EVPN IRB - Anycast Support for Multiple Subnets
Overview
An EVPN-based Integrated Routing and Bridging (IRB) solution enables communication between two Layer-2 Virtual Network Identifiers (VNIDs) using IP-based Virtual Routing and Forwarding (IP-VRF). This enhancement provides Anycast Gateway Routing support for multiple subnets under the IRB interface per VNID. It allows for efficient Layer-3 termination at the VTEP for traffic originating from various subnets within a broadcast domain.
Feature Characteristics
• Connects primary or secondary subnets with either router MAC or anycast MAC address.
• Supports Anycast Gateway for multiple subnets under the layer-2 VNID's.
• Subnets A, B, and C can have Anycast Gateway support, while subnet D is reserved for BGP.
• Supports the Interfacefull model for ARP/ND requests and the interfaceless model using the kernel interface with a unique MAC per interface (Router MAC or Anycast MAC) for all subnets.
ARP/ND replies come from the ARP/ND cache table for host requests. Hosts can send Layer-3 packets with either Anycast MAC or Router MAC, and Layer-3 termination in the VTEP happens for both. By default, each subnet uses the Router MAC in ARP/ND cache. When the anycast argument is configured, it updates the ARP cache with the Anycast MAC. BGP withdraws the Route-Type 2 and update with Anycast/Router MAC to inform the configured gateway for the layer-2 VNID to non-default gateway nodes.
Benefits
EVPN IRB Anycast Support for Multiple Subnets offers benefits in networking environments by providing efficient traffic control, enhanced security, scalability, and improved performance:
• Distributed Default Gateway: Enables consistent Anycast gateway across all VTEPs.
• Operational Flexibility: Supports multiple subnets under a single VNID without additional interfaces.
• Traffic Optimization: Ensures local routing at ingress VTEP.
• Scalability: Supports multiple tenant VRFs and VNIs.
• Multihoming Support: Integrates with EVPN ESI multihoming for redundancy.
• Control-Plane Synchronization: Automatically updates MAC-IP advertisement upon gateway mode changes.
Topology
The topology illustrates Anycast Gateway Routing across multiple primary and secondary subnets (such as subnets A, B, and C) under the IRB interface for each VNID. This allows hosts to send Layer 3 packets using either an Anycast MAC or a Router MAC, with termination happening at the local VTEP to minimize traffic hairpining.
• VTEPs (VTEP1, VTEP2, VTEP4, VTEP5): These nodes function as the VXLAN Tunnel End Points where Layer-3 termination occurs for both Router MAC and Anycast MAC addresses.
• Multi-homed Group (MH 2): VTEP1 and VTEP2 form a redundant connection to Switch1 (SW1) to provide high availability for the connected tenant systems.
• Switch1 (SW1): Connects the multihomed Tenant Systems (TS1 and TS2) to VTEP1 and VTEP2 via a Port Channel (po1). It handles the VLAN trunking required to carry traffic for subnets 10 and 20.
• Switch2 (SW2): Provides connectivity for Tenant System TS2-21 to VTEP4. It participates in OSPF to ensure underlay reachability for the traffic it forwards.
• P3: Acts as the central underlay connectivity point where all VTEP interfaces (such as xe25, xe27, xe7, and xe40) are interconnected.
EVPN IRB for Multiple Subnets
Configuration
Configure the nodes within the topology to set up EVPN IRB with Anycast support for multiple subnets.
Prerequisites
Ensure the following base configurations are active before configuring Anycast support for multiple subnets:
• Establish Underlay or Overlay Connectivity: Configure OSPF and BGP (L2VPN EVPN address family) to establish reachability between VTEPs.
• Configure EVPN Multihoming: Enable multihoming and configure the ESI hold time. For configurations, refer the VXLAN Multi-homing Configuration section.
• Define VRFs: Create L2 and L3 VRFs with appropriate Route Distinguishers (RD) and Route Targets (RT).
