VXLAN EVPN EVC Configuration
This chapter shows how to configure VXLAN EVPN Ethernet Virtual Circuit (EVC) which embeds the functionality of EVPN-VXLAN access ports to allow EVC frames across VTEPs. With this configuration, customers in the same VLAN can communicate even they are placed across distributed data centers.
Overview
An EVC represents a logical relationship between Ethernet User Network Interface (UNI) in a provider-based Ethernet service. An EVC represents the service offered and is carried through the provider network. Each EVC is configured by a unique name across the provider network.
An EVC is an end–to–end representation of a single instance of a Layer 2 service that a service provider offers. An EVC embodies the different parameters based on which the service is offered. EVC prevents data transfer between sites that are not part of the same EVC.
EVC is an A–Z circuit that enables you to pass customer VLANs from one port on a node to another port on another node in the network. EVC represents a Carrier Ethernet service and is an entity that provides end–to–end connection between two or more customer end points.
Topology
VXLAN EVPN EVC
RTR1/VTEP1
#configure terminal | Enter configure mode. |
(config)#interface lo | Enter interface mode for loopback. |
(config-if)#ip address 33.33.33.0/31 secondary | Assign secondary IP address. |
(config-if)#exit | Exit interface mode. |
(config)#mac vrf vrf1 | Create mac routing/forwarding instance with vrf1 name and enter into VRF mode |
(config-vrf)#rd 100:11 | Assign RD value |
(config-vrf)#route-target export 200:11 | Assign route-target value for export |
(config-vrf)#route-target import 400:11 | Assign route-target value for import |
(config-vrf)#exit | Exit VRF configuration mode |
(config)#interface xe37 | Enter interface mode for xe37 |
(config-if)#ip address 11.11.11.0/31 | Assign IP address in /31 mask. |
(config-if)#exit | Exit interface mode. |
(config)#interface xe15 | Enter interface mode for xe15 |
(config-if)#switchport | Make it L2 interface |
(config-if)#exit | Exit interface mode. |
(config)#router bgp 100 | Enter BGP router mode |
(config-router)#bgp router-id 1.1.1.1 | Assign BGP router ID |
(config-router)#neighbor 11.11.11.1 remote-as 200 | Specify a neighbor router with peer IP address and remote-as defined |
(config-router)#neighbor 11.11.11.1 fall-over bfd | Configure single-hop BFD session for its BGP peer |
(config-router)#address-family ipv4 unicast | Enter into IPv4 unicast address family |
(config-router-af)#network 33.33.33.0/31 | Advertise loopback network into BGP for VTEP ID reachability |
(config-router-af)#exit-address-family | Exit IPv4 unicast address family mode |
(config-router)#address-family l2vpn evpn | Enter into L2VPN address family mode |
(config-router-af)#neighbor 11.11.11.1 activate | Activate the peer into address family mode |
(config-router-af)#exit-address-family | Exit L2VPN address family mode |
(config-router)#exit | Exit BGP router mode |
(config)#nvo vxlan enable | Enable VXLAN |
(config)#nvo vxlan vtep-ip-global 33.33.33.0 | Configure Source vtep-ip-global configuration |
(config)#nvo vxlan id 1 ingress-replication inner-vid-disabled | Configure VXLAN Network identifier with/without inner-vid-disabled configure and enter into VXLAN tenant mode |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp vrf1 | Assign VRF for evpn-bgp to carry EVPN route |
(config-nvo)#exit | Exit VXLAN tenant mode. |
(config)#nvo vxlan access-if port-vlan xe15 1000 inner-vlan 2000 | Enable port-vlan mapping i.e. access port to outer-vlan (SVLAN) and inner-vlan (CVLAN) mapping |
(config-nvo-acc-if)#map vnid 1 | Map VXLAN Identified to access-port for VXLAN |
(config-nvo-acc-if)#exit | Exit VXLAN access-interface mode |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configuration mode |
RTR2
#configure terminal | Enter configure mode. |
(config)#interface xe13/3 | Enter interface mode for xe13/3 |
(config-if)#ip address 11.11.11.1/31 | Assign IP address in /31 mask. |
(config-if)#exit | Exit interface mode. |
(config)#interface xe13/1 | Enter interface mode for xe13/1 |
