VxLAN-IRB-Inter-VRF Route Leaking
A VRF is a mechanism used to provide logical separation between routing tables on the same router. It is locally significant to the router. Each interface on a router can only be assigned to one VRF, but a VRF can have multiple interfaces. VRF route leaking can be done using route-target import/export.
The routes of VRF catering shared services shall be leaked to tenant VRFs. The leaking of routes shall be possible over one overlay VRF to another overlay VRF. By doing so shared services like Internet access through gateway routes can be made possible. Introduction of this feature shall cater various use cases of shared services like storage / Internet access etc.
Topology
The procedures in this section use the topology in Figure 11-12.
VxLAN_EVPN_IVRF
Note: SH means Single homing host and MH means Multihoming host.
VTEP1
Single Home -SH
Hardware profile and generic configuration:
#configure terminal | Enter Configure mode. |
(config)#hardware-profile filter vxlan enable | Enable hardware-profile filter for VxLAN. |
(config)#hardware-profile filter vxlan-mh enable | Enable hardware-profile filter for VxLAN multi-homing. |
(config)#nvo vxlan enable | Enable VxLAN |
(config)#nvo vxlan irb | Enable VxLAN irb |
(config)#hardware-profile filter egress-ipv4 enable | Enable hardware-profile filter for egress IPv4. |
(config)#hardware-profile statistics ac-lif enable | Enable ac-lif for vxlan access-if port counters |
(config)#qos enable | Enabling qos |
(Config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd |
(config)#commit | Commit the candidate configuration to running configuration |
Interface and loopback configuration:
(config)#interface ce50 | Enter Interface mode for ce50 (SH1) |
(config-if)# description ***Connected to TOR1*** | Interface description |
(config-if)#switchport | Make it L2 interface |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface lo | Enter Interface mode for lo |
(config-if)#ip address 51.51.51.51/32 secondary | Configure loopback ip address |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config) interface xe40 | Enter interface mode |
(config-if)# description ***Connected to Spine2*** | Interface description |
(config-if)# ip address 10.10.10.1/31 | Configure ip address on network side of Spine1 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
OSPF configuration:
(config)#router ospf 100 | Enter into router OSPF mode |
(config-router)#ospf router-id 51.51.51.51 | Configure router-id as lo ip address |
(config-router)#network 51.51.51.51/32 area 0.0.0.0 | Add lo ip address network into area 0 |
(config-router)#network 10.10.10.0/24 area 0.0.0.0 | Add Spine-connected network into area 0 |
(config-router)#bfd all-interfaces | Enabling bfd on all ospf interface for fast convergence |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
BGP configuration:
(config)#router bgp 500 | Enter into Router BGP mode |
(config-router)#bgp router-id 51.51.51.51 | Configure router-id as lo ip address |
(config-router)#neighbor 66.66.66.66 remote-as 500 | Specify a BorderVTEP1 loopback ip address and remote-as defined |
(config-router)#neighbor 66.66.66.66 update-source lo | Configure update as loopback for BorderVTEP1 |
(config-router)#neighbor 66.66.66.66 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for BorderVTEP1 |
(config-router)# no bgp default ipv4-unicast | It will avoid default ipv4 unicast routing |
(config-router)# address-family ipv4 unicast | Enter into IPV4 unicast address family mode |
(config-router-af)# neighbor 66.66.66.66 activate | Activate BorderVTEP1 into ipv4 unicast family |
(config-router-af)# exit-address-family | Exit from IPV4 unicast address family |
(config-router)#address-family l2vpn evpn | Enter into l2vpn EVPN address family mode |
(config-router-af)#neighbor 66.66.66.66 activate | Activate BorderVTEP1 into l2vpn evpn address family mode |
(config-router-af)#exit-address-family | Exit from l2vpn address family mode |
(config-router)#exit | Exit from Router BGP mode and enter into config mode |
(config)#commit | Commit the candidate configuration to running configuration |
L2 VRF Configuration:
(config)# mac vrf RED | Create mac routing/forwarding instance with RED name and enter into vrf mode |
(config-vrf)# rd 2.3.4.5:1 | Assign RD value |
(config-vrf)# route-target both 6000:6000 | Assign route-target value for same for import and export. Should be same on all node for RED |
(config-vrf)#exit | Exit from vrf mode |
(config)#commit | Commit the candidate configuration to running configuration |
L3 VRF and BGP Configuration:
(config)# ip vrf FAX | Create mac routing/forwarding instance with FAX name and enter into vrf mode |
(config-vrf)# rd 51.51.51.51:1050 | Assign RD value |
(config-vrf)# route-target both 1050:1050 | Assign route-target value for same for import and export. |
(config-vrf)# l3vni 10502 | Configure L3VNI as 10502 for FAX vrf |
(config-vrf)#exit | Exit from vrf mode |
(config)# interface irb 1050 | Configure irb interface 1050 |
(config-if)ip vrf forwarding FAX | Configure FAX |
(config-if) ip address 10.12.32.1/24 | Configure ip address |
(config-if)exit | Exit from interface config mode |
(config)#commit | Commit the candidate configuration to running configuration |
(config)router bgp 500 | Enter into bgp router mode |
(config-router)#address-family ipv4 vrf FAX | Enter into address-family mode for FAX |
(config-router-af)#redistribute connected | Redistribute connected |
(config-router-af)#exit-address-family | Exit form address-family |
(config-router)#exit | Exit from router bgp configuration mode |
(config)#commit | Commit the candidate configuration to running configuration |
VxLAN configuration:
(config)#nvo vxlan vtep-ip-global 51.51.51.51 | Configure Source vtep-ip-global configuration. Use loopback ip address |
(config)#nvo vxlan id 1050 ingress-replication inner-vid-disabled | Configure VxLAN Network identifier with/without inner-vid- disabled configure and enter into VxLAN tenant mode |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp RED | Assign vrf for evpn-bgp to carry EVPN route |
(config-nvo)# evpn irb1050 | Configure irb1050 under vxlan id 1050 |
(config)# nvo vxlan access-if port-vlan ce50 1050 | Enable port-vlan mapping i.e. access port to outer-vlan (SVLAN) |
(config-nvo-acc-if)# map vnid 1050 | Map VxLAN Identified to access-port for VxLAN |
(config-nvo-acc-if)# mac 0000.3333.1050 ip 10.12.32.10 | Configure static mac-ip |
(config-nvo-acc-if)#exit | Exit from VxLAN access-interface mode and enter into configuration mode |
(config)#commit | Commit the candidate configuration to running configuration |
VTEP2
(Multi-homed group) - Part of both Multi-homed with po1000(MH).