Perform the following steps to configure the L3 VRF and the IRB interface for multi-subnet support:
1. Define the virtual MAC address that all VTEPs will share to act as a single logical default gateway for the subnets.
(config)# evpn irb-forwarding anycast-gateway-mac 0000.0000.abcd
2. Configure the IRB interface, associate it with an L3VRF, and enable anycast gateway functionality.
(config)# interface irb1001
(config-if)# ip vrf forwarding L3VRF1
(config-if)# evpn irb-if-forwarding anycast-gateway-mac
3. Configure primary and secondary IPv4 and IPv6 addresses on the IRB interface using the anycast keyword..
(config-irb-if)# ip address 11.11.11.1/24 anycast
(config-irb-if)# ip address 12.11.11.1/24 secondary anycast
(config-irb-if)# ip address 15.11.11.1/16 secondary anycast
(config-irb-if)# ipv6 address 11:11::11:1/48 anycast
(config-irb-if)# ipv6 address 13:11::11:1/48 anycast
4. Associate the specific VXLAN Network Identifier (VNID) with the IRB interface and define the reachability protocol.
(config)# nvo vxlan id 101 ingress-replication inner-vid-disabled
(config-nvo)# vxlan host-reachability-protocol evpn-bgp L2VRF1
(config-nvo)# evpn irb1001
Note: Perform these configuration steps on all participating VTEPs within EVPN to ensure consistent Anycast Gateway and seamless host mobility. Ensure that the Anycast Gateway MAC address remains identical across all nodes.
Running Configurations
VTEP1
hostname VTEP1
!
# Prerequisites (Global Enablement & Multihoming)
nvo vxlan enable
nvo vxlan irb
evpn esi hold-time 90
evpn vxlan multihoming enable
evpn irb-forwarding anycast-gateway-mac 0000.0000.abcd
nvo vxlan vtep-ip-global 1.1.1.1
!
ip vrf L3VRF1
rd 1.1.1.1:11
route-target both 5000:11
l3vni 1000
!
mac vrf L2VRF1
description MAC VRF RED
rd 1.1.1.1:1
route-target both 5000:1
!
mac vrf L2VRF2
description MAC VRF BLUE
rd 1.1.1.1:2
route-target both 5000:2
!
interface po1
switchport
evpn multi-homed system-mac 0000.0000.1212
!
interface xe2
channel-group 1 mode active
!
interface xe25
ip address 100.11.11.1/24
!
interface irb1001
ip vrf forwarding L3VRF1
evpn irb-if-forwarding anycast-gateway-mac
ip address 11.11.11.1/24 anycast
# Secondary IPv4 Anycast Subnets
ip address 12.11.11.1/24 secondary anycast
ip address 15.11.11.1/16 secondary anycast
ip address 16.11.11.1/8 secondary anycast
ip address 17.11.11.1/24 secondary anycast
ip address 18.11.11.1/16 secondary anycast
ip address 20.11.11.1/24 secondary anycast
ip address 21.11.11.1/8 secondary anycast
ip address 22.11.11.1/24 secondary anycast
ip address 25.11.11.1/16 secondary anycast
# Non-Anycast Subnets (Router MAC)
ip address 13.11.11.1/16 secondary
ip address 14.11.11.1/24 secondary
ip address 19.11.11.1/8 secondary
# IPv6 Anycast Subnets
ipv6 address 11:11::11:1/48 anycast
ipv6 address 13:11::11:1/48 anycast
ipv6 address 14:11::11:1/50 anycast
ipv6 address 12:11::11:1/64
!
router ospf 100
ospf router-id 1.1.1.1
network 1.1.1.1/32 area 0.0.0.0
network 100.11.11.0/24 area 0.0.0.0
bfd all-interfaces
!
router bgp 5000
bgp router-id 1.1.1.1
neighbor 2.2.2.2 remote-as 5000
neighbor 2.2.2.2 update-source lo
neighbor 2.2.2.2 advertisement-interval 0
neighbor 4.4.4.4 remote-as 5000
neighbor 4.4.4.4 update-source lo
neighbor 4.4.4.4 advertisement-interval 0
neighbor 5.5.5.5 remote-as 5000
neighbor 5.5.5.5 update-source lo
neighbor 5.5.5.5 advertisement-interval 0
address-family l2vpn evpn
neighbor 2.2.2.2 activate
neighbor 4.4.4.4 activate
neighbor 5.5.5.5 activate
!
nvo vxlan id 101 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF1
evpn irb1001
vni-name VNI-101
!
nvo vxlan id 201 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF2
evpn irb2001
vni-name VNI-201
!
nvo vxlan access-if port-vlan po1 10
map vnid 101
mac 0000.2222.1010 ip 11.11.11.51
!
nvo vxlan access-if port-vlan po1 20
map vnid 201
mac 0000.2222.1020 ip 21.21.21.51
VTEP2
hostname VTEP2
!
