Configuring The EVPN VXLAN Fabric || Lab-1

In today's topic will discuss the Configuration of VXLAN EVPN fabric and walk through the configurations step by step, Let's start:

Below is our topology we will use during the lab to demonstrate the configuration:

In this lab will go focus on the EVPN VXLAN fabirc to provide Layer-2 extenstion between server-1 and server-2 as shown above. Meanwhile both servers are on different VLAN numbers but on the same subnet, and this what we will see using VXLAN witht he capabilities of EVPN as control plane.

Configuration Building Blocks

Underlay Configuration

1. Configuring Layer-3 reachability between spine and leaf switches, will use OSPF in our Lab
2. Configure Multicast in the underly as it will be used to transmit the traffic in the overlay

Overlay Configuration

1. Provide VNI to VLAN mapping on each leaf switch
2. Configure BGP peering between switches or use spine switches as route-reflector
3. Configure the NVE interface on each switch, which is used as VTEP
4. Map VNI to multicast group for BUM traffic

Configurations

Underlay Configuration

1. Configure OSPF protocol to provide reachability between all switches

### Spine-1, Spine-2, Leaf-1 and Leaf-2 ###

feature ospf

router ospf 1

interface loopback0
  ip router ospf 1 area 0.0.0.0

interface loopback1
  ip router ospf 1 area 0.0.0.0

interface Ethernet1/1
  ip router ospf 1 area 0.0.0.0

interface Ethernet1/2
  ip router ospf 1 area 0.0.0.0        

Verification

### Leaf-1 ###
Show ip ospf neighbor
 OSPF Process ID 1 VRF default
 Total number of neighbors: 2
 Neighbor ID     Pri State            Up Time  Address         Interface
 192.168.254.1     1 FULL/BDR         00:02:31 10.0.11.1       Eth1/1 ----> Spine-1
 192.168.254.2     1 FULL/BDR         00:02:27 10.0.12.1       Eth1/2 ----> Spine-2         

### Leaf-2 ###

Show ip ospf neighbor
 OSPF Process ID 1 VRF default
 Total number of neighbors: 2
 Neighbor ID     Pri State            Up Time  Address         Interface
 192.168.254.1     1 FULL/BDR         00:01:20 10.0.21.1       Eth1/1 ----> Spine-1
 192.168.254.2     1 FULL/BDR         00:01:15 10.0.22.1       Eth1/2 ----> Spine-2        

2. Configure Multicast

• Enable PIM feature and enable it on the pyshical and loopback interfaces as well

### Spine-1, Spine-2, Leaf-1 and Leaf-2 ###

configure
feature pim

interface eth1/1
ip pim sparse-mode

interface eth1/2
ip pim sparse-mode

interface Loopback 0
ip pim sparse-mode

interface Loopback 1
ip pim sparse-mode        

• Configure Spine Switches as rendezvous Point (RP) for redundancy

### Spine-1 and Spine-2 ###

configure
ip pim rp-address 192.168.254.100        

• Advertise the RP address on Underlay IGP protocl and it should be configured and advertised on both Spine switches

### Spine-1 and Spine-2 ###

configure
Interface loopback 1
ip address 192.168.254.100/32
ip router ospf 1 area 0.0.0.0        

• Configure RP set on Both Spine Switches

### Spine-1 and Spine-2 ###

configure
ip pim anycast-rp 192.168.254.100 192.168.254.3
ip pim anycast-rp 192.168.254.100 192.168.254.4        

