EVPN VxLAN L3

This chapter provides information on Layer 3 Data-Center-Interconnect (DCI) VXLAN EVPN Support.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on Cisco.com is not required.

Restrictions for EVPN VxLAN L3

  • VNI range CLI for L3VNI is not supported.

  • Egress traffic stops, if local VNI is down.

  • L3 VNI and L2 VNI co-existence in the same bridge domain as L3 VNI is not supported.

  • MAC learning is not done with L3VNI via control plane learning.

  • IPV6 overlay and underlay are not supported.

Information About EVPN VxLAN L3

Data Center Interconnect VXLAN Layer 3 Gateway

The Cisco device can serve as a Data Center Interconnect (DCI) L3 Gateway to provide IP connectivity between multi-tenant remote Data Center sites. The multi-tenant Data Centers use VxLAN encapsulation to carry separate tenant IP traffic. The VXLAN-enabled Data Center sites use MP-BGP EVPN control plane for distributing both Layer-2 and Layer-3 forwarding information within the site. RFC 5512 and draft-ietf-bess-evpn-inter-subnet-forwarding-00 define how MP-BGP Network Layer Reachability Information (NLRI) carries VXLAN encapsulation as well as L2/L3 forwarding information details to provide an integrated routing and bridging solution within the Data Center site.

Route Targets

For each VRF on the DCI router, there are two sets of manually configured import and export route-targets. One set of import and export route-targets is associated with the Data Center BGP neighbor that uses EVPN address-family to exchange L3 information; the other set of import and export route-targets is associated with the L3VPN BGP neighbor that use VPNv4 unicast address-family to exchange L3 information. This separation of route targets (RTs) enables the two sets of RTs to be independently configured. The DCI router effectively stitches the two set of RTs. The RTs associated with the EVPN BGP neighbor are labelled as stitching RTs. The RTs associated with the L3VPN BGP neighbor are normal RTs.

A new keyword is added to the existing route-target configuration to specify the route targets to be used when doing EVPN-VXLAN related processing. The base (existing) route target configuration does not affect EVPN-VXLAN related processing. You can have the same RT values for both base and VxLAN routes.

Local VPNv4 Routes Advertisement

On the DCI router, the locally sourced VPNv4 routes can be advertised to the BGP EVPN neighbors with the normal route targets (RTs) configured for the VRF or the stitching RTs associated with the BGP EVPN neighbors. By default, these routes are advertised with the normal route targets.

Note

You cannot configure the advertise command for VPNv4 or VPNv6 neighbors. RTs can be applied only to the sourced routes and routes learned from VRF neighbors.


Data Center VXLAN with Support for MP-BGP

The Data Center VXLAN uses MP-BGP for control-plane learning of end-host Layer 2 and Layer 3 reachability information. The DCI router is configured with a VXLAN Tunnel EndPoint (VTEP). You also need to run the host-reachabilty protocol BGP command to specify that control-plane learning within Data center site is through BGP routing protocol.

The DCI Gateway router and the EVPN BGP neighbor (Data Center BGP neighbor) exchange BGP EVPN NLRIs of route type 5 that carry L3 routing information and associated VXLAN encapsulation information.

EVPN Route Targets

A new keyword is added to the existing route-target configuration to specify the route targets to be used when doing EVPN-VXLAN related processing. The base (existing) route target configuration does not affect EVPN-VXLAN related processing. You can have the same RT values for both base and vxlan routes

MAC/IP Advertisement Route and IP Prefix Route is supported. The l2vpn evpn address-family can be configured and neighbors can exchange EVPN NLRI. The l2vpn-evpn-prefix-advertisement is supported fully and for the non-MAC portions only the NLRI is supported. IP Prefix route type is added to carry IP prefixes. The IP Prefix NLRI can carry IPv4 Prefix or IPv6 Prefix. The NLRI length determines whether it has IPv4 Prefix or IPv6 Prefix.

