Ethernet VPN (EVPN) is a standards-based BGP distributed control plane for Network Virtualization Overlay (NVO), that provides Layer 2 (bridging) and Layer 3 (routing) connectivity over IP or IP/MPLS underlay networks.

Virtual Extensible LAN (VxLAN) is a solution to support a flexible, large-scale multitenant environment over a shared common physical infrastructure. The transport protocol over the physical data center network is IP plus UDP.

Generic Routing Encapsulation (GRE) provides a virtual point-to-point private connection and encapsulates and forwards packets over an IP-based network.

This solution provides the customer the ability to extend an L2 broadcast domain over an L3 IP network. The GRE tunnel facilitates connection of disjoint L3 network subnets over which VXLAN packets can be transferred.

The following shows an example topology:

The following configuration supports the topology illustrated in the Overview.

interface GigabitEthernet1/7
 switchport access vlan 21
 switchport mode access
!
interface Vlan21
 ip address 21.21.21.1 255.255.255.0

l2vpn evpn
 replication-type ingress
!
l2vpn evpn instance 21 vlan-based
 encapsulation vxlan
 replication-type ingress
 default-gateway advertise enable
!

bridge-domain 21 
 member Vlan21 service-instance 21
 member evpn-instance 21 vni 30000
!
!
interface Loopback0
 ip address 100.100.100.1 255.255.255.255
!
interface Tunnel100
 ip address 102.102.102.1 255.255.255.252
 ip pim sparse-mode
 mpls ip
 tunnel source 192.168.5.100
 tunnel destination 192.168.5.200
!
interface GigabitEthernet0/0/0
 ip address 192.168.5.100 255.255.255.0
!
interface FastEthernet0/0/1
 switchport access vlan 21
 switchport mode access
!
interface FastEthernet0/0/2
!
!
interface Vlan21
 no ip address
 service instance 21 ethernet
  encapsulation dot1q 21
 !

!
interface nve1
 no ip address
 source-interface Loopback0
 host-reachability protocol bgp
 member vni 30000 ingress-replication
!
router ospf 1
 router-id 100.100.100.1
 network 100.100.100.1 0.0.0.0 area 0
 network 102.102.102.0 0.0.0.3 area 0
!
router bgp 1
 bgp router-id 100.100.100.1
 bgp log-neighbor-changes
 neighbor 102.102.102.2 remote-as 1
 !
 address-family ipv4
  redistribute connected
  neighbor 102.102.102.2 activate
  neighbor 102.102.102.2 send-community both
 exit-address-family
 !
 address-family vpnv4
  import l2vpn evpn
  neighbor 102.102.102.2 activate
  neighbor 102.102.102.2 send-community extended
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor 102.102.102.2 activate
  neighbor 102.102.102.2 send-community both
 exit-address-family
!
ip pim rp-address 100.100.100.2

l2vpn evpn
 replication-type ingress
!
l2vpn evpn instance 21 vlan-based
 encapsulation vxlan
 replication-type ingress
 default-gateway advertise enable
!
!

bridge-domain 21 
 member Vlan21 service-instance 21
 member evpn-instance 21 vni 30000
!
!
interface Loopback0
 ip address 100.100.100.2 255.255.255.255
!
interface Tunnel100
 ip address 102.102.102.2 255.255.255.252
 ip pim sparse-mode
 mpls ip
 tunnel source 192.168.5.200
 tunnel destination 192.168.5.100
!
interface GigabitEthernet0/0/0
 ip address 192.168.5.200 255.255.255.0
 negotiation auto
!
interface GigabitEthernet0/1/0
 switchport access vlan 21
 switchport mode access
!
!
interface Vlan21
 no ip address
 service instance 21 ethernet
  encapsulation dot1q 21
 !

!
interface nve1
 no ip address
 source-interface Loopback0
 host-reachability protocol bgp
 member vni 30000 ingress-replication
!         
router ospf 1
 router-id 100.100.100.2
 network 100.100.100.2 0.0.0.0 area 0
 network 102.102.102.0 0.0.0.3 area 0
!
router bgp 1
 bgp router-id 100.100.100.2
 bgp log-neighbor-changes
 neighbor 102.102.102.1 remote-as 1
 !
 address-family ipv4
  redistribute connected
  neighbor 102.102.102.1 activate
  neighbor 102.102.102.1 send-community both
 exit-address-family
 !
 address-family vpnv4
  import l2vpn evpn
  neighbor 102.102.102.1 activate
  neighbor 102.102.102.1 send-community extended
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor 102.102.102.1 activate
  neighbor 102.102.102.1 send-community both
 exit-address-family
!
ip forward-protocol nd
ip pim rp-address 100.100.100.2

interface GigabitEthernet1/7
 switchport access vlan 21
 switchport mode access
!
interface Vlan21
 ip address 21.21.21.2 255.255.255.0

The following steps configure Router 1:

1. Create the EVPN and EVPN instance:

   l2vpn evpn
   replication-type ingress
   !
   l2vpn evpn instance 21 vlan-based
   encapsulation vxlan
   replication-type ingress
   default-gateway advertise enable
   

2. Add a port to VLAN 21:

   interface FastEthernet0/0/1
   switchport access vlan 21
   switchport mode access
   

3. Configure BDI 21 on Vlan 21:

   interface Vlan21
   no ip address
   service instance 21 ethernet
     encapsulation dot1q 21
   

4. Assign IP to Loopback interface:

   interface Loopback0
   ip address 100.100.100.1 255.255.255.255
   

5. Configure IP on WAN interface:

   interface GigabitEthernet0/0/0
   ip address 192.168.5.100 255.255.255.0
   

6. Configure a GRE Tunnel with WAN interface IP:

   interface Tunnel100
   ip address 102.102.102.1 255.255.255.252
   ip pim sparse-mode
   mpls ip
   tunnel source 192.168.5.100
   tunnel destination 192.168.5.200
   

