VXLAN-EVPN Symmetric IRB Support with Connected host
Overview
EVPN-IRB facilitates communication between two L2VNI’s with the help of Routing using IP-VRF. This features provides the Host (/32 or /128) based Symmetric IRB support which forwards the inter-subnet traffic directly towards the Host attached VTEP.
To achieve this Connected Host, we should configure "evpn irb-advertise-host-route" under VNID (BGP type 2) configurations or "redistribute connected-host-routes" under BGP (BGP type 5).
Note: On VXLAN-EVPN Interface less mode only "redistribute connected-host-routes” command is supported and in interface full both the commands are supported.
Note: It is recommended to have route map in esi configured MH nodes to block the Host from peer MH. Not required in non esi MH VTEP
Topology
The procedures in this section use the topology in
Figure 15-1VxLAN_EVPN_IRB_Connected_host
Note: In the above topology TG1 is Multi homed Host and TG2 and TG3 are Single homed host with same subnet configured so there will be ECMP for 53 network in VTEP1 and VTEP2.
Base Configurations
Have base configuration with Symmetric IRB configurations on VTEPs and start sending dynamic traffic from VTEP4 on same subnet (53.1.1.40/5301::40) of IRB interface.
Validation
Verification before configuring evpn irb-advertise-host-route under VNID configurations or redistribute connected-host-routes under bgp.
In VTEP1:
VTEP1#show ip route vrf vxlan_l3_elan_mhsh
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "vxlan_l3_elan_mhsh"
B 2.2.2.2/32 [0/0] is directly connected, tunvxlan3, 00:21:33
B 5.5.5.5/32 [0/0] is directly connected, tunvxlan3, 00:21:33
B 6.6.6.6/32 [0/0] is directly connected, tunvxlan3, 00:21:33
B 53.1.1.0/24 [200/0] via 6.6.6.6 (recursive is directly connected, tunvxlan3), 00:21:34
[200/0] via 5.5.5.5 (recursive is directly connected, tunvxlan3)
C 127.0.0.0/8 is directly connected, lo.vxlan_l3_elan_mhsh, 07:17:43
C 200.1.1.0/24 is directly connected, irb1604, 07:17:41
Gateway of last resort is not set
VTEP1#
VTEP1#show ipv6 route vrf vxlan_l3_elan_mhsh
IPv6 Routing Table
IP Route Table for VRF "vxlan_l3_elan_mhsh"
C ::1/128 via ::, lo.vxlan_l3_elan_mhsh, 07:18:01
B ::ffff:202:202/128 [0/0] via ::, tunvxlan3, 00:21:51
B ::ffff:505:505/128 [0/0] via ::, tunvxlan3, 00:21:51
B ::ffff:606:606/128 [0/0] via ::, tunvxlan3, 00:21:51
C 2000::/48 via ::, irb1604, 07:17:59
B 5301::/48 [200/0] via ::ffff:606:606 (recursive via ::, tunvxlan3), 00:21:52
[200/0] via ::ffff:505:505 (recursive via ::, tunvxlan3)
C fe80::/64 via ::, irb1604, 07:17:59
VTEP1#
In VTEP2:
VTEP2#show ip route vrf vxlan_l3_elan_mhsh
IP Route Table for VRF "vxlan_l3_elan_mhsh"
B 1.1.1.1/32 [0/0] is directly connected, tunvxlan3, 00:22:50
B 5.5.5.5/32 [0/0] is directly connected, tunvxlan3, 00:22:50
B 6.6.6.6/32 [0/0] is directly connected, tunvxlan3, 00:22:50
B 53.1.1.0/24 [200/0] via 6.6.6.6 (recursive is directly connected, tunvxlan3), 00:22:51
[200/0] via 5.5.5.5 (recursive is directly connected, tunvxlan3)
C 127.0.0.0/8 is directly connected, lo.vxlan_l3_elan_mhsh, 07:19:21
