VXLAN and BGP EVPN Configuration Guide for Dell EMC SmartFabric OS10 Release 10.5.2

PDF

Example - VXLAN BGP EVPN symmetric IRB with unnumbered BGP peering

The following BGP EVPN example uses a Clos leaf-spine topology with BGP over unnumbered interfaces.

Example - VXLAN BGP EVPN symmetric IRB with unnumbered BGP peering

The following explains how the network is configured:

  • External BGP (eBGP) over unnumbered interfaces is used to exchange both IPv4 routes and EVPN routes.
  • You need not configure IP addresses on links that connect Spine and Leaf switches. BGP Unnumbered peering works without an IP address configuration on Spine-Leaf links.
  • The remote AS is autodiscovered from BGP Open messages.
  • All VTEPs perform Symmetric IRB routing. All spine nodes are in one autonomous system and each VTEP in the leaf network belongs to different autonomous systems. Both Spine Switch 1 and Spine Switch 2 are in AS 101. For leaf nodes, VLT domain 1 is in AS 201; VLT domain 2 is in AS 202.
  • On leaf switches 1 and 2, access ports are assigned to a virtual network using a switch-scoped VLAN. EVPN for the overlay VXLAN is configured using auto-EVI mode.
  • On leaf switches 3 and 4, access ports are assigned to a virtual network using a port-scoped VLAN. EVPN for the overlay VXLAN is configured using manual EVI mode with RT and RD values configured in auto mode.
  • On all VTEPs, symmetric IRB is configured in EVPN mode using a unique, dedicated VXLAN VNI, and Auto RD and Auto RT values for each tenant VRF.
  • On all VTEPs, the disable-rt-asn command is used to autoderive the RT that does not include the ASN in the RT value. This allows auto RT to be used even if there are different ASNs for each leaf node.
  • The VLAN to an external network is configured only on VTEPs 3 and 4 in the VLT domain that serves as the border leaf gateway.

Spine Switch 1 configuration

  1. Configure downstream ports as unnumbered interfaces. Configure the ipv6 nd send-ra command and lower RA intervals. These interfaces are used for BGP unnumbered peering.
    OS10(config)# interface ethernet1/1/1
    OS10(conf-if-eth1/1/1)# no shutdown
    OS10(conf-if-eth1/1/1)# no switchport
    OS10(conf-if-eth1/1/1)# mtu 1650
    OS10(conf-if-eth1/1/1)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/1)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/1)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/1)# exit
    OS10(config)# interface ethernet1/1/2
    OS10(conf-if-eth1/1/2)# no shutdown
    OS10(conf-if-eth1/1/2)# no switchport
    OS10(conf-if-eth1/1/1)# mtu 1650
    OS10(conf-if-eth1/1/2)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/2)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/2)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/2)# exit
    OS10(config)# interface ethernet1/1/3
    OS10(conf-if-eth1/1/3)# no shutdown
    OS10(conf-if-eth1/1/3)# no switchport
    OS10(conf-if-eth1/1/3)# mtu 1650
    OS10(conf-if-eth1/1/3)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/3)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/3)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/3)# exit
    OS10(config)# interface ethernet1/1/4
    OS10(conf-if-eth1/1/4)# no shutdown
    OS10(conf-if-eth1/1/4)# no switchport
    OS10(conf-if-eth1/1/4)# mtu 1650
    OS10(conf-if-eth1/1/4)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/4)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/4)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/4)# exit
  2. Configure BGP instance with router id.
    OS10(config)# router bgp 101
    OS10(config-router-bgp-101)# router-id 172.201.0.1
  3. Configure the BGP unnumbered neighbor on Leaf-facing ports. Use a template to simplify the configuration on multiple interfaces. These neighbors are configured to carry IPv4 address family (default) and L2VPN EVPN address family.
    OS10(config-router-bgp-101)# template ebgp_unified 
    OS10(config-router-template)# send-community extended
    OS10(config-router-template)# address-family l2vpn evpn
    OS10(config-router-bgp-template-af)# activate
    OS10(config-router-bgp-template-af)# exit
    OS10(config-router-template)# neighbor interface ethernet1/1/1
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
    OS10(config-router-bgp-101)# neighbor interface ethernet1/1/2
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
    OS10(config-router-bgp-101)# neighbor interface ethernet1/1/3
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
    OS10(config-router-bgp-101)# neighbor interface ethernet1/1/4
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit

