Topology
The procedures in this section use the topology in Figure 11-12.
Figure 11-12: VxLAN_EVPN_IVRF
Note: SH means Single homing host and MH means Multihoming host.
VTEP1
Single Home -SH
Hardware profile and generic configuration:
#configure terminal | Enter Configure mode. |
(config)#hardware-profile filter vxlan enable | Enable hardware-profile filter for VXLAN. |
(config)#hardware-profile filter vxlan-mh enable | Enable hardware-profile filter for VXLAN multi-homing. |
(config)#nvo vxlan enable | Enable VXLAN |
(config)#nvo vxlan irb | Enable VXLAN irb |
(config)#hardware-profile filter egress-ipv4 enable | Enable hardware-profile filter for egress IPv4. |
(config)#hardware-profile statistics ac-lif enable | Enable ac-lif for vxlan access-if port counters |
(config)#qos enable | Enabling qos |
(Config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd |
(config)#commit | Commit the candidate configuration to running configuration |
Interface and loopback configuration:
(config)#interface ce50 | Enter Interface mode for ce50 (SH1) |
(config-if)# description ***Connected to TOR1*** | Interface description |
(config-if)#switchport | Make it L2 interface |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface lo | Enter Interface mode for lo |
(config-if)#ip address 51.51.51.51/32 secondary | Configure loopback ip address |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config) interface xe40 | Enter interface mode |
(config-if)# description ***Connected to Spine2*** | Interface description |
(config-if)# ip address 10.10.10.1/31 | Configure ip address on network side of Spine1 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
OSPF configuration:
(config)#router ospf 100 | Enter into router OSPF mode |
(config-router)#ospf router-id 51.51.51.51 | Configure router-id as lo ip address |
(config-router)#network 51.51.51.51/32 area 0.0.0.0 | Add lo ip address network into area 0 |
(config-router)#network 10.10.10.0/24 area 0.0.0.0 | Add Spine-connected network into area 0 |
(config-router)#bfd all-interfaces | Enabling bfd on all ospf interface for fast convergence |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
BGP configuration:
(config)#router bgp 500 | Enter into Router BGP mode |
(config-router)#bgp router-id 51.51.51.51 | Configure router-id as lo ip address |
(config-router)#neighbor 66.66.66.66 remote-as 500 | Specify a BorderVTEP1 loopback ip address and remote-as defined |
(config-router)#neighbor 66.66.66.66 update-source lo | Configure update as loopback for BorderVTEP1 |
(config-router)#neighbor 66.66.66.66 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for BorderVTEP1 |
(config-router)# no bgp default ipv4-unicast | It will avoid default ipv4 unicast routing |
(config-router)# address-family ipv4 unicast | Enter into IPV4 unicast address family mode |
(config-router-af)# neighbor 66.66.66.66 activate | Activate BorderVTEP1 into ipv4 unicast family |
(config-router-af)# exit-address-family | Exit from IPV4 unicast address family |
(config-router)#address-family l2vpn evpn | Enter into l2vpn EVPN address family mode |
(config-router-af)#neighbor 66.66.66.66 activate | Activate BorderVTEP1 into l2vpn evpn address family mode |
(config-router-af)#exit-address-family | Exit from l2vpn address family mode |
(config-router)#exit | Exit from Router BGP mode and enter into config mode |
(config)#commit | Commit the candidate configuration to running configuration |
L2 VRF Configuration:
(config)# mac vrf RED | Create mac routing/forwarding instance with RED name and enter into vrf mode |
(config-vrf)# rd 2.3.4.5:1 | Assign RD value |
(config-vrf)# route-target both 6000:6000 | Assign route-target value for same for import and export. Should be same on all node for RED |
(config-vrf)#exit | Exit from vrf mode |
(config)#commit | Commit the candidate configuration to running configuration |
L3 VRF and BGP Configuration:
(config)# ip vrf FAX | Create mac routing/forwarding instance with FAX name and enter into vrf mode |
(config-vrf)# rd 51.51.51.51:1050 | Assign RD value |
(config-vrf)# route-target both 1050:1050 | Assign route-target value for same for import and export. |
(config-vrf)# l3vni 10502 | Configure L3VNI as 10502 for FAX vrf |
(config-vrf)#exit | Exit from vrf mode |
(config)# interface irb 1050 | Configure irb interface 1050 |
(config-if)ip vrf forwarding FAX | Configure FAX |
(config-if) ip address 10.12.32.1/24 | Configure ip address |
(config-if)exit | Exit from interface config mode |
(config)#commit | Commit the candidate configuration to running configuration |
(config)router bgp 500 | Enter into bgp router mode |
(config-router)#address-family ipv4 vrf FAX | Enter into address-family mode for FAX |
(config-router-af)#redistribute connected | Redistribute connected |
(config-router-af)#exit-address-family | Exit form address-family |
(config-router)#exit | Exit from router bgp configuration mode |
(config)#commit | Commit the candidate configuration to running configuration |
VXLAN configuration:
(config)#nvo vxlan vtep-ip-global 51.51.51.51 | Configure Source vtep-ip-global configuration. Use loopback ip address |
(config)#nvo vxlan id 1050 ingress-replication inner-vid-disabled | Configure VXLAN Network identifier with/without inner-vid- disabled configure and enter into VXLAN tenant mode |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp RED | Assign vrf for evpn-bgp to carry EVPN route |
(config-nvo)# evpn irb1050 | Configure irb1050 under vxlan id 1050 |
(config)# nvo vxlan access-if port-vlan ce50 1050 | Enable port-vlan mapping i.e. access port to outer-vlan (SVLAN) |
(config-nvo-acc-if)# map vnid 1050 | Map VXLAN Identified to access-port for VXLAN |
(config-nvo-acc-if)# mac 0000.3333.1050 ip 10.12.32.10 | Configure static mac-ip |
(config-nvo-acc-if)#exit | Exit from VXLAN access-interface mode and enter into configuration mode |
(config)#commit | Commit the candidate configuration to running configuration |
VTEP2
(Multi-homed group) - Part of both Multi-homed with po1000(MH).
