EVPN Asymmetric Routing Example


Note

EVPN feature is only available on X86 platforms.

Network Requirements

PICOS version 4.0 and higher offer both Symmetric and Asymmetric routing for BGP EVPN hosts. In this document we will examine the case of Asymmetric EVPN routing with two hosts in different VNIs on two devices, R1 and R2.

Figure 1 depicts how packet exchange between two hosts occurs in asymmetric BGP EVPN routing model. In the asymmetric routing model, the two end hosts, Host1 and Host2 are in two different VLANs and different VNIs. Host1 intends to communicate with Host2, sends a packet with destination MAC address of of R1 because R1 is configured as the gateway on Host1. On R1, the gateway is configured on an interface that belongs to VNI 30. The packet from Host1 on ingress at R1 is first routed to VNI 30 within R1 and then bridged to R2 over the VXLAN tunnel VNI 30. On receiving the packet, R2 will strip off the VXLAN header and forward the packet to Host2. 

                                                 Figure 1. EVPN Asymmetric Routing Model


The one limitation in this model is that both the devices must have the two VXLAN VNIs configured regardless if there are any hosts connected to it. In Figure 1, Host1 belongs to VNI 10 but both VNI 10 and VNI 30 are configured on R1. Similarly, Host2 belongs to VNI 30 but both VNI 10 and VNI 30 are configured on R2 for asymmetric routing to work properly.

Router Configuration

R1 Configuration

Step 1     Configure VLAN ID, L3 VLAN interfaces loopback interfaces and IP addressing. Interface te-1/1/15 connects to Host1.

     NOTE: "router-mac" is an optional configuration for anycast gateway.

admin@R1# set vlans vlan-id 10 l3-interface vlan10
admin@R1# set vlans vlan-id 30 l3-interface vlan30
admin@R1# set vlans vlan-id 1111 l3-interface vlan1111
admin@R1# set vlans vlan-id 4094 l3-interface vlan4094
admin@R1# set interface gigabit-ethernet te-1/1/15 family ethernet-switching native-vlan-id 10
admin@R1# set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 4094
admin@R1# set l3-interface loopback lo address 1.1.1.1 prefix-length 32
admin@R1# set l3-interface loopback vrf1 address 201.201.201.201 prefix-length 32
admin@R1# set l3-interface vlan-interface vlan4094 address 40.94.0.2 prefix-length 24
admin@R1# set l3-interface vlan-interface vlan1111 vrf vrf1
admin@R1# set l3-interface vlan-interface vlan10 vrf vrf1
admin@R1# set l3-interface vlan-interface vlan10 router-mac 00:00:10:00:00:FE
admin@R1# set l3-interface vlan-interface vlan10 address 10.1.1.10 prefix-length 24
admin@R1# set l3-interface vlan-interface vlan30 vrf vrf1
admin@R1# set l3-interface vlan-interface vlan30 router-mac 00:00:30:00:00:FE
admin@R1# set l3-interface vlan-interface vlan30 address 30.1.1.30 prefix-length 24

Step 2     Configure VXLAN VNI and map VNI IDs to VLAN IDs.

NOTEs:

  • When anycast gateway is configured, it is recommended to configure ARP/ND suppression at the same time.
  • It is recommended to configure the decapsulation mode as "service-vlan-per-port".
admin@R1# set vxlans source-interface lo address 1.1.1.1
admin@R1# set vxlans vni 100 vlan 1111
admin@R1# set vxlans vni 10 decapsulation mode service-vlan-per-port
admin@R1# set vxlans vni 10 vlan 10
admin@R1# set vxlans vni 10 arp-nd-suppress disable false
admin@R1# set vxlans vni 30 decapsulation mode service-vlan-per-port
admin@R1# set vxlans vni 30 vlan 30
admin@R1# set vxlans vni 30 arp-nd-suppress disable false
admin@R1# set vxlans vrf vrf1 l3-vni 100 prefix-routes-only

Step 3     Enable IP routing and configure VRF and hostname.

admin@R1# set system hostname R1
admin@R1# set ip routing enable true
admin@R1# set ip vrf vrf1

Step 4     Configure BGP and OSPF related configuration.