Spine Switch 2 configuration

  1. Configure downstream ports as unnumbered interfaces. Configure the ipv6 nd send-ra command and lower RA intervals. These interfaces are used for BGP unnumbered peering.
    OS10(config)# interface ethernet1/1/1
    OS10(conf-if-eth1/1/1)# no shutdown
    OS10(conf-if-eth1/1/1)# no switchport
    OS10(conf-if-eth1/1/1)# mtu 1650
    OS10(conf-if-eth1/1/1)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/1)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/1)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/1)# exit
    OS10(config)# interface ethernet1/1/2
    OS10(conf-if-eth1/1/2)# no shutdown
    OS10(conf-if-eth1/1/2)# no switchport
    OS10(conf-if-eth1/1/1)# mtu 1650
    OS10(conf-if-eth1/1/2)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/2)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/2)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/2)# exit
    OS10(config)# interface ethernet1/1/3
    OS10(conf-if-eth1/1/3)# no shutdown
    OS10(conf-if-eth1/1/3)# no switchport
    OS10(conf-if-eth1/1/3)# mtu 1650
    OS10(conf-if-eth1/1/3)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/3)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/3)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/3)# exit
    OS10(config)# interface ethernet1/1/4
    OS10(conf-if-eth1/1/4)# no shutdown
    OS10(conf-if-eth1/1/4)# no switchport
    OS10(conf-if-eth1/1/4)# mtu 1650
    OS10(conf-if-eth1/1/4)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/4)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/4)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/4)# exit
  2. Configure BGP instance with router id.
    OS10(config)# router bgp 101
    OS10(config-router-bgp-101)# router-id 172.202.0.1
  3. Configure the BGP unnumbered neighbor on Leaf-facing ports. Use a template to simplify the configuration on multiple interfaces. These neighbors are configured to carry IPv4 address family (default) and L2VPN EVPN address family.
    OS10(config-router-bgp-101)# template ebgp_unified 
    OS10(config-router-template)# send-community extended
    OS10(config-router-template)# address-family l2vpn evpn
    OS10(config-router-bgp-template-af)# activate
    OS10(config-router-bgp-template-af)# exit
    OS10(config-router-template)# neighbor interface ethernet1/1/1
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
    OS10(config-router-bgp-101)# neighbor interface ethernet1/1/2
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
    OS10(config-router-bgp-101)# neighbor interface ethernet1/1/3
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
    OS10(config-router-bgp-101)# neighbor interface ethernet1/1/4
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit

VTEP Leaf Switch 1 configuration

  1. Configure a loopback interface for the VXLAN underlay using the same IP address as the VLT peer.
    OS10(config)# interface loopback0
    OS10(conf-if-lo-0)# no shutdown
    OS10(conf-if-lo-0)# ip address 192.168.1.1/32
    OS10(conf-if-lo-0)# exit
  2. Configure the loopback interface as the VXLAN source tunnel interface.
    OS10(config)# nve
    OS10(config-nve)# source-interface loopback0
    OS10(config-nve)# exit
  3. Configure the VXLAN virtual network.
    OS10(config)# virtual-network 10000
    OS10(config-vn-10000)# vxlan-vni 10000
    OS10(config-vn-vxlan-vni)# exit
    OS10(config-vn-10000)# exit
  4. Assign VLAN to the virtual network. Use a switch-scoped VLAN-to-VNI mapping.
    OS10(config)# interface vlan100
    OS10(config-if-vl-100)# virtual-network 10000
    OS10(config-if-vl-100)# exit
  5. Configure access ports as VLAN members.
    OS10(config)# interface port-channel10
    OS10(conf-if-po-10)# no shutdown
    OS10(conf-if-po-10)# switchport mode trunk
    OS10(conf-if-po-10)# switchport trunk allowed vlan 100
    OS10(conf-if-po-10)# no switchport access vlan
    OS10(conf-if-po-10)# exit
    OS10(config)# interface ethernet1/1/5
    OS10(conf-if-eth1/1/5)# no shutdown
    OS10(conf-if-eth1/1/5)# channel-group 10 mode active
    OS10(conf-if-eth1/1/5)# exit
  6. Configure upstream network-facing ports as unnumbered interfaces. Configure the ipv6 nd send-ra command and lower RA intervals. These interfaces are used for BGP unnumbered peering.
    OS10(config)# interface ethernet1/1/1
    OS10(conf-if-eth1/1/1)# no shutdown
    OS10(conf-if-eth1/1/1)# no switchport
    OS10(conf-if-eth1/1/1)# mtu 1650
    OS10(conf-if-eth1/1/1)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/1)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/1)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/1)# exit
    OS10(config)# interface ethernet1/1/2
    OS10(conf-if-eth1/1/2)# no shutdown
    OS10(conf-if-eth1/1/2)# no switchport
    OS10(conf-if-eth1/1/2)# mtu 1650
    OS10(conf-if-eth1/1/2)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/2)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/2)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/2)# exit
  7. Configure BGP instance with router id.
    OS10(config)# router bgp 201
    OS10(config-router-bgp-201)# router-id 172.16.0.1
    OS10(config-router-bgp-201)# address-family ipv4 unicast
    OS10(config-router-bgp-af)# redistribute connected
    OS10(config-router-bgp-af)# exit
  8. Configure a BGP unnumbered neighbor over network facing ports. Use a template to simplify the configuration on multiple interfaces. These neighbors are configured to carry IPv4 address family (default) and L2VPN EVPN address family.
    OS10(config-router-bgp-201)# template ebgp_unified 
    OS10(config-router-template)# send-community extended
    OS10(config-router-template)# address-family l2vpn evpn
    OS10(config-router-bgp-template-af)# activate
    OS10(config-router-bgp-template-af)# exit
    OS10(config-router-template)# neighbor interface ethernet1/1/1
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
    OS10(config-router-bgp-201)# neighbor interface ethernet1/1/2
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
  9. Configure EVPN for the VXLAN virtual network. Configure EVPN instances using auto-EVI mode and disable ASN in the generated RT.
    OS10(config)# evpn
    OS10(config-evpn)# auto-evi
    OS10(config-evpn)# disable-rt-asn
    OS10(config-evpn)# exit
    NOTE: Use the disable-rt-asn command to autoderive RT that does not include the ASN in the RT value. This allows auto RT to be used even if the Clos leaf-spine design has separate ASN for each leaf node. Configure this command only when all the VTEPs are OS10 switches.
  10. Configure VLT.
    • Configure a dedicated Layer 3 forwarding path through the other VLT peer for connectivity even if all spine links go down. This VLAN interface is an unnumbered interface and used for iBGP peering with the other VLT peer.
      OS10(config)# interface vlan4000
      OS10(config-if-vl-4000)# no shutdown
      OS10(config-if-vl-4000)# ipv6 nd max-ra-interval 4
      OS10(config-if-vl-4000)# ipv6 nd min-ra-interval 3
      OS10(config-if-vl-4000)# ipv6 nd send-ra
      OS10(config-if-vl-4000)# exit
    • Configure the VLT port channel.
      OS10(config)# interface port-channel10
      OS10(conf-if-po-10)# vlt-port-channel 10
      OS10(conf-if-po-10)# exit
    • Configure the VLTi member links.
      OS10(config)# interface ethernet1/1/3
      OS10(conf-if-eth1/1/3)# no shutdown
      OS10(conf-if-eth1/1/3)# no switchport
      OS10(conf-if-eth1/1/3)# exit
      OS10(config)# interface ethernet1/1/4
      OS10(conf-if-eth1/1/4)# no shutdown
      OS10(conf-if-eth1/1/4)# no switchport
      OS10(conf-if-eth1/1/4)# exit
    • Configure the VLT domain.
      OS10(config)# vlt-domain 1
      OS10(conf-vlt-1)# backup destination 10.16.150.1
      OS10(conf-vlt-1)# discovery-interface ethernet1/1/3,1/1/4
      OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ee:ff
      OS10(conf-vlt-1)# exit
    • Configure UFD with uplink VLT ports and downlink network ports.
      OS10(config)# uplink-state-group 1
      OS10(conf-uplink-state-group-1)# enable
      OS10(conf-uplink-state-group-1)# downstream ethernet1/1/1-1/1/2
      OS10(conf-uplink-state-group-1)# upstream port-channel10
      OS10(conf-uplink-state-group-1)# exit
    • Configure iBGP unnumbered peering between VLT peers with both IPv4 and L2VPN EVPN address families.
      OS10(config)# router bgp 201
      OS10(config-router-bgp-201)# template ibgp_unified 
      OS10(config-router-template)# send-community extended
      OS10(config-router-template)# address-family l2vpn evpn
      OS10(config-router-bgp-template-af)# activate
      OS10(config-router-bgp-template-af)# exit
      OS10(config-router-template)# neighbor interface vlan4000
      OS10(config-router-neighbor)# inherit template ibgp_unified inherit-type ibgp
      OS10(config-router-neighbor)# no shutdown
      OS10(config-router-neighbor)# exit
  11. Configure IP routing in the overlay network.
    • Create a tenant VRF.
      OS10(config)# ip vrf tenant1
      OS10(conf-vrf)# exit
    • Configure an anycast gateway MAC address.
      OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01
    • Configure routing on the virtual network.
      OS10(config)# interface virtual-network 10000
      OS10(conf-if-vn-10000)# ip vrf forwarding tenant1
      OS10(conf-if-vn-10000)# ip address 10.1.0.231/16
      OS10(conf-if-vn-10000)# ip virtual-router address 10.1.0.100
      OS10(conf-if-vn-10000)# no shutdown
      OS10(conf-if-vn-10000)# exit
  12. Configure symmetric IRB.
    • In EVPN mode, configure the router MAC address that is used by remote VTEPs as the destination address in VXLAN encapsulated packets that are sent to the switch. Configure a dedicated VXLAN VNI for symmetric IRB for each tenant VRF.
      OS10(config)# evpn
      OS10(config-evpn)# router-mac 00:01:02:03:04:05
      OS10(config-evpn)# vrf tenant1
      OS10((config-evpn-vrf-tenant1))# vni 3000
      OS10((config-evpn-vrf-tenant1))# route-target auto
      OS10((config-evpn-vrf-tenant1))# exit
      OS10(config-evpn)# exit
  13. Configure advertisement of the connected networks through EVPN Type-5 routes.
    OS10(config)# evpn
    OS10(config-evpn)# vrf tenant1
    OS10((config-evpn-vrf-tenant1))# advertise ipv4 connected
    OS10((config-evpn-vrf-tenant1))# exit

