VXLAN and BGP EVPN Configuration Guide for Dell EMC SmartFabric OS10 Release 10.5.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 VXLAN ........................................................................................................................................ 6 VXLAN concepts................................................................................................................................................................... 6 VXLAN as NVO solution........................................................................................................................................................
show mac address-table nve....................................................................................................................................... 33 show mac address-table virtual-network................................................................................................................... 33 Example: VXLAN with static VTEP...................................................................................................................................
vni..................................................................................................................................................................................... 81 Example: VXLAN with BGP EVPN.....................................................................................................................................81 Example: VXLAN with BGP EVPN — Multi-AS Topology...........................................................................................
1 VXLAN A virtual extensible LAN (VXLAN) extends Layer 2 (L2) server connectivity over an underlying Layer 3 (L3) transport network in a virtualized data center. A virtualized data center consists of virtual machines (VMs) in a multi-tenant environment. OS10 supports VXLAN as described in RFC 7348. VXLAN provides a L2 overlay mechanism on an existing L3 network by encapsulating the L2 frames in L3 packets.
• • The NVO overlay network uses a separate L2 bridge domain (virtual network), which is independent of legacy VLAN forwarding. The NVO underlay network operates in the default VRF using the existing L3 infrastructure and routing protocols. Virtual extensible LAN (VXLAN) A type of network virtualization overlay that encapsulates a tenant payload into IP UDP packets for transport across the IP underlay network.
• Facilitates packet forwarding between local ports and tunneling packets from the local device to a remote device. Configure VXLAN To extend a L2 tenant segment using VXLAN, follow these configuration steps on each VTEP switch: 1. 2. 3. 4. 5. 6. 7. Configure the source IP address used in encapsulated VXLAN packets. Configure a virtual network and assign a VXLAN VNI. Configure VLAN-tagged access ports. Configure untagged access ports. (Optional) Enable routing for hosts on different virtual networks.
2. Assign a VXLAN VNI to the virtual network in VIRTUAL-NETWORK mode. The range is from 1 to 16,777,215. Configure the VNI for the same tenant segment on each VTEP switch. vxlan-vni vni 3. (Optional) If you use BGP EVPN for VXLAN, this step is not required — To set up a static VXLAN, configure the source IP address of a remote VTEP in VXLAN-VNI mode. You can configure up to 1024 remote VTEP addresses for a VXLAN VNI.
The Port,VLAN pair starts to transmit packets over the virtual network. 3. Repeat Steps a) and b) to assign additional member Port,VLAN pairs to the virtual network. • • • You cannot assign the same Port,VLAN member interface pair to more than one virtual network. You can assign the same vlan-tag VLAN ID with different member interfaces to different virtual networks. You can assign a member interface with different vlan-tag VLAN IDs to different virtual networks.
Each tenant is assigned a VRF and each virtual-network interface is assigned an IP subnet in the tenant VRF. The VTEP acts as the L3 gateway that routes traffic from one tenant subnet to another in the overlay before encapsulating it in the VXLAN header and transporting it over the IP underlay fabric. To enable host traffic routing between virtual networks, configure an interface for each virtual network and associate it to a tenant VRF.
• • • • If the next-hop is a pair of dual-homed VTEPs in a VLT domain, a workaround is to configure the same anycast gateway IP address on both VTEPs and use this address as the next-hop IP address. VLT peer routing is not supported in a virtual network. A packet destined to the virtual-network peer MAC address L2 switches instead of IP routes.
OS10(config)# interface ethernet1/1/3 OS10(config-if-eth1/1/3)# ip ospf 100 area 0.0.0.0 OS10(config-if-eth1/1/3)# exit OS10(config)# interface loopback 1 OS10(config-if-lo-1)# ip ospf 100 area 0.0.0.0 Each VTEP switch in the underlay IP network learns the IP address of the VXLAN source interface. If a remote VTEP switch is not reachable, its status displays as DOWN in the show nve remote-vtep output. 2.
Each overlay ARP entry requires a routing next-hop in the hardware to bind a destination tenant VM IP address to the corresponding tenant VM MAC address and VNI. Each virtual-network interface assigned to an IP subnet requires a routing interface in the hardware. OS10 supports preset profiles to re-allocate the number of resources reserved for overlay ARP entries. The number of entries reserved for each preset mode differs according to OS10 switch. Table 3.