NLRI Format:
[Type][Len][RD][ESI][ETag][IP Addr Mask][IP Addr][GW IP Addr][Label]
Key:
[Type][ETag][IP Addr Len][IP Addr]

When BGP attribute, encapsulation type EXTCOMM value of 0x8 ( VxLAN ) is present, then Label carries VNI (VXLAN ID).

EVPN RT5 and RT2 that contain a RT matching an import “stitching RT” specified in a vrf configuration is accepted by the router and imported into the corresponding BGP L3VPN vrf. The resulting L3VPN prefix retains the same route target. L3VPN routes that are imported into EVPN via “advertise l2vpn evpn” contains route targets specified by that vrf’s export “stitching RT”. Any original route targets is removed.

Bridge Domain Interface

Bridge Domain Interface (BDI) is used for Inter-VLAN routing for EVC. It supports ping from local BDI interface to peer BDI/BVI/SVI. ARP is not used to resolve adjacency. BGP is asked to advertise the BDI IP address in EVPN route and use RMAC as an adjacency.

Downstream VNI

A downstream VNI is assigned at the downstream BGP peer. The BGP peer sends VNI as part of EVPN route type 2 or 5, so that it can use the VNI to send EVPN traffic to peer. This VNI is called as egress VNI; this egress VNI is used to send EVPN traffic to peer on data path. BGP also sends the local VNI to peer as part of EVPN route type 2 or 5 and it is expected from the peer to send EVPN traffic with the VNI, so that it can route the PKT to right VRF. This VNI is called as ingress VNI.

For the local VNI, VNI number range is 4k to 16m. For the egress VNI, valid VNI number range can be any valid VNI number, from 1-16m.

Router MAC

EVPN introduces a Router’s MAC extended community to exchange Router’s MAC between EVPN peer. BGP send BDI’s MAC address to EVPN Peer as its RMAC. By default, all the BDI interface share the same MAC address, so all EVPN VRF will send the same RMAC to EVPN peer by default. It is flexible to configure MAC address of BDI interface. So, it is possible that different EVPN VRF may send different RMAC to EVPN peer.

VRF Lite

VRF-lite (VPN routing/forwarding) allows a service provider to support two or more VPNs with overlapping IP addresses. VRF-lite is achieved by configuring sub-interfaces (VLANs) on a physical interface and by putting each sub-interface in a VRF.

EVPN Route Type 2 - MAC Advertisement Route

MAC Advertisement Route can be used to carry only MAC Address or MAC Address and IP Address (/32 for IPv4 or /128 for IPv6).

NLRI Format:
[Type][Len][RD][ESI][ETag][MAC Addr Mask][MAC Addr][IP Addr Len][IP Addr] [Label1] [Label2]
Key:
[Type][ETag][MAC Addr Len][MAC Addr][IP Addr Len][IP Addr]
[Type][ETag][MAC Addr Len][MAC Addr][IP Addr Len]

Label1 is associated with MAC Address and Label2 is associated with IP Address. When BGP attribute, encapsulation type EXTCOMM value of 0x8 ( VxLAN ) is present, then Label carries VNI (VXLAN ID).

L3 VRF EVPN Import

To advertise L3 VPN routing and forwarding (VRF) prefixes to EVPN neighbors define a new import type that takes prefixes from VRF neighbors, redistributed VRF routes, and import them into EVPN table. The import of VRF routes is controlled per VRF. The import of VRF is performed only when advertise l2vpn evpn is configured under that VRF and local VTEP is up.

EVPN DCI Solution

ASR1000 (IOS-XE Platform) series routers, acting as a Data Centre Interconnect (DCI) device can be deployed at the edge of two Cisco Data Center solutions, that is, Nexus 9000 Standalone-mode Data Centre or Nexus 9000 ACI-mode Data Centre. It provides flexible and safe WAN connections to the Internet or Branch sites with multiple different WAN types. Currently ASR1000 supports multiple WAN connection types, including iWAN, MPLS VPN(PE and ASBR), DMVPN, and VRF Lite. You can also deploy more than one ASR1000 router as multihoming deployment, if you require traffic load balancing, redundancy or customized path selection policy based on special requirements of different applications.