VTEP Leaf Switch 2 configuration

  1. Configure a loopback interface for the VXLAN underlay using the same IP address as the VLT peer.
    OS10(config)# interface loopback0
    OS10(conf-if-lo-0)# no shutdown
    OS10(conf-if-lo-0)# ip address 192.168.1.1/32
    OS10(conf-if-lo-0)# exit
  2. Configure the loopback interface as the VXLAN source tunnel interface.
    OS10(config)# nve
    OS10(config-nve)# source-interface loopback0
    OS10(config-nve)# exit
  3. Configure the VXLAN virtual network.
    OS10(config)# virtual-network 10000
    OS10(config-vn-10000)# vxlan-vni 10000
    OS10(config-vn-vxlan-vni)# exit
    OS10(config-vn)# exit
  4. Assign VLAN member interfaces to the virtual network. Use a switch-scoped VLAN-to-VNI mapping.
    OS10(config)# interface vlan100
    OS10(config-if-vl-100)# virtual-network 10000
    OS10(config-if-vl-100)# exit
  5. Configure access ports as VLAN members.
    OS10(config)# interface port-channel10
    OS10(conf-if-po-10)# no shutdown
    OS10(conf-if-po-10)# switchport mode trunk
    OS10(conf-if-po-10)# switchport trunk allowed vlan 100
    OS10(conf-if-po-10)# no switchport access vlan
    OS10(conf-if-po-10)# exit
    OS10(config)# interface ethernet1/1/5
    OS10(conf-if-eth1/1/5)# no shutdown
    OS10(conf-if-eth1/1/5)# channel-group 10 mode active
    OS10(conf-if-eth1/1/5)# exit
  6. Configure upstream network-facing ports as unnumbered interfaces. Configure the ipv6 nd send-ra command and lower RA intervals. These interfaces are used for BGP unnumbered peering.
    OS10(config)# interface ethernet1/1/1
    OS10(conf-if-eth1/1/1)# no shutdown
    OS10(conf-if-eth1/1/1)# no switchport
    OS10(conf-if-eth1/1/1)# mtu 1650
    OS10(conf-if-eth1/1/1)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/1)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/1)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/1)# exit
    OS10(config)# interface ethernet1/1/2
    OS10(conf-if-eth1/1/2)# no shutdown
    OS10(conf-if-eth1/1/2)# no switchport
    OS10(conf-if-eth1/1/2)# mtu 1650
    OS10(conf-if-eth1/1/2)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/2)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/2)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/2)# exit
  7. Configure BGP instance with router id.
    OS10(config)# router bgp 201
    OS10(config-router-bgp-201)# router-id 172.17.0.1
    OS10(config-router-bgp-201)# address-family ipv4 unicast
    OS10(configure-router-bgp-af)# redistribute connected
    OS10(configure-router-bgp-af)# exit
  8. Configure a BGP unnumbered neighbor on network facing ports. Use a template to simplify the configuration on multiple interfaces. These neighbors are configured to carry IPv4 address family (default) and L2VPN EVPN address family.
    OS10(config-router-bgp-201)# template ebgp_unified 
    OS10(config-router-template)# send-community extended
    OS10(config-router-template)# address-family l2vpn evpn
    OS10(config-router-bgp-template-af)# activate
    OS10(config-router-bgp-template-af)# exit
    OS10(config-router-template)# neighbor interface ethernet1/1/1
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
    OS10(config-router-bgp-201)# neighbor interface ethernet1/1/2
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
  9. Configure EVPN for the VXLAN virtual network. Configure the EVPN instances using Auto EVI mode and Disable ASN in the generated RT.
    OS10(config)# evpn
    OS10(config-evpn)# auto-evi
    OS10(config-evpn)# disable-rt-asn
    OS10(config-evpn)# exit
    NOTE: Use the disable-rt-asn command to autoderive RT that does not include the ASN in the RT value. This allows auto RT to be used even if the Clos leaf-spine design has separate ASN for each leaf node. Configure this command only when all the VTEPs are OS10 switches.
  10. Configure VLT.
    • Configure a dedicated Layer 3 forwarding path through the other VLT peer for connectivity even if all spine links go down. This VLAN interface would be unnumbered interface and used for iBGP peering with the other VLT peer.
      OS10(config)# interface vlan4000
      OS10(config-if-vl-4000)# no shutdown
      OS10(config-if-vl-4000)# ipv6 nd max-ra-interval 4
      OS10(config-if-vl-4000)# ipv6 nd min-ra-interval 3
      OS10(config-if-vl-4000)# ipv6 nd send-ra
      OS10(config-if-vl-4000)# exit
    • Configure the VLT port channel.
      OS10(config)# interface port-channel10
      OS10(conf-if-po-10)# vlt-port-channel 10
      OS10(conf-if-po-10)# exit
    • Configure VLTi member links.
      OS10(config)# interface ethernet1/1/3
      OS10(conf-if-eth1/1/3)# no shutdown
      OS10(conf-if-eth1/1/3)# no switchport
      OS10(conf-if-eth1/1/3)# exit
      OS10(config)# interface ethernet1/1/4
      OS10(conf-if-eth1/1/4)# no shutdown
      OS10(conf-if-eth1/1/4)# no switchport
      OS10(conf-if-eth1/1/4)# exit
    • Configure the VLT domain.
      OS10(config)# vlt-domain 1
      OS10(conf-vlt-1)# backup destination 10.16.150.2
      OS10(conf-vlt-1)# discovery-interface ethernet1/1/3,1/1/4
      OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ee:ff
      OS10(conf-vlt-1)# exit
    • Configure UFD with uplink VLT ports and downlink network ports.
      OS10(config)# uplink-state-group 1
      OS10(conf-uplink-state-group-1)# enable
      OS10(conf-uplink-state-group-1)# downstream ethernet1/1/1-1/1/2
      OS10(conf-uplink-state-group-1)# upstream port-channel10
      OS10(conf-uplink-state-group-1)# exit
    • Configure iBGP unnumbered peering between VLT peers with bothIPv4 and L2VPN EVPN address families.
      OS10(config)# router bgp 201
      OS10(config-router-bgp-201)# template ibgp_unified 
      OS10(config-router-template)# send-community extended
      OS10(config-router-template)# address-family l2vpn evpn
      OS10(config-router-bgp-template-af)# activate
      OS10(config-router-bgp-template-af)# exit
      OS10(config-router-template)# neighbor interface vlan4000
      OS10(config-router-neighbor)# inherit template ibgp_unified inherit-type ibgp
      OS10(config-router-neighbor)# no shutdown
      OS10(config-router-neighbor)# exit
  11. Configure IP routing in overlay network.
    • Create a tenant VRF.
      OS10(config)# ip vrf tenant1
      OS10(conf-vrf)# exit
    • Configure an anycast gateway MAC address.
      OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01
    • Configure routing on the virtual network.
      OS10(config)# interface virtual-network 10000
      OS10(conf-if-vn-10000)# ip vrf forwarding tenant1
      OS10(conf-if-vn-10000)# ip address 10.1.0.232/16
      OS10(conf-if-vn-10000)# ip virtual-router address 10.1.0.100
      OS10(conf-if-vn-10000)# no shutdown
      OS10(conf-if-vn-10000)# exit
  12. Configure symmetric IRB. In EVPN mode, configure the router MAC address that is used by remote VTEPs as the destination address in VXLAN encapsulated packets that are sent to the switch. Configure a dedicated VXLAN VNI for symmetric IRB for each tenant VRF.
    OS10(config)# evpn
    OS10(config-evpn)# router-mac 00:01:02:03:04:05
    OS10(config-evpn)# vrf tenant1
    OS10(config-evpn-tenant1)# vni 3000
    OS10(config-evpn-tenant1)# route-target auto
    OS10(config-evpn-tenant1)# exit
    OS10(config-evpn)# exit
  13. Configure advertisement of the connected networks through EVPN Type-5 routes.
    OS10(config)# evpn
    OS10(config-evpn)# vrf tenant1
    OS10(config-evpn-tenant1)# advertise ipv4 connected
    OS10(config-evpn-tenant1)# exit

VTEP Leaf Switch 3 configuration

  1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer.
    OS10(config)# interface loopback0
    OS10(conf-if-lo-0)# no shutdown
    OS10(conf-if-lo-0)# ip address 192.168.2.1/32
    OS10(conf-if-lo-0)# exit
  2. Configure the loopback interface as the VXLAN source tunnel interface.
    OS10(config)# nve
    OS10(config-nve)# source-interface loopback0
    OS10(config-nve)# exit
  3. Configure the VXLAN virtual network.
    OS10(config)# virtual-network 20000
    OS10(config-vn-20000)# vxlan-vni 20000
    OS10(config-vn-vxlan-vni)# exit
    OS10(config-vn-20000)# exit
  4. Configure an unused VLAN ID for untagged membership.
    OS10(config)# virtual-network untagged-vlan 1000
  5. Configure access ports as VLAN members for a port-scoped VLAN-to-VNI mapping.
    OS10(config)# interface port-channel20
    OS10(conf-if-po-20)# no shutdown
    OS10(conf-if-po-20)# switchport mode trunk
    OS10(conf-if-po-20)# no switchport access vlan
    OS10(conf-if-po-20)# exit
    OS10(config)# interface ethernet1/1/6
    OS10(conf-if-eth1/1/6)# no shutdown
    OS10(conf-if-eth1/1/6)# channel-group 20 mode active
    OS10(conf-if-eth1/1/6)# exit
  6. Add the access ports to the virtual network.
    OS10(config)# virtual-network 20000
    OS10(config-vn-20000)# member-interface port-channel 20 untagged
    OS10(config-vn-20000)# exit
  7. Configure upstream network-facing ports as unnumbered interfaces. Configure the ipv6 nd send-ra command and lower RA intervals. These interfaces would be used for BGP unnumbered peering.
    OS10(config)# interface ethernet1/1/1
    OS10(conf-if-eth1/1/1)# no shutdown
    OS10(conf-if-eth1/1/1)# no switchport
    OS10(conf-if-eth1/1/1)# mtu 1650
    OS10(conf-if-eth1/1/1)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/1)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/1)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/1)# exit
    OS10(config)# interface ethernet1/1/2
    OS10(conf-if-eth1/1/2)# no shutdown
    OS10(conf-if-eth1/1/2)# no switchport
    OS10(conf-if-eth1/1/2)# mtu 1650
    OS10(conf-if-eth1/1/2)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/2)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/2)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/2)# exit
  8. Configure BGP instance with router id.
    OS10(config)# router bgp 202
    OS10(config-router-bgp-202)# router-id 172.18.0.1
    OS10(config-router-bgp-202)# address-family ipv4 unicast
    OS10(configure-router-bgp-af)# redistribute connected
    OS10(configure-router-bgp-af)# exit
  9. Configure BGP unnumbered neighbor over network facing ports. You can use a template to simplify the configuration on multiple interfaces. These neighbors are configured to carry IPv4 address family (default) and L2VPN EVPN address family.
    OS10(config-router-bgp-202)# template ebgp_unified 
    OS10(config-router-template)# send-community extended
    OS10(config-router-template)# address-family l2vpn evpn
    OS10(config-router-bgp-template-af)# activate
    OS10(config-router-bgp-template-af)# exit
    OS10(config-router-template)# neighbor interface ethernet1/1/1
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
    OS10(config-router-bgp-202)# neighbor interface ethernet1/1/2
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
  10. Configure EVPN for the VXLAN virtual network. Configure the EVPN instance in manual configuration mode, and RD and RT configuration in auto mode.
    OS10(config)# evpn
    OS10(config-evpn)# disable-rt-asn
    OS10(config-evpn)# evi 20000 
    OS10(config-evpn-evi-20000)# vni 20000 
    OS10(config-evpn-evi-20000)# rd auto 
    OS10(config-evpn-evi-20000)# route-target auto 
    OS10(config-evpn-evi-20000)# exit 
    OS10(config-evpn)# exit
    NOTE: Use the disable-rt-asn command to autoderive RT that does not include the ASN in the RT value. This allows auto RT to be used even if the Clos leaf-spine design has separate ASN for each leaf node. Configure this command only when all the VTEPs are OS10 switches.
  11. Configure VLT.
    • Configure a VLTi VLAN for the virtual network.
      OS10(config)# virtual-network 20000
      OS10(config-vn-20000)# vlti-vlan 200
      OS10(config-vn-20000)# exit
      