• Configure RP address toward the loopback-1 on leaf switches

### Leaf-1 and Leaf-2 ###

configure
ip pim rp-address 192.168.254.100        

Verification

• Verify PIM Neighborship

as we see hereunder that PIM is up and running on leaf-1 and leaf-2 and neighborship is established between leaf and spine switches

leaf-1# show ip pim neighbor
PIM Neighbor Status for VRF "default"
Neighbor        Interface            Uptime    Expires   DR       Bidir-  BFD    ECMP Redirect
                                                         Priority Capable State     Capable
10.0.11.1       Ethernet1/1          00:26:40  00:01:42  1        yes     n/a     no
10.0.12.1       Ethernet1/2          00:26:40  00:01:42  1        yes     n/a     no        

leaf-2# show ip pim neighbor
PIM Neighbor Status for VRF "default"
Neighbor        Interface            Uptime    Expires   DR       Bidir-  BFD    ECMP Redirect
                                                         Priority Capable State     Capable
10.0.21.1       Ethernet1/1          00:27:24  00:01:24  1        yes     n/a     no
10.0.22.1       Ethernet1/2          00:27:17  00:01:22  1        yes     n/a     no
leaf-2#         

• Check RP Status

As we see below, that leaf-1 and leaf-2 has entry for the anycast RP (192.168.254.100) which is the loopback 1 on both spine switches

leaf-1# show ip pim rp
!
!
!
RP: 192.168.254.100, (0), 
 uptime: 00:29:47   priority: 255, 
 RP-source: (local),  
 group ranges:
 224.0.0.0/4   
leaf-1#         

leaf-2# show ip pim rp
!
!
!

RP: 192.168.254.100, (0), 
 uptime: 00:31:57   priority: 255, 
 RP-source: (local),  
 group ranges:
 224.0.0.0/4   
leaf-2#         

Overlay Configuration

1. Enable VXLAN and EVPN features

• Enables VLAN-based VXLAN and will allow you to map VLAN o VNI segment

featue vn-segment-vlan-based        

• Enable VXLAN feature

feature nv overlay        

• Enable EVPN on the switch which will allow you to configure an EVPN address family under BGP

nv overlay evpn        

2. VNI to VLAN mapping on each leaf switch

Leaf-1
vlan 100
vn-segment 1000

Leaf-2
vlan 200
vn-segment 2000        

3. Configure BGP peering between leaf switches.

• We can configure BGP between Leaf switches directly if the topology is simple like the one above, but i recommend to consider spine switches as route-reflector for scalability and get rid of iBGP limitation

### Leaf-1 ###

configure
feature BGP
router bgp 65000
neighbor 192.168.254.2
remote-as 65000
update-source loopback 0
address-family l2vpn evpn
send-community both
end        

### Leaf-2 ###

configure
feature BGP
router bgp 65000
neighbor 192.168.254.1
remote-as 65000
update-source loopback 0
address-family l2vpn evpn
send-community both
end        

4. Configure the NVE interface on each leaf switch, which is used as VTEP

• Will configure new interface Loopback 1 on each Leaf switches, which will be used as VTEP and ensure that this interface is advertised into OSPF and enable PIM on this interface as well.

### Leaf-1 ###

Configure
interface loopback 1
ip address 192.168.254.111/32
ip router ospf 1 area 0
ip pim spares-mode
end        

### Leaf-2 ###

Configure
interface loopback 1
ip address 192.168.254.222/32
ip router ospf 1 area 0
ip pim spares-mode
end        

Verifivation

• Verify that this new loopback interface is reachable on the underlay

leaf-1# show ip route 192.168.254.222
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

192.168.254.222/32, ubest/mbest: 2/0
    *via 10.0.11.1, Eth1/1, [110/81], 02:13:10, ospf-1, intra
    *via 10.0.12.1, Eth1/2, [110/81], 02:13:04, ospf-1, intra
leaf-1#         

leaf-2# show ip route 192.168.254.111
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

192.168.254.111/32, ubest/mbest: 2/0
    *via 10.0.21.1, Eth1/1, [110/81], 02:14:29, ospf-1, intra
    *via 10.0.22.1, Eth1/2, [110/81], 02:14:30, ospf-1, intra
leaf-2#         

• Create the network virtualization endpoint (NVE) interface.
• Remember that we created interface loopback 1 to be used as a source for the NVE interface

