2.2.2/32 secondary Set an IP address on the interface.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#router isis ABC Create an IS-IS routing instance (ABC).
(config-router)#is-type level-1 Configure instance as level-1-only routing.
(config-router)#net Set a Network Entity Title for this instance, specifying the area
49.0001.2222.2222.2222.00 address and the system ID.
(config-router)#exit Exit router mode.
(config)#interface xe11 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#interface lo Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface for area 49 (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#mac vrf vrf_evpn_100 Configure a new VRF named vrf_evpn_100.
(config-vrf)#rd 2.2.2.1:1 Assign the Route Distinguisher value.
(config-vrf)#route-target both 100:1 Configure route target to import and export the routes.
(config-vrf)#exit Exit VRF mode.
(config)#router bgp 1 Define the routing process. The number 1 specifies the AS
number of VTEP1.
(config-router)#neighbor 1.1.1.1 remote-as Define BGP neighbor: 1.1.1.1 is the IP address of the neighbor
1 (VTEP1), and 1 is the neighbor’s AS number.
(config-router)# neighbor 1.1.1.1 update- Define BGP neighbor: 2.2.2.2 is the peer interface.
source 2.2.2.2

© 2024 IP Infusion Inc. Proprietary 52

VXLAN-EVPN Configuration

(config-router)#address-family l2vpn evpn Configure address-family L2VPN EVPN.

(config-router-af)#neighbor 1.1.1.1 Activate the neighbor in the EVPN address family.
activate
(config-router-af)#exit-address-family Exit address-family mode.
(config-router)#exit Exit router mode.
(config)#nvo vxlan enable Enable VXLAN globally on this VTEP.
(config)#nvo vxlan vtep-ip-global 2.2.2.2 Assign a global IP to the VTEP.
(config)#nvo vxlan id 100 ingress- Configure a VNID on this VTEP and enter NVO mode.
replication
(config-nvo)#vxlan host-reachability- Configure host-reachability-protocol as BGP-EVPN and
protocol evpn-bgp vrf_evpn_100 associate the VNID with vrf_evpn_100.
(config-nvo)#exit Exit NVO mode.
(config)#nvo vxlan access-if port-vlan xe1 Configure access-port xe1 and map vlan 2
2
(config-nvo-acc-if)#map vnid 100 Map VNID 100 to access-port xe1.
(config-nvo-acc-if)#exit Exit NVO access-if mode.
(config)#nvo vxlan id 200 ingress- Configure second VNID on this VTEP and enter NVO mode.
replication
(config-nvo)#vxlan host-reachability- Configure host-reachability-protocol as BGP-EVPN and
protocol evpn-bgp vrf_evpn_100 associate the VNID with vrf_evpn_100
(config-nvo)#exit Exit NVO mode.
(config)#nvo vxlan access-if port-vlan xe2 Configure access-port xe2 and map vlan 3
3
(config-nvo-acc-if)#map vnid 200 Map VNID 200 to access-port xe2.
(config-nvo-acc-if)#exit Exit NVO access-if mode.
(config)#commit Commit the configurations

Validation
CE1 and CE2 have hosts configured with MAC addresses, IP addresses, and VLAN identifiers as shown below.

VLAN IP Address Mac Address

VTEP1 CE-1 2 12.12.12.10 0000.0000.abab

VTEP2 CE-2 2 12.12.12.20 0000.0000.cdcd

VTEP1 CE-1 3 13.13.13.10 0000:0b60:25f2

VTEP2 CE-2 3 13.13.13.20 0000:0b60:25f3

Perform a tagged ping of VLAN 2 from CE1 to CE2 and vice-versa. Also perform a tagged ping of VLAN 3 from CE1 to
CE2 and vice-versa.

VTEP Tunnel Status

VTEP-1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
================================================================================

© 2024 IP Infusion Inc. Proprietary 53

VXLAN-EVPN Configuration

1.1.1.1 2.2.2.2 Installed 00:05:53 00:05:53

Total number of entries are 1

VTEP-2#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
================================================================================
2.2.2.2 1.1.1.1 Installed 00:05:46 00:05:46
Total number of entries are 1

VTEP ARP Cache

VTEP-1#sh nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
ARP Timeout : 300 sec Random-Jitter-Max : 640
VNID Ip-Addr Mac-Addr Type Age-Out
Retries-Left
____________________________________________________________________________
200 13.13.13.10 0000.0b60.25f2 Dynamic Local 246 2
200 13.13.13.20 0000.0b60.25f3 Dynamic Remote ------
100 12.12.12.20 0000.0000.cdcd Dynamic Remote ------
100 12.12.12.10 0000.0000.abab Dynamic Local 246 2
Total number of entries are 4

VTEP-2#sh nvo vxlan arp-cache

VXLAN ARP-CACHE Information
===========================
ARP Timeout : 300 sec Random-Jitter-Max : 640
VNID Ip-Addr Mac-Addr Type Age-
Out Retries-Left
____________________________________________________________________________
200 13.13.13.10 0000.0b60.25f2 Dynamic Remote -------
200 13.13.13.20 0000.0b60.25f3 Dynamic Local 257
2
100 12.12.12.10 0000.0000.abab Dynamic Remote -------
100 12.12.12.20 0000.0000.cdcd Dynamic Local 257
2
Total number of entries are 4

VTEP MAC Tables

VTEP-1#show nvo vxlan mac-table
================================================================================
VXLAN MAC Entries
================================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI Type
Status AccessPortDesc
________________________________________________________________________________

© 2024 IP Infusion Inc. Proprietary 54

VXLAN-EVPN Configuration

100 ---- ---- ---- 0000.0000.cdcd 2.2.2.2

Dynamic Remote ------- -------
100 xe1 2 ---- 0000.0000.abab 1.1.1.1
Dynamic Local ------- -------
200 xe2 3 ---- 0000.0b60.25f2 1.1.1.1
Dynamic Local ------- -------
200 ---- ---- ---- 0000.0b60.25f3 2.2.2.2
Dynamic Remote ------- -------
Total number of entries are : 4

VTEP-2#show nvo vxlan mac-table

================================================================================
VXLAN MAC Entries
================================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI Type Status AccessPortDesc
________________________________________________________________________________

100 xe1 2 ---- 0000.0000.cdcd 2.2.2.2 Dynamic Local ------- -------

100 ---- ---- ---- 0000.0000.abab 1.1.1.1 Dynamic Remote ------- -------
200 ---- ---- ---- 0000.0b60.25f2 1.1.1.1 Dynamic Remote ------- -------
200 xe2 3 ---- 0000.0b60.25f3 2.2.2.2 Dynamic Local ------- -------
Total number of entries are : 4

VTEP MAC-IP BGP EVPN Entries

VTEP-1#show bgp l2vpn evpn mac-ip
RD[1.1.1.1:1] VRF[vrf_evpn_100]:
ESI Eth-Tag Mac-Address IP-Address VNID L3VNID Nexthop GW-Type
0 100 0000:0000:abab 12.12.12.10 100 0 1.1.1.1 --
0 200 0000:0b60:25f2 13.13.13.10 200 0 1.1.1.1 --

RD[2.2.2.2:1]
ESI Eth-Tag Mac-Address IP-Address VNID L3VNID Nexthop GW-Type
0 100 0000:0000:cdcd 12.12.12.20 100 0 2.2.2.2 --
0 200 0000:0b60:25f3 13.13.13.20 200 0 2.2.2.2 --

VTEP-2#show bgp l2vpn evpn mac-ip

RD[1.1.1.1:1]
ESI Eth-Tag Mac-Address IP-Address VNID L3VNID Nexthop GW-Type
0 100 0000:0000:abab 12.12.12.10 100 0 1.1.1.1 --
0 200 0000:0b60:25f2 13.13.13.10 200 0 1.1.1.1 --

RD[2.2.2.2:1] VRF[vrf_evpn_100]:
ESI Eth-Tag Mac-Address IP-Address VNID L3VNID Nexthop GW-Type
0 100 0000:0000:cdcd 12.12.12.20 100 0 2.2.2.2 --
0 100 0000:0b60:25f2 13.13.13.10 100 0 2.2.2.2 --

LAG as Access Port with ECMP on the Network Side

This section contains basic VXLAN EVPN configuration with LAG as an access port and ECMP on the network side.

Topology
The procedures in this section use the topology in Figure 1-6.

© 2024 IP Infusion Inc. Proprietary 55

VXLAN-EVPN Configuration

Figure 1-6: VXLAN EVPN with LAG and ECMP

SW-1

#configure terminal Enter configure mode

(config)#bridge 1 protocol ieee vlan-bridge Configure IEEE vlan bridge
(config)#vlan database Enter into the vlan database
(config-vlan)#vlan 2 bridge 1 state enable Configure vlan 2 and associate with bridge 1
(config-vlan)#vlan 3 bridge 1 state enable Configure vlan 3 and associate with bridge 1
(config-vlan)#exit Exit from the vlan database
(config)#in xe41 Enter interface mode
(config-if)#no shutdown Make interface admin up
(config-if)#switchport Set the interface as Layer2 port
(config-if)#bridge-group 1 Associate the Interface with bridge-group.
(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode
(config-if)#switchport trunk allowed vlan Configure the VLANs that should be allowed through this
add 2 interface
(config-if)#switchport trunk allowed vlan Configure the VLANs that should be allowed through this
add 3 interface
(config-if)#exit Exit interface mode.
(config)#interface po1 Enter interface mode
(config-if)#switchport Set the interface as Layer2 port
(config-if)#exit Exit interface mode.
(config)#in xe29 Enter interface mode
(config-if)#switchport Set the interface as Layer2 port
(config-if)#channel-group 1 mode active Configure the interface to be part of port channel 1
(config-if)#exit Exit interface mode.
(config)#in xe30 Enter interface mode
(config-if)#switchport Set the interface as Layer2 port
(config-if)#channel-group 1 mode active Configure the interface to be part of port channel 1

© 2024 IP Infusion Inc. Proprietary 56

VXLAN-EVPN Configuration

(config-if)#exit Exit interface mode.

(config)#in xe31 Enter interface mode
(config-if)#switchport Set the interface as Layer2 port
(config-if)#channel-group 1 mode active Configure the interface to be part of port channel 1
(config-if)#exit Exit interface mode.
(config)#in xe32 Enter interface mode
(config-if)#switchport Set the interface as Layer2 port
(config-if)#channel-group 1 mode active Configure the interface to be part of port channel 1
(config-if)#exit Exit interface mode.
(config-if)#inter po1 Enter interface mode
(config-if)#bridge-group 1 Associate the Interface with bridge-group.
(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode
(config-if)#switchport trunk allowed vlan Configure the VLANs that should be allowed through this
add 2 interface
(config-if)#switchport trunk allowed vlan Configure the VLANs that should be allowed through this
add 3 interface
(config-if)#exit Exit interface mode.
(config)#commit Commit the configurations

VTEP-1

#configure terminal Enter configure mode

(config)#interface po1 Create interface po1
(config-if)#switchport Configure the interface as switchport.
(config-if)#exit Exit interface mode
(config)#interface xe3 Enter interface mode.
(config-if)#switchport Configure the interface as switchport.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode
(config)#interface xe5 Enter interface mode
(config-if)#switchport Configure the interface as switchport.
(config-if)#channel-group 1 mode active Configure the interface to be part of port channel 1
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode
(config)#interface xe6 Enter interface mode
(config-if)#switchport Configure the interface as switchport.
(config-if)#channel-group 1 mode active Configure the interface to be part of port channel 1
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode
(config)#interface xe7 Enter interface mode
(config-if)#switchport Configure the interface as switchport.

© 2024 IP Infusion Inc. Proprietary 57

VXLAN-EVPN Configuration

(config-if)#channel-group 1 mode active Configure the interface to be part of port channel 1

(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode
(config)#interface xe8 Enter interface mode
(config-if)#switchport Configure the interface as switchport.
(config-if)#channel-group 1 mode active Configure the interface to be part of port channel 1
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe1 Enter interface mode.
(config-if)#ip address 10.1.1.0/31 Configure IP address on the interface xe1.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe2 Enter interface mode.
(config-if)#ip address 10.1.1.2/31 Configure IP address on the interface xe2.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface lo Enter interface mode.
(config-if)#ip address 1.1.1.1/32 Configure IP address on the interface xe3.
secondary
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#router isis ABC Create an IS-IS routing instance (ABC).
(config-router)#is-type level-1 Configure instance as level-1-only routing.
(config-router)#net Set a Network Entity Title for this instance, specifying the
49.0001.1111.1111.1111.00 area address and the system ID.
(config-router)#exit Exit router mode.
(config)#interface xe1 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#interface xe2 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#interface lo Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface for area 49 (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#mac vrf vrf_evpn_100 Configure a new VRF named vrf_evpn_100.
(config-vrf)#rd 1.1.1.1:1 Assign the Route Distinguisher value.
(config-vrf)#route-target both 100:1 Configure route target to import and export the routes.

© 2024 IP Infusion Inc. Proprietary 58

VXLAN-EVPN Configuration

(config-vrf)#exit Exit VRF mode.

(config)#load-balance rtag7 Enable load balancing for RTAG7 globally.
(config)#load-balance rtag7 ipv4 src-ipv4 Enable load balancing for RTAG7 for IPv4 for source IP.
(config)#router bgp 65535 Define the routing process. The number 65535 specifies the
AS number of VTEP1.
(config-router)#bgp router-id 1.1.1.1 Configure router-id for this BGP process.
(config-router)#neighbor 2.2.2.2 remote-as Define BGP neighbor: 2.2.2.2 is the IP address of the neighbor
65535 (VTEP2), and 65535 is the neighbor’s AS number.
(config-router)# neighbor 2.2.2.2 update- Define BGP neighbor: 1.1.1.1 is the peer interface.
source 1.1.1.1
(config-router)#neighbor 3.3.3.3 remote-as Define BGP neighbor: 3.3.3.3 is the IP address of the neighbor
65535 (VTEP3), and 65535 is the neighbor’s AS number.
(config-router)# neighbor 3.3.3.3 update- Define BGP neighbor: 1.1.1.1 is the peer interface.
source 1.1.1.1
(config-router)#address-family l2vpn evpn Configure address-family L2VPN EVPN.
(config-router-af)#neighbor 2.2.2.2 Activate the neighbor at VTEP2 in the EVPN address family.
activate
(config-router-af)#neighbor 3.3.3.3 Activate the neighbor at VTEP3 in the EVPN address family.
activate
(config-router-af)#exit-adress-family Exit address-family mode.
(config-router)#exit Exit router mode.
(config)#nvo vxlan enable Enable VXLAN globally on this VTEP.
(config)#nvo vxlan vtep-ip-global 1.1.1.1 Assign a global IP to the VTEP.
(config)#nvo vxlan id 100001 ingress- Configure a VNID on this VTEP and enter NVO mode.
replication
(config-nvo)#vxlan host-reachability- Configure host-reachability-protocol as BGP-EVPN and
protocol evpn-bgp vrf_evpn_100 associate the VNID with VRF vrf_evpn_100.
(config-nvo)#exit Exit NVO mode.
(config)#nvo vxlan access-if port-vlan xe3 Configure access-port xe3 and map vlan 2
2
(config-nvo-acc-if)#map vnid 100001 Map VNID 100001 to access-port xe3.
(config-nvo-acc-if)#exit Exit NVO access-if mode.
(config)#nvo vxlan access-if port-vlan po1 Configure access-port po1 and map vlan 2
2
(config-nvo-acc-if)#map vnid 100001 Map VNID 100001 to access-port po1.
(config-nvo-acc-if)#exit Exit NVO access-if mode.
(config)#nvo vxlan id 200001 ingress- Configure second VNID on this VTEP and enter NVO mode.
replication
(config-nvo)#vxlan host-reachability- Configure host-reachability-protocol as BGP-EVPN and
protocol evpn-bgp vrf_evpn_100 associate the VNID with VRF vrf_evpn_100.
(config-nvo)#exit Exit NVO mode.
(config)#nvo vxlan access-if port-vlan xe3 Configure access-port xe3 and map vlan 3
3
(config-nvo-acc-if)#map vnid 200001 Map VNID 200001 to access-port xe3.
(config-nvo-acc-if)#exit Exit NVO access-if mode.

© 2024 IP Infusion Inc. Proprietary 59

VXLAN-EVPN Configuration

(config)#nvo vxlan access-if port-vlan po1 Configure access-port po1 and map vlan 3
3
(config-nvo-acc-if)#map vnid 200001 Map VNID 200001 to access-port xe3.
(config-nvo-acc-if)#exit Exit NVO access-if mode.
(config)#commit Commit the configurations

RR-1

#configure terminal Enter configure mode.

(config)#interface lo Enter interface mode
(config-if)#ip address 12.12.12.12/32 Set an IP address on the interface.
secondary
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe1 Enter interface mode.
(config-if)#ip address 10.1.1.1/31 Configure IP address on the interface xe1.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe2 Enter interface mode.
(config-if)#ip address 20.1.1.1/31 Configure IP address on the interface xe2.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe3 Enter intereface mode.
(config-if)#ip address 30.1.1.1/31 Configure IP address on the interface xe3.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#router isis ABC Create an IS-IS routing instance (ABC).
(config-router)#is-type level-1 Configure instance as level-1-only routing.
(config-router)#net Set a Network Entity Title for this instance, specifying the area
49.0001.4444.4444.4444.00 address and the system ID.
(config-router)#exit Exit router mode.
(config)#interface lo Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#interface xe1 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#interface xe2 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.

© 2024 IP Infusion Inc. Proprietary 60

VXLAN-EVPN Configuration

(config-if)#exit Exit interface mode.

(config)#interface xe3 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#commit Commit the configurations

RR-2

#configure terminal Enter configure mode.

(config)#interface lo Enter interface mode.
(config-if)#ip address 13.13.13.13/32 Set an IP address on the interface.
secondary
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe1 Enter interface mode.
(config-if)#ip address 10.1.1.3/31 Configure IP address on the interface xe1.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe2 Enter interface mode.
(config-if)#ip address 20.1.1.3/31 Configure IP address on the interface xe2.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe3 Enter interface mode.
(config-if)#ip address 30.1.1.3/31 Configure IP address on the interface xe3.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#router isis ABC Create an IS-IS routing instance (ABC).
(config-router)#is-type level-1 Configure instance as level-1-only routing.
(config-router)#net Set a Network Entity Title for this instance, specifying the area
49.0001.5555.5555.5555.00 address and the system ID.
(config-router)#exit Exit router mode.
(config)#interface lo Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#interface xe1 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#interface xe2 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).

© 2024 IP Infusion Inc. Proprietary 61

VXLAN-EVPN Configuration

(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.

(config-if)#exit Exit interface mode.
(config)#interface xe3 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#commit Commit the configurations

VTEP-2

#configure terminal Enter configure mode

(config)#interface po1 Enter interface mode
(config-if)#switchport Configure the interface as switchport
(config-if)#exit Exit interface mode
(config)#interface xe3 Enter interface mode
(config-if)#switchport Configure the interface as switchport.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe1 Enter interface mode.
(config-if)#ip address 20.1.1.0/31 Configure IP address on the interface xe1.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe2 Enter interface mode.
(config-if)#ip address 20.1.1.2/31 Configure IP address on the interface xe2.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface lo Enter interface mode.
(config-if)#ip address 2.2.2.2/32 Configure IP address on the interface xe3.
secondary
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#router isis ABC Create an IS-IS routing instance (ABC).
(config-router)#is-type level-1 Configure instance as level-1-only routing.
(config-router)#net Set a Network Entity Title for this instance, specifying the area
49.0001.2222.2222.2222.00 address and the system ID.
(config-router)#exit Exit router mode.
(config)#interface xe1 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#interface xe2 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).

© 2024 IP Infusion Inc. Proprietary 62

VXLAN-EVPN Configuration

(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.

(config-if)#exit Exit interface mode.
(config)#interface lo Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface for area 49 (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#mac vrf vrf_evpn_100 Configure a new VRF named vrf_evpn_100.
(config-vrf)#rd 1.1.1.1:1 Assign the Route Distinguisher value.
(config-vrf)#route-target both 100:1 Configure route target to import and export the routes.
(config-vrf)#exit Exit VRF mode.
(config)#load-balance rtag7 Enable load balancing for RTAG7 globally.
(config)#load-balance rtag7 ipv4 src-ipv4 Enable load balancing for RTAG7 for IPv4 for source IP.
(config)#router bgp 65535 Define the routing process. The number 65535 specifies the AS
number of VTEP1.
(config-router)#neighbor 1.1.1.1 remote-as Define BGP neighbor: 1.1.1.1 is the IP address of the neighbor
65535 (VTEP1), and 65535 is the neighbor’s AS number.
(config-router)#neighbor 1.1.1.1 update- Define BGP neighbor: 2.2.2.2 is the peer interface.
source 2.2.2.2
(config-router)#neighbor 3.3.3.3 remote-as Define BGP neighbor: 3.3.3.3 is the IP address of the neighbor
65535 (VTEP3), and 65535 is the neighbor’s AS number.
(config-router)#neighbor 3.3.3.3 update- Define BGP neighbor: 2.2.2.2 is the peer interface.
source 2.2.2.2
(config-router)#address-family l2vpn evpn Configure address-family L2VPN EVPN.
(config-router-af)#neighbor 1.1.1.1 Activate the neighbor at VTEP1 in the EVPN address family.
activate
(config-router-af)#neighbor 3.3.3.3 Activate the neighbor at VTEP3 in the EVPN address family.
activate
(config-router-af)#exit-adress-family Exit address-family mode.
(config-router)#exit Exit router mode.
(config)#nvo vxlan enable Enable VXLAN globally on this VTEP.
(config)#nvo vxlan vtep-ip-global 2.2.2.2 Assign a global IP to the VTEP.
(config)#nvo vxlan id 100001 ingress- Configure a VNID on this VTEP and enter NVO mode.
replication
(config-nvo)#vxlan host-reachability- Configure host-reachability-protocol as BGP-EVPN and
protocol evpn-bgp vrf_evpn_100 associate the VNID with VRF vrf_evpn_100.
(config-nvo)#exit Exit NVO mode.
(config)#nvo vxlan access-if port-vlan xe3 Configure access-port xe3 and map vlan 2
2
(config-nvo-acc-if)#map vnid 100001 Map VNID 100001 to access-port xe3.
(config-nvo-acc-if)#exit Exit NVO access-if mode.
(config)#nvo vxlan id 200001 ingress- Configure second VNID on this VTEP and enter NVO mode.
replication
(config-nvo)#vxlan host-reachability- Configure host-reachability-protocol as BGP-EVPN and
protocol evpn-bgp vrf_evpn_100 associate the VNID with VRF vrf_evpn_100.
(config-nvo)#exit Exit NVO mode.

© 2024 IP Infusion Inc. Proprietary 63

VXLAN-EVPN Configuration

(config)#nvo vxlan access-if port-vlan xe3 Configure access-port xe3 and map vlan 3
3
(config-nvo-acc-if)#map vnid 200001 Map VNID 200001 to access-port xe3.
(config-nvo-acc-if)#exit-adress-family Exit NVO access-if mode.
(config)#commit Commit the configurations

VTEP-3

#configure terminal Enter configure mode.

(config)#interface xe3 Enter interface mode.
(config-if)#switchport Configure the interface as switchport.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe1 Enter interface mode.
(config-if)#ip address 30.1.1.0/31 Configure IP address on the interface xe1.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface xe2 Enter interface mode.
(config-if)#ip address 30.1.1.2/31 Configure IP address on the interface xe2.
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#interface lo Enter interface mode.
(config-if)#ip address 3.3.3.3/32 Configure IP address on the loopback interface.
secondary
(config-if)#no shutdown Bring the interface into operation
(config-if)#exit Exit interface mode.
(config)#router isis ABC Create an IS-IS routing instance (ABC).
(config-router)#is-type level-1 Configure instance as level-1-only routing.
(config-router)#net Set a Network Entity Title for this instance, specifying the area
49.0001.3333.3333.3333.00 address and the system ID.
(config-router)#exit Exit router mode.
(config)#interface xe1 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#interface xe2 Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.
(config-if)#exit Exit interface mode.
(config)#interface lo Enter interface mode.
(config-if)#ip router isis ABC Enable IS-IS routing on an interface for area 49 (ABC).
(config-if)#isis circuit-type level-1 Configure instance as level-1-only routing.

© 2024 IP Infusion Inc. Proprietary 64

VXLAN-EVPN Configuration

(config-if)#exit Exit interface mode.

(config)#mac vrf vrf_evpn_100 Configure a new VRF named vrf_evpn_100.
(config-vrf)#rd 1.1.1.1:1 Assign the Route Distinguisher value.
(config-vrf)#route-target both 100:1 Configure route target to import and export the routes.
(config-vrf)#exit Exit VRF mode.
(config)#load-balance rtag7 Enable load balancing for RTAG7 globally.
(config)#load-balance rtag7 ipv4 src-ipv4 Enable load balancing for RTAG7 for IPv4 for source IP.
(config)#router bgp 65535 Define the routing process. The number 65535 specifies the AS
number of VTEP1.
(config-router)#neighbor 1.1.1.1 remote-as Define BGP neighbor: 1.1.1.1 is the IP address of the neighbor
65535 (RR1), and 65535 is the neighbor’s AS number.
(config-router)#neighbor 1.1.1.1 update- Define BGP neighbor: 3.3.3.3 is the peer interface.
source 3.3.3.3
(config-router)#neighbor 2.2.2.2 remote-as Define BGP neighbor: 2.2.2.2 is the IP address of the neighbor
65535 (VTEP3), and 65535 is the neighbor’s AS number.
(config-router)#neighbor 2.2.2.2 update- Define BGP neighbor: 3.3.3.3 is the peer interface.
source 3.3.3.3
(config-router)#address-family l2vpn evpn Configure address-family L2VPN EVPN.
(config-router-af)#neighbor 1.1.1.1 Activate the neighbor at VTEP1 in the EVPN address family.
activate
(config-router-af)#neighbor 2.2.2.2 Activate the neighbor at VTEP2 in the EVPN address family.
activate
(config-router-af)#exit-adress-family Exit address-family mode.
(config-router)#exit Exit router mode.
(config)#nvo vxlan enable Enable VXLAN globally on this VTEP.
(config)#nvo vxlan vtep-ip-global 3.3.3.3 Assign a global IP to the VTEP.
(config)#nvo vxlan id 100001 ingress- Configure a VNID on this VTEP and enter NVO mode.
replication
(config-nvo)#vxlan host-reachability- Configure host-reachability-protocol as BGP-EVPN and
protocol evpn-bgp vrf_evpn_100 associate the VNID with VRF vrf_evpn_100.
(config-nvo)#exit Exit NVO mode.
(config)#nvo vxlan access-if port-vlan xe3 Configure access-port xe3 and map vlan 2
2
(config-nvo-acc-if)#map vnid 100001 Map VNID 100001 to access-port xe3.
(config-nvo-acc-if)#exit-address-family Exit NVO access-if mode.
(config)#nvo vxlan id 200001 ingress- Configure second VNID on this VTEP and enter NVO mode.
replication
(config-nvo)#vxlan host-reachability- Configure host-reachability-protocol as BGP-EVPN and
protocol evpn-bgp vrf_evpn_100 associate the VNID with VRF vrf_evpn_100
(config-nvo)#exit Exit NVO mode.
(config)#nvo vxlan access-if port-vlan xe3 Configure access-port xe3 and map vlan 3
3
(config-nvo-acc-if)#map vnid 200001 Map VNID 200001 to access-port xe3.
(config-nvo-acc-if)#exit Exit NVO access-if mode.
(config)#commit Commit the configurations

© 2024 IP Infusion Inc. Proprietary 65

VXLAN-EVPN Configuration

Validation
CE1, CE2, CE3, and CE4 have hosts configured with MAC addresses, IP addresses, and VLAN identifiers as shown
below.

VLAN IP Address MAC Address

VTEP1 CE-1 2 12.12.12.10 0000.0000.aaaa

VTEP1 CE-2 2 12.12.12.20 0000.0000.bbbb

VTEP2 CE-3 2 12.12.12.30 0000.0000.cccc

VTEP3 CE-4 2 12.12.12.40 0000.0000.dddd

VTEP1 CE-1 3 14.14.14.10 0000.058e.2181

VTEP1 CE-2 3 14.14.14.20 0000.058e.2182

VTEP2 CE-3 3 14.14.14.30 0000.058e.2183

VTEP3 CE-4 3 14.14.14.40 0000.058e.2184

Perform a tagged ping of VLAN 2 from CE1 to CE2,CE3 and CE4 and vice-versa. Also perform a tagged ping of VLAN
3 from CE1 to CE2, CE3 and CE4 and vice-versa.

VTEP Tunnel Status

VTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
1.1.1.1 3.3.3.3 Installed 01:25:20 01:25:20
1.1.1.1 2.2.2.2 Installed 01:35:19 01:35:19
Total number of entries are 2

VTEP2#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
2.2.2.2 1.1.1.1 Installed 01:35:42 01:35:42
2.2.2.2 3.3.3.3 Installed 01:25:43 01:25:43
Total number of entries are 2

VTEP3#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
3.3.3.3 2.2.2.2 Installed 01:25:35 01:25:35
3.3.3.3 1.1.1.1 Installed 01:25:35 01:25:35
Total number of entries are 2

VTEP ARP Tables

VTEP-1#show nvo vxlan arp-cache

© 2024 IP Infusion Inc. Proprietary 66

VXLAN-EVPN Configuration

VXLAN ARP-CACHE Information

===========================
ARP Timeout : 300 sec Random-Jitter-Max : 640
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
_______________________________________________________________________________________
200 13.13.13.10 0000.0b60.25f2 Dynamic Local 246 2
200 13.13.13.20 0000.0b60.25f3 Dynamic Remote ------
100 12.12.12.20 0000.0000.cdcd Dynamic Remote ------
100 12.12.12.10 0000.0000.abab Dynamic Local 246 2
Total number of entries are 4

VTEP-2#sh nvo vxlan arp-cache

VXLAN ARP-CACHE Information
===========================
ARP Timeout : 300 sec Random-Jitter-Max : 640
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
______________________________________________________________________________________
200 13.13.13.10 0000.0b60.25f2 Dynamic Remote -------
200 13.13.13.20 0000.0b60.25f3 Dynamic Local 257 2
100 12.12.12.10 0000.0000.abab Dynamic Remote -------
100 12.12.12.20 0000.0000.cdcd Dynamic Local 257 2
Total number of entries are 4

VTEP3#show nvo vxlan arp-cache

VTEP MAC Tables

VTEP1#show nvo vxlan mac-table

© 2024 IP Infusion Inc. Proprietary 67

VXLAN-EVPN Configuration

VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI

Type Status AccessPortDesc
________________________________________________________________________________
_____________________________________________________________________

1 xe1/1 1000 2000 0000.339a.9abb 33.33.33.0

Dynamic Local ------- -------
1 ---- ---- ---- 0000.339a.9397 34.34.34.0
Dynamic Remote ------- -------

Total number of entries are : 2

VTEP2#show nvo vxlan mac-table

================================================================================
================================================================================
VXLAN MAC Entries
================================================================================
================================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
________________________________________________________________________________
_____________________________________________________________________

1 ---- ---- ---- 0000.339a.9abb 33.33.33.0

Dynamic Remote ------- -------
1 xe1/1 1000 2000 0000.339a.9397 34.34.34.0
Dynamic Local ------- -------

Total number of entries are : 2

VTEP MAC-IP BGP EVPN Entries

VTEP-1#show bgp l2vpn evpn mac-ip
RD[1.1.1.1:1] VRF[vrf_evpn_100]:
ESI Eth-Tag Mac-Address IP-Address VNID L3VNID
Nexthop GW-Type
0 100 0000:0000:abab 12.12.12.10 100 0
1.1.1.1 --
0 200 0000:0b60:25f2 13.13.13.10 200 0
1.1.1.1 --

RD[2.2.2.2:1]
ESI Eth-Tag Mac-Address IP-Address VNID L3VNID Nexthop
GW-Type
0 100 0000:0000:cdcd 12.12.12.20 100 0
2.2.2.2 --
0 200 0000:0b60:25f3 13.13.13.20 200 0
2.2.2.2 --

VTEP-2#show bgp l2vpn evpn mac-ip

© 2024 IP Infusion Inc. Proprietary 68

VXLAN-EVPN Configuration

RD[1.1.1.1:1]
ESI Eth-Tag Mac-Address IP-Address VNID L3VNID
Nexthop GW-Type
0 100 0000:0000:abab 12.12.12.10 100 0
1.1.1.1 --
0 200 0000:0b60:25f2 13.13.13.10 200 0
1.1.1.1 --

RD[2.2.2.2:1] VRF[vrf_evpn_100]:
ESI Eth-Tag Mac-Address IP-Address VNID L3VNID
Nexthop GW-Type
0 100 0000:0000:cdcd 12.12.12.20 100 0
2.2.2.2 --
0 100 0000:0b60:25f2 13.13.13.10 100 0
2.2.2.2 --

VTEP-3#show bgp l2vpn evpn mac-ip

RD[1.1.1.1:1] VRF[vrf_evpn_100]:
ESI Eth-Tag Mac-Address IP-Address
VNID L3VNID Nexthop GW-Type
0 100001 0000:0000:dddd --
100001 0 3.3.3.3 --
0 100001 0000:0000:dddd 12.12.12.40
100001 0 3.3.3.3 --
0 200001 0000:058e:2184 --
200001 0 3.3.3.3 --
0 200001 0000:058e:2184 14.14.14.40
200001 0 3.3.3.3 --

RD[1.1.1.1:1]
ESI Eth-Tag Mac-Address IP-Address
VNID L3VNID Nexthop GW-Type
0 100001 0000:0000:aaaa --
100001 0 1.1.1.1 --
0 100001 0000:0000:aaaa 12.12.12.10
100001 0 1.1.1.1 --
0 100001 0000:0000:bbbb --
100001 0 1.1.1.1 --
0 100001 0000:0000:bbbb 12.12.12.20
100001 0 1.1.1.1 --
0 100001 0000:0000:cccc --
100001 0 2.2.2.2 --
0 100001 0000:0000:cccc 12.12.12.30
100001 0 2.2.2.2 --
0 200001 0000:058e:2181 --
200001 0 1.1.1.1 --
0 200001 0000:058e:2181 14.14.14.10
200001 0 1.1.1.1 --
0 200001 0000:058e:2182 --
200001 0 1.1.1.1 --
0 200001 0000:058e:2182 14.14.14.20
200001 0 1.1.1.1 --
0 200001 0000:058e:2183 --
200001 0 2.2.2.2 --

© 2024 IP Infusion Inc. Proprietary 69

VXLAN-EVPN Configuration

0 200001 0000:058e:2183 14.14.14.30

200001 0 2.2.2.2 --

© 2024 IP Infusion Inc. Proprietary 70

VXLAN Multi-homing Configuration

CHAPTER 2 VXLAN Multi-homing Configuration

This chapter contains the configurations for VXLAN Multi-homing feature.

Overview
VXLAN EVPN Multi-homing features enables to connect a CE/Host node to two VTEPs with all-active redundancy
mode.EVPN Multi-homing helps in VTEP to host failure and VTEP failure. If one VTEP goes down, other will forward
the entire traffic.
Below are Multi-homing concepts:
• Ethernet Segment: Set of links which connect host/CE to two active-active multi-homed VTEP (only two VTEPs are
supported) which appears as LACP link for host.
• Ethernet Segment Identifier: Ethernet Segment Identifier (ESI) which is an 10 octet-value, which can be configured
in two ways, system mac is configured as esi in case of Dynamic Lag and 10-octet ESI format config is used on
physical interface ES.
• Ethernet Segment Route (ES route): When a multi-homed CE is configured as an VXLAN access-port, Ethernet
segment route is sent. The main purpose of this route is to discover other VTEPs which share the ES and to
perform DF election.
• Ethernet A-D route per ESI: This route is used for Fast Convergence and Split Horizon.
• Ethernet A-D route per EVI: This route is used for load sharing between DF and NON-DF by the remote VTEPs

© 2024 IP Infusion Inc. Proprietary 71

VXLAN Multi-homing Configuration

Topology

Figure 2-7: VxLAN-Multihoming

Note: Enable VXLAN MUTIHOMING before executing any configurations.

VXLAN-EVPN MH Configuration
ESI can be configured in below two ways

Ethernet Segment through Dynamic Lag interface

#configure terminal Enter configure mode.

(config)#interface po1 Enter interface mode for po1
(config-if)#switchport Make it L2 interface
(config-if)#evpn multi-homed system-mac Configure system mac as ESI value for Lag (po1) interface
8899.4400.6745

© 2024 IP Infusion Inc. Proprietary 72

VXLAN Multi-homing Configuration

(config-if)#exit Exit interface mode.

(config)#commit Commit the candidate configuration to the running
configuration
OR

Ethernet Segment through Physical interface

#configure terminal Enter configure mode.

(config)#interface xe41 Enter interface mode for xe41
(config-if)#switchport Make it L2 interface
(config-if)# evpn multi-homed esi Configure 9-octet ESI value for xe41 interface (in static config,
00:01:02:03:04:05:06:07:08 out of 10-octet ESI value, first octet is reserved)
(config-if)#exit Exit interface mode.
(config)#commit Commit the candidate configuration to the running
configuration

VTEP1
(Multi-homed group1) – Part of both Multi-homed with po1 (MH1)

© 2024 IP Infusion Inc. Proprietary 73

VXLAN Multi-homing Configuration

Generic Configuration
#configure terminal Enter Configure mode.
(config)#evpn vxlan multihoming enable Enable Multihoming, save configs and reboot the board for
multihoming to be effective
(config)#qos enable Enabling QoS
(config)#commit Commit the candidate configuration to the running
configuration

Interface and Loopback Configuration

(config)#interface po1 Enter Interface mode for po1 (MH1)
(config-if)#switchport Make it L2 interface
(config-if)# evpn multi-homed system-mac Configure system MAC as ESI value for LAG (po1) interface
0000.0000.1111
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe9 Enter Interface mode for xe9
(config-if)#channel-group 1 mode active Make it member port of po1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe10 Enter Interface mode for xe10
(config-if)#channel-group 1 mode active Make it member port of po1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 1.1.1.1/32 secondary Configure loopback ip address as 1.1.1.1 for VTEP1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe8 Enter Interface mode for xe8
(config-if)#ip address 10.10.10.1/24 Configure IP address as 10.10.10.1 on network side of Spine1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe31 Enter Interface mode for xe31
(config-if)#ip address 20.20.20.1/24 Configure IP address as 20.20.20.1 on network side of Spine2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

OSPF Configuration

(config)#router ospf 100 Enter into router OSPF mode

© 2024 IP Infusion Inc. Proprietary 74

VXLAN Multi-homing Configuration

(config-router)#bfd all-interfaces Enabling BFD on all OSPF interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

BGP Configuration
(config)#router bgp 500 Enter into Router BGP mode
(config-router)#bgp router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo IP address)
(config-router)#neighbor 2.2.2.2 remote-as Specify a VTEP2 loopback IP address and remote-as defined
500
(config-router)#neighbor 2.2.2.2 update- Configure update as loopback for VTEP2
source lo
(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP2
(config-router)#neighbor 3.3.3.3 remote-as Specify a VTEP3 loopback IP address and remote-as defined
500
(config-router)#neighbor 3.3.3.3 update- Configure update as loopback for VTEP3
source lo
(config-router)#neighbor 3.3.3.3 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP3
(config-router)#address-family ipv4 unicast Enter into ipv4 unicast address family mode
(config-router-af)#network 1.1.1.1/32 Advertise loopback network into BGP for VTEP ID reachability
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2 (VTEP2) into ipv4 unicast address family
mode
(config-router-af)#neighbor 3.3.3.3 activate Activate 3.3.3.3 (VTEP2) into ipv4 unicast address family
mode
(config-router-af)#exit-address-family Exit from ipv4 unicast address family mode
(config-router)#address-family l2vpn evpn Enter into L2VPN EVPN address family mode
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2 (VTEP2) into L2VPN evpn address family
mode
(config-router-af)#neighbor 3.3.3.3 activate Activate 3.3.3.3 (VTEP3) into L2VPN evpn address family
mode
(config-router-af)#exit-address-family Exit from L2VPN address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 75

VXLAN Multi-homing Configuration

VRF Configuration
(config)#mac vrf VRF1 Create mac routing/forwarding instance with VRF1 name and
enter into VRF mode
(config-vrf)#rd 1.1.1.1:11 Assign RD value
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for VRF1
(config-vrf)#exit Exit from VRF mode
(config)#mac vrf VRF2 Create MAC routing/forwarding instance with VRF1 name and
enter into VRF mode
(config-vrf)#rd 1.1.1.1:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export
90.90.90.90:100
(config-vrf)#exit Exit from VRF mode
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 76

VXLAN Multi-homing Configuration

VxLAN Configuration
(config)#nvo vxlan enable Enable VxLAN
(config)#evpn esi hold-time 90 Configure ESI hold time to allow tunnel to come up at the time
of VxLAN initialization before making the ESI up
(config)#nvo vxlan vtep-ip-global 1.1.1.1 Configure Source VTEP-IP-global configuration
(config)#nvo vxlan id 10 ingress-replication Configure VxLAN Network identifier with/without inner-VID-
inner-vid-disabled disabled configure and enter into VxLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp VRF1
(config-nvo)#vni-name VNI-RED Configure VNI-name as VNI-RED
(config-nvo)#exit Exit from VxLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 20 ingress-replication Configure VxLAN Network identifier with/without inner-VID-
inner-vid-disabled disabled configure and enter into VxLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp VRF2
(config-nvo)#vni-name VNI-BLUE Configure VNI-name as VNI-BLUE
(config-nvo)#exit Exit from VxLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan access-if port-vlan po1 Enable port-VLAN mapping i.e. access port to outer-VLAN
1001 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vni-name VNI-RED Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan po1 Enable port-VLAN mapping i.e. access port to outer-VLAN
1002 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vni-name VNI-RED Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan po1 Enable port-VLAN mapping i.e. access port to outer-VLAN
3001 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vni-name VNI-BLUE Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#exit Exit from configuration mode

VTEP2
(Multi-homed group1) – Part of both Multi-homed with p01. And it has xe32 as single home access-if port (SH2)

© 2024 IP Infusion Inc. Proprietary 77

VXLAN Multi-homing Configuration

Interface and Loopback Configuration

(config)#interface po1 Enter Interface mode for po1 (MH1)
(config-if)#switchport Make it L2 interface
(config-if)# evpn multi-homed system-mac Configure system MAC as ESI value for LAG (po1) interface
0000.0000.1111
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe3 Enter Interface mode for xe3
(config-if)#channel-group 1 mode active Make it member port of po1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe4 Enter Interface mode for xe4
(config-if)#channel-group 1 mode active Make it member port of po1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe32 Enter Interface mode for xe32 (SH2)
(config-if)#switchport Make it L2 interface
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 2.2.2.2/32 secondary Configure loopback IP address as 2.2.2.2 for VTEP2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe21 Enter Interface mode for xe21
(config-if)#ip address 30.30.30.1/24 Configure IP address as 30.30.30.1 on network side of Spine1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce53 Enter Interface mode for ce53
(config-if)#ip address 40.40.40.1/24 Configure IP address as 40.40.40.1 on network side of Spine2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

OSPF Configuration
(config)#router ospf 100 Enter into router OSPF mode
(config-router)#ospf router-id 2.2.2.2 Configure router-id as 2.2.2.2 (lo IP address)
(config-router)#network 2.2.2.2/32 area Add 2.2.2.2 (lo IP address) network into area 0
0.0.0.0
(config-router)#network 30.30.30.0/24 area Add 30.30.30.0 (Spine1) network into area 0
0.0.0.0
(config-router)#network 40.40.40.0/24 area Add 40.40.40.0 (Spine2) network into area 0
0.0.0.0

© 2024 IP Infusion Inc. Proprietary 78

VXLAN Multi-homing Configuration

BGP Configuration
(config)#router bgp 500 Enter into Router BGP mode
(config-router)#bgp router-id 2.2.2.2 Configure router-id as 2.2.2.2 (lo IP address)
(config-router)#neighbor 1.1.1.1 remote-as Specify a VTEP1 loopback IP address and remote-as defined
500
(config-router)#neighbor 1.1.1.1 update- Configure update as loopback for VTEP1
source lo
(config-router)#neighbor 1.1.1.1 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
(config-router)#neighbor 3.3.3.3 remote-as Specify a VTEP3 loopback IP address and remote-as defined
500
(config-router)#neighbor 3.3.3.3 update- Configure update as loopback for VTEP3
source lo
(config-router)#neighbor 3.3.3.3 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP3
(config-router)#address-family ipv4 unicast Enter into ipv4 unicast address family mode
(config-router-af)#network 2.2.2.2/32 Advertise loopback network into BGP for VTEP ID reachability
(config-router-af)#neighbor 1.1.1.1 activate Activate 1.1.1.1 (VTEP2) into ipv4 unicast address family
mode
(config-router-af)#neighbor 3.3.3.3 activate Activate 3.3.3.3 (VTEP2) into ipv4 unicast address family
mode
(config-router-af)#exit-address-family Exit from ipv4 unicast address family mode
(config-router)#address-family l2vpn evpn Enter into L2VPN EVPN address family mode
(config-router-af)#neighbor 1.1.1.1 activate Activate 1.1.1.1(VTEP1) into L2VPN evpn address family
mode
(config-router-af)#neighbor 3.3.3.3 activate Activate 3.3.3.3(VTEP3) into L2VPN evpn address family
mode
(config-router-af)#exit-address-family Exit from L2VPN address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 79

VXLAN Multi-homing Configuration

VRF Configuration
(config)# mac vrf VRF1 Create mac routing/forwarding instance with VRF1 name and
enter into VRF mode
(config-vrf)#rd 2.2.2.2:11 Assign RD value
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for VRF1
(config-vrf)#exit Exit from VRF mode
(config)#mac vrf VRF2 Create MAC routing/forwarding instance with VRF1 name and
enter into VRF mode
(config-vrf)#rd 2.2.2.2:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export
90.90.90.90:100
(config-vrf)#exit Exit from VRF mode
(config)#commit Commit the candidate configuration to the running
configuration

VxLAN Configuration
(config)#nvo vxlan enable Enable VxLAN
(config)#evpn esi hold-time 90 Configure ESI hold time to allow tunnel to come up at the time
of VxLAN initialization before making the ESI up
(config)#nvo vxlan vtep-ip-global 2.2.2.2 Configure Source VTEP-IP-global configuration
(config)#nvo vxlan id 10 ingress-replication Configure VxLAN Network identifier with/without inner-VID-
inner-vid-disabled disabled configure and enter into VxLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp VRF1
(config-nvo)#vni-name VNI-RED Configure VNI-name as VNI-RED
(config-nvo)#exit Exit from VxLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 20 ingress-replication Configure VxLAN Network identifier with/without inner-VID-
inner-vid-disabled disabled configure and enter into VxLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp VRF2
(config-nvo)#vni-name VNI-BLUE Configure VNI-name as VNI-BLUE
(config-nvo)#exit Exit from VxLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan access-if port-vlan po1 Enable port-VLAN mapping i.e. access port to outer-VLAN
1001 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vni-name VNI-RED Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan po1 Enable port-VLAN mapping i.e. access port to outer-VLAN
1002 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vni-name VNI-RED Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan po1 Enable port-VLAN mapping i.e. access port to outer-VLAN
3001 (SVLAN) - Multihomed access port

© 2024 IP Infusion Inc. Proprietary 80

VXLAN Multi-homing Configuration

(config-nvo-acc-if)#map vni-name VNI-BLUE Map VxLAN Identified to access-port for VxLAN

(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port xe32 Enable port-VLAN mapping i.e. access port to outer-VLAN
(SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vni-name VNI-RED Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#exit Exit from configuration mode

VTEP3
It has xe48 as Single home access-if port (SH2)

Interface and loopback configuration

(config)#interface xe48 Enter Interface mode for xe48 (SH3)
(config-if)#switchport Make it L2 interface
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 3.3.3.3/32 secondary Configure loopback IP address as 3.3.3.3 for VTEP3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe18 Enter Interface mode for xe18
(config-if)#ip address 50.50.50.1/24 Configure IP address as 50.50.50.1 on network side of Spine1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe19 Enter Interface mode for xe19
(config-if)#ip address 60.60.60.1/24 Configure IP address as 60.60.60.1 on network side of Spine2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 81

VXLAN Multi-homing Configuration

OSPF Configuration

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 3.3.3.3 Configure router-ID as 3.3.3.3 (lo IP address)
(config-router)#network 3.3.3.3/32 area Add 3.3.3.3 (lo IP address) network into area 0
0.0.0.0
(config-router)#network 50.50.50.0/24 area Add 50.50.50.0 (Spine1) network into area 0
0.0.0.0
(config-router)#network 60.60.60.0/24 area Add 60.60.60.0 (Spine2) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling BFD on all OSPF interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 82

VXLAN Multi-homing Configuration

BGP Configuration
(config)#router bgp 500 Enter into Router BGP mode
(config-router)#bgp router-id 3.3.3.3 Configure router-ID as 3.3.3.3 (lo ip address)
(config-router)#neighbor 1.1.1.1 remote-as Specify a VTEP1 loopback IP address and remote-as defined
500
(config-router)#neighbor 1.1.1.1 update- Configure update as loopback for VTEP1
source lo
(config-router)#neighbor 1.1.1.1 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
(config-router)#neighbor 2.2.2.2 remote-as Specify a VTEP2 loopback IP address and remote-as defined
500
(config-router)#neighbor 2.2.2.2 update- Configure update as loopback for VTEP2
source lo
(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP3
(config-router)#address-family ipv4 unicast Enter into ipv4 unicast address family mode
(config-router-af)#network 3.3.3.3/32 Advertise loopback network into BGP for VTEP ID reachability
(config-router-af)#neighbor 1.1.1.1 activate Activate 1.1.1.1 (VTEP2) into ipv4 unicast address family
mode
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2 (VTEP2) into ipv4 unicast address family
mode
(config-router-af)#exit-address-family Exit from ipv4 unicast address family mode
(config-router)#address-family l2vpn evpn Enter into L2VPN EVPN address family mode
(config-router-af)#neighbor 1.1.1.1 activate Activate 1.1.1.1 (VTEP1) into L2VPN evpn address family
mode
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2 (VTEP2) into L2VPN evpn address family
mode
(config-router-af)#exit-address-family Exit from L2VPN address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 83

VXLAN Multi-homing Configuration

VRF Configuration
(config)# mac vrf VRF1 Create MAC routing/forwarding instance with VRF1 name and
enter into VRF mode
(config-vrf)#rd 3.3.3.3:11 Assign RD value
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for VRF1
(config-vrf)#exit Exit from VRF mode
(config)#mac vrf VRF2 Create MAC routing/forwarding instance with VRF2 name and
enter into VRF mode
(config-vrf)#rd 3.3.3.3:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export
90.90.90.90:100
(config-vrf)#exit Exit from VRF
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 84

VXLAN Multi-homing Configuration

VxLAN Configuration
(config)#nvo vxlan enable Enable VxLAN
(config)#nvo vxlan vtep-ip-global 3.3.3.3 Configure Source VTEP-IP-global configuration
(config)#nvo vxlan id 10 ingress-replication Configure VxLAN Network identifier with/without inner-VID-
inner-vid-disabled disabled configure and enter into VxLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp VRF1
(config-nvo)#vni-name VNI-RED Configure VNI-name as VNI-RED
(config-nvo)#exit Exit from VxLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 20 ingress-replication Configure VxLAN Network identifier with/without inner-VID-
inner-vid-disabled disabled configure and enter into VxLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp VRF2
(config-nvo)#vni-name VNI-BLUE Configure VNI-name as VNI-BLUE
(config-nvo)#exit Exit from VxLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan access-if port-vlan xe48 Enable port-VLAN mapping i.e. access port to outer-VLAN
1001 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vni-name VNI-RED Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan xe48 Enable port-VLAN mapping i.e. access port to outer-VLAN
1002 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vni-name VNI-RED Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan xe48 Enable port-VLAN mapping i.e. access port to outer-VLAN
3001 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vni-name VNI-BLUE Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#exit Exit from configuration mode

Switch (CE2)
Multihomed to 2-VTEPs (VTEP1 and VTEP2)

#configure terminal Enter Configure mode.

(config)#bridge 1 protocol ieee vlan-bridge Configure IEEE VLAN bridge
(config)#vlan 1001-1002 bridge 1 state Configure VLANs from 1001-1002 and associate with bridge 1
enable
(config)#vlan 3001 bridge 1 state enable Configure VLANs from 3001 and associate with bridge 1
(config)#interface xe22 Enter Interface mode for xe22
(config-if)#switchport Make xe22 as L2 port by configuring switchport

© 2024 IP Infusion Inc. Proprietary 85

VXLAN Multi-homing Configuration

(config-if)#bridge-group 1 Associate xe22 to bridge 1

(config-if)#switchport mode hybrid Configure xe22 as hybrid port
(config-if)#switchport hybrid allowed vlan Allow 1001-1002 and 3001 configured VLANs on xe22
add 1001-1002,3001 egress-tagged enable
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po1 Enter Interface mode for po1
(config-if)#switchport Make po1 as L2 port by configuring switchport
(config-if)#bridge-group 1 Associate po1 to bridge 1
(config-if)#switchport mode hybrid Configure po1 as hybrid port
(config-if)#switchport hybrid allowed vlan Allow 1001-1002 and 3001 configured VLANs on po1
add 1001-1002,3001 egress-tagged enable
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe3 Enter Interface mode for xe3
(config-if)#channel-group 1 mode active Make it member port of po1
(config)#interface xe4 Enter Interface mode for xe4
(config-if)#channel-group 1 mode active Make it member port of po1
(config)#exit Exit from configuration mode
(config)#interface xe9 Enter Interface mode for xe9
(config-if)#channel-group 1 mode active Make it member port of po1
(config)#interface xe10 Enter Interface mode for xe10
(config-if)#channel-group 1 mode active Make it member port of po1
(config)#exit Exit from configuration mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#exit Exit from configuration mode

Spine 1
Spine node where all VTEPs are connected

© 2024 IP Infusion Inc. Proprietary 86

VXLAN Multi-homing Configuration

Generic Configuration
#configure terminal Enter Configure mode.
(config)#qos enable Enabling QoS
(config)#commit Commit the candidate configuration to the running
configuration

Interface and Loopback Configuration

#configure terminal Enter Configure mode.
(config)#qos enable Enabling QoS
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 11.11.11.11/32 Configure loopback IP address as 11.11.11.11 for Spine1
secondary
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe8 Enter Interface mode for xe8
(config-if)#ip address 10.10.10.2/24 Configure IP address as 10.10.10.2 on network side of
VTEP1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe1 Enter Interface mode for xe1
(config-if)#ip address 30.30.30.2/24 Configure IP address as 30.30.30.2 on network side of
VTEP2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe18 Enter Interface mode for xe18
(config-if)#ip address 50.50.50.2/24 Configure IP address as 50.50.50.2 on network side of
VTEP3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

OSPF configuration

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 11.11.11.11 Configure router-ID as 11.11.11.11 (lo IP address)
(config-router)#network 11.11.11.11/32 area Add 11.11.11.11 (lo IP address) network into area 0
0.0.0.0
(config-router)#network 10.10.10.0/24 area Add 10.10.10.0 (VTEP1) network into area 0
0.0.0.0
(config-router)#network 30.30.30.0/24 area Add 30.30.30.0 (VTEP2) network into area 0
0.0.0.0
(config-router)#network 50.50.50.0/24 area Add 50.50.50.0 (VTEP3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling BFD on all OSPF interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 87

VXLAN Multi-homing Configuration

Spine 2
Spine node where all VTEPs are connected

Generic configuration
#configure terminal Enter Configure mode.
(config)#qos enable Enabling QoS
(config)#commit Commit the candidate configuration to the running
configuration

Interface and loopback configuration

(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 22.22.22.22/32 Configure loopback IP address as 22.22.22.22 for Spine2
secondary
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe5 Enter Interface mode for xe5
(config-if)#ip address 20.20.20.2/24 Configure IP address as 20.20.20.2 on network side of
VTEP1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce0 Enter Interface mode for ce0
(config-if)#ip address 40.40.40.2/24 Configure IP address as 40.40.40.2 on network side of
VTEP2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe19 Enter Interface mode for xe19
(config-if)#ip address 60.60.60.2/24 Configure IP address as 60.60.60.2 on network side of
VTEP3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

OSPF configuration
(config)#router ospf 100 Enter into router OSPF mode
(config-router)#ospf router-id 22.22.22.22 Configure router-id as 11.11.11.11 (lo IP address)
(config-router)#network 22.22.22.22/32 area Add 22.22.22.22 (lo IP address) network into area 0
0.0.0.0
(config-router)#network 20.20.20.0/24 area Add 20.20.20.0 (VTEP1) network into area 0
0.0.0.0
(config-router)#network 40.40.40.0/24 area Add 40.40.40.0 (VTEP2) network into area 0
0.0.0.0
(config-router)#network 60.60.60.0/24 area Add 60.60.60.0 (VTEP3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling BFD on all OSPF interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 88

VXLAN Multi-homing Configuration

Validation

VTEP1

VTEP1#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
__________________________
10 VNI-RED L2 NW ---- ---- ---- ----
1.1.1.1 3.3.3.3
10 VNI-RED L2 NW ---- ---- ---- ----
1.1.1.1 2.2.2.2
10 VNI-RED -- AC po1 00:00:00:00:00:11:11:00:00:00 1001 NON-DF
---- ----
10 VNI-RED -- AC po1 00:00:00:00:00:11:11:00:00:00 1002 DF
---- ----
20 VNI-BLUE L2 NW ---- ---- ---- ----
1.1.1.1 3.3.3.3
20 VNI-BLUE L2 NW ---- ---- ---- ----
1.1.1.1 2.2.2.2
20 VNI-BLUE -- AC po1 00:00:00:00:00:11:11:00:00:00 3001 NON-DF
---- ----

Total number of entries are 7

VTEP1#show nvo vxlan access-if brief

Inner Admin Link

Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
po1 1002 --- 500001 10 up up
po1 1001 --- 500000 10 up up
po1 3001 --- 500002 20 up up

Total number of entries are 3

VTEP1#show bgp l2vpn evpn summary

BGP router identifier 1.1.1.1, local AS number 500
BGP table version is 6
1 BGP AS-PATH entries
0 BGP community entries

© 2024 IP Infusion Inc. Proprietary 89

VXLAN Multi-homing Configuration

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
2.2.2.2 4 500 161 163 5 0 0 01:05:15
6 3 0 2 1 0
3.3.3.3 4 500 157 161 5 0 0 01:05:07
2 0 0 2 0 0

Total number of neighbors 2

Total number of Established sessions 2

VTEP1#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
1.1.1.1 3.3.3.3 Installed 00:31:11 00:31:11
1.1.1.1 2.2.2.2 Installed 01:05:25 00:31:11

Total number of entries are 2

VTEP1#show bgp l2vpn evpn multihoming es-route

RD[1.1.1.1:1] VRF[evpn-gvrf-1]:
ESI PE IP-Address Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 1.1.1.1 1.1.1.1 VXLAN
00:00:00:00:00:11:11:00:00:00 2.2.2.2 2.2.2.2 VXLAN

RD[2.2.2.2:1]
ESI PE IP-Address Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 2.2.2.2 2.2.2.2 VXLAN

VTEP1#show bgp l2vpn evpn multihoming ethernet-ad-per-es

RD[1.1.1.1:1] VRF[evpn-gvrf-1]:
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 4294967295 0 1.1.1.1 VXLAN

RD[1.1.1.1:11] VRF[VRF1]:
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 4294967295 0 2.2.2.2 VXLAN

RD[1.1.1.1:21] VRF[VRF2]:
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 4294967295 0 2.2.2.2 VXLAN

RD[2.2.2.2:1]
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 4294967295 0 2.2.2.2 VXLAN
VTEP1#show bgp l2vpn evpn multihoming ethernet-ad-per-evi

RD[1.1.1.1:11] VRF[VRF1]:

© 2024 IP Infusion Inc. Proprietary 90

VXLAN Multi-homing Configuration

ESI Eth-Tag VNID/LABEL Nexthop IP Encap

00:00:00:00:00:11:11:00:00:00 10 10 2.2.2.2 VXLAN
00:00:00:00:00:11:11:00:00:00 10 10 1.1.1.1 VXLAN

RD[1.1.1.1:21] VRF[VRF2]:
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 20 20 2.2.2.2 VXLAN
00:00:00:00:00:11:11:00:00:00 20 20 1.1.1.1 VXLAN

RD[2.2.2.2:11]
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 10 10 2.2.2.2 VXLAN

RD[2.2.2.2:21]
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 20 20 2.2.2.2 VXLAN

VTEP1#show bgp l2vpn evpn

BGP table version is 6, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[1.1.1.1:1] VRF[evpn-gvrf-1]:
*> [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 32768 i -------
--- VXLAN
*> [4]:[00:00:00:00:00:11:11:00:00:00]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i -------
--- VXLAN
* i [4]:[00:00:00:00:00:11:11:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN

RD[1.1.1.1:11] VRF[VRF1]:
* i [1]:[00:00:00:00:00:11:11:00:00:00]:[10]:[10]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
*> 1.1.1.1 0 100 32768 i -------
--- VXLAN
* i [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]

© 2024 IP Infusion Inc. Proprietary 91

VXLAN Multi-homing Configuration

2.2.2.2 0 100 0 i 2.2.2.2

VXLAN
*> [3]:[10]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i -------
--- VXLAN
* i [3]:[10]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
* i [3]:[10]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3
VXLAN

RD[1.1.1.1:21] VRF[VRF2]:
* i [1]:[00:00:00:00:00:11:11:00:00:00]:[20]:[20]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
*> 1.1.1.1 0 100 32768 i -------
--- VXLAN
* i [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
*> [3]:[20]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i -------
--- VXLAN
* i [3]:[20]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
* i [3]:[20]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3
VXLAN

RD[2.2.2.2:1]
*>i [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
*>i [4]:[00:00:00:00:00:11:11:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN

RD[2.2.2.2:11]
*>i [1]:[00:00:00:00:00:11:11:00:00:00]:[10]:[10]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
*>i [3]:[10]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN

RD[2.2.2.2:21]
*>i [1]:[00:00:00:00:00:11:11:00:00:00]:[20]:[20]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
*>i [3]:[20]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN

© 2024 IP Infusion Inc. Proprietary 92

VXLAN Multi-homing Configuration

RD[3.3.3.3:11]
*>i [3]:[10]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3
VXLAN

RD[3.3.3.3:21]
*>i [3]:[20]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3
VXLAN

Total number of prefixes 21

VTEP2
VTEP2#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
__________________________
10 VNI-RED L2 NW ---- ---- ---- ----
2.2.2.2 1.1.1.1
10 VNI-RED L2 NW ---- ---- ---- ----
2.2.2.2 3.3.3.3
10 VNI-RED -- AC xe32 --- Single Homed Port --- ---- ----
---- ----
10 VNI-RED -- AC po1 00:00:00:00:00:11:11:00:00:00 1001 DF
---- ----
10 VNI-RED -- AC po1 00:00:00:00:00:11:11:00:00:00 1002 NON-DF
---- ----
20 VNI-BLUE L2 NW ---- ---- ---- ----
2.2.2.2 1.1.1.1
20 VNI-BLUE L2 NW ---- ---- ---- ----
2.2.2.2 3.3.3.3
20 VNI-BLUE -- AC po1 00:00:00:00:00:11:11:00:00:00 3001 DF
---- ----

Total number of entries are 8

VTEP2#show nvo vxlan access-if

% Incomplete command.

VTEP2#show nvo vxlan access-if brief

Inner Admin Link

Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------

© 2024 IP Infusion Inc. Proprietary 93

VXLAN Multi-homing Configuration

xe32 --- --- 500004 10 up up

po1 1002 --- 500001 10 up up
po1 1001 --- 500000 10 up up
po1 3001 --- 500002 20 up up

Total number of entries are 4

VTEP2#show bgp l2vpn evpn summary

BGP router identifier 2.2.2.2, local AS number 500
BGP table version is 4
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
1.1.1.1 4 500 172 171 4 0 0 01:09:28
6 3 0 2 1 0
3.3.3.3 4 500 165 173 4 0 0 01:09:29
2 0 0 2 0 0

Total number of neighbors 2

Total number of Established sessions 2

VTEP2#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
2.2.2.2 1.1.1.1 Installed 01:09:38 00:35:24
2.2.2.2 3.3.3.3 Installed 01:09:39 01:09:39

Total number of entries are 2

VTEP2#show bgp l2vpn evpn multihoming es-route

RD[1.1.1.1:1]
ESI PE IP-Address Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 1.1.1.1 1.1.1.1 VXLAN

RD[2.2.2.2:1] VRF[evpn-gvrf-1]:
ESI PE IP-Address Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 1.1.1.1 1.1.1.1 VXLAN
00:00:00:00:00:11:11:00:00:00 2.2.2.2 2.2.2.2 VXLAN
VTEP2#show bgp l2vpn evpn multihoming ethernet-ad-per-es

RD[1.1.1.1:1]
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 4294967295 0 1.1.1.1 VXLAN

RD[2.2.2.2:1] VRF[evpn-gvrf-1]:
ESI Eth-Tag VNID/LABEL Nexthop IP Encap

© 2024 IP Infusion Inc. Proprietary 94

VXLAN Multi-homing Configuration

00:00:00:00:00:11:11:00:00:00 4294967295 0 2.2.2.2 VXLAN

RD[2.2.2.2:11] VRF[VRF1]:
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 4294967295 0 1.1.1.1 VXLAN

RD[2.2.2.2:21] VRF[VRF2]:
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 4294967295 0 1.1.1.1 VXLAN

VTEP2#show bgp l2vpn evpn multihoming ethernet-ad-per-evi

RD[1.1.1.1:11]
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 10 10 1.1.1.1 VXLAN

RD[1.1.1.1:21]
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 20 20 1.1.1.1 VXLAN

RD[2.2.2.2:11] VRF[VRF1]:
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 10 10 2.2.2.2 VXLAN
00:00:00:00:00:11:11:00:00:00 10 10 1.1.1.1 VXLAN

RD[2.2.2.2:21] VRF[VRF2]:
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 20 20 2.2.2.2 VXLAN
00:00:00:00:00:11:11:00:00:00 20 20 1.1.1.1 VXLAN

VTEP2# show bgp l2vpn evpn

BGP table version is 4, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[1.1.1.1:1]
*>i [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
*>i [4]:[00:00:00:00:00:11:11:00:00:00]:[32,1.1.1.1]

© 2024 IP Infusion Inc. Proprietary 95

VXLAN Multi-homing Configuration

1.1.1.1 0 100 0 i 1.1.1.1

VXLAN

RD[1.1.1.1:11]
*>i [1]:[00:00:00:00:00:11:11:00:00:00]:[10]:[10]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
*>i [3]:[10]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN

RD[1.1.1.1:21]
*>i [1]:[00:00:00:00:00:11:11:00:00:00]:[20]:[20]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
*>i [3]:[20]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN

RD[2.2.2.2:1] VRF[evpn-gvrf-1]:
*> [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 32768 i -------
--- VXLAN
* i [4]:[00:00:00:00:00:11:11:00:00:00]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
*> [4]:[00:00:00:00:00:11:11:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 32768 i -------
--- VXLAN

RD[2.2.2.2:11] VRF[VRF1]:
*> [1]:[00:00:00:00:00:11:11:00:00:00]:[10]:[10]
2.2.2.2 0 100 32768 i -------
--- VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
* i [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
* i [3]:[10]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
*> [3]:[10]:[32,2.2.2.2]
2.2.2.2 0 100 32768 i -------
--- VXLAN
* i [3]:[10]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3
VXLAN

RD[2.2.2.2:21] VRF[VRF2]:
*> [1]:[00:00:00:00:00:11:11:00:00:00]:[20]:[20]
2.2.2.2 0 100 32768 i -------
--- VXLAN

© 2024 IP Infusion Inc. Proprietary 96

VXLAN Multi-homing Configuration

* i 1.1.1.1 0 100 0 i 1.1.1.1

VXLAN
* i [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
* i [3]:[20]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
*> [3]:[20]:[32,2.2.2.2]
2.2.2.2 0 100 32768 i -------
--- VXLAN
* i [3]:[20]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3
VXLAN

RD[3.3.3.3:11]
*>i [3]:[10]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3
VXLAN

RD[3.3.3.3:21]
*>i [3]:[20]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3
VXLAN

Total number of prefixes 21

VTEP3
VTEP3# show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
10 VNI-RED L2 NW ---- ---- ---- ----
3.3.3.3 2.2.2.2
10 VNI-RED L2 NW ---- ---- ---- ----
3.3.3.3 1.1.1.1
10 VNI-RED -- AC xe48 --- Single Homed Port --- 1001 ----
---- ----
10 VNI-RED -- AC xe48 --- Single Homed Port --- 1002 ----
---- ----
20 VNI-BLUE L2 NW ---- ---- ---- ----
3.3.3.3 2.2.2.2
20 VNI-BLUE L2 NW ---- ---- ---- ----
3.3.3.3 1.1.1.1
20 VNI-BLUE -- AC xe48 --- Single Homed Port --- 3001 ----
---- ----

© 2024 IP Infusion Inc. Proprietary 97

VXLAN Multi-homing Configuration

Total number of entries are 7

VTEP3#show nvo vxlan access-if brief

Inner Admin Link

Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
xe48 1002 --- 500001 10 up up
xe48 1001 --- 500000 10 up up
xe48 3001 --- 500002 20 up up

Total number of entries are 3

VTEP3#show bgp l2vpn evpn summary

BGP router identifier 3.3.3.3, local AS number 500
BGP table version is 4
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
1.1.1.1 4 500 177 173 3 0 0 01:11:49
6 3 0 2 1 0
2.2.2.2 4 500 177 171 2 0 0 01:11:59
6 3 0 2 1 0

Total number of neighbors 2

Total number of Established sessions 2

VTEP3#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
3.3.3.3 2.2.2.2 Installed 01:12:10 01:12:10
3.3.3.3 1.1.1.1 Installed 01:12:00 01:12:00

Total number of entries are 2

VTEP3#show bgp l2vpn evpn multihoming es-route

RD[1.1.1.1:1]
ESI PE IP-Address Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 1.1.1.1 1.1.1.1 VXLAN

RD[2.2.2.2:1]
ESI PE IP-Address Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 2.2.2.2 2.2.2.2 VXLAN

VTEP3#show bgp l2vpn evpn multihoming ethernet-ad-per-es

© 2024 IP Infusion Inc. Proprietary 98

VXLAN Multi-homing Configuration

RD[1.1.1.1:1]
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 4294967295 0 1.1.1.1 VXLAN

RD[2.2.2.2:1]
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 4294967295 0 2.2.2.2 VXLAN

RD[3.3.3.3:11] VRF[VRF1]:
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 4294967295 0 2.2.2.2 VXLAN
00:00:00:00:00:11:11:00:00:00 4294967295 0 1.1.1.1 VXLAN

RD[3.3.3.3:21] VRF[VRF2]:
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 4294967295 0 2.2.2.2 VXLAN
00:00:00:00:00:11:11:00:00:00 4294967295 0 1.1.1.1 VXLAN

VTEP3#show bgp l2vpn evpn multihoming ethernet-ad-per-evi

RD[1.1.1.1:11]
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 10 10 1.1.1.1 VXLAN

RD[1.1.1.1:21]
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 20 20 1.1.1.1 VXLAN

RD[2.2.2.2:11]
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 10 10 2.2.2.2 VXLAN

RD[2.2.2.2:21]
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 20 20 2.2.2.2 VXLAN

RD[3.3.3.3:11] VRF[VRF1]:
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 10 10 2.2.2.2 VXLAN
00:00:00:00:00:11:11:00:00:00 10 10 1.1.1.1 VXLAN

RD[3.3.3.3:21] VRF[VRF2]:
ESI Eth-Tag VNID/LABEL Nexthop IP Encap
00:00:00:00:00:11:11:00:00:00 20 20 2.2.2.2 VXLAN
00:00:00:00:00:11:11:00:00:00 20 20 1.1.1.1 VXLAN

VTEP3#show bgp l2vpn evpn

BGP table version is 4, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

© 2024 IP Infusion Inc. Proprietary 99

VXLAN Multi-homing Configuration

l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[1.1.1.1:1]
*>i [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
*>i [4]:[00:00:00:00:00:11:11:00:00:00]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN

RD[1.1.1.1:11]
*>i [1]:[00:00:00:00:00:11:11:00:00:00]:[10]:[10]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
*>i [3]:[10]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN

RD[1.1.1.1:21]
*>i [1]:[00:00:00:00:00:11:11:00:00:00]:[20]:[20]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
*>i [3]:[20]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN

RD[2.2.2.2:1]
*>i [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
*>i [4]:[00:00:00:00:00:11:11:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN

RD[2.2.2.2:11]
*>i [1]:[00:00:00:00:00:11:11:00:00:00]:[10]:[10]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
*>i [3]:[10]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN

© 2024 IP Infusion Inc. Proprietary 100

VXLAN Multi-homing Configuration

RD[2.2.2.2:21]
*>i [1]:[00:00:00:00:00:11:11:00:00:00]:[20]:[20]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
*>i [3]:[20]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN

RD[3.3.3.3:11] VRF[VRF1]:
* i [1]:[00:00:00:00:00:11:11:00:00:00]:[10]:[10]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
* i [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
* i [3]:[10]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
* i [3]:[10]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
*> [3]:[10]:[32,3.3.3.3]
3.3.3.3 0 100 32768 i -------
--- VXLAN

RD[3.3.3.3:21] VRF[VRF2]:
* i [1]:[00:00:00:00:00:11:11:00:00:00]:[20]:[20]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
* i [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
* i [3]:[20]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1
VXLAN
* i [3]:[20]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2
VXLAN
*> [3]:[20]:[32,3.3.3.3]
3.3.3.3 0 100 32768 i -------
--- VXLAN

Total number of prefixes 22

© 2024 IP Infusion Inc. Proprietary 101

VXLAN Multi-homing Configuration

Static MAC-IP advertise through Single Home and Multihomed VTEPs

Advertise static MAC IPv4 from MH1 and SH3.
MH1-VTEPs: VTEP1 & VTEP2- same MAC should be configured on both VTEPs under po access-port, configs should
be symmetric between MH VTEPs
SH3-VTEP: VTEP3

VTEP1(MH1)
#configure terminal Enter Configure mode.
(config)# nvo vxlan access-if port-vlan po1 Enter into VxLAN MH po1 access-port with VLAN 1001
1001
(config-nvo-acc-if)#mac 0000.1111.1001 ip Configure static MAC IP
11.11.10.1
(config-nvo-acc-if)#exit Exit from VxLAN access-port config mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#exit Exit from configuration mode

VTEP2(MH1)
#configure terminal Enter Configure mode.
(config)#nvo vxlan access-if port-vlan po1 Enter into VxLAN MH po1 access-port with vlan 1001
1001
(config-nvo-acc-if)# mac 0000.1111.1001 ip Configure static MAC IP
11.11.10.1
(config-nvo-acc-if)#exit Exit from VxLAN access-port config mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#exit Exit from configuration mode

VTEP3(SH)
#configure terminal Enter Configure mode.
(config)# nvo vxlan access-if port-vlan xe48 Enter into single-homed access-port - xe48 with VLAN 1001
1001
(config-nvo-acc-if)#mac 0000.3333.1001 ip Configure static MAC IP
11.11.10.2
(config-nvo-acc-if)#exit Exit from VxLAN access-port config mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#exit Exit from configuration mode

© 2024 IP Infusion Inc. Proprietary 102

VXLAN Multi-homing Configuration

Validation
Verify MAC-table in MH VTEPs and Single Home VTEP, MAC will be advertised through ESI value which is advertised
from VTEP1 and VTEP2 and VTEP IP from SH VTEP VTEP3.
Verify ARP-cache table in all VTEPs, VTEP1 and VTEP2 will learn VTEP3 IP.
Any ARP request comes for 11.11.10.2, VTEP1/VTEP2 will do proxy-ARP.

VTEP1
VTEP1#show nvo vxlan mac-table
=======================================================================================
=====================================
VXLAN MAC Entries
=======================================================================================
=====================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
___________________________________________________

10 po1 1001 ---- 0000.1111.1001 00:00:00:00:00:11:11:00:00:00

Static Local ------- -------
10 ---- ---- ---- 0000.3333.1001 3.3.3.3
Static Remote ------- -------

Total number of entries are : 2

VTEP1#show nvo vxlan arp-cache

VTEP2
VTEP2#show nvo vxlan mac-table
=======================================================================================
=====================================
VXLAN MAC Entries
=======================================================================================
=====================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
_____________________________________

10 po1 1001 ---- 0000.1111.1001 00:00:00:00:00:11:11:00:00:00

Static Local ------- -------

© 2024 IP Infusion Inc. Proprietary 103

VXLAN Multi-homing Configuration

10 ---- ---- ---- 0000.3333.1001 3.3.3.3

Static Remote ------- -------

Total number of entries are : 2

VTEP2#show nvo vxlan arp-cache

VTEP3
VTEP3#show nvo vxlan mac-table
=======================================================================================
=====================================
VXLAN MAC Entries
=======================================================================================
=====================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
_____________________________________

10 ---- 1001 ---- 0000.1111.1001 00:00:00:00:00:11:11:00:00:00

Static Remote ------- -------
10 xe48 1001 ---- 0000.3333.1001 3.3.3.3
Static Local ------- -------

Total number of entries are : 2

VTEP3#show nvo vxlan arp-cache

Dynamic MAC advertise through Single Home and Multihomed VTEPs

Advertise 2 MAC's through CE1 connected IXIA, dynamic MAC entries and verify MAC-table in all VTEPs.
One MAC will be dynamic local in VTEP1 and same will be remote in VTEP2 and other be dynamic local in VTEP2 and
same will be remote in VTEP1.
Both MAC's will be in remote in VTEP3.

© 2024 IP Infusion Inc. Proprietary 104

VXLAN Multi-homing Configuration

10 po1 1001 ---- 0000.1111.1002 00:00:00:00:00:11:11:00:00:00

Dynamic Local ------- -------
10 ---- 1002 ---- 0000.1111.1003 00:00:00:00:00:11:11:00:00:00
Dynamic Remote ------- -------

Total number of entries are : 2

VTEP1#show nvo vxlan arp-cache

VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
10 21.21.21.1 0000.1111.1002 Dynamic Local ----
10 31.1.31.1 0000.1111.1003 Dynamic Remote ----
Total number of entries are 2

10 ---- 1001 ---- 0000.1111.1002 00:00:00:00:00:11:11:00:00:00

Dynamic Remote ------- -------
10 po1 1002 ---- 0000.1111.1003 00:00:00:00:00:11:11:00:00:00
Dynamic Local ------- -------

Total number of entries are : 2

VTEP2#show nvo vxla arp-cache

VXLAN ARP-CACHE Information
===========================

© 2024 IP Infusion Inc. Proprietary 105

VXLAN Multi-homing Configuration

VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left

____________________________________________________________________________
10 21.21.21.1 0000.1111.1002 Dynamic Remote ----
10 31.1.31.1 0000.1111.1003 Dynamic Local ----
Total number of entries are 2

VTEP3

VTEP3#show nvo vxlan mac-table

=======================================================================================
===================================================
VXLAN MAC Entries
=======================================================================================
===================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
___________________________________________________

10 ---- 1001 ---- 0000.1111.1002 00:00:00:00:00:11:11:00:00:00

Dynamic Remote ------- -------
10 ---- 1002 ---- 0000.1111.1003 00:00:00:00:00:11:11:00:00:00
Dynamic Remote ------- -------

Total number of entries are : 2

VTEP3#show nvo vxlan arp-cache

VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
10 21.21.21.1 0000.1111.1002 Dynamic Remote ----
10 31.1.31.1 0000.1111.1003 Dynamic Remote ----
Total number of entries are 2

Note: When VTEP1 tunnel goes down, then traffic from VTEP3 will use VTEP2 for forwarding. But Traffic from Switch
to VTEP1 will be lost in VTEP1 itself.

When DUT is rebooted, access-if will be in hold down state until ESI hold timer value expiry. After ESI hold
timer expiry, access-if port will be up and started learning.

MAC Hold timer will not be applicable on ESI interface, because of mass-withdraw requirement.

A CE can connect to maximum two nodes for multihoming, more than two nodes in a multihoming group is not
supported.

All configuration (shutdown, disable learning, disable arp/nd cache, disable arp/nd flood, map vnid, qos
profiles, encapsulation) on a multihomed access port should be same on both VTEPs sharing the ESI for
multihoming functionalities to work properly.

Multiple ESI values are supported on same VTEP.

© 2024 IP Infusion Inc. Proprietary 106

VXLAN Multi-homing Configuration

© 2024 IP Infusion Inc. Proprietary 107

VXLAN Hybrid Access Port Configuration

CHAPTER 3 VXLAN Hybrid Access Port Configuration

This chapter shows how to configure a hybrid access port which is a Layer 2 Port (configured switchport) that is part of
both a VXLAN domain and a Layer 2 bridge with different VLANs.

Overview
A hybrid VXLAN access port is a Layer 2 port that is part of regular Layer 2 bridge (RSTP/MSTP/STP) and a VXLAN
bridge. The mapping between Layer 2 bridging and VxLAN untagged and tagged access interface is supported on the
same Layer 2 switch port interface. The same VLAN cannot be a part of both a VXLAN domain and a Layer 2 bridge.
If a port is created with “all” VLANS, then the port should not allow VXLAN access-port configurations. If a VXLAN with
a specific VLAN is mapped, then configuring VLAN “all” on the same port does not allow that specified VLAN in a Layer
2 bridge. If the VXLAN access-port configurations are removed, then the specified VLAN is added immediately in a
Layer 2 bridge.
Ingress traffic with a VXLAN VLAN does not receive Layer 2 traffic or vice-versa. STP states on the Port P1 do not
affect VXLAN traffic.

Topology

RTR1/VTEP1

#configure terminal Enter configure mode.

(config)#interface lo Enter interface mode for loopback.
(config-if)#ip address 10.10.10.10/32 Assign secondary IP address.
secondary
(config-if)#exit Exit interface mode.
(config)#mac vrf vrf12345 Create mac routing/forwarding instance with vrf12345 name
and enter VRF mode.
(config-vrf)#rd 1.1.1.1:1 Assign Rd value.
(config-vrf)#route-target both Assign route-target both value.
10.10.10.10:10
(config-vrf)#exit Exit VRF configuration mode.
(config)#bridge 32 protocol ieee vlan-bridge Configure the ieee vlan-bridge with Id 32.

© 2024 IP Infusion Inc. Proprietary 108

VXLAN Hybrid Access Port Configuration

(config)#vlan 2-5 bridge 32 Configure the vlans 2-5 for the configured bridge Id 32.
(config)#interface ce25/1 Enter interface mode for ce25/1.
(config-if)#ip address 20.20.20.0/31 Assign IP address 20.20.20.0 in /31 mask.
(config-if)#exit Exit interface mode.
(config)#interface ce25/2 Enter interface mode for ce25/2.
(config-if)#switchport Make it L2 interface.
(config-if)#bridge-group 32 Associate the bridge-group 32 to the interface.
(config-if)#switchport mode hybrid Configure the Hybrid mode.
(config-if)# switchport hybrid allowed vlan Configure hybrid allowed vlan add 4 to support the created
add 4 egress-tagged enable vlan in the L2 Bridge.
(config-if)#exit Exit interface mode.
(config)#interface ce31/1 Enter interface mode for ce31/1.
(config-if)#switchport Make it L2 interface.
(config-if)#bridge-group 32 Associate the bridge-group 32 to the interface.
(config-if)#switchport mode hybrid Configure the Hybrid mode.
(config-if)# switchport hybrid allowed vlan Configure hybrid allowed vlan add 4 to support the created
add 4 egress-tagged enable vlan in the L2 Bridge.
(config-if)#exit Exit interface mode.
(config)#router bgp 64512 Enter BGP router mode.
(config-router)# bgp router-id 1.1.1.1 Assign BGP router ID
(config-router)#neighbor 20.20.20.1 remote- Specify a neighbor router with peer ip address and remote-as
as 64513 defined.
(config-router)#address-family l2vpn evpn Enter l2vpn address family mode.
(config-router-af)#neighbor 20.20.20.1 Activate the peer into address family mode.
activate
(config-router)#address-family ipv4 unicast Enter into ipv4 unicast address family
(config-router-af)#network 10.10.10.10/32 Advertise loopback network into BGP for VTEP ID reachability
(config-router-af)#exit-address-family Exit ipv4 unicast address family mode
(config-router-af)#exit-address-family Exit l2vpn address family mode.
(config-router)#exit Exit BGP router mode.
(config)#nvo vxlan enable Enable Vxlan.
(config)#nvo vxlan vtep-ip-global Configure the source Vtep-ip.
10.10.10.10
(config)#nvo vxlan id 16777215 ingress- Configure Vxlan Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter Vxlan tenant mode.
(config-nvo)#vxlan host-reachability- Assign VRF for evpn-bgp to carry evpn route.
protocol evpn-bgp vrf12345
(config-nvo)#exit Exit Vxlan tenant mode.
(config)#nvo vxlan access-if port-vlan ce31/ Enable port-vlan mapping i.e. access port to outer-vlan
1 3 (SVLAN) mapping.
(config-nvo-acc-if)#map vnid 16777215 Map Vxlan Identifier to access-port.
(config-nvo-acc-if)#exit Exit Vxlan access-interface mode.
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 109

VXLAN Hybrid Access Port Configuration

RTR2

#configure terminal Enter configure mode.

(config)#bridge 32 protocol ieee vlan-bridge Configure the ieee vlan-bridge with Id 32.
(config)#vlan 2-5 bridge 32 Configure the vlans 2-5 for the configured bridge Id 32.
(config)#interface xe17 Enter interface mode for xe17.
(config-if)#ip address 20.20.20.1/31 Assign IP address 20.20.20.1 in /31 mask.
(config-if)#exit Exit interface mode.
(config)#interface xe18 Enter interface mode for xe18.
(config-if)#switchport Make it L2 interface .
(config-if)#bridge-group 32 Associate the bridge-group 32 to the interface.
(config-if)#switchport mode hybrid Configure the Hybrid mode.
(config-if)#switchport hybrid allowed vlan Configure hybrid allowed vlan add 4 to support the created
add 4 egress-tagged enable vlan in the L2 Bridge.
(config-if)#exit Exit interface mode.
(config)#interface xe33 Enter interface mode for xe33.
(config-if)#ip address 30.30.30.0/31 Assign IP address 30.30.30.0 in /31 mask.
(config-if)#exit Exit interface mode.
(config)#interface xe34 Enter interface mode for xe34.
(config-if)#switchport Make it L2 interface.
(config-if)#bridge-group 32 Associate the bridge-group 32 to the interface.
(config-if)#switchport mode hybrid Configure the Hybrid mode.
(config-if)#switchport hybrid allowed vlan Configure hybrid allowed vlan add 4 to support the created
add 4 egress-tagged enable vlan in the L2 Bridge.
(config-if)#exit Exit interface mode.
(config)#router bgp 64513 Enter BGP router mode.
(config-router)#bgp router-id 2.2.2.2 Assign BGP router ID
(config-router)#neighbor 20.20.20.0 remote- Specify a neighbor router with peer ip address and remote-as
as 64512 defined.
(config-router)#neighbor 30.30.30.1 remote- Specify a neighbor router with peer ip address and remote-as
as 64514 defined.
(config-router)#address-family l2vpn evpn Enter l2vpn address family mode.
(config-router-af)#neighbor 20.20.20.0 Activate the peer into address family mode.
activate
(config-router-af)#neighbor 30.30.30.1 Activate the peer into address family mode.
activate
(config-router-af)#exit-address-family Exit l2vpn address family mode.
(config-router)#exit Exit BGP router mode.
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 110

VXLAN Hybrid Access Port Configuration

RTR3/VTEP2

#configure terminal Enter configure mode.

(config)#interface lo Enter interface mode for loopback.
(config-if)#ip address 40.40.40.40/32 Assign secondary IP address.
secondary
(config-if)#exit Exit interface mode.
(config)#mac vrf vrf12345 Create mac routing/forwarding instance with vrf12345 name
and enter VRF mode.
(config-vrf)#rd 2.2.2.2:2 Assign Rd value.
(config-vrf)#route-target both Assign route-target both value.
10.10.10.10:10
(config-vrf)#exit Exit VRF configuration mode.
(config)#bridge 32 protocol ieee vlan-bridge Configure the ieee vlan-bridge with Id 32.
(config)#vlan 2-5 bridge 32 Configure the vlans 2-5 for the configured bridge Id 32.
(config)#interface xe 49/1 Enter interface mode for xe49/1.
(config-if)#ip address 30.30.30.1/31 Assign Ip address 30.30.30.1 in /31 mask.
(config-if)#exit Exit interface mode.
(config)#interface xe49/2 Enter interface mode for xe49/2.
(config-if)#switchport Make it L2 interface .
(config-if)#bridge-group 32 Associate the bridge-group 32 to the interface.
(config-if)#switchport mode hybrid Configure the Hybrid mode.
(config-if)#switchport hybrid allowed vlan Configure hybrid allowed vlan add 4 to support the created
add 4 egress-tagged enable vlan in the L2 Bridge.
(config-if)#exit Exit interface mode.
(config)#interface xe1 Enter interface mode for xe1.
(config-if)#switchport Make it L2 interface .
(config-if)#bridge-group 32 Associate the bridge-group 32 to the interface.
(config-if)#switchport mode hybrid Configure the Hybrid mode.
(config-if)#switchport hybrid allowed vlan Configure hybrid allowed vlan add 4 to support the created
add 4 egress-tagged enable vlan in the L2 Bridge.
(config-if)#exit Exit interface mode.
(config)#router bgp 64514 Enter BGP router mode.
(config-router)# bgp router-id 3.3.3.3 Assign BGP router ID
(config-router)#neighbor 30.30.30.0 remote- Specify a neighbor router with peer IP address and remote-as
as 64513 defined.
(config-router)#address-family ipv4 unicast Enter into ipv4 unicast address family
(config-router-af)#network 40.40.40.40/32 Advertise loopback network into BGP for VTEP ID reachability
(config-router-af)#exit-address-family Exit ipv4 unicast address family mode
(config-router)#address-family l2vpn evpn Enter l2vpn address family mode.
(config-router-af)#neighbor 30.30.30.0 Activate the peer into address family mode.
activate
(config-router-af)#exit-address-family Exit l2vpn address family mode.
(config-router)#exit Exit BGP router mode.

© 2024 IP Infusion Inc. Proprietary 111

VXLAN Hybrid Access Port Configuration

(config)#nvo vxlan enable Enable Vxlan.

(config)#nvo vxlan vtep-ip-global Configure the source Vtep-ip.
40.40.40.40
(config)#nvo vxlan id 16777215 ingress- Configure Vxlan Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter Vxlan tenant mode.
(config-nvo)#vxlan host-reachability- Assign VRF for evpn-bgp to carry evpn route.
protocol evpn-bgp vrf12345
(config-nvo)#exit Exit Vxlan tenant mode.
(config)#nvo vxlan access-if port-vlan xe1 3 Enable port-vlan mapping i.e. access port to outer-vlan
(SVLAN) mapping.
(config-nvo-acc-if)#map vnid 16777215 Map Vxlan Identifier to access-port.
(config-nvo-acc-if)#exit Exit Vxlan access-interface mode.
(config)#commit Commit the candidate configuration to the running
configuration

Validation
VTEP1
#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 10.10.10.10
!
nvo vxlan id 16777215 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf12345
!
nvo vxlan access-if port-vlan ce31/1 3
map vnid 16777215
!

VTEP1#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Status Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
16777215 ---- L2 NW ---- ------ ---- --
-- 10.10.10.10 40.40.40.40
16777215 ---- -- AC ce31/1 --- Single Homed Port --- 3 -
--- ---- ----
Total number of entries are 2

© 2024 IP Infusion Inc. Proprietary 112

VXLAN Hybrid Access Port Configuration

VTEP1#show nvo vxlan vnid 16777215

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Status Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
16777215 ---- L2 NW ---- ------ ---- --
-- 10.10.10.10 40.40.40.40
16777215 ---- -- AC ce31/1 --- Single Homed Port --- 3 -
--- ---- ----
Total number of entries are 2!

VTEP1#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

C 10.10.10.10/32 is directly connected, lo, 01:15:55
C 20.20.20.0/31 is directly connected, xe10/1, 01:07:53
B 40.40.40.40/32 [20/0] via 20.20.20.1, xe10/1, 00:42:54
C 127.0.0.0/8 is directly connected, lo, 1d05h02m

Gateway of last resort is not set

VTEP1#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
================================================================================
33.33.33.0 34.34.34.0 Installed 00:26:27 00:26:27
Total number of entries are 1

VTEP1#show bgp l2vpn evpn summary

BGP router identifier 10.10.10.2, local AS number 64512
BGP table version is 10
2 BGP AS-PATH entries
0 BGP community entries

© 2024 IP Infusion Inc. Proprietary 113

VXLAN Hybrid Access Port Configuration

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
20.20.20.1 4 64513 108 109 10 0 0 00:48:14
3 0 2 1 0 0

Total number of neighbors 1

Total number of Established sessions 1

VTEP1#show bgp l2vpn evpn

BGP table version is 4, local router ID is 10.10.10.10
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[1.1.1.1:1] VRF[vrf12345]:
* [2]:[0]:[16777215]:[48,0000.0744.4433]:[0]:[16777215]
40.40.40.40 0 100 0 64513 64514
i 20.20.20.1 VXLAN
*> [2]:[0]:[16777215]:[48,0000.2222.2222]:[0]:[16777215]
10.10.10.10 0 100 32768 i --------
-- VXLAN
*> [3]:[16777215]:[32,10.10.10.10]
10.10.10.10 0 100 32768 i --------
-- VXLAN
* [3]:[16777215]:[32,40.40.40.40]
40.40.40.40 0 100 0 64513 64514
i 20.20.20.1 VXLAN

RD[2.2.2.2:2]
*> [2]:[0]:[16777215]:[48,0000.0744.4433]:[0]:[16777215]
40.40.40.40 0 100 0 64513 64514
i 20.20.20.1 VXLAN
*> [3]:[16777215]:[32,40.40.40.40]
40.40.40.40 0 100 0 64513 64514
i 20.20.20.1 VXLAN

Total number of prefixes 6

VTEP1#show nvo vxlan mac-table

=======================================================================================
==============================================================
VXLAN MAC Entries

© 2024 IP Infusion Inc. Proprietary 114

VXLAN Hybrid Access Port Configuration

=======================================================================================
==============================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
______________________________________________________________

16777215 ce31/1 3 ---- 0000.2222.2222 10.10.10.10

Dynamic Local ------- -------
16777215 ---- ---- ---- 0000.0744.4433 40.40.40.40
Dynamic Remote ------- -------

Total number of entries are : 2

VTEP1#show nvo vxlan arp-cache

VTEP1#show vlan brief

Bridge VLAN ID Name State H/W Status Member ports
(u)-Untagged, (t)-Tagged
======= ======= ================ ======= ========== ==========================
32 1 default ACTIVE Success ce25/2(u) ce31/1(u)
32 2 VLAN0002 ACTIVE Success
32 3 VLAN0003 ACTIVE Success
32 4 VLAN0004 ACTIVE Success ce25/2(t) ce31/1(t)
32 5 VLAN0005 ACTIVE Success

RTR2
RTR2#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

B 10.10.10.10/32 [20/0] via 20.20.20.0, xe17, 00:29:48
C 20.20.20.0/31 is directly connected, xe17, 02:33:29
C 30.30.30.0/31 is directly connected, xe33, 02:31:56
B 40.40.40.40/32 [20/0] via 30.30.30.1, xe33, 02:23:26
C 127.0.0.0/8 is directly connected, lo, 21:17:41

Gateway of last resort is not set

© 2024 IP Infusion Inc. Proprietary 115

VXLAN Hybrid Access Port Configuration

RTR2#show bgp l2vpn evpn summary

BGP router identifier 11.11.11.1, local AS number 64513
BGP table version is 10
2 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
20.20.20.0 4 64512 111 112 10 0 0 00:49:36
3 0 2 1 0 0
30.30.30.1 4 64514 101 103 10 0 0 00:45:10
3 0 2 1 0 0

Total number of neighbors 2

Total number of Established sessions 2

#show nvo vxlan vnid 16777215

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Status Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
16777215 ---- L2 NW ---- ------ ---- --
-- 40.40.40.40 10.10.10.10
16777215 ---- -- AC xe1 --- Single Homed Port --- 3 ----
---- ----
Total number of entries are 2

RTR2#show vlan brief

Bridge VLAN ID Name State H/W Status Member ports
(u)-Untagged, (t)-Tagged
======= ======= ================ ======= ========== ==========================
32 1 default ACTIVE Success ce10/2(u) ce11/2(u)
32 2 VLAN0002 ACTIVE Success
32 3 VLAN0003 ACTIVE Success
32 4 VLAN0004 ACTIVE Success ce10/2(t) ce11/2(t)
32 5 VLAN0005 ACTIVE Success

VTEP2
#show running-config nvo vxlan
!

© 2024 IP Infusion Inc. Proprietary 116

VXLAN Hybrid Access Port Configuration

nvo vxlan enable

!
nvo vxlan vtep-ip-global 40.40.40.40
!
nvo vxlan id 16777215 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf12345
!
nvo vxlan access-if port-vlan xe1 3
no shutdown
map vnid 16777215
!

VTEP2#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VTEP2#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

B 10.10.10.10/32 [20/0] via 30.30.30.0, xe11/1, 00:27:32
C 30.30.30.0/31 is directly connected, xe11/1, 00:30:00
C 40.40.40.40/32 is directly connected, lo, 00:31:00
C 127.0.0.0/8 is directly connected, lo, 06:25:00

Gateway of last resort is not set

VTEP2#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================

© 2024 IP Infusion Inc. Proprietary 117

VXLAN Hybrid Access Port Configuration

40.40.40.40 10.10.10.10 Installed 00:14:40 00:14:40

Total number of entries are 1

VTEP2#show bgp l2vpn evpn summary

BGP router identifier 33.33.33.33, local AS number 64514
BGP table version is 8
2 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
30.30.30.0 4 64513 267 270 8 0 0 02:09:07
2 0 1 1 0 0

Total number of neighbors 1

Total number of Established sessions 1

VTEP2#show nvo vxlan access-if-config

nvo vxlan access-if port-vlan xe1/1 3
no shutdown
map vnid 16777215
!

VTEP2#show bgp l2vpn evpn

BGP table version is 8, local router ID is 40.40.40.40
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[1.1.1.1:1]
*> [2]:[0]:[16777215]:[48,0000.2222.2222]:[0]:[16777215]
10.10.10.10 0 100 0 64513 64512
i 30.30.30.0 VXLAN
*> [3]:[16777215]:[32,10.10.10.10]
10.10.10.10 0 100 0 64513 64512
i 30.30.30.0 VXLAN

RD[2.2.2.2:2] VRF[vrf12345]:
*> [2]:[0]:[16777215]:[48,0000.0744.4433]:[0]:[16777215]

© 2024 IP Infusion Inc. Proprietary 118

VXLAN Hybrid Access Port Configuration

40.40.40.40 0 100 32768 i --------

-- VXLAN
* [2]:[0]:[16777215]:[48,0000.2222.2222]:[0]:[16777215]
10.10.10.10 0 100 0 64513 64512
i 30.30.30.0 VXLAN
* [3]:[16777215]:[32,10.10.10.10]
10.10.10.10 0 100 0 64513 64512
i 30.30.30.0 VXLAN
*> [3]:[16777215]:[32,40.40.40.40]
40.40.40.40 0 100 32768 i --------
-- VXLAN

Total number of prefixes 6

VTEP2#show nvo vxlan mac-table

=======================================================================================
==============================================================
VXLAN MAC Entries
=======================================================================================
==============================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
______________________________________________________________

16777215 ---- ---- ---- 0000.2222.2222 10.10.10.10

Dynamic Remote ------- -------
16777215 xe1 3 ---- 0000.0744.4433 40.40.40.40
Dynamic Local ------- -------

Total number of entries are : 2

VTEP2#show vlan brief

Bridge VLAN ID Name State H/W Status Member ports
(u)-Untagged, (t)-Tagged
======= ======= ================ ======= ========== ==========================
32 1 default ACTIVE Success xe1(u) xe49/2(u)
32 2 VLAN0002 ACTIVE Success
32 3 VLAN0003 ACTIVE Success
32 4 VLAN0004 ACTIVE Success xe1(t) xe49/2(t)
32 5 VLAN0005 ACTIVE Success

VTEP2#

© 2024 IP Infusion Inc. Proprietary 119

VXLAN Trunk Access Port

CHAPTER 4 VXLAN Trunk Access Port

In VxLAN, most of the use cases demand to carry the complete traffic received on the access interface to another
VTEP access-port. Hence, this support of accepting all tagged and untagged traffic received on the mapped physical
port.

Topology
The configurations used in this section use the topology in Figure 4-8.

Figure 4-8: VXLAN Trunk Access Port

Base Configuration - L2 VXLAN

VTEP1
Hardware profile and generic configuration:

#configure terminal Enter Configure mode.

(config)#qos enable Enable qos
(config)#commit Committing the configurations

Interface and loopback configuration:

(config)#interface xe7 Enter Interface mode for xe7

(config-if)#switchport Make it L2 interface
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe8 Enter Interface mode for xe8
(config-if)#ip add 10.10.10.1/24 Configuring the ip address in the network side
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 1.1.1.1/32 secondary Configure loopback ip address as 1.1.1.1 for VTEP1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Committing the interface configurations

© 2024 IP Infusion Inc. Proprietary 120

VXLAN Trunk Access Port

OSPF configuration:

(config)#router ospf 1 Enter into router OSPF mode

(config-router)#ospf router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo ip address)
(config-router)#network 1.1.1.1/32 area Add 1.1.1.1 (lo ip address) network into area 0
0.0.0.0
(config-router)#network 10.10.10.0/24 area Add 10.10.10.0(Spine) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-router)#exit Exit Interface mode and return to Configure mode.
(config)#commit Committing the ospf configurations

BGP configuration:

(config)#router bgp 1 Enter into Router BGP mode

(config-router)#bgp router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo ip address)
(config-router)#neighbor 2.2.2.2 remote-as 1 Specify a VTEP2 loopback ip address and remote-as defined
(config-router)#neighbor 2.2.2.2 update- Configure update as loopback for VTEP2
source lo
(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP2
(config-router)#address-family l2vpn evpn Enter into l2vpn EVPN address family mode
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2(VTEP2) into l2vpn evpn address family mode
(config-router-af)#exit-address-family Exit from l2vpn address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Committing the bgp configurations

L2 MAC VRF Configuration:

(config)#mac vrf L2VRF1 Create mac routing/forwarding instance with L2VRF1 name
and enter into vrf mode
(config-vrf)#rd 1.1.1.1:1 Assign RD value
(config-vrf)#route-target both 1:1 Assign route-target value for same for import and export.
Should be same on all node for L2VRF1
(config-vrf)#exit Exit from vrf mode
(config)#commit Committing the vrf configurations

L2 VXLAN configuration:

(config)#nvo vxlan enable Enable VXLAN

(config)#nvo vxlan vtep-ip-global 1.1.1.1 Configure Source vtep-ip-global configuration - Use loopback
ip address
(config)#nvo vxlan id 100 ingress- Configure VXLAN Network identifier without inner-vid-
replication disabled configured for vxlan trunk access port and enter into
VXLAN tenant mode

© 2024 IP Infusion Inc. Proprietary 121

VXLAN Trunk Access Port

(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route

protocol evpn-bgp L2VRF1
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#commit Committing the vxlan configurations

VTEP2
Hardware profile and generic configuration:

#configure terminal Enter Configure mode.

(config)#qos enable Enable qos
(config)#commit Committing the configurations

Interface and loopback configuration:

(config)#interface xe23 Enter Interface mode for xe23

(config-if)#switchport Make it L2 interface
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe14 Enter Interface mode for xe14
(config-if)#ip add 20.20.20.1/24 Configuring the ip address in the network side
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 2.2.2.2/32 secondary Configure loopback ip address as 2.2.2.2 for VTEP2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Committing the interface configurations

OSPF configuration:

(config)#router ospf 1 Enter into router OSPF mode

(config-router)#ospf router-id 2.2.2.2 Configure router-id as 2.2.2.2 (lo ip address)
(config-router)#network 2.2.2.2/32 area Add 2.2.2.2 (lo ip address) network into area 0
0.0.0.0
(config-router)#network 20.20.20.0/24 area Add 20.20.20.0(Spine) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-router)#exit Exit Interface mode and return to Configure mode.
(config)#commit Committing the ospf configurations

BGP configuration:

(config)#router bgp 1 Enter into Router BGP mode

(config-router)#bgp router-id 2.2.2.2 Configure router-id as 2.2.2.2 (lo ip address)
(config-router)#neighbor 1.1.1.1 remote-as 1 Specify a VTEP1 loopback ip address and remote-as defined

© 2024 IP Infusion Inc. Proprietary 122

VXLAN Trunk Access Port

(config-router)#neighbor 1.1.1.1 update- Configure update as loopback for VTEP2

source lo
(config-router)#neighbor 1.1.1.1 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
(config-router)#address-family l2vpn evpn Enter into l2vpn EVPN address family mode
(config-router-af)#neighbor 1.1.1.1 activate Activate 1.1.1.1(VTEP1) into l2vpn evpn address family mode
(config-router-af)#exit-address-family Exit from l2vpn address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Committing the bgp configurations

L2 MAC VRF Configuration:

(config)#mac vrf L2VRF1 Create mac routing/forwarding instance with L2VRF1 name
and enter into vrf mode
(config-vrf)#rd 2.2.2.2:1 Assign RD value
(config-vrf)#route-target both 1:1 Assign route-target value for same for import and export.
Should be same on all node for L2VRF1
(config-vrf)#exit Exit from vrf mode
(config)#commit Committing the vrf configurations

L2 VXLAN configuration:

(config)#nvo vxlan enable Enable VXLAN

(config)#nvo vxlan vtep-ip-global 2.2.2.2 Configure Source vtep-ip-global configuration - Use loopback
ip address
(config)#nvo vxlan id 100 ingress- Configure VXLAN Network identifier without inner-vid-
replication disabled configured for vxlan trunk access port and enter into
VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#commit Committing the vxlan configurations

SPINE
Spine node where all VTEPs are connected.
Generic configuration:

#configure terminal Enter Configure mode.

