GNS3 LAB Cisco : BGP-EVPN Single Home Configuration

Hi Friends,

After putting alot of efforts and trying different devices I was finally able to configure EVPN on GNS3 and so far it is working like a CHARM!! Follow the blog for complete story.

EVPN is a service which provides control plane for the protocols like VPLS, Vxlan with the help of BGP address family. In this example I have used MPLS based data plane, in my further blogs I will cover VxLAN part as well.

So the whole mess started when I thought I will start an EVPN lab on XR devices because in SP domain most of the time you will find the EVPN implementation over XR devices so that was a wise choice to start with. But XR on GNS3 turned out to be a big failure because of two below reasons.

  • First I had IOSXRv routers and with that router I was able to put all the BGP EVPN configurations just fine. The issue started when I configured l2transport. I wanted to extend layer 2 domain between two CEs. But it turned out that the L2VPN (bridging) is not supported on IOSXRv router because this is a control plane only router and for bridging to work we need data plane support on virtual router. So the next option was to try XRv9000 router.
  • I installed XRv9k router, it took so much time to come up and then I migrated my PEs to XRv9000 router. To my utter disappointment, in this router I was not even able to configure l2vpn on this router. The configuration did not commit with error that “VPLS is not supported on this platform.” Something like below, I checked more and got to know that l2vpn is not supported on any of the XR based virtual routers.
l2vpn
bridge group My_evpn
bridge-domain My_evpn
interface GigabitEthernet0/0/0/1
!!% Invalid argument: VPLS Bridge domains not supported on this platform

So, here I had no option but to move away from the XR router as PE device. Now, I had two options either to try Nexus or CSR1000v. I don’t have Nexus installed yet so I tried CSR1000v and finally was able to configure the EVPN. Please find the topology and configurations below.

In this topology, I am trying to extend l2 between CE1-IOS and CE2-IOS routers which are separated by IP/MPLS backbone.

NOTE : This network is already configured for IP/MPLS, I have ospf running ad IGP and MPLS is enabled on all ospf enabled interfaces. I will not put the IP/MPLS configuration here, I assume you know how to do it. In case you need any help in configuring IP/MPLS network you may check this blog : MPLS Basic configuration and MPLS QOS

Configuration

PE1-XE
!
interface GigabitEthernet2
 service instance 10 ethernet
  encapsulation untagged
 !
!
l2vpn evpn
 replication-type ingress
 mpls label mode per-ce
 router-id Loopback1
!
l2vpn evpn instance 10 vlan-based
 rd 100:1
 route-target import 100:2
 route-target export 100:1
!
bridge-domain 10
 member GigabitEthernet2 service-instance 10
 member evpn-instance 10
!
!
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 100
 neighbor 5.5.5.5 update-source Loopback1
 !
 address-family ipv4
  neighbor 5.5.5.5 activate
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community both
  neighbor 5.5.5.5 soft-reconfiguration inbound
 exit-address-family
!

Below is the configuration from PE3-XE router.

PE3-XE
!
!
interface GigabitEthernet2
 service instance 10 ethernet
  encapsulation untagged
 !
!
l2vpn evpn
 replication-type ingress
 mpls label mode per-ce
 router-id Loopback1
!
l2vpn evpn instance 10 vlan-based
 rd 100:2
 route-target import 100:1
 route-target export 100:2
!
bridge-domain 10
 member GigabitEthernet2 service-instance 10
 member evpn-instance 10
!
!
router bgp 100
 bgp router-id 3.3.3.3
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 100
 neighbor 5.5.5.5 update-source Loopback1
 !
 address-family ipv4
  neighbor 5.5.5.5 activate
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community both
  neighbor 5.5.5.5 soft-reconfiguration inbound
 exit-address-family
!

Now, I have the route reflector setup as well which is not a necessity in this case. But I have put it there in case I need to expand the network. Below is the route reflector configuration from the P1-XR router.