Hardware profile and generic configuration:
#configure terminal | Enter Configure mode. |
(config)#hardware-profile filter vxlan enable | Enable hardware-profile filter for VXLAN. |
(config)#hardware-profile filter vxlan-mh enable | Enable hardware-profile filter for VXLAN multi-homing. |
(config)#nvo vxlan enable | Enable VXLAN |
(config)#nvo vxlan irb | Enable VXLAN irb |
(config)# evpn irb-forwarding anycast-gateway-mac 0000.2222.3333 | Configure Anycast gateway mac |
(config)#hardware-profile filter egress-ipv4 enable | Enable hardware-profile filter for egress IPv4. |
(Config)#hardware-profile statistics ac-lif enable | Enable ac-lif for vxlan access-if port counters |
(Config)#qos enable | Enabling qos |
(Config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd |
(config)#commit | Commit the candidate configuration to running configuration |
Interface and loopback configuration:
(config)#interface xe4 | Enter Interface mode for xe4(MH) |
(config-if)# description ***Connected to TOR2*** | Interface description |
(config-if)# channel-group 1000 mode active | Make it member of po1000 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)# interface po1000 | Enter into po1000 mode |
(config-if)# switchport | Configure L2 mode |
(config-if)# evpn multi-homed system-mac 0000.4444.5555 | Configure System mac |
(config)#interface lo | Enter Interface mode for lo |
(config-if)#ip address 60.60.60.60/32 | Configure loopback ip address |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config) interface xe25 | Enter interface mode |
(config-if)# description ***Connected to Spine1*** | Interface description |
(config-if)# ip address ip address 10.10.12.1/31 | Configure ip address on network side of Spine1 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
OSPF configuration:
(config)#router ospf 100 | Enter into router OSPF mode |
(config-router)#ospf router-id 60.60.60.60 | Configure router-id as lo ip address |
(config-router)#network 60.60.60.60/32 area 0.0.0.0 | Add lo ip address network into area 0 |
(config-router)#network 10.10.12.0/24 area 0.0.0.0 | Add Spine-connected network into area 0 |
(config-router)#bfd all-interfaces | Enabling bfd on all ospf interface for fast convergence |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
BGP configuration:
(config)#router bgp 500 | Enter into Router BGP mode |
(config-router)#bgp router-id 60.60.60.60 | Configure router-id as lo ip address |
(config-router)#neighbor 66.66.66.66 remote-as 500 | Specify a BorderVTEP1 loopback ip address and remote-as defined |
(config-router)#neighbor 66.66.66.66 update-source lo | Configure update as loopback for BorderVTEP1 |
(config-router)#neighbor 66.66.66.66 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for BorderVTEP1 |
(config-router)#neighbor 76.76.76.76 remote-as 500 | Specify a VTEP3 loopback ip address and remote-as defined |
(config-router)#neighbor 76.76.76.76 update-source lo | Configure update as loopback for VTEP3 |
(config-router)#neighbor 76.76.76.76 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for VTEP3 |
(config-router)# no bgp default ipv4-unicast | It will avoid default ipv4 unicast routing |
(config-router)# address-family ipv4 unicast | Enter into IPV4 unicast address family mode |
(config-router-af)# neighbor 66.66.66.66 activate | Activate BorderVTEP1 into ipv4 unicast family |
(config-router-af)# neighbor 76.76.76.76 activate | Activate VTEP3 into ipv4 unicast family |
(config-router-af)# exit-address-family | Exit from IPV4 unicast address family |
(config-router)#address-family l2vpn evpn | Enter into l2vpn EVPN address family mode |
(config-router-af)#neighbor 66.66.66.66 activate | Activate BorderVTEP1 into l2vpn evpn address family mode |
(config-router-af)#neighbor 76.76.76.76 activate | Activate VTEP3 into l2vpn evpn address family mode |
(config-router-af)#exit-address-family | Exit from l2vpn address family mode |
(config-router)#exit | Exit from Router BGP mode and enter into config mode |
(config)#commit | Commit the candidate configuration to running configuration |
L2 VRF Configuration:
(config)# mac vrf RED | Create mac routing/forwarding instance with RED name and enter into vrf mode |
(config-vrf)# rd 2.3.4.5:2 | Assign RD value |
(config-vrf)# route-target both 6000:6000 | Assign route-target value for same for import and export. Should be same on all node for RED |
(config-vrf)#exit | Exit from vrf mode |
(config)#commit | Commit the candidate configuration to running configuration |
L3 VRF and BGP Configuration:
(config)# ip vrf SMS | Create mac routing/forwarding instance with SMS name and enter into vrf mode |
(config-vrf)# rd 60.60.60.60:1040 | Assign RD value |
(config-vrf)# route-target both 1040:1040 | Assign route-target value for same for import and export. |
(config-vrf)# l3vni 10402 | Configure L3VNI as 10402 for SMS vrf |
(config-vrf)#exit | Exit from vrf mode |
(config)# interface irb 1060 | Configure irb interface 1060 |
(config-if)ip vrf forwarding SMS | Configure ip vrf forwarding |
(config-if) ip address 10.240.38.1/24 | Configure ip address |
(config-if) evpn irb-if-forwarding anycast-gateway-mac | Anycast mac configured |
(config-if)exit | Exit from interface config mode |
(config)#commit | Commit the candidate configuration to running configuration |
(config)router bgp 500 | Enter into bgp router mode |
(config-router)#address-family ipv4 vrf SMS | Enter into address-family mode for SMS |
(config-router-af)#redistribute connected | Redistribute connected |
(config-router-af)#exit-address-family | Exit form address-family |
(config)#commit | Commit the candidate configuration to running configuration |
VXLAN configuration:
(config)#nvo vxlan vtep-ip-global 60.60.60.60 | Configure Source vtep-ip-global configuration. Use loopback ip address |
(config)#nvo vxlan id 1060 ingress-replication inner-vid-disabled | Configure VXLAN Network identifier with/without inner-vid- disabled configure and enter into VXLAN tenant mode |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp RED | Assign vrf for evpn-bgp to carry EVPN route |
(config-nvo)# evpn irb1060 | Configure irb1060 under vxlan id 1060 |
(config)# nvo vxlan access-if port-vlan po1000 1060 | Enable port-vlan mapping i.e. access port to outer-vlan (SVLAN) - Multihomed access port |
(config-nvo-acc-if)# map vnid 1060 | Map VXLAN Identified to access-port for VXLAN |
(config-nvo-acc-if)# mac 0000.2222.1060 ip 10.240.38.10 | Configure static mac-ip |
(config-nvo-acc-if)#exit | Exit from VXLAN access-interface mode and enter into configuration mode |
(config)#commit | Commit the candidate configuration to running configuration |
VTEP3
(Multi-homed group) - Part of both Multi-homed with po1000(MH).
