Configuring Seamless Integration of EVPN with L3VPN (MPLS SR)

This chapter contains the following sections:

Information About Configuring Seamless Integration of EVPN with L3VPN (MPLS SR)

Data Center (DC) deployments have adopted VXLAN EVPN for its benefits such as EVPN control-plane learning, multitenancy, seamless mobility, redundancy, and easier POD additions. Similarly, the CORE is either an Label Distribution Protocol (LDP)-based MPLS L3VPN network or transitioning from the traditional MPLS L3VPN LDP-based underlay to a more sophisticated solution like Segment Routing (SR). Segment Routing is adopted for its benefits such as:

  • Unified IGP and MPLS control planes

  • Simpler traffic engineering methods

  • Easier configuration

  • SDN adoption

With two different technologies, one within the data center (DC) and one in the CORE, there is a natural necessity to handoff from VXLAN to an MPLS-based core at the DCI nodes, which sit on the edge of the DC domain, interfacing with the Core edge router.

Figure 1. Topology Overview

In the previous diagram, two DC pods, each running VXLAN, are being Layer 3 extended over a WAN/Core running MPLS/SR. Another method is classical MPLS L3VPN using LDP. The edge devices in the DC domain (border PE1, PE2, PE3, and PE4) are the DCI nodes doing the handoff between VXLAN and the MPLS-based Core network.

Guidelines and Limitations for Configuring Seamless Integration of EVPN with L3VPN (MPLS SR)

Feature

Cisco Nexus 3600

Comments

VXLAN EVPN to SR-L3VPN

Yes

Extend Layer 3 connectivity between different DC pods Underlay IGP/BGP with SR extensions.

VXLAN EVPN to SR-L3VPN

Yes

Extend Layer 3 connectivity between DC POD running VXLAN and any domain(DC or CORE) running SR.
VXLAN EVPN to MPLS L3VPN (LDP)

Yes

Underlay is LDP.

The following features are supported:

  • Layer 3 orphans

  • Layer 3 hand-off

  • Layer 3 physical interfaces type for core-facing ports

  • Per-VRF labels

  • LDP

  • Segment routing


Note

Segment routing and LDP cannot co-exist.

The following features are not supported:

  • vPC for redundancy

  • Subnet stretches across the DC domain

  • SVI/Subinterfaces configured MAC addresses

  • Statistics

  • SVI toward the MPLS core

  • End-to-End Time to Live (TTL) support only in pipe mode for handoff scenario

  • End-to-End Explicit Congestion Notification (ECN) for handoff scenario

Configuring Seamless Integration of EVPN with L3VPN (MPLS SR)

The following procedure imports and reoriginates the routes from the VXLAN domain to the MPLS domain and in the other direction.

Before you begin

SUMMARY STEPS

  1. configure terminal
  2. feature-set mpls
  3. nv overlay evpn
  4. feature bgp
  5. feature mpls l3vpn
  6. feature mpls segment-routing
  7. feature interface-vlan
  8. feature vn-segment-vlan-based
  9. feature nv overlay
  10. router bgp autonomous-system-number
  11. address-family ipv4 unicast
  12. redistribute direct route-map route-map-name
  13. network address
  14. exit
  15. address-family l2vpn evpn
  16. neighbor address remote-as number
  17. update-source type/id
  18. ebgp-multihop number
  19. address-family ipv4 unicast
  20. send-community extended
  21. exit
  22. address-family vpnv4 unicast
  23. send-community extended
  24. import l2vpn evpn reoriginate
  25. neighbor address remote-as number
  26. address-family ipv4 unicast
  27. send-community extended
  28. exit
  29. address-family ipv6 unicast
  30. send-community extended
  31. exit
  32. address-family l2vpn evpn
  33. send-community extended
  34. exit
  35. import vpn unicast reoriginate

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal

Enters global configuration mode.

