The third part of the “VXLAN EVPN DCI” project regards overlay configurations in terms of:
- BGP
- NVE interface
Recalling the underlay L3 diagram, we used OSPF protocol to achieve border gateway L3 adjacency and advertise into the routing domain some Loopback interfaces, Lo0 and Lo1:
Now, we can take advantage of the previous configuration to configure BGP on each border gateway and establish full-mesh iBGP sessions sourced by Lo0. Also we will use a particulare BGP afi/safi called “l2vpn evpn” in order to activate our vxlan control-plane and exchange vxlan informations between the border gateways via BGP.
I also try to simplify the configuration using BGP template, one template for sessions parameters (peer-session template) and one for address-family policy parameters (peer-policy template):
e.g. SiteABGW1
feature bgp
feature nv overlay
router bgp 65535
router-id 172.16.1.1
address-family l2vpn evpn
maximum-paths 4
template peer-policy VTEP-POLICY
send-community
send-community extended
soft-reconfiguration inbound always
template peer-session VTEP-SESSION
remote-as 65535
password 3 5f4c33e784c59342
update-source loopback0
neighbor 172.16.0.2
inherit peer-session VTEP-SESSION
address-family l2vpn evpn
inherit peer-policy VTEP-POLICY 1
neighbor 172.16.0.3
inherit peer-session VTEP-SESSION
address-family l2vpn evpn
inherit peer-policy VTEP-POLICY 1
neighbor 172.16.0.4
inherit peer-session VTEP-SESSION
address-family l2vpn evpn
inherit peer-policy VTEP-POLICY 1
As you can see from the output below, the border gateways established BGP sessions to all the others bgw in “l2vpn evpn” address-family:
e.g. SiteABGW1
SiteABGW1# show bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 172.16.1.1, local AS number 65535
BGP table version is 17, L2VPN EVPN config peers 5, capable peers 3
8 network entries and 10 paths using 1712 bytes of memory
BGP attribute entries [4/688], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.0.2 4 65535 18 16 17 0 0 00:10:34 0
172.16.0.3 4 65535 17 15 17 0 0 00:09:56 0
172.16.0.4 4 65535 19 17 17 0 0 00:10:25 0
Now it’s time to configure VTEP interface and associate vlan to vn-segment. The first thing to do is create a vlan and associate it to a L2VNI or vxlan vn-segment:
e.g. SiteABGW1
feature vn-segment-vlan-based
vlan 10
vn-segment 10010
Then i will configure the NVE interface (VTEP interface) based on the consideration made in the first post (DC - VXLAN EVPN DCI - Design consideration):
e.g. SiteABGW1
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback1
global ingress-replication protocol bgp
member vni 10010
As you can see from the configuration snippet above:
- i will use BGP as a host-reachability protocol
- the NVE interface is binded to Lo1 (advertised into OSPF process)
- BUM traffic replication mode is ingress-replication
- i define the L2VNI to trasport (VXLAN encap/decap)
After this configuration you can see if the NVE interface is properly operating:
e.g. SiteABGW1
SiteABGW1# show nve interface
Interface: nve1, State: Up, encapsulation: VXLAN
VPC Capability: VPC-VIP-Only [notified]
Local Router MAC: 5009.0000.1b08
Host Learning Mode: Control-Plane
Source-Interface: loopback1 (primary: 172.16.1.1, secondary: 172.16.1.100)
SiteABGW1# show nve peers
Interface Peer-IP State LearnType Uptime Route
r-Mac
--------- -------------------------------------- ----- --------- -------- -------------
nve1 172.16.1.200 Up CP 00:56:41 n/a
SiteABGW1# show nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP
SU - Suppress Unknown Unicast
Xconn - Crossconnect
MS-IR - Multisite Ingress Replication
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1 10010 UnicastBGP Up CP L2 [10]
In the next, and last chapter of this journey, i will focus on host-reachability and fault scenario.