NOTE:

The set protocols bgp evpn advertise ipv4-unicast command is used to announce IPv4 prefixes in the BGP RIB as EVPN Type-5 routes. To announce IPv6 prefixes in the BGP RIB as EVPN Type-5 routes, use command set protocols bgp evpn advertise ipv6-unicast.

admin@R1# set protocols bgp local-as 65001
admin@R1# set protocols bgp router-id 1.1.1.1
admin@R1# set protocols bgp neighbor 2.2.2.2 remote-as internal
admin@R1# set protocols bgp neighbor 2.2.2.2 update-source 1.1.1.1
admin@R1# set protocols bgp neighbor 2.2.2.2 evpn activate true
admin@R1# set protocols bgp ipv4-unicast
admin@R1# set protocols bgp evpn advertise-all-vni
admin@R1# set protocols bgp evpn advertise ipv4-unicast
admin@R1# set protocols bgp evpn advertise-svi-ip
admin@R1# set protocols bgp vrf vrf1 local-as 65001
admin@R1# set protocols bgp vrf vrf1 router-id 1.1.1.1
admin@R1# set protocols bgp vrf vrf1 evpn advertise ipv4-unicast
admin@R1# set protocols ospf router-id 1.1.1.1
admin@R1# set protocols ospf network 40.94.0.0/24 area 0.0.0.0
admin@R1# set protocols ospf network 1.1.1.1/32 area 0.0.0.0
admin@R1# set vlans vlan-id 10 l3-interface vlan10
admin@R1# set vlans vlan-id 30 l3-interface vlan30
admin@R1# set vlans vlan-id 1111 l3-interface vlan1111
admin@R1# set vlans vlan-id 4094 l3-interface vlan4094

Step 5     Commit the configuration.

admin@R1# commit


R2 Configuration

Step 1     Configure VLAN ID, L3 VLAN interfaces loopback interfaces and IP addresses. Interface ge-1/1/15 connects to Host2.

admin@R2# set vlans vlan-id 10 l3-interface vlan10
admin@R2# set vlans vlan-id 30 l3-interface vlan30
admin@R2# set vlans vlan-id 1111 l3-interface vlan1111
admin@R2# set vlans vlan-id 4094 l3-interface vlan4094
admin@R2# set interface gigabit-ethernet ge-1/1/15 family ethernet-switching native-vlan-id 30
admin@R2# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 4094
admin@R2# set l3-interface loopback lo address 2.2.2.2 prefix-length 32
admin@R2# set l3-interface loopback vrf1 address 134.134.134.134 prefix-length 32
admin@R2# set l3-interface vlan-interface vlan1111 vrf vrf1
admin@R2# set l3-interface vlan-interface vlan4094 address 40.94.0.1 prefix-length 24
admin@R2# set l3-interface vlan-interface vlan10 vrf vrf1
admin@R2# set l3-interface vlan-interface vlan10 router-mac 00:00:10:00:00:FE
admin@R2# set l3-interface vlan-interface vlan10 address 10.1.1.10 prefix-length 24
admin@R2# set l3-interface vlan-interface vlan30 vrf vrf1
admin@R2# set l3-interface vlan-interface vlan30 router-mac 00:00:30:00:00:FE
admin@R2# set l3-interface vlan-interface vlan30 address 30.1.1.30 prefix-length 24

Step 2     Configure VXLAN VNI and map VNI IDs to VLAN IDs.

admin@R2# set vxlans source-interface lo address 2.2.2.2
admin@R2# set vxlans vni 100 vlan 1111
admin@R2# set vxlans vni 10 decapsulation mode service-vlan-per-port
admin@R2# set vxlans vni 10 vlan 10
admin@R2# set vxlans vni 10 arp-nd-suppress disable false
admin@R2# set vxlans vni 30 decapsulation mode service-vlan-per-port
admin@R2# set vxlans vni 30 vlan 30
admin@R2# set vxlans vni 30 arp-nd-suppress disable false
admin@R2# set vxlans vrf vrf1 l3-vni 100 prefix-routes-only

Step 3     Enable IP routing and configure VRF and hostname.

admin@R2# set system hostname R2
admin@R2# set ip routing enable true
admin@R2# set ip vrf vrf1


Step 4     Configure BGP and OSPF related configuration

admin@R2# set protocols bgp local-as 65001
admin@R2# set protocols bgp router-id 2.2.2.2
admin@R2# set protocols bgp neighbor 1.1.1.1 remote-as internal
admin@R2# set protocols bgp neighbor 1.1.1.1 update-source 2.2.2.2
admin@R2# set protocols bgp neighbor 1.1.1.1 evpn activate true
admin@R2# set protocols bgp evpn advertise-all-vni
admin@R2# set protocols bgp evpn advertise ipv4-unicast
admin@R2# set protocols bgp evpn advertise-svi-ip
admin@R2# set protocols bgp vrf vrf1 local-as 65001
admin@R2# set protocols bgp vrf vrf1 router-id 2.2.2.2
admin@R2# set protocols bgp vrf vrf1 evpn advertise ipv4-unicast
admin@R2# set protocols lldp enable true
admin@R2# set protocols spanning-tree enable false
admin@R2# set protocols ospf router-id 2.2.2.2
admin@R2# set protocols ospf network 40.94.0.0/24 area 0.0.0.0
admin@R2# set protocols ospf network 2.2.2.2/32 area 0.0.0.0