Hardware profile and generic configuration:
#configure terminal | Enter Configure mode. |
(config)#hardware-profile filter vxlan enable | Enable hardware-profile filter for VXLAN. |
(config)#hardware-profile filter vxlan-mh enable | Enable hardware-profile filter for VXLAN multi-homing. |
(config)#nvo vxlan enable | Enable VXLAN |
(config)#nvo vxlan irb | Enable VXLAN irb |
(config)#commit | Commit the candidate configuration to running configuration |
(config)# evpn irb-forwarding anycast-gateway-mac 0000.2222.3333 | Configure Anycast gateway mac |
(config)#hardware-profile filter egress-ipv4 enable | Enable hardware-profile filter for egress IPv4. |
(config)#hardware-profile statistics ac-lif enable | Enable ac-lif for vxlan access-if port counters |
(config)#qos enable | Enabling qos |
(config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd |
(config)#commit | Commit the candidate configuration to running configuration |
Interface and loopback configuration:
(config)#interface xe10 | Enter Interface mode for xe10(MH) |
(config-if)# description ***Connected to TOR2*** | Interface description |
(config-if)# channel-group 1000 mode active | Make it member of po1000 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)# interface po1000 | Enter into po1000 mode |
(config-if)# switchport | Configure L2 mode |
(config-if)# evpn multi-homed system-mac 0000.4444.5555 | Configure System mac |
(config)#interface lo | Enter Interface mode for lo |
(config-if)#ip address 76.76.76.76/32 | Configure loopback ip address |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
(config) interface xe27 | Enter interface mode |
(config-if)# description ***Connected to Spine1*** | Interface description |
(config-if)# ip address ip address 10.10.24.1/31 | Configure ip address on network side of Spine1 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
OSPF configuration:
(config)#router ospf 100 | Enter into router OSPF mode |
(config-router)#ospf router-id 76.76.76.76 | Configure router-id as lo ip address |
(config-router)#network 76.76.76.76/32 area 0.0.0.0 | Add lo ip address network into area 0 |
(config-router)#network 10.10.24.0/24 area 0.0.0.0 | Add Spine-connected network into area 0 |
(config-router)#bfd all-interfaces | Enabling bfd on all ospf interface for fast convergence |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
BGP configuration:
(config)#router bgp 500 | Enter into Router BGP mode |
(config-router)#bgp router-id 76.76.76.76 | Configure router-id as lo ip address |
(config-router)#neighbor 66.66.66.66 remote-as 500 | Specify a BorderVTEP1 loopback ip address and remote-as defined |
(config-router)#neighbor 66.66.66.66 update-source lo | Configure update as loopback for BorderVTEP1 |
(config-router)#neighbor 66.66.66.66 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for BorderVTEP1 |
(config-router)#neighbor 60.60.60.60 remote-as 500 | Specify a VTEP2 loopback ip address and remote-as defined |
(config-router)#neighbor 60.60.60.60 update-source lo | Configure update as loopback for VTEP2 |
(config-router)#neighbor 60.60.60.60 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for VTEP2 |
(config-router)# no bgp default ipv4-unicast | It will avoid default ipv4 unicast routing |
(config-router)# address-family ipv4 unicast | Enter into IPV4 unicast address family mode |
(config-router-af)# neighbor 66.66.66.66 activate | Activate BorderVTEP1 into ipv4 unicast family |
(config-router-af)# neighbor 60.60.60.60 activate | Activate VTEP2 into ipv4 unicast family |
(config-router-af)# exit-address-family | Exit from IPV4 unicast address family |
(config-router)#address-family l2vpn evpn | Enter into l2vpn EVPN address family mode |
(config-router-af)#neighbor 66.66.66.66 activate | Activate BorderVTEP1 into l2vpn evpn address family mode |
(config-router-af)#neighbor 60.60.60.60 activate | Activate VTEP2 into l2vpn evpn address family mode |
(config-router-af)#exit-address-family | Exit from l2vpn address family mode |
(config-router)#exit | Exit from Router BGP mode and enter into config mode |
(config)#commit | Commit the candidate configuration to running configuration |
L2 VRF Configuration:
(config)# mac vrf RED | Create mac routing/forwarding instance with RED name and enter into vrf mode |
(config-vrf)# rd 2.3.4.6:2 | Assign RD value |
(config-vrf)# route-target both 6000:6000 | Assign route-target value for same for import and export. Should be same on all node for RED |
(config-vrf)#exit | Exit from vrf mode |
(config)#commit | Commit the candidate configuration to running configuration |
L3 VRF and BGP Configuration:
(config)# ip vrf SMS | Create mac routing/forwarding instance with SMS name and enter into vrf mode |
(config-vrf)# rd 76.76.76.76:1040 | Assign RD value |
(config-vrf)# route-target both 1040:1040 | Assign route-target value for same for import and export. |
(config-vrf)# l3vni 10402 | Configure L3VNI as 10402 for SMS vrf |
(config-vrf)#exit | Exit from vrf mode |
(config)# interface irb 1060 | Configure irb interface 1060 |
(config-if)ip vrf forwarding SMS | Configure ip vrf forwarding |
(config-if) ip address 10.240.38.1/24 | Configure ip address |
(config-if) evpn irb-if-forwarding anycast-gateway-mac | Anycast mac configured |
(config-if)exit | Exit from interface config mode |
(config)#commit | Commit the candidate configuration to running configuration |
(config)router bgp 500 | Enter into bgp router mode |
(config-router)#address-family ipv4 vrf SMS | Enter into address-family mode for SMS |
(config-router-af)#redistribute connected | Redistribute connected |
(config-router-af)#exit-address-family | Exit form address-family |
(config)#commit | Commit the candidate configuration to running configuration |
VXLAN configuration:
(config)#nvo vxlan vtep-ip-global 76.76.76.76 | Configure Source vtep-ip-global configuration. Use loopback ip address |
(config)#nvo vxlan id 1060 ingress-replication inner-vid-disabled | Configure VXLAN Network identifier with/without inner-vid- disabled configure and enter into VXLAN tenant mode |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp RED | Assign vrf for evpn-bgp to carry EVPN route |
(config-nvo)# evpn irb1060 | Configure irb1060 under vxlan id 1060 |
(config)# nvo vxlan access-if port-vlan po1000 1060 | Enable port-vlan mapping i.e. access port to outer-vlan (SVLAN) - Multihomed access port |
(config-nvo-acc-if)# map vnid 1060 | Map VXLAN Identified to access-port for VXLAN |
(config-nvo-acc-if)# mac 0000.2222.1060 ip 10.240.38.10 | Configure static mac-ip |
(config-nvo-acc-if)#exit | Exit from VXLAN access-interface mode and enter into configuration mode |
(config)#commit | Commit the candidate configuration to running configuration |
BorderVTEP1
Hardware profile and generic configuration:
#configure terminal | Enter Configure mode. |
(config)#hardware-profile filter vxlan enable | Enable hardware-profile filter for VXLAN. |
(config)#hardware-profile filter vxlan-mh enable | Enable hardware-profile filter for VXLAN multi-homing. |
(config)#nvo vxlan enable | Enable VXLAN |
(config)#nvo vxlan irb | Enable VXLAN irb |
(config)#hardware-profile filter egress-ipv4 enable | Enable hardware-profile filter for egress IPv4. |
(Config)#hardware-profile statistics ac-lif enable | Enable ac-lif for vxlan access-if port counters |
(Config)#qos enable | Enabling qos |
(Config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd |
(config)#commit | Commit the candidate configuration to running configuration |
Interface and loopback configuration:
(config)#interface ce50 | Enter Interface mode |
(config-if)# description ***Connected to FW*** | Interface description |
(config-if)# switchport | Configure L2 mode |
(config)#interface lo | Enter Interface mode for lo |
(config-if)#ip address 66.66.66.66/32 | Configure loopback ip address |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config) interface xe39 | Enter interface mode |
(config-if)# description ***Connected to Spine1*** | Interface description |
(config-if)# ip address ip address 10.10.14.1/31 | Configure ip address on network side of Spine1 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
OSPF configuration:
(config)#router ospf 100 | Enter into router OSPF mode |
(config-router)#ospf router-id 66.66.66.66 | Configure router-id as lo ip address |
(config-router)#network 66.66.66.66/32 area 0.0.0.0 | Add lo ip address network into area 0 |
(config-router)#network 10.10.24.0/24 area 0.0.0.0 | Add Spine-connected network into area 0 |
(config-router)#bfd all-interfaces | Enabling bfd on all ospf interface for fast convergence |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
BGP configuration:
(config)#router bgp 500 | Enter into Router BGP mode |
(config-router)#bgp router-id 66.66.66.66 | Configure router-id as lo ip address |
(config-router)#neighbor 51.51.51.51 remote-as 500 | Specify a VTEP1 loopback ip address and remote-as defined |
(config-router)#neighbor 51.51.51.51 update-source lo | Configure update as loopback for VTEP1 |
(config-router)#neighbor 51.51.51.51 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for VTEP1 |
(config-router)#neighbor 60.60.60.60 remote-as 500 | Specify a VTEP2 loopback ip address and remote-as defined |