(config)#qos enable Enabling qos
(config)#commit Committing the configuration

© 2024 IP Infusion Inc. Proprietary 123

VXLAN Trunk Access Port

Interface configuration:

(config)#interface xe8 Enter Interface mode for xe8

(config-if)#ip address 10.10.10.2/24 Configure ip address as 10.10.10.2 on network side of VTEP1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config) interface xe14 Enter into ce5/1 interface mode
(config-if)#ip address 20.20.20.2/24 Configure ip address as 20.20.20.2 on network side of VTEP2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config) commit Committing the configuration

OSPF configuration:

(config)#router ospf 1 Enter into router OSPF mode

(config-router)#ospf router-id 3.3.3.3 Configure router-id as 3.3.3.3
(config-router)#network 10.10.10.0/24 area Add 10.10.10.0 (VTEP1) network into area 0
0.0.0.0
(config-router)#network 20.20.20.0/24 area Add 20.20.20.0 (VTEP2) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)commit Committing the ospf configuration

VxLAN Trunk Access port as default

In VxLAN, most of the use cases demand to carry the complete traffic received on the access interface to another
VTEP access-port. Hence this support of accepting all tagged and untagged traffic received on the mapped physical
port.

VTEP1
(config)#nvo vxlan access-if port xe7 Configuring the vxlan access port as default to receive
default untagged, single and double tagged traffic
(config-nvo-acc-if)#map vnid 100 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)#arp-cache disable Disable arp-cache - mandatory
(config-nvo-acc-if)#nd-cache disable Disable nd-cache - mandatory
(config-nvo-acc-if)# mac 0000.1111.0001 Configure static mac-only
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#commit Committing the vxlan configuration

© 2024 IP Infusion Inc. Proprietary 124

VXLAN Trunk Access Port

VTEP2
(config)#nvo vxlan access-if port xe23 Configuring the vxlan access port as default to receive
default untagged, single and double tagged traffic
(config-nvo-acc-if)#map vnid 100 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)#arp-cache disable Disable arp-cache - mandatory
(config-nvo-acc-if)#nd-cache disable Disable nd-cache - mandatory
(config-nvo-acc-if)# mac 0000.2222.0001 Configure static mac-only
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#commit Committing the vxlan configuration

Validation

VTEP1

VTEP1#sh run nvo vxlan

!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 1.1.1.1
!
nvo vxlan id 100 ingress-replication
vxlan host-reachability-protocol evpn-bgp L2VRF1
!
nvo vxlan access-if port xe7 default
map vnid 100
arp-cache disable
nd-cache disable
mac 0000.1111.0001
!
!
VTEP1#sh nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
1.1.1.1 2.2.2.2 Installed 00:02:49 00:02:49

Total number of entries are 1

VTEP1#sh nvo vxlan mac-table
=======================================================================================
===================================================
VXLAN MAC Entries
=======================================================================================
===================================================
VNID Interface VlanId Vlan-RangeId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc

© 2024 IP Infusion Inc. Proprietary 125

VXLAN Trunk Access Port

_______________________________________________________________________________________
___________________________________________________

100 xe7 ---- ---- ---- 0000.1111.0001 1.1.1.1

Static Local ------- -------
100 ---- ---- ---- 0000.2222.0001 2.2.2.2
Static Remote ------- -------
100 xe7 ---- ---- ---- b0da.1d10.6496 1.1.1.1
Dynamic Local ------- -------

Total number of entries are : 3

VTEP1#sh nvo vxlan mac-table hardware

=======================================================================================
===================================================
VXLAN MAC Entries
=======================================================================================
===================================================
VNID Interface VlanId Vlan-RangeId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status Time-out AccessPortDesc
_______________________________________________________________________________________
__________________________________________________

100 xe7 ---- ---- 0000.1111.0001 1.1.1.1

Static Local ------- --- -------
100 --- ---- ---- 0000.2222.0001 2.2.2.2
Remote ------- --- -------
100 xe7 ---- ---- b0da.1d10.6496 1.1.1.1
Dynamic Local ------- 300 -------

Total number of entries are 3

VTEP1#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
100 ---- L2 NW ---- ---- ---- ----
1.1.1.1 2.2.2.2
100 ---- -- AC xe7 --- Single Homed Port --- ---- ----
---- ----

Total number of entries are 2

VTEP1#sh nvo vxlan route-count
VXLAN Active route count information
====================================
Max route count : 32768
Active route count: 3

© 2024 IP Infusion Inc. Proprietary 126

VXLAN Trunk Access Port

---------------------------------------------
VNID Total MACONLY MACIPv4 MACIPv6
---------------------------------------------
100 3 3 0 0

Total number of entries are 1

VTEP1#sh nvo vxlan access-if-config
nvo vxlan access-if port xe7 default
map vnid 100
arp-cache disable
nd-cache disable
mac 0000.1111.0001
!
VTEP1#sh nvo vxlan access-if brief

Inner Admin Link

Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
xe7 --- --- 500000 100 up up

Total number of entries are 1

VTEP1#sh bgp l2vpn evpn summary
BGP router identifier 1.1.1.1, local AS number 1
BGP table version is 2
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
2.2.2.2 4 1 15 17 2 0 0 00:04:52
2 0 1 1 0 0

Total number of neighbors 1

Total number of Established sessions 1

VTEP1#sh bgp l2vpn evpn
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i -
internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

© 2024 IP Infusion Inc. Proprietary 127

VXLAN Trunk Access Port

RD[1.1.1.1:1] VRF[L2VRF1]:
*> [2]:[0]:[100]:[48,0000:1111:0001]:[0]:[100]
1.1.1.1 0 100 32768 i ----------
VXLAN
* i [2]:[0]:[100]:[48,0000:2222:0001]:[0]:[100]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[100]:[48,b0da:1d10:6496]:[0]:[100]
1.1.1.1 0 100 32768 i ----------
VXLAN
*> [3]:[100]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i ----------
VXLAN
* i [3]:[100]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[2.2.2.2:1]
*>i [2]:[0]:[100]:[48,0000:2222:0001]:[0]:[100]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [3]:[100]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

Total number of prefixes 7

VTEP1#sh nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
Total number of entries are 0
VTEP1#sh nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out
Retries-Left
_______________________________________________________________________________________
_____________
Total number of entries are 0
VTEP1#

VTEP2

VTEP2#sh run nvo vxlan

!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 2.2.2.2
!
nvo vxlan id 100 ingress-replication
vxlan host-reachability-protocol evpn-bgp L2VRF1
!

© 2024 IP Infusion Inc. Proprietary 128

VXLAN Trunk Access Port

nvo vxlan access-if port xe23 default

map vnid 100
arp-cache disable
nd-cache disable
mac 0000.2222.0001
!
!
VTEP2#sh nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
2.2.2.2 1.1.1.1 Installed 00:05:47 00:05:47

Total number of entries are 1

VTEP2#sh nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
100 ---- L2 NW ---- ---- ---- ----
2.2.2.2 1.1.1.1
100 ---- -- AC xe23 --- Single Homed Port --- ---- ----
---- ----

Total number of entries are 2

VTEP2#sh nvo vxlan mac-table
=======================================================================================
===================================================
VXLAN MAC Entries
=======================================================================================
===================================================
VNID Interface VlanId Vlan-RangeId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
___________________________________________________

100 ---- ---- ---- 0000.1111.0001 1.1.1.1

Static Remote ------- -------
100 xe23 ---- ---- ---- 0000.2222.0001 2.2.2.2
Static Local ------- -------
100 ---- ---- ---- b0da.1d10.6496 1.1.1.1
Dynamic Remote ------- -------

Total number of entries are : 3

VTEP2#sh nvo vxlan mac-table hardware

© 2024 IP Infusion Inc. Proprietary 129

VXLAN Trunk Access Port

=======================================================================================
===================================================
VXLAN MAC Entries
=======================================================================================
===================================================
VNID Interface VlanId Vlan-RangeId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status Time-out AccessPortDesc
_______________________________________________________________________________________
__________________________________________________

100 --- ---- ---- 0000.1111.0001 1.1.1.1

Remote ------- --- -------
100 xe23 ---- ---- 0000.2222.0001 2.2.2.2
Static Local ------- --- -------
100 --- ---- ---- b0da.1d10.6496 1.1.1.1
Remote ------- --- -------

Total number of entries are 3

VTEP2#sh nvo vxlan route-count
VXLAN Active route count information
====================================
Max route count : 32768
Active route count: 3

---------------------------------------------
VNID Total MACONLY MACIPv4 MACIPv6
---------------------------------------------
100 3 3 0 0

Total number of entries are 1

VTEP2#sh nvo vxlan access-if br

Inner Admin Link

Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
xe23 --- --- 500000 100 up up

Total number of entries are 1

VTEP2#sh nvo vxlan access-if-config
nvo vxlan access-if port xe23 default
map vnid 100
arp-cache disable
nd-cache disable
mac 0000.2222.0001
!
VTEP2#sh nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
Total number of entries are 0
VTEP2#sh nvo vxlan nd-cache

© 2024 IP Infusion Inc. Proprietary 130

VXLAN Trunk Access Port

VXLAN ND-CACHE Information

===========================
VNID Ip-Addr Mac-Addr Type Age-Out
Retries-Left
_______________________________________________________________________________________
_____________
Total number of entries are 0

VTEP2#
VTEP2#sh bgp l2vpn evpn summary
BGP router identifier 2.2.2.2, local AS number 1
BGP table version is 2
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
1.1.1.1 4 1 27 27 1 0 0 00:09:54
3 0 2 1 0 0

Total number of neighbors 1

Total number of Established sessions 1

VTEP2#sh bgp l2vpn evpn
BGP table version is 2, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i -
internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[1.1.1.1:1]
*>i [2]:[0]:[100]:[48,0000:1111:0001]:[0]:[100]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[100]:[48,b0da:1d10:6496]:[0]:[100]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [3]:[100]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[2.2.2.2:1] VRF[L2VRF1]:
* i [2]:[0]:[100]:[48,0000:1111:0001]:[0]:[100]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [2]:[0]:[100]:[48,0000:2222:0001]:[0]:[100]

© 2024 IP Infusion Inc. Proprietary 131

VXLAN Trunk Access Port

2.2.2.2 0 100 32768 i ----------

VXLAN
* i [2]:[0]:[100]:[48,b0da:1d10:6496]:[0]:[100]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [3]:[100]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [3]:[100]:[32,2.2.2.2]
2.2.2.2 0 100 32768 i ----------
VXLAN

Total number of prefixes 8

VTEP2#

VxLAN Trunk access port with vlan range

When access port with a specific vlan range configured, all the traffic in that specific range are accepted and forwaded.

VTEP1
(config)#nvo vxlan access-if port-vlan xe7 Configuring the vxlan access port with vlan range 2-100
2-100 where traffic in the vlan range 2-100 are accepted
(config-nvo-acc-if)#map vnid 100 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)#arp-cache disable Disable arp-cache - mandatory
(config-nvo-acc-if)#nd-cache disable Disable nd-cache - mandatory
(config-nvo-acc-if)# mac 0000.1111.0001 Configure static mac-only
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#commit Committing the vxlan configuration

VTEP2
(config)#nvo vxlan access-if port-vlan xe23 Configuring the vxlan access port with vlan range 2-100
2-100 where traffic in the vlan range 2-100 are accepted
(config-nvo-acc-if)#map vnid 100 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)#arp-cache disable Disable arp-cache - mandatory
(config-nvo-acc-if)#nd-cache disable Disable nd-cache - mandatory
(config-nvo-acc-if)# mac 0000.2222.0001 Configure static mac-only
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#commit Committing the vxlan configuration

Validations

VTEP1

VTEP1#sh run nvo vx

© 2024 IP Infusion Inc. Proprietary 132

VXLAN Trunk Access Port

!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 1.1.1.1
!
nvo vxlan id 100 ingress-replication
vxlan host-reachability-protocol evpn-bgp L2VRF1
!
nvo vxlan access-if port-vlan xe7 2-100
map vnid 100
arp-cache disable
nd-cache disable
mac 0000.1111.0001
!
!
VTEP1#
VTEP1#sh nvo vxlan tunnel summary

Total number of entries: 1 [Installed: 1, Resolved: 0, Unresolved: 0]

Total number of entries are 1

VTEP1#sh nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
1.1.1.1 2.2.2.2 Installed 00:20:10 00:20:10

Total number of entries are 1

VTEP1#sh nvo vx
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Total number of entries are 2

© 2024 IP Infusion Inc. Proprietary 133

VXLAN Trunk Access Port

VNID Interface VlanId Vlan-RangeId Inner-VlanId Mac-Addr VTEP-Ip/ESI

Type Status AccessPortDesc
_______________________________________________________________________________________
___________________________________________________

100 xe7 ----- 2-100 ---- 0000.1111.0001 1.1.1.1

Static Local ------- -------
100 ---- ---- ---- 0000.2222.0001 2.2.2.2
Static Remote ------- -------
100 xe7 ----- 2-100 ---- b0da.1d10.6496 1.1.1.1
Dynamic Local ------- -------

Total number of entries are : 3

VTEP1#sh nvo vxlan mac-table hardware

=======================================================================================
===================================================
VXLAN MAC Entries
=======================================================================================
===================================================
VNID Interface VlanId Vlan-RangeId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status Time-out AccessPortDesc
_______________________________________________________________________________________
__________________________________________________

100 xe7 ----- 2-100 ---- 0000.1111.0001 1.1.1.1

Static Local ------- --- -------
100 --- ---- ---- 0000.2222.0001 2.2.2.2
Remote ------- --- -------
100 xe7 ----- 2-100 ---- b0da.1d10.6496 1.1.1.1
Dynamic Local ------- 300 -------

Total number of entries are 3

© 2024 IP Infusion Inc. Proprietary 134

VXLAN Trunk Access Port

VTEP1#sh nvo vxlan access-if brief

Inner Admin Link

Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
xe7 2 --- 500000 100 up up

Total number of entries are 1

VTEP1#
VTEP1#sh nvo vxlan route-count
VXLAN Active route count information
====================================
Max route count : 32768
Active route count: 3

---------------------------------------------
VNID Total MACONLY MACIPv4 MACIPv6
---------------------------------------------
100 3 3 0 0

Total number of entries are 1

VTEP1#sh bgp l2vpn evpn summary
BGP router identifier 1.1.1.1, local AS number 1
BGP table version is 5
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
2.2.2.2 4 1 58 61 5 0 0 00:22:05
2 0 1 1 0 0

Total number of neighbors 1

Total number of Established sessions 1

VTEP1#sh bgp l2vpn evpn
BGP table version is 5, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i -
internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

© 2024 IP Infusion Inc. Proprietary 135

VXLAN Trunk Access Port

RD[2.2.2.2:1]
*>i [2]:[0]:[100]:[48,0000:2222:0001]:[0]:[100]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [3]:[100]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

Total number of prefixes 7

VTEP2

VTEP2#sh run nvo vxlan

!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 2.2.2.2
!
nvo vxlan id 100 ingress-replication
vxlan host-reachability-protocol evpn-bgp L2VRF1
!
nvo vxlan access-if port-vlan xe23 2-100
map vnid 100
arp-cache disable
nd-cache disable
mac 0000.2222.0001
!
!
VTEP2#sh nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
2.2.2.2 1.1.1.1 Installed 00:19:28 00:19:28

Total number of entries are 1

VTEP2#sh nvo vxlan tunnel

© 2024 IP Infusion Inc. Proprietary 136

VXLAN Trunk Access Port

VXLAN Network tunnel Entries

Source Destination Status Up/Down Update
============================================================================
2.2.2.2 1.1.1.1 Installed 00:21:06 00:21:06

Total number of entries are 1

VTEP2#sh nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
100 ---- L2 NW ---- ---- ---- ----
2.2.2.2 1.1.1.1
100 ---- -- AC xe23 --- Single Homed Port --- 2 ----
---- ----

Total number of entries are 2

100 ---- ---- ---- 0000.1111.0001 1.1.1.1

Static Remote ------- -------
100 xe23 ----- 2-100 ---- 0000.2222.0001 2.2.2.2
Static Local ------- -------
100 ---- ---- ---- b0da.1d10.6496 1.1.1.1
Dynamic Remote ------- -------

Total number of entries are : 3

VTEP2#sh nvo vxlan mac-table hardware

=======================================================================================
===================================================
VXLAN MAC Entries
=======================================================================================
===================================================
VNID Interface VlanId Vlan-RangeId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status Time-out AccessPortDesc
_______________________________________________________________________________________
__________________________________________________

© 2024 IP Infusion Inc. Proprietary 137

VXLAN Trunk Access Port

100 --- ---- ---- 0000.1111.0001 1.1.1.1

Remote ------- --- -------
100 xe23 ----- 2-100 ---- 0000.2222.0001 2.2.2.2
Static Local ------- --- -------
100 --- ---- ---- b0da.1d10.6496 1.1.1.1
Remote ------- --- -------

Total number of entries are 3

VTEP2#sh nvo vxlan route-count
VXLAN Active route count information
====================================
Max route count : 32768
Active route count: 3

---------------------------------------------
VNID Total MACONLY MACIPv4 MACIPv6
---------------------------------------------
100 3 3 0 0

Total number of entries are 1

VTEP2#sh nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
Total number of entries are 0
VTEP2#sh nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out
Retries-Left
_______________________________________________________________________________________
_____________
Total number of entries are 0
VTEP2#
VTEP2#
VTEP2#sh nvo vxlan access-if brief

Inner Admin Link

Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
xe23 2 --- 500000 100 up up

Total number of entries are 1

VTEP2#sh nvo vxlan access-if-config
nvo vxlan access-if port-vlan xe23 2-100
map vnid 100
arp-cache disable
nd-cache disable
mac 0000.2222.0001
!

© 2024 IP Infusion Inc. Proprietary 138

VXLAN Trunk Access Port

VTEP2#sh bgp l2vpn evpn summary

BGP router identifier 2.2.2.2, local AS number 1
BGP table version is 4
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
1.1.1.1 4 1 59 57 3 0 0 00:21:48
3 0 2 1 0 0

Total number of neighbors 1

Total number of Established sessions 1

VTEP2#sh bgp l2vpn evpn
BGP table version is 4, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i -
internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[2.2.2.2:1] VRF[L2VRF1]:
* i [2]:[0]:[100]:[48,0000:1111:0001]:[0]:[100]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [2]:[0]:[100]:[48,0000:2222:0001]:[0]:[100]
2.2.2.2 0 100 32768 i ----------
VXLAN
* i [2]:[0]:[100]:[48,b0da:1d10:6496]:[0]:[100]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [3]:[100]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [3]:[100]:[32,2.2.2.2]
2.2.2.2 0 100 32768 i ----------
VXLAN

© 2024 IP Infusion Inc. Proprietary 139

VXLAN Trunk Access Port

Total number of prefixes 8

VTEP2#

© 2024 IP Infusion Inc. Proprietary 140

EVPN-VXLAN Hybrid Port Support

CHAPTER 5 EVPN-VXLAN Hybrid Port Support

This chapter contains the configurations for EVPN-VXLAN Hybrid Port Support.

Overview
This feature is to map VxLAN untagged and tagged (port+vlan) access interfaces on the same parent interface
(Physical, Dynamic and Static LAG). It also supports the Bridge vlan and vxlan untagged access on the same parent
interface.

Topology
The procedures in this section use the topology in Figure 5-9

Figure 5-9: EVPN-VxLAN hybrid port

© 2024 IP Infusion Inc. Proprietary 141

EVPN-VXLAN Hybrid Port Support

VXLAN-EVPN Hybrid Port Configuration

VTEP1
Interface and Loopback Configuration

(config)#interface xe9 Enter Interface mode for xe9

(config-if)#switchport Make it L2 interface
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 1.1.1.1/32 secondary Configure loopback ip address as 1.1.1.1 for VTEP1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe8 Enter Interface mode for xe8
(config-if)#ip address 10.10.10.1/24 Configure IP address as 10.10.10.1 on network side of Spine1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe31 Enter Interface mode for xe31
(config-if)#ip address 20.20.20.1/24 Configure IP address as 20.20.20.1 on network side of Spine2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

OSPF Configuration

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo ip address)
(config-router)#network 1.1.1.1/32 area Add 1.1.1.1 (lo IP address) network into area 0
0.0.0.0
(config-router)#network 10.10.10.0/24 area Add 10.10.10.0 (Spine1) network into area 0
0.0.0.0
(config-router)#network 20.20.20.0/24 area Add 20.20.20.0 (Spine2) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling BFD on all OSPF interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 142

EVPN-VXLAN Hybrid Port Support

BGP Configuration

(config)#router bgp 500 Enter into Router BGP mode

(config-router)#bgp router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo IP address)
(config-router)#neighbor 2.2.2.2 remote-as Specify a VTEP2 loopback IP address and remote-as defined
500
(config-router)#neighbor 2.2.2.2 update- Configure update as loopback for VTEP2
source lo
(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP2
(config-router)#neighbor 3.3.3.3 remote-as Specify a VTEP3 loopback IP address and remote-as defined
500
(config-router)#neighbor 3.3.3.3 update- Configure update as loopback for VTEP3
source lo
(config-router)#neighbor 3.3.3.3 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP3
(config-router)#address-family ipv4 unicast Enter into ipv4 unicast address family mode
(config-router-af)#network 1.1.1.1/32 Advertise loopback network into BGP for VTEP ID reachability
(config-router-af)#neighbor 2.2.2.2 Activate 2.2.2.2 (VTEP2) into ipv4 unicast address family
activate mode
(config-router-af)#neighbor 3.3.3.3 Activate 3.3.3.3 (VTEP2) into ipv4 unicast address family
activate mode
(config-router-af)#exit-address-family Exit from ipv4 unicast address family mode
(config-router)#address-family l2vpn evpn Enter into L2VPN EVPN address family mode
(config-router-af)#neighbor 2.2.2.2 Activate 2.2.2.2 (VTEP2) into L2VPN evpn address family
activate mode
(config-router-af)#neighbor 3.3.3.3 Activate 3.3.3.3 (VTEP3) into L2VPN evpn address family
activate mode
(config-router-af)#exit-address-family Exit from L2VPN address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 143

EVPN-VXLAN Hybrid Port Support

VxLAN Configuration

(config)#nvo vxlan enable Enable VxLAN

(config)#nvo vxlan vtep-ip-global 1.1.1.1 Configure Source VTEP-IP-global configuration
(config)#nvo vxlan id 10 ingress-replication Configure VxLAN Network identifier with/without inner-VID-
inner-vid-disabled disabled configure and enter into VxLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp VRF1
(config-nvo)#vni-name VNI-RED Configure VNI-name as VNI-RED
(config-nvo)#exit Exit from VxLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 20 ingress-replication Configure VxLAN Network identifier with/without inner-VID-
inner-vid-disabled disabled configure and enter into VxLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp VRF1
(config-nvo)#vni-name VNI-BLUE Configure VNI-name as VNI-BLUE
(config-nvo)#exit Exit from VxLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan access-if port xe9 Enable port mapping i.e. access port to the physical interface

(config-nvo-acc-if)#map vni-name VNI-RED Map VxLAN Identified to access-port for VxLAN

(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan xe9 Enable port-VLAN mapping i.e. access port to outer-VLAN
1001 (SVLAN) – physical interface
(config-nvo-acc-if)#map vni-name VNI-RED Map VxLAN Identified to access-port for VxLAN

(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into

configuration mode
(config)#nvo vxlan access-if port-vlan xe9 Enable port-VLAN mapping i.e. access port to outer-VLAN
2001 (SVLAN) – physical interface
(config-nvo-acc-if)#map vni-name VNI-BLUE Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode

© 2024 IP Infusion Inc. Proprietary 144

EVPN-VXLAN Hybrid Port Support

(config)#commit Commit the candidate configuration to the running

configuration
(config)#exit Exit from configuration mode

VTEP2
Interface and Loopback Configuration

(config)#interface xe3 Enter Interface mode for xe3

(config-if)#switchport Make it L2 interface
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 2.2.2.2/32 secondary Configure loopback IP address as 2.2.2.2 for VTEP2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe21 Enter Interface mode for xe21
(config-if)#ip address 30.30.30.1/24 Configure IP address as 30.30.30.1 on network side of Spine1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce53 Enter Interface mode for ce53
(config-if)#ip address 40.40.40.1/24 Configure IP address as 40.40.40.1 on network side of Spine2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

OSPF Configuration

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 2.2.2.2 Configure router-id as 2.2.2.2 (lo IP address)
(config-router)#network 2.2.2.2/32 area Add 2.2.2.2 (lo IP address) network into area 0
0.0.0.0
(config-router)#network 30.30.30.0/24 area Add 30.30.30.0 (Spine1) network into area 0
0.0.0.0
(config-router)#network 40.40.40.0/24 area Add 40.40.40.0 (Spine2) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling BFD on all OSPF interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 145

EVPN-VXLAN Hybrid Port Support

BGP Configuration

(config)#router bgp 500 Enter into Router BGP mode

(config-router)#bgp router-id 2.2.2.2 Configure router-id as 2.2.2.2 (lo IP address)
(config-router)#neighbor 1.1.1.1 remote-as Specify a VTEP1 loopback IP address and remote-as defined
500
(config-router)#neighbor 1.1.1.1 update- Configure update as loopback for VTEP1
source lo
(config-router)#neighbor 1.1.1.1 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
(config-router)#neighbor 3.3.3.3 remote-as Specify a VTEP3 loopback IP address and remote-as defined
500
(config-router)#neighbor 3.3.3.3 update- Configure update as loopback for VTEP3
source lo
(config-router)#neighbor 3.3.3.3 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP3
(config-router)#address-family ipv4 unicast Enter into ipv4 unicast address family mode
(config-router-af)#network 2.2.2.2/32 Advertise loopback network into BGP for VTEP ID reachability
(config-router-af)#neighbor 1.1.1.1 Activate 1.1.1.1 (VTEP2) into ipv4 unicast address family
activate mode
(config-router-af)#neighbor 3.3.3.3 Activate 3.3.3.3 (VTEP2) into ipv4 unicast address family
activate mode
(config-router-af)#exit-address-family Exit from ipv4 unicast address family mode
(config-router)#address-family l2vpn evpn Enter into L2VPN EVPN address family mode
(config-router-af)#neighbor 1.1.1.1 Activate 1.1.1.1(VTEP1) into L2VPN evpn address family
activate mode
(config-router-af)#neighbor 3.3.3.3 Activate 3.3.3.3(VTEP3) into L2VPN evpn address family
activate mode
(config-router-af)#exit-address-family Exit from L2VPN address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to the running
configuration

VRF Configuration

(config)# mac vrf VRF1 Create mac routing/forwarding instance with VRF1 name and
enter into VRF mode
(config-vrf)#rd 2.2.2.2:11 Assign RD value
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for VRF1
(config-vrf)#exit Exit from VRF mode
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 146

EVPN-VXLAN Hybrid Port Support

VxLAN Configuration

(config)#nvo vxlan enable Enable VxLAN

(config)#nvo vxlan vtep-ip-global 2.2.2.2 Configure Source VTEP-IP-global configuration
(config)#nvo vxlan id 10 ingress-replication Configure VxLAN Network identifier with/without inner-VID-
inner-vid-disabled disabled configure and enter into VxLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp VRF1
(config-nvo)#vni-name VNI-RED Configure VNI-name as VNI-RED
(config-nvo)#exit Exit from VxLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 20 ingress-replication Configure VxLAN Network identifier with/without inner-VID-
inner-vid-disabled disabled configure and enter into VxLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp VRF1
(config-nvo)#vni-name VNI-BLUE Configure VNI-name as VNI-BLUE
(config-nvo)#exit Exit from VxLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan access-if port xe3 Enable port mapping i.e. access port to physical interface

(config-nvo-acc-if)#map vni-name VNI-RED Map VxLAN Identified to access-port for VxLAN

(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan xe3 Enable port-VLAN mapping i.e. access port to outer-VLAN
1002 (SVLAN) – physical interface
(config-nvo-acc-if)#map vni-name VNI-RED Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan xe3 Enable port-VLAN mapping i.e. access port to outer-VLAN
2001 (SVLAN) – physical interface
(config-nvo-acc-if)#map vni-name VNI-BLUE Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#exit Exit from configuration mode

© 2024 IP Infusion Inc. Proprietary 147

EVPN-VXLAN Hybrid Port Support

VTEP3
Interface and loopback configuration

#configure terminal Enter Configure mode.

OSPF Configuration

(config)#router ospf 100 Enter into router OSPF mode

© 2024 IP Infusion Inc. Proprietary 148

EVPN-VXLAN Hybrid Port Support

BGP Configuration

(config)#router bgp 500 Enter into Router BGP mode

(config-router)#bgp router-id 3.3.3.3 Configure router-ID as 3.3.3.3 (lo ip address)
(config-router)#neighbor 1.1.1.1 remote-as Specify a VTEP1 loopback IP address and remote-as defined
500
(config-router)#neighbor 1.1.1.1 update- Configure update as loopback for VTEP1
source lo
(config-router)#neighbor 1.1.1.1 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
(config-router)#neighbor 2.2.2.2 remote-as Specify a VTEP2 loopback IP address and remote-as defined
500
(config-router)#neighbor 2.2.2.2 update- Configure update as loopback for VTEP2
source lo
(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP3
(config-router)#address-family ipv4 unicast Enter into ipv4 unicast address family mode
(config-router-af)#network 3.3.3.3/32 Advertise loopback network into BGP for VTEP ID reachability
(config-router-af)#neighbor 1.1.1.1 Activate 1.1.1.1 (VTEP2) into ipv4 unicast address family
activate mode
(config-router-af)#neighbor 2.2.2.2 Activate 2.2.2.2 (VTEP2) into ipv4 unicast address family
activate mode
(config-router-af)#exit-address-family Exit from ipv4 unicast address family mode
(config-router)#address-family l2vpn evpn Enter into L2VPN EVPN address family mode
(config-router-af)#neighbor 1.1.1.1 Activate 1.1.1.1 (VTEP1) into L2VPN evpn address family
activate mode
(config-router-af)#neighbor 2.2.2.2 Activate 2.2.2.2 (VTEP2) into L2VPN evpn address family
activate mode
(config-router-af)#exit-address-family Exit from L2VPN address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 149

EVPN-VXLAN Hybrid Port Support

VRF Configuration

(config)# mac vrf VRF1 Create MAC routing/forwarding instance with VRF1 name and
enter into VRF mode
(config-vrf)#rd 3.3.3.3:11 Assign RD value
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for VRF1
(config-vrf)#exit Exit from VRF mode
(config)#commit Commit the candidate configuration to the running
configuration

VxLAN Configuration

(config)#nvo vxlan enable Enable VxLAN

(config)#nvo vxlan vtep-ip-global 3.3.3.3 Configure Source VTEP-IP-global configuration
(config)#nvo vxlan id 10 ingress-replication Configure VxLAN Network identifier with/without inner-VID-
inner-vid-disabled disabled configure and enter into VxLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp VRF1
(config-nvo)#vni-name VNI-RED Configure VNI-name as VNI-RED
(config-nvo)#exit Exit from VxLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 20 ingress-replication Configure VxLAN Network identifier with/without inner-VID-
inner-vid-disabled disabled configure and enter into VxLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp VRF1
(config-nvo)#vni-name VNI-BLUE Configure VNI-name as VNI-BLUE
(config-nvo)#exit Exit from VxLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan access-if port xe48 Enable port mapping i.e. access port to physical interface

(config-nvo-acc-if)#map vni-name VNI-RED Map VxLAN Identified to access-port for VxLAN

(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan xe48 Enable port-VLAN mapping i.e. access port to outer-VLAN
1001 (SVLAN) – physical interface
(config-nvo-acc-if)#map vni-name VNI-RED Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan xe48 Enable port-VLAN mapping i.e. access port to outer-VLAN
2001 (SVLAN) – physical interface
(config-nvo-acc-if)#map vni-name VNI-BLUE Map VxLAN Identified to access-port for VxLAN
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode

© 2024 IP Infusion Inc. Proprietary 150

EVPN-VXLAN Hybrid Port Support

(config)#commit Commit the candidate configuration to the running

configuration
(config)#exit Exit from configuration mode

Spine 1
Spine node where all VTEPs are connected

Interface and Loopback Configuration

#configure terminal Enter Configure mode.

(config)#qos enable Enabling QoS
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 11.11.11.11/32 Configure loopback IP address as 11.11.11.11 for Spine1
secondary
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe8 Enter Interface mode for xe8
(config-if)#ip address 10.10.10.2/24 Configure IP address as 10.10.10.2 on network side of
VTEP1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe1 Enter Interface mode for xe1
(config-if)#ip address 30.30.30.2/24 Configure IP address as 30.30.30.2 on network side of
VTEP2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe18 Enter Interface mode for xe18
(config-if)#ip address 50.50.50.2/24 Configure IP address as 50.50.50.2 on network side of
VTEP3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

OSPF configuration

(config)#router ospf 100 Enter into router OSPF mode

© 2024 IP Infusion Inc. Proprietary 151

EVPN-VXLAN Hybrid Port Support

Spine 2
Spine node where all VTEPs are connected

Interface and loopback configuration

(config)#interface lo Enter Interface mode for lo

(config-if)#ip address 22.22.22.22/32 Configure loopback IP address as 22.22.22.22 for Spine2
secondary
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe5 Enter Interface mode for xe5
(config-if)#ip address 20.20.20.2/24 Configure IP address as 20.20.20.2 on network side of
VTEP1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce0 Enter Interface mode for ce0
(config-if)#ip address 40.40.40.2/24 Configure IP address as 40.40.40.2 on network side of
VTEP2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe19 Enter Interface mode for xe19
(config-if)#ip address 60.60.60.2/24 Configure IP address as 60.60.60.2 on network side of
VTEP3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 152

EVPN-VXLAN Hybrid Port Support

OSPF configuration

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 22.22.22.22 Configure router-id as 11.11.11.11 (lo IP address)
(config-router)#network 22.22.22.22/32 area Add 22.22.22.22 (lo IP address) network into area 0
0.0.0.0
(config-router)#network 20.20.20.0/24 area Add 20.20.20.0 (VTEP1) network into area 0
0.0.0.0
(config-router)#network 40.40.40.0/24 area Add 40.40.40.0 (VTEP2) network into area 0
0.0.0.0
(config-router)#network 60.60.60.0/24 area Add 60.60.60.0 (VTEP3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling BFD on all OSPF interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to the running
configuration

Validation
VTEP1
VTEP1#sh nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Status Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
10 VNI-RED L2 NW ---- ---- ---- -
--- 1.1.1.1 3.3.3.3
10 VNI-RED L2 NW ---- ---- ---- -
--- 1.1.1.1 2.2.2.2
10 VNI-RED -- AC xe9 --- Single Homed Port --- 0 --
-- ---- ----
10 VNI-RED -- AC xe9 --- Single Homed Port --- 1001 --
-- ---- ----
20 VNI-BLUE L2 NW ---- ---- ---- -
--- 1.1.1.1 3.3.3.3
20 VNI-BLUE L2 NW ---- ---- ---- -
--- 1.1.1.1 2.2.2.2
20 VNI-BLUE -- AC xe9 --- Single Homed Port --- 2001 --
-- ---- ----

Total number of entries are 7

© 2024 IP Infusion Inc. Proprietary 153

EVPN-VXLAN Hybrid Port Support

VTEP1#sh nvo vxlan access-if brief

Inner Admin Link

Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
xe57 --- --- 500000 10 up up
xe57 1001 --- 500001 10 up up
xe57 2001 --- 500002 20 up up

Total number of entries are 3

VTEP1#show bgp l2vpn evpn summary

BGP router identifier 1.1.1.1, local AS number 500
BGP table version is 4
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
2.2.2.2 4 500 53 54 3 0 0 00:20:58
2 0 0 2 0 0
3.3.3.3 4 500 53 53 3 0 0 00:20:58
2 0 0 2 0 0

Total number of neighbors 2

Total number of Established sessions 2

VTEP1#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
======================================================================
1.1.1.1 3.3.3.3 Installed 00:10:44 00:10:44
1.1.1.1 2.2.2.2 Installed 00:10:58 00:10:58

Total number of entries are 2

VTEP1#show bgp l2vpn evpn

BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i -
internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route

© 2024 IP Infusion Inc. Proprietary 154

EVPN-VXLAN Hybrid Port Support

3 - Inclusive Multicast Route

4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[1.1.1.1:1] VRF[VRF1]:
*> [3]:[10]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i ----------
VXLAN
* i[3]:[10]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i[3]:[10]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*> [3]:[20]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i ----------
VXLAN
* i[3]:[20]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i[3]:[20]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN

RD[2.2.2.2:1]
*>i[3]:[10]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i[3]:[20]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[3.3.3.3:1]
*>i[3]:[10]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*>i[3]:[20]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN

Total number of prefixes 10

VTEP2
VTEP2#sh nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Status Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________

© 2024 IP Infusion Inc. Proprietary 155

EVPN-VXLAN Hybrid Port Support

10 VNI-RED L2 NW ---- ---- ---- -

--- 2.2.2.2 1.1.1.1
10 VNI-RED L2 NW ---- ---- ---- -
--- 2.2.2.2 3.3.3.3
10 VNI-RED -- AC xe8 --- Single Homed Port --- 0 -
--- ---- ----
10 VNI-RED -- AC xe8 --- Single Homed Port --- 1001 -
--- ---- ----
20 VNI-BLUE L2 NW ---- ---- ---- -
--- 2.2.2.2 1.1.1.1
20 VNI-BLUE L2 NW ---- ---- ---- -
--- 2.2.2.2 3.3.3.3
20 VNI-BLUE -- AC xe8 --- Single Homed Port --- 2001 -
--- ---- ----

Total number of entries are 7

VTEP2#sh nvo vxlan access-if brief

Inner Admin Link

Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
xe8 --- --- 500000 10 up up
xe8 1001 --- 500001 10 up up
xe8 2001 --- 500002 20 up up

Total number of entries are 3

VTEP2#show bgp l2vpn evpn summary

BGP router identifier 2.2.2.2, local AS number 500
BGP table version is 4
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
1.1.1.1 4 500 53 53 3 0 0 00:20:56
2 0 0 2 0 0
3.3.3.3 4 500 51 54 3 0 0 00:20:56
2 0 0 2 0 0

Total number of neighbors 2

Total number of Established sessions 2

VTEP2#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
======================================================================
2.2.2.2 1.1.1.1 Installed 00:11:01 00:11:01

© 2024 IP Infusion Inc. Proprietary 156

EVPN-VXLAN Hybrid Port Support

2.2.2.2 3.3.3.3 Installed 00:10:47 00:10:47

Total number of entries are 2

VTEP2#show bgp l2vpn evpn

BGP table version is 4, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i -
internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[1.1.1.1:1]
*>i [3]:[10]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [3]:[20]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[2.2.2.2:1] VRF[VRF1]:
* i [3]:[10]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [3]:[10]:[32,2.2.2.2]
2.2.2.2 0 100 32768 i ----------
VXLAN
* i [3]:[10]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
* i [3]:[20]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [3]:[20]:[32,2.2.2.2]
2.2.2.2 0 100 32768 i ----------
VXLAN
* i [3]:[20]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN

RD[3.3.3.3:1]
*>i [3]:[10]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*>i [3]:[20]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN

Total number of prefixes 10

© 2024 IP Infusion Inc. Proprietary 157

EVPN-VXLAN Hybrid Port Support

VTEP3
VTEP3#sh nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Status Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
10 VNI-RED L2 NW ---- ---- ---- -
--- 3.3.3.3 2.2.2.2
10 VNI-RED L2 NW ---- ---- ---- -
--- 3.3.3.3 1.1.1.1
10 VNI-RED -- AC ce13/1 --- Single Homed Port --- 0 -
--- ---- ----
10 VNI-RED -- AC ce13/1 --- Single Homed Port --- 1001 -
--- ---- ----
20 VNI-BLUE L2 NW ---- ---- ---- -
--- 3.3.3.3 2.2.2.2
20 VNI-BLUE L2 NW ---- ---- ---- -
--- 3.3.3.3 1.1.1.1
20 VNI-BLUE -- AC ce13/1 --- Single Homed Port --- 2001 -
--- ---- ----

Total number of entries are 7

VTEP3#sh nvo vxlan access-if brief

Inner Admin Link
Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
ce13/1 --- --- 500000 10 up up
ce13/1 1001 --- 500001 10 up up
ce13/1 2001 --- 500002 20 up up

Total number of entries are 3

VTEP3#show bgp l2vpn evpn summary

BGP router identifier 3.3.3.3, local AS number 500
BGP table version is 3
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
1.1.1.1 4 500 52 52 3 0 0 00:20:37
2 0 0 2 0 0
2.2.2.2 4 500 52 51 3 0 0 00:20:37
2 0 0 2 0 0

Total number of neighbors 2

© 2024 IP Infusion Inc. Proprietary 158

EVPN-VXLAN Hybrid Port Support

Total number of Established sessions 2

VTEP3#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
======================================================================
3.3.3.3 2.2.2.2 Installed 00:10:50 00:10:50
3.3.3.3 1.1.1.1 Installed 00:10:50 00:10:50

Total number of entries are 2

VTEP3#show bgp l2vpn evpn

BGP table version is 3, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i -
internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[1.1.1.1:1]
*>i [3]:[10]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [3]:[20]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[2.2.2.2:1]
*>i [3]:[10]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [3]:[20]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[3.3.3.3:1] VRF[VRF1]:
* i [3]:[10]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [3]:[10]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [3]:[10]:[32,3.3.3.3]
3.3.3.3 0 100 32768 i ----------
VXLAN
* i [3]:[20]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

© 2024 IP Infusion Inc. Proprietary 159

EVPN-VXLAN Hybrid Port Support

* i [3]:[20]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [3]:[20]:[32,3.3.3.3]
3.3.3.3 0 100 32768 i ----------
VXLAN

Total number of prefixes 10

© 2024 IP Infusion Inc. Proprietary 160

VXLAN Quality of Service Configuration

CHAPTER 6 VXLAN Quality of Service Configuration

This chapter contains the configurations for VXLAN Quality of Service (QoS) .

Overview
VXLAN enables multiple tenants to operate in a data center. Each tenant is assigned a priority group to prioritize their
traffic. Cloud carriers want to use quality of service to differentiate different applications.
Data center networks are being increasingly used by telecommunications operators as well as by enterprises.
Currently these networks are organized as one large Layer 2 network in a single building. In some cases such a
network is extended geographically using Virtual Local Area Network (VLAN) technologies as an even larger Layer 2
network connecting the virtual machines (VM), each with its own MAC address.
Multiple tenants might want their own isolated network domain. In a data center hosting multiple tenants, each tenant
may independently assign MAC addresses and VLAN IDs and this might lead to duplication.
Cloud carriers wish to categorize the traffic based on the application such as voice, video, etc. Based on the type of the
application different traffic classes may be identified and different priority levels can be assigned to each. To do so,
quality of service marking is needed in VXLAN.
This chapter shows how to mark packet headers with the VXLAN tunnel end point (VTEP) when the frames are
introduced by the virtual machines. The (re)marking /setting of QoS field DSCP/TOS in the VXLAN IP header is done
with the two modes which are set globally.

Topology

Figure 6-10: VXLAN QoS

COS-DSCP
RTR1/VTEP1

#configure terminal Enter Configure mode.

(config)#mac vrf vrf1 Create mac routing/forwarding instance with vrf1 name and
enter into vrf mode

© 2024 IP Infusion Inc. Proprietary 161

VXLAN Quality of Service Configuration

(config-vrf)#rd 1.1.1.1:11 Assign RD value

(config-vrf)#route-target both Assign route-target value for import/export
10.10.10.10:100
(config-vrf)#exit Exit from vrf mode
(config)#qos enable Enable qos
(config)#qos profile cos-to-queue COS-QUE Create qos profile for mapping traffic towards tunnel from
access-if.
(config-ingress-cos-map)#cos 2 queue 3 Configure particular COS value to the queue value for con-
figured profile.
(config-ingress-cos-map)#exit Exit from qos profile config mode
(config)#qos profile queue-color-to-dscp Create qos profile for attaching in vxlan tunnel egress.
QUE-DSCP
(config-egress-dscp-map)#queue 3 dscp 16 Configure particular queue value to the dscp value for
configured profile.
(config-egress-dscp-encap-map)#exit Exit from qos profile config mode
(config)#interface po2 Create a port channel po2
(config-if)#switchport Configure port as switchport
(config-if)#load-interval 30 Set load-interval
(config-if)#interface po24 Create a port channel po24
(config-if)#load-interval 30 Configure port as switchport
(config-if)#ip address 24.1.1.1/30 Set load-interval
(config-if)#interface lo Enter in to loopback interface
(config-if)#ip address 1.1.1.1/32 secondary Configure ip address
(config-if)#interface xe1 Enter in to interface mode
(config-if)#channel-group 2 mode active Map to channel-group
(config-if)#interface xe2 Enter in to interface mode
(config-if)#channel-group 2 mode active Map to channel-group
(config-if)#interface xe14 Enter in to interface mode
(config-if)#channel-group 24 mode ac-tive Map to channel-group
(config-if)#interface xe15 Enter in to interface mode
(config-if)#channel-group 24 mode ac-tive Map to channel-group
(config-if)#router ospf 1 Create ospf instance
(config-router)#ospf router-id 1.1.1.1 Configure ospf router-id
(config-router)#network 1.1.1.1/32 area Configure loopback network address in to ospf
0.0.0.0
(config-router)#network 24.1.1.0/30 area Configure network address in to ospf
0.0.0.0
(config-router)#router bgp 100 Enter into Router BGP mode
(config-router)#neighbor 6.6.6.6 re-mote-as Specify a neighbor router with peer ip address and remote-as
100 defined
(config-router)#neighbor 6.6.6.6 up-date- Specify the neighbor to use loopback address as source
source lo
(config-router)#address-family l2vpn evpn Enter into l2vpn evpn address-family
(config-router-af)#neighbor 6.6.6.6 activate Activate the neighbor to address-family

© 2024 IP Infusion Inc. Proprietary 162

VXLAN Quality of Service Configuration

(config-router)#nvo vxlan vtep-ip-global Configure Source vtep-ip-global configuration

1.1.1.1
(config)#nvo vxlan tunnel qos-map-mode cos- Configure the mapping qos profile in to vxlan tunnel egress
dscp egress QUE-DSCP
(config)#nvo vxlan id 1 in-gress-replication Create vnid 1 and disable inner-vid
inner-vid-disabled
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp vrf1
(config-nvo)#nvo vxlan access-if port-vlan Create vxlan access-if with vlan 1001
po2 1001
(config-nvo-acc-if)#no shutdown No shut the vxlan access-if
(config-nvo-acc-if)#map vnid 1 Map vnid to the vxlan access-if
(config-nvo-acc-if)#map qos-profile cos-to- Map qos profile for vxlan access-if ingress traffic from CE
queue COS-QUE
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode.
(config)#commit Commit the candidate configuration to the running
configuration

#configure terminal Enter Configure mode.

(config)#interface po24 Create port channel
(config-if)#load-interval 30 Set load-interval
(config-if)#ip address 24.1.1.2/30 Assign ip address
(config-if)#interface po46 Create port channel
(config-if)#load-interval 30 Set load-interval
(config-if)#ip address 46.1.1.1/30 Assign ip address
(config-if)#interface lo Enter in to loopback interface
(config-if)#ip address 4.4.4.4/32 sec-ondary Assign secondary ip address
(config-if)#interface xe4 Enter into interface mode
(config-if)#channel-group 46 mode active Map port channel to the interface
(config-if)#interface xe5 Enter into interface mode
(config-if)#channel-group 46 mode active Map port channel to the interface
(config-if)#interface xe14 Enter into interface mode
(config-if)#channel-group 24 mode active Map port channel to the interface
(config-if)#interface xe15 Enter into interface mode
(config-if)#channel-group 24 mode active Map port channel to the interface
(config-if)#router ospf 1 Create ospf instance
(config-router)#ospf router-id 4.4.4.4 Configure ospf router-id
(config-router)#network 4.4.4.4/32 area Configure ospf network address with respective area
0.0.0.0
(config-router)#network 24.1.1.0/30 area Configure ospf network address with respective area
0.0.0.0

© 2024 IP Infusion Inc. Proprietary 163

VXLAN Quality of Service Configuration

(config-router)#network 46.1.1.0/30 area Configure ospf network address with respective area
0.0.0.0
(config-router)#exit Exit from router mode.
(config)#commit Commit the candidate configuration to the running
configuration

RTR3/VTEP2

#configure terminal Enter Configuration mode

(config)#mac vrf vrf1 Create mac routing/forwarding instance with vrf1 name and
enter into vrf mode
(config-vrf)#rd 6.6.6.6:11 Assign RD value
(config-vrf)#route-target both Assign route-target value for import/export
10.10.10.10:100
(config-vrf)#exit Exit from vrf mode
(config)#qos enable Enable QOS
(config)#qos statistics Enable QOS statistics
(config)#qos profile queue-color-to-cos QUE- Create qos profile for mapping incoming traffic from tunnel to
COS access-if.
(config-egress-cos-map)#queue 4 cos 5 Configure particular queue value to the cos value for con-
figured profile.
(config-egress-cos-map)#qos profile dscp-to- Create qos profile for attaching in vxlan tunnel ingress.
queue DSCP-QUE
(config-ingress-dscp-map)#dscp 16 queue 4 Configure particular dscp value to the queue value for con-
figured profile.
(config-egress-dscp-map)#interface po46 Create port channel
(config-if)#load-interval 30 Set load interval
(config-if)#ip address 46.1.1.2/30 Assign ip address
(config-if)#interface lo Enter into loopback interface
(config-if)#ip address 6.6.6.6/32 secondary Assign secondary ip address
(config-if)#interface xe4 Enter into interface mode
(config-if)#channel-group 46 mode active Map channel group into the interface
(config-if)#interface xe5 Enter into interface mode
(config-if)#channel-group 46 mode active Map channel group into the interface
(config-if)#interface xe15 Enter into interface mode
(config-if)#switchport Make interface as L2 port
(config-if)#load-interval 30 Set load interval
(config-if)#router ospf 1 Create ospf instance
(config-router)#ospf router-id 6.6.6.6 Configure ospf router-id
(config-router)#network 6.6.6.6/32 area Configure ospf network address with respective area
0.0.0.0
(config-router)#network 46.1.1.0/30 area Configure ospf network address with respective area
0.0.0.0
(config-router)#router bgp 100 Enter into Router BGP mode

© 2024 IP Infusion Inc. Proprietary 164

VXLAN Quality of Service Configuration

(config-router)#neighbor 1.1.1.1 re-mote-as Specify a neighbor router with peer ip address and remote-as
100 defined
(config-router)#neighbor 1.1.1.1 up-date- Specify the neighbor to use loopback address as source
source lo
(config-router)#address-family l2vpn evpn Enter into l2vpn evpn address-family
(config-router-af)#neighbor 1.1.1.1 activate Activate the neighbor to address-family
(config)#nvo vxlan vtep-ip-global 6.6.6.6 Configure Source vtep-ip-global configuration
(config)#nvo vxlan tunnel qos-map-mode cos- Configure the mapping qos profile in to vxlan tunnel ingress
dscp ingress DSCP-QUE
(config)#nvo vxlan id 1 in-gress-replication Create vnid 1 and disable inner-vid
inner-vid-disabled
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp vrf1
(config-nvo)#nvo vxlan access-if port-vlan Create vxlan access-if with vlan 1000
xe15 1000
(config-nvo-acc-if)#no shutdown No shut the vxlan access-if
(config-nvo-acc-if)#map vnid 1 Map vnid to the vxlan access-if
(config-nvo-acc-if)#map qos-profile queue- Map qos profile for vxlan access-if egress traffic to CE
color-to-cos QUE-COS
(config-nvo-acc-if)#exit Exit from VxLAN access-interface mode and enter into
configuration mode
(config)#commit Commit the candidate configuration to the running
configuration

Validation
As per the QoS configuration, when L2 traffic with cos value 2 sent to VTEP1 access-if, the packets forwarded to queue
3 and packets in queue 3 are mapped with overlay dscp value 16 while egress out of tunnel. At VTEP2, when packets
with overlay dscp value 16 ingresses at tunnel, it is forwarded to queue 4 and packets of queue 4 are remarked with
cos value 5.

RTR1/VTEP1
VTEP1#sh run nvo vxlan
!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 1.1.1.1
!
nvo vxlan tunnel qos-map-mode cos-dscp egress QUE-DSCP
!
nvo vxlan id 1 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf1
!
nvo vxlan access-if port-vlan po2 1001
map vnid 1
map qos-profile cos-to-queue COS-QUE
!
VTEP1#show run qos
qos enable

© 2024 IP Infusion Inc. Proprietary 165

VXLAN Quality of Service Configuration

!
qos profile cos-to-queue COS-QUE
cos 2 dei all queue 3
!
qos profile queue-color-to-dscp QUE-DSCP
queue 3 color all dscp 16
!

VTEP1#show interface xe14 count queue-stats

E - Egress, I - Ingress, Q-Size is in bytes
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
| Queue/Class-map | Q-Size | Tx pkts | Tx bytes | Dropped pkts |
Dropped bytes |
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
q0 (E) 12517376 0 0 0 0
q1 (E) 12517376 0 0 0 0
q2 (E) 12517376 0 0 0 0
q3 (E) 12517376 205284588 188040683524 0 0
q4 (E) 12517376 0 0 0 0
q5 (E) 12517376 0 0 0 0
q6 (E) 12517376 0 0 0 0
q7 (E) 12517376 7518 1007412 0 0

VTEP1#show interface xe15 count queue-stats

E - Egress, I - Ingress, Q-Size is in bytes
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
| Queue/Class-map | Q-Size | Tx pkts | Tx bytes | Dropped pkts |
Dropped bytes |
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
q0 (E) 12517376 0 0 0 0
q1 (E) 12517376 0 0 0 0
q2 (E) 12517376 0 0 0 0
q3 (E) 12517376 205624494 188352040168 0 0
q4 (E) 12517376 0 0 0 0
q5 (E) 12517376 0 0 0 0
q6 (E) 12517376 0 0 0 0
q7 (E) 12517376 9006 1136741 0 0

VTEP1#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr

© 2024 IP Infusion Inc. Proprietary 166

VXLAN Quality of Service Configuration

_______________________________________________________________________________________
________________________________________
1 ---- L2 NW ---- ---- ---- ----
1.1.1.1 6.6.6.6
1 ---- AC po2 --- Single Homed port --- 1001 ---- ----
----

Total number of entries are 3

VTEP1#show nvo vxlan mac-table

=======================================================================================
==============================================================
VXLAN MAC Entries
=======================================================================================
==============================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
______________________________________________________________

1 po2 1001 ---- 0000.2000.9991 1.1.1.1

Dynamic Local ------- -------

Total number of entries are : 1

VTEP1#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
1.1.1.1 6.6.6.6 Installed 00:11:29 00:11:29

Total number of entries are 2

VTEP1#show qos-profile COS-QUE

profile name: COS-QUE
profile type: cos-to-queue
profile attached to 1 instances
configured mapping:
cos 2 dei all queue 3
Detailed mapping:
---------------+----------------- | ---------------+-----------------
INPUT | OUTPUT | INPUT | OUTPUT
---------------+----------------- | ---------------+-----------------
COS | DEI | Queue | Color | COS | DEI | Queue | Color
-------+-------+-------+--------- | -------+-------+-------+---------
0 0 0 green | 0 1 0 yellow
1 0 1 green | 1 1 1 yellow
2 0 3 green | 2 1 3 yellow
3 0 3 green | 3 1 3 yellow
4 0 4 green | 4 1 4 yellow
5 0 5 green | 5 1 5 yellow
6 0 6 green | 6 1 6 yellow

© 2024 IP Infusion Inc. Proprietary 167

VXLAN Quality of Service Configuration

7 0 7 green | 7 1 7 yellow

VTEP1#show qos-profile QUE-DSCP

profile name: QUE-DSCP
profile type: queue-color-to-dscp
profile attached to 1 instances
configured mapping:
queue 3 color all dscp 16
Detailed mapping:
----------------+-------- | ----------------+-------- | ----------------+--------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT | OUTPUT
----------------+-------- | ----------------+-------- | ----------------+--------
Queue | Color | DSCP | Queue | Color | DSCP | Queue | Color | DSCP
-------+--------+-------- | -------+--------+-------- | -------+--------+--------
0 green 0 | 0 yellow 0 | 0 red 0
1 green 10 | 1 yellow 12 | 1 red 14
2 green 18 | 2 yellow 20 | 2 red 22
3 green 16 | 3 yellow 16 | 3 red 16
4 green 34 | 4 yellow 36 | 4 red 38
5 green 40 | 5 yellow 40 | 5 red 40
6 green 48 | 6 yellow 48 | 6 red 48
7 green 56 | 7 yellow 56 | 7 red 56

RTR2/VTEP2

VTEP2#show run nvo vxlan

!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 6.6.6.6
!
nvo vxlan tunnel qos-map-mode cos-dscp ingress DSCP-QUE
!
nvo vxlan id 1 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf1
!
nvo vxlan access-if port-vlan xe15 1000
map vnid 1
map qos-profile queue-color-to-cos QUE-COS
!
!
VTEP2#show run qos
qos enable
qos statistics
!
qos profile queue-color-to-cos QUE-COS
queue 4 color all cos 5
!
qos profile dscp-to-queue DSCP-QUE

© 2024 IP Infusion Inc. Proprietary 168

VXLAN Quality of Service Configuration

dscp 16 queue 4
!
VTEP2#show nvo vxlan mac-table

=======================================================================================
==============================================================
VXLAN MAC Entries
=======================================================================================
==============================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
______________________________________________________________

1 ---- ---- ---- 0000.2000.9991 1.1.1.1

Dynamic Remote ------- -------

Total number of entries are : 1

VTEP2#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
6.6.6.6 1.1.1.1 Installed 00:09:39 00:09:39

Total number of entries are 2

VTEP2#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Total number of entries are 3

VTEP2#show interface xe15 count queue-stats

© 2024 IP Infusion Inc. Proprietary 169

VXLAN Quality of Service Configuration

q1 (E) 12517376 0 0 0 0
q2 (E) 12517376 0 0 0 0
q3 (E) 12517376 0 0 0 0
q4 (E) 12517376 37895872 36455829826 0 0
q5 (E) 12517376 0 0 0 0
q6 (E) 12517376 0 0 0 0
q7 (E) 12517376 0 0 0 0

VTEP2#show qos-profile QUE-COS

profile name: QUE-COS
profile type: queue-color-to-cos
profile attached to 1 instances
configured mapping:
queue 4 color all cos 5
Detailed mapping:
----------------+-------- | ----------------+-------- | ----------------+--------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT | OUTPUT
----------------+-------- | ----------------+-------- | ----------------+--------
Queue | Color | COS | Queue | Color | COS | Queue | Color | COS
-------+--------+-------- | -------+--------+-------- | -------+--------+--------
0 green 0 | 0 yellow 0 | 0 red 0
1 green 1 | 1 yellow 1 | 1 red 1
2 green 2 | 2 yellow 2 | 2 red 2
3 green 3 | 3 yellow 3 | 3 red 3
4 green 5 | 4 yellow 5 | 4 red 5
5 green 5 | 5 yellow 5 | 5 red 5
6 green 6 | 6 yellow 6 | 6 red 6
7 green 7 | 7 yellow 7 | 7 red 7

VTEP2#show qos-profile DSCP-QUE

profile name: DSCP-QUE
profile type: dscp-to-queue
profile attached to 1 instances
configured mapping:
dscp 16 queue 4
Detailed mapping:
Ingress map for dscp to queue-color
-------+----------------- | -------+----------------- | -------+----------------- | --
-----+-----------------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT | OUTPUT |
INPUT | OUTPUT
-------+----------------- | -------+----------------- | -------+----------------- | --
-----+-----------------
DSCP | Queue | Color | DSCP | Queue | Color | DSCP | Queue | Color | DSCP
| Queue | Color
-------+-------+--------- | -------+-------+--------- | -------+-------+--------- | --
-----+-------+---------
0 0 green | 16 4 green | 32 4 green | 48
6 green
1 0 green | 17 2 green | 33 4 green | 49
6 green

© 2024 IP Infusion Inc. Proprietary 170

VXLAN Quality of Service Configuration

2 0 green | 18 2 green | 34 4 green | 50

© 2024 IP Infusion Inc. Proprietary 171

VxLAN - EVPN with Integrated Routing and Bridging Deployment Mode

VxLAN - EVPN with Integrated Routing and

Bridging Deployment Mode

© 2024 IP Infusion Inc. Proprietary 122

VXLAN-EVPN with IRB

CHAPTER 1 VXLAN-EVPN with IRB

Overview
An EVPN-based Integrated Routing and Bridging solution used for forwarding of intra-subnets and inter-subnets traffic.
There are 2 modes of IRB.

Symmetric IRB
In this mode, both the ingress and egress VTEPs perform layer-2 and layer-3 lookups (switching and routing). In this
case, a given VTEP needs to learn the ARP and MAC-address entries only for tenant systems (TSs) across the tenant
VxLAN network belonging to VNIDs attached to that VTEP.

Asymmetric IRB
In this mode, the ingress VTEP perform layer-2 and layer-3 lookups and egress VTEPs perform layer-2 lookups only.
The disadvantage of this mode is the need for each VTEP in the tenant network to be configured with all the VNIDs for
that tenant irrespective of whether a given VTEP has TS attached for that VNID or not.
Three approaches are available to achieve IRB solution.
• Centralized Gateway
• Anycast Gateway
• Distributed Gateway

Topology
The procedures in this section use the topology in Figure 1-11.

© 2024 IP Infusion Inc. Proprietary 173

VXLAN-EVPN with IRB

Figure 1-11: VxLAN EVPN IRB

Note: In the above topology TS1, TS2 are the tenant systems.

Base Configuration - L2 VXLAN

VTEP1
(Multi-homed group1) - Part of both Multi-homed with po1(MH2).

Generic configuration:

#configure terminal Enter Configure mode.

(config)#evpn vxlan multihoming enable Enable Multihoming, save configs and reboot the board for
multihoming to be effective
(Config)#qos enable Enabling QoS
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Interface and loopback configuration:

(config)#interface po1 Enter Interface mode for po1 (MH2)

© 2024 IP Infusion Inc. Proprietary 174

VXLAN-EVPN with IRB

(config-if)#exit Exit Interface mode and return to Configure mode.

(config)#interface xe3 Enter Interface mode for xe3
(config-if)#channel-group 1 mode active Make it member port of po1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 1.1.1.1/32 secondary Configure loopback IP address as 1.1.1.1 for VTEP1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po2 Enter Interface mode for po2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe25 Enter Interface mode for xe25
(config-if)#channel-group 2 mode active Make it member port of po2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe26 Enter Interface mode for xe26
(config-if)#channel-group 2 mode active Make it member port of po2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po2 Enter Interface mode for po2
(config-if)#ip address 100.11.11.1/24 Configure IP address as 100.11.11.1 on network side of
Spine-P3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo IP address)
(config-router)#network 1.1.1.1/32 area Add 1.1.1.1 (lo IP address) network into area 0
0.0.0.0
(config-router)#network 100.11.11.0/24 area Add 100.11.11.0 (Spine-P3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling BFD on all OSPF interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

BGP configuration:

(Config)#router bgp 5000 Enter into Router BGP mode

© 2024 IP Infusion Inc. Proprietary 175

VXLAN-EVPN with IRB

(config-router)#neighbor 4.4.4.4 remote-as Specify a VTEP4 loopback IP address and remote-as defined
5000
(config-router)#neighbor 4.4.4.4 update- Configure update as loopback for VTEP4
source lo
(config-router)#neighbor 4.4.4.4 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP4
(config-router)#neighbor 5.5.5.5 remote-as Specify a VTEP5 loopback IP address and remote-as defined
5000
(config-router)#neighbor 5.5.5.5 update- Configure update as loopback for VTEP5
source lo
(config-router)#neighbor 5.5.5.5 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP5
(config-router)#address-family l2vpn evpn Enter into L2VPN EVPN address family mode
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2(VTEP2) into L2VPN EVPN address family
mode
(config-router-af)#neighbor 4.4.4.4 activate Activate 3.3.3.3(VTEP4) into L2VPN EVPN address family
mode
(config-router-af)#neighbor 5.5.5.5 activate Activate 5.5.5.5(VTEP5) into L2VPN EVPN address family
mode
(config-router-af)#exit-address-family Exit from L2VPN address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

L2 MAC VRF Configuration:

(config)#mac vrf L2VRF1 Create MAC routing/forwarding instance with L2VRF1 name
and enter into VRF mode
(config-vrf)#rd 1.1.1.1:11 Assign RD value
(config-vrf)#description MAC VRF RED Give description to L2VRF1 as RED
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for L2VRF1
(config-vrf)#exit Exit from VRF mode
(config)#mac vrf L2VRF2 Create MAC routing/forwarding instance with L2VRF2 name
and enter into VRF mode
(config-vrf)#rd 1.1.1.1:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export
90.90.90.90:100
(config-vrf)#description MAC VRF BLUE Give description to L2VRF2 as BLUE
(config-vrf)#exit Exit from VRF mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

© 2024 IP Infusion Inc. Proprietary 176

VXLAN-EVPN with IRB

L2 VXLAN configuration:

(config)#nvo vxlan enable Enable VXLAN

(config)#evpn esi hold-time 90 Configure ESI hold time to allow tunnel to come up at the time
of VXLAN initialization before making the ESI up. It should be
same on both VTEP1 and VTEP2
(config)#nvo vxlan vtep-ip-global 1.1.1.1 Configure Source vtep-ip-global configuration - Use loopback
IP address
(config)#nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# vni-name VNI-101 Configure VNI name as VNI-101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# vni-name VNI-201 Configure VNI name as VNI-201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan access-if port-vlan po1 Enable port-VLAN mapping i.e. access port to outer-VLAN
10 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vnid 101 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.2222.1010 ip Configure static MAC-IP
11.11.11.51
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan po1 Enable port-VLAN mapping i.e. access port to outer-VLAN
20 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vnid 201 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.2222.1020 ip Configure static MAC-IP
21.21.21.51
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#exit Exit from configuration mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VTEP2
(Multi-homed group1) - Part of both Multi-homed with po1(MH1).

Generic configuration:

#configure terminal Enter Configure mode.

(config)#evpn vxlan multihoming enable Enable Multihoming, save configs and reboot the board for
multihoming to be effective

© 2024 IP Infusion Inc. Proprietary 177

VXLAN-EVPN with IRB

(Config)#qos enable Enabling QoS

(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Interface and loopback configuration:

(config)#interface po1 Enter Interface mode for po1 (MH2)

(config-if)#switchport Make it L2 interface
(config-if)# evpn multi-homed system-mac Configure system MAC as ESI value for Lag (po1) interface.
0000.0000.2222 VTEP1 and VTEP2 should have same ESI value
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe8 Enter Interface mode for xe2
(config-if)#channel-group 1 mode active Make it member port of po1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe9 Enter Interface mode for xe3
(config-if)#channel-group 1 mode active Make it member port of po1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 2.2.2.2/32 secondary Configure loopback IP address as 2.2.2.2 for VTEP2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po3 Enter Interface mode for po3
(config-if)#switchport Configure po3 as L2 interface
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe27 Enter Interface mode for xe27
(config-if)#channel-group 3 mode active Make it member port of po3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe28 Enter Interface mode for xe28
(config-if)#channel-group 3 mode active Make it member port of po3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)# bridge 1 protocol rstp vlan-bridge Configure bridge 1
(config)# vlan database Enter into VLAN database mode
(config)#vlan 2 bridge 1 state enable Configure VLAN 2 as part of bridge 1
(config)#interface po3 Enter Interface mode for po3
(config-if)# bridge-group 1 Configure bridge 1 for po3
(config-if)# switchport mode trunk Switchport mode as trunk
(config-if)# switchport trunk allowed vlan Trunk allowed VLAN 2
add 2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface vlan1.2 Enter into SVI port VLAN1.2
(config-if)#ip address 100.12.12.1/24 Configure IP address as 100.12.12.1 on network side of
Spine-P3

© 2024 IP Infusion Inc. Proprietary 178

VXLAN-EVPN with IRB

(config-if)#exit Exit Interface mode and return to Configure mode.

(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 2.2.2.2 Configure router-id as 2.2.2.2 (lo IP address)
(config-router)#network 2.2.2.2/32 area Add 2.2.2.2 (lo IP address) network into area 0
0.0.0.0
(config-router)#network 100.12.12.0/24 area Add 100.12.12.0(Spine-P3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.

BGP configuration:

(Config)#router bgp 5000 Enter into Router BGP mode

(config-router)#bgp router-id 2.2.2.2 Configure router-id as 2.2.2.2 (lo IP address)
(config-router)#neighbor 1.1.1.1 remote-as Specify a VTEP1 loopback IP address and remote-as defined
5000
(config-router)#neighbor 1.1.1.1 update- Configure update as loopback for VTEP1
source lo
(config-router)#neighbor 1.1.1.1 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
(config-router)#neighbor 4.4.4.4 remote-as Specify a VTEP4 loopback IP address and remote-as defined
5000
(config-router)#neighbor 4.4.4.4 update- Configure update as loopback for VTEP4
source lo
(config-router)#neighbor 4.4.4.4 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP4
(config-router)#neighbor 5.5.5.5 remote-as Specify a VTEP5 loopback IP address and remote-as defined
5000
(config-router)#neighbor 5.5.5.5 update- Configure update as loopback for VTEP5
source lo
(config-router)#neighbor 5.5.5.5 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP5
(config-router)#address-family l2vpn evpn Enter into L2VPN EVPN address family mode
(config-router-af)#neighbor 1.1.1.1 activate Activate 1.1.1.1(VTEP1) into L2VPN EVPN address family
mode
(config-router-af)#neighbor 4.4.4.4 activate Activate 4.4.4.4(VTEP4) into L2VPN EVPN address family
mode
(config-router-af)#neighbor 5.5.5.5 activate Activate 5.5.5.5(VTEP5) into L2VPN EVPN address family
mode
(config-router-af)#exit-address-family Exit from L2VPN address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

© 2024 IP Infusion Inc. Proprietary 179

VXLAN-EVPN with IRB

VRF Configuration:

(config)#mac vrf L2VRF1 Create MAC routing/forwarding instance with L2VRF1 name
and enter into VRF mode
(config-vrf)#rd 2.2.2.2:11 Assign RD value
(config-vrf)#description MAC VRF RED Give description to L2VRF1 as RED
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for L2VRF1
(config-vrf)#exit Exit from VRF mode
(config)#mac vrf L2VRF2 Create MAC routing/forwarding instance with L2VRF2 name
and enter into VRF mode
(config-vrf)#rd 2.2.2.2:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export
90.90.90.90:100
(config-vrf)#description MAC VRF BLUE Give description to L2VRF2 as BLUE
(config-vrf)#exit Exit from VRF mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VXLAN configuration:

(config)#nvo vxlan enable Enable VXLAN

(config)#evpn esi hold-time 90 Configure ESI hold time to allow tunnel to come up at the time
of vxlan initialization before making the ESI up.It should be
same on both VTEP1 and VTEP2
(config)#nvo vxlan vtep-ip-global 2.2.2.2 Configure Source vtep-IP-global configuration - Use loopback
IP address
(config)#nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# vni-name VNI-101 Configure VNI name as VNI-101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# vni-name VNI-201 Configure VNI name as VNI-201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan access-if port-vlan po1 Enable port-VLAN mapping i.e. access port to outer-vlan
10 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vnid 101 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.2222.1010 ip Configure static MAC-IP
11.11.11.51
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode

© 2024 IP Infusion Inc. Proprietary 180

VXLAN-EVPN with IRB

(config)#nvo vxlan access-if port-vlan po1 Enable port-VLAN mapping i.e. access port to outer-VLAN
20 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vnid 201 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.2222.1020 ip Configure static MAC-IP
21.21.21.51
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#exit Exit from configuration mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VTEP4
Single Home -SH5.

Generic configuration:

#configure terminal Enter Configure mode.

(Config)#qos enable Enabling qos

Interface and loopback configuration:

(config)#interface sa1 Enter Interface mode for sa1 (SH5)

(config-if)#switchport Make it L2 interface
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 4.4.4.4/32 secondary Configure loopback IP address as 4.4.4.4 for VTEP4
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po4 Enter Interface mode for po4
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe7 Enter Interface mode for xe7
(config-if)#channel-group 4 mode active Make it member port of po4
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe9 Enter Interface mode for xe9
(config-if)#channel-group 4 mode active Make it member port of po4
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po4 Enter L3SI po4.4
(config-if)#ip address 100.14.14.1/24 Configure IP address as 100.14.14.1 on network side of
Spine-P3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

© 2024 IP Infusion Inc. Proprietary 181

VXLAN-EVPN with IRB

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 4.4.4.4 Configure router-id as 4.4.4.4 (lo IP address)
(config-router)#network 4.4.4.4/32 area Add 4.4.4.4 (lo IP address) network into area 0
0.0.0.0
(config-router)#network 100.14.14.0/24 area Add 100.14.14.0(Spine-P3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

BGP configuration:

(Config)#router bgp 5000 Enter into Router BGP mode

(config-router)#bgp router-id 4.4.4.4 Configure router-id as 4.4.4.4 (lo IP address)
(config-router)#neighbor 1.1.1.1 remote-as Specify a VTEP1 loopback IP address and remote-as defined
5000
(config-router)#neighbor 1.1.1.1 update- Configure update as loopback for VTEP1
source lo
(config-router)#neighbor 1.1.1.1 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
(config-router)#neighbor 2.2.2.2 remote-as Specify a VTEP2 loopback IP address and remote-as defined
5000
(config-router)#neighbor 2.2.2.2 update- Configure update as loopback for VTEP2
source lo
(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP2
(config-router)#neighbor 5.5.5.5 remote-as Specify a VTEP5 loopback IP address and remote-as defined
5000
(config-router)#neighbor 5.5.5.5 update- Configure update as loopback for VTEP5
source lo
(config-router)#neighbor 5.5.5.5 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP5
(config-router)#address-family l2vpn evpn Enter into L2VPN EVPN address family mode
(config-router-af)#neighbor 1.1.1.1 activate Activate 1.1.1.1(VTEP1) into L2VPN EVPN address family
mode
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2(VTEP2) into L2VPN EVPN address family
mode
(config-router-af)#neighbor 5.5.5.5 activate Activate 5.5.5.5(VTEP5) into L2VPN EVPN address family
mode
(config-router-af)#exit-address-family Exit from L2VPN address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

© 2024 IP Infusion Inc. Proprietary 182

VXLAN-EVPN with IRB

VRF Configuration:

(config)#mac vrf L2VRF1 Create MAC routing/forwarding instance with L2VRF1 name
and enter into VRF mode
(config-vrf)#rd 4.4.4.4:11 Assign RD value
(config-vrf)#description MAC VRF RED Give description to L2VRF1 as RED
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for L2VRF1
(config-vrf)#exit Exit from VRF mode
(config)#mac vrf L2VRF2 Create MAC routing/forwarding instance with L2VRF2 name
and enter into VRF mode
(config-vrf)#rd 4.4.4.4:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export
90.90.90.90:100
(config-vrf)#description MAC VRF BLUE Give description to L2VRF2 as BLUE
(config-vrf)#exit Exit from VRF mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VXLAN configuration:

(config)#nvo vxlan enable Enable VXLAN

(config)#nvo vxlan vtep-ip-global 4.4.4.4 Configure Source vtep-IP-global configuration. Use loopback
IP address
(config)#nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# vni-name VNI-101 Configure VNI name as VNI-101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# vni-name VNI-201 Configure VNI name as VNI-201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)# nvo vxlan access-if port-vlan sa1 Enable port-VLAN mapping i.e. access port to outer-vlan
20 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vnid 201 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.5555.1020 ip Configure static MAC-IP
21.21.21.101
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode

© 2024 IP Infusion Inc. Proprietary 183

VXLAN-EVPN with IRB

(config)#exit Exit from configuration mode

(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VTEP5
Single Home -SH3

Generic configuration:

#configure terminal Enter Configure mode.

(Config)#qos enable Enabling qos
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Interface and loopback configuration:

(config)#interface xe48 Enter Interface mode for xe48 (SH3)

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 5.5.5.5 Configure router-id as 5.5.5.5 (lo IP address)
(config-router)#network 5.5.5.5/32 area Add 5.5.5.5 (lo IP address) network into area 0
0.0.0.0
(config-router)#network 100.15.15.0/24 area Add 100.15.15.0(Spine-P3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

BGP configuration:

(Config)#router bgp 5000 Enter into Router BGP mode

(config-router)#bgp router-id 5.5.5.5 Configure router-id as 5.5.5.5(lo IP address)

© 2024 IP Infusion Inc. Proprietary 184

VXLAN-EVPN with IRB

(config-router)#neighbor 1.1.1.1 remote-as Specify a VTEP1 loopback IP address and remote-as defined
5000
(config-router)#neighbor 1.1.1.1 update- Configure update as loopback for VTEP1
source lo
(config-router)#neighbor 1.1.1.1 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
(config-router)#neighbor 2.2.2.2 remote-as Specify a VTEP2 loopback IP address and remote-as defined
5000
(config-router)#neighbor 2.2.2.2 update- Configure update as loopback for VTEP2
source lo
(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP2
(config-router)#neighbor 4.4.4.4 remote-as Specify a VTEP4 loopback IP address and remote-as defined
5000
(config-router)#neighbor 4.4.4.4 update- Configure update as loopback for VTEP4
source lo
(config-router)#neighbor 4.4.4.4 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP4
(config-router)#address-family l2vpn evpn Enter into L2VPN EVPN address family mode
(config-router-af)#neighbor 1.1.1.1 activate Activate 1.1.1.1(VTEP1) into L2VPN EVPN address family
mode
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2(VTEP2) into L2VPN EVPN address family
mode
(config-router-af)#neighbor 4.4.4.4 activate Activate 4.4.4.4(VTEP4) into L2VPN EVPN address family
mode
(config-router-af)#exit-address-family Exit from L2VPN address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VRF Configuration:

(config)#mac vrf L2VRF1 Create MAC routing/forwarding instance with L2VRF1 name
and enter into VRF mode
(config-vrf)#rd 5.5.5.5:11 Assign RD value
(config-vrf)#description MAC VRF RED Give description to L2VRF1 as RED
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for L2VRF1
(config-vrf)#exit Exit from VRF mode
(config)#mac vrf L2VRF2 Create MAC routing/forwarding instance with L2VRF2 name
and enter into VRF mode
(config-vrf)#rd 5.5.5.5:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export
90.90.90.90:100
(config-vrf)#description MAC VRF BLUE Give description to L2VRF2 as BLUE
(config-vrf)#exit Exit from VRF mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

© 2024 IP Infusion Inc. Proprietary 185

VXLAN-EVPN with IRB

VXLAN configuration:

(config)#nvo vxlan enable Enable VXLAN

(config)#nvo vxlan vtep-ip-global 5.5.5.5 Configure Source vtep-IP-global configuration. Use loopback
IP address
(config)#nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# vni-name VNI-101 Configure VNI name as VNI-101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# vni-name VNI-201 Configure VNI name as VNI-201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)# nvo vxlan access-if port-vlan xe48 Enable port-VLAN mapping i.e. access port to outer-vlan
10 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vnid 101 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.4444.1010 ip Configure static MAC-IP
11.11.11.201
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#exit Exit from configuration mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Switch1 (MH2)
Multihomed to 2-VTEPs (VTEP1 and VTEP2). It acts as Tenant system for VLAN1.20.

#configure terminal Enter Configure mode.

(config)# bridge 1 protocol rstp vlan-bridge Configure RSTP VLAN bridge
(config)# vlan database Enter into VLAN database mode
(config)#vlan 2-20 bridge 1 state enable Configure VLANs from 2-20 and associate with bridge 1
(config)#interface xe7 Enter Interface mode for xe7
(config-if)#switchport Make as L2 port by configuring switchport
(config-if)#bridge-group 1 Associate bridge 1 into interface
(config-if)# bridge-group 1 spanning-tree Configure interface as STP disable
disable
(config-if)# switchport mode trunk Mode as trunk
(config-if)# switchport trunk allowed vlan Trunk allowed VLAN as 2.10.20
add 2,10,20
(config-if)#switchport trunk native vlan 2 Native VLAN as 2

© 2024 IP Infusion Inc. Proprietary 186

VXLAN-EVPN with IRB

(config-if)#exit Exit Interface mode and return to Configure mode.

(config)#interface po1 Enter Interface mode for po1
(config-if)#switchport Make po1 as L2 port by configuring switchport
(config-if)#bridge-group 1 Associate po1 to bridge 1
(config-if)# bridge-group 1 spanning-tree Configure po1 as STP disable
disable
(config-if)# switchport mode trunk Mode as trunk
(config-if)# switchport trunk allowed vlan Trunk allowed VLAN as 2.10.20
add 2,10,20
(config-if)#switchport trunk native vlan 2 Native VLAN as 2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe3 Enter Interface mode for xe3
(config-if)#channel-group 1 mode active Make it member port of po1
(config)#interface xe4 Enter Interface mode for xe4
(config-if)#channel-group 1 mode active Make it member port of po1
(config)#exit Exit from configuration mode
(config)#interface xe9 Enter Interface mode for xe9
(config-if)#channel-group 1 mode active Make it member port of po1
(config)#interface xe10 Enter Interface mode for xe10
(config-if)#channel-group 1 mode active Make it member port of po1
(config)#exit Exit from configuration mode
(config)#interface vlan1.20 Enter Interface mode for VLAN1.20
(config-if)# ip address 21.21.21.2/24 Configure IP address
(config-if)#ipv6 address 21:21::21:2/48 Configure IPv6 address
(config)#exit Exit from configuration mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Switch2 (SH5)

#configure terminal Enter Configure mode.

(config)# bridge 1 protocol rstp vlan-bridge Configure RSTP VLAN bridge
(config)# vlan database
(config)#vlan 2-20 bridge 1 state enable Configure VLANs from 2-20 and associate with bridge 1
(config)#interface xe22 Enter Interface mode for xe22
(config-if)#switchport Make xe22 as L2 port by configuring switchport
(config-if)#bridge-group 1 Associate xe22 to bridge 1
(config-if)# bridge-group 1 spanning-tree Configure xe22 as STP disable
disable
(config-if)# switchport mode trunk Mode as trunk
(config-if)# switchport trunk allowed vlan Trunk allowed VLAN as 6,.10 &.20
add 6,10,20
(config-if)#switchport trunk native vlan 6 Native VLAN as 6

© 2024 IP Infusion Inc. Proprietary 187

VXLAN-EVPN with IRB

(config-if)#exit Exit Interface mode and return to Configure mode.

(config)#interface sa1 Enter Interface mode for sa11
(config-if)#switchport Make sa1 as L2 port by configuring switchport
(config-if)#bridge-group 1 Associate sa1 to bridge 1
(config-if)# bridge-group 1 spanning-tree Configure sa1 as STP disable
disable
(config-if)# switchport mode trunk Mode as trunk
(config-if)# switchport trunk allowed vlan Trunk allowed VLAN as 2,.10.& 20
add 6,10,20
(config-if)#switchport trunk native vlan 6 Native VLAN as 6
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe3 Enter Interface mode for xe3
(config-if)# static-channel-group 1 Make it member port of sa1
(config)#interface xe4 Enter Interface mode for xe4
(config-if)# static-channel-group 1 Make it member port of sa1
(config)#exit Exit from configuration mode
(config)#interface vlan1.20 Enter Interface mode for VLAN1.20
(config-if)# ip address 21.21.21.3/24 Configure IP address
(config-if)#ipv6 address 21:21::21:3/48 Configure IPv6 address
(config)#exit Exit from configuration mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Spine-P3
Spine node where all VTEPs are connected.

Generic configuration:

#configure terminal Enter Configure mode.

(Config)#qos enable Enabling qos
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Interface and loopback configuration:

(config)#interface lo Enter Interface mode for lo

(config-if)#ip address 100.100.100.100/32 Configure loopback IP address as 100.100.100.100 for Spine-
secondary P3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po2 Enter Interface mode for po2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe25 Enter Interface mode for xe25
(config-if)#channel-group 2 mode active Make it member port of po2
(config-if)#exit Exit Interface mode and return to Configure mode.

© 2024 IP Infusion Inc. Proprietary 188

VXLAN-EVPN with IRB

(config)#interface xe26 Enter Interface mode for xe26

(config-if)#channel-group 2 mode active Make it member port of po3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po2 Enter Interface mode for po2
(config-if)#ip address 100.11.11.2/24 Configure IP address as 100.11.11.2 on network side of
VTEP1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po3 Enter Interface mode for po3
(config)#i switchport Configure po3 as L2 interface
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe27 Enter Interface mode for xe27
(config-if)#channel-group 3 mode active Make it member port of po3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe28 Enter Interface mode for xe28
(config-if)#channel-group 3 mode active Make it member port of po3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)# bridge 1 protocol rstp vlan-bridge Configure bridge 1
(config)# vlan database Enter into VLAN database mode
(config)#vlan 2 bridge 1 state enable Configure VLAN 2 as part of bridge 1
(config)#interface po3 Enter Interface mode for po3
(config-if)# bridge-group 1 Configure bridge 1 for po3
(config-if)# switchport mode trunk Switchport mode as trunk
(config-if)# switchport trunk allowed vlan Trunk allowed VLAN 2
add 2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface vlan1.2 Enter into SVI port VLAN1.2
(config-if)#ip address 100.12.12.2/24 Configure IP address as 100.12.12.2 on network side of
VTEP2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po4 Enter Interface mode for po4
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe7 Enter Interface mode for xe7
(config-if)#channel-group 4 mode active Make it member port of po4
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe9 Enter Interface mode for xe9
(config-if)#channel-group 4 mode active Make it member port of po4
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po4 Enter L3SI po4.4
(config-if)#ip address 100.14.14.2/24 Configure IP address as 100.14.14.12 on network side of
VTEP4
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe40 Enter interface mode

© 2024 IP Infusion Inc. Proprietary 189

VXLAN-EVPN with IRB

(config-if)#ip address 100.15.15.1/24 Configure IP address as 100.15.15.1 on network side of

VTEP5
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id Configure router-id as 100.100.100.100 (lo IP address)
100.100.100.100
(config-router)#network 100.100.100.100/32 Add 100.100.100.100 (lo IP address) network into area 0
area 0.0.0.0
(config-router)#network 100.11.11.0/24 area Add 100.11.11.0 (VTEP1) network into area 0
0.0.0.0
(config-router)#network 100.12.12.0/24 area Add 100.12.12.0 (VTEP2) network into area 0
0.0.0.0
(config-router)#network 100.14.14.0/24 area Add 100.14.14.0 (VTEP4) network into area 0
0.0.0.0
(config-router)#network 100.15.15.0/24 area Add 100.15.15.0 (VTEP5) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Centralized Gateway
In Centralized gateway approach, when two TS belonging to two different subnets connected to the same/different
VTEP node, wanted to communicate with each other, their traffic needed to be back hauled from the VTEP node to the
centralized gateway node where inter- subnet switching is performed and then back to the VTEP node.

IRB Configuration for Centralized Gateway

Configure from Base Configuration-L2 VXLAN section, then configure below commands for centralized gateway
approach.

VTEP5

(config)#nvo vxlan irb Enable VXLAN IRB

© 2024 IP Infusion Inc. Proprietary 190

VXLAN-EVPN with IRB

(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1

(config-vrf)#exit Exit from VRF mode
(config)# interface irb1001 Configure IRB interface 1001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#ip address 11.11.11.1/24 Configure IP address
(config-if)#ipv6 address 11:11::11:1/48 Configure IPv6 address
(config-if)#exit Exit from interface config mode
(config)# interface irb2001 Configure IRB interface 2001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#ip address 21.21.21.1/24 Configure IP address
(config-if)#ipv6 address 21:21::21:1/48 Configure IPv6 address
(config-if)#exit Exit from interface config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board
(config)#router bgp 5000 Enter into BGP router mode
(config-router)#address-family ipv4 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit from address-family
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure IRB1001 under VXLAN ID 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure IRB2001 under VXLAN ID 201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Validation
VTEP5
TB2-VTEP5#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
5.5.5.5 2.2.2.2 Installed 00:26:30 00:26:30
5.5.5.5 4.4.4.4 Installed 00:26:30 00:26:30
5.5.5.5 1.1.1.1 Installed 00:26:30 00:26:30

Total number of entries are 3

© 2024 IP Infusion Inc. Proprietary 191

VXLAN-EVPN with IRB

TB2-VTEP5#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

Total number of entries are 7

TB2-VTEP5#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
201 21.21.21.51 0000.2222.1020 Static Remote ----
201 21.21.21.1 3c2c.99d6.167a Static Local ----
201 21.21.21.101 0000.4444.1020 Static Remote ----
101 11.11.11.51 0000.2222.1010 Static Remote ----
101 11.11.11.1 3c2c.99d6.167a Static Local ----
101 11.11.11.201 0000.5555.1010 Static Local ----
Total number of entries are 6
TB2-VTEP5#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________________________________
201 21:21::21:1 3c2c.99d6.167a Static Local ----
101 11:11::11:1 3c2c.99d6.167a Static Local ----
Total number of entries are 2
TB2-VTEP5#show nvo vxlan l3vni-map
L3VNI L2VNI IRB-interface
===================================
1000 101 irb1001
1000 201 irb2001

TB2-VTEP5#show ip route vrf L3VRF1

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "L3VRF1"

C 11.11.11.0/24 is directly connected, irb1001, 00:27:00
C 21.21.21.0/24 is directly connected, irb2001, 00:26:58
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:32:53

Gateway of last resort is not set

TB2-VTEP5#show ipv6 route vrf L3VRF1
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, E - EVPN N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, i - IS-IS, B - BGP
Timers: Uptime

IP Route Table for VRF "L3VRF1"

C ::1/128 via ::, lo.L3VRF1, 00:32:53
C 11:11::/48 via ::, irb1001, 00:27:00
C 21:21::/48 via ::, irb2001, 00:26:58

© 2024 IP Infusion Inc. Proprietary 192

VXLAN-EVPN with IRB

C fe80::/64 via ::, irb2001, 00:04:38

TB2-VTEP5#show ip route summary

-----------------------------------------------
IP routing table name is Default-IP-Routing-Table(0)
-----------------------------------------------
IP routing table maximum-paths : 8
Total number of IPv4 routes : 12
Total number of IPv4 paths : 12
Pending routes (due to route max reached): 0
Route Source Networks
connected 3
ospf 9
Total 12
FIB 12

ECMP statistics (active in ASIC):

Total number of IPv4 ECMP routes : 0
Total number of IPv4 ECMP paths : 0
TB2-VTEP5#show ipv6 route summary

-----------------------------------------------
IPv6 routing table name is Default-IPv6-Routing-Table(0)
-----------------------------------------------
IPv6 routing table maximum-paths : 8
Total number of IPv6 routes : 2
Total number of IPv6 paths : 2
Pending routes (due to route max reached): 0
Route Source Networks
connected 2
Total 2
FIB 2

ECMP statistics (active in ASIC):

Total number of IPv6 ECMP routes : 0
Total number of IPv6 ECMP paths : 0
TB2-VTEP5#show bgp l2vpn evpn
BGP table version is 11, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer Encap

RD[1.1.1.1:1]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [4]:[00:00:00:00:00:22:22:00:00:00]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[1.1.1.1:11]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[101]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[1.1.1.1:21]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[201]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[00:00:00:00:00:22:22:00:00:00]:[201]:[48,0000:2222:1020]:[32,21.21.21.51]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [3]:[201]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

© 2024 IP Infusion Inc. Proprietary 193

VXLAN-EVPN with IRB

RD[2.2.2.2:1]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [4]:[00:00:00:00:00:22:22:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[2.2.2.2:11]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[101]:[101]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [3]:[101]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[2.2.2.2:21]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[201]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [2]:[00:00:00:00:00:22:22:00:00:00]:[201]:[48,0000:2222:1020]:[32,21.21.21.51]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [3]:[201]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[4.4.4.4:11]
*>i [3]:[101]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

RD[4.4.4.4:21]
*>i [2]:[0]:[201]:[48,0000:4444:1020]:[32,21.21.21.101]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [3]:[201]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

RD[5.5.5.5:11] VRF[L2VRF1]:
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[101]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[101]:[48,0000:5555:1010]:[32,11.11.11.201]:[101]
5.5.5.5 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[101]:[48,3c2c:99d6:167a]:[32,11.11.11.1]:[101]
5.5.5.5 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[101]:[48,3c2c:99d6:167a]:[128,11:11::11:1]:[101]
5.5.5.5 0 100 32768 i ---------- VXLAN
* i [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [3]:[101]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [3]:[101]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*> [3]:[101]:[32,5.5.5.5]
5.5.5.5 0 100 32768 i ---------- VXLAN

© 2024 IP Infusion Inc. Proprietary 194

VXLAN-EVPN with IRB

* i [3]:[201]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [3]:[201]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [3]:[201]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*> [3]:[201]:[32,5.5.5.5]
5.5.5.5 0 100 32768 i ---------- VXLAN

Total number of prefixes 39

TB2-VTEP5#

Anycast Gateway
For today's large multi-tenant data center, centralized L3 gateway scheme is very inefficient and sometimes
impractical. In order to overcome the drawback of centralized L3GW approach, anycast mode is used.
In Anycast gateway approach, all the VTEPs acts as default gateway for all the VNIDs. We will configure same anycast
MAC in all VTEPs.

IRB Configuration for Anycast

Configure from Base Configuration-L2 VXLAN section, then configure below commands for Anycast gateway
approach.