Hardware profile and generic configuration:
#configure terminal | Enter Configure mode. |
(config)#hardware-profile filter vxlan enable | Enable hardware-profile filter for VxLAN. |
(config)#hardware-profile filter vxlan-mh enable | Enable hardware-profile filter for VxLAN multi-homing. |
(config)#nvo vxlan enable | Enable VxLAN |
(config)#nvo vxlan irb | Enable VxLAN irb |
(config)# evpn irb-forwarding anycast-gateway-mac 0000.2222.3333 | Configure Anycast gateway mac |
(config)#hardware-profile filter egress-ipv4 enable | Enable hardware-profile filter for egress IPv4. |
(Config)#hardware-profile statistics ac-lif enable | Enable ac-lif for vxlan access-if port counters |
(Config)#qos enable | Enabling qos |
(Config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd |
(config)#commit | Commit the candidate configuration to running configuration |
Interface and loopback configuration:
(config)#interface xe4 | Enter Interface mode for xe4(MH) |
(config-if)# description ***Connected to TOR2*** | Interface description |
(config-if)# channel-group 1000 mode active | Make it member of po1000 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)# interface po1000 | Enter into po1000 mode |
(config-if)# switchport | Configure L2 mode |
(config-if)# evpn multi-homed system-mac 0000.4444.5555 | Configure System mac |
(config)#interface lo | Enter Interface mode for lo |
(config-if)#ip address 60.60.60.60/32 | Configure loopback ip address |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config) interface xe25 | Enter interface mode |
(config-if)# description ***Connected to Spine1*** | Interface description |
(config-if)# ip address ip address 10.10.12.1/31 | Configure ip address on network side of Spine1 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
OSPF configuration:
(config)#router ospf 100 | Enter into router OSPF mode |
(config-router)#ospf router-id 60.60.60.60 | Configure router-id as lo ip address |
(config-router)#network 60.60.60.60/32 area 0.0.0.0 | Add lo ip address network into area 0 |
(config-router)#network 10.10.12.0/24 area 0.0.0.0 | Add Spine-connected network into area 0 |
(config-router)#bfd all-interfaces | Enabling bfd on all ospf interface for fast convergence |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
BGP configuration:
(config)#router bgp 500 | Enter into Router BGP mode |
(config-router)#bgp router-id 60.60.60.60 | Configure router-id as lo ip address |
(config-router)#neighbor 66.66.66.66 remote-as 500 | Specify a BorderVTEP1 loopback ip address and remote-as defined |
(config-router)#neighbor 66.66.66.66 update-source lo | Configure update as loopback for BorderVTEP1 |
(config-router)#neighbor 66.66.66.66 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for BorderVTEP1 |
(config-router)#neighbor 76.76.76.76 remote-as 500 | Specify a VTEP3 loopback ip address and remote-as defined |
(config-router)#neighbor 76.76.76.76 update-source lo | Configure update as loopback for VTEP3 |
(config-router)#neighbor 76.76.76.76 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for VTEP3 |
(config-router)# no bgp default ipv4-unicast | It will avoid default ipv4 unicast routing |
(config-router)# address-family ipv4 unicast | Enter into IPV4 unicast address family mode |
(config-router-af)# neighbor 66.66.66.66 activate | Activate BorderVTEP1 into ipv4 unicast family |
(config-router-af)# neighbor 76.76.76.76 activate | Activate VTEP3 into ipv4 unicast family |
(config-router-af)# exit-address-family | Exit from IPV4 unicast address family |
(config-router)#address-family l2vpn evpn | Enter into l2vpn EVPN address family mode |
(config-router-af)#neighbor 66.66.66.66 activate | Activate BorderVTEP1 into l2vpn evpn address family mode |
(config-router-af)#neighbor 76.76.76.76 activate | Activate VTEP3 into l2vpn evpn address family mode |
(config-router-af)#exit-address-family | Exit from l2vpn address family mode |
(config-router)#exit | Exit from Router BGP mode and enter into config mode |
(config)#commit | Commit the candidate configuration to running configuration |
L2 VRF Configuration:
(config)# mac vrf RED | Create mac routing/forwarding instance with RED name and enter into vrf mode |
(config-vrf)# rd 2.3.4.5:2 | Assign RD value |
(config-vrf)# route-target both 6000:6000 | Assign route-target value for same for import and export. Should be same on all node for RED |
(config-vrf)#exit | Exit from vrf mode |
(config)#commit | Commit the candidate configuration to running configuration |
L3 VRF and BGP Configuration:
(config)# ip vrf SMS | Create mac routing/forwarding instance with SMS name and enter into vrf mode |
(config-vrf)# rd 60.60.60.60:1040 | Assign RD value |
(config-vrf)# route-target both 1040:1040 | Assign route-target value for same for import and export. |
(config-vrf)# l3vni 10402 | Configure L3VNI as 10402 for SMS vrf |
(config-vrf)#exit | Exit from vrf mode |
(config)# interface irb 1060 | Configure irb interface 1060 |
(config-if)ip vrf forwarding SMS | Configure ip vrf forwarding |
(config-if) ip address 10.240.38.1/24 | Configure ip address |
(config-if) evpn irb-if-forwarding anycast-gateway-mac | Anycast mac configured |
(config-if)exit | Exit from interface config mode |
(config)#commit | Commit the candidate configuration to running configuration |
(config)router bgp 500 | Enter into bgp router mode |
(config-router)#address-family ipv4 vrf SMS | Enter into address-family mode for SMS |
(config-router-af)#redistribute connected | Redistribute connected |
(config-router-af)#exit-address-family | Exit form address-family |
(config)#commit | Commit the candidate configuration to running configuration |
VxLAN configuration:
(config)#nvo vxlan vtep-ip-global 60.60.60.60 | Configure Source vtep-ip-global configuration. Use loopback ip address |
(config)#nvo vxlan id 1060 ingress-replication inner-vid-disabled | Configure VxLAN Network identifier with/without inner-vid- disabled configure and enter into VxLAN tenant mode |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp RED | Assign vrf for evpn-bgp to carry EVPN route |
(config-nvo)# evpn irb1060 | Configure irb1060 under vxlan id 1060 |
(config)# nvo vxlan access-if port-vlan po1000 1060 | Enable port-vlan mapping i.e. access port to outer-vlan (SVLAN) - Multihomed access port |
(config-nvo-acc-if)# map vnid 1060 | Map VxLAN Identified to access-port for VxLAN |
(config-nvo-acc-if)# mac 0000.2222.1060 ip 10.240.38.10 | Configure static mac-ip |
(config-nvo-acc-if)#exit | Exit from VxLAN access-interface mode and enter into configuration mode |
(config)#commit | Commit the candidate configuration to running configuration |
VTEP3
(Multi-homed group) - Part of both Multi-homed with po1000(MH).