(config-router)#neighbor 60.60.60.60 update-source lo | Configure update as loopback for VTEP2 |
(config-router)#neighbor 60.60.60.60 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for VTEP2 |
(config-router)#neighbor 76.76.76.76 remote-as 500 | Specify a VTEP3 loopback ip address and remote-as defined |
(config-router)#neighbor 76.76.76.76 update-source lo | Configure update as loopback for VTEP3 |
(config-router)#neighbor 76.76.76.76 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence for VTEP3 |
(config-router)# no bgp default ipv4-unicast | It will avoid default ipv4 unicast routing |
(config-router)# address-family ipv4 unicast | Enter into IPV4 unicast address family mode |
(config-router-af)# neighbor 51.51.51.51 activate | Activate VTEP1 into ipv4 unicast family |
(config-router-af)# neighbor 60.60.60.60 activate | Activate VTEP2 into ipv4 unicast family |
(config-router-af)# neighbor 76.76.76.76 activate | Activate VTEP3 into ipv4 unicast family |
(config-router-af)# exit-address-family | Exit from IPV4 unicast address family |
(config-router)#address-family l2vpn evpn | Enter into l2vpn EVPN address family mode |
(config-router-af)#neighbor 51.51.51.51 activate | Activate VTEP1 into l2vpn evpn address family mode |
(config-router-af)#neighbor 60.60.60.60 activate | Activate VTEP2 into l2vpn evpn address family mode |
(config-router-af)#neighbor 76.76.76.76 activate | Activate VTEP3 into l2vpn evpn address family mode |
(config-router-af)#exit-address-family | Exit from l2vpn address family mode |
(config-router)#exit | Exit from Router BGP mode and enter into config mode |
(config)#commit | Commit the candidate configuration to running configuration |
L2 VRF Configuration:
(config)# mac vrf RED | Create mac routing/forwarding instance with RED name and enter into vrf mode |
(config-vrf)# rd 2.2.4.4:4 | Assign RD value |
(config-vrf)# route-target both 6000:6000 | Assign route-target value for same for import and export. Should be same on all node for RED |
(config-vrf)#exit | Exit from vrf mode |
(config)#commit | Commit the candidate configuration to running configuration |
L3 VRF and BGP Configuration:
(config)# ip vrf gvrf | Create mac routing/forwarding instance with gvrf name and enter into vrf mode |
(config-vrf)# rd 4.5.6.8:6 | Assign RD value |
(config-vrf)# route-target import 100:100 | Assign route-target value for import from FAX vrf |
(config-vrf)# route-target import 300:300 | Assign route-target value for import from SMS vrf |
(config-vrf)# route-target export 1000:1000 | Assign route-target value for export from gvrf |
(config-vrf)# l3vni 500 | Configure L3VNI as 500 for gvrf vrf |
(config-vrf)#exit | Exit from vrf mode |
(config)# interface irb 1067 | Configure irb interface 1060 |
(config-if) ip vrf forwarding gvrf | Configure ip vrf forwarding |
(config-if) ip address 10.10.18.1/24 | |
Configure ip address | |
(config-if)exit | Exit from interface config mode |
(config)# ip vrf FAX | Create mac routing/forwarding instance with FAX name and enter into vrf mode |
(config-vrf)# rd 66.66.66.66:1050 | Assign RD value |
(config-vrf)# route-target both 1050:1050 | Assign route-target value for same for import and export. |
(config-vrf)# route-target export 100:100 | Assign route-target value export from FAX |
(config-vrf)# route-target import 1000:1000 | Assign route-target value for import from gvrf |
(config-vrf)# l3vni 10502 | Configure L3VNI as 10502 for FAX vrf |
(config-vrf)#exit | Exit from vrf mode |
(config)# ip vrf SMS | Create mac routing/forwarding instance with SMS name and enter into vrf mode |
(config-vrf)# rd 66.66.66.66:1060 | Assign RD value |
(config-vrf)# route-target both 1040:1040 | Assign route-target value for same for import and export. |
(config-vrf)# route-target export 300:300 | Assign route-target value export from SMS |
(config-vrf)# route-target import 1000:1000 | Assign route-target value for import from gvrf |
(config-vrf)# l3vni 10402 | Configure L3VNI as 10402 for SMS vrf |
(config-vrf)#exit | Exit from vrf mode |
(config)router bgp 500 | Enter into bgp router mode |
(config-router)#address-family ipv4 vrf gvrf | Enter into address-family mode for gvrf |
(config-router-af)#redistribute connected | Redistribute connected |
(config-router-af)# neighbor 10.10.18.2 remote-as 64603 | Add Firewall as neighbor |
(config-router-af)# neighbor 10.10.18.2 fall-over bfd | Configure bfd for better convergence |
(config-router-af)# neighbor 10.10.18.2 activate | Activate the neighbor |
(config-router-af)# neighbor 10.10.18.2 advertisement-interval 0 | Configure interval 0 for better convergence |
(config-router-af)#exit-address-family | Exit form address-family |
(config-router)#exit | Exit router mode. |
(config)#commit | Commit the candidate configuration to running configuration |
VXLAN configuration:
(config)#nvo vxlan vtep-ip-global 66.66.66.66 | Configure Source vtep-ip-global configuration. Use loopback ip address |
(config)# nvo vxlan id 1067 ingress-replication inner-vid-disabled | Configure VXLAN Network identifier with/without inner-vid- disabled configure and enter into VXLAN tenant mode |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp RED | Assign vrf for evpn-bgp to carry EVPN route |
(config-nvo)# evpn irb1067 | Configure irb1067 under vxlan id 1067 |
(config)# nvo vxlan access-if port-vlan ce50 1067 | Enable port-vlan mapping i.e. access port to outer-vlan (SVLAN) - Multihomed access port |
(config-nvo-acc-if)# map vnid 1067 | Map VXLAN Identified to access-port for VXLAN |
(config-nvo-acc-if)#exit | Exit from VXLAN access-interface mode and enter into configuration mode |
(config)#commit | Commit the candidate configuration to running configuration |
Firewall
Hardware profile and generic configuration:
#configure terminal | Enter Configure mode. |
(Config)#qos enable | Enabling qos |
(Config)#bfd interval 3 minrx 3 multiplier 3 | Configure bfd |
(config)#commit | Commit the candidate configuration to running configuration |
Interface and loopback configuration:
#configure terminal | Enter Configure mode. |
(config)# bridge 1 protocol rstp vlan-bridge | Configure rstp vlan bridge |
(config)# vlan database | |
(config)#vlan 1067 bridge 1 state enable | Configure vlans from 1067 and associate with bridge 1 |
(config)#interface ce30/1 | Enter Interface mode for ce30/1 |
(config-if)# description ***Connected to BorderVTEP1*** | Interface description |
(config-if)#bridge-group 1 | Associate to bridge 1 |
(config-if)# bridge-group 1 spanning-tree disable | Configure stp disable |
(config-if)# switchport mode trunk | Mode as trunk |
(config-if)# switchport trunk allowed vlan add 1067 | Trunk allowed vlan as 1067 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface vlan1.1067 | Enter Interface mode |
(config-if)# ip address 10.10.18.2/24 | Configure ip address |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface ce1/1 | Enter Interface mode |
(config-if)#ip address 10.10.20.1/24 | Configure ip address to advertise |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
BGP configuration:
(Config)#router bgp 64603 | Enter into Router BGP mode |
(config-router)# neighbor 10.10.18.1 remote-as 500 | Specify a BorderVTEP1 gvrf ip address and remote-as defined |
(config-router)# neighbor 10.10.18.1 fall-over bfd | Configure fall-over bfd for fast convergence |
(config-router)#neighbor 10.10.18.1 advertisement-interval 0 | Configure advertisement-interval as 0 for fast convergence |
(config-router)# address-family ipv4 unicast | Enter into IPV4 unicast address family mode |
(config-router-af)# network 10.10.20.0/24 | Add lo adders as network for advertise |
(config-router-af)# max-paths ebgp 8 | Add max path |
(config-router-af)# neighbor 10.10.18.1 default-originate | Do default originate |
(config-router-af)# exit-address-family | Exit from IPV4 unicast address family |
(config-router)#exit | |
(config)#commit | Commit the candidate configuration to running configuration |
TOR1 (SH)
#configure terminal | Enter Configure mode. |
(config)# bridge 1 protocol rstp vlan-bridge | Configure rstp vlan bridge |
(config)# vlan database | |
(config)#vlan 1050 bridge 1 state enable | Configure vlans from 1050 and associate with bridge 1 |
(config)#interface ce1/1 | Enter Interface mode for ce1/1 |
(config-if)#switchport | Make as L2 port by configuring switchport |
(config-if)#bridge-group 1 | Associate to bridge 1 |
(config-if)# bridge-group 1 spanning-tree disable | Configure stp disable |
(config-if)# switchport mode trunk | Mode as trunk |
(config-if)# switchport trunk allowed vlan add 1050 | Trunk allowed vlan as 1050 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface ce25/1 | Enter Interface mode for ce25/1 |
(config-if)#switchport | Make as L2 port by configuring switchport |
(config-if)#bridge-group 1 | Associate to bridge 1 |
(config-if)# bridge-group 1 spanning-tree disable | Configure stp disable |
(config-if)# switchport mode trunk | Mode as trunk |
(config-if)# switchport trunk allowed vlan add 1050 | Trunk allowed vlan as 1050 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
TOR2 (MH)
Multihomed to 2-VTEPs (VTEP2 and VTEP3).