### Leaf-1 ###

Configure
interface nve 1
no shutdown
source-interface loopback 1
host-reachability protocl bgp
end        

### Leaf-2 ###

Configure
interface nve 1
no shutdown
source-interface loopback 1
host-reachability protocl bgp
end        

Verifivation

Check NVE interface status, Once it is up you can add VNIs to the interface

leaf-1# show nve interface
Interface: nve1, State: Up, encapsulation: VXLAN
 VPC Capability: VPC-VIP-Only [not-notified]
 Local Router MAC: 5217.ba06.1b08
 Host Learning Mode: Control-Plane
 Source-Interface: loopback1 (primary: 192.168.254.111, secondary: 0.0.0.0)        

leaf-2# show nve interface
Interface: nve1, State: Up, encapsulation: VXLAN
 VPC Capability: VPC-VIP-Only [not-notified]
 Local Router MAC: 5210.ae0f.1b08
 Host Learning Mode: Control-Plane
 Source-Interface: loopback1 (primary: 192.168.254.222, secondary: 0.0.0.0)        

5. Map VNI to multicast group for BUM traffic

• Now we need to add the VNI 1000 to NVE interface
• As we will use multicast for BUM traffic, So we need to add multicast group 239.0.0.1 to the VNI interface

### Leaf-1 ###

Configure
interface nve 1
member vni 1000
mcast-group 239.0.0.1        

### Leaf-2 ###

Configure
interface nve 1
member vni 1000
mcast-group 239.0.0.1        

Verification

• Verify nve peer status

leaf-1# show nve peer
Interface Peer-IP                                 State LearnType Uptime   Router-Mac       
--------- --------------------------------------  ----- --------- -------- -----------------
nve1      192.168.254.222                         Up    CP        01:04:39 n/a              

leaf-1#         

leaf-2# show nve peer
Interface Peer-IP                                 State LearnType Uptime   Router-Mac       
--------- --------------------------------------  ----- --------- -------- -----------------
nve1      192.168.254.111                         Up    CP        01:05:06 n/a              

leaf-2#        

• Checking VNI status and it is mapped correctly, we can see below that the VNI is up and its type is layer 2. as well as multicast group attached to it.

leaf-1# show nve vni
Codes: CP - Control Plane        DP - Data Plane          
       UC - Unconfigured         SA - Suppress ARP        
       SU - Suppress Unknown Unicast 
       Xconn - Crossconnect      
       MS-IR - Multisite Ingress Replication
 
Interface VNI      Multicast-group   State Mode Type [BD/VRF]      Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1      1000     239.0.0.1         Up    CP   L2 [100]                

leaf-1#         

leaf-2# show nve vni
Codes: CP - Control Plane        DP - Data Plane          
       UC - Unconfigured         SA - Suppress ARP        
       SU - Suppress Unknown Unicast 
       Xconn - Crossconnect      
       MS-IR - Multisite Ingress Replication
 
Interface VNI      Multicast-group   State Mode Type [BD/VRF]      Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1      1000     239.0.0.1         Up    CP   L2 [200]                
        

• Verify Layer 2 routing table

we can see below that we have 2 MAC address entries in each layer 2 routing table, and its Next-Hop, VNI tag.

leaf-1# show l2route evpn mac all 

Flags -(Rmac):Router MAC (Stt):Static (L):Local (R):Remote (V):vPC link 
(Dup):Duplicate (Spl):Split (Rcv):Recv (AD):Auto-Delete (D):Del Pending
(S):Stale (C):Clear, (Ps):Peer Sync (O):Re-Originated (Nho):NH-Override
(Pf):Permanently-Frozen, (Orp): Orphan

