Topology
The procedures in this section use the topology in Figure 3-4.
Figure 3-4: VXLAN EVPN
VTEP1
Enable NVO access-if mode on a physical interface
#configure terminal | Enter configure mode |
(config)#interface xe1 | Enter interface mode |
(config-if)#switchport | Configure the interface as a switch port. |
(config-if)#no shutdown | Bring the interface into operation |
(config-if)#exit | Exit interface mode |
(config)#interface xe2 | Enter interface mode |
(config-if)#switchport | Configure the interface as switch port. |
(config-if)#no shutdown | Bring the interface into operation. |
(config-if)#exit | Exit interface mode. |
(config)#interface xe22 | Enter interface mode. |
(config-if)#ip address 10.1.1.1/24 | Set an IP address on the interface. |
(config-if)#no shutdown | Bring the interface into operation. |
(config-if)#exit | Exit interface mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 1.1.1.1/32 secondary | Set an IP address on the interface. |
(config-if)#no shutdown | Bring the interface into operation. |
(config-if)#exit | Exit interface mode. |
(config)#router isis ABC | Create an IS-IS routing instance (ABC). |
(config-router)#is-type level-1 | Configure instance as level-1-only routing. |
(config-router)#net 49.0001.1111.1111.1111.00 | Set a Network Entity Title for this instance, specifying the area address and the system ID. |
(config-router)#exit | Exit router mode. |
(config)#interface xe22 | Enter interface mode |
(config-if)#ip router isis ABC | Enable IS-IS routing on an interface (ABC). |
(config-if)#isis circuit-type level-1 | Configure instance as level-1-only routing. |
(config-if)#exit | Exit interface mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip router isis ABC | Enable IS-IS routing on an interface for area 49 (ABC). |
(config-if)#isis circuit-type level-1 | Configure instance as level-1-only routing. |
(config-if)#exit | Exit interface mode. |
(config)#mac vrf vrf_evpn_100 | Configure a new VRF named vrf_evpn_100. |
(config-vrf)#rd 1.1.1.1:1 | Assign the Route Distinguisher value. |
(config-vrf)#route-target both 100:1 | Configure route target to import and export the routes. |
(config-vrf)#exit | Exit VRF mode. |
(config)#router bgp 1 | Define the routing process. The number 1 specifies the AS number of VTEP1. |
(config-router)#bgp router-id 1.1.1.1 | Configure router-id for this BGP process. |
(config-router)#neighbor 2.2.2.2 remote-as 1 | Define BGP neighbor: 2.2.2.2 is the IP address of the neighbor (VTEP2), and 1 is the neighbor’s AS number. |
(config-router)# neighbor 2.2.2.2 update-source 1.1.1.1 | Define BGP neighbor: 1.1.1.1 is the peer interface. |
(config-router)#address-family l2vpn evpn | Configure address-family L2VPN EVPN. |
(config-router-af)#neighbor 2.2.2.2 activate | Activate the neighbor in the EVPN address family. |
(config-router-af)#exit-address-family | Exit the address-family mode. |
(config-router)#exit | Exit router mode. |
(config)#hardware-profile filter vxlan enable | Enable hardware-profile filter for VXLAN. |
(config)#nvo vxlan enable | Enable VXLAN globally on this VTEP. |
(config)#nvo vxlan vtep-ip-global 1.1.1.1 | Assign a global IP to the VTEP. |
(config)#nvo vxlan id 100 ingress-replication | Configure a VNID on this VTEP and enter NVO mode. |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp vrf_evpn_100 | Configure host-reachability-protocol as BGP-EVPN and associate the VNID with vrf_evpn_100. |
(config-nvo)#exit | Exit NVO mode. |
(config)#nvo vxlan access-if port-vlan xe1 2 | Configure access-port xe1 and map vlan 2 |
(config-nvo-acc-if)#map vnid 100 | Map VNID 100 to access-port xe1. |
(config-nvo-acc-if)#exit | Exit NVO access-if mode. |
(config)#nvo vxlan id 200 ingress-replication | Configure second VNID on this VTEP and enter NVO mode. |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp vrf_evpn_100 | Configure host-reachability-protocol as BGP-EVPN and associate the VNID with vrf_evpn_100 |