nvo vxlan enable
nvo vxlan irb
evpn esi hold-time 90
evpn vxlan multihoming enable
evpn irb-forwarding anycast-gateway-mac 0000.0000.abcd
nvo vxlan vtep-ip-global 2.2.2.2
!
mac vrf L2VRF1
description MAC VRF RED
rd 2.2.2.2:1
route-target both 5000:1
!
mac vrf L2VRF2
description MAC VRF BLUE
rd 2.2.2.2:2
route-target both 5000:2
!
ip vrf L3VRF1
rd 2.2.2.2:11
route-target both 5000:11
l3vni 1000
!
interface po1
switchport
evpn multi-homed system-mac 0000.0000.1212
!
interface xe8
channel-group 1 mode active
!
interface xe27
ip address 100.22.22.1/24
!
interface irb1001
ip vrf forwarding L3VRF1
evpn irb-if-forwarding anycast-gateway-mac
ip address 11.11.11.1/24 anycast
ip address 12.11.11.1/24 secondary anycast
ip address 13.11.11.1/16 secondary
ip address 14.11.11.1/24 secondary
ip address 15.11.11.1/16 secondary anycast
ip address 16.11.11.1/8 secondary anycast
ip address 17.11.11.1/24 secondary anycast
ip address 18.11.11.1/16 secondary anycast
ip address 19.11.11.1/8 secondary
ip address 20.11.11.1/24 secondary anycast
ip address 21.11.11.1/8 secondary anycast
ip address 22.11.11.1/24 secondary anycast
ip address 25.11.11.1/16 secondary anycast
ipv6 address 11:11::11:1/48 anycast
ipv6 address 12:11::11:1/64
ipv6 address 13:11::11:1/48 anycast
ipv6 address 14:11::11:1/50 anycast
!
router ospf 100
ospf router-id 2.2.2.2
network 2.2.2.2/32 area 0.0.0.0
network 100.22.22.0/24 area 0.0.0.0
bfd all-interfaces
!
router bgp 5000
bgp router-id 2.2.2.2
neighbor 1.1.1.1 remote-as 5000
neighbor 1.1.1.1 update-source lo
neighbor 1.1.1.1 advertisement-interval 0
neighbor 4.4.4.4 remote-as 5000
neighbor 4.4.4.4 update-source lo
neighbor 4.4.4.4 advertisement-interval 0
neighbor 5.5.5.5 remote-as 5000
neighbor 5.5.5.5 update-source lo
neighbor 5.5.5.5 advertisement-interval 0
address-family l2vpn evpn
neighbor 1.1.1.1 activate
neighbor 4.4.4.4 activate
neighbor 5.5.5.5 activate
!
nvo vxlan id 101 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF1
evpn irb1001
vni-name VNI-101
!
nvo vxlan id 201 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF2
evpn irb2001
vni-name VNI-201
!
nvo vxlan access-if port-vlan po1 10
map vnid 101
mac 0000.2222.1010 ip 11.11.11.51
!
nvo vxlan access-if port-vlan po1 20
map vnid 201
mac 0000.2222.1020 ip 21.21.21.51
VTEP4
hostname VTEP4
!
nvo vxlan enable
nvo vxlan irb
evpn irb-forwarding anycast-gateway-mac 0000.0000.abcd
nvo vxlan vtep-ip-global 4.4.4.4
!
mac vrf L2VRF1
description MAC VRF RED
rd 4.4.4.4:1
route-target both 5000:1
!
mac vrf L2VRF2
description MAC VRF BLUE
rd 4.4.4.4:2
route-target both 5000:2
!
ip vrf L3VRF1
rd 4.4.4.4:11
route-target both 5000:11
l3vni 1000
!
interface po1
switchport
!
interface xe3
channel-group 1 mode active
!
interface xe7
ip address 100.44.44.1/24
!
interface irb1001
ip vrf forwarding L3VRF1
evpn irb-if-forwarding anycast-gateway-mac
ip address 11.11.11.1/24 anycast
ip address 12.11.11.1/24 secondary anycast
ip address 13.11.11.1/16 secondary
ip address 14.11.11.1/24 secondary
ip address 15.11.11.1/16 secondary anycast
ip address 16.11.11.1/8 secondary anycast
ip address 17.11.11.1/24 secondary anycast
ip address 18.11.11.1/16 secondary anycast
ip address 19.11.11.1/8 secondary
ip address 20.11.11.1/24 secondary anycast
ip address 21.11.11.1/8 secondary anycast
ip address 22.11.11.1/24 secondary anycast
ip address 25.11.11.1/16 secondary anycast
ipv6 address 11:11::11:1/48 anycast
ipv6 address 12:11::11:1/64
ipv6 address 13:11::11:1/48 anycast
ipv6 address 14:11::11:1/50 anycast
!