Hardware profile and generic configuration:
#configure terminal | Enter Configure mode. |
(config)#hardware-profile filter vxlan enable | Enable hardware-profile filter for VxLAN. |
(config)#hardware-profile filter vxlan-mh enable | Enable hardware-profile filter for VxLAN multi-homing. |
(config)#nvo vxlan enable | Enable VxLAN |
(config)#nvo vxlan irb | Enable VxLAN irb |
(config)#commit | Commit the candidate configuration to running configuration |
(config)# evpn irb-forwarding anycast-gateway-mac 0000.2222.3333 | Configure Anycast gateway mac |
(config)#hardware-profile filter egress-ipv4 enable | Enable hardware-profile filter for egress IPv4. |
(config)#hardware-profile statistics ac-lif enable | Enable ac-lif for vxlan access-if port counters |
(config)#qos enable | Enabling qos |
(config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd |
(config)#commit | Commit the candidate configuration to running configuration |
Interface and loopback configuration:
(config)#interface xe10 | Enter Interface mode for xe10(MH) |
(config-if)# description ***Connected to TOR2*** | Interface description |
(config-if)# channel-group 1000 mode active | Make it member of po1000 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)# interface po1000 | Enter into po1000 mode |
(config-if)# switchport | Configure L2 mode |
(config-if)# evpn multi-homed system-mac 0000.4444.5555 | Configure System mac |
(config)#interface lo | Enter Interface mode for lo |
(config-if)#ip address 76.76.76.76/32 | Configure loopback ip address |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
(config) interface xe27 | Enter interface mode |
(config-if)# description ***Connected to Spine1*** | Interface description |
(config-if)# ip address ip address 10.10.24.1/31 | Configure ip address on network side of Spine1 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
OSPF configuration:
(config)#router ospf 100 | Enter into router OSPF mode |
(config-router)#ospf router-id 76.76.76.76 | Configure router-id as lo ip address |
(config-router)#network 76.76.76.76/32 area 0.0.0.0 | Add lo ip address network into area 0 |
(config-router)#network 10.10.24.0/24 area 0.0.0.0 | Add Spine-connected network into area 0 |
(config-router)#bfd all-interfaces | Enabling bfd on all ospf interface for fast convergence |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
BGP configuration:
(config)#router bgp 500 | Enter into Router BGP mode |
(config-router)#bgp router-id 76.76.76.76 | Configure router-id as lo ip address |
(config-router)#neighbor 66.66.66.66 remote-as 500 | Specify a BorderVTEP1 loopback ip address and remote-as defined |
(config-router)#neighbor 66.66.66.66 update-source lo | Configure update as loopback for BorderVTEP1 |
(config-router)#neighbor 66.66.66.66 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for BorderVTEP1 |
(config-router)#neighbor 60.60.60.60 remote-as 500 | Specify a VTEP2 loopback ip address and remote-as defined |
(config-router)#neighbor 60.60.60.60 update-source lo | Configure update as loopback for VTEP2 |
(config-router)#neighbor 60.60.60.60 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for VTEP2 |
(config-router)# no bgp default ipv4-unicast | It will avoid default ipv4 unicast routing |
(config-router)# address-family ipv4 unicast | Enter into IPV4 unicast address family mode |
(config-router-af)# neighbor 66.66.66.66 activate | Activate BorderVTEP1 into ipv4 unicast family |
(config-router-af)# neighbor 60.60.60.60 activate | Activate VTEP2 into ipv4 unicast family |
(config-router-af)# exit-address-family | Exit from IPV4 unicast address family |
(config-router)#address-family l2vpn evpn | Enter into l2vpn EVPN address family mode |
(config-router-af)#neighbor 66.66.66.66 activate | Activate BorderVTEP1 into l2vpn evpn address family mode |
(config-router-af)#neighbor 60.60.60.60 activate | Activate VTEP2 into l2vpn evpn address family mode |
(config-router-af)#exit-address-family | Exit from l2vpn address family mode |
(config-router)#exit | Exit from Router BGP mode and enter into config mode |
(config)#commit | Commit the candidate configuration to running configuration |
L2 VRF Configuration:
(config)# mac vrf RED | Create mac routing/forwarding instance with RED name and enter into vrf mode |
(config-vrf)# rd 2.3.4.6:2 | Assign RD value |
(config-vrf)# route-target both 6000:6000 | Assign route-target value for same for import and export. Should be same on all node for RED |
(config-vrf)#exit | Exit from vrf mode |
(config)#commit | Commit the candidate configuration to running configuration |
L3 VRF and BGP Configuration:
(config)# ip vrf SMS | Create mac routing/forwarding instance with SMS name and enter into vrf mode |
(config-vrf)# rd 76.76.76.76:1040 | Assign RD value |
(config-vrf)# route-target both 1040:1040 | Assign route-target value for same for import and export. |
(config-vrf)# l3vni 10402 | Configure L3VNI as 10402 for SMS vrf |
(config-vrf)#exit | Exit from vrf mode |
(config)# interface irb 1060 | Configure irb interface 1060 |
(config-if)ip vrf forwarding SMS | Configure ip vrf forwarding |
(config-if) ip address 10.240.38.1/24 | Configure ip address |
(config-if) evpn irb-if-forwarding anycast-gateway-mac | Anycast mac configured |
(config-if)exit | Exit from interface config mode |
(config)#commit | Commit the candidate configuration to running configuration |
(config)router bgp 500 | Enter into bgp router mode |
(config-router)#address-family ipv4 vrf SMS | Enter into address-family mode for SMS |
(config-router-af)#redistribute connected | Redistribute connected |
(config-router-af)#exit-address-family | Exit form address-family |
(config)#commit | Commit the candidate configuration to running configuration |
VxLAN configuration:
(config)#nvo vxlan vtep-ip-global 76.76.76.76 | Configure Source vtep-ip-global configuration. Use loopback ip address |
(config)#nvo vxlan id 1060 ingress-replication inner-vid-disabled | Configure VxLAN Network identifier with/without inner-vid- disabled configure and enter into VxLAN tenant mode |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp RED | Assign vrf for evpn-bgp to carry EVPN route |
(config-nvo)# evpn irb1060 | Configure irb1060 under vxlan id 1060 |
(config)# nvo vxlan access-if port-vlan po1000 1060 | Enable port-vlan mapping i.e. access port to outer-vlan (SVLAN) - Multihomed access port |
(config-nvo-acc-if)# map vnid 1060 | Map VxLAN Identified to access-port for VxLAN |
(config-nvo-acc-if)# mac 0000.2222.1060 ip 10.240.38.10 | Configure static mac-ip |
(config-nvo-acc-if)#exit | Exit from VxLAN access-interface mode and enter into configuration mode |
(config)#commit | Commit the candidate configuration to running configuration |
BorderVTEP1
Hardware profile and generic configuration:
#configure terminal | Enter Configure mode. |
(config)#hardware-profile filter vxlan enable | Enable hardware-profile filter for VxLAN. |
(config)#hardware-profile filter vxlan-mh enable | Enable hardware-profile filter for VxLAN multi-homing. |
(config)#nvo vxlan enable | Enable VxLAN |
(config)#nvo vxlan irb | Enable VxLAN irb |
(config)#hardware-profile filter egress-ipv4 enable | Enable hardware-profile filter for egress IPv4. |
(Config)#hardware-profile statistics ac-lif enable | Enable ac-lif for vxlan access-if port counters |
(Config)#qos enable | Enabling qos |