Step 2

feature-set mpls

Example:

switch(config)# feature-set mpls

Enable MPLS feature set.

Step 3

nv overlay evpn

Example:

switch(config)# nv overlay evpn

Enable VXLAN.

Step 4

feature bgp

Example:

switch(config)# feature bgp

Enable BGP.

Step 5

feature mpls l3vpn

Example:

switch(config)# feature mpls l3vpn

Enable Layer 3 VPN.

Step 6

feature mpls segment-routing

Example:

switch(config)# feature mpls segment-routing

Enable Segment Routing.

Step 7

feature interface-vlan

Example:

switch(config)# feature interface-vlan

Enable interface VLAN.

Step 8

feature vn-segment-vlan-based

Example:

Example:

switch(config)# feature vn-segment-vlan-based

Enable VLAN based VN segment.

Step 9

feature nv overlay

Example:

Example:

switch(config)# feature nv overlay

Enable VXLAN.

Step 10

router bgp autonomous-system-number

Example:

switch(config)# router bgp 1

Configure BGP. The value of autonomous-system-number is from 1 to 4294967295.

Step 11

address-family ipv4 unicast

Example:

switch(config-router)# address-family ipv4 unicast

Configure address family for IPv4.

Step 12

redistribute direct route-map route-map-name

Example:

switch(config-router-af)# redistribute direct route-map passall

Configure redistribution.

Step 13

network address

Example:

switch(config-router-af)# network 0.0.0.0/0

Injects prefixes into handoff BGP along with redistribution.

Step 14

exit

Example:

switch(config-router-af)# exit

Exit command mode.

Step 15

address-family l2vpn evpn

Example:

switch(config-router)# address-family l2vpn evpn

Configure L2VPN address family.

Step 16

neighbor address remote-as number

Example:

switch(config-router)# neighbor 108.108.108.108 remote-as 65535

Define eBGP neighbor IPv4 address and remote Autonomous-System (AS) number.

Step 17

update-source type/id

Example:

switch(config-router-af)# update-source loopback100

Define interface for eBGP peering.

Step 18

ebgp-multihop number

Example:

switch(config-router)# ebgp-multihop 10

Specifies multihop TTL for remote peer. The range of number is from 2 to 255.

Step 19

address-family ipv4 unicast

Example:

switch(config-router)# address-family ipv4 unicast

Configure the address family for IPv4.

Step 20

send-community extended

Example:

switch(config-router-af)# send-community extended

Configures community for BGP neighbors.

Step 21

exit

Example:

switch(config-router-af)# exit

Exit command mode.

Step 22

address-family vpnv4 unicast

Example:

switch(config-router)# address-family vpnv4 unicast

Configure the address family for IPv4.

Step 23

send-community extended

Example:

switch(config-router-af)# send-community extended

Configures community for BGP neighbors.

Step 24

import l2vpn evpn reoriginate

Example:

switch(config-router)# import l2vpn evpn reoriginate

Reoriginates the route with new RT. Can be extended to use an optional route-map.

Step 25

neighbor address remote-as number

Example:

switch(config-router)# neighbor 175.175.175.2 remote-as 65535

Define eBGP neighbor IPv4 address and remote Autonomous-System (AS) number.

Step 26

address-family ipv4 unicast

Example:

switch(config-router)# address-family ipv4 unicast

Configure the address family for IPv4.

Step 27

send-community extended

Example:

switch(config-router-af)# send-community extended

Configures community for BGP neighbors.

Step 28

exit

Example:

switch(config-router-af)# exit

Exit command mode.

Step 29

address-family ipv6 unicast

Example:

switch(config-router)# address-family ipv6 unicast

Configure the IPv6 unicast address family. This is required for IPv6 over VXLAN with an IPv4 underlay.

Step 30

send-community extended

Example:

switch(config-router-af)# send-community extended

Configures community for BGP neighbors.

Step 31

exit

Example:

switch(config-router-af)# exit

Exit command mode.