router ospf 100
ospf router-id 4.4.4.4
network 4.4.4.4/32 area 0.0.0.0
network 100.44.44.0/24 area 0.0.0.0
bfd all-interfaces
!
router bgp 5000
bgp router-id 4.4.4.4
neighbor 2.2.2.2 remote-as 5000
neighbor 2.2.2.2 update-source lo
neighbor 2.2.2.2 advertisement-interval 0
neighbor 1.1.1.1 remote-as 5000
neighbor 1.1.1.1 update-source lo
neighbor 1.1.1.1 advertisement-interval 0
neighbor 5.5.5.5 remote-as 5000
neighbor 5.5.5.5 update-source lo
neighbor 5.5.5.5 advertisement-interval 0
address-family l2vpn evpn
neighbor 2.2.2.2 activate
neighbor 1.1.1.1 activate
neighbor 5.5.5.5 activate
!
nvo vxlan id 101 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF1
evpn irb1001
vni-name VNI-101
!
nvo vxlan id 201 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF2
evpn irb2001
vni-name VNI-201
!
nvo vxlan access-if port-vlan po1 10
map vnid 101
mac 0000.2222.1010 ip 11.11.11.51
!
nvo vxlan access-if port-vlan po1 20
map vnid 201
mac 0000.2222.1020 ip 21.21.21.51
VTEP4
hostname VTEP3
!
nvo vxlan enable
nvo vxlan irb
evpn irb-forwarding anycast-gateway-mac 0000.0000.abcd
nvo vxlan vtep-ip-global 4.4.4.4
!
mac vrf L2VRF1
description MAC VRF RED
rd 4.4.4.4:1
route-target both 5000:1
!
mac vrf L2VRF2
description MAC VRF BLUE
rd 4.4.4.4:2
route-target both 5000:2
!
ip vrf L3VRF1
rd 4.4.4.4:11
route-target both 5000:11
l3vni 1000
!
interface po1
switchport
!
interface xe3
channel-group 1 mode active
!
interface xe7
ip address 100.44.44.1/24
!
interface irb1001
ip vrf forwarding L3VRF1
evpn irb-if-forwarding anycast-gateway-mac
ip address 11.11.11.1/24 anycast
ip address 12.11.11.1/24 secondary anycast
ip address 13.11.11.1/16 secondary
ip address 14.11.11.1/24 secondary
ip address 15.11.11.1/16 secondary anycast
ip address 16.11.11.1/8 secondary anycast
ip address 17.11.11.1/24 secondary anycast
ip address 18.11.11.1/16 secondary anycast
ip address 19.11.11.1/8 secondary
ip address 20.11.11.1/24 secondary anycast
ip address 21.11.11.1/8 secondary anycast
ip address 22.11.11.1/24 secondary anycast
ip address 25.11.11.1/16 secondary anycast
ipv6 address 11:11::11:1/48 anycast
ipv6 address 12:11::11:1/64
ipv6 address 13:11::11:1/48 anycast
ipv6 address 14:11::11:1/50 anycast
!
router ospf 100
ospf router-id 4.4.4.4
network 4.4.4.4/32 area 0.0.0.0
network 100.44.44.0/24 area 0.0.0.0
bfd all-interfaces
!
router bgp 5000
bgp router-id 4.4.4.4
neighbor 2.2.2.2 remote-as 5000
neighbor 2.2.2.2 update-source lo
neighbor 2.2.2.2 advertisement-interval 0
neighbor 1.1.1.1 remote-as 5000
neighbor 1.1.1.1 update-source lo
neighbor 1.1.1.1 advertisement-interval 0
neighbor 5.5.5.5 remote-as 5000
neighbor 5.5.5.5 update-source lo
neighbor 5.5.5.5 advertisement-interval 0
address-family l2vpn evpn
neighbor 2.2.2.2 activate
neighbor 1.1.1.1 activate
neighbor 5.5.5.5 activate
!
nvo vxlan id 101 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF1
evpn irb1001
vni-name VNI-101
!
nvo vxlan id 201 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF2
evpn irb2001
vni-name VNI-201
!
nvo vxlan access-if port-vlan po1 10
map vnid 101
mac 0000.2222.1010 ip 11.11.11.51
!
nvo vxlan access-if port-vlan po1 20
map vnid 201
mac 0000.2222.1020 ip 21.21.21.51
!