#configure terminal | Enter Configure mode. |
(config)# bridge 1 protocol rstp vlan-bridge | Configure rstp vlan bridge |
(config)# vlan database | |
(config)#vlan 1060 bridge 1 state enable | Configure vlans from 1060 and associate with bridge 1 |
(config)#interface po1000 | Enter Interface mode for po1000 |
(config-if)#switchport | Make as L2 port by configuring switchport |
(config-if)#bridge-group 1 | Associate to bridge 1 |
(config-if)# bridge-group 1 spanning-tree disable | Configure stp disable |
(config-if)# switchport mode trunk | Mode as trunk |
(config-if)# switchport trunk allowed vlan add 1060 | Trunk allowed vlan as 1060 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe4 | Enter Interface mode for xe4 |
(config-if)# channel-group 1000 mode active | Make it member of po1000 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe7 | Enter Interface mode for xe7 |
(config-if)# channel-group 1000 mode active | Make it member of po1000 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe7 | Enter Interface mode for ce25/1 |
(config-if)#switchport | Make as L2 port by configuring switchport |
(config-if)#bridge-group 1 | Associate to bridge 1 |
(config-if)# bridge-group 1 spanning-tree disable | Configure stp disable |
(config-if)# switchport mode trunk | Mode as trunk |
(config-if)# switchport trunk allowed vlan add 1060 | Trunk allowed vlan as 1060 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
Spine1
Spine node where all VTEPs are connected.
Generic configuration:
#configure terminal | Enter Configure mode. |
(Config)#qos enable | Enabling qos |
(Config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd |
(config)#commit | Commit the candidate configuration to running configuration |
Interface and loopback configuration:
(config)#interface lo | Enter Interface mode for lo |
(config-if)#ip address 62.62.62.62/32 secondary | Configure loopback ip address |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe40 | Enter Interface mode |
(config-if)# description ***Connected to VTEP1*** | Description of interface |
(config-if)#ip address ip address 10.10.10.2/31 | Configure ip address on network side of VTEP1 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe25 | Enter Interface mode |
(config-if)# description ***Connected to VTEP2*** | Description of interface |
(config-if)#ip address ip address 10.10.12.2/31 | Configure ip address on network side of VTEP2 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe27 | Enter Interface mode |
(config-if)# description ***Connected to VTEP3*** | Description of interface |
(config-if)#ip address ip address 10.10.24.2/31 | Configure ip address on network side of VTEP3 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#interface xe39 | Enter Interface mode |
(config-if)# description ***Connected to BorderVTEP1*** | Description of interface |
(config-if)#ip address ip address 10.10.14.2/31 | Configure ip address on network side of BorderVTEP1 |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
OSPF configuration:
(config)#router ospf 100 | Enter into router OSPF mode |
(config-router)#ospf router-id 62.62.62.62 | Configure router-id as lo ip address |
(config-router)#network 62.62.62.62/32 area 0.0.0.0 | Add lo ip address network into area 0 |
(config-router)#network 10.10.10.0/24 area 0.0.0.0 | Add VTEP1 network into area 0 |
(config-router)#network 10.10.12.0/24 area 0.0.0.0 | Add VTEP2 network into area 0 |
(config-router)#network 10.10.14.0/24 area 0.0.0.0 | Add VTEP4 network into area 0 |
(config-router)#bfd all-interfaces | Enabling bfd on all ospf interface for fast convergence |
(config-if)#exit | Exit Interface mode and return to Configure mode. |
(config)#commit | Commit the candidate configuration to running configuration |
Validations
Firewall
=========
Firewall#show ip bgp summary
BGP router identifier 10.10.19.2, local AS number 64603
BGP table version is 3
2 BGP AS-PATH entries
0 BGP community entries
8 Configured ebgp ECMP multipath: Currently set at 8
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Dow
n State/PfxRcd
10.10.18.1 4 500 46 58 3 0 0 00:17:36
3
Total number of neighbors 1
Total number of Established sessions 1
Firewall#show ip roy
Firewall#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 10.10.18.0/24 is directly connected, vlan1.1067, 00:19:40
C 10.10.20.0/24 is directly connected, ce1/1, 00:00:13
B 10.12.32.0/24 [20/0] via 10.10.18.1, vlan1.1067, 00:17:43
B 10.240.38.0/24 [20/0] via 10.10.18.1, vlan1.1067, 00:17:43
C 127.0.0.0/8 is directly connected, lo, 00:52:18
IP Route Table for VRF "management"
C 10.12.85.0/24 is directly connected, eth0, 00:52:07
C 127.0.0.0/8 is directly connected, lo.management, 00:52:18
Gateway of last resort is not set
FW#
BorderVTEP1
===========
BorderVTEP1#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
_______________________________________________________________________________________________________________________________
1067 ---- -- AC ce50 --- Single Homed Port --- 1067 ---- ---- ----
10402 ---- L3 NW ---- ---- ---- ---- 66.66.66.66 60.60.60.60
10402 ---- L3 NW ---- ---- ---- ---- 66.66.66.66 76.76.76.76
10502 ---- L3 NW ---- ---- ---- ---- 66.66.66.66 51.51.51.51
Total number of entries are 4
BorderVTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
66.66.66.66 51.51.51.51 Installed 00:22:36 00:22:36
66.66.66.66 60.60.60.60 Installed 00:22:36 00:22:36
66.66.66.66 76.76.76.76 Installed 00:22:36 00:22:36
Total number of entries are 3
BorderVTEP1#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
O 10.10.10.0/31 [110/2] via 10.10.14.0, xe39, 00:22:44
O 10.10.12.0/31 [110/2] via 10.10.14.0, xe39, 00:22:44
C 10.10.14.0/31 is directly connected, xe39, 00:23:29
O 10.10.24.0/31 [110/2] via 10.10.14.0, xe39, 00:22:44
O 51.51.51.51/32 [110/3] via 10.10.14.0, xe39, 00:22:44
O 60.60.60.60/32 [110/3] via 10.10.14.0, xe39, 00:22:44
C 66.66.66.66/32 is directly connected, lo, 00:23:32
O 76.76.76.76/32 [110/3] via 10.10.14.0, xe39, 00:22:44
C 127.0.0.0/8 is directly connected, lo, 00:24:12
IP Route Table for VRF "management"
C 10.12.86.0/24 is directly connected, eth0, 00:23:38
C 127.0.0.0/8 is directly connected, lo.management, 00:24:12
IP Route Table for VRF "gvrf"
Gateway of last resort is 10.10.18.2 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 10.10.18.2, irb1067, 00:21:31
C 10.10.18.0/24 is directly connected, irb1067, 00:23:30
B 10.10.20.0/24 [20/0] via 10.10.18.2, irb1067, 00:04:01
B v 10.12.32.0/24 [200/0] via 51.51.51.51 (recursive is directly connected, tunvxlan3), 00:22:39
B v 10.240.38.0/24 [200/0] via 60.60.60.60 (recursive is directly connected, tunvxlan4), 00:22:40