(config-if)#ip address 12.12.12.1/31 | Assign IP address in /31 mask. |
(config-if)#exit | Exit interface mode |
(config)#router bgp 200 | Enter BGP router mode |
(config-router)#bgp router-id 2.2.2.2 | Assign BGP router ID |
(config-router)#neighbor 11.11.11.0 remote-as 100 | Specify a neighbor router with peer ip address and remote-as defined |
(config-router)#neighbor 11.11.11.0 fall-over bfd | Configure single-hop BFD session for its BGP peer |
(config-router)#neighbor 12.12.12.0 remote-as 300 | Specify a neighbor router with peer ip address and remote-as defined |
(config-router)#neighbor 12.12.12.0 fall-over bfd | Configure single-hop BFD session for its BGP peer |
(config-router)#address-family l2vpn evpn | Enter into L2VPN address family mode |
(config-router-af)#neighbor 11.11.11.0 activate | Activate the peer into address family mode |
(config-router-af)#neighbor 12.12.12.0 activate | Activate the peer into address family mode |
(config-router-af)#exit-address-family | Exit L2VPN address family mode |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config-router)#exit | Exit BGP router mode |
RTR3/VTEP2
#configure terminal | Enter configure mode. |
(config)#interface lo | Enter interface mode for loopback. |
(config-if)#ip address 34.34.34.0/31 secondary | Assign secondary IP address. |
(config-if)#exit | Exit interface mode. |
(config)#mac vrf vrf1 | Create mac routing/forwarding instance with vrf1 name and enter into vrf mode |
(config-vrf)#rd 300:11 | Assign RD value |
(config-vrf)#route-target export 400:11 | Assign route-target value for export |
(config-vrf)#route-target import 200:11 | Assign route-target value for import |
(config-vrf)#exit | Exit vrf configuration mode |
(config)#interface xe13 | Enter interface mode for xe13 |
(config-if)#ip address 12.12.12.0/31 | Assign IP address in /31 mask. |
(config-if)#exit | Exit interface mode. |
(config)#interface xe6 | Enter interface mode for xe6 |
(config-if)#switchport | Make it L2 interface |
(config-if)#exit | Exit interface mode. |
(config)#router bgp 300 | Enter BGP router mode |
(config-router)#bgp router-id 3.3.3.3 | Assign BGP router ID |
(config-router)#neighbor 12.12.12.1 remote-as 200 | Specify a neighbor router with peer ip address and remote-as defined |
(config-router)#neighbor 12.12.12.1 fall-over bfd | Configure single-hop BFD session for its BGP peer |
(config-router)#address-family ipv4 unicast | Enter into IPv4 unicast address family |
(config-router-af)#network 34.34.34.0/31 | Advertise loopback network into BGP for VTEP ID reachability |
(config-router-af)#exit-address-family | Exit IPv4 unicast address family mode |
(config-router)#address-family l2vpn evpn | Enter into L2VPN address family mode |
(config-router-af)#neighbor 12.12.12.1 activate | Activate the peer into address family mode |
(config-router-af)#exit-address-family | Exit L2VPN address family mode |
(config-router)#exit | Exit BGP router mode |
(config)#nvo vxlan enable | Enable VXLAN |
(config)#nvo vxlan vtep-ip-global 34.34.34.0 | Configure Source vtep-ip-global configuration |
(config)#nvo vxlan id 1 ingress-replication inner-vid-disabled | Configure VXLAN Network identifier with/without inner-vid-disabled configure and enter into VXLAN tenant mode |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp vrf1 | Assign VRF for evpn-bgp to carry EVPN route |
(config-nvo)#exit | Exit VXLAN tenant mode. |
(config)#nvo vxlan access-if port-vlan xe6 1000 inner-vlan 2000 | Enable port-vlan mapping i.e. access port to outer-vlan (SVLAN) and inner-vlan (CVLAN) mapping |
(config-nvo-acc-if)#map vnid 1 | Map VXLAN Identified to access-port for VXLAN |
(config-nvo-acc-if)#exit | Exit VXLAN access-interface mode |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configuration mode |
Validation
Retaining SVLAN and CVLAN tags across Data Centers
RTR1/VTEP1
VTEP1#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 33.33.33.0
!
nvo vxlan id 1 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf1
!
nvo vxlan access-if port-vlan xe1/1 1000 inner-vlan 2000
map vnid 1
!
!