VTEP5
hostname VTEP5
!
nvo vxlan enable
nvo vxlan irb
evpn irb-forwarding anycast-gateway-mac 0000.0000.abcd
nvo vxlan vtep-ip-global 5.5.5.5
!
mac vrf L2VRF1
description MAC VRF RED
rd 5.5.5.5:1
route-target both 5000:1
!
mac vrf L2VRF2
description MAC VRF BLUE
rd 5.5.5.5:2
route-target both 5000:2
!
ip vrf L3VRF1
rd 5.5.5.5:11
route-target both 5.5.5.5:11
l3vni 1000
!
interface xe48
switchport
!
interface xe40
ip address 100.55.55.1/24
!
interface irb1001
ip vrf forwarding L3VRF1
evpn irb-if-forwarding anycast-gateway-mac
ip address 11.11.11.1/24 anycast
ip address 12.11.11.1/24 secondary anycast
ip address 13.11.11.1/16 secondary
ip address 14.11.11.1/24 secondary
ip address 15.11.11.1/16 secondary anycast
ip address 16.11.11.1/8 secondary anycast
ip address 17.11.11.1/24 secondary anycast
ip address 18.11.11.1/16 secondary anycast
ip address 19.11.11.1/8 secondary
ip address 20.11.11.1/24 secondary anycast
ip address 21.11.11.1/8 secondary anycast
ip address 22.11.11.1/24 secondary anycast
ip address 25.11.11.1/16 secondary anycast
ipv6 address 11:11::11:1/48 anycast
ipv6 address 12:11::11:1/64
ipv6 address 13:11::11:1/48 anycast
ipv6 address 14:11::11:1/50 anycast
!
router ospf 100
ospf router-id 5.5.5.5
network 5.5.5.5/32 area 0.0.0.0
network 100.55.55.0/24 area 0.0.0.0
bfd all-interfaces
!
router bgp 5000
bgp router-id 5.5.5.5
neighbor 2.2.2.2 remote-as 5000
neighbor 2.2.2.2 update-source lo
neighbor 2.2.2.2 advertisement-interval 0
neighbor 4.4.4.4 remote-as 5000
neighbor 4.4.4.4 update-source lo
neighbor 4.4.4.4 advertisement-interval 0
neighbor 1.1.1.1 remote-as 5000
neighbor 1.1.1.1 update-source lo
neighbor 1.1.1.1 advertisement-interval 0
address-family l2vpn evpn
neighbor 2.2.2.2 activate
neighbor 4.4.4.4 activate
neighbor 1.1.1.1 activate
!
nvo vxlan id 101 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF1
evpn irb1001
vni-name VNI-101
!
nvo vxlan id 201 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp L2VRF2
evpn irb2001
vni-name VNI-201
!
nvo vxlan access-if port-vlan xe48 10
map vnid 101
mac 0000.2222.1010 ip 11.11.11.51
!
nvo vxlan access-if port-vlan xe48 20
map vnid 201
mac 0000.2222.1020 ip 21.21.21.51
Switch1
interface po1
switchport
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan add 2,10,20
!
interface xe2
channel-group 1 mode active
!
interface xe8
channel-group 1 mode active
!
interface vlan1.20
ip address 21.21.21.2/24
ipv6 address 21:21::21:2/48
!
interface vlan1.2
ip address 100.12.12.2/24
!