    • Configure a dedicated Layer 3 forwarding path through the other VLT peer for connectivity even if all spine links go down. This VLAN interface is an unnumbered interface and used for iBGP peering with the other VLT peer.
      OS10(config)# interface vlan4000
      OS10(config-if-vl-4000)# no shutdown
      OS10(config-if-vl-4000)# ipv6 nd max-ra-interval 4
      OS10(config-if-vl-4000)# ipv6 nd min-ra-interval 3
      OS10(config-if-vl-4000)# ipv6 nd send-ra
      OS10(config-if-vl-4000)# exit
    • Configure the VLT port channel.
      OS10(config)# interface port-channel20
      OS10(conf-if-po-20)# vlt-port-channel 20
      OS10(conf-if-po-20)# exit
      
    • Configure VLTi member links.
      OS10(config)# interface ethernet1/1/3
      OS10(conf-if-eth1/1/3)# no shutdown
      OS10(conf-if-eth1/1/3)# no switchport
      OS10(conf-if-eth1/1/3)# exit
      OS10(config)# interface ethernet1/1/4
      OS10(conf-if-eth1/1/4)# no shutdown
      OS10(conf-if-eth1/1/4)# no switchport
      OS10(conf-if-eth1/1/4)# exit
    • Configure the VLT domain.
      OS10(config)# vlt-domain 1
      OS10(conf-vlt-1)# backup destination 10.16.150.3
      OS10(conf-vlt-1)# discovery-interface ethernet1/1/3,1/1/4
      OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ff:ee
      OS10(conf-vlt-1)# exit
    • Configure UFD with uplink VLT ports and downlink network ports.
      OS10(config)# uplink-state-group 1
      OS10(conf-uplink-state-group-1)# enable
      OS10(conf-uplink-state-group-1)# downstream ethernet1/1/1-1/1/2
      OS10(conf-uplink-state-group-1)# upstream port-channel20
      OS10(conf-uplink-state-group-1)# exit
    • Configure iBGP unnumbered peering between VLT peers with both IPv4 and L2VPN EVPN address families.
      OS10(config)# router bgp 202
      OS10(config-router-bgp-202)# template ibgp_unified 
      OS10(config-router-template)# send-community extended
      OS10(config-router-template)# address-family l2vpn evpn
      OS10(config-router-bgp-template-af)# activate
      OS10(config-router-bgp-template-af)# exit
      OS10(config-router-template)# neighbor interface vlan4000
      OS10(config-router-neighbor)# inherit template ibgp_unified inherit-type ibgp
      OS10(config-router-neighbor)# no shutdown
      OS10(config-router-neighbor)# exit
  12. Configure IP routing in the overlay network.
    • Create the tenant VRF.
      OS10(config)# ip vrf tenant1
      OS10(conf-vrf)# exit
    • Configure an anycast gateway MAC address.
      OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01
    • Configure routing on the virtual network.
      OS10(config)# interface virtual-network 20000
      OS10(conf-if-vn-20000)# ip vrf forwarding tenant1
      OS10(conf-if-vn-20000)# ip address 10.2.0.233/16
      OS10(conf-if-vn-20000)# ip virtual-router address 10.2.0.100
      OS10(conf-if-vn-20000)# no shutdown
      OS10(conf-if-vn-20000)# exit
  13. Configure symmetric IRB. In EVPN mode, configure the router MAC address that is used by remote VTEPs as the destination address in VXLAN encapsulated packets that are sent to the switch. Configure a dedicated VXLAN VNI for symmetric IRB for each tenant VRF.
    OS10(config)# evpn
    OS10(config-evpn)# router-mac 00:01:02:03:04:06
    OS10(config-evpn)# vrf tenant1
    OS10(config-evpn-vrf-tenant1)# vni 3000
    OS10(config-evpn-vrf-tenant1)# route-target auto
    OS10(config-evpn-vrf-tenant1)# exit
    OS10(config-evpn)# exit
  14. Configure an externally connected VLAN.
    OS10(conf)# interface vlan 200
    OS10(conf-if-vlan)# ip vrf forwarding tenant1
    OS10(conf-if-vlan)# ip address 10.10.0.1/16
    OS10(conf-if-vlan)# no shutdown
    OS10(conf-if-vlan)# exit
    OS10(conf)# interface ethernet 1/1/7
    OS10(conf-if-eth1/1/7)# switchport mode trunk
    OS10(conf-if-eth1/1/7)# switchport trunk allowed vlan 200
  15. Configure advertisement of the connected networks through EVPN Type-5 routes.
    OS10(config)# evpn
    OS10(config-evpn)# vrf tenant1
    OS10(config-evpn-vrf-tenant1)# advertise ipv4 connected
    OS10(config-evpn-vrf-tenant1)# exit