(Config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd |
(config)#commit | Commit the candidate configuration to running configuration |
Interface and loopback configuration:
(config)#interface ce50 | Enter Interface mode |
(config-if)# description ***Connected to FW*** | Interface description |
(config-if)# switchport | Configure L2 mode |
(config)#interface lo | Enter Interface mode for lo |
(config-if)#ip address 66.66.66.66/32 | Configure loopback ip address |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config) interface xe39 | Enter interface mode |
(config-if)# description ***Connected to Spine1*** | Interface description |
(config-if)# ip address ip address 10.10.14.1/31 | Configure ip address on network side of Spine1 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
OSPF configuration:
(config)#router ospf 100 | Enter into router OSPF mode |
(config-router)#ospf router-id 66.66.66.66 | Configure router-id as lo ip address |
(config-router)#network 66.66.66.66/32 area 0.0.0.0 | Add lo ip address network into area 0 |
(config-router)#network 10.10.24.0/24 area 0.0.0.0 | Add Spine-connected network into area 0 |
(config-router)#bfd all-interfaces | Enabling bfd on all ospf interface for fast convergence |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
BGP configuration:
(config)#router bgp 500 | Enter into Router BGP mode |
(config-router)#bgp router-id 66.66.66.66 | Configure router-id as lo ip address |
(config-router)#neighbor 51.51.51.51 remote-as 500 | Specify a VTEP1 loopback ip address and remote-as defined |
(config-router)#neighbor 51.51.51.51 update-source lo | Configure update as loopback for VTEP1 |
(config-router)#neighbor 51.51.51.51 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for VTEP1 |
(config-router)#neighbor 60.60.60.60 remote-as 500 | Specify a VTEP2 loopback ip address and remote-as defined |
(config-router)#neighbor 60.60.60.60 update-source lo | Configure update as loopback for VTEP2 |
(config-router)#neighbor 60.60.60.60 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for VTEP2 |
(config-router)#neighbor 76.76.76.76 remote-as 500 | Specify a VTEP3 loopback ip address and remote-as defined |
(config-router)#neighbor 76.76.76.76 update-source lo | Configure update as loopback for VTEP3 |
(config-router)#neighbor 76.76.76.76 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for VTEP3 |
(config-router)# no bgp default ipv4-unicast | It will avoid default ipv4 unicast routing |
(config-router)# address-family ipv4 unicast | Enter into IPV4 unicast address family mode |
(config-router-af)# neighbor 51.51.51.51 activate | Activate VTEP1 into ipv4 unicast family |
(config-router-af)# neighbor 60.60.60.60 activate | Activate VTEP2 into ipv4 unicast family |
(config-router-af)# neighbor 76.76.76.76 activate | Activate VTEP3 into ipv4 unicast family |
(config-router-af)# exit-address-family | Exit from IPV4 unicast address family |
(config-router)#address-family l2vpn evpn | Enter into l2vpn EVPN address family mode |
(config-router-af)#neighbor 51.51.51.51 activate | Activate VTEP1 into l2vpn evpn address family mode |
(config-router-af)#neighbor 60.60.60.60 activate | Activate VTEP2 into l2vpn evpn address family mode |
(config-router-af)#neighbor 76.76.76.76 activate | Activate VTEP3 into l2vpn evpn address family mode |
(config-router-af)#exit-address-family | Exit from l2vpn address family mode |
(config-router)#exit | Exit from Router BGP mode and enter into config mode |
(config)#commit | Commit the candidate configuration to running configuration |
L2 VRF Configuration:
(config)# mac vrf RED | Create mac routing/forwarding instance with RED name and enter into vrf mode |
(config-vrf)# rd 2.2.4.4:4 | Assign RD value |
(config-vrf)# route-target both 6000:6000 | Assign route-target value for same for import and export. Should be same on all node for RED |
(config-vrf)#exit | Exit from vrf mode |
(config)#commit | Commit the candidate configuration to running configuration |
L3 VRF and BGP Configuration:
(config)# ip vrf gvrf | Create mac routing/forwarding instance with gvrf name and enter into vrf mode |
(config-vrf)# rd 4.5.6.8:6 | Assign RD value |
(config-vrf)# route-target import 100:100 | Assign route-target value for import from FAX vrf |
(config-vrf)# route-target import 300:300 | Assign route-target value for import from SMS vrf |
(config-vrf)# route-target export 1000:1000 | Assign route-target value for export from gvrf |
(config-vrf)# l3vni 500 | Configure L3VNI as 500 for gvrf vrf |
(config-vrf)#exit | Exit from vrf mode |
(config)# interface irb 1067 | Configure irb interface 1060 |
(config-if) ip vrf forwarding gvrf | Configure ip vrf forwarding |
(config-if) ip address 10.10.18.1/24 | |
Configure ip address | |
(config-if)exit | Exit from interface config mode |
(config)# ip vrf FAX | Create mac routing/forwarding instance with FAX name and enter into vrf mode |
(config-vrf)# rd 66.66.66.66:1050 | Assign RD value |
(config-vrf)# route-target both 1050:1050 | Assign route-target value for same for import and export. |
(config-vrf)# route-target export 100:100 | Assign route-target value export from FAX |
(config-vrf)# route-target import 1000:1000 | Assign route-target value for import from gvrf |
(config-vrf)# l3vni 10502 | Configure L3VNI as 10502 for FAX vrf |
(config-vrf)#exit | Exit from vrf mode |
(config)# ip vrf SMS | Create mac routing/forwarding instance with SMS name and enter into vrf mode |
(config-vrf)# rd 66.66.66.66:1060 | Assign RD value |
(config-vrf)# route-target both 1040:1040 | Assign route-target value for same for import and export. |
(config-vrf)# route-target export 300:300 | Assign route-target value export from SMS |
(config-vrf)# route-target import 1000:1000 | Assign route-target value for import from gvrf |
(config-vrf)# l3vni 10402 | Configure L3VNI as 10402 for SMS vrf |
(config-vrf)#exit | Exit from vrf mode |
(config)router bgp 500 | Enter into bgp router mode |
(config-router)#address-family ipv4 vrf gvrf | Enter into address-family mode for gvrf |
(config-router-af)#redistribute connected | Redistribute connected |
(config-router-af)# neighbor 10.10.18.2 remote-as 64603 | Add Firewall as neighbor |
(config-router-af)# neighbor 10.10.18.2 fall-over bfd | Configure bfd for better convergence |
(config-router-af)# neighbor 10.10.18.2 activate | Activate the neighbor |
(config-router-af)# neighbor 10.10.18.2 advertisement-interval 0 | Configure interval 0 for better convergence |
(config-router-af)#exit-address-family | Exit form address-family |
(config-router)#exit | Exit router mode. |
(config)#commit | Commit the candidate configuration to running configuration |
VxLAN configuration:
(config)#nvo vxlan vtep-ip-global 66.66.66.66 | Configure Source vtep-ip-global configuration. Use loopback ip address |
(config)# nvo vxlan id 1067 ingress-replication inner-vid-disabled | Configure VxLAN Network identifier with/without inner-vid- disabled configure and enter into VxLAN tenant mode |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp RED | Assign vrf for evpn-bgp to carry EVPN route |
(config-nvo)# evpn irb1067 | Configure irb1067 under vxlan id 1067 |
(config)# nvo vxlan access-if port-vlan ce50 1067 | Enable port-vlan mapping i.e. access port to outer-vlan (SVLAN) - Multihomed access port |
(config-nvo-acc-if)# map vnid 1067 | Map VxLAN Identified to access-port for VxLAN |