Step 5     Commit the configuration.

admin@R2# commit

Verify Configuration

  • On R1 and R2, run the command run show route vrf vrf1 forward-host ipv4 all to display the host routes.
admin@R1# run show route vrf vrf1 forward-host ipv4 all 
Address           HWaddress           Port    
---------------   -----------------   ---------
10.1.1.2         00:1E:C9:BB:C0:3C   vxlan-0x80000002
30.1.1.2         00:0C:29:77:8B:15   vxlan-0x80000001
Total host count:2


admin@R2# run show route vrf vrf1 forward-host ipv4 all 
Address           HWaddress           Port    
---------------   -----------------   ---------
10.1.1.2          00:1E:C9:BB:C0:3C   vxlan-0x80000001
30.1.1.2          00:0C:29:77:8B:15   vxlan-0x80000003
Total host count:2
  • Run the command run show vxlan arp on either R1 or R2 to check VXLAN ARP table.
admin@R1# run show vxlan arp 
IP-ADDRESS       MAC-ADDRESS        VNI        Status     Age        Interface      REMOTE-VTEP      
---------------  -----------------  --------  --------   ----------  ------------    ---------- 
10.1.1.2        00:1e:c9:bb:c0:3c  10          Dynamic    135         te-1/1/15  
30.1.1.2        00:0c:29:77:8b:15  30          Static                                2.2.2.2


admin@R2# run show vxlan arp 
IP-ADDRESS       MAC-ADDRESS         VNI        Status    Age         Interface      REMOTE-VTEP
---------------  -----------------  --------  ---------  ----------   ---------      ----------
10.1.1.2         00:1e:c9:bb:c0:3c   10         Static                                1.1.1.1        
30.1.1.2         00:0c:29:77:8b:15   30         Dynamic  168          ge-1/1/15                   
  • Run the command run show vxlan address-table to display the VXLAN address table.
admin@R1# run show vxlan address-table 
VNID           MAC address          Type       Interface          VTEP
-----------    -----------------    -------    ----------------   ---------------
10             00:1e:c9:bb:c0:3c    Dynamic    te-1/1/15                         
30             00:0c:29:77:8b:15    Dynamic                       2.2.2.2        
30             00:50:56:65:5c:b2    Dynamic                       2.2.2.2        
Entries in access port:  1
Entries in network port: 2



admin@R2# run show vxlan address-table 
VNID           MAC address          Type       Interface          VTEP
-----------    -----------------    -------    ----------------   ---------------
10             00:1e:c9:bb:c0:3c    Dynamic                       1.1.1.1        
30             00:0c:29:77:8b:15    Dynamic    ge-1/1/15                         
30             00:50:56:65:5c:b2    Dynamic    ge-1/1/15                        
Entries in access port:  2
Entries in network port: 1
  • To check the VXLAN tunnels on either devices, run the command run show vxlan tunnel.
admin@R1# run show vxlan tunnel 
Total number of tunnels: 2

VNI 10, Encap:service-vlan-delete, Decap:service-vlan-per-port
  src addr:1.1.1.1, dst addr:2.2.2.2, state:UP
  traffic type:all
  Vtep type:EVPN 
  nexthops:40.94.0.1 
  output ports:te-1/1/1 

VNI 30, Encap:service-vlan-delete, Decap:service-vlan-per-port
  src addr:1.1.1.1, dst addr:2.2.2.2, state:UP
  traffic type:all
  Vtep type:EVPN 
  nexthops:40.94.0.1 
  output ports:te-1/1/1 



admin@R2# run show vxlan tunnel 
Total number of tunnels: 2

VNI 10, Encap:service-vlan-delete, Decap:service-vlan-per-port
  src addr:2.2.2.2, dst addr:1.1.1.1, state:UP
  traffic type:all
  Vtep type:EVPN 
  nexthops:40.94.0.2 
  output ports:ge-1/1/1 

VNI 30, Encap:service-vlan-delete, Decap:service-vlan-per-port
  src addr:2.2.2.2, dst addr:1.1.1.1, state:UP
  traffic type:all
  Vtep type:EVPN 
  nexthops:40.94.0.2 
  output ports:ge-1/1/1


Copyright © 2024 Pica8 Inc. All Rights Reserved.