!
router bgp 100
 address-family ipv4 unicast
 !
 address-family l2vpn evpn
 !
 neighbor 1.1.1.1
  remote-as 100
  update-source Loopback1
  address-family l2vpn evpn
   route-reflector-client
  !
 !
 neighbor 3.3.3.3
  remote-as 100
  update-source Loopback1
  address-family l2vpn evpn
   route-reflector-client
  !
 !
!

Verification

For verification, three are two steps.

  • Verify L2VPN evpn neighborship between PE1 and PE3 router.
  • Check if the routes(mac addresses) are exchanged between the evpn peers.
  • Check if ping is working between CE1-IOS and CE2-IOS.

PE1-XE#sh bgp l2vpn evpn summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 7, main routing table version 7
4 network entries using 1536 bytes of memory
4 path entries using 896 bytes of memory
4/4 BGP path/bestpath attribute entries using 1152 bytes of memory
1 BGP rrinfo entries using 40 bytes of memory
2 BGP extended community entries using 80 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3704 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs
4 networks peaked at 03:51:09 Oct 11 2021 UTC (00:57:30.825 ago)

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
5.5.5.5         4          100      78      84        7    0    0 01:13:05        2


PE1-XE#sh bridge-domain 10
Bridge-domain 10 (3 ports in all)
State: UP                    Mac learning: Enabled
Aging-Timer: 300 second(s)
Maximum address limit: 65536
    BDI10  (administratively down)
    GigabitEthernet2 service instance 10
    EVPN Instance 10
   AED MAC address    Policy  Tag       Age  Pseudoport
   -   001E.F6C6.26BF to_bdi  static    0    BDI10
   -   0CD1.B8A8.F100 forward dynamic_c 297  GigabitEthernet2.EFP10
   -   0CD1.B821.5700 forward static_r  0    OCE_PTR:0xe8a3f460

PE1-XE#sh l2vpn evpn mac
MAC Address    EVI   BD    ESI                      Ether Tag  Next Hop(s)
-------------- ----- ----- ------------------------ ---------- ---------------
0cd1.b821.5700 10    10    0000.0000.0000.0000.0000 0          3.3.3.3
0cd1.b8a8.f100 10    10    0000.0000.0000.0000.0000 0          Gi2:10


PE1-XE#sh l2fib bridge-domain 10 detail
Bridge Domain : 10
  Reference Count : 16
  Replication ports count : 3
  Unicast Address table size : 3
  IP Multicast Prefix table size : 4

  Flood List Information :
    Olist: 1034, Ports: 3

  Port Information :
    BD_PORT   Gi2:10
    BD_PORT   BD10
    MPLS_IR   PL:1(1) T:MPLS_IR [IR]21@3.3.3.3

  Unicast Address table information :
    0cd1.b821.5700  MPLS_UC   PL:2(1) T:MPLS_UC [MAC]22@3.3.3.3
    0cd1.b8a8.f100  BD_PORT   Gi2:10
    ffff.ffff.fffe  Olist: 10251, Ports: 2

  IP Multicast Prefix table information :
    Source: *, Group: 224.0.0.0/4, IIF: Null, Adjacency: Olist: 10252, Ports: 0
    Source: *, Group: 224.0.0.0/24, IIF: Null, Adjacency: Olist: 1034, Ports: 3
    Source: *, Group: 224.0.1.39, IIF: Null, Adjacency: Olist: 1034, Ports: 3
    Source: *, Group: 224.0.1.40, IIF: Null, Adjacency: Olist: 1034, Ports: 3

Now finally the ping!!!

CE1-IOS#sh ip int bri
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 20.20.20.1 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0/3 unassigned YES NVRAM administratively down down
CE2-IOS#sh ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 20.20.20.2 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0/3 unassigned YES NVRAM administratively down down
CE2-IOS#
CE1-IOS#ping 20.20.20.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
CE1-IOS#

Conclusion

This was just the ice breaker blog on EVPN, I will take a step back in my next blogs and show you under the hood working of EVPN. The blog will cover 4 parts.

  • Single home EVPN (this blog)
  • Multihome EVPN
  • Single home with VxLAN
  • Multihome with VxLAN

So stay tuned for more content!!

Also Please subscribe to my Youtube Channel

Leave a Reply