Topology    Mac Address    Prod   Flags         Seq No     Next-Hops                              
----------- -------------- ------ ------------- ---------- ---------------------------------------
100         5254.0005.871e Local  L,            0          Eth1/3                                 
100         5254.001d.9426 BGP    Rcv           0          192.168.254.222 (Label: 1000)          
leaf-1#         

leaf-2# show l2route evpn mac all 

Flags -(Rmac):Router MAC (Stt):Static (L):Local (R):Remote (V):vPC link 
(Dup):Duplicate (Spl):Split (Rcv):Recv (AD):Auto-Delete (D):Del Pending
(S):Stale (C):Clear, (Ps):Peer Sync (O):Re-Originated (Nho):NH-Override
(Pf):Permanently-Frozen, (Orp): Orphan

Topology    Mac Address    Prod   Flags         Seq No     Next-Hops                              
----------- -------------- ------ ------------- ---------- ---------------------------------------
200         5254.0005.871e BGP    Rcv           0          192.168.254.111 (Label: 1000)          
200         5254.001d.9426 Local  L,            0          Eth1/3                                 
leaf-2#         

• Verify multicast routing table

We can see the entries used for BUM traffic

leaf-1# show ip mroute
IP Multicast Routing Table for VRF "default"

(*, 232.0.0.0/8), uptime: 01:31:03, pim ip 
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 0)


(*, 239.0.0.1/32), uptime: 01:30:56, nve pim ip 
  Incoming interface: Ethernet1/1, RPF nbr: 10.0.11.1
  Outgoing interface list: (count: 1)
    nve1, uptime: 01:30:56, nve


(192.168.254.111/32, 239.0.0.1/32), uptime: 01:30:56, nve mrib pim ip 
  Incoming interface: loopback1, RPF nbr: 192.168.254.111
  Outgoing interface list: (count: 1)
    Ethernet1/1, uptime: 01:29:01, pim        

As shown below, the output of Show ibgp l2vpn evpn we noticed the below:

• Server MAC address (5254.0005.871e) is directly connected so we see it with label (l)-means local, and its next hop is the leaf ip itself (192.168.254.111)
• Also we see the remote server MAC address () but in this case it learned via remote leaf vtep (192.168.254.12) from two paths through spine-1 and spine-2

leaf-1# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 6, Local Router ID is 192.168.254.11
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

   Network            Next Hop            Metric     LocPrf     Weight Path
Route Distinguisher: 192.168.254.11:32867    (L2VNI 1000)
*>l[2]:[0]:[0]:[48]:[5254.0005.871e]:[0]:[0.0.0.0]/216  ------------> MAC address of directly connected server
                      192.168.254.111                   100      32768 i
*>i[2]:[0]:[0]:[48]:[5254.001d.9426]:[0]:[0.0.0.0]/216
                      192.168.254.222                   100          0 i

Route Distinguisher: 192.168.254.12:32967
*>i[2]:[0]:[0]:[48]:[5254.001d.9426]:[0]:[0.0.0.0]/216
                      192.168.254.222                   100          0 i

leaf-1#         

leaf-2# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 6, Local Router ID is 192.168.254.12
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

   Network            Next Hop            Metric     LocPrf     Weight Path
Route Distinguisher: 192.168.254.11:32867
*>i[2]:[0]:[0]:[48]:[5254.0005.871e]:[0]:[0.0.0.0]/216
                      192.168.254.111                   100          0 i

Route Distinguisher: 192.168.254.12:32967    (L2VNI 1000)
*>i[2]:[0]:[0]:[48]:[5254.0005.871e]:[0]:[0.0.0.0]/216
                      192.168.254.111                   100          0 i
*>l[2]:[0]:[0]:[48]:[5254.001d.9426]:[0]:[0.0.0.0]/216
                      192.168.254.222                   100      32768 i

leaf-2#         

Now we knows how to configure VXLAN EVPN Fabric for bridging traffic between servers in different VLAN, and knows how to configure both underlay and overlay and the functionality for it.

See you in the next articles about Configuring VXLAN EVPN Fabric Lab-2 for Layer 3 VNI