(config-nvo-acc-if)#exit | Exit from VxLAN access-interface mode and enter into configuration mode |
(config)#commit | Commit the candidate configuration to running configuration |
Firewall
Hardware profile and generic configuration:
#configure terminal | Enter Configure mode. |
(Config)#qos enable | Enabling qos |
(Config)#bfd interval 3 minrx 3 multiplier 3 | Configure bfd |
(config)#commit | Commit the candidate configuration to running configuration |
Interface and loopback configuration:
#configure terminal | Enter Configure mode. |
(config)# bridge 1 protocol rstp vlan-bridge | Configure rstp vlan bridge |
(config)# vlan database | |
(config)#vlan 1067 bridge 1 state enable | Configure vlans from 1067 and associate with bridge 1 |
(config)#interface ce30/1 | Enter Interface mode for ce30/1 |
(config-if)# description ***Connected to BorderVTEP1*** | Interface description |
(config-if)#bridge-group 1 | Associate to bridge 1 |
(config-if)# bridge-group 1 spanning-tree disable | Configure stp disable |
(config-if)# switchport mode trunk | Mode as trunk |
(config-if)# switchport trunk allowed vlan add 1067 | Trunk allowed vlan as 1067 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface vlan1.1067 | Enter Interface mode |
(config-if)# ip address 10.10.18.2/24 | Configure ip address |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface ce1/1 | Enter Interface mode |
(config-if)#ip address 10.10.20.1/24 | Configure ip address to advertise |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
BGP configuration:
(Config)#router bgp 64603 | Enter into Router BGP mode |
(config-router)# neighbor 10.10.18.1 remote-as 500 | Specify a BorderVTEP1 gvrf ip address and remote-as defined |
(config-router)# neighbor 10.10.18.1 fall-over bfd | Configure fall-over bfd for fast convergence |
(config-router)#neighbor 10.10.18.1 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence |
(config-router)# address-family ipv4 unicast | Enter into IPV4 unicast address family mode |
(config-router-af)# network 10.10.20.0/24 | Add lo adders as network for advertise |
(config-router-af)# max-paths ebgp 8 | Add max path |
(config-router-af)# neighbor 10.10.18.1 default-originate | Do default originate |
(config-router-af)# exit-address-family | Exit from IPV4 unicast address family |
(config-router)#exit | |
(config)#commit | Commit the candidate configuration to running configuration |
TOR1 (SH)
#configure terminal | Enter Configure mode. |
(config)# bridge 1 protocol rstp vlan-bridge | Configure rstp vlan bridge |
(config)# vlan database | |
(config)#vlan 1050 bridge 1 state enable | Configure vlans from 1050 and associate with bridge 1 |
(config)#interface ce1/1 | Enter Interface mode for ce1/1 |
(config-if)#switchport | Make as L2 port by configuring switchport |
(config-if)#bridge-group 1 | Associate to bridge 1 |
(config-if)# bridge-group 1 spanning-tree disable | Configure stp disable |
(config-if)# switchport mode trunk | Mode as trunk |
(config-if)# switchport trunk allowed vlan add 1050 | Trunk allowed vlan as 1050 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface ce25/1 | Enter Interface mode for ce25/1 |
(config-if)#switchport | Make as L2 port by configuring switchport |
(config-if)#bridge-group 1 | Associate to bridge 1 |
(config-if)# bridge-group 1 spanning-tree disable | Configure stp disable |
(config-if)# switchport mode trunk | Mode as trunk |
(config-if)# switchport trunk allowed vlan add 1050 | Trunk allowed vlan as 1050 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
TOR2 (MH)
Multihomed to 2-VTEPs (VTEP2 and VTEP3).
#configure terminal | Enter Configure mode. |
(config)# bridge 1 protocol rstp vlan-bridge | Configure rstp vlan bridge |
(config)# vlan database | |
(config)#vlan 1060 bridge 1 state enable | Configure vlans from 1060 and associate with bridge 1 |
(config)#interface po1000 | Enter Interface mode for po1000 |
(config-if)#switchport | Make as L2 port by configuring switchport |
(config-if)#bridge-group 1 | Associate to bridge 1 |
(config-if)# bridge-group 1 spanning-tree disable | Configure stp disable |
(config-if)# switchport mode trunk | Mode as trunk |
(config-if)# switchport trunk allowed vlan add 1060 | Trunk allowed vlan as 1060 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe4 | Enter Interface mode for xe4 |
(config-if)# channel-group 1000 mode active | Make it member of po1000 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe7 | Enter Interface mode for xe7 |
(config-if)# channel-group 1000 mode active | Make it member of po1000 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe7 | Enter Interface mode for ce25/1 |
(config-if)#switchport | Make as L2 port by configuring switchport |
(config-if)#bridge-group 1 | Associate to bridge 1 |
(config-if)# bridge-group 1 spanning-tree disable | Configure stp disable |
(config-if)# switchport mode trunk | Mode as trunk |
(config-if)# switchport trunk allowed vlan add 1060 | Trunk allowed vlan as 1060 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
Spine1
Spine node where all VTEPs are connected.
Generic configuration:
#configure terminal | Enter Configure mode. |
(Config)#qos enable | Enabling qos |
(Config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd |
(config)#commit | Commit the candidate configuration to running configuration |
Interface and loopback configuration:
(config)#interface lo | Enter Interface mode for lo |
(config-if)#ip address 62.62.62.62/32 secondary | Configure loopback ip address |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe40 | Enter Interface mode |
(config-if)# description ***Connected to VTEP1*** | Description of interface |
(config-if)#ip address ip address 10.10.10.2/31 | Configure ip address on network side of VTEP1 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe25 | Enter Interface mode |
(config-if)# description ***Connected to VTEP2*** | Description of interface |
(config-if)#ip address ip address 10.10.12.2/31 | Configure ip address on network side of VTEP2 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe27 | Enter Interface mode |
(config-if)# description ***Connected to VTEP3*** | Description of interface |
(config-if)#ip address ip address 10.10.24.2/31 | Configure ip address on network side of VTEP3 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe39 | Enter Interface mode |
(config-if)# description ***Connected to BorderVTEP1*** | Description of interface |
(config-if)#ip address ip address 10.10.14.2/31 | Configure ip address on network side of BorderVTEP1 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
OSPF configuration:
(config)#router ospf 100 | Enter into router OSPF mode |
(config-router)#ospf router-id 62.62.62.62 | Configure router-id as lo ip address |
(config-router)#network 62.62.62.62/32 area 0.0.0.0 | Add lo ip address network into area 0 |
(config-router)#network 10.10.10.0/24 area 0.0.0.0 | Add VTEP1 network into area 0 |
(config-router)#network 10.10.12.0/24 area 0.0.0.0 | Add VTEP2 network into area 0 |
(config-router)#network 10.10.14.0/24 area 0.0.0.0 | Add VTEP4 network into area 0 |
(config-router)#bfd all-interfaces | Enabling bfd on all ospf interface for fast convergence |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
Validations
Firewall
=========
Firewall#show ip bgp summary
BGP router identifier 10.10.19.2, local AS number 64603
BGP table version is 3
