Introduction
This document describes BGP EVPN VXLAