VxLAN IRB ECMP

OcNOS-SP : Virtual Extensible LAN Guide : Virtual Extensible LAN Configuration Guide : VXLAN-EVPN with IRB : VxLAN IRB ECMP

VxLAN IRB ECMP

In multihoming, anycast-IP and the same subnet is configured on the multihomed devices within the same VPN on IRB interfaces connected to the multihomed CE. Both VTEP's will advertise same connected prefix route, remote VTEP need to understand this and treat the traffic destined to multihomed CE as ECMP traffic i.e Routed traffic should loadshare to both the VTEP's.

IRB ECMP Configuration

Configure from base configuration-L2 VXLAN section and perform commit after configuration, then configure below commands for ECMP approach.

VTEP1

Configure max-path ibgp 2 on VTEP1 under BGP IPv4 VRF address family.

(config)router bgp 5000	Enter into BGP router mode
(config-router)#address-family ipv4 vrf L3VRF1	Enter into address-family mode for L3VRF1
(config-router)# max-paths ibgp 2	Configure BGP max-path .
(config-router-af)#redistribute connected	Redistribute connected
(config-router-af)#exit-address-family	Exit form address-family
(config-router-af)#commit	Commit the transaction

VTEP1 IRB configuration

(config)#nvo vxlan irb	Enable VXLAN IRB
(config)#commit	Commit the candidate configuration to running configuration
(config)#ip vrf L3VRF1	Create MAC routing/forwarding instance with L3VRF1 name and enter into VRF mode
(config-vrf)#rd 11000:11	Assign RD value
(config-vrf)# route-target both 100:100	Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000	Configure L3VNI as 1000 for L3VRF1
(config-vrf)#exit	Exit from VRF mode
(config)# evpn irb-forwarding anycast-gateway-mac 0000.0000.1111	Configure anycast MAC address
(config)#commit	Commit the candidate configuration to running configuration
(config)# interface irb1001	Configure IRV interface 1001
(config-if)ip vrf forwarding L3VRF1	Configure L3VRF1
(config-if)ip address 11.11.11.1/24	Configure IP address
(config-if)ipv6 address 11:11::11:1/48	Configure IPv6 address
(config-if) evpn irb-if-forwarding anycast-gateway-mac	Configure anycast MAC address
(config-if)exit	Exit from interface config mode
(config)# interface irb 2001	Configure IRB interface 2001
(config-if)ip vrf forwarding L3VRF1	Configure L3VRF1
(config-if)ip address 21.21.21.1/24	Configure IP address
(config-if)ipv6 address 21:21::21:1/48	Configure IPv6 address
(config-if) evpn irb-if-forwarding anycast-gateway-mac	Configure anycast MAC address
(config-if)exit	Exit from interface config mode
(config)#commit	Commit the candidate configuration to running configuration
(config)router bgp 5000	Enter into BGP router mode
(config-router)#address-family ipv4 vrf L3VRF1	Enter into address-family mode for L3VRF1
(config-router-af)#redistribute connected	Redistribute connected
(config-router-af)#exit-address-family	Exit form address-family
(config)# nvo vxlan id 101 ingress-replication inner-vid-disabled	Configure VXLAN Network identifier with/without inner-vid- disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability-protocol evpn-bgp L2VRF1	Assign VRF for evpn-bgp to carry EVPN route
(config-nvo)# evpn irb1001	Configure IRB1001 under VXLAN ID 101
(config-nvo)#exit	Exit from VXLAN tenant mode and enter into configuration mode.
(config)#nvo vxlan id 201 ingress-replication inner-vid-disabled	Configure VXLAN Network identifier with/without inner-vid- disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability-protocol evpn-bgp L2VRF2	Assign VRF for evpn-bgp to carry EVPN route
(config-nvo)# evpn irb2001	Configure irb2001 under VXLAN ID 201
(config-nvo)#exit	Exit from VXLAN tenant mode and enter into configuration mode.
(config)#commit	Commit the candidate configuration to running configuration

VTEP2

Configure max-path ibgp 2 on VTEP1 under BGP IPv4 VRF address family.

(config)router bgp 5000	Enter into BGP router mode
(config-router)#address-family ipv4 vrf L3VRF1	Enter into address-family mode for L3VRF1
(config-router-af)# max-paths ibgp 2	Configure BGP max-path .
(config-router-af)#redistribute connected	Redistribute connected
(config-router-af)#exit-address-family	Exit form address-family
(config-router-af)#commit	Commit the transaction