VTEP1

(config)#nvo vxlan irb Enable VXLAN IRB

(config)#commit Commit the candidate configuration to running configuration
and save config and reload board
(config)#ip vrf L3VRF1 Create MAC routing/forwarding instance with L3VRF1 name
and enter into VRF mode
(config-vrf)#rd 11000:11 Assign RD value
(config-vrf)# route-target both 100:100 Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1
(config-vrf)#exit Exit from VRF mode
(config)# evpn irb-forwarding anycast- Configure anycast MAC address
gateway-mac 0000.0000.1111
(config)# interface irb1001 Configure IRB interface 1001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#ip address 11.11.11.1/24 anycast Configure IP address
(config-if)#ipv6 address 11:11::11:1/48 Configure IPv6 address
(config-if)#evpn irb-if-forwarding anycast- Configure anycast MAC address
gateway-mac
(config-if)#exit Exit from interface config mode
(config)#interface irb2001 Configure IRB interface 2001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#ip address 21.21.21.1/24 anycast Configure IP address
(config-if)#ipv6 address 21:21::21:1/48 Configure IPv6 address

© 2024 IP Infusion Inc. Proprietary 195

VXLAN-EVPN with IRB

(config-if)#evpn irb-if-forwarding anycast- Configure anycast MAC address

gateway-mac
(config-if)#exit Exit from interface config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board
(config)#router bgp 5000 Enter into BGP router mode
(config-router)#address-family ipv4 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit from address-family
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure IRB1001 under VXLAN ID 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure IRB2001 under VXLAN ID 201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VTEP2

(config)#nvo vxlan irb Enable VXLAN IRB

© 2024 IP Infusion Inc. Proprietary 196

VXLAN-EVPN with IRB

(config-if)#exit Exit from interface config mode

(config)#commit Commit the candidate configuration to running configuration
and save config and reload board
(config)#interface irb2001 Configure IRB interface 2001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#ip address 21.21.21.1/24 anycast Configure IP address
(config-if)#ipv6 address 21:21::21:1/48 Configure IPv6 address
(config-if)#evpn irb-if-forwarding anycast- Configure anycast MAC address
gateway-mac
(config-if)#exit Exit from interface config mode
(config)#router bgp 5000 Enter into BGP router mode
(config-router)#address-family ipv4 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit from address-family
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure IRB1001 under VXLAN ID 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure IRB2001 under VXLAN ID 201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VTEP4

(config)#nvo vxlan irb Enable VXLAN IRB

© 2024 IP Infusion Inc. Proprietary 197

VXLAN-EVPN with IRB

(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1

(config-if)#ip address 11.11.11.1/24 anycast Configure IP address
(config-if)#ipv6 address 11:11::11:1/48 Configure IPv6 address
(config-if)#evpn irb-if-forwarding anycast- Configure anycast MAC address
gateway-mac
(config-if)#exit Exit from interface config mode
(config)#interface irb2001 Configure IRB interface 2001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#ip address 21.21.21.1/24 anycast Configure IP address
(config-if)#ipv6 address 21:21::21:1/48 Configure IPv6 address
(config-if)#evpn irb-if-forwarding anycast- Configure anycast MAC address
gateway-mac
(config-if)#exit Exit from interface config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board
(config)#router bgp 5000 Enter into BGP router mode
(config-router)#address-family ipv4 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit from address-family
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure IRB1001 under VXLAN ID 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure IRB2001 under VXLAN ID 201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VTEP5

(config)#nvo vxlan irb Enable VXLAN IRB

(config)#ip vrf L3VRF1 Create MAC routing/forwarding instance with L3VRF1 name
and enter into VRF mode
(config-vrf)#rd 51000:11 Assign RD value
(config-vrf)# route-target both 100:100 Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1
(config-vrf)#exit Exit from VRF mode

© 2024 IP Infusion Inc. Proprietary 198

VXLAN-EVPN with IRB

(config)# evpn irb-forwarding anycast- Configure anycast MAC address

gateway-mac 0000.0000.1111
(config)# interface irb1001 Configure IRB interface 1001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#ip address 11.11.11.1/24 anycast Configure IP address
(config-if)#ipv6 address 11:11::11:1/48 Configure IPv6 address
(config-if)#evpn irb-if-forwarding anycast- Configure anycast MAC address
gateway-mac
(config-if)#exit Exit from interface config mode
(config)#interface irb2001 Configure IRB interface 2001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#ip address 21.21.21.1/24 anycast Configure IP address
(config-if)#ipv6 address 21:21::21:1/48 Configure IPv6 address
(config-if) evpn irb-if-forwarding anycast- Configure anycast MAC address
gateway-mac
(config-if)#exit Exit from interface config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board
(config)#router bgp 5000 Enter into BGP router mode
(config-router)#address-family ipv4 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit from address-family
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure IRB1001 under VXLAN ID 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure IRB2001 under VXLAN ID 201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Validations
VTEP1
TB2-VTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================

© 2024 IP Infusion Inc. Proprietary 199

VXLAN-EVPN with IRB

1.1.1.1 5.5.5.5 Installed 00:13:05 00:13:05

1.1.1.1 4.4.4.4 Installed 00:18:33 00:18:33
1.1.1.1 2.2.2.2 Installed 00:18:34 00:18:34

Total number of entries are 3

TB2-VTEP1#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
____________________________________________________________________________________________________________________________
___
101 VNI-101 L2 NW ---- ---- ---- ---- 1.1.1.1 5.5.5.5
101 VNI-101 L2 NW ---- ---- ---- ---- 1.1.1.1 4.4.4.4
101 VNI-101 L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
101 VNI-101 -- AC po1 00:00:00:00:00:22:22:00:00:00 10 DF ---- ----
201 VNI-201 L2 NW ---- ---- ---- ---- 1.1.1.1 5.5.5.5
201 VNI-201 L2 NW ---- ---- ---- ---- 1.1.1.1 4.4.4.4
201 VNI-201 L2 NW ---- ---- ---- ---- 1.1.1.1 2.2.2.2
201 VNI-201 -- AC po1 00:00:00:00:00:22:22:00:00:00 20 DF ---- ----

Total number of entries are 8

TB2-VTEP1#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
201 21.21.21.51 0000.2222.1020 Static Local ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.101 0000.4444.1020 Static Remote ----
101 11.11.11.51 0000.2222.1010 Static Local ----
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.201 0000.5555.1010 Static Remote ----
Total number of entries are 6
TB2-VTEP1#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________________________________
201 21:21::21:1 0000.0000.1111 Static Local ----
101 11:11::11:1 0000.0000.1111 Static Local ----
Total number of entries are 2
TB2-VTEP1#show nvo vxlan l3vni-map
L3VNI L2VNI IRB-interface
===================================
1000 101 irb1001
1000 201 irb2001

TB2-VTEP1#show ip route vrf L3VRF1

IP Route Table for VRF "L3VRF1"

C 11.11.11.0/24 is directly connected, irb1001, 00:19:26
C 21.21.21.0/24 is directly connected, irb2001, 00:19:26
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:19:28

Gateway of last resort is not set

TB2-VTEP1#show ipv6 route vrf L3VRF1
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, E - EVPN N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, i - IS-IS, B - BGP

© 2024 IP Infusion Inc. Proprietary 200

VXLAN-EVPN with IRB

Timers: Uptime

IP Route Table for VRF "L3VRF1"

C ::1/128 via ::, lo.L3VRF1, 00:19:28
C 11:11::/48 via ::, irb1001, 00:19:26
C 21:21::/48 via ::, irb2001, 00:19:26
C fe80::/64 via ::, irb2001, 00:19:25
TB2-VTEP1#show ip route summary

ECMP statistics (active in ASIC):

Total number of IPv4 ECMP routes : 0
Total number of IPv4 ECMP paths : 0
TB2-VTEP1#show ipv6 route summary

ECMP statistics (active in ASIC):

Total number of IPv6 ECMP routes : 0
Total number of IPv6 ECMP paths : 0
TB2-VTEP1#show bgp l2vpn evpn
BGP table version is 6, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer Encap

RD[21000:11]
*>i [5]:[0]:[1000]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
2.2.2.2 0 100 0 ? 2.2.2.2 VXLAN
*>i [5]:[0]:[1000]:[24]:[21.21.21.0]:[0.0.0.0]:[1000]
2.2.2.2 0 100 0 ? 2.2.2.2 VXLAN

RD[41000:11]
*>i [5]:[0]:[1000]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
4.4.4.4 0 100 0 ? 4.4.4.4 VXLAN
*>i [5]:[0]:[1000]:[24]:[21.21.21.0]:[0.0.0.0]:[1000]
4.4.4.4 0 100 0 ? 4.4.4.4 VXLAN

RD[51000:11]
*>i [5]:[0]:[1000]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
5.5.5.5 0 100 0 ? 5.5.5.5 VXLAN
*>i [5]:[0]:[1000]:[24]:[21.21.21.0]:[0.0.0.0]:[1000]

© 2024 IP Infusion Inc. Proprietary 201

VXLAN-EVPN with IRB

5.5.5.5 0 100 0 ? 5.5.5.5 VXLAN

RD[1.1.1.1:1] VRF[evpn-gvrf-1]:
*> [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 32768 i ---------- VXLAN
*> [4]:[00:00:00:00:00:22:22:00:00:00]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i ---------- VXLAN
* i [4]:[00:00:00:00:00:22:22:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[1.1.1.1:11] VRF[L2VRF1]:
*> [1]:[00:00:00:00:00:22:22:00:00:00]:[101]:[101]
1.1.1.1 0 100 32768 i ---------- VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[0]:[101]:[48,0000:0000:1111]:[32,11.11.11.1]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> 1.1.1.1 0 100 32768 i ---------- VXLAN
* i [2]:[0]:[101]:[48,0000:0000:1111]:[128,11:11::11:1]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> 1.1.1.1 0 100 32768 i ---------- VXLAN
*> [2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]
1.1.1.1 0 100 32768 i ---------- VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[0]:[101]:[48,0000:5555:1010]:[32,11.11.11.201]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*> [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i ---------- VXLAN
* i [3]:[101]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [3]:[101]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i [3]:[101]:[32,5.5.5.5]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN

RD[1.1.1.1:21] VRF[L2VRF2]:
*> [1]:[00:00:00:00:00:22:22:00:00:00]:[201]:[201]
1.1.1.1 0 100 32768 i ---------- VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[0]:[201]:[48,0000:0000:1111]:[32,21.21.21.1]:[201]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> 1.1.1.1 0 100 32768 i ---------- VXLAN
* i [2]:[0]:[201]:[48,0000:0000:1111]:[128,21:21::21:1]:[201]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> 1.1.1.1 0 100 32768 i ---------- VXLAN
*> [2]:[00:00:00:00:00:22:22:00:00:00]:[201]:[48,0000:2222:1020]:[32,21.21.21.51]:[201]
1.1.1.1 0 100 32768 i ---------- VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[0]:[201]:[48,0000:4444:1020]:[32,21.21.21.101]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*> [3]:[201]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i ---------- VXLAN
* i [3]:[201]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [3]:[201]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i [3]:[201]:[32,5.5.5.5]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN

RD[2.2.2.2:1]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

© 2024 IP Infusion Inc. Proprietary 202

VXLAN-EVPN with IRB

*>i [4]:[00:00:00:00:00:22:22:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[2.2.2.2:11]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[101]:[101]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [2]:[0]:[101]:[48,0000:0000:1111]:[32,11.11.11.1]:[101]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [2]:[0]:[101]:[48,0000:0000:1111]:[128,11:11::11:1]:[101]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [3]:[101]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[2.2.2.2:21]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[201]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [2]:[0]:[201]:[48,0000:0000:1111]:[32,21.21.21.1]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [2]:[0]:[201]:[48,0000:0000:1111]:[128,21:21::21:1]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [2]:[00:00:00:00:00:22:22:00:00:00]:[201]:[48,0000:2222:1020]:[32,21.21.21.51]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [3]:[201]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[4.4.4.4:11]
*>i [2]:[0]:[101]:[48,0000:0000:1111]:[32,11.11.11.1]:[101]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [2]:[0]:[101]:[48,0000:0000:1111]:[128,11:11::11:1]:[101]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [3]:[101]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

RD[4.4.4.4:21]
*>i [2]:[0]:[201]:[48,0000:0000:1111]:[32,21.21.21.1]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [2]:[0]:[201]:[48,0000:0000:1111]:[128,21:21::21:1]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [2]:[0]:[201]:[48,0000:4444:1020]:[32,21.21.21.101]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [3]:[201]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

RD[5.5.5.5:11]
*>i [2]:[0]:[101]:[48,0000:0000:1111]:[32,11.11.11.1]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*>i [2]:[0]:[101]:[48,0000:0000:1111]:[128,11:11::11:1]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*>i [2]:[0]:[101]:[48,0000:5555:1010]:[32,11.11.11.201]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*>i [3]:[101]:[32,5.5.5.5]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN

RD[5.5.5.5:21]
*>i [2]:[0]:[201]:[48,0000:0000:1111]:[32,21.21.21.1]:[201]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*>i [2]:[0]:[201]:[48,0000:0000:1111]:[128,21:21::21:1]:[201]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*>i [3]:[201]:[32,5.5.5.5]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN

Total number of prefixes 55

TB2-VTEP1#

TB2-VTEP2#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
2.2.2.2 4.4.4.4 Installed 00:18:42 00:18:42
2.2.2.2 1.1.1.1 Installed 00:18:43 00:18:43

© 2024 IP Infusion Inc. Proprietary 203

VXLAN-EVPN with IRB

2.2.2.2 5.5.5.5 Installed 00:13:14 00:13:14

Total number of entries are 3

TB2-VTEP2#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
____________________________________________________________________________________________________________________________
___
101 VNI-101 L2 NW ---- ---- ---- ---- 2.2.2.2 4.4.4.4
101 VNI-101 L2 NW ---- ---- ---- ---- 2.2.2.2 1.1.1.1
101 VNI-101 L2 NW ---- ---- ---- ---- 2.2.2.2 5.5.5.5
101 VNI-101 -- AC po1 00:00:00:00:00:22:22:00:00:00 10 NON-DF ---- ----
201 VNI-201 L2 NW ---- ---- ---- ---- 2.2.2.2 4.4.4.4
201 VNI-201 L2 NW ---- ---- ---- ---- 2.2.2.2 1.1.1.1
201 VNI-201 L2 NW ---- ---- ---- ---- 2.2.2.2 5.5.5.5
201 VNI-201 -- AC po1 00:00:00:00:00:22:22:00:00:00 20 NON-DF ---- ----

Total number of entries are 8

TB2-VTEP2#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
201 21.21.21.51 0000.2222.1020 Static Local ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.101 0000.4444.1020 Static Remote ----
101 11.11.11.51 0000.2222.1010 Static Local ----
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.201 0000.5555.1010 Static Remote ----
Total number of entries are 6
TB2-VTEP2#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________________________________
201 21:21::21:1 0000.0000.1111 Static Local ----
101 11:11::11:1 0000.0000.1111 Static Local ----
Total number of entries are 2
TB2-VTEP2#show nvo vxlan l3vni-map
L3VNI L2VNI IRB-interface
===================================
1000 101 irb1001
1000 201 irb2001

TB2-VTEP2#show ip route vrf L3VRF1

IP Route Table for VRF "L3VRF1"

C 11.11.11.0/24 is directly connected, irb1001, 00:19:37
C 21.21.21.0/24 is directly connected, irb2001, 00:19:37
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:19:40

Gateway of last resort is not set

TB2-VTEP2#show ipv6 route vrf L3VRF1
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, E - EVPN N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, i - IS-IS, B - BGP
Timers: Uptime

© 2024 IP Infusion Inc. Proprietary 204

VXLAN-EVPN with IRB

IP Route Table for VRF "L3VRF1"

C ::1/128 via ::, lo.L3VRF1, 00:19:40
C 11:11::/48 via ::, irb1001, 00:19:37
C 21:21::/48 via ::, irb2001, 00:19:37
C fe80::/64 via ::, irb2001, 00:19:36
TB2-VTEP2#show ip route summary

ECMP statistics (active in ASIC):

Total number of IPv4 ECMP routes : 0
Total number of IPv4 ECMP paths : 0
TB2-VTEP2#show ipv6 route summary

ECMP statistics (active in ASIC):

Total number of IPv6 ECMP routes : 0
Total number of IPv6 ECMP paths : 0
TB2-VTEP2#show bgp l2vpn evpn
BGP table version is 6, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer Encap

RD[11000:11]
*>i[5]:[0]:[1000]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
1.1.1.1 0 100 0 ? 1.1.1.1 VXLAN
*>i[5]:[0]:[1000]:[24]:[21.21.21.0]:[0.0.0.0]:[1000]
1.1.1.1 0 100 0 ? 1.1.1.1 VXLAN

RD[41000:11]
*>i[5]:[0]:[1000]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
4.4.4.4 0 100 0 ? 4.4.4.4 VXLAN
*>i[5]:[0]:[1000]:[24]:[21.21.21.0]:[0.0.0.0]:[1000]
4.4.4.4 0 100 0 ? 4.4.4.4 VXLAN

RD[51000:11]
*>i[5]:[0]:[1000]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
5.5.5.5 0 100 0 ? 5.5.5.5 VXLAN
*>i[5]:[0]:[1000]:[24]:[21.21.21.0]:[0.0.0.0]:[1000]
5.5.5.5 0 100 0 ? 5.5.5.5 VXLAN

© 2024 IP Infusion Inc. Proprietary 205

VXLAN-EVPN with IRB

RD[1.1.1.1:1]
*>i[1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i[4]:[00:00:00:00:00:22:22:00:00:00]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[1.1.1.1:11]
*>i[1]:[00:00:00:00:00:22:22:00:00:00]:[101]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i[2]:[0]:[101]:[48,0000:0000:1111]:[32,11.11.11.1]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i[2]:[0]:[101]:[48,0000:0000:1111]:[128,11:11::11:1]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i[2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i[3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[1.1.1.1:21]
*>i[1]:[00:00:00:00:00:22:22:00:00:00]:[201]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i[2]:[0]:[201]:[48,0000:0000:1111]:[32,21.21.21.1]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i[2]:[0]:[201]:[48,0000:0000:1111]:[128,21:21::21:1]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i[2]:[00:00:00:00:00:22:22:00:00:00]:[201]:[48,0000:2222:1020]:[32,21.21.21.51]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i[3]:[201]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[2.2.2.2:1] VRF[evpn-gvrf-1]:
*> [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 32768 i ---------- VXLAN
* i[4]:[00:00:00:00:00:22:22:00:00:00]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [4]:[00:00:00:00:00:22:22:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 32768 i ---------- VXLAN

RD[2.2.2.2:11] VRF[L2VRF1]:
* i[1]:[00:00:00:00:00:22:22:00:00:00]:[101]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> 2.2.2.2 0 100 32768 i ---------- VXLAN
* i[1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i[2]:[0]:[101]:[48,0000:0000:1111]:[32,11.11.11.1]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> 2.2.2.2 0 100 32768 i ---------- VXLAN
* i[2]:[0]:[101]:[48,0000:0000:1111]:[128,11:11::11:1]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> 2.2.2.2 0 100 32768 i ---------- VXLAN
* i[2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> 2.2.2.2 0 100 32768 i ---------- VXLAN
* i[2]:[0]:[101]:[48,0000:5555:1010]:[32,11.11.11.201]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i[3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [3]:[101]:[32,2.2.2.2]
2.2.2.2 0 100 32768 i ---------- VXLAN
* i[3]:[101]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i[3]:[101]:[32,5.5.5.5]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN

RD[2.2.2.2:21] VRF[L2VRF2]:
* i[1]:[00:00:00:00:00:22:22:00:00:00]:[201]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> 2.2.2.2 0 100 32768 i ---------- VXLAN
* i[1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]

© 2024 IP Infusion Inc. Proprietary 206

VXLAN-EVPN with IRB

1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

* i[2]:[0]:[201]:[48,0000:0000:1111]:[32,21.21.21.1]:[201]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> 2.2.2.2 0 100 32768 i ---------- VXLAN
* i[2]:[0]:[201]:[48,0000:0000:1111]:[128,21:21::21:1]:[201]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> 2.2.2.2 0 100 32768 i ---------- VXLAN
* i[2]:[00:00:00:00:00:22:22:00:00:00]:[201]:[48,0000:2222:1020]:[32,21.21.21.51]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> 2.2.2.2 0 100 32768 i ---------- VXLAN
* i[2]:[0]:[201]:[48,0000:4444:1020]:[32,21.21.21.101]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i[3]:[201]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [3]:[201]:[32,2.2.2.2]
2.2.2.2 0 100 32768 i ---------- VXLAN
* i[3]:[201]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i[3]:[201]:[32,5.5.5.5]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN

RD[4.4.4.4:11]
*>i[2]:[0]:[101]:[48,0000:0000:1111]:[32,11.11.11.1]:[101]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i[2]:[0]:[101]:[48,0000:0000:1111]:[128,11:11::11:1]:[101]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i[3]:[101]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

RD[4.4.4.4:21]
*>i[2]:[0]:[201]:[48,0000:0000:1111]:[32,21.21.21.1]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i[2]:[0]:[201]:[48,0000:0000:1111]:[128,21:21::21:1]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i[2]:[0]:[201]:[48,0000:4444:1020]:[32,21.21.21.101]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i[3]:[201]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

RD[5.5.5.5:11]
*>i[2]:[0]:[101]:[48,0000:0000:1111]:[32,11.11.11.1]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*>i[2]:[0]:[101]:[48,0000:0000:1111]:[128,11:11::11:1]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*>i[2]:[0]:[101]:[48,0000:5555:1010]:[32,11.11.11.201]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*>i[3]:[101]:[32,5.5.5.5]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN

RD[5.5.5.5:21]
*>i[2]:[0]:[201]:[48,0000:0000:1111]:[32,21.21.21.1]:[201]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*>i[2]:[0]:[201]:[48,0000:0000:1111]:[128,21:21::21:1]:[201]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*>i[3]:[201]:[32,5.5.5.5]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN

Total number of prefixes 55

TB2-VTEP2#

VTEP4

TB2-VTEP4#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
4.4.4.4 2.2.2.2 Installed 00:18:55 00:18:55

© 2024 IP Infusion Inc. Proprietary 207

VXLAN-EVPN with IRB

4.4.4.4 1.1.1.1 Installed 00:18:55 00:18:55

4.4.4.4 5.5.5.5 Installed 00:13:27 00:13:27

Total number of entries are 3

TB2-VTEP4#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

Total number of entries are 7

TB2-VTEP4#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
201 21.21.21.51 0000.2222.1020 Static Remote ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.101 0000.4444.1020 Static Local ----
101 11.11.11.51 0000.2222.1010 Static Remote ----
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.201 0000.5555.1010 Static Remote ----
Total number of entries are 6
TB2-VTEP4#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________________________________
201 21:21::21:1 0000.0000.1111 Static Local ----
101 11:11::11:1 0000.0000.1111 Static Local ----
Total number of entries are 2
TB2-VTEP4#show nvo vxlan l3vni-map
L3VNI L2VNI IRB-interface
===================================
1000 101 irb1001
1000 201 irb2001

TB2-VTEP4#show ip route vrf L3VRF1

IP Route Table for VRF "L3VRF1"

C 11.11.11.0/24 is directly connected, irb1001, 00:19:46
C 21.21.21.0/24 is directly connected, irb2001, 00:19:46
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:19:49

Gateway of last resort is not set

TB2-VTEP4#show ipv6 route vrf L3VRF1
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, E - EVPN N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, i - IS-IS, B - BGP
Timers: Uptime

© 2024 IP Infusion Inc. Proprietary 208

VXLAN-EVPN with IRB

IP Route Table for VRF "L3VRF1"

C ::1/128 via ::, lo.L3VRF1, 00:19:49
C 11:11::/48 via ::, irb1001, 00:19:46
C 21:21::/48 via ::, irb2001, 00:19:46
C fe80::/64 via ::, irb2001, 00:19:46
TB2-VTEP4#show ip route summary

ECMP statistics (active in ASIC):

Total number of IPv4 ECMP routes : 0
Total number of IPv4 ECMP paths : 0
TB2-VTEP4#show ipv6 route summary

ECMP statistics (active in ASIC):

Total number of IPv6 ECMP routes : 0
Total number of IPv6 ECMP paths : 0
TB2-VTEP4#show bgp l2vpn evpn
BGP table version is 4, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer Encap

RD[11000:11]
*>i [5]:[0]:[1000]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
1.1.1.1 0 100 0 ? 1.1.1.1 VXLAN
*>i [5]:[0]:[1000]:[24]:[21.21.21.0]:[0.0.0.0]:[1000]
1.1.1.1 0 100 0 ? 1.1.1.1 VXLAN

RD[21000:11]
*>i [5]:[0]:[1000]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
2.2.2.2 0 100 0 ? 2.2.2.2 VXLAN
*>i [5]:[0]:[1000]:[24]:[21.21.21.0]:[0.0.0.0]:[1000]
2.2.2.2 0 100 0 ? 2.2.2.2 VXLAN

RD[51000:11]
*>i [5]:[0]:[1000]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
5.5.5.5 0 100 0 ? 5.5.5.5 VXLAN
*>i [5]:[0]:[1000]:[24]:[21.21.21.0]:[0.0.0.0]:[1000]
5.5.5.5 0 100 0 ? 5.5.5.5 VXLAN

© 2024 IP Infusion Inc. Proprietary 209

VXLAN-EVPN with IRB

RD[1.1.1.1:1]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [4]:[00:00:00:00:00:22:22:00:00:00]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[1.1.1.1:11]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[101]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[101]:[48,0000:0000:1111]:[32,11.11.11.1]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[101]:[48,0000:0000:1111]:[128,11:11::11:1]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[1.1.1.1:21]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[201]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[201]:[48,0000:0000:1111]:[32,21.21.21.1]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[201]:[48,0000:0000:1111]:[128,21:21::21:1]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[00:00:00:00:00:22:22:00:00:00]:[201]:[48,0000:2222:1020]:[32,21.21.21.51]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [3]:[201]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[2.2.2.2:1]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [4]:[00:00:00:00:00:22:22:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

© 2024 IP Infusion Inc. Proprietary 210

VXLAN-EVPN with IRB

5.5.5.5 0 100 0 i 5.5.5.5 VXLAN

* i 1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> 4.4.4.4 0 100 32768 i ---------- VXLAN
* i [2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[0]:[101]:[48,0000:5555:1010]:[32,11.11.11.201]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [3]:[101]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [3]:[101]:[32,4.4.4.4]
4.4.4.4 0 100 32768 i ---------- VXLAN
* i [3]:[101]:[32,5.5.5.5]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN

RD[4.4.4.4:21] VRF[L2VRF2]:
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[201]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[0]:[201]:[48,0000:0000:1111]:[32,21.21.21.1]:[201]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> 4.4.4.4 0 100 32768 i ---------- VXLAN
* i [2]:[0]:[201]:[48,0000:0000:1111]:[128,21:21::21:1]:[201]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> 4.4.4.4 0 100 32768 i ---------- VXLAN
* i [2]:[00:00:00:00:00:22:22:00:00:00]:[201]:[48,0000:2222:1020]:[32,21.21.21.51]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[201]:[48,0000:4444:1020]:[32,21.21.21.101]:[201]
4.4.4.4 0 100 32768 i ---------- VXLAN
* i [3]:[201]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [3]:[201]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [3]:[201]:[32,4.4.4.4]
4.4.4.4 0 100 32768 i ---------- VXLAN
* i [3]:[201]:[32,5.5.5.5]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN

Total number of prefixes 57

TB2-VTEP4#

© 2024 IP Infusion Inc. Proprietary 211

VXLAN-EVPN with IRB

VTEP5
TB2-VTEP5#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
5.5.5.5 2.2.2.2 Installed 00:13:36 00:13:36
5.5.5.5 4.4.4.4 Installed 00:13:36 00:13:36
5.5.5.5 1.1.1.1 Installed 00:13:36 00:13:36

Total number of entries are 3

TB2-VTEP5#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

Total number of entries are 7

TB2-VTEP5#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
201 21.21.21.51 0000.2222.1020 Static Remote ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.101 0000.4444.1020 Static Remote ----
101 11.11.11.51 0000.2222.1010 Static Remote ----
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.201 0000.5555.1010 Static Local ----
Total number of entries are 6
TB2-VTEP5#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________________________________
201 21:21::21:1 0000.0000.1111 Static Local ----
101 11:11::11:1 0000.0000.1111 Static Local ----
Total number of entries are 2
TB2-VTEP5#show nvo vxlan l3vni-map
L3VNI L2VNI IRB-interface
===================================
1000 101 irb1001
1000 201 irb2001

TB2-VTEP5#show ip route vrf L3VRF1

IP Route Table for VRF "L3VRF1"

C 11.11.11.0/24 is directly connected, irb1001, 00:14:07
C 21.21.21.0/24 is directly connected, irb2001, 00:14:05
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:20:00

Gateway of last resort is not set

TB2-VTEP5#show ipv6 route vrf L3VRF1

© 2024 IP Infusion Inc. Proprietary 212

VXLAN-EVPN with IRB

IPv6 Routing Table

Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, E - EVPN N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, i - IS-IS, B - BGP
Timers: Uptime

IP Route Table for VRF "L3VRF1"

C ::1/128 via ::, lo.L3VRF1, 00:20:00
C 11:11::/48 via ::, irb1001, 00:14:07
C 21:21::/48 via ::, irb2001, 00:14:05
C fe80::/64 via ::, irb2001, 00:14:05
TB2-VTEP5#show ip route summary

ECMP statistics (active in ASIC):

Total number of IPv4 ECMP routes : 0
Total number of IPv4 ECMP paths : 0
TB2-VTEP5#show ipv6 route summary

ECMP statistics (active in ASIC):

Total number of IPv6 ECMP routes : 0
Total number of IPv6 ECMP paths : 0
TB2-VTEP5#show bgp l2vpn evpn
BGP table version is 7, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer Encap

RD[11000:11]
*>i [5]:[0]:[1000]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
1.1.1.1 0 100 0 ? 1.1.1.1 VXLAN
*>i [5]:[0]:[1000]:[24]:[21.21.21.0]:[0.0.0.0]:[1000]
1.1.1.1 0 100 0 ? 1.1.1.1 VXLAN

RD[21000:11]
*>i [5]:[0]:[1000]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
2.2.2.2 0 100 0 ? 2.2.2.2 VXLAN
*>i [5]:[0]:[1000]:[24]:[21.21.21.0]:[0.0.0.0]:[1000]
2.2.2.2 0 100 0 ? 2.2.2.2 VXLAN

© 2024 IP Infusion Inc. Proprietary 213

VXLAN-EVPN with IRB

RD[41000:11]
*>i [5]:[0]:[1000]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
4.4.4.4 0 100 0 ? 4.4.4.4 VXLAN
*>i [5]:[0]:[1000]:[24]:[21.21.21.0]:[0.0.0.0]:[1000]
4.4.4.4 0 100 0 ? 4.4.4.4 VXLAN

RD[1.1.1.1:1]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [4]:[00:00:00:00:00:22:22:00:00:00]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[1.1.1.1:11]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[101]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[101]:[48,0000:0000:1111]:[32,11.11.11.1]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[101]:[48,0000:0000:1111]:[128,11:11::11:1]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[1.1.1.1:21]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[201]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[201]:[48,0000:0000:1111]:[32,21.21.21.1]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[201]:[48,0000:0000:1111]:[128,21:21::21:1]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[00:00:00:00:00:22:22:00:00:00]:[201]:[48,0000:2222:1020]:[32,21.21.21.51]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [3]:[201]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[2.2.2.2:1]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [4]:[00:00:00:00:00:22:22:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

© 2024 IP Infusion Inc. Proprietary 214

VXLAN-EVPN with IRB

4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

RD[5.5.5.5:11] VRF[L2VRF1]:
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[101]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[101]:[48,0000:0000:1111]:[32,11.11.11.1]:[101]
5.5.5.5 0 100 32768 i ---------- VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [2]:[0]:[101]:[48,0000:0000:1111]:[128,11:11::11:1]:[101]
5.5.5.5 0 100 32768 i ---------- VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[101]:[48,0000:5555:1010]:[32,11.11.11.201]:[101]
5.5.5.5 0 100 32768 i ---------- VXLAN
* i [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [3]:[101]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [3]:[101]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*> [3]:[101]:[32,5.5.5.5]
5.5.5.5 0 100 32768 i ---------- VXLAN

RD[5.5.5.5:21] VRF[L2VRF2]:
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[201]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[201]:[48,0000:0000:1111]:[32,21.21.21.1]:[201]
5.5.5.5 0 100 32768 i ---------- VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [2]:[0]:[201]:[48,0000:0000:1111]:[128,21:21::21:1]:[201]
5.5.5.5 0 100 32768 i ---------- VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i 1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [2]:[00:00:00:00:00:22:22:00:00:00]:[201]:[48,0000:2222:1020]:[32,21.21.21.51]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[0]:[201]:[48,0000:4444:1020]:[32,21.21.21.101]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i [3]:[201]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [3]:[201]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [3]:[201]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*> [3]:[201]:[32,5.5.5.5]
5.5.5.5 0 100 32768 i ---------- VXLAN

© 2024 IP Infusion Inc. Proprietary 215

VXLAN-EVPN with IRB

Total number of prefixes 57

TB2-VTEP5#

Distributed Gateway
In distributed gateway approach, VTEP will act as default gateways for one or more VNIDs,
Each VTEP having its own default gateway IP and MAC configuration for a given VNID.

IRB Configuration for Distributed

Configure from Base Configuration-L2 VXLAN section, then configure below commands for centralized distributed
approach.

VTEP4

(config)#nvo vxlan irb Enable VXLAN irb

(config)#commit Commit the candidate configuration to running configuration
and save config and reload board
(config)#ip vrf L3VRF1 Create MAC routing/forwarding instance with L3VRF1 name
and enter into VRF mode
(config-vrf)#rd 41000:11 Assign RD value
(config-vrf)# route-target both 100:100 Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1
(config-vrf)#exit Exit from VRF mode
(config)# interface irb2001 Configure IRB interface 2001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#ip address 21.21.21.1/24 Configure IP address
(config-if)#ipv6 address 21:21::21:1/48 Configure IPv6 address
(config-if)#exit Exit from interface config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board
(config)#router bgp 5000 Enter into BGP router mode
(config-router)#address-family ipv4 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit from address-family
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure IRB2001 under VXLAN id 201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

© 2024 IP Infusion Inc. Proprietary 216

VXLAN-EVPN with IRB

VTEP5
Unconfigure vnid 201 from nvo vxlan.

(config)#nvo vxlan irb Enable VXLAN IRB

(config)#commit Commit the candidate configuration to running configuration
and save config and reload board
(config)#ip vrf L3VRF1 Create mac routing/forwarding instance with L3VRF1 name
and enter into VRF mode
(config-vrf)#rd 51000:11 Assign RD value
(config-vrf)# route-target both 100:100 Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1
(config-vrf)#exit Exit from VRF mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board
(config)# interface irb1001 Configure IRB interface 1001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#ip address 11.11.11.1/24 Configure IP address
(config-if)#ipv6 address 11:11::11:1/48 Configure IPv6 address
(config-if)#exit Exit from interface config mode
(config)#router bgp 5000 Enter into BGP router mode
(config-router)#address-family ipv4 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit from address-family
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure IRB under VXLAN id 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Validations
VTEP4
TB2-VTEP4#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
4.4.4.4 2.2.2.2 Installed 00:01:17 00:01:17
4.4.4.4 1.1.1.1 Installed 00:01:17 00:01:17
4.4.4.4 5.5.5.5 Installed 00:02:22 00:02:22

Total number of entries are 3

TB2-VTEP4#show nvo vxlan
VXLAN Information
=================

© 2024 IP Infusion Inc. Proprietary 217

VXLAN-EVPN with IRB

Codes: NW - Network Port

AC - Access Port
(u) - Untagged

Total number of entries are 4

TB2-VTEP4#show ip route vrf L3VRF1

IP Route Table for VRF "L3VRF1"

B 5.5.5.5/32 [0/0] is directly connected, tunvxlan2, 00:02:23
B 11.11.11.0/24 [200/0] via 5.5.5.5 (recursive is directly connected, tunvxlan2), 00:01:26

C 21.21.21.0/24 is directly connected, irb2001, 00:01:18

C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:02:23

Gateway of last resort is not set

TB2-VTEP4#show ip route summary

ECMP statistics (active in ASIC):

Total number of IPv4 ECMP routes : 0
Total number of IPv4 ECMP paths : 0
TB2-VTEP4#show bgp l2vpn evpn
BGP table version is 13, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route

© 2024 IP Infusion Inc. Proprietary 218

VXLAN-EVPN with IRB

4 - Ethernet Segment Route

5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer Encap

RD[51000:11]
*>i [5]:[0]:[1000]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
5.5.5.5 0 100 0 ? 5.5.5.5 VXLAN

RD[1.1.1.1:1]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [4]:[00:00:00:00:00:22:22:00:00:00]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[2.2.2.2:1]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [4]:[00:00:00:00:00:22:22:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[4.4.4.4:11] VRF[L2VRF1]:
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[101]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[0]:[101]:[48,0000:5555:1010]:[32,11.11.11.201]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i [2]:[0]:[101]:[48,3c2c:99d6:167a]:[32,11.11.11.1]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i [2]:[0]:[101]:[48,3c2c:99d6:167a]:[128,11:11::11:1]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
* i [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [3]:[101]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

© 2024 IP Infusion Inc. Proprietary 219

VXLAN-EVPN with IRB

* i [3]:[101]:[32,5.5.5.5]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN

RD[4.4.4.4:21] VRF[L2VRF2]:
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[201]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[00:00:00:00:00:22:22:00:00:00]:[201]:[48,0000:2222:1020]:[32,21.21.21.51]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[201]:[48,0000:4444:1020]:[32,21.21.21.101]:[201]
4.4.4.4 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[201]:[48,3c2c:99c7:077a]:[32,21.21.21.1]:[201]
4.4.4.4 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[201]:[48,3c2c:99c7:077a]:[128,21:21::21:1]:[201]
4.4.4.4 0 100 32768 i ---------- VXLAN
* i [3]:[201]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [3]:[201]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [3]:[201]:[32,4.4.4.4]
4.4.4.4 0 100 32768 i ---------- VXLAN

RD[5.5.5.5:11]
*>i [2]:[0]:[101]:[48,0000:5555:1010]:[32,11.11.11.201]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*>i [2]:[0]:[101]:[48,3c2c:99d6:167a]:[32,11.11.11.1]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*>i [2]:[0]:[101]:[48,3c2c:99d6:167a]:[128,11:11::11:1]:[101]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN
*>i [3]:[101]:[32,5.5.5.5]
5.5.5.5 0 100 0 i 5.5.5.5 VXLAN

Total number of prefixes 39

TB2-VTEP4#

VTEP5
TB2-VTEP5#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
5.5.5.5 2.2.2.2 Installed 00:34:13 00:34:13
5.5.5.5 4.4.4.4 Installed 00:01:26 00:01:26
5.5.5.5 1.1.1.1 Installed 00:34:13 00:34:13

Total number of entries are 3

TB2-VTEP5#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

Total number of entries are 4

© 2024 IP Infusion Inc. Proprietary 220

VXLAN-EVPN with IRB

101 11.11.11.1 3c2c.99d6.167a Static Local ----

101 11.11.11.201 0000.5555.1010 Static Local ----
Total number of entries are 3
Total number of entries are 1
TB2-VTEP5#show nvo vxlan l3vni-map
L3VNI L2VNI IRB-interface
===================================
1000 101 irb1001

TB2-VTEP5#show ip route vrf L3VRF1

IP Route Table for VRF "L3VRF1"

B 4.4.4.4/32 [0/0] is directly connected, tunvxlan2, 00:01:26
C 11.11.11.0/24 is directly connected, irb1001, 00:34:43
B 21.21.21.0/24 [200/0] via 4.4.4.4 (recursive is directly connected, tunvxlan2), 00:01:26
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:40:36

Gateway of last resort is not set

TB2-VTEP5#show ip route summary

ECMP statistics (active in ASIC):

Total number of IPv4 ECMP routes : 0
Total number of IPv4 ECMP paths : 0
TB2-VTEP5#show bgp l2vpn evpn
BGP table version is 13, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer Encap

RD[41000:11]
*>i [5]:[0]:[1000]:[24]:[21.21.21.0]:[0.0.0.0]:[1000]
4.4.4.4 0 100 0 ? 4.4.4.4 VXLAN

RD[1.1.1.1:1]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [4]:[00:00:00:00:00:22:22:00:00:00]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[1.1.1.1:11]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[101]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]

© 2024 IP Infusion Inc. Proprietary 221

VXLAN-EVPN with IRB

1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

*>i [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[2.2.2.2:1]
*>i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [4]:[00:00:00:00:00:22:22:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[4.4.4.4:21]
*>i [2]:[0]:[201]:[48,0000:4444:1020]:[32,21.21.21.101]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [2]:[0]:[201]:[48,3c2c:99c7:077a]:[32,21.21.21.1]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [2]:[0]:[201]:[48,3c2c:99c7:077a]:[128,21:21::21:1]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [3]:[201]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

RD[5.5.5.5:11] VRF[L2VRF1]:
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[101]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[00:00:00:00:00:22:22:00:00:00]:[101]:[48,0000:2222:1010]:[32,11.11.11.51]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[101]:[48,0000:5555:1010]:[32,11.11.11.201]:[101]
5.5.5.5 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[101]:[48,3c2c:99d6:167a]:[32,11.11.11.1]:[101]
5.5.5.5 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[101]:[48,3c2c:99d6:167a]:[128,11:11::11:1]:[101]
5.5.5.5 0 100 32768 i ---------- VXLAN
* i [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [3]:[101]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [3]:[101]:[32,5.5.5.5]
5.5.5.5 0 100 32768 i ---------- VXLAN

© 2024 IP Infusion Inc. Proprietary 222

VXLAN-EVPN with IRB

* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

* i [2]:[00:00:00:00:00:22:22:00:00:00]:[201]:[48,0000:2222:1020]:[32,21.21.21.51]:[201]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[0]:[201]:[48,0000:4444:1020]:[32,21.21.21.101]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i [2]:[0]:[201]:[48,3c2c:99c7:077a]:[32,21.21.21.1]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i [2]:[0]:[201]:[48,3c2c:99c7:077a]:[128,21:21::21:1]:[201]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i [3]:[201]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [3]:[201]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [3]:[201]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

Total number of prefixes 39

TB2-VTEP5#

VXLAN IRB ECMP

In multihoming, anycast-IP and the same subnet is configured on the multihomed devices within the same VPN on IRB
interfaces connected to the multihomed CE. Both VTEP's will advertise same connected prefix route, remote VTEP
need to understand this and treat the traffic destined to multihomed CE as ECMP traffic i.e Routed traffic should
loadshare to both the VTEP's.

IRB ECMP Configuration

Configure from Base Configuration-L2 VXLAN section and perform commit after configuration, then configure below
commands for ECMP approach.

VTEP1
Configure max-path ibgp 2 on VTEP1 under BGP IPv4 VRF address family.

#configure terminal Enter Configure mode.

(config)#router bgp 5000 Enter into BGP router mode
(config-router)#address-family ipv4 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router)#max-paths ibgp 2 Configure BGP max-path
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit from address-family
(config-router-af)#commit Commit the transaction

© 2024 IP Infusion Inc. Proprietary 223

VXLAN-EVPN with IRB

VTEP1 IRB configuration

(config)#nvo vxlan irb Enable VXLAN IRB
(config)#commit Commit the transaction and save config and reload board
(config)#ip vrf L3VRF1 Create MAC routing/forwarding instance with L3VRF1 name
and enter into VRF mode
(config-vrf)#rd 11000:11 Assign RD value
(config-vrf)# route-target both 100:100 Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1
(config-vrf)#exit Exit from VRF mode
(config)# evpn irb-forwarding anycast- Configure anycast MAC address
gateway-mac 0000.0000.1111
(config)#commit Commit the transaction
(config)# interface irb1001 Configure IRV interface 1001
(config-if)ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)ip address 11.11.11.1/24 anycast Configure IP address
(config-if)ipv6 address 11:11::11:1/48 Configure IPv6 address
(config-if) evpn irb-if-forwarding anycast- Configure anycast MAC address
gateway-mac
(config-if)exit Exit from interface config mode
(config)# interface irb 2001 Configure IRB interface 2001
(config-if)ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)ip address 21.21.21.1/24 anycast Configure IP address
(config-if)ipv6 address 21:21::21:1/48 Configure IPv6 address
(config-if) evpn irb-if-forwarding anycast- Configure anycast MAC address
gateway-mac
(config-if)exit Exit from interface config mode
(config)#commit Commit the transaction
(config)router bgp 5000 Enter into BGP router mode
(config-router)#address-family ipv4 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit form address-family
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure IRB1001 under VXLAN ID 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure irb2001 under VXLAN ID 201

© 2024 IP Infusion Inc. Proprietary 224

VXLAN-EVPN with IRB

(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#commit Commit the transaction

VTEP2
Configure max-path ibgp 2 on VTEP1 under BGP IPv4 VRF address family.

#configure terminal Enter Configure mode.

(config)#router bgp 5000 Enter into BGP router mode
(config-router)#address-family ipv4 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router-af)#max-paths ibgp 2 Configure BGP max-path
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit from address-family
(config-router-af)#commit Commit the transaction

© 2024 IP Infusion Inc. Proprietary 225

VXLAN-EVPN with IRB

VTEP2 IRB configuration

(config)#nvo vxlan irb Enable VXLAN irb
(config)#commit Commit the transaction and save config and reload board
(config)#ip vrf L3VRF1 Create MAC routing/forwarding instance with L3VRF1 name
and enter into VRF mode
(config-vrf)#rd 21000:11 Assign RD value
(config-vrf)# route-target both 100:100 Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1
(config-vrf)#exit Exit from VRF mode
(config)# evpn irb-forwarding anycast- Configure anycast MAC address
gateway-mac 0000.0000.1111
(config)#commit Commit the transaction
(config)# interface irb 1001 Configure IRB interface 1001
(config-if)ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)ip address 11.11.11.1/24 anycast Configure IP address
(config-if)ipv6 address 11:11::11:1/48 Configure IPv6 address
(config-if) evpn irb-if-forwarding anycast- Configure anycast MAC address
gateway-mac
(config-if)exit Exit from interface config mode
(config)# interface irb 2001 Configure IRB interface 2001
(config-if)ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)ip address 21.21.21.1/24 anycast Configure IP address
(config-if)ipv6 address 21:21::21:1/48 Configure IPv6 address
(config-if) evpn irb-if-forwarding anycast- Configure anycast MAC address
gateway-mac
(config-if)exit Exit from interface config mode
(config)#commit Commit the transaction
(config)router bgp 5000 Enter into BGP router mode
(config-router)#address-family ipv4 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit form address-family
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure irb1001 under VXLAN ID 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure irb2001 under VXLAN id 201

© 2024 IP Infusion Inc. Proprietary 226

VXLAN-EVPN with IRB

(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#commit Commit the transaction

VTEP5
Unconfigure - evpn irb-forwarding anycast-gateway-mac and assign different IP address and IPv6 address
to IRB interfaces on VTEP1. Resolve the ARP on Traffic generator and verify the learnt MAC is same as IRB interface
MAC not the anycast MAC (0000.0000.1111). Configure BGP max-path under BGP process.
Enable VXLAN Multihhoming on VTEP5 and reboot the node to apply the Multihoming configuration to hardware.

#configure terminal Enter Configure mode.

(config)#evpn vxlan multihoming enable Enable Multihoming, save configs and reboot the board for
multihoming to be effective
(config)#commit Commit the transaction and save config and reload board
(config)#nvo vxlan irb Enable VXLAN IRB
(config)#commit Commit the transaction
(config)#ip vrf L3VRF1 Create MAC routing/forwarding instance with L3VRF1 name
and enter into VRF mode
(config-vrf)#rd 51000:11 Assign RD value
(config-vrf)# route-target both 100:100 Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1
(config-vrf)#commit Commit the transaction
(config)# no evpn irb-forwarding anycast- Delete evpn irb-forwarding anycast-gateway-mac
gateway-mac address
(config)#commit Commit the transaction
(config)# interface irb1001 Configure IRB interface 1001
(config-irb-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-irb-if)#ip address 101.11.11.1/24 Configure IP address
(config-irb-if)#ipv6 address 101:11::11:1/48 Configure IPv6 address
(config-irb-if)#commit Commit the transaction
(config)#router bgp 5000 Enter into BGP router mode
(config-router)#address-family ipv4 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router-af)# max-paths ibgp 2 Configure BGP max-path .
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit from address-family
(config-router-af)#commit Commit the transaction
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure IRB under VXLAN ID 101

© 2024 IP Infusion Inc. Proprietary 227

VXLAN-EVPN with IRB

(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config-nvo)#commit Commit the transaction

Validations
On VTEP5, verify that in the VRF routing table , ECMP path for the IRB address (11.11.11.1) is via VTEP1 - 1.1.1.1 and
VTEP2 -2.2.2.2 . Send the Traffic from VTEP5 Single homed to Multihomed. Traffic should be forwarded via VTEP1
and VTEP2 and is loadshared between the Multihome VTEPs.

VTEP5
TB2-VTEP5#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
5.5.5.5 2.2.2.2 Installed 00:34:13 00:34:13
5.5.5.5 4.4.4.4 Installed 00:01:26 00:01:26
5.5.5.5 1.1.1.1 Installed 00:34:13 00:34:13

Total number of entries are 3

TB2-VTEP5#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

Total number of entries are 4

TB2-VTEP5#show nvo vxlan arp-cache

TB2-VTEP5#show nvo vxlan l3vni-map

L3VNI L2VNI IRB-interface
===================================
1000 101 irb1001

TB2-VTEP5#show ip route vrf L3VRF1

© 2024 IP Infusion Inc. Proprietary 228

VXLAN-EVPN with IRB

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "L3VRF1"

C 101.11.11.0/24 is directly connected, irb1001, 00:34:43
B 11.11.11.0/24 [200/0] via 1.1.1.1 (recursive is directly connected, tunvxlan2), 00:01:26
[200/0] via 2.2.2.2 (recursive is directly connected, tunvxlan2), 00:01:26
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:40:36

Gateway of last resort is not set

Send 10000 pps from VTEP5 (Traffic generator- SH5) and verify the counters on VTEP5, VTEP1, VTEP2 and Switch

TB2-VTEP5#show interface counter rate mbps

+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
xe48 100 10000 0.01 8
xe40 0.00 0 106.76 10000
On VTEP1 and VTEP2, verify that traffic is load-balanced on ECMP path from VTEP5.

VTEP1
TB2-VTEP1#show interface counter rate mbps
+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
po2 62.75 5000 0.01 8
po1 0.00 0 62.98 5000
xe25 31.98 2500 0 0
xe26 30.95 2501 0 0
xe2 0.00 0 31.53 2500
xe3 0.00 0 30.53 2500

VTEP2
TB2-VTEP2#show interface counter rate mbps
+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
po3 62.75 5000 0.01 8
po1 0.00 0 62.98 5000
xe27 31.98 2500 0 0
xe28 30.95 2501 0 0
xe8 0.00 0 31.53 2500
xe9 0.00 0 30.53 2500
Verify the Traffic on Multihomed Switch:

SW1 (Multihomed)
TB2-SW1#show interface counter rate mbps
+-------------------+--------------+-------------+--------------+-------------+

© 2024 IP Infusion Inc. Proprietary 229

VXLAN-EVPN with IRB

| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |

+-------------------+--------------+-------------+--------------+-------------+
po1 100 10000 0.01 8
xe7 0.00 0 100 10000
xe8 25.01 2501 0 0
xe9 24.99 2499 0 0
xe2 24.98 2499 0 0
xe3 25.02 2501 0 0

© 2024 IP Infusion Inc. Proprietary 230

EVPN IRB - Anycast Support for Multiple Subnets

CHAPTER 2 EVPN IRB - Anycast Support for Multiple

Subnets

Overview
An EVPN-based Integrated Routing and Bridging solution enables communication between two Layer-2 Virtual
Network Identifiers (VNIDs) using IP-based Virtual Routing and Forwarding (IP-VRF).This enhancement provides
Anycast Gateway Routing support for multiple subnets under the IRB interface (per VNID).

Feature Characteristics
• Connects primary or secondary subnets with either router MAC or anycast MAC address.
• Supports Anycast Gateway for multiple subnets under the layer-2 VNID's.
• Subnets A, B, and C can have Anycast Gateway support, while subnet D is reserved for BGP.
• Supports the Interfacefull model for ARP/ND requests and the interfaceless model using the kernel interface with a
unique MAC per interface (Router MAC or Anycast MAC) for all subnets.
ARP/ND replies come from the ARP/ND cache table for host requests. Hosts can send Layer-3 packets with either
Anycast MAC or Router MAC, and Layer-3 termination in the VTEP happens for both. By default, each subnet uses the
Router MAC in ARP/ND cache. When the anycast argument is configured, it updates the ARP cache with the Anycast
MAC. BGP withdraws the Route-Type 2 and update with Anycast/Router MAC to inform the configured gateway for the
layer-2 VNID to non-default gateway nodes.

Topology
The procedures in this section use the topology in Figure 2-12.

Figure 2-12: EVPN IRB for Multiple Subnets

© 2024 IP Infusion Inc. Proprietary 231

EVPN IRB - Anycast Support for Multiple Subnets

Note: In the above topology TS1, and TS2 are the tenant systems.

VTEP1: L2 VXLAN configuration

(config)#nvo vxlan enable Enable VXLAN

(config)#nvo vxlan irb Enable VXLAN IRB
(config)#evpn esi hold-time 90 Configure ESI hold time to allow tunnel to come up at the time
of vxlan initialization before making the ESI up. It should be
same on both VTEP1 and VTEP2
(config)#evpn vxlan multihoming enable Enable Multihoming, save configs and reboot the board for
multihoming to be effective
(config)#mac vrf L2VRF2 Create mac routing/forwarding instance with L2VRF2 name
and enter into vrf mode
(config-vrf)#description MAC VRF BLUE Give description to L2VRF2 as Blue
(config-vrf)#rd 1.1.1.1:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export.
90.90.90.90:100 Should be same on all node for L2VRF2

(config-vrf)#exit Exit from vrf mode

(config)#ip vrf L3VRF1 Create MAC routing/forwarding instance with L3VRF1 name
and enter into VRF mode
(config-vrf)#rd 11000:11 Assign RD value
(config-vrf)#route-target both 100:100 Assign route-target value for same for import and export.
Should be same on all node for L2VRF1

(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1

(config-vrf)#exit Exit from vrf mode
(config)#mac vrf L2VRF1 Create mac routing/forwarding instance with L2VRF2 name
and enter into vrf mode
(config-vrf)#description MAC VRF RED Give description to L2VRF1 as Red
(config-vrf)#rd 1.1.1.1:11 Assign RD value
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for L2VRF1
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration
(config)# evpn irb-forwarding anycast- Add evpn irb-forwarding anycast-gateway-mac
gateway-mac address
(config)#nvo vxlan vtep-ip-global 1.1.1.1 Assign a global IP to the VTEP
(config)#nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-
replication inner-vid-disabled viddisabled configure and enter into VXLAN tenant mode
(config)#vxlan host-reachability-protocol Assign vrf for evpn-bgp to carry EVPN rout
evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure irb1001 under vxlan id 101
(config-nvo)# vni-name VNI-101 Configure VNI name as VNI-101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-
replication inner-vid-disabled viddisabled configure and enter into VXLAN tenant mode

© 2024 IP Infusion Inc. Proprietary 232

EVPN IRB - Anycast Support for Multiple Subnets

(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route

protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure irb2001 under vxlan id 201
(config-nvo)# vni-name VNI-201 Configure VNI name as VNI-201
(config)#qos enable Enabling QoS
(config)#hostname VTEP1 Configure hostname

VTEP1: Interface and Loopback configuration

(config)#interface po1 Enter Interface mode for po1 (MH2)

(config-if)#switchport Make it L2 interface
(config-if)# evpn multi-homed system-mac Configure system mac as ESI value for Lag (po1) interface.
0000.0000.2222 VTEP1 and VTEP2 should have same ESI value
(config)#interface po100 Enter Interface mode for po100
(config-if)#load-interval 30 Make it member port of po1
(config-if)#ip address 100.11.11.1/24 Configure ip address as 100.11.11.1 on network side of Spine-
P3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce49 Enter Interface mode for ce49
(config-if)#channel-group 100 mode active Map the interface ce49 to po1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce52 Enter Interface mode for network side port
(config-if)#ip address 100.11.11.1/24 Configure ip address as 100.11.11.1 on network side of Spine-
P3
(config-if)#channel-group 1 mode active Map the ce52 interface to po100
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)# interface irb1001 Configure IRB interface 1001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#evpn irb-if-forwarding anycast- Enable an IRB interface to use the global anycast IRB mac-
gateway-mac address.
(config-irb-if)# ip address 11.11.11.1/24 Configure the IPv4 primary address as anycast
anycast
(config-irb-if)# ip address 12.11.11.1/24 Configure secondary IPv4 secondary address as anycast
secondary anycast
(config-irb-if)# ip address 13.11.11.1/16 Configure secondary IPv4 secondary address as anycast
secondary
(config-irb-if)# ip address 14.11.11.1/24 Configure secondary IPv4 secondary address as anycast
secondary
(config-irb-if)# ip address 15.11.11.1/16 Configure secondary IPv4 secondary address as anycast
secondary anycast
(config-irb-if)# ip address 16.11.11.1/8 Configure secondary IPv4 secondary address as anycast
secondary anycast
(config-irb-if)# ip address 17.11.11.1/24 Configure secondary IPv4 secondary address as anycast
secondary anycast

© 2024 IP Infusion Inc. Proprietary 233

EVPN IRB - Anycast Support for Multiple Subnets

(config-irb-if)# ip address 18.11.11.1/16 Configure secondary IPv4 secondary address as anycast

secondary anycast
(config-irb-if)# ip address 19.11.11.1/8 Configure secondary IPv4 secondary address as anycast
secondary
(config-irb-if)# ip address 20.11.11.1/24 Configure secondary IPv4 secondary address as anycast
secondary anycast
(config-irb-if)# ip address 21.11.11.1/8 Configure secondary IPv4 secondary address as anycast
secondary anycast
(config-irb-if)# ip address 22.11.11.1/24 Configure secondary IPv4 secondary address as anycast
secondary anycast
(config-irb-if)# ip address 25.11.11.1/16 Configure secondary IPv4 secondary address as anycast
secondary anycast
(config-irb-if)# ipv6 address 11:11::11:1/48 Configure secondary IPv6 primary address as anycast
anycast
(config-irb-if)# ipv6 address 12:11::11:1/64 Configure secondary IPv6 address
(config-irb-if)# ipv6 address 13:11::11:1/48 Configure secondary IPv6 secondary address as anycast
anycast
(config-irb-if)# ipv6 address 14:11::11:1/50 Configure secondary IPv6 secondary address as anycast
anycast

VTEP1:OSPF configuration

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo ip address)
(config-router)#network 1.1.1.1/32 area Add 1.1.1.1 (lo ip address) network into area 0
0.0.0.0
(config-router)#network 100.11.11.0/24 area Add 100.11.11.0(Spine-P3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.

VTEP1:BGP configuration

(config)#router bgp 5000 Enter into Router BGP mode

(config-router)#bgp router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo ip address)
(config-router)#neighbor 2.2.2.2 remote-as Specify a VTEP2 loopback ip address and remote-as defined
5000
(config-router)#neighbor 2.2.2.2 update- Configure update as loopback for VTEP2
source lo
(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP2
(config-router)#neighbor 4.4.4.4 remote-as Specify a VTEP4 loopback ip address and remote-as defined
5000
(config-router)#neighbor 4.4.4.4 update- Configure update as loopback for VTEP4
source lo
(config-router)#neighbor 4.4.4.4 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP4

© 2024 IP Infusion Inc. Proprietary 234

EVPN IRB - Anycast Support for Multiple Subnets

(config-router)#neighbor 5.5.5.5 remote-as Specify a VTEP5 loopback ip address and remote-as defined
5000
(config-router)#neighbor 5.5.5.5 update- Configure update as loopback for VTEP5
source lo
(config-router)#neighbor 5.5.5.5 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP5
(config-router)#address-family l2vpn evpn Enter into l2vpn EVPN address family mode
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2(VTEP2) into l2vpn evpn address family mode
(config-router-af)#neighbor 4.4.4.4 activate Activate 3.3.3.3(VTEP4) into l2vpn evpn address family mode
(config-router-af)#neighbor 5.5.5.5 activate Activate 5.5.5.5(VTEP5) into l2vpn evpn address family mode
(config-router-af)#exit-address-family Exit from l2vpn address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode

VTEP1:L2 MAC VRF Configuration

(config)#mac vrf L2VRF1 Create mac routing/forwarding instance with L2VRF1 name
and enter into vrf mode
(config-vrf)#rd 1.1.1.1:11 Assign RD value
(config-vrf)#description MAC VRF RED Give description to L2VRF1 as RED
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for L2VRF1
(config-vrf)#exit Exit from vrf mode
(config)#mac vrf L2VRF2 Create mac routing/forwarding instance with L2VRF2 name
and enter into vrf mode
(config-vrf)#rd 1.1.1.1:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export
90.90.90.90:100
(config-vrf)#description MAC VRF BLUE Give description to L2VRF2 as BLUE
(config-vrf)#exit Exit from vrf mode

VTEP1:L2 VXLAN configuration

(config)#nvo vxlan access-if port-vlan po1 Enable port-vlan mapping i.e. access port to outer-vlan
10 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vnid 101 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.2222.1010 ip Configure static mac-ip
11.11.11.51
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan po1 Enable port-vlan mapping i.e. access port to outer-vlan
20 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vnid 201 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.2222.1020 ip Configure static mac-ip
21.21.21.51
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration

© 2024 IP Infusion Inc. Proprietary 235

EVPN IRB - Anycast Support for Multiple Subnets

(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into

configuration mode
(config)#exit Exit from configuration mode

VTEP2 L2 VXLAN configuration:

(config)#nvo vxlan enable Enable VXLAN

(config)#nvo vxlan irb Enable VXLAN IRB
(config)#evpn esi hold-time 90 Configure ESI hold time to allow tunnel to come up at the time
of vxlan initialization before making the ESI up. It should be
same on both VTEP1 and VTEP2
(config)#evpn vxlan multihoming enable Enable Multihoming
(config)#mac vrf L2VRF2 Create mac routing/forwarding instance with L2VRF2 name
and enter into vrf mode
(config-vrf)#description MAC VRF BLUE Give description to L2VRF2 as Blue
(config-vrf)#rd 1.1.1.1:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export.
90.90.90.90:100 Should be same on all node for L2VRF2

(config-vrf)#exit Exit from vrf mode

(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1

© 2024 IP Infusion Inc. Proprietary 236

EVPN IRB - Anycast Support for Multiple Subnets

(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-
replication inner-vid-disabled viddisabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure irb2001 under vxlan id 201
(config-nvo)# vni-name VNI-201 Configure VNI name as VNI-201
(config)#qos enable Enabling QoS
VTEP1(config)#hostname VTEP2 Configure hostname

VTEP2(config)#exit Exit from VTEP1

VTEP2:Interface and loopback configuration

(config)#interface po1 Enter Interface mode for po1 (MH2)

(config-if)#switchport Make it L2 interface
(config-if)# evpn multi-homed system-mac Configure system mac as ESI value for Lag (po1) interface.
0000.0000.2222 VTEP1 and VTEP2 should have same ESI value
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po100 Enter Interface mode for xe3
(config-if)#load-interval 30 Make it member port of po1
(config-if)#ip address 100.11.11.1/24 Configure ip address as 100.11.11.1 on network side of Spine-
P3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce49 Enter Interface mode for ce49
(config-if)#channel-group 100 mode active Map the ce49 interface to po100
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce52 Enter Interface mode for network side port
(config-if)#ip address 100.11.11.1/24 Configure ip address as 100.11.11.1 on network side of Spine-
P3
(config-if)#channel-group 1 mode active Map the ce52 interface to po1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)# interface irb1001 Configure IRB interface 1001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#evpn irb-if-forwarding anycast- Enable an IRB interface to use the global anycast IRB mac-
gateway-mac address.
(config-irb-if)# ip address 11.11.11.1/24 Configure primary IPv4 address as anycast
anycast
(config-irb-if)# ip address 12.11.11.1/24 Configure primary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 13.11.11.1/16 Configure primary IPv4 address as anycast
secondary
(config-irb-if)# ip address 14.11.11.1/24 Configure primary IPv4 address as anycast
secondary
(config-irb-if)# ip address 15.11.11.1/16 Configure primary IPv4 address as anycast
secondary anycast

© 2024 IP Infusion Inc. Proprietary 237

EVPN IRB - Anycast Support for Multiple Subnets

(config-irb-if)# ip address 16.11.11.1/8 Configure primary IPv4 address as anycast

secondary anycast
(config-irb-if)# ip address 17.11.11.1/24 Configure primary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 18.11.11.1/16 Configure primary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 19.11.11.1/8 Configure primary IPv4 address as anycast
secondary
(config-irb-if)# ip address 20.11.11.1/24 Configure primary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 21.11.11.1/8 Configure primary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 22.11.11.1/24 Configure primary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 25.11.11.1/16 Configure primary IPv4 address as anycast
secondary anycast
(config-irb-if)# ipv6 address 11:11::11:1/48 Configure primary IPv4 address as anycast
anycast
(config-irb-if)# ipv6 address 12:11::11:1/64 Configure the IPv6 address
(config-irb-if)# ipv6 address 13:11::11:1/48 Configure the IPv6 address as primary anycast
anycast
(config-irb-if)# ipv6 address 14:11::11:1/50 Configure the IPv6 address as anycast
anycast

VTEP2:OSPF configuration

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo ip address)
(config-router)#network 1.1.1.1/32 area Add 1.1.1.1 (lo ip address) network into area 0
0.0.0.0
(config-router)#network 100.11.11.0/24 area Add 100.11.11.0(Spine-P3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.

VTEP2:BGP configuration

(config)#router bgp 5000 Enter into Router BGP mode

© 2024 IP Infusion Inc. Proprietary 238

EVPN IRB - Anycast Support for Multiple Subnets

(config-router)#neighbor 4.4.4.4 update- Configure update as loopback for VTEP4

source lo
(config-router)#neighbor 4.4.4.4 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP4
(config-router)#neighbor 5.5.5.5 remote-as Specify a VTEP5 loopback ip address and remote-as defined
5000
(config-router)#neighbor 5.5.5.5 update- Configure update as loopback for VTEP5
source lo
(config-router)#neighbor 5.5.5.5 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP5
(config-router)#address-family l2vpn evpn Enter into l2vpn EVPN address family mode
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2(VTEP2) into l2vpn evpn address family mode
(config-router-af)#neighbor 4.4.4.4 activate Activate 3.3.3.3(VTEP4) into l2vpn evpn address family mode
(config-router-af)#neighbor 5.5.5.5 activate Activate 5.5.5.5(VTEP5) into l2vpn evpn address family mode
(config-router-af)#exit-address-family Exit from l2vpn address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode

VTEP2:L2 MAC VRF Configuration

VTEP2:L2 VXLAN configuration

© 2024 IP Infusion Inc. Proprietary 239

EVPN IRB - Anycast Support for Multiple Subnets

(config-nvo-acc-if)# mac 0000.2222.1020 ip Configure static mac-ip

21.21.21.51
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#exit Exit from configuration mode

VTEP3:L2 VXLAN configuration

(config)#nvo vxlan enable Enable VXLAN

(config)#nvo vxlan irb Enable VXLAN IRB
(config)#evpn esi hold-time 90 Configure ESI hold time to allow tunnel to come up at the time
of vxlan initialization before making the ESI up. It should be
same on both VTEP1 and VTEP2
(config)#evpn vxlan multihoming enable Enable Multihoming
(config)#mac vrf L2VRF2 Create mac routing/forwarding instance with L2VRF2 name
and enter into vrf mode
(config-vrf)#description MAC VRF BLUE Give description to L2VRF2 as Blue
(config-vrf)#rd 1.1.1.1:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export.
90.90.90.90:100 Should be same on all node for L2VRF2

(config-vrf)#exit Exit from vrf mode

(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1

© 2024 IP Infusion Inc. Proprietary 240

EVPN IRB - Anycast Support for Multiple Subnets

(config)#vxlan host-reachability-protocol Assign vrf for evpn-bgp to carry EVPN rout

evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure irb1001 under vxlan id 101
(config-nvo)# vni-name VNI-101 Configure VNI name as VNI-101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-
replication inner-vid-disabled viddisabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure irb2001 under vxlan id 201
(config-nvo)# vni-name VNI-201 Configure VNI name as VNI-201
(config)#qos enable Enabling QoS
VTEP3(config)#hostname VTEP3 Configure hostname

VTEP3:Interface and loopback configuration

(config)#interface po1 Enter Interface mode for po1 (MH2)

(config-if)#switchport Make it L2 interface
(config-if)# evpn multi-homed system-mac Configure system mac as ESI value for Lag (po1) interface.
0000.0000.2222 VTEP1 and VTEP2 should have same ESI value
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po100 Enter Interface mode for xe3
(config-if)#load-interval 30 Make it member port of po1
(config-if)#ip address 100.11.11.1/24 Configure ip address as 100.11.11.1 on network side of Spine-
P3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce49 Enter Interface mode for ce49
(config-if)#channel-group 100 mode active Map the interface ce49 to po100
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce52 Enter Interface mode for network side port
(config-if)#ip address 100.11.11.1/24 Configure ip address as 100.11.11.1 on network side of Spine-
P3
(config-if)#channel-group 1 mode active Map the interface ce52 to po1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)# interface irb1001 Configure IRB interface 1001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#evpn irb-if-forwarding anycast- Enable an IRB interface to use the global anycast IRB mac-
gateway-mac address.
(config-irb-if)# ip address 11.11.11.1/24 Configure the IPv4 address
anycast
(config-irb-if)# ip address 12.11.11.1/24 Configure secondary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 13.11.11.1/16 Configure secondary IPv4 address as anycast
secondary

© 2024 IP Infusion Inc. Proprietary 241

EVPN IRB - Anycast Support for Multiple Subnets

(config-irb-if)# ip address 14.11.11.1/24 Configure secondary IPv4 address as anycast

secondary
(config-irb-if)# ip address 15.11.11.1/16 Configure secondary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 16.11.11.1/8 Configure secondary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 17.11.11.1/24 Configure secondary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 18.11.11.1/16 Configure secondary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 19.11.11.1/8 Configure secondary IPv4 address as anycast
secondary
(config-irb-if)# ip address 20.11.11.1/24 Configure secondary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 21.11.11.1/8 Configure secondary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 22.11.11.1/24 Configure secondary IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 25.11.11.1/16 Configure secondary IPv4 address as anycast
secondary anycast
(config-irb-if)# ipv6 address 11:11::11:1/48 Configure the IPv6 as primary anycast
anycast
(config-irb-if)# ipv6 address 12:11::11:1/64 Configure the IPv6 address
(config-irb-if)# ipv6 address 13:11::11:1/48 Configure the IPv6 address as anycast
anycast
(config-irb-if)# ipv6 address 14:11::11:1/50 Configure the IPv6 address as anycast
anycast

VTEP3:OSPF configuration

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo ip address)
(config-router)#network 1.1.1.1/32 area Add 1.1.1.1 (lo ip address) network into area 0
0.0.0.0
(config-router)#network 100.11.11.0/24 area Add 100.11.11.0(Spine-P3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.

VTEP3:BGP configuration

(config)#router bgp 5000 Enter into Router BGP mode

© 2024 IP Infusion Inc. Proprietary 242

EVPN IRB - Anycast Support for Multiple Subnets

(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for

advertisement-interval 0 VTEP2
(config-router)#neighbor 4.4.4.4 remote-as Specify a VTEP4 loopback ip address and remote-as defined
5000
(config-router)#neighbor 4.4.4.4 update- Configure update as loopback for VTEP4
source lo
(config-router)#neighbor 4.4.4.4 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP4
(config-router)#neighbor 5.5.5.5 remote-as Specify a VTEP5 loopback ip address and remote-as defined
5000
(config-router)#neighbor 5.5.5.5 update- Configure update as loopback for VTEP5
source lo
(config-router)#neighbor 5.5.5.5 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP5
(config-router)#address-family l2vpn evpn Enter into l2vpn EVPN address family mode
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2(VTEP2) into l2vpn evpn address family mode
(config-router-af)#neighbor 4.4.4.4 activate Activate 3.3.3.3(VTEP4) into l2vpn evpn address family mode
(config-router-af)#neighbor 5.5.5.5 activate Activate 5.5.5.5(VTEP5) into l2vpn evpn address family mode
(config-router-af)#exit-address-family Exit from l2vpn address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode

VTEP3:L2 MAC VRF Configuration

VTEP3:L2 VXLAN configuration

© 2024 IP Infusion Inc. Proprietary 243

EVPN IRB - Anycast Support for Multiple Subnets

(config)#nvo vxlan access-if port-vlan po1 Enable port-vlan mapping i.e. access port to outer-vlan
20 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vnid 201 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.2222.1020 ip Configure static mac-ip
21.21.21.51
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#exit Exit from configuration mode

VTEP4:L2 VXLAN configuration

(config)#nvo vxlan enable Enable VXLAN

(config)#nvo vxlan irb Enable VXLAN IRB
(config)#evpn esi hold-time 90 Configure ESI hold time to allow tunnel to come up at the time
of vxlan initialization before making the ESI up. It should be
same on both VTEP1 and VTEP2
(config)#evpn vxlan multihoming enable Enable Multihoming
(config)#mac vrf L2VRF2 Create mac routing/forwarding instance with L2VRF2 name
and enter into vrf mode
(config-vrf)#description MAC VRF BLUE Give description to L2VRF2 as Blue
(config-vrf)#rd 1.1.1.1:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export.
90.90.90.90:100 Should be same on all node for L2VRF2

(config-vrf)#exit Exit from vrf mode

(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1

© 2024 IP Infusion Inc. Proprietary 244

EVPN IRB - Anycast Support for Multiple Subnets

(config)#nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-
replication inner-vid-disabled viddisabled configure and enter into VXLAN tenant mode
(config)#vxlan host-reachability-protocol Assign vrf for evpn-bgp to carry EVPN rout
evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure irb1001 under vxlan id 101
(config-nvo)# vni-name VNI-101 Configure VNI name as VNI-101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-
replication inner-vid-disabled viddisabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure irb2001 under vxlan id 201
(config-nvo)# vni-name VNI-201 Configure VNI name as VNI-201
(config)#qos enable Enabling QoS
VTEP4(config)#hostname VTEP4 Configure hostname

VTEP4:Interface and loopback configuration

(config)#interface po1 Enter Interface mode for po1 (MH2)

(config-if)#switchport Make it L2 interface
(config-if)# evpn multi-homed system-mac Configure system mac as ESI value for Lag (po1) interface.
0000.0000.2222 VTEP1 and VTEP2 should have same ESI value
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po100 Enter Interface mode for xe3
(config-if)#load-interval 30 Make it member port of po1
(config-if)#ip address 100.11.11.1/24 Configure ip address as 100.11.11.1 on network side of Spine-
P3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce49 Enter Interface mode for ce49
(config-if)#channel-group 100 mode active Map the ce49 interface to po100
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce52 Enter Interface mode for network side port
(config-if)#ip address 100.11.11.1/24 Configure ip address as 100.11.11.1 on network side of Spine-
P3
(config-if)#channel-group 1 mode active Map the ce52 interface to po01
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)# interface irb1001 Configure IRB interface 1001
(config-if)#ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)#evpn irb-if-forwarding anycast- Enable an IRB interface to use the global anycast IRB mac-
gateway-mac address.
(config-irb-if)# ip address 11.11.11.1/24 Configure the IPv4 address anycast gateway
anycast
(config-irb-if)# ip address 12.11.11.1/24 Configure the IPv4 address anycast gateway
secondary anycast

© 2024 IP Infusion Inc. Proprietary 245

EVPN IRB - Anycast Support for Multiple Subnets

(config-irb-if)# ip address 13.11.11.1/16 Configure the IPv4 address as anycast

secondary
(config-irb-if)# ip address 14.11.11.1/24 Configure the IPv4 address as anycast
secondary
(config-irb-if)# ip address 15.11.11.1/16 Configure the IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 16.11.11.1/8 Configure the IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 17.11.11.1/24 Configure the IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 18.11.11.1/16 Configure the IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 19.11.11.1/8 Configure the IPv4 address as anycast
secondary
(config-irb-if)# ip address 20.11.11.1/24 Configure the IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 21.11.11.1/8 Configure the IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 22.11.11.1/24 Configure the IPv4 address as anycast
secondary anycast
(config-irb-if)# ip address 25.11.11.1/16 Configure the IPv4 address as anycast
secondary anycast
(config-irb-if)# ipv6 address 11:11::11:1/48 Configure the IPv4 address as anycast
anycast
(config-irb-if)# ipv6 address 12:11::11:1/64 Configure the IPv6 address as anycast
(config-irb-if)# ipv6 address 13:11::11:1/48 Configure the IPv6 address as anycast
anycast
(config-irb-if)# ipv6 address 14:11::11:1/50 Configure the IPv6 address as anycast
anycast

VTEP4:OSPF configuration

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo ip address)
(config-router)#network 1.1.1.1/32 area Add 1.1.1.1 (lo ip address) network into area 0
0.0.0.0
(config-router)#network 100.11.11.0/24 area Add 100.11.11.0(Spine-P3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.

VTEP4:BGP configuration

(config)#router bgp 5000 Enter into Router BGP mode

(config-router)#bgp router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo ip address)
(config-router)#neighbor 2.2.2.2 remote-as Specify a VTEP2 loopback ip address and remote-as defined
5000

© 2024 IP Infusion Inc. Proprietary 246

EVPN IRB - Anycast Support for Multiple Subnets

(config-router)#neighbor 2.2.2.2 update- Configure update as loopback for VTEP2

source lo
(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP2
(config-router)#neighbor 4.4.4.4 remote-as Specify a VTEP4 loopback ip address and remote-as defined
5000
(config-router)#neighbor 4.4.4.4 update- Configure update as loopback for VTEP4
source lo
(config-router)#neighbor 4.4.4.4 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP4
(config-router)#neighbor 5.5.5.5 remote-as Specify a VTEP5 loopback ip address and remote-as defined
5000
(config-router)#neighbor 5.5.5.5 update- Configure update as loopback for VTEP5
source lo
(config-router)#neighbor 5.5.5.5 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP5
(config-router)#address-family l2vpn evpn Enter into l2vpn EVPN address family mode
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2(VTEP2) into l2vpn evpn address family mode
(config-router-af)#neighbor 4.4.4.4 activate Activate 3.3.3.3(VTEP4) into l2vpn evpn address family mode
(config-router-af)#neighbor 5.5.5.5 activate Activate 5.5.5.5(VTEP5) into l2vpn evpn address family mode
(config-router-af)#exit-address-family Exit from l2vpn address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode

VTEP4:L2 MAC VRF Configuration

VTEP4:L2 VXLAN configuration

© 2024 IP Infusion Inc. Proprietary 247

EVPN IRB - Anycast Support for Multiple Subnets

(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into

configuration mode
(config)#nvo vxlan access-if port-vlan po1 Enable port-vlan mapping i.e. access port to outer-vlan
20 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vnid 201 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.2222.1020 ip Configure static mac-ip
21.21.21.51
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#exit Exit from configuration mode

Spine1
Spine node where all VTEPs are connected.
Generic configuration:

#configure terminal Enter Configure mode.

(config)#evpn vxlan multihoming enable Enable Multihoming, save configs and reboot the board for
multihoming to be effective
(config)#qos enable Enabling qos

Interface and loopback configuration:

(config)#interface po1 Enter Interface mode for po1 (MH2)

(config-if)#switchport Make it L2 interface
(config-if)# bridge-group 1 Configure system mac as ESI value for Lag (po1) interface.
VTEP1 and VTEP2 should have same ESI value
(config-if)#switchport mode trunk Exit Interface mode and return to Configure mode.
(config-if)#switchport trunk allowed vlan Configure the VLANs that should be allowed through this
add 2 interface
(config)#interface po4 Enter Interface mode for xe3
(config-if)#load-interval 30 Make it member port of po1
(config-if)#ip address 100.11.11.1/24 Configure ip address as 100.11.11.1 on network side of Spine-
P3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po25 Enter Interface mode for lo
(config-if)#load-interval 30 Make it member port of po1
(config-if)#ip address 100.11.11.1/24 Configure ip address as 100.11.11.1 on network side of Spine-
P1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po100 Enter Interface mode for network side port
(config-if)#ip address 100.11.11.1/24 Configure ip address as 100.11.11.1 on network side of Spine-
P3
(config-if)#exit Exit Interface mode and return to Configure mode.

© 2024 IP Infusion Inc. Proprietary 248

EVPN IRB - Anycast Support for Multiple Subnets

(config)#interface ce1 Enter Interface mode for network side port

(config-if)#channel-group 1 mode activev Map the ce1 interface to po1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce2 Enter Interface mode for network side port
(config-if)#channel-group 2 mode active Map the ce2 interface to po2

(config-if)#exit Exit Interface mode and return to Configure mode.

(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce3 Enter Interface mode for network side port
(config-if)#channel-group 1 mode active Map the ce3 interface to po1

(config-if)#exit Exit Interface mode and return to Configure mode.

(config)#interface ce4 Enter Interface mode for network side port
(config-if)#channel-group 1 mode active Map the ce4 interface to po1
(config)# interface lo Configure IRB interface 1001
(config)#ip address 127.0.0.1/8 Configure the IPv4 address
(config)#ip address 100.100.100.100/32 Configure the IPv4 address
secondary
(config)#ipv6 address ::1/128 Configure the IPv6 address
(config)# vlan1.2 Configure IRB interface 1001
(config)#ip address 100.12.12.2/24 Configure the Ip address
(config)#exit Exit Interface mode and return to Configure mode.

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo ip address)
(config-router)#network 1.1.1.1/32 area Add 1.1.1.1 (lo ip address) network into area 0
0.0.0.0
(config-router)#network 100.11.11.0/24 area Add 100.11.11.0(Spine-P3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.

Switch1

Interface and loopback configuration:

(config)#interface po1 Enter Interface mode for po1 (MH2)

(config-if)#switchport Enable switch port under po1
(config-if)# bridge-group 1 Map the bridge group
(config-if)#switchport mode trunk Configure switch port as trunk

© 2024 IP Infusion Inc. Proprietary 249

EVPN IRB - Anycast Support for Multiple Subnets

(config-if)#switchport trunk allowed vlan Add the vlan for the trunk
add 2,10,20
(config-if)#switchport trunk allowed vlan Add the vlan for the trunk
add 2
(config)#interface ce56 Enter Interface mode for network side port
(config-if)#channel-group 1 mode active Map interface ce56 for channel group

(config)#interface vlan1.20 Configure the vlan

(config)#ip address 21.21.21.2/24 Configure the IPv4 address for vlan1.20
(config)#ipv6 address 21:21::21:2/48 Configure the IPv6 address for vlan1.20

(config)# interface vlan1.2 Configure the interface Vlan1.2

(config)# ip adress100.12.12.2/24 Configure the IP address for vlan1.2 interface.
(config)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe1 Enter Interface mode for xe1
(config-if)#switchport Enable switch port under xe1
(config-if)# bridge-group 1 Map the bridge group
(config-if)#switchport mode trunk Configure switch port as trunk
(config-if)#switchport trunk allowed vlan Add the vlan for the trunk
add 2,10,20
(config)#exit Exit Interface mode and return to Configure mode.

Switch2

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 5.5.5.5 Configure router-id as 5.5.5.5 (lo ip address)
(config-router)#network 5.5.5.5/32 area Add 5.5.5.5/32 (lo ip address) network into area 0
0.0.0.0
(config-router)#network 100.14.14.0/24 .0/24 Add 100.14.14.0/24 (Spine-P3) network into area 0
area 0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.

Validation
VTEP1:
Leaf1#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.51 0000.2222.1010 Static Local ----

© 2024 IP Infusion Inc. Proprietary 250

EVPN IRB - Anycast Support for Multiple Subnets

101 11.11.11.201 0000.4444.1010 Static Remote ----

101 12.11.11.1 0000.0000.1111 Static Local ----
101 13.11.11.1 1444.8f10.d8c9 Static Local ----
101 14.11.11.1 1444.8f10.d8c9 Static Local ----
101 15.11.11.1 0000.0000.1111 Static Local ----
101 16.11.11.1 0000.0000.1111 Static Local ----
101 17.11.11.1 0000.0000.1111 Static Local ----
101 18.11.11.1 0000.0000.1111 Static Local ----
101 19.11.11.1 1444.8f10.d8c9 Static Local ----
101 20.11.11.1 0000.0000.1111 Static Local ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.51 0000.2222.1020 Static Local ----
201 22.22.22.1 1444.8f10.d8c9 Static Local ----
201 23.23.23.1 0000.0000.1111 Static Local ----
201 24.24.24.1 0000.0000.1111 Static Local ----
201 25.25.25.1 1444.8f10.d8c9 Static Local ----
201 26.26.26.1 0000.0000.1111 Static Local ----
201 27.27.27.1 1444.8f10.d8c9 Static Local ----
201 28.28.28.1 0000.0000.1111 Static Local ----
201 29.29.29.1 1444.8f10.d8c9 Static Local ----
201 30.30.30.1 0000.0000.1111 Static Local ----
201 192.85.1.2 0039.4400.0020 Dynamic Local ----
Total number of entries are 24
--------------------------------------------------------
Leaf1#sh nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age
-Out Retries-Left
________________________________________________________________________________
____________________
101 11:11::11:1 0000.0000.1111 Static Local ----
101 12:11::11:1 1444.8f10.d8c9 Static Local ----
101 13:11::11:1 0000.0000.1111 Static Local ----
101 14:11::11:1 0000.0000.1111 Static Local ----
101 15:11::11:1 0000.0000.1111 Static Local ----
101 16:11::11:1 1444.8f10.d8c9 Static Local ----
101 17:11::11:1 0000.0000.1111 Static Local ----
101 18:11::11:1 1444.8f10.d8c9 Static Local ----
101 19:11::11:1 1444.8f10.d8c9 Static Local ----
101 20:20::20:1 1444.8f10.d8c9 Static Local ----
201 21:21::21:1 1444.8f10.d8c9 Static Local ----
201 22:22::22:1 0000.0000.1111 Static Local ----
201 23:23::23:1 1444.8f10.d8c9 Static Local ----
201 24:24::24:1 1444.8f10.d8c9 Static Local ----
201 25:25::25:1 0000.0000.1111 Static Local ----
201 26:26::26:1 0000.0000.1111 Static Local ----
201 27:27::27:1 1444.8f10.d8c9 Static Local ----
201 28:28::28:1 0000.0000.1111 Static Local ----
201 29:29::29:1 1444.8f10.d8c9 Static Local ----
201 30:30::30:1 0000.0000.1111 Static Local ----
Total number of entries are 20
Leaf1#

VTEP2:
Leaf2#show int counters rate mbps
+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
ce49 1099.23 771933 0.00 1
ce50 0.00 0 0.00 0
ce51 0.00 0 0.00 0
ce52 0.00 0 0.00 0
ce53 0.00 0 0.00 0
ce54 0.00 0 0.00 0
ce55 0.00 0 0.00 0
ce56 0.00 0 0.00 0
po3 1099.23 771934 0.00 1
xe3 0.00 0 0.00 0
xe5 0.00 0 0.00 0

© 2024 IP Infusion Inc. Proprietary 251

EVPN IRB - Anycast Support for Multiple Subnets

-------------------------------------------------------------
Leaf2#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.51 0000.2222.1010 Static Remote ----
101 11.11.11.201 0000.4444.1010 Static Remote ----
101 12.11.11.1 0000.0000.1111 Static Local ----
101 13.11.11.1 b86a.979c.1669 Static Local ----
101 14.11.11.1 b86a.979c.1669 Static Local ----
101 15.11.11.1 0000.0000.1111 Static Local ----
101 16.11.11.1 0000.0000.1111 Static Local ----
101 17.11.11.1 0000.0000.1111 Static Local ----
101 18.11.11.1 0000.0000.1111 Static Local ----
101 19.11.11.1 b86a.979c.1669 Static Local ----
101 20.11.11.1 0000.0000.1111 Static Local ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.51 0000.2222.1020 Static Remote ----
201 22.22.22.1 b86a.979c.1669 Static Local ----
201 23.23.23.1 0000.0000.1111 Static Local ----
201 24.24.24.1 0000.0000.1111 Static Local ----
201 25.25.25.1 b86a.979c.1669 Static Local ----
201 26.26.26.1 0000.0000.1111 Static Local ----
201 27.27.27.1 b86a.979c.1669 Static Local ----
201 28.28.28.1 0000.0000.1111 Static Local ----
201 29.29.29.1 b86a.979c.1669 Static Local ----
201 30.30.30.1 0000.0000.1111 Static Local ----
201 192.85.1.2 0039.4400.0020 Dynamic Remote ----
Total number of entries are 24
------------------------------------------------------
Leaf2# show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age
-Out Retries-Left
________________________________________________________________________________
____________________
101 11:11::11:1 0000.0000.1111 Static Local ----
101 12:11::11:1 b86a.979c.1669 Static Local ----
101 13:11::11:1 0000.0000.1111 Static Local ----
101 14:11::11:1 0000.0000.1111 Static Local ----
101 15:11::11:1 0000.0000.1111 Static Local ----
101 16:11::11:1 b86a.979c.1669 Static Local ----
101 17:11::11:1 0000.0000.1111 Static Local ----
101 18:11::11:1 b86a.979c.1669 Static Local ----
101 19:11::11:1 b86a.979c.1669 Static Local ----
101 20:20::20:1 b86a.979c.1669 Static Local ----
201 21:21::21:1 b86a.979c.1669 Static Local ----
201 22:22::22:1 0000.0000.1111 Static Local ----
201 23:23::23:1 b86a.979c.1669 Static Local ----
201 24:24::24:1 b86a.979c.1669 Static Local ----
201 25:25::25:1 0000.0000.1111 Static Local ----
201 26:26::26:1 0000.0000.1111 Static Local ----
201 27:27::27:1 b86a.979c.1669 Static Local ----
201 28:28::28:1 0000.0000.1111 Static Local ----
201 29:29::29:1 b86a.979c.1669 Static Local ----
201 30:30::30:1 0000.0000.1111 Static Local ----
Total number of entries are 20
Leaf2#

VTEP4:
Leaf3#show interface counters rate mbps
+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
ce49 0.00 1 0.00 0
ce51 0.00 0 0.00 0
ce52 0.00 0 0.00 0

© 2024 IP Infusion Inc. Proprietary 252

EVPN IRB - Anycast Support for Multiple Subnets

ce54 0.00 0 0.00 0

ce55 0.00 0 0.00 0
ce56 1175.78 844671 0.00 1
po4 1175.78 844671 0.00 1
xe4 0.00 0 0.00 0
xe5 0.00 0 0.00 0
xe7 0.00 0 0.00 0
xe8 0.00 0 0.00 0
xe9 0.00 0 0.00 0
xe10 0.00 0 0.00 0
xe11 0.00 0 0.00 0
xe30 0.00 0 0.00 0
xe31 0.00 0 0.00 0
xe32 0.00 0 0.00 0
Leaf3#
Leaf3#
------------------------------------------------------------------------------
Leaf3#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.51 0000.2222.1010 Static Remote ----
101 11.11.11.201 0000.4444.1010 Static Remote ----
101 12.11.11.1 0000.0000.1111 Static Local ----
101 13.11.11.1 b86a.9735.d79d Static Local ----
101 14.11.11.1 b86a.9735.d79d Static Local ----
101 15.11.11.1 0000.0000.1111 Static Local ----
101 16.11.11.1 0000.0000.1111 Static Local ----
101 17.11.11.1 0000.0000.1111 Static Local ----
101 18.11.11.1 0000.0000.1111 Static Local ----
101 19.11.11.1 b86a.9735.d79d Static Local ----
101 20.11.11.1 0000.0000.1111 Static Local ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.51 0000.2222.1020 Static Remote ----
201 22.22.22.1 b86a.9735.d79d Static Local ----
201 23.23.23.1 0000.0000.1111 Static Local ----
201 24.24.24.1 0000.0000.1111 Static Local ----
201 25.25.25.1 b86a.9735.d79d Static Local ----
201 26.26.26.1 0000.0000.1111 Static Local ----
201 27.27.27.1 b86a.9735.d79d Static Local ----
201 28.28.28.1 0000.0000.1111 Static Local ----
201 29.29.29.1 b86a.9735.d79d Static Local ----
201 30.30.30.1 0000.0000.1111 Static Local ----
201 192.85.1.2 0039.4400.0020 Dynamic Remote ----
Total number of entries are 24
--------------------------------------------------------
Leaf3#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age
-Out Retries-Left
________________________________________________________________________________
____________________
101 11:11::11:1 0000.0000.1111 Static Local ----
101 12:11::11:1 b86a.9735.d79d Static Local ----
101 13:11::11:1 0000.0000.1111 Static Local ----
101 14:11::11:1 0000.0000.1111 Static Local ----
101 15:11::11:1 0000.0000.1111 Static Local ----
101 16:11::11:1 b86a.9735.d79d Static Local ----
101 17:11::11:1 0000.0000.1111 Static Local ----
101 18:11::11:1 b86a.9735.d79d Static Local ----
101 19:11::11:1 b86a.9735.d79d Static Local ----
101 20:20::20:1 b86a.9735.d79d Static Local ----
201 21:21::21:1 b86a.9735.d79d Static Local ----
201 22:22::22:1 0000.0000.1111 Static Local ----
201 23:23::23:1 b86a.9735.d79d Static Local ----
201 24:24::24:1 b86a.9735.d79d Static Local ----
201 25:25::25:1 0000.0000.1111 Static Local ----
201 26:26::26:1 0000.0000.1111 Static Local ----
201 27:27::27:1 b86a.9735.d79d Static Local ----

© 2024 IP Infusion Inc. Proprietary 253

EVPN IRB - Anycast Support for Multiple Subnets

201 28:28::28:1 0000.0000.1111 Static Local ----

201 29:29::29:1 b86a.9735.d79d Static Local ----
201 30:30::30:1 0000.0000.1111 Static Local ----
Total number of entries are 20
Leaf3#

VTEP5:
Leaf4#show interface counters rate mbps
+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
ce49 0.00 0 0.00 0
ce50 0.00 0 0.00 0
ce52 0.00 0 0.00 0
ce53 0.00 0 0.00 0
ce54 1175.70 844612 0.00 1
ce55 0.00 0 0.00 0
po25 1175.70 844612 0.00 1
xe7 0.00 0 0.00 0
xe12 0.00 0 0.00 0
xe13 0.00 0 0.00 0
xe14 0.00 0 0.00 0
xe15 0.00 0 0.00 0
xe16 0.00 0 0.00 0
xe17 0.00 0 0.00 0
xe18 0.00 0 0.00 0
xe30 0.00 0 0.00 0
xe31 0.00 0 0.00 0
xe32 0.00 0 0.00 0
--------------------------------------------------------
Leaf4#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.51 0000.2222.1010 Static Remote ----
101 11.11.11.201 0000.4444.1010 Static Local ----
101 12.11.11.1 0000.0000.1111 Static Local ----
101 13.11.11.1 1444.8f45.8dc9 Static Local ----
101 14.11.11.1 1444.8f45.8dc9 Static Local ----
101 15.11.11.1 0000.0000.1111 Static Local ----
101 16.11.11.1 0000.0000.1111 Static Local ----
101 17.11.11.1 0000.0000.1111 Static Local ----
101 18.11.11.1 0000.0000.1111 Static Local ----
101 19.11.11.1 1444.8f45.8dc9 Static Local ----
101 20.11.11.1 0000.0000.1111 Static Local ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.51 0000.2222.1020 Static Remote ----
201 22.22.22.1 1444.8f45.8dc9 Static Local ----
201 23.23.23.1 0000.0000.1111 Static Local ----
201 24.24.24.1 0000.0000.1111 Static Local ----
201 25.25.25.1 1444.8f45.8dc9 Static Local ----
201 26.26.26.1 0000.0000.1111 Static Local ----
201 27.27.27.1 1444.8f45.8dc9 Static Local ----
201 28.28.28.1 0000.0000.1111 Static Local ----
201 29.29.29.1 1444.8f45.8dc9 Static Local ----
201 30.30.30.1 0000.0000.1111 Static Local ----
201 192.85.1.2 0039.4400.0020 Dynamic Remote ----
Total number of entries are 24
-----------------------------------------------------------
Leaf4#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age
-Out Retries-Left
________________________________________________________________________________
____________________
101 11:11::11:1 0000.0000.1111 Static Local ----
101 12:11::11:1 1444.8f45.8dc9 Static Local ----

© 2024 IP Infusion Inc. Proprietary 254

EVPN IRB - Anycast Support for Multiple Subnets

101 13:11::11:1 0000.0000.1111 Static Local ----

101 14:11::11:1 0000.0000.1111 Static Local ----
101 15:11::11:1 0000.0000.1111 Static Local ----
101 16:11::11:1 1444.8f45.8dc9 Static Local ----
101 17:11::11:1 0000.0000.1111 Static Local ----
101 18:11::11:1 1444.8f45.8dc9 Static Local ----
101 19:11::11:1 1444.8f45.8dc9 Static Local ----
101 20:20::20:1 1444.8f45.8dc9 Static Local ----
201 21:21::21:1 1444.8f45.8dc9 Static Local ----
201 22:22::22:1 0000.0000.1111 Static Local ----
201 23:23::23:1 1444.8f45.8dc9 Static Local ----
201 24:24::24:1 1444.8f45.8dc9 Static Local ----
201 25:25::25:1 0000.0000.1111 Static Local ----
201 26:26::26:1 0000.0000.1111 Static Local ----
201 27:27::27:1 1444.8f45.8dc9 Static Local ----
201 28:28::28:1 0000.0000.1111 Static Local ----
201 29:29::29:1 1444.8f45.8dc9 Static Local ----
201 30:30::30:1 0000.0000.1111 Static Local ----
Total number of entries are 20
Leaf4#

© 2024 IP Infusion Inc. Proprietary 255

VxLAN-EVPN Symmetric IRB Support with Connected host

CHAPTER 3 VxLAN-EVPN Symmetric IRB Support with

Connected host

Overview
EVPN-IRB enables communication between two L2VNI's by employing Routing through IP-VRF. This functionality
offers Host (/32) based Symmetric IRB support, directing inter-subnet traffic directly to the Host attached VTEP. To
implement this, configure "evpn irb-advertise-host-route" within VNID (BGP type 2) settings, or "redistribute connected-
host-routes" under BGP (BGP type 5) configurations.
Note:
• In VxLAN-EVPN Interface-less mode, only the 'redistribute connected-host-routes' command is supported.
However, in Interface-full mode, both commands are supported.
• It is advisable to configure a route map in ESI configured Multi-Homed (MH) nodes to block Hosts from peer MH.
This configuration is not required in non-ESI MH VTEPs.

Feature Characteristics
The preferred and recommended approach for AOS-CX VXLAN/EVPN Distributed L3 Gateways is Symmetric IRB.
This implementation offers superior scalability by eliminating the need to manage MAC/ARP entries for both source
and destination hosts, and it doesn't require configuring the same VLAN/VNI as in the case of Asymmetric IRB. These
advantages facilitate simpler and more scalable deployments in both Data Center and Campus networks.

Benefits
The advantages of utilizing a VxLAN-EVPN Symmetric IRB Support:
• Routing is employed on both ingress and egress VTEPs.
• Bi-directional traffic follows a symmetric path, such as utilizing an L3 VNI per VRF.
• VTEPs are relieved from holding unnecessary ARP/MAC resources.
• Configuration of the destination VLAN/VNI on the source VTEP is unnecessary.

Configuration
Ensure that the VTEPs have a base configuration with Symmetric IRB settings. Then, initiate dynamic traffic from
VTEP4 originating from the same subnet (53.1.X.XX/XXXX::XX) as the IRB interface. Typically, in EVPN, a single IP-
VRF can accommodate multiple IRB interfaces. Each IRB interface corresponds to a VNI, and multiple VNIs can be
associated with a MAC-VRF.

Topology
The procedures in this section use the topology in Figure 3-1

© 2024 IP Infusion Inc. Proprietary 256

VxLAN-EVPN Symmetric IRB Support with Connected host

Figure 3-1: VxLAN EVPN IRB Connected host

Note: In the above topology TG1 is Multi homed Host and TG2 and TG3 are Single homed host with same subnet
configured so there will be ECMP for 53 network in VTEP1 and VTEP2.

Base Configurations
Begin with a basic configuration that includes Symmetric IRB configurations on VTEPs, then initiate dynamic traffic
transmission from VTEP4 within the same subnet (53.1.1.40/5301::40) as the IRB interface.

© 2024 IP Infusion Inc. Proprietary 257

VxLAN-EVPN Symmetric IRB Support with Connected host

Validation
Verification before configuring evpn irb-advertise-host-route under VNID configurations or redistribute connected-host-
routes under bgp.

In VTEP1:

VTEP1#show ip route vrf vxlan_l3_elan_mhsh

IP Route Table for VRF "vxlan_l3_elan_mhsh"

B 2.2.2.2/32 [0/0] is directly connected, tunvxlan3, 00:21:33
B 5.5.5.5/32 [0/0] is directly connected, tunvxlan3, 00:21:33
B 6.6.6.6/32 [0/0] is directly connected, tunvxlan3, 00:21:33
B 53.1.1.0/24 [200/0] via 6.6.6.6 (recursive is directly connected,
tunvxlan3), 00:21:34
[200/0] via 5.5.5.5 (recursive is directly connected,
tunvxlan3)
C 127.0.0.0/8 is directly connected, lo.vxlan_l3_elan_mhsh, 07:17:43
C 200.1.1.0/24 is directly connected, irb1604, 07:17:41

Gateway of last resort is not set

VTEP1#
VTEP1#show ipv6 route vrf vxlan_l3_elan_mhsh
IPv6 Routing Table
IP Route Table for VRF "vxlan_l3_elan_mhsh"
C ::1/128 via ::, lo.vxlan_l3_elan_mhsh, 07:18:01
B ::ffff:202:202/128 [0/0] via ::, tunvxlan3, 00:21:51
B ::ffff:505:505/128 [0/0] via ::, tunvxlan3, 00:21:51
B ::ffff:606:606/128 [0/0] via ::, tunvxlan3, 00:21:51
C 2000::/48 via ::, irb1604, 07:17:59
B 5301::/48 [200/0] via ::ffff:606:606 (recursive via ::, tunvxlan3), 00:21:52
[200/0] via ::ffff:505:505 (recursive via ::, tunvxlan3)
C fe80::/64 via ::, irb1604, 07:17:59
VTEP1#

In VTEP2:

VTEP2#show ip route vrf vxlan_l3_elan_mhsh

IP Route Table for VRF "vxlan_l3_elan_mhsh"
B 1.1.1.1/32 [0/0] is directly connected, tunvxlan3, 00:22:50
B 5.5.5.5/32 [0/0] is directly connected, tunvxlan3, 00:22:50
B 6.6.6.6/32 [0/0] is directly connected, tunvxlan3, 00:22:50

© 2024 IP Infusion Inc. Proprietary 258

VxLAN-EVPN Symmetric IRB Support with Connected host

B 53.1.1.0/24 [200/0] via 6.6.6.6 (recursive is directly connected,

tunvxlan3), 00:22:51
[200/0] via 5.5.5.5 (recursive is directly connected,
tunvxlan3)
C 127.0.0.0/8 is directly connected, lo.vxlan_l3_elan_mhsh, 07:19:21
C 200.1.1.0/24 is directly connected, irb1604, 07:19:19

Gateway of last resort is not set

VTEP2#
VTEP2#
VTEP2#show ipv6 route vrf vxlan_l3_elan_mhsh
IPv6 Routing Table
IP Route Table for VRF "vxlan_l3_elan_mhsh"
C ::1/128 via ::, lo.vxlan_l3_elan_mhsh, 07:19:22
B ::ffff:101:101/128 [0/0] via ::, tunvxlan3, 00:22:51
B ::ffff:505:505/128 [0/0] via ::, tunvxlan3, 00:22:51
B ::ffff:606:606/128 [0/0] via ::, tunvxlan3, 00:22:51
C 2000::/48 via ::, irb1604, 07:19:20
B 5301::/48 [200/0] via ::ffff:606:606 (recursive via ::, tunvxlan3), 00:22:51
[200/0] via ::ffff:505:505 (recursive via ::, tunvxlan3)
C fe80::/64 via ::, irb1604, 07:19:20
VTEP2#
VTEP2#show bgp l2vpn evpn mac-ip | grep 0000:0053:0040
0 605 0000:0053:0040 --
605 0 6.6.6.6 -- VxLAN
0 605 0000:0053:0040 53.1.1.40
605 0 6.6.6.6 -- VxLAN
0 605 0000:0053:0040 5301::40
605 0 6.6.6.6 -- VxLAN
VTEP2#

In VTEP4:
VTEP4#show bgp l2vpn evpn mac-ip | grep 0000:0053:0040
0 605 0000:0053:0040 --
605 0 6.6.6.6 -- VxLAN
0 605 0000:0053:0040 53.1.1.40
605 0 6.6.6.6 -- VxLAN
0 605 0000:0053:0040 5301::40
605 0 6.6.6.6 -- VxLAN
VTEP4#

Evpn irb-advertise-host-route configuration

1. To enable the EVPN irb-advertise-host-route, execute the following command in the config mode.
(config)#nvo vxlan id 605 ingress-replication inner-vid-disabled
(config-nvo)#vxlan host-reachability-protocol evpn-bgp vxlan_l2_elan_sh2
(config-nvo)#evpn irb605
(config-nvo)#evpn irb-advertise-host-route

2. To redistributed connected-host-routes, execute the following command.

(config)#nvo vxlan id 605 ingress-replication inner-vid-disabled

© 2024 IP Infusion Inc. Proprietary 259

VxLAN-EVPN Symmetric IRB Support with Connected host

(config)#router bgp 1
(config-router)#address-family ipv4 vrf vxlan_l3_elan_sh
VTEP4(config-router-af)#redistribute connected-host-routes

Note: With static mac ip configured on vxlan access interface and when redistribute connected-host-routes is
configured under bgp. Then routes will not be advertised as /32 or /128 because for static mac-ip Arp entry will
not be present so only for dynamic routes.
Note: With redistribute connected-host-routes, show bgp l2vpn evpn mac-ip will not show the l3vnid.

Validation
Use this command to validate the VxLAN-EVPN Symmetric IRB.

In VTEP1:

VTEP1#show ip route vrf vxlan_l3_elan_mhsh

IP Route Table for VRF "vxlan_l3_elan_mhsh"
B 2.2.2.2/32 [0/0] is directly connected, tunvxlan3, 00:37:03
B 5.5.5.5/32 [0/0] is directly connected, tunvxlan3, 00:37:03
B 6.6.6.6/32 [0/0] is directly connected, tunvxlan3, 00:37:03
B 53.1.1.0/24 [200/0] via 6.6.6.6 (recursive is directly connected,
tunvxlan3), 00:37:04
[200/0] via 5.5.5.5 (recursive is directly connected,
tunvxlan3)
B 53.1.1.40/32 [200/0] via 6.6.6.6 (recursive is directly connected,
tunvxlan3), 00:05:49
C 127.0.0.0/8 is directly connected, lo.vxlan_l3_elan_mhsh, 07:33:13
C 200.1.1.0/24 is directly connected, irb1604, 07:33:11
Gateway of last resort is not set
VTEP1#
VTEP1#show ipv6 route vrf vxlan_l3_elan_mhsh
IPv6 Routing Table
IP Route Table for VRF "vxlan_l3_elan_mhsh"
C ::1/128 via ::, lo.vxlan_l3_elan_mhsh, 07:33:21
B ::ffff:202:202/128 [0/0] via ::, tunvxlan3, 00:37:11
B ::ffff:505:505/128 [0/0] via ::, tunvxlan3, 00:37:11
B ::ffff:606:606/128 [0/0] via ::, tunvxlan3, 00:37:11
C 2000::/48 via ::, irb1604, 07:33:19
B 5301::/48 [200/0] via ::ffff:606:606 (recursive via ::, tunvxlan3), 00:37:12
[200/0] via ::ffff:505:505 (recursive via ::, tunvxlan3)
B 5301::40/128 [200/0] via ::ffff:606:606 (recursive via ::, tunvxlan3), 00:05:57
C fe80::/64 via ::, irb1604, 07:33:19
VTEP1#
VTEP1#show bgp l2vpn evpn mac-ip | grep 0000:0053:0040
0 605 0000:0053:0040 --
605 0 6.6.6.6 -- VxLAN
0 605 0000:0053:0040 53.1.1.40
605 1604 6.6.6.6 -- VxLAN
0 605 0000:0053:0040 5301::40
605 1604 6.6.6.6 -- VxLAN
VTEP1#

© 2024 IP Infusion Inc. Proprietary 260

VxLAN-EVPN Symmetric IRB Support with Connected host

In VTEP2:

VTEP2#show ip route vrf vxlan_l3_elan_mhsh

IP Route Table for VRF "vxlan_l3_elan_mhsh"
B 1.1.1.1/32 [0/0] is directly connected, tunvxlan3, 00:31:16
B 5.5.5.5/32 [0/0] is directly connected, tunvxlan3, 00:31:16
B 6.6.6.6/32 [0/0] is directly connected, tunvxlan3, 00:31:16
B 53.1.1.0/24 [200/0] via 6.6.6.6 (recursive is directly connected,
tunvxlan3), 00:31:17
[200/0] via 5.5.5.5 (recursive is directly connected,
tunvxlan3)
B 53.1.1.40/32 [200/0] via 6.6.6.6 (recursive is directly connected,
tunvxlan3), 00:00:03
C 127.0.0.0/8 is directly connected, lo.vxlan_l3_elan_mhsh, 07:27:47
C 200.1.1.0/24 is directly connected, irb1604, 07:27:45
Gateway of last resort is not set
VTEP2#
VTEP2#show ipv6 route vrf vxlan_l3_elan_mhsh
IPv6 Routing Table
IP Route Table for VRF "vxlan_l3_elan_mhsh"
C ::1/128 via ::, lo.vxlan_l3_elan_mhsh, 07:27:54
B ::ffff:101:101/128 [0/0] via ::, tunvxlan3, 00:31:23
B ::ffff:505:505/128 [0/0] via ::, tunvxlan3, 00:31:23
B ::ffff:606:606/128 [0/0] via ::, tunvxlan3, 00:31:23
C 2000::/48 via ::, irb1604, 07:27:52
B 5301::/48 [200/0] via ::ffff:606:606 (recursive via ::, tunvxlan3), 00:31:23
[200/0] via ::ffff:505:505 (recursive via ::, tunvxlan3)
B 5301::40/128 [200/0] via ::ffff:606:606 (recursive via ::, tunvxlan3), 00:00:10
C fe80::/64 via ::, irb1604, 07:27:52
VTEP2#
VTEP2#show bgp l2vpn evpn mac-ip | grep 0000:0053:0040
0 605 0000:0053:0040 --
605 0 6.6.6.6 -- VxLAN
0 605 0000:0053:0040 53.1.1.40
605 1604 6.6.6.6 -- VxLAN
0 605 0000:0053:0040 5301::40
605 1604 6.6.6.6 -- VxLAN
VTEP2#

In VTEP4:

VTEP4#show arp vrf vxlan_l3_elan_mhsh

Flags: D - Static Adjacencies attached to down interface
IP ARP Table for context vxlan_l3_elan_mhsh
Total number of entries: 1
Address Age MAC Address Interface State
1.1.1.1 - e8c5.7aa3.2cb0 tunvxlan3 PERMANENT
2.2.2.2 - e001.a657.ef01 tunvxlan3 PERMANENT
5.5.5.5 - 6cb9.c5b1.ab9c tunvxlan3 PERMANENT
53.1.1.40 00:02:57 0000.0053.0040 irb604 STALE
VTEP4#

© 2024 IP Infusion Inc. Proprietary 261

VxLAN-EVPN Symmetric IRB Support with Connected host

VTEP4#show bgp l2vpn evpn mac-ip | grep 0000:0053:0040

0 605 0000:0053:0040 --
605 0 6.6.6.6 -- VxLAN
0 605 0000:0053:0040 53.1.1.40
605 1604 6.6.6.6 -- VxLAN
0 605 0000:0053:0040 5301::40
605 1604 6.6.6.6 -- VxLAN
VTEP4#

Glossary
The following provides definitions for key terms or abbreviations and their meanings used throughout this document:

Key Terms/Acronym Description

ECMP ECMP stands for Equal-Cost Multi-Path. It's a routing technique used in computer networks,
particularly in IP-based routing protocols like OSPF (Open Shortest Path First) and BGP (Border
Gateway Protocol).

VTEPs VTEP stands for VXLAN Tunnel Endpoint. It's a crucial component in network virtualization
architectures, particularly in overlay networks using VXLAN (Virtual Extensible LAN) technology.

ARP/MAC ARP (Address Resolution Protocol) and MAC (Media Access Control) address are both essential
components of networking, particularly in Ethernet-based networks.

VLAN/VNI VLAN (Virtual Local Area Network) and VNI (Virtual Network Identifier) are both technologies used
in networking to segment and manage traffic within a larger network infrastructure.

© 2024 IP Infusion Inc. Proprietary 262

VXLAN-IRB-Inter-VRF Route Leaking

CHAPTER 4 VXLAN-IRB-Inter-VRF Route Leaking

A VRF is a mechanism used to provide logical separation between routing tables on the same router. It is locally
significant to the router. Each interface on a router can only be assigned to one VRF, but a VRF can have multiple
interfaces. VRF route leaking can be done using route-target import/export.
The routes of VRF catering shared services shall be leaked to tenant VRFs. The leaking of routes shall be possible
over one overlay VRF to another overlay VRF. By doing so shared services like Internet access through gateway
routes can be made possible. Introduction of this feature shall cater various use cases of shared services like storage /
Internet access etc.

Topology
The procedures in this section use the topology in Figure 4-2.

© 2024 IP Infusion Inc. Proprietary 263

VXLAN-IRB-Inter-VRF Route Leaking

Figure 4-2: VxLAN_EVPN_IVRF

Note: SH means Single homing host and MH means Multihoming host.

© 2024 IP Infusion Inc. Proprietary 264

VXLAN-IRB-Inter-VRF Route Leaking

VTEP1
Single Home -SH

Hardware profile and generic configuration:

#configure terminal Enter Configure mode.

(config)#nvo vxlan enable Enable VXLAN
(config)#nvo vxlan irb Enable VXLAN irb
(Config)#qos enable Enabling qos
(Config)# bfd interval 3 minrx 3 multiplier Configure bfd
3
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Interface and loopback configuration:

(config)#interface ce50 Enter Interface mode for ce50 (SH1)

(config-if)# description ***Connected to Interface description
TOR1***
(config-if)#switchport Make it L2 interface
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 51.51.51.51/32 Configure loopback ip address
secondary
(config-if)#exit Exit Interface mode and return to Configure mode.
(config) interface xe40 Enter interface mode
(config-if)# description ***Connected to Interface description
Spine2***
(config-if)# ip address 10.10.10.1/31 Configure ip address on network side of Spine1
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board
(config-if)#exit Exit Interface mode and return to Configure mode.