• View the currently configured overlay routing profile; for example, in the S5200-ON series: show hardware overlay-routing-profile mode Overlay Setting Mode Next-hop Entries Current default-overlay-routing 8192 Next-boot default-overlay-routing 8192 Underlay Next-hop Entries 57344 57344 Overlay L3 RIF Entries 2048 2048 Underlay L3 RIF Entries 14336 14336 DHCP relay on VTEPs Dynamic Host Configuration Protocol (DHCP) clients on hosts in the overlay communicate with a DHCP server using a DHCP relay on t
View the VXLAN virtual-network port OS10# show virtual-network interface ethernet 1/1/1 Interface Vlan Virtual-network ethernet1/1/1 100 1000 ethernet1/1/1 200 2000 ethernet1/1/1 300 3000 View the VXLAN virtual-network VLAN OS10# show virtual-network vlan 100 Vlan Virtual-network Interface 100 1000 ethernet1/1/1,ethernet1/1/2 100 5000 ethernet1/1/2 View the VXLAN virtual-network VLANs OS10# show vlan Codes: * - Default VLAN, M - Management VLAN, R - Remote Port Mirroring VLANs, @ – Attached to Virtual Netwo
-----------------------------------------------------101 101 44.44.44.44 11.11.11.11,22.22.22.22,33.33.33.33 102 102 44.44.44.44 11.11.11.11,22.22.22.22,33.33.33.33 103 103 44.44.44.44 11.11.11.11,22.22.22.22,33.33.33.33 104 104 44.44.44.44 11.11.11.11,22.22.22.22,33.33.33.33 View VXLAN routing between virtual networks The show ip arp vrf and show ipv6 neighbors vrf command output displays information about IPv4 and IPv6 neighbors learned in a non-default VRF on the switch.
Display VXLAN MAC addresses Table 4. Display VXLAN MAC addresses Command Description show mac address-table virtual-network [vn-id | local | remote | static | dynamic | address macaddress | interface {ethernet node/slot/ port:subport | port-channel number}] Displays all MAC addresses learned on all or a specified virtual network. vn-id: Displays only information about the specified virtual network. local: Displays only locally-learned MAC addresses. remote: Displays only remote MAC addresses.
Command Description show mac address-table count virtual-network [dynamic | local | remote | static | interface {ethernet node/slot/port:subport | port-channel number} | vn-id] Displays the number of MAC addresses learned on all virtual networks (default). dynamic: Displays the number of dynamic MAC addresses learned on all or a specified virtual network. local: Displays the number of locally-learned MAC addresses.
VXLAN commands hardware overlay-routing-profile Configures the number of reserved ARP table entries for VXLAN overlay routing.
Example Supported releases OS10(config)# interface virtual-network 10000 OS10(config-if-vn-10000)# ip vrf forwarding tenant1 OS10(config-if-vn-10000)# ip address 10.1.0.1/16 OS10(config-if-vn-10000)# no shutdown 10.4.3.0 or later ip virtual-router address Configures an anycast gateway IP address for a VXLAN virtual network. Syntax Parameters ip virtual-router address ip-address address ipaddress Enter the IP address of the anycast L3 gateway.
Parameters ethernet node/ slot/ port[:subport] Assign the specified interface to a virtual network. port-channel number Assign the specified port channel to a virtual network. untagged Assign untagged traffic on an interface or port channel to a virtual network. vlan-tag vlanid Assign tagged traffic on the specified VLAN to a virtual network.
Supported releases 10.4.2.0 or later show hardware overlay-routing-profile mode Displays the number of hardware resources available for overlay routing in different profiles. Syntax Parameters show hardware overlay-routing-profile mode [all] all Default Not configured Command mode EXEC View the number of tenant entries available in each hardware partition for overlay routing profiles.
Last clearing of "show interface" counters: 10:24:21 Queuing strategy: fifo Input statistics: 89 packets, 10056 octets Output statistics: 207 packets, 7376 octets Time since last interface status change: 10:23:21 Supported releases 10.4.3.0 or later show nve remote-vtep Displays information about remote VXLAN tunnel endpoints. Syntax Parameters show nve remote-vtep [ip-address | summary | counters] ip-address Display detailed information about a specified remote VTEP.
Supported releases 10.4.2.0 or later show nve vxlan-vni Displays information about the VXLAN virtual networks on the switch. Syntax show nve vxlan-vni Parameters None Default Not configured Command mode EXEC Usage information Use this command to display information about configured VXLAN virtual networks. Each VXLAN virtual network is identified by its virtual-network ID.
Parameters vn-id Default Not configured Command mode EXEC Enter a virtual-network ID, from 1 to 65535. Usage information Use this command to monitor the packet throughput on virtual networks, including VXLANs. Use the clear virtual-network counters command to clear virtual-network counters. Example Supported releases OS10# show virtual-network counters Virtual-Network Input (Packets/Bytes) 1000 857/8570 2000 457/3570 Output (Packets/Bytes) 257/23709 277/13709 10.4.2.
slot/ port[:subport] interface port-channel number Default Not configured Command mode EXEC Enter a port-channel number, from 1 to 128. Usage information Use this command to verify the VXLAN VLANs where an Ethernet port connected to downstream servers is a member. Example Supported releases OS10# show virtual-network interface ethernet 1/1/1 Interface Vlan Virtual-network ethernet1/1/1 100 1000 ethernet1/1/1 200 2000 ethernet1/1/1 300 3000 10.4.2.
Supported releases NUM * 1 @ 100 Status up up @ 101 200 up up Description Q A T A T T Ports Eth1/1/1-1/1/48 Eth1/1/2,Eth1/1/3 Eth1/1/1 port-channel5 Eth1/1/11-1/1/15 10.4.2.0 or later source-interface loopback Configures a dedicated Loopback interface as the source VTEP. Syntax Parameters source-interface loopback number loopback number Default Not configured Command mode NVE-INSTANCE Enter the Loopback interface used as the source interface of a VXLAN virtual tunnel, from 0 to 16383.
virtual-network untagged-vlan Configures a dedicated VLAN for internal use to transmit untagged traffic on member ports in virtual networks on the switch. Syntax Parameters virtual-network untagged-vlan vlan-id id Default Not configured Command mode CONFIGURATION Enter the reserved untagged VLAN ID, from 1 to 4093. Usage information The untagged VLAN ID is used internally for all untagged member interfaces that belong to virtual networks.