VTEP1#show bgp l2vpn evpn summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 8
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Dow
n State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
11.11.11.1 4 200 73 73 8 0 0 00:30:41
2 0 1 1 0 0
Total number of neighbors 1
Total number of Established sessions 1
VTEP1#show bgp l2vpn evpn
BGP table version is 8, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]
1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route
Network Next Hop Metric LocPrf Weight Path
Peer Encap
RD[100:11] VRF[vrf1]:
* [2]:[0]:[1]:[48,0000.339a.9397]:[0]:[1]
34.34.34.0 0 100 0 200
300 i 11.11.11.1 VXLAN
*> [2]:[0]:[1]:[48,0000.339a.9abb]:[0]:[1]
33.33.33.0 0 100 32768 i
---------- VXLAN
*> [3]:[1]:[32,33.33.33.0]
33.33.33.0 0 100 32768 i
---------- VXLAN
*> [3]:[1]:[32,34.34.34.0]
34.34.34.0 0 100 0 200
300 i 11.11.11.1 VXLAN
RD[300:11]
*> [2]:[0]:[1]:[48,0000.339a.9397]:[0]:[1]
34.34.34.0 0 100 0 200
300 i 11.11.11.1 VXLAN
*> [3]:[1]:[32,34.34.34.0]
34.34.34.0 0 100 0 200
300 i 11.11.11.1 VXLAN
Total number of prefixes 6
VTEP1#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 11.11.11.0/31 is directly connected, xe10/1, 00:36:00
C 33.33.33.0/31 is directly connected, lo, 00:37:33
B 34.34.34.0/31 [20/0] via 11.11.11.1, xe10/1, 00:27:03
C 127.0.0.0/8 is directly connected, lo, 23:14:51
Gateway of last resort is not set
VTEP1
VTEP1#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID VNI-Name VNI-Type Type Interface ESI
VLAN DF-Status Src-Addr Dst-Addr
________________________________________________________________________________
_______________________________________________
1 ---- L2 NW ---- ------
---- ---- 33.33.33.0 34.34.34.0
1 ---- -- AC xe1/1 --- Single Homed Port ---
1000 ---- ---- ----
Total number of entries are 2
VTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
================================================================================
====
33.33.33.0 34.34.34.0 Installed 00:26:27 00:26:27
Total number of entries are 1
VTEP1#show nvo vxlan mac-table
================================================================================
=====================================================================
VXLAN MAC Entries
================================================================================
=====================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
________________________________________________________________________________
_____________________________________________________________________
1 xe1/1 1000 2000 0000.339a.9abb 33.33.33.0
Dynamic Local ------- -------
1 ---- ---- ---- 0000.339a.9397 34.34.34.0
Dynamic Remote ------- -------
Total number of entries are : 2
VTEP1#
RTR3/VTEP2
#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 34.34.34.0
!
nvo vxlan id 1 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf1
!
nvo vxlan access-if port-vlan xe6 1000 inner-vlan 2000
map vnid 1
!
VTEP2#show bgp l2vpn evpn summary
BGP router identifier 3.3.3.3, local AS number 300
BGP table version is 7
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Dow
n State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
12.12.12.1 4 200 63 64 7 0 0 00:26:54
2 0 1 1 0 0
Total number of neighbors 1
Total number of Established sessions 1
VTEP2#show bgp l2vpn evpn
BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]
1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route
Network Next Hop Metric LocPrf Weight Path
Peer Encap
RD[100:11]
*> [2]:[0]:[1]:[48,0000.339a.9abb]:[0]:[1]
33.33.33.0 0 100 0 200
100 i 12.12.12.1 VXLAN
*> [3]:[1]:[32,33.33.33.0]
33.33.33.0 0 100 0 200
100 i 12.12.12.1 VXLAN
*> [2]:[0]:[1]:[48,0000.339a.9397]:[0]:[1]
34.34.34.0 0 100 32768 i -
--------- VXLAN
* [2]:[0]:[1]:[48,0000.339a.9abb]:[0]:[1]
33.33.33.0 0 100 0 200
100 i 12.12.12.1 VXLAN
* [3]:[1]:[32,33.33.33.0]
33.33.33.0 0 100 0 200
100 i 12.12.12.1 VXLAN
*> [3]:[1]:[32,34.34.34.0]
34.34.34.0 0 100 32768 i -
--------- VXLAN
Total number of prefixes 6
#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 12.12.12.0/31 is directly connected, xe13, 00:28:41
B 33.33.33.0/31 [20/0] via 12.12.12.1, xe13, 00:26:56
C 34.34.34.0/31 is directly connected, lo, 00:29:36
C 127.0.0.0/8 is directly connected, lo, 00:52:46
Gateway of last resort is not set
VTEP2#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID VNI-Name VNI-Type Type Interface ESI
VLAN DF-Status Src-Addr Dst-Addr
________________________________________________________________________________
_______________________________________________
1 ---- L2 NW ---- ------
---- ---- 34.34.34.0 33.33.33.0
1 ---- -- AC xe1/1 --- Single Homed Port ---