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 51.51.51.51 Configure router-id as lo ip address
(config-router)#network 51.51.51.51/32 area Add lo ip address network into area 0
0.0.0.0
(config-router)#network 10.10.10.0/24 area Add Spine-connected network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

© 2024 IP Infusion Inc. Proprietary 265

VXLAN-IRB-Inter-VRF Route Leaking

BGP configuration:

(config)#router bgp 500 Enter into Router BGP mode

(config-router)#bgp router-id 51.51.51.51 Configure router-id as lo ip address
(config-router)#neighbor 66.66.66.66 remote- Specify a BorderVTEP1 loopback ip address and remote-as
as 500 defined
(config-router)#neighbor 66.66.66.66 update- Configure update as loopback for BorderVTEP1
source lo
(config-router)#neighbor 66.66.66.66 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 BorderVTEP1
(config-router)# address-family ipv4 unicast Enter into IPV4 unicast address family mode
(config-router-af)# neighbor 66.66.66.66 Activate BorderVTEP1 into ipv4 unicast family
activate
(config-router-af)# exit-address-family Exit from IPV4 unicast address family
(config-router)#address-family l2vpn evpn Enter into l2vpn EVPN address family mode
(config-router-af)#neighbor 66.66.66.66 Activate BorderVTEP1 into l2vpn evpn address family mode
activate
(config-router-af)#exit-address-family Exit from l2vpn address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

L2 VRF Configuration:

(config)# mac vrf RED Create mac routing/forwarding instance with RED name and
enter into vrf mode
(config-vrf)# rd 2.3.4.5:1 Assign RD value
(config-vrf)# route-target both 6000:6000 Assign route-target value for same for import and export.
Should be same on all node for RED
(config-vrf)#exit Exit from vrf mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

L3 VRF and BGP Configuration:

(config)# ip vrf FAX Create mac routing/forwarding instance with FAX name and
enter into vrf mode
(config-vrf)# rd 51.51.51.51:1050 Assign RD value
(config-vrf)# route-target both 1050:1050 Assign route-target value for same for import and export.
(config-vrf)# l3vni 10502 Configure L3VNI as 10502 for FAX vrf
(config-vrf)#exit Exit from vrf mode
(config)# interface irb 1050 Configure irb interface 1050
(config-if)ip vrf forwarding FAX Configure FAX
(config-if) ip address 10.12.32.1/24 Configure ip address
(config-if)exit Exit from interface config mode

© 2024 IP Infusion Inc. Proprietary 266

VXLAN-IRB-Inter-VRF Route Leaking

(config)#commit Commit the candidate configuration to running configuration

and save config and reload board
(config)router bgp 500 Enter into bgp router mode
(config-router)#address-family ipv4 vrf FAX Enter into address-family mode for FAX
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit form address-family
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VXLAN configuration:

(config)#nvo vxlan enable Enable VXLAN

(config)#nvo vxlan vtep-ip-global Configure Source vtep-ip-global configuration. Use loopback
51.51.51.51 ip address
(config)#nvo vxlan id 1050 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp RED
(config-nvo)# evpn irb1050 Configure irb1050 under vxlan id 1050
(config)# nvo vxlan access-if port-vlan ce50 Enable port-vlan mapping i.e. access port to outer-vlan
1050 (SVLAN)
(config-nvo-acc-if)# map vnid 1050 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.3333.1050 ip Configure static mac-ip
10.12.32.10
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VTEP2
(Multi-homed group) - Part of both Multi-homed with po1000(MH).

Hardware profile and generic configuration:

#configure terminal Enter Configure mode.

(config)#nvo vxlan enable Enable VXLAN
(config)#nvo vxlan irb Enable VXLAN irb
(config)# evpn irb-forwarding anycast- Configure Anycast gateway mac
gateway-mac 0000.2222.3333
(Config)#qos enable Enabling qos
(Config)# bfd interval 3 minrx 3 multiplier Configure bfd
3
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

© 2024 IP Infusion Inc. Proprietary 267

VXLAN-IRB-Inter-VRF Route Leaking

Interface and loopback configuration:

(config)#interface xe4 Enter Interface mode for xe4(MH)

(config-if)# description ***Connected to Interface description
TOR2***
(config-if)# channel-group 1000 mode active Make it member of po1000
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)# interface po1000 Enter into po1000 mode
(config-if)# switchport Configure L2 mode
(config-if)# evpn multi-homed system-mac Configure System mac
0000.4444.5555
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 60.60.60.60/32 Configure loopback ip address
(config-if)#exit Exit Interface mode and return to Configure mode.
(config) interface xe25 Enter interface mode
(config-if)# description ***Connected to Interface description
Spine1***
(config-if)# ip address ip address Configure ip address on network side of Spine1
10.10.12.1/31
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 60.60.60.60 Configure router-id as lo ip address
(config-router)#network 60.60.60.60/32 area Add lo ip address network into area 0
0.0.0.0
(config-router)#network 10.10.12.0/24 area Add Spine-connected network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

BGP configuration:

(config)#router bgp 500 Enter into Router BGP mode

(config-router)#bgp router-id 60.60.60.60 Configure router-id as lo ip address
(config-router)#neighbor 66.66.66.66 remote- Specify a BorderVTEP1 loopback ip address and remote-as
as 500 defined
(config-router)#neighbor 66.66.66.66 update- Configure update as loopback for BorderVTEP1
source lo
(config-router)#neighbor 66.66.66.66 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 BorderVTEP1

© 2024 IP Infusion Inc. Proprietary 268

VXLAN-IRB-Inter-VRF Route Leaking

(config-router)#neighbor 76.76.76.76 remote- Specify a VTEP3 loopback ip address and remote-as defined
as 500
(config-router)#neighbor 76.76.76.76 update- Configure update as loopback for VTEP3
source lo
(config-router)#neighbor 76.76.76.76 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP3
(config-router)# address-family ipv4 unicast Enter into IPV4 unicast address family mode
(config-router-af)# neighbor 66.66.66.66 Activate BorderVTEP1 into ipv4 unicast family
activate
(config-router-af)# neighbor 76.76.76.76 Activate VTEP3 into ipv4 unicast family
activate
(config-router-af)# exit-address-family Exit from IPV4 unicast address family
(config-router)#address-family l2vpn evpn Enter into l2vpn EVPN address family mode
(config-router-af)#neighbor 66.66.66.66 Activate BorderVTEP1 into l2vpn evpn address family mode
activate
(config-router-af)#neighbor 76.76.76.76 Activate VTEP3 into l2vpn evpn address family mode
activate
(config-router-af)#exit-address-family Exit from l2vpn address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

L2 VRF Configuration:

(config)# mac vrf RED Create mac routing/forwarding instance with RED name and
enter into vrf mode
(config-vrf)# rd 2.3.4.5:2 Assign RD value
(config-vrf)# route-target both 6000:6000 Assign route-target value for same for import and export.
Should be same on all node for RED
(config-vrf)#exit Exit from vrf mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

L3 VRF and BGP Configuration:

(config)# ip vrf SMS Create mac routing/forwarding instance with SMS name and
enter into vrf mode
(config-vrf)# rd 60.60.60.60:1040 Assign RD value
(config-vrf)# route-target both 1040:1040 Assign route-target value for same for import and export.
(config-vrf)# l3vni 10402 Configure L3VNI as 10402 for SMS vrf
(config-vrf)#exit Exit from vrf mode
(config)# interface irb 1060 Configure irb interface 1060
(config-if)ip vrf forwarding SMS Configure ip vrf forwarding
(config-if) ip address 10.240.38.1/24 Configure ip address
(config-if) evpn irb-if-forwarding anycast- Anycast mac configured
gateway-mac
(config-if)exit Exit from interface config mode

© 2024 IP Infusion Inc. Proprietary 269

VXLAN-IRB-Inter-VRF Route Leaking

(config)#commit Commit the candidate configuration to running configuration

and save config and reload board
(config)router bgp 500 Enter into bgp router mode
(config-router)#address-family ipv4 vrf SMS Enter into address-family mode for SMS
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit form address-family
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VXLAN configuration:

(config)#nvo vxlan enable Enable VXLAN

(config)#nvo vxlan vtep-ip-global Configure Source vtep-ip-global configuration. Use loopback
60.60.60.60 ip address
(config)#nvo vxlan id 1060 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp RED
(config-nvo)# evpn irb1060 Configure irb1060 under vxlan id 1060
(config)# nvo vxlan access-if port-vlan Enable port-vlan mapping i.e. access port to outer-vlan
po1000 1060 (SVLAN) - Multihomed access port
(config-nvo-acc-if)# map vnid 1060 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.2222.1060 ip Configure static mac-ip
10.240.38.10
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VTEP3
(Multi-homed group) - Part of both Multi-homed with po1000(MH).

Hardware profile and generic configuration:

#configure terminal Enter Configure mode.

© 2024 IP Infusion Inc. Proprietary 270

VXLAN-IRB-Inter-VRF Route Leaking

Interface and loopback configuration:

(config)#interface xe10 Enter Interface mode for xe10(MH)

(config-if)# description ***Connected to Interface description
TOR2***
(config-if)# channel-group 1000 mode active Make it member of po1000
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)# interface po1000 Enter into po1000 mode
(config-if)# switchport Configure L2 mode
(config-if)# evpn multi-homed system-mac Configure System mac
0000.4444.5555
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 76.76.76.76/32 Configure loopback ip address
secondary
(config-if)#exit Exit Interface mode and return to Configure mode.
(config) interface xe27 Enter interface mode
(config-if)# description ***Connected to Interface description
Spine1***
(config-if)# ip address ip address Configure ip address on network side of Spine1
10.10.24.1/31
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 76.76.76.76 Configure router-id as lo ip address
(config-router)#network 76.76.76.76/32 area Add lo ip address network into area 0
0.0.0.0
(config-router)#network 10.10.24.0/24 area Add Spine-connected network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

BGP configuration:

(config)#router bgp 500 Enter into Router BGP mode

(config-router)#bgp router-id 76.76.76.76 Configure router-id as lo ip address
(config-router)#neighbor 66.66.66.66 remote- Specify a BorderVTEP1 loopback ip address and remote-as
as 500 defined
(config-router)#neighbor 66.66.66.66 update- Configure update as loopback for BorderVTEP1
source lo

© 2024 IP Infusion Inc. Proprietary 271

VXLAN-IRB-Inter-VRF Route Leaking

(config-router)#neighbor 66.66.66.66 Configure advertisement-interval as 0 for fast convergence for

advertisement-interval 0 BorderVTEP1
(config-router)#neighbor 60.60.60.60 remote- Specify a VTEP2 loopback ip address and remote-as defined
as 500
(config-router)#neighbor 60.60.60.60 update- Configure update as loopback for VTEP2
source lo
(config-router)#neighbor 60.60.60.60 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP2
(config-router)# address-family ipv4 unicast Enter into IPV4 unicast address family mode
(config-router-af)# neighbor 66.66.66.66 Activate BorderVTEP1 into ipv4 unicast family
activate
(config-router-af)# neighbor 60.60.60.60 Activate VTEP2 into ipv4 unicast family
activate
(config-router-af)# exit-address-family Exit from IPV4 unicast address family
(config-router)#address-family l2vpn evpn Enter into l2vpn EVPN address family mode
(config-router-af)#neighbor 66.66.66.66 Activate BorderVTEP1 into l2vpn evpn address family mode
activate
(config-router-af)#neighbor 60.60.60.60 Activate VTEP2 into l2vpn evpn address family mode
activate
(config-router-af)#exit-address-family Exit from l2vpn address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

L2 VRF Configuration:

(config)# mac vrf RED Create mac routing/forwarding instance with RED name and
enter into vrf mode
(config-vrf)# rd 2.3.4.6:2 Assign RD value
(config-vrf)# route-target both 6000:6000 Assign route-target value for same for import and export.
Should be same on all node for RED
(config-vrf)#exit Exit from vrf mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

L3 VRF and BGP Configuration:

(config)# ip vrf SMS Create mac routing/forwarding instance with SMS name and
enter into vrf mode
(config-vrf)# rd 76.76.76.76:1040 Assign RD value
(config-vrf)# route-target both 1040:1040 Assign route-target value for same for import and export.
(config-vrf)# l3vni 10402 Configure L3VNI as 10402 for SMS vrf
(config-vrf)#exit Exit from vrf mode
(config)# interface irb 1060 Configure irb interface 1060
(config-if)ip vrf forwarding SMS Configure ip vrf forwarding
(config-if) ip address 10.240.38.1/24 Configure ip address

© 2024 IP Infusion Inc. Proprietary 272

VXLAN-IRB-Inter-VRF Route Leaking

(config-if) evpn irb-if-forwarding anycast- Anycast mac configured

gateway-mac
(config-if)exit Exit from interface config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board
(config)router bgp 500 Enter into bgp router mode
(config-router)#address-family ipv4 vrf SMS Enter into address-family mode for SMS
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit form address-family
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VXLAN configuration:

(config)#nvo vxlan vtep-ip-global Configure Source vtep-ip-global configuration. Use loopback

76.76.76.76 ip address
(config)#nvo vxlan id 1060 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp RED
(config-nvo)# evpn irb1060 Configure irb1060 under vxlan id 1060
(config)# nvo vxlan access-if port-vlan Enable port-vlan mapping i.e. access port to outer-vlan
po1000 1060 (SVLAN) - Multihomed access port
(config-nvo-acc-if)# map vnid 1060 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.2222.1060 ip Configure static mac-ip
10.240.38.10
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

BorderVTEP1

Hardware profile and generic configuration:

#configure terminal Enter Configure mode.

© 2024 IP Infusion Inc. Proprietary 273

VXLAN-IRB-Inter-VRF Route Leaking

Interface and loopback configuration:

(config)#interface ce50 Enter Interface mode

(config-if)# description ***Connected to Interface description
FW***
(config-if)# switchport Configure L2 mode
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 66.66.66.66/32 Configure loopback ip address
(config-if)#exit Exit Interface mode and return to Configure mode.
(config) interface xe39 Enter interface mode
(config-if)# description ***Connected to Interface description
Spine1***
(config-if)# ip address ip address Configure ip address on network side of Spine1
10.10.14.1/31
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 66.66.66.66 Configure router-id as lo ip address
(config-router)#network 66.66.66.66/32 area Add lo ip address network into area 0
0.0.0.0
(config-router)#network 10.10.14.0/24 area Add Spine-connected network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

BGP configuration:

(config)#router bgp 500 Enter into Router BGP mode

(config-router)#bgp router-id 66.66.66.66 Configure router-id as lo ip address
(config-router)#neighbor 51.51.51.51 remote- Specify a VTEP1 loopback ip address and remote-as defined
as 500
(config-router)#neighbor 51.51.51.51 update- Configure update as loopback for VTEP1
source lo
(config-router)#neighbor 51.51.51.51 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
(config-router)#neighbor 60.60.60.60 remote- Specify a VTEP2 loopback ip address and remote-as defined
as 500
(config-router)#neighbor 60.60.60.60 update- Configure update as loopback for VTEP2
source lo
(config-router)#neighbor 60.60.60.60 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP2

© 2024 IP Infusion Inc. Proprietary 274

VXLAN-IRB-Inter-VRF Route Leaking

(config-router)#neighbor 76.76.76.76 remote- Specify a VTEP3 loopback ip address and remote-as defined
as 500
(config-router)#neighbor 76.76.76.76 update- Configure update as loopback for VTEP3
source lo
(config-router)#neighbor 76.76.76.76 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP3
(config-router)# no bgp default ipv4-unicast It will avoid default ipv4 unicast routing
(config-router)# address-family ipv4 unicast Enter into IPV4 unicast address family mode
(config-router-af)# neighbor 51.51.51.51 Activate VTEP1 into ipv4 unicast family
activate
(config-router-af)# neighbor 60.60.60.60 Activate VTEP2 into ipv4 unicast family
activate
(config-router-af)# neighbor 76.76.76.76 Activate VTEP3 into ipv4 unicast family
activate
(config-router-af)# exit-address-family Exit from IPV4 unicast address family
(config-router)#address-family l2vpn evpn Enter into l2vpn EVPN address family mode
(config-router-af)#neighbor 51.51.51.51 Activate VTEP1 into l2vpn evpn address family mode
activate
(config-router-af)#neighbor 60.60.60.60 Activate VTEP2 into l2vpn evpn address family mode
activate
(config-router-af)#neighbor 76.76.76.76 Activate VTEP3 into l2vpn evpn address family mode
activate
(config-router-af)#exit-address-family Exit from l2vpn address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

L2 VRF Configuration:

(config)# mac vrf RED Create mac routing/forwarding instance with RED name and
enter into vrf mode
(config-vrf)# rd 2.2.4.4:4 Assign RD value
(config-vrf)# route-target both 6000:6000 Assign route-target value for same for import and export.
Should be same on all node for RED
(config-vrf)#exit Exit from vrf mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

L3 VRF and BGP Configuration:

(config)# ip vrf gvrf Create mac routing/forwarding instance with gvrf name and
enter into vrf mode
(config-vrf)# rd 4.5.6.8:6 Assign RD value
(config-vrf)# route-target import 100:100 Assign route-target value for import from FAX vrf
(config-vrf)# route-target import 300:300 Assign route-target value for import from SMS vrf
(config-vrf)# route-target export 1000:1000 Assign route-target value for export from gvrf
(config-vrf)# l3vni 500 Configure L3VNI as 500 for gvrf vrf

© 2024 IP Infusion Inc. Proprietary 275

VXLAN-IRB-Inter-VRF Route Leaking

(config-vrf)#exit Exit from vrf mode

(config)# interface irb 1067 Configure irb interface 1060
(config-if) ip vrf forwarding gvrf Configure ip vrf forwarding
(config-if) ip address 10.10.18.1/24
Configure ip address
(config-if)exit Exit from interface config mode
(config)# ip vrf FAX Create mac routing/forwarding instance with FAX name and
enter into vrf mode
(config-vrf)# rd 66.66.66.66:1050 Assign RD value
(config-vrf)# route-target both 1050:1050 Assign route-target value for same for import and export.
(config-vrf)# route-target export 100:100 Assign route-target value export from FAX
(config-vrf)# route-target import 1000:1000 Assign route-target value for import from gvrf
(config-vrf)# l3vni 10502 Configure L3VNI as 10502 for FAX vrf
(config-vrf)#exit Exit from vrf mode
(config)# ip vrf SMS Create mac routing/forwarding instance with SMS name and
enter into vrf mode
(config-vrf)# rd 66.66.66.66:1060 Assign RD value
(config-vrf)# route-target both 1040:1040 Assign route-target value for same for import and export.
(config-vrf)# route-target export 300:300 Assign route-target value export from SMS
(config-vrf)# route-target import 1000:1000 Assign route-target value for import from gvrf
(config-vrf)# l3vni 10402 Configure L3VNI as 10402 for SMS vrf
(config-vrf)#exit Exit from vrf mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board
(config)router bgp 500 Enter into bgp router mode
(config-router)#address-family ipv4 vrf gvrf Enter into address-family mode for gvrf
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)# neighbor 10.10.18.2 Add Firewall as neighbor
remote-as 64603
(config-router-af)# neighbor 10.10.18.2 Configure bfd for better convergence
fall-over bfd
(config-router-af)# neighbor 10.10.18.2 Activate the neighbor
activate
(config-router-af)# neighbor 10.10.18.2 Configure interval 0 for better convergence
advertisement-interval 0
(config-router-af)#exit-address-family Exit form address-family
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

VXLAN configuration:

(config)#nvo vxlan vtep-ip-global Configure Source vtep-ip-global configuration. Use loopback

66.66.66.66 ip address
(config)# nvo vxlan id 1067 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode

© 2024 IP Infusion Inc. Proprietary 276

VXLAN-IRB-Inter-VRF Route Leaking

(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route

protocol evpn-bgp RED
(config-nvo)# evpn irb1067 Configure irb1067 under vxlan id 1067
(config)# nvo vxlan access-if port-vlan ce50 Enable port-vlan mapping i.e. access port to outer-vlan
1067 (SVLAN) - Multihomed access port
(config-nvo-acc-if)# map vnid 1067 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Firewall

Hardware profile and generic configuration:

#configure terminal Enter Configure mode.

(Config)#qos enable Enabling qos
(Config)#bfd interval 3 minrx 3 multiplier 3 Configure bfd
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Interface and loopback configuration:

#configure terminal Enter Configure mode.

(config)# bridge 1 protocol rstp vlan-bridge Configure rstp vlan bridge
(config)# vlan database
(config)#vlan 1067 bridge 1 state enable Configure vlans from 1067 and associate with bridge 1
(config)#interface ce30/1 Enter Interface mode for ce30/1
(config-if)# description ***Connected to Interface description
BorderVTEP1***
(config-if)#bridge-group 1 Associate to bridge 1
(config-if)# bridge-group 1 spanning-tree Configure stp disable
disable
(config-if)# switchport mode trunk Mode as trunk
(config-if)# switchport trunk allowed vlan Trunk allowed vlan as 1067
add 1067
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface vlan1.1067 Enter Interface mode
(config-if)# ip address 10.10.18.2/24 Configure ip address
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce1/1 Enter Interface mode
(config-if)#ip address 10.10.20.1/24 Configure ip address to advertise
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

© 2024 IP Infusion Inc. Proprietary 277

VXLAN-IRB-Inter-VRF Route Leaking

BGP configuration:

(Config)#router bgp 64603 Enter into Router BGP mode

(config-router)# neighbor 10.10.18.1 remote- Specify a BorderVTEP1 gvrf ip address and remote-as
as 500 defined
(config-router)# neighbor 10.10.18.1 fall- Configure fall-over bfd for fast convergence
over bfd
(config-router)#neighbor 10.10.18.1 Configure advertisement-interval as 0 for fast convergence
advertisement-interval 0
(config-router)# address-family ipv4 unicast Enter into IPV4 unicast address family mode
(config-router-af)# network 10.10.20.0/24 Add lo adders as network for advertise
(config-router-af)# max-paths ebgp 8 Add max path
(config-router-af)# neighbor 10.10.18.1 Activate the neighbor
activate
(config-router-af)# neighbor 10.10.18.1 Do default originate
default-originate
(config-router-af)# exit-address-family Exit from IPV4 unicast address family
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

TOR1 (SH)

#configure terminal Enter Configure mode.

(config)# bridge 1 protocol rstp vlan-bridge Configure rstp vlan bridge
(config)# vlan database
(config)#vlan 1050 bridge 1 state enable Configure vlans from 1050 and associate with bridge 1
(config)#interface ce1/1 Enter Interface mode for ce1/1
(config-if)#switchport Make as L2 port by configuring switchport
(config-if)#bridge-group 1 Associate to bridge 1
(config-if)# bridge-group 1 spanning-tree Configure stp disable
disable
(config-if)# switchport mode trunk Mode as trunk
(config-if)# switchport trunk allowed vlan Trunk allowed vlan as 1050
add 1050
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce25/1 Enter Interface mode for ce25/1
(config-if)#switchport Make as L2 port by configuring switchport
(config-if)#bridge-group 1 Associate to bridge 1
(config-if)# bridge-group 1 spanning-tree Configure stp disable
disable
(config-if)# switchport mode trunk Mode as trunk
(config-if)# switchport trunk allowed vlan Trunk allowed vlan as 1050
add 1050
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

© 2024 IP Infusion Inc. Proprietary 278

VXLAN-IRB-Inter-VRF Route Leaking

TOR2 (MH)
Multihomed to 2-VTEPs (VTEP2 and VTEP3).

#configure terminal Enter Configure mode.

(config)# bridge 1 protocol rstp vlan-bridge Configure rstp vlan bridge
(config)# vlan database
(config)#vlan 1060 bridge 1 state enable Configure vlans from 1060 and associate with bridge 1
(config)#interface po1000 Enter Interface mode for po1000
(config-if)#switchport Make as L2 port by configuring switchport
(config-if)#bridge-group 1 Associate to bridge 1
(config-if)# bridge-group 1 spanning-tree Configure stp disable
disable
(config-if)# switchport mode trunk Mode as trunk
(config-if)# switchport trunk allowed vlan Trunk allowed vlan as 1060
add 1060
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe4 Enter Interface mode for xe4
(config-if)# channel-group 1000 mode active Make it member of po1000
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe7 Enter Interface mode for xe7
(config-if)# channel-group 1000 mode active Make it member of po1000
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe7 Enter Interface mode for ce25/1
(config-if)#switchport Make as L2 port by configuring switchport
(config-if)#bridge-group 1 Associate to bridge 1
(config-if)# bridge-group 1 spanning-tree Configure stp disable
disable
(config-if)# switchport mode trunk Mode as trunk
(config-if)# switchport trunk allowed vlan Trunk allowed vlan as 1060
add 1060
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Spine1
Spine node where all VTEPs are connected.

Generic configuration:

#configure terminal Enter Configure mode.

(Config)#qos enable Enabling qos

© 2024 IP Infusion Inc. Proprietary 279

VXLAN-IRB-Inter-VRF Route Leaking

(Config)# bfd interval 3 minrx 3 multiplier Configure bfd

3
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Interface and loopback configuration:

(config)#interface lo Enter Interface mode for lo

(config-if)#ip address 62.62.62.62/32 Configure loopback ip address
secondary
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe40 Enter Interface mode
(config-if)# description ***Connected to Description of interface
VTEP1***
(config-if)#ip address ip address Configure ip address on network side of VTEP1
10.10.10.2/31
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe25 Enter Interface mode
(config-if)# description ***Connected to Description of interface
VTEP2***
(config-if)#ip address ip address Configure ip address on network side of VTEP2
10.10.12.2/31
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe27 Enter Interface mode
(config-if)# description ***Connected to Description of interface
VTEP3***
(config-if)#ip address ip address Configure ip address on network side of VTEP3
10.10.24.2/31
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe39 Enter Interface mode
(config-if)# description ***Connected to Description of interface
BorderVTEP1***
(config-if)#ip address ip address Configure ip address on network side of BorderVTEP1
10.10.14.2/31
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 62.62.62.62 Configure router-id as lo ip address
(config-router)#network 62.62.62.62/32 area Add lo ip address network into area 0
0.0.0.0
(config-router)#network 10.10.10.0/24 area Add VTEP1 network into area 0
0.0.0.0

© 2024 IP Infusion Inc. Proprietary 280

VXLAN-IRB-Inter-VRF Route Leaking

(config-router)#network 10.10.12.0/24 area Add VTEP2 network into area 0

0.0.0.0
(config-router)#network 10.10.14.0/24 area Add VTEP4 network into area 0
0.0.0.0
(config-router)#network 10.10.24.0/24 area Add VTEP3 network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#commit Commit the candidate configuration to running configuration
and save config and reload board

Validations
Firewall
=========
Firewall#show ip bgp summary
BGP router identifier 10.10.19.2, local AS number 64603
BGP table version is 3
2 BGP AS-PATH entries
0 BGP community entries
8 Configured ebgp ECMP multipath: Currently set at 8

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Dow

n State/PfxRcd
10.10.18.1 4 500 46 58 3 0 0 00:17:36
3

Total number of neighbors 1

Total number of Established sessions 1

Firewall#show ip roy
Firewall#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

C 10.10.18.0/24 is directly connected, vlan1.1067, 00:19:40
C 10.10.20.0/24 is directly connected, ce1/1, 00:00:13
B 10.12.32.0/24 [20/0] via 10.10.18.1, vlan1.1067, 00:17:43
B 10.240.38.0/24 [20/0] via 10.10.18.1, vlan1.1067, 00:17:43
C 127.0.0.0/8 is directly connected, lo, 00:52:18
IP Route Table for VRF "management"
C 10.12.85.0/24 is directly connected, eth0, 00:52:07

© 2024 IP Infusion Inc. Proprietary 281

VXLAN-IRB-Inter-VRF Route Leaking

C 127.0.0.0/8 is directly connected, lo.management, 00:52:18

Gateway of last resort is not set

FW#

BorderVTEP1
===========

BorderVTEP1#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
1067 ---- -- AC ce50 --- Single Homed Port --- 1067 ----
---- ----
10402 ---- L3 NW ---- ---- ---- ----
66.66.66.66 60.60.60.60
10402 ---- L3 NW ---- ---- ---- ----
66.66.66.66 76.76.76.76
10502 ---- L3 NW ---- ---- ---- ----
66.66.66.66 51.51.51.51

Total number of entries are 4

BorderVTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
66.66.66.66 51.51.51.51 Installed 00:22:36 00:22:36
66.66.66.66 60.60.60.60 Installed 00:22:36 00:22:36
66.66.66.66 76.76.76.76 Installed 00:22:36 00:22:36

Total number of entries are 3

BorderVTEP1#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

O 10.10.10.0/31 [110/2] via 10.10.14.0, xe39, 00:22:44
O 10.10.12.0/31 [110/2] via 10.10.14.0, xe39, 00:22:44
C 10.10.14.0/31 is directly connected, xe39, 00:23:29

© 2024 IP Infusion Inc. Proprietary 282

VXLAN-IRB-Inter-VRF Route Leaking

O 10.10.24.0/31 [110/2] via 10.10.14.0, xe39, 00:22:44

O 51.51.51.51/32 [110/3] via 10.10.14.0, xe39, 00:22:44
O 60.60.60.60/32 [110/3] via 10.10.14.0, xe39, 00:22:44
C 66.66.66.66/32 is directly connected, lo, 00:23:32
O 76.76.76.76/32 [110/3] via 10.10.14.0, xe39, 00:22:44
C 127.0.0.0/8 is directly connected, lo, 00:24:12
IP Route Table for VRF "management"
C 10.12.86.0/24 is directly connected, eth0, 00:23:38
C 127.0.0.0/8 is directly connected, lo.management, 00:24:12
IP Route Table for VRF "gvrf"
Gateway of last resort is 10.10.18.2 to network 0.0.0.0

B* 0.0.0.0/0 [20/0] via 10.10.18.2, irb1067, 00:21:31

C 10.10.18.0/24 is directly connected, irb1067, 00:23:30
B 10.10.20.0/24 [20/0] via 10.10.18.2, irb1067, 00:04:01
B v 10.12.32.0/24 [200/0] via 51.51.51.51 (recursive is directly connected,
tunvxlan3), 00:22:39
B v 10.240.38.0/24 [200/0] via 60.60.60.60 (recursive is directly connected,
tunvxlan4), 00:22:40
C 127.0.0.0/8 is directly connected, lo.gvrf, 00:23:36
IP Route Table for VRF "SMS"
Gateway of last resort is 10.10.18.2 to network 0.0.0.0

B* v 0.0.0.0/0 [20/0] via 10.10.18.2, irb1067, 00:21:31

B v 10.10.18.0/24 [20/0] is directly connected, irb1067, 00:23:30
B v 10.10.20.0/24 [20/0] via 10.10.18.2, irb1067, 00:04:01
B 10.240.38.0/24 [200/0] via 60.60.60.60 (recursive is directly connected,
tunvxlan4), 00:22:40
B 60.60.60.60/32 [0/0] is directly connected, tunvxlan4, 00:22:39
B 76.76.76.76/32 [0/0] is directly connected, tunvxlan4, 00:22:39
C 127.0.0.0/8 is directly connected, lo.SMS, 00:23:35
IP Route Table for VRF "FAX"
Gateway of last resort is 10.10.18.2 to network 0.0.0.0

B* v 0.0.0.0/0 [20/0] via 10.10.18.2, irb1067, 00:21:31

B v 10.10.18.0/24 [20/0] is directly connected, irb1067, 00:23:30
B v 10.10.20.0/24 [20/0] via 10.10.18.2, irb1067, 00:04:01
B 10.12.32.0/24 [200/0] via 51.51.51.51 (recursive is directly connected,
tunvxlan3), 00:22:39
B 51.51.51.51/32 [0/0] is directly connected, tunvxlan3, 00:22:39
C 127.0.0.0/8 is directly connected, lo.FAX, 00:23:35
IP Route Table for VRF "SMM"
C 127.0.0.0/8 is directly connected, lo.SMM, 00:23:35

Gateway of last resort is not set

BorderVTEP1# show bgp l2vpn evpn summary
BGP router identifier 66.66.66.66, local AS number 500
BGP table version is 6
2 BGP AS-PATH entries
0 BGP community entries

© 2024 IP Infusion Inc. Proprietary 283

VXLAN-IRB-Inter-VRF Route Leaking

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
51.51.51.51 4 500 62 71 6 0 0 00:22:50
7 0 5 1 0 1
60.60.60.60 4 500 65 71 6 0 0 00:22:50
8 2 3 1 1 1
76.76.76.76 4 500 65 70 6 0 0 00:22:50
9 2 4 1 1 1

Total number of neighbors 3

Total number of Established sessions 3

BorderVTEP1# show bgp l2vpn evpn
BGP table version is 6, local router ID is 66.66.66.66
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[2.2.4.4:4] VRF[RED]:
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [2]:[0]:[1050]:[48,0000:0e8d:561a]:[0]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
* i [2]:[0]:[1050]:[48,0000:0e8d:561a]:[32,10.12.32.11]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
* i [2]:[0]:[1050]:[48,0000:3333:1050]:[32,10.12.32.10]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
* i [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[32,10.12.32.1]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
* i [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[128,2401::1]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
* i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i
[2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]

© 2024 IP Infusion Inc. Proprietary 284

VXLAN-IRB-Inter-VRF Route Leaking

76.76.76.76 0 100 0 i 76.76.76.76 VXLAN

* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*> [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 32768 i ----------
VXLAN
*> [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 32768 i ----------
VXLAN
* i [3]:[1050]:[32,51.51.51.51]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
* i [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*> [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 32768 i ----------
VXLAN

RD[2.3.4.5:1]
*>i [2]:[0]:[1050]:[48,0000:0e8d:561a]:[0]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
*>i [2]:[0]:[1050]:[48,0000:0e8d:561a]:[32,10.12.32.11]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
*>i [2]:[0]:[1050]:[48,0000:3333:1050]:[32,10.12.32.10]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
*>i [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[32,10.12.32.1]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
*>i [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[128,2401::1]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
*>i [3]:[1050]:[32,51.51.51.51]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN

RD[2.3.4.5:2]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i
[2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN

RD[2.3.4.6:2]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN

© 2024 IP Infusion Inc. Proprietary 285

VXLAN-IRB-Inter-VRF Route Leaking

*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i
[2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN

RD[51.51.51.51:1050]
*>i [5]:[0]:[10502]:[24]:[10.12.32.0]:[0.0.0.0]:[10502]
51.51.51.51 0 100 0 ? 51.51.51.51 VXLAN

RD[60.60.60.60:1]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN

RD[60.60.60.60:1040]
*>i [5]:[0]:[10402]:[24]:[10.240.38.0]:[0.0.0.0]:[10402]
60.60.60.60 0 100 0 ? 60.60.60.60 VXLAN

RD[76.76.76.76:1]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN

RD[76.76.76.76:1040]
*>i [5]:[0]:[10402]:[24]:[10.240.38.0]:[0.0.0.0]:[10402]
76.76.76.76 0 100 0 ? 76.76.76.76 VXLAN

Total number of prefixes 41

BorderVTEP1#

BorderVTEP1#show bgp l2vpn evpn prefix-route

RD[51.51.51.51:1050]
ESI Eth-Tag Prefix-Length IP-Address GW-
IPAddress L3VNID Nexthop Encap Router-Mac
0 10502 24 10.12.32.0 0.0.0.0
10502 51.51.51.51 VXLAN 3c2c:99d6:167a

RD[60.60.60.60:1040]
ESI Eth-Tag Prefix-Length IP-Address GW-
IPAddress L3VNID Nexthop Encap Router-Mac

© 2024 IP Infusion Inc. Proprietary 286

VXLAN-IRB-Inter-VRF Route Leaking

0 10402 24 10.240.38.0 0.0.0.0

10402 60.60.60.60 VXLAN 3c2c:99d1:117a

RD[76.76.76.76:1040]
ESI Eth-Tag Prefix-Length IP-Address GW-
IPAddress L3VNID Nexthop Encap Router-Mac
0 10402 24 10.240.38.0 0.0.0.0
10402 76.76.76.76 VXLAN 3c2c:99de:1e7a

VTEP3
======

VTEP3#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
1060 ---- L2 NW ---- ---- ---- ----
76.76.76.76 60.60.60.60
1060 ---- -- AC po1000 00:00:00:44:44:55:55:00:00:00 1060 NON-DF
---- ----
10402 ---- L3 NW ---- ---- ---- ----
76.76.76.76 66.66.66.66

Total number of entries are 3

VTEP3#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
76.76.76.76 66.66.66.66 Installed 00:24:35 00:24:35
76.76.76.76 60.60.60.60 Installed 00:54:40 00:54:40

Total number of entries are 2

VTEP3#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

© 2024 IP Infusion Inc. Proprietary 287

VXLAN-IRB-Inter-VRF Route Leaking

O 10.10.10.0/31 [110/2] via 10.10.24.1, xe27, 00:54:56

O 10.10.12.0/31 [110/2] via 10.10.24.1, xe27, 00:54:56
O 10.10.14.0/31 [110/2] via 10.10.24.1, xe27, 00:25:31
C 10.10.24.0/31 is directly connected, xe27, 00:55:37
O 51.51.51.51/32 [110/3] via 10.10.24.1, xe27, 00:54:47
O 60.60.60.60/32 [110/3] via 10.10.24.1, xe27, 00:54:45
O 66.66.66.66/32 [110/3] via 10.10.24.1, xe27, 00:24:46
C 76.76.76.76/32 is directly connected, lo, 00:55:38
C 127.0.0.0/8 is directly connected, lo, 00:55:39
IP Route Table for VRF "management"
C 10.12.20.0/24 is directly connected, eth0, 00:55:10
C 127.0.0.0/8 is directly connected, lo.management, 00:55:39
IP Route Table for VRF "SMS"
Gateway of last resort is 66.66.66.66 to network 0.0.0.0

B* 0.0.0.0/0 [200/0] via 66.66.66.66 (recursive is directly connected,

tunvxlan2), 00:23:33
B 10.10.18.0/24 [200/0] via 66.66.66.66 (recursive is directly connected,
tunvxlan2), 00:24:41
B 10.10.20.0/24 [200/0] via 66.66.66.66 (recursive is directly connected,
tunvxlan2), 00:06:03
C 10.240.38.0/24 is directly connected, irb1060, 00:55:38
B 66.66.66.66/32 [0/0] is directly connected, tunvxlan2, 00:24:41
C 127.0.0.0/8 is directly connected, lo.SMS, 00:55:39
VTEP3# show bgp l2vpn evpn summary
BGP router identifier 76.76.76.76, local AS number 500
BGP table version is 8
2 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
60.60.60.60 4 500 144 140 7 0 0 00:54:55
8 2 3 1 1 1
66.66.66.66 4 500 127 125 7 0 0 00:24:51
12 0 2 1 0 9

Total number of neighbors 2

Total number of Established sessions 2

VTEP3# show bgp l2vpn evpn
BGP table version is 8, local router ID is 76.76.76.76
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

© 2024 IP Infusion Inc. Proprietary 288

VXLAN-IRB-Inter-VRF Route Leaking

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[2.2.4.4:4]
*>i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
*>i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
*>i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN

RD[2.3.4.6:2] VRF[RED]:
*> [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 32768 i ----------
VXLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*> [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 32768 i ----------
VXLAN
*>
[2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 32768 i ----------
VXLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*> 76.76.76.76 0 100 32768 i ----------
VXLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*> 76.76.76.76 0 100 32768 i ----------
VXLAN
* i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
* i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN

© 2024 IP Infusion Inc. Proprietary 289

VXLAN-IRB-Inter-VRF Route Leaking

* i [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*> [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 32768 i ----------
VXLAN
* i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN

RD[4.5.6.8:6]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66
VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66
VXLAN

RD[60.60.60.60:1040]
*>i [5]:[0]:[10402]:[24]:[10.240.38.0]:[0.0.0.0]:[10402]
60.60.60.60 0 100 0 ? 60.60.60.60 VXLAN

RD[66.66.66.66:1050]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66
VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66
VXLAN

RD[66.66.66.66:1060]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66
VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66
VXLAN

RD[76.76.76.76:1] VRF[evpn-gvrf-1]:
*> [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 32768 i ----------
VXLAN

© 2024 IP Infusion Inc. Proprietary 290

VXLAN-IRB-Inter-VRF Route Leaking

* i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*> [4]:[00:00:00:44:44:55:55:00:00:00]:[32,76.76.76.76]
76.76.76.76 0 100 32768 i ----------
VXLAN

Total number of prefixes 34

VTEP3#
VTEP3#show bgp l2vpn evpn prefix-route

RD[4.5.6.8:6]
ESI Eth-Tag Prefix-Length IP-Address GW-
IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0
500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0
500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0
500 66.66.66.66 VXLAN 3c2c:991c:dc7a

RD[60.60.60.60:1040]
ESI Eth-Tag Prefix-Length IP-Address GW-
IPAddress L3VNID Nexthop Encap Router-Mac
0 10402 24 10.240.38.0 0.0.0.0
10402 60.60.60.60 VXLAN 3c2c:99d1:117a

RD[66.66.66.66:1050]
ESI Eth-Tag Prefix-Length IP-Address GW-
IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0
500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0
500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0
500 66.66.66.66 VXLAN 3c2c:991c:dc7a

RD[66.66.66.66:1060]
ESI Eth-Tag Prefix-Length IP-Address GW-
IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0
500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0
500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0
500 66.66.66.66 VXLAN 3c2c:991c:dc7a

VTEP2
======

VTEP2#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port

© 2024 IP Infusion Inc. Proprietary 291

VXLAN-IRB-Inter-VRF Route Leaking

AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
1060 ---- L2 NW ---- ---- ---- ----
60.60.60.60 76.76.76.76
1060 ---- -- AC po1000 00:00:00:44:44:55:55:00:00:00 1060 DF
---- ----
10402 ---- L3 NW ---- ---- ---- ----
60.60.60.60 66.66.66.66

Total number of entries are 3

VTEP2#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
60.60.60.60 66.66.66.66 Installed 00:26:50 00:26:50
60.60.60.60 76.76.76.76 Installed 00:56:51 00:56:51

Total number of entries are 2

VTEP2#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

O 10.10.10.0/31 [110/2] via 10.10.12.0, xe25, 00:57:13
C 10.10.12.0/31 is directly connected, xe25, 00:57:57
O 10.10.14.0/31 [110/2] via 10.10.12.0, xe25, 00:27:47
O 10.10.16.0/31 [110/2] via 10.10.12.0, xe25, 00:57:13
O 10.10.24.0/31 [110/2] via 10.10.12.0, xe25, 00:57:13
O 51.51.51.51/32 [110/3] via 10.10.12.0, xe25, 00:57:03
C 60.60.60.60/32 is directly connected, lo, 00:57:59
O 66.66.66.66/32 [110/3] via 10.10.12.0, xe25, 00:27:02
O 76.76.76.76/32 [110/3] via 10.10.12.0, xe25, 00:57:13
C 127.0.0.0/8 is directly connected, lo, 00:58:00
IP Route Table for VRF "management"
C 10.12.20.0/24 is directly connected, eth0, 00:57:29
C 127.0.0.0/8 is directly connected, lo.management, 00:58:00
IP Route Table for VRF "SMS"
Gateway of last resort is 66.66.66.66 to network 0.0.0.0

B* 0.0.0.0/0 [200/0] via 66.66.66.66 (recursive is directly connected,

tunvxlan2), 00:25:49

© 2024 IP Infusion Inc. Proprietary 292

VXLAN-IRB-Inter-VRF Route Leaking

B 10.10.18.0/24 [200/0] via 66.66.66.66 (recursive is directly connected,

tunvxlan2), 00:26:58
B 10.10.20.0/24 [200/0] via 66.66.66.66 (recursive is directly connected,
tunvxlan2), 00:08:19
C 10.240.38.0/24 is directly connected, irb1060, 00:57:58
B 66.66.66.66/32 [0/0] is directly connected, tunvxlan2, 00:26:58
C 127.0.0.0/8 is directly connected, lo.SMS, 00:58:00

VTEP2#show bgp l2vpn evpn sum

BGP router identifier 60.60.60.60, local AS number 500
BGP table version is 12
2 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
66.66.66.66 4 500 135 133 11 0 0 00:27:29
12 0 2 1 0 9
76.76.76.76 4 500 146 150 11 0 0 00:57:30
9 2 4 1 1 1

Total number of neighbors 2

Total number of Established sessions 2

VTEP2#show bgp l2vpn evpn
BGP table version is 12, local router ID is 60.60.60.60
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[2.3.4.5:2] VRF[RED]:
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN

© 2024 IP Infusion Inc. Proprietary 293

VXLAN-IRB-Inter-VRF Route Leaking

*> 60.60.60.60 0 100 32768 i ----------

VXLAN
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i
[2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*> 60.60.60.60 0 100 32768 i ----------
VXLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*> 60.60.60.60 0 100 32768 i ----------
VXLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*> 60.60.60.60 0 100 32768 i ----------
VXLAN
* i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
* i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
*> [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 32768 i ----------
VXLAN
* i [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN

RD[2.3.4.6:2]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i
[2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN

RD[4.5.6.8:6]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66
VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VXLAN

© 2024 IP Infusion Inc. Proprietary 294

VXLAN-IRB-Inter-VRF Route Leaking

*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66
VXLAN

RD[60.60.60.60:1] VRF[evpn-gvrf-1]:
*> [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
60.60.60.60 0 100 32768 i ----------
VXLAN
*> [4]:[00:00:00:44:44:55:55:00:00:00]:[32,60.60.60.60]
60.60.60.60 0 100 32768 i ----------
VXLAN
* i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN

RD[76.76.76.76:1040]
*>i [5]:[0]:[10402]:[24]:[10.240.38.0]:[0.0.0.0]:[10402]
76.76.76.76 0 100 0 ? 76.76.76.76 VXLAN

Total number of prefixes 35

VTEP2#
VTEP22#show bgp l2vpn evpn prefix-route

RD[4.5.6.8:6]
ESI Eth-Tag Prefix-Length IP-Address GW-
IPAddress L3VNID Nexthop Encap Router-Mac

© 2024 IP Infusion Inc. Proprietary 295

VXLAN-IRB-Inter-VRF Route Leaking

0 500 0 0.0.0.0 0.0.0.0

500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0
500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0
500 66.66.66.66 VXLAN 3c2c:991c:dc7a

RD[76.76.76.76:1040]
ESI Eth-Tag Prefix-Length IP-Address GW-
IPAddress L3VNID Nexthop Encap Router-Mac
0 10402 24 10.240.38.0 0.0.0.0
10402 76.76.76.76 VXLAN 3c2c:99de:1e7a
VTEP2#

VTEP1
======
VTEP1#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
1050 ---- -- AC ce50 --- Single Homed Port --- 1050 ----
---- ----
10502 ---- L3 NW ---- ---- ---- ----
51.51.51.51 66.66.66.66

Total number of entries are 2

© 2024 IP Infusion Inc. Proprietary 296

VXLAN-IRB-Inter-VRF Route Leaking

VTEP1#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
51.51.51.51 66.66.66.66 Installed 00:28:13 00:28:13

Total number of entries are 1

VTEP1#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

C 10.10.10.0/31 is directly connected, xe40, 00:59:46
O 10.10.12.0/31 [110/2] via 10.10.10.0, xe40, 00:59:01
O 10.10.14.0/31 [110/2] via 10.10.10.0, xe40, 00:29:45
O 10.10.24.0/31 [110/2] via 10.10.10.0, xe40, 00:59:01
C 51.51.51.51/32 is directly connected, lo, 00:59:47
O 60.60.60.60/32 [110/3] via 10.10.10.0, xe40, 00:59:01
O 66.66.66.66/32 [110/3] via 10.10.10.0, xe40, 00:29:00
O 76.76.76.76/32 [110/3] via 10.10.10.0, xe40, 00:59:01
C 127.0.0.0/8 is directly connected, lo, 00:59:49
IP Route Table for VRF "management"
C 10.12.20.0/24 is directly connected, eth0, 00:59:22
C 127.0.0.0/8 is directly connected, lo.management, 00:59:49
IP Route Table for VRF "FAX"
Gateway of last resort is 66.66.66.66 to network 0.0.0.0

B* 0.0.0.0/0 [200/0] via 66.66.66.66 (recursive is directly connected,

tunvxlan2), 00:27:47
B 10.10.18.0/24 [200/0] via 66.66.66.66 (recursive is directly connected,
tunvxlan2), 00:28:55
B 10.10.20.0/24 [200/0] via 66.66.66.66 (recursive is directly connected,
tunvxlan2), 00:10:17
C 10.12.32.0/24 is directly connected, irb1050, 00:59:47
B 66.66.66.66/32 [0/0] is directly connected, tunvxlan2, 00:28:55
C 127.0.0.0/8 is directly connected, lo.FAX, 00:59:48
VTEP1# show bgp l2vpn evpn summary
BGP router identifier 51.51.51.51, local AS number 500
BGP table version is 9
2 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE

© 2024 IP Infusion Inc. Proprietary 297

VXLAN-IRB-Inter-VRF Route Leaking

66.66.66.66 4 500 138 132 8 0 0 00:29:07

12 0 2 1 0 9

Total number of neighbors 1

Total number of Established sessions 1

VTEP1# show bgp l2vpn evpn
BGP table version is 9, local router ID is 51.51.51.51
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[2.3.4.5:1] VRF[RED]:
*> [2]:[0]:[1050]:[48,0000:0e8d:561a]:[0]:[1050]
51.51.51.51 0 100 32768 i ----------
VXLAN
*> [2]:[0]:[1050]:[48,0000:0e8d:561a]:[32,10.12.32.11]:[1050]
51.51.51.51 0 100 32768 i ----------
VXLAN
*> [2]:[0]:[1050]:[48,0000:3333:1050]:[32,10.12.32.10]:[1050]
51.51.51.51 0 100 32768 i ----------
VXLAN
*> [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[32,10.12.32.1]:[1050]
51.51.51.51 0 100 32768 i ----------
VXLAN
*> [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[128,2401::1]:[1050]
51.51.51.51 0 100 32768 i ----------
VXLAN
* i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
* i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
*> [3]:[1050]:[32,51.51.51.51]

© 2024 IP Infusion Inc. Proprietary 298

VXLAN-IRB-Inter-VRF Route Leaking

51.51.51.51 0 100 32768 i ----------

VXLAN
* i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN

Total number of prefixes 21

VTEP1#

VTEP1#show ip route vrf FAX

IP Route Table for VRF "FAX"

Gateway of last resort is 66.66.66.66 to network 0.0.0.0

© 2024 IP Infusion Inc. Proprietary 299

VXLAN-IRB-Inter-VRF Route Leaking

B* 0.0.0.0/0 [200/0] via 66.66.66.66 (recursive is directly connected,

tunvxlan2), 00:29:26
B 10.10.18.0/24 [200/0] via 66.66.66.66 (recursive is directly connected,
tunvxlan2), 00:30:34
B 10.10.20.0/24 [200/0] via 66.66.66.66 (recursive is directly connected,
tunvxlan2), 00:11:56
C 10.12.32.0/24 is directly connected, irb1050, 01:01:26
B 66.66.66.66/32 [0/0] is directly connected, tunvxlan2, 00:30:34
C 127.0.0.0/8 is directly connected, lo.FAX, 01:01:27

VTEP1#show bgp l2vpn evpn prefix-route

Ping to 10.10.20.1 network which is advertised by Firewall from VTEP1 FAX vrf

VTEP1# ping 10.10.20.1 vrf FAX

Press CTRL+C to exit
PING 10.10.20.1 (10.10.20.1) 56(84) bytes of data.
64 bytes from 10.10.20.1: icmp_seq=1 ttl=63 time=0.446 ms
64 bytes from 10.10.20.1: icmp_seq=2 ttl=63 time=0.413 ms
64 bytes from 10.10.20.1: icmp_seq=3 ttl=63 time=0.373 ms

--- 10.10.20.1 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 73ms

© 2024 IP Infusion Inc. Proprietary 300

VXLAN-IRB-Inter-VRF Route Leaking

rtt min/avg/max/mdev = 0.373/0.410/0.446/0.037 ms

VTEP1#

© 2024 IP Infusion Inc. Proprietary 301

DHCP Relay Over IRB Interface

CHAPTER 5 DHCP Relay Over IRB Interface

This chapter contains configurations for DHCP relay over IRB interface.

Overview
Dynamic Host Configuration Protocol (DHCP) is a protocol that allows a DHCP server to dynamically allocate IP
addresses to DHCP clients. The DHCP relay agent forwards DHCP messages between DHCP clients and DHCP
servers when they are on different networks.
For DHCP relay to function, uplink interface (server facing) and downlink interface (client facing) are to be configured
along with DHCP server address. These configurations are done in the interface mode.
In the IRB deployment, IRB interface acts as gateway and hence it might need to provide the service of DHCP for the
hosts connected to IRB network per L2 VPN. Since the DHCP server will not be present in the VTEP, it can forward the
DHCP requests to the DHCP server acting as relay agent.

Topology
The procedures in this section use the topology in Figure 5-3.

Figure 5-3: DHCP Relay over IRB

ROUTER-1

#configure terminal Enter Configure mode.

OcNOS(config)#interface lo Enter Interface mode for loopback.
OcNOS(config-if)#ip address 1.1.1.1/32 Assign secondary IP address.
secondary
OcNOS(config-if)#exit Exit Interface mode and return to Configure mode.
OcNOS(config)#nvo vxlan enable Enable VXLAN
OcNOS(config)#nvo vxlan irb Enable VXLAN IRB
OcNOS(config)#ip vrf vrf1 Create routing/forwarding instance with VRF1 name
and enter into VRF mode
OcNOS(config-vrf)#rd 200:1 Assign RD value
OcNOS(config-vrf)#route-target both 200:1 Assign route target value
OcNOS(config-vrf)#ip dhcp relay address The relay address configured should be server interface
40.40.40.1 address connected to DUT machine
OcNOS(config-vrf)#ip dhcp relay uplink evpn Configure the uplink interface as L3 VNI interface for specific
VRF
OcNOS(config-vrf)#l3vni 45001 Configure L3VNI as 45001 for VRF1
OcNOS(config-vrf)#exit Exit IP VRF mode

© 2024 IP Infusion Inc. Proprietary 302

DHCP Relay Over IRB Interface

OcNOS(config)#mac vrf vrfred Create MAC VRF instance with vrfred name and enter into
VRF mode
OcNOS(config-vrf)#rd 1.1.1.1:1 Assign RD value
OcNOS(config-vrf)#route-target both Assign route target value
1.1.1.1:1
OcNOS(config-vrf)#exit Exit MAC VRF mode
OcNOS(config)#interface irb 1 Configure IRB interface
OcNOS(config-irb-if)#ip vrf forwarding vrf1 Configure IP VRF forwarding
OcNOS(config-irb-if)#ip address 11.1.1.1/24 Assign IP address on IRB interface.
OcNOS(config-irb-if)#ip dhcp relay Relay should be configured on the interface connecting to the
relay
OcNOS(config-irb-if)#exit Exit IRB interface mode
OcNOS(config)#interface irb 2 Configure irb interface
OcNOS(config-irb-if)#ip vrf forwarding vrf1 Configure IP VRF forwarding
OcNOS(config-irb-if)#ip address 70.70.70.1/ Assign IP address on IRB interface.
24
OcNOS(config-irb-if)#exit Exit IRB interface mode
OcNOS(config)#interface ce49 Enter Interface mode for ce49.
OcNOS(config-if)#ip address 10.1.1.2/24 Assign IP address on ce49 interface.
OcNOS(config-if)#exit Exit Interface mode and return to Configure mode.
OcNOS(config)#interface xe5 Enter Interface mode for xe5.
OcNOS(config-if)#switchport Configure interface as L2 interface
OcNOS(config-if)#exit Exit Interface mode and return to Configure mode.
OcNOS(config)#router ospf Enter the Router OSPF mode
OcNOS(config-router)#network 1.1.1.1/32 area Advertise loopback address in OSPF
0.0.0.0
OcNOS(config-router)#network 10.1.1.0/24 Advertise network address in OSPF
area 0.0.0.0
OcNOS(config-router)#exit Exit from Router OSPF mode and enter into config mode
OcNOS(config)#router bgp 1 Enter into BGP router mode
OcNOS(config-router)#neighbor 2.2.2.2 Specify a VTEP2 loopback IP address and remote-as defined
remote-as 1
OcNOS(config-router)#neighbor 2.2.2.2 Configure update as loopback for VTEP2
update-source 1.1.1.1
OcNOS(config-router)#address-family l2vpn Enter into L2VPN EVPN address family mode
evpn
OcNOS(config-router-af)#neighbor 2.2.2.2 Activate neighbor in L2VPN mode
activate
OcNOS(config-router-af)#exit-address-family Exit from Address family mode
OcNOS(config-router)#address-family ipv4 vrf Enter into address-family mode for VRF1
vrf1
OcNOS(config-router-af)#redistribute Configure Redistribute connected
connected
OcNOS(config-router-af)#exit-address-family Exit from Address family mode
OcNOS(config-router)#exit Exit from router BGP mode and enter into config mode

© 2024 IP Infusion Inc. Proprietary 303

DHCP Relay Over IRB Interface

OcNOS(config)#nvo vxlan vtep-ip-global Configure Source VTEP-IP-global configuration. Use

1.1.1.1 loopback IP address
OcNOS(config)#nvo vxlan id 10 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
OcNOS(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp vrfred
OcNOS(config-nvo)#evpn irb1 Configure IRB1 under VXLAN ID 10
OcNOS(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
OcNOS(config)#nvo vxlan id 30 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
OcNOS(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp vrfred
OcNOS(config-nvo)#evpn irb2 Configure IRB2 under VXLAN ID 30
OcNOS(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
OcNOS(config)#nvo vxlan access-if port-vlan Enable port-VLAN mapping i.e. access port to outer-VLAN
xe5 2 (SVLAN) - Multihomed access port
OcNOS(config-nvo-acc-if)#map vnid 10 Map VXLAN Identified to access-port for VXLAN
OcNOS(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
OcNOS(config)#commit Commit the candidate configuration to the running
configuration
OcNOS(config)#exit Exit from configuration mode

ROUTER-2

OcNOS#configure terminal Enter Configure mode.

OcNOS(config)#interface ce0 Enter Interface mode for ce0.
OcNOS(config-if)#ip address 10.1.1.1/24 Assign IP address on ce0 interface.
OcNOS(config-if)#exit Exit Interface mode and return to Configure mode.
OcNOS(config)#interface xe13 Enter Interface mode for xe13.
OcNOS(config-if)#ip address 30.1.1.1/24 Assign IP address on xe13 interface.
OcNOS(config-if)#exit Exit Interface mode and return to Configure mode.
OcNOS(config)#router ospf Enter the Router OSPF mode
OcNOS(config-router)#network 10.1.1.0/24 Advertise network address in OSPF
area 0.0.0.0
OcNOS(config-router)#network 30.1.1.10/24 Advertise network address in OSPF
area 0.0.0.0
OcNOS(config-router)#exit Exit from Router OSPF mode and enter into config mode
OcNOS(config)#commit commit the candidate configuration to the running
configuration
OcNOS(config)#exit Exit from configuration mode

© 2024 IP Infusion Inc. Proprietary 304

DHCP Relay Over IRB Interface

ROUTER-3

OcNOS#configure terminal Enter Configure mode.

OcNOS(config)#interface lo Enter Interface mode for loopback.
OcNOS(config-if)#ip address 2.2.2.2/32 Assign secondary IP address.
secondary
OcNOS(config-if)#exit Exit Interface mode and return to Configure mode.
OcNOS(config)#nvo vxlan enable Enable VXLAN
OcNOS(config)#nvo vxlan irb Enable VXLAN IRB
OcNOS(config)#ip vrf vrf1 Create routing/forwarding instance with VRF1 name
and enter into VRF mode
OcNOS(config-vrf)#rd 300:1 Assign RD value
OcNOS(config-vrf)#route-target both 200:1 Assign route target value
OcNOS(config-vrf)#ip dhcp relay uplink evpn Configure the uplink interface as L3 VNI interface for specific
VRF
OcNOS(config-vrf)#l3vni 45001 Configure L3VNI as 45001 for VRF1
OcNOS(config-vrf)#exit Exit IP VRF mode
OcNOS(config)#mac vrf vrfred Create MAC VRF instance with vrfred name and enter into
VRF mode
OcNOS(config-vrf)#rd 2.2.2.1:1 Assign RD value
OcNOS(config-vrf)#route-target both Assign route target value
1.1.1.1:1
OcNOS(config-vrf)#exit Exit MAC VRF mode
OcNOS(config)#interface irb 2 Configure IRB interface
OcNOS(config-irb-if)#ip vrf forwarding vrf1 Configure IP VRF forwarding
OcNOS(config-irb-if)#ip address 40.40.40.2/ Assign IP address on IRB interface.
24
OcNOS(config-irb-if)#exit Exit IRB interface mode
OcNOS(config)#interface xe13 Enter Interface mode for xe13.
OcNOS(config-if)#ip address 30.1.1.2/24 Assign IP address on xe13 interface.
OcNOS(config-if)#exit Exit Interface mode and return to Configure mode.
OcNOS(config)#interface xe19 Enter Interface mode for xe19.
OcNOS(config-if)#switchport Configure interface as L2 interface
OcNOS(config-if)#exit Exit Interface mode and return to Configure mode.
OcNOS(config)#router ospf Enter the Router OSPF mode
OcNOS(config-router)#network 2.2.2.2/32 area Advertise loopback address in OSPF
0.0.0.0
OcNOS(config-router)#network 30.1.1.0/24 Advertise network address in OSPF
area 0.0.0.0
OcNOS(config-router)#network 40.1.1.0/24 Advertise network address in OSPF
area 0.0.0.0
OcNOS(config-router)#exit Exit from Router OSPF mode and enter into config mode
OcNOS(config)#router bgp 1 Enter into BGP router mode
OcNOS(config-router)#neighbor 1.1.1.1 Specify a VTEP1 loopback IP address and remote-as defined
remote-as 1

© 2024 IP Infusion Inc. Proprietary 305

DHCP Relay Over IRB Interface

OcNOS(config-router)#neighbor 1.1.1.1 Configure update as loopback for VTEP1

update-source 2.2.2.2
OcNOS(config-router)#address-family l2vpn Enter into L2VPN EVPN address family mode
evpn
OcNOS(config-router-af)#neighbor 1.1.1.1 Activate neighbor in L2VPN mode
activate
OcNOS(config-router-af)#exit-address-family Exit from Address family mode
OcNOS(config-router)#address-family ipv4 vrf Enter into address-family mode for VRF1
vrf1
OcNOS(config-router-af)#redistribute Configure Redistribute connected
connected
OcNOS(config-router-af)#exit-address-family Exit from Address family mode
OcNOS(config-router)#exit Exit from router BGP mode and enter into config mode
OcNOS(config)#nvo vxlan vtep-ip-global Configure Source VTEP-IP-global configuration. Use
2.2.2.2 loopback IP address
OcNOS(config)#nvo vxlan id 10 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
OcNOS(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp vrfred
OcNOS(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
OcNOS(config)#nvo vxlan id 20 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
OcNOS(config-nvo)#vxlan host-reachability- Assign VRF for EVPN-BGP to carry EVPN route
protocol evpn-bgp vrfred
OcNOS(config-nvo)#evpn irb2 Configure IRB2 under VXLAN ID 20
OcNOS(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
OcNOS(config)#nvo vxlan access-if port xe19 Enable port mapping i.e. access port
OcNOS(config-nvo-acc-if)#map vnid 20 Map VXLAN Identified to access-port for VXLAN
OcNOS(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
OcNOS(config)#commit Commit the candidate configuration to the running
configuration
OcNOS(config)#exit Exit from configuration mode

Validation

ROUTER-1
VTEP1#
!
nvo vxlan enable
!
nvo vxlan irb
!
nvo vxlan vtep-ip-global 1.1.1.1
!
nvo vxlan id 10 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrfred

© 2024 IP Infusion Inc. Proprietary 306

DHCP Relay Over IRB Interface

evpn irb1
!
nvo vxlan id 30 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrfred
evpn irb2
!
nvo vxlan access-if port xe2
map vnid 10
!
nvo vxlan access-if port-vlan xe5 2
map vnid 10
!
VTEP1#show ip dhcp relay
DHCP relay service is Enabled.
VRF Name: vrf1
Option 82: Disabled
DHCP Servers configured: 40.40.40.1

Interface Uplink/Downlink
--------- -------------
irb1 Downlink
evpn uplink
Incoming DHCPv4 packets which already contain relay agent option are FORWARDED
unchanged.

VTEP1#show nvo vxlan mac-table

============================================================================================================================
==============
VXLAN MAC Entries
============================================================================================================================
==============
VNID Interface VlanId Vlan-RangeId Inner-VlanId Mac-Addr VTEP-Ip/ESI Type Status
AccessPortDesc
____________________________________________________________________________________________________________________________
______________

10 xe5 2 ---- ---- 0000.2837.ddf5 1.1.1.1 Dynamic Local -------

-------
10 irb1 b86a.97f9.85be 1.1.1.1 Static Local ------- -------
30 irb2 b86a.97f9.85be 1.1.1.1 Static Local ------- -------

Total number of entries are : 3

VTEP1#show nvo vxlan arp-cache

VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
30 70.70.70.1 b86a.97f9.85be Static Local ----
10 11.1.1.1 b86a.97f9.85be Static Local ----
10 11.1.1.30 0000.2837.ddf5 Dynamic Local ----
Total number of entries are 3

VTEP1#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update

© 2024 IP Infusion Inc. Proprietary 307

DHCP Relay Over IRB Interface

============================================================================
1.1.1.1 2.2.2.2 Installed 01:51:11 01:51:11

Total number of entries are 1

ROUTER-2
VTEP2#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan irb
!
nvo vxlan vtep-ip-global 2.2.2.2
!
nvo vxlan id 10 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrfred
!
nvo vxlan id 20 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrfred
evpn irb2
!
nvo vxlan access-if port xe19
map vnid 20
!
!

VTEP2#show nvo vxlan arp-cache

VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left

20 40.40.40.2 b86a.9761.ea3d Static Local ----

20 40.40.40.1 0002.a54f.1577 Dynamic Local ----
20 40.40.40.101 0000.2837.ddf3 Dynamic Local ----
10 11.1.1.1 b86a.97f9.85be Static Remote ----
10 11.1.1.30 0000.2837.ddf6 Dynamic Remote ----
Total number of entries are 5

VTEP2#show running-config dhcp

interface eth0
ip address dhcp
!
!

ip vrf vrf1
ip dhcp relay uplink evpn

© 2024 IP Infusion Inc. Proprietary 308

VXLAN-EVPN with IRB QoS

CHAPTER 6 VXLAN-EVPN with IRB QoS

Overview
An EVPN-based Integrated Routing and Bridging solution used for forwarding of intra-subnets and inter-subnets traffic.
Here QoS is applied on IRB solution for L3 packets.
VXLAN quality of service (QoS) provides differentiated service in VXLAN applications. A device implements mapping
between QoS priorities in original packets, internal priorities (local precedence assigned by the device to differentiate
service classes of packets), and priorities of encapsulated packets. In this way, the switch provides the differentiated
QoS service based on original packets.

Topology
The procedures in this section use the topology in Figure 6-4

Figure 6-4: VxLAN_EVPN_IRB

Note: In the above topology TS1, TS2 are the tenant systems. The blue and red color denotes different subnets in the
Tenant systems.

Base Configuration - L2 VXLAN

VTEP1
(Multi-homed group1) - Part of both Multi-homed with po1(MH2).

© 2024 IP Infusion Inc. Proprietary 309

VXLAN-EVPN with IRB QoS

Generic configuration:

#configure terminal Enter Configure mode.

(config)#evpn vxlan multihoming enable Enable Multihoming, save configs and reboot the board for
multihoming to be effective
(config)#qos enable Enabling qos

Interface and loopback configuration:

(config)#interface po1 Enter Interface mode for po1 (MH2)

(config-if)#switchport Make it L2 interface
(config-if)# evpn multi-homed system-mac Configure system mac as ESI value for Lag (po1) interface.
0000.0000.2222 VTEP1 and VTEP2 should have same ESI value
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe3 Enter Interface mode for xe3
(config-if)#channel-group 1 mode active Make it member port of po1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 1.1.1.1/32 secondary Configure loopback ip address as 1.1.1.1 for VTEP1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce52 Enter Interface mode for network side port
(config-if)#ip address 100.11.11.1/24 Configure ip address as 100.11.11.1 on network side of Spine-
P3
(config-if)#exit Exit Interface mode and return to Configure mode.

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 1.1.1.1 Configure router-id as 1.1.1.1 (lo ip address)
(config-router)#network 1.1.1.1/32 area Add 1.1.1.1 (lo ip address) network into area 0
0.0.0.0
(config-router)#network 100.11.11.0/24 area Add 100.11.11.0(Spine-P3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.

BGP configuration:

(config)#router bgp 5000 Enter into Router BGP mode

© 2024 IP Infusion Inc. Proprietary 310

VXLAN-EVPN with IRB QoS

(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for

L2 MAC VRF Configuration:

L2 VXLAN configuration:

(config)#nvo vxlan enable Enable VXLAN

© 2024 IP Infusion Inc. Proprietary 311

VXLAN-EVPN with IRB QoS

(config)#nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# vni-name VNI-101 Configure VNI name as VNI-101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# vni-name VNI-201 Configure VNI name as VNI-201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan access-if port-vlan po1 Enable port-vlan mapping i.e. access port to outer-vlan
10 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vnid 101 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.2222.1010 ip Configure static mac-ip
11.11.11.51
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan po1 Enable port-vlan mapping i.e. access port to outer-vlan
20 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vnid 201 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.2222.1020 ip Configure static mac-ip
21.21.21.51
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#exit Exit from configuration mode

VTEP2
(Multi-homed group1) - Part of both Multi-homed with po1(MH1).

Hardware profile and generic configuration:

#configure terminal Enter Configure mode.

(config)#evpn vxlan multihoming enable Enable Multihoming, save configs and reboot the board for
multihoming to be effective
(config)#qos enable Enabling qos

Interface and loopback configuration:

(config)#interface po1 Enter Interface mode for po1 (MH2)

© 2024 IP Infusion Inc. Proprietary 312

VXLAN-EVPN with IRB QoS

(config-if)#exit Exit Interface mode and return to Configure mode.

(config)#interface xe2 Enter Interface mode for xe2
(config-if)#channel-group 1 mode active Make it member port of po1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface lo Enter Interface mode for lo
(config-if)#ip address 2.2.2.2/32 secondary Configure loopback ip address as 2.2.2.2 for VTEP2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config) interface xe29 Enter into network side interface
(config-if)#ip address 100.12.12.1/24 Configure ip address as 100.12.12.1 on network side of
Spine-P3
(config-if)#exit Exit Interface mode and return to Configure mode.

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 2.2.2.2 Configure router-id as 2.2.2.2 (lo ip address)
(config-router)#network 2.2.2.2/32 area Add 2.2.2.2 (lo ip address) network into area 0
0.0.0.0
(config-router)#network 100.12.12.0/24 area Add 100.12.12.0(Spine-P3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.

BGP configuration:

(config)#router bgp 5000 Enter into Router BGP mode

(config-router)#bgp router-id 2.2.2.2 Configure router-id as 2.2.2.2 (lo ip address)
(config-router)#neighbor 1.1.1.1 remote-as Specify a VTEP1 loopback ip address and remote-as defined
5000
(config-router)#neighbor 1.1.1.1 update- Configure update as loopback for VTEP1
source lo
(config-router)#neighbor 1.1.1.1 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
(config-router)#neighbor 4.4.4.4 remote-as Specify a VTEP4 loopback ip address and remote-as defined
5000
(config-router)#neighbor 4.4.4.4 update- Configure update as loopback for VTEP4
source lo
(config-router)#neighbor 4.4.4.4 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP4
(config-router)#neighbor 5.5.5.5 remote-as Specify a VTEP5 loopback ip address and remote-as defined
5000
(config-router)#neighbor 5.5.5.5 update- Configure update as loopback for VTEP5
source lo
(config-router)#neighbor 5.5.5.5 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP5
(config-router)#address-family l2vpn evpn Enter into l2vpn EVPN address family mode

© 2024 IP Infusion Inc. Proprietary 313

VXLAN-EVPN with IRB QoS

(config-router-af)#neighbor 1.1.1.1 activate Activate 1.1.1.1(VTEP1) into l2vpn evpn address family mode
(config-router-af)#neighbor 4.4.4.4 activate Activate 4.4.4.4(VTEP4) into l2vpn evpn address family mode
(config-router-af)#neighbor 5.5.5.5 activate Activate 5.5.5.5(VTEP5) into l2vpn evpn address family mode
(config-router-af)#exit-address-family Exit from l2vpn address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode

VRF Configuration:

(config)#mac vrf L2VRF1 Create mac routing/forwarding instance with L2VRF1 name
and enter into vrf mode
(config-vrf)#rd 2.2.2.2:11 Assign RD value
(config-vrf)#description MAC VRF RED Give description to L2VRF1 as RED
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for L2VRF1
(config-vrf)#exit Exit from vrf mode
(config)#mac vrf L2VRF2 Create mac routing/forwarding instance with L2VRF2 name
and enter into vrf mode
(config-vrf)#rd 2.2.2.2:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export
90.90.90.90:100
(config-vrf)#description MAC VRF BLUE Give description to L2VRF2 as BLUE
(config-vrf)#exit Exit from vrf mode

VXLAN configuration:

(config)#nvo vxlan enable Enable VXLAN

(config)#evpn esi hold-time 90 Configure ESI hold time to allow tunnel to come up at the time
of vxlan initialization before making the ESI up.It should be
same on both VTEP1 and VTEP2
(config)#nvo vxlan vtep-ip-global 2.2.2.2 Configure Source vtep-ip-global configuration - Use loopback
ip address
(config)#nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# vni-name VNI-101 Configure VNI name as VNI-101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# vni-name VNI-201 Configure VNI name as VNI-201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan access-if port-vlan po1 Enable port-vlan mapping i.e. access port to outer-vlan
10 (SVLAN) - Multihomed access port

© 2024 IP Infusion Inc. Proprietary 314

VXLAN-EVPN with IRB QoS

(config-nvo-acc-if)#map vnid 101 Map VXLAN Identified to access-port for VXLAN

(config-nvo-acc-if)# mac 0000.2222.1010 ip Configure static mac-ip
11.11.11.51
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#nvo vxlan access-if port-vlan po1 Enable port-vlan mapping i.e. access port to outer-vlan
20 (SVLAN) - Multihomed access port
(config-nvo-acc-if)#map vnid 201 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.2222.1020 ip Configure static mac-ip
21.21.21.51
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#exit Exit from configuration mode

VTEP4
Single Home -SH5.

Hardware profile and generic configuration:

#configure terminal Enter Configure mode.

(config)#evpn vxlan multihoming enable Enable Multihoming, save configs and reboot the board for
multihoming to be effective
(config)#qos enable Enabling qos

Interface and loopback configuration:

(config)#interface xe3 Enter Interface mode for xe3

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 4.4.4.4 Configure router-id as 4.4.4.4 (lo ip address)
(config-router)#network 4.4.4.4/32 area Add 4.4.4.4 (lo ip address) network into area 0
0.0.0.0

© 2024 IP Infusion Inc. Proprietary 315

VXLAN-EVPN with IRB QoS

(config-router)#network 100.14.14.0/24 area Add 100.14.14.0(Spine-P3) network into area 0

0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.

BGP configuration:

(config)#router bgp 5000 Enter into Router BGP mode

(config-router)#bgp router-id 4.4.4.4 Configure router-id as 4.4.4.4 (lo ip address)
(config-router)#neighbor 1.1.1.1 remote-as Specify a VTEP1 loopback ip address and remote-as defined
5000
(config-router)#neighbor 1.1.1.1 update- Configure update as loopback for VTEP1
source lo
(config-router)#neighbor 1.1.1.1 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
(config-router)#neighbor 2.2.2.2 remote-as Specify a VTEP2 loopback ip address and remote-as defined
5000
(config-router)#neighbor 2.2.2.2 update- Configure update as loopback for VTEP2
source lo
(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP2
(config-router)#neighbor 5.5.5.5 remote-as Specify a VTEP5 loopback ip address and remote-as defined
5000
(config-router)#neighbor 5.5.5.5 update- Configure update as loopback for VTEP5
source lo
(config-router)#neighbor 5.5.5.5 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP5
(config-router)#address-family l2vpn evpn Enter into l2vpn EVPN address family mode
(config-router-af)#neighbor 1.1.1.1 activate Activate 1.1.1.1(VTEP1) into l2vpn evpn address family mode
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2(VTEP2) into l2vpn evpn address family mode
(config-router-af)#neighbor 5.5.5.5 activate Activate 5.5.5.5(VTEP5) into l2vpn evpn address family mode
(config-router-af)#exit-address-family Exit from l2vpn address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode

VRF Configuration:

(config)#mac vrf L2VRF1 Create mac routing/forwarding instance with L2VRF1 name
and enter into vrf mode
(config-vrf)#rd 4.4.4.4:11 Assign RD value
(config-vrf)#description MAC VRF RED Give description to L2VRF1 as RED
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for L2VRF1
(config-vrf)#exit Exit from vrf mode
(config)#mac vrf L2VRF2 Create mac routing/forwarding instance with L2VRF2 name
and enter into vrf mode
(config-vrf)#rd 4.4.4.4:21 Assign RD value

© 2024 IP Infusion Inc. Proprietary 316

VXLAN-EVPN with IRB QoS

(config-vrf)#route-target both Assign route-target value for same for import and export
90.90.90.90:100
(config-vrf)#description MAC VRF BLUE Give description to L2VRF2 as BLUE
(config-vrf)#exit Exit from vrf mode

VXLAN configuration:

(config)#nvo vxlan enable Enable VXLAN

(config)#nvo vxlan vtep-ip-global 4.4.4.4 Configure Source vtep-ip-global configuration. Use loopback
ip address
(config)#nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# vni-name VNI-101 Configure VNI name as VNI-101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# vni-name VNI-201 Configure VNI name as VNI-201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)# nvo vxlan access-if port-vlan xe3 Enable port-vlan mapping i.e. access port to outer-vlan
20 (SVLAN)
(config-nvo-acc-if)#map vnid 201 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)# mac 0000.5555.1020 ip Configure static mac-ip
21.21.21.101
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#exit Exit from configuration mode

VTEP5
Single Home -SH3

Hardware profile and generic configuration:

#configure terminal Enter Configure mode.

(config)#evpn vxlan multihoming enable Enable Multihoming, save configs and reboot the board for
multihoming to be effective
(config)#qos enable Enabling qos

© 2024 IP Infusion Inc. Proprietary 317

VXLAN-EVPN with IRB QoS

Interface and loopback configuration:

(config)#interface xe1 Enter Interface mode for xe1 (SH5)

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id 5.5.5.5 Configure router-id as 5.5.5.5 (lo ip address)
(config-router)#network 5.5.5.5/32 area Add 5.5.5.5 (lo ip address) network into area 0
0.0.0.0
(config-router)#network 100.15.15.0/24 area Add 100.15.15.0(Spine-P3) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence
(config-if)#exit Exit Interface mode and return to Configure mode.

BGP configuration:

(config)#router bgp 5000 Enter into Router BGP mode

(config-router)#bgp router-id 5.5.5.5 Configure router-id as 5.5.5.5(lo ip address)
(config-router)#neighbor 1.1.1.1 remote-as Specify a VTEP1 loopback ip address and remote-as defined
5000
(config-router)#neighbor 1.1.1.1 update- Configure update as loopback for VTEP1
source lo
(config-router)#neighbor 1.1.1.1 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
(config-router)#neighbor 2.2.2.2 remote-as Specify a VTEP2 loopback ip address and remote-as defined
5000
(config-router)#neighbor 2.2.2.2 update- Configure update as loopback for VTEP2
source lo
(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP2
(config-router)#neighbor 4.4.4.4 remote-as Specify a VTEP4 loopback ip address and remote-as defined
5000
(config-router)#neighbor 4.4.4.4 update- Configure update as loopback for VTEP4
source lo
(config-router)#neighbor 4.4.4.4 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP4

© 2024 IP Infusion Inc. Proprietary 318

VXLAN-EVPN with IRB QoS

(config-router)#address-family l2vpn evpn Enter into l2vpn EVPN address family mode
(config-router-af)#neighbor 1.1.1.1 activate Activate 1.1.1.1(VTEP1) into l2vpn evpn address family mode
(config-router-af)#neighbor 2.2.2.2 activate Activate 2.2.2.2(VTEP2) into l2vpn evpn address family mode
(config-router-af)#neighbor 4.4.4.4 activate Activate 4.4.4.4(VTEP4) into l2vpn evpn address family mode
(config-router-af)#exit-address-family Exit from l2vpn address family mode
(config-router)#exit Exit from Router BGP mode and enter into config mode

VRF Configuration:

(config)#mac vrf L2VRF1 Create mac routing/forwarding instance with L2VRF1 name
and enter into vrf mode
(config-vrf)#rd 5.5.5.5:11 Assign RD value
(config-vrf)#description MAC VRF RED Give description to L2VRF1 as RED
(config-vrf)#route-target both 9.9.9.9:100 Assign route-target value for same for import and export.
Should be same on all node for L2VRF1
(config-vrf)#exit Exit from vrf mode
(config)#mac vrf L2VRF2 Create mac routing/forwarding instance with L2VRF2 name
and enter into vrf mode
(config-vrf)#rd 5.5.5.5:21 Assign RD value
(config-vrf)#route-target both Assign route-target value for same for import and export
90.90.90.90:100
(config-vrf)#description MAC VRF BLUE Give description to L2VRF2 as BLUE
(config-vrf)#exit Exit from vrf mode

VXLAN configuration:

(config)#nvo vxlan enable Enable VXLAN

(config)#nvo vxlan vtep-ip-global 5.5.5.5 Configure Source vtep-ip-global configuration. Use loopback
ip address
(config)#nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# vni-name VNI-101 Configure VNI name as VNI-101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# vni-name VNI-201 Configure VNI name as VNI-201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)# nvo vxlan access-if port-vlan xe1 Enable port-vlan mapping i.e. access port to outer-vlan
10 (SVLAN)
(config-nvo-acc-if)#map vnid 101 Map VXLAN Identified to access-port for VXLAN

© 2024 IP Infusion Inc. Proprietary 319

VXLAN-EVPN with IRB QoS

(config-nvo-acc-if)# mac 0000.4444.1010 ip Configure static mac-ip

11.11.11.201
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration
(config-nvo-acc-if)#exit Exit from VXLAN access-interface mode and enter into
configuration mode
(config)#exit Exit from configuration mode

Switch1 (MH2)
Multihomed to 2-VTEPs (VTEP1 and VTEP2). It acts as Tenant system for vlan1.20.

#configure terminal Enter Configure mode.

(config)# bridge 1 protocol rstp vlan-bridge Configure rstp vlan bridge
(config)# vlan database Enter vlan database config mode
(config)#vlan 2-20 bridge 1 state enable Configure vlans from 2-20 and associate with bridge 1
(config)#interface xe5 Enter Interface mode for xe5 which is connected to TG
(config-if)#switchport Make as L2 port by configuring switchport
(config-if)#bridge-group 1 Associate bridge 1 into interface
(config-if)# bridge-group 1 spanning-tree Configure interface as stp disable
disable
(config-if)# switchport mode trunk Mode as trunk
(config-if)# switchport trunk allowed vlan Trunk allowed vlan as 10.20
add 10,20
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface po1 Enter Interface mode for po1
(config-if)#switchport Make po1 as L2 port by configuring switchport
(config-if)#bridge-group 1 Associate po1 to bridge 1
(config-if)# bridge-group 1 spanning-tree Configure po1 as stp disable
disable
(config-if)# switchport mode trunk Mode as trunk
(config-if)# switchport trunk allowed vlan Trunk allowed vlan as 2.10.20
add 10,20
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface xe3 Enter Interface mode for xe3
(config-if)#channel-group 1 mode active Make it member port of po1
(config)#interface xe2 Enter Interface mode for xe2
(config-if)#channel-group 1 mode active Make it member port of po1
(config-if)#commit Commit the candidate configuration to the running
configuration
(config-if)#exit Exit from configuration mode

Spine-P3
Spine node where all VTEPs are connected.

© 2024 IP Infusion Inc. Proprietary 320

VXLAN-EVPN with IRB QoS

Generic configuration:

#configure terminal Enter Configure mode.

(Config)#qos enable Enabling qos

Interface and loopback configuration:

(config)#interface lo Enter Interface mode for lo

(config-if)#ip address 100.100.100.100/32 Configure loopback ip address as 100.100.100.100 for Spine-
secondary P3
(config-if)#exit Exit Interface mode and return to Configure mode.
(config)#interface ce16/1 Enter Interface mode for ce16/1
(config-if)#ip address 100.11.11.2/24 Configure ip address as 100.11.11.2 on network side of
VTEP1
(config-if)#exit Exit Interface mode and return to Configure mode.
(config) interface ce5/1 Enter into ce5/1 interface mode
(config-if)#ip address 100.12.12.2/24 Configure ip address as 100.12.12.2 on network side of
VTEP2
(config-if)#exit Exit Interface mode and return to Configure mode.
(config) interface ce9/1 Enter ce9/1 interface mode
(config-if)#ip address 100.14.14.2/24 Configure ip address as 100.14.14.12 on network side of
VTEP4
(config-if)#exit Exit Interface mode and return to Configure mode.
(config) interface ce23/1 Enter interface mode
(config-if)#ip address 100.15.15.1/24 Configure ip address as 100.15.15.1 on network side of
VTEP5
(config-if)#exit Exit Interface mode and return to Configure mode.

OSPF configuration:

(config)#router ospf 100 Enter into router OSPF mode

(config-router)#ospf router-id Configure router-id as 100.100.100.100 (lo ip address)
100.100.100.100
(config-router)#network 100.100.100.100/32 Add 100.100.100.100 (lo ip address) network into area 0
area 0.0.0.0
(config-router)#network 100.11.11.0/24 area Add 100.11.11.0 (VTEP1) network into area 0
0.0.0.0
(config-router)#network 100.12.12.0/24 area Add 100.12.12.0 (VTEP2) network into area 0
0.0.0.0
(config-router)#network 100.14.14.0/24 area Add 100.14.14.0 (VTEP4) network into area 0
0.0.0.0
(config-router)#network 100.15.15.0/24 area Add 100.15.15.0 (VTEP5) network into area 0
0.0.0.0
(config-router)#bfd all-interfaces Enabling bfd on all ospf interface for fast convergence

© 2024 IP Infusion Inc. Proprietary 321

VXLAN-EVPN with IRB QoS

(config-router)#commit Commit the candidate configuration to the running

configuration
(config-router)#exit Exit Interface mode and return to Configure mode.

IRB Configuration for Centralized Gateway

Configure from Base Configuration-L2 VXLAN section, then configure below commands for centralized gateway
approach. Here VTEP4 is the centralized GW. In VTEP4, dscp-to-queue qos profile should be applied on the particular
incoming L2VNID IRB interface.
Note: For L3 traffic, when L2VNID is sent in the traffic, then dscp-to-queue qos profile mapped at IRB interface of that
particular L2VNID takes effect.

VTEP1

(config)#qos profile cos-to-queue COS_QUEUE Create QoS profile for mapping traffic towards tunnel from
access-if
(config-ingress-cos-map)#cos 1 queue 5 Configure particular COS value to queue value for the profile
(config-ingress-cos-map)#exit Exit from qos profile mode
(config)#qos profile queue-color-to-dscp Create QoS profile for attaching in vxlan tunnel egress
QUEUE_DSCP
(config-egress-dscp-map)#queue 5 dscp 34 Configure queue value to DSCP value for the profile
(config)#nvo vxlan tunnel qos-map-mode cos- Map the configured QoS profile to vxlan tunnel egress
dscp egress QUEUE_DSCP
(config)#nvo vxlan access-if port-vlan po1 Enter into vxlan access port mode
20
(config-nvo-acc-if)#map qos-profile cos-to- Map the qos profile in vxlan access-if
queue COS_QUEUE
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration
(config-nvo-acc-if)#end Exit from vxlan access port

VTEP2

© 2024 IP Infusion Inc. Proprietary 322

VXLAN-EVPN with IRB QoS

(config)#nvo vxlan tunnel qos-map-mode cos- Map the configured QoS profile to vxlan tunnel egress
dscp egress QUEUE_DSCP
(config)#nvo vxlan access-if port-vlan po1 Enter into vxlan access port mode
20
(config-nvo-acc-if)#map qos-profile cos-to- Map the qos profile in vxlan access-if
queue COS_QUEUE
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration
(config-nvo-acc-if)#end Exit from vxlan access port

VTEP4

(config)#nvo vxlan irb Enable VXLAN irb

(config)#ip vrf L3VRF1 Create mac routing/forwarding instance with L3VRF1 name
and enter into vrf mode
(config-vrf)#rd 51000:11 Assign RD value
(config-vrf)# route-target both 100:100 Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1
(config-vrf)#exit Exit from vrf mode
(config)# interface irb1001 Configure IRB interface 1001
(config-if)ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)ip address 11.11.11.1/24 Configure ip address
(config-if)ipv6 address 1111::1/64 Configure ipv6 address
(config-if)exit Exit from interface config mode
(config)# interface irb2001 Configure IRB interface 2001
(config-if)ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)ip address 21.21.21.1/24 Configure ip address
(config-if)ipv6 address 2121::1/64 Configure ipv6 address
(config-if)exit Exit from interface config mode
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure irb1001 under vxlan id 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure irb2001 under vxlan id 201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#qos profile dscp-to-queue Configure the QoS profile to match the inner dscp value of the
DSCP_QUEUE traffic at the IRB interface

© 2024 IP Infusion Inc. Proprietary 323

VXLAN-EVPN with IRB QoS

(config-ingress-dscp-map)#dscp 20 queue 1 Configure particular dscp to a queue value. Configure

particular dscp to a queue value. Here classification at the IRB
L3 interface is based on customer dscp value.
(config-ingress-dscp-map)#exit Exit from qos profile config mode
config)#int irb2001 Enter IRB L3 interface mode
(config-irb-if)#qos map-profile dscp-to- Map the qos profile in the IRB interface
queue DSCP_QUEUE
(config-irb-if)#exit Exit from interface mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#end Exit from global config mode

VTEP5

(config)#qos profile queue-color-to-cos Create QoS profile for remark the queue value to COS value
QUEUE_COS
(config-egress-cos-map)#queue 2 cos 5 Configure particular queue value to COS value for the profile
(config-ingress-cos-map)#exit Exit from qos profile mode
(config)# qos profile dscp-to-queue Create QoS profile for attaching in vxlan tunnel ingress
DSCP_QUEUE
(config-ingress-dscp-map)#dscp 56 queue 2 Configure DSCP value to queue value for the profile
(config)#nvo vxlan tunnel qos-map-mode cos- Map the configured QoS profile to vxlan tunnel ingress
dscp ingress DSCP_QUEUE
(config)#nvo vxlan access-if port-vlan xe1 Enter into vxlan access port mode
10
(config-nvo-acc-if)#map qos-profile queue- Map the qos profile in vxlan access-if
color-to-cos QUEUE_COS
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration
(config-nvo-acc-if)#end Exit from vxlan access port

Validation
Send traffic from TS2-21 to MH2 access-if with dscp value 20 and COS value 1(vlan20) and verify traffic reaceived at
TS1-11 with dscp value 32 and COS value 5(vlan10) at the VTEP5 access-if.

VTEP1
VTEP1#show running-config qos
qos enable
!
qos profile cos-to-queue COS_QUEUE
cos 1 queue 5
!
qos profile queue-color-to-dscp QUEUE_DSCP
queue 5 color all dscp 34
!
!
!
VTEP1#show running-config nvo vxlan
!
nvo vxlan enable
!

© 2024 IP Infusion Inc. Proprietary 324

VXLAN-EVPN with IRB QoS

evpn vxlan multihoming enable

!
nvo vxlan vtep-ip-global 1.1.1.1
!
nvo vxlan tunnel qos-map-mode cos-dscp egress QUEUE_DSCP
!
nvo vxlan id 101 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF1
vni-name VNI-101
!
nvo vxlan id 201 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF2
vni-name VNI-201
!
nvo vxlan access-if port-vlan po1 10
map vnid 101
mac 0000.2222.1010 ip 11.11.11.51
!
nvo vxlan access-if port-vlan po1 20
map vnid 201
mac 0000.2222.1020 ip 21.21.21.51
map qos-profile cos-to-queue COS_QUEUE
!
!
VTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
1.1.1.1 5.5.5.5 Installed 01:15:13 01:15:13
1.1.1.1 4.4.4.4 Installed 01:15:28 01:15:28
1.1.1.1 2.2.2.2 Installed 01:11:40 01:11:40

Total number of entries are 3

VTEP1#show interface ce52 counters queue-stats
E - Egress, I - Ingress, Q-Size is in bytes
+--------------------+--------+-----------------+-------------------+-----------------+-------------------+
| Queue/Class-map | Q-Size | Tx pkts | Tx bytes | Dropped pkts | Dropped bytes |
+--------------------+--------+-----------------+-------------------+-----------------+-------------------+
q0 (E) 125304832 0 0 0 0
q1 (E) 125304832 0 0 0 0
q2 (E) 125304832 0 0 0 0
q3 (E) 125304832 0 0 0 0
q4 (E) 125304832 0 0 0 0
q5 (E) 125304832 1316880 1316879000 0 0
q6 (E) 125304832 0 0 0 0
q7 (E) 125304832 0 0 0 0
VTEP1#show qos-profile COS_QUEUE
profile name: COS_QUEUE
profile type: cos-to-queue
profile attached to 1 instances
configured mapping:
cos 1 queue 5
Detailed mapping:
---------------+----------------- | ---------------+-----------------
INPUT | OUTPUT | INPUT | OUTPUT
---------------+----------------- | ---------------+-----------------
COS | DEI | Queue | Color | COS | DEI | Queue | Color
-------+-------+-------+--------- | -------+-------+-------+---------
0 0 0 green | 0 1 0 yellow
1 0 5 green | 1 1 5 yellow
2 0 2 green | 2 1 2 yellow
3 0 3 green | 3 1 3 yellow
4 0 4 green | 4 1 4 yellow
5 0 5 green | 5 1 5 yellow
6 0 6 green | 6 1 6 yellow
7 0 7 green | 7 1 7 yellow

VTEP1#show qos-profile QUEUE_DSCP

profile name: QUEUE_DSCP
profile type: queue-color-to-dscp
profile attached to 1 instances
configured mapping:
queue 5 color all dscp 34

© 2024 IP Infusion Inc. Proprietary 325

VXLAN-EVPN with IRB QoS

Detailed mapping:
----------------+-------- | ----------------+-------- | ----------------+--------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT | OUTPUT
----------------+-------- | ----------------+-------- | ----------------+--------
Queue | Color | DSCP | Queue | Color | DSCP | Queue | Color | DSCP
-------+--------+-------- | -------+--------+-------- | -------+--------+--------
0 green 0 | 0 yellow 0 | 0 red 0
1 green 10 | 1 yellow 12 | 1 red 14
2 green 18 | 2 yellow 20 | 2 red 22
3 green 26 | 3 yellow 28 | 3 red 30
4 green 34 | 4 yellow 36 | 4 red 38
5 green 34 | 5 yellow 34 | 5 red 34
6 green 48 | 6 yellow 48 | 6 red 48
7 green 56 | 7 yellow 56 | 7 red 56

VTEP4
VTEP4#show running-config qos
qos enable
!
qos profile dscp-to-queue DSCP_QUEUE
dscp 20 queue 1
!
!
!
interface irb2001
qos map-profile dscp-to-queue DSCP_QUEUE
!
VTEP4#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan irb
!
evpn vxlan multihoming enable
!
nvo vxlan vtep-ip-global 4.4.4.4
!
nvo vxlan id 101 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF1
evpn irb1001
vni-name VNI-101
!
nvo vxlan id 201 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF2
evpn irb2001
vni-name VNI-201
!
nvo vxlan access-if port-vlan xe3 20
map vnid 201
mac 0000.5555.1020 ip 21.21.21.101
!
!
VTEP4#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
4.4.4.4 2.2.2.2 Installed 00:08:40 00:08:40
4.4.4.4 1.1.1.1 Installed 00:12:28 00:12:28
4.4.4.4 5.5.5.5 Installed 00:12:13 00:12:13

Total number of entries are 3

VTEP4#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

© 2024 IP Infusion Inc. Proprietary 326

VXLAN-EVPN with IRB QoS

101 VNI-101 L2 NW ---- ---- ---- ---- 4.4.4.4 2.2.2.2

101 VNI-101 L2 NW ---- ---- ---- ---- 4.4.4.4 1.1.1.1
101 VNI-101 L2 NW ---- ---- ---- ---- 4.4.4.4 5.5.5.5
201 VNI-201 L2 NW ---- ---- ---- ---- 4.4.4.4 2.2.2.2
201 VNI-201 L2 NW ---- ---- ---- ---- 4.4.4.4 1.1.1.1
201 VNI-201 L2 NW ---- ---- ---- ---- 4.4.4.4 5.5.5.5
201 VNI-201 -- AC xe3 --- Single Homed Port --- 20 ---- ---- ----

Total number of entries are 7

VTEP4#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
201 21.21.21.51 0000.2222.1020 Static Remote ----
201 21.21.21.1 3c2c.991a.da7a Static Local ----
201 21.21.21.101 0000.5555.1020 Static Local ----
101 11.11.11.51 0000.2222.1010 Static Remote ----
101 11.11.11.1 3c2c.991a.da7a Static Local ----
101 11.11.11.201 0000.4444.1010 Static Remote ----
Total number of entries are 6
VTEP4#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________________________________
201 2121::1 3c2c.991a.da7a Static Local ----
101 1111::1 3c2c.991a.da7a Static Local ----
Total number of entries are 2
VTEP4#show nvo vxlan l3vni-map
L3VNI L2VNI IRB-interface
===================================
1000 101 irb1001
1000 201 irb2001

VTEP4#show ipv4 route vrf L3VRF1

IP Route Table for VRF "L3VRF1"

C 11.11.11.0/24 is directly connected, irb1001, 00:01:35
C 21.21.21.0/24 is directly connected, irb2001, 00:01:16
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:06:12

Gateway of last resort is not set

VTEP4#show ipv6 route vrf L3VRF1
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, D- DHCP, R - RIP,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, E - EVPN N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, i - IS-IS, B - BGP,
v - vrf leaked
Timers: Uptime

IP Route Table for VRF "L3VRF1"

C ::1/128 via ::, lo.L3VRF1, 00:06:29
C 1111::/64 via ::, irb1001, 00:01:52
C 2121::/64 via ::, irb2001, 00:01:33
C fe80::/64 via ::, irb2001, 00:01:33
VTEP4#show interface ce49 counters queue-stats
E - Egress, I - Ingress, Q-Size is in bytes
+--------------------+--------+-----------------+-------------------+-----------------+-------------------+
| Queue/Class-map | Q-Size | Tx pkts | Tx bytes | Dropped pkts | Dropped bytes |
+--------------------+--------+-----------------+-------------------+-----------------+-------------------+
q0 (E) 125304832 0 0 0 0
q1 (E) 125304832 1422755 1488201730 0 0
q2 (E) 125304832 0 0 0 0

© 2024 IP Infusion Inc. Proprietary 327

VXLAN-EVPN with IRB QoS

q3 (E) 125304832 0 0 0 0
q4 (E) 125304832 0 0 0 0
q5 (E) 125304832 0 0 0 0
q6 (E) 125304832 0 0 0 0
q7 (E) 125304832 0 0 0 0
VTEP4#show qos-profile DSCP_QUEUE
profile name: DSCP_QUEUE
profile type: dscp-to-queue
profile attached to 1 instances
configured mapping:
dscp 20 queue 1
Detailed mapping:
-------+--------------------------- | -------+--------------------------- | -------+--------------------------- | -------+-
--------------------------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT | OUTPUT | INPUT |
OUTPUT
-------+--------------------------- | -------+--------------------------- | -------+--------------------------- | -------+-
--------------------------
DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP |
Queue | Color | Out DSCP
-------+-------+--------+---------- | -------+-------+--------+---------- | -------+-------+--------+---------- | -------+-
------+--------+----------
0 0 green 0 | 16 2 green 16 | 32 4 green 32 | 48 6
green 48
1 0 green 1 | 17 2 green 17 | 33 4 green 33 | 49 6
green 49
2 0 green 2 | 18 2 green 18 | 34 4 green 34 | 50 6
green 50
3 0 green 3 | 19 2 green 19 | 35 4 green 35 | 51 6
green 51
4 0 green 4 | 20 1 yellow 20 | 36 4 yellow 36 | 52 6
green 52
5 0 green 5 | 21 2 green 21 | 37 4 green 37 | 53 6
green 53
6 0 green 6 | 22 2 yellow 22 | 38 4 yellow 38 | 54 6
green 54
7 0 green 7 | 23 2 green 23 | 39 4 green 39 | 55 6
green 55
8 1 green 8 | 24 3 green 24 | 40 5 green 40 | 56 7
green 56
9 1 green 9 | 25 3 green 25 | 41 5 green 41 | 57 7
green 57
10 1 green 10 | 26 3 green 26 | 42 5 green 42 | 58 7
green 58
11 1 green 11 | 27 3 green 27 | 43 5 green 43 | 59 7
green 59
12 1 yellow 12 | 28 3 yellow 28 | 44 5 green 44 | 60 7
green 60
13 1 green 13 | 29 3 green 29 | 45 5 green 45 | 61 7
green 61
14 1 yellow 14 | 30 3 yellow 30 | 46 5 green 46 | 62 7
green 62
15 1 green 15 | 31 3 green 31 | 47 5 green 47 | 63 7
green 63

VTEP4#show qos-profile interface irb2001

profile name: DSCP_QUEUE
profile type: dscp-to-queue (Ingress)
mapping:
-------+--------------------------- | -------+--------------------------- | -------+--------------------------- | -------+-
--------------------------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT | OUTPUT | INPUT |
OUTPUT
-------+--------------------------- | -------+--------------------------- | -------+--------------------------- | -------+-
--------------------------
DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP |
Queue | Color | Out DSCP
-------+-------+--------+---------- | -------+-------+--------+---------- | -------+-------+--------+---------- | -------+-
------+--------+----------
0 0 green 0 | 16 2 green 16 | 32 4 green 32 | 48 6
green 48
1 0 green 1 | 17 2 green 17 | 33 4 green 33 | 49 6
green 49
2 0 green 2 | 18 2 green 18 | 34 4 green 34 | 50 6
green 50
3 0 green 3 | 19 2 green 19 | 35 4 green 35 | 51 6
green 51
4 0 green 4 | 20 1 yellow 20 | 36 4 yellow 36 | 52 6
green 52

© 2024 IP Infusion Inc. Proprietary 328

VXLAN-EVPN with IRB QoS

5 0 green 5 | 21 2 green 21 | 37 4 green 37 | 53 6

VTEP5
VTEP5#show running-config qos
qos enable
!
qos profile queue-color-to-cos QUEUE_COS
queue 2 color all cos 5
!
qos profile dscp-to-queue DSCP_QUEUE
dscp 56 queue 2
!
!
!
VTEP5#show running-config nvo vxlan
!
nvo vxlan enable
!
evpn vxlan multihoming enable
!
nvo vxlan vtep-ip-global 5.5.5.5
!
nvo vxlan tunnel qos-map-mode cos-dscp ingress DSCP_QUEUE
!
nvo vxlan id 101 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF1
vni-name VNI-101
!
nvo vxlan id 201 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF2
vni-name VNI-201
!
nvo vxlan access-if port-vlan xe1 10
map vnid 101
mac 0000.4444.1010 ip 11.11.11.201
map qos-profile queue-color-to-cos QUEUE_COS
!
!
VTEP5#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
5.5.5.5 2.2.2.2 Installed 01:11:17 01:11:17
5.5.5.5 4.4.4.4 Installed 01:14:50 01:14:50
5.5.5.5 1.1.1.1 Installed 01:14:50 01:14:50

Total number of entries are 3

VTEP5#show interface xe1 counters queue-stats
E - Egress, I - Ingress, Q-Size is in bytes
+--------------------+--------+-----------------+-------------------+-----------------+-------------------+
| Queue/Class-map | Q-Size | Tx pkts | Tx bytes | Dropped pkts | Dropped bytes |
+--------------------+--------+-----------------+-------------------+-----------------+-------------------+
q0 (E) 12517376 0 0 0 0

© 2024 IP Infusion Inc. Proprietary 329

VXLAN-EVPN with IRB QoS

q1 (E) 12517376 0 0 0 0
q2 (E) 12517376 1005800 1052066800 0 0
q3 (E) 12517376 0 0 0 0
q4 (E) 12517376 0 0 0 0
q5 (E) 12517376 0 0 0 0
q6 (E) 12517376 0 0 0 0
q7 (E) 12517376 0 0 0 0
VTEP5#sh qos-profile QUEUE_COS
profile name: QUEUE_COS
profile type: queue-color-to-cos
profile attached to 1 instances
configured mapping:
queue 2 color all cos 5
Detailed mapping:
----------------+-------- | ----------------+-------- | ----------------+--------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT | OUTPUT
----------------+-------- | ----------------+-------- | ----------------+--------
Queue | Color | COS | Queue | Color | COS | Queue | Color | COS
-------+--------+-------- | -------+--------+-------- | -------+--------+--------
0 green 0 | 0 yellow 0 | 0 red 0
1 green 1 | 1 yellow 1 | 1 red 1
2 green 5 | 2 yellow 5 | 2 red 5
3 green 3 | 3 yellow 3 | 3 red 3
4 green 4 | 4 yellow 4 | 4 red 4
5 green 5 | 5 yellow 5 | 5 red 5
6 green 6 | 6 yellow 6 | 6 red 6
7 green 7 | 7 yellow 7 | 7 red 7

VTEP5#show qos-profile DSCP_QUEUE

profile name: DSCP_QUEUE
profile type: dscp-to-queue
profile attached to 1 instances
configured mapping:
dscp 56 queue 2
Detailed mapping:
-------+--------------------------- | -------+--------------------------- | -------+--------------------------- | -------+-
--------------------------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT | OUTPUT | INPUT |
OUTPUT
-------+--------------------------- | -------+--------------------------- | -------+--------------------------- | -------+-
--------------------------
DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP |
Queue | Color | Out DSCP
-------+-------+--------+---------- | -------+-------+--------+---------- | -------+-------+--------+---------- | -------+-
------+--------+----------
0 0 green 0 | 16 2 green 16 | 32 4 green 32 | 48 6
green 48
1 0 green 1 | 17 2 green 17 | 33 4 green 33 | 49 6
green 49
2 0 green 2 | 18 2 green 18 | 34 4 green 34 | 50 6
green 50
3 0 green 3 | 19 2 green 19 | 35 4 green 35 | 51 6
green 51
4 0 green 4 | 20 2 yellow 20 | 36 4 yellow 36 | 52 6
green 52
5 0 green 5 | 21 2 green 21 | 37 4 green 37 | 53 6
green 53
6 0 green 6 | 22 2 yellow 22 | 38 4 yellow 38 | 54 6
green 54
7 0 green 7 | 23 2 green 23 | 39 4 green 39 | 55 6
green 55
8 1 green 8 | 24 3 green 24 | 40 5 green 40 | 56 2
green 56
9 1 green 9 | 25 3 green 25 | 41 5 green 41 | 57 7
green 57
10 1 green 10 | 26 3 green 26 | 42 5 green 42 | 58 7
green 58
11 1 green 11 | 27 3 green 27 | 43 5 green 43 | 59 7
green 59
12 1 yellow 12 | 28 3 yellow 28 | 44 5 green 44 | 60 7
green 60
13 1 green 13 | 29 3 green 29 | 45 5 green 45 | 61 7
green 61
14 1 yellow 14 | 30 3 yellow 30 | 46 5 green 46 | 62 7
green 62
15 1 green 15 | 31 3 green 31 | 47 5 green 47 | 63 7
green 63

© 2024 IP Infusion Inc. Proprietary 330

VXLAN-EVPN with IRB QoS

IRB Configuration for Anycast

Configure from Base Configuration-L2 VXLAN section, then configure below commands for Anycast gateway
approach.
Note: For L2 traffic, always dscp-to-queue qos profile at tunnel ingress takes effect.
Note: For L3 traffic in the local VTEP, routing is done at IRB level and also QoS applied at the IRB interface and it
sends with l2vnid.