(config-nvo)#exit | Exit NVO mode. |
(config)#nvo vxlan access-if port-vlan xe2 3 | Configure access-port xe2 and map vlan 3 |
(config-nvo-acc-if)#map vnid 200 | Map VNID 200 to access-port xe2. |
(config-nvo-acc-if)#exit | Exit NVO access-if mode. |
(config)#commit | Commit the configurations |
Activate access-if-evpn mode on an L2 sub-interface
(config)#interface xe1.1 switchport | Create L2 subinterface xe1.1 |
(config-if)#encapsulation dot1q 2 | Configure encapsulation dot1q with vlan-id 2 |
(config-if)#access-if-evpn | Enter access-if-evpn mode |
(config-acc-if-evpn)#map vpn-id 100 | Map vnid 100 to access interface xe1.1 |
(config-acc-if-evpn)#exit | Exit access-if-evpn mode |
(config)#interface xe2.1 switchport | Create L2 subinterface xe2.1 |
(config-if)#encapsulation dot1q 3 | Configure encapsulation dot1q with vlan-id 3 |
(config-if)#access-if-evpn | Enter access-if-evpn mode |
(config-acc-if-evpn)#map vpn-id 200 | Map vnid 200 to access interface xe2.1 |
(config-acc-if-evpn)#exit | Exit access-if-evpn mode |
(config-if)#commit | Commit the configurations |
Spine-1
#configure terminal | Enter configure mode. |
(config)#interface xe22 | Enter interface mode. |
(config-if)#ip address 10.1.1.2/24 | Set an IP address on the interface. |
(config-if)#no shutdown | Bring the interface into operation |
(config-if)#exit | Exit interface mode. |
(config)#interface xe11 | Enter interface mode. |
(config-if)#ip address 20.1.1.2/24 | Set an IP address on the interface. |
(config-if)#no shutdown | Bring the interface into operation |
(config-if)#exit | Exit interface mode. |
(config)#router isis ABC | Create an IS-IS routing instance (ABC). |
(config-router)#is-type level-1 | Configure instance as level-1-only routing. |
(config-router)#net 49.0001.3333.3333.3333.00 | Set a Network Entity Title for this instance, specifying the area address and the system ID. |
(config-router)#exit | Exit router mode. |
(config)#interface xe22 | Enter interface mode. |
(config-if)#ip router isis ABC | Enable IS-IS routing on an interface (ABC). |
(config-if)#isis circuit-type level-1 | Configure instance as level-1-only routing. |
(config-if)#exit | Exit interface mode. |
(config)#interface xe11 | Enter interface mode. |
(config-if)#ip router isis ABC | Enable IS-IS routing on an interface (ABC). |
(config-if)#isis circuit-type level-1 | Configure instance as level-1-only routing. |
(config-if)#exit | Exit interface mode. |
(config)#commit | Commit the configurations |
VTEP2
Enable NVO access-if mode on a physical interface
#configure terminal | Enter configure mode. |
(config)#interface xe1 | Enter interface mode. |
(config-if)#switchport | Configure the interface as switchport. |
(config-if)#no shutdown | Bring the interface into operation |
(config-if)#exit | Exit interface mode. |
(config)#interface xe2 | Enter interface mode. |
(config-if)#switchport | Configure the interface as switchport. |
(config-if)#no shutdown | Bring the interface into operation |
(config-if)#exit | Exit interface mode. |
(config)#interface xe11 | Enter interface mode. |
(config-if)#ip address 20.1.1.1/24 | Set an IP address on the interface. |
(config-if)#no shutdown | Bring the interface into operation |
(config-if)#exit | Exit interface mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 2.2.2.2/32 secondary | Set an IP address on the interface. |
(config-if)#no shutdown | Bring the interface into operation |
(config-if)#exit | Exit interface mode. |
(config)#router isis ABC | Create an IS-IS routing instance (ABC). |
(config-router)#is-type level-1 | Configure instance as level-1-only routing. |
(config-router)#net 49.0001.2222.2222.2222.00 | Set a Network Entity Title for this instance, specifying the area address and the system ID. |
(config-router)#exit | Exit router mode. |
(config)#interface xe11 | Enter interface mode. |
(config-if)#ip router isis ABC | Enable IS-IS routing on an interface (ABC). |