How to Configure EVPN VxLAN L3

The following is the sample topology that is used as an example to explain the configuration of this feature.

Configuring Customer Edge (CE) 1 Using VRF Lite

  1. Define VRF and IPv4 address family. EVPN RT is 65535:1
    vrf definition evpn1
     rd 65535:1
     address-family ipv4
    route-target both 65535:1 stitching     
    exit-address-family
    !
  2. Define Bridge Domain and associate vxlan vni 3000.
    bridge-domain 200
     member vni 30000
    Interface loopback0
      ip address 33.33.33.33 255.255.255.255
    
  3. Define Bridge Domain Interface (BDI).
    interface BDI200
     vrf forwarding evpn1
     ip address 100.1.1.1 255.255.255.0
     encapsulation dot1Q 200
    
  4. Create Interface NVE1.
    Interface gi0/0/0.2
      enc dot1q 2
      ip address 4.0.0.1 255.255.255.0
    Interface gi0/0/1.2
      enc dot1q 2
      vrf forwarding evpn1
      ip address 3.3.3.1 255.255.255.0
    interface nve1
     no ip address
     source-interface Loopback0
     host-reachability protocol bgp
     member vni 30000 vrf evpn1
    
  5. Define OSPF for underlay reachability.
    Router ospf 100
      router-id 33.33.33.33
      network 33.33.33.33 0.0.0.0 area 0
      network 4.0.0.1 0.0.0.0 area 0
    !
    
  6. Define BGP and EVPN address-family.
    router bgp 65535
     bgp router-id 33.33.33.33
     neighbor 44.44.44.44 remote-as 65535
     neighbor 44.44.44.44 update-source Loopback0
     !
     address-family l2vpn evpn
      neighbor 44.44.44.44 activate
      neighbor 44.44.44.44 send-community both
     exit-address-family
     !
     address-family ipv4 vrf evpn1
      advertise l2vpn evpn
      neighor 3.3.3.254 remote-as 65530
      neighor 3.3.3.254 update-source Gi0/0/1.2
      neighor 3.3.3.254 ebgp-multihop 255
      redistribute connected
     exit-address-family
    

Configuring Provider Edge 1

Define VRF and RD/RT.
vrf definition vrf1
 rd 65530:1
 address-family ipv4
  route-target both 65530:1
exit-address-family
!
interface loopback0
  ip address 33.33.33.22 255.255.255.255
Interface GigabitEthernet0/0/0.2
  enc dot1q 2
  vrf forwarding vrf1
  ip address 3.3.3.254 255.255.255.0
Interface gigabitEthernet0/0/1
  mpls ip
  ip address 2.2.2.1 255.255.255.0
!
Router ospf 100
  router-id 33.33.33.22
  network 33.33.33.22 0.0.0.0 area 0
  network 2.2.2.1 0.0.0.0 area 0
!
router bgp 65530
 bgp router-id 33.33.33.22
 neighbor 22.22.22.22 remote-as 65530
 neighbor 22.22.22.22 update-source Loopback0
 !
 address-family vpnv4
  neighbor 22.22.22.22 activate
  neighbor 22.22.22.22 send-community both
 exit-address-family
 !
 address-family ipv4 vrf vrf1
  neighor 3.3.3.253 remote-as 65535
  neighor 3.3.3.253 update-source Gi0/0/0.2
  neighor 3.3.3.253 ebgp-multihop 255
  redistribute connected
 exit-address-family

Configuring Provider Edge 2 and Branch Router

vrf definition vrf1
 rd 65530:1
 address-family ipv4
  route-target both 65530:1
exit-address-family
!
interface loopback0
  ip address 22.22.22.22 255.255.255.255
!
Interface GigabitEthernet0/0/0.200
  enc dot1q 200
  vrf forwarding vrf1
  ip address 1.1.1.254 255.255.255.0
!
Interface gigabitEthernet0/0/1
  mpls ip
  ip address 2.2.2.254 255.255.255.0
!
Router ospf 100
  router-id 22.22.22.22
  network 22.22.22.22 0.0.0.0 area 0
  network 2.2.2.254 0.0.0.0 area 0
!
router bgp 65530
 bgp router-id 22.22.22.22
 neighbor 33.33.33.22 remote-as 65530
 neighbor 33.33.33.22 update-source Loopback0
 !
 address-family vpnv4
  neighbor 33.33.33.22 activate
  neighbor 33.33.33.22 send-community both
 exit-address-family
 !
 address-family ipv4 vrf vrf1
   redistribute connected
 exit-address-family