VTEP1

(config)#nvo vxlan irb Enable VXLAN irb

(config)#ip vrf L3VRF1 Create mac routing/forwarding instance with L3VRF1 name
and enter into vrf mode
(config-vrf)#rd 11000:11 Assign RD value
(config-vrf)# route-target both 100:100 Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1
(config-vrf)#exit Exit from vrf mode
(config)# evpn irb-forwarding anycast- Configure anycast mac address
gateway-mac 0000.0000.1111
(config)# interface irb1001 Configure IRB interface 1001
(config-if)ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)ip address 11.11.11.1/24 Configure ip address
(config-if)ipv6 address 1111::1/64 Configure ipv6 address
(config-if) evpn irb-if-forwarding anycast- Configure anycast mac address
gateway-mac
(config-if)exit Exit from interface config mode
(config)# interface irb2001 Configure IRB interface 2001
(config-if)ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)ip address 21.21.21.1/24 Configure ip address
(config-if)ipv6 address 2121::1/64 Configure ipv6 address
(config-if) evpn irb-if-forwarding anycast- Configure anycast mac address
gateway-mac
(config-if)exit Exit from interface config mode
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode

© 2024 IP Infusion Inc. Proprietary 331

VXLAN-EVPN with IRB QoS

(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route

protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure irb1001 under vxlan id 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure irb2001 under vxlan id 201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#qos profile dscp-to-queue Configure QoS profile to remark the traffic received from
DSCP_QUEUE access-if
(config-ingress-dscp-map)#dscp 20 queue 4 Configure particular dscp value to queue value in the profile
(config-ingress-dscp-map)#exit Exit from qos profile mode
(config)#int irb2001 Enter IRB L3 interface
(config-irb-if)#qos map-profile dscp-to- Map the qos profile
queue DSCP_QUEUE
(config-irb-if)#exit Exit from interface mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#end Exit from global config mode

VTEP2

(config)#nvo vxlan irb Enable VXLAN IRB

(config)#ip vrf L3VRF1 Create mac routing/forwarding instance with L3VRF1 name
and enter into vrf mode
(config-vrf)#rd 21000:11 Assign RD value
(config-vrf)# route-target both 100:100 Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1
(config-vrf)#exit Exit from vrf mode
(config)# evpn irb-forwarding anycast- Configure anycast mac address
gateway-mac 0000.0000.1111
(config)# interface irb1001 Configure IRB interface 1001
(config-if)ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)ip address 11.11.11.1/24 Configure ip address
(config-if)ipv6 address 1111::1/64 Configure ipv6 address
(config-if) evpn irb-if-forwarding anycast- Configure anycast mac address
gateway-mac
(config-if)exit Exit from interface config mode
(config)# interface irb2001 Configure IRB interface 2001
(config-if)ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)ip address 21.21.21.1/24 Configure ip address

© 2024 IP Infusion Inc. Proprietary 332

VXLAN-EVPN with IRB QoS

(config-if)ipv6 address 2121::1/64 Configure ipv6 address

(config-if) evpn irb-if-forwarding anycast- Configure anycast mac address
gateway-mac
(config-if)exit Exit from interface config mode
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure irb1001 under vxlan id 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure irb2001 under vxlan id 201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#qos profile dscp-to-queue Configure QoS profile to remark the traffic at remote vtep at
DSCP_QUEUE the ingress tunnel.
(config-ingress-dscp-map)#dscp 20 queue 4 Configure particular dscp value to queue value in the profile
(config-ingress-dscp-map)#exit Exit from qos profile mode
(config)#int irb2001 Enter IRB L3 interface
(config-irb-if)#qos map-profile dscp-to- Map the qos profile
queue DSCP_QUEUE
(config-irb-if)#exit Exit from interface mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#end Exit from global config mode

VTEP4

(config)#nvo vxlan irb Enable VXLAN IRB

© 2024 IP Infusion Inc. Proprietary 333

VXLAN-EVPN with IRB QoS

(config-if) evpn irb-if-forwarding anycast- Configure anycast mac address

gateway-mac
(config-if)exit Exit from interface config mode
(config)# interface irb2001 Configure IRB interface 2001
(config-if)ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)ip address 21.21.21.1/24 Configure ip address
(config-if)ipv6 address 2121::1/64 Configure ipv6 address
(config-if) evpn irb-if-forwarding anycast- Configure anycast mac address
gateway-mac
(config-if)exit Exit from interface config mode
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure irb1001 under vxlan id 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure irb2001 under vxlan id 201
(config-nvo)#commit Commit the candidate configuration to the running
configuration
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.

VTEP5

(config)#nvo vxlan irb Enable VXLAN IRB

© 2024 IP Infusion Inc. Proprietary 334

VXLAN-EVPN with IRB QoS

(config-if)ip vrf forwarding L3VRF1 Configure L3VRF1

(config-if)ip address 21.21.21.1/24 Configure ip address
(config-if)ipv6 address 2121::1/64 Configure ipv6 address
(config-if) evpn irb-if-forwarding anycast- Configure anycast mac address
gateway-mac
(config-if)exit Exit from interface config mode
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure irb1001 under vxlan id 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure irb2001 under vxlan id 201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#qos profile dscp-to-queue Configure the qos profile to remark outer dscp to queue of the
DSCP_QUEUE the ingress tunnel traffic. Here classification at the ingress
vtep is based on overlay dscp value.
(config-ingress-dscp-map)#dscp 34 queue 2 Configure particular dscp value to queue value in the profile.
Here dscp to <queue, dscp> is not applicable. I.e ingress
remarking of dscp at the ingress tunnel is not applicable.
(config-ingress-dscp-map)#exit Exit from qos profile mode
(config)#qos profile queue-color-to-cos Configure qos profile to remark the queue value to COS value
QUEUE_COS
(config-egress-cos-map)#queue 2 cos 6 Configure particular queue value to COS value
(config-egress-cos-map)#exit Exit from qos profile config mode
(config)#nvo vxlan tunnel qos-map-mode cos- Map the qos profile in tunnel ingress
dscp ingress DSCP_QUEUE
(config)#nvo vxlan access-if port-vlan xe1 Enter to vxlan access port config mode
10
(config-nvo-acc-if)#map qos-profile queue- Map the qos profile in vxlan access port
color-to-cos QUEUE_COS
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration
(config-nvo-acc-if)#end Exit from config mode

Validations
Send traffic from TS2-21 to MH2 access-if with dscp value 20 and COS value 1(vlan20) and verify traffic received at
TS1-11 with dscp value 20 and COS value 6(vlan10) at the VTEP5 access-if.

VTEP1
VTEP1#show running-config qos

© 2024 IP Infusion Inc. Proprietary 335

VXLAN-EVPN with IRB QoS

qos enable
!
qos profile dscp-to-queue DSCP_QUEUE
dscp 20 queue 4
!
!
!
!
interface irb2001
qos map-profile dscp-to-queue DSCP_QUEUE
!
VTEP1#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan irb
!
evpn vxlan multihoming enable
!
evpn irb-forwarding anycast-gateway-mac 0000.0000.1111
!
nvo vxlan vtep-ip-global 1.1.1.1
!
nvo vxlan id 101 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF1
evpn irb1001
vni-name VNI-101
!
nvo vxlan id 201 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF2
evpn irb2001
vni-name VNI-201
!
nvo vxlan access-if port-vlan po1 10
map vnid 101
mac 0000.2222.1010 ip 11.11.11.51
!
nvo vxlan access-if port-vlan po1 20
map vnid 201
mac 0000.2222.1020 ip 21.21.21.51
!
!
VTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
1.1.1.1 5.5.5.5 Installed 01:15:13 01:15:13
1.1.1.1 4.4.4.4 Installed 01:15:28 01:15:28
1.1.1.1 2.2.2.2 Installed 01:11:40 01:11:40

© 2024 IP Infusion Inc. Proprietary 336

VXLAN-EVPN with IRB QoS

Total number of entries are 3

VTEP1#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
101 VNI-101 L2 NW ---- ---- ---- ----
1.1.1.1 5.5.5.5
101 VNI-101 L2 NW ---- ---- ---- ----
1.1.1.1 4.4.4.4
101 VNI-101 L2 NW ---- ---- ---- ----
1.1.1.1 2.2.2.2
101 VNI-101 -- AC po1 00:00:00:00:00:22:22:00:00:00 10 DF
---- ----
201 VNI-201 L2 NW ---- ---- ---- ----
1.1.1.1 5.5.5.5
201 VNI-201 L2 NW ---- ---- ---- ----
1.1.1.1 4.4.4.4
201 VNI-201 L2 NW ---- ---- ---- ----
1.1.1.1 2.2.2.2
201 VNI-201 -- AC po1 00:00:00:00:00:22:22:00:00:00 20 DF
---- ----

Total number of entries are 8

VTEP1#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
201 21.21.21.51 0000.2222.1020 Static Local ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.101 0000.5555.1020 Static Remote ----
101 11.11.11.51 0000.2222.1010 Static Local ----
101 11.11.11.10 0010.9400.0002 Dynamic Remote ----
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.201 0000.4444.1010 Static Remote ----
Total number of entries are 7
VTEP1#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out
Retries-Left
_______________________________________________________________________________________
_____________
201 2121::1 0000.0000.1111 Static Local ----
101 1111::10 0010.9400.0002 Dynamic Remote ----
101 1111::1 0000.0000.1111 Static Local ----

© 2024 IP Infusion Inc. Proprietary 337

VXLAN-EVPN with IRB QoS

Total number of entries are 3

VTEP1#show ipv4 route vrf L3VRF1
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "L3VRF1"

C 11.11.11.0/24 is directly connected, irb1001, 00:13:19
C 21.21.21.0/24 is directly connected, irb2001, 00:12:56
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:17:13

Gateway of last resort is not set

VTEP1#show ipv6 route vrf L3VRF1
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, D- DHCP, R - RIP,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, E - EVPN N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, i - IS-IS, B - BGP,
v - vrf leaked
Timers: Uptime

IP Route Table for VRF "L3VRF1"

C ::1/128 via ::, lo.L3VRF1, 00:17:23
C 1111::/64 via ::, irb1001, 00:13:29
C 2121::/64 via ::, irb2001, 00:13:06
C fe80::/64 via ::, irb2001, 00:13:06
VTEP1#show interface ce52 counters queue-stats
E - Egress, I - Ingress, Q-Size is in bytes
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
| Queue/Class-map | Q-Size | Tx pkts | Tx bytes | Dropped pkts |
Dropped bytes |
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
q0 (E) 125304832 0 0 0 0
q1 (E) 125304832 0 0 0 0
q2 (E) 125304832 0 0 0 0
q3 (E) 125304832 0 0 0 0
q4 (E) 125304832 0 0 0 0
q5 (E) 125304832 0 0 0 0
q6 (E) 125304832 0 0 0 0
q7 (E) 125304832 0 0 0 0

VTEP1#show nvo vxlan l3vni-map

L3VNI L2VNI IRB-interface
===================================

© 2024 IP Infusion Inc. Proprietary 338

VXLAN-EVPN with IRB QoS

1000 101 irb1001

1000 201 irb2001

VTEP1#show qos-profile DSCP_QUEUE

profile name: DSCP_QUEUE
profile type: dscp-to-queue
profile attached to 1 instances
configured mapping:
dscp 20 queue 4
Detailed mapping:
-------+--------------------------- | -------+--------------------------- | -------+--
------------------------- | -------+---------------------------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT |
OUTPUT | INPUT | OUTPUT
-------+--------------------------- | -------+--------------------------- | -------+--
------------------------- | -------+---------------------------
DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP |
Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP
-------+-------+--------+---------- | -------+-------+--------+---------- | -------+--
-----+--------+---------- | -------+-------+--------+----------
0 0 green 0 | 16 2 green 16 | 32 4
green 32 | 48 6 green 48
1 0 green 1 | 17 2 green 17 | 33 4
green 33 | 49 6 green 49
2 0 green 2 | 18 2 green 18 | 34 4
green 34 | 50 6 green 50
3 0 green 3 | 19 2 green 19 | 35 4
green 35 | 51 6 green 51
4 0 green 4 | 20 4 yellow 20 | 36 4
yellow 36 | 52 6 green 52
5 0 green 5 | 21 2 green 21 | 37 4
green 37 | 53 6 green 53
6 0 green 6 | 22 2 yellow 22 | 38 4
yellow 38 | 54 6 green 54
7 0 green 7 | 23 2 green 23 | 39 4
green 39 | 55 6 green 55
8 1 green 8 | 24 3 green 24 | 40 5
green 40 | 56 7 green 56
9 1 green 9 | 25 3 green 25 | 41 5
green 41 | 57 7 green 57
10 1 green 10 | 26 3 green 26 | 42 5
green 42 | 58 7 green 58
11 1 green 11 | 27 3 green 27 | 43 5
green 43 | 59 7 green 59
12 1 yellow 12 | 28 3 yellow 28 | 44 5
green 44 | 60 7 green 60
13 1 green 13 | 29 3 green 29 | 45 5
green 45 | 61 7 green 61
14 1 yellow 14 | 30 3 yellow 30 | 46 5
green 46 | 62 7 green 62
15 1 green 15 | 31 3 green 31 | 47 5
green 47 | 63 7 green 63

VTEP1#show qos-profile interface irb2001

profile name: DSCP_QUEUE

© 2024 IP Infusion Inc. Proprietary 339

VXLAN-EVPN with IRB QoS

profile type: dscp-to-queue (Ingress)

mapping:
-------+--------------------------- | -------+--------------------------- | -------+--
------------------------- | -------+---------------------------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT |
OUTPUT | INPUT | OUTPUT
-------+--------------------------- | -------+--------------------------- | -------+--
------------------------- | -------+---------------------------
DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP |
Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP
-------+-------+--------+---------- | -------+-------+--------+---------- | -------+--
-----+--------+---------- | -------+-------+--------+----------
0 0 green 0 | 16 2 green 16 | 32 4
green 32 | 48 6 green 48
1 0 green 1 | 17 2 green 17 | 33 4
green 33 | 49 6 green 49
2 0 green 2 | 18 2 green 18 | 34 4
green 34 | 50 6 green 50
3 0 green 3 | 19 2 green 19 | 35 4
green 35 | 51 6 green 51
4 0 green 4 | 20 4 yellow 20 | 36 4
yellow 36 | 52 6 green 52
5 0 green 5 | 21 2 green 21 | 37 4
green 37 | 53 6 green 53
6 0 green 6 | 22 2 yellow 22 | 38 4
yellow 38 | 54 6 green 54
7 0 green 7 | 23 2 green 23 | 39 4
green 39 | 55 6 green 55
8 1 green 8 | 24 3 green 24 | 40 5
green 40 | 56 7 green 56
9 1 green 9 | 25 3 green 25 | 41 5
green 41 | 57 7 green 57
10 1 green 10 | 26 3 green 26 | 42 5
green 42 | 58 7 green 58
11 1 green 11 | 27 3 green 27 | 43 5
green 43 | 59 7 green 59
12 1 yellow 12 | 28 3 yellow 28 | 44 5
green 44 | 60 7 green 60
13 1 green 13 | 29 3 green 29 | 45 5
green 45 | 61 7 green 61
14 1 yellow 14 | 30 3 yellow 30 | 46 5
green 46 | 62 7 green 62
15 1 green 15 | 31 3 green 31 | 47 5
green 47 | 63 7 green 63

VTEP2

VTEP2#show running-config qos

qos enable
!
qos profile dscp-to-queue DSCP_QUEUE
dscp 20 queue 4
!
!
!

© 2024 IP Infusion Inc. Proprietary 340

VXLAN-EVPN with IRB QoS

!
interface irb2001
qos map-profile dscp-to-queue DSCP_QUEUE
!
VTEP2#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan irb
!
evpn esi hold-time 90
!
evpn vxlan multihoming enable
!
evpn irb-forwarding anycast-gateway-mac 0000.0000.1111
!
nvo vxlan vtep-ip-global 2.2.2.2
!
nvo vxlan id 101 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF1
evpn irb1001
vni-name VNI-101
!
nvo vxlan id 201 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF2
evpn irb2001
vni-name VNI-201
!
nvo vxlan access-if port-vlan po1 10
map vnid 101
mac 0000.2222.1010 ip 11.11.11.51
!
nvo vxlan access-if port-vlan po1 20
map vnid 201
mac 0000.2222.1020 ip 21.21.21.51
!
!
VTEP2#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
2.2.2.2 4.4.4.4 Installed 01:13:43 01:13:43
2.2.2.2 1.1.1.1 Installed 01:13:43 01:13:43
2.2.2.2 5.5.5.5 Installed 01:13:43 01:13:43

Total number of entries are 3

VTEP2#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port

© 2024 IP Infusion Inc. Proprietary 341

VXLAN-EVPN with IRB QoS

AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
101 VNI-101 L2 NW ---- ---- ---- ----
2.2.2.2 4.4.4.4
101 VNI-101 L2 NW ---- ---- ---- ----
2.2.2.2 1.1.1.1
101 VNI-101 L2 NW ---- ---- ---- ----
2.2.2.2 5.5.5.5
101 VNI-101 -- AC po1 00:00:00:00:00:22:22:00:00:00 10 NON-DF
---- ----
201 VNI-201 L2 NW ---- ---- ---- ----
2.2.2.2 4.4.4.4
201 VNI-201 L2 NW ---- ---- ---- ----
2.2.2.2 1.1.1.1
201 VNI-201 L2 NW ---- ---- ---- ----
2.2.2.2 5.5.5.5
201 VNI-201 -- AC po1 00:00:00:00:00:22:22:00:00:00 20 NON-DF
---- ----

Total number of entries are 8

VTEP2#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
201 21.21.21.51 0000.2222.1020 Static Local ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.101 0000.5555.1020 Static Remote ----
101 11.11.11.51 0000.2222.1010 Static Local ----
101 11.11.11.10 0010.9400.0002 Dynamic Remote ----
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.201 0000.4444.1010 Static Remote ----
Total number of entries are 7
VTEP2#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out
Retries-Left
_______________________________________________________________________________________
_____________
201 2121::1 0000.0000.1111 Static Local ----
101 1111::10 0010.9400.0002 Dynamic Remote ----
101 1111::1 0000.0000.1111 Static Local ----
Total number of entries are 3
VTEP2#show ipv4 route vrf L3VRF1
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

© 2024 IP Infusion Inc. Proprietary 342

VXLAN-EVPN with IRB QoS

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "L3VRF1"

C 11.11.11.0/24 is directly connected, irb1001, 00:10:20
C 21.21.21.0/24 is directly connected, irb2001, 00:09:55
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:13:30

Gateway of last resort is not set

VTEP2#show ipv6 route vrf L3VRF1
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, D- DHCP, R - RIP,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, E - EVPN N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, i - IS-IS, B - BGP,
v - vrf leaked
Timers: Uptime

IP Route Table for VRF "L3VRF1"

C ::1/128 via ::, lo.L3VRF1, 00:13:36
C 1111::/64 via ::, irb1001, 00:10:26
C 2121::/64 via ::, irb2001, 00:10:01
C fe80::/64 via ::, irb2001, 00:10:01
VTEP2#show nvo vxlan l3vni-map
L3VNI L2VNI IRB-interface
===================================
1000 101 irb1001
1000 201 irb2001

VTEP2#show interface xe29 counters queue-stats

E - Egress, I - Ingress, Q-Size is in bytes
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
| Queue/Class-map | Q-Size | Tx pkts | Tx bytes | Dropped pkts |
Dropped bytes |
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
q0 (E) 12517376 0 0 0 0
q1 (E) 12517376 0 0 0 0
q2 (E) 12517376 0 0 0 0
q3 (E) 12517376 0 0 0 0
q4 (E) 12517376 2998022 2998045000 0 0
q5 (E) 12517376 0 0 0 0
q6 (E) 12517376 0 0 0 0
q7 (E) 12517376 0 0 0 0

VTEP2#show qos-profile DSCP_QUEUE

profile name: DSCP_QUEUE

© 2024 IP Infusion Inc. Proprietary 343

VXLAN-EVPN with IRB QoS

profile type: dscp-to-queue

profile attached to 1 instances
configured mapping:
dscp 20 queue 4
Detailed mapping:
-------+--------------------------- | -------+--------------------------- | -------+--
------------------------- | -------+---------------------------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT |
OUTPUT | INPUT | OUTPUT
-------+--------------------------- | -------+--------------------------- | -------+--
------------------------- | -------+---------------------------
DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP |
Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP
-------+-------+--------+---------- | -------+-------+--------+---------- | -------+--
-----+--------+---------- | -------+-------+--------+----------
0 0 green 0 | 16 2 green 16 | 32 4
green 32 | 48 6 green 48
1 0 green 1 | 17 2 green 17 | 33 4
green 33 | 49 6 green 49
2 0 green 2 | 18 2 green 18 | 34 4
green 34 | 50 6 green 50
3 0 green 3 | 19 2 green 19 | 35 4
green 35 | 51 6 green 51
4 0 green 4 | 20 4 yellow 20 | 36 4
yellow 36 | 52 6 green 52
5 0 green 5 | 21 2 green 21 | 37 4
green 37 | 53 6 green 53
6 0 green 6 | 22 2 yellow 22 | 38 4
yellow 38 | 54 6 green 54
7 0 green 7 | 23 2 green 23 | 39 4
green 39 | 55 6 green 55
8 1 green 8 | 24 3 green 24 | 40 5
green 40 | 56 7 green 56
9 1 green 9 | 25 3 green 25 | 41 5
green 41 | 57 7 green 57
10 1 green 10 | 26 3 green 26 | 42 5
green 42 | 58 7 green 58
11 1 green 11 | 27 3 green 27 | 43 5
green 43 | 59 7 green 59
12 1 yellow 12 | 28 3 yellow 28 | 44 5
green 44 | 60 7 green 60
13 1 green 13 | 29 3 green 29 | 45 5
green 45 | 61 7 green 61
14 1 yellow 14 | 30 3 yellow 30 | 46 5
green 46 | 62 7 green 62
15 1 green 15 | 31 3 green 31 | 47 5
green 47 | 63 7 green 63

VTEP2#show qos-profile interface irb2001

© 2024 IP Infusion Inc. Proprietary 344

VXLAN-EVPN with IRB QoS

-------+--------------------------- | -------+--------------------------- | -------+--

------------------------- | -------+---------------------------
DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP |
Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP
-------+-------+--------+---------- | -------+-------+--------+---------- | -------+--
-----+--------+---------- | -------+-------+--------+----------
0 0 green 0 | 16 2 green 16 | 32 4
green 32 | 48 6 green 48
1 0 green 1 | 17 2 green 17 | 33 4
green 33 | 49 6 green 49
2 0 green 2 | 18 2 green 18 | 34 4
green 34 | 50 6 green 50
3 0 green 3 | 19 2 green 19 | 35 4
green 35 | 51 6 green 51
4 0 green 4 | 20 4 yellow 20 | 36 4
yellow 36 | 52 6 green 52
5 0 green 5 | 21 2 green 21 | 37 4
green 37 | 53 6 green 53
6 0 green 6 | 22 2 yellow 22 | 38 4
yellow 38 | 54 6 green 54
7 0 green 7 | 23 2 green 23 | 39 4
green 39 | 55 6 green 55
8 1 green 8 | 24 3 green 24 | 40 5
green 40 | 56 7 green 56
9 1 green 9 | 25 3 green 25 | 41 5
green 41 | 57 7 green 57
10 1 green 10 | 26 3 green 26 | 42 5
green 42 | 58 7 green 58
11 1 green 11 | 27 3 green 27 | 43 5
green 43 | 59 7 green 59
12 1 yellow 12 | 28 3 yellow 28 | 44 5
green 44 | 60 7 green 60
13 1 green 13 | 29 3 green 29 | 45 5
green 45 | 61 7 green 61
14 1 yellow 14 | 30 3 yellow 30 | 46 5
green 46 | 62 7 green 62
15 1 green 15 | 31 3 green 31 | 47 5
green 47 | 63 7 green 63

VTEP4
VTEP4#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
4.4.4.4 2.2.2.2 Installed 01:14:47 01:14:47
4.4.4.4 1.1.1.1 Installed 01:18:35 01:18:35
4.4.4.4 5.5.5.5 Installed 01:18:20 01:18:20

Total number of entries are 3

VTEP4#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

© 2024 IP Infusion Inc. Proprietary 345

VXLAN-EVPN with IRB QoS

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
101 VNI-101 L2 NW ---- ---- ---- ----
4.4.4.4 2.2.2.2
101 VNI-101 L2 NW ---- ---- ---- ----
4.4.4.4 1.1.1.1
101 VNI-101 L2 NW ---- ---- ---- ----
4.4.4.4 5.5.5.5
201 VNI-201 L2 NW ---- ---- ---- ----
4.4.4.4 2.2.2.2
201 VNI-201 L2 NW ---- ---- ---- ----
4.4.4.4 1.1.1.1
201 VNI-201 L2 NW ---- ---- ---- ----
4.4.4.4 5.5.5.5
201 VNI-201 -- AC xe3 --- Single Homed Port --- 20 ----
---- ----

Total number of entries are 7

VTEP4#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
201 21.21.21.51 0000.2222.1020 Static Remote ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.101 0000.5555.1020 Static Local ----
101 11.11.11.51 0000.2222.1010 Static Remote ----
101 11.11.11.10 0010.9400.0002 Dynamic Remote ----
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.201 0000.4444.1010 Static Remote ----
Total number of entries are 7
VTEP4#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out
Retries-Left
_______________________________________________________________________________________
_____________
201 2121::1 0000.0000.1111 Static Local ----
101 1111::10 0010.9400.0002 Dynamic Remote ----
101 1111::1 0000.0000.1111 Static Local ----
Total number of entries are 3
VTEP4#show ipv4 route vrf L3VRF1
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked

© 2024 IP Infusion Inc. Proprietary 346

VXLAN-EVPN with IRB QoS

* - candidate default

IP Route Table for VRF "L3VRF1"

C 11.11.11.0/24 is directly connected, irb1001, 00:07:24
C 21.21.21.0/24 is directly connected, irb2001, 00:07:14
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:10:16

Gateway of last resort is not set

IP Route Table for VRF "L3VRF1"

C ::1/128 via ::, lo.L3VRF1, 00:10:21
C 1111::/64 via ::, irb1001, 00:07:29
C 2121::/64 via ::, irb2001, 00:07:19
C fe80::/64 via ::, irb2001, 00:07:19
VTEP4#show nvo vxlan l3vni-map
L3VNI L2VNI IRB-interface
===================================
1000 101 irb1001
1000 201 irb2001

VTEP5
VTEP5#show running-config qos
qos enable
!
qos profile queue-color-to-cos QUEUE_COS
queue 2 color all cos 6
!
qos profile dscp-to-queue DSCP_QUEUE
dscp 34 queue 2
!
!
!
VTEP5#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan irb
!
evpn vxlan multihoming enable
!
evpn irb-forwarding anycast-gateway-mac 0000.0000.1111

© 2024 IP Infusion Inc. Proprietary 347

VXLAN-EVPN with IRB QoS

!
nvo vxlan vtep-ip-global 5.5.5.5
!
nvo vxlan tunnel qos-map-mode cos-dscp ingress DSCP_QUEUE
!
nvo vxlan id 101 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF1
evpn irb1001
vni-name VNI-101
!
nvo vxlan id 201 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF2
evpn irb2001
vni-name VNI-201
!
nvo vxlan access-if port-vlan xe1 10
map vnid 101
mac 0000.4444.1010 ip 11.11.11.201
map qos-profile queue-color-to-cos QUEUE_COS
!
!
VTEP5#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
5.5.5.5 2.2.2.2 Installed 01:11:17 01:11:17
5.5.5.5 4.4.4.4 Installed 01:14:50 01:14:50
5.5.5.5 1.1.1.1 Installed 01:14:50 01:14:50

Total number of entries are 3

VTEP5#sh nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

© 2024 IP Infusion Inc. Proprietary 348

VXLAN-EVPN with IRB QoS

201 VNI-201 L2 NW ---- ---- ---- ----

5.5.5.5 4.4.4.4
201 VNI-201 L2 NW ---- ---- ---- ----
5.5.5.5 1.1.1.1

Total number of entries are 7

VTEP5#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
201 21.21.21.51 0000.2222.1020 Static Remote ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.101 0000.5555.1020 Static Remote ----
101 11.11.11.51 0000.2222.1010 Static Remote ----
101 11.11.11.10 0010.9400.0002 Dynamic Local ----
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.201 0000.4444.1010 Static Local ----
Total number of entries are 7
VTEP5#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out
Retries-Left
_______________________________________________________________________________________
_____________
201 2121::1 0000.0000.1111 Static Local ----
101 1111::10 0010.9400.0002 Dynamic Local ----
101 1111::1 0000.0000.1111 Static Local ----
Total number of entries are 3
VTEP5#show ipv4 route vrf L3VRF1
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "L3VRF1"

C 11.11.11.0/24 is directly connected, irb1001, 00:05:08
C 21.21.21.0/24 is directly connected, irb2001, 00:04:57
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:07:30

Gateway of last resort is not set

VTEP5#show ipv6 route vrf L3VRF1
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, D- DHCP, R - RIP,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, E - EVPN N1 - OSPF NSSA external type 1,

© 2024 IP Infusion Inc. Proprietary 349

VXLAN-EVPN with IRB QoS

N2 - OSPF NSSA external type 2, i - IS-IS, B - BGP,

v - vrf leaked
Timers: Uptime

IP Route Table for VRF "L3VRF1"

C ::1/128 via ::, lo.L3VRF1, 00:07:35
C 1111::/24 via ::, irb1001, 00:05:13
C 2121::/64 via ::, irb2001, 00:05:02
C fe80::/64 via ::, irb2001, 00:05:02
VTEP5#show nvo vxlan l3vni-map
L3VNI L2VNI IRB-interface
===================================
1000 101 irb1001
1000 201 irb2001

VTEP5#show interface xe1 counters queue-stats

E - Egress, I - Ingress, Q-Size is in bytes
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
| Queue/Class-map | Q-Size | Tx pkts | Tx bytes | Dropped pkts |
Dropped bytes |
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
q0 (E) 12517376 0 0 0 0
q1 (E) 12517376 0 0 0 0
q2 (E) 12517376 1170696 1224549062 0 0
q3 (E) 12517376 0 0 0 0
q4 (E) 12517376 0 0 0 0
q5 (E) 12517376 0 0 0 0
q6 (E) 12517376 0 0 0 0
q7 (E) 12517376 0 0 0 0

VTEP5#show qos-profile QUEUE_COS

profile name: QUEUE_COS
profile type: queue-color-to-cos
profile attached to 1 instances
configured mapping:
queue 2 color all cos 6
Detailed mapping:
----------------+-------- | ----------------+-------- | ----------------+--------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT | OUTPUT
----------------+-------- | ----------------+-------- | ----------------+--------
Queue | Color | COS | Queue | Color | COS | Queue | Color | COS
-------+--------+-------- | -------+--------+-------- | -------+--------+--------
0 green 0 | 0 yellow 0 | 0 red 0
1 green 1 | 1 yellow 1 | 1 red 1
2 green 6 | 2 yellow 6 | 2 red 6
3 green 3 | 3 yellow 3 | 3 red 3
4 green 4 | 4 yellow 4 | 4 red 4
5 green 5 | 5 yellow 5 | 5 red 5
6 green 6 | 6 yellow 6 | 6 red 6

© 2024 IP Infusion Inc. Proprietary 350

VXLAN-EVPN with IRB QoS

7 green 7 | 7 yellow 7 | 7 red 7

VTEP5#show qos-profile DSCP_QUEUE

profile name: DSCP_QUEUE
profile type: dscp-to-queue
profile attached to 1 instances
configured mapping:
dscp 34 queue 2
Detailed mapping:
-------+--------------------------- | -------+--------------------------- | -------+--
------------------------- | -------+---------------------------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT |
OUTPUT | INPUT | OUTPUT
-------+--------------------------- | -------+--------------------------- | -------+--
------------------------- | -------+---------------------------
DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP |
Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP
-------+-------+--------+---------- | -------+-------+--------+---------- | -------+--
-----+--------+---------- | -------+-------+--------+----------
0 0 green 0 | 16 2 green 16 | 32 4
green 32 | 48 6 green 48
1 0 green 1 | 17 2 green 17 | 33 4
green 33 | 49 6 green 49
2 0 green 2 | 18 2 green 18 | 34 2
green 34 | 50 6 green 50
3 0 green 3 | 19 2 green 19 | 35 4
green 35 | 51 6 green 51
4 0 green 4 | 20 2 yellow 20 | 36 4
yellow 36 | 52 6 green 52
5 0 green 5 | 21 2 green 21 | 37 4
green 37 | 53 6 green 53
6 0 green 6 | 22 2 yellow 22 | 38 4
yellow 38 | 54 6 green 54
7 0 green 7 | 23 2 green 23 | 39 4
green 39 | 55 6 green 55
8 1 green 8 | 24 3 green 24 | 40 5
green 40 | 56 7 green 56
9 1 green 9 | 25 3 green 25 | 41 5
green 41 | 57 7 green 57
10 1 green 10 | 26 3 green 26 | 42 5
green 42 | 58 7 green 58
11 1 green 11 | 27 3 green 27 | 43 5
green 43 | 59 7 green 59
12 1 yellow 12 | 28 3 yellow 28 | 44 5
green 44 | 60 7 green 60
13 1 green 13 | 29 3 green 29 | 45 5
green 45 | 61 7 green 61
14 1 yellow 14 | 30 3 yellow 30 | 46 5
green 46 | 62 7 green 62
15 1 green 15 | 31 3 green 31 | 47 5
green 47 | 63 7 green 63

© 2024 IP Infusion Inc. Proprietary 351

VXLAN-EVPN with IRB QoS

Distributed Gateway
In distributed gateway approach, VTEP will act as default gateways for one or more VNIDs,
Each VTEP having its own default gateway IP and MAC configuration for a given VNID.

IRB QoS Configuration for Distributed

Configure from Base Configuration-L2 VXLAN section, then configure below commands for centralized distributed
approach.
Note: For L3 traffic, when l3vni is sent in the traffic, then dscp-to-queue qos profile mapped at tunnel ingress takes
effect.

VTEP4
Unconfigure vnid 101 from nvo vxlan.

(config)#nvo vxlan irb Enable VXLAN irb

(config)#ip vrf L3VRF1 Create mac routing/forwarding instance with L3VRF1 name
and enter into vrf mode
(config-vrf)#rd 41000:11 Assign RD value
(config-vrf)# route-target both 100:100 Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000 Configure L3VNI as 1000 for L3VRF1
(config-vrf)#exit Exit from vrf mode
(config)# interface irb2001 Configure IRB interface 2001
(config-if)ip vrf forwarding L3VRF1 Configure L3VRF1
(config-if)ip address 21.21.21.1/24 Configure ip address
(config-if)ipv6 address 2121::1/64 Configure ipv6 address
(config-if)exit Exit from interface config mode
(config)router bgp 5000 Enter into bgp router mode
(config-router)#address-family ipv4 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit form address-family
(config-router)#address-family ipv6 vrf Enter into address-family mode for L3VRF1
L3VRF1
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit form address-family
(config)#nvo vxlan id 201 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF2
(config-nvo)# evpn irb2001 Configure irb2001 under vxlan id 201
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.

© 2024 IP Infusion Inc. Proprietary 352

VXLAN-EVPN with IRB QoS

(config)#qos remark dscp Enable qos dscp remark for dscp-to-dscp mapping if required
(config)#qos profile dscp-to-queue Configure qos profile to remark at vxlan ingress tunnel. Here
DSCP_QUEUE dscp to <queue, dscp> is not applicable. I.e ingress remarking
of dscp at the ingress tunnel is not applicable.
(config-ingress-dscp-map)#dscp 56 queue 6 Configure particular outer dscp value to queue value. Here
classification at the ingress vtep is based on overlay dscp
value
(config-ingress-dscp-map)#exit Exit from qos profile config mode
(config-egress-dscp-map)#dscp 20 dscp 32 Configure particular dscp value to dscp value
(config-egress-dscp-map)#exit Exit from qos profile config mode
(config)#qos profile queue-color-to-cos Configure qos profile for remark at vxlan access-if
QUEUE_COS
(config-egress-cos-map)#queue 6 cos 2 Configure particular queue value to COS value
(config-egress-cos-map)#exit Exit from qos profile config mode
(config)#nvo vxlan tunnel qos-map-mode cos- Map the qos profile to vxlan tunnel ingress
dscp ingress DSCP_QUEUE
(config)#nvo vxlan access-if port-vlan xe3 Enter vxlan access-if mode
20
(config-nvo-acc-if)#map qos-profile queue- Map qos profile
color-to-cos QUEUE_COS
(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration
(config-nvo-acc-if)#end Exit from global configuration mode

VTEP5
Unconfigure vnid 201 from nvo vxlan.

(config)#nvo vxlan irb Enable VXLAN IRB

© 2024 IP Infusion Inc. Proprietary 353

VXLAN-EVPN with IRB QoS

(config-router)#address-family ipv6 vrf Enter into address-family mode for L3VRF1

L3VRF1
(config-router-af)#redistribute connected Redistribute connected
(config-router-af)#exit-address-family Exit form address-family
(config)# nvo vxlan id 101 ingress- Configure VXLAN Network identifier with/without inner-vid-
replication inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign vrf for evpn-bgp to carry EVPN route
protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001 Configure irb1001 under vxlan id 101
(config-nvo)#exit Exit from VXLAN tenant mode and enter into configuration
mode.
(config)#qos profile dscp-to-queue Configure qos profile for dscp to queue for ingress traffic
DSCP_QUEUE
(config-ingress-dscp-map)# dscp 20 queue 4 Configure particular dscp value to queue value
(config)#interface irb1001 Enter IRB L3 interface
(config-irb-if)#qos map-profile dscp-to- Map qos profile
queue DSCP_QUEUE
(config-irb-if)#commit Commit the candidate configuration to the running
configuration
(config-irb-if)#end Exit from global conf mode

Validations
Send traffic from TS1-11 to VTEP5 access-if with dscp value 20 COS value 1(vlan10) and verify traffic received at TS2-
21 with dscp value 32 and COS value 2(vlan20) at the VTEP4 access-if.

VTEP5
VTEP5#show running-config qos
qos enable
!
qos profile dscp-to-queue DSCP_QUEUE
dscp 20 queue 4
!
!
!
!
interface irb1001
qos map-profile dscp-to-queue DSCP_QUEUE
!
VTEP5#show run nvo vxlan
!
nvo vxlan enable
!
nvo vxlan irb
!
evpn vxlan multihoming enable
!

© 2024 IP Infusion Inc. Proprietary 354

VXLAN-EVPN with IRB QoS

nvo vxlan vtep-ip-global 5.5.5.5

!
nvo vxlan id 101 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF1
evpn irb1001
vni-name VNI-101
!
nvo vxlan id 201 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF2
vni-name VNI-201
!
nvo vxlan access-if port-vlan xe1 10
map vnid 101
mac 0000.4444.1010 ip 11.11.11.201
!
!
VTEP5#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
5.5.5.5 2.2.2.2 Installed 00:29:54 00:29:54
5.5.5.5 4.4.4.4 Installed 00:29:54 00:29:54
5.5.5.5 1.1.1.1 Installed 00:29:54 00:29:54

Total number of entries are 3

VTEP5#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
101 VNI-101 L2 NW ---- ---- ---- ----
5.5.5.5 2.2.2.2
101 VNI-101 L2 NW ---- ---- ---- ----
5.5.5.5 4.4.4.4
101 VNI-101 L2 NW ---- ---- ---- ----
5.5.5.5 1.1.1.1
101 VNI-101 -- AC xe1 --- Single Homed Port --- 10 ----
---- ----
201 VNI-201 L2 NW ---- ---- ---- ----
5.5.5.5 2.2.2.2
201 VNI-201 L2 NW ---- ---- ---- ----
5.5.5.5 4.4.4.4
201 VNI-201 L2 NW ---- ---- ---- ----
5.5.5.5 1.1.1.1
1000 ---- L3 NW ---- ---- ---- ----
5.5.5.5 4.4.4.4

© 2024 IP Infusion Inc. Proprietary 355

VXLAN-EVPN with IRB QoS

Total number of entries are 8

VTEP5#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
201 21.21.21.51 0000.2222.1020 Static Remote ----
201 21.21.21.1 3c2c.991a.da7a Static Remote ----
201 21.21.21.101 0000.5555.1020 Static Remote ----
101 11.11.11.51 0000.2222.1010 Static Remote ----
101 11.11.11.1 04f8.f82f.8eee Static Local ----
101 11.11.11.201 0000.4444.1010 Static Local ----
Total number of entries are 6
VTEP5#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out
Retries-Left
_______________________________________________________________________________________
_____________
201 2121::1 3c2c.991a.da7a Static Remote ----
101 1111::1 04f8.f82f.8eee Static Local ----
Total number of entries are 2
VTEP5#show nvo vxlan l3vni-map
L3VNI L2VNI IRB-interface
===================================
1000 101 irb1001

VTEP5#show ipv4 route vrf L3VRF1

IP Route Table for VRF "L3VRF1"

B 4.4.4.4/32 [0/0] is directly connected, tunvxlan1000, 00:04:09
C 11.11.11.0/24 is directly connected, irb1001, 00:02:38
B 21.21.21.0/24 [200/0] via 4.4.4.4 (recursive is directly connected,
tunvxlan1000), 00:04:09
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:04:46

Gateway of last resort is not set

© 2024 IP Infusion Inc. Proprietary 356

VXLAN-EVPN with IRB QoS

N2 - OSPF NSSA external type 2, i - IS-IS, B - BGP,

v - vrf leaked
Timers: Uptime

IP Route Table for VRF "L3VRF1"

C ::1/128 via ::, lo.L3VRF1, 00:04:50
B ::ffff:404:404/128 [0/0] via ::, tunvxlan1000, 00:04:13
C 1111::/64 via ::, irb1001, 00:02:42
B 2121::/64 [200/0] via ::ffff:404:404 (recursive via ::, unknown), 00:04:13
C fe80::/64 via ::, irb1001, 00:02:42
VTEP5#show interface ce53 counter queue-stats
E - Egress, I - Ingress, Q-Size is in bytes
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
| Queue/Class-map | Q-Size | Tx pkts | Tx bytes | Dropped pkts |
Dropped bytes |
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
q0 (E) 50069504 0 0 0 0
q1 (E) 50069504 0 0 0 0
q2 (E) 50069504 0 0 0 0
q3 (E) 50069504 0 0 0 0
q4 (E) 50069504 498796 698314400 0 0
q5 (E) 50069504 0 0 0 0
q6 (E) 50069504 0 0 0 0
q7 (E) 50069504 0 0 0 0

VTEP5#show qos-profile DSCP_QUEUE

© 2024 IP Infusion Inc. Proprietary 357

VXLAN-EVPN with IRB QoS

VTEP5#show qos-profile interface irb1001

profile name: DSCP_QUEUE
profile type: dscp-to-queue (Ingress)
mapping:
-------+--------------------------- | -------+--------------------------- | -------+--
------------------------- | -------+---------------------------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT |
OUTPUT | INPUT | OUTPUT
-------+--------------------------- | -------+--------------------------- | -------+--
------------------------- | -------+---------------------------
DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP |
Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP
-------+-------+--------+---------- | -------+-------+--------+---------- | -------+--
-----+--------+---------- | -------+-------+--------+----------
0 0 green 0 | 16 2 green 16 | 32 4
green 32 | 48 6 green 48
1 0 green 1 | 17 2 green 17 | 33 4
green 33 | 49 6 green 49
2 0 green 2 | 18 2 green 18 | 34 4
green 34 | 50 6 green 50
3 0 green 3 | 19 2 green 19 | 35 4
green 35 | 51 6 green 51
4 0 green 4 | 20 4 yellow 20 | 36 4
yellow 36 | 52 6 green 52
5 0 green 5 | 21 2 green 21 | 37 4
green 37 | 53 6 green 53
6 0 green 6 | 22 2 yellow 22 | 38 4
yellow 38 | 54 6 green 54
7 0 green 7 | 23 2 green 23 | 39 4
green 39 | 55 6 green 55

© 2024 IP Infusion Inc. Proprietary 358

VXLAN-EVPN with IRB QoS

VTEP4
VTEP4#show run qos
qos enable
qos remark dscp
!
!
qos profile queue-color-to-cos QUEUE_COS
queue 6 color all cos 2
!
qos profile dscp-to-queue DSCP_QUEUE
dscp 56 queue 6
!
!
!
!
VTEP4#show run nvo vxlan
!
nvo vxlan enable
!
nvo vxlan irb
!
evpn vxlan multihoming enable
!
nvo vxlan vtep-ip-global 4.4.4.4
!
nvo vxlan tunnel qos-map-mode cos-dscp ingress DSCP_QUEUE
!
nvo vxlan id 101 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF1
vni-name VNI-101
!
nvo vxlan id 201 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF2
evpn irb2001

© 2024 IP Infusion Inc. Proprietary 359

VXLAN-EVPN with IRB QoS

vni-name VNI-201
!
nvo vxlan access-if port-vlan xe3 20
map vnid 201
mac 0000.5555.1020 ip 21.21.21.101
map qos-profile queue-color-to-cos QUEUE_COS
!
!
VTEP4#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
4.4.4.4 2.2.2.2 Installed 00:28:32 00:28:32
4.4.4.4 1.1.1.1 Installed 00:28:38 00:28:38
4.4.4.4 5.5.5.5 Installed 00:28:31 00:28:31

Total number of entries are 3

VTEP4#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
101 VNI-101 L2 NW ---- ---- ---- ----
4.4.4.4 2.2.2.2
101 VNI-101 L2 NW ---- ---- ---- ----
4.4.4.4 1.1.1.1
101 VNI-101 L2 NW ---- ---- ---- ----
4.4.4.4 5.5.5.5
201 VNI-201 L2 NW ---- ---- ---- ----
4.4.4.4 2.2.2.2
201 VNI-201 L2 NW ---- ---- ---- ----
4.4.4.4 1.1.1.1
201 VNI-201 L2 NW ---- ---- ---- ----
4.4.4.4 5.5.5.5
201 VNI-201 -- AC xe3 --- Single Homed Port --- 20 ----
---- ----
1000 ---- L3 NW ---- ---- ---- ----
4.4.4.4 5.5.5.5

Total number of entries are 8

© 2024 IP Infusion Inc. Proprietary 360

VXLAN-EVPN with IRB QoS

201 21.21.21.101 0000.5555.1020 Static Local ----

101 11.11.11.51 0000.2222.1010 Static Remote ----
101 11.11.11.1 04f8.f82f.8eee Static Remote ----
101 11.11.11.201 0000.4444.1010 Static Remote ----
Total number of entries are 6
VTEP4#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out
Retries-Left
_______________________________________________________________________________________
_____________
201 2121::1 3c2c.991a.da7a Static Local ----
101 1111::1 04f8.f82f.8eee Static Remote ----
Total number of entries are 2
VTEP4#show ipv4 route vrf L3VRF1
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "L3VRF1"

B 5.5.5.5/32 [0/0] is directly connected, tunvxlan1000, 00:01:03
B 11.11.11.0/24 [200/0] via 5.5.5.5 (recursive is directly connected,
tunvxlan1000), 00:01:03
C 21.21.21.0/24 is directly connected, irb2001, 00:03:31
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:15:13

Gateway of last resort is not set

IP Route Table for VRF "L3VRF1"

C ::1/128 via ::, lo.L3VRF1, 00:15:18
B ::ffff:505:505/128 [0/0] via ::, tunvxlan1000, 00:01:08
B 1111::/64 [200/0] via ::ffff:505:505 (recursive via ::, unknown), 00:01:08
C 2121::/64 via ::, irb2001, 00:03:36
C fe80::/64 via ::, irb2001, 00:03:36
VTEP4#show nvo vxlan l3vni-map
L3VNI L2VNI IRB-interface
===================================

© 2024 IP Infusion Inc. Proprietary 361

VXLAN-EVPN with IRB QoS

1000 201 irb2001

VTEP4#show interface xe3 counter queue-stats

E - Egress, I - Ingress, Q-Size is in bytes
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
| Queue/Class-map | Q-Size | Tx pkts | Tx bytes | Dropped pkts |
Dropped bytes |
+--------------------+--------+-----------------+-------------------+-----------------
+-------------------+
q0 (E) 12517376 0 0 0 0
q1 (E) 12517376 0 0 0 0
q2 (E) 12517376 0 0 0 0
q3 (E) 12517376 0 0 0 0
q4 (E) 12517376 0 0 0 0
q5 (E) 12517376 0 0 0 0
q6 (E) 12517376 2219303 3209162748 0 0
q7 (E) 12517376 0 0 0 0

VTEP4#show qos-profile QUEUE_COS

profile name: QUEUE_COS
profile type: queue-color-to-cos
profile attached to 1 instances
configured mapping:
queue 6 color all cos 2
Detailed mapping:
----------------+-------- | ----------------+-------- | ----------------+--------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT | OUTPUT
----------------+-------- | ----------------+-------- | ----------------+--------
Queue | Color | COS | Queue | Color | COS | Queue | Color | COS
-------+--------+-------- | -------+--------+-------- | -------+--------+--------
0 green 0 | 0 yellow 0 | 0 red 0
1 green 1 | 1 yellow 1 | 1 red 1
2 green 2 | 2 yellow 2 | 2 red 2
3 green 3 | 3 yellow 3 | 3 red 3
4 green 4 | 4 yellow 4 | 4 red 4
5 green 5 | 5 yellow 5 | 5 red 5
6 green 2 | 6 yellow 2 | 6 red 2
7 green 7 | 7 yellow 7 | 7 red 7

VTEP4#show qos-profile DSCP_QUEUE

profile name: DSCP_QUEUE
profile type: dscp-to-queue
profile attached to 1 instances
configured mapping:
dscp 56 queue 6
Detailed mapping:
-------+--------------------------- | -------+--------------------------- | -------+--
------------------------- | -------+---------------------------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT |
OUTPUT | INPUT | OUTPUT

© 2024 IP Infusion Inc. Proprietary 362

VXLAN-EVPN with IRB QoS

-------+--------------------------- | -------+--------------------------- | -------+--

------------------------- | -------+---------------------------
DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP |
Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP
-------+-------+--------+---------- | -------+-------+--------+---------- | -------+--
-----+--------+---------- | -------+-------+--------+----------
0 0 green 0 | 16 2 green 16 | 32 4
green 32 | 48 6 green 48
1 0 green 1 | 17 2 green 17 | 33 4
green 33 | 49 6 green 49
2 0 green 2 | 18 2 green 18 | 34 4
green 34 | 50 6 green 50
3 0 green 3 | 19 2 green 19 | 35 4
green 35 | 51 6 green 51
4 0 green 4 | 20 2 yellow 20 | 36 4
yellow 36 | 52 6 green 52
5 0 green 5 | 21 2 green 21 | 37 4
green 37 | 53 6 green 53
6 0 green 6 | 22 2 yellow 22 | 38 4
yellow 38 | 54 6 green 54
7 0 green 7 | 23 2 green 23 | 39 4
green 39 | 55 6 green 55
8 1 green 8 | 24 3 green 24 | 40 5
green 40 | 56 6 green 56
9 1 green 9 | 25 3 green 25 | 41 5
green 41 | 57 7 green 57
10 1 green 10 | 26 3 green 26 | 42 5
green 42 | 58 7 green 58
11 1 green 11 | 27 3 green 27 | 43 5
green 43 | 59 7 green 59
12 1 yellow 12 | 28 3 yellow 28 | 44 5
green 44 | 60 7 green 60
13 1 green 13 | 29 3 green 29 | 45 5
green 45 | 61 7 green 61
14 1 yellow 14 | 30 3 yellow 30 | 46 5
green 46 | 62 7 green 62
15 1 green 15 | 31 3 green 31 | 47 5
green 47 | 63 7 green 63

VTEP4#show qos-profile interface irb2001

profile name: default
profile type: dscp-to-queue (Ingress)
mapping:
-------+--------------------------- | -------+--------------------------- | -------+--
------------------------- | -------+---------------------------
INPUT | OUTPUT | INPUT | OUTPUT | INPUT |
OUTPUT | INPUT | OUTPUT
-------+--------------------------- | -------+--------------------------- | -------+--
------------------------- | -------+---------------------------
DSCP | Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP | DSCP |
Queue | Color | Out DSCP | DSCP | Queue | Color | Out DSCP
-------+-------+--------+---------- | -------+-------+--------+---------- | -------+--
-----+--------+---------- | -------+-------+--------+----------
0 0 green 0 | 16 2 green 16 | 32 4
green 32 | 48 6 green 48

© 2024 IP Infusion Inc. Proprietary 363

VXLAN-EVPN with IRB QoS

© 2024 IP Infusion Inc. Proprietary 364

Single Home VxLAN IRB with OSPF or ISIS

CHAPTER 7 Single Home VxLAN IRB with OSPF or ISIS

Overview
Single Home Virtual Extensible LAN (VxLAN) with Integrated Routing (IRB) using Open Shortest Path First (OSPF)
and Intermediate System to Intermediate System (ISIS) protocols provides the solution for connecting and managing
virtual networks within a data center or network infrastructure.
This feature offers a solution for networks where the interconnection of VLANs is required. These protocols can be
configured on IRB interfaces within layer 3 switches or routers. This configuration enables dynamic routing, facilitating
the exchange of routing information with other devices in the network. By assigning IP addresses to the IRB interfaces,
they serve as the default gateways for devices within the respective VLANs.
Both OSPF and ISIS routing updates are dynamically exchanged over IRB interfaces, ensuring up-to-date routing
tables and optimized traffic routing across different VLANs and networks.
This feature offers flexibility in configuring network topologies, and ensures compatibility and interoperability within
diverse network environments.

Feature Characteristics
The OSPF and ISIS support over the IRB Interface feature has the following characteristics:
• Enables the control of Receive (RX)/ Transmit (TX) of OSPF and ISIS packets on IRB interfaces, providing
effective management of IRB interfaces interactions with OSPF and ISIS for optimized network communication
and routing.
• IRB interfaces process configured MTU size packets.
• Maintains consistency in CLI commands with SVI interfaces for OSPF and ISIS configurations, simplifying
network management tasks.

Benefits
The OSPF and ISIS support over the IRB Interface has the following benefits:
• Enables seamless inter-subnet communication across different VNIDs and subnets within the same customer
network.
• Promotes seamless connectivity between devices, irrespective of whether they are connected through IRB or
SVI interfaces, and simplifies network management.
• The network gains greater adaptability to various scenarios and evolving requirements, offering greater
versatility in its operations.

Prerequisites
• Router must be up and running.
• Maintain synchronization with VRF changes by performing IRB shut/no shut actions when specific events
occur within the IPVRF. These events may involve adding or removing Route Targets (RTs), updating Route
Distinguishers (RDs), or modifying Layer 3 Virtual Network Identifiers (L3VNIs).

© 2024 IP Infusion Inc. Proprietary 365

Single Home VxLAN IRB with OSPF or ISIS

Topology for OSPF

The network topology includes various network elements such as routers, customer edge (CE) devices, Service
Aggregator (SA) devices, and Provider Edge (PE) routers. The feature enables OSPF on the IRB interfaces, allowing
for efficient routing and communication between network devices within the topology.

Single Home VxLAN IRB with OSPF

Configuration
Perform the following configurations to set up different interfaces, routing protocols, and BGP parameters to enable
VXLAN, IRB, and EVPN functionality in the network.

Configure OSPF
PE1

PEI(Config)# terminal Enters the configuration mode.

PE1(config)#interface sa1 Configure the sa1 interface as a network interface.
PE1(config-if)# ip address 10.1.1.1/24 Assigns an IP address to the sa1 interface with a subnet mask
of /24.
PE1(config-if)# ip ospf cost 10 Configures the OSPF cost for the sa1 interface, setting it to
10.
PE1(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the sa1
interface.
PE1(config)#interface xe1 Enters the interface xe1 mode.
PE1(config-if)# static-channel-group 1 Assigns the static channel group 1 to the xe1 interface.
PE1(config-irb-if)#interface lo Configures the loopback (lo) interface.
PE1(config-if)# ip address 1.1.1.1/32 Assigns the primary IP address 1.1.1.1/32 to the loopback
secondary interface and specifies it as secondary.

© 2024 IP Infusion Inc. Proprietary 366

Single Home VxLAN IRB with OSPF or ISIS

PE1(config)#router ospf 1 Enters the OSPF configuration mode for OSPF process 1.
PE1(config-router)# ospf router-id 1.1.1.1 Sets the OSPF router ID to 1.1.1.1 for OSPF process 1.
PE1(config-router)# network 1.1.1.1/32 area Advertises the network 1.1.1.1/32 into OSPF area 0.0.0.0.
0.0.0.0
PE1(config-router)# network 10.1.1.0/24 area Advertises the network 10.1.1.0/24 into OSPF area 0.0.0.0.
0.0.0.0
PE1(config)#nvo vxlan enable Enables the VXLAN feature on the device.
PE1(config)#nvo vxlan irb Enables VXLAN IRB functionality.
PE1(config-vrf)#mac vrf L2VRF1 Configures a MAC VRF named L2VRF1.
PE1(config-vrf)# rd 1.1.1.1:11 Sets the Route Distinguisher (RD) to 1.1.1.1:11 for the VRF.
PE1(config-vrf)# route-target both Configures both import and export route targets for the VRF.
9.9.9.9:100
PE1(config-vrf)#ip vrf L3VRF1 Configures an IP VRF named L3VRF1.
PE1(config-vrf)# rd 51000:11 Sets the RD value to 51000:11 for the L3VRF1.
PE1(config-vrf)# route-target both 100:100 Configures both import and export route targets for L3VRF1.
PE1(config-vrf)# l3vni 1000 Configures the L3 Virtual Network Identifier (L3VNI) with the
value 1000.
PE1(config)#interface irb1001 Configures the IRB interface for L3VRF1.
PE1(config-irb-if)# ip vrf forwarding L3VRF1 Assigns the L3VRF1 to the IRB interface.
PE1(config-irb-if)# ip address 11.11.11.1/24 Assigns an IP address 11.11.11.1/24 to the IRB interface.
PE1(config-irb)#interface irb2001 Configures the IRB interface for IPv6 in L3VRF1.
PE1(config-irb-if)# ip vrf forwarding L3VRF1 Assigns the L3VRF1 to the IPv6 IRB interface.
PE1(config-irb-if)# ipv6 address 2001::1/64 Assigns an IP address 11.11.11.1/24 to the IRB interface.
PE1(config-irb-if)#mtu 9000 Sets the Maximum Transmission Unit (MTU) for this IRB
interface to 9000 bytes.
PE1(config-router)#router ospf 2 L3VRF1 Configures OSPF on the L3VRF1.
PE1(config-router)# network 11.11.11.0/24 Advertises the network 11.11.11.0/24 into OSPF area 0.0.0.0.
area 0.0.0.0
PE1(config-router)#router ipv6 vrf ospf Configures OSPFv3 on the L3VRF1.
L3VRF1
PE1(config-router)# router-id 1.1.1.1 Configures the router ID as 1.1.1.1.
PE1(config-irb)#interface irb2001 Configures the IPv6 IRB interface.
PE1(config-irb-if)# ipv6 router ospf area Attaches the OSPFv3 instance ID to the IPv6 IRB interface.
0.0.0.0 tag L3VRF1 instance-id 0
PE1(config)#nvo vxlan vtep-ip-global 1.1.1.1 Configures the global VTEP IP address as 1.1.1.1.
PE1(config)#nvo vxlan id 101 ingress- Configures the VXLAN ID as 101 for ingress replication.
replication
PE1(config-nvo)# vxlan host-reachability- Maps the EVPN-BGP host reachability protocol to L2VRF1.
protocol evpn-bgp L2VRF1
PE1(config-nvo)# evpn irb1001 Maps the IRB interface 1001 to EVPN.
PE1(config-nvo)# vni-name VNI-101 Configures the VNI name as VNI-101.
PE1(config)#nvo vxlan id 2001 ingress- Configures the VXLAN ID as 2001 for ingress replication.
replication
PE1(config-nvo)# vxlan host-reachability- Maps the EVPN-BGP host reachability protocol to L2VRF1.
protocol evpn-bgp L2VRF1

© 2024 IP Infusion Inc. Proprietary 367

Single Home VxLAN IRB with OSPF or ISIS

PE1(config-nvo)# evpn irb2001 Maps the IPv6 IRB interface to EVPN.

PE1(config)#interface xe2 Configures the xe2 interface.
PE1(config-if)# switchport Configures the port as a Layer 2 (L2) switchport.
PE1(config-if)# load-interval 30 Configures the load-interval of 30 minutes for monitoring
traffic on the xe2 interface.
PE1(config)#nvo vxlan access-if port-vlan Configures a VxLAN network virtualization overlay (NVO) on
xe2 100 the interface xe2 with VLAN ID 100
PE1(config-nvo-acc-if)# map vnid 101 Maps VLAN 100 to the VxLAN Network Identifier (VNID) 101.
PE1(config-nvo-acc-if)#nvo vxlan access-if Configures another VxLAN NVO on the same interface xe2,
port-vlan xe2 2001 but this time with VLAN ID 2001
PE1(config-nvo-acc-if)# map vnid 2001 Maps VLAN 2001 to a different VxLAN VNID.
PE1(config-router)#router bgp 100 Configures the BGP process with AS number 100.
PE1(config-router)# bgp router-id 1.1.1.1 Assigns the router ID as 1.1.1.1 for the BGP instance.
PE1(config-router)# neighbor 4.4.4.4 remote- Configures neighbor 4.4.4.4 with a remote AS number of 100.
as 100
PE1(config-router)# neighbor 4.4.4.4 update- Configures the update source for neighbor 4.4.4.4 to be the
source lo loopback interface.
PE1(config-router)# neighbor 4.4.4.4 Configures the advertisement interval for neighbor 4.4.4.4 as
advertisement-interval 0 0.
PE1(config-router)# address-family l2vpn Configures the address-family for L2VPN EVPN.
evpn
PE1(config-router-af)# neighbor 4.4.4.4 Activates the neighbor for the L2VPN EVPN address-family.
activate
PE1(config-router-af)# exit-address-family Exits from the address family configuration.
PE1(config-router)# address-family ipv4 vrf Configures the IPv4 address-family for VRF L3VRF1.
L3VRF1
PE1(config-router-af)# redistribute Configures the redistribution of connected routes within the
connected IPv4 address-family.
PE1(config-router-af)# exit-address-family Exits the IPv4 address-family configuration.
PE1(config-router)# address-family ipv6 vrf Configures the IPv6 address-family for VRF L3VRF1.
L3VRF1
PE1(config-router-af)# redistribute Configures the redistribution of connected routes within the
connected IPv6 address-family.
PE1(config-router-af)# exit-address-family Exits the IPv6 address-family configuration.

PE5

PE5#configure terminal Enters the configuration mode

PE5(config)#interface sa1 Configure the sa1 interface as a network interface.
PE5(config-if)# ip address 10.1.1.1/24 Assigns an IP address to the sa1 interface with a subnet mask
of /24.
PE5(config-if)# ip ospf cost 10 Configures the OSPF cost for the sa1 interface, setting it to
10.
PE5(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the sa1
interface.
PE5(config)#interface xe1 Configure network interface towards PE6.
PE5(config-if)# static-channel-group 1 Assigns the static channel group 1 to the xe1 interface.

© 2024 IP Infusion Inc. Proprietary 368

Single Home VxLAN IRB with OSPF or ISIS

PE5(config)#interface xe5 configures the xe5 interface.

PE5(config-if)#ip address 30.1.1.1/24 Assigns the primary IP address 1.1.1.1/32 to the loopback
interface and specifies it as secondary.
PE5(config)#ip ospf cost 10 Configures the OSPF cost for the xe5 interface, setting it to
10.
PE5(config-router)# ospf router-id 1.1.1.1 Assigns an IP address (30.1.1.1) to the xe5 interface with a
subnet mask of /24.
PE5(config)#load-interval 30 Configures the load-interval for monitoring traffic on the xe5
interface.
PE5(config)#router ospf 1 Enters the OSPF configuration mode for OSPF process 1.
PE5(config-router)# network 30.1.1.0/24 area Advertises the network 30.1.1.0/24 into OSPF area 0.0.0.0.
0.0.0.0
PE5(config-router)# network 10.1.1.0/24 area Advertises the network 10.1.1.0/24 into OSPF area 0.0.0.0.
0.0.0.0

PE3

PE3#configure terminal Enters the configuration mode

PE3(config)#interface ce30 Configure the ce30 interface as a network interface.
PE3(config-if)# ip address 40.1.1.2/24 Assigns an IP address to the ce30 interface with a subnet
mask of /24.
PE3(config-if)# ip ospf cost 10 Configures the OSPF cost for the sa1 interface, setting it to 10.
PE3(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the sa1
interface.
PE3(config)#interface lo Configure the loopback interface.
PE3(config-if)#ip address 4.4.4.4/32 Assign an secondary IP to an loopback interface.
secondary
PE3(config)#ip ospf cost 10 Configures the OSPF cost for the xe7interface, setting it to
10.
PE3(config)#load-interval 30 Configures the load-interval for monitoring traffic on the xe5
interface.
PE3(config)#router ospf 1 Enters the OSPF configuration mode for OSPF process 1.
PE3(config-router)# ospf router-id 4.4.4.4 Configures the router id to an ospf instance.

PE3(config-router)# network 4.4.4.4/32 area Advertises the loopback address.

0.0.0.0
PE3(config-router)# network 40.1.1.0/24 area Advertises the network interface IP address.
0.0.0.0
PE3(config)#nvo vxlan enable Enables VXLAN on the device, allowing it to participate in
VXLAN networks.
PE3(config)#nvo vxlan irb Enables VXLAN IRB functionality, that allows routing between
VXLAN and non-VXLAN networks.
PE3(config-vrf)#mac vrf L2VRF1 Configures a L2 MAC VRF instance named L2VRF1, which is
a logical network segment for L2 traffic isolation.
PE3(config-vrf)# rd 4.4.4.4:11 Configures a RD for the L2VRF1, with the value 4.4.4.4:11.
PE3(config-vrf)# route-target both Configures a route target for the VRF.
9.9.9.9:100

© 2024 IP Infusion Inc. Proprietary 369

Single Home VxLAN IRB with OSPF or ISIS

PE3(config-vrf)#ip vrf L3VRF1 Configures a L3 VRF named L3VRF1.

PE3(config-vrf)# rd 56000:11 Configures a RD for the L3VRF1, with the value 56000:11.
PE3(config-vrf)# route-target both 100:100 Configures a route target for the VRF.

PE3(config-vrf)# l3vni 1000 Configures a L3VNI with the ID 1000 for the VRF.
PE3(config)#interface irb1001 Configures the IRB interface with the ID 1001.
PE3(config-irb-if)# ip vrf forwarding L3VRF1 Associates the IRB interface with the L3VRF1, ensuring that
traffic from this interface is isolated within that VRF.
PE3(config-irb-if)# ip address 12.12.12.1/24 Assigns an IP address 12.12.12.1 with a subnet mask of /24 to
the IRB interface, enabling it for L3 routing.
PE3(config-irb-if)# mtu 1500 Configures the MTU for the interface irb1001 to 1500 bytes.
PE3(config)#interface irb2001 Configures another IRB interface with the ID 2001.

PE3(config-irb-if)# ip vrf forwarding L3VRF1 Associates the IRB interface with the L3VRF1.

PE3(config-irb-if)# ipv6 address 2002::1/64 Assigns an IPv6 address 2002::1 with a subnet mask of /64 to
the IRB interface, enabling it for IPv6 routing.
PE3(config-irb-if)# mtu 1500 Configures the MTU for the interface irb2001 to 1500 bytes.
PE3(config-router)#router ospf 2 L3VRF1 Configures the OSPF routing process on OSPF instance 2 for
the L3VRF1.
PE3(config-router)# network 12.12.12.0/24 Advertises the network 12.12.12.0/24 to OSPF area 0.0.0.0.
area 0.0.0.0
PE3(config-router)#router ipv6 vrf ospf Configures the OSPFv3 routing process on OSPFv3 instance
L3VRF1 for the L3VRF1.
PE3(config-router)# router-id 4.4.4.4 Sets the router ID for the OSPF/OSPFv3 instances to 4.4.4.4.
PE3(config)#nvo vxlan vtep-ip-global 4.4.4.4 Configures the global VTEP IP address as 4.4.4.4 for VXLAN.

PE3(config)#nvo vxlan id 102 ingress- Configures the VXLAN with VNI ID 102 for ingress replication.
replication
PE3(config-nvo)# vxlan host-reachability- Maps the VXLAN configuration with the EVPN-BGP protocol
protocol evpn-bgp L2VRF1 and associates it with the L2VRF1.
PE3(config-nvo)# evpn irb1001 Maps the IRB interface irb1001 to the VXLAN.
PE3(config-nvo)# vni-name VNI-101 Configures the VNI name as VNI-101.
PE3(config)#nvo vxlan id 2002 ingress- Configures another VXLAN with VNI ID 2002 for ingress repli-
replication cation.
PE3(config-nvo)# vxlan host-reachability- Maps the VXLAN configuration with the EVPN-BGP protocol
protocol evpn-bgp L2VRF1 and associates it with the L2VRF1.
PE3(config-nvo)# evpn irb2001 Maps the IPv6 IRB interface irb2001 to the VXLAN.
PE3(config)#interface sa4 Configures interface sa4.
PE3(config-if)# switchport Configures the interface as a switchport.
PE3(config-if)# load-interval 30 Sets the load interval for the interface to 30 seconds.
PE3(config-if)# mtu 1500 Configures the MTU for the interface to 1500 bytes.
PE3(config)#interface xe1 Configures interface xe1.
PE3(config-if)# static-channel-group 4 Assigns a static channel group to interface xe1.
PE3(config)#nvo vxlan access-if port-vlan Configures a VxLAN nNVO on the interface xe2 with VLAN ID
sa4 100 100

© 2024 IP Infusion Inc. Proprietary 370

Single Home VxLAN IRB with OSPF or ISIS

PE3(config-nvo-acc-if)# map vnid 101 Maps VLAN 100 to the VxLAN VNID 101.
PE3(config-nvo-acc-if)#nvo vxlan access-if Configures another VxLAN NVO on the same interface xe2.
port-vlan sa4 2001
PE3(config-nvo-acc-if)# map vnid 2001 Maps VLAN 2001 to a different VxLAN VNID, in this case,
VNID 2001.
PE3(config-router)#router bgp 100 Configures the BGP with AS number 100.
PE3(config-router)# bgp router-id 4.4.4.4 Sets the BGP router ID to 4.4.4.4.

PE3(config-router)# neighbor 1.1.1.1 remote- Configures a BGP neighbor with the remote AS number 100
as 100 and the IP address 1.1.1.1.
PE3(config-router)# neighbor 1.1.1.1 update- Specifies the BGP neighbor to use the loopback interface as
source lo the source for updates.
PE3(config-router)# neighbor 1.1.1.1 Configures the advertisement interval for BGP neighbor
advertisement-interval 0 updates.
PE3(config-router)# address-family l2vpn Configures the BGP address family for Layer 2 VPN EVPN.
evpn
PE3(config-router-af)# neighbor 1.1.1.1 Activates the BGP neighbor for the specified address family.
activate
PE3(config-router-af)# exit-address-family Exits the BGP address family configuration.

PE3(config-router)# address-family ipv4 vrf Configures the BGP address family for IPv4 within VRF
L3VRF1 L3VRF1.
PE3(config-router-af)# redistribute Configures BGP to redistribute connected routes into the BGP
connected process.
PE3(config-router-af)# exit-address-family Exits the BGP address family configuration for IPv4.

PE3(config-router)# address-family ipv6 vrf Configures the BGP address family for IPv6 within VRF
L3VRF1 L3VRF1.
PE3(config-router-af)# redistribute Configures BGP to redistribute connected routes into the BGP
connected process.
PE3(config-router-af)# exit-address-family Exits the BGP address family configuration for IPv6.

PE6

PE6#configure terminal Enters the configuration mode.

PE6(config)#interface ce2 Configure the ce2 interface as a network interface.
PE6(config-if)# ip address 10.1.1.1/24 Assigns an IP address to the sa1 interface with a subnet mask
of /24.
PE6(config-if)# ip ospf cost 10 Configures the OSPF cost for the sa1 interface, setting it to
10.
PE6(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the sa1
interface.
PE6(config)#interface xe7 Configure network interface towards PE5.
PE6(config-if)# static-channel-group 1 Assigns the static channel group 1 to the xe1 interface.
PE6(config-if)#ip address 30.1.1.1/24 Assign IP address to network interface.
PE6(config)#ip ospf cost 10 Configures the OSPF cost for the xe7interface, setting it to
10.

© 2024 IP Infusion Inc. Proprietary 371

Single Home VxLAN IRB with OSPF or ISIS

PE6(config)#load-interval 30 Configures the load-interval for monitoring traffic on the xe5

interface.
PE6(config)#router ospf 1 Enters the OSPF configuration mode for OSPF process 1.
PE6(config-router)# network 30.1.1.0/24 area Advertises the network 30.1.1.0/24 into OSPF area 0.0.0.0.
0.0.0.0
PE6(config-router)# network 40.1.1.0/24 area Advertises the network 40.1.1.0/24 into OSPF area 0.0.0.0.
0.0.0.0

Topology for ISIS

The network topology includes various network elements such as routers, customer edge (CE) devices, Service
Aggregator (SA) devices, and Provider Edge (PE) routers. The feature enables OSPF and ISIS support on the IRB
interfaces, allowing for efficient routing and communication between network devices within the topology.

Single Home VxLAN IRB with ISIS

Configure ISIS
PE2

PE2(config-if)# interface po1 Enters configuration mode for po 1.

PE2(config-if)# ip address 20.1.1.1/24 Assigns the IP address 20.1.1.1 with a subnet mask of
255.255.255.0 to the interface.
PE2(config-if)#ip router isis 1 Enables ISIS routing protocol on the interface with process ID
1.
PE2(config-if)#load-interval 30 Sets the interval for which interface statistics are collected to
30 seconds.
PE2(config)#nvo vxlan enable Enables the VXLAN feature on the device.
PE2(config)#nvo vxlan irb Enables VXLAN IRB functionality.
PE2(config-vrf)#mac vrf L2VRF2 Enters the configuration mode for a MAC VRF named
L2VRF2.

© 2024 IP Infusion Inc. Proprietary 372

Single Home VxLAN IRB with OSPF or ISIS

PE2(config-vrf)# rd 2.2.2.2:11 Sets the route distinguisher (RD) for the VRF to 2.2.2.2:11.
PE2(config-vrf)#route-target both Specifies import and export route targets for the VRF.
10.10.10.10:100
PE2(config-vrf)#ip vrf L3VRF2 Enters the configuration mode for an IP VRF named L3VRF2.
PE2(config-vrf)#rd 61000:11 Sets the RD for the IP VRF to 61000:11
PE2(config-vrf)# route-target both 101:101 Specifies import and export route targets for the IP VRF.
PE2(config-vrf)# l3vni 2000 Configures the Layer 3 VNI (Virtual Network Identifier) for the
IP VRF.
PE2(config)#interface irb2001 Enters the configuration mode for interface IRB2001.
PE2(config-irb-if)# ip vrf forwarding L3VRF2 Associates the interface with the IP VRF L3VRF2.
PE2(config-irb-if)# ip address 13.13.13.1/24 Configures an IP address with a subnet mask of /24 on
IRB2001.
PE2(config-irb-if)#mtu 9000 Sets the Maximum Transmission Unit (MTU) for the interface
to 9000 bytes.
PE2(config-irb-if)#ip router isis 2 Associates the interface with ISIS routing process 2.
PE2(config-irb)#interface irb3001 Enters the configuration mode for interface IRB3001.
PE2(config-irb-if)# ip vrf forwarding L3VRF2 Associates the interface with the IP VRF L3VRF2.
PE2(config-irb-if)# ipv6 address 3001::1/64 Configures an IPv6 address on IRB3001 with the specified
prefix length.
PE2(config-irb-if)#mtu 9000 Sets the MTU for the interface to 9000 bytes.
PE2(config-irb)#ipv6 router isis 3 Associates the interface with IPv6 ISIS routing process 3.
PE2(config)#router isis 2 L3VRF2 Enters the configuration mode for ISIS routing process 2
within VRF L3VRF2.
PE2(config-router)#is-type level-1-2 Specifies the ISIS level type as level-1-2.
PE2(config-router)#metric-style wide Configures a wide metric style for ISIS.
PE2(config-router)# dynamic-hostname Enables dynamic hostname assignment for the ISIS router.
PE2(config-router)# bfd all-interfaces Enables Bidirectional Forwarding Detection (BFD) on all
interfaces within ISIS.
PE2(config-router)#net 49.0000.0000.0221.00 Configures the network entity title (NET) for the ISIS process.
PE2(config)#router isis 3 L3VRF2 Enters the configuration mode for ISIS routing process 3
within VRF L3VRF2.
PE2(config-router)#is-type level-1-2 Specifies the ISIS level type as level-1-2.
PE2(config-router)# metric-style wide Configures a wide metric style for ISIS.
PE2(config-router)# dynamic-hostname Enables dynamic hostname assignment for the ISIS router.
PE2(config-router)#bfd all-interfaces Enables BFD on all interfaces within ISIS.
PE2(config-router)# net 49.0000.0000.0222.00 Configures the network entity title (NET) for ISIS routing with
the specified value.
PE2(config)#nvo vxlan vtep-ip-global 2.2.2.2 Configures the global VxLAN VTEP IP address to 2.2.2.2.
PE2(config)#nvo vxlan id 201 ingress- Configures a VxLAN with VNI 201 and specifies ingress-
replication replication for multicast traffic handling.
PE2(config-nvo)# vxlan host-reachability- Specifies the EVPN-BGP host-reachability-protocol for the
protocol evpn-bgp L2VRF2 VxLAN with the VRF L2VRF2
PE2(config-nvo)# evpn irb2001 Enables EVPN IRB (Integrated Routing and Bridging) for
VxLAN interface IRB2001.
PE2(config-nvo)# vni-name VNI-201 Assigns a name VNI-201 to the VxLAN VNI 201.

© 2024 IP Infusion Inc. Proprietary 373

Single Home VxLAN IRB with OSPF or ISIS

PE2(config)#nvo vxlan id 3001 ingress- Configures another VxLAN with VNI 3001 and specifies
replication ingress-replicationr for multicast traffic handling.
PE2(config-nvo)# vxlan host-reachability- Specifies the EVPN-BGP host-reachability-protocol for the
protocol evpn-bgp L2VRF2 VxLAN with the VRF L2VRF2.
PE2(config-nvo)# evpn irb3001 Enables EVPN IRB for VxLAN interface IRB3001.
PE2(config-if)#interface xe11 Enters the configuration mode for the interface 11.
PE2(config-if)#switchport Configures the interface as a Layer 2 switchport.
PE2(config-if)#load-interval 30 Sets the interval for which interface statistics are collected to
30 seconds.
PE2(config)#nvo vxlan access-if port-vlan Configures a VxLAN network virtualization overlay (NVO) on
xe11 100 the interface xe2 with VLAN ID 100
PE2(config-nvo-acc-if)# map vnid 101 Maps VLAN 100 to the VxLAN Network Identifier (VNID) 101.
PE2(config-nvo-acc-if)#nvo vxlan access-if Configures another VxLAN NVO on the same interface xe2,
port-vlan xe11 2001 but this time with VLAN ID 2001
PE2(config-nvo-acc-if)# map vnid 101 Maps VLAN 100 to the VxLAN Network Identifier (VNID) 101.
PE2(config-nvo-acc-if)#nvo vxlan access-if Configures another VxLAN NVO on the same interface xe2,
port-vlan xe11 2001 but this time with VLAN ID 2001
PE2(config-nvo-acc-if)# map vnid 2001 Maps VLAN 2001 to a different VxLAN VNID.
PE2(config-if)#router isis 1 Starts the ISIS routing process with process ID 1.
PE2(config-if)#is-type level-1-2 Specifies that the router participates in both Level 1 and Level
2 routing.
PE2(config-if)#metric-style wide Configures the metric style to be wide, enabling more
flexibility in metric calculations.
PE2(config-if)#dynamic-hostname Enables the dynamic hostname feature for ISIS.
PE2(config-if)#bfd all-interfaces Configures Bidirectional Forwarding Detection on all
interfaces.
PE2(config-if)#net 49.0000.0000.0001.00 Specifies the network entity title (NET) for ISIS.

BGP Configuration

PE2(config)#router bgp 100 Starts the BGP routing process with an autonomous system
number (AS) of 100.
PE2(config-router)#bgp router-id 2.2.2.2 Sets the BGP router ID to 2.2.2.2.
PE2(config-router)#neighbor 3.3.3.3 remote- Configures a BGP neighbor with the IP address 3.3.3.3 and
as 100 specifies the remote AS number as 100.
PE2(config-router)#neighbor 3.3.3.3 update- Specifies that loopback interface (lo) is the source for BGP
source lo updates to the neighbor.
PE2(config-router)#neighbor 3.3.3.3 Sets the advertisement interval to 0, which means updates will
advertisement-interval 0 be sent immediately.
PE2(config-router)#address-family ipv4 Enters the configuration mode for the IPv4 unicast address
unicast family within the router configuration.
PE2(config-router-af)#network 2.2.2.2/32 Specifies that network 2.2.2.2 with a /32 subnet mask is part
of the IPv4 unicast address family.
PE2(config-router-af)#neighbor 3.3.3.3 Activates the neighbor with the IP address 3.3.3.3 for the IPv4
activate unicast address family.
PE2(config-router-af)#exit-address-family Exits the configuration mode for the IPv4 unicast address
family.

© 2024 IP Infusion Inc. Proprietary 374

Single Home VxLAN IRB with OSPF or ISIS

PE2(config-router)#address-family l2vpn evpn Enters the configuration mode for the L2VPN EVPN address
family within the router configuration.
PE2(config-router-af)#neighbor 3.3.3.3 Activates the neighbor with the IP address 3.3.3.3 for the
activate L2VPN EVPN address family.
PE2(config-router-af)#exit-address-family Exits the configuration mode for the L2VPN EVPN address
family.
PE2(config-router)#address-family ipv4 vrf Enters the configuration mode for the IPv4 address family
L3VRF2 within the VRF named L3VRF2.
PE2(config-router-af)#redistribute Configures the redistribution of directly connected routes into
connected the IPv4 address family for the specified VRF.
PE2(config-router-af)#exit-address-family Exits the configuration mode for the IPv4 address family within
the VRF L3VRF2.
PE2(config-router-af)#address-family ipv6 Enters the configuration mode for the IPv6 address family
vrf L3VRF2 within the VRF named L3VRF2.
PE2(config-router-af)#redistribute Configures the redistribution of directly connected routes into
connected the IPv6 address family for the specified VRF.
PE2(config-router-af)#exit-address-family Exits the configuration mode for the IPv6 address family within
the VRF L3VRF2.

PE5

PE5(config-if)#interface po1 Enters the configuration mode for po1.

PE5(config-if)#ip address 20.1.1.2/24 Assigns the IP address 20.1.1.2 with a subnet mask of /24 to
this interface.
PE5(config-if)#ip router isis 1 Specifies that ISIS routing process 1 is enabled on this
interface.
PE5(config-if)#load-interval 30 Sets the load interval to 30 seconds for monitoring the
interface.
PE5(config-if)#interface po2 Enters the configuration mode for po2.
PE5(config-if)#ip address 70.1.1.2/24 Assigns the IP address 70.1.1.2 with a subnet mask of /24 to
this interface.
PE5(config-if)#load-interval 30 Sets the load interval to 30 seconds for monitoring the
interface.
PE5(config-if)#interface sa1 Assigns the IP address 10.1.1.2 with a subnet mask of /24 to
this interface.
PE5(config-if)#ip ospf cost 10 Sets the OSPF cost for this interface to 10.
PE5(config-if)#load-interval 30 Sets the load interval to 30 seconds for monitoring the
interface.
PE5(config-if)#interface ce50 Enters the configuration mode for ce50.
PE5(config-if)#ip address 50.1.1.1/24 Assigns the IP address 50.1.1.1 with a subnet mask of /24 to
this interface.
PE5(config-if)#ip router isis 1 Specifies that ISIS routing process 1 is enabled on this
interface.
PE5(config-if)#load-interval 30 Sets the load interval to 30 seconds for monitoring the
interface.
PE5(config-if)#router ospf 1 Enters ISIS configuration mode with process ID 1.
PE5(config-if)#network 10.1.1.0/24 area Specifies that the network 10.1.1.0 with subnet mask
0.0.0.0 255.255.255.0 belongs to OSPF area 0.0.0.0.

© 2024 IP Infusion Inc. Proprietary 375

Single Home VxLAN IRB with OSPF or ISIS

PE5(config-if)#network 30.1.1.0/24 area Specifies another network, 30.1.1.0 with subnet mask
0.0.0.0 255.255.255.0, also belonging to OSPF area 0.0.0.0.
PE5(config-if)#network 70.1.1.0/24 area Specifies a third network, 70.1.1.0 with subnet mask
0.0.0.0 255.255.255.0, in OSPF area 0.0.0.0.
PE5(config-if)#router isis 1 Enters ISIS configuration mode with process ID 1.
PE5(config-if)#is-type level-1-2 Configures this ISIS router to support both Level 1 and Level
2 routing.
PE5(config-if)#metric-style wide Configures ISIS to use the wide metric style, which allows for
greater flexibility in metric values.
PE5(config-if)#dynamic-hostname Allows the hostname to be dynamically generated.
PE5(config-if)#bfd all-interfaces Enables Bidirectional Forwarding Detection on all interfaces.
PE5(config-if)#net 49.0000.0005.0001.00 Sets the NET for this router.
PE5(config-if)#exit Exits from the router mode.

PE 6

PE6#configure terminal Enters the configuration maode.

PE6(config-if)#interface sa2 Enters configuration mode for interface sa2.
PE6(config-if)#ip address 80.1.1.2/24 Assigns the IP address 80.1.1.2 with a subnet mask of
255.255.255.0 to interface sa2.
PE6(config-if)#ip router isis 1 Associates ISIS routing protocol with this interface using
process ID 1.
PE6(config-if)#load-interval 30 Sets the load-interval to 30 seconds.
PE6(config-if)#interface ce1 Enters configuration mode for interface ce1.
PE6(config-if)#ip address 50.1.1.2/24 Assigns the IP address 50.1.1.2 with a subnet mask of
255.255.255.0 to interface ce1.
PE6(config-if)#ip router isis 1 Associates ISIS routing protocol with this interface using
process ID 1.
PE6(config-if)#load-interval 30 Sets the load-interval to 30 seconds.
PE6(config-if)#interface ce2 Enters configuration mode for interface ce2.
PE6(config-if)#speed 40g Sets the interface speed to 40 gigabits per second.
PE6(config-if)#ip address 40.1.1.1/24 Assigns the IP address 40.1.1.1 with a subnet mask of
255.255.255.0 to interface ce2.
PE6(config-if)#ip ospf cost 10 Sets the OSPF cost for this interface to 10.
PE6(config-if)#load-interval 30 Sets the load-interval to 30 seconds.
PE6(config-if)#router ospf 1 Enters ISIS configuration mode with process ID 1.
PE6(config-if)#network 30.1.1.0/24 area Specifies another network, 30.1.1.0 with subnet mask
0.0.0.0 255.255.255.0, also belonging to OSPF area 0.0.0.0.
PE6(config-if)#network 40.1.1.0/24 area Specifies a third network, 40.1.1.0/24 with subnet mask
0.0.0.0 255.255.255.0, in OSPF area 0.0.0.0.
PE6(config-if)#router isis 1 Enters ISIS configuration mode with process ID 1.
PE6(config-if)#is-type level-1-2 Configures this ISIS router to support both Level 1 and Level
2 routing.
PE6(config-if)#metric-style wide Configures ISIS to use the wide metric style, which allows for
greater flexibility in metric values.

© 2024 IP Infusion Inc. Proprietary 376

Single Home VxLAN IRB with OSPF or ISIS

PE6(config-if)#dynamic-hostname Allows the hostname to be dynamically generated.

PE6(config-if)#bfd all-interfaces Enable BFD on all network interfaces.

PE4

PE4#configure terminal Enters the configuration mode.

PE4(config-if)# interface xe5 Enters configuration mode for xe5.
PE4(config-if)# ip address 60.1.1.2/24 Assigns the IP address 60.1.1.2 with a subnet mask of
255.255.255.0 to the interface.
PE4(config-if)#ip router isis 1 Enables ISIS routing protocol on the interface with process ID
1.
PE4(config-if)#load-interval 30 Sets the interval for which interface statistics are collected to
30 seconds.
PE4(config)#nvo vxlan enable Enables the VXLAN feature on the device.
PE4(config)#nvo vxlan irb Enables VXLAN IRB functionality.
PE4(config-vrf)#mac vrf L2VRF2 Configures a VRF instance named L2VRF2 and associates it
with a specific RD
PE4(config-vrf)# rd 3.3.3.3:11 Sets the RD for the L2VRF2 VRF to 3.3.3.3:11.
PE4(config-vrf)#route-target both Associates a route target with the L2VRF2 VRF for VPN route
10.10.10.10:100 distribution.
PE4(config-vrf)#ip vrf L3VRF2 Configures another VRF named L3VRF2.
PE4(config-vrf)#rd 63000:11 Sets the RD for the L3VRF2 VRF to 63000:11.
PE4(config-vrf)# route-target both 101:101 Associates a route target with the L3VRF2 VRF for VPN route
distribution.
PE4(config-vrf)# l3vni 2000 Configures the L3VNI for the L3VRF2 VRF.
PE4(config)#interface irb2001 Configuring an IRB interface with the number 2001.
PE4(config-irb-if)# ip vrf forwarding L3VRF2 Associates the IRB interface with the L3VRF2 VRF.
PE4(config-irb-if)# ip address 14.14.14.1/24 Assigns an IP address to the IRB interface.
PE4(config-irb-if)#mtu 9000 Sets the MTU for the IRB interface.
PE4(config-irb-if)#ip router isis 2 Associates the IRB interface with ISIS routing.
PE4(config-irb)#interface irb3002 Configures another IRB interface with the number 3002.
PE4(config-irb-if)# ip vrf forwarding L3VRF2 Associates the second IRB interface with the "L3VRF2" VRF.
PE4(config-irb-if)# ipv6 address 3002::1/64 Assigns an IPv6 address to the second IRB interface.
PE4(config-irb-if)#mtu 9000 Sets the MTU for the second IRB interface.
PE4(config-irb)#ipv6 router isis 3 Associates the IRB interfaces with IPv6 and ISIS routing.
PE4(config)#router isis 2 L3VRF2 Configures ISIS routing with the VRF L3VRF2.
PE4(config-router)#is-type level-1-2 Sets the ISIS level type to level-1-2.
PE4(config-router)# metric-style wide Configures a wide metric style for ISIS.
PE4(config-router)# dynamic-hostname Enables dynamic hostname assignment for the ISIS router.
PE4(config-router)#bfd all-interfaces Enables BFD on all interfaces within ISIS.
PE4(config-router)# net 49.0000.0000.0441.00 Configures the network entity title (NET) for ISIS routing with
the specified value.
PE4(config)#router isis 3 L3VRF2 Configures ISIS routing with the VRF L3VRF2.
PE4(config-router)#is-type level-1-2 Sets the ISIS level type to level-1-2.

© 2024 IP Infusion Inc. Proprietary 377

Single Home VxLAN IRB with OSPF or ISIS

PE4(config-router)# metric-style wide Configures a wide metric style for ISIS.

PE4(config-router)# dynamic-hostname Enables dynamic hostname assignment for the ISIS router.
PE4(config-router)#bfd all-interfaces Enables BFD on all interfaces within ISIS.
PE4(config-router)# net 49.0000.0000.0442.00 Configures the network entity title (NET) for ISIS routing with
the specified value.
PE4(config)#nvo vxlan vtep-ip-global 3.3.3.3 Configures the global VxLAN VTEP IP address to 3.3.3.3.
PE4(config)#nvo vxlan id 201 ingress- Configures a VxLAN with VNI 201 and specifies ingress-
replication replication for multicast traffic handling.
PE4(config-nvo)# vxlan host-reachability- Specifies the EVPN-BGP host-reachability-protocol for the
protocol evpn-bgp L2VRF2 VxLAN with the VRF L2VRF2
PE4(config-nvo)# evpn irb2001 Enables EVPN IRB (Integrated Routing and Bridging) for
VxLAN interface IRB2001.
PE4(config-nvo)# vni-name VNI-201 Assigns a name VNI-201 to the VxLAN VNI 201.
PE4(config)#nvo vxlan id 3002 ingress- Configures another VxLAN with VNI 3002 and specifies
replication ingress-replicationr for multicast traffic handling.
PE4(config-nvo)# vxlan host-reachability- Specifies the EVPN-BGP host-reachability-protocol for the
protocol evpn-bgp L2VRF2 VxLAN with the VRF L2VRF2.
PE4(config-nvo)# evpn irb3002 Enables EVPN IRB for VxLAN interface IRB3002
PE4(config-if)#interface xe5 Enters the configuration mode for the interface 5.
PE4(config-if)#switchport Configures the interface as a L2 switchport.
PE4(config-if)#load-interval 30 Sets the interval for which interface statistics are collected to
30 seconds.
PE4(config)#nvo vxlan access-if port-vlan Configures a VxLAN network virtualization overlay (NVO) on
xe5 100 the interface xe2 with VLAN ID 100
PE4(config-nvo-acc-if)# map vnid 101 Maps VLAN 100 to the VxLAN Network Identifier (VNID) 101.
PE4(config-nvo-acc-if)#nvo vxlan access-if Configures another VxLAN NVO on the same interface xe2,
port-vlan xe5 2001 but this time with VLAN ID 2001
PE4(config-nvo-acc-if)# map vnid 2001 Maps VLAN 2001 to a different VxLAN VNID.
PE4(config-if)#router isis 1 Starts the ISIS routing process with process ID 1.
PE4(config-if)#is-type level-1-2 Specifies that the router participates in both Level 1 and Level
2 routing.
PE4(config-if)#metric-style wide Configures the metric style to be wide, enabling more
flexibility in metric calculations.
PE4(config-if)#dynamic-hostname Enables the dynamic hostname feature for ISIS.
PE4(config-if)#bfd all-interfaces Configures Bidirectional Forwarding Detection on all
interfaces.
PE4(config-if)#net 49.0000.0003.0001.00 Specifies the network entity title (NET) for ISIS.

BGP Configuration

PE4(config)#router bgp 100 Starts the BGP routing process with an autonomous system
number (AS) of 100.
PE4(config-router)#bgp router-id 3.3.3.3 Sets the BGP router ID to 3.3.3.3
PE4(config-router)#neighbor 2.2.2.2 remote- Configures a BGP neighbor with the IP address 2.2.2.2 and
as 100 specifies the remote AS number as 100.
PE4(config-router)#neighbor 2.2.2.2 update- Specifies that loopback interface (lo) is the source for BGP
source lo updates to the neighbor.

© 2024 IP Infusion Inc. Proprietary 378

Single Home VxLAN IRB with OSPF or ISIS

PE4(config-router)#neighbor 2.2.2.2 Sets the advertisement interval to 0, which means updates will
advertisement-interval 0 be sent immediately.
PE4(config-router)#address-family ipv4 Enters the configuration mode for the IPv4 unicast address
unicast family within the router configuration.
PE4(config-router-af)#network 3.3.3.3/32 Specifies that network 3.3.3.3 with a /32 subnet mask is part
of the IPv4 unicast address family.
PE4(config-router-af)#neighbor 2.2.2.2 Activates the neighbor with the IP address 2.2.2.2 for the IPv4
activate unicast address family.
PE4(config-router-af)#exit-address-family Exits the configuration mode for the IPv4 unicast address
family.
PE4(config-router)#address-family l2vpn evpn Enters the configuration mode for the L2VPN EVPN address
family within the router configuration.
PE4(config-router-af)#neighbor 2.2.2.2 Activates the neighbor with the IP address 2.2.2.2 for the
activate L2VPN EVPN address family.
PE4(config-router-af)#exit-address-family Exits the configuration mode for the L2VPN EVPN address
family.
PE4(config-router)#address-family ipv4 vrf Enters the configuration mode for the IPv4 address family
L3VRF2 within the VRF named L3VRF2.
PE4(config-router-af)#redistribute Configures the redistribution of directly connected routes into
connected the IPv4 address family for the specified VRF.
PE4(config-router-af)#exit-address-family Exits the configuration mode for the IPv4 address family within
the VRF L3VRF2.
PE4(config-router-af)#address-family ipv6 Enters the configuration mode for the IPv6 address family
vrf L3VRF2 within the VRF named L3VRF2.
PE4(config-router-af)#redistribute Configures the redistribution of directly connected routes into
connected the IPv6 address family for the specified VRF.
PE4(config-router-af)#exit-address-family Exits the configuration mode for the IPv6 address family within
the VRF L3VRF2.

Implementation Examples
Scenario: Configure OSPF and ISIS protocols on an IRB interface with an assigned IP address.

New CLI Commands

No CLI commands are introduced.