(config-if)#isis circuit-type level-1 | Configure instance as level-1-only routing. |
(config-if)#exit | Exit interface mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip router isis ABC | Enable IS-IS routing on an interface for area 49 (ABC). |
(config-if)#isis circuit-type level-1 | Configure instance as level-1-only routing. |
(config-if)#exit | Exit interface mode. |
(config)#mac vrf vrf_evpn_100 | Configure a new VRF named vrf_evpn_100. |
(config-vrf)#rd 2.2.2.1:1 | Assign the Route Distinguisher value. |
(config-vrf)#route-target both 100:1 | Configure route target to import and export the routes. |
(config-vrf)#exit | Exit VRF mode. |
(config)#router bgp 1 | Define the routing process. The number 1 specifies the AS number of VTEP1. |
(config-router)#neighbor 1.1.1.1 remote-as 1 | Define BGP neighbor: 1.1.1.1 is the IP address of the neighbor (VTEP1), and 1 is the neighbor’s AS number. |
(config-router)# neighbor 1.1.1.1 update-source 2.2.2.2 | Define BGP neighbor: 2.2.2.2 is the peer interface. |
(config-router)#address-family l2vpn evpn | Configure address-family L2VPN EVPN. |
(config-router-af)#neighbor 1.1.1.1 activate | Activate the neighbor in the EVPN address family. |
(config-router-af)#exit-address-family | Exit address-family mode. |
(config-router)#exit | Exit router mode. |
(config)#hardware-profile filter vxlan enable | Enable hardware-profile filter for VXLAN. |
(config)#nvo vxlan enable | Enable VXLAN globally on this VTEP. |
(config)#nvo vxlan vtep-ip-global 2.2.2.2 | Assign a global IP to the VTEP. |
(config)#nvo vxlan id 100 ingress-replication | Configure a VNID on this VTEP and enter NVO mode. |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp vrf_evpn_100 | Configure host-reachability-protocol as BGP-EVPN and associate the VNID with vrf_evpn_100. |
(config-nvo)#exit | Exit NVO mode. |
(config)#nvo vxlan access-if port-vlan xe1 2 | Configure access-port xe1 and map vlan 2 |
(config-nvo-acc-if)#map vnid 100 | Map VNID 100 to access-port xe1. |
(config-nvo-acc-if)#exit | Exit NVO access-if mode. |
(config)#nvo vxlan id 200 ingress-replication | Configure second VNID on this VTEP and enter NVO mode. |
(config-nvo)#vxlan host-reachability-protocol evpn-bgp vrf_evpn_100 | Configure host-reachability-protocol as BGP-EVPN and associate the VNID with vrf_evpn_100 |
(config-nvo)#exit | Exit NVO mode. |
(config)#nvo vxlan access-if port-vlan xe2 3 | Configure access-port xe2 and map vlan 3 |
(config-nvo-acc-if)#map vnid 200 | Map VNID 200 to access-port xe2. |
(config-nvo-acc-if)#exit | Exit NVO access-if mode. |
(config)#commit | Commit the configurations |
Activate access-if-evpn mode on an L2 sub-interface
(config)#interface xe1.1 switchport | Create L2 subinterface xe1.1 |
(config-if)#encapsulation dot1q 2 | Configure encapsulation dot1q with vlan-id 2 |
(config-if)#access-if-evpn | Enter access-if-evpn mode |
(config-acc-if-evpn)#map vpn-id 100 | Map vnid 100 to access interface xe1.1 |
(config-acc-if-evpn)#exit | Exit access-if-evpn mode |
(config)#interface xe2.1 switchport | Create L2 subinterface xe2.1 |
(config-if)#encapsulation dot1q 3 | Configure encapsulation dot1q with vlan-id 3 |
(config-if)#access-if-evpn | Enter access-if-evpn mode |
(config-acc-if-evpn)#map vpn-id 200 | Map vnid 200 to access interface xe2.1 |
(config-acc-if-evpn)#exit | Exit access-if-evpn mode |
(config-if)#commit | Commit the configurations |
Validation
CE1 and CE2 have hosts configured with MAC addresses, IP addresses, and VLAN identifiers as shown below.
VLAN | IP Address | Mac Address | ||
|---|---|---|---|---|
VTEP1 | CE-1 | 2 | 12.12.12.10 | 0000.0000.abab |
VTEP2 | CE-2 | 2 | 12.12.12.20 | 0000.0000.cdcd |
VTEP1 | CE-1 | 3 | 13.13.13.10 | 0000:0b60:25f2 |
VTEP2 | CE-2 | 3 | 13.13.13.20 | 0000:0b60:25f3 |
Perform a tagged ping of VLAN 2 from CE1 to CE2 and vice-versa. Also perform a tagged ping of VLAN 3 from CE1 to CE2 and vice-versa.