7. Configure VXLAN:

   interface nve1
   no ip address
   source-interface Loopback0
   host-reachability protocol bgp
   member vni 30000 ingress-replication 
   

8. Apply the EVPN and VxLAN instance on BDI (Bridge domain interface):

   bridge-domain 21 
    member Vlan21 service-instance 21
   member evpn-instance 21 vni 30000
   

9. Configure OSPF and BGP as overlay protocol:

   router ospf 1
   router-id 100.100.100.1
   network 100.100.100.1 0.0.0.0 area 0
   network 102.102.102.0 0.0.0.3 area 0
   !
   router bgp 1
   bgp router-id 100.100.100.1
   bgp log-neighbor-changes
   neighbor 102.102.102.2 remote-as 1
   !
   address-family ipv4
     redistribute connected
     neighbor 102.102.102.2 activate
     neighbor 102.102.102.2 send-community both
   exit-address-family
   !
   address-family vpnv4
     import l2vpn evpn
     neighbor 102.102.102.2 activate
     neighbor 102.102.102.2 send-community extended
   exit-address-family
   !
   address-family l2vpn evpn
     neighbor 102.102.102.2 activate
     neighbor 102.102.102.2 send-community both
   exit-address-family
   

Perform similar steps to configure Router 2 with the appropriate IP addresses. Then configure IP addresses on both of the hosts for reachability.

The following show commands can be used to help troubleshoot your setup.

Router1#show l2vpn evpn peers vxlan

Interface VNI      Peer-IP                                 Num routes eVNI     UP time
--------- -------- --------------------------------------- ---------- -------- --------
nve1      30000    100.100.100.2                           1          30000    00:00:18


Router1#show nve peers
'M' - MAC entry download flag  'A' - Adjacency download flag
'4' - IPv4 flag  '6' - IPv6 flag

Interface  VNI      Type Peer-IP          RMAC/Num_RTs   eVNI     state flags UP time
nve1       30000    L2CP 100.100.100.2    1              30000      UP   N/A  00:00:40


Router1#show l2vpn evpn mac
MAC Address    EVI   BD    ESI                      Ether Tag  Next Hop(s)
-------------- ----- ----- ------------------------ ---------- ---------------
0000.24aa.c926 21    21    0000.0000.0000.0000.0000 0          Vl21:21
0000.24aa.c927 21    21    0000.0000.0000.0000.0000 0          100.100.100.2

Router1#show bgp l2vpn evpn all
BGP table version is 7, local router ID is 100.100.100.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100.100.100.1:21
 *>   [2][100.100.100.1:21][0][48][000024AAC926][0][*]/20
                      0.0.0.0                            32768 ?
 *>i  [2][100.100.100.1:21][0][48][000024AAC927][0][*]/20
                      100.100.100.2            0    100      0 ?
Route Distinguisher: 100.100.100.2:21
 *>i  [2][100.100.100.2:21][0][48][000024AAC927][0][*]/20
                      100.100.100.2            0    100      0 ?
Route Distinguisher: 100.100.100.1:21
 *>   [3][100.100.100.1:21][0][32][100.100.100.1]/17
                      0.0.0.0                            32768 ?
 *>i  [3][100.100.100.1:21][0][32][100.100.100.2]/17
                      100.100.100.2            0    100      0 ?
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100.100.100.2:21
 *>i  [3][100.100.100.2:21][0][32][100.100.100.2]/17
                      100.100.100.2            0    100      0 ?
Router1#

Router2#show l2vpn evpn peers vxlan

Interface VNI      Peer-IP                                 Num routes eVNI     UP time
--------- -------- --------------------------------------- ---------- -------- --------
nve1      30000    100.100.100.1                           1          30000    00:00:17

Router2#show nve peers
'M' - MAC entry download flag  'A' - Adjacency download flag
'4' - IPv4 flag  '6' - IPv6 flag

Interface  VNI      Type Peer-IP          RMAC/Num_RTs   eVNI     state flags UP time
nve1       30000    L2CP 100.100.100.1    1              30000      UP   N/A  00:00:22


Router2#show l2vpn evpn mac
MAC Address    EVI   BD    ESI                      Ether Tag  Next Hop(s)
-------------- ----- ----- ------------------------ ---------- ---------------
0000.24aa.c926 21    21    0000.0000.0000.0000.0000 0          100.100.100.1
0000.24aa.c927 21    21    0000.0000.0000.0000.0000 0          Vl21:21

Router2#show bgp l2vpn evpn all
BGP table version is 23, local router ID is 100.100.100.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100.100.100.1:21
 *>i  [2][100.100.100.1:21][0][48][000024AAC926][0][*]/20
                      100.100.100.1            0    100      0 ?
Route Distinguisher: 100.100.100.2:21
 *>i  [2][100.100.100.2:21][0][48][000024AAC926][0][*]/20
                      100.100.100.1            0    100      0 ?
 *>   [2][100.100.100.2:21][0][48][000024AAC927][0][*]/20
                      0.0.0.0                            32768 ?
Route Distinguisher: 100.100.100.1:21
 *>i  [3][100.100.100.1:21][0][32][100.100.100.1]/17
                      100.100.100.1            0    100      0 ?
Route Distinguisher: 100.100.100.2:21
 *>i  [3][100.100.100.2:21][0][32][100.100.100.1]/17
                      100.100.100.1            0    100      0 ?
 *>   [3][100.100.100.2:21][0][32][100.100.100.2]/17
                      0.0.0.0                            32768 ?
Router2#

The following are additional sources of information:

• Configure VXLAN

• Configure GRE Tunnels