VTEP Leaf Switch 4 configuration

  1. Configure a loopback interface for the VXLAN underlay using the same IP address as the VLT peer.
    OS10(config)# interface loopback0
    OS10(conf-if-lo-0)# no shutdown
    OS10(conf-if-lo-0)# ip address 192.168.2.1/32
    OS10(conf-if-lo-0)# exit
  2. Configure the Loopback interface as the VXLAN source tunnel interface.
    OS10(config)# nve
    OS10(config-nve)# source-interface loopback0
    OS10(config-nve)# exit
  3. Configure the VXLAN virtual network.
    OS10(config)# virtual-network 20000
    OS10(config-vn-20000)# vxlan-vni 20000
    OS10(config-vn-vxlan-vni)# exit
    OS10(config-vn-20000)# exit
  4. Configure an unused VLAN ID for untagged membership.
    OS10(config)# virtual-network untagged-vlan 1000
  5. Configure access ports as VLAN members for a port-scoped VLAN-to-VNI mapping.
    OS10(config)# interface port-channel20
    OS10(conf-if-po-20)# no shutdown
    OS10(conf-if-po-20)# switchport mode trunk
    OS10(conf-if-po-20)# no switchport access vlan
    OS10(conf-if-po-20)# exit
    OS10(config)# interface ethernet1/1/6
    OS10(conf-if-eth1/1/6)# no shutdown
    OS10(conf-if-eth1/1/6)# channel-group 20 mode active
    OS10(conf-if-eth1/1/6)# exit
  6. Add the access ports to the virtual network.
    OS10(config)# virtual-network 20000
    OS10(config-vn-20000)# member-interface port-channel 20 untagged
    OS10(config-vn)# exit
  7. Configure upstream network-facing ports as unnumbered interfaces. Configure the ipv6 nd send-ra command and lower RA intervals. These interfaces would be used for BGP unnumbered peering.
    OS10(config)# interface ethernet1/1/1
    OS10(conf-if-eth1/1/1)# no shutdown
    OS10(conf-if-eth1/1/1)# no switchport
    OS10(conf-if-eth1/1/1)# mtu 1650
    OS10(conf-if-eth1/1/1)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/1)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/1)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/1)# exit
    OS10(config)# interface ethernet1/1/2
    OS10(conf-if-eth1/1/2)# no shutdown
    OS10(conf-if-eth1/1/2)# no switchport
    OS10(conf-if-eth1/1/2)# mtu 1650
    OS10(conf-if-eth1/1/2)# ipv6 nd max-ra-interval 4
    OS10(conf-if-eth1/1/2)# ipv6 nd min-ra-interval 3
    OS10(conf-if-eth1/1/2)# ipv6 nd send-ra
    OS10(conf-if-eth1/1/2)# exit
  8. Configure BGP instance with router id.
    OS10(config)# router bgp 202
    OS10(config-router-bgp-202)# router-id 172.19.0.1
    OS10(config-router-bgp-202)# address-family ipv4 unicast
    OS10(configure-router-bgp-af)# redistribute connected
    OS10(configure-router-bgp-af)# exit
  9. Configure a BGP unnumbered neighbor over network facing ports. Use a template to simplify the configuration on multiple interfaces. These neighbors are configured to carry IPv4 address family (default) and L2VPN EVPN address family.
    OS10(config-router-bgp-202)# template ebgp_unified 
    OS10(config-router-template)# send-community extended
    OS10(config-router-template)# address-family l2vpn evpn
    OS10(config-router-bgp-template-af)# activate
    OS10(config-router-bgp-template-af)# exit
    OS10(config-router-template)# neighbor interface ethernet1/1/1
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
    OS10(config-router-bgp-202)# neighbor interface ethernet1/1/2
    OS10(config-router-neighbor)# inherit template ebgp_unified inherit-type ebgp
    OS10(config-router-neighbor)# no shutdown
    OS10(config-router-neighbor)# exit
  10. Configure EVPN for the VXLAN virtual network. Configure the EVPN instance manual configuration mode, and RD, and RT configuration in auto mode.
    OS10(config)# evpn
    OS10(config-evpn)# disable-rt-asn
    OS10(config-evpn)# evi 20000 
    OS10(config-evpn-evi-20000)# vni 20000 
    OS10(config-evpn-evi-20000)# rd auto 
    OS10(config-evpn-evi-20000)# route-target auto 
    OS10(config-evpn-evi-20000)# exit 
    OS10(config-evpn)# exit
    NOTE: Use the disable-rt-asn command to autoderive RT that does not include the ASN in the RT value. This allows auto RT to be used even if the Clos leaf-spine design has separate ASN for each leaf node. Configure this command only when all the VTEPs are OS10 switches.
  11. Configure VLT.
    • Configure a VLTi VLAN for the virtual network.