VTEP2 IRB configuration

(config)#nvo vxlan irb	Enable VXLAN irb
(config)#commit	Commit the candidate configuration to running configuration
(config)#ip vrf L3VRF1	Create MAC routing/forwarding instance with L3VRF1 name and enter into VRF mode
(config-vrf)#rd 21000:11	Assign RD value
(config-vrf)# route-target both 100:100	Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000	Configure L3VNI as 1000 for L3VRF1
(config-vrf)#exit	Exit from VRF mode
(config)# evpn irb-forwarding anycast-gateway-mac 0000.0000.1111	Configure anycast MAC address
(config)#commit	Commit the candidate configuration to running configuration
(config)# interface irb 1001	Configure IRB interface 1001
(config-if)ip vrf forwarding L3VRF1	Configure L3VRF1
(config-if)ip address 11.11.11.1/24	Configure IP address
(config-if)ipv6 address 11:11::11:1/48	Configure IPv6 address
(config-if) evpn irb-if-forwarding anycast-gateway-mac	Configure anycast MAC address
(config-if)exit	Exit from interface config mode
(config)# interface irb 2001	Configure IRB interface 2001
(config-if)ip vrf forwarding L3VRF1	Configure L3VRF1
(config-if)ip address 21.21.21.1/24	Configure IP address
(config-if)ipv6 address 21:21::21:1/48	Configure IPv6 address
(config-if) evpn irb-if-forwarding anycast-gateway-mac	Configure anycast MAC address
(config-if)exit	Exit from interface config mode
(config)#commit	Commit the candidate configuration to running configuration
(config)router bgp 5000	Enter into BGP router mode
(config-router)#address-family ipv4 vrf L3VRF1	Enter into address-family mode for L3VRF1
(config-router-af)#redistribute connected	Redistribute connected
(config-router-af)#exit-address-family	Exit form address-family
(config)# nvo vxlan id 101 ingress-replication inner-vid-disabled	Configure VXLAN Network identifier with/without inner-vid- disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability-protocol evpn-bgp L2VRF1	Assign VRF for evpn-bgp to carry EVPN route
(config-nvo)# evpn irb1001	Configure irb1001 under VXLAN ID 101
(config-nvo)#exit	Exit from VXLAN tenant mode and enter into configuration mode.
(config)#nvo vxlan id 201 ingress-replication inner-vid-disabled	Configure VXLAN Network identifier with/without inner-vid- disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability-protocol evpn-bgp L2VRF2	Assign VRF for evpn-bgp to carry EVPN route
(config-nvo)# evpn irb2001	Configure irb2001 under VXLAN id 201
(config-nvo)#exit	Exit from VXLAN tenant mode and enter into configuration mode.
(config)#commit	Commit the candidate configuration to running configuration

VTEP5

Unconfigure - evpn irb-forwarding anycast-gateway-mac and assign different IP address and IPv6 address to IRB interfaces on VTEP1. Resolve the ARP on Traffic generator and verify the learnt MAC is same as IRB interface MAC not the anycast MAC (0000.0000.1111). Configure BGP max-path under BGP process.

Enable VXLAN Multihhoming on VTEP5 and reboot the node to apply the Multihoming configuration to hardware.

(config)#hardware-profile filter vxlan enable	Enable hardware-profile filter for VXLAN.
(config)#hardware-profile filter vxlan-mh enable	Enable hardware-profile filter for VXLAN multi-homing.
(config)#hardware-profile filter egress-ipv4 enable	Enable hardware-profile filter for egress IPv4.
(config)#commit	Commit the transaction
(config)#evpn vxlan multihoming enable	Enable Multihoming, save configs and reboot the board for multihoming to be effective
(config)#commit	Commit the transaction
(config)#nvo vxlan irb	Enable VXLAN IRB
(config)#commit	Commit the transaction
(config)#ip vrf L3VRF1	Create MAC routing/forwarding instance with L3VRF1 name and enter into VRF mode
(config-vrf)#rd 51000:11	Assign RD value
(config-vrf)# route-target both 100:100	Assign route-target value for same for import and export.
(config-vrf)# l3vni 1000	Configure L3VNI as 1000 for L3VRF1
(config-vrf)#commit	Commit the transaction
(config)# no evpn irb-forwarding anycast-gateway-mac	Delete EVPN irb-forwarding anycast-gateway-MAC address
(config)#commit	Commit the transaction
(config)# interface irb1001	Configure IRB interface 1001
(config-irb-if)ip vrf forwarding L3VRF1	Configure L3VRF1
(config-irb-if)ip address 101.11.11.1/24	Configure IP address
(config-irb-if)ipv6 address 101:11::11:1/48	Configure IPv6 address
(config-irb-if)#commit	Commit the trasaction
(config)router bgp 5000	Enter into BGP router mode
(config-router)#address-family ipv4 vrf L3VRF1	Enter into address-family mode for L3VRF1
(config-router-af)# max-paths ibgp 2	Configure BGP max-path .
(config-router-af)#redistribute connected	Redistribute connected
(config-router-af)#exit-address-family	Exit form address-family
(config-router-af)#commit	Commit the trasaction
(config)# nvo vxlan id 101 ingress-replication inner-vid-disabled	Configure VXLAN Network identifier with/without inner-vid- disabled configure and enter into VXLAN tenant mode
(config-nvo)#vxlan host-reachability-protocol evpn-bgp L2VRF1	Assign VRF for evpn-bgp to carry EVPN route
(config-nvo)# evpn irb1001	Configure irb1001 under VXLAN ID 101
(config-nvo)#exit	Exit from VXLAN tenant mode and enter into configuration mode.
(config-nvo)#commit	Commit the trasaction