Configuring Customer Edge 2

Interface GigabitEthernet0/0/0.200
  enc dot1q 200
ip address 1.1.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 1.1.1.254

Importing Between EVPN and VRF/VPN

router bgp 100
 address-family ipv4 vrf example-vrf
  advertise l2vpn evpn
  neighbor 7.7.7.7 remote-as 400
  neighbor 7.7.7.7 activate
 exit-address-family

Verifying EVPN VxLAN L3

Use the following commands to verify the configuration:
  • show ip bgp l2vpn evpn: Displays Layer 2 Virtual Private Network (L2VPN) address family information from the Border Gateway Protocol (BGP) table.

  • show mlrib evpn mac: Displays the MLRIB information pertaining to an EVPN network.

  • show nve peers: Displays information that determine if the VNI is configured for peer.

Show Command-BGP
#show ip bgp l2vpn evpn summary 
BGP router identifier 19.0.0.1, local AS number 1
BGP table version is 2, main routing table version 2
1 network entries using 376 bytes of memory
1 path entries using 196 bytes of memory
1/1 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP extended community entries using 40 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 884 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
20::46          4            1    7852    7849        2    0    0 4d22h           0
19.0.101.1      4            1       0       0        1    0    0 never    Idle
19.0.101.2      4            1       0       0        1    0    0 never    Idle
19.0.101.3      4            1       0       0        1    0    0 never    Idle
19.0.101.4      4            1       0       0        1    0    0 never    Idle
19.0.101.5      4            2       0       0        1    0    0 never    Idle
19.0.101.6      4            1       0       0        1    0    0 never    Idle
19.0.101.7      4            1   80385    7853        2    0    0 4d22h           1
20.0.0.47       4            1    7857    7844        2    0    0 4d22h           0
FEC0::1001      4            1       0       0        1    0    0 never    Idle
Show Command-MLRIB
# show mlrib evpn mac
EVI   MAC Address  Owner Next-Hop  iVNI  eVNI
----------------------------------------------------
100   aaa.bbb.cc1   NVE   1.2.3.4   10000 1000
# show mlrib evpn mac detailed
EVI MAC Address Owner Next-Hop  iVNI  eVNI lVTEP     port
-------------------------------------------------------------
100 aaa.bbb.cc1 NVE   1.2.3.4   1000  1000 1.2.3.2   2000
# show mlrib evpn vtep local
BD    RMAC Address    VTEP-IP       VRF     VNI		BDI
----------------------------------------------------------
100   aaa.bbb.cc2    101.2.3.4      vrf1    10000	   BDI100
Show NVE Peers
#sh nve peers vni 10135
Interface  VNI      Type Peer-IP          Router-RMAC    eVNI     state flags UP time
nve1       10135    L3CP 66.66.66.66      5c83.8f5f.5c97 10135      UP   A/M 00:08:53

Configuring EVPN: Basic Configuration

Perform the following tasks to configure EVPN:

  1. Create a VRF.

    vrf definition EVPN
     rd 100:1
     !
     address-family ipv4
      route-target export 100:1 stitching
      route-target import 100:1 stitching
     exit-address-family
  2. Create a bridge domain and assign a VNI.

    bridge-domain 1234       
     member vni 101234
  3. Create a BDI interface and assign it to the EVPN VRF.

    interface BDI1234                 
     vrf forwarding EVPN
     ip address 10.20.30.40 255.255.255.0
     encapsulation dot1Q 1234
  4. Create an NVE interface.

