Please Subscribe to my YouTube channel for regular updates.
Hi Friends,
After putting alot of efforts and trying different devices I was finally able to configure EVPN on GNS3 and so far it is working like a CHARM!! Follow the blog for complete story.
EVPN is a service which provides control plane for the protocols like VPLS, Vxlan with the help of BGP address family. In this example I have used MPLS based data plane, in my further blogs I will cover VxLAN part as well.
So the whole mess started when I thought I will start an EVPN lab on XR devices because in SP domain most of the time you will find the EVPN implementation over XR devices so that was a wise choice to start with. But XR on GNS3 turned out to be a big failure because of two below reasons.
- First I had IOSXRv routers and with that router I was able to put all the BGP EVPN configurations just fine. The issue started when I configured l2transport. I wanted to extend layer 2 domain between two CEs. But it turned out that the L2VPN (bridging) is not supported on IOSXRv router because this is a control plane only router and for bridging to work we need data plane support on virtual router. So the next option was to try XRv9000 router.
- I installed XRv9k router, it took so much time to come up and then I migrated my PEs to XRv9000 router. To my utter disappointment, in this router I was not even able to configure l2vpn on this router. The configuration did not commit with error that “VPLS is not supported on this platform.” Something like below, I checked more and got to know that l2vpn is not supported on any of the XR based virtual routers.
l2vpn bridge group My_evpn bridge-domain My_evpn interface GigabitEthernet0/0/0/1 !!% Invalid argument: VPLS Bridge domains not supported on this platform
So, here I had no option but to move away from the XR router as PE device. Now, I had two options either to try Nexus or CSR1000v. I don’t have Nexus installed yet so I tried CSR1000v and finally was able to configure the EVPN. Please find the topology and configurations below.
In this topology, I am trying to extend l2 between CE1-IOS and CE2-IOS routers which are separated by IP/MPLS backbone.
NOTE : This network is already configured for IP/MPLS, I have ospf running ad IGP and MPLS is enabled on all ospf enabled interfaces. I will not put the IP/MPLS configuration here, I assume you know how to do it. In case you need any help in configuring IP/MPLS network you may check this blog : MPLS Basic configuration and MPLS QOS
Configuration
PE1-XE
!
interface GigabitEthernet2
service instance 10 ethernet
encapsulation untagged
!
!
l2vpn evpn
replication-type ingress
mpls label mode per-ce
router-id Loopback1
!
l2vpn evpn instance 10 vlan-based
rd 100:1
route-target import 100:2
route-target export 100:1
!
bridge-domain 10
member GigabitEthernet2 service-instance 10
member evpn-instance 10
!
!
router bgp 100
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 100
neighbor 5.5.5.5 update-source Loopback1
!
address-family ipv4
neighbor 5.5.5.5 activate
exit-address-family
!
address-family l2vpn evpn
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community both
neighbor 5.5.5.5 soft-reconfiguration inbound
exit-address-family
!
Below is the configuration from PE3-XE router.
PE3-XE
!
!
interface GigabitEthernet2
service instance 10 ethernet
encapsulation untagged
!
!
l2vpn evpn
replication-type ingress
mpls label mode per-ce
router-id Loopback1
!
l2vpn evpn instance 10 vlan-based
rd 100:2
route-target import 100:1
route-target export 100:2
!
bridge-domain 10
member GigabitEthernet2 service-instance 10
member evpn-instance 10
!
!
router bgp 100
bgp router-id 3.3.3.3
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 100
neighbor 5.5.5.5 update-source Loopback1
!
address-family ipv4
neighbor 5.5.5.5 activate
exit-address-family
!
address-family l2vpn evpn
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community both
neighbor 5.5.5.5 soft-reconfiguration inbound
exit-address-family
!
Now, I have the route reflector setup as well which is not a necessity in this case. But I have put it there in case I need to expand the network. Below is the route reflector configuration from the P1-XR router.