Supported releases 10.4.2.0 or later clear mac address-table dynamic virtual-network Clears MAC addresses learned on all or a specified VXLAN virtual network. Syntax Parameters clear mac address-table dynamic virtual-network [interface {ethernet node/slot/ port:subport | port-channel number} | local | vn-id [address mac-address | local]] interface ethernet node/ slot/ port[:subport] Clear all MAC addresses learned on the specified interface.
Usage information Use this command to display the number of MAC address entries learned on all VLANs and VXLAN virtual networks. Example Supported releases OS10# show mac address-table count extended MAC Entries for all vlans : Dynamic Address Count : 10 Static Address (User-defined) Count : 2 Total MAC Addresses in Use: 12 10.4.2.0 or later show mac address-table count nve Displays the number of MAC addresses learned on a VXLAN virtual network or from a remote VXLAN tunnel endpoint.
slot/ port[:subport] interface port-channel number Display the number of MAC addresses learned on the specified port channel. vn-id Display the number of MAC addresses learned on the specified virtual network, from 1 to 65535. Default Not configured Command mode EXEC Usage information Use this command to display the number of MAC address entries learned on virtual networks in the MAC address table.
10000 10000 20000 20000 20000 20000 Supported releases 100 300 300 300 00:00:00:00:00:55 00:00:00:00:00:77 00:00:00:00:00:22 00:00:00:00:00:33 00:00:00:00:00:66 00:00:00:00:00:88 dynamic dynamic dynamic dynamic dynamic dynamic port-channel10 VxLAN(32.1.1.1) port-channel100 port-channel1000 port-channel10 VxLAN(32.1.1.1) 10.4.2.0 or later show mac address-table nve Displays MAC addresses learned on a VXLAN virtual network or from a remote VXLAN tunnel endpoint.
interface ethernet node/ slot/ port[:subport] Display only MAC addresses learned on the specified interface. interface port-channel number Display only MAC addresses learned on the specified port channel. Default Not configured Command mode EXEC Usage information Use this command to verify the MAC addresses learned on VXLAN virtual networks. By default, MAC learning from a remote VTEP is enabled.
Figure 2. Static VXLAN use case VTEP 1 Leaf Switch 1. Configure the underlay OSPF protocol Do not configure the same IP address for the router ID and the source loopback interface in Step 2. OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 172.16.0.1 OS10(config-router-ospf-1)# exit 2. Configure a Loopback interface OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# ip ospf 1 area 0.0.0.
3. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 4.
OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# no switchport mtu 1650 ip address 172.16.2.0/31 ip ospf 1 area 0.0.0.0 exit 8. Configure VLT Configure a dedicated L3 underlay path to reach the VLT Peer in case of network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.1/30 OS10(config-if-vl-4000)# ip ospf 1 area 0.0.0.
OS10(config-if-vn-10000)# ip address 10.1.0.231/16 OS10(config-if-vn-10000)# ip virtual-router address 10.1.0.100 OS10(config-if-vn-10000)# no shutdown OS10(config-if-vn-10000)# exit OS10(config)# interface virtual-network 20000 OS10(config-if-vn-20000)# ip vrf forwarding tenant1 OS10(config-if-vn-20000)# ip address 10.2.0.231/16 OS10(config-if-vn-20000)# ip virtual-router address 10.2.0.100 OS10(config-if-vn-20000)# no shutdown OS10(config-if-vn-20000)# exit VTEP 2 Leaf Switch 1.
OS10(config)# interface OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# ethernet1/1/5 no shutdown channel-group 10 mode active no switchport exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode access OS10(conf-if-po-20)# switchport access vlan 200 OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ether
Configure a VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
4. Configure VXLAN virtual networks with a static VTEP OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# remote-vtep OS10(config-vn-vxlan-vni-remote-vtep)# OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# remote-vtep OS10(config-vn-vxlan-vni-remote-vtep)# OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 192.168.1.1 exit 192.168.1.
OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# no switchport mtu 1650 ip address 172.18.2.0/31 ip ospf 1 area 0.0.0.0 exit 9.
Configure an anycast L3 gateway OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing with an anycast gateway IP address for each virtual network OS10(config)# interface virtual-network 10000 OS10(config-if-vn-10000)# ip vrf forwarding tenant1 OS10(config-if-vn-10000)# ip address 10.1.0.233/16 OS10(config-if-vn-10000)# ip virtual-router address 10.1.0.
OS10(config)# interface OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# ethernet1/1/5 no shutdown channel-group 10 mode active no switchport exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# no switchport access vlan OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# etherne
OS10(config)# interface port-channel20 OS10(conf-if-po-20)# vlt port-channel 20 OS10(conf-if-po-20)# exit Configure VLTi member links OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# ethernet1/1/3 no shutdown no switchport exit OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet1/1/4 no shutdown no switchport exit Configure a VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.
OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# ethernet1/1/2 no shutdown no switchport ip address 172.17.1.1/31 ip ospf 1 area 0.0.0.0 exit OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# ethernet1/1/3 no shutdown no switchport ip address 172.18.1.1/31 ip ospf 1 area 0.0.0.
2 Controller-provisioned VXLAN OS10 supports VXLAN provisioning using an Open vSwitch Database (OVSDB) controller. Currently, the only supported OVSDB controller is the VMware NSX controller. In a controller-provisioned VXLAN, the controller manages VXLAN-related configurations and other control-plane operations, such as MAC address propagation. NOTE: Controller-provisioned VXLAN is not supported on S5148F-ON and S3048-ON switches.
Topics: • • • • Configure controller-provisioned VXLAN Configure and control VXLAN from VMware vCenter Example: VXLAN with a controller configuration VXLAN Controller commands Configure controller-provisioned VXLAN To configure the NSX controller, follow these steps on each OS10 VTEP: 1. Configure the source interface used for controller-based VXLAN provisioning. Assign an IPv4 address to a loopback interface. Assign the loopback interface to an NVE instance.
• • • The interface must be in Switchport Trunk mode. The interface must not be a member of any VLAN The interface must not be a member of a port-channel When the above conditions are not met when assigning the interfaces to be managed by the controller, the system returns error messages.
Since VTEP relies on service nodes to replicate BUM traffic, we need a mechanism to monitor the connectivity between the VTEP and the service nodes. BFD can be used monitors the connectivity between the VTEP and service nodes, and detects failures. The NSX controller provides parameters, such as the minimum TX and RX interval, and the multiplier, to initiate the BFD session between the VTEP and the service nodes. To establish a BFD session, enable the BFD on both the controller and the VTEP.
BFD Status:Enabled Replicators State ----------------------2.2.2.3 Up 2.2.2.2* Up *— indicates the replicator to which the VTEP sends the BUM traffic for the specific VNID. Configure and control VXLAN from VMware vCenter You can configure and control VXLAN from the VMware vCenter GUI. Complete the following steps: 1. On an OS10 switch, generate an SSL certificate in CONFIGURATION mode.
If successfully establishing connectivity between the VTEP and the NSX controller, the console displays the current connection status between the controller and the management IP address of the VTEP. 3. Create a logical switch. You can create a logical network that acts as the forwarding domain for virtualized and nonvirtualized server workloads on the physical and virtual infrastructure. The following steps configure the logical switch for NSX controller management. a.
4. Create a logical switch port that provides a logical connection point for a VM interface (VIF) and a L2 gateway connection to an external network. 5. (Optional) Enable or disable BFD globally. The following steps enable or disable BFD configuration in the controller. a. b. c. d. Click Service Definitions from the left navigation pane. Click the Hardware Devices tab. Click the Edit button in the BFD Configuration.
After you configure a VMware NSX controller on a server VM, connect to the controller from the VXLAN gateway switch. For more information about the NSX controller configuration in the VTEP, see Configure a connection to an OVSDB controller. For more information about NSX controller configuration, see the NSX User Guide from VMware. Example: VXLAN with a controller configuration This example shows a simple NSX controller and an hardware OS10 VTEP deployed in VXLAN environment.
• Configure the NSX controller in VMware vCenter. For more information about configuring the NSX controller using the GUI, see the Configure and control VXLAN from the VMware vCenter. You must configure an OS10 VTEP with the controller configuration so that the VTEP can communicate with the NSX controller. The NSX controller handles configurations and control plane operations in the VXLAN environment. VTEP 1 1. Configure the OSPF protocol in the underlay.
3. Create an NVE instance and configure a Loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback 1 4. Specify the NSX controller reachability information. OS10(config-nve)# controller ovsdb OS10(config-nve-ovsdb)# ip 10.16.140.182 port 6640 ssl OS10(config-nve-ovsdb)# max-backoff 10000 OS10(config-nve-ovsdb)# exit 5. Assign interfaces to be managed by the controller.
13.0.0.3 13.0.0.2 Up Up To view the remote VTEP status, use the show nve remote-vtep command. OS10# show nve remote-vtep IP Address: 13.0.0.2, State: up, Encap: VxLAN VNI list: ,6000 IP Address: 13.0.0.3, State: up, Encap: VxLAN VNI list: ,6000 IP Address: 13.0.0.5, State: up, Encap: VxLAN VNI list: ,6000 IP Address: 202.0.0.1, State: up, Encap: Vxlan VNI list: 6000 VTEP 2 OS10# show nve controller Management IP Gateway IP Max Backoff Configured Controller Controller Cluster IP 10.16.140.182 10.16.140.
