I wrote few blogs on BGP EVPN and also on VxLAN earlier. My previous blogs were focused on IOS-XE and IOS-XR devices, recently I have started my Data Center journey and hence I wanted to do some labs on Nexus devices as well and what better place than GNS3 for this ? I got to know that the Nexus9000v Switch is available for GNS3, setup was very quick and it has been working like a charm since day one. I have done few labs so far on Nexus9000v and one of them you can find here : GNS3 Cisco LAB : Nexus 9000v NxOS VxLAN Lab and concept. Please go through the blog to refresh your VxLAN understanding to build the foundation for this blog.
Let me quickly start with the configuration example. If you are looking for some basics explained about EVPN please check below blogs.
EVPN Single home : GNS3 LAB Cisco : BGP-EVPN Single Home Configuration
EVPN Multihome : GNS3 Lab Cisco : EVPN Multihome Concept and Configurations
Network Diag.
Configurations:
Leaf-1: nv overlay evpn feature ospf feature bgp feature vn-segment-vlan-based feature nv overlay ! ip igmp snooping vxlan vlan 1,10 vlan 10 vn-segment 1000 ! interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 member vni 1000 suppress-arp mcast-group 239.0.0.1 ! interface Ethernet1/1 ip address 10.10.10.1/30 ip router ospf 1 area 0.0.0.0 no shutdown ! interface Ethernet1/2 ip address 10.10.10.5/30 ip router ospf 1 area 0.0.0.0 no shutdown ! interface Ethernet1/3 switchport switchport access vlan 10 no shutdown ! interface loopback1 ip address 1.1.1.1/32 ip router ospf 1 area 0.0.0.0 ! router ospf 1 router-id 1.1.1.1 ! router bgp 65000 template peer iBGP-EVPN remote-as 65000 update-source loopback1 address-family l2vpn evpn send-community extended neighbor 2.2.2.2 inherit peer iBGP-EVPN neighbor 3.3.3.3 inherit peer iBGP-EVPN ! evpn vni 1000 l2 rd auto route-target import auto route-target export auto ! Leaf-2: nv overlay evpn feature ospf feature bgp feature vn-segment-vlan-based feature nv overlay ! ip igmp snooping vxlan vlan 1,10 vlan 10 vn-segment 1000 ! interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 member vni 1000 suppress-arp mcast-group 239.0.0.1 ! interface Ethernet1/1 ip address 10.10.10.10/30 ip router ospf 1 area 0.0.0.0 no shutdown ! interface Ethernet1/2 ip address 10.10.10.14/30 ip router ospf 1 area 0.0.0.0 no shutdown ! interface Ethernet1/3 switchport switchport access vlan 10 no shutdown ! interface loopback1 ip address 4.4.4.4/32 ip router ospf 1 area 0.0.0.0 ! router ospf 1 router-id 4.4.4.4 ! router bgp 65000 template peer iBGP-EVPN remote-as 65000 update-source loopback1 address-family l2vpn evpn send-community extended neighbor 2.2.2.2 inherit peer iBGP-EVPN neighbor 3.3.3.3 inherit peer iBGP-EVPN ! evpn vni 1000 l2 rd auto route-target import auto route-target export auto !
Spine-1 nv overlay evpn feature ospf feature bgp feature vn-segment-vlan-based feature nv overlay ! interface Ethernet1/1 ip address 10.10.10.2/30 ip router ospf 1 area 0.0.0.0 no shutdown interface Ethernet1/2 ip address 10.10.10.9/30 ip router ospf 1 area 0.0.0.0 no shutdown ! interface loopback1 ip address 2.2.2.2/32 ip router ospf 1 area 0.0.0.0 ! router ospf 1 router-id 2.2.2.2 ! router bgp 65000 template peer iBGP-EVPN remote-as 65000 update-source loopback1 address-family l2vpn evpn send-community extended route-reflector-client neighbor 1.1.1.1 inherit peer iBGP-EVPN neighbor 4.4.4.4 inherit peer iBGP-EVPN ! Spine-2 ! nv overlay evpn feature ospf feature bgp feature vn-segment-vlan-based feature nv overlay ! interface Ethernet1/1 ip address 10.10.10.6/30 ip router ospf 1 area 0.0.0.0 no shutdown ! interface Ethernet1/2 ip address 10.10.10.13/30 ip router ospf 1 area 0.0.0.0 no shutdown ! interface loopback1 ip address 3.3.3.3/32 ip router ospf 1 area 0.0.0.0 ! router ospf 1 router-id 3.3.3.3 ! router bgp 65000 template peer iBGP-EVPN remote-as 65000 update-source loopback1 address-family l2vpn evpn send-community extended route-reflector-client neighbor 1.1.1.1 inherit peer iBGP-EVPN neighbor 4.4.4.4 inherit peer iBGP-EVPN !