interface xe1
switchport
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan add 2,10,20
Switch2
router ospf 100
ospf router-id 6.6.6.6
network 6.6.6.6/32 area 0.0.0.0
network 100.14.14.0/24 area 0.0.0.0
bfd all-interfaces
Validation
VTEP1:
VTEP1#show nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.51 0000.2222.1010 Static Local ----
101 11.11.11.201 0000.4444.1010 Static Remote ----
101 12.11.11.1 0000.0000.1111 Static Local ----
101 13.11.11.1 1444.8f10.d8c9 Static Local ----
101 14.11.11.1 1444.8f10.d8c9 Static Local ----
101 15.11.11.1 0000.0000.1111 Static Local ----
101 16.11.11.1 0000.0000.1111 Static Local ----
101 17.11.11.1 0000.0000.1111 Static Local ----
101 18.11.11.1 0000.0000.1111 Static Local ----
101 19.11.11.1 1444.8f10.d8c9 Static Local ----
101 20.11.11.1 0000.0000.1111 Static Local ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.51 0000.2222.1020 Static Local ----
201 22.22.22.1 1444.8f10.d8c9 Static Local ----
201 23.23.23.1 0000.0000.1111 Static Local ----
201 24.24.24.1 0000.0000.1111 Static Local ----
201 25.25.25.1 1444.8f10.d8c9 Static Local ----
201 26.26.26.1 0000.0000.1111 Static Local ----
201 27.27.27.1 1444.8f10.d8c9 Static Local ----
201 28.28.28.1 0000.0000.1111 Static Local ----
201 29.29.29.1 1444.8f10.d8c9 Static Local ----
201 30.30.30.1 0000.0000.1111 Static Local ----
201 192.85.1.2 0039.4400.0020 Dynamic Local ----
Total number of entries are 24
--------------------------------------------------------
VTEP1#sh nvo vxlan nd-cache
VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age
-Out Retries-Left
________________________________________________________________________________
____________________
101 11:11::11:1 0000.0000.1111 Static Local ----
101 12:11::11:1 1444.8f10.d8c9 Static Local ----
101 13:11::11:1 0000.0000.1111 Static Local ----
101 14:11::11:1 0000.0000.1111 Static Local ----
101 15:11::11:1 0000.0000.1111 Static Local ----
101 16:11::11:1 1444.8f10.d8c9 Static Local ----
101 17:11::11:1 0000.0000.1111 Static Local ----
101 18:11::11:1 1444.8f10.d8c9 Static Local ----
101 19:11::11:1 1444.8f10.d8c9 Static Local ----
101 20:20::20:1 1444.8f10.d8c9 Static Local ----
201 21:21::21:1 1444.8f10.d8c9 Static Local ----
201 22:22::22:1 0000.0000.1111 Static Local ----
201 23:23::23:1 1444.8f10.d8c9 Static Local ----
201 24:24::24:1 1444.8f10.d8c9 Static Local ----
201 25:25::25:1 0000.0000.1111 Static Local ----
201 26:26::26:1 0000.0000.1111 Static Local ----
201 27:27::27:1 1444.8f10.d8c9 Static Local ----
201 28:28::28:1 0000.0000.1111 Static Local ----
201 29:29::29:1 1444.8f10.d8c9 Static Local ----
201 30:30::30:1 0000.0000.1111 Static Local ----
Total number of entries are 20
Leaf1#
VTEP2:
VTEP2#show int counters rate mbps
+-------------------+--------------+-------------+--------------+ +
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+ +
ce49 1099.23 771933 0.00 1
ce50 0.00 0 0.00 0
ce51 0.00 0 0.00 0
ce52 0.00 0 0.00 0
ce53 0.00 0 0.00 0
ce54 0.00 0 0.00 0
ce55 0.00 0 0.00 0
ce56 0.00 0 0.00 0
po3 1099.23 771934 0.00 1
xe3 0.00 0 0.00 0
xe5 0.00 0 0.00 0
VTEP2#show nvo vxlan arp-cache VXLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
101 11.11.11.1 0000.0000.1111 Static Local ----
101 11.11.11.51 0000.2222.1010 Static Remote ----
101 11.11.11.201 0000.4444.1010 Static Remote ----
101 12.11.11.1 0000.0000.1111 Static Local ----
101 13.11.11.1 b86a.979c.1669 Static Local ----
101 14.11.11.1 b86a.979c.1669 Static Local ----
101 15.11.11.1 0000.0000.1111 Static Local ----
101 16.11.11.1 0000.0000.1111 Static Local ----
101 17.11.11.1 0000.0000.1111 Static Local ----
101 18.11.11.1 0000.0000.1111 Static Local ----
101 19.11.11.1 b86a.979c.1669 Static Local ----
101 20.11.11.1 0000.0000.1111 Static Local ----
201 21.21.21.1 0000.0000.1111 Static Local ----
201 21.21.21.51 0000.2222.1020 Static Remote ----
201 22.22.22.1 b86a.979c.1669 Static Local ----
201 23.23.23.1 0000.0000.1111 Static Local ----