Validation
OSPF Validation
PE1#show ip ospf neighbor
Total number of full neighbors: 1
OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface
Instance ID
50.1.1.1 1 Full/DR 00:00:38 10.1.1.2 sa1

© 2024 IP Infusion Inc. Proprietary 379

Single Home VxLAN IRB with OSPF or ISIS

Total number of full neighbors: 1

OSPF process 2 VRF(L3VRF1):
Neighbor ID Pri State Dead Time Address Interface
Instance ID
192.0.0.1 0 Full/DROther 00:00:34 11.11.11.2 irb1001
0
PE1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
========================================================================
1.1.1.1 4.4.4.4 Installed 00:15:59 00:15:59

Total number of entries are 2

PE1# show evpn irb-status
IRB is ACTIVE in Hardware
PE1#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
101 11.11.11.1 9819.2ccd.9301 Static Local ----
101 11.11.11.2 0010.9400.0001 Dynamic Local ----
Total number of entries are 2
PE1#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

C 1.1.1.1/32 is directly connected, lo, 00:53:03
O 4.4.4.4/32 [110/31] via 10.1.1.2, sa1, 00:16:29
O 7.7.7.7/32 [110/12] via 10.1.1.2, sa1, 00:44:26
C 10.1.1.0/24 is directly connected, sa1, 00:50:10
O 30.1.1.0/24 [110/20] via 10.1.1.2, sa1, 00:44:22
O 40.1.1.0/24 [110/30] via 10.1.1.2, sa1, 00:17:14
O 70.1.1.0/24 [110/11] via 10.1.1.2, sa1, 00:45:18
C 127.0.0.0/8 is directly connected, lo, 00:53:03
IP Route Table for VRF "management"
C 10.12.98.0/24 is directly connected, eth0, 00:53:03
C 127.0.0.0/8 is directly connected, lo.management, 00:53:03
IP Route Table for VRF "L2VRF1"
IP Route Table for VRF "L3VRF1"
B 4.4.4.4/32 [0/0] is directly connected, tunvxlan2, 00:16:25

© 2024 IP Infusion Inc. Proprietary 380

Single Home VxLAN IRB with OSPF or ISIS

B 7.7.7.7/32 [0/0] is directly connected, tunvxlan2, 00:44:21

C 11.11.11.0/24 is directly connected, irb1001, 00:53:03
B 12.12.12.0/24 [200/0] via 4.4.4.4 (recursive is directly connected,
tunvxlan2), 00:16:26
B 16.16.16.0/24 [200/0] via 7.7.7.7 (recursive is directly connected,
tunvxlan2), 00:44:21
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:53:03

Gateway of last resort is not set

PE1#show bgp l2vpn evpn

BGP table version is 5, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i
- internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer Encap

RD[7100:11]
*>i [5]:[0]:[0]:[24]:[16.16.16.0]:[0.0.0.0]:[1000]
7.7.7.7 0 100 0 i 7.7.7.7 VXLAN
*>i [5]:[0]:[0]:[64]:[7002::]:[::]:[1000]
7.7.7.7 0 100 0 i 7.7.7.7 VXLAN

RD[56000:11]
*>i [5]:[0]:[0]:[24]:[12.12.12.0]:[0.0.0.0]:[1000]
4.4.4.4 0 100 0 ? 4.4.4.4 VXLAN
*>i [5]:[0]:[0]:[64]:[2002::]:[::]:[1000]
4.4.4.4 0 100 0 ? 4.4.4.4 VXLAN

RD[1.1.1.1:11] VRF[L2VRF1]:
*> [2]:[0]:[101]:[48,0010:9400:0001]:[0]:[101]
1.1.1.1 0 100 32768 i --------- VXLAN
*> [2]:[0]:[101]:[48,0010:9400:0001]:[32,11.11.11.2]:[101]
1.1.1.1 0 100 32768 i --------- VXLAN
*> [2]:[0]:[101]:[48,9819:2ccd:9301]:[32,11.11.11.1]:[101]
1.1.1.1 0 100 32768 i --------- VXLAN
* i [2]:[0]:[102]:[48,0010:9400:0002]:[0]:[102]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i [2]:[0]:[102]:[48,0010:9400:0002]:[32,12.12.12.2]:[102]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

© 2024 IP Infusion Inc. Proprietary 381

Single Home VxLAN IRB with OSPF or ISIS

* i [2]:[0]:[102]:[48,5c07:5813:425e]:[32,12.12.12.1]:[102]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*> [2]:[0]:[2001]:[48,0010:9400:0009]:[0]:[2001]
1.1.1.1 0 100 32768 i --------- VXLAN
*> [2]:[0]:[2001]:[48,0010:9400:0009]:[128,2001::2][2001]
1.1.1.1 0 100 32768 i --------- VXLAN
*> [2]:[0]:[2001]:[48,9819:2ccd:9301]:[128,2001::1][2001]
1.1.1.1 0 100 32768 i --------- VXLAN
* i [2]:[0]:[2002]:[48,0010:9400:000a]:[0]:[2002]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i [2]:[0]:[2002]:[48,0010:9400:000a]:[128,2002::2][2002]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i [2]:[0]:[2002]:[48,5c07:5813:425e]:[128,2002::1][2002]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*> [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i --------- VXLAN
* i [3]:[102]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*> [3]:[2001]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i --------- VXLAN
* i [3]:[2002]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

RD[4.4.4.4:11]
*>i [2]:[0]:[102]:[48,0010:9400:0002]:[0]:[102]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [2]:[0]:[102]:[48,0010:9400:0002]:[32,12.12.12.2]:[102]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [2]:[0]:[102]:[48,5c07:5813:425e]:[32,12.12.12.1]:[102]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [2]:[0]:[2002]:[48,0010:9400:000a]:[0]:[2002]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [2]:[0]:[2002]:[48,0010:9400:000a]:[128,2002::2][2002]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [2]:[0]:[2002]:[48,5c07:5813:425e]:[128,2002::1][2002]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [3]:[102]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i [3]:[2002]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

Total number of prefixes 28

PE3#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
========================================================================
4.4.4.4 1.1.1.1 Installed 00:18:19 00:18:19

Total number of entries are 1

© 2024 IP Infusion Inc. Proprietary 382

Single Home VxLAN IRB with OSPF or ISIS

PE3#show ip ospf neighbor

Total number of full neighbors: 1

OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface
Instance ID
40.1.1.2 1 Full/DR 00:00:36 40.1.1.1 ce30
0

Total number of full neighbors: 1

OSPF process 2 VRF(L3VRF1):
Neighbor ID Pri State Dead Time Address Interface
Instance ID
192.0.0.2 0 Full/DROther 00:00:36 12.12.12.2 irb1001
0
PE3#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

O 1.1.1.1/32 [110/31] via 40.1.1.1, ce30, 00:18:35
C 4.4.4.4/32 is directly connected, lo, 00:19:22
O 7.7.7.7/32 [110/22] via 40.1.1.1, ce30, 00:18:35
O 10.1.1.0/24 [110/30] via 40.1.1.1, ce30, 00:18:35
O 30.1.1.0/24 [110/20] via 40.1.1.1, ce30, 00:18:35
C 40.1.1.0/24 is directly connected, ce30, 00:19:21
O 70.1.1.0/24 [110/21] via 40.1.1.1, ce30, 00:18:35
C 127.0.0.0/8 is directly connected, lo, 00:20:05
IP Route Table for VRF "management"
C 10.12.98.0/24 is directly connected, eth0, 00:19:19
C 127.0.0.0/8 is directly connected, lo.management, 00:20:05
IP Route Table for VRF "L3VRF1"
B 1.1.1.1/32 [0/0] is directly connected, tunvxlan2, 00:18:31
B 11.11.11.0/24 [200/0] via 1.1.1.1 (recursive is directly connected,
tunvxlan2), 00:18:32
C 12.12.12.0/24 is directly connected, irb1001, 00:19:28
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:19:29
IP Route Table for VRF "L2VRF1"

Gateway of last resort is not set

PE3# show bgp l2vpn evpn
BGP table version is 4, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i
- internal,

© 2024 IP Infusion Inc. Proprietary 383

Single Home VxLAN IRB with OSPF or ISIS

l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer Encap

RD[51000:11]
*>i [5]:[0]:[0]:[24]:[11.11.11.0]:[0.0.0.0]:[1000]
1.1.1.1 0 100 0 ? 1.1.1.1 VXLAN
*>i [5]:[0]:[0]:[64]:[2001::]:[::]:[1000]
1.1.1.1 0 100 0 ? 1.1.1.1 VXLAN

RD[1.1.1.1:11]
*>i [2]:[0]:[101]:[48,0010:9400:0001]:[0]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[101]:[48,0010:9400:0001]:[32,11.11.11.2]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[101]:[48,9819:2ccd:9301]:[32,11.11.11.1]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[2001]:[48,0010:9400:0009]:[0]:[2001]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[2001]:[48,0010:9400:0009]:[128,2001::2][2001]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [2]:[0]:[2001]:[48,9819:2ccd:9301]:[128,2001::1][2001]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*>i [3]:[2001]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

RD[4.4.4.4:11] VRF[L2VRF1]:
* i [2]:[0]:[101]:[48,0010:9400:0001]:[0]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [2]:[0]:[101]:[48,0010:9400:0001]:[32,11.11.11.2]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [2]:[0]:[101]:[48,9819:2ccd:9301]:[32,11.11.11.1]:[101]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [2]:[0]:[102]:[48,0010:9400:0002]:[0]:[102]
4.4.4.4 0 100 32768 i --------- VXLAN
*> [2]:[0]:[102]:[48,0010:9400:0002]:[32,12.12.12.2]:[102]
4.4.4.4 0 100 32768 i --------- VXLAN
*> [2]:[0]:[102]:[48,5c07:5813:425e]:[32,12.12.12.1]:[102]
4.4.4.4 0 100 32768 i ----------
VXLAN
* i [2]:[0]:[2001]:[48,0010:9400:0009]:[0]:[2001]

© 2024 IP Infusion Inc. Proprietary 384

Single Home VxLAN IRB with OSPF or ISIS

1.1.1.1 0 100 0 i 1.1.1.1 VXLAN

* i [2]:[0]:[2001]:[48,0010:9400:0009]:[128,2001::2][2001]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
* i [2]:[0]:[2001]:[48,9819:2ccd:9301]:[128,2001::1][2001]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [2]:[0]:[2002]:[48,0010:9400:000a]:[0]:[2002]
4.4.4.4 0 100 32768 i --------- VXLAN
*> [2]:[0]:[2002]:[48,0010:9400:000a]:[128,2002::2][2002]
4.4.4.4 0 100 32768 i --------- VXLAN
*> [2]:[0]:[2002]:[48,5c07:5813:425e]:[128,2002::1][2002]
4.4.4.4 0 100 32768 i --------- VXLAN
* i [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [3]:[102]:[32,4.4.4.4]
4.4.4.4 0 100 32768 i --------- VXLAN
* i [3]:[2001]:[32,1.1.1.1]
1.1.1.1 0 100 0 i 1.1.1.1 VXLAN
*> [3]:[2002]:[32,4.4.4.4]
4.4.4.4 0 100 32768 i --------- VXLAN

Total number of prefixes 26

ISIS Validation
PE2#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
========================================================================
2.2.2.2 3.3.3.3 Installed 00:00:10 00:00:10

Total number of entries are 1

PE2#show clns neighbors

Total number of L1 adjacencies: 1

Total number of L2 adjacencies: 1
Total number of adjacencies: 2
Tag 1: VRF : default
System Id Interface SNPA State Holdtime Type Protocol
PE5 po1 b86a.9725.a7f2 Up 28 L1 IS-IS
Up 28 L2 IS-IS

Total number of L1 adjacencies: 0

Total number of L2 adjacencies: 1
Total number of adjacencies: 1
Tag 2: VRF : L3VRF2
System Id Interface SNPA State Holdtime Type Protocol
Spirent-1 irb2001 0010.9400.0003 Up 28 L2 IS-IS

Total number of L1 adjacencies: 0

Total number of L2 adjacencies: 1
Total number of adjacencies: 1

© 2024 IP Infusion Inc. Proprietary 385

Single Home VxLAN IRB with OSPF or ISIS

Tag 3: VRF : L3VRF2

System Id Interface SNPA State Holdtime Type Protocol
Spirent-1 irb3001 0010.9400.000c Up 28 L2 IS-IS
PE2#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

C 2.2.2.2/32 is directly connected, lo, 02:13:57
i L2 3.3.3.3/32 [115/30] via 20.1.1.2, po1, 00:00:32
i L1 7.7.7.7/32 [115/40] via 20.1.1.2, po1, 01:05:49
C 20.1.1.0/24 is directly connected, po1, 02:13:21
i L1 50.1.1.0/24 [115/20] via 20.1.1.2, po1, 01:06:05
i L1 60.1.1.0/24 [115/30] via 20.1.1.2, po1, 00:00:47
i L1 80.1.1.0/24 [115/30] via 20.1.1.2, po1, 01:05:49
C 127.0.0.0/8 is directly connected, lo, 02:13:57
IP Route Table for VRF "management"
C 10.12.98.0/24 is directly connected, eth0, 02:13:57
C 127.0.0.0/8 is directly connected, lo.management, 02:13:57
IP Route Table for VRF "L3VRF2"
B 3.3.3.3/32 [0/0] is directly connected, tunvxlan2, 00:00:28
C 13.13.13.0/24 is directly connected, irb2001, 02:13:57
B 14.14.14.0/24 [200/0] via 3.3.3.3 (recursive is directly connected,
tunvxlan2), 00:00:28
C 127.0.0.0/8 is directly connected, lo.L3VRF2, 02:13:57
IP Route Table for VRF "L2VRF2"

Gateway of last resort is not set

PE2# show bgp l2vpn evpn
BGP table version is 2, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i
- internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer Encap

© 2024 IP Infusion Inc. Proprietary 386

Single Home VxLAN IRB with OSPF or ISIS

RD[63000:11]
*>i [5]:[0]:[0]:[24]:[14.14.14.0]:[0.0.0.0]:[2000]
3.3.3.3 0 100 0 ? 3.3.3.3 VXLAN
*>i [5]:[0]:[0]:[64]:[3002::]:[::]:[2000]
3.3.3.3 0 100 0 ? 3.3.3.3 VXLAN

RD[2.2.2.2:11] VRF[L2VRF2]:
*> [2]:[0]:[201]:[48,0010:9400:0003]:[0]:[201]
2.2.2.2 0 100 32768 i --------- VXLAN
*> [2]:[0]:[201]:[48,0010:9400:0003]:[32,13.13.13.2]:[201]
2.2.2.2 0 100 32768 i --------- VXLAN
* i [2]:[0]:[201]:[48,0010:9400:0005]:[0]:[201]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
* i [2]:[0]:[201]:[48,0010:9400:0005]:[32,14.14.14.2]:[201]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*> [2]:[0]:[201]:[48,e8c5:7a76:581d]:[32,13.13.13.1]:[201]
2.2.2.2 0 100 32768 i --------- VXLAN
* i [2]:[0]:[201]:[48,e8c5:7aa8:7cb3]:[32,14.14.14.1]:[201]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*> [2]:[0]:[3001]:[48,0010:9400:000c]:[0]:[3001]
2.2.2.2 0 100 32768 i --------- VXLAN
*> [2]:[0]:[3001]:[48,0010:9400:000c]:[128,3001::2][3001]
2.2.2.2 0 100 32768 i --------- VXLAN
*> [2]:[0]:[3001]:[48,e8c5:7a76:581d]:[128,3001::1][3001]
2.2.2.2 0 100 32768 i --------- VXLAN
* i [2]:[0]:[3002]:[48,0010:9400:000b]:[0]:[3002]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
* i [2]:[0]:[3002]:[48,0010:9400:000b]:[128,3002::2][3002]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
* i [2]:[0]:[3002]:[48,e8c5:7aa8:7cb3]:[128,3002::1][3002]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*> [3]:[201]:[32,2.2.2.2]
2.2.2.2 0 100 32768 i --------- VXLAN
* i [3]:[201]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*> [3]:[3001]:[32,2.2.2.2]
2.2.2.2 0 100 32768 i --------- VXLAN
* i [3]:[3002]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN

RD[3.3.3.3:11]
*>i [2]:[0]:[201]:[48,0010:9400:0005]:[0]:[201]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*>i [2]:[0]:[201]:[48,0010:9400:0005]:[32,14.14.14.2]:[201]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*>i [2]:[0]:[201]:[48,e8c5:7aa8:7cb3]:[32,14.14.14.1]:[201]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*>i [2]:[0]:[3002]:[48,0010:9400:000b]:[0]:[3002]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*>i [2]:[0]:[3002]:[48,0010:9400:000b]:[128,3002::2][3002]

© 2024 IP Infusion Inc. Proprietary 387

Single Home VxLAN IRB with OSPF or ISIS

3.3.3.3 0 100 0 i 3.3.3.3 VXLAN

*>i [2]:[0]:[3002]:[48,e8c5:7aa8:7cb3]:[128,3002::1][3002]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*>i [3]:[201]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*>i [3]:[3002]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN

Total number of prefixes 26

PE2# show nvo vxlan arp-
arp-cache arp-nd
PE2# show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
201 13.13.13.1 e8c5.7a76.581d Static Local ----
201 13.13.13.2 0010.9400.0003 Dynamic Local ----
201 14.14.14.1 e8c5.7aa8.7cb3 Static Remote ----
201 14.14.14.2 0010.9400.0005 Dynamic Remote ----
Total number of entries are 4
PE2# show evpn irb-status
IRB is ACTIVE in Hardware
PE2#

PE4#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
========================================================================
3.3.3.3 7.7.7.7 Installed 00:01:28 00:01:28
3.3.3.3 2.2.2.2 Installed 00:01:28 00:01:28

Total number of entries are 2

PE4#show clns neighbors

Total number of L1 adjacencies: 1

Total number of L2 adjacencies: 1
Total number of adjacencies: 2
Tag 1: VRF : default
System Id Interface SNPA State Holdtime Type Protocol
PE6 xe5 00e0.4b71.f12c Up 25 L1 IS-IS
Up 25 L2 IS-IS

Total number of L1 adjacencies: 0

Total number of L2 adjacencies: 1
Total number of adjacencies: 1
Tag 2: VRF : L3VRF2
System Id Interface SNPA State Holdtime Type Protocol
Spirent-1 irb2001 0010.9400.0005 Up 28 L2 IS-IS

© 2024 IP Infusion Inc. Proprietary 388

Single Home VxLAN IRB with OSPF or ISIS

Total number of L1 adjacencies: 0

Total number of L2 adjacencies: 1
Total number of adjacencies: 1
Tag 3: VRF : L3VRF2
System Id Interface SNPA State Holdtime Type Protocol
Spirent-1 irb3002 0010.9400.000b Up 28 L2 IS-IS
PE4#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

i L2 2.2.2.2/32 [115/30] via 60.1.1.1, xe5, 00:01:46
C 3.3.3.3/32 is directly connected, lo, 02:09:52
i L1 7.7.7.7/32 [115/30] via 60.1.1.1, xe5, 00:01:46
i L1 20.1.1.0/24 [115/30] via 60.1.1.1, xe5, 00:01:46
i L1 50.1.1.0/24 [115/20] via 60.1.1.1, xe5, 00:01:46
C 60.1.1.0/24 is directly connected, xe5, 00:02:02
i L1 80.1.1.0/24 [115/20] via 60.1.1.1, xe5, 00:01:46
C 127.0.0.0/8 is directly connected, lo, 02:09:52
IP Route Table for VRF "management"
C 10.12.98.0/24 is directly connected, eth0, 02:09:52
C 127.0.0.0/8 is directly connected, lo.management, 02:09:52
IP Route Table for VRF "L3VRF2"
B 2.2.2.2/32 [0/0] is directly connected, tunvxlan2, 00:01:42
B 7.7.7.7/32 [0/0] is directly connected, tunvxlan2, 00:01:42
B 13.13.13.0/24 [200/0] via 2.2.2.2 (recursive is directly connected,
tunvxlan2), 00:01:42
C 14.14.14.0/24 is directly connected, irb2001, 02:09:52
B 17.17.17.0/24 [200/0] via 7.7.7.7 (recursive is directly connected,
tunvxlan2), 00:01:42
C 127.0.0.0/8 is directly connected, lo.L3VRF2, 02:09:52
IP Route Table for VRF "L2VRF2"

Gateway of last resort is not set

PE4# show bgp l2vpn evpn
BGP table version is 3, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, a add-path, * valid, > best, i -
internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route

© 2024 IP Infusion Inc. Proprietary 389

Single Home VxLAN IRB with OSPF or ISIS

4 - Ethernet Segment Route

5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer Encap

RD[7400:11]
*>i [5]:[0]:[0]:[24]:[17.17.17.0]:[0.0.0.0]:[2000]
7.7.7.7 0 100 0 i 7.7.7.7 VXLAN
*>i [5]:[0]:[0]:[64]:[8002::]:[::]:[2000]
7.7.7.7 0 100 0 i 7.7.7.7 VXLAN

RD[61000:11]
*>i [5]:[0]:[0]:[24]:[13.13.13.0]:[0.0.0.0]:[2000]
2.2.2.2 0 100 0 ? 2.2.2.2 VXLAN
*>i [5]:[0]:[0]:[64]:[3001::]:[::]:[2000]
2.2.2.2 0 100 0 ? 2.2.2.2 VXLAN

RD[2.2.2.2:11]
*>i [2]:[0]:[201]:[48,0010:9400:0003]:[0]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [2]:[0]:[201]:[48,0010:9400:0003]:[32,13.13.13.2]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [2]:[0]:[201]:[48,e8c5:7a76:581d]:[32,13.13.13.1]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [2]:[0]:[3001]:[48,0010:9400:000c]:[0]:[3001]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [2]:[0]:[3001]:[48,0010:9400:000c]:[128,3001::2][3001]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [2]:[0]:[3001]:[48,e8c5:7a76:581d]:[128,3001::1][3001]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [3]:[201]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i [3]:[3001]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[3.3.3.3:11] VRF[L2VRF2]:
* i [2]:[0]:[201]:[48,0010:9400:0003]:[0]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[0]:[201]:[48,0010:9400:0003]:[32,13.13.13.2]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[201]:[48,0010:9400:0005]:[0]:[201]
3.3.3.3 0 100 32768 i --------- VXLAN
*> [2]:[0]:[201]:[48,0010:9400:0005]:[32,14.14.14.2]:[201]
3.3.3.3 0 100 32768 i ----------
VXLAN
* i [2]:[0]:[201]:[48,e8c5:7a76:581d]:[32,13.13.13.1]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[201]:[48,e8c5:7aa8:7cb3]:[32,14.14.14.1]:[201]
3.3.3.3 0 100 32768 i ----------
VXLAN
* i [2]:[0]:[3001]:[48,0010:9400:000c]:[0]:[3001]

© 2024 IP Infusion Inc. Proprietary 390

Single Home VxLAN IRB with OSPF or ISIS

2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

* i [2]:[0]:[3001]:[48,0010:9400:000c]:[128,3001::2][3001]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[0]:[3001]:[48,e8c5:7a76:581d]:[128,3001::1][3001]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[3002]:[48,0010:9400:000b]:[0]:[3002]
3.3.3.3 0 100 32768 i --------- VXLAN
*> [2]:[0]:[3002]:[48,0010:9400:000b]:[128,3002::2][3002]
3.3.3.3 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[3002]:[48,e8c5:7aa8:7cb3]:[128,3002::1][3002]
3.3.3.3 0 100 32768 i ---------- VXLAN
* i [3]:[201]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [3]:[201]:[32,3.3.3.3]
3.3.3.3 0 100 32768 i --------- VXLAN
* i [3]:[3001]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [3]:[3002]:[32,3.3.3.3]
3.3.3.3 0 100 32768 i ---------- VXLAN

Total number of prefixes 28

Total number of entries are 1

PE2#show clns neighbors
Total number of L1 adjacencies: 1
Total number of L2 adjacencies: 1
Total number of adjacencies: 2
Tag 1: VRF : default
System Id Interface SNPA State Holdtime Type Protocol
PE5 po1 b86a.9725.a7f2 Up 28 L1 IS-IS
Up 28 L2 IS-IS
Total number of L1 adjacencies: 0
Total number of L2 adjacencies: 1
Total number of adjacencies: 1
Tag 2: VRF : L3VRF2
System Id Interface SNPA State Holdtime Type Protocol
Spirent-1 irb2001 0010.9400.0003 Up 28 L2 IS-IS

Total number of L1 adjacencies: 0

Total number of L2 adjacencies: 1
Total number of adjacencies: 1
Tag 3: VRF : L3VRF2
System Id Interface SNPA State Holdtime Type Protocol

© 2024 IP Infusion Inc. Proprietary 391

Single Home VxLAN IRB with OSPF or ISIS

Spirent-1 irb3001 0010.9400.000c Up 28 L2 IS-IS

PE2#
PE2#
PE2#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

Gateway of last resort is not set

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route
Network Next Hop Metric LocPrf Weight Path
Peer Encap

© 2024 IP Infusion Inc. Proprietary 392

Single Home VxLAN IRB with OSPF or ISIS

RD[63000:11]
*>i [5]:[0]:[0]:[24]:[14.14.14.0]:[0.0.0.0]:[2000]
3.3.3.3 0 100 0 ? 3.3.3.3 VXLAN
*>i [5]:[0]:[0]:[64]:[3002::]:[::]:[2000]
3.3.3.3 0 100 0 ? 3.3.3.3 VXLAN

© 2024 IP Infusion Inc. Proprietary 393

Single Home VxLAN IRB with OSPF or ISIS

3.3.3.3 0 100 0 i 3.3.3.3 VXLAN

Total number of prefixes 26

PE4#show nvo vxlan tunnel

Total number of entries are 2

PE4#show clns neighbors

Total number of L1 adjacencies: 1

Total number of L2 adjacencies: 1
Total number of adjacencies: 2
Tag 1: VRF : default
System Id Interface SNPA State Holdtime Type Protocol
PE6 xe5 00e0.4b71.f12c Up 25 L1 IS-IS
Up 25 L2 IS-IS

Total number of L1 adjacencies: 0

Total number of L2 adjacencies: 1
Total number of adjacencies: 1
Tag 2: VRF : L3VRF2
System Id Interface SNPA State Holdtime Type Protocol
Spirent-1 irb2001 0010.9400.0005 Up 28 L2 IS-IS

© 2024 IP Infusion Inc. Proprietary 394

Single Home VxLAN IRB with OSPF or ISIS

Total number of L1 adjacencies: 0

IP Route Table for VRF "default"

Gateway of last resort is not set

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route

© 2024 IP Infusion Inc. Proprietary 395

Single Home VxLAN IRB with OSPF or ISIS

4 - Ethernet Segment Route

5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer

Encap

RD[7400:11]
*>i [5]:[0]:[0]:[24]:[17.17.17.0]:[0.0.0.0]:[2000]
7.7.7.7 0 100 0 i 7.7.7.7 VXLAN
*>i [5]:[0]:[0]:[64]:[8002::]:[::]:[2000]
7.7.7.7 0 100 0 i 7.7.7.7 VXLAN

RD[61000:11]
*>i [5]:[0]:[0]:[24]:[13.13.13.0]:[0.0.0.0]:[2000]
2.2.2.2 0 100 0 ? 2.2.2.2 VXLAN
*>i [5]:[0]:[0]:[64]:[3001::]:[::]:[2000]
2.2.2.2 0 100 0 ? 2.2.2.2 VXLAN

RD[3.3.3.3:11] VRF[L2VRF2]:
* i [2]:[0]:[201]:[48,0010:9400:0003]:[0]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[0]:[201]:[48,0010:9400:0003]:[32,13.13.13.2]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[201]:[48,0010:9400:0005]:[0]:[201]
3.3.3.3 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[201]:[48,0010:9400:0005]:[32,14.14.14.2]:[201]
3.3.3.3 0 100 32768 i ---------- VXLAN
* i [2]:[0]:[201]:[48,e8c5:7a76:581d]:[32,13.13.13.1]:[201]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[201]:[48,e8c5:7aa8:7cb3]:[32,14.14.14.1]:[201]
3.3.3.3 0 100 32768 i ---------- VXLAN
* i [2]:[0]:[3001]:[48,0010:9400:000c]:[0]:[3001]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

© 2024 IP Infusion Inc. Proprietary 396

Single Home VxLAN IRB with OSPF or ISIS

* i [2]:[0]:[3001]:[48,0010:9400:000c]:[128,3001::2][3001]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i [2]:[0]:[3001]:[48,e8c5:7a76:581d]:[128,3001::1][3001]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[0]:[3002]:[48,0010:9400:000b]:[0]:[3002]
3.3.3.3 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[3002]:[48,0010:9400:000b]:[128,3002::2][3002]
3.3.3.3 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[3002]:[48,e8c5:7aa8:7cb3]:[128,3002::1][3002]
3.3.3.3 0 100 32768 i ---------- VXLAN
* i [3]:[201]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [3]:[201]:[32,3.3.3.3]
3.3.3.3 0 100 32768 i ---------- VXLAN
* i [3]:[3001]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [3]:[3002]:[32,3.3.3.3]
3.3.3.3 0 100 32768 i ---------- VXLAN

Total number of prefixes 28

Abbreviations
The following are some key abbreviations and their meanings relevant to this document:

Acronym Description

ECMP Equal-Cost Multipath

EVPN Ethernet Virtual Private Network

VxLAN Virtual Extensible LAN

SR Segment Routing

IRB Integrated Routing

OSPF Open Shortest Path First

ISIS Intermediate System to Intermediate System

Glossary
The following provides definitions for key terms used throughout this document.

Single Home VxLAN This refers to a Virtual Extensible LAN (VxLAN) deployment where a single data center or network site
is connected to a single external network (usually the internet) for connectivity.

IRB A networking feature that enables the integration of Layer 3 IP routing and Layer 2 MAC address
bridging within the same interface, simplifying network management and resource utilization.

© 2024 IP Infusion Inc. Proprietary 397

Single Home VxLAN IRB with OSPF or ISIS

OSPF A dynamic and efficient link-state routing protocol used to determine the best path for data packets in
an IP network. It is characterized by rapid convergence and adaptability, making it suitable for large
and dynamic networks.

ISIS A routing protocol designed for scalability and stability in computer networks, commonly used in large
Service Provider networks. It provides a robust framework for routing information exchange.

Layer 3 Routing Network routing operations at the Network Layer (Layer 3) of the OSI model, focusing on routing IP
packets between different subnets or networks.

Layer 2 Bridging Network bridging operations at the Data Link Layer (Layer 2) of the OSI model, handling the forwarding
of data frames based on MAC addresses within the same network segment.

EVPN Ethernet VPN, a technology that provides advanced and efficient methods for Layer 2 and Layer 3
services in Ethernet networks, often used in data centers and service provider environments.

© 2024 IP Infusion Inc. Proprietary 398

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

CHAPTER 8 Multi Home VxLAN-EVPN IRB with OSPF or

ISIS

Overview
The support for Open Shortest Path First (OSPF) and Intermediate System to Intermediate System (ISIS) protocols on
Virtual Extensible LAN (VxLAN) Integrated Routing (IRB) interface is enhanced with multihoming switches that
provides the solution for connecting and managing virtual networks within a data center or network infrastructure.
This feature offers flexibility in configuring network topologies, and ensures compatibility and interoperability within
diverse network environments.
Note: Configure mutually exclusive secondary IP subnets between each anycast-IRB and CE within the same L2VNI
in multi-homing scenarios or when the same IRB anycast interface is configured on multiple nodes. This
ensures unique identification of the routing protocol peer.

Feature Characteristics
The OSPF and ISIS support over the IRB Interface with multihoming feature has the following characteristics:
• Connect the host node to two VTEPs with all-active redundancy mode. It helps forward all traffic from VTEP to
the host when one VTEP goes down.

Benefits
The OSPF and ISIS support over the IRB Interface has the following benefits:
• Uninterrupted service between host and VTEP.

Topology for OSPF

© 2024 IP Infusion Inc. Proprietary 399

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

Figure 8-5: Multi Home VxLAN-EVPN IRB with OSPF or ISIS

Configuration
Perform the following configurations to set up different interfaces, routing protocols, and BGP parameters to enable
VXLAN, IRB, and EVPN functionality with multihoming in the network.

Configure OSPF Router

Perform the following configurations to create multiple VxLAN interfaces and set up OSPF routing process on PE1
node.

© 2024 IP Infusion Inc. Proprietary 400

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE1
PE1(config)#vlan database Enter the VLAN configuration mode.
PE1(config-vlan)# vlan 200-201 bridge 1 Enable VLAN (200-201) on bridge 1. Specifying the enable
state enable state allows forwarding of frames on this VLAN-aware
bridge.
PE1(config-vlan)#interface sa1 Enter sa1 interface mode.
PE1(config-if)# switchport Configure port as L2.
PE1(config-if)# bridge-group 1 Associate the interface with bridge group 1.
PE1(config-if)# switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
PE1(config-if)# switchport trunk allowed Enable VLAN ID 200-201 on this port.
vlan add 200-201
PE1(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the sa1
interface.
PE1(config-if)# exit Exit from sa1 interface configuration mode.
PE1(config)#interface ce0 Enter ce0 interface mode.
PE1(config-if)# static-channel-group 1 Make it member port of sa1
PE1(config-if)#interface lo Configures the loopback (lo) interface.
PE1(config-if)# ip address 1.1.1.1/32 Assigns a secondary the IP address 1.1.1.1/32 to the
secondary loopback interface.
PE1(config-if)# ipv6 address ::1/128 Assigns the IPv6 address ::1/128 to the loopback
interface.
PE1(config-if)#interface vlan1.200 Enter interface VLAN1.200 configuration mode.
PE1(config-if)# ip address 101.11.11.1/ Assigns the primary IP address.
24
PE1(config-if)# ip address 16.16.16.1/24 Assigns the secondary IP address.
secondary
PE1(config-if)# ip address 17.17.17.1/24 Assigns the secondary IP address.
secondary
PE1(config-if)# exit Exit from VLAN interface configuration mode.
PE1(config)#interface xe2 Enter xe2 interface configuration mode.
PE1(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the xe2
interface.
PE1(config-if)#interface xe2.103 Enter VLAN ID 103 interface config mode.
PE1(config-if)# encapsulation dot1q 103 Setting Encapsulation to dot1q with VLAN ID 103.
PE1(config-if)# ip address 20.1.1.1/24 Assigns the primary IP address.
PE1(config-if)# exit Exit from xe2 VLAN interface configuration mode.
PE1(config)#interface xe23 Enter xe23 interface configuration mode.
PE1(config-if)# static-channel-group 1 Configure static channel 1 member port
PE1(config)#router ospf 1 Enters the OSPF configuration mode for OSPF process 1.
PE1(config-router)# network 16.16.16.0/ Advertises the network 16.16.16.0/24 into OSPF area
24 area 0.0.0.0 0.0.0.0.
PE1(config-router)# network 17.17.17.0/ Advertises the network 17.17.17.0/24 into OSPF area
24 area 0.0.0.0 0.0.0.0.
PE1(config-router)# network 20.1.1.0/24 Advertises the network 20.1.1.0/24 into OSPF area 0.0.0.0.
area 0.0.0.0

© 2024 IP Infusion Inc. Proprietary 401

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

Configure ISIS Router

Perform the following configurations to create multiple VxLAN interfaces and set up ISIS routing process on PE2 node.

PE2

PE2(config)#vlan database Enter the VLAN configuration mode.

PE2(config-vlan)# vlan 100-101 bridge 1 Enable VLAN (100-101) on bridge 1. Specifying the enable
state enable state allows forwarding of frames on this VLAN-aware bridge
PE2(config-vlan)#interface po1 Enter po1 interface mode.
PE2(config-if)# switchport Configure port as L2.
PE2(config-if)# bridge-group 1 Associate the interface with bridge group 1.
PE2(config-if)# switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
PE2(config-if)# switchport trunk allowed Enable VLAN ID 100-101 on this port.
vlan add 100-101
PE2(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the po1
interface.
PE2(config-if)#interface lo Configure loopback interface
PE2(config-if)# ip address 2.2.2.2/32 Assign the secondary ip address to lo
secondary
PE2(config-if)#interface vlan1.100 Enter interface VLAN1.100 configuration mode.
PE2(config-if)# ip address 11.11.11.1/24 Assign primary IP address
PE2(config-if)# ip address 12.1.1.1/24 Assign secondary IP address towards MH node.
secondary
PE2(config-if)# ip address 13.1.1.1/24 Assign secondary address towards MH node
secondary
PE2(config-if)# ip router isis 1 Configure the isis
PE2(config-if)# exit Exit from VLAN interface configuration mode.
PE2(config)#interface xe11 Enter xe11 interface configuration mode.
PE2(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the xe11
interface.
PE2(config-if)#interface xe11.105 Configure subinterface xe11.105.
PE2(config-if)# encapsulation dot1q 105 Setting Encapsulation to dot1q with VLAN ID 105.
PE2(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the xe11
interface.
PE2(config-if)# ip address 10.1.1.1/24 Assign an IP address
PE2(config-if)# ip router isis 1 Configure interface as ISIS router
PE2(config-if)# exit Exit from xe11 interface configuration mode.
PE2(config)#interface xe24 Enter xe24 interface configuration mode.
PE2(config-if)# channel-group 1 mode Configure the member port for po1 interface
active
PE2(config-if)# exit Exit from xe24 interface configuration mode.
PE2(config-if)#interface xe26 Enter xe26 interface configuration mode.

© 2024 IP Infusion Inc. Proprietary 402

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE2(config-if)# channel-group 1 mode Configure the member port for po1 interface
active
PE2(config)#router isis 1 Configure the ISIS router.
PE2(config-router)# is-type level-1-2 Configure level1-2 ISIS mode.
PE2(config-router)# metric-style wide Configure metric style as wide.
PE2(config-router)# dynamic-hostname Configure the hostname to be advertised for an ISIS 1
instance.
PE2(config-router)# bfd all-interfaces Enable the Bidirectional Forwarding Detection (BFD) feature
on all the interfaces enabled with this ISIS instance.
PE2(config-router)# net Set a Network Entity Title for this instance, specifying the
49.0000.0000.0001.00 area address and the system ID.
PE2(config-router)# redistribute Redistribute the connected routes.
connected

Configure VxLAN IRB with Multihoming for OSPF and ISIS Router
Perform the following configurations to create VxLAN IRB interfaces with multihoming for OSPF and ISIS routing
process on PE7 and PE8 node.

PE7

PE7(config)#nvo vxlan enable Enable VxLAN.

PE7(config)#nvo vxlan irb Enable VxLAN IRB
PE7(config)#evpn esi hold-time 60 Configure hold time for the tunnels to come up during
VxLAN initialization before making the esi up.
PE7(config)#evpn vxlan multihoming enable Enable VxLAN multihome
PE7(config)#ip vrf management Enter into VRF configuration mode.
PE7(config-vrf)#ip vrf L3VRF3 Create a VRF routing information base called L3VRF3 for
OSPF router.
PE7(config-vrf)# rd 7100:11 Specify a route distinguisher for the VRF.
PE7(config-vrf)# route-target both 100:100 Add import and export route-target extended
communities to the VRF.
PE7(config-vrf)# l3vni 1000 Configure the L3 Virtual Network Identifier for an IP VRF.
PE7(config-vrf)#ip vrf L3VRF4 Create a VRF routing information base called L3VRF4 for
ISIS router.
PE7(config-vrf)# rd 7400:11 Specify a route distinguisher for the VRF.
PE7(config-vrf)# route-target both 101:101 Add import and export route-target extended
communities to the VRF.
PE7(config-vrf)# l3vni 2000 Configure the L3 Virtual Network Identifier for an IP VRF.
PE7(config-vrf)#mac vrf L2VRF1 Create a L2 MAC VRF to use in EVPN routes.
PE7(config-vrf)# rd 7.7.7.7:11 Specify a route distinguisher for the MAC VRF.
PE7(config-vrf)# route-target both Add import and export route-target extended
7.7.7.7:100 communities to the VRF.
PE7(config-vrf)#mac vrf L2VRF2 Create a L2 MAC VRF to use in EVPN routes.
PE7(config-vrf)# rd 7.7.7.7:12 Specify a route distinguisher for the VRF.

© 2024 IP Infusion Inc. Proprietary 403

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE7(config-vrf)# route-target both Add import and export route-target extended

7.7.7.7:101 communities to the VRF
PE7(config-vrf)#exit Exit the VRF configuration mode.
PE7(config)#evpn irb-forwarding anycast- Configure common Anycast MAC address for all the IRB
gateway-mac 0000.0000.1111 interfaces.
PE7(config)#interface irb701 Enter into IRB interface configuration mode to configure
IRB interfaces for OSPF router.
PE7(config-irb-if)# ip vrf forwarding L3VRF3 Associate IRB interface with L3VRF3.
PE7(config-irb-if)# evpn irb-if-forwarding Map the global anycast IRB MAC address with L3VRF3.
anycast-gateway-mac
PE7(config-irb-if)# ip address 17.12.13.1/24 Configure an Anycast IP address.
anycast
PE7(config-irb-if)# ip address 16.16.16.2/24 Configure a secondary IP address.
secondary
PE7(config-irb-if)#exit Exit from the IRB interface.
PE7(config-irb-if)#interface irb801 Enter into IRB interface configuration mode to configure
IRB interfaces for ISIS router.
PE7(config-irb-if)# ip vrf forwarding L3VRF4 Associate IRB interface with L3VRF4.
PE7(config-irb-if)# evpn irb-if-forwarding Map the global anycast IRB MAC address with L3VRF4.
anycast-gateway-mac
PE7(config-irb-if)# ip address 12.13.14.2/24 Configure an Anycast IP address.
anycast
PE7(config-irb-if)# ip address 13.1.1.2/24 Configure a secondary IP address.
secondary
PE7(config-irb-if)# ip router isis 2 Configure ISIS router on IRB interface.
PE7(config-irb-if)#exit Exit from the IRB interface.
PE7(config)#nvo vxlan vtep-ip-global 7.7.7.7 Configure the source VTEP IP address of the VxLAN
tunnel.
PE7(config)#nvo vxlan id 701 ingress- Add a tenant L2 VNID to the VxLAN. Specify
replication inner-vid-disabled
• ingress-replication to use head end
replication for forwarding BUM traffic
• inner-vid-disabled to not carry VID out of
network port.
PE7(config-nvo)# vxlan host-reachability- Associate the L2VRF1reachable protocol to Ethernet-
protocol evpn-bgp L2VRF1 VPN over BGP
PE7(config-nvo)# evpn irb701 Configure default gateway behavior for IRB interface
irb701.
PE7(config-nvo)# vni-name VNI-701 Configure VNI name.
PE7(config-nvo)#exit Exit from NVO mode.
PE7(config-nvo)#nvo vxlan id 801 ingress- Add a tenant L2 VNID to the VxLAN. Specify
replication inner-vid-disabled
• ingress-replication to use head end replication
for forwarding BUM traffic
• inner-vid-disabled to not carry VID out of
network port
PE7(config-nvo)# vxlan host-reachability- Associate the L2VRF2reachable protocol to Ethernet-
protocol evpn-bgp L2VRF2 VPN over BGP

© 2024 IP Infusion Inc. Proprietary 404

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE7(config-nvo)# evpn irb801 Configure default gateway behavior for IRB interface
irb801.
PE7(config-nvo)# vni-name VNI-101 Configure VNI name.
PE7(config-nvo)#qos enable Enable QoS.
PE7(config-nvo)#exit Exit from NVO mode.
PE7(config)#interface po1 Configure po1 interface.
PE7(config-if)# switchport Configure port as L2.
PE7(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the
po1 interface.
PE7(config-if)# evpn multi-homed system-mac Configure system MAC as ESI value for po1 interface.
0000.0000.7782 VTEP1 and VTEP2 should have same ESI value.
PE7(config-if)#interface sa1 Configure sa1 interface.
PE7(config-if)# switchport Configure port as L2.
PE7(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the
po1 interface.
PE7(config-if)# evpn multi-homed esi Configure 9-octet ESI value for sa1 interface.
00:01:02:03:04:05:06:07:08
PE7(config-if-es)#interface sa2 Configure sa2 interface.
PE7(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the
sa2 interface.
PE7(config-if)# ip address 80.1.1.1/24 Configure IP address.
PE7(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE7(config-if)# ip router isis 1 Configure ISIS router on sa2 interface.
PE7(config-if)#exit Exit from the sa2 interface.
PE7(config)#interface sa3 Configure sa3 interface.
PE7(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the
sa3 interface.
PE7(config-if)# ip address 22.1.1.1/24 Configure IP address.
PE7(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE7(config-if)#interface ce50 Configure ce50 interface.
PE7(config-if)# static-channel-group 1 Configure member port for sa3
PE7(config-if)#exit Exit from ce50 interface configuration mode.
PE7(config)#interface lo Configure loopback interface.
PE7(config-if)# ip address 7.7.7.7/32 Configure secondary IP address
secondary
PE7(config-if)#exit Exit from the lo interface.
PE7(config)#interface xe1 Configure xe1 interface.
PE7(config-if)# channel-group 1 mode active Configure member port of po1 interface.
PE7(config-if)#interface xe39 Configure xe39 interface.
PE7(config-if)# static-channel-group 3 Configure member port of sa3 interface.
PE7(config-if)#interface xe40 Configure xe40 interface.
PE7(config-if)# static-channel-group 2 Configure member port of sa2 interface.
PE7(config-if)#exit Exit from the xe40 interface.
PE7(config)#router ospf 1 Configure OSPF router.

© 2024 IP Infusion Inc. Proprietary 405

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE7(config-router)# ospf router-id 7.7.7.7 Configure router id for OSPF.

PE7(config-router)# network 7.7.7.7/32 area Enable OSPF routing with area ID 0.0.0.0 on IRB
0.0.0.0 interface with IP address that match the network address
7.7.7.7/32
PE7(config-router)# network 22.1.1.0/24 area Enable OSPF routing with area ID 0.0.0.0 on interface
0.0.0.0 with IP address that match the network address 22.1.1.0/
24 .
PE7(config-router)#router ospf 2 L3VRF3 Configure OSPF on IRB L3VRF3.
PE7(config-router)# redistribute bgp Redistribute BGP routes.
PE7(config-router)# network 16.16.16.0/24 Enable OSPF routing with area ID 0.0.0.0 on IRB
area 0.0.0.0 interface with IP address that match the network address
16.16.16.0/24.
PE7(config-router)#router isis 1 Configure ISIS router.
PE7(config-router)# is-type level-1-2 Configure IS type as level 1 and level 2.
PE7(config-router)# metric-style wide Configure metric-style as wide.
PE7(config-router)# dynamic-hostname Configure the hostname to advertise for the ISIS router.
PE7(config-router)# bfd all-interfaces Enable the Bidirectional Forwarding Detection (BFD)
feature on all the interfaces enabled with this ISIS
instance.
PE7(config-router)# net Set a Network Entity Title for this instance, specifying the
49.0000.0007.0001.00 area address and the system ID.
PE7(config-router)# redistribute connected Redistribute connected routes.
PE7(config-router)#router isis 2 L3VRF4 Configure ISIS on IRB L3VRF4.
PE7(config-router)# is-type level-1-2 Configure IS type as level 1 and level 2.
PE7(config-router)# metric-style wide Configure metric-style as wide.
PE7(config-router)# dynamic-hostname Configure the hostname to advertise for the ISIS router.
PE7(config-router)# bfd all-interfaces Enable the Bidirectional Forwarding Detection (BFD)
feature on all the interfaces enabled with this ISIS
instance.
PE7(config-router)# net Set a Network Entity Title for this instance, specifying the
49.0000.0000.0475.00 area address and the system ID.
PE7(config-router)# redistribute bgp Redistribute connected routes.
PE7(config-router)#router bgp 700 Start the eBGP router.
PE7(config-router)# bgp router-id 7.7.7.7 Configure BGP router id.
PE7(config-router)# no bgp inbound-route- Disable the VPN/BGP inbound route-target filter.
filter
PE7(config-router)# neighbor 5.5.5.5 remote- Configure BGP peering relationship with a customer
as 500 edge router.
PE7(config-router)# neighbor 6.6.6.6 remote- Configure BGP peering relationship with a customer
as 600 edge router.
PE7(config-router)# neighbor 6.6.6.6 Configure a minimum advertisement interval between the
advertisement-interval 0 sending of BGP routing updates.
PE7(config-router)# address-family l2vpn Enter to the L2 VPN address family mode to configure
evpn the address-family specific parameters.
PE7(config-router-af)# neighbor 5.5.5.5 Enable the exchange of specific address family routes
activate with a neighboring router 5.5.5.5.

© 2024 IP Infusion Inc. Proprietary 406

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE7(config-router-af)# neighbor 6.6.6.6 Enable the exchange of specific address family routes
activate with a neighboring router 6.6.6.6.
PE7(config-router-af)# exit-address-family Exit from address family mode.
PE7(config-router)# address-family ipv4 vrf Enter to the IRB IPv4 VRF address family mode to
L3VRF3 configure the address-family specific parameters.
PE7(config-router-af)# network 16.16.16.0/ Enable OSPF routing on IRB interface with IP address
24 that match the network address 16.16.16.0/24.
PE7(config-router-af)# redistribute ospf Redistribute OSPF routes.
PE7(config-router-af)# exit-address-family Exit from address family mode.
PE7(config-router)# address-family ipv4 vrf Enter to the IRB IPv4 VRF address family mode to
L3VRF4 configure the address-family specific parameters.
PE7(config-router-af)# network 12.1.1.0/24 Enable OSPF routing on IRB interface with IP address
that match the network address 12.1.1.0/24.
PE7(config-router-af)# redistribute isis Redistribute ISIS routes.
PE7(config-router-af)# exit-address-family Exit address family mode.
PE7(config)#nvo vxlan access-if port-vlan Map the VLAN port for ISIS switch on po1 interface to
po1 100 identify the VxLAN traffic and to enter NVO access
interface mode.
PE7(config-nvo-acc-if)# map vnid 801 Map the l2vnid to an access-port.
PE7(config-nvo-acc-if)#nvo vxlan access-if Configure access-if port for OSPF switch.
port-vlan sa1 200
PE7(config-nvo-acc-if)# map vnid 701 Map the l2vnid to an access-port.

PE8

PE8(config)#nvo vxlan enable Enable VxLAN

PE8(config)#nvo vxlan irb Enable VxLAN IRB
PE8(config)#evpn esi hold-time 60 Configure hold time for the tunnels to come up during
VxLAN initialization before making the esi up.
PE8(config)#evpn vxlan multihoming enable Enable VxLAN multihome
PE8(config)#ip vrf managemen Enter into VRF configuration mode.
PE8(config-vrf)#ip vrf L3VRF3 Create a VRF routing information base called L3VRF3 for
OSPF router.
PE8(config-vrf)# rd 8100:11 Specify a route distinguisher for the VRF.
PE8(config-vrf)# route-target both 100:100 Add import and export route-target extended communities
to the VRF.
PE8(config-vrf)# l3vni 1000 Configure the L3 Virtual Network Identifier for an IP VRF.
PE8(config-vrf)#ip vrf L3VRF4 Create a VRF routing information base called L3VRF4 for
ISIS router.
PE8(config-vrf)# rd 8400:11 Specify a route distinguisher for the VRF.
PE8(config-vrf)# route-target both 101:101 Add import and export route-target extended communities
to the VRF.
PE8(config-vrf)# l3vni 2000 Configure the L3 Virtual Network Identifier for an IP VRF.
PE8(config-vrf)#mac vrf L2VRF1 Create a L2 MAC VRF to use in EVPN routes.
PE8(config-vrf)# rd 8.8.8.8:11 Specify a route distinguisher for the MAC VRF.

© 2024 IP Infusion Inc. Proprietary 407

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE8(config-vrf)# route-target both Add import and export route-target extended communities
7.7.7.7:100 to the VRF.
PE8(config-vrf)#mac vrf L2VRF2 Create a L2 MAC VRF to use in EVPN routes.
PE8(config-vrf)# rd 8.8.8.8:12 Specify a route distinguisher for the VRF.
PE8(config-vrf)# route-target both Add import and export route-target extended communities
7.7.7.7:101 to the VRF.
PE7(config-vrf)#exit Exit the VRF configuration mode.

PE8(config)#evpn irb-forwarding anycast- Configure common Anycast MAC address for all the IRB
gateway-mac 0000.0000.1111 interfaces.
PE8(config-if)#interface irb701 Enter into IRB interface configuration mode to configure
IRB interfaces for OSPF router.
PE8(config-irb-if)# ip vrf forwarding L3VRF3 Associate IRB interface with L3VRF3.
PE8(config-irb-if)# evpn irb-if-forwarding Map the global anycast IRB MAC address with L3VRF3.
anycast-gateway-mac
PE8(config-irb-if)# ip address 17.12.13.1/24 Configure an Anycast IP address.
anycast
PE8(config-irb-if)# ip address 17.17.17.2/24 Configure a secondary IP address.
secondary PE7(config-irb-if)#exitExit from the IRB interface.
PE8(config-irb-if)#interface irb801 Enter into IRB interface configuration mode to configure
IRB interfaces for ISIS router.
PE8(config-irb-if)# ip vrf forwarding L3VRF4 Associate IRB interface with L3VRF4.
PE8(config-irb-if)# evpn irb-if-forwarding Map the global anycast IRB MAC address with L3VRF4.
anycast-gateway-mac
PE8(config-irb-if)# ip address 12.13.14.2/24 Configure an Anycast IP address.
anycast
PE8(config-irb-if)# ip address 12.1.1.2/24 Configure an Anycast IP address.
secondary
PE8(config-irb-if)# ip router isis 2 Configure ISIS router on IRB interface.
PE7(config-irb-if)#exit Exit from the IRB interface.
PE8(config)#nvo vxlan vtep-ip-global 8.8.8.8 Configure the source VTEP IP address of the VxLAN
tunnel.
PE8(config)#nvo vxlan id 701 ingress- Add a tenant L2 VNID to the VxLAN. Specify
replication inner-vid-disabled ingress-replication to use head end replication for
forwarding BUM traffic
inner-vid-disabled to not carry VID out of network port
PE8(config-nvo)# vxlan host-reachability- Associate the L2VRF1reachable protocol to Ethernet-VPN
protocol evpn-bgp L2VRF1 over BGP
PE8(config-nvo)# evpn irb701 Configure default gateway behavior for IRB interface
irb701.
PE8(config-nvo)# vni-name VNI-701 Configure VNI name.
PE7(config-nvo)#exit Exit from NVO mode.

PE8(config-nvo)#nvo vxlan id 801 ingress- Add a tenant L2 VNID to the VxLAN. Specify
replication inner-vid-disabled ingress-replication to use head end replication for
forwarding BUM traffic
inner-vid-disabled to not carry VID out of network port
PE8(config-nvo)# vxlan host-reachability- Associate the L2VRF2reachable protocol to Ethernet-VPN
protocol evpn-bgp L2VRF2 over BGP

© 2024 IP Infusion Inc. Proprietary 408

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE8(config-nvo)# evpn irb801 Configure default gateway behavior for IRB interface
irb801.
PE8(config-nvo)# vni-name VNI-101 Configure VNI name.
PE8(config-nvo)#qos enable Enable QoS.
PE8(config-nvo)#exit Exit from NVO mode.
PE8(config-vlan)#interface po1 Configure po1 interface.
PE8(config-if)# switchport Configure port as L2.
PE8(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the po1
interface.
PE8(config-if)# evpn multi-homed system-mac Configure system MAC as ESI value for po1 interface.
0000.0000.7782 VTEP1 and VTEP2 should have same ESI value.
PE8(config-if-es)#interface sa1 Configure sa1 interface.
PE8(config-if)# switchport Configure port as L2.
PE8(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the po1
interface.
PE8(config-if)# evpn multi-homed esi Configure 9-octet ESI value for sa1 interface.
00:01:02:03:04:05:06:07:08
PE8(config-irb-if)#interface lo Configure loopback interface
PE8(config-if)# ip address 8.8.8.8/32 Configure secondary IP address
secondary
PE8(config-if)#exit Exit from the lo interface.
PE8(config)#interface xe1 Configure xe1 interface.
PE8(config-if)# static-channel-group 1 Configure member port of sa3 interface.
PE8(config-if)#interface xe2 Configure xe2 interface.
PE8(config-if)# ip address 90.1.1.1/24 Configure IP address
PE8(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE8(config-if)# ip router isis 1 Configure ISIS router on IRB interface.
PE8(config-if)#exit Exit from the lo interface.
PE8(config)#interface xe12 Configure xe1 interface.
PE8(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the po1
interface.
PE8(config-if)# ip address 21.1.1.1/24 Configure IP address
PE8(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE8(config-if)#exit Exit from the lo interface.
PE8(config-if)#interface xe26 Configure xe26 interface.
PE8(config-if)# channel-group 1 mode active Configure member port of xe26 interface.
PE8(config)#router ospf 1 Configure OSPF router.
PE8(config-router)# ospf router-id 8.8.8.8 Configure router id for OSPF.
PE8(config-router)# network 8.8.8.8/32 area Enable OSPF routing with area ID 0.0.0.0 on IRB interface
0.0.0.0 with IP address that match the network address 8.8.8.8/32.
PE8(config-router)# network 21.1.1.0/24 area Enable OSPF routing with area ID 0.0.0.0 on IRB interface
0.0.0.0 with IP address that match the network address 21.1.1.0/
24.
PE8(config-router)#router ospf 2 L3VRF3 Configure OSPF on IRB L3VRF3.

© 2024 IP Infusion Inc. Proprietary 409

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE8(config-router)# redistribute bgp Redistribute BGP routes.

PE8(config-router)# network 17.17.17.0/24 Enable OSPF routing with area ID 0.0.0.0 on IRB interface
area 0.0.0.0 with IP address that match the network address 17.17.17.0/
24
PE8(config-router)#router isis 1 Configure ISIS router.
PE8(config-router)# is-type level-1-2 Configure IS type as level 1 and level 2.
PE8(config-router)# metric-style wide Configure metric-style as wide.
PE8(config-router)# dynamic-hostname Configure the hostname to advertise for the ISIS router.
PE8(config-router)# bfd all-interfaces Enable the Bidirectional Forwarding Detection (BFD)
feature on all the interfaces enabled with this ISIS instance.
PE8(config-router)# net Set a Network Entity Title for this instance, specifying the
49.0000.0008.0001.00 area address and the system ID.
PE8(config-router)# redistribute connected Redistribute connected routes.
PE8(config-router)#router isis 2 L3VRF4 Configure ISIS on IRB L3VRF4.
PE8(config-router)# is-type level-1-2 Configure IS type as level 1 and level 2.
PE8(config-router)# metric-style wide Configure metric-style as wide.
PE8(config-router)# dynamic-hostname Configure the hostname to advertise for the ISIS router.
PE8(config-router)# bfd all-interfaces Enable the Bidirectional Forwarding Detection (BFD)
feature on all the interfaces enabled with this ISIS instance.
PE8(config-router)# net Set a Network Entity Title for this instance, specifying the
49.0000.0000.0485.00 area address and the system ID.
PE8(config-router)# redistribute bgp Redistribute connected routes.
PE8(config-router)#router bgp 800 Start the eBGP router.
PE8(config-router)# bgp router-id 8.8.8.8 Configure BGP router id.
PE8(config-router)# no bgp inbound-route- Disable the VPN/BGP inbound route-target filter.
filter
PE8(config-router)# neighbor 5.5.5.5 remote- Configure BGP peering relationship with a customer edge
as 500 router.
PE8(config-router)# neighbor 6.6.6.6 remote- Configure BGP peering relationship with a customer edge
as 600 router.
PE8(config-router)# neighbor 6.6.6.6 update- Configure a minimum advertisement interval between the
source lo sending of BGP routing updates.
PE8(config-router)# address-family l2vpn Enter to the L2 VPN address family mode to configure the
evpn address-family specific parameters.
PE8(config-router-af)# neighbor 5.5.5.5 Enable the exchange of specific address family routes with
activate a neighboring router 5.5.5.5.
PE8(config-router-af)# neighbor 6.6.6.6 Enable the exchange of specific address family routes with
activate a neighboring router 6.6.6.6.
PE8(config-router-af)# exit-address-family Exit from address family mode.
PE8(config-router)# address-family ipv4 vrf Enter to the IRB IPv4 VRF address family mode to
L3VRF3 configure the address-family specific parameters.
PE8(config-router-af)# network 16.16.16.0/ Enable OSPF routing on IRB interface with IP address that
24 match the network address 16.16.16.0/24.
PE8(config-router-af)# redistribute ospf Redistribute OSPF routes.
PE8(config-router-af)# exit-address-family Exit from address family mode.
PE8(config-router)# address-family ipv4 vrf Enter to the IRB IPv4 VRF address family mode to
L3VRF4 configure the address-family specific parameters.

© 2024 IP Infusion Inc. Proprietary 410

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE8(config-router-af)# network 12.1.1.0/24 Enable OSPF routing on IRB interface with IP address that
match the network address 12.1.1.0/24.
PE8(config-router-af)# redistribute isis Redistribute ISIS routes.
PE8(config-router-af)# exit-address-family Exit address family mode.
PE8(config-router)# exit Exit from router mode configuration.
PE8(config)#nvo vxlan access-if port-vlan Map the VLAN port for ISIS switch on po1 interface to
po1 100 identify the VxLAN traffic and to enter NVO access interface
mode.
PE8(config-nvo-acc-if)# map vnid 801 Map the l2vnid to an access-port.
PE8(config-nvo-acc-if)#nvo vxlan access-if Configure access-if port for OSPF switch.
port-vlan sa1 200
PE8(config-nvo-acc-if)# map vnid 701 Map the l2vnid to an access-port.
PE8(config-nvo-acc-if)#end End global configuration.

Configure Spine Node with OSPF Router

Perform the following configurations to make the node as spine with routing protocol as OSPF.

PE5

PE5(config-if)#interface sa3 Configure sa3 interface.

PE5(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the sa3
interface.
PE5(config-if)# ip address 22.1.1.2/24 Configure IP address
PE5(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE5(config-if)#interface lo Configure loopback interface
PE5(config-if)# ip address 5.5.5.5/32 Configure secondary IP address.
secondary
PE7(config-if)#exit Exit from the lo interface.
PE5(config-if)#interface xe8 Configure xe8 interface.
PE5(config-if)# static-channel-group 3 Configure member port of sa3 interface.
PE5(config-if)#interface xe12 Configure xe12 interface.
PE5(config-if)# ip address 21.1.1.2/24 Configure IP address
PE5(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE5(config-if)#interface xe14 Configure xe14 interface.
PE5(config-if)# ip address 23.1.1.2/24 Configure IP address
PE5(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE5(config-if)#interface xe25 Configure xe25 interface.
PE5(config-if)# ip address 24.1.1.2/24 Configure IP address
PE5(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE5(config)#router ospf 1 Configure OSPF router.

© 2024 IP Infusion Inc. Proprietary 411

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE5(config-router)# network 5.5.5.5/32 area Enable OSPF routing with area ID 0.0.0.0 on IRB interface
0.0.0.0 with IP address that match the network address 5.5.5.5/32.
PE5(config-router)# network 21.1.1.0/24 area Enable OSPF routing with area ID 0.0.0.0 on IRB interface
0.0.0.0 with IP address that match the network address 21.1.1.0/24.
PE5(config-router)# network 22.1.1.0/24 area Enable OSPF routing with area ID 0.0.0.0 on IRB interface
0.0.0.0 with IP address that match the network address 22.1.1.0/24.
PE5(config-router)# network 23.1.1.0/24 area Enable OSPF routing with area ID 0.0.0.0 on IRB interface
0.0.0.0 with IP address that match the network address 23.1.1.0/24.
PE5(config-router)# network 24.1.1.0/24 area Enable OSPF routing with area ID 0.0.0.0 on IRB interface
0.0.0.0 with IP address that match the network address 24.1.1.0/24.
PE5(config-router)#router bgp 500 Start the eBGP router 500.
PE5(config-router)# bgp router-id 5.5.5.5 Configure BGP router id 5.5.5.5.
PE5(config-router)# no bgp inbound-route- Disable the VPN/BGP inbound route-target filter.
filter
PE5(config-router)# neighbor 3.3.3.3 remote- Configure BGP 3.3.3.3 peering relationship with a customer
as 300 edge router.
PE5(config-router)# neighbor 4.4.4.4 remote- Configure BGP 4.4.4.4 peering relationship with a customer
as 400 edge router.
PE5(config-router)# neighbor 7.7.7.7 remote- Configure BGP 7.7.7.7 peering relationship with a customer
as 700 edge router.
PE5(config-router)# neighbor 8.8.8.8 remote- Configure BGP 8.8.8.8 peering relationship with a customer
as 800 edge router.
PE5(config-router)# neighbor 3.3.3.3 update- Specifies that loopback interface (lo) is the source for the
source lo BGP 3.3.3.3 to establish the TCP connections.
PE5(config-router)# neighbor 4.4.4.4 update- Specifies that loopback interface (lo) is the source for the
source lo BGP 4.4.4.4 to establish the TCP connections.
PE5(config-router)# neighbor 7.7.7.7 update- Specifies that loopback interface (lo) is the source for the
source lo BGP 7.7.7.7 to establish the TCP connections.
PE5(config-router)# neighbor 8.8.8.8 update- Specifies that loopback interface (lo) is the source for the
source lo BGP 8.8.8.8 to establish the TCP connections.
PE5(config-router)# address-family l2vpn Enter to the L2 VPN address family mode to configure the
evpn address-family specific parameters.
PE5(config-router-af)# neighbor 3.3.3.3 Enable the exchange of specific address family routes with a
activate neighboring router 3.3.3.3.
PE5(config-router-af)# neighbor 4.4.4.4 Enable the exchange of specific address family routes with a
activate neighboring router 4.4.4.4.
PE5(config-router-af)# neighbor 7.7.7.7 Enable the exchange of specific address family routes with a
activate neighboring router 7.7.7.7.
PE5(config-router-af)# neighbor 8.8.8.8 Enable the exchange of specific address family routes with a
activate neighboring router 8.8.8.8.
PE5(config-router-af)# exit-address-family Exit address family configuration mode.
PE5(config-router)# exit Exit router configuration mode.
PE5(config)#end Exit global configuration mode.

Configure Spine Node with ISIS Router

Perform the following configurations to make the node as spine with routing protocol as ISIS.

© 2024 IP Infusion Inc. Proprietary 412

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE6

PE6(config-if)#interface sa2 Configure sa2 interface.

PE6(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the
sa2 interface.
PE6(config-if)# ip address 80.1.1.2/24 Configure IP address.
PE6(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE6(config-if)# ip router isis 1 Configure ISIS router on sa2 interface.
PE6(config-if)#interface ce2 Configure ce2 interface.
PE6(config-if)# ip address 101.1.1.1/24 Configure IP address
PE6(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE6(config-if)# ip router isis 1 Configure ISIS router on sa2 interface.
PE6(config-if)#interface lo Configure loopback interface
PE6(config-if)# ip address 6.6.6.6/32 Configure secondary IP address.
secondary
PE6(config-if)# ip router isis 1 Configure ISIS router on sa2 interface.
PE6(config-if)#interface xe5 Configure xe5 interface.
PE6(config-if)# ip address 102.1.1.1/24 Configure IP address
PE6(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE6(config-if)# ip router isis 1 Configure ISIS router on xe5 interface.
PE6(config-if)#interface xe9 Configure xe9 interface.
PE6(config-if)# static-channel-group 2 Configure member port of sa2 interface.
PE6(config-if)#interface xe24 Configure xe24 interface.
PE6(config-if)# ip address 90.1.1.2/24 Configure IP address
PE6(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE6(config-if)# ip router isis 1 Configure ISIS router on xe24 interface.
PE6(config)#router isis 1 Configure ISIS router on xe24 interface.
PE6(config-router)# is-type level-1-2 Configure IS type as level 1 and level 2.
PE6(config-router)# metric-style wide Configure metric-style as wide.
PE6(config-router)# dynamic-hostname Configure the hostname to advertise for the ISIS router.
PE6(config-router)# bfd all-interfaces Enable the Bidirectional Forwarding Detection (BFD)
feature on all the interfaces enabled with this ISIS
instance.
PE6(config-router)# net Set a Network Entity Title for this instance, specifying the
49.0000.0006.0001.00 area address and the system ID.
PE6(config-router)#router bgp 600 Start the eBGP router.
PE6(config-router)# bgp router-id 6.6.6.6 Configure BGP router id.
PE6(config-router)# no bgp inbound-route- Disable the VPN/BGP inbound route-target filter.
filter
PE6(config-router)# neighbor 3.3.3.3 remote- Configure BGP peering relationship with a customer edge
as 300 router.
PE6(config-router)# neighbor 4.4.4.4 remote- Configure BGP peering relationship with a customer edge
as 400 router.

© 2024 IP Infusion Inc. Proprietary 413

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE6(config-router)# neighbor 7.7.7.7 remote- Configure BGP peering relationship with a customer edge
as 700 router.
PE6(config-router)# neighbor 8.8.8.8 remote- Configure BGP peering relationship with a customer edge
as 800 router.
PE6(config-router)# neighbor 3.3.3.3 update- Specifies that loopback interface (lo) is the source for the
source lo BGP 3.3.3.3 to establish the TCP connections
PE6(config-router)# neighbor 4.4.4.4 update- Specifies that loopback interface (lo) is the source for the
source lo BGP 4.4.4.4 to establish the TCP connections
PE6(config-router)# neighbor 7.7.7.7 update- Specifies that loopback interface (lo) is the source for the
source lo BGP 7.7.7.7 to establish the TCP connections
PE6(config-router)# neighbor 8.8.8.8 update- Specifies that loopback interface (lo) is the source for the
source lo BGP 8.8.8.8 to establish the TCP connections
PE6(config-router)# address-family l2vpn Enter to the L2 VPN address family mode to configure the
evpn address-family specific parameters.
PE6(config-router-af)# neighbor 3.3.3.3 Enable the exchange of specific address family routes
activate with a neighboring router 3.3.3.3.
PE6(config-router-af)# neighbor 4.4.4.4 Enable the exchange of specific address family routes
activate with a neighboring router 4.4.4.4.
PE6(config-router-af)# neighbor 7.7.7.7 Enable the exchange of specific address family routes
activate with a neighboring router 7.7.7.7.
PE6(config-router-af)# neighbor 8.8.8.8 Enable the exchange of specific address family routes
activate with a neighboring router 8.8.8.8.
PE6(config-router-af)# exit-address-family Exit address family configuration mode.
PE6(config-router)# exit Exit router configuration mode.
PE6(config)#end Exit global configuration mode.

Configure VxLAN IRB with Single Homing OSPF and ISIS Router
Perform the following configurations to create VxLAN IRB interfaces with singlehoming for OSPF and ISIS routing
process on PE3 and PE4 nodes.

PE3

PE3(config)#nvo vxlan enable Enable VxLAN.

PE3(config)#nvo vxlan irb Enable VxLAN IRB
PE3(config)#ip vrf management Enter into VRF configuration mode.
PE3(config-vrf)#ip vrf L3VRF1 Create a VRF routing information base called L3VRF3 for
OSPF router.
PE3(config-vrf)# rd 56000:11 Specify a route distinguisher for the VRF.
PE3(config-vrf)# route-target both 100:100 Add import and export route-target extended communities
to the VRF.
PE3(config-vrf)# l3vni 1000 Configure the L3 Virtual Network Identifier for an IP VRF.
PE3(config-vrf)#mac vrf L2VRF1 Create a L2 MAC VRF to use in EVPN routes.
PE3(config-vrf)# rd 4.4.4.4:11 Specify a route distinguisher for the MAC VRF.

© 2024 IP Infusion Inc. Proprietary 414

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE3(config-vrf)# route-target both Add import and export route-target extended communities
9.9.9.9:100 to the VRF.
PE3(config-if)#interface irb1001 Enter into IRB interface configuration mode to configure
IRB interfaces for OSPF router.
PE3(config-irb-if)# ip vrf forwarding L3VRF1 Associate IRB interface with L3VRF3.
PE3(config-irb-if)# ip address 40.1.1.1/24 Configure an Anycast IP address.
PE3(config-irb-if)# ip ospf cost 1 Specify the cost of the link-state metric in a router-LSA.
PE3(config-vrf)#nvo vxlan vtep-ip-global Configure the source VTEP IP address of the VxLAN
3.3.3.3 tunnel.
PE3(config)#nvo vxlan id 102 ingress- Add a tenant L2 VNID to the VxLAN. Specify
replication ingress-replication to use head end replication for
forwarding BUM traffic
inner-vid-disabled to not carry VID out of network port
PE3(config-nvo)# vxlan host-reachability- Associate the L2VRF1 reachable protocol to Ethernet-
protocol evpn-bgp L2VRF1 VPN over BGP
PE3(config-nvo)# evpn irb1001 Configure default gateway behavior for IRB interface
irb1001.
PE3(config-nvo)# vni-name VNI-102 Configure VNI name.
PE3(config-nvo)#nvo vxlan id 2002 ingress- Add a tenant L2 VNID to the VxLAN. Specify
replication ingress-replication to use head end replication for
forwarding BUM traffic
inner-vid-disabled to not carry VID out of network port
PE3(config-nvo)# vxlan host-reachability- Associate the L2VRF1 reachable protocol to Ethernet-
protocol evpn-bgp L2VRF1 VPN over BGP
PE3(config-nvo)# evpn irb2002 Configure default gateway behavior for IRB interface
irb72002.
PE3(config-nvo)#qos enable Enable QoS.
PE3(config)#interface sa4 Configure sa4 interface.
PE3(config-if)# switchport Configure port as L2.
PE3(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the
po1 interface.
PE3(config)#nvo vxlan access-if port-vlan Map the VLAN port for ISIS switch on sa4 interface to
sa4 100 identify the VxLAN traffic and to enter NVO access
interface mode.
PE3(config-acc-if-evpn)#map vpn-id 102 Map the l2vnid to an access-port.
PE3(config-if)#interface ce3 Configure ce3 interface.
PE3(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the
ce3 interface.
PE3(config-if)# ip address 101.1.1.2/24 Configure IP address.
PE3(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE3(config-if)# ip router isis 1 Configure ISIS router on ce3 interface.
PE3(config-irb-if)#interface lo Configure loopback interface
PE3(config-if)# ip address 3.3.3.3/32 Configure secondary IP address
secondary
PE3(config-if)# ip router isis 1 Configure ISIS router on ce3 interface.
PE3(config-if)#interface xe10 Configure xe10 interface.
PE3(config-if)# static-channel-group 4 Configure member port of ce3 interface.

© 2024 IP Infusion Inc. Proprietary 415

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE3(config-if)#interface xe14 Configure xe14 interface.

PE3(config-if)# speed 10g Set the link speed of the xe14 interface.
PE3(config-if)# ip address 23.1.1.1/24 Configure IP address.
PE3(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE3(config)#router ospf 1 Configure OSPF router.
PE3(config-router)# ospf router-id 3.3.3.3 Configure router id for OSPF.
PE3(config-router)# network 3.3.3.3/32 area Enable OSPF routing with area ID 0.0.0.0 on IRB interface
0.0.0.0 with IP address that match the network address 3.3.3.3/
32.
PE3(config-router)# network 23.1.1.0/24 area Enable OSPF routing with area ID 0.0.0.0 on IRB interface
0.0.0.0 with IP address that match the network address 23.1.1.0/
24.
PE3(config-router)# network 101.1.1.0/24 Enable OSPF routing with area ID 0.0.0.0 on IRB interface
area 0.0.0.0 with IP address that match the network address 101.1.1.0/
24.
PE3(config-router)#router ospf 2 L3VRF1 Configure OSPF on IRB L3VRF1.
PE3(config-router)# redistribute bgp Redistribute BGP into OSPF.
PE3(config-router)# network 40.1.1.0/24 area Enable OSPF routing with area ID 0.0.0.0 on IRB interface
0.0.0.0 with IP address that match the network address 40.1.1.0/
24.
PE3(config-router)#router isis 1 Configure ISIS router on xe24 interface.
PE3(config-router)# is-type level-1-2 Configure IS type as level 1 and level 2.
PE3(config-router)# metric-style wide Configure metric-style as wide.
PE3(config-router)# dynamic-hostname Configure the hostname to advertise for the ISIS router.
PE3(config-router)# bfd all-interfaces Enable the Bidirectional Forwarding Detection (BFD)
feature on all the interfaces enabled with this ISIS
instance.
PE3(config-router)# net Set a Network Entity Title for this instance, specifying the
49.0000.0003.0001.00 area address and the system ID.
PE3(config-router)# redistribute connected Redistribute connected routes.
PE3(config-router)#router bgp 300 Start the eBGP router.
PE3(config-router)# bgp router-id 3.3.3.3 Configure BGP router id.
PE3(config-router)# no bgp inbound-route- Disable the VPN/BGP inbound route-target filter.
filter
PE3(config-router)# neighbor 5.5.5.5 remote- Configure BGP peering relationship with a customer edge
as 500 router.
PE3(config-router)# neighbor 6.6.6.6 remote- Configure BGP peering relationship with a customer edge
as 600 router.
PE3(config-router)# neighbor 5.5.5.5 update- Specifies that loopback interface (lo) is the source for the
source lo BGP 5.5.5.5 to establish the TCP connections
PE3(config-router)# neighbor 6.6.6.6 Configure a minimum advertisement interval between the
advertisement-interval 0 sending of BGP routing updates.
PE3(config-router)# address-family l2vpn Enter to the L2 VPN address family mode to configure the
evpn address-family specific parameters.
PE3(config-router-af)# neighbor 5.5.5.5 Enable the exchange of specific address family routes with
activate a neighboring router 5.5.5.5.

© 2024 IP Infusion Inc. Proprietary 416

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE3(config-router-af)# neighbor 6.6.6.6 Enable the exchange of specific address family routes with
activate a neighboring router 6.6.6.6.
PE3(config-router-af)# exit-address-family Exit address family configuration mode.
PE3(config-router)# address-family ipv4 vrf Enter to the IRB IPv4 VRF address family mode to
L3VRF1 configure the address-family specific parameters.
PE3(config-router-af)# redistribute Redistribute connected routes.
connected
PE3(config-router-af)# redistribute ospf Redistribute OSPF routes.
PE3(config-router-af)# exit-address-family Exit address family configuration mode.
PE3(config-router)# exit Exit router configuration mode.
PE3(config)#end Exit global configuration mode.

PE4

PE4(config)#nvo vxlan enable Enable VxLAN.

PE4(config)#nvo vxlan irb Enable VxLAN IRB
PE4(config)#ip vrf management Enter into VRF configuration mode.
PE4(config-vrf)#ip vrf L3VRF2 reate a VRF routing information base called L3VRF2 for
OSPF router.
PE4(config-vrf)# rd 63000:11 Specify a route distinguisher for the VRF.
PE4(config-vrf)# route-target both 101:101 dd import and export route-target extended communities
to the VRF.
PE4(config-vrf)# l3vni 2000 Configure the L3 Virtual Network Identifier for an IP VRF.
PE4(config-vrf)#mac vrf L2VRF2 Create a L2 MAC VRF to use in EVPN routes.
PE4(config-vrf)# rd 3.3.3.3:11 Specify a route distinguisher for the MAC VRF.
PE4(config-vrf)# route-target both Add import and export route-target extended communities
10.10.10.10:100 to the VRF.
PE4(config-if)#interface irb2001 Enter into IRB interface configuration mode to configure
IRB interfaces for OSPF router.
PE4(config-irb-if)# ip vrf forwarding L3VRF2 Associate IRB interface with L3VRF3.
PE4(config-irb-if)# ip address 50.50.50.1/24 Configure an Anycast IP address.
PE4(config-irb-if)# ip router isis 2 Configure ISIS router on IRB interface.
PE4(config-vrf)#nvo vxlan vtep-ip-global Configure the source VTEP IP address of the VxLAN
4.4.4.4 tunnel.
PE4(config)#nvo vxlan id 201 ingress- Add a tenant L2 VNID to the VxLAN. Specify ingress-
replication replication to use head end replication for forwarding BUM
traffic
PE4(config-nvo)# vxlan host-reachability- Associate the L2VRF1 reachable protocol to Ethernet-VPN
protocol evpn-bgp L2VRF2 over BGP
PE4(config-nvo)# evpn irb2001 Configure default gateway behavior for IRB interface
irb2001.
PE4(config-nvo)# vni-name VNI-201 Configure VNI name.
PE4(config-nvo)#nvo vxlan id 3002 ingress- Add a tenant L2 VNID to the VxLAN. Specify ingress-
replication replication to use head end replication for forwarding BUM
traffic.

© 2024 IP Infusion Inc. Proprietary 417

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE4(config-nvo)# vxlan host-reachability- Associate the L2VRF2 reachable protocol to Ethernet-VPN

protocol evpn-bgp L2VRF2 over BGP.
PE4(config-nvo)# evpn irb3002 Configure default gateway behavior for IRB interface
irb3002.
PE4(config-nvo)#nvo vxlan id 3003 ingress- Add a tenant L2 VNID to the VxLAN. Specify ingress-
replication replication to use head end replication for forwarding BUM
traffic.
PE4(config-nvo)#qos enable Enable QoS.
PE4(config-irb-if)#interface lo Configure loopback interface
PE4(config-if)# ip address 4.4.4.4/32 Configure secondary IP address
secondary
PE4(config-if)# ip router isis 1 Configure ISIS router on lo interface.
PE4(config-if)#interface xe5 Configure xe5 interface.
PE4(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the
xe5 interface.
PE4(config-if)# ip address 102.1.1.2/24 Configure IP address.
PE4(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE4(config-if)# ip router isis 1 Configure ISIS router on ce3 interface.
PE4(config-if)#interface xe25 Configure xe25 interface.
PE4(config-if)# ip address 24.1.1.1/24 Configure IP address.
PE4(config-if)# mtu 9000 Configure the Maximum Transmission Unit (MTU).
PE4(config-if)#interface xe26 Configure xe26 interface.
PE4(config-if)# switchport Configure port as L2.
PE4(config-if)# load-interval 30 Configures the load-interval for monitoring traffic on the
xe26 interface.
PE4(config)#nvo vxlan access-if port-vlan Map the VLAN port for ISIS switch on xe26 interface to
xe26 200 identify the VxLAN traffic and to enter NVO access
interface mode.
PE4(config-acc-if-evpn)# map vpn-id 201 Map the l2vnid to an access-port.
PE4(config-if)# exit Exit the interface configuration mode.
PE4(config)#router ospf 1 Configure OSPF router.
PE4(config-router)# network 4.4.4.4/32 area Enable OSPF routing with area ID 0.0.0.0 on IRB interface
0.0.0.0 with IP address that match the network address 4.4.4.4/32.
PE4(config-router)# network 24.1.1.0/24 area Enable OSPF routing with area ID 0.0.0.0 on IRB interface
0.0.0.0 with IP address that match the network address 24.1.1.0/
24.
PE4(config-router)#router isis 1 Configure ISIS router on xe24 interface.
PE4(config-router)# is-type level-1-2 Configure IS type as level 1 and level 2.
PE4(config-router)# metric-style wide Configure metric-style as wide.
PE4(config-router)# dynamic-hostname Configure the hostname to advertise for the ISIS router.
PE4(config-router)# bfd all-interfaces Enable the Bidirectional Forwarding Detection (BFD)
feature on all the interfaces enabled with this ISIS
instance.
PE4(config-router)# net Set a Network Entity Title for this instance, specifying the
49.0000.0004.0001.00 area address and the system ID.
PE4(config-router)# redistribute connected Redistribute connected routes.

© 2024 IP Infusion Inc. Proprietary 418

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE4(config-router)#!
PE4(config-router)#router isis 2 L3VRF2 Configure ISIS on IRB L3VRF2.
PE4(config-router)# is-type level-1-2 Configure IS type as level 1 and level 2.
PE4(config-router)# metric-style wide Configure metric-style as wide.
PE4(config-router)# dynamic-hostname Configure the hostname to advertise for the ISIS router.
PE4(config-router)# bfd all-interfaces Enable the Bidirectional Forwarding Detection (BFD)
feature on all the interfaces enabled with this ISIS
instance.
PE4(config-router)# net Set a Network Entity Title for this instance, specifying the
49.0000.0000.0441.00 area address and the system ID.
PE4(config-router)#router bgp 400 Start the eBGP router.
PE4(config-router)# bgp router-id 4.4.4.4 Configure BGP router id.
PE4(config-router)# no bgp inbound-route- Disable the VPN/BGP inbound route-target filter.
filter
PE4(config-router)# neighbor 5.5.5.5 remote- Configure BGP peering relationship with a customer edge
as 500 router.
PE4(config-router)# neighbor 6.6.6.6 remote- Configure BGP peering relationship with a customer edge
as 600 router.
PE4(config-router)# neighbor 5.5.5.5 update- Specifies that loopback interface (lo) is the source for the
source lo BGP 5.5.5.5 to establish the TCP connections
PE4(config-router)# neighbor 6.6.6.6 Configure a minimum advertisement interval between the
advertisement-interval 0 sending of BGP routing updates.
PE4(config-router)# address-family l2vpn Enter to the L2 VPN address family mode to configure the
evpn address-family specific parameters.
PE4(config-router-af)# neighbor 5.5.5.5 Enable the exchange of specific address family routes with
activate a neighboring router 5.5.5.5.
PE4(config-router-af)# neighbor 6.6.6.6 Enable the exchange of specific address family routes with
activate a neighboring router 6.6.6.6.
PE4(config-router-af)# exit-address-family Exit address family configuration mode.
PE4(config-router)# address-family ipv4 vrf Enter to the IRB IPv4 VRF address family mode to
L3VRF2 configure the address-family specific parameters.
PE4(config-router-af)# redistribute Redistribute connected routes.
connected
PE4(config-router-af)# exit-address-family Exit address family configuration mode.
PE4(config-router)# exit Exit router configuration mode.
PE4(config)#end Exit global configuration mode.

Validation
PE1#show ip ospf neighbor

© 2024 IP Infusion Inc. Proprietary 419

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

Total number of full neighbors: 2

OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface Instance ID
17.12.13.1 1 Full/DR 00:00:35 16.16.16.2 vlan1.200 0
17.17.17.2 1 Full/DR 00:00:31 17.17.17.2 vlan1.200 0

PE1#show ip route vrf all

IP Route Table for VRF "default"

C 1.1.1.1/32 is directly connected, lo, 00:23:27
O E2 3.3.3.3/32 [110/1] via 16.16.16.2, vlan1.200, 00:18:02
[110/1] via 17.17.17.2, vlan1.200
O E2 7.7.7.7/32 [110/1] via 17.17.17.2, vlan1.200, 00:18:45
O E2 8.8.8.8/32 [110/1] via 16.16.16.2, vlan1.200, 00:19:14
C 16.16.16.0/24 is directly connected, vlan1.200, 00:21:24
C 17.17.1.0/24 is directly connected, vlan1.200, 00:21:24
C 17.17.17.0/24 is directly connected, vlan1.200, 00:21:24
C 20.1.1.0/24 is directly connected, xe2.103, 00:22:31
O E2 40.1.1.0/24 [110/1] via 16.16.16.2, vlan1.200, 00:18:02
[110/1] via 17.17.17.2, vlan1.200
C 101.11.11.0/24 is directly connected, vlan1.200, 00:21:24
C 127.0.0.0/8 is directly connected, lo, 00:23:27

IP Route Table for VRF "management"

C 10.12.98.0/24 is directly connected, eth0, 00:23:27
C 127.0.0.0/8 is directly connected, lo.management, 00:23:27

Gateway of last resort is not set

PE1#
PE1#ping 40.1.1.1
Press CTRL+C to exit
PING 40.1.1.1 (40.1.1.1) 56(84) bytes of data.
64 bytes from 40.1.1.1: icmp_seq=1 ttl=63 time=0.678 ms
64 bytes from 40.1.1.1: icmp_seq=2 ttl=63 time=0.568 ms
64 bytes from 40.1.1.1: icmp_seq=3 ttl=63 time=0.567 ms
64 bytes from 40.1.1.1: icmp_seq=4 ttl=63 time=0.657 ms

--- 40.1.1.1 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 59ms
rtt min/avg/max/mdev = 0.567/0.617/0.678/0.056 ms
PE1#

© 2024 IP Infusion Inc. Proprietary 420

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE2#show clns neighbors

Total number of L1 adjacencies: 4

Total number of L2 adjacencies: 4
Total number of adjacencies: 8
Tag 1: VRF : default
System Id Interface SNPA State Holdtime Type Protocol
PE7 vlan1.100 0000.0000.1111 Up 21 L1 IS-IS
Up 21 L2 IS-IS
PE8 vlan1.100 0000.0000.1111 Up 20 L1 IS-IS
Up 20 L2 IS-IS
PE7 vlan1.101 0000.0000.1111 Up 21 L1 IS-IS
Up 21 L2 IS-IS
PE8 vlan1.101 0000.0000.1111 Up 20 L1 IS-IS
Up 20 L2 IS-IS

PE2#show ip route vrf all

IP Route Table for VRF "default"

C 2.2.2.2/32 is directly connected, lo, 00:25:56
i L2 4.4.4.4/32 [115/10] via 13.1.1.2, vlan1.100, 00:22:51
[115/10] via 12.1.1.2, vlan1.100
i L2 7.7.7.7/32 [115/10] via 12.1.1.2, vlan1.100, 00:24:20
i L2 8.8.8.8/32 [115/10] via 13.1.1.2, vlan1.100, 00:24:03
C 10.1.1.0/24 is directly connected, xe11.105, 00:25:23
C 11.11.11.0/24 is directly connected, vlan1.100, 00:25:22
C 12.1.1.0/24 is directly connected, vlan1.100, 00:25:22
i L1 12.13.14.0/24 [115/20] via 13.1.1.2, vlan1.100, 00:24:20
[115/20] via 12.1.1.2, vlan1.100
C 13.1.1.0/24 is directly connected, vlan1.100, 00:25:22
i L2 50.50.50.0/24 [115/10] via 13.1.1.2, vlan1.100, 00:22:51
[115/10] via 12.1.1.2, vlan1.100
C 127.0.0.0/8 is directly connected, lo, 00:25:56

IP Route Table for VRF "management"

C 10.12.98.0/24 is directly connected, eth0, 00:25:56
C 127.0.0.0/8 is directly connected, lo.management, 00:25:56

Gateway of last resort is not set

PE2#ping 50.50.50.1
Press CTRL+C to exit
PING 50.50.50.1 (50.50.50.1) 56(84) bytes of data.

© 2024 IP Infusion Inc. Proprietary 421

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

64 bytes from 50.50.50.1: icmp_seq=1 ttl=63 time=0.491 ms

64 bytes from 50.50.50.1: icmp_seq=2 ttl=63 time=0.411 ms
64 bytes from 50.50.50.1: icmp_seq=3 ttl=63 time=0.628 ms
64 bytes from 50.50.50.1: icmp_seq=4 ttl=63 time=0.661 ms

--- 50.50.50.1 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 65ms
rtt min/avg/max/mdev = 0.411/0.547/0.661/0.105 ms
PE2#

PE7#show clns neighbors

Total number of L1 adjacencies: 1

Total number of L2 adjacencies: 1
Total number of adjacencies: 2
Tag 1: VRF : default
System Id Interface SNPA State Holdtime Type Protocol
PE6 sa2 e8c5.7a19.c3c8 Up 5 L1 IS-IS
Up 5 L2 IS-IS

Total number of L1 adjacencies: 2

Total number of L2 adjacencies: 2
Total number of adjacencies: 4
Tag 2: VRF : L3VRF4
System Id Interface SNPA State Holdtime Type Protocol
PE2 irb801 e8c5.7a76.581d Up 5 L1 IS-IS
Up 5 L2 IS-IS
PE2 irb802 e8c5.7a76.581d Up 5 L1 IS-IS
Up 5 L2 IS-IS

PE7#show ip ospf neighbor

Total number of full neighbors: 1

OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface Instance ID
5.5.5.5 1 Full/Backup 00:00:34 22.1.1.2 sa3 0

Total number of full neighbors: 1

OSPF process 2 VRF(L3VRF3):
Neighbor ID Pri State Dead Time Address Interface Instance ID
1.1.1.1 1 Full/Backup 00:00:34 16.16.16.1 irb701 0

PE7#show ip route 2023 Nov 27 13:04:32.790 : PE7 : HSL : NOTIF : [IF_PKT_ERRORS_4]:

Fragment packets received on xe43 (1 packets)

vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

© 2024 IP Infusion Inc. Proprietary 422

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

O 3.3.3.3/32 [110/3] via 22.1.1.2, sa3, 00:23:42
O 4.4.4.4/32 [110/3] via 22.1.1.2, sa3, 00:23:27
O 5.5.5.5/32 [110/2] via 22.1.1.2, sa3, 00:26:13
i L1 6.6.6.6/32 [115/20] via 80.1.1.2, sa2, 00:25:44
C 7.7.7.7/32 is directly connected, lo, 00:29:00
O 8.8.8.8/32 [110/3] via 22.1.1.2, sa3, 00:26:09
O 21.1.1.0/24 [110/2] via 22.1.1.2, sa3, 00:26:13
C 22.1.1.0/24 is directly connected, sa3, 00:27:04
O 23.1.1.0/24 [110/2] via 22.1.1.2, sa3, 00:24:37
O 24.1.1.0/24 [110/2] via 22.1.1.2, sa3, 00:24:20
C 80.1.1.0/24 is directly connected, sa2, 00:25:59
i L1 90.1.1.0/24 [115/20] via 80.1.1.2, sa2, 00:25:44
O 101.1.1.0/24 [110/3] via 22.1.1.2, sa3, 00:23:42
i L1 102.1.1.0/24 [115/20] via 80.1.1.2, sa2, 00:23:31
C 127.0.0.0/8 is directly connected, lo, 00:29:00

IP Route Table for VRF "management"

C 10.12.93.0/24 is directly connected, eth0, 00:29:00
C 127.0.0.0/8 is directly connected, lo.management, 00:29:00

IP Route Table for VRF "L3VRF3"

B 3.3.3.3/32 [0/0] is directly connected, tunvxlan2, 00:23:42
B 8.8.8.8/32 [0/0] is directly connected, tunvxlan2, 00:25:09
C 16.16.16.0/24 is directly connected, irb701, 00:29:00
C 17.12.13.0/24 is directly connected, irb701, 00:29:00
O 17.17.17.0/24 [110/2] via 16.16.16.1, irb701, 00:26:33
O 20.1.1.0/24 [110/2] via 16.16.16.1, irb701, 00:26:33
B 40.1.1.0/24 [20/0] via 3.3.3.3 (recursive is directly connected, tunvxlan2),
00:23:56
C 127.0.0.0/8 is directly connected, lo.L3VRF3, 00:29:00

IP Route Table for VRF "L3VRF4"

i L2 2.2.2.2/32 [115/10] via 13.1.1.1, irb801, 00:25:22
B 4.4.4.4/32 [0/0] is directly connected, tunvxlan3, 00:23:27
B 8.8.8.8/32 [0/0] is directly connected, tunvxlan3, 00:25:09
i L1 10.1.1.0/24 [115/20] via 13.1.1.1, irb801, 00:25:24
i L1 11.11.11.0/24 [115/20] via 13.1.1.1, irb801, 00:25:24
i L1 12.1.1.0/24 [115/20] via 13.1.1.1, irb801, 00:25:24
C 12.13.14.0/24 is directly connected, irb801, 00:29:00
C 13.1.1.0/24 is directly connected, irb801, 00:29:00
B 50.50.50.0/24 [20/0] via 4.4.4.4 (recursive is directly connected,
tunvxlan3), 00:23:56

© 2024 IP Infusion Inc. Proprietary 423

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

C 127.0.0.0/8 is directly connected, lo.L3VRF4, 00:29:00

IP Route Table for VRF "L2VRF1"
IP Route Table for VRF "L2VRF2"
IP Route Table for VRF "evpn-gvrf-1"

Gateway of last resort is not set

PE7# show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
========================================================================
7.7.7.7 8.8.8.8 Installed 00:25:36 00:25:36
7.7.7.7 4.4.4.4 Installed 00:23:53 00:23:53
7.7.7.7 3.3.3.3 Installed 00:24:08 00:24:08

Total number of entries are 3

PE7#show nvo vxlan l3vni-map
L3VNI L2VNI IRB-interface
===================================
2000 801 irb801
2000 8001 irb802
1000 701 irb701
1000 7001 irb702

PE7#show 2023 Nov 27 13:05:12.791 : PE7 : HSL : NOTIF : [IF_PKT_ERRORS_4]: Fragment

packets received on xe43 (1 packets)

nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
____________________________________________________________________________________________________________________________
___
701 VNI-701 L2 NW ---- ---- ---- ---- 7.7.7.7 8.8.8.8
701 VNI-701 -- AC sa1 00:00:01:02:03:04:05:06:07:08 200 DF ---- ----
801 VNI-101 L2 NW ---- ---- ---- ---- 7.7.7.7 8.8.8.8
801 VNI-101 -- AC po1 00:00:00:00:00:77:82:00:00:00 100 DF ---- ----
1000 ---- L3 NW ---- ---- ---- ---- 7.7.7.7 8.8.8.8
1000 ---- L3 NW ---- ---- ---- ---- 7.7.7.7 3.3.3.3
2000 ---- L3 NW ---- ---- ---- ---- 7.7.7.7 8.8.8.8
2000 ---- L3 NW ---- ---- ---- ---- 7.7.7.7 4.4.4.4
7001 ---- L2 NW ---- ---- ---- ---- 7.7.7.7 8.8.8.8
7001 ---- -- AC sa1 00:00:01:02:03:04:05:06:07:08 201 NON-DF ---- ----
8001 ---- L2 NW ---- ---- ---- ---- 7.7.7.7 8.8.8.8
8001 ---- -- AC po1 00:00:00:00:00:77:82:00:00:00 101 NON-DF ---- ----

Total number of entries are 12

PE7#

PE7#show bgp l2vpn evpn prefix-route

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

RD[8100:11]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID/LABEL Nexthop Encap Router-Mac
0 0 24 17.17.17.0 0.0.0.0 1000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 24 17.17.17.0 0.0.0.0 1000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 30:: :: 1000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 30:: :: 1000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 7102:: :: 1000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 7102:: :: 1000 8.8.8.8 VXLAN 1444:8f53:3e9e

RD[8400:11]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID/LABEL Nexthop Encap Router-Mac
0 0 24 10.1.1.0 0.0.0.0 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 24 10.1.1.0 0.0.0.0 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 24 11.11.11.0 0.0.0.0 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 24 11.11.11.0 0.0.0.0 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 24 12.1.1.0 0.0.0.0 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 24 12.1.1.0 0.0.0.0 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 24 12.13.14.0 0.0.0.0 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 24 12.13.14.0 0.0.0.0 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 24 13.1.1.0 0.0.0.0 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 24 13.1.1.0 0.0.0.0 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 32 2.2.2.2 0.0.0.0 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 32 2.2.2.2 0.0.0.0 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 2:: :: 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 2:: :: 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 40:: :: 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 40:: :: 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 50:: :: 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 50:: :: 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 8002:: :: 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 8002:: :: 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 8102:: :: 2000 8.8.8.8 VXLAN 1444:8f53:3e9e
0 0 64 8102:: :: 2000 8.8.8.8 VXLAN 1444:8f53:3e9e

RD[56000:11]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID/LABEL Nexthop Encap Router-Mac
0 0 24 40.1.1.0 0.0.0.0 1000 3.3.3.3 VXLAN e49d:73b1:c301
0 0 24 40.1.1.0 0.0.0.0 1000 3.3.3.3 VXLAN e49d:73b1:c301
0 0 64 2002:: :: 1000 3.3.3.3 VXLAN e49d:73b1:c301
0 0 64 2002:: :: 1000 3.3.3.3 VXLAN e49d:73b1:c301

RD[63000:11]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID/LABEL Nexthop Encap Router-Mac
0 0 24 50.50.50.0 0.0.0.0 2000 4.4.4.4 VXLAN e8c5:7aa8:7cb3
0 0 24 50.50.50.0 0.0.0.0 2000 4.4.4.4 VXLAN e8c5:7aa8:7cb3
0 0 64 3002:: :: 2000 4.4.4.4 VXLAN e8c5:7aa8:7cb3
0 0 64 3002:: :: 2000 4.4.4.4 VXLAN e8c5:7aa8:7cb3
PE7#PE8#show clns neighbors

Total number of L1 adjacencies: 1

Total number of L2 adjacencies: 1
Total number of adjacencies: 2
Tag 1: VRF : default
System Id Interface SNPA State Holdtime Type Protocol
PE6 xe2 e8c5.7a19.c3c1 Up 7 L1 IS-IS
Up 7 L2 IS-IS

Total number of L1 adjacencies: 2

Total number of L2 adjacencies: 2
Total number of adjacencies: 4
Tag 2: VRF : L3VRF4
System Id Interface SNPA State Holdtime Type Protocol
PE2 irb801 e8c5.7a76.581d Up 7 L1 IS-IS
Up 7 L2 IS-IS

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

PE2 irb802 e8c5.7a76.581d Up 7 L1 IS-IS

Up 7 L2 IS-IS
PE8#show ip ospf neighbor

Total number of full neighbors: 1

OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface Instance ID
5.5.5.5 1 Full/Backup 00:00:31 21.1.1.2 xe12 0

Total number of full neighbors: 1

OSPF process 2 VRF(L3VRF3):
Neighbor ID Pri State Dead Time Address Interface Instance ID
1.1.1.1 1 Full/Backup 00:00:35 17.17.17.1 irb701 0
PE8#terminal width 511

PE8#show ip route vrf all

IP Route Table for VRF "default"

O 3.3.3.3/32 [110/3] via 21.1.1.2, xe12, 00:26:22
O 4.4.4.4/32 [110/3] via 21.1.1.2, xe12, 00:26:07
O 5.5.5.5/32 [110/2] via 21.1.1.2, xe12, 00:28:59
i L1 6.6.6.6/32 [115/20] via 90.1.1.2, xe2, 00:28:23
O 7.7.7.7/32 [110/3] via 21.1.1.2, xe12, 00:28:52
C 8.8.8.8/32 is directly connected, lo, 00:31:21
C 21.1.1.0/24 is directly connected, xe12, 00:29:44
O 22.1.1.0/24 [110/2] via 21.1.1.2, xe12, 00:28:59
O 23.1.1.0/24 [110/2] via 21.1.1.2, xe12, 00:27:17
O 24.1.1.0/24 [110/2] via 21.1.1.2, xe12, 00:27:00
i L1 80.1.1.0/24 [115/20] via 90.1.1.2, xe2, 00:28:23
C 90.1.1.0/24 is directly connected, xe2, 00:28:39
O 101.1.1.0/24 [110/3] via 21.1.1.2, xe12, 00:26:22
i L1 102.1.1.0/24 [115/20] via 90.1.1.2, xe2, 00:26:11
C 127.0.0.0/8 is directly connected, lo, 00:31:21

IP Route Table for VRF "management"

C 10.12.93.0/24 is directly connected, eth0, 00:31:21
C 127.0.0.0/8 is directly connected, lo.management, 00:31:21

IP Route Table for VRF "L3VRF3"

B 3.3.3.3/32 [0/0] is directly connected, tunvxlan2, 00:26:22
B 7.7.7.7/32 [0/0] is directly connected, tunvxlan2, 00:28:17
B 16.16.16.0/24 [20/0] via 7.7.7.7 (recursive is directly connected,
tunvxlan2), 00:28:17

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

C 17.12.13.0/24 is directly connected, irb701, 00:31:21

C 17.17.17.0/24 is directly connected, irb701, 00:31:21
B 20.1.1.0/24 [20/0] via 7.7.7.7 (recursive is directly connected, tunvxlan2),
00:28:17
B 40.1.1.0/24 [20/0] via 3.3.3.3 (recursive is directly connected, tunvxlan2),
00:26:37
C 127.0.0.0/8 is directly connected, lo.L3VRF3, 00:31:21

IP Route Table for VRF "L3VRF4"

i L2 2.2.2.2/32 [115/10] via 12.1.1.1, irb801, 00:28:44
B 4.4.4.4/32 [0/0] is directly connected, tunvxlan3, 00:26:07
B 7.7.7.7/32 [0/0] is directly connected, tunvxlan3, 00:28:17
i L1 10.1.1.0/24 [115/20] via 12.1.1.1, irb801, 00:28:44
i L1 11.11.11.0/24 [115/20] via 12.1.1.1, irb801, 00:28:44
C 12.1.1.0/24 is directly connected, irb801, 00:31:21
C 12.13.14.0/24 is directly connected, irb801, 00:31:21
i L1 13.1.1.0/24 [115/20] via 12.1.1.1, irb801, 00:28:44
B 50.50.50.0/24 [20/0] via 4.4.4.4 (recursive is directly connected,
tunvxlan3), 00:26:37
C 127.0.0.0/8 is directly connected, lo.L3VRF4, 00:31:21
IP Route Table for VRF "L2VRF1"
IP Route Table for VRF "L2VRF2"
IP Route Table for VRF "evpn-gvrf-1"

Gateway of last resort is not set

PE8#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
========================================================================
8.8.8.8 7.7.7.7 Installed 00:28:24 00:28:24
8.8.8.8 3.3.3.3 Installed 00:26:28 00:26:28
8.8.8.8 4.4.4.4 Installed 00:26:13 00:26:13

Total number of entries are 3

PE8#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
____________________________________________________________________________________________________________________________
___
701 VNI-701 L2 NW ---- ---- ---- ---- 8.8.8.8 7.7.7.7
701 VNI-701 -- AC sa1 00:00:01:02:03:04:05:06:07:08 200 NON-DF ---- ----
801 VNI-101 L2 NW ---- ---- ---- ---- 8.8.8.8 7.7.7.7
801 VNI-101 -- AC po1 00:00:00:00:00:77:82:00:00:00 100 NON-DF ---- ----
1000 ---- L3 NW ---- ---- ---- ---- 8.8.8.8 7.7.7.7
1000 ---- L3 NW ---- ---- ---- ---- 8.8.8.8 3.3.3.3
2000 ---- L3 NW ---- ---- ---- ---- 8.8.8.8 7.7.7.7
2000 ---- L3 NW ---- ---- ---- ---- 8.8.8.8 4.4.4.4
7001 ---- L2 NW ---- ---- ---- ---- 8.8.8.8 7.7.7.7
7001 ---- -- AC sa1 00:00:01:02:03:04:05:06:07:08 201 DF ---- ----
8001 ---- L2 NW ---- ---- ---- ---- 8.8.8.8 7.7.7.7
8001 ---- -- AC po1 00:00:00:00:00:77:82:00:00:00 101 DF ---- ----

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

Total number of entries are 12

PE8#show bgp l2vpn evpn prefix-route

RD[7100:11]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID/LABEL Nexthop Encap Router-Mac
0 0 24 16.16.16.0 0.0.0.0 1000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 16.16.16.0 0.0.0.0 1000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 17.17.17.0 0.0.0.0 1000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 17.17.17.0 0.0.0.0 1000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 20.1.1.0 0.0.0.0 1000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 20.1.1.0 0.0.0.0 1000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 30:: :: 1000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 30:: :: 1000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 7002:: :: 1000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 7002:: :: 1000 7.7.7.7 VXLAN e001:a666:056d

RD[7400:11]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID/LABEL Nexthop Encap Router-Mac
0 0 24 10.1.1.0 0.0.0.0 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 10.1.1.0 0.0.0.0 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 11.11.11.0 0.0.0.0 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 11.11.11.0 0.0.0.0 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 12.1.1.0 0.0.0.0 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 12.1.1.0 0.0.0.0 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 12.13.14.0 0.0.0.0 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 12.13.14.0 0.0.0.0 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 13.1.1.0 0.0.0.0 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 24 13.1.1.0 0.0.0.0 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 32 2.2.2.2 0.0.0.0 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 32 2.2.2.2 0.0.0.0 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 2:: :: 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 2:: :: 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 40:: :: 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 40:: :: 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 50:: :: 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 50:: :: 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 8002:: :: 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 8002:: :: 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 8102:: :: 2000 7.7.7.7 VXLAN e001:a666:056d
0 0 64 8102:: :: 2000 7.7.7.7 VXLAN e001:a666:056d

PE3#show ip ospf neighbor

Total number of full neighbors: 1

OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface Instance ID
5.5.5.5 1 Full/DR 00:00:29 23.1.1.2 xe14 0

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

Total number of full neighbors: 1

OSPF process 2 VRF(L3VRF1):
Neighbor ID Pri State Dead Time Address Interface Instance ID
192.0.0.2 0 Full/DROther 00:00:35 40.1.1.2 irb1001 0

PE3#show ip route vrf all

IP Route Table for VRF "default"

C 3.3.3.3/32 is directly connected, lo, 00:37:01
O 4.4.4.4/32 [110/3] via 23.1.1.2, xe14, 00:35:25
O 5.5.5.5/32 [110/2] via 23.1.1.2, xe14, 00:35:44
i L1 6.6.6.6/32 [115/20] via 101.1.1.1, ce3, 00:36:20
O 7.7.7.7/32 [110/3] via 23.1.1.2, xe14, 00:35:44
O 8.8.8.8/32 [110/3] via 23.1.1.2, xe14, 00:35:44
O 21.1.1.0/24 [110/2] via 23.1.1.2, xe14, 00:35:44
O 22.1.1.0/24 [110/2] via 23.1.1.2, xe14, 00:35:44
C 23.1.1.0/24 is directly connected, xe14, 00:36:36
O 24.1.1.0/24 [110/2] via 23.1.1.2, xe14, 00:35:44
i L1 80.1.1.0/24 [115/20] via 101.1.1.1, ce3, 00:36:20
i L1 90.1.1.0/24 [115/20] via 101.1.1.1, ce3, 00:36:20
C 101.1.1.0/24 is directly connected, ce3, 00:36:35
i L1 102.1.1.0/24 [115/20] via 101.1.1.1, ce3, 00:35:30
C 127.0.0.0/8 is directly connected, lo, 00:37:01

IP Route Table for VRF "management"

C 10.12.98.0/24 is directly connected, eth0, 00:37:01
C 127.0.0.0/8 is directly connected, lo.management, 00:37:01

IP Route Table for VRF "L3VRF1"

B 7.7.7.7/32 [0/0] is directly connected, tunvxlan2, 00:35:44
B 8.8.8.8/32 [0/0] is directly connected, tunvxlan2, 00:35:44
B 16.16.16.0/24 [20/0] via 7.7.7.7 (recursive is directly connected,
tunvxlan2), 00:36:15
B 17.17.17.0/24 [20/0] via 7.7.7.7 (recursive is directly connected,
tunvxlan2), 00:36:15
B 20.1.1.0/24 [20/0] via 7.7.7.7 (recursive is directly connected, tu
nvxlan2), 00:36:15
C 40.1.1.0/24 is directly connected, irb1001, 00:37:01
O 55.0.0.0/24 [110/2] via 40.1.1.2, irb1001, 00:01:38
O 55.0.1.0/24 [110/2] via 40.1.1.2, irb1001, 00:01:38
O 55.0.2.0/24 [110/2] via 40.1.1.2, irb1001, 00:01:38
O 55.0.3.0/24 [110/2] via 40.1.1.2, irb1001, 00:01:38

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

O 55.0.4.0/24 [110/2] via 40.1.1.2, irb1001, 00:01:38

O 55.0.5.0/24 [110/2] via 40.1.1.2, irb1001, 00:01:38
O 55.0.6.0/24 [110/2] via 40.1.1.2, irb1001, 00:01:38
O 55.0.7.0/24 [110/2] via 40.1.1.2, irb1001, 00:01:38
O 55.0.8.0/24 [110/2] via 40.1.1.2, irb1001, 00:01:38
O 55.0.9.0/24 [110/2] via 40.1.1.2, irb1001, 00:01:38
C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:37:01

IP Route Table for VRF "L2VRF1"

Gateway of last resort is not set

PE3#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
========================================================================
3.3.3.3 7.7.7.7 Installed 00:35:56 00:35:56
3.3.3.3 8.8.8.8 Installed 00:35:56 00:35:56

Total number of entries are 2

PE3#

PE4#show clns neighbors

Total number of L1 adjacencies: 1

Total number of L2 adjacencies: 1
Total number of adjacencies: 2
Tag 1: VRF : default
System Id Interface SNPA State Holdtime Type Protocol
PE6 xe5 e8c5.7a19.c3ae Up 21 L1 IS-IS
Up 21 L2 IS-IS
Total number of L1 adjacencies: 0
Total number of L2 adjacencies: 1
Total number of adjacencies: 1
Tag 2: VRF : L3VRF2
System Id Interface SNPA State Holdtime Type Protocol
Spirent-1 irb2001 0010.9400.0007 Up 26 L2 IS-IS

Total number of L1 adjacencies: 0

Total number of L2 adjacencies: 1
Total number of adjacencies: 1
Tag 3: VRF : L3VRF2
System Id Interface SNPA State Holdtime Type Protocol
0010.9400.0009 irb3002 0010.9400.0009 Up 25 L2 IS-IS
PE4#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

v - vrf leaked
* - candidate default

IP Route Table for VRF "default"

O 3.3.3.3/32 [110/3] via 24.1.1.2, xe25, 00:36:12
C 4.4.4.4/32 is directly connected, lo, 00:37:52
O 5.5.5.5/32 [110/2] via 24.1.1.2, xe25, 00:36:12
i L1 6.6.6.6/32 [115/20] via 102.1.1.1, xe5, 00:36:48
O 7.7.7.7/32 [110/3] via 24.1.1.2, xe25, 00:36:12
O 8.8.8.8/32 [110/3] via 24.1.1.2, xe25, 00:36:12
O 21.1.1.0/24 [110/2] via 24.1.1.2, xe25, 00:36:12
O 22.1.1.0/24 [110/2] via 24.1.1.2, xe25, 00:36:12
O 23.1.1.0/24 [110/2] via 24.1.1.2, xe25, 00:36:12
C 24.1.1.0/24 is directly connected, xe25, 00:37:04
i L1 80.1.1.0/24 [115/20] via 102.1.1.1, xe5, 00:36:48
i L1 90.1.1.0/24 [115/20] via 102.1.1.1, xe5, 00:36:48
O 101.1.1.0/24 [110/3] via 24.1.1.2, xe25, 00:36:12
C 102.1.1.0/24 is directly connected, xe5, 00:37:04
C 127.0.0.0/8 is directly connected, lo, 00:37:52
IP Route Table for VRF "management"
C 10.12.98.0/24 is directly connected, eth0, 00:37:52
C 127.0.0.0/8 is directly connected, lo.management, 00:37:52
IP Route Table for VRF "L3VRF2"
Gateway of last resort is 7.7.7.7 to network 0.0.0.0

B* 0.0.0.0/0 [20/0] via 7.7.7.7 (recursive is directly connected, tunv

xlan2), 00:01:50
B 2.2.2.2/32 [20/0] via 7.7.7.7 (recursive is directly connected, tun
vxlan2), 00:36:41
B 7.7.7.7/32 [0/0] is directly connected, tunvxlan2, 00:36:12
B 8.8.8.8/32 [0/0] is directly connected, tunvxlan2, 00:36:12
B 10.1.1.0/24 [20/0] via 7.7.7.7 (recursive is directly connected, tu
nvxlan2), 00:36:41
B 11.11.11.0/24 [20/0] via 7.7.7.7 (recursive is directly connected,
tunvxlan2), 00:36:41
B 12.1.1.0/24 [20/0] via 7.7.7.7 (recursive is directly connected, tu
nvxlan2), 00:36:41
B 12.13.14.0/24 [20/0] via 7.7.7.7 (recursive is directly connected,
tunvxlan2), 00:36:41
B 13.1.1.0/24 [20/0] via 7.7.7.7 (recursive is directly connected, tu
nvxlan2), 00:36:41
C 50.50.50.0/24 is directly connected, irb2001, 00:37:52
C 127.0.0.0/8 is directly connected, lo.L3VRF2, 00:37:52
IP Route Table for VRF "L2VRF2"

Gateway of last resort is not set

PE4# show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
========================================================================

Multi Home VxLAN-EVPN IRB with OSPF or ISIS

4.4.4.4 7.7.7.7 Installed 00:36:18 00:36:18

4.4.4.4 8.8.8.8 Installed 00:36:18 00:36:18

Total number of entries are 2

PE4#

Abbreviations
The following are some key abbreviations and their meanings relevant to this document:

Acronym Description

ECMP Equal-Cost Multipath

EVPN Ethernet Virtual Private Netwrok

VxLAN Virtual Extensible LAN

SR Segment Routing

IRB Integrated Routing

OSPF Open Shortest Path First

ISIS Intermediate System to Intermediate System

Glossary
The following provides definitions for key terms used throughout this document.

