EVPN Symmetric Routing Configuration Example


Note

EVPN feature is currently supported on X86 platforms only.

Network Requirments

Figure 1 shows our sample topology for EVPN symmetric routing. We have two routers with two servers connected to each router. In this example, Server 1 and Server 2 are in the same network segment, they use L2 VXLAN tunnel for communication. Server 3 and Server 4 are in different network segments, they use L3 VXLAN tunnel for communication. For routed VXLAN traffic within the symmetric IRB model travelling across the same VNI in both directions, same L3 VNI should be configured on Router 1 and Router 2.

                                                                      Figure 1. EVPN Symmetric Routing


Router Configuration

The configuration for Router 1 is shown below. The first part of the configuration deals with physical interfaces and assigning VLANs to these interfaces. Router 1 has three physical interfaces configured, two interfaces connecting server 1 and server 3.

Next we setup the layer 3 VLAN interfaces and configure IP addresses for these interfaces.

Then we setup VXLAN VNIs, enable VLAN to VNI mapping and map VNIs to VLAN IDs. Finally we enable IP routing on the device and configure BGP related parameters such as router ID, BGP neighbor and enabling advertising all VNIs.

Follow the detailed configuration steps below.


Router 1 Configuration

Step 1. Configure physical interfaces, VLAN interfaces and assign VLAN IDs and IP addresses.

admin@router1# set interface gigabit-ethernet te-1/1/11 family ethernet-switching native-vlan-id 2222
admin@router1# set interface gigabit-ethernet te-1/1/10 family ethernet-switching port-mode "trunk"
admin@router1# set interface gigabit-ethernet te-1/1/10 family ethernet-switching vlan members 2221
admin@router1# set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 100 
admin@router1# set l3-interface loopback lo address 201.201.201.201 prefix-length 32
admin@router1# set l3-interface loopback lo address 201.201.201.88 prefix-length 32
admin@router1# set l3-interface vlan-interface vlan100 address 100.1.1.201 prefix-length 24
admin@router1# set l3-interface vlan-interface vlan2222 vrf "vrf1"
admin@router1# set l3-interface vlan-interface vlan2222 address 22.1.1.201 prefix-length 24
admin@router1# set l3-interface vlan-interface vlan1111 vrf "vrf1"
admin@router1# set vlans vlan-id 100 l3-interface "vlan100"
admin@router1# set vlans vlan-id 1111 l3-interface "vlan1111"
admin@router1# set vlans vlan-id 2221
admin@router1# set vlans vlan-id 2222 l3-interface "vlan2222"

Step 2. Configure VXLAN VNI and map VNI IDs to VLAN IDs. Also create an L3 VNI in vrf1.

NOTE:

It is recommended to configure the decapsulation mode as "service-vlan-per-port".

admin@router1# set vxlans source-interface lo address 201.201.201.201
admin@router1# set vxlans vni 9999 vlan 1111
admin@router1# set vxlans vni 22221 decapsulation mode "service-vlan-per-port"
admin@router1# set vxlans vni 22221 vlan 2221
admin@router1# set vxlans vni 22222 decapsulation mode "service-vlan-per-port"
admin@router1# set vxlans vni 22222 vlan 2222
admin@router1# set vxlans vrf vrf1 l3-vni 9999

Step 3. Enable IP routing and configure VRF.

admin@router1# set ip routing enable true 
admin@router1# set ip vrf vrf1

Step 4. Configure BGP related configuration.

admin@router1# set protocols bgp local-as 201
admin@router1# set protocols bgp ebgp-requires-policy false
admin@router1# set protocols bgp router-id 201.201.201.201
admin@router1# set protocols bgp neighbor 100.1.1.134 remote-as "external"
admin@router1# set protocols bgp neighbor 100.1.1.134 update-source "100.1.1.134"
admin@router1# set protocols bgp neighbor 100.1.1.134 evpn activate true
admin@router1# set protocols bgp ipv4-unicast network 201.201.201.201/32
admin@router1# set protocols bgp ipv4-unicast network 201.201.201.88/32
admin@router1# set protocols bgp evpn advertise-all-vni
admin@router1# set protocols bgp evpn advertise ipv4-unicast
admin@router1# set protocols bgp evpn advertise-svi-ip
admin@router1# set protocols bgp vrf vrf1 local-as 201
admin@router1# set protocols bgp vrf vrf1 router-id 201.201.201.201
admin@router1# set protocols bgp vrf vrf1 ipv4-unicast network 22.1.1.0/24
admin@router1# set protocols bgp vrf vrf1 evpn advertise ipv4-unicast

Step 5. Commit the configuration.

admin@router1# commit


Router 2 Configuration

Configuration of Router 2 is shown below. Router 2 also has 3 physical interfaces configured with two interfaces connecting server 2 and server 4. The configuration of Router 2 is almost identical to Router 1 other than the basic configurations like VXLAN VNI and  interface IP addresses. The detailed configuration steps are shown below.