Step 32

address-family l2vpn evpn

Example:

switch(config-router)# address-family l2vpn evpn

Configure L2VPN address family.

Step 33

send-community extended

Example:

switch(config-router-af)# send-community extended

Configures community for BGP neighbors.

Step 34

exit

Example:

switch(config-router-af)# exit

Exit command mode.

Step 35

import vpn unicast reoriginate

Example:

switch(config-router)# import vpn unicast reoriginate

Reoriginate the route with new RT. Can be extended to use an optional route-map.

Example Configuration for Configuring Seamless Integration of EVPN with L3VPN (MPLS SR)

The following is a sample CLI configuration that is required to import and reoriginate the routes from the VXLAN domain to the MPLS domain and in the reverse direction. 

switch# sh running-config

!Command: show running-config
!Running configuration last done at: Sat Mar 17 10:00:40 2001
!Time: Sat Mar 17 12:50:12 2001

version 9.2(2) Bios:version 05.22 
hardware profile multicast max-limit lpm-entries 0

hostname switch
install feature-set mpls
vdc Scrimshaw id 1
  allow feature-set mpls
  limit-resource vlan minimum 16 maximum 4094
  limit-resource vrf minimum 2 maximum 4096
  limit-resource port-channel minimum 0 maximum 511
  limit-resource u4route-mem minimum 248 maximum 248
  limit-resource u6route-mem minimum 96 maximum 96
  limit-resource m4route-mem minimum 90 maximum 90
  limit-resource m6route-mem minimum 8 maximum 8
feature-set mpls

feature telnet
feature bash-shell
feature sftp-server
nv overlay evpn
feature ospf
feature bgp
feature mpls l3vpn
feature mpls segment-routing
feature interface-vlan
feature vn-segment-vlan-based
feature bfd
feature nv overlay

no password strength-check
username admin password 5 
$5$eEI.wtRs$txfevWxMj/upb/1dJeXy5rNvFYKymzz3Zmc.fpuxTp
1  role network-admin
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 0x116815e4934ab1f854dce5dd673f33d7
 priv 0x116815e4934ab1f854dce5dd673f33d7 localizedkey
rmon event 1 description FATAL(1) owner PMON@FATAL
rmon event 2 description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 description ERROR(3) owner PMON@ERROR
rmon event 4 description WARNING(4) owner PMON@WARNING
rmon event 5 description INFORMATION(5) owner PMON@INFO

mpls label range 30000 40000 static 6000 8000
vlan 1-2,100,200,555
segment-routing mpls
  global-block 30000 40000
vlan 555
  vn-segment 55500

route-map ALL permit 10
route-map SRmap permit 10
  set label-index 666
route-map ULAY_NETWORK permit 10
  set label-index 600
route-map passall permit 10
vrf context ch5_swap
  ip route 199.1.1.0/24 16.1.1.2
  ip route 200.1.1.0/24 16.1.1.2
vrf context evpn
  vni 55500
  rd auto
  address-family ipv4 unicast
    route-target import 100:55500
    route-target import 100:55500 evpn
    route-target import 6:6000
    route-target export 100:55500
    route-target export 100:55500 evpn
    route-target export 6:6000
  address-family ipv6 unicast
    route-target import 6:6000
    route-target export 6:6000
vrf context management
  ip route 0.0.0.0/0 172.31.144.1
hardware forwarding unicast trace
vlan configuration 2
  ip igmp snooping static-group 225.1.1.1 interface Ethernet1/9

interface Vlan1

interface Vlan555
  no shutdown
  vrf member evpn

interface nve1
  no shutdown
  host-reachability protocol bgp
  source-interface loopback1
  member vni 55500 associate-vrf