201 24.24.24.1 0000.0000.1111 Static Local ----
201 25.25.25.1 b86a.979c.1669 Static Local ----
201 26.26.26.1 0000.0000.1111 Static Local ----
201 27.27.27.1 b86a.979c.1669 Static Local ----
201 28.28.28.1 0000.0000.1111 Static Local ----
201 29.29.29.1 b86a.979c.1669 Static Local ----
201 30.30.30.1 0000.0000.1111 Static Local ----
201 192.85.1.2 0039.4400.0020 Dynamic Remote ----
Total number of entries are 24
VTEP2# show nvo vxlan nd-cache VXLAN ND-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age
-Out Retries-Left
101 11:11::11:1 0000.0000.1111 Static Local ----
101 12:11::11:1 b86a.979c.1669 Static Local ----
101 13:11::11:1 0000.0000.1111 Static Local ----
101 14:11::11:1 0000.0000.1111 Static Local ----
101 15:11::11:1 0000.0000.1111 Static Local ----
101 16:11::11:1 b86a.979c.1669 Static Local ----
101 17:11::11:1 0000.0000.1111 Static Local ----
101 18:11::11:1 b86a.979c.1669 Static Local ----
101 19:11::11:1 b86a.979c.1669 Static Local ----
101 20:20::20:1 b86a.979c.1669 Static Local ----
201 21:21::21:1 b86a.979c.1669 Static Local ----
201 22:22::22:1 0000.0000.1111 Static Local ----
201 23:23::23:1 b86a.979c.1669 Static Local ----
201 24:24::24:1 b86a.979c.1669 Static Local ----
201 25:25::25:1 0000.0000.1111 Static Local ----
201 26:26::26:1 0000.0000.1111 Static Local ----
201 27:27::27:1 b86a.979c.1669 Static Local ----
201 28:28::28:1 0000.0000.1111 Static Local ----
201 29:29::29:1 b86a.979c.1669 Static Local ----
201 30:30::30:1 0000.0000.1111 Static Local ----
Total number of entries are 20
Leaf4#
Implementation Examples
Here is an example scenario and a solution for implementing EVPN IRB Anycast Support for Multiple Subnets:
Multi-Tenant Data Center Monitoring
Scenario:
A cloud service provider (CSP) hosts thousands of virtual machines and containerized workloads for enterprises. Maintaining high-performance networking is critical to prevent latency-sensitive applications from failing. The network operations team requires a way to support multiple subnets per tenant without wasting IP addresses on unique per-switch gateway IPs.
Implementation:
Enable EVPN IRB and configure a global anycast MAC on all leaf switches.
Configure IRB interfaces with multiple secondary subnets using the anycast keyword.
This allows virtual machines in any subnet to use the same gateway IP regardless of which leaf switch they are connected to, facilitating seamless VM mobility.
Switch1 (SW1) Configuration
SW1 provides multihomed connectivity to VTEP1 and VTEP2 using a Port Channel (po1).
1. Configure VLAN Bridge and Trunking: Enable the VLAN bridge and configure the port channel as a trunk port to allow specific VLANs.
(config)# interface po1
(config-if)# switchport
(config-if)# bridge-group 1
(config-if)# switchport mode trunk
(config-if)# switchport trunk allowed vlan add 2,10,20
2. Map Physical Interfaces to Port Channel: Associate the physical interfaces connected to VTEP1 and VTEP2 with the port channel.
(config)# interface xe2
(config-if)# channel-group 1 mode active
(config)# interface xe8
(config-if)# channel-group 1 mode active
3. Configure Layer 3 VLAN Interfaces:Set up the SVI (Switch Virtual Interface) for the subnets to facilitate communication.
(config)# interface vlan1.20
(config)# ip address 21.21.21.2/24
(config)# ipv6 address 21:21::21:2/48
Switch2 (SW2) Configuration
SW2 connects Tenant System TS2-21 to VTEP4.
1. OSPF Routing Configuration:Configure OSPF to maintain reachability within the underlay network.
(config)# router ospf 100
(config-router)# ospf router-id 6.6.6.6
(config-router)# network 6.6.6.6/32 area 0.0.0.0
(config-router)# network 100.14.14.0/24 area 0.0.0.0
(config-router)# bfd all-interfaces
Note: Perform the Anycast Gateway steps on the VTEPs, the access switches (SW1 and SW2) must be correctly configured with matching VLANs and trunk settings to ensure that host traffic reaches the Anycast Gateways on the VTEPs.