VTEP Tunnel Status
VTEP-1#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
================================================================================
1.1.1.1 2.2.2.2 Installed 00:05:53 00:05:53
Total number of entries are 1
VTEP-2#show nvo vxlan tunnel
VXLAN Network tunnel Entries
Source Destination Status Up/Down Update
================================================================================
2.2.2.2 1.1.1.1 Installed 00:05:46 00:05:46
Total number of entries are 1
VTEP ARP Cache
VTEP-1#sh nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
ARP Timeout : 300 sec Random-Jitter-Max : 640
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
200 13.13.13.10 0000.0b60.25f2 Dynamic Local 246 2
200 13.13.13.20 0000.0b60.25f3 Dynamic Remote ------
100 12.12.12.20 0000.0000.cdcd Dynamic Remote ------
100 12.12.12.10 0000.0000.abab Dynamic Local 246 2
Total number of entries are 4
VTEP-2#sh nvo vxlan arp-cache
VXLAN ARP-CACHE Information
===========================
ARP Timeout : 300 sec Random-Jitter-Max : 640
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
200 13.13.13.10 0000.0b60.25f2 Dynamic Remote -------
200 13.13.13.20 0000.0b60.25f3 Dynamic Local 257 2
100 12.12.12.10 0000.0000.abab Dynamic Remote -------
100 12.12.12.20 0000.0000.cdcd Dynamic Local 257 2
Total number of entries are 4
VTEP MAC Tables
VTEP-1#show nvo vxlan mac-table
================================================================================
VXLAN MAC Entries
================================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI Type Status AccessPortDesc
________________________________________________________________________________
100 ---- ---- ---- 0000.0000.cdcd 2.2.2.2 Dynamic Remote ------- -------
100 xe1 2 ---- 0000.0000.abab 1.1.1.1 Dynamic Local ------- -------
200 xe2 3 ---- 0000.0b60.25f2 1.1.1.1 Dynamic Local ------- -------
200 ---- ---- ---- 0000.0b60.25f3 2.2.2.2 Dynamic Remote ------- -------
Total number of entries are : 4
VTEP-2#show nvo vxlan mac-table
================================================================================
VXLAN MAC Entries
================================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI Type Status AccessPortDesc
________________________________________________________________________________
100 xe1 2 ---- 0000.0000.cdcd 2.2.2.2 Dynamic Local ------- -------
100 ---- ---- ---- 0000.0000.abab 1.1.1.1 Dynamic Remote ------- -------
200 ---- ---- ---- 0000.0b60.25f2 1.1.1.1 Dynamic Remote ------- -------
200 xe2 3 ---- 0000.0b60.25f3 2.2.2.2 Dynamic Local ------- -------
Total number of entries are : 4
VTEP MAC-IP BGP EVPN Entries
VTEP-1#show bgp l2vpn evpn mac-ip
RD[1.1.1.1:1] VRF[vrf_evpn_100]:
ESI Eth-Tag Mac-Address IP-Address VNID L3VNID Nexthop GW-Type
0 100 0000:0000:abab 12.12.12.10 100 0 1.1.1.1 --
0 200 0000:0b60:25f2 13.13.13.10 200 0 1.1.1.1 --
RD[2.2.2.2:1]
ESI Eth-Tag Mac-Address IP-Address VNID L3VNID Nexthop GW-Type
0 100 0000:0000:cdcd 12.12.12.20 100 0 2.2.2.2 --
0 200 0000:0b60:25f3 13.13.13.20 200 0 2.2.2.2 --
VTEP-2#show bgp l2vpn evpn mac-ip
RD[1.1.1.1:1]
ESI Eth-Tag Mac-Address IP-Address VNID L3VNID Nexthop GW-Type
0 100 0000:0000:abab 12.12.12.10 100 0 1.1.1.1 --
0 200 0000:0b60:25f2 13.13.13.10 200 0 1.1.1.1 --
RD[2.2.2.2:1] VRF[vrf_evpn_100]:
ESI Eth-Tag Mac-Address IP-Address VNID L3VNID Nexthop GW-Type
0 100 0000:0000:cdcd 12.12.12.20 100 0 2.2.2.2 --
0 100 0000:0b60:25f2 13.13.13.10 100 0 2.2.2.2 --
Last modified date: 08/29/2023