2 BGP AS-PATH entries
0 BGP community entries
8 Configured ebgp ECMP multipath: Currently set at 8
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Dow
n State/PfxRcd
10.10.18.1 4 500 46 58 3 0 0 00:17:36
3
Total number of neighbors 1
Total number of Established sessions 1
Firewall#show ip roy
Firewall#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 10.10.18.0/24 is directly connected, vlan1.1067, 00:19:40
C 10.10.20.0/24 is directly connected, ce1/1, 00:00:13
B 10.12.32.0/24 [20/0] via 10.10.18.1, vlan1.1067, 00:17:43
B 10.240.38.0/24 [20/0] via 10.10.18.1, vlan1.1067, 00:17:43
C 127.0.0.0/8 is directly connected, lo, 00:52:18
IP Route Table for VRF "management"
C 10.12.85.0/24 is directly connected, eth0, 00:52:07
C 127.0.0.0/8 is directly connected, lo.management, 00:52:18
Gateway of last resort is not set
FW#
BorderVTEP1
===========
BorderVTEP1#show nvo vxlan
VxLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
_______________________________________________________________________________________________________________________________
1067 ---- -- AC ce50 --- Single Homed Port --- 1067 ---- ---- ----
10402 ---- L3 NW ---- ---- ---- ---- 66.66.66.66 60.60.60.60
10402 ---- L3 NW ---- ---- ---- ---- 66.66.66.66 76.76.76.76
10502 ---- L3 NW ---- ---- ---- ---- 66.66.66.66 51.51.51.51
Total number of entries are 4
BorderVTEP1#show nvo vxlan tunnel
VxLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
66.66.66.66 51.51.51.51 Installed 00:22:36 00:22:36
66.66.66.66 60.60.60.60 Installed 00:22:36 00:22:36
66.66.66.66 76.76.76.76 Installed 00:22:36 00:22:36
Total number of entries are 3
BorderVTEP1#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
O 10.10.10.0/31 [110/2] via 10.10.14.0, xe39, 00:22:44
O 10.10.12.0/31 [110/2] via 10.10.14.0, xe39, 00:22:44
C 10.10.14.0/31 is directly connected, xe39, 00:23:29
O 10.10.24.0/31 [110/2] via 10.10.14.0, xe39, 00:22:44
O 51.51.51.51/32 [110/3] via 10.10.14.0, xe39, 00:22:44
O 60.60.60.60/32 [110/3] via 10.10.14.0, xe39, 00:22:44
C 66.66.66.66/32 is directly connected, lo, 00:23:32
O 76.76.76.76/32 [110/3] via 10.10.14.0, xe39, 00:22:44
C 127.0.0.0/8 is directly connected, lo, 00:24:12
IP Route Table for VRF "management"
C 10.12.86.0/24 is directly connected, eth0, 00:23:38
C 127.0.0.0/8 is directly connected, lo.management, 00:24:12
IP Route Table for VRF "gvrf"
Gateway of last resort is 10.10.18.2 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 10.10.18.2, irb1067, 00:21:31
C 10.10.18.0/24 is directly connected, irb1067, 00:23:30
B 10.10.20.0/24 [20/0] via 10.10.18.2, irb1067, 00:04:01
B v 10.12.32.0/24 [200/0] via 51.51.51.51 (recursive is directly connected, tunvxlan3), 00:22:39
B v 10.240.38.0/24 [200/0] via 60.60.60.60 (recursive is directly connected, tunvxlan4), 00:22:40
C 127.0.0.0/8 is directly connected, lo.gvrf, 00:23:36
IP Route Table for VRF "SMS"
Gateway of last resort is 10.10.18.2 to network 0.0.0.0
B* v 0.0.0.0/0 [20/0] via 10.10.18.2, irb1067, 00:21:31
B v 10.10.18.0/24 [20/0] is directly connected, irb1067, 00:23:30
B v 10.10.20.0/24 [20/0] via 10.10.18.2, irb1067, 00:04:01
B 10.240.38.0/24 [200/0] via 60.60.60.60 (recursive is directly connected, tunvxlan4), 00:22:40
B 60.60.60.60/32 [0/0] is directly connected, tunvxlan4, 00:22:39
B 76.76.76.76/32 [0/0] is directly connected, tunvxlan4, 00:22:39
C 127.0.0.0/8 is directly connected, lo.SMS, 00:23:35
IP Route Table for VRF "FAX"
Gateway of last resort is 10.10.18.2 to network 0.0.0.0
B* v 0.0.0.0/0 [20/0] via 10.10.18.2, irb1067, 00:21:31
B v 10.10.18.0/24 [20/0] is directly connected, irb1067, 00:23:30
B v 10.10.20.0/24 [20/0] via 10.10.18.2, irb1067, 00:04:01
B 10.12.32.0/24 [200/0] via 51.51.51.51 (recursive is directly connected, tunvxlan3), 00:22:39
B 51.51.51.51/32 [0/0] is directly connected, tunvxlan3, 00:22:39
C 127.0.0.0/8 is directly connected, lo.FAX, 00:23:35
IP Route Table for VRF "SMM"
C 127.0.0.0/8 is directly connected, lo.SMM, 00:23:35
Gateway of last resort is not set
BorderVTEP1# show bgp l2vpn evpn summary
BGP router identifier 66.66.66.66, local AS number 500
BGP table version is 6
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
51.51.51.51 4 500 62 71 6 0 0 00:22:50 7 0 5 1 0 1
60.60.60.60 4 500 65 71 6 0 0 00:22:50 8 2 3 1 1 1
76.76.76.76 4 500 65 70 6 0 0 00:22:50 9 2 4 1 1 1
Total number of neighbors 3
Total number of Established sessions 3
BorderVTEP1# show bgp l2vpn evpn
BGP table version is 6, local router ID is 66.66.66.66
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]
1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route
Network Next Hop Metric LocPrf Weight Path Peer Encap
RD[2.2.4.4:4] VRF[RED]:
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
* i [2]:[0]:[1050]:[48,0000:0e8d:561a]:[0]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VxLAN
* i [2]:[0]:[1050]:[48,0000:0e8d:561a]:[32,10.12.32.11]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VxLAN
* i [2]:[0]:[1050]:[48,0000:3333:1050]:[32,10.12.32.10]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VxLAN
* i [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[32,10.12.32.1]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VxLAN
* i [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[128,2401::1]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VxLAN
* i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
* i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*> [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 32768 i ---------- VxLAN
*> [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 32768 i ---------- VxLAN
* i [3]:[1050]:[32,51.51.51.51]
51.51.51.51 0 100 0 i 51.51.51.51 VxLAN
* i [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
* i [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*> [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 32768 i ---------- VxLAN
RD[2.3.4.5:1]
*>i [2]:[0]:[1050]:[48,0000:0e8d:561a]:[0]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VxLAN
*>i [2]:[0]:[1050]:[48,0000:0e8d:561a]:[32,10.12.32.11]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VxLAN
*>i [2]:[0]:[1050]:[48,0000:3333:1050]:[32,10.12.32.10]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VxLAN
*>i [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[32,10.12.32.1]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VxLAN
*>i [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[128,2401::1]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VxLAN
*>i [3]:[1050]:[32,51.51.51.51]
51.51.51.51 0 100 0 i 51.51.51.51 VxLAN
RD[2.3.4.5:2]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*>i [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
RD[2.3.4.6:2]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*>i [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
RD[51.51.51.51:1050]
*>i [5]:[0]:[10502]:[24]:[10.12.32.0]:[0.0.0.0]:[10502]
51.51.51.51 0 100 0 ? 51.51.51.51 VxLAN
RD[60.60.60.60:1]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*>i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
RD[60.60.60.60:1040]
*>i [5]:[0]:[10402]:[24]:[10.240.38.0]:[0.0.0.0]:[10402]
60.60.60.60 0 100 0 ? 60.60.60.60 VxLAN
RD[76.76.76.76:1]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*>i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
RD[76.76.76.76:1040]
*>i [5]:[0]:[10402]:[24]:[10.240.38.0]:[0.0.0.0]:[10402]
76.76.76.76 0 100 0 ? 76.76.76.76 VxLAN