    interface nve1                        
     no ip address
     source-interface Loopback1
     host-reachability protocol bgp
     member vni 101234 vrf EVPN
    
    router bgp 100
     bgp router-id 10.10.10.10
     bgp log-neighbor-changes
     no bgp default ipv4-unicast
     neighbor 10.10.10.111 remote-as 100
     neighbor 10.10.10.111 ebgp-multihop 255
     neighbor 10.10.10.111 update-source Loopback1
     neighbor 10.10.10.222 remote-as 100
     neighbor 10.10.10.222 ebgp-multihop 255
     neighbor 10.10.10.222 update-source Loopback1
     !
  5. Configure a EVPN sessions to two spines.

    address-family l2vpn evpn             
      neighbor 10.10.10.111 activate
      neighbor 10.10.10.111 send-community both
      neighbor 10.10.10.222 activate
      neighbor 10.10.10.222 send-community both
     exit-address-family

EVPN Interconnect With MPLS VPN as ASBR

In the scenario explained in the below figure shows, EVPN routes from the DC side get imported into VRFs at the ASR1k. These routes are in turn re-originated to the WAN side MPLS core network via VPN routes to ASBR using a variation of MPLS-VPN Inter-AS option AB. There is only 1 BGP peering between the ASR1k and the ASBR, but the forwarding happens on multiple VRF sub-interfaces.

Figure 1. EVPN Interconnect With MPLS VPN as ASBR


Configuring Inter-AS Option AB

The following sections describe how to configure the Inter-AS Option AB feature on an ASBR for either an MPLS VPN or an MPLS VPN that supports CSC:


Note

If Inter-AS Option AB is already deployed in your network and you want to do Option B style peering for some prefixes (that is, implement Inter-AS Option AB+), configure the inter-as-hybrid global command as described in the “Configuring the Routing Policy for VPNs that Need Inter-AS Connections” section.


Configuring the VRFs on the ASBR Interface for Each VPN Customer

Use the following steps to configure the VRFs on the ASBR interface for each VPN customer so that these VPNs have connectivity over the MPLS VPN--Inter-AS Option AB network.


Note

The mpls bgp forwarding command is used only on the ASBR interface for VRFs that support CSC.


Use all of the steps in the following procedure to configure additional VRFs that need to be configured on the ASBR interface and the VRFs that need to be configured on the peer ASBR interface.

  1. Enable privileged EXEC mode. Enter your password if prompted.

    enable
    Example:
    Router> enable
  2. Enter global configuration mode.

    configure terminal
    Example:
    Router# configure terminal
  3. Specify the interface to configure and enter the interface configuration mode.
    • The type argument specifies the type of interface to be configured.

    • The number argument specifies the port, connector, or interface card number.

      interface type number
      Example:
       Router(config)# interface Ethernet 5/0
  4. Associate a VRF with the specified interface or subinterface.

    • The vrf-name argument is the name assigned to a VRF.

      ip vrf forwarding vrf-name
      Example:
       Router(config-if)# ip vrf forwarding vpn1
  5. (Optional) Configures BGP to enable MPLS forwarding on connecting interfaces for VRFs that must support MPLS traffic.

    • This step applies to a CSC network only.

    mpls bgp forwarding
    Example:
     Router(config-if)# mpls bgp forwarding
  6. (Optional) Exits to privileged EXEC mode.

    end
    Example:
     Router(config-if)# end

Configuring MP-BGP Session Between ASBR Peers

BGP propagates reachability information for VPN-IPv4 prefixes among PE routers by means of the BGP multiprotocol extensions (see RFC 2283, Multiprotocol Extensions for BGP-4 ), which define support for address families other than IPv4. Using the extensions ensures that the routes for a given VPN are learned only by other members of that VPN, enabling members of the VPN to communicate with each other.

Follow the steps in this section to configure the MP-BGP session on the ASBR.

Use all of the steps in the following procedure to configure the MP BGP session on the peer ASBR.

  1. Enable privileged EXEC mode. Enter your password if prompted.

    enable
    Example:
    Router> enable
  2. Enter global configuration mode.

    configure terminal
    Example:
    Router# configure terminal
  3. Configures a BGP routing process and places the router in router configuration mode.