C 127.0.0.0/8 is directly connected, lo.gvrf, 00:23:36
IP Route Table for VRF "SMS"
Gateway of last resort is 10.10.18.2 to network 0.0.0.0
B* v 0.0.0.0/0 [20/0] via 10.10.18.2, irb1067, 00:21:31
B v 10.10.18.0/24 [20/0] is directly connected, irb1067, 00:23:30
B v 10.10.20.0/24 [20/0] via 10.10.18.2, irb1067, 00:04:01
B 10.240.38.0/24 [200/0] via 60.60.60.60 (recursive is directly connected, tunvxlan4), 00:22:40
B 60.60.60.60/32 [0/0] is directly connected, tunvxlan4, 00:22:39
B 76.76.76.76/32 [0/0] is directly connected, tunvxlan4, 00:22:39
C 127.0.0.0/8 is directly connected, lo.SMS, 00:23:35
IP Route Table for VRF "FAX"
Gateway of last resort is 10.10.18.2 to network 0.0.0.0
B* v 0.0.0.0/0 [20/0] via 10.10.18.2, irb1067, 00:21:31
B v 10.10.18.0/24 [20/0] is directly connected, irb1067, 00:23:30
B v 10.10.20.0/24 [20/0] via 10.10.18.2, irb1067, 00:04:01
B 10.12.32.0/24 [200/0] via 51.51.51.51 (recursive is directly connected, tunvxlan3), 00:22:39
B 51.51.51.51/32 [0/0] is directly connected, tunvxlan3, 00:22:39
C 127.0.0.0/8 is directly connected, lo.FAX, 00:23:35
IP Route Table for VRF "SMM"
C 127.0.0.0/8 is directly connected, lo.SMM, 00:23:35
Gateway of last resort is not set
BorderVTEP1# show bgp l2vpn evpn summary
BGP router identifier 66.66.66.66, local AS number 500
BGP table version is 6
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
51.51.51.51 4 500 62 71 6 0 0 00:22:50 7 0 5 1 0 1
60.60.60.60 4 500 65 71 6 0 0 00:22:50 8 2 3 1 1 1
76.76.76.76 4 500 65 70 6 0 0 00:22:50 9 2 4 1 1 1
Total number of neighbors 3
Total number of Established sessions 3
BorderVTEP1# show bgp l2vpn evpn
BGP table version is 6, local router ID is 66.66.66.66
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]
1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route
Network Next Hop Metric LocPrf Weight Path Peer Encap
RD[2.2.4.4:4] VRF[RED]:
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [2]:[0]:[1050]:[48,0000:0e8d:561a]:[0]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
* i [2]:[0]:[1050]:[48,0000:0e8d:561a]:[32,10.12.32.11]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
* i [2]:[0]:[1050]:[48,0000:3333:1050]:[32,10.12.32.10]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
* i [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[32,10.12.32.1]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
* i [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[128,2401::1]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
* i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*> [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 32768 i ---------- VXLAN
* i [3]:[1050]:[32,51.51.51.51]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
* i [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*> [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 32768 i ---------- VXLAN
RD[2.3.4.5:1]
*>i [2]:[0]:[1050]:[48,0000:0e8d:561a]:[0]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
*>i [2]:[0]:[1050]:[48,0000:0e8d:561a]:[32,10.12.32.11]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
*>i [2]:[0]:[1050]:[48,0000:3333:1050]:[32,10.12.32.10]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
*>i [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[32,10.12.32.1]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
*>i [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[128,2401::1]:[1050]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
*>i [3]:[1050]:[32,51.51.51.51]
51.51.51.51 0 100 0 i 51.51.51.51 VXLAN
RD[2.3.4.5:2]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
RD[2.3.4.6:2]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
RD[51.51.51.51:1050]
*>i [5]:[0]:[10502]:[24]:[10.12.32.0]:[0.0.0.0]:[10502]
51.51.51.51 0 100 0 ? 51.51.51.51 VXLAN
RD[60.60.60.60:1]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
RD[60.60.60.60:1040]
*>i [5]:[0]:[10402]:[24]:[10.240.38.0]:[0.0.0.0]:[10402]
60.60.60.60 0 100 0 ? 60.60.60.60 VXLAN
RD[76.76.76.76:1]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
RD[76.76.76.76:1040]
*>i [5]:[0]:[10402]:[24]:[10.240.38.0]:[0.0.0.0]:[10402]
76.76.76.76 0 100 0 ? 76.76.76.76 VXLAN
Total number of prefixes 41
BorderVTEP1#
BorderVTEP1#show bgp l2vpn evpn prefix-route
RD[51.51.51.51:1050]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 10502 24 10.12.32.0 0.0.0.0 10502 51.51.51.51 VXLAN 3c2c:99d6:167a
RD[60.60.60.60:1040]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 10402 24 10.240.38.0 0.0.0.0 10402 60.60.60.60 VXLAN 3c2c:99d1:117a
RD[76.76.76.76:1040]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 10402 24 10.240.38.0 0.0.0.0 10402 76.76.76.76 VXLAN 3c2c:99de:1e7a
VTEP3
======
VTEP3#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
_______________________________________________________________________________________________________________________________
1060 ---- L2 NW ---- ---- ---- ---- 76.76.76.76 60.60.60.60
1060 ---- -- AC po1000 00:00:00:44:44:55:55:00:00:00 1060 NON-DF ---- ----
10402 ---- L3 NW ---- ---- ---- ---- 76.76.76.76 66.66.66.66
Total number of entries are 3
VTEP3#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
76.76.76.76 66.66.66.66 Installed 00:24:35 00:24:35
76.76.76.76 60.60.60.60 Installed 00:54:40 00:54:40
Total number of entries are 2
VTEP3#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
O 10.10.10.0/31 [110/2] via 10.10.24.1, xe27, 00:54:56
O 10.10.12.0/31 [110/2] via 10.10.24.1, xe27, 00:54:56
O 10.10.14.0/31 [110/2] via 10.10.24.1, xe27, 00:25:31
C 10.10.24.0/31 is directly connected, xe27, 00:55:37
O 51.51.51.51/32 [110/3] via 10.10.24.1, xe27, 00:54:47
O 60.60.60.60/32 [110/3] via 10.10.24.1, xe27, 00:54:45
O 66.66.66.66/32 [110/3] via 10.10.24.1, xe27, 00:24:46
C 76.76.76.76/32 is directly connected, lo, 00:55:38
C 127.0.0.0/8 is directly connected, lo, 00:55:39
IP Route Table for VRF "management"
C 10.12.20.0/24 is directly connected, eth0, 00:55:10
C 127.0.0.0/8 is directly connected, lo.management, 00:55:39
IP Route Table for VRF "SMS"
Gateway of last resort is 66.66.66.66 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:23:33
B 10.10.18.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:24:41
B 10.10.20.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:06:03
C 10.240.38.0/24 is directly connected, irb1060, 00:55:38
B 66.66.66.66/32 [0/0] is directly connected, tunvxlan2, 00:24:41
C 127.0.0.0/8 is directly connected, lo.SMS, 00:55:39
VTEP3# show bgp l2vpn evpn summary
BGP router identifier 76.76.76.76, local AS number 500
BGP table version is 8
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