Validations

On VTEP5, verify that in the VRF routing table , ECMP path for the IRB address (11.11.11.1) is via VTEP1 - 1.1.1.1 and VTEP2 -2.2.2.2 . Send the Traffic from VTEP5 Single homed to Multihomed. Traffic should be forwarded via VTEP1 and VTEP2 and is load shared between the Multihome VTEPs.

VTEP5

TB2-VTEP5#show nvo vxlan tunnel

VXLAN Network tunnel Entries

Source Destination Status Up/Down Update

============================================================================

5.5.5.5 2.2.2.2 Installed 00:34:13 00:34:13

5.5.5.5 4.4.4.4 Installed 00:01:26 00:01:26

5.5.5.5 1.1.1.1 Installed 00:34:13 00:34:13

Total number of entries are 3

TB2-VTEP5#show nvo vxlan

VXLAN Information

=================

Codes: NW - Network Port

AC - Access Port

(u) - Untagged

VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr

_______________________________________________________________________________________________________________________________

101 VNI-101 L2 NW ---- ---- ---- ---- 5.5.5.5 2.2.2.2

101 VNI-101 L2 NW ---- ---- ---- ---- 5.5.5.5 1.1.1.1

101 VNI-101 -- AC xe48 --- Single Homed Port --- 10 ---- ---- ----

1000 ---- L3 NW ---- ---- ---- ---- 5.5.5.5 4.4.4.4

Total number of entries are 4

TB2-VTEP5#show nvo vxlan arp-cache

VXLAN ARP-CACHE Information

===========================

VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left

____________________________________________________________________________

101 11.11.11.1 0000.0000.1111 Static Remote ----

101 101.11.11.1 3c2c.99d6.168a Static Local ----

101 11.11.11.201 0000.5555.1010 Static Local ----

Total number of entries are 3

Total number of entries are 1

TB2-VTEP5#show nvo vxlan l3vni-map

L3VNI L2VNI IRB-interface

===================================

1000 101 irb1001

TB2-VTEP5#show ip route vrf L3VRF1

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,

ia - IS-IS inter area, E - EVPN,

v - vrf leaked

* - candidate default

IP Route Table for VRF "L3VRF1"

C 101.11.11.0/24 is directly connected, irb1001, 00:34:43

B 11.11.11.0/24 [200/0] via 1.1.1.1 (recursive is directly connected, tunvxlan1001), 00:01:26

[200/0] via 2.2.2.2 (recursive is directly connected, tunvxlan1001), 00:01:26

C 127.0.0.0/8 is directly connected, lo.L3VRF1, 00:40:36

Gateway of last resort is not set

Send 10000 pps from VTEP5 (Traffic generator- SH5) and verify the counters on VTEP5, VTEP1, VTEP2 and Switch

TB2-VTEP5#show interface counter rate mbps

+-------------------+--------------+-------------+--------------+-------------+

+-------------------+--------------+-------------+--------------+-------------+

xe48 100 10000 0.01 8

xe40 0.00 0 106.76 10000

On VTEP1 and VTEP2, verify that traffic is load-balanced on ECMP path from VTEP5.

VTEP1

TB2-VTEP1#show interface counter rate mbps

+-------------------+--------------+-------------+--------------+-------------+

+-------------------+--------------+-------------+--------------+-------------+

po2 62.75 5000 0.01 8

po1 0.00 0 62.98 5000

xe25 31.98 2500 0 0

xe26 30.95 2501 0 0

xe2 0.00 0 31.53 2500

xe3 0.00 0 30.53 2500

VTEP2

TB2-VTEP2#show interface counter rate mbps

+-------------------+--------------+-------------+--------------+-------------+

+-------------------+--------------+-------------+--------------+-------------+

po3 62.75 5000 0.01 8

po1 0.00 0 62.98 5000

xe27 31.98 2500 0 0

xe28 30.95 2501 0 0

xe8 0.00 0 31.53 2500

xe9 0.00 0 30.53 2500

Verify the Traffic on Multihomed Switch :

SW1(Multihomed)

TB2-SW1#show interface counter rate mbps

+-------------------+--------------+-------------+--------------+-------------+

+-------------------+--------------+-------------+--------------+-------------+

po1 100 10000 0.01 8

xe7 0.00 0 100 10000

xe8 25.01 2501 0 0

xe9 24.99 2499 0 0

xe2 24.98 2499 0 0

xe3 25.02 2501 0 0

Last modified date: 10/20/2023