IP Adress: 200.0.0.1, VNI list: 6000 State: up, Encap: Vxlan VXLAN Controller commands controller ovsdb Changes the mode to CONFIGURATION-NVE-OVSDB from where you can configure the controller parameters. Syntax controller ovsdb Parameters None Default None Command mode CONFIGURATION-NVE Usage information The controller configuration initiates the OVSDB service on the OS10 switch. The no version of this command stops the OVSDB service.
max-backoff Configures a time interval, in milliseconds (ms). This is the duration the switch waits between the connection attempts to the controller. Syntax max-backoff interval Parameters interval—Enter the amount of time, in ms. This is the duration the switch waits between the connection attempts to the controller, from 1000 to 180000 ms.
Example Supported releases OS10# nve controller ssl-key-generate 10.4.3.0 or later show nve controller Displays information about the controller and the controller-managed interfaces. Syntax show nve controller Parameters None Default None Command mode EXEC Example OS10# show nve controller Management IP Gateway IP Max Backoff Configured Controller Controller Cluster IP Backoff 10.16.140.173 10.16.140.171 10.16.140.172 : : : : 10.16.140.29/16 55.55.5.5 1000 10.16.140.
NZOgYUT+8oaj5tO/hEQfDYuv32E5z4d3FhiBJMFT86T4YvpJYyJkiKmaQWInkthL V3VxEMXI5vJQclMhwYbKfPB4hh3+qdS5o+uVco76CVrcWi7rO3XmsBkbnQIDAQAB MA0GCSqGSIb3DQEBDQUAA4IBAQATuFVD20GcHD8zdpYf0YaP4b6TuonUzF0jwoV+ Qr9b4kOjEBGuoPdevX3AeV/dvAa2Q6o1iOBM5z74NgHizhr067pFP841Nv7DAVb7 cPHHSSTTSeeJjIVMh0kv0KkVefsYuI4r1jqJxu0GZgBinqehXxVKlceouLvwbhb1 MFYXN3lcE2AXR746q1VIc6stNkxf3nrlOpSDz3P4VOnbAnIrY+SvUVmAT0tdrowH 99y2AzoAxUHOdWsH8EjCFch7VilmCVVhyghXdfyl6lv/F6vMRwjc343BpBW3QsGj 68ROX0ILrtOz/2q5oUb/rpJd15KFFN3itT/xYBfZ1ZdLYd5F -----END
Example Supported releases OS10# show ovsdb-tables mac-local-ucast Count : 1356 Ucast_Macs_Local table MAC _uuid ipaddr locator logical_switch ------------------- ------------------------------------------------------------- ---------------------"00:00:09:00:00:00" 948d2357-9a68-49b2-b5b2-a6a9beaec17a "" bb43d2ec-1e60-4367-9840-648a8cc8acff f8994210e29d-4ad4-90fb-557c30f83769 "00:00:09:00:00:01" 4e620093-311a-420e-957f-fbd2bb63f20a "" bb43d2ec-1e60-4367-9840-648a8cc8acff f8994210e29d-4ad4-90fb-557c30f8376
{sec_since_connect="87", sec_since_disconnect="99", state=ACTIVE} "ssl:10.16.140.172:6640" OS10# Supported releases 10.4.3.0 or later show ovsdb-tables tunnel Displays information about the tunnels created by the physical switch to the service nodes. Syntax show ovsdb-tables tunnel Parameters None Default None Command mode EXEC Usage information This command is available only for netadmin, sysadmin, and secadmin roles.
3 BGP EVPN for VXLAN Ethernet Virtual Private Network (EVPN) is a control plane for VXLAN that reduces flooding in the network and resolves scalability concerns. EVPN uses MP-BGP to exchange information between VTEPs. EVPN was introduced in RFC 7432 and is based on BGP MPLSbased VPNs. RFC 8365 describes VXLAN-based EVPN. The MP-BGP EVPN control plane provides protocol-based remote VTEP discovery, and MAC and ARP learning. This configuration reduces flooding related to L2 unknown unicast traffic.
Static VXLAN VXLAN BGP EVPN Data packets learn remote hosts after decapsulation of the VXLAN Remote host MAC addresses are learned in the control plane using header in the data plane. BGP EVPN Type 2 routes and MAC/IP advertisements. VXLAN BGP EVPN operation The EVPN address family allows VXLAN to carry EVPN routes in External Border Gateway Protocol (eBGP) and Internal Border Gateway Protocol (iBGP) sessions.
Data plane functions include: • • • Encapsulate server traffic with VXLAN headers and forward the packets in the underlay network. Decapsulate VXLAN packets received from remote VTEPs and forward the native packets to downstream hosts. Perform underlay route processing, including routing based on the outer IP address. Spine nodes The role of a spine node changes based on its control plane and data plane functions.
• For a 4-byte ASN, OS10 can auto-configure RTs for both 2-byte and 4-byte ASNs. The RT type is set to 0202 (Type 2 in RFC 4364). The RT value is encoded in the format: 4-octet-ASN: 2-octet-number, where the 2-octet-number field contains the EVI ID. In autoEVI mode, the EVI ID is the same as the virtual network ID (VNID). Therefore, in 4-byte ASN deployment, OS10 supports RT autoconfiguration if the VNID-to-VNI mapping is the same on all VTEPs.