Multi Home VxLAN This refers to a Virtual Extensible LAN (VxLAN) deployment where a Multi data center or network site is
connected to a Multi external network (usually the internet) for connectivity.

IRB A networking feature that enables the integration of Layer 3 IP routing and Layer 2 MAC address
bridging within the same interface, simplifying network management and resource utilization.

ISIS A routing protocol designed for scalability and stability in computer networks, commonly used in large
Service Provider networks. It provides a robust framework for routing information exchange.

Layer 3 Routing Network routing operations at the Network Layer (Layer 3) of the OSI model, focusing on routing IP
packets between different subnets or networks.

Layer 2 Bridging Network bridging operations at the Data Link Layer (Layer 2) of the OSI model, handling the forwarding
of data frames based on MAC addresses within the same network segment.

EVPN Ethernet VPN, a technology that provides advanced and efficient methods for Layer 2 and Layer 3
services in Ethernet networks, often used in data centers and service provider environments.

VxLAN - EVPN for Service Provider Network

VXLAN EVPN EVC Configuration

CHAPTER 1 VXLAN EVPN EVC Configuration

This chapter shows how to configure VXLAN EVPN Ethernet Virtual Circuit (EVC) which embeds the functionality of
EVPN-VXLAN access ports to allow EVC frames across VTEPs. With this configuration, customers in the same VLAN
can communicate even they are placed across distributed data centers.

Overview
An EVC represents a logical relationship between Ethernet User Network Interface (UNI) in a provider-based Ethernet
service. An EVC represents the service offered and is carried through the provider network. Each EVC is configured by
a unique name across the provider network.
An EVC is an end–to–end representation of a single instance of a Layer 2 service that a service provider offers. An
EVC embodies the different parameters based on which the service is offered. EVC prevents data transfer between
sites that are not part of the same EVC.
EVC is an A–Z circuit that enables you to pass customer VLANs from one port on a node to another port on another
node in the network. EVC represents a Carrier Ethernet service and is an entity that provides end–to–end connection
between two or more customer end points.

Topology

Figure 1-6: VXLAN EVPN EVC

RTR1/VTEP1

#configure terminal Enter configure mode.

(config)#interface lo Enter interface mode for loopback.
(config-if)#ip address 33.33.33.0/31 Assign secondary IP address.
secondary
(config-if)#exit Exit interface mode.
(config)#mac vrf vrf1 Create mac routing/forwarding instance with vrf1 name and
enter into VRF mode
(config-vrf)# rd 100:11 Assign RD value

VXLAN EVPN EVC Configuration

(config-vrf)# route-target export 200:11 Assign route-target value for export

(config-vrf)# route-target import 400:11 Assign route-target value for import
(config-vrf)#exit Exit VRF configuration mode
(config)#interface xe37 Enter interface mode for xe37
(config-if)#ip address 11.11.11.0/31 Assign IP address in /31 mask.
(config-if)#exit Exit interface mode.
(config)#interface xe15 Enter interface mode for xe15
(config-if)#switchport Make it L2 interface
(config-if)#exit Exit interface mode.
(config)#router bgp 100 Enter BGP router mode
(config-router)# bgp router-id 1.1.1.1 Assign BGP router ID
(config-router)#neighbor 11.11.11.1 remote- Specify a neighbor router with peer IP address and remote-as
as 200 defined
(config-router)#neighbor 11.11.11.1 fall- Configure single-hop BFD session for its BGP peer
over bfd
(config-router)#address-family ipv4 unicast Enter into ipv4 unicast address family
(config-router-af)#network 33.33.33.0/31 Advertise loopback network into BGP for VTEP ID
reachability
(config-router-af)#exit-address-family Exit ipv4 unicast address family mode
(config-router)#address-family l2vpn evpn Enter into l2vpn address family mode
(config-router-af)#neighbor 11.11.11.1 Activate the peer into address family mode
activate
(config-router-af)#exit-address-family Exit l2vpn address family mode
(config-router)#exit Exit BGP router mode
(config)#nvo vxlan enable Enable VXLAN
(config)#nvo vxlan vtep-ip-global 33.33.33.0 Configure Source vtep-ip-global configuration
(config)#nvo vxlan id 1 ingress-replication Configure VXLAN Network identifier with/without inner-vid-
inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for evpn-bgp to carry EVPN route
protocol evpn-bgp vrf1
(config-nvo)#exit Exit VXLAN tenant mode.
(config)#nvo vxlan access-if port-vlan xe15 Enable port-vlan mapping i.e. access port to outer-vlan
1000 inner-vlan 2000 (SVLAN) and inner-vlan (CVLAN) mapping
(config-nvo-acc-if)#map vnid 1 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)#exit Exit VXLAN access-interface mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#exit Exit configuration mode

RTR2

#configure terminal Enter configure mode.

(config)#interface xe13/3 Enter interface mode for xe13/3
(config-if)#ip address 11.11.11.1/31 Assign IP address in /31 mask.

VXLAN EVPN EVC Configuration

(config-if)#exit Exit interface mode.

(config)#interface xe13/1 Enter interface mode for xe13/1
(config-if)#ip address 12.12.12.1/31 Assign IP address in /31 mask.
(config-if)#exit Exit interface mode
(config)#router bgp 200 Enter BGP router mode
(config-router)# bgp router-id 2.2.2.2 Assign BGP router ID
(config-router)#neighbor 11.11.11.0 remote- Specify a neighbor router with peer ip address and remote-as
as 100 defined
(config-router)#neighbor 11.11.11.0 fall- Configure single-hop BFD session for its BGP peer
over bfd
(config-router)#neighbor 12.12.12.0 remote- Specify a neighbor router with peer ip address and remote-as
as 300 defined
(config-router)#neighbor 12.12.12.0 fall- Configure single-hop BFD session for its BGP peer
over bfd
(config-router)#address-family l2vpn evpn Enter into l2vpn address family mode
(config-router-af)#neighbor 11.11.11.0 Activate the peer into address family mode
activate
(config-router-af)#neighbor 12.12.12.0 Activate the peer into address family mode
activate
(config-router-af)#exit-address-family Exit l2vpn address family mode
(config-router)#commit Commit the candidate configuration to the running
configuration
(config-router)#exit Exit BGP router mode

RTR3/VTEP2

#configure terminal Enter configure mode.

(config)#interface lo Enter interface mode for loopback.
(config-if)#ip address 34.34.34.0/31 Assign secondary IP address.
secondary
(config-if)#exit Exit interface mode.
(config)#mac vrf vrf1 Create mac routing/forwarding instance with vrf1 name and
enter into vrf mode
(config-vrf)#rd 300:11 Assign RD value
(config-vrf)#route-target export 400:11 Assign route-target value for export
(config-vrf)#route-target import 200:11 Assign route-target value for import
(config-vrf)#exit Exit vrf configuration mode
(config)#interface xe13 Enter interface mode for xe13
(config-if)#ip address 12.12.12.0/31 Assign IP address in /31 mask.
(config-if)#exit Exit interface mode.
(config)#interface xe6 Enter interface mode for xe6
(config-if)#switchport Make it L2 interface
(config-if)#exit Exit interface mode.
(config)#router bgp 300 Enter BGP router mode
(config-router)# bgp router-id 3.3.3.3 Assign BGP router ID

VXLAN EVPN EVC Configuration

(config-router)#neighbor 12.12.12.1 remote- Specify a neighbor router with peer ip address and remote-as
as 200 defined
(config-router)#neighbor 12.12.12.1 fall- Configure single-hop BFD session for its BGP peer
over bfd
(config-router)#address-family ipv4 unicast Enter into ipv4 unicast address family
(config-router-af)#network 34.34.34.0/31 Advertise loopback network into BGP for VTEP ID reachability
(config-router-af)#exit-address-family Exit ipv4 unicast address family mode
(config-router)#address-family l2vpn evpn Enter into l2vpn address family mode
(config-router-af)#neighbor 12.12.12.1 Activate the peer into address family mode
activate
(config-router-af)#exit-address-family Exit l2vpn address family mode
(config-router)#exit Exit BGP router mode
(config)#nvo vxlan enable Enable VXLAN
(config)#nvo vxlan vtep-ip-global 34.34.34.0 Configure Source vtep-ip-global configuration
(config)#nvo vxlan id 1 ingress-replication Configure VXLAN Network identifier with/without inner-vid-
inner-vid-disabled disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability- Assign VRF for evpn-bgp to carry EVPN route
protocol evpn-bgp vrf1
(config-nvo)#exit Exit VXLAN tenant mode.
(config)#nvo vxlan access-if port-vlan xe6 Enable port-vlan mapping i.e. access port to outer-vlan
1000 inner-vlan 2000 (SVLAN) and inner-vlan (CVLAN) mapping
(config-nvo-acc-if)#map vnid 1 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)#exit Exit VXLAN access-interface mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#exit Exit configuration mode

Validation

Retaining SVLAN and CVLAN tags across Data Centers

RTR1/VTEP1
VTEP1#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 33.33.33.0
!
nvo vxlan id 1 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf1
!
nvo vxlan access-if port-vlan xe1/1 1000 inner-vlan 2000
map vnid 1
!
!

VXLAN EVPN EVC Configuration

VTEP1#show bgp l2vpn evpn summary

BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 8
2 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Dow

n State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
11.11.11.1 4 200 73 73 8 0 0 00:30:41
2 0 1 1 0 0

Total number of neighbors 1

Total number of Established sessions 1

VTEP1#show bgp l2vpn evpn

BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path

Peer Encap

RD[100:11] VRF[vrf1]:
* [2]:[0]:[1]:[48,0000.339a.9397]:[0]:[1]
34.34.34.0 0 100 0 200
300 i 11.11.11.1 VXLAN
*> [2]:[0]:[1]:[48,0000.339a.9abb]:[0]:[1]
33.33.33.0 0 100 32768 i -
--------- VXLAN
*> [3]:[1]:[32,33.33.33.1]
33.33.33.0 0 100 32768
i ---------- VXLAN

* [3]:[1]:[32,34.34.34.0]
34.34.34.0 0 100 0 200
300 i 11.11.11.1 VXLAN

RD[300:11]
*> [2]:[0]:[1]:[48,0000.339a.9397]:[0]:[1]
34.34.34.0 0 100 0 200

VXLAN EVPN EVC Configuration

300 i 11.11.11.1 VXLAN

*> [3]:[1]:[32,34.34.34.0]
34.34.34.0 0 100 0 200
300 i 11.11.11.1 VXLAN

Total number of prefixes 6

IP Route Table for VRF "default"

C 11.11.11.0/31 is directly connected, xe10/1, 00:36:00
C 33.33.33.0/31 is directly connected, lo, 00:37:33
B 34.34.34.0/31 [20/0] via 11.11.11.1, xe10/1, 00:27:03
C 127.0.0.0/8 is directly connected, lo, 23:14:51

Gateway of last resort is not set

VTEP1

VTEP1#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI

VLAN DF-Status Src-Addr Dst-Addr
________________________________________________________________________________
_______________________________________________
1 ---- L2 NW ---- ------
---- ---- 33.33.33.0 34.34.34.0
1 ---- -- AC xe1/1 --- Single Homed Port ---
1000 ---- ---- ----
Total number of entries are 2

VTEP1#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
================================================================================
====
33.33.33.0 34.34.34.0 Installed 00:26:27 00:26:27

VXLAN EVPN EVC Configuration

Total number of entries are 1

VTEP1#show nvo vxlan mac-table

================================================================================
=====================================================================
VXLAN MAC Entries
================================================================================
=====================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
________________________________________________________________________________
_____________________________________________________________________

1 xe1/1 1000 2000 0000.339a.9abb 33.33.33.0

Dynamic Local ------- -------
1 ---- ---- ---- 0000.339a.9397 34.34.34.0
Dynamic Remote ------- -------

Total number of entries are : 2

VTEP1#

RTR3/VTEP2
#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 34.34.34.0
!
nvo vxlan id 1 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf1
!
nvo vxlan access-if port-vlan xe6 1000 inner-vlan 2000
map vnid 1
!
VTEP2#show bgp l2vpn evpn summary
BGP router identifier 3.3.3.3, local AS number 300
BGP table version is 7
2 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Dow

n State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
12.12.12.1 4 200 63 64 7 0 0 00:26:54
2 0 1 1 0 0

Total number of neighbors 1

Total number of Established sessions 1

VXLAN EVPN EVC Configuration

VTEP2#show bgp l2vpn evpn

BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path

Peer Encap

RD[100:11]
*> [2]:[0]:[1]:[48,0000.339a.9abb]:[0]:[1]
33.33.33.0 0 100 0 200
100 i 12.12.12.1 VXLAN
*> [3]:[1]:[32,33.33.33.0]
33.33.33.0 0 100 0 200
100 i 12.12.12.1 VXLAN

*> [2]:[0]:[1]:[48,0000.339a.9397]:[0]:[1]
34.34.34.0 0 100 32768 i -
--------- VXLAN
* [2]:[0]:[1]:[48,0000.339a.9abb]:[0]:[1]
33.33.33.0 0 100 0 200
100 i 12.12.12.1 VXLAN
* [3]:[1]:[32,33.33.33.0]
33.33.33.0 0 100 0 200
100 i 12.12.12.1 VXLAN
*> [3]:[1]:[32,34.34.34.0]
34.34.34.0 0 100 32768 i -
--------- VXLAN

Total number of prefixes 6

#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default

VXLAN EVPN EVC Configuration

IP Route Table for VRF "default"

C 12.12.12.0/31 is directly connected, xe13, 00:28:41
B 33.33.33.0/31 [20/0] via 12.12.12.1, xe13, 00:26:56
C 34.34.34.0/31 is directly connected, lo, 00:29:36
C 127.0.0.0/8 is directly connected, lo, 00:52:46

Gateway of last resort is not set

VTEP2#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI

VLAN DF-Status Src-Addr Dst-Addr
________________________________________________________________________________
_______________________________________________
1 ---- L2 NW ---- ------
---- ---- 34.34.34.0 33.33.33.0
1 ---- -- AC xe1/1 --- Single Homed Port ---
1000 ---- ---- ----
Total number of entries are 2

VTEP1#show nvo vxlan tunnel

VTEP2#show nvo vxlan mac-table

================================================================================
=====================================================================
VXLAN MAC Entries
================================================================================
=====================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
________________________________________________________________________________
_____________________________________________________________________

1 ---- ---- ---- 0000.339a.9abb 33.33.33.0

Dynamic Remote ------- -------
1 xe6 1000 2000 0000.339a.9397 34.34.34.0
Dynamic Local ------- -------

VXLAN EVPN EVC Configuration

Total number of entries are : 2

Popping SVLAN and CVLAN Tag

Use the previous configuration on VTEP1 and perform the configuration below on VTEP2.

VTEP2

(config)#nvo vxlan access-if port xe6 Enable port-only mapping for access port
(config-nvo-acc-if)#map vnid 1 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)#exit Exit VXLAN access-interface mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#exit Exit configuration mode

RTR3/VTEP2
#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID VNI-Name VNI-Type Type Interface ESI
VLAN DF-Status Src-Addr Dst-Addr
________________________________________________________________________________
1 ---- L2 NW ---- ------
---- ---- 34.34.34.0 33.33.33.0
1 ---- -- AC xe6 --- Single Homed Port ---
---- ---- ---- ----
Total number of entries are 2

VTEP2#show nvo vxlan mac-table

================================================================================
=====================================================================
VXLAN MAC Entries
================================================================================
=====================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
________________________________________________________________________________
_____________________________________________________________________

1 ---- ---- ---- 0000.339a.9abb 33.33.33.0

Dynamic Remote ------- -------

Total number of entries are : 1

VXLAN EVPN EVC Configuration

VTEP2#show running-config nvo vxlan

!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 34.34.34.0
!
nvo vxlan id 1 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf1
!
nvo vxlan access-if port-vlan xe1/1 3000 inner-vlan 2000
map vnid 1

VTEP1#show nvo vxlan tunnel

Popping and Later Pushing SVLAN Tag

Use the previous configuration on VTEP1 and perform the configuration below on VTEP2.

(config)#nvo vxlan access-if port-vlan xe6 Enable port-vlan mapping i.e. access port to outer-vlan
3000 inner-vlan 2000 (SVLAN) and inner-vlan (CVLAN) mapping
(config-nvo-acc-if)#map vnid 1 Map VXLAN Identified to access-port for VXLAN
(config-nvo-acc-if)#exit Exit VXLAN access-interface mode
(config)#commit Commit the candidate configuration to the running
configuration
(config)#exit Exit configuration mode

RTR3/VTEP2
#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 34.34.34.0
!
nvo vxlan id 1 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf1
!
nvo vxlan access-if port-vlan xe1/1 3000 inner-vlan 2000
map vnid 1
!
#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port

VXLAN EVPN EVC Configuration

AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI

VLAN DF-Status Src-Addr Dst-Addr
________________________________________________________________________________
1 ---- L2 NW ---- ------
---- ---- 34.34.34.0 33.33.33.0
1 ---- -- AC xe6 --- Single Homed Port ---
3000 ---- ---- ----

Total number of entries are 2

#show nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
34.34.34.0 33.33.33.0 Installed 00:06:48 00:06:48
Total number of entries are 1

VTEP2#show nvo vxlan mac-table

================================================================================
=====================================================================
VXLAN MAC Entries
================================================================================
=====================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
________________________________________________________________________________
_____________________________________________________________________

1 ---- ---- ---- 0000.339a.9abb 33.33.33.0

Dynamic Remote ------- -------

Total number of entries are : 1

EVPN VXLAN E-Tree

CHAPTER 2 EVPN VXLAN E-Tree

Overview
Ethernet VPN Ethernet-Tree (EVPN E-Tree), is a networking solution designed to manage communication within
broadcast domains, incorporating redundancy through multi-homing in a network. It optimizes traffic routing and
control, especially in scenarios where specific services or devices need controlled communication. It categorizes
network nodes based on predefined definitions of EVPN Instances as Leaf or Root, allowing or restricting
communication between them.

Feature Characteristics
Implemented Scenario 1 of the EVPN E-Tree solution, as defined by RFC-8317, designates each Provider Edge (PE)
node as either a Leaf or a Root site per Virtual Private Network (VPN) for VXLAN and MPLS EVPN in OcNOS.

Scenario 1: Leaf or Root Site(s) per PE

Scenario 1 involves a topology with three PE nodes: PE-1, PE-2, and PE-3. PE-1 and PE-2 are Multi-Homed nodes
(MH-1 and MH-2), with PE-3 acting as the Root node. PE-1 and PE-2 function as Leaf nodes and are part of a single
home access interface (SH1 and SH2).

EVPN E-Tree
The classification ensures that communication follows specific rules:
• Communication between Leaf hosts is restricted, as indicated by red dotted lines with a cross mark (X) in the
topology diagram. However, communication between Leaf and Root nodes, as well as between Root nodes, is
permitted, marked by green dotted lines.

EVPN VXLAN E-Tree

• Leaf nodes within PE-1 and PE-2 are isolated from each other, preventing intra-PE communication.
The scenario 1 is achieved through two main concepts:

1. Inter-PE Communication
• The inter-PE Route Target (RT) Constraint Method is applicable only to Single-Homing (SH) devices. Two RTs
per broadcast domain are utilized, with Leaf PEs exporting Leaf RTs and Root nodes exporting Root RTs. Leaf
nodes import only Root RTs, allowing communication with Root PEs while preventing communication with
other Leaf nodes. RT constraints limit the import of specific EVPN routes (MAC-IP and IMET routes) to
designated paths for inter-PE communication.
• IPI employs a proprietary method to support inter-PE connectivity for both SH and MH devices, using BGP
extended community to advertise Leaf Indication in BGP routes and influence traffic flow for both Unicast and
BUM traffic. This method enables implementation of ARP or ND cache suppression and MAC mobility sub-
features specified in RFC-7432.

2. Intra-PE communication: Local Split Horizon controls intra-PE communication between Attachment Circuits
(ACs) within Leaf PE nodes, ensuring that traffic between ACs does not egress to other Leaf ACs.
Note: This functionality depends on hardware capabilities.

Benefits
EVPN E-Tree offers benefits in networking environments by providing efficient traffic control, enhanced security,
scalability, and improved performance.
Efficient Traffic Control: EVPN E-Tree allows for efficient control over traffic within network broadcast domains. By
segregating nodes into Leaf and Root categories, it enables precise management of communication flows, ensuring
the traffic is directed only where needed.
Enhanced Security: The isolation of Leaf hosts from each other adds a layer of security to the network. This prevents
unauthorized communication between devices within the same broadcast domain, reducing the risk of data breaches
and unauthorized access.
Scalability: EVPN E-Tree is scalable, making it suitable for networks of various sizes and complexities. Whether
deploying in small-scale environments or large enterprise networks, EVPN E-Tree offers flexibility and scalability to
meet evolving business needs.
Improved Performance: By controlling communication paths and optimizing traffic flows, EVPN E-Tree can improve
network performance. This ensures that critical data packets are delivered efficiently, reducing latency and enhancing
overall network performance.

Prerequisites
In setting up a VXLAN EVPN network, certain prerequisites are essential to ensure proper functionality and
connectivity.
Ensure VXLAN EVPN Configuration: Confirm that VXLAN, EVPN VXLAN, and VXLAN filtering are already enabled
in the network as they are required for VXLAN EVPN Multihoming.
Define Interfaces and Loopback Addresses: Configure Layer 2 interfaces, like port channel interfaces (e.g., po1),
and assign specific system MAC addresses (Ethernet Segment Identifier (ESI) values) for proper identification and
routing. Additionally, assign loopback IP addresses to establish essential points of connectivity. These configurations
establish the efficient network routing and communication.
Configure OSPF and BGP for Dynamic Routing: Enable OSPF to facilitate dynamic routing within the network.
Define OSPF router IDs to match loopback IP addresses and add network segments to OSPF areas for proper route

EVPN VXLAN E-Tree

distribution. Additionally, establish BGP sessions to advertise routes between different nodes. Set up neighbor
relationships using loopback IP addresses, ensuring efficient route advertisement and convergence for optimal network
performance.

Leaf Node
1. Enable VXLAN and EVPN MH
Enable features like VXLAN and EVPN Multihoming, VXLAN filtering, and quality of service (QoS) capabilities on
all Leaf nodes.
!
nvo vxlan enable
!
evpn vxlan multihoming enable
!
qos enable
!
2. Configure Interfaces and Loopback
Define a port channel interface (po1) as an L2 interface and assign the system MAC (0000.0000.1111) as the
ESI value. Designate an interface (xe7) as a member port of po1. Assign the loopback IP address (1.1.1.1) to
Leaf node, and set IP addresses (10.10.10.1 and 10.10.11.1) to interfaces (xe45 and xe49/2), respectively,
for connectivity with Spine nodes.
!
interface po1
switchport
evpn multi-homed system-mac 0000.0000.1111
!
interface lo
ip address 1.1.1.1/32 secondary
!
interface xe7
channel-group 1 mode active
!
interface xe45
ip address 10.10.10.1/24
!
interface xe49/2
ip address 10.10.11.1/24
exit
!

3. Configure OSPF
In OSPF router mode, set the router ID (1.1.1.1), to match the loopback IP address. Add the loopback network
(1.1.1.1/32) and networks (10.10.10.0/24 and 10.10.11.0/24) connected to Spine nodes in OSPF area
0. Enable Bidirectional Forwarding Detection (BFD) on all OSPF interfaces for faster convergence.
!
router ospf 100
ospf router-id 1.1.1.1
bfd all-interfaces
network 1.1.1.1/32 area 0.0.0.0
network 10.10.10.0/24 area 0.0.0.0
network 10.10.11.0/24 area 0.0.0.0
!

EVPN VXLAN E-Tree

4. Configure BGP
In BGP router mode, set the router ID (1.1.1.1) to match the loopback IP address. Specify the loopback IP
address of each Leaf node as neighbors with their respective remote AS numbers. Configure the loopback as the
update source for each neighbor and set the advertisement interval (0) for rapid convergence. In L2VPN EVPN
address family mode, activate each Leaf node (2.2.2.2, 3.3.3.3, 4.4.4.4) to establish connections within
the EVPN address family.
!
router bgp 100
bgp router-id 1.1.1.1
neighbor 2.2.2.2 remote-as 100
neighbor 3.3.3.3 remote-as 100
neighbor 4.4.4.4 remote-as 100
neighbor 2.2.2.2 update-source lo
neighbor 2.2.2.2 advertisement-interval 0
neighbor 3.3.3.3 update-source lo
neighbor 3.3.3.3 advertisement-interval 0
neighbor 4.4.4.4 update-source lo
neighbor 4.4.4.4 advertisement-interval 0
!
address-family l2vpn evpn
neighbor 2.2.2.2 activate
neighbor 3.3.3.3 activate
neighbor 4.4.4.4 activate
exit-address-family
!
exit
!
5. Configure VRF
In VRF mode, create a MAC routing or forwarding instance (VRF1). Assign the Route Distinguisher (RD) value
(1.1.1.1:100) and set both import and export route-target value (100:100) . Ensure that the same route-target
value is configured on all Leaf nodes for MAC VRF to maintain consistency.
!
mac vrf VRF1
rd 1.1.1.1:100
route-target both 100:100
!

Spine Node
1. Configure Interfaces and Loopback
Enable QoS and assign specific IP addresses to loopback interfaces. Configure IP addresses for interfaces
connected to each Leaf node.
!
qos enable
!
interface ce1/2
ip address 40.40.40.2/24
!
interface ce1/4
ip address 10.10.10.2/24
!
interface ce24/1
ip address 30.30.30.2/24

EVPN VXLAN E-Tree

!
interface ce27/1
ip address 20.20.20.2/24
!
interface lo
ip address 5.5.5.5/32 secondary
!

2. Configure OSPF
In OSPF router mode, set the router ID (5.5.5.5), to match the loopback IP address. Add the loopback network
(5.5.5.5/32) and networks (10.10.10.0/24, 20.20.20.0/24, 30.30.30.0/24, and 40.40.40.0/
24) connected to Leaf nodes in OSPF area 0. Enable BFD on all OSPF interfaces for faster convergence.
!
router ospf 100
ospf router-id 5.5.5.5
bfd all-interfaces
network 5.5.5.5/32 area 0.0.0.0
network 10.10.10.0/24 area 0.0.0.0
network 20.20.20.0/24 area 0.0.0.0
network 30.30.30.0/24 area 0.0.0.0
network 40.40.40.0/24 area 0.0.0.0
!

Configure Switch
Set up an IEEE VLAN bridge, enabling VLANs and associating them with bridge 1. Configure interfaces (xe57, po1,
xe46, xe47) to be part of bridge 1, setting them as hybrid ports with VLAN (1000) allowed and egress-tagged
enabled. Designate interfaces connected to Leaf nodes (xe46 and xe47) as member ports of po1.
!
bridge 1 protocol ieee vlan-bridge
!
vlan database
vlan-reservation 4000-4094
vlan 1000 bridge 1 state enable
!
interface po1
switchport
bridge-group 1
switchport mode hybrid
switchport mode hybrid acceptable-frame-type all
switchport hybrid allowed vlan add 1000 egress-tagged enable
!
interface xe46
channel-group 1 mode active
!
interface xe47
channel-group 1 mode active
!
interface xe57
switchport
bridge-group 1
switchport mode hybrid
switchport mode hybrid acceptable-frame-type all
switchport hybrid allowed vlan add 1000 egress-tagged enable
!

EVPN VXLAN E-Tree

Configuration
Configure various nodes within the topology to set up a VXLAN EVPN E-Tree network.

Topology
The sample topology includes Leaf Nodes (VTEP1, VTEP2, VTEP3, and VTEP4), Spine Nodes (SPINE1 and SPINE2),
and Switches (SWITCH1 and SWITCH2).
VTEP1 and VTEP2 belong to Multi-homed group 1 (MH1) with po1, while VTEP3 and VTEP4 are in Multi-homed group
2 (MH2) with po2. VTEP2 and VTEP4 connect to single home access ports SH1 and SH2, respectively. All VTEPs link
to Spine nodes SPINE1 and SPINE2. SWITCH1 is multi-homed to VTEP1 and VTEP2, and SWITCH2 connects to
VTEP3 and VTEP4.

VXLAN EVPN E-Tree Topology

Note: Before configuring E-Tree, meet all Prerequisites for the following nodes:
• Leaf nodes: VTEP1, VTEP2, VTEP3, and VTEP4

EVPN VXLAN E-Tree

• Spine nodes: SPINE1 and SPINE2

• Switches: SWITCH1 and SWITCH2

Enable EVPN E-Tree

The following E-Tree configurations applies to the VTEP nodes within the VXLAN network.

1. Enable EVPN E-Tree on VTEP3 and VTEP4 nodes, allowing them to participate in E-Tree functionality within the
VXLAN network, controlling traffic and establishing hierarchical connections between Leaf nodes in the network
architecture.
(config)#evpn etree enable
2. Set the ESI hold time (90 seconds) on all VTEP nodes to allow the tunnel to establish during VXLAN initialization
before bringing up the ESI. Configure the source VTEP IP address (3.3.3.3) which serves as the global identifier
for VXLAN encapsulation and decapsulation within the network, facilitating proper communication and tunnel
establishment.
(config)#evpn esi hold-time 90
(config)#nvo vxlan vtep-ip-global 3.3.3.3
3. Define VXLAN identifier (10) with ingress replication and disabled inner VLAN ID (VID) for E-Tree leaf nodes
(VTEP3 and VTEP4) to support hierarchical connectivity and traffic control within the VXLAN network. This
configuration allows for efficient replication of traffic at the ingress point and ensures that inner VLAN IDs are
disabled, optimizing the functionality of E-Tree leaf nodes within the network architecture. On the VXLAN tenant
node, assign VRF (VRF1) to EVPN-BGP for carrying EVPN routes within the VXLAN network.
(config)#nvo vxlan id 10 ingress-replication inner-vid-disabled etree-leaf
(config-nvo)#vxlan host-reachability- protocol evpn-bgp VRF1
(config-nvo)#exit
4. Enable port-VLAN mapping (po2) with VLAN ID (1000) to facilitate multi-homed access on all VTEP nodes. Map
VXLAN identifier (10) to the access port for VXLAN connectivity.
(config)#nvo vxlan access-if port-vlan po2 1000
(config-nvo-acc-if)#map vnid 10
(config-nvo-acc-if)#exit
(config)#commit

Validation
Use the show commands described in this section to verify the network for proper VXLAN EVPN E-Tree configuration.
Verify OSPF sessions between the VTEP nodes and the SPINEs within the VXLAN network using the show ip ospf
neighbor command. This command displays OSPF neighbor details, including the state of the OSPF neighbor
relationship. A State of Full/DR indicates a fully adjacent and operational state between the routers, confirming
proper OSPF connectivity within the network.
VTEP1#show ip ospf neighbor

Total number of full neighbors: 2

OSPF process 100 VRF(default):
Neighbor ID Pri State Dead Time Address Interface Instance ID
5.5.5.5 1 Full/DR 00:00:32 10.10.10.2 xe45 0
6.6.6.6 1 Full/DR 00:00:30 10.10.11.2 xe49/2 0
Verify the BGP session status between VTEPs, using the show bgp l2vpn evpn summary command output. The
Up/Down field indicates the duration for which the BGP session has been up or down.
VTEP1#show bgp l2vpn evpn summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 9

EVPN VXLAN E-Tree

1 BGP AS-PATH entries

0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
2.2.2.2 4 100 34 28 7 0 0 00:07:37 9 3 4 1 1 0
3.3.3.3 4 100 30 33 8 0 0 00:07:34 6 3 2 1 0 0
4.4.4.4 4 100 31 28 7 0 0 00:07:37 8 3 4 1 0 0

Total number of neighbors 3

Total number of Established sessions 3

To validate the BGP L2VPN output on VTEPs and check MAC-IP routes and ESI information, use the show bgp
l2vpn evpn command output. This command verifies routes with status code i (internal) and EVPN route
types 2 and 4, displaying detailed information for each VTEP nodes.
VTEP1#show bgp l2vpn evpn
BGP table version is 9, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, a add-path, b back-up, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route

Network Next Hop Metric LocPrf Weight Path Peer Encap

RD[1.1.1.1:100] VRF[VRF1]:
*> [1]:[00:00:00:00:00:11:11:00:00:00]:[10]:[10]
1.1.1.1 0 100 32768 i ---------- VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 32768 i ---------- VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i[1]:[00:00:00:00:00:22:22:00:00:00]:[10]:[10]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i[1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
* i 3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*> [2]:[00:00:00:00:00:11:11:00:00:00]:[10]:[48,0000:1000:1000]:[32,100.100.100.1]:[10]
1.1.1.1 0 100 32768 i ---------- VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*> [2]:[00:00:00:00:00:11:11:00:00:00]:[10]:[48,0000:1000:1001]:[128,1000::1][10]
1.1.1.1 0 100 32768 i ---------- VXLAN
* i 2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i[2]:[0]:[10]:[48,0000:2000:2000]:[32,200.200.200.1]:[10]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i[2]:[0]:[10]:[48,0000:2000:2001]:[128,2000::1][10]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i[2]:[00:00:00:00:00:22:22:00:00:00]:[10]:[48,0000:3000:3000]:[32,103.103.103.1]:[10]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i[2]:[00:00:00:00:00:22:22:00:00:00]:[10]:[48,0000:3000:3001]:[128,1003::1][10]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
* i 4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i[2]:[0]:[10]:[48,0000:4000:4000]:[32,104.104.104.1]:[10]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
* i[2]:[0]:[10]:[48,0000:4000:4001]:[128,1004::1][10]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*> [3]:[10]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i ---------- VXLAN
* i[3]:[10]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
* i[3]:[10]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN

EVPN VXLAN E-Tree

* i[3]:[10]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

RD[1.1.1.1:64512] VRF[evpn-gvrf-1]:
*> [1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
1.1.1.1 0 100 32768 i ---------- VXLAN
*> [4]:[00:00:00:00:00:11:11:00:00:00]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i ---------- VXLAN
* i[4]:[00:00:00:00:00:11:11:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[2.2.2.2:100]
*>i[1]:[00:00:00:00:00:11:11:00:00:00]:[10]:[10]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i[1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i[2]:[00:00:00:00:00:11:11:00:00:00]:[10]:[48,0000:1000:1000]:[32,100.100.100.1]:[10]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i[2]:[00:00:00:00:00:11:11:00:00:00]:[10]:[48,0000:1000:1001]:[128,1000::1][10]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i[2]:[0]:[10]:[48,0000:2000:2000]:[32,200.200.200.1]:[10]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i[2]:[0]:[10]:[48,0000:2000:2001]:[128,2000::1][10]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i[3]:[10]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[2.2.2.2:64512]
*>i[1]:[00:00:00:00:00:11:11:00:00:00]:[4294967295]:[0]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN
*>i[4]:[00:00:00:00:00:11:11:00:00:00]:[32,2.2.2.2]
2.2.2.2 0 100 0 i 2.2.2.2 VXLAN

RD[3.3.3.3:100]
*>i[1]:[00:00:00:00:00:22:22:00:00:00]:[10]:[10]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*>i[1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*>i[2]:[00:00:00:00:00:22:22:00:00:00]:[10]:[48,0000:3000:3000]:[32,103.103.103.1]:[10]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*>i[2]:[00:00:00:00:00:22:22:00:00:00]:[10]:[48,0000:3000:3001]:[128,1003::1][10]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN
*>i[3]:[10]:[32,3.3.3.3]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN

RD[3.3.3.3:64512]
*>i[1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
3.3.3.3 0 100 0 i 3.3.3.3 VXLAN

RD[4.4.4.4:100]
*>i[1]:[00:00:00:00:00:22:22:00:00:00]:[10]:[10]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i[1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i[2]:[00:00:00:00:00:22:22:00:00:00]:[10]:[48,0000:3000:3000]:[32,103.103.103.1]:[10]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i[2]:[00:00:00:00:00:22:22:00:00:00]:[10]:[48,0000:3000:3001]:[128,1003::1][10]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i[2]:[0]:[10]:[48,0000:4000:4000]:[32,104.104.104.1]:[10]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i[2]:[0]:[10]:[48,0000:4000:4001]:[128,1004::1][10]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN
*>i[3]:[10]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

RD[4.4.4.4:64512]
*>i[1]:[00:00:00:00:00:22:22:00:00:00]:[4294967295]:[0]
4.4.4.4 0 100 0 i 4.4.4.4 VXLAN

Total number of prefixes 42

EVPN VXLAN E-Tree

Validate the LAG interfaces (po1 and po2) are up for MH1 and MH2 by reviewing the show etherchannel
summary output. Check the Link and sync fields, where link displays the port channel interface and ID number, and
sync indicates whether MAC address synchronization is enabled to forward Layer 3 packets arriving on these
interfaces.
VTEP1#show etherchannel summary
Aggregator po1 100001
Aggregator Type: Layer2
Admin Key: 0001 - Oper Key 0001
Link: xe7 (5005) sync: 1
Validate the status of NVO VXLAN on VTEPs by examining the output of the show nvo vxlan command. The DF-
Status field displays the forwarding status of VXLAN tunnels as a Designated Forwarder (DF) or Non-Designated
Forwarder (Non-DF).
VTEP1#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

Total number of entries are 4

VTEP2#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
___________________________________________________________________________________________________________________________
10 ---- L2 NW ---- ---- ---- ---- 2.2.2.2 4.4.4.4
10 ---- L2 NW ---- ---- ---- ---- 2.2.2.2 1.1.1.1
10 ---- L2 NW ---- ---- ---- ---- 2.2.2.2 3.3.3.3
10 ---- -- AC xe37 --- Single Homed Port --- 1000 ---- ---- ----
10 ---- -- AC po1 00:00:00:00:00:11:11:00:00:00 1000 NON-DF ---- ----

Total number of entries are 5

VTEP3#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
___________________________________________________________________________________________________________________________
10 ---- L2 NW ---- ---- ---- ---- 3.3.3.3 2.2.2.2
10 ---- L2 NW ---- ---- ---- ---- 3.3.3.3 1.1.1.1
10 ---- L2 NW ---- ---- ---- ---- 3.3.3.3 4.4.4.4
10 ---- -- AC po2 00:00:00:00:00:22:22:00:00:00 1000 DF ---- ----

Total number of entries are 4

VTEP4#show nvo vxlan

VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

EVPN VXLAN E-Tree

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
___________________________________________________________________________________________________________________________
10 ---- L2 NW ---- ---- ---- ---- 4.4.4.4 2.2.2.2
10 ---- L2 NW ---- ---- ---- ---- 4.4.4.4 3.3.3.3
10 ---- L2 NW ---- ---- ---- ---- 4.4.4.4 1.1.1.1
10 ---- -- AC xe34 --- Single Homed Port --- 1000 ---- ---- ----
10 ---- -- AC po2 00:00:00:00:00:22:22:00:00:00 1000 NON-DF ---- ----

Total number of entries are 5

Validate the NVO VXLAN tunnel status on VTEPs by reviewing the output of the show nvo vxlan tunnel
command. The Status field indicates the current status of each tunnel. In this case, all three tunnels between VTEPs
and their respective destinations are marked as Installed, confirming that these tunnels are successfully
established and operating.
VTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
========================================================================
1.1.1.1 4.4.4.4 Installed 00:02:26 00:01:58
1.1.1.1 3.3.3.3 Installed 00:02:26 00:01:55
1.1.1.1 2.2.2.2 Installed 00:02:25 00:01:55

Total number of entries are 3

Validate the VXLAN access interface status on VTEPs by examining the output of the show nvo vxlan access-if
brief command. The up admin and link status confirms that the access port associated with VXLAN is active
and functioning properly on the VTEP nodes.
VTEP1#show nvo vxlan access-if brief

Inner Admin Link

Interface Vlan vlan Ifindex Vnid status status
---------------------------------------------------------------
po1 1000 --- 0x7a120 10 up up

Total number of entries are 1

Static MAC-IP Advertisement

Configure static MAC-IP advertisement through SH and MH VTEPs from Root and Leaf nodes. Advertise static MAC
addresses for IPv4 and IPv6 from MH1, MH2, SH1, and SH2 VTEPs. Ensure that VTEP1 and VTEP2 in MH1 have the
same MAC addresses configured under the port-channel access port. Symmetrical configurations between MH VTEPs
should be maintained.

Configure MH1 and MH2 VTEPs

Configure static MAC addresses for IPv4 (100.100.100.1) and IPv6 (1000::1) under the VXLAN MH access-port
(po1) with VLAN ID (1000). Ensure that identical MAC addresses are set up within the MH1-VTEPs for advertisement.
Apply similar configurations to MH2-VTEPs for static MAC-IP advertisement.
!
nvo vxlan access-if port-vlan po1 1000
map vnid 10
mac 0000.1000.1000 ip 100.100.100.1
mac 0000.1000.1001 ipv6 1000::1
!

EVPN VXLAN E-Tree

Configure SH1 and SH2 VTEPs

Configure static MAC addresses for IPv4 (200.200.200.1) and IPv6 (2000::1) under the VXLAN SH access-port
(xe37) with VLAN ID (1000) on SH1 (VTEP2). This setup ensures that SH1 advertises these static MAC addresses
over the specified VXLAN access-port. Repeat similar configurations for SH2 (VTEP4) using different static MAC
addresses for both IPv4 and IPv6.
!
nvo vxlan access-if port-vlan xe37 1000
map vnid 10
mac 0000.2000.2000 ip 200.200.200.1
mac 0000.2000.2001 ipv6 2000::1
!

Validation
Verify the MAC table entries on MH VTEPs (MH1 and MH2) and the SH VTEPs (VTEP2 and VTEP4). The MAC
addresses are advertised using the ESI values from VTEP1 and VTEP2 for MH1, and from VTEP3 and VTEP4 for
MH2. Additionally, verify the VTEP IP addresses associated with SH VTEP2 and VTEP4 for MAC advertisement.
In the output of the show nvo vxlan mac-table command on all VTEP nodes, the MAC entries advertised from
Leaf VTEPs will have the LeafFlag field status set.
Note:
• MAC IPv4 or IPv6 configured under SH Leaf VTEP access port will be advertised to the Root VTEP and other Leaf
VTEPs.
• MAC IPv4 or IPv6 configured under an MH Leaf VTEP access port must be symmetric and will be advertised to
both the Root VTEP and other leaf VTEPs.
• MAC IPv4 or IPv6 configured under either SH or MH Root VTEP will be advertised to both the Root VTEP and the
Leaf VTEPs.
• The Leaf-to-Leaf communication will display MAC status and tunnel status per VNI as Leaf type. The MAC will be
in the discard state in the BCM shell.
VTEP1#show nvo vxlan mac-table
============================================================================================================================
VXLAN MAC Entries
============================================================================================================================
VNID Interface VlanId In-VlanId Mac-Addr VTEP-Ip/ESI Type Status MAC move AccessPortDesc LeafFlag
____________________________________________________________________________________________________________________________
10 po1 1000 ---- 0000.1000.1000 00:00:00:00:00:11:11:00:00:00 Static Local ------- 0 ------- ----
10 po1 1000 ---- 0000.1000.1001 00:00:00:00:00:11:11:00:00:00 Static Local ------- 0 ------- ----
10 ---- ---- ---- 0000.2000.2000 2.2.2.2 Static Remote ------- 0 ------- ----
10 ---- ---- ---- 0000.2000.2001 2.2.2.2 Static Remote ------- 0 ------- ----
10 ---- ---- ---- 0000.3000.3000 00:00:00:00:00:22:22:00:00:00 Static Remote ------- 0 ------- set
10 ---- ---- ---- 0000.3000.3001 00:00:00:00:00:22:22:00:00:00 Static Remote ------- 0 ------- set
10 ---- ---- ---- 0000.4000.4000 4.4.4.4 Static Remote ------- 0 ------- set
10 ---- ---- ---- 0000.4000.4001 4.4.4.4 Static Remote ------- 0 ------- set

Total number of entries are : 8

VTEP3#show nvo vxlan mac-table

===========================================================================================================================
VXLAN MAC Entries
============================================================================================================================
VNID Interface VlanId In-VlanId Mac-Addr VTEP-Ip/ESI Type Status MAC move AccessPortDesc LeafFlag
___________________________________________________________________________________________________________________________

10 ---- ---- ---- 0000.1000.1000 00:00:00:00:00:11:11:00:00:00 Static Remote ------- 0 ------- ----
10 ---- ---- ---- 0000.1000.1001 00:00:00:00:00:11:11:00:00:00 Static Remote ------- 0 ------- ----
10 ---- ---- ---- 0000.2000.2000 2.2.2.2 Static Remote ------- 0 ------- ----
10 ---- ---- ---- 0000.2000.2001 2.2.2.2 Static Remote ------- 0 ------- ----
10 po2 1000 ---- 0000.3000.3000 00:00:00:00:00:22:22:00:00:00 Static Local ------- 0 ------- set
10 po2 1000 ---- 0000.3000.3001 00:00:00:00:00:22:22:00:00:00 Static Local ------- 0 ------- set
10 ---- ---- ---- 0000.4000.4000 4.4.4.4 Static Remote ------- 0 ------- set

EVPN VXLAN E-Tree

10 ---- ---- ---- 0000.4000.4001 4.4.4.4 Static Remote ------- 0 ------- set

Total number of entries are : 8

Use the show nvo vxlan arp-cache command to verify the Address Resolution Protocol (ARP) cache information
on all VTEP nodes. This command displays entries that map IPv4 addresses to MAC addresses within the specified
VXLAN VNID network.
VTEP1#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
10 100.100.100.1 0000.1000.1000 Static Local ----
10 103.103.103.1 0000.3000.3000 Static Remote ----
10 104.104.104.1 0000.4000.4000 Static Remote ----
10 200.200.200.1 0000.2000.2000 Static Remote ----
Total number of entries are 4

VTEP3#show nvo vxlan arp-cache

VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
10 100.100.100.1 0000.1000.1000 Static Remote ----
10 103.103.103.1 0000.3000.3000 Static Local ----
10 104.104.104.1 0000.4000.4000 Static Remote ----
10 200.200.200.1 0000.2000.2000 Static Remote ----
Total number of entries are 4
Use the show nvo vxlan nd-cache command to verify the Neighbor Discovery (ND) cache information on all VTEP
nodes. This command displays entries that map IPv6 addresses to MAC addresses within the specified VXLAN VNID
network.
VTEP1#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
______________________________________________________________________________
10 1000::1 0000.1000.1001 Static Local ----
10 1003::1 0000.3000.3001 Static Remote ----
10 1004::1 0000.4000.4001 Static Remote ----
10 2000::1 0000.2000.2001 Static Remote ----
Total number of entries are 4

VTEP3#show nvo vxlan nd-cache

VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out
Retries-Left
_______________________________________________________________________________________
_____________
10 1000::1 0000.1000.1001 Static Remote ----
10 1003::1 0000.3000.3001 Static Local ----
10 1004::1 0000.4000.4001 Static Remote ----

EVPN VXLAN E-Tree

10 2000::1 0000.2000.2001 Static Remote ----

Total number of entries are 4

Network Topology Snippet Configurations

Here are the snippet configurations for all nodes in the given network topology.

VTEP1
!
nvo vxlan enable
!
evpn esi hold-time 90
!
evpn vxlan multihoming enable
!
mac vrf VRF1
rd 1.1.1.1:100
route-target both 100:100
!
nvo vxlan vtep-ip-global 1.1.1.1
!
nvo vxlan id 10 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp VRF1
!
qos enable
!
interface po1
switchport
evpn multi-homed system-mac 0000.0000.1111
!
interface lo
ip address 1.1.1.1/32 secondary
!
interface xe7
channel-group 1 mode active
!
interface xe45
ip address 10.10.10.1/24
!
interface xe49/2
ip address 10.10.11.1/24
!
exit
!

router ospf 100

ospf router-id 1.1.1.1
bfd all-interfaces
network 1.1.1.1/32 area 0.0.0.0
network 10.10.10.0/24 area 0.0.0.0
network 10.10.11.0/24 area 0.0.0.0
!
router bgp 100
bgp router-id 1.1.1.1
neighbor 2.2.2.2 remote-as 100
neighbor 3.3.3.3 remote-as 100
neighbor 4.4.4.4 remote-as 100

EVPN VXLAN E-Tree

neighbor 2.2.2.2 update-source lo

neighbor 2.2.2.2 advertisement-interval 0
neighbor 3.3.3.3 update-source lo
neighbor 3.3.3.3 advertisement-interval 0
neighbor 4.4.4.4 update-source lo
neighbor 4.4.4.4 advertisement-interval 0
!
address-family l2vpn evpn
neighbor 2.2.2.2 activate
neighbor 3.3.3.3 activate
neighbor 4.4.4.4 activate
exit-address-family
!
exit
!
nvo vxlan access-if port-vlan po1 1000
map vnid 10
mac 0000.1000.1000 ip 100.100.100.1
mac 0000.1000.1001 ipv6 1000::1
!

VTEP2
!
nvo vxlan enable
!
evpn esi hold-time 90
!
evpn vxlan multihoming enable
!
mac vrf VRF1
rd 2.2.2.2:100
route-target both 100:100
!
nvo vxlan vtep-ip-global 2.2.2.2
!
nvo vxlan id 10 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp VRF1
!
qos enable
!
interface po1
switchport
evpn multi-homed system-mac 0000.0000.1111
!
interface lo
ip address 2.2.2.2/32 secondary
!
interface xe38
channel-group 1 mode active
!
interface xe49/1
ip address 20.20.20.1/24
!
interface xe50/1
ip address 20.20.21.1/24

EVPN VXLAN E-Tree

!
exit
!

router ospf 100

ospf router-id 2.2.2.2
bfd all-interfaces
network 2.2.2.2/32 area 0.0.0.0
network 20.20.20.0/24 area 0.0.0.0
network 20.20.21.0/24 area 0.0.0.0
!
router bgp 100
bgp router-id 2.2.2.2
neighbor 1.1.1.1 remote-as 100
neighbor 3.3.3.3 remote-as 100
neighbor 4.4.4.4 remote-as 100
neighbor 1.1.1.1 update-source lo
neighbor 1.1.1.1 advertisement-interval 0
neighbor 3.3.3.3 update-source lo
neighbor 3.3.3.3 advertisement-interval 0
neighbor 4.4.4.4 update-source lo
neighbor 4.4.4.4 advertisement-interval 0
!
address-family l2vpn evpn
neighbor 1.1.1.1 activate
neighbor 3.3.3.3 activate
neighbor 4.4.4.4 activate
exit-address-family
!
exit
!
nvo vxlan access-if port-vlan xe37 1000
map vnid 10
mac 0000.2000.2000 ip 200.200.200.1
mac 0000.2000.2001 ipv6 2000::1
!
nvo vxlan access-if port-vlan po1 1000
map vnid 10
mac 0000.1000.1000 ip 100.100.100.1
mac 0000.1000.1001 ipv6 1000::1
!

VTEP3
!
nvo vxlan enable
!
evpn esi hold-time 90
!
evpn vxlan multihoming enable
!
evpn etree enable
!
mac vrf VRF1
rd 3.3.3.3:100
route-target both 100:100

EVPN VXLAN E-Tree

!
nvo vxlan vtep-ip-global 3.3.3.3
!
nvo vxlan id 10 ingress-replication inner-vid-disabled etree-leaf
vxlan host-reachability-protocol evpn-bgp VRF1
!
qos enable
!
interface po2
switchport
evpn multi-homed system-mac 0000.0000.2222
!
interface lo
ip address 3.3.3.3/32 secondary
!
interface xe53/1
ip address 30.30.30.1/24
!
interface xe54/1
ip address 30.30.31.1/24
!
interface xe55/1
channel-group 2 mode active
!
exit
!
router ospf 100
ospf router-id 3.3.3.3
bfd all-interfaces
network 3.3.3.3/32 area 0.0.0.0
network 30.30.30.0/24 area 0.0.0.0
network 30.30.31.0/24 area 0.0.0.0
!
router bgp 100
bgp router-id 3.3.3.3
neighbor 1.1.1.1 remote-as 100
neighbor 2.2.2.2 remote-as 100
neighbor 4.4.4.4 remote-as 100
neighbor 1.1.1.1 update-source lo
neighbor 1.1.1.1 advertisement-interval 0
neighbor 2.2.2.2 update-source lo
neighbor 2.2.2.2 advertisement-interval 0
neighbor 4.4.4.4 update-source lo
neighbor 4.4.4.4 advertisement-interval 0
!
address-family l2vpn evpn
neighbor 1.1.1.1 activate
neighbor 2.2.2.2 activate
neighbor 4.4.4.4 activate
exit-address-family
!
exit
!
!
nvo vxlan access-if port-vlan po2 1000
map vnid 10
mac 0000.3000.3000 ip 103.103.103.1

EVPN VXLAN E-Tree

mac 0000.3000.3001 ipv6 1003::1

VTEP4
!
nvo vxlan enable
!
evpn esi hold-time 90
!
evpn vxlan multihoming enable
!
evpn etree enable
!
mac vrf VRF1
rd 4.4.4.4:100
route-target both 100:100
!
nvo vxlan vtep-ip-global 4.4.4.4
!
nvo vxlan id 10 ingress-replication inner-vid-disabled etree-leaf
vxlan host-reachability-protocol evpn-bgp VRF1
!
qos enable
!
interface po2
switchport
evpn multi-homed system-mac 0000.0000.2222
!
interface lo
ip address 4.4.4.4/32 secondary
!
interface xe11/1
ip address 40.40.41.1/24
!
interface xe31/1
channel-group 2 mode active
!
interface xe33
ip address 40.40.40.1/24
!
interface xe34
switchport
!
exit
!
router ospf 100
ospf router-id 4.4.4.4
bfd all-interfaces
network 4.4.4.4/32 area 0.0.0.0
network 40.40.40.0/24 area 0.0.0.0
network 40.40.41.0/24 area 0.0.0.0
!
router bgp 100
bgp router-id 4.4.4.4
neighbor 1.1.1.1 remote-as 100

EVPN VXLAN E-Tree

neighbor 2.2.2.2 remote-as 100

neighbor 3.3.3.3 remote-as 100
neighbor 1.1.1.1 update-source lo
neighbor 1.1.1.1 advertisement-interval 0
neighbor 2.2.2.2 update-source lo
neighbor 2.2.2.2 advertisement-interval 0
neighbor 3.3.3.3 update-source lo
neighbor 3.3.3.3 advertisement-interval 0
!
address-family l2vpn evpn
neighbor 1.1.1.1 activate
neighbor 2.2.2.2 activate
neighbor 3.3.3.3 activate
exit-address-family
!
exit
!
nvo vxlan access-if port-vlan xe34 1000
map vnid 10
mac 0000.4000.4000 ip 104.104.104.1
mac 0000.4000.4001 ipv6 1004::1
!
nvo vxlan access-if port-vlan po2 1000
map vnid 10
mac 0000.3000.3000 ip 103.103.103.1
mac 0000.3000.3001 ipv6 1003::1
!

SPINE1
!
qos enable
!
interface ce1/2
ip address 40.40.40.2/24
!
interface ce1/4
ip address 10.10.10.2/24
!
interface ce24/1
ip address 30.30.30.2/24
!
interface ce27/1
ip address 20.20.20.2/24
!
interface lo
ip address 5.5.5.5/32 secondary
!
exit
!
router ospf 100
ospf router-id 5.5.5.5
bfd all-interfaces
network 5.5.5.5/32 area 0.0.0.0
network 10.10.10.0/24 area 0.0.0.0
network 20.20.20.0/24 area 0.0.0.0

EVPN VXLAN E-Tree

network 30.30.30.0/24 area 0.0.0.0

network 40.40.40.0/24 area 0.0.0.0
!

SPINE2
!
qos enable
!
interface ce5/1
ip address 20.20.21.2/24
!
interface ce10/1
ip address 30.30.31.2/24
!
interface ce11/1
ip address 40.40.41.2/24
!
interface ce14/2
ip address 10.10.11.2/24
!
interface lo
ip address 6.6.6.6/32 secondary
!
exit
!
router ospf 100
ospf router-id 6.6.6.6
bfd all-interfaces
network 6.6.6.6/32 area 0.0.0.0
network 10.10.11.0/24 area 0.0.0.0
network 20.20.21.0/24 area 0.0.0.0
network 30.30.31.0/24 area 0.0.0.0
network 40.40.41.0/24 area 0.0.0.0
!

SWITCH1
!
bridge 1 protocol ieee vlan-bridge
!
vlan database
vlan-reservation 4000-4094
vlan 1000 bridge 1 state enable
!
interface po1
switchport
bridge-group 1
switchport mode hybrid
switchport mode hybrid acceptable-frame-type all
switchport hybrid allowed vlan add 1000 egress-tagged enable
!
interface xe46
channel-group 1 mode active
!
interface xe47

EVPN VXLAN E-Tree

SWITCH2
!
bridge 1 protocol ieee vlan-bridge
!
vlan database
vlan-reservation 4000-4094
vlan 1000 bridge 1 state enable
!
interface po2
switchport
bridge-group 1
switchport mode hybrid
switchport mode hybrid acceptable-frame-type all
switchport hybrid allowed vlan add 1000 egress-tagged enable
!
interface xe33
switchport
bridge-group 1
switchport mode hybrid
switchport mode hybrid acceptable-frame-type all
switchport hybrid allowed vlan add 1000 egress-tagged enable
!
interface xe49/1
channel-group 2 mode active
!
interface xe51/1
channel-group 2 mode active
!
exit
!

Implementation Examples
Here is an example scenario and a solution for implementing EVPN E-Tree.
Scenario 1: Specific traffic isolation and control measures are essential in a network of EVPN L2VPN services or
instances. Within a broadcast domain, services communicating with each other may result in flooding BUM traffic to all
services within the domain. Moreover, hosts are learned and advertised between different sites/services.
Use Case 1: Implementing an EVPN E-Tree solution defines the network topology with distinct Root and Leaf
classifications, BUM traffic flooding can be minimized, and traffic isolation can be achieved. This ensures efficient
communication between services while preventing unnecessary traffic propagation and maintaining network integrity.

EVPN VXLAN E-Tree

Scenario 2: An Internet Service Provider (ISP) provides services to multiple subscribers and aims to facilitate
communication with them. However, the ISP needs to ensure that subscribers exclusively communicate with the ISP
and not among themselves.
Use Case 2: Implementing EVPN E-Tree is essential to fulfill this requirement. By categorizing ISP services as Root
and subscribers as Leaf, traffic isolation can be enforced. This configuration enables the ISP to communicate with
subscribers while preventing inter-subscriber communication. As a result, network security is enhanced, and the ISP
maintains control over communication within its network.

E-Tree CLI Commands

The EVPN E-Tree introduces the following configuration commands in OcNOS.

evpn etree
Use this command to enable E-Tree functionality within the EVPN configuration.

Command Syntax
evpn etree enable

Parameters
None

Default
Disabled

Command Mode
Configure mode

Applicability
Introduced in OcNOS version 6.5.1.

Example
The following example illustrates how to activate E-Tree functionality for EVPN:
OcNOS#configure terminal
OcNOS(config)#evpn etree enable

Revised CLI Commands

The following is the revised command for configuring VXLAN EVPN E-Tree

nvo vxlan id
• The existing syntax now includes the newly added parameter for E-Tree, namely etree-leaf.
• The command nvo vxlan id <VNID> ingress-replication inner-vid-disabled etree-leaf
allows users to tailor VXLAN behavior on a network device, specifying VXLAN parameters and indicating its

EVPN VXLAN E-Tree

participation as a leaf node in an E-Tree deployment. For more details, refer to the nvo vxlan id command in the
VXLAN Commands chapter in the OcNOS VXLAN Guide.

Troubleshooting
1. When traffic, whether unicast (UC) or broadcast, is passed to the Intra Leaf site:
• Check the sub-interface or physical interface counters to monitor traffic throughput and potential issues.
• Verify the Leaf status of the corresponding VNI to ensure proper functionality.
• Use packet sniffing tools to analyze packets in the egress direction for any anomalies or errors.
• MAC entries learned via leaf access port should include the set keyword in the MAC table output.

2. If UC traffic is routed within inter-PE leaf sites:

• Check the Leaf status of the VNI at both participating PE devices to confirm operational status.
• Check if the advertised MAC is in discard or non-discard status using the show mac table command and l2
show in the BCM shell.

3. Verify if BUM traffic is transmitted between Leaf sites inter-PE:

• Ensure that a BUM tunnels are not established between inter-PE devices.
• Validate this by examining the Multicast ingress group, using the show evpn mpls tunnel command. For
EVPN MPLS, confirm that BUM tunnels are not created.

4. Investigate UC traffic drops from the Root to MH Leaf PE:

• Check if MAC addresses are not installed in discard status within the MH peer's access port. This status could
indicate issues with MAC learning or forwarding.

5. Evaluate traffic between Root and Leaf:

• Confirm the establishment of both UC and BUM tunnels.
• Ensure that unicast MAC addresses are not marked with a discard status in the MAC table.

6. Validate the exchange of routes between two BGP L2VPN peers:

• Monitor BGP (Border Gateway Protocol) sessions to verify successful route exchange and propagation
between the peers.

7. Convergence: Assess convergence by checking BFD configuration between BGP sessions.

Glossary
The following provides definitions for key terms or abbreviations and their meanings used throughout this document:

Key Terms/Acronym Description

Ethernet VPN Ethernet- A networking solution designed to manage communication within broadcast domains,
Tree (EVPN E-Tree) incorporating redundancy through multi-homing in a network. It optimizes traffic routing and
control, categorizing network nodes based on predefined definitions of EVPN Instances as Leaf
or Root, allowing or restricting communication between them.

EVPN VXLAN E-Tree

Virtual Extensible LAN A technology that provides encapsulation techniques to create virtualized Layer 2 networks over
(VXLAN) Layer 3 infrastructure, facilitating scalable and flexible network designs.

Ethernet Virtual Private A Layer 2 VPN technology that extends Ethernet services across data centers and wide-area
Network (EVPN) networks using BGP.

Multi-homing (MH) The ability of a device to connect to multiple network segments simultaneously to increase
network availability and redundancy.

Provider Edge (PE) Node A device at the edge of a service provider network that connects to customer premises equipment
(CE) and participates in providing services to customers.

Leaf Node In the context of EVPN E-Tree, a network node categorized to handle communication within
specific broadcast domains and may connect to Root nodes.

Root Node A network node within EVPN E-Tree that serves as the central point of communication and
handles BUM traffic distribution.

Ethernet Segment Identifier A unique identifier used to identify Ethernet segments within a VXLAN network.
(ESI)

VXLAN Tunnel Over SVI

CHAPTER 3 VXLAN Tunnel Over SVI

This chapter contains the configurations for VXLAN Tunnel Over SVI.

Overview
VxLAN EVPN solution is envisioned to simplify the topology and configurations in Data Centers (DC). In Data Centers,
CLOS topology was used, which makes network side pure L3 and uses EBGP as IGP.
VxLAN solution is required for Service Providers (SP) as well to run few of the services or all services in their network
over VxLAN. When they choose to run few services over VxLAN, then on the network side there will be a need to run
VxLAN over SVI.

Topology
The Topology shown below contains the 3 VTEPS i.e VTEP1 ,VTEP2 and VTEP3 and 3 core nodes P1 ,P2 and P3.
Vxlan tunnel will be established between VTEPS over SVI interfaces. OSPF as IGP will be running between VTEPS
and the core node to provide the end to end connectivity. Switch is connected between host and VTEP-1, VTEP-2 via
dynamic LAG.

Figure 3-7: VXLAN over SVI

RTR1/VTEP1

VTEP1#configure terminal Enter configuration terminal

VTEP1(config)#hostname VTEP1 Configure hostname
VTEP1(config)#mac vrf vrf1 Configure MAC vrf vrf1
VTEP1(config-vrf)#rd 1.1.1.1:11 Configure RD for vrf1

VXLAN Tunnel Over SVI

VTEP1(config-vrf)#route-target both Configure RT for vrf1

10.10.10.10:100
VTEP1(config-vrf)#mac vrf vrf2 Configure MAC vrf vrf2
VTEP1(config-vrf)#rd 1.1.1.1:12 Configure RD for vrf2
VTEP1(config-vrf)#route-target both Configure RT for vrf2
10.10.10.10:102
VTEP1(config-vrf)#bfd interval 3 minrx 3 Configure BFD interval globally
multiplier 3
VTEP1(config)#evpn vxlan multihoming enable Enable EVPN VXLAN multihoming
VTEP1(config)#nvo vxlan enable Enable VXLAN
VTEP1(config)#qos enable Enable qos
VTEP1(config)#qos statistics Enable qos statistics
VTEP1(config)#bridge 1 protocol ieee vlan- Configure IEEE VLAN bridge
bridge
VTEP1(config)#no bridge 1 spanning-tree Disable spanning tree in bridge 1 globally
enable
VTEP1(config)#no igmp snooping Disable igmp snooping messages globally
VTEP1(config)#vlan database Enter into the VLAN database
VTEP1(config-vlan)#vlan 10-200 bridge 1 Configure VLAN 10-200 and associate with bridge 1
state enable
VTEP1(config-vlan)#vlan 4000 bridge 1 state Configure VLAN 4000 and associate with bridge 1
enable
VTEP1(config-vlan)#interface po1 Enter interface mode
VTEP1(config-if)#switchport Set the interface as Layer2 port
VTEP1(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
VTEP1(config-if)#evpn multi-homed system-mac Configure EVPN system-MAC
aa22.3344.5566
VTEP1(config-if)#interface lo Enter lo interface mode
VTEP1(config-if)#ip address 1.1.1.1/32 Assign loopback IP
secondary
VTEP1(config-if)#interface vlan1.10 Specify interface VLAN1.10 to be configured.
VTEP1(config-if)#ip address 12.1.1.1/24 Assign IP address
VTEP1(config-if)#ip ospf cost 1 Change OSPF cost of the link
VTEP1(config-if)#interface vlan1.20 Specify interface VLAN1.20 to be configured.
VTEP1(config-if)#ip address 13.1.1.1/24 Assign IP address
VTEP1(config-if)#ip ospf cost 1 Change OSPF cost of the link
VTEP1(config-if)#interface vlan1.30 Specify interface VLAN1.30 to be configured.
VTEP1(config-if)#ip address 14.1.1.1/24 Assign IP address
VTEP1(config-if)#ip ospf cost 1 Change OSPF cost of the link
VTEP1(config-if)#interface xe1 Enter interface mode
VTEP1(config-if)#switchport Set the interface as Layer2 port
VTEP1(config-if)#bridge-group 1 spanning- Associate the interface with bridge group 1 and disable
tree disable spanning tree
VTEP1(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.

VXLAN Tunnel Over SVI

VTEP1(config-if)#switchport trunk allowed Enable VLAN's allowed on this interface.

vlan add 20,29
VTEP1(config-if)#switchport trunk native Configure native VLAN
vlan 29
VTEP1(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
VTEP1(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
VTEP1(config-if)#interface xe5 Enter interface mode
VTEP1(config-if)#switchport Set the interface as Layer2 port
VTEP1(config-if)#bridge-group 1 spanning- Associate the interface with bridge group 1 and disable
tree disable spanning tree
VTEP1(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
VTEP1(config-if)#switchport trunk allowed Enable VLAN's allowed on this interface.
vlan add 10,19
VTEP1(config-if)#switchport trunk native Configure native VLAN
vlan 19
VTEP1(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
VTEP1(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
VTEP1(config-if)#interface xe7 Enter interface mode
VTEP1(config-if)#switchport Set the interface as Layer2 port
VTEP1(config-if)#bridge-group 1 spanning- Associate the interface with bridge group 1 and disable
tree disable spanning tree
VTEP1(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
VTEP1(config-if)#switchport trunk allowed Enable VLAN's allowed on this interface.
vlan add 30,39
VTEP1(config-if)#switchport trunk native Configure native VLAN
vlan 39
VTEP1(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
VTEP1(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
VTEP1(config-if)#interface xe41 Enter interface mode
VTEP1(config-if)#channel-group 1 mode active Map this interface to po1
VTEP1(config-if)#interface xe42 Enter interface mode
VTEP1(config-if)#channel-group 1 mode active Map this interface to po1
VTEP1(config-if)#interface xe46 Enter interface mode
VTEP1(config-if)#switchport Map this interface to po1
VTEP1(config-if)#router ospf 1 Enter OSPF configuration mode
VTEP1(config-router)#ospf router-id 1.1.1.1 Configure OSPF router id
VTEP1(config-router)#bfd all-interfaces Enable BFD in all OSPF interfaces
VTEP1(config-router)#network 1.1.1.1/32 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
VTEP1(config-router)#network 12.1.1.0/24 Define the Network on which OSPF runs and associate the
area 0.0.0.0 area ID (area 0) with the interface.
VTEP1(config-router)#network 13.1.1.0/24 Define the Network on which OSPF runs and associate the
area 0.0.0.0 area ID (area 0) with the interface.

VXLAN Tunnel Over SVI

VTEP1(config-router)#network 14.1.1.0/24 Define the Network on which OSPF runs and associate the
area 0.0.0.0 area ID (area 0) with the interface.
VTEP1(config-router)#router bgp 100 Enter Router BGP mode and define the AS number 100.
VTEP1(config-router)#address-family ipv4 Enter address-family IPv4 unicast mode
unicast
VTEP1(config-router)#network 1.1.1.1/32 Add the lo network to BGP route
VTEP1(config-router-af)#neighbor 2.2.2.2 Activate neigbors
activate
VTEP1(config-router-af)#neighbor 6.6.6.6 Activate neigbors
activate
VTEP1(config-router-af)#exit-address-family Exit address-family mode.
VTEP1(config-router)#neighbor 2.2.2.2 Configure BGP remote-as 100 with neighbor IP
remote-as 100
VTEP1(config-router)#neighbor 2.2.2.2 Define BGP neighbors, to update the source routes with lo
update-source lo
VTEP1(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP2
VTEP1(config-router)#neighbor 6.6.6.6 Configure BGP remote-as 100 with neighbor IP
remote-as 100
VTEP1(config-router)#neighbor 6.6.6.6 Define BGP neighbors, to update the source routes with lo
update-source lo
VTEP1(config-router)#neighbor 6.6.6.6 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP3
VTEP1(config-router)#address-family l2vpn Enter in to BGP L2VPN EVPN address-family
evpn
VTEP1(config-router-af)#neighbor 2.2.2.2 Activate neigbors
activate
VTEP1(config-router-af)#neighbor 6.6.6.6 Activate neigbors
activate
VTEP1(config-router-af)#exit-address-family Exit from BGP L2VPN EVPN address-family
VTEP1(config-router)#nvo vxlan vtep-ip- Configure VXLAN global IP
global 1.1.1.1
VTEP1(config)#nvo vxlan id 1 ingress- Create VNID 1
replication inner-vid-disabled
VTEP1(config-nvo)#vxlan host-reachability- Associate VNID with EVPN and vrf1
protocol evpn-bgp vrf1
VTEP1(config-nvo)#nvo vxlan id 1000 ingress- Create VNID 1000
replication inner-vid-disabled
VTEP1(config-nvo)#vxlan host-reachability- Associate VNID with EVPN and vrf2
protocol evpn-bgp vrf2
VTEP1(config-nvo-acc-if)#nvo vxlan access-if Create VXLAN access port port-vlan
port-vlan po1 2000
VTEP1(config-nvo-acc-if)#no shutdown Unshut the access interface
VTEP1(config-nvo-acc-if)#map vnid 1000 Map the VNID to access-if
VTEP1(config-nvo)#nvo vxlan access-if port Create VXLAN access port
xe46
VTEP1(config-nvo-acc-if)#no shutdown Unshut the access interface
VTEP1(config-nvo-acc-if)#map vnid 1 Map the VNID to access-if

VXLAN Tunnel Over SVI

VTEP1(config-nvo-acc-if)#nvo vxlan access-if Create VXLAN access port port-vlan

port-vlan po1 1000
VTEP1(config-nvo-acc-if)#no shutdown Unshut the access interface
VTEP1(config-nvo-acc-if)#map vnid 1 Map the VNID to access-if
VTEP1(config-nvo-acc-if)#mac 0000.1111.1111 Configure static MAC IP
ip 100.1.1.100
VTEP1(config-nvo-acc-if)#mac 0000.1111.1112 Configure static MAC
VTEP1(config-nvo-acc-if)#mac 0000.1111.1113 Configure static MAC
VTEP1(config-nvo-acc-if)#mac 0000.1111.1114 Configure static MAC
VTEP1(config-nvo-acc-if)#mac 0000.1111.1115 Configure static MAC
VTEP1(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration

VTEP2

VTEP2#configure terminal Enter configuration terminal

VTEP2(config)#hostname VTEP2 Configure hostname
VTEP2(config)#mac vrf vrf1 Configure MAC VRF vrf1
VTEP2(config-vrf)#rd 2.2.2.2:11 Configure RD for vrf1
VTEP2(config-vrf)#route-target both Configure RT for vrf1
10.10.10.10:100
VTEP2(config-vrf)#mac vrf vrf2 Configure MAC VRF vrf2
VTEP2(config-vrf)#rd 2.2.2.2:12 Configure RD for vrf2
VTEP2(config-vrf)#route-target both Configure RT for vrf2
10.10.10.10:102
VTEP2(config)#nvo vxlan enable Enable VXLAN
VTEP2(config)#evpn vxlan multihoming enable Enable EVPN VXLAN multihoming
VTEP2(config)#qos enable Enable QOS
VTEP2(config)#qos statistics Enable QOS statistics
VTEP2(config)#bridge 1 protocol ieee vlan- Configure IEEE VLAN bridge
bridge
VTEP2(config)#no bridge 1 spanning-tree Disable spanning tree in bridge 1 globally
enable
VTEP2(config)#vlan database Enter into the VLAN database
VTEP2(config-vlan)#vlan 10-200 bridge 1 Configure VLAN 10-200 and associate with bridge 1
state enable
VTEP2(config-vlan)#interface po1 Enter interface mode
VTEP2(config-if)#switchport Set the interface as Layer2 port
VTEP2(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
VTEP2(config-if)#evpn multi-homed system-mac Configure EVPN system-MAC
aa22.3344.5566
VTEP2(config-if)#interface lo Enter interface mode
VTEP2(config-if)#ip address 2.2.2.2/32 Configure loopback IP
secondary
VTEP2(config-if)#interface vlan1.10 Specify interface VLAN1.10 to be configured.

VXLAN Tunnel Over SVI

VTEP2(config-if)#ip address 12.1.1.2/24 Assign IP address

VTEP2(config-if)#interface vlan1.40 Specify interface VLAN1.40 to be configured.
VTEP2(config-if)#ip address 23.1.1.1/24 Assign IP address
VTEP2(config-if)#ip ospf cost 1 Change OSPF cost of the link
VTEP2(config-if)#interface vlan1.50 Specify interface VLAN1.50 to be configured.
VTEP2(config-if)#ip address 24.1.1.1/24 Assign IP address
VTEP2(config-if)#interface ce53 Enter interface mode
VTEP2(config-if)#switchport Set the interface as Layer2 port
VTEP2(config-if)#bridge-group 1 spanning- Associate the interface with bridge group 1 and disable
tree disable spanning tree
VTEP2(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
VTEP2(config-if)#switchport trunk allowed Enable VLAN's allowed on this interface.
vlan add 40,49
VTEP2(config-if)#switchport trunk native Configure native VLAN
vlan 49
VTEP2(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
VTEP2(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
VTEP2(config-if)#interface xe5 Enter interface mode
VTEP2(config-if)#switchport Set the interface as Layer2 port
VTEP2(config-if)#bridge-group 1 spanningtree Associate the interface with bridge group 1 and disable
disable spanning tree
VTEP2(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode
VTEP2(config-if)#switchport trunk allowed Enable VLAN's allowed on this interface
vlan add 10,19
VTEP2(config-if)#switchport trunk native Configure native VLAN
vlan 19
VTEP2(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
VTEP2(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
VTEP2(config-if)#interface xe9 Enter interface mode
VTEP2(config-if)#switchport Set the interface as Layer2 port
VTEP2(config-if)#bridge-group 1 spanning- Associate the interface with bridge group 1 and disable
tree disable spanning tree
VTEP2(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
VTEP2(config-if)#switchport trunk allowed Enable VLAN's allowed on this interface.
vlan add 50,59
VTEP2(config-if)#switchport trunk native Configure native VLAN
vlan 59
VTEP2(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
VTEP2(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
VTEP2(config-if)#interface xe41 Enter interface mode
VTEP2(config-if)#channel-group 1 mode active Map the interface to po1
VTEP2(config-if)#interface xe42 Enter interface mode

VXLAN Tunnel Over SVI

VTEP2(config-if)#channel-group 1 mode active Map the interface to po1

VTEP2(config-if)#interface xe47 Enter interface mode
VTEP2(config-if)#switchport Set the interface as Layer2 port
VTEP2(config-if)#router ospf 1 Enter OSPF configuration mode
VTEP2(config-router)#ospf router-id 2.2.2.2 Configure OSPF router id
VTEP2(config-router)#network 2.2.2.2/32 area Enable BFD in all ospf interfaces
0.0.0.0
VTEP2(config-router)#network 12.1.1.0/24 Define the Network on which OSPF runs and associate the
area 0.0.0.0 area ID (area 0) with the interface.
VTEP2(config-router)#network 23.1.1.0/24 Define the Network on which OSPF runs and associate the
area 0.0.0.0 area ID (area 0) with the interface.
VTEP2(config-router)#network 24.1.1.0/24 Define the Network on which OSPF runs and associate the
area 0.0.0.0 area ID (area 0) with the interface.
VTEP2(config-router)#network 25.1.1.0/24 Define the Network on which OSPF runs and associate the
area 0.0.0.0 area ID (area 0) with the interface.
VTEP2(config-router)#router bgp 100 Enter Router BGP mode and define the AS number 100.
VTEP2(config-router)#address-family ipv4 Enter address-family IPv4 unicast mode
unicast
VTEP2(config-router)#network 2.2.2.2/32 Add the lo network to BGP route
VTEP2(config-router-af)#neighbor 1.1.1.1 Activate neigbors
activate
VTEP2(config-router-af)#neighbor 6.6.6.6 Activate neigbors
activate
VTEP2(config-router-af)#exit-address-family Exit address-family mode.
VTEP2(config-router)#neighbor 1.1.1.1 Configure BGP remote-as 100 with neighbor IP
remote-as 100
(config-router)#neighbor 1.1.1.1 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
VTEP2(config-router)#neighbor 1.1.1.1 Define BGP neighbors, to update the source routes with lo
update-source lo
VTEP2(config-router)#neighbor 6.6.6.6 Configure BGP remote-as 100 with neighbor IP
remote-as 100
(config-router)#neighbor 6.6.6.6 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP3
VTEP2(config-router)#neighbor 6.6.6.6 Define BGP neighbors, to update the source routes with lo
update-source lo
VTEP2(config-router)#address-family l2vpn Enter in to BGP L2VPN EVPN address-family
evpn
VTEP2(config-router-af)#neighbor 1.1.1.1 Activate neigbors
activate
VTEP2(config-router-af)#neighbor 6.6.6.6 Activate neigbors
activate
VTEP2(config-router-af)#exit-address-family Exit from BGP L2VPN EVPN address-family
VTEP2(config-router)#nvo vxlan vtep-ip- Configure VXLAN global IP
global 2.2.2.2
VTEP2(config)#nvo vxlan id 1 ingress- Create VNID 1
replication inner-vid-disabled

VXLAN Tunnel Over SVI

VTEP2(config-nvo)#vxlan host-reachability- Associate VNID with EVPN and vrf1

protocol evpn-bgp vrf1
VTEP2(config-nvo)#nvo vxlan id 1000 ingress- Create VNID 1000
replication inner-vid-disabled
VTEP2(config-nvo)#vxlan host-reachability- Associate VNID with EVPN and vrf2
protocol evpn-bgp vrf2
VTEP2(config-nvo)#nvo vxlan access-if port Create VXLAN access port
xe47
VTEP2(config-nvo-acc-if)#map vnid 1 Map the VNID to access-if
VTEP2(config-nvo-acc-if)#nvo vxlan access-if Create VXLAN access port
port-vlan po1 2001
VTEP2(config-nvo-acc-if)#map vnid 1000 Map the VNID to access-if
VTEP2(config-nvo-acc-if)#nvo vxlan access-if Create VXLAN access port
port-vlan po1 2000
VTEP2(config-nvo-acc-if)#map vnid 1000 Map the VNID to access-if
VTEP2(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration

P1#configure terminal Enter configuration terminal

P1(config)#hostname P1 Configure hostname
P1(config)#bfd interval 3 minrx 3 multiplier Configure BFD interval globally
3
P1(config)#qos enable Enable qos
P1(config)#bridge 1 protocol ieee vlan- Configure IEEE VLAN bridge
bridge
P1(config)#no bridge 1 spanning-tree enable Disable spanning tree in bridge 1 globally
P1(config)#no igmp snooping Disable igmp snooping messages globally
P1(config)#vlan database Enter into the VLAN database
P1(config-vlan)#vlan 10-200 bridge 1 state Configure VLAN 10-200 and associate with bridge 1
enable
P1(config-if)#interface lo Enter loopback interface mode
P1(config-if)#ip address 3.3.3.3/32 Assign loopback IP
secondary
P1(config-if)#interface vlan1.20 Specify interface VLAN1.20 to be configured.
P1(config-if)#ip address 13.1.1.2/24 Assign IP address
P1(config-if)#ip ospf cost 1 Change OSPF cost of the link
P1(config-if)#interface vlan1.40 Specify interface VLAN1.40 to be configured.
P1(config-if)#ip address 23.1.1.2/24 Assign IP address
P1(config-if)#interface vlan1.60 Specify interface VLAN1.60 to be configured.
P1(config-if)#ip address 35.1.1.1/24 Assign IP address
P1(config-if)#ip ospf cost 1 Change OSPF cost of the link
P1(config-if)#interface vlan1.100 Specify interface VLAN1.100 to be configured.
P1(config-if)#ip address 34.1.1.1/24 Assign IP address

VXLAN Tunnel Over SVI

P1(config-if)#ip ospf cost 1 Change OSPF cost of the link

P1(config-vlan)#interface ce49 Enter interface mode
P1(config-if)#switchport Set the interface as Layer2 port
P1(config-if)#bridge-group 1 spanning-tree Associate the interface with bridge group 1 and disable
disable spanning tree
P1(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
P1(config-if)#switchport trunk allowed vlan Enable VLAN's allowed on this interface.
add 40,49
P1(config-if)#switchport trunk native vlan Configure native VLAN
49
P1(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
P1(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
P1(config-if)#interface xe1 Enter interface mode
P1(config-if)#switchport Set the interface as Layer2 port
P1(config-if)#bridge-group 1 spanning-tree Associate the interface with bridge group 1 and disable
disable spanning tree
P1(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
P1(config-if)#switchport trunk allowed vlan Enable VLAN's allowed on this interface.
add 20,29
P1(config-if)#switchport trunk native vlan Configure native VLAN
29
P1(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
P1(config-if)#mtu 1600 Change the interface mtu value
P1(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
P1(config-if)#interface xe10 Enter interface mode
P1(config-if)#switchport Set the interface as Layer2 port
P1(config-if)#bridge-group 1 spanning-tree Associate the interface with bridge group 1 and disable
disable spanning tree
P1(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
P1(config-if)#switchport trunk allowed vlan Enable VLAN's allowed on this interface.
add 60,69
P1(config-if)#switchport trunk native vlan Configure native VLAN
69
P1(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
P1(config-if)#mtu 1600 Change the interface mtu value
P1(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
P1(config-if)#interface xe25 Enter interface mode
P1(config-if)#switchport Set the interface as Layer2 port
P1(config-if)#bridge-group 1 spanning-tree Associate the interface with bridge group 1 and disable
disable spanning tree
P1(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.

VXLAN Tunnel Over SVI

P1(config-if)#switchport trunk allowed vlan Enable VLAN's allowed on this interface.

add 100,109
P1(config-if)#switchport trunk native vlan Configure native VLAN
109
P1(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
P1(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
P1(config-if)#router ospf 1 Enter OSPF configuration mode
P1(config-router)#ospf router-id 3.3.3.3 Configure OSPF router id
P1(config-router)#bfd all-interfaces Enable BFD in all OSPF interfaces
P1(config-router)#network 3.3.3.3/32 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P1(config-router)#network 10.10.10.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P1(config-router)#network 13.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P1(config-router)#network 23.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P1(config-router)#network 34.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P1(config-router)#network 35.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P1(config-router)#commit Commit the candidate configuration to the running
configuration

P2#configure terminal Enter configuration terminal

P2(config)#bfd interval 3 minrx 3 multiplier Configure BFD interval globally
3
P2(config)#qos enable Enable qos
P2(config)#hostname P2 Configure hostname
P2(config)#bridge 1 protocol ieee vlan- Configure IEEE VLAN bridge
bridge
P2(config)#no bridge 1 spanning-tree enable Disable spanning tree in bridge 1 globally
P2(config)#no igmp snooping Disable igmp snooping messages globally
P2(config)#vlan database Enter into the VLAN database
P2(config-vlan)#vlan 10-200 bridge 1 state Configure VLAN 10-200 and associate with bridge 1
enable
P2(config-vlan)#interface lo Enter lo interface mode
P2(config-if)#ip address 4.4.4.4/32 Assign loopback IP
secondary
P2(config-if)#interface vlan1.30 Specify interface VLAN1.30 to be configured.
P2(config-if)#ip address 14.1.1.2/24 Assign IP address
P2(config-if)#ip ospf cost 1 Change OSPF cost of the link
P2(config-if)#interface vlan1.50 Specify interface VLAN1.50 to be configured.
P2(config-if)#ip address 24.1.1.2/24 Assign IP address

VXLAN Tunnel Over SVI

P2(config-if)#interface vlan1.70 Specify interface VLAN1.70 to be configured.

P2(config-if)#ip address 45.1.1.1/24 Assign IP address
P2(config-if)#ip ospf cost 1 Change OSPF cost of the link
P2(config-if)#interface vlan1.90 Specify interface VLAN1.90 to be configured.
P2(config-if)#ip address 46.1.1.1/24 Assign IP address
P2(config-if)#ip ospf cost 1 Change OSPF cost of the link
P2(config-if)#interface vlan1.100 Specify interface VLAN1.100 to be configured.
P2(config-if)#ip address 34.1.1.2/24 Assign IP address
P2(config-if)#ip ospf cost 1 Change OSPF cost of the link
P2(config-if)#interface xe2 Enter interface mode
P2(config-if)#switchport Set the interface as Layer2 port
P2(config-if)#bridge-group 1 spanning-tree Associate the interface with bridge group 1 and disable
disable spanning tree
P2(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
P2(config-if)#switchport trunk allowed vlan Enable VLAN's allowed on this interface.
add 70,79
P2(config-if)#switchport trunk native vlan Configure native VLAN
79
P2(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
P2(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
P2(config-if)#interface xe3 Enter interface mode
P2(config-if)#switchport Set the interface as Layer2 port
P2(config-if)#bridge-group 1 spanning-tree Associate the interface with bridge group 1 and disable
disable spanning tree
P2(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
P2(config-if)#switchport trunk allowed vlan Enable VLAN's allowed on this interface.
add 90,99
P2(config-if)#switchport trunk native vlan Configure native VLAN
99
P2(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
P2(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
P2(config-if)#interface xe7 Enter interface mode
P2(config-if)#switchport Set the interface as Layer2 port
P2(config-if)#bridge-group 1 spanning-tree Associate the interface with bridge group 1 and disable
disable spanning tree
P2(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
P2(config-if)#switchport trunk allowed vlan Enable VLAN's allowed on this interface.
add 30,39
P2(config-if)#switchport trunk native vlan Configure native VLAN
39
P2(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
P2(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions

VXLAN Tunnel Over SVI

P2(config-if)#interface xe9 Enter interface mode

P2(config-if)#switchport Set the interface as Layer2 port
P2(config-if)#bridge-group 1 spanning-tree Associate the interface with bridge group 1 and disable
disable spanning tree
P2(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
P2(config-if)#switchport trunk allowed vlan Enable VLAN's allowed on this interface.
add 50,59
P2(config-if)#switchport trunk native vlan Configure native VLAN
59
P2(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
P2(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
P2(config-if)#interface xe25 Enter interface mode
P2(config-if)#switchport Set the interface as Layer2 port
P2(config-if)#bridge-group 1 spanning-tree Associate the interface with bridge group 1 and disable
disable spanning tree
P2(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
P2(config-if)#switchport trunk allowed vlan Enable VLAN's allowed on this interface.
add 100,109
P2(config-if)#switchport trunk native vlan Configure native VLAN
109
P2(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
P2(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
P2(config-if)#router ospf 1 Enter OSPF configuration mode
P2(config-router)#ospf router-id 4.4.4.4 Configure OSPF router id
P2(config-router)#bfd all-interfaces Enable BFD in all OSPF interfaces
P2(config-router)#network 4.4.4.4/32 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P2(config-router)#network 14.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P2(config-router)#network 24.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P2(config-router)#network 34.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P2(config-router)#network 45.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P2(config-router)#network 46.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P2(config-router)#commit Commit the candidate configuration to the running
configuration

P3(config)#hostname P3 Configure hostname

P3(config)#bfd interval 3 minrx 3 multiplier Configure BFD interval globally
3

VXLAN Tunnel Over SVI

P3(config)#qos enable Enable qos

P3(config)#bridge 1 protocol ieee vlan- Configure IEEE VLAN bridge
bridge
P3(config)#no bridge 1 spanning-tree enable Disable spanning tree in bridge 1 globally
P3(config)#no igmp snooping Disable igmp snooping messages globally
P3(config)#vlan database Enter into the VLAN database
P3(config-vlan)#vlan 10-200 bridge 1 state Configure VLAN 10-200 and associate with bridge 1
enable
P3(config-vlan)#interface lo Enter lo interface mode
P3(config-if)#ip address 5.5.5.5/32 Assign loopback IP
secondary
P3(config-if)#interface vlan1.60 Specify interface VLAN1.60 to be configured.
P3(config-if)#ip address 35.1.1.2/24 Assign IP address
P3(config-if)#ip ospf cost 1 Change OSPF cost of the link
P3(config-if)#interface vlan1.70 Specify interface VLAN1.70 to be configured.
P3(config-if)#ip address 45.1.1.2/24 Assign IP address
P3(config-if)#ip ospf cost 1 Change OSPF cost of the link
P3(config-if)#interface vlan1.80 Specify interface VLAN1.80 to be configured.
P3(config-if)#ip address 56.1.1.1/24 Assign IP address
P3(config-if)#ip ospf cost 1 Change OSPF cost of the link
P3(config-if)#interface vlan1.110 Specify interface VLAN1.1100 to be configured.
P3(config-if)#ip address 15.1.1.2/24 Assign IP address
P3(config-if)#ip ospf cost 1 Change OSPF cost of the link
P3(config-if)#interface vlan1.160 Specify interface VLAN1.160 to be configured.
P3(config-if)#ip address 25.1.1.2/24 Assign IP address
P3(config-if)#ip ospf cost 1 Change OSPF cost of the link
P3(config-if)#interface xe2 Enter interface mode
P3(config-if)#switchport Set the interface as Layer2 port
P3(config-if)#bridge-group 1 spanning-tree Associate the interface with bridge group 1 and disable
disable spanning tree
P3(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
P3(config-if)#switchport trunk allowed vlan Enable VLAN's allowed on this interface.
add 70,79
P3(config-if)#switchport trunk native vlan Configure native VLAN
79
P3(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
P3(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
P3(config-if)#interface xe10 Enter interface mode
P3(config-if)#switchport Set the interface as Layer2 port
P3(config-if)#bridge-group 1 spanning-tree Associate the interface with bridge group 1 and disable
disable spanning tree
P3(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.