60.60.60.60 4 500 144 140 7 0 0 00:54:55 8 2 3 1 1 1
66.66.66.66 4 500 127 125 7 0 0 00:24:51 12 0 2 1 0 9
Total number of neighbors 2
Total number of Established sessions 2
VTEP3# show bgp l2vpn evpn
BGP table version is 8, local router ID is 76.76.76.76
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]
1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route
Network Next Hop Metric LocPrf Weight Path Peer Encap
RD[2.2.4.4:4]
*>i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
*>i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
*>i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
RD[2.3.4.5:2]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
RD[2.3.4.6:2] VRF[RED]:
*> [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 32768 i ---------- VXLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*> [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 32768 i ---------- VXLAN
*> [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 32768 i ---------- VXLAN
* i 60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*> 76.76.76.76 0 100 32768 i ---------- VXLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*> 76.76.76.76 0 100 32768 i ---------- VXLAN
* i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
* i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
* i [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*> [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 32768 i ---------- VXLAN
* i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
RD[4.5.6.8:6]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
RD[60.60.60.60:1]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*>i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
RD[60.60.60.60:1040]
*>i [5]:[0]:[10402]:[24]:[10.240.38.0]:[0.0.0.0]:[10402]
60.60.60.60 0 100 0 ? 60.60.60.60 VXLAN
RD[66.66.66.66:1050]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
RD[66.66.66.66:1060]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
RD[76.76.76.76:1] VRF[evpn-gvrf-1]:
*> [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 32768 i ---------- VXLAN
* i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,60.60.60.60]
60.60.60.60 0 100 0 i 60.60.60.60 VXLAN
*> [4]:[00:00:00:44:44:55:55:00:00:00]:[32,76.76.76.76]
76.76.76.76 0 100 32768 i ---------- VXLAN
Total number of prefixes 34
VTEP3#
VTEP3#show bgp l2vpn evpn prefix-route
RD[4.5.6.8:6]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
RD[60.60.60.60:1040]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 10402 24 10.240.38.0 0.0.0.0 10402 60.60.60.60 VXLAN 3c2c:99d1:117a
RD[66.66.66.66:1050]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
RD[66.66.66.66:1060]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
VTEP2
======
VTEP2#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
_______________________________________________________________________________________________________________________________
1060 ---- L2 NW ---- ---- ---- ---- 60.60.60.60 76.76.76.76
1060 ---- -- AC po1000 00:00:00:44:44:55:55:00:00:00 1060 DF ---- ----
10402 ---- L3 NW ---- ---- ---- ---- 60.60.60.60 66.66.66.66
Total number of entries are 3
VTEP2#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
60.60.60.60 66.66.66.66 Installed 00:26:50 00:26:50
60.60.60.60 76.76.76.76 Installed 00:56:51 00:56:51
Total number of entries are 2
VTEP2#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
O 10.10.10.0/31 [110/2] via 10.10.12.0, xe25, 00:57:13
C 10.10.12.0/31 is directly connected, xe25, 00:57:57
O 10.10.14.0/31 [110/2] via 10.10.12.0, xe25, 00:27:47
O 10.10.16.0/31 [110/2] via 10.10.12.0, xe25, 00:57:13
O 10.10.24.0/31 [110/2] via 10.10.12.0, xe25, 00:57:13
O 51.51.51.51/32 [110/3] via 10.10.12.0, xe25, 00:57:03
C 60.60.60.60/32 is directly connected, lo, 00:57:59
O 66.66.66.66/32 [110/3] via 10.10.12.0, xe25, 00:27:02
O 76.76.76.76/32 [110/3] via 10.10.12.0, xe25, 00:57:13
C 127.0.0.0/8 is directly connected, lo, 00:58:00
IP Route Table for VRF "management"
C 10.12.20.0/24 is directly connected, eth0, 00:57:29
C 127.0.0.0/8 is directly connected, lo.management, 00:58:00
IP Route Table for VRF "SMS"
Gateway of last resort is 66.66.66.66 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:25:49
B 10.10.18.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:26:58
B 10.10.20.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:08:19
C 10.240.38.0/24 is directly connected, irb1060, 00:57:58
B 66.66.66.66/32 [0/0] is directly connected, tunvxlan2, 00:26:58
C 127.0.0.0/8 is directly connected, lo.SMS, 00:58:00
VTEP2#show bgp l2vpn evpn sum
BGP router identifier 60.60.60.60, local AS number 500
BGP table version is 12
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
66.66.66.66 4 500 135 133 11 0 0 00:27:29 12 0 2 1 0 9
76.76.76.76 4 500 146 150 11 0 0 00:57:30 9 2 4 1 1 1
Total number of neighbors 2
Total number of Established sessions 2
VTEP2#show bgp l2vpn evpn
BGP table version is 12, local router ID is 60.60.60.60
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]
1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route
Network Next Hop Metric LocPrf Weight Path Peer Encap
RD[2.2.4.4:4]
*>i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
*>i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
*>i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
RD[2.3.4.5:2] VRF[RED]:
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*> 60.60.60.60 0 100 32768 i ---------- VXLAN
* i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*> 60.60.60.60 0 100 32768 i ---------- VXLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*> 60.60.60.60 0 100 32768 i ---------- VXLAN
* i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*> 60.60.60.60 0 100 32768 i ---------- VXLAN
* i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
* i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
*> [3]:[1060]:[32,60.60.60.60]
60.60.60.60 0 100 32768 i ---------- VXLAN
* i [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
* i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
RD[2.3.4.6:2]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:0e8d:5619]:[0]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [2]:[00:00:00:44:44:55:55:00:00:00]:[1060]:[48,0000:2222:1060]:[32,10.240.38.10]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[32,10.240.38.1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [2]:[0]:[1060]:[48,0000:2222:3333]:[128,1601::1]:[1060]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [3]:[1060]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
RD[4.5.6.8:6]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