Total number of prefixes 41
BorderVTEP1#
BorderVTEP1#show bgp l2vpn evpn prefix-route
RD[51.51.51.51:1050]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 10502 24 10.12.32.0 0.0.0.0 10502 51.51.51.51 VxLAN 3c2c:99d6:167a
RD[60.60.60.60:1040]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 10402 24 10.240.38.0 0.0.0.0 10402 60.60.60.60 VxLAN 3c2c:99d1:117a
RD[76.76.76.76:1040]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 10402 24 10.240.38.0 0.0.0.0 10402 76.76.76.76 VxLAN 3c2c:99de:1e7a
VTEP3
======
VTEP3#show nvo vxlan
VxLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
_______________________________________________________________________________________________________________________________
1060 ---- L2 NW ---- ---- ---- ---- 76.76.76.76 60.60.60.60
1060 ---- -- AC po1000 00:00:00:44:44:55:55:00:00:00 1060 NON-DF ---- ----
10402 ---- L3 NW ---- ---- ---- ---- 76.76.76.76 66.66.66.66
Total number of entries are 3
VTEP3#show nvo vxlan tunnel
VxLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
76.76.76.76 66.66.66.66 Installed 00:24:35 00:24:35
76.76.76.76 60.60.60.60 Installed 00:54:40 00:54:40
Total number of entries are 2
VTEP3#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
O 10.10.10.0/31 [110/2] via 10.10.24.1, xe27, 00:54:56
O 10.10.12.0/31 [110/2] via 10.10.24.1, xe27, 00:54:56
O 10.10.14.0/31 [110/2] via 10.10.24.1, xe27, 00:25:31
C 10.10.24.0/31 is directly connected, xe27, 00:55:37
O 51.51.51.51/32 [110/3] via 10.10.24.1, xe27, 00:54:47
O 60.60.60.60/32 [110/3] via 10.10.24.1, xe27, 00:54:45
O 66.66.66.66/32 [110/3] via 10.10.24.1, xe27, 00:24:46
C 76.76.76.76/32 is directly connected, lo, 00:55:38
C 127.0.0.0/8 is directly connected, lo, 00:55:39
IP Route Table for VRF "management"
C 10.12.20.0/24 is directly connected, eth0, 00:55:10
C 127.0.0.0/8 is directly connected, lo.management, 00:55:39
IP Route Table for VRF "SMS"
Gateway of last resort is 66.66.66.66 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:23:33
B 10.10.18.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:24:41
B 10.10.20.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:06:03
C 10.240.38.0/24 is directly connected, irb1060, 00:55:38
B 66.66.66.66/32 [0/0] is directly connected, tunvxlan2, 00:24:41
C 127.0.0.0/8 is directly connected, lo.SMS, 00:55:39
VTEP3# show bgp l2vpn evpn summary
BGP router identifier 76.76.76.76, local AS number 500
BGP table version is 8
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
60.60.60.60 4 500 144 140 7 0 0 00:54:55 8 2 3 1 1 1
66.66.66.66 4 500 127 125 7 0 0 00:24:51 12 0 2 1 0 9
Total number of neighbors 2
Total number of Established sessions 2
VTEP3# show bgp l2vpn evpn
BGP table version is 8, local router ID is 76.76.76.76
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]
1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route
Network Next Hop Metric LocPrf Weight Path Peer Encap
RD[2.2.4.4:4]
*>i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
*>i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
*>i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
RD[2.3.4.5:2]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*>i [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
RD[2.3.4.6:2] VRF[RED]:
*> [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 32768 i ---------- VxLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*> [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 32768 i ---------- VxLAN
*> [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 32768 i ---------- VxLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*> 76.76.76.76 0 100 32768 i ---------- VxLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*> 76.76.76.76 0 100 32768 i ---------- VxLAN
* i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
* i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
* i [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*> [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 32768 i ---------- VxLAN
* i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
RD[4.5.6.8:6]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
RD[60.60.60.60:1]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*>i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
RD[60.60.60.60:1040]
*>i [5]:[0]:[10402]:[24]:[10.240.38.0]:[0.0.0.0]:[10402]
60.60.60.60 0 100 0 ? 60.60.60.60 VxLAN
RD[66.66.66.66:1050]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
RD[66.66.66.66:1060]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
RD[76.76.76.76:1] VRF[evpn-gvrf-1]:
*> [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 32768 i ---------- VxLAN
* i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VxLAN
*> [4]:[00:00:00:44:44:55:55:00:00:00]:[32,76.76.76.76]
76.76.76.76 0 100 32768 i ---------- VxLAN
Total number of prefixes 34
VTEP3#
VTEP3#show bgp l2vpn evpn prefix-route
RD[4.5.6.8:6]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
RD[60.60.60.60:1040]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 10402 24 10.240.38.0 0.0.0.0 10402 60.60.60.60 VxLAN 3c2c:99d1:117a
RD[66.66.66.66:1050]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
RD[66.66.66.66:1060]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
VTEP2
======
VTEP2#show nvo vxlan
VxLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
_______________________________________________________________________________________________________________________________
1060 ---- L2 NW ---- ---- ---- ---- 60.60.60.60 76.76.76.76
1060 ---- -- AC po1000 00:00:00:44:44:55:55:00:00:00 1060 DF ---- ----
10402 ---- L3 NW ---- ---- ---- ---- 60.60.60.60 66.66.66.66
Total number of entries are 3
VTEP2#show nvo vxlan tunnel
VxLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
60.60.60.60 66.66.66.66 Installed 00:26:50 00:26:50
60.60.60.60 76.76.76.76 Installed 00:56:51 00:56:51
Total number of entries are 2
VTEP2#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
O 10.10.10.0/31 [110/2] via 10.10.12.0, xe25, 00:57:13
C 10.10.12.0/31 is directly connected, xe25, 00:57:57
O 10.10.14.0/31 [110/2] via 10.10.12.0, xe25, 00:27:47
O 10.10.16.0/31 [110/2] via 10.10.12.0, xe25, 00:57:13
O 10.10.24.0/31 [110/2] via 10.10.12.0, xe25, 00:57:13
O 51.51.51.51/32 [110/3] via 10.10.12.0, xe25, 00:57:03
C 60.60.60.60/32 is directly connected, lo, 00:57:59
O 66.66.66.66/32 [110/3] via 10.10.12.0, xe25, 00:27:02
O 76.76.76.76/32 [110/3] via 10.10.12.0, xe25, 00:57:13
C 127.0.0.0/8 is directly connected, lo, 00:58:00
IP Route Table for VRF "management"
C 10.12.20.0/24 is directly connected, eth0, 00:57:29
C 127.0.0.0/8 is directly connected, lo.management, 00:58:00
IP Route Table for VRF "SMS"
Gateway of last resort is 66.66.66.66 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:25:49
B 10.10.18.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:26:58
B 10.10.20.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:08:19
C 10.240.38.0/24 is directly connected, irb1060, 00:57:58
B 66.66.66.66/32 [0/0] is directly connected, tunvxlan2, 00:26:58
C 127.0.0.0/8 is directly connected, lo.SMS, 00:58:00
VTEP2#show bgp l2vpn evpn sum
BGP router identifier 60.60.60.60, local AS number 500
BGP table version is 12
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
66.66.66.66 4 500 135 133 11 0 0 00:27:29 12 0 2 1 0 9
76.76.76.76 4 500 146 150 11 0 0 00:57:30 9 2 4 1 1 1
Total number of neighbors 2
Total number of Established sessions 2
