Deployment Guide
Table Of Contents
- VXLAN and BGP EVPN Configuration Guide for Dell EMC SmartFabric OS10 Release 10.5.2
- VXLAN
- VXLAN concepts
- VXLAN as NVO solution
- Configure VXLAN
- L3 VXLAN route scaling
- DHCP relay on VTEPs
- View VXLAN configuration
- VXLAN MAC addresses
- Example: VXLAN with static VTEP
- Controller-provisioned VXLAN
- BGP EVPN for VXLAN
- BGP EVPN compared to static VXLAN
- VXLAN BGP EVPN operation
- Configure BGP EVPN for VXLAN
- BGP EVPN with VLT
- VXLAN BGP EVPN routing
- Example: VXLAN with BGP EVPN
- Example: VXLAN BGP EVPN — Multiple AS topology
- Example: VXLAN BGP EVPN — Centralized L3 gateway
- Example: VXLAN BGP EVPN — Border leaf gateway with asymmetric IRB
- Example: VXLAN BGP EVPN—Symmetric IRB
- Example - VXLAN BGP EVPN symmetric IRB with unnumbered BGP peering
- Example - Route leaking across VRFs in a VXLAN BGP EVPN symmetric IRB topology
- Example: Migrating from Asymmetric IRB to Symmetric IRB
- VXLAN MAC commands
- clear mac address-table dynamic nve remote-vtep
- clear mac address-table dynamic virtual-network
- show mac address-table count extended
- show mac address-table count nve
- show mac address-table count virtual-network
- show mac address-table extended
- show mac address-table nve
- show mac address-table virtual-network
- VXLAN BGP commands
- VXLAN commands
- hardware overlay-routing-profile
- interface virtual-network
- ip virtual-router address
- ip virtual-router mac-address
- member-interface
- nve
- remote-vtep
- show hardware overlay-routing-profile mode
- show interface virtual-network
- show nve remote-vtep
- show nve remote-vtep counters
- show nve vxlan-vni
- show virtual-network
- show virtual-network counters
- show virtual-network interface counters
- show virtual-network interface
- show virtual-network vlan
- show vlan (virtual network)
- source-interface loopback
- virtual-network
- virtual-network untagged-vlan
- vxlan-vni
- VXLAN EVPN commands
- Support resources
- Index
VXLAN BGP EVPN routing
This section describes how EVPN implements overlay routing between L2 segments associated with EVIs belonging to the
same tenant on a VTEP. IETF draft draft-ietf-bess-evpn-inter-subnet-forwarding-05 describes EVPN inter-subnet forwarding,
Integrated Routing and Bridging (IRB), and how to use EVPN with IP routing between L2 tenant domains.
You set up overlay routing by assigning a VRF to each tenant, creating a virtual-network interface, and assigning an IP subnet
in the VRF to each virtual-network interface. The VTEP acts as the L3 gateway that routes traffic from one tenant subnet
to another in the overlay before encapsulating it in the VXLAN header and transporting it over the underlay fabric. On virtual
networks that associate with EVIs, EVPN IRB is enabled only after you create a virtual-network interface.
When you enable IRB for a virtual network/EVI, EVPN operation on each VTEP also advertises the local tenant IP-MAC bindings
learned on the EVPN-enabled virtual networks to all other VTEPs. The local tenant IP-MAC bindings are learned from ARP or
ICMPv6 protocol operation. They advertise as EVPN Type-2 BGP route updates to other VTEPs, each of whom then imports
and installs them as ARP/IPv6 neighbor entries in the dataplane.
To enable efficient traffic forwarding on a VTEP, OS10 supports distributed gateway routing. A distributed gateway allows
multiple VTEPs to act as the gateway router for a tenant subnet. The VTEP that is located nearest to a host acts as its gateway
router.
To enable L3 gateway/IRB functionality for BGP EVPN, configure a VXLAN overlay network and enable routing on a switch:
1. Create a non-default VRF instance for overlay routing. For multi-tenancy, create a VRF instance for each tenant.
2. Configure globally the anycast gateway MAC address used by all VTEPs.
3. Configure a virtual-network interface for each virtual network, (optional) assign it to the tenant VRF, and configure an IP
address. Then enable the interface.
4. Configure an anycast gateway IP address for each virtual network. OS10 supports distributed gateway routing.
EVPN supports different types of IRB routing for tenants, VMs, and servers, that connect to each VTEP:
● Centralized routing: For each tenant subnet, one VTEP is designated as the L3 gateway to perform IRB inter-subnet routing.
All other VTEPs perform L2 bridging.
● Distributed routing: For each tenant subnet, all VTEPs perform L3 gateway routing for the tenant VMs and servers
connected to a VTEP. In a large multi-tenant network, distributed routing allows for more efficient bandwidth use and
traffic forwarding. IRB routing is performed either:
○ Only on an ingress VTEP.
○ On both ingress and egress VTEPs.
Asymmetric IRB routing
In asymmetric IRB routing, IRB routing is performed only on ingress VTEPs. Egress VTEPs perform L2 bridging in the tenant
subnet.
An ingress VTEP directly routes packets to a destination host MAC address in the destination virtual-network VNI. An egress
VTEP only bridges packets to a host by removing the VXLAN header and forwarding a packet to the local Layer 2 domain using
the VNI-to-VLAN mapping.
The ingress VTEP is configured with all destination virtual networks, and has the ARP entries and MAC addresses for all
destination hosts in its hardware tables. Each VTEP learns the host MAC and MAC-to-IP bindings using ARP snooping for local
addresses and type-2 route advertisements from remote VTEPs.
For VXLAN BGP EVPN examples that use asymmetric IRB, see Example: VXLAN with BGP EVPN and Example: VXLAN BGP
EVPN — Multiple AS topology.
Symmetric IRB routing
In symmetric IRB routing, both ingress and egress VTEPs perform IRB routing and bridging for a tenant subnet. The ingress
VTEP routes packets to an egress VTEP MAC address in an intermediate virtual-network VNI. The egress VTEP then routes the
packet again to the destination host in the destination virtual-network VNI.
Using the L3 VNI associated with each tenant VRF, an ingress VTEP routes all traffic for the prefix to an egress VTEP on the
L3 VNI. The egress VTEP routes from the L3 VNI to the destination virtual network or bridge domain. The L3 VNI does not have
to be associated with an IP address; routing is set up in the data plane using the egress VTEP's MAC address. This behavior is
known as IP-VRF to IP-VRF interface-less routing.
The ingress VTEP does not have to be configured with every destination virtual network; it must have the ARP and MAC
addresses only to the egress VTEP, not to each host connected to the VTEP. For this reason, symmetric IRB routing allows the
58
VXLAN