Verification:
In below outputs you should notice the EVPN session between the Leaf and the Spines. There is no direct session between the Leafs. All routers(in this case mac address) are reflected from the BGP route reflector.
Leaf-1# sh bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 1.1.1.1, local AS number 65000
BGP table version is 10, L2VPN EVPN config peers 2, capable peers 2
6 network entries and 8 paths using 2280 bytes of memory
BGP attribute entries [5/1600], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [2/8]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 65000 25 23 10 0 0 00:17:48 2
3.3.3.3 4 65000 25 23 10 0 0 00:17:45 2
Leaf-1# sh bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 10, Local Router ID is 1.1.1.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - b
est2
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:32777 (L2VNI 1000)
*>l[2]:[0]:[0]:[48]:[0050.7966.6800]:[0]:[0.0.0.0]/216
1.1.1.1 100 32768 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6801]:[0]:[0.0.0.0]/216
4.4.4.4 100 0 i
*>l[2]:[0]:[0]:[48]:[0050.7966.6800]:[32]:[192.168.10.1]/248
1.1.1.1 100 32768 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6801]:[32]:[192.168.10.2]/248
4.4.4.4 100 0 i
Route Distinguisher: 4.4.4.4:32777
* i[2]:[0]:[0]:[48]:[0050.7966.6801]:[0]:[0.0.0.0]/216
4.4.4.4 100 0 i
*>i 4.4.4.4 100 0 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6801]:[32]:[192.168.10.2]/248
4.4.4.4 100 0 i
* i 4.4.4.4 100 0 i
For ping I have two VPC hosts connected directly to both the Leaf switches in vlan10 ethernet1/3. There is no other way for these hosts to reach to each other.
End-to-End Ping Verification :
PC1> sh ip
NAME : PC1[1]
IP/MASK : 192.168.10.1/24
GATEWAY : 255.255.255.0
DNS :
MAC : 00:50:79:66:68:00
LPORT : 10072
RHOST:PORT : 127.0.0.1:10073
MTU : 1500
PC2> show ip
NAME : PC2[1]
IP/MASK : 192.168.10.2/24
GATEWAY : 255.255.255.0
DNS :
MAC : 00:50:79:66:68:01
LPORT : 10074
RHOST:PORT : 127.0.0.1:10075
MTU : 1500
PC1> ping 192.168.10.2
84 bytes from 192.168.10.2 icmp_seq=1 ttl=64 time=3.010 ms
84 bytes from 192.168.10.2 icmp_seq=2 ttl=64 time=3.436 ms
84 bytes from 192.168.10.2 icmp_seq=3 ttl=64 time=3.373 ms
84 bytes from 192.168.10.2 icmp_seq=4 ttl=64 time=3.304 ms
84 bytes from 192.168.10.2 icmp_seq=5 ttl=64 time=3.360 ms
PC1>
Important note for GNS3 users.
suppress arp command under the NVE interface is not taken until you have below additional commands added. This is important as without this you will not be able to make the end to end ping work.
int nve1 member vni 1000 suppress-arp Warning: Please configure TCAM region for Ingress ARP-Ether ACL for ARP supression to work. Command needed to make it work. hardware access-list tcam region racl 512 hardware access-list tcam region arp-ether 256 double-wide