VTEP2#show bgp l2vpn evpn
BGP table version is 12, local router ID is 60.60.60.60
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]
1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route
Network Next Hop Metric LocPrf Weight Path Peer Encap
RD[2.2.4.4:4]
*>i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
*>i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
*>i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
RD[2.3.4.5:2] VRF[RED]:
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*> 60.60.60.60 0 100 32768 i ---------- VxLAN
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
* i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
* i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*> 60.60.60.60 0 100 32768 i ---------- VxLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*> 60.60.60.60 0 100 32768 i ---------- VxLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*> 60.60.60.60 0 100 32768 i ---------- VxLAN
* i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
* i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
*> [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 32768 i ---------- VxLAN
* i [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
* i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
RD[2.3.4.6:2]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*>i [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
RD[4.5.6.8:6]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
RD[60.60.60.60:1] VRF[evpn-gvrf-1]:
*> [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
60.60.60.60 0 100 32768 i ---------- VxLAN
*> [4]:[00:00:00:44:44:55:55:00:00:00]:[32,60.60.60.60]
60.60.60.60 0 100 32768 i ---------- VxLAN
* i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
RD[66.66.66.66:1050]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
RD[66.66.66.66:1060]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
RD[76.76.76.76:1]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
*>i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VxLAN
RD[76.76.76.76:1040]
*>i [5]:[0]:[10402]:[24]:[10.240.38.0]:[0.0.0.0]:[10402]
76.76.76.76 0 100 0 ? 76.76.76.76 VxLAN
Total number of prefixes 35
VTEP2#
VTEP22#show bgp l2vpn evpn prefix-route
RD[4.5.6.8:6]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
RD[66.66.66.66:1050]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
RD[66.66.66.66:1060]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
RD[76.76.76.76:1040]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 10402 24 10.240.38.0 0.0.0.0 10402 76.76.76.76 VxLAN 3c2c:99de:1e7a
VTEP2#
VTEP1
======
VTEP1#show nvo vxlan
VxLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
_______________________________________________________________________________________________________________________________
1050 ---- -- AC ce50 --- Single Homed Port --- 1050 ---- ---- ----
10502 ---- L3 NW ---- ---- ---- ---- 51.51.51.51 66.66.66.66
Total number of entries are 2
VTEP1#show nvo vxlan tunnel
VxLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
51.51.51.51 66.66.66.66 Installed 00:28:13 00:28:13
Total number of entries are 1
VTEP1#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 10.10.10.0/31 is directly connected, xe40, 00:59:46
O 10.10.12.0/31 [110/2] via 10.10.10.0, xe40, 00:59:01
O 10.10.14.0/31 [110/2] via 10.10.10.0, xe40, 00:29:45
O 10.10.24.0/31 [110/2] via 10.10.10.0, xe40, 00:59:01
C 51.51.51.51/32 is directly connected, lo, 00:59:47
O 60.60.60.60/32 [110/3] via 10.10.10.0, xe40, 00:59:01
O 66.66.66.66/32 [110/3] via 10.10.10.0, xe40, 00:29:00
O 76.76.76.76/32 [110/3] via 10.10.10.0, xe40, 00:59:01
C 127.0.0.0/8 is directly connected, lo, 00:59:49
IP Route Table for VRF "management"
C 10.12.20.0/24 is directly connected, eth0, 00:59:22
C 127.0.0.0/8 is directly connected, lo.management, 00:59:49
IP Route Table for VRF "FAX"
Gateway of last resort is 66.66.66.66 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:27:47
B 10.10.18.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:28:55
B 10.10.20.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:10:17
C 10.12.32.0/24 is directly connected, irb1050, 00:59:47
B 66.66.66.66/32 [0/0] is directly connected, tunvxlan2, 00:28:55
C 127.0.0.0/8 is directly connected, lo.FAX, 00:59:48
VTEP1# show bgp l2vpn evpn summary
BGP router identifier 51.51.51.51, local AS number 500
BGP table version is 9
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
66.66.66.66 4 500 138 132 8 0 0 00:29:07 12 0 2 1 0 9
Total number of neighbors 1
Total number of Established sessions 1
VTEP1# show bgp l2vpn evpn
BGP table version is 9, local router ID is 51.51.51.51
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]
1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route
Network Next Hop Metric LocPrf Weight Path Peer Encap
RD[2.2.4.4:4]
*>i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
*>i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
*>i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
RD[2.3.4.5:1] VRF[RED]:
*> [2]:[0]:[1050]:[48,0000:0e8d:561a]:[0]:[1050]
51.51.51.51 0 100 32768 i ---------- VxLAN
*> [2]:[0]:[1050]:[48,0000:0e8d:561a]:[32,10.12.32.11]:[1050]
51.51.51.51 0 100 32768 i ---------- VxLAN
*> [2]:[0]:[1050]:[48,0000:3333:1050]:[32,10.12.32.10]:[1050]
51.51.51.51 0 100 32768 i ---------- VxLAN
*> [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[32,10.12.32.1]:[1050]
51.51.51.51 0 100 32768 i ---------- VxLAN
*> [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[128,2401::1]:[1050]
51.51.51.51 0 100 32768 i ---------- VxLAN
* i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
* i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
*> [3]:[1050]:[32,51.51.51.51]
51.51.51.51 0 100 32768 i ---------- VxLAN
* i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VxLAN
RD[4.5.6.8:6]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
RD[66.66.66.66:1050]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
RD[66.66.66.66:1060]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VxLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VxLAN
Total number of prefixes 21
VTEP1#
VTEP1#show ip route vrf FAX
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "FAX"
Gateway of last resort is 66.66.66.66 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:29:26
B 10.10.18.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:30:34
B 10.10.20.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:11:56
C 10.12.32.0/24 is directly connected, irb1050, 01:01:26
B 66.66.66.66/32 [0/0] is directly connected, tunvxlan2, 00:30:34
C 127.0.0.0/8 is directly connected, lo.FAX, 01:01:27
VTEP1#show bgp l2vpn evpn prefix-route
RD[4.5.6.8:6]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
RD[66.66.66.66:1050]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
RD[66.66.66.66:1060]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VxLAN 3c2c:991c:dc7a
Ping to 10.10.20.1 network which is advertised by Firewall from VTEP1 FAX vrf
VTEP1# ping 10.10.20.1 vrf FAX
Press CTRL+C to exit
PING 10.10.20.1 (10.10.20.1) 56(84) bytes of data.
64 bytes from 10.10.20.1: icmp_seq=1 ttl=63 time=0.446 ms
64 bytes from 10.10.20.1: icmp_seq=2 ttl=63 time=0.413 ms
64 bytes from 10.10.20.1: icmp_seq=3 ttl=63 time=0.373 ms
--- 10.10.20.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 73ms
rtt min/avg/max/mdev = 0.373/0.410/0.446/0.037 ms
VTEP1#