    • The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and tags the routing information passed along. Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used in internal networks range from 64512 to 65535.

    router bgp as-number
    Example:
     Router(config)# router bgp 100
  4. Adds an entry to the BGP or multiprotocol BGP neighbor table.

    • The ip-address argument specifies the IP address of the neighbor.

    • The peer-group-name argument specifies the name of a BGP peer group.

    • The as-number argument specifies the autonomous system to which the neighbor belongs.

    neighbor {ip-address | peer-group-name} remote-as as-number
    Example:
     Router(config-router)# neighbor 192.168.0.1 
    remote-as 200
  5. Enters address family configuration mode for configuring routing sessions, such as BGP, that use standard VPNv4 address prefixes.

    • The unicast keyword specifies IPv4 unicast address prefixes.

    address-family vpnv4 [unicast]
    Example:
     Router(config-router)# address-family vpnv4
  6. Enables the exchange of information with a neighboring router.

    • The ip-address argument specifies the IP address of the neighbor.

    • The peer-group-name argument specifies the name of a BGP peer group.

    neighbor {ip-address | peer-group-name} activate
    Example:
     Router(config-router-af)# neighbor 192.168.0.1 
    activate
  7. Configures eBGP peer router (ASBR) as an Inter-AS Option AB peer.

    • The ip-address argument specifies the IP address of the neighbor.

    • The peer-group-name argument specifies the name of a BGP peer group.

    • If any prefixes are imported into Option AB VRFs, then the imported paths are advertised to this peer.

    • If any prefixes are received from this peer and are imported into Option AB VRFs, then the imported paths are advertised to iBGP peers.


    Note

    Advertised routes have RTs that are configured on the VRF. Advertised routes do not have their original RTs.


    neighbor {ip-address | peer-group-name} inter-as-hybrid
    Example:
     Router(config-router-af)# neighbor 192.168.0.1 
    inter-as-hybrid
  8. Exits from address family configuration mode.

    exit-address-family
    Example:
     Router(config-router-af)# exit-address-family
  9. (Optional) Exits to privileged EXEC mode.

    end
    Example:
     Router(config-af)# end

Configuring the Routing Policy for VPNs that Need Inter-AS Connections

Use the steps in this section to configure VRFs for the VPNs that need Inter-AS connections between ASBR peers, by configuring the appropriate routing policy and Option AB configuration.

Use all of the steps in the following procedure to configure additional VPNs that need Inter-AS Option AB connectivity on this ASBR and the peer ASBR.

  1. Enable privileged EXEC mode. Enter your password if prompted.

    enable
    Example:
    Router> enable
  2. Enter global configuration mode.

    configure terminal
    Example:
    Router# configure terminal
  3. Defines the VPN routing instance by assigning a VRF name and enters VRF configuration mode.

    • The vrf-name argument is the name assigned to a VRF.

    vrf definition vrf-name
    Example:
     Router(config)# vrf definition vpn1 
  4. Creates routing and forwarding tables.

    • The route-distinguisher argument adds an 8-byte value to an IPv4 prefix to create a VPN IPv4 prefix. You can enter an RD in either of these formats:
      • 16-bit autonomous system number: your 32-bit number, for example, 101:3
      • 32-bit IP address: your 16-bit number, for example, 192.168.122.15:1
    rd route-distinguisher
    Example:
     Router(config-vrf)# rd 100:1
  5. Enters VRF address family configuration mode to specify an address family for a VRF.

    • The ipv4 keyword specifies an IPv4 address family for a VRF.

    address-family ipv4
    Example:
    Router(config-vrf)# address-family ipv4
  6. Creates a route-target extended community for a VRF.

    • The import keyword imports routing information from the target VPN extended community.

    • The export keyword exports routing information to the target VPN extended community.

    • The both keyword imports routing information from and exports routing information to the target VPN extended community.