Step 1. Configure physical interfaces, VLAN interfaces and assign VLAN ID to physical interfaces and IP addresses.

admin@router2# set interface gigabit-ethernet te-1/1/11 family ethernet-switching native-vlan-id 3333
admin@router2# set interface gigabit-ethernet te-1/1/11 family ethernet-switching port-mode "trunk"
admin@router2# set interface gigabit-ethernet te-1/1/10 family ethernet-switching port-mode "trunk"
admin@router2# set interface gigabit-ethernet te-1/1/10 family ethernet-switching vlan members 2221
admin@router2# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 100
admin@router2# set l3-interface loopback lo address 134.134.134.134 prefix-length 32
admin@router2# set l3-interface vlan-interface vlan100 address 100.1.1.134 prefix-length 24
admin@router2# set l3-interface vlan-interface vlan3333 vrf "vrf1"
admin@router2# set l3-interface vlan-interface vlan3333 address 33.1.1.134 prefix-length 24
admin@router2# set l3-interface vlan-interface vlan1111 vrf "vrf1"
admin@router2# set vlans vlan-id 100 l3-interface "vlan100"
admin@router2# set vlans vlan-id 1111 l3-interface "vlan1111"
admin@router2# set vlans vlan-id 2221
admin@router2# set vlans vlan-id 3333 l3-interface "vlan3333"

Step 2: Configure VXLAN VNI and map VNI IDs to VLAN IDs.

admin@router2# set vxlans source-interface lo address 134.134.134.134
admin@router2# set vxlans vni 9999 vlan 1111
admin@router2# set vxlans vni 22221 decapsulation mode "service-vlan-per-port"
admin@router2# set vxlans vni 22221 vlan 2221
admin@router2# set vxlans vni 33333 vlan 3333
admin@router2# set vxlans vni 3333 decapsulation mode "service-vlan-per-port"
admin@router2# set vxlans vrf vrf1 l3-vni 9999

Step 3: Enable IP routing and configure VRF.

admin@router2# set ip routing enable true 
admin@router2# set ip vrf vrf1

Step 4: Configure BGP related configuration

admin@router2# set protocols bgp local-as 134
admin@router2# set protocols bgp ebgp-requires-policy false
admin@router2# set protocols bgp router-id 134.134.134.134
admin@router2# set protocols bgp neighbor 100.1.1.201 remote-as "external"
admin@router2# set protocols bgp neighbor 100.1.1.201 update-source "100.1.1.134"
admin@router2# set protocols bgp neighbor 100.1.1.201 evpn activate true
admin@router2# set protocols bgp ipv4-unicast network 134.134.134.134/32
admin@router2# set protocols bgp evpn advertise-all-vni
admin@router2# set protocols bgp evpn advertise-svi-ip
admin@router2# set protocols bgp vrf vrf1 local-as 134
admin@router2# set protocols bgp vrf vrf1 router-id 134.134.134.134
admin@router2# set protocols bgp vrf vrf1 ipv4-unicast network 33.1.1.0/24
admin@router2# set protocols bgp vrf vrf1 evpn advertise ipv4-unicast

Step 5. Commit the configuration.

admin@router2# commit

Verifying Configuration

  • To check the BGP state and neighbor status on Router 2, we will run the run show bgp neighbor command.
admin@router2# run show bgp neighbor 100.1.1.201
BGP neighbor is 100.1.1.201, remote AS 201, local AS 134, external link
Hostname: 51.201
 Member of peer-group fabric for session parameters
  BGP version 4, remote router ID 201.201.201.201, local router ID 134.134.134.134
  BGP state = Established, up for 01:22:43
  • To check the BGP EVPN MAC address table, we will run the command run show vxlan address-table as shown below.
admin@router1# run show vxlan address-table 
VNID           MAC address          Type       Interface          VTEP
-----------    -----------------    -------    ----------------   ---------------
9999           18:5a:58:37:64:61    Dynamic                       134.134.134.134
22221          00:11:11:11:11:11    Dynamic    te-1/1/10                         
22221          00:22:22:22:22:22    Dynamic                       134.134.134.134
22222          00:33:33:33:33:33    Dynamic    te-1/1/11                         
Entries in access port:  2
Entries in network port: 2  


admin@router2# run show vxlan address-table 
VNID           MAC address          Type       Interface          VTEP
-----------    -----------------    -------    ----------------   ---------------
9999           18:5a:58:37:55:e1    Dynamic                       201.201.201.201
22221          00:11:11:11:11:11    Dynamic                       201.201.201.201
22221          00:22:22:22:22:22    Dynamic    te-1/1/10                         
33333          00:44:44:44:44:44    Dynamic    te-1/1/11                         
Entries in access port:  2
Entries in network port: 2
  • To verify the VXLAN tunnel information, run the command run show vxlan tunnel.
admin@router1# run show vxlan tunnel 
Total number of tunnels: 2