      OS10(config)# virtual-network 20000
      OS10(conf-vn-20000)# vlti-vlan 200
      OS10(conf-vn-20000)# exit
    • Configure a dedicated Layer 3 forwarding path through the other VLT peer if all spine links go down. This VLAN interface is unnumbered interface and is used for iBGP peering with the other VLT peer.
      OS10(config)# interface vlan4000
      OS10(config-if-vl-4000)# no shutdown
      OS10(config-if-vl-4000)# ipv6 nd max-ra-interval 4
      OS10(config-if-vl-4000)# ipv6 nd min-ra-interval 3
      OS10(config-if-vl-4000)# ipv6 nd send-ra
      OS10(config-if-vl-4000)# exit
    • Configure the VLT port channel.
      OS10(config)# interface port-channel20
      OS10(conf-if-po-20)# vlt-port-channel 20
      OS10(conf-if-po-20)# exit
    • Configure VLTi member links.
      OS10(config)# interface ethernet1/1/3
      OS10(conf-if-eth1/1/3)# no shutdown
      OS10(conf-if-eth1/1/3)# no switchport
      OS10(conf-if-eth1/1/3)# exit
      OS10(config)# interface ethernet1/1/4
      OS10(conf-if-eth1/1/4)# no shutdown
      OS10(conf-if-eth1/1/4)# no switchport
      OS10(conf-if-eth1/1/4)# exit
    • Configure the VLT domain.
      OS10(config)# vlt-domain 1
      OS10(conf-vlt-1)# backup destination 10.16.150.4
      OS10(conf-vlt-1)# discovery-interface ethernet1/1/3,1/1/4
      OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ff:ee
      OS10(conf-vlt-1)# exit
    • Configure UFD with uplink VLT ports and downlink network ports.
      OS10(config)# uplink-state-group 1
      OS10(conf-uplink-state-group-1)# enable
      OS10(conf-uplink-state-group-1)# downstream ethernet1/1/1-1/1/2
      OS10(conf-uplink-state-group-1)# upstream port-channel20
      OS10(conf-uplink-state-group-1)# exit
    • Configure iBGP unnumbered peering between VLT peers with both IPv4 and L2VPN EVPN address families.
      OS10(config)# router bgp 202
      OS10(config-router-bgp-202)# template ibgp_unified 
      OS10(config-router-template)# send-community extended
      OS10(config-router-template)# address-family l2vpn evpn
      OS10(config-router-bgp-template-af)# activate
      OS10(config-router-bgp-template-af)# exit
      OS10(config-router-template)# neighbor interface vlan4000
      OS10(config-router-neighbor)# inherit template ibgp_unified inherit-type ibgp
      OS10(config-router-neighbor)# no shutdown
      OS10(config-router-neighbor)# exit
  12. Configure IP routing in the overlay network.
    • Create a tenant VRF.
      OS10(config)# ip vrf tenant1
      OS10(conf-vrf)# exit
    • Configure an anycast gateway MAC address.
      OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01
    • Configure routing on the virtual network.
      OS10(config)# interface virtual-network 20000
      OS10(conf-if-vn-20000)# ip vrf forwarding tenant1
      OS10(conf-if-vn-20000)# ip address 10.2.0.234/16
      OS10(conf-if-vn-20000)# ip virtual-router address 10.2.0.100
      OS10(conf-if-vn-20000)# no shutdown
      OS10(conf-if-vn-20000)# exit
  13. Configure symmetric IRB. In EVPN mode, configure the router MAC address that is used by remote VTEPs as the destination address in VXLAN encapsulated packets that are sent to the switch. Configure a dedicated VXLAN VNI for symmetric IRB for each tenant VRF.
    OS10(config)# evpn
    OS10(config-evpn)# router-mac 00:01:02:03:04:06
    OS10(config-evpn)# vrf tenant1
    OS10(config-evpn-vrf-tenant1)# vni 3000
    OS10(config-evpn-vrf-tenant1)# route-target auto
    OS10(config-evpn-vrf-tenant1)# exit
    OS10(config-evpn)# exit
  14. Configure an externally connected VLAN.
    OS10(conf)# interface vlan 200
    OS10(conf-if-vlan)# ip vrf forwarding tenant1
    OS10(conf-if-vlan)# ip address 10.10.0.2/16
    OS10(conf-if-vlan)# no shutdown
    OS10(conf-if-vlan)# exit
    OS10(conf)# interface ethernet 1/1/7
    OS10(conf-if-eth1/1/7)# switchport mode trunk
    OS10(conf-if-eth1/1/7)# switchport trunk allowed vlan 200
  15. Configure advertisement of the connected networks through EVPN Type-5 routes.
    OS10(config)# evpn
    OS10(config-evpn)# vrf tenant1
    OS10(config-evpn-vrf-tenant1)# advertise ipv4 connected
    OS10(config-evpn-vrf-tenant1)# exit

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\