interface Ethernet1/12
  mpls ip forwarding
  no shutdown

interface Ethernet1/13

interface Ethernet1/14
  no shutdown

interface Ethernet1/15
  no shutdown

interface Ethernet1/16
  no shutdown

interface Ethernet1/17
  no shutdown

interface Ethernet1/18

interface Ethernet1/19

interface Ethernet1/20
  no shutdown

interface Ethernet1/21
  ip address 6.2.0.1/24
  mpls ip forwarding
  no shutdown

interface Ethernet1/21.1
  encapsulation dot1q 1211
  vrf member evpn
  ip address 6.22.0.1/24
  no shutdown

interface Ethernet1/21.2
  encapsulation dot1q 1212
  ip address 6.222.0.1/24
  no shutdown

interface Ethernet1/21.3
  encapsulation dot1q 1213
  vrf member ch5_swap
  ip address 16.1.1.1/24
  no shutdown

interface Ethernet1/22
  no shutdown

interface Ethernet1/23
  description underlay  
  ip address 6.1.0.1/24
  mpls ip forwarding
  no shutdown

interface Ethernet1/23.1
  encapsulation dot1q 1231
  vrf member evpn
  ip address 6.11.0.1/23
  no shutdown

interface Ethernet1/24
  no shutdown

interface Ethernet1/25
  no shutdown

interface Ethernet1/26
  description underlay 
  ip address 6.0.0.1/24
  mpls ip forwarding
  no shutdown

interface Ethernet1/26.1
  encapsulation dot1q 1261
  ip address 7.0.0.1/24
  no shutdown

interface Ethernet1/27
  no shutdown

interface Ethernet1/28
  no shutdown

interface Ethernet1/29
  no shutdown

interface Ethernet1/30
  no shutdown

interface Ethernet1/31
  ip address 1.31.1.1/24
  no shutdown

interface Ethernet1/32
  no shutdown

interface Ethernet1/33
  ip address 87.87.87.1/24
  ip router ospf 100 area 0.0.0.0
  no shutdown

interface Ethernet1/34
  no shutdown

interface Ethernet1/35
  no shutdown

interface Ethernet1/36
  no shutdown

interface mgmt0
  vrf member management
  ip address 172.31.145.107/21

interface loopback1
  ip address 58.58.58.58/32

interface loopback6
  description used for SR underlay testing
  ip address 6.6.6.1/32
line console
line vty
monitor session 1 
  source interface Ethernet1/21 rx
  source interface Ethernet1/23 both
  destination interface sup-eth0

mpls static configuration
  address-family ipv4 unicast
    lsp SL_AGG_BELL
      in-label 6001 allocate policy 88.1.1.0 255.255.255.0 
        forward
          path 1 next-hop 6.0.0.2 out-label-stack implicit-null 
router ospf 100
  redistribute direct route-map ALL
router bgp 600
  address-family ipv4 unicast
    network 6.6.6.1/32 route-map SRmap
    network 66.1.1.0/24 route-map ULAY_NETWORK
    redistribute direct route-map passall
    maximum-paths 32
    allocate-label all
  neighbor 6.0.0.2
    remote-as 50
    ebgp-multihop 255
    address-family ipv4 labeled-unicast
  neighbor 6.1.0.2
    remote-as 50
    ebgp-multihop 255
    address-family ipv4 labeled-unicast
  neighbor 6.6.6.3
    remote-as 300
    update-source loopback6
    ebgp-multihop 255
    address-family vpnv4 unicast
      send-community
      send-community extended
      next-hop-self
      import l2vpn evpn reoriginate
  neighbor 7.0.0.2
    remote-as 50
    ebgp-multihop 255
    address-family ipv4 labeled-unicast
  neighbor 21.21.21.21
    remote-as 600
    update-source loopback1
    address-family l2vpn evpn
      send-community
      send-community extended
      import vpn unicast reoriginate
  vrf evpn
    address-family ipv4 unicast
      advertise l2vpn evpn
      redistribute direct route-map passall
      redistribute hmm route-map passall
    address-family ipv6 unicast
      redistribute direct route-map passall