For each BGP peer session in the overlay network: a. Configure the BGP peer using its Loopback IP address on the VTEP in ROUTER-BGP mode. neighbor loopback-ip-address b. Assign the BGP neighbor Loopback address to the autonomous system in ROUTER-BGP-NEIGHBOR mode. The neighbor Loopback IP address is the source interface on the remote VTEP. remote-as as-number c. Use the local Loopback address as the source address in BGP packets sent to the neighbor in ROUTER-BGP-NEIGHBOR mode. update-source loopback0 d.
An EVPN instance (EVI) spans across the VTEPs that participate in the EVPN. In OS10, configure an EVI in auto-EVI or manual configuration mode. • Auto-EVI mode a. Enable the EVPN control plane in CONFIGURATION mode. evpn b. Enable auto-EVI creation for overlay virtual networks in EVPN mode. Auto-EVI creation is supported only if BGP EVPN is used with 2-byte AS numbers and if at least one BGP instance is enabled with the EVPN address family. No further manual configuration is allowed in auto-EVI mode.
Display the BGP neighbors in the EVPN instances OS10# show ip bgp neighbors 110.111.170.102 BGP neighbor is 110.111.170.102, remote AS 100, local AS 100 internal link BGP version 4, remote router ID 110.111.170.
50 50 00:00:00:aa:aa:aa 00:00:00:cc:cc:cc rmt lcl 0 0 55.1.1.3 ethernet1/1/8:1 VXLAN BGP EVPN routing Configure BGP EVPN for VXLAN describes how EVPN facilitates traffic switching within the same L2 tenant segment virtual network on a VTEP for virtual networks that associate with EVIs. This section describes how EVPN implements overlay routing between L2 segments associated with EVIs belonging to the same tenant on a VTEP.
For a sample BGP EVPN VLT configuration, see Example: VXLAN with BGP EVPN. Figure 4. BGP EVPN in VLT domain VXLAN BGP commands activate (l2vpn evpn) Enables the exchange of L2 VPN EVPN address family information with a BGP neighbor or peer group.
Usage Information Use this command to exchange L2 VPN EVPN address information for VXLAN host-based routing with a BGP neighbor. The IPv4 unicast address family is enabled by default. Use the no version of this command to disable an address family with a neighbor. Example Supported Releases OS10(conf-router-neighbor)# address-family l2vpn evpn unicast OS10(conf-router-bgp-neighbor-af)# activate 10.2.
Default Enabled Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information This command helps detect routing loops, based on the AS path before it starts advertising routes. To configure a neighbor to accept routes use the neighbor allowas-in command. The no version of this command disables sender-side loop detection for that neighbor. Example (IPv4) Example (IPv6) Supported Releases OS10(conf-router-bgp-102)# neighbor 3.3.3.
BGP version 4, remote router ID 3.3.3.
Example Supported releases OS10(config)# evpn OS10(config-evpn)# auto-evi 10.4.2.0 or later evi Creates an EVPN instance (EVI) in EVPN mode. Syntax Parameters evi id id Default Not configured Command mode EVPN Enter the EVPN instance ID, from 1 to 65535. Usage information If an MP-BGP network uses 4-byte autonomous systems or to specify the RD and RT values, manually configure EVPN instances and associate each EVI with the overlay VXLAN virtual network.
Command mode EVPN-EVI Usage information A RD maintains the uniqueness of an EVPN route between different EVPN instances. The RD auto-configures as Type 1 from the overlay network source IP address and the auto-generated EVPN instance ID. Example Supported releases OS10(config)# evpn OS10(config-evpn)# evi 10 OS10(config-evpn-evi)# vni 10000 OS10(config-evpn-evi)# rd 111.111.111.111:65535 10.4.2.0 or later route-target Configures the Route Target (RT) values EVPN routes use.
Usage information Use this command to verify EVPN instance status, associated VXLAN virtual networks and the RD and RT values the BGP EVPN routes use in the EVI. The status of integrated routing and bridging (IRB) and the VRF used for EVPN traffic also display. Example Supported releases OS10# show evpn evi 101 EVI : 101, State : up Bridge-Domain : Route-Distinguisher : Route-Targets : Inclusive Multicast : IRB : Virtual-Network 101, VNI 101 1:95.0.0.4:101(auto) 0:101:268435556(auto) both 95.0.0.
show evpn mac-ip Displays the BGP EVPN Type 2 routes used for host MAC-IP address binding. Syntax show evpn mac-ip [count | evi evi [mac-address mac-address] | mac-address macaddress | next-hop ip-address] Parameters • • • • • count — Displays the total number of MAC addresses in EVPN MAC-IP address binding. evi evi — Enter an EVPN instance ID, from 1 to 65535. host ip-address — Enter the IP address of a host that communicates through EVPN routes.