    • The route-target-ext-community argument adds the route-target extended community attributes to the VRF list of import, export, or both (import and export) route-target extended communities.

    route-target {import | export | both} 
    route-target-ext-community
    Example:
     Router(config-vrf-af)# route-target import 
    100:1
  7. For Inter-AS Option AB+, go to Step 10; otherwise, go to Step 8.

  8. Specifies the VRF as an Option AB VRF, which has the following effects:

    • Routes imported to this VRF can be advertised to Option AB peers and VPNv4 iBGP peers.

    • When routes received from Option AB peers and are imported into the VRF, the next hop table ID of the route is set to the table ID of the VRF.

    • If the csc keyword is not used, a per-VRF label is allocated for imported routes.

    • When routes are received from Option AB peers and are imported next into the VRF, the learned out label can be installed only in forwarding when the csc keyword is used.

    The csc keyword implies the following:

    • A per-prefix label is allocated for imported routes.

    • For routes received from Option AB peers that are imported into the VRF, the learned out label is installed in forwarding.

    inter-as-hybrid [csc]
    Example:
     Router(config-vrf-af)# inter-as-hybrid
  9. (Optional) Specifies the next hop IP address to be set on paths that are imported into the VRF and that are received from an Option AB peer.

    • The next hop context is also set to the VRF, which imports these paths.

    • The csc keyword implies the following:
      • A per-prefix label is allocated for imported routes.
      • For routes received from Option AB peers that are imported into the VRF, the learned out label is installed in forwarding.
    inter-as-hybrid next-hop global
    Example:
     Router(config-vrf-af)# inter-as-hybrid next-hop 
    global
  10. (For Option AB+) Enables Inter-AS Option AB+.

    • Specifies that the next-hop address for BGP updates to be set on paths that are imported to the VRF and that are received from an Option AB+ peer are placed in the global routing table.

    • The address used is the address of the interface that is at the remote end of the external BGP (eBGP) global shared link. The next-hop context is retained as global and not modified to that of the importing VRF.

    inter-as-hybrid next-hop global
    Example:
     Router(config-vrf-af)# inter-as-hybrid next-hop 
    global
  11. (Optional) Exits to privileged EXEC mode.

    end
    Example:
     Router(config-vrf-af)# end

Example: EVPN Interconnect With MPLS VPN as ASBR

router bgp 100
 bgp router-id 10.10.10.10
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 9.9.8.8 remote-as 200
 Neighbor 9.9.8.8 ebgp-multihop 255

 neighbor 9.9.8.8 update-source Loopback0
 !
 address-family vpnv4
  import l2vpn evpn
  neighbor 9.9.8.8 activate
  neighbor 9.9.8.8 send-community extended
  neighbor 9.9.8.8 next-hop-self all
  Neighbor 9.9.8.8 inter-as-hybrid

Configuring EVPN Interconnect With MPLS VPN as PE

ASR1000 supports direct prefix redistribution between BGP VPNv4 and BGP L2VPN EVPN address families. ASR1000 can act as gateway of Data Centre network and PE of MPLS VPN network both. It receives MPLS VPN prefixes from P/PE routers and these prefixes can be imported into BGP EVPN rib and then forwarded to DC's spine via BGP EVPN session. It can also import BGP EVPN prefixes sent by spine into BGP VPNv4 rib and send to P/PE in MPLS VPN network. During the prefixes redistribution, ASR1k set itself as the next-hop of the prefix before sending update to its neighbors.

In this release (16.4.1), ASR1000 only supports only bi-directional redistribution between EVPN and VPNv4. Redistribution between EVPN and VPNv6 is not supported.

In the scenario explained in the below figure shows, ASR1k acting as a PE in the MPLS-VPN network. Firstly, VRF is needed for the EVPN RT-5 routes to be imported, and then re-originate as VPN route into the MPLS-VPN side. VPN route that is learnt from the MPLS-VPN side will then first be imported into VRF, and the re-originated into EVPN as RT-5 routes.