C 200.1.1.0/24 is directly connected, irb1604, 07:19:19
Gateway of last resort is not set
VTEP2#
VTEP2#
VTEP2#show ipv6 route vrf vxlan_l3_elan_mhsh
IPv6 Routing Table
IP Route Table for VRF "vxlan_l3_elan_mhsh"
C ::1/128 via ::, lo.vxlan_l3_elan_mhsh, 07:19:22
B ::ffff:101:101/128 [0/0] via ::, tunvxlan3, 00:22:51
B ::ffff:505:505/128 [0/0] via ::, tunvxlan3, 00:22:51
B ::ffff:606:606/128 [0/0] via ::, tunvxlan3, 00:22:51
C 2000::/48 via ::, irb1604, 07:19:20
B 5301::/48 [200/0] via ::ffff:606:606 (recursive via ::, tunvxlan3), 00:22:51
[200/0] via ::ffff:505:505 (recursive via ::, tunvxlan3)
C fe80::/64 via ::, irb1604, 07:19:20
VTEP2#
VTEP2#show bgp l2vpn evpn mac-ip | grep 0000:0053:0040
0 605 0000:0053:0040 -- 605 0 6.6.6.6 -- VXLAN
0 605 0000:0053:0040 53.1.1.40 605 0 6.6.6.6 -- VXLAN
0 605 0000:0053:0040 5301::40 605 0 6.6.6.6 -- VXLAN
VTEP2#
In VTEP4:
VTEP4#show bgp l2vpn evpn mac-ip | grep 0000:0053:0040
0 605 0000:0053:0040 -- 605 0 6.6.6.6 -- VXLAN
0 605 0000:0053:0040 53.1.1.40 605 0 6.6.6.6 -- VXLAN
0 605 0000:0053:0040 5301::40 605 0 6.6.6.6 -- VXLAN
VTEP4#
Evpn irb-advertise-host-route configuration
#configure terminal | Enter Configure mode. |
(config)#nvo vxlan id 605 ingress-replication inner-vid-disabled | Configure VXLAN Network identifier with inner-vid disabled |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp vxlan_l2_elan_sh2 | Assign VRF for EVPN-BGP to carry EVPN route |
(config-nvo)#evpn irb605 | Configure IRB under VXLAN ID |
(config-nvo)#evpn irb-advertise-host-route | To Update the Route Target 2 along with IPvrf RT, router mac , l3vnid to advertise mac-p routes as /32 or /128. |
Redistributed connected-host-routes
#configure terminal | Enter Configure mode. |
(config)#router bgp 1 | Configure bgp process |
(config-router)#address-family ipv4 vrf vxlan_l3_elan_sh | Enter vrf address family belong to the irb interface subnet |
VTEP4(config-router-af)#redistribute connected-host-routes | To advertise the Connected Host Routes to VPN peers. |
Note: With static mac ip configured on vxlan access interface and when redistribute connected-host-routes is configured under bgp. Then routes will not be advertised as /32 or /128 because for static mac-ip Arp entry will not be present so only for dynamic routes.
Note: With redistribute connected-host-routes, show bgp l2vpn evpn mac-ip will not show the l3vnid.
Validation
In VTEP1:
VTEP1#show ip route vrf vxlan_l3_elan_mhsh
IP Route Table for VRF "vxlan_l3_elan_mhsh"
B 2.2.2.2/32 [0/0] is directly connected, tunvxlan3, 00:37:03
B 5.5.5.5/32 [0/0] is directly connected, tunvxlan3, 00:37:03
B 6.6.6.6/32 [0/0] is directly connected, tunvxlan3, 00:37:03
B 53.1.1.0/24 [200/0] via 6.6.6.6 (recursive is directly connected, tunvxlan3), 00:37:04
[200/0] via 5.5.5.5 (recursive is directly connected, tunvxlan3)
B 53.1.1.40/32 [200/0] via 6.6.6.6 (recursive is directly connected, tunvxlan3), 00:05:49
C 127.0.0.0/8 is directly connected, lo.vxlan_l3_elan_mhsh, 07:33:13
C 200.1.1.0/24 is directly connected, irb1604, 07:33:11