101 101 14:18:77:0c:e5:a3 14:18:77:0c:e5:a3 rmt rmt 0 0 11.11.11.3 2001:11::11:3 95.0.0.5 95.0.0.5 OS10# show evpn mac-ip mac-address 14:18:77:25:4e:84 Type EVI 101 103 103 106 106 Supported releases -(lcl): Local (rmt): remote Mac-Address 14:18:77:25:4e:84 14:18:77:25:4e:84 14:18:77:25:4e:84 14:18:77:25:4e:84 14:18:77:25:4e:84 Type rmt rmt rmt rmt rmt Seq-No 0 0 0 0 0 Host-IP Interface/Next-Hop 55.55.55.1 95.0.0.3 13.13.13.1 95.0.0.3 2001:13::13:1 95.0.0.3 16.16.16.1 95.0.0.3 2001:16::16:1 95.0.
vni Associates an EVPN instance with a VXLAN network ID. Syntax Parameters vni vni vni Default Not configured Command mode EVPN-EVI Enter the virtual-network ID, from 1 to 16,777,215. Usage information Use this command in EVPN-EVI mode to configure an EVPN instance with RD and RT values to an overlay VXLAN virtual network. Example Supported releases OS10(config)# evpn OS10(config-evpn)# evi 10 OS10(config-evpn-evi)# vni 10000 10.4.2.
Figure 5. VXLAN BGP EVPN use case VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2.
3. Configure VXLAN virtual networks OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(config-router-bgp-af)# redistribute connected OS10(config-router-bgp-af)# exit 8. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-100)# neighbor 172.16.1.
12. Configure VLT Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network 10000 ip vrf forwarding tenant1 ip address 10.1.0.231/16 ip virtual-router address 10.1.0.
OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# switchport access vlan 200 OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethernet1/1/6 no shutdown channel-group 20 mode active no switchport exit 6.
OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# neighbor 172.202.0.
Configure UFD with uplink VLT ports and downlink network ports OS10(config)# uplink-state-group OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# 1 enable downstream ethernet1/1/1-1/1/2 upstream port-channel10 upstream port-channel20 exit Configure iBGP IPv4 peering between VLT peers OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.16.250.
OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4. Configure unused VLAN ID for untagged membership OS10(config)# virtual-network untagged-vlan 1000 5.
9. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-100)# neighbor 172.18.1.1 OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# neighbor 172.18.2.
OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn)# exit vni 20000 rd auto route-target auto exit 13.
OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 14.
OS10(config)# interface OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# ethernet1/1/5 no shutdown channel-group 10 mode active no switchport exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# no switchport access vlan OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# etherne
10. Configure a Loopback interface for BGP EVPN peering different from the VLT peer IP address OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.19.0.1/32 OS10(conf-if-lo-1)# exit 11. Configure BGP EVPN peering OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.201.0.
Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network 10000 ip vrf forwarding tenant1 ip address 10.1.0.234/16 ip virtual-router address 10.1.0.
OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# neighbor 172.19.1.0 OS10(conf-router-neighbor)# remote-as 100 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# exit 4.
OS10(conf-router-neighbor-af)# no activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit Spine Switch 2 1.
OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# exit 4. Configure a Loopback interface for BGP EVPN peering OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.202.0.1/32 OS10(conf-if-lo-1)# exit 5. Configure BGP EVPN peer sessions OS10(config)# router bgp 101 OS10(conf-router-bgp-101)# neighbor 172.16.0.
Verify VXLAN with BGP EVPN configuration 1. Verify virtual network configurations LEAF1# show virtual-network Codes: DP - MAC-learn Dataplane, CP - MAC-learn Controlplane, UUD - Unknown-Unicast-Drop Virtual Network: 10000 Members: VLAN 100: port-channel10, port-channel1000 VxLAN Virtual Network Identifier: 10000 Source Interface: loopback0(192.168.1.1) Remote-VTEPs (flood-list): 192.168.2.
64 bytes from 10.1.0.20: icmp_seq=3 ttl=64 time=0.772 ms 64 bytes from 10.1.0.20: icmp_seq=4 ttl=64 time=0.799 ms 64 bytes from 10.1.0.20: icmp_seq=5 ttl=64 time=0.866 ms --- 10.1.0.20 ping statistics --5 packets transmitted, 5 received, 0% packet loss, time 4061ms rtt min/avg/max/mdev = 0.737/0.783/0.866/0.047 ms root@HOST-A:~# 6. Check connectivity between host A and host D root@HOST-A:~# ping 10.2.0.20 -c 5 PING 10.2.0.20 (10.2.0.20) 56(84) bytes of 64 bytes from 10.2.0.
Figure 6. VXLAN BGP EVPN use case VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2.
3. Configure VXLAN virtual networks OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(config-router-bgp-99)# address-family ipv4 unicast OS10(config-router-bgp-af)# redistribute connected OS10(config-router-bgp-af)# exit 8. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-99)# neighbor 172.16.1.1 OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-99)# neighbor 172.16.2.
OS10(config-evpn-evi-20000)# route-target 100:20000 import OS10(config-evpn-evi-20000)#exit OS10(config-evpn)# 12. Configure VLT Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Configure an anycast gateway MAC address OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.231/16 ip virtual-router address 10.1.0.
OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# no shutdown channel-group 10 mode active no switchport exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# switchport access vlan 200 OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethernet1/1/6 no shutdown channel-group 20 m
OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-99)# neighbor 172.202.0.