1000 ---- ---- ----
Total number of entries are 2
VTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
================================================================================
====
33.33.33.0 34.34.34.0 Installed 00:26:27 00:26:27
Total number of entries are 1
VTEP2#show nvo vxlan mac-table
================================================================================
=====================================================================
VXLAN MAC Entries
================================================================================
=====================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
________________________________________________________________________________
_____________________________________________________________________
1 ---- ---- ---- 0000.339a.9abb 33.33.33.0
Dynamic Remote ------- -------
1 xe6 1000 2000 0000.339a.9397 34.34.34.0
Dynamic Local ------- -------
Total number of entries are : 2
#
Popping SVLAN and CVLANTag
Use the previous configuration on VTEP1 and perform the configuration below on VTEP2.
VTEP2
(config)#nvo vxlan access-if port xe6 | Enable port-only mapping for access port |
(config-nvo-acc-if)#map vnid 1 | Map VXLAN Identified to access-port for VXLAN |
(config-nvo-acc-if)#exit | Exit VXLAN access-interface mode |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configuration mode |
RTR3/VTEP2
#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID VNI-Name VNI-Type Type Interface ESI
VLAN DF-Status Src-Addr Dst-Addr
________________________________________________________________________________
1 ---- L2 NW ---- ------
---- ---- 34.34.34.0 33.33.33.0
1 ---- -- AC xe6 --- Single Homed Port ---
---- ---- ---- ----
Total number of entries are 2
VTEP2#show nvo vxlan mac-table
================================================================================
=====================================================================
VXLAN MAC Entries
================================================================================
=====================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
________________________________________________________________________________
_____________________________________________________________________
1 ---- ---- ---- 0000.339a.9abb 33.33.33.0
Dynamic Remote ------- -------
Total number of entries are : 1
#
VTEP2#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 34.34.34.0
!
nvo vxlan id 1 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf1
!
nvo vxlan access-if port-vlan xe1/1 3000 inner-vlan 2000
map vnid 1
VTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
================================================================================
====
33.33.33.0 34.34.34.0 Installed 00:26:27 00:26:27
Total number of entries are 1
Popping and Later Pushing SVLAN Tag
Use the previous configuration on VTEP1 and perform the configuration below on VTEP2.
(config)#nvo vxlan access-if port-vlan xe6 3000 inner-vlan 2000 | Enable port-vlan mapping i.e. access port to outer-vlan (SVLAN) and inner-vlan (CVLAN) mapping |
(config-nvo-acc-if)#map vnid 1 | Map VXLAN Identified to access-port for VXLAN |
(config-nvo-acc-if)#exit | Exit VXLAN access-interface mode |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#exit | Exit configuration mode |
RTR3/VTEP2
#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 34.34.34.0
!
nvo vxlan id 1 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf1
!
nvo vxlan access-if port-vlan xe1/1 3000 inner-vlan 2000
map vnid 1
!
#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID VNI-Name VNI-Type Type Interface ESI
VLAN DF-Status Src-Addr Dst-Addr
________________________________________________________________________________
1 ---- L2 NW ---- ------
---- ---- 34.34.34.0 33.33.33.0
1 ---- -- AC xe6 --- Single Homed Port ---
3000 ---- ---- ----
Total number of entries are 2
#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
34.34.34.0 33.33.33.0 Installed 00:06:48 00:06:48
Total number of entries are 1
VTEP2#show nvo vxlan mac-table
================================================================================
=====================================================================
VXLAN MAC Entries
================================================================================
=====================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI
Type Status AccessPortDesc
________________________________________________________________________________
_____________________________________________________________________
1 ---- ---- ---- 0000.339a.9abb 33.33.33.0
Dynamic Remote ------- -------
Total number of entries are : 1
#