VNI 9999, Encap:service-vlan-delete, Decap:service-vlan-add-replace
  src addr:201.201.201.201, dst addr:134.134.134.134, state:UP
  traffic type:unicast
  Vtep type:EVPN 
  nexthops:100.1.1.134 
  output ports:te-1/1/1 

VNI 22221, Encap:service-vlan-delete, Decap:service-vlan-per-port
  src addr:201.201.201.201, dst addr:134.134.134.134, state:UP
  traffic type:all
  Vtep type:EVPN 
  nexthops:100.1.1.134 
  output ports:te-1/1/1 



admin@router2# run show vxlan tunnel 
Total number of tunnels: 2

VNI 9999, Encap:service-vlan-delete, Decap:service-vlan-add-replace
  src addr:134.134.134.134, dst addr:201.201.201.201, state:UP
  traffic type:unicast
  Vtep type:EVPN 
  nexthops:100.1.1.201 
  output ports:ge-1/1/1 

VNI 22221, Encap:service-vlan-delete, Decap:service-vlan-per-port
  src addr:134.134.134.134, dst addr:201.201.201.201, state:UP
  traffic type:all
  Vtep type:EVPN 
  nexthops:100.1.1.201 
  output ports:ge-1/1/1  
  • Run the command run show vxlan evpn rmac to display the Router-MAC (rmac) and other VXLAN parameters. Note that to configure rmac for a layer 3 VLAN interface, run the command set l3-interface vlan-interface <interface-name> router-mac <router-mac>. The system MAC of the switch is displayed if the router MAC is not configured.
admin@router1# run show vxlan evpn rmac 
L3-VNI    Interface      SVI-Interface  Remote-VTEP      Neighbor-RMAC      Flags
--------  -------------  -------------  ---------------  -----------------  -----
9999      vxlan9999      vlan1111       134.134.134.134  18:5a:58:37:64:61  0x16 



admin@router2# run show vxlan evpn rmac 
L3-VNI    Interface      SVI-Interface  Remote-VTEP      Neighbor-RMAC      Flags
--------  -------------  -------------  ---------------  -----------------  -----
9999      vxlan9999      vlan1111       201.201.201.201  18:5a:58:37:55:e1  0x16   
  • To display the VXLAN EVPN routes, run the command run show vxlan evpn route.
admin@router1# run show vxlan evpn route ipv4 
VRF       ROUTE             NextHop          VNI         Interface
--------  ----------------  ---------------  ----------  -----------------
vrf1      33.1.1.1/32       134.134.134.134  9999        vlan1111         
vrf1      33.1.1.134/32     134.134.134.134  9999        vlan1111         
vrf1      33.1.1.0/24       134.134.134.134  9999        vlan1111 



admin@router2# run show vxlan evpn route ipv4 
VRF       ROUTE             NextHop          VNI         Interface
--------  ----------------  ---------------  ----------  -----------------
vrf1      22.1.1.1/32       201.201.201.201  9999        vlan1111         
vrf1      22.1.1.201/32     201.201.201.201  9999        vlan1111         
vrf1      22.1.1.0/24       201.201.201.201  9999        vlan1111        
  • To check the ARP table of a device, run the command run show vxlan arp. 
admin@router1# run show vxlan arp 
IP-ADDRESS       MAC-ADDRESS        VNI       REMOTE-VTEP      Interface   Status   Age
---------------  -----------------  --------  ---------------  ----------  -------  ----
22.1.1.1         00:33:33:33:33:33  22222                      te-1/1/11   Dynamic  23  



admin@router2# run show vxlan arp 
IP-ADDRESS       MAC-ADDRESS        VNI       REMOTE-VTEP      Interface   Status   Age
---------------  -----------------  --------  ---------------  ----------  -------  ----
33.1.1.1         00:44:44:44:44:44  33333                      te-1/1/11   Dynamic  26   

Copyright © 2024 Pica8 Inc. All Rights Reserved.