! router bgp 100 address-family ipv4 unicast ! address-family l2vpn evpn ! neighbor 1.1.1.1 remote-as 100 update-source Loopback1 address-family l2vpn evpn route-reflector-client ! ! neighbor 3.3.3.3 remote-as 100 update-source Loopback1 address-family l2vpn evpn route-reflector-client ! ! !
Verification
For verification, three are two steps.
- Verify L2VPN evpn neighborship between PE1 and PE3 router.
- Check if the routes(mac addresses) are exchanged between the evpn peers.
- Check if ping is working between CE1-IOS and CE2-IOS.
PE1-XE#sh bgp l2vpn evpn summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 7, main routing table version 7
4 network entries using 1536 bytes of memory
4 path entries using 896 bytes of memory
4/4 BGP path/bestpath attribute entries using 1152 bytes of memory
1 BGP rrinfo entries using 40 bytes of memory
2 BGP extended community entries using 80 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3704 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs
4 networks peaked at 03:51:09 Oct 11 2021 UTC (00:57:30.825 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
5.5.5.5 4 100 78 84 7 0 0 01:13:05 2
PE1-XE#sh bridge-domain 10
Bridge-domain 10 (3 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
Maximum address limit: 65536
BDI10 (administratively down)
GigabitEthernet2 service instance 10
EVPN Instance 10
AED MAC address Policy Tag Age Pseudoport
- 001E.F6C6.26BF to_bdi static 0 BDI10
- 0CD1.B8A8.F100 forward dynamic_c 297 GigabitEthernet2.EFP10
- 0CD1.B821.5700 forward static_r 0 OCE_PTR:0xe8a3f460
PE1-XE#sh l2vpn evpn mac
MAC Address EVI BD ESI Ether Tag Next Hop(s)
-------------- ----- ----- ------------------------ ---------- ---------------
0cd1.b821.5700 10 10 0000.0000.0000.0000.0000 0 3.3.3.3
0cd1.b8a8.f100 10 10 0000.0000.0000.0000.0000 0 Gi2:10
PE1-XE#sh l2fib bridge-domain 10 detail
Bridge Domain : 10
Reference Count : 16
Replication ports count : 3
Unicast Address table size : 3
IP Multicast Prefix table size : 4
Flood List Information :
Olist: 1034, Ports: 3
Port Information :
BD_PORT Gi2:10
BD_PORT BD10
MPLS_IR PL:1(1) T:MPLS_IR [IR]21@3.3.3.3
Unicast Address table information :
0cd1.b821.5700 MPLS_UC PL:2(1) T:MPLS_UC [MAC]22@3.3.3.3
0cd1.b8a8.f100 BD_PORT Gi2:10
ffff.ffff.fffe Olist: 10251, Ports: 2
IP Multicast Prefix table information :
Source: *, Group: 224.0.0.0/4, IIF: Null, Adjacency: Olist: 10252, Ports: 0
Source: *, Group: 224.0.0.0/24, IIF: Null, Adjacency: Olist: 1034, Ports: 3
Source: *, Group: 224.0.1.39, IIF: Null, Adjacency: Olist: 1034, Ports: 3
Source: *, Group: 224.0.1.40, IIF: Null, Adjacency: Olist: 1034, Ports: 3
Now finally the ping!!!
CE1-IOS#sh ip int bri
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 20.20.20.1 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0/3 unassigned YES NVRAM administratively down downCE2-IOS#sh ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 20.20.20.2 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0/3 unassigned YES NVRAM administratively down down
CE2-IOS#CE1-IOS#ping 20.20.20.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
CE1-IOS#Conclusion
This was just the ice breaker blog on EVPN, I will take a step back in my next blogs and show you under the hood working of EVPN. The blog will cover 4 parts.
- Single home EVPN (this blog)
- Multihome EVPN
- Single home with VxLAN
- Multihome with VxLAN
So stay tuned for more content!!
Also Please subscribe to my Youtube Channel