VXLAN Tunnel Over SVI

P3(config-if)#switchport trunk allowed vlan Enable VLAN's allowed on this interface.

add 60,69
P3(config-if)#switchport trunk native vlan Configure native VLAN
69
P3(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
P3(config-if)#mtu 1600 Change interface mtu value
P3(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
P3(config-if)#interface xe15 Enter interface mode
P3(config-if)#switchport Set the interface as Layer2 port
P3(config-if)#bridge-group 1 spanning-tree Associate the interface with bridge group 1 and disable
disable spanning tree
P3(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
P3(config-if)#switchport trunk allowed vlan Enable VLAN's allowed on this interface.
add 80,89
P3(config-if)#switchport trunk native vlan Configure native VLAN
89
P3(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
P3(config-if)#mtu 1600 Change interface mtu value
P3(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
P3(config-if)#router ospf 1 Enter OSPF configuration mode
P3(config-router)#ospf router-id 5.5.5.5 Configure OSPF router id
P3(config-router)#bfd all-interfaces Enable BFD in all ospf interfaces
P3(config-router)#network 5.5.5.5/32 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P3(config-router)#network 15.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P3(config-router)#network 25.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P3(config-router)#network 35.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P3(config-router)#network 45.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P3(config-router)#network 56.1.1.0/24 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
P3(config-router)#commit Commit the candidate configuration to the running
configuration

VTEP3

VTEP3#configure terminal Enter configuration terminal

VTEP3(config)#hostname VTEP3 Configure hostname
VTEP3(config)#mac vrf vrf1 Configure MAC vrf vrf1
VTEP3(config-vrf)#rd 6.6.6.6:11 Configure RD for vrf1
VTEP3(config-vrf)#route-target both Configure RT for vrf1
10.10.10.10:100

VXLAN Tunnel Over SVI

VTEP3(config-vrf)#mac vrf vrf2 Configure MAC vrf vrf2

VTEP3(config-vrf)#rd 6.6.6.6:12 Configure RD for vrf2
VTEP3(config-vrf)#route-target both Configure RT for vrf2
10.10.10.10:101
VTEP3(config-vrf)#route-target both Configure RT for vrf2
10.10.10.10:102
VTEP3(config-vrf)#bfd interval 3 minrx 3 Enable EVPN VXLAN multihoming
multiplier 3
VTEP3(config)#evpn vxlan multihoming enable Enable statistics on VXLAN tunnel interface
VTEP3(config)#nvo vxlan enable Enable VXLAN
VTEP3(config)#qos enable Enable qos
VTEP3(config)#qos statistics Enable qos statistics
VTEP3(config)#bridge 1 protocol ieee vlan- Configure IEEE VLAN bridge
bridge
VTEP3(config)#no bridge 1 spanning-tree Disable spanning tree in bridge 1 globally
enable
VTEP3(config)#no igmp snooping Disable igmp snooping messages globally
VTEP3(config)#vlan database Enter into the VLAN database
VTEP3(config-vlan)#vlan 10-200 bridge 1 Configure VLAN 10-200 and associate with bridge 1
state enable
VTEP3(config-vlan)#interface lo Enter lo interface mode
VTEP3(config-if)#ip address 6.6.6.6/32 Assign loopback IP
secondary
VTEP3(config-if)#interface vlan1.80 Specify interface VLAN1.80 to be configured.
VTEP3(config-if)#ip address 56.1.1.2/24 Assign IP address
VTEP3(config-if)#ip ospf cost 1 Change OSPF cost of the link
VTEP3(config-if)#interface vlan1.90 Specify interface VLAN1.90 to be configured.
VTEP3(config-if)#ip address 46.1.1.2/24 Assign IP address
VTEP3(config-if)#ip ospf cost 1 Change OSPF cost of the link
VTEP3(config-if)#interface xe3 Enter interface mode
VTEP3(config-if)#switchport Set the interface as Layer2 port
VTEP3(config-if)#bridge-group 1 spanning- Associate the interface with bridge group 1 and disable
tree disable spanning tree
VTEP3(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
VTEP3(config-if)#switchport trunk allowed Enable VLAN's allowed on this interface.
vlan add 90,99
VTEP3(config-if)#switchport trunk native Configure native VLAN
vlan 99
VTEP3(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
VTEP3(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
VTEP3(config-if)#interface xe15 Enter interface mode
VTEP3(config-if)#switchport Set the interface as Layer2 port
VTEP3(config-if)#bridge-group 1 spanning- Associate the interface with bridge group 1 and disable
tree disable spanning tree

VXLAN Tunnel Over SVI

VTEP3(config-if)#switchport mode trunk Set the switching characteristics of this interface to trunk
mode.
VTEP3(config-if)#switchport trunk allowed Enable VLAN's allowed on this interface.
vlan add 80,89
VTEP3(config-if)#switchport trunk native Configure native VLAN
vlan 89
VTEP3(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
VTEP3(config-if)#mtu 1600 Change interface mtu value
VTEP3(config-if)#spanning-tree edgeport Set the port as an edge-port to enable rapid transitions
VTEP3(config-if)#interface xe45 Enter interface mode
VTEP3(config-if)#switchport Set the interface as Layer2 port
VTEP3(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
VTEP3(config-if)#interface xe46 Enter interface mode
VTEP3(config-if)#switchport Set the interface as Layer2 port
VTEP3(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
VTEP3(config-if)#router ospf 1 Enter OSPF configuration mode
VTEP3(config-router)#ospf router-id 6.6.6.6 Configure OSPF router id
VTEP3(config-router)#bfd all-interfaces Enable BFD in all OSPF interfaces
VTEP3(config-router)#network 6.6.6.6/32 area Define the Network on which OSPF runs and associate the
0.0.0.0 area ID (area 0) with the interface.
VTEP3(config-router)#network 46.1.1.0/24 Define the Network on which OSPF runs and associate the
area 0.0.0.0 area ID (area 0) with the interface.
VTEP3(config-router)#network 56.1.1.0/24 Define the Network on which OSPF runs and associate the
area 0.0.0.0 area ID (area 0) with the interface.
VTEP3(config-router)#router bgp 100 Enter address-family IPv4 unicast mode
VTEP3(config-router)#address-family ipv4 Add the lo network to BGP route
unicast
VTEP3(config-router)#network 6.6.6.6/32 Activate neighbors
VTEP3(config-router-af)#neighbor 1.1.1.1 Activate neigbors
activate
VTEP3(config-router-af)#neighbor 2.2.2.2 Exit address-family mode.
activate
VTEP3(config-router-af)#exit-address-family Enter Router BGP mode and define the AS number 100.
VTEP3(config-router)#neighbor 1.1.1.1 Configure BGP remote-as 100 with neighbor IP
remote-as 100
VTEP3(config-router)#neighbor 1.1.1.1 Define BGP neighbors, to update the source routes with lo
update-source lo
VTEP3(config-router)#neighbor 2.2.2.2 Configure BGP remote-as 100 with neighbor IP
remote-as 100
VTEP3(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
update-source lo VTEP2
(config-router)#neighbor 2.2.2.2 Configure advertisement-interval as 0 for fast convergence for
advertisement-interval 0 VTEP1
(config-router)#neighbor 1.1.1.1 Define BGP neighbors, to update the source routes with lo
advertisement-interval 0
VTEP3(config-router)#address-family l2vpn Enter in to BGP L2VPN EVPN address-family
evpn

VXLAN Tunnel Over SVI

VTEP3(config-router-af)#neighbor 1.1.1.1 Activate neigbors

activate
VTEP3(config-router-af)#neighbor 2.2.2.2 Activate neigbors
activate
VTEP3(config-router-af)#exit-address-family Exit from BGP L2VPN EVPN address-family
VTEP3(config-router)#nvo vxlan vtep-ip- Configure VXLAN global IP
global 6.6.6.6
VTEP3(config)#nvo vxlan id 1 ingress- Create VNID 1
replication inner-vid-disabled
VTEP3(config-nvo)#vxlan host-reachability- Associate VNID with EVPN and vrf1
protocol evpn-bgp vrf1
VTEP3(config-nvo)#nvo vxlan id 1000 ingress- Create VNID 1000
replication inner-vid-disabled
VTEP3(config-nvo)#vxlan host-reachability- Associate VNID with EVPN and vrf2
protocol evpn-bgp vrf2
VTEP3(config-nvo)#nvo vxlan access-if port- Create VXLAN access port port-VLAN
vlan xe45 3001
VTEP3(config-nvo-acc-if)#map vnid 1 Map the VNID to access-if
VTEP3(config-nvo-acc-if)#nvo vxlan access-if Create VXLAN access port
port xe46
VTEP3(config-nvo-acc-if)#map vnid 1000 Map the VNID to access-if
VTEP3(config-nvo-acc-if)#commit Commit the candidate configuration to the running
configuration

SWITCH

SWITCH#configure terminal Enter configuration terminal

SWITCH#(config)# bridge 1 protocol rstp Configure rstp vlan bridge
vlan-bridge
SWITCH#(config-vlan)#interface po1 Enter interface mode
SWITCH#(config-if)#switchport Set the interface as Layer2 port
SWITCH#(config-if)#load-interval 30 Configure load period in multiple of 30 seconds
SWITCH#(config-if)#interface ce9/1 Enter interface mode
SWITCH#(config-if)#channel-group 1 mode Map this interface to po1
active
SWITCH#(config-if)#interface ce9/2 Enter interface mode
SWITCH#(config-if)#channel-group 1 mode Map this interface to po1
active
SWITCH#(config-if)#interface ce10/1 Enter interface mode
SWITCH#(config-if)#channel-group 1 mode Map this interface to po1
active
SWITCH#(config-if)#interface ce10/2 Enter interface mode
SWITCH#(config-if)#channel-group 1 mode Map this interface to po1
active
SWITCH#(config-if)#interface ce31/1 Set the port as an edge-port to enable rapid transitions
SWITCH#(config-if)#switchport Enter interface mode

VXLAN Tunnel Over SVI

SWITCH#(config-if)#bridge-group 1 spanning- Set the interface as Layer2 port

tree disable
SWITCH#(config-if)#switchport mode trunk Associate the interface with bridge group 1 and disable
spanning tree
SWITCH#(config-if)#switchport trunk allowed Set the switching characteristics of this interface to trunk
vlan all mode.
SWITCH#(config-if)#load-interval 30 Configure native VLAN
SWITCH#(config-if)#commit Commit the candidate configuration to the running
configuration

Validation
VTEP1#sh ip ospf neighbor

Total number of full neighbors: 3

OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface
Instance ID
2.2.2.2 1 Full/DR 00:00:30 12.1.1.2 vlan1.10 0
3.3.3.3 1 Full/DR 00:00:31 13.1.1.2 vlan1.20 0
4.4.4.4 1 Full/DR 00:00:33 14.1.1.2 vlan1.30 0

VTEP2#sh ip ospf neighbor

Total number of full neighbors: 3

OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface
Instance ID
1.1.1.1 1 Full/Backup 00:00:38 12.1.1.1 vlan1.10
0
3.3.3.3 1 Full/DR 00:00:39 23.1.1.2 vlan1.40 0
4.4.4.4 1 Full/DR 00:00:39 24.1.1.2 vlan1.50 0
P1#sh ip ospf neighbor

Total number of full neighbors: 4

OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface
Instance ID
1.1.1.1 1 Full/Backup 00:00:39 13.1.1.1 vlan1.20
0
2.2.2.2 1 Full/Backup 00:00:38 23.1.1.1 vlan1.40
0
4.4.4.4 1 Full/DR 00:00:40 34.1.1.2 vlan1.100 0
5.5.5.5 1 Full/DR 00:00:36 35.1.1.2 vlan1.60 0

P2#sh ip ospf neighbor

Total number of full neighbors: 5

OSPF process 1 VRF(default):

VXLAN Tunnel Over SVI

Neighbor ID Pri State Dead Time Address Interface

Instance ID
1.1.1.1 1 Full/Backup 00:00:30 14.1.1.1 vlan1.30
0
2.2.2.2 1 Full/Backup 00:00:38 24.1.1.1 vlan1.50
0
3.3.3.3 1 Full/Backup 00:00:33 34.1.1.1 vlan1.100
0
5.5.5.5 1 Full/DR 00:00:30 45.1.1.2 vlan1.70 0
6.6.6.6 1 Full/DR 00:00:34 46.1.1.2 vlan1.90 0
P2#
P3#sh ip ospf neighbor

Total number of full neighbors: 3

OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface
Instance ID
3.3.3.3 1 Full/Backup 00:00:34 35.1.1.1 vlan1.60
0
4.4.4.4 1 Full/Backup 00:00:34 45.1.1.1 vlan1.70
0
6.6.6.6 1 Full/DR 00:00:33 56.1.1.2 vlan1.80 0
P3#

VTEP1#sh bgp l2vpn evpn summary

BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 4
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
2.2.2.2 4 100 23 22 4 0 0 00:07:34
2 0 0 2 0 0
6.6.6.6 4 100 21 22 4 0 0 00:07:34
2 0 0 2 0 0

Total number of neighbors 2

Total number of Established sessions 2

VTEP1#
VTEP2#sh bgp l2vpn evpn summary
BGP router identifier 2.2.2.2, local AS number 100
BGP table version is 5
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
1.1.1.1 4 100 22 24 5 0 0 00:07:41
2 0 0 2 0 0
6.6.6.6 4 100 24 27 5 0 0 00:08:51
2 0 0 2 0 0

VXLAN Tunnel Over SVI

Total number of neighbors 2

Total number of Established sessions 2

VTEP2#
VTEP3#sh bgp l2vpn evpn summary
BGP router identifier 6.6.6.6, local AS number 100
BGP table version is 5
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/

PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
1.1.1.1 4 100 23 21 5 0 0 00:07:44
2 0 0 2 0 0
2.2.2.2 4 100 26 24 5 0 0 00:08:54
2 0 0 2 0 0

Total number of neighbors 2

Total number of Established sessions 2

VTEP3#

VTEP1#show nvo vxlan mac-table

=======================================================================================
==============================================================
VXLAN MAC Entries
=======================================================================================
==============================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
______________________________________________________________

1 po1 1000 ---- 0000.1111.1111 00:aa:22:33:44:55:66:00:00:00

Static Local ------- -------
1 po1 1000 ---- 0000.1111.1112 00:aa:22:33:44:55:66:00:00:00
Static Local ------- -------
1 po1 1000 ---- 0000.1111.1113 00:aa:22:33:44:55:66:00:00:00
Static Local ------- -------
1 po1 1000 ---- 0000.1111.1114 00:aa:22:33:44:55:66:00:00:00
Static Local ------- -------
1 po1 1000 ---- 0000.1111.1115 00:aa:22:33:44:55:66:00:00:00
Static Local ------- -------
1 po1 1000 ---- a82b.b57c.4470 00:aa:22:33:44:55:66:00:00:00
Dynamic Local ------- -------
1000 ---- ---- ---- a82b.b57c.4476 00:aa:22:33:44:55:66:00:00:00
Dynamic Remote ------- -------

Total number of entries are : 7

VTEP1#
VTEP2#sh nvo vxlan mac-table

VXLAN Tunnel Over SVI

=======================================================================================
==============================================================
VXLAN MAC Entries
=======================================================================================
==============================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
______________________________________________________________

1 ---- ---- ---- 0000.1111.1111 00:aa:22:33:44:55:66:00:00:00

Static Remote ------- -------
1 ---- ---- ---- 0000.1111.1112 00:aa:22:33:44:55:66:00:00:00
Static Remote ------- -------
1 ---- ---- ---- 0000.1111.1113 00:aa:22:33:44:55:66:00:00:00
Static Remote ------- -------
1 ---- ---- ---- 0000.1111.1114 00:aa:22:33:44:55:66:00:00:00
Static Remote ------- -------
1 ---- ---- ---- 0000.1111.1115 00:aa:22:33:44:55:66:00:00:00
Static Remote ------- -------
1 ---- ---- ---- a82b.b57c.4470 00:aa:22:33:44:55:66:00:00:00
Dynamic Remote ------- -------
1000 po1 2000 ---- a82b.b57c.4476 00:aa:22:33:44:55:66:00:00:00
Dynamic Local ------- -------

Total number of entries are : 7

VTEP2#
VTEP3#sh nvo vxlan mac-table
=======================================================================================
==============================================================
VXLAN MAC Entries
=======================================================================================
==============================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
_______________________________________________________________________________________
______________________________________________________________

1 ---- ---- ---- 0000.1111.1111 00:aa:22:33:44:55:66:00:00:00

Static Remote ------- -------
1 ---- ---- ---- 0000.1111.1112 00:aa:22:33:44:55:66:00:00:00
Static Remote ------- -------
1 ---- ---- ---- 0000.1111.1113 00:aa:22:33:44:55:66:00:00:00
Static Remote ------- -------
1 ---- ---- ---- 0000.1111.1114 00:aa:22:33:44:55:66:00:00:00
Static Remote ------- -------
1 ---- ---- ---- 0000.1111.1115 00:aa:22:33:44:55:66:00:00:00
Static Remote ------- -------
1 ---- ---- ---- a82b.b57c.4470 00:aa:22:33:44:55:66:00:00:00
Dynamic Remote ------- -------
1000 ---- ---- ---- a82b.b57c.4476 00:aa:22:33:44:55:66:00:00:00
Dynamic Remote ------- -------

Total number of entries are : 7

VXLAN Tunnel Over SVI

VTEP3#
VTEP1#show nvo vxlan access-if brief

Inner Admin Link

Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
xe46 --- --- 500000 1 up up
po1 2000 --- 500001 1000 up up
po1 2001 --- 500002 1000 up up

Total number of entries are 2

VTEP1#
VTEP2#show nvo vxlan access-if brief

Inner Admin Link

Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
xe47 --- --- 500000 1 up up
po1 2001 --- 500001 1000 up up
po1 2000 --- 500002 1000 up up

Total number of entries are 3

VTEP2#
VTEP3#show nvo vxlan access-if brief

Inner Admin Link

Interface Vlan vlan Ifindex Vnid status status
-----------------------------------------------------------
xe45 3001 --- 500000 1 up up
xe46 --- --- 500001 1000 up up

Total number of entries are 2

VTEP3#
VTEP1#sh nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
1.1.1.1 6.6.6.6 Installed 00:03:59 00:03:59
1.1.1.1 2.2.2.2 Installed 00:03:59 00:03:59

Total number of entries are 2

VTEP1#sh nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VXLAN Tunnel Over SVI

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Status Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
1 ---- L2 NW ---- ---- ---- --
-- 1.1.1.1 6.6.6.6
1 ---- L2 NW ---- ---- ---- --
-- 1.1.1.1 2.2.2.2
1000 ---- -- AC po1 --- 00:aa:22:33:44:55:66:00:00:00 2000 DF
---- ----
1000 ---- -- AC po1 --- 00:aa:22:33:44:55:66:00:00:00 2001 DF
---- ----
1000 ---- L2 NW ---- ---- ---- -
--- 1.1.1.1 6.6.6.6
1000 ---- L2 NW ---- ---- ---- -
--- 1.1.1.1 2.2.2.2
1000 ---- -- AC xe46 --- Single Homed Port --- ---- -
--- ---- ----

Total number of entries are 10

VTEP1#

VTEP2#sh nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
2.2.2.2 1.1.1.1 Installed 00:03:59 00:03:59
2.2.2.2 6.6.6.6 Installed 00:05:09 00:05:09

Total number of entries are 2

VTEP2#sh nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-

Status Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
1 ---- L2 NW ---- ---- ---- --
-- 2.2.2.2 1.1.1.1
1 ---- L2 NW ---- ---- ---- --
-- 2.2.2.2 6.6.6.6
1 ---- -- AC xe47 --- Single Homed Port --- ---- --
-- ---- ----
1000 ---- L2 NW ---- ---- ---- --
-- 2.2.2.2 1.1.1.1
1000 ---- L2 NW ---- ---- ---- --
-- 2.2.2.2 6.6.6.6
1000 ---- -- AC po1 --- 00:aa:22:33:44:55:66:00:00:00 2001 NON-
DF ---- ----

VXLAN Tunnel Over SVI

1000 ---- -- AC po1 --- 00:aa:22:33:44:55:66:00:00:00 2000 NON-

DF ---- ----

Total number of entries are 11

VTEP2#

VTEP3#sh nvo vxlan tunnel

VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
6.6.6.6 1.1.1.1 Installed 00:03:58 00:03:58
6.6.6.6 2.2.2.2 Installed 00:05:08 00:04:03

Total number of entries are 2

VTEP3#sh nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status

Src-Addr Dst-Addr
_______________________________________________________________________________________
________________________________________
1 ---- L2 NW ---- ---- ---- ----
6.6.6.6 1.1.1.1
1 ---- L2 NW ---- ---- ---- ----
6.6.6.6 2.2.2.2
1 ---- -- AC xe45 --- Single Homed port --- 3001 ----
---- ----
1000 ---- L2 NW ---- ---- ---- ----
6.6.6.6 1.1.1.1
1000 ---- L2 NW ---- ---- ---- ----
6.6.6.6 2.2.2.2
1000 ---- -- AC xe46 --- Single Homed Port --- ---- ----
---- ----

Total number of entries are 10

VTEP3#

VxLAN Command Reference

VXLAN Commands

CHAPTER 1 VXLAN Commands

This chapter describes the VXLAN commands:
• access-if-vxlan
• arp-cache disable
• arp-nd flood-suppress
• arp-nd refresh timer
• clear mac address table dynamic vxlan
• clear nvo vxlan counters
• clear nvo vxlan tunnels
• clear nvo vxlan mac-stale-entries
• description
• dynamic-learning disable
• encapsulation
• evpn esi holdtime
• evpn etree
• evpn vxlan multi-homing enable
• evpn multi-homed
• evpn-vlan-service
• garp-gna enable
• load-balance rtag7 vxlan inner-l2
• load-balance rtag7 vxlan inner-l3
• mac
• mac vrf
• mac-holdtime
• map vnid
• nd-cache disable
• no nvo vxlan
• nvo vxlan
• nvo vxlan id
• nvo vxlan access-if
• nvo vxlan mac-ageing-time
• nvo vxlan max-cache-disable
• nvo vxlan vtep-ip-global
• show nvo vxlan
• show nvo vxlan access-if-config

VXLAN Commands

• show nvo vxlan arp-cache

• show nvo vxlan counters access-port
• show nvo vxlan counters network-port
• show nvo vxlan mac-table
• show nvo vxlan nd-cache
• show nvo vxlan static host state
• show nvo vxlan tunnel
• show nvo vxlan VxLAN vlan-vnid
• show running-config nvo vxlan
• show evpn multi-homing all
• show evpn multihoming-status
• show nvo vxlan route-count
• show nvo vxlan vni-name
• shutdown
• vxlan host-reachability-protocol evpn-bgp
• vlan-xlate-1 large

VXLAN Commands

arp-cache disable
Use this command to disable the ARP cache for MAC/IP.
When the ARP cache is disabled on a VxLAN access port, OcNOS does not reply to any ARP arriving on this port from
the cache. OcNOS withdraws all MAC/IPs configured/learned on this access port and removes the MAC/IP entry for
this access port from the local ARP cache.
OcNOS also makes sure that on withdrawing the MAC/IP route, the MAC does not become unknown. If all routes for
this MAC are being withdrawn because of this command, then OcNOS advertises a MAC-only route. This is done so
that the MAC does not become unknown and only the cache functionality becomes disabled.
Use the no form of this command to enable ARP cache for MAC/IP.
Note: On enabling the cache, an IP will be in conflict, then the cache enable will fail. The conflict has to be manually
removed and then the cache enabled.

Command Syntax
arp-cache disable
no arp-cache disable

Parameters
None

Default
By default, the arp-cache option is enabled.

Command Mode
NVO access interface mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#nvo vxlan access-if port-vlan xe1 2
(config-nvo-acc-if)#arp-cache disable
(config-nvo-acc-if)#exit

VXLAN Commands

arp-nd flood-suppress
Use this command to completely restrict the flood of ARP/ND packets towards remote VTEPs or other access ports.
This command applies only when the ARP cache and ND cache are enabled. When the ARP cache is disabled, ARP
flooding is not suppressed even if this command is given. When the ND cache is disabled, ND flooding is not disabled,
even if this command is given.
Use the no form of this command to not restrict the flood of ARP/ND packets.

Command Syntax
arp-nd flood-suppress
no arp-nd flood-suppress

Parameters
None

Default
By default, the arp-nd flood-suppress option is disabled.

Command Mode
NVO access interface mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#nvo vxlan access-if port-vlan xe1 2
(config-nvo-acc-if)#arp-nd flood-suppress
(config-nvo-acc-if)#exit

VXLAN Commands

arp-nd refresh timer

Use this command to configure aging out the arp-cache and nd-cache entries for given time multiplied by 3 in secs
Use the no form of this command to remove the configuration.

Command Syntax
nvo vxlan arp-nd refresh-timer <3-190> mac (XX-XX-XX-XX-XX-
XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX)
no nvo vxlan arp-nd refresh-timer

Parameters
<3-190> refresh time in seconds
XX-XX-XX-XX-XX-XX
v-mac is mandatory for MH

Command Mode
Config mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#config mode
(config)#nvo vxlan arp-nd refresh-timer 100
(config)#no nvo vxlan arp-nd refresh-timer

Example to configure in MH node

(config)#nvo vxlan arp-nd refresh-timer 100 mac 0000.1111.2222

VXLAN Commands

clear mac address table dynamic vxlan

Use this command to clear dynamically learned MACs.

Command Syntax
clear mac address table dynamic vxlan

Parameters
None

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#clear mac address table dynamic vxlan

VXLAN Commands

clear nvo vxlan counters

Use this command to clear the counters of access ports or network ports.

Parameters
port Port
IFNAME Interface name
port-vlan VLAN port
IFNAME Interface name
VLAN_ID VLAN identifier
Outer-vlan Outer Vlan
A.B.C.D Tunnel destination IPv4 address
all All access or network ports

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
Example for clearing a VLAN port counter:
#clear nvo vxlan counters access-port port-vlan xe1 2
Example for clearing all access port counters:
#clear nvo vxlan counters access-port all
Example for clearing network port counters:
#clear nvo vxlan counters network-port dst 1.1.1.1
Example for clearing all network port counters:
#clear nvo vxlan counters network-port all

VXLAN Commands

clear nvo vxlan tunnels

Use this command to clear the nvo vxlan tunnels to re-establish the tunnel after mapping/un-mapping the QoS profile to
vxlan tunnel.

Command Syntax
clear nvo vxlan tunnels (|dst-ip A.B.C.D)

Parameters
dst-ip VXLAN tunnel destination
A.B.C.D destination IPv4 address

Command Mode
Exec mode

Applicability
This command was introduced in OcNOS version 3.0.

Example
#clear nvo vxlan tunnels dst-ip 2.2.2.2

Note: clear nvo vxlan tunnels This command will clear all the VXLAN tunnels destination.
clear nvo vxlan tunnels dst-ip A.B.C.D - This command to clear individual tunnel destination( i.e
A.B.C.D).

VXLAN Commands

clear nvo vxlan mac-stale-entries

Use this command to clear MAC entries that are in discard state in the forwarding database.

Command Syntax
clear nvo vxlan mac-stale-entries (vnid <1-16777215> |)

Parameters
<1-16777215> VXLAN network identifier

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#clear nvo vxlan mac-stale-entries vnid 100

VXLAN Commands

description
Use this command to set a description for a port.
Use the no form of this command to remove the description for a port.

Command Syntax
description LINE
no description

Parameters
LINE Maximum 32 characters describing this port.

Default
No default value is specified for description LINE commands.

Command Mode
NVO access interface mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#nvo vxlan access-if port-vlan xe1 2
(config-nvo-acc-if)#description member-port xe1 with vlan 2
(config-nvo-acc-if)#exit

VXLAN Commands

dynamic-learning disable
Use this command to disable dynamic learning of MACs at the access port. This command also disables dynamic
learning of MAC/IP from ARP/ND messages received on this access port.
Use the no form of this command to enable dynamic learning of MACs at the access port.

Command Syntax
dynamic-learning disable
no dynamic-learning disable

Parameters
None

Default
By default, the dynamic-learning option is enabled.

Command Mode
NVO access interface mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#nvo vxlan access-if port-vlan xe1 2
(config-nvo-acc-if)#dynamic-learning disable
(config-nvo-acc-if)#exit

VXLAN Commands

encapsulation
Use this command to assign a Tag Protocol Identifier (TPID) to an access port.
Use the no form of this command to set the default TPID (0x8100: IEEE 802.1Q VLAN-tagged frame) to an access
port.

Command Syntax
encapsulation TPID
no encapsulation

Parameters
TPID Tag Protocol Identifier:
Ox88A8: IEEE 802.1ad Provider Bridging
Ox9100: IEEE 802.1Q VLAN-tagged frame with double tagging

Default
The encapsulation TPID default is 0X8100.

Command Mode
NVO access interface mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#nvo vxlan access-if port-vlan xe1 2
(config-nvo-acc-if)#encapsulation 0x9100
(config-nvo-acc-if)#exit

VXLAN Commands

evpn esi holdtime

Use this command to allow some time for the tunnels to come at the time of vxlan initialization before making the esi
up. This avoids traffic to be black-holed when a new PE is added and connected to an already running CE for multi-
homing.
Use the no form of this command to make the esi up immediately when configuring the access-if cli.

Command Syntax
evpn esi holdtime <10-300>
no evpn esi holdtime <10-300>

Parameters
<10-300> Hold time in seconds

Default
Default value is 0.

Command Mode
Configuration Mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)# evpn esi holdtime 100
(config)# exit

VXLAN Commands

evpn vxlan multi-homing enable

Use this command to enable evpn vxlan multi-homing
Use the no form of this command to disable evpn vxlan multi-homing.
Note: Node will have to be restarted for this to be applicable. If there are some nodes in topology which have multi-
homed CEs, then nodes which do not have multi-homed CEs should also enable multihoming so, that they can
load share traffic to the multi-homed CEs.

Command Syntax
evpn vxlan multihoming enable
no evpn vxlan multihoming enable

Parameters
None

Default
By Default Multi-homing will be d]isabled

Command Mode
Configuration Mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
#(config)# evpn vxlan multihoming enable
#(config)# exit

VXLAN Commands

evpn multi-homed
Use this command to configure interfaces as multi-homed and configure esi-value in case of physical and static lag and
system-mac in case of Dynamic lag.
Use the no parameter of this command to unconfigure multi-homed on the interface.

Command Syntax
evpn multi-homed (esi XX:XX:XX:XX:XX:XX:XX:XX:XX | system-mac (XX-XX-XX-XX-XX-
XX|XX:XX:XX:XX:XX:XX|XXXX.XXXX.XXXX)
no evpn multi-homed (esi | system-mac)

Parameters
XX:XX:XX:XX:XX:XX:XX:XX:XX ESI value in HH:HH:HH:HH:HH:HH:HH:HH:HH - 9
octet format
XX-XX-XX-XX-XX-XX Host MAC address (Option 1)
XX:XX:XX:XX:XX:XX Host MAC address (Option 2)
XXXX.XXXX.XXXX Host MAC address (Option 3)

Default
Default value is 0.

Command Mode
Interface Mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)# interface xe1
(config)# evpn multi-homed esi 00:11:22:33:44:55:66:77:88
(config)# exit

configure terminal
(config)# interface po1
(config)# evpn multi-homed system-mac 0000.0000.1111
(config)# exit

VXLAN Commands

evpn-vlan-service
Use this command to configure EVPN-Service type.
Use the no form of this command to delete the evpn vlan service.
Note: If access port mappings to vnid exists already and VLAN service is configured later and mapped to tenant then
we should not allow the mapping, user should either remove and reconfigure the access port mappings.

Command Syntax
evpn-vlan-service (vlan-aware-bundle | vlan-based)
no evpn-vlan-service

Parameters
vlan-based VLAN-based mapping of a mac-vrf to single VNI (1 to 1)
vlan-aware-bundle
VLAN-aware-bundle mapping of a mac-vrf to multiple VNI (1 to many)

Default
By default, vlan-aware-bundle service is applied when we no evpn-vlan-service configuration is specified
explicitly.

Command Mode
MAC vrf mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#mac vrf vrf1
(config-vrf)# evpn-vlan-service vlan-based
(config-vrf)# no evpn-vlan-service vlan-based

VXLAN Commands

garp-gna enable
Use this command to enable GARP/GNA packets per vxlan on the outgoing access interfaces where it is configured.
Use the no form this command to disable GARP/GNA packets on the outgoing access interfaces.
By default it will be disable

Command Syntax
garp-gna enable
garp-gna enable

Parameters
None

Command Mode
config-nvo-acc-if mode

Applicability
This command is introduced in OcNOS version 1.3.6.

Example
#configure terminal
(config)#nvo vxlan access-if port-vlan xe1 10
config-nvo-acc-if)#garp-gna enable

VXLAN Commands

load-balance rtag7 vxlan inner-l2

Use this command to enable RTAG7 load balancing for VxLAN for inner-L2 packets on the access side for load sharing
of traffic on tunnel paths. This command also enables random UDP source port generation for the VxLAN UDP tunnels
based on the L2 frame being received on the VxLAN access port.
Use the no parameter of this command to disable load balance for RTAG7 for VxLAN for inner-L2 frames.

Command Syntax
load-balance rtag7 vxlan inner-l2 (dest-mac | src-mac)
no load-balance rtag7 vxlan inner-l2 (dest-mac | src-mac)

Parameter
dest-mac Destination MAC Address.
src-mac Source MAC Address.

Default
By default, the load-balance rtag7 vxlan inner-l2 default is src-mac.

Command Mode
Configure mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#load-balance rtag7 vxlan inner-l2 dest-mac

(config)#no load-balance rtag7 vxlan inner-l2 dest-mac

VXLAN Commands

load-balance rtag7 vxlan inner-l3

Use this command to enable RTAG7 load balancing for VxLAN for inner-L3 IPv4 and IPv6 packets on the access side
for load sharing of traffic on tunnel paths. This command also enables random UDP source port generation for the
VxLAN UDP tunnels based on the L3 frame being received on the VxLAN access port.
Use the no parameter of this command to disable load balance for RTAG7 for VxLAN for inner-L3 IPv4 and IPv6
frames.

Parameter
dest-ip Destination IP.
destl4-port Destination l4 port.
protocol-id Protocol (IPv4).
src-ip Source IP.
srcl4-port Source l4 port.

Default
By default, the load-balance rtag7 vxlan inner-l3 default is src-ip.

Command Mode
Configure mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#load-balance rtag7 vxlan inner-l3 dest-ip

(config)#no load-balance rtag7 vxlan inner-l3 dest-ip

VXLAN Commands

mac
Use this command to associate a static MAC address and a static IPv4 or IPv6 address on an access interface.
Use the no form of this command to disassociate a static MAC address and an IPv4 or IPv6 address for an access
interface.
Note: When a static host is configured on an access port which is in the down state, its state is Inactive.
Note: The same static mac configuration is not allowed on a different access port as then there will be a chance of
conflict. However, if a dynamic packet is sent at another access port which is up and running with the same
MAC, it learns as usual. As soon as the port on which the static MAC is configured comes up, static learning is
given precedence and the dynamically learned MAC is moved to the port where it is configured statically.

Command Syntax
mac XXXX.XXXX.XXXX
mac XXXX.XXXX.XXXX (ip A.B.C.D | ipv6 X:X::X:X)
no mac XXXX.XXXX.XXXX (ip A.B.C.D | ipv6 X:X::X:X)

Parameters
XXXX.XXXX.XXXX Static MAC address. The following formats are supported:
XX-XX-XX-XX-XX-XX Source MAC address (Option 1)
XX:XX:XX:XX:XX:XX Source MAC address (Option 2)
XXXX.XXXX.XXXX Source MAC address (Option 3)
A.B.C.D Static IPv4 address.
X:X::X:X Static IPv6 address.

Default
No default value is specified for mac command.

Command Mode
NVO access interface mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#nvo vxlan access-if port-vlan xe1 2
(config-nvo-acc-if)#mac 0000.0000.aaaa ip 10.10.10.1
(config-nvo-acc-if)#mac 0000.0000.aaaa ipv6 1201::1
(config-nvo-acc-if)#exit

VXLAN Commands

mac vrf
Use this command to create a MAC VRF to use in EVPN routes.
See also vxlan host-reachability-protocol evpn-bgp.
Use the no parameter of this command to delete the MAC VRF.

Command Syntax
mac vrf WORD
no mac vrf WORD

Parameter
WORD MAC routing or forwarding instance name.

Default
No default value is specified for mac vrf WORD command.

Command Mode
Configure mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#mac vrf vrf1

(config)#no mac vrf vrf1

VXLAN Commands

mac-holdtime
Use this command to set the MAC hold time for a MAC/IP or MAC.
The feature holds the MAC in hardware until BGP has withdrawn from the neighbors. This helps to reduce flooding to
other access ports.
This setting applies when the access port is shut down, the physical port on which the access port is down, or the
access port is removed from the VNID using the no form of the map vnid command.
When the MAC hold time is configured as -1, then the MAC is not removed from the hardware and is also not
withdrawn from EVPN BGP.
Use the no form of this command to remove the MAC hold time for the MAC/IP or MAC.
Note: When a MAC is moved to discard state, traffic to and from this MAC is discarded. This is applicable only on
statically configured MAC/MAC-IPs.

Command Syntax
mac-holdtime <-1-300>
no mac-holdtime

Parameters
<-1-300> MAC hold time in seconds. Specify -1 to “never expire”.

Default
The default holdtime for mac is 3 seconds.

Command Mode
NVO mode and NVO_ACC_IF_MODE mode
Note: When configured in both modes, then the NVO_ACC_IF_MODE value takes preference for that access port.

Applicability
This command was introduced before OcNOS version 1.3.
This command in NVO_ACC_IF_MODE mode is introduced in OcNOS version 1.3.4.

Example
#configure terminal
(config)#nvo vxlan id 3 ingress-replication inner-vid-disabled
(config-nvo)#mac-holdtime -1
(config-nvo)#exit

VXLAN Commands

map vnid
Use this command to map a tenant to an access-port.
Use the no form of this command to remove the tenant from an access-port

Command Syntax
map vnid <1-16777215>
no map vnid <1-16777215>

Parameters
<1-16777215> VxLAN network identifier.

Default
No default value is specified for map vnid command.

Command Mode
NVO access interface mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#nvo vxlan access-if port-vlan xe1 2
(config-nvo-acc-if)#map vnid 100
(config-nvo-acc-if)#exit

VXLAN Commands

nd-cache disable
Use this command to disable ND cache for MAC/IPv6.
When the ND cache is disabled on a VxLAN access port, OcNOS does not reply to any ND arriving on this port from
the cache. OcNOS withdraws all MAC/IPs configured/learned on this access port and removes the MAC/IP entry for
this access port from the local ND cache.
OcNOS also makes sure that on withdrawing the MAC/IP route, the MAC does not become unknown. If all routes for
this MAC are being withdrawn because of this command, then OcNOS advertises a MAC-only route. This is done so
that the MAC does not become unknown and only the cache functionality becomes disabled.
See also arp-cache disable.
Use the no form of this command to enable ND cache for MAC/IPv6.
Note: On enabling the cache, an IP will be in conflict, then the cache enable will fail. The conflict has to be manually
removed and then the cache enabled.

Command Syntax
nd-cache disable
no nd-cache disable

Parameters
None

Default
By default, the nd-cache option is enabled.

Command Mode
NVO access interface mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#nvo vxlan access-if port-vlan xe1 2
(config-nvo-acc-if)#nd-cache disable
(config-nvo-acc-if)#exit

VXLAN Commands

no nvo vxlan
Use this command to delete a given tenant or all tenants/VPNs.

Command Syntax
no nvo vxlan (id <1-16777215>|all-vnids)

Parameters
<1-16777215> VXLAN Network Identifier.
all-vnids Delete all VxLAN network identifiers.

Command Mode
Configure mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#no nvo vxlan id 100

VXLAN Commands

nvo vxlan
Use this command to enable or disable VxLAN.

Command Syntax
nvo vxlan (enable | disable)

Parameters
None

Default
By default, the nvo vxlan option is disabled.

Command Mode
Configure mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#nvo vxlan enable

(config)#nvo vxlan disable

VXLAN Commands

nvo vxlan id
Use this command to add a tenant and the type of VPN. This command changes the mode to NVO mode.
Use no form of this command to unconfigure the VXLAN ID.
Before using this command, enable VXLAN by using the nvo vxlan command.

Command Syntax
nvo vxlan id <1-16777215> (etree-leaf|) ((ingress-replication (inner-vid-disabled |
bridge-vlan VLAN-ID | etree-leaf)
no nvo vxlan id <1-16777215>

Parameters

vxaln id <1- Specifies the VXLAN Network Identifier (VNID) to identify the virtual VXLAN overlay network
16777215> segment.
multicast (Optional) Specifies a multicast mode (point to multipoint) used for transmitting VXLAN
encapsulated multicast packets.
ingress- (Optional) Enables head-end replication for forwarding BUM traffic.
replication
bridge-vlan (Optional) Specifies the VLAN ID.
VLAN-ID
inner-vid- (Optional) Disables the transmission of the VLAN ID (VID) with traffic leaving the network
disabled port.
etree-leaf (Optional) Configures the device as a leaf node within the E-Tree topology, implying its role in
forwarding BUM traffic within the E-Tree service model.

Command Mode
Configure mode

Applicability
This command was introduced before OcNOS version 1.3. Introduced the etree-leaf parameter in the OcNOS
version 6.5.1

Example
#configure terminal
(config)#nvo vxlan id 300 ingress-replication
(config-nvo)#exit

(config)#nvo vxlan id 200 ingress-replication inner-vid-disabled

(config-nvo)#exit
To configure a VXLAN instance with VXLAN ID for ingress replication, with inner VLAN ID disabled, and as an E-Tree
leaf node:
(config)#nvo vxlan id 10 ingress-replication inner-vid-disabled etree-leaf
(config-nvo)#exit
To configure a VXLAN instance with VLAN-VNID mapping for ingress replication on the leaf node:
(config)#nvo vxlan id 101 ingress-replication bridge-vlan 101

VXLAN Commands

(config-nvo)#exit

VXLAN Commands

nvo vxlan access-if

Use this command to map a complete interface or a VLAN or VLAN range on an interface to identify the tenant traffic
and to enter NVO access interface mode.
The command "nvo vxlan access-if port <if_name> default" accepts all tagged, double tagged and untagged traffic
received on the mapped physical port.
Use the no form of this command to unmap an interface or a VLAN.
Note: When a VxLAN access interface configured as a port VLAN as vlan-range or port as default, then arp-cache
and nd-cache should be disabled and only VNID with inner-vid-enable is mapped.
Note: Inner-vid-enable is one-to-one mapping. VNID is mapped to only on one access-port.
Note: Vlan Range not allowed to be configured for Vxlan stacked access-port.

Parameters
port A physical port.
IFNAME Interface name (Physical/Static lag/Dynamic lag)
default Default access interface
port-vlan The physical port on which VLANs are configured
IFNAME Interface name (Physical/Static lag/Dynamic lag)
VLAN_RANGE Configure VlanId or Vlan-Range for outer vlan
Inner-vlan Inner-vlan id
<2-4094> VLAN id

Default
By default, the nvo vxlan access-if option is port VLAN ID and VLAN_RANGE option is introduced in
OcNOS version 5.0..

Command Mode
Configure mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#nvo vxlan access-if port-vlan xe1 2-10
(config-nvo-acc-if)#exit

#configure terminal

VXLAN Commands

(config)#nvo vxlan access-if port xe1

(config-nvo-acc-if)#exit

#configure terminal
(config)#nvo vxlan access-if port xe1 default
(config-nvo-acc-if)#exit

#configure terminal
(config)#nvo vxlan access-if port-vlan xe1 2 inner-vlan 10
(config-nvo-acc-if)#exit

VXLAN Commands

nvo vxlan mac-ageing-time

Use this command to set the dynamically learned MAC aging time.
Use the no form of this command to set the age out the MACs in hardware to its default (300 seconds).

Command Syntax
nvo vxlan mac-ageing-time <10-572>
no nvo vxlan mac-ageing-time

Parameters
<10-572> Ageing time in seconds.

Default
The default age out time is 300 seconds.

Command Mode
Configure mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#nvo vxlan mac-ageing-time 10

VXLAN Commands

nvo vxlan max-cache-disable

Use this command to configure the maximum number of ARP and ND cache disables on access ports configured with
the port+VLAN options. This command does not limit the ARP and ND cache disables on access ports created with
only the port option.
Use the no form of this command to set the maximum number of ARP and ND cache disables to its default (0).
Note: If any MAC is in conflict when the max cache disable is being unconfigured, then the corresponding caches will
not be enabled. This can be enabled after manually, removing the conflict. Caches where there is no conflict,
will be enabled.

Command Syntax
nvo vxlan max-cache-disable <1-200>
no nvo vxlan max-cache-disable

Parameters
<-1-200> Number of ARP/ND cache disable allowed

Default
The default maximum number of ARP and ND cache disables is 0.

Command Mode
Configuration mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#nvo vxlan max-cache-disable 10
(config-nvo)#exit

VXLAN Commands

nvo vxlan vtep-ip-global

Use this command to set the source IP address of the VxLAN tunnels.
Use the no form of this command to remove the source IP address of the VxLAN tunnels.

Command Syntax
nvo vxlan vtep-ip-global A.B.C.D
no nvo vxlan vtep-ip-global A.B.C.D

Parameters
A.B.C.D Source VTEP IP address of the global configuration

Default
No default value is specified for nvo vxlan vtep-ip-global command.

Command Mode
NVO mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
(config-nvo)#nvo vxlan vtep-ip-global 10.10.11.1

VXLAN Commands

show bgp l2vpn evpn

Use this command to display details about Layer 2 Virtual Private Network (L2VPN) Ethernet Virtual Private Network
(EVPN) routes.
Note: A BGP EVPN route update received for an unreachable IP address is also listed by this command and as a
best route. This is because the next hop tracking feature is not supported for the EVPN address family.
However, the tunnel to this IP address is shown in unresolved state by the show nvo vxlan tunnel output.
Note: An E-tag (Ethernet tag) can have the value of zero/VID/VNID based on the use case. An E-tag can go up to 32
bits and no restrictions are noted in the RFC. Since an E-tag can have different values, it should not be
compared with the label/VNID.

Parameters
vrf Virtual Routing and Forwarding instance
WORD VRF name
rd Route distinguisher
WORD Route distinguisher: ASN:nn or IP:nn
time Display learned time for EVPN routes
mac-ip MAC/IP routes (EVPN type 2)
mcast Multicast routes (EVPN type 3)

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#show bgp l2vpn evpn

BGP table version is 25, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]

1 - Ethernet Auto-discovery Route

VXLAN Commands

2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route

Network Next Hop Metric LocPrf Weight Path Peer

RD[1.1.1.1:1] VRF[vrfblue]:
*> [2]:[0]:[100]:[48,0000.00aa.aaaa]:[32,10.1.1.2]:[100]
1.1.1.1 0 100 32768 i
*>i [2]:[0]:[100]:[48,0000.00bb.bbbb]:[32,10.1.1.3]:[100]
4.4.4.4 0 100 0 i 10.1.1.1
*> [3]:[100]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i
*>i [3]:[100]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 10.1.1.1
*> [3]:[101]:[32,1.1.1.1]
1.1.1.1 0 100 32768 i
*>i [3]:[101]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 10.1.1.1

RD[2.2.2.2:1]
*>i [2]:[0]:[100]:[48,0000.00bb.bbbb]:[32,10.1.1.3]:[100]
4.4.4.4 0 100 0 i 10.1.1.1
*>i [3]:[100]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 10.1.1.1
*>i [3]:[101]:[32,4.4.4.4]
4.4.4.4 0 100 0 i 10.1.1.1

Total number of prefixes 9

Table 1-1 shows the status codes displayed at the start of a route entry.

Table 1-1: status codes

Status
code Description Comments

s suppressed Whether the route is suppressed and is not advertised to neighbors.

d damped When the penalty of a flapping route exceeds the suppress limit, the route is damped and remains
in a withdrawn state until its penalty decreases below the reuse limit.

h history When the penalty of a flapping route does not exceed the suppress limit, the route is not damped
and BGP maintains a history of the flapping route.

* valid Whether the route is valid. When a route is not suppressed, damped, or present in the history, it is
valid.

> best The selected route to be installed in the kernel routing table.

i internal The prefix was learned from an iBGP peer.

l labeled BGP Labeled Unicast advertises route information between inter region routers.

VXLAN Commands

Table 1-2 shows the codes at the end of each route entry that indicate where the route originated.

Table 1-2: origin codes

Origin
Code Description Comments

i IGP The route is from an Interior Gateway Protocol.

e EGP The route is from an Exterior Gateway Protocol.

? incomplete Origin not known. Typically, these are routes redistributed from an IGP.

Table 1-3 explains the fields for each route.

Table 1-3: route entry fields

Field Description

RD Route distinguisher: AS number or IP address.

VRF Name of the VRF.

Network EVPN route information.

The route type indicates the type of routing information advertised by the EVPN control plane:

2 MAC/IP Route: Endpoint reachability information, including MAC and IP addresses of the endpoints.
3 Inclusive Multicast Route: Information about how to forward Broadcast, Unknown Unicast and Multicast (BUM)
traffic.

The other fields included depend on the route type:

Type 2: [ESI]:[E-Tag]:[Length, Host MAC address]:[Length, Host IP address]:[Label/VNID]
Type 3: [E-Tag]:[Length, PE IP address]

ESI (Ethernet Segment Identifier): a unique non-zero identifier that identifies an Ethernet segment, which is a set
of links that connects a network or device to one or more PEs. ESI 0 denotes a single-homed site.

E-Tag (Ethernet tag): identifies a particular broadcast domain such as a VLAN or VNID in the VxLAN case. An
EVPN instance consists of one or more broadcast domains.

VNID (VXLAN network identifier): identifies Layer 2 segments and maintains Layer 2 isolation between the
segments, allowing the addressing of up to 16 million logical networks in the same administrative domain.

The status codes are explained in Table 1-1.

Next Hop IP address of the nexthop for this route.

Metric Multiple-Exit Discriminator (MED). If there are multiple paths to the same destination from a single routing
protocol, then the multiple paths have the same administrative distance and the best path is selected based on
this metric. The path with the lowest metric is selected as the optimal path and installed in the routing table.

LocPrf Local preference set with the set local-preference command. This value is used only with iBGP sessions
within the local autonomous system to determine if a route towards a destination is the “best” one. The path with
the highest local preference is preferred.

Weight This field applies only to routes within an individual router. If a route was learned from a peer, it has a default
weight of 0. All routes generated by the local router have a weight of 32,768.

VXLAN Commands

Table 1-3: route entry fields (Continued)

Field Description

Path The autonomous systems through which the prefix advertisement passed.
The origin codes are explained in Table 1-2.

Peer Neighbor address.

Total The total number of prefixes listed.

number of
prefixes

VXLAN Commands

show bgp l2vpn evpn summary

Use this command to display a summary of BGP EVPN neighbor status.

Command Syntax
show bgp l2vpn evpn summary

Parameters
None

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#show bgp l2vpn evpn summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 17
1 BGP AS-PATH entries
0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI
8.8.8.8 4 100 111 112 17 0 0 00:53:03 3 0 0 3 0
9.9.9.9 4 100 110 110 17 0 0 00:52:10 15 0 13 2 0
13.13.13.13 4 100 132 109 17 0 0 00:51:57 4 0 2 2 0

Total number of neighbors 3

Total number of Established sessions 3

The start of the output shows:

• The BGP router identifier and the local router AS number.
• The BGP table version tracks the local BGP table version. Any time the BGP best path algorithm executes, the
table version increments.
• BGP AS-PATH entry and community entries.
Table 1-4 explains the fields for each neighbor entry.

Table 1-4: neighbor fields

Field Description

Neighbor IP address of peer.

V BGP version of peer.

AS Autonomous system number of peer.

MsgRcvd Messages received since the BGP connection was established.

MsgSent Messages sent since the BGP connection was established.

VXLAN Commands

Table 1-4: neighbor fields (Continued)

Field Description

TblVer Last version of the local router’s BGP database advertised to the peer.

InQ Received messages waiting in the input queue for further processing.

OutQ Messages waiting in the output queue to be sent.

Up/Down Connection up time in the interface.

State/PfxRcd If the TCP session is up and the BGP peers have formed an adjacency, this field shows how many prefixes
have been received from the remote neighbor.

Other states:

Idle: The local router has not allocated resources for the peer connection, so incoming connection requests
are refused

Idle (Admin): The peer has shut down

Idle (PfxCt): Prefix overflow

Idle (G-shut): Graceful shutdown

Connect: BGP is waiting for the TCP connection to complete

Active: the local router is trying to establish a TCP connection to the remote peer. You might see this if the
local peer has been configured, but the remote peer is unreachable or has not been configured.

OpenSent: BGP is waiting for an open message from its peer

OpenConfirm: BGP received an open message from the peer and is now waiting for a keepalive or notification
message. If BGP receives a keep alive message from the peer, the state changes to established. If the
message is a notification, the state changes to idle.

Established: BGP is ready to exchange update, notification, and keep alive messages with its peer

Invalid: The session state is invalid.

AD Number of EVPN type 1 Ethernet Auto-discovery routes: Only originated for multi-homed sites. Type 1 routes
allow fast convergence where PE devices can change the next-hop adjacencies for all MAC addresses
associated with a particular Ethernet Segment and aliasing where traffic can be balanced across multiple
egress points

MACIP Number of EVPN type 2 MAC/IP routes: Endpoint reachability information, including MAC and IP addresses of
the endpoints.

MCAST Number of EVPN type 3 Inclusive Multicast routes: Broadcast, Unknown Unicast and Multicast (BUM) traffic.

ESI Number of EVPN type 4 Ethernet Segment Routes: Used in multi-homing for Designated Forwarder Election.
The Designated Forwarder sends BUM traffic to the CE on a particular Ethernet Segment.

VXLAN Commands

show nvo vxlan

Use this command to display VXLAN information.

Command Syntax
show nvo vxlan (vnid <1-16777215>|)

Parameters
<1-16777215> VXLAN network identifier.

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#sh nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged

VNID Vni-name Type Interface ESI Vlan DF-

Status Src-addr Dst-addr
______________________________________________________________________________
_____________________________________
10 ---- NW ---- ---- ---- ----
1.1.1.1 3.3.3.3
10 ---- NW ---- ---- ---- ----
1.1.1.1 2.2.2.2
10 ---- AC ce21/1 00:00:11:22:33:44:55:66:77:88 2
DF ---- ----
20 ---- NW ---- ---- ---- ----
1.1.1.1 3.3.3.3
20 ---- NW ---- ---- ---- ----
1.1.1.1 2.2.2.2
20 ---- AC ce21/1 00:00:11:22:33:44:55:66:77:88 3 NON-
DF ---- ----

Total number of entries are 6

Table 1-1 explains the fields in the output.

Table 1-5: VxLAN fields

Field Description

VNID VXLAN network identifier.

Type NW - Network Port: VxLAN tunnel

AC - Access Port: Host connection

VXLAN Commands

Table 1-5: VxLAN fields

Field Description

Interface Name of the Interface.

Vlan VLAN identifier

Src-addr Source address in the interface.

Dst-addr Destination address in the interface.

Total number of The total number of entries listed.

entries

VXLAN Commands

show nvo vxlan access-if-config

Use this command to display the current running configuration of the access interface.

Command Syntax
show nvo vxlan access-if-config (LINE|)

Parameters
LINE Access port description.

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3,
Added new cli "garp-gna enable" under access-if cli in OcNOS version 1.3.6.

Example
#show nvo vxlan access-if-config
nvo vxlan access-if port-vlan xe1 2
map vnid 100
garp-gna enable
access-if-description member-port with xe1 as vlan 2
dynamic-learning disable
arp-nd flood-suppress
arp-cache disable
nd-cache disable
shutdown
mac 0000.0000.1111
mac 0000.0000.aaaa ip 12.12.12.1
mac 0000.0000.bbbb ipv6 1201::1
map qos-profile ingress 100
cos 2 egress
!
nvo vxlan access-if port-vlan po1 6 inner-vlan 5
encapsulation 0x9100
no shutdown
map vnid 100
!

VXLAN Commands

show nvo vxlan arp-cache

Use this command to display the ARP cache information.

Command Syntax
show nvo vxlan arp-cache (vnid <1-16777215>|summary|)

Parameters
<1-16777215> VXLAN network identifier.

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3, modified to include new fields – Age-Out and Retries-Left in
OcNOS version 1.3.5.
Remote Static and Dynamic keyword got changed to Static and Dynamic Remote in MAC table in
OcNOS version 1.3.6.

Example
#sh nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
ND Timeout : 300 sec Random-Jitter-Max : 640

VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left

______________________________________________________________________________
10 11.11.11.2 0000.0000.bbbb Dynamic Local 224 2
10 11.11.11.1 0000.0000.aaaa Dynamic Remote----
Total number of entries are 2

Table 1-6 explains the output fields.

Table 1-6: ARP cache fields

Field Description

VNID VXLAN network identifier

Ip-Addr IP address of the vxlan

Mac-Addr Device MAC address

Type How a host learns a MAC/IP pair:

Dynamic: Learned by data plane source learning

Evpn: Learned by EVPN Type 2 (MAC/IP) routes
Static Remote: Statically configured for remote; used only for static VxLAN, not with EVPN
Static Local: Configured on local VTEP

VXLAN Commands

Table 1-6: ARP cache fields

Field Description

Age=Out ARP entry expire time

Total number of The total number of entries listed.

entries

VXLAN Commands

show nvo vxlan counters access-port

Use this command to display the receive and transmit counters of an access port including ARP, ND and GARP
counters in the same command.
Note: Due to a limitation in the hardware, the transmit packet counters includes the BUM traffic received on that port.

Command Syntax
show nvo vxlan counters access-port (port IFNAME | port-vlan IFNAME VLAN_ID)

Parameters
port Port Mapping
IFNAME Access port name
port-vlan Port-vlan Mapping
IFNAME Access port name
VLAN_ID_RANGEVlan Id or Vlan Range <2-4094>
INNER_VLAN_ID Inner-Vlan Id
all All ports and VLANs

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3 and added Control packet (ARP, ND and GARP) counters in
OcNOS version 1.3.5. The VLAN_RANGE option is introduced in OcNOS version 5.0.

Example
#show nvo vxlan counters access-port port-vlan xe1 2
Data packets:
*If ARP/ND cache is enabled, TX doesn't count ARP/ND replies
from ARP/ND cache and ARP/ND forwarded after uplifting to
the control plane.
RX: packets : 2774939
bytes : 210553516
TX: packets : 4322274
bytes : 326026474

Control Packets:
*ARP/ND uplifted and sent/replied from control plane:
Rx Vxlan Arp discard count : 0
Rx Vxlan Nd discard count : 2
Tx Vxlan Arp discard count : 0
Tx Vxlan Nd discard count : 0
Rx Vxlan Arp Request count : 2
Tx Vxlan Arp Request count : 0
Rx Vxlan Arp Reply count : 5
Tx Vxlan Arp Reply count : 1
Rx Vxlan Neighbor Solicitation count : 6
Tx Vxlan Neighbor Solicitation count : 0

VXLAN Commands

Rx Vxlan Neighbor Advertisement count: 0

Tx Vxlan Neighbor Advertisement count: 4
Rx Vxlan Gratuitous ARP count : 0
Tx Vxlan Gratuitous ARP count : 0
Rx Vxlan Gratuitous Neighbor Advertisement count: 3
Tx Vxlan Gratuitous Neighbor Advertisement count: 0
#
Table 1-3 explains the fields in the output.

Table 1-7: access port counters

Field Description

RX: packets Number of packets received.

RX: bytes Number of bytes received.

TX: packets Number of packets transmitted.

TX: bytes Number of bytes transmitted.

Rx Vxlan Nd Number of discarded ND that is received from neighbor.

discard count

Tx Vxlan Arp Number of discarded Arp that is transmitted to peer.

discard count

Rx Vxlan Nd Number of discarded ND that is transmitted to peer.

discard count

Rx Vxlan Arp Number of request ARP that is received from neighbor.

Request count

Tx Vxlan Arp Number of request ARP that is transmitted to peer.

Request count

Rx Vxlan Arp Number of replied ARP that is received from neighbor.

Reply count

Tx Vxlan Arp Number of replied ARP which is transmitted to peer.

Reply count

Rx Vxlan Number of request ND that is received from neighbor.

Neighbor
Solicitation count

Tx Vxlan Number of replied ND that is transmitted to peer.

Neighbor
Solicitation count

Rx Vxlan Number of Neighbor Advertisement that is received from neighbor.

Neighbor
Advertisement
count

VXLAN Commands

Table 1-7: access port counters (Continued)

Field Description

Tx Vxlan Number of Neighbor Advertisement that is transmitted to peer

Neighbor
Advertisement
count

Rx Vxlan Number of Gratuitous ARP that is received from neighbor.

Gratuitous ARP
count

Tx Vxlan Number of Gratuitous ARP which is transmitted to peer.

Gratuitous ARP
count

Rx Vxlan Number of Gratuitous Neighbor Advertisement that is received from neighbor.

Gratuitous
Neighbor
Advertisement
count

Tx Vxlan Number of Gratuitous Neighbor Advertisement which is transmitted to peer.

Neighbor
Gratuitous
Advertisement
count

VXLAN Commands

show nvo vxlan counters network-port

Use this command to display the receive and transmit counters of a network port including ARP, ND and GARP
counters in the same command.

Command Syntax
show nvo vxlan counters network-port dst A.B.C.D

Parameters
A.B.C.D Tunnel IPv4 address

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3 and added control packets (ARP, ND, and GARP) counters
in OcNOS version 1.3.5.

Example
VTEP1#sh nvo vxlan counters network-port dst 100.2.2.2

Data packets:
*If ARP/ND cache is enabled, TX doesn't count ARP/ND replies
from ARP/ND cache and ARP/ND forwarded after uplifting to
the control plane.
RX: packets : 814327
bytes : 92833544
TX: packets : 1508023
bytes : 171914622

Control Packets:
*ARP/ND uplifted and sent/replied from control plane:
TX VXLAN Arp discard count : 0
TX VXLAN ND discard count : 0
Tx Vxlan Arp Request count : 0
Tx Vxlan Arp Reply count : 0
Tx Vxlan Neighbor Solicitation count : 0
Tx Vxlan Neighbor Advertisement count: 0
Rx Vxlan Gratuitous ARP count: 0
Tx Vxlan Gratuitous ARP count: 0
Rx Vxlan Gratuitous Neighbor Advertisement count: 0
Tx Vxlan Gratuitous Neighbor Advertisement count: 0

Table 1-4 explains each network entry fields.

VXLAN Commands

Table 1-8: show nvo vxlan counters network-port output fields

Field Description

RX: packets Number of hello packets received from neighbor.

RX: bytes Number of hello packets received from neighbor in bytes received.

TX: packets Number of hello packets transmitted to neighbor.

TX: bytes Number of hello packets transmitted to neighbor in bytes transmitted.

Rx Vxlan Nd discard count Number of discarded ND that is received from neighbor.

Tx Vxlan Arp discard count Number of discarded Arp that is transmitted to peer.

Rx Vxlan Nd discard count Number of discarded ND that is transmitted to peer.

Rx Vxlan Arp Request Number of request ARP that is received from neighbor.
count

Tx Vxlan Arp Request Number of request ARP that is transmitted to peer.

count

Rx Vxlan Arp Reply count Number of replied ARP that is received from neighbor.

Tx Vxlan Arp Reply count Number of replied ARP which is transmitted to peer.

Rx Vxlan Neighbor Number of request ND that is received from neighbor.

Solicitation count

Tx Vxlan Neighbor Number of replied ND that is transmitted to peer.

Solicitation count

Rx Vxlan Neighbor Number of Neighbor Advertisement that is received from neighbor.

Advertisement count

Tx Vxlan Neighbor Number of Neighbor Advertisement that is transmitted to peer.

Advertisement count

Rx Vxlan Gratuitous ARP Number of Gratuitous ARP that is received from neighbor.
count

Tx Vxlan Gratuitous ARP Number of Gratuitous ARP which is transmitted to peer.

count

Rx Vxlan Gratuitous Number of Gratuitous Neighbor Advertisement that is received from neighbor.
Neighbor Advertisement
count

Tx Vxlan Neighbor Number of Gratuitous Neighbor Advertisement which is transmitted to peer.

Gratuitous Advertisement
count

VXLAN Commands

show nvo vxlan mac-table

Use this command to display the host MAC address table. Use the hardware option to see the age out time for
dynamically learned macs.

Command Syntax
show nvo vxlan mac-table (vnid <1-16777215>|) (summary | hardware |)

Parameters
<1-16777215> VXLAN network identifier.
summary Count the MAC addresses.

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3.
Remote Static and Dynamic keyword got changed to Static and Dynamic Remote in MAC table in
OcNOS version 1.3.6.

Example
#show nvo vxlan mac-table
==============================================================================
=======================================================================
VXLAN MAC Entries
==============================================================================
=======================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/
ESI Type Status AccessPortDesc
______________________________________________________________________________
_______________________________________________________________________

10 ce21/1 2 ---- 0000.0000.1111

1.1.1.1 Static Local -------
partner-port
10 ---- ---- ---- 0000.0000.2222
3.3.3.3 Static Remote ------- ------
-
20 ce21/1 3 ---- 0000.0000.cccc
1.1.1.1 Static Local Discard ------
-
20 ---- ---- ---- 0000.0000.dddd
3.3.3.3 Static Remote ------- ------
-

Total number of entries are : 4

#show nvo vxlan mac-table hardware

VXLAN Commands

VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/

ESI Type Status Time-out
AccessPortDesc
______________________________________________________________________________
_______________________________________________________________________

10 ce21/1 2 --- 0000.0000.1111

1.1.1.1 Static Local ----- ---
partner-port
10 --- --- --- 0000.0000.2222
3.3.3.3 Static Remote ----- -
--
10 --- --- --- 0000.0000.aa11
3.3.3.3 Static Remote ----- -
--
10 ce21/1 2 --- 0000.0000.bb11
1.1.1.1 Dynamic Local ----- 300
partner-port
10 ce21/1 2 --- 0000.0000.bb12
1.1.1.1 Dynamic Local ----- 277
partner-port
20 ce21/1 --- --- 0000.0000.cccc
1.1.1.1 Static Local Discard ---
20 --- --- --- 0000.0000.dddd
3.3.3.3 Static Remote ----- -
--

Total number of entries are 7

Table 1-5 explains the fields in the output.
Table 1-9: MAC table fields

Field Description

VNID VXLAN network identifier

Interface Interface name

VlanId VLAN identifier

Mac-Addr MAC address

VTEP-Ip VTEP identifier/Ethernet Segment Identifier

Type How a host learns a MAC/IP pair:

Remote: Statically configured for remote; used only for static VxLAN, not with EVPN
Static Local: Configured on local VTEP
Dynamic Local: Learned by data plane source learning

Status Max Move conflict: When a MAC has moved too many times (5 or more times in 180 seconds). This is
according to the procedures defined in RFC 7432, Section 15.1.

Discard: If a MAC hold time is configured, then if the VxLAN access port goes down (admin or operational),
the MAC is moved to the discard state for the period of the hold time. The MAC is also moved to the discard
state if the VNID is unmapped from the port. In dynamically learned cases, the MAC is also moved to
discard when learning is disabled.

Time-out Age timeout for dynamically learned MACs.

VXLAN Commands

Table 1-9: MAC table fields (Continued)

Field Description

AccessPortDesc Access port description.

Total number of The total number of entries listed.

entries

VXLAN Commands

show nvo vxlan nd-cache

Use this command to display the Neighbor Discovery cache.

Command Syntax
show nvo vxlan nd-cache (vnid <1-16777215>|summary|)

Parameters
<1-16777215> VXLAN network identifier.

Command Mode
Exec mode

Example
#show nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
ND Timeout : 300 sec Random-Jitter-Max : 640

VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left

______________________________________________________________________________
10 2001::1 0000.0000.1111 Dynamic Local 274 2
10 2001::2 0000.0000.2222 Dynamic Remote ----
Total number of entries are 2
Table 1-6 explains the output fields.
Table 1-10: ND cache fields

Field Description

VNID VXLAN network identifier

Ip-Addr IP address

Mac-Addr MAC address

Type How a host learns a MAC/IP pair:

Static Remote: Statically configured for remote; used only for static VxLAN, not with EVPN
Static Local: Configured on local VTEP
Dynamic: Learned by data plane source learning
Evpn: Learned by EVPN Type 2 (MAC/IP) routes

VXLAN Commands

Table 1-10: ND cache fields

Field Description

Age-Out ND entry expire Time

Total number of The total number of entries listed.

entries

VXLAN Commands

show nvo vxlan static host state

Use this command to display the state of the host which is configured statically.

Command Syntax
show nvo vxlan static host state

Parameters
None

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#sh nvo vxlan static host state
VNID Ifname Vlan Ip-Addr Mac-Addr Status
______________________________________________________________________
100 xe1 2 12.12.12.1 0000.0000.aaaa Inactive
100 xe2 2 1201::1 0000.0000.bbbb Conflict
100 xe3 2 120.120.120.1 0000.0000.bb11 Active
Table 1-7 explains the output fields.
Table 1-11: Static host fields

Field Description

VNID VXLAN network identifier

Ifname Interface name

Vlan VLAN name

Ip-Addr IP address

VXLAN Commands

Table 1-11: Static host fields

Field Description

Mac-Addr MAC address

Status Status of the MAC/IP on the host:

Conflict: When a MAC/IP was configured, the conflict was not known as the VNID was not mapped to the
access port. After the VNID is mapped, if the same MAC/IP is present statically on some other port on the
same VNID, then it is in conflict state.

Learnt Conflict: When a MAC/IP was configured, the conflict was not known. However, it is now in conflict
because the same MAC/IP is configured on an access port on VTEP1 and on an access port on VTEP2.
Because the BGP session/tunnel was not up, the MAC/IP was not known to the other VTEP and the
configuration was allowed. When the BGP session/tunnel comes up and it finds such a conflicted route, it
marks the state as Learnt Conflict.

Inactive: Configured but not operating, such as when the port is not mapped to any VNID. The port is down
and the ARP/ND cache is disabled.

Active: Operating host MAC/IP.

VXLAN Commands

show nvo vxlan tunnel

Use this command to view the source, destination, and status of the VxLAN tunnel entries.

Command Syntax
show nvo vxlan tunnel

Parameters
None

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
The following is a sample output of the show nvo vxlan tunnel command.
#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================
1.1.1.1 2.2.2.2 Installed 00:00:20 00:00:20
Total number of entries are 1
#
Table 1-8 explains the output fields.
Table 1-12: VxLAN tunnel fields

Field Description

Source Tunnel source IP address.

Destination Tunnel destination IP address.

Status Installed: Tunnel Installed in the hardware and operating.

Resolved: Tunnel destination IP is reachable, but VxLAN tunnel not installed in hardware. Therefore, not
operating.

Unresolved: Tunnel destination IP not reachable because L3 route is down.

Up/Down When the tunnel came up or went down

Update When the tunnel was last updated

Total number of The total number of entries listed.

entries

VXLAN Commands

show running-config nvo vxlan

Use this command to display the current running configuration of VxLANs.

Command Syntax
show running-config nvo vxlan

Parameters
None

Command Mode
Exec mode

Applicability
This command was introduced in a version before OcNOS version 1.3 and added few CLIs for IRB and ARP-ND
refresh timer for OcNOS version 1.3.5.

Example
#show running-config nvo vxlan
!
nvo vxlan multihoming enable
!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 1.1.1.1
!
nvo vxlan max-cache-disable 10
!
nvo vxlan tunnel qos-map-mode cos-dscp ingress QUE_DSCP
!
nvo vxlan tunnel qos-map-mode cos-dscp egress DSCP_QUE
!
nvo vxlan id 100 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf1
mac-holdtime 20
!
nvo vxlan access-if port-vlan xe1 2
map vnid 100
access-if-description member-port with xe1 as vlan 2
dynamic-learning disable
arp-nd flood-suppress
arp-cache disable
nd-cache disable
shutdown
mac 0000.0000.1111
mac 0000.0000.aaaa ip 12.12.12.1
mac 0000.0000.bbbb ipv6 1201::1
map qos-profile cos-to-queue COS_QUE
map qos-profile queue-color-to-cos QUE_COS
!
nvo vxlan access-if port-vlan po1 6 inner-vlan 5
encapsulation 0x9100

VXLAN Commands

no shutdown
map vnid 100
!

VXLAN Commands

show evpn multi-homing all

Use this command to display the multi-homed VTEP details.

Command Syntax
show evpn multi-homing (all |)

Parameters
None

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#show evpn multi-homing all
ESI Access-IF PE-IP-ADDRESS
===========================================================
00:00:11:22:33:44:55:66:77:88 ce21/1 1.1.1.1
00:00:11:22:33:44:55:66:77:88 ---- 2.2.2.2
Total number of entries are 2

Table 1-9 explains the output fields.

Table 1-13: show evpn multi-homing all output details

Field Description

ESI An Ethernet segment has an unique nonzero identifier, called the Ethernet segment identifier (ESI).
The ESI is encoded as a 10-octet integer that identifies this segment. When manually configuring an
ESI value, the most significant octet, known as the type byte, must be 00. When a single-homed CE
device is attached to an Ethernet segment, the entire ESI value is zero.

Access-IF Map the access port ce21/1 for evpn.

PE-IP-ADDRESS Address of the provider edge router in the interface.

VXLAN Commands

show evpn multihoming-status

Use this command to display the status of multihoming on a VTEP.

Command Syntax
show evpn multihoming-status

Parameters
None

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#show evpn multihoming-status
Multihoming is ACTIVE in Hardware

VXLAN Commands

show nvo vxlan route-count

Use this command to display the vxlan active route (MAC-IP.MAC-IPv6 and MAC-only) count information.

Command Syntax
show nvo vxlan route-count (|vnid <1-16777215>)

Parameters
<1-16777215> Range supported for VNID.

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3 and modified to include new fields – GW-IPv4, GW_IPv6,
Prefix IPv4 and Prefix IPv6 in OcNOS version 1.3.5.

Example
#show nvo vxlan route-count
VXLAN Active route count information
====================================
Max route count : 32768
Active route count: 7

Note: Prefix count refers only local routes

It does not include evpn prefix routes

------------------------------------------------------------------------------
----------
VNID Total MACONLY MACIPv4 MACIPv6 GW GW Prefix
Prefix
MACIPv4 MACIPv6 IPv4
IPv6
------------------------------------------------------------------------------
----------
2000 3 1 1 1 0 0 0
0
1000 0 0 0 0 0 0 0
0
10002 4 0 0 0 1 1 1
1

Total number of entries are 3

Table 1-10 explains the output fields.

Table 1-14: show nvo vxlan route-count output details

Field Description

Max route count Maximum number of route count in vxlan.

Active route count Number of active route count in the interface.

VXLAN Commands

Table 1-14: show nvo vxlan route-count output details

Field Description

VNID VNID is used to identify Layer 2 segments and to maintain Layer 2 isolation between the segments.

Total Total number of entries for the interface.

MACONLY The MAC-only route for the local interface appears in the VXLAN instance route table.

MACIPv4 IPv4 media access control (MAC) address for a default virtual gateway.

MACIPv6 IPv6 media access control (MAC) address for a default virtual gateway.

VXLAN Commands

show nvo vxlan vni-name

Use this command to display the vxlan results bashed on vni-name.

Command Syntax
show nvo vxlan vni-name (WORD)

Parameters
WORD VNI name of max size 10 character and should not be only numeric.

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#show nvo vxlan vni-name SITEA-PRO
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID Vni-name Type Interface ESI Vlan DF-Status Src-addr Dst-addr
______________________________________________________________________________
______________________________
1 ---- NW ---- ---------- ---- ------ 10.0.1.1 10.0.6.8
1 ---- NW ---- ---------- ---- ------ 10.0.1.1 10.0.6.9
1 ---- NW ---- ---------- ---- ------ 10.0.1.1 10.0.3.1
1 ---- NW ---- ---------- ---- ------ 10.0.1.1 10.0.1.2
1 ---- NW ---- ---------- ---- ------ 10.0.1.1 10.0.5.1
1 ---- NW ---- ---------- ---- ------ 10.0.1.1 10.0.2.2
1 ---- NW ---- ---------- ---- ------ 10.0.1.1 10.0.2.1
1 SITEA-PRO AC xe7 — Single Homed port — 2 ------ ---- ----
1 SITEA-PRO AC xe1 — Single Homed port — 1010 ------ ---- ----
1 SITEA-PRO AC xe1 — Single Homed port — 100 ------ ---- ----
1 SITEA-PRO AC xe1 — Single Homed port — 2020 ------ ---- ----
1 SITEA-PRO AC po1 — Single Homed port — 100 ------ ---- ----
1 SITEA-PRO AC po1 — Single Homed port — 2 ------ ---- ----
1 SITEA-PRO AC po1 — Single Homed port — 200 ------ ---- ----
1 SITEA-PRO AC xe8 — Single Homed port — ---- ------ ---- ----
1 SITEA-PRO AC po2 — Single Homed port — ---- ------ ---- ----
Total number of entries are 16

VXLAN Commands

shutdown
Use this command to administratively shut down an NVO access interface.
Use the no form of this command to start an NVO access interface.

Command Syntax
shutdown
no shutdown

Parameters
None

Default
The NVO access interface is running by default.

Command Mode
NVO access interface mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
#configure terminal
(config)#nvo vxlan access-if port-vlan xe1 2
(config-nvo-acc-if)#shutdown
(config-nvo-acc-if)#exit

VXLAN Commands

vxlan host-reachability-protocol evpn-bgp

Use this command to set the host reachable protocol to Ethernet-VPN over BGP. This defines BGP as the mechanism
for host reachability advertisement.
Use use the no form of this command to remove Ethernet-VPN as the host reachable protocol.

Command Syntax
vxlan host-reachability-protocol evpn-bgp NAME
no vxlan host-reachability-protocol evpn-bgp

Parameters
NAME Name of the VRF to carry VNID routes.

Default
No default value is specified for vxlan host-reachability-protocol command.

Command Mode
NVO mode

Applicability
This command was introduced before OcNOS version 1.3.

Example
(config)#nvo vxlan id 3
(config-nvo)#vxlan host-reachability-protocol evpn-bgp Blue

VXLAN Commands

vlan-xlate-1 large
Use this command to increase the size of the VLAN_XLATE_1_DOUBLE table to 20k. Internally, the BCM maintains
VLAN_XLATE_1_DOUBLE table for access interfaces, L2vnid,and L3vnid. The default size of the table is 16k. After
configuring the CLI, the table size is increased to 20k.
Use the no form of this command to change the VLAN_XLATE_1_DOUBLE table size to default.
Note: Reboot the system after configuring the CLI.

Command Syntax
vlan-xlate-1 large
no vlan-xlate-1 large

Parameters
None

Default
None

Command Mode
Configuration Mode

Applicability
This command was introduced before OcNOS version 6.5.3.

Examples
(config)#vlan-xlate-1 large
OcNOS(config)#commit
%% System Reboot required, please save the config and reboot the board.
OcNOS(config)#end
OcNOS#

VXLAN - IRB Commands

CHAPTER 2 VXLAN - IRB Commands

This chapter describes the VXLAN - IRB commands: These commands are applicable for TR3 and Maverick platform
only.
• evpn irb
• evpn irb-forwarding anycast-gateway-mac
• evpn irb-if-forwarding anycast-gateway-mac
• interface irb
• l3vni
• nvo vxlan irb
• show interface irb
• show evpn l3vni-map
• show evpn irb-status
• show running-config interface irb

VXLAN - IRB Commands

evpn irb
Use this command to configure default gateway behavior on a VTEP for particular VNID.
Use the no form this command to disable default gateway behavior on a VTEP for the particular VNID.
Note: Map an IRB interface to an L2 VNID. This IRB interface can have multiple IP address as configured in IRB IP
address CLI and can serve all subnets attached to the L2 VNID.

Command Syntax
evpn <NAME>
no evpn <NAME>

Parameters
NAME IRB interface name

Command Mode
NVO Mode

Applicability
This command was introduced in OcNOS version 5.1.

Example
#config mode
(config)# nvo vxlan id 2000 ingress-replication inner-vid-disabled
(config-nvo)# evpn irb1
(config-nvo)# no evpn irb1

VXLAN - IRB Commands

evpn irb-forwarding anycast-gateway-mac

Use this command to configure common anycast mac-address for all the IRB interfaces
Use the no form of this command to remove the global MAC address on all the the IRB interfaces.

Command Syntax
evpn irb-forwarding anycast-gateway-mac XXXX.XXXX.XXXX
no evpn irb-forwarding anycast-gateway-mac

Parameters
XX-XX-XX-XX-XX-XX Source MAC address (Option 1)
XX:XX:XX:XX:XX:XX Source MAC address (Option 2)
XXXX.XXXX.XXXX Source MAC address (Option 3)

Command Mode
Configuration Mode

Applicability
This command was introduced in OcNOS version 5.1.

Example
#configure terminal
(config)#evpn irb-forwarding anycast-gateway-mac 0000.0000.1313
Or
(config)#evpn irb-forwarding anycast-gateway-mac 00:00:00:00:13:13
Or
(config)#evpn irb-forwarding anycast-gateway-mac 00-00-00-00-13-13
(config)# no evpn irb-forwarding anycast-gateway-mac

VXLAN - IRB Commands

evpn irb-if-forwarding anycast-gateway-mac

Use this command to enable an IRB interface to use the global anycast IRB mac-address.
Use the no form of this command to un-configure anycast MAC at IRB interface.

Command Syntax
evpn irb-if-forwarding anycast-gateway-mac
no evpn irb-if-forwarding anycast-gateway-mac

Parameters
None

Command Mode
IRB_IF_Mode

Applicability
This command was introduced in OcNOS version 5.1.

Example
#configure teminal
(config)# interface irb 1
(config-irb-if)# ip vrf forwarding vrfip
(config-irb-if)#evpn irb-if-forwarding anycast-gateway-mac
(config-irb-if)#no evpn irb-if-forwarding anycast-gateway-mac

VXLAN - IRB Commands

interface irb
Use this command to configure logical IRB interface.
Use the no form of this command to un-configure logical IRB interface.

Command Syntax
interface irb<1-4094>
no interface irb<1-4094>

Parameters
<1-4094> IRB interface number

Command Mode
Configure mode

Applicability
This command was introduced in OcNOS version 5.1.

Example
#configure teminal
(config)#interface irb1
(config)#no interface irb1

VXLAN - IRB Commands

l3vni
Use this command to configure L3 Virtual Network Identifier for an ip vrf
Use the no form of this command to remove L3 Virtual Network Identifier
This identifies a tenant, with this one tenant can have L3VNI as its identifier and he can have multiple L2 networks
identified with L2VNI's.
Note: L3 VNID cannot be same as L2 VNID.

Command Syntax
l3vni <L3 VNID>
no l3vni <L3 VNID>

Parameters
<1-16777215> L3 VNID. Cannot be same as L2 VNID

Command Mode
Configure VRF mode

Applicability
This command was introduced in OcNOS version 5.1.

Example
#configure teminal
(config)#ip vrf vrfip
(config-vrf)#l3vni 10002
(config-vrf)#no l3vni 10002

VXLAN - IRB Commands

nvo vxlan irb

Use this command to enable IRB functionality.
Use the no form of this command to disable IRB functionality.
Note: Remove the existing L2 VNID configuration to enable IRB.

Command Syntax
nvo vxlan irb
no nvo vxlan irb

Parameters
None

Command Mode
Configure mode

Applicability
This command was introduced in OcNOS version 5.1.

Example
#configure terminal
(config)#nvo vxlan irb
(config)#no nvo vxlan irb

VXLAN - IRB Commands

show bgp l2vpn evpn

Parameters
vrf Virtual Routing and Forwarding instance
WORD VRF name
rd Route distinguisher
WORD Route distinguisher: ASN:nn or IP:nn
prefix-route Shows detail of the Prefix-Route (Type:5))
detail Detailed output of the route-path
time Display learnt time for details for evpn routes.
mac-ip Show detail of the MAC-IP route (Type:2)
mcast Show detail of the Inclusive MULTICAST route (Type:3)
multihoming Show multihoming information
peer-group Dynamic peer-group

Command Mode
Exec mode

Applicability
This command was introduced in OcNOS version 5.1.

Example
show bgp l2vpn evpn detail
BGP route entry for prefix : [1]:[00:00:00:00:11:12:12:22:11:11]:[100]:[100]
Route-Distinguisher: 1.1.1.1:1
Flags : Valid, Selected, IBGP, Labelled
Nexthop : 1.1.1.1 MED value : 0

VXLAN - IRB Commands

Community:
Extended Community: RT:100:1 Encapsulation:VxLAN ESI-Label:0
Weight :0, Local Preference :100
AS Path : Local
Origin : IGP
Last Update : Thu Apr 13 12:05:23 2023
Peer : 1.1.1.1

BGP route entry for prefix : [2]:[0]:[100]:[48,0000:1111:0000]:[32,10.12.11.12]:[100]

Route-Distinguisher: 1.1.1.1:1
Flags : Valid, Selected, IBGP, Labelled
Nexthop : 1.1.1.1 MED value : 0
Community:
Extended Community: RT:100:1 Encapsulation:VxLAN MAC_mob_seq:Static
Weight :0, Local Preference :100
AS Path : Local
Origin : IGP
Last Update : Thu Apr 13 12:05:23 2023
Peer : 1.1.1.1
Total number of prefixes 2

VXLAN - IRB Commands

show bgp l2vpn evpn prefix-route

Use this command to display the Type-5 prefix remote routes.

Command Syntax
show bgp l2vpn evpn prefix-route <vrf WORD | rd Word>

Parameters
None

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 4.1.

Example
rtr1#show bgp l2vpn evpn prefix-route

RD[300:1]
ESI Eth-Tag Prefix-Length IP-Address
GW-IP Address L3VNID Nexthop Encap
0 45001 24 80.80.80.0
0.0.0.0 45001 2.2.2.2 VXLAN
0 45001 24 90.90.90.0
0.0.0.0 45001 2.2.2.2 VXLAN
0 45001 64 8001::
:: 45001 2.2.2.2 VXLAN
0 45001 64 9001::
:: 45001 2.2.2.2 VXLAN
rtr1#

VXLAN - IRB Commands

show interface irb

Use this command to display the current running configuration of IRB interface.

Command Syntax
show interface irb<1-4094>

Parameters
None

Command Mode
Exec mode

Applicability
This command was introduced in OcNOS version 5.1.

Example
rtr1#show interface irb1
Interface irb1
Hardware is IRB Current HW addr: 0000.0000.ff10
Physical:(Not Applicable) Logical:0000.0000.ff10
Port Mode is Router
Interface index: 700001
Metric 0 mtu 1500
Debounce timer: disable
ARP ageing timeout 1500
<UP,BROADCAST,RUNNING,MULTICAST>
VRF Binding: Associated with vrf1
Label switching is disabled
Administrative Group(s): None
DHCP client is disabled.
Last Flapped: Never
Statistics last cleared: 2019 Mar 14 17:57:06 (00:21:31 ago)
inet 80.80.80.1/24 broadcast 80.80.80.255
inet6 8001::1/64
inet6 fe80::200:ff:fe00:ff10/64
RX
unicast packets 0 multicast packets 0 broadcast packets 0
input packets 0 bytes 0
jumbo packets 0
undersize 0 oversize 0 CRC 0 fragments 0 jabbers 0
input error 0
input with dribble 0 input discard 0
Rx pause 0
TX
unicast packets 0 multicast packets 0 broadcast packets 0
output packets 0 bytes 0
jumbo packets 0
output errors 0 collision 0 deferred 0 late collision 0
output discard 0
Tx pause 0
rtr1#

VXLAN - IRB Commands

show evpn l3vni-map

Use this command to display the L3 VNI, L2 VNI and IRB interface mapping.

Command Syntax
show evpn l3vni-map

Parameters
None

Command Mode
Exec mode

Applicability
This command was introduced in OcNOS version 5.1.

Example
rtr3#show evpn l3vni-map
L3VNI L2VNI IRB-interface
===================================
45001 10 irb1
45001 20 irb2

rtr3#

VXLAN - IRB Commands

show evpn irb-status

Use this command to display the status of the IRB on a VTEP.

Command Syntax
show evpn irb-status

Parameters
None

Command Mode
Exec mode

Applicability
This command was introduced before OcNOS version 5.1.

Example
#show evpn irb-status
IRB is ACTIVE in Hardware

VXLAN - IRB Commands

show running-config interface irb

Use this command to display the current running configuration of IRB interface.

Command Syntax
show running-config interface irb<1-4094>

Parameters
None

Command Mode
Exec mode

Applicability
This command was introduced in OcNOS version 5.1.

Example
#show running-config interface irb1
!
interface irb1
ip vrf forwarding vrfip
ip address 144.144.144.1/24
ipv6 address 1201::1/48
evpn irb-if-forwarding anycast-gateway-mac
mac-address 0000.0000.1234
qos map-profile dscp-to-queue DSCP_QUE
qos map-profile queue-color-to-dscp QUE_DSCP
shutdown
!

VXLAN Quality of Service Commands

CHAPTER 3 VXLAN Quality of Service Commands

This chapter describes the VXLAN commands for QoS (Quality of Service):
• clear nvo vxlan tunnels
• cos queue
• dscp queue
• map qos-profile
• map qos-profile cos-to-queue
• map qos-profile queue-color-to-cos
• nvo vxlan disable-arp-storm-control-for-cpu
• nvo vxlan tunnel qos-map-mode cos-dscp
• qos profile cos-to-queue
• qos profile dscp-to-queue
• qos profile queue-color-to-cos
• qos profile queue-color-to-dscp
• queue cos
• queue dscp

VXLAN Quality of Service Commands

clear nvo vxlan tunnels

Use this command to clear the nvo vxlan tunnels to re-establish the tunnel after mapping/un-mapping the QoS profile to
vxlan tunnel.

Command Syntax
clear nvo vxlan tunnels (|dst-ip A.B.C.D)

Parameters
dst-ip VXLAN tunnel destination
A.B.C.D destination IPv4 address

Command Mode
Exec mode

Applicability
This command was introduced in OcNOS version 1.3.

Example
#clear nvo vxlan tunnels dst-ip 2.2.2.2

Note: clear nvo vxlan tunnels This command will clear all the VXLAN tunnels destination.
clear nvo vxlan tunnels dst-ip A.B.C.D - This command to clear individual tunnel destination( i.e
A.B.C.D).

VXLAN Quality of Service Commands

cos queue
Use this command to configure user defined mapping for cos and queue.
Use the no form of this command to remove the mapping.

Command Syntax
cos <0-7> queue <0-7>
no cos <0-7>

Parameters
<0-7> COS and Queue ranger

Default
Default cos and queue value is one-one default mapping if it is not configured.

Command Mode
QoS config mode

Applicability
This command was introduced in OcNOS version 1.3.

Example
(config)#qos profile cos-to-queue ac_port_ingress
(config-ingress-cos-map)#cos 1 queue 7
(config-ingress-cos-map)#no cos 1

VXLAN Quality of Service Commands

dscp queue
Use this command to configure user defined mapping for DSCP to queue. This will be mapped with nvo VXLAN tunnel
of remote VTEP.
Use the no form of this command to delete the mapping.

Command Syntax
dscp <0-63> queue <0-7> (color (green|yellow|red)|) (dscp <0-63>|)
no dscp <0-63>

Parameters
<0-63> DSCP
<0-7> Queue number
color Color to map
green Set mapping for green packets
red Set mapping for red packets
yellow Set mapping for yellow packets
<0-63> out DSCP value

Default
Default queue and cos value is one-one default mapping if it is not configured.

Command Mode
Ingress-dscp-map mode

Applicability
This command was introduced in OcNOS version 1.3.

Example
(config)#qos profile dscp-to-queue nw_profile
(config-ingress-dscp-map)#dscp 50 queue 1
(config-ingress-dscp-map)#no dscp 50

VXLAN Quality of Service Commands

map qos-profile
Use this command to map (attach) the qos profile to an IRB interface.
Use the no form of this command to remove a profile.
Use the following qos profile type for mapping from/to on the IRB interface.
• dscp-to-queue for ingress traffic and
• queue-color-to-dscp profile for egress traffic

Removing the map qos-profile, applies the default profile to the IRB interface.
Note: Default profile is applied to all the IRB interface only when qos is enabled.

Command Syntax
map qos-profile (dscp-to-queue | queue-color-to-dscp) <NAME>
no map qos-profile (dscp-to-queue | queue-color-to-dscp) <NAME>

Parameters
NAME Profile name

Default
By default, the default dscp-to-queue and queue-color-to-dscp profile is attached to all IRB interface.
Changing the value in the default profile, will impact both the IRB interfaces and L3 interfaces.

Command Mode
IRB_IF_Mode

Default
Default mapping between queue and DSCP value is one-one.

Applicability
This command is introduced in OcNOS version 5.1.

Example
#configure terminal
(config)#interface irb 1
(config-irb-if)# map qos-profile queue-color-to-dscp QUE_DSCP
(config-irb-if)# no map qos-profile queue-color-to-dscp QUE_DSCP

(config)#interface irb 1
(config-irb-if)# map qos-profile dscp-to-queue DSCP_QUE
(config-irb-if)# no map qos-profile dscp-to-queue DSCP_QUE

VXLAN Quality of Service Commands

map qos-profile cos-to-queue

Use this command to map the cos-to-queue profile to vxlan access port on the local VTEP.
Use the no form of the command to remove the mapping.

Command Syntax
map qos-profile cos-to-queue NAME
no map qos-profile cos-to-queue NAME

Parameters
NAME Profile name

Default
None

Command Mode
NVO access interface mode

Applicability
This command was introduced in OcNOS version 4.2.

Example
(config)#nvo vxlan access-if port-vlan xe1 10
(config-nvo-acc-if)#map qos-profile cos-to-queue ac_port_ingress
(config-nvo-acc-if)#no map qos-profile cos-to-queue ac_port_ingress

VXLAN Quality of Service Commands

map qos-profile queue-color-to-cos

Use this command to map the queue-color-to-cos profile to vxlan access port on the remote VTEP.
Use the no form of the command to remove the mapping.

Command Syntax
map qos-profile queue-color-to-cos NAME
no map qos-profile queue-color-to-cos NAME

Parameters
NAME Profile name

Default
None

Command Mode
NVO access interface mode

Applicability
This command was introduced in OcNOS version 4.2.

Example
(config)#nvo vxlan access-if port-vlan xe2 10
(config-nvo-acc-if)#map qos-profile queue-color-to-cos ac_profile
(config-nvo-acc-if)#no map qos-profile queue-color-to-cos ac_profile

VXLAN Quality of Service Commands

nvo vxlan disable-arp-storm-control-for-cpu

Use this command to uplift the ARP/ND packet to CPU if packet is marked for DROP by storm control.
Use the no form of this command not to uplift the ARP/ND packet to CPU if marked for drop by storm-control. This is
the default behavior.

Command Syntax
nvo vxlan disable-arp-storm-control-for-cpu
no nvo vxlan disable-arp-storm-control-for-cpu

Parameters
None

Command Mode
Configure mode

Applicability
This command was introduced in OcNOS version 6.5.3.

Example
(config)#nvo vxlan disable-arp-storm-control-for-cpu

VXLAN Quality of Service Commands

nvo vxlan tunnel qos-map-mode cos-dscp

Use this command to map QoS profile for network side to nvo vxlan tunnel. For outgoing/incoming traffic, you need to
provide the direction with the keyword egress/ingress.
Use the no form of this command to delete the mapping.
You must give the clear nvo vxlan tunnels command to do the network port setting for QoS profile mapped.

Command Syntax
nvo vxlan tunnel qos-map-mode cos-dscp (ingress|egress) NAME
no nvo vxlan tunnel qos-map-mode cos-dscp (ingress|egress)

Parameters
NAME Profile name
ingress Ingress direction
egress Egress direction

Command Mode
Configure mode

Applicability
This command was introduced in OcNOS version 1.3.

Example
(config)#nvo vxlan tunnel qos-map-mode cos-dscp egress nw_profile
(config)#no nvo vxlan tunnel qos-map-mode cos-dscp egress
(config)#nvo vxlan tunnel qos-map-mode cos-dscp ingress nw_profile
(config)#no nvo vxlan tunnel qos-map-mode cos-dscp ingress

VXLAN Quality of Service Commands

qos profile cos-to-queue

Use this command to configure cos-to-queue profile. This profile has to be mapped to VXLAN access port on the local
VTEP.
Use the no form of this command to delete the qos profile.

Command Syntax
qos profile cos-to-queue (NAME|default)
no qos profile cos-to-queue NAME

Parameters
NAME QoS profile name for cos-to-queue
default Default name

Command Mode
Configure mode

Applicability
This command was introduced in OcNOS version 1.3.

Example
(config)#qos profile cos-to-queue ac_port_ingress
(config)#no qos profile cos-to-queue ac_port_ingress

VXLAN Quality of Service Commands

qos profile dscp-to-queue

Use this command to configure QoS profile for DSCP to Queue mapping. This profile will be mapped to nvo vxlan
tunnel of remote VTEP. The created profile will support remarking of the data packets.
Use the no form of this command to delete the QoS profile

Command Syntax
qos profile dscp-to-queue (NAME|default}
no qos profile dscp-to-queue NAME

Parameters
NAME Profile name
default Default name

Command Mode
Configure mode

Applicability
This command was introduced in OcNOS version 1.3.

Example
(config)#qos profile dscp-to-queue nw_profile
(config-ingress-dscp-map)#exit
(config)#no qos profile dscp-to-queue nw_profile
(config)#

VXLAN Quality of Service Commands

qos profile queue-color-to-cos

Use this command to configure queue-color-to-cos profile. This profile has to be mapped to VXLAN access port on
remote VTEP.
Use the no form of this command to delete the qos profile.

Command Syntax
qos profile queue-color-to-cos (NAME|default)
no qos profile queue-color-to-cos NAME

Parameters
NAME Profile name
default Default name

Command Mode
Configure mode

Applicability
This command was introduced in OcNOS version 1.3.

Example
(config)#qos profile queue-color-to-cos ac_profile
(config)#no qos profile queue-color-to-cos ac_profile

VXLAN Quality of Service Commands

qos profile queue-color-to-dscp

Use this command to create a QoS profile queue-color-to-dscp. This profile will be mapped to nvo vxlan tunnel of local
VTEP. The created profile supports remarking of the data packets.
Use the no form of this command to delete the profile.

Command Syntax
qos profile queue-color-to-dscp (NAME|default)
no qos profile queue-color-to-dscp NAME

Parameters
NAME Profile name
default Default name

Default
None

Command Mode
Configure mode

Applicability
This command was introduced in OcNOS version 1.3.

Example
(config)#qos profile queue-color-to-dscp nw_profile
(config-egress-dscp-map)#exit
(config)#no qos profile queue-color-to-dscp nw_profile

VXLAN Quality of Service Commands

queue cos
Use this command to configure user defined mapping for queue and cos.
Use the no form of this command to remove the mapping.

Command Syntax
queue <0-7> (color(green|yellow|red|all)|) cos <0-7>
no queue <0-7> (color(green|yellow|red|all)|)

Parameters
<0-7> Queue and cos range
color Color to map
all Set mapping for all packets
green Set mapping for green packets
red Set mapping for red packets
yellow Set mapping for yellow packets

Default
Default queue and cos value is one-one default mapping if it is not configured.

Command Mode
QoS config mode

Applicability
This command was introduced in OcNOS version 1.3.

Example
(config)#qos profile queue-color-to-cos ac_profile
(config-egress-cos-map)#queue 5 cos 2
(config-egress-cos-map)#no queue 5

VXLAN Quality of Service Commands

queue dscp
Use this command to configure user-defined mapping for queue to DSCP. This will be mapped with nvo VXLAN tunnel
of local VTEP.
Use the no form of this command to remove the queue-to-DSCP mapping.

Command Syntax
queue <0-7> (color(green|yellow|red|all)|) dscp <0-63>
no queue <0-7> (color(green|yellow|red|all)|)

Parameters
<0-7> Queue number
<0-63> DSCP
color Color to map
all Set mapping for all packets
green Set mapping for green packets
red Set mapping for red packets
yellow Set mapping for yellow packets

Default
Default queue and cos value is one-one default mapping if it is not configured.

Command Mode
QoS config mode

Applicability
This command was introduced in OcNOS version 1.3.

Example
(config)#qos profile queue-color-to-dscp nw_profile
(config-egress-dscp-map)# queue 1 dscp 63
(config-egress-dscp-map)#no queue 1

Index

Index question mark 13

square brackets 13
time 13
uppercase 12
A variable placeholders 13
vertical bars 12
arp-cache disable 497 WORD 13
arp-nd flood-suppress 498, 579 X:X::X:X 13
X:X::X:X/M 13
B XX:XX:XX:XX:XX:XX 13
configure mode 18
begin modifier 15 curly brackets
BGP community value command syntax 12
command syntax 13
braces D
command syntax 12
dynamic-learning disable 505, 557, 568
C
E
clear mac address table dynamic vxlan 499
clear nvo vxlan counters 501, 577 evpn esi holdtime 507
command abbreviations 11 evpn multi-homing enable 508, 560, 573
command completion 11 exec command mode 18
command line
errors 11
help 10 I
keyboard operations 14 IFNAME 13
command modes 18 Interface irb 511
configure 18 interface mode 18
exec 18 IPv4 address
interface 18 command syntax 13
privileged exec 18 IPv6 address
router 18 command syntax 13
command negation 12
command syntax
? 13 L
. 13
() 12 LINE 13
load-balance rtag7 vxlan inner-l2 512
{} 12
| 12 load-balance rtag7 vxlan inner-l3 513
A.B.C.D/M 13
AA:NN 13 M
BGP community value 13
braces 12 mac 514, 562
conventions 12 MAC address
curly brackets 12 command syntax 13
HH:MM:SS 13 mac vrf 515, 562
IFNAME 13 mac-holdtime 516, 562
interface name 13 map vnid 517
IPv4 address 13
IPv6 address 13 N
LINE 13
lowercase 12 nd-cache disable 533, 564
MAC address 13 no nvo vxlan 519
monospaced font 12 nvo 523
numeric range 13 nvo vxlan 520
parantheses 12 nvo vxlan id 521, 525
parentheses 12 nvo vxlan irb 527
period 13 nvo vxlan mac-ageing-time 543, 566

Index

nvo vxlan tunnel qos-map-mode 527 show nvo vxlan counters network-port 536, 564
nvo vxlan vtep-ip-global 527 show nvo vxlan interface counters 538
show nvo vxlan mac-table 538, 564
P show nvo vxlan nd-cache 541, 566
show nvo vxlan static host state 543, 566
parantheses show nvo vxlan tunnel 545
command syntax 12 show running-config nvo vxlan 546
parentheses shutdown 516, 552, 553, 562
command syntax 12 square brackets
period command syntax 13
command syntax 13
port breakout configuration 256 T
Port Mapping 26
privileged exec mode 18 time
command syntax 13
Q Tunnel End Point 24

question mark U
command syntax 13
unicast configuration 26
R
V
router mode 18
vertical bars
S command syntax 12
VXLAN Architecture 22
show commands 15 VXLAN Commands 495, 556, 567
exclude modifier 16 vxlan host-reachability-protocol evpn-bgp 554
include modifier 16 VXLAN Unicast Configuration 26
redirect modifier 17
show interface irb 552 W
show nvo vxlan 528, 563
show nvo vxlan arp-cache 531 WORD 13
show nvo vxlan counters access-port 533, 564

OcNOS-SP Config Guide
No ratings yet
OcNOS-SP Config Guide
5,404 pages
HE200 - User Manual - A6 - EN - V1.1
77% (13)
HE200 - User Manual - A6 - EN - V1.1
49 pages
Ocnos-Sp 4.2 Mpls Config Guide
No ratings yet
Ocnos-Sp 4.2 Mpls Config Guide
1,696 pages
OcNOS-SP MPLS Config Guide
No ratings yet
OcNOS-SP MPLS Config Guide
1,812 pages
Ocnos DC Openconfig Cmdref
No ratings yet
Ocnos DC Openconfig Cmdref
746 pages
Ocnos DC Layer 3 Guide
No ratings yet
Ocnos DC Layer 3 Guide
1,744 pages
OcNOS-SP Config Guide
No ratings yet
OcNOS-SP Config Guide
4,190 pages
S55 CLI 8.3.5.2 30-Nov-2011
No ratings yet
S55 CLI 8.3.5.2 30-Nov-2011
1,116 pages
Force10-S25v-S50v-N - Reference Guide4 - En-Us PDF
No ratings yet
Force10-S25v-S50v-N - Reference Guide4 - En-Us PDF
1,686 pages
Engine Mechanical Text Section
100% (5)
Engine Mechanical Text Section
103 pages
HPE - A00059864en - Us - Onyx For HPE StoreFabric M-Series Ethernet Switch User Manual
No ratings yet
HPE - A00059864en - Us - Onyx For HPE StoreFabric M-Series Ethernet Switch User Manual
1,666 pages
TCS CLI 8.4.2.7 Oct-01-2012
No ratings yet
TCS CLI 8.4.2.7 Oct-01-2012
1,640 pages
Scg-Ie4010 5000
No ratings yet
Scg-Ie4010 5000
1,160 pages
Mellanox MLNX-OS User Manual For VPI Rev 5.3
No ratings yet
Mellanox MLNX-OS User Manual For VPI Rev 5.3
1,719 pages
OcNOS-SP Timing-Sync Guide
No ratings yet
OcNOS-SP Timing-Sync Guide
166 pages
Application Guide: Ibm System Networking Rackswitch G8124/G8124-E
No ratings yet
Application Guide: Ibm System Networking Rackswitch G8124/G8124-E
472 pages
Edu en Vsos67 Lec Se
No ratings yet
Edu en Vsos67 Lec Se
694 pages
Lenovo CNOS AG 10-7 PDF
No ratings yet
Lenovo CNOS AG 10-7 PDF
746 pages
Advanced Traffic Management Guide
100% (1)
Advanced Traffic Management Guide
460 pages
Big-Ip Advanced Routing™: Integrated Management Interface Command Line Interface Reference Guide
No ratings yet
Big-Ip Advanced Routing™: Integrated Management Interface Command Line Interface Reference Guide
162 pages
ManualCollection MSP HiOS 3A MR 09000 en
No ratings yet
ManualCollection MSP HiOS 3A MR 09000 en
1,161 pages
TCS CLI 8.4.2.4 20-Jul-2011
No ratings yet
TCS CLI 8.4.2.4 20-Jul-2011
1,822 pages
Arista ConfigGuide
No ratings yet
Arista ConfigGuide
564 pages
Ocnos DC Multicast Guide
No ratings yet
Ocnos DC Multicast Guide
326 pages
Poweredge-M1000e User's Guide12 En-Us
No ratings yet
Poweredge-M1000e User's Guide12 En-Us
737 pages
OpenScape UC Application V7 OpenScape Desktop Client Enterprise Web Embedded Edition User Guide Issue 4
No ratings yet
OpenScape UC Application V7 OpenScape Desktop Client Enterprise Web Embedded Edition User Guide Issue 4
403 pages
OcNOS NetConf CmdRef
No ratings yet
OcNOS NetConf CmdRef
72 pages
OcNOS MPLS Quick Config
No ratings yet
OcNOS MPLS Quick Config
46 pages
M4300 Series and M4300-96X Fully Managed Switches: CLI Command Reference Manual
No ratings yet
M4300 Series and M4300-96X Fully Managed Switches: CLI Command Reference Manual
1,147 pages
MRX UserManual
No ratings yet
MRX UserManual
254 pages
OcNOS NetConf User Gde
No ratings yet
OcNOS NetConf User Gde
50 pages
OcNOS-SP VXLAN Guide PDF
No ratings yet
OcNOS-SP VXLAN Guide PDF
462 pages
PC55xx UserGuide
No ratings yet
PC55xx UserGuide
739 pages
57 ManualCollection - GRS103 - HiOS-2S-09100 - en
No ratings yet
57 ManualCollection - GRS103 - HiOS-2S-09100 - en
643 pages
Ocnos DC Qos Guide
No ratings yet
Ocnos DC Qos Guide
259 pages
VyOS Command
No ratings yet
VyOS Command
293 pages
DRGOS 1.14.3 Tutorial A
No ratings yet
DRGOS 1.14.3 Tutorial A
152 pages
Arista EOS ConfigGuide
100% (1)
Arista EOS ConfigGuide
934 pages
Dell Powerconnect 5548 Users Guide
No ratings yet
Dell Powerconnect 5548 Users Guide
728 pages
Nortel Command Line
100% (1)
Nortel Command Line
286 pages
User Guide: Managed Switch LGS5XX
No ratings yet
User Guide: Managed Switch LGS5XX
100 pages
EC Ders Föyü - 241025 - 115702
No ratings yet
EC Ders Föyü - 241025 - 115702
226 pages
SpiderCloud OS (SCOS) Administrator Guide Release 3.1 - October 2013 PDF
No ratings yet
SpiderCloud OS (SCOS) Administrator Guide Release 3.1 - October 2013 PDF
288 pages
OcNOS Trouble Shooting
No ratings yet
OcNOS Trouble Shooting
88 pages
AP9635 User Guide EN
No ratings yet
AP9635 User Guide EN
105 pages
Veyon Admin Manual en - 4.2.4
No ratings yet
Veyon Admin Manual en - 4.2.4
67 pages
Arista EOS ConfigGuide PDF
No ratings yet
Arista EOS ConfigGuide PDF
934 pages
Veyon Admin Manual en - 4.3.0
No ratings yet
Veyon Admin Manual en - 4.3.0
69 pages
Veyon Admin Manual en - 4.2.5
No ratings yet
Veyon Admin Manual en - 4.2.5
67 pages
Netgear GS108T GS110TP
No ratings yet
Netgear GS108T GS110TP
269 pages
Freenas Documentation: Release 9.10-Stable
No ratings yet
Freenas Documentation: Release 9.10-Stable
296 pages
OcNOS System Management Quick Config
No ratings yet
OcNOS System Management Quick Config
22 pages
V14.2 Vmware Installation Guide
No ratings yet
V14.2 Vmware Installation Guide
62 pages
XOS 9.5.4.0 Xos Configuration Guide
No ratings yet
XOS 9.5.4.0 Xos Configuration Guide
306 pages
Netgear GS752TXS User Manual
No ratings yet
Netgear GS752TXS User Manual
318 pages
Westermo MG 6623-3210 BRD-MRD
No ratings yet
Westermo MG 6623-3210 BRD-MRD
278 pages
VSX UserGuide Ver705
No ratings yet
VSX UserGuide Ver705
158 pages
Vyatta Quick Start VC4.1 v02
No ratings yet
Vyatta Quick Start VC4.1 v02
48 pages
EMC2 Getting Started
No ratings yet
EMC2 Getting Started
55 pages
VSX UserGuide Ver705 PDF
No ratings yet
VSX UserGuide Ver705 PDF
158 pages
Vendor List: Ser No Name & Address of Firm Contact Details (Email and Tele Nos) Core Competencies
100% (1)
Vendor List: Ser No Name & Address of Firm Contact Details (Email and Tele Nos) Core Competencies
13 pages
Aflatoxin 4
No ratings yet
Aflatoxin 4
34 pages
Quick Start Guide: Vyatta System
No ratings yet
Quick Start Guide: Vyatta System
46 pages
Kenyatta University: Postgraduate Dissertation Handbook
No ratings yet
Kenyatta University: Postgraduate Dissertation Handbook
29 pages
@vtucode - in 21CS643 Module 4 2021 Scheme
No ratings yet
@vtucode - in 21CS643 Module 4 2021 Scheme
189 pages
Further Graphs and Tangents JNMkC9W7jtFjxkbC
No ratings yet
Further Graphs and Tangents JNMkC9W7jtFjxkbC
30 pages
Q. 1-Q.30 Carry One Mark Each: India's No.1 Institute For GATE Chemical Engineering CH-1
No ratings yet
Q. 1-Q.30 Carry One Mark Each: India's No.1 Institute For GATE Chemical Engineering CH-1
29 pages
10th 06 Aug Intro. To Trigonometry
No ratings yet
10th 06 Aug Intro. To Trigonometry
3 pages
66 Brosur Arthroscopic Energy Generator
No ratings yet
66 Brosur Arthroscopic Energy Generator
2 pages
AMIOA08 MODBUS RTU Commamd
No ratings yet
AMIOA08 MODBUS RTU Commamd
12 pages
Geo Server
No ratings yet
Geo Server
7 pages
Automatic Waste Segregator and Monitoring System: January 2016
No ratings yet
Automatic Waste Segregator and Monitoring System: January 2016
8 pages
B.Com 4th Semb - Math Revision Class Study Materials - Unit-5 To Be Uploaded
No ratings yet
B.Com 4th Semb - Math Revision Class Study Materials - Unit-5 To Be Uploaded
17 pages
Proportional Pressure Reducing Valve, Direct Operated, Increasing Characteristic Curve FTDRE 2 K
No ratings yet
Proportional Pressure Reducing Valve, Direct Operated, Increasing Characteristic Curve FTDRE 2 K
12 pages
RRB Paramedical Answer Key 30-04-2025 Afternoon Shift LABORATORY-ASSISTANT-GRADE-II-3
No ratings yet
RRB Paramedical Answer Key 30-04-2025 Afternoon Shift LABORATORY-ASSISTANT-GRADE-II-3
15 pages
Saint Bernard: Assembly Instructions: Assemble The Head
No ratings yet
Saint Bernard: Assembly Instructions: Assemble The Head
0 pages
Investigatory Project Physics 2023-24
No ratings yet
Investigatory Project Physics 2023-24
7 pages
ChatGPT for Business: Strategies for Success
From Everand
ChatGPT for Business: Strategies for Success
Matthew C. Smith
1/5 (1)
FOSS and Common Core Math - Grade 8
No ratings yet
FOSS and Common Core Math - Grade 8
28 pages
Peregrine
No ratings yet
Peregrine
1 page
Ece 1101-5
No ratings yet
Ece 1101-5
12 pages
Product Data Sheet: APC Smart-UPS RT 5000VA, 208V, Rackmount, 3U, 2x NEMA L6-20R & 2x NEMA L6-30R Outlets
No ratings yet
Product Data Sheet: APC Smart-UPS RT 5000VA, 208V, Rackmount, 3U, 2x NEMA L6-20R & 2x NEMA L6-30R Outlets
4 pages
Missing Views: College of Engineering Engineering Education Innovation Center
No ratings yet
Missing Views: College of Engineering Engineering Education Innovation Center
7 pages
Research Paper 1
No ratings yet
Research Paper 1
24 pages
DLT STK 33 Serisi Trifaze Regulator
No ratings yet
DLT STK 33 Serisi Trifaze Regulator
2 pages
Gray Hat Hacking the Ethical Hacker's
From Everand
Gray Hat Hacking the Ethical Hacker's
Çağatay Şanlı
5/5 (1)
Effects of Defocus Distance On Three-Beam Laser Internal Coaxial Wire Cladding
No ratings yet
Effects of Defocus Distance On Three-Beam Laser Internal Coaxial Wire Cladding
22 pages
HMC346ALC3B: Features Typical Applications
No ratings yet
HMC346ALC3B: Features Typical Applications
6 pages
Introduction To Hook Length Formula PDF
No ratings yet
Introduction To Hook Length Formula PDF
4 pages
Elhassan Elboraey Resume - SWE
No ratings yet
Elhassan Elboraey Resume - SWE
1 page