Configuring BGP EVPN on Nexus 9000 for VXLAN

Configuring BGP EVPN on Nexus 9000 for VXLAN

by

Welcome back to Part 6 of our series on VXLAN! In this article, we will explore how to configure VxLAN with BGP EVPN on Nexus 9000 switches. If you haven’t watched Part 5 yet, I highly recommend doing so before proceeding as it covers some important details that we won’t delve into here.

To keep things simple, we will use a basic topology with two switches connected by a routed link. This link serves as the underlay network. We will have two tenants, each with two hosts, one on each switch. There will be some IP addressing overlap on the hosts to demonstrate that it won’t cause any issues.

Configuring BGP EVPN on Nexus 9000 for VXLAN
Configuring BGP EVPN on Nexus 9000 for VXLAN

Getting the Underlay Network Ready

Before we dive into the overlay configuration, let’s first focus on setting up the underlay network. This involves configuring the routed link, MTU size, and OSPF.

  1. Enable the OSPF feature and increase the maximum MTU.

OSPF Configuration

  1. Get the routed link up and advertise it into OSPF.

Routed Link

  1. Configure the loopback interface as the source for BGP communication.

Loopback Interface

Repeat the above steps on the second switch to ensure a consistent configuration.

With the underlay network set up, we can now move on to configuring the overlay.

Configuring the Overlay

Now things are about to get interesting as we enable the necessary features for the overlay, configure the anycast gateway virtual MAC address, and perform the base configuration of BGP.

  1. Enable the overlay features such as BGP peering and the EVPN address family.
Further reading:  How Spanning-Tree Works: A Guide to Preventing Network Loops

Overlay Features

  1. Create a virtual anycast gateway interface using the interface-vlan feature.

Anycast Gateway

  1. Assign a virtual MAC address to the anycast gateway using the fabric forwarding anycast-gateway-mac command.

Anycast Gateway MAC

  1. Configure the VTEP and establish BGP peering with the other switch.

VTEP and BGP Peering

Repeat the above steps on the second switch to ensure a synchronized configuration.

Setting up Tenants

Configuring the first tenant involves several steps, including creating a layer-3 VNI, a VRF, configuring route distinguishers and route targets, setting up the VTEP, enabling ARP suppression, head-end replication, anycast gateway, and BGP EVPN.

  1. Create a layer-3 VNI and associate it with a VLAN.

Layer-3 VNI

  1. Add the layer-3 VNI to the tenant’s VRF and set the route distinguisher.

VRF Configuration

  1. Configure the route targets for importing and exporting routes and EVPN addresses.

Route Targets

  1. Create an SVI for the VLAN associated with the layer-3 VNI and enable IP forwarding.

SVI Configuration

  1. Configure the VTEP, enable ARP suppression, and specify head-end replication.

VTEP Configuration

  1. Configure BGP EVPN advertisement within the tenant’s VRF.

BGP EVPN Configuration

Repeat the above steps for adding the second VLAN and VNI to the first tenant’s configuration.

Setting up the second tenant involves similar steps, and you can follow the same procedure, skipping the host port configuration.

Verifying the Configuration

To ensure that everything is working as expected, you can use the following commands to troubleshoot and verify the configuration:

  • show bgp l2vpn evpn summary – displays BGP neighbors and their state.
  • show nve peers – shows the VTEPs.
  • show nve vni – lists the VNI associated with the VTEP.
  • show ip arp suppression-cache detail – reveals IP to MAC bindings returned by switches.
  • show vxlan – displays VLAN to VNI mappings.
  • show l2route evpn mac all – shows learned MAC addresses and their next-hop.
  • show bgp l2vpn evpn – provides detailed information about the BGP database.
Further reading:  TCP vs UDP: Unpacking the Facts and Dispelling the Myths

By using these commands, you can troubleshoot and verify the functionality of your VXLAN configuration.

FAQs

Q: Can I use multicast instead of head-end replication for BUM traffic?

A: Yes, multicast is also a valid option for handling BUM (Broadcast, Unknown unicast, Multicast) traffic in VXLAN. In this particular setup, we chose to use head-end replication, but multicast would work equally well.

Q: How do I advertise external routes as EVPN routes within a VRF?

A: To advertise external routes within a VRF as EVPN routes, you can use the advertise l2vpn evpn command under the VRF’s IPv4 or IPv6 address family configuration.

Q: How do I troubleshoot connectivity issues between tenants?

A: If you are experiencing connectivity issues between tenants, you can verify the separation of traffic by attempting to ping an IP address owned by one tenant from the other tenant. If the ping fails, it indicates a successful separation of traffic.

Conclusion

Congratulations! You have successfully configured BGP EVPN on Nexus 9000 switches for VXLAN. This advanced configuration allows you to create virtualized networks with isolated tenants and efficient routing capabilities. If you have any questions or feedback, please let us know in the comments below. Don’t forget to share and subscribe if you found this series helpful.

Techal

YouTube video
Configuring BGP EVPN on Nexus 9000 for VXLAN