OS10(conf-if-eth1/1/4)# no switchport OS10(conf-if-eth1/1/4)# exit Configure the VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
2. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure VXLAN virtual networks OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(conf-if-eth1/1/1)# mtu 1650 OS10(conf-if-eth1/1/2)# ip address 172.18.2.0/31 OS10(conf-if-eth1/1/2)# exit 8. Configure eBGP OS10(config)# router bgp 100 OS10(config-router-bgp-100)# router-id 172.18.0.1 OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(configure-router-bgp-af)# redistribute connected OS10(configure-router-bgp-af)# exit 9. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-100)# neighbor 172.18.1.
OS10(config-evpn-evi-10000)# rd 192.168.2.1:10000 OS10(config-evpn-evi-10000)# route-target 99:10000 import OS10(config-evpn-evi-10000)# route-target 100:10000 both OS10(config-evpn-evi-10000)#exit OS10(config-evpn)# evi 20000 OS10(config-evpn-evi-20000)# vni 20000 OS10(config-evpn-evi-20000)# rd 192.168.2.1:20000 OS10(config-evpn-evi-20000)# route-target 99:20000 import OS10(config-evpn-evi-20000)# route-target 100:20000 both OS10(config-evpn-evi-20000)#exit OS10(config-evpn)# 13.
Configure iBGP IPv4 peering between VLT peers OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.16.250.11 OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 14.
5.
OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 10. Configure a Loopback interface for BGP EVPN peering different from the VLT peer IP address OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.19.0.1/32 OS10(conf-if-lo-1)# exit 11. Configure BGP EVPN peering OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.201.0.
OS10(conf-vn-20000)# vlti-vlan 200 OS10(conf-vn-20000)# exit Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.234/16 ip virtual-router address 10.1.0.
OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# exit 4. Configure a Loopback interface for BGP EVPN peering OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.201.0.1/32 OS10(conf-if-lo-1)# exit 5. Configure BGP EVPN peer sessions OS10(config)# router bgp 101 OS10(conf-router-bgp-101)# neighbor 172.16.0.
OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# no switchport ip address 172.16.2.
OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-102)# neighbor 172.17.0.
Inclusive Multicast : 192.168.2.1 IRB : Enabled(tenant1) EVI : 20000, State : up Bridge-Domain : Route-Distinguisher : Route-Targets : Inclusive Multicast : IRB : LEAF1# Virtual-Network 20000, VNI 20000 1:192.168.1.1:20000 0:99:10000 both, 0:100:10000 import 192.168.2.1 Enabled(tenant1) 3. Verify BGP EVPN neighborship between leaf and spine nodes LEAF1# show ip bgp l2vpn evpn summary BGP router identifier 172.16.0.1 local AS number 99 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx 172.201.0.
Example: Centralized Layer3 gateway routing In earlier section, the VTEPs were configured in Distributed Gateway topology, where each VTEP can perform VxLAN Routing and any routing decision will be taken by the ingress VTEP. There may be environments where some of the VTEPs have only Layer 2 VxLAN capability and can perform only Layer 2 functionality. In this scenario, the VxLAN routing for these Layer 2 VTEPs can be centralized to one or more Layer 3 VTEP, which support Layer 3 VxLAN functionality.
Figure 7. Centralized Layer3 Gateway Routing VTEP 1 Leaf Switch NOTE: The virtual network interfaces with IP addresses, anycast IP addresses, and anycast gateway MAC addresses need not be configured in the VTEP 1 and VTEP 2, which are Layer 2 VTEPs. 1.
Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.231/16 ip virtual-router address 10.1.0.
When VLT domain 1 receive any traffic towards external world, the traffic is routed to the separate virtual network in the ingress VTEP and sent to the Border Leaf VTEP. In the Border Leaf VTEP, the traffic is then routed to the VLAN to which an external WAN router is connected or directly connected to the Internet.
VTEP 1 Leaf Switch 1. Configure VXLAN virtual network. OS10(config)# virtual-network 500 OS10(config-vn-500)# vxlan-vni 500 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit 2. Configure routing on the virtual networks. OS10(config)# interface virtual-network 500 OS10(conf-if-vn-10000)# ip vrf forwarding tenant1 OS10(conf-if-vn-10000)# ip address 10.5.0.231/16 3. Configure static route for out-bound traffic pointing towards the anycast MAC address of VN500. OS10(config)#ip route 0.0.0.0/0 10.5.0.
OS10(conf)#interface ethernet 1/1/7 switchport mode trunk switchport trunk allowed vlan 200 5. Configure static route for out-bound traffic pointing towards VLAN200. OS10(config)#ip route 0.0.0.0/0 10.10.0.3 VTEP 4 Leaf Switch 1. Configure VXLAN virtual network. OS10(config)# virtual-network 500 OS10(config-vn-500)# vxlan-vni 500 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit 2. Configure an anycast gateway MAC address OS10(config)# ip virtual-router mac-address 00:02:02:02:02:02 3.
4 Support resources The Dell EMC Support site provides a range of documents and tools to assist you with effectively using Dell EMC devices. Through the support site you can obtain technical information regarding Dell EMC products, access software upgrades and patches, download available management software, and manage your open cases. The Dell EMC support site provides integrated, secure access to these services. To access the Dell EMC Support site, go to www.dell.com/support/.