RD[60.60.60.60:1] VRF[evpn-gvrf-1]:
*> [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
60.60.60.60 0 100 32768 i ---------- VXLAN
*> [4]:[00:00:00:44:44:55:55:00:00:00]:[32,60.60.60.60]
60.60.60.60 0 100 32768 i ---------- VXLAN
* i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
RD[66.66.66.66:1050]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
RD[66.66.66.66:1060]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
RD[76.76.76.76:1]
*>i [1]:[00:00:00:44:44:55:55:00:00:00]:[4294967295]:[0]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
*>i [4]:[00:00:00:44:44:55:55:00:00:00]:[32,76.76.76.76]
76.76.76.76 0 100 0 i 76.76.76.76 VXLAN
RD[76.76.76.76:1040]
*>i [5]:[0]:[10402]:[24]:[10.240.38.0]:[0.0.0.0]:[10402]
76.76.76.76 0 100 0 ? 76.76.76.76 VXLAN
Total number of prefixes 35
VTEP2#
VTEP22#show bgp l2vpn evpn prefix-route
RD[4.5.6.8:6]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
RD[66.66.66.66:1050]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
RD[66.66.66.66:1060]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
RD[76.76.76.76:1040]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 10402 24 10.240.38.0 0.0.0.0 10402 76.76.76.76 VXLAN 3c2c:99de:1e7a
VTEP2#
VTEP1
======
VTEP1#show nvo vxlan
VXLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
_______________________________________________________________________________________________________________________________
1050 ---- -- AC ce50 --- Single Homed Port --- 1050 ---- ---- ----
10502 ---- L3 NW ---- ---- ---- ---- 51.51.51.51 66.66.66.66
Total number of entries are 2
VTEP1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
============================================================================
51.51.51.51 66.66.66.66 Installed 00:28:13 00:28:13
Total number of entries are 1
VTEP1#show ip route vrf all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 10.10.10.0/31 is directly connected, xe40, 00:59:46
O 10.10.12.0/31 [110/2] via 10.10.10.0, xe40, 00:59:01
O 10.10.14.0/31 [110/2] via 10.10.10.0, xe40, 00:29:45
O 10.10.24.0/31 [110/2] via 10.10.10.0, xe40, 00:59:01
C 51.51.51.51/32 is directly connected, lo, 00:59:47
O 60.60.60.60/32 [110/3] via 10.10.10.0, xe40, 00:59:01
O 66.66.66.66/32 [110/3] via 10.10.10.0, xe40, 00:29:00
O 76.76.76.76/32 [110/3] via 10.10.10.0, xe40, 00:59:01
C 127.0.0.0/8 is directly connected, lo, 00:59:49
IP Route Table for VRF "management"
C 10.12.20.0/24 is directly connected, eth0, 00:59:22
C 127.0.0.0/8 is directly connected, lo.management, 00:59:49
IP Route Table for VRF "FAX"
Gateway of last resort is 66.66.66.66 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:27:47
B 10.10.18.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:28:55
B 10.10.20.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:10:17
C 10.12.32.0/24 is directly connected, irb1050, 00:59:47
B 66.66.66.66/32 [0/0] is directly connected, tunvxlan2, 00:28:55
C 127.0.0.0/8 is directly connected, lo.FAX, 00:59:48
VTEP1# show bgp l2vpn evpn summary
BGP router identifier 51.51.51.51, local AS number 500
BGP table version is 9
2 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
66.66.66.66 4 500 138 132 8 0 0 00:29:07 12 0 2 1 0 9
Total number of neighbors 1
Total number of Established sessions 1
VTEP1# show bgp l2vpn evpn
BGP table version is 9, local router ID is 51.51.51.51
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]
1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route
Network Next Hop Metric LocPrf Weight Path Peer Encap
RD[2.2.4.4:4]
*>i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
*>i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
*>i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
RD[2.3.4.5:1] VRF[RED]:
*> [2]:[0]:[1050]:[48,0000:0e8d:561a]:[0]:[1050]
51.51.51.51 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[1050]:[48,0000:0e8d:561a]:[32,10.12.32.11]:[1050]
51.51.51.51 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[1050]:[48,0000:3333:1050]:[32,10.12.32.10]:[1050]
51.51.51.51 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[32,10.12.32.1]:[1050]
51.51.51.51 0 100 32768 i ---------- VXLAN
*> [2]:[0]:[1050]:[48,3c2c:99d6:167a]:[128,2401::1]:[1050]
51.51.51.51 0 100 32768 i ---------- VXLAN
* i [2]:[0]:[1067]:[48,3c2c:991c:dc7a]:[32,10.10.18.1]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
* i [2]:[0]:[1067]:[48,a82b:b5cf:f806]:[32,10.10.18.2]:[1067]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
*> [3]:[1050]:[32,51.51.51.51]
51.51.51.51 0 100 32768 i ---------- VXLAN
* i [3]:[1067]:[32,66.66.66.66]
66.66.66.66 0 100 0 i 66.66.66.66 VXLAN
RD[4.5.6.8:6]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
RD[66.66.66.66:1050]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
RD[66.66.66.66:1060]
*>i [5]:[0]:[500]:[0]:[0.0.0.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.18.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 ? 66.66.66.66 VXLAN
*>i [5]:[0]:[500]:[24]:[10.10.20.0]:[0.0.0.0]:[500]
66.66.66.66 0 100 0 64603 i 66.66.66.66 VXLAN
Total number of prefixes 21
VTEP1#
VTEP1#show ip route vrf FAX
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "FAX"
Gateway of last resort is 66.66.66.66 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:29:26
B 10.10.18.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:30:34
B 10.10.20.0/24 [200/0] via 66.66.66.66 (recursive is directly connected, tunvxlan2), 00:11:56
C 10.12.32.0/24 is directly connected, irb1050, 01:01:26
B 66.66.66.66/32 [0/0] is directly connected, tunvxlan2, 00:30:34
C 127.0.0.0/8 is directly connected, lo.FAX, 01:01:27
VTEP1#show bgp l2vpn evpn prefix-route
RD[4.5.6.8:6]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
RD[66.66.66.66:1050]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
RD[66.66.66.66:1060]
ESI Eth-Tag Prefix-Length IP-Address GW-IPAddress L3VNID Nexthop Encap Router-Mac
0 500 0 0.0.0.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.18.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
0 500 24 10.10.20.0 0.0.0.0 500 66.66.66.66 VXLAN 3c2c:991c:dc7a
Ping to 10.10.20.1 network which is advertised by Firewall from VTEP1 FAX vrf
VTEP1# ping 10.10.20.1 vrf FAX
Press CTRL+C to exit
PING 10.10.20.1 (10.10.20.1) 56(84) bytes of data.
64 bytes from 10.10.20.1: icmp_seq=1 ttl=63 time=0.446 ms
64 bytes from 10.10.20.1: icmp_seq=2 ttl=63 time=0.413 ms
64 bytes from 10.10.20.1: icmp_seq=3 ttl=63 time=0.373 ms
--- 10.10.20.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 73ms
rtt min/avg/max/mdev = 0.373/0.410/0.446/0.037 ms
VTEP1#
Last modified date: 08/29/2023