Figure 2. EVPN Interconnect With MPLS VPN as PE
  1. Define VRF and IPv4 address family.

    vrf definition EVPN
     rd 100:1
     !
     address-family ipv4
      route-target import 100:1
      route-target import 100:1
      route-target export 100:1 stitching
      route-target import 100:1 stitching
     exit-address-family
    !
  2. Configure interface Loopback0.

    interface Loopback0
    MPLS VPN
     ip address 9.9.10.10 255.255.255.255
     ip router isis vpn
     Ip ospf 100 area 0
    !
    
  3. Configure interface GigabitEthernet.

    interface GigabitEthernet0/0/0
    facing MPLS VPN P/PE
     ip address 9.9.108.10 255.255.255.0
     ip router isis vpn
     negotiation auto
     mpls ip
    cdp enable 
    ! 
    Interface gi0/0/1.4
      Description facing to ACI spine
     Encapsulation dot1q 4
      Ip address 10.10.10.1 255.255.255.0
      Ip ospf 100 area 0
    
  4. Create Interface NVE1.

    interface nve1
     no ip address
     source-interface Loopback0 
     host-reachability protocol bgp
     member vni 101234 vrf EVPN
    !
    
  5. Configure bridge domain.
    Bridge-domain 100
      Member vni 101234
    Interface bdi100
      Vrf forwarding EVPN
       Encapsulation dot1q 100
     Ip address 9.10.0.1 255.255.255.0
    
    Router ospf 100
      Router-id 9.9.10.10
      Area 0.0.0.100 nssa
    
    router isis vpn
     net 49.0001.1010.1010.1010.00
     is-type level-2-only
     metric-style wide
    ! 
    
  6. Define BGP and EVPN address-family.

    router bgp 200
     bgp router-id 10.10.10.10
     bgp log-neighbor-changes
     no bgp default ipv4-unicast
     neighbor 9.9.8.8 remote-as 200
     neighbor 9.9.8.8 update-source Loopback0
     neighbor 10.10.10.111 remote-as 100
     neighbor 10.10.10.111 ebgp-multihop 255
     neighbor 10.10.10.111 update-source Loopback0
     neighbor 10.10.10.222 remote-as 100
     neighbor 10.10.10.222 ebgp-multihop 255
     neighbor 10.10.10.222 update-source Loopback0
     !
     address-family vpnv4
      import l2vpn evpn
      neighbor 9.9.8.8 activate
      neighbor 9.9.8.8 send-community extended
      neighbor 9.9.8.8 next-hop-self all
     exit-address-family
     !
     address-family l2vpn evpn
      import vpnv4 unicast
      neighbor 10.10.10.111 activate
      neighbor 10.10.10.111 send-community both
      neighbor 10.10.10.222 activate
      neighbor 10.10.10.222 send-community both
     exit-address-family
     !
    
  7. Define VXLAN UDP port.

    vxlan udp port 0xBEEF

Configuring DCI EVPN Peer to ACI Spine

Figure 3. DCI EVPN Peer to ACI Spine


  1. Configure interface.

    Interface gi0/0/1.4
      Description facing to ACI spine
     Encapsulation dot1q 4
      Ip address 10.10.10.1 255.255.255.0
      Ip ospf 100 area 0
    
    
  2. Configure bridge domain.
    Bridge-domain 100
      Member vni 101234
    Interface bdi100
      Vrf forwarding EVPN
       Encapsulation dot1q 100
     Ip address 9.10.0.1 255.255.255.0
    
    Router ospf 100
      Router-id 9.9.10.10
      Area 0.0.0.100 nssa
    vxlan udp port 0xBEEF
    
    

Additional References for EVPN VxLAN L3

MIBs

MIB

MIBs Link

  • CISCO-MIB

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for EVPN VxLAN L3

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for EVPN VxLAN L3

Feature Name

Releases

Feature Information

EVPN VxLAN L3

Cisco IOS XE Denali 16.3.1

The EVPN VxLAN L3 is a new feature.

VXLAN EVPN Fabric DCI - MPLS L3VPN

Cisco IOS XE Everest 16.4.1

The VXLAN EVPN Fabric DCI - MPLS L3VPN is a new feature.