Gateway of last resort is not set
VTEP1#
VTEP1#show ipv6 route vrf vxlan_l3_elan_mhsh
IPv6 Routing Table
IP Route Table for VRF "vxlan_l3_elan_mhsh"
C ::1/128 via ::, lo.vxlan_l3_elan_mhsh, 07:33:21
B ::ffff:202:202/128 [0/0] via ::, tunvxlan3, 00:37:11
B ::ffff:505:505/128 [0/0] via ::, tunvxlan3, 00:37:11
B ::ffff:606:606/128 [0/0] via ::, tunvxlan3, 00:37:11
C 2000::/48 via ::, irb1604, 07:33:19
B 5301::/48 [200/0] via ::ffff:606:606 (recursive via ::, tunvxlan3), 00:37:12
[200/0] via ::ffff:505:505 (recursive via ::, tunvxlan3)
B 5301::40/128 [200/0] via ::ffff:606:606 (recursive via ::, tunvxlan3), 00:05:57
C fe80::/64 via ::, irb1604, 07:33:19
VTEP1#
VTEP1#show bgp l2vpn evpn mac-ip | grep 0000:0053:0040
0 605 0000:0053:0040 -- 605 0 6.6.6.6 -- VXLAN
0 605 0000:0053:0040 53.1.1.40 605 1604 6.6.6.6 -- VXLAN
0 605 0000:0053:0040 5301::40 605 1604 6.6.6.6 -- VXLAN
VTEP1#
In VTEP2:
VTEP2#show ip route vrf vxlan_l3_elan_mhsh
IP Route Table for VRF "vxlan_l3_elan_mhsh"
B 1.1.1.1/32 [0/0] is directly connected, tunvxlan3, 00:31:16
B 5.5.5.5/32 [0/0] is directly connected, tunvxlan3, 00:31:16
B 6.6.6.6/32 [0/0] is directly connected, tunvxlan3, 00:31:16
B 53.1.1.0/24 [200/0] via 6.6.6.6 (recursive is directly connected, tunvxlan3), 00:31:17
[200/0] via 5.5.5.5 (recursive is directly connected, tunvxlan3)
B 53.1.1.40/32 [200/0] via 6.6.6.6 (recursive is directly connected, tunvxlan3), 00:00:03
C 127.0.0.0/8 is directly connected, lo.vxlan_l3_elan_mhsh, 07:27:47
C 200.1.1.0/24 is directly connected, irb1604, 07:27:45
Gateway of last resort is not set
VTEP2#
VTEP2#show ipv6 route vrf vxlan_l3_elan_mhsh
IPv6 Routing Table
IP Route Table for VRF "vxlan_l3_elan_mhsh"
C ::1/128 via ::, lo.vxlan_l3_elan_mhsh, 07:27:54
B ::ffff:101:101/128 [0/0] via ::, tunvxlan3, 00:31:23
B ::ffff:505:505/128 [0/0] via ::, tunvxlan3, 00:31:23
B ::ffff:606:606/128 [0/0] via ::, tunvxlan3, 00:31:23
C 2000::/48 via ::, irb1604, 07:27:52
B 5301::/48 [200/0] via ::ffff:606:606 (recursive via ::, tunvxlan3), 00:31:23
[200/0] via ::ffff:505:505 (recursive via ::, tunvxlan3)
B 5301::40/128 [200/0] via ::ffff:606:606 (recursive via ::, tunvxlan3), 00:00:10
C fe80::/64 via ::, irb1604, 07:27:52
VTEP2#
VTEP2#show bgp l2vpn evpn mac-ip | grep 0000:0053:0040
0 605 0000:0053:0040 -- 605 0 6.6.6.6 -- VXLAN
0 605 0000:0053:0040 53.1.1.40 605 1604 6.6.6.6 -- VXLAN
0 605 0000:0053:0040 5301::40 605 1604 6.6.6.6 -- VXLAN
VTEP2#
In VTEP4:
VTEP4#show arp vrf vxlan_l3_elan_mhsh
Flags: D - Static Adjacencies attached to down interface
IP ARP Table for context vxlan_l3_elan_mhsh
Total number of entries: 1
Address Age MAC Address Interface State
1.1.1.1 - e8c5.7aa3.2cb0 tunvxlan3 PERMANENT
2.2.2.2 - e001.a657.ef01 tunvxlan3 PERMANENT
5.5.5.5 - 6cb9.c5b1.ab9c tunvxlan3 PERMANENT
53.1.1.40 00:02:57 0000.0053.0040 irb604 STALE
VTEP4#
VTEP4#show bgp l2vpn evpn mac-ip | grep 0000:0053:0040
0 605 0000:0053:0040 -- 605 0 6.6.6.6 -- VXLAN
0 605 0000:0053:0040 53.1.1.40 605 1604 6.6.6.6 -- VXLAN
0 605 0000:0053:0040 5301::40 605 1604 6.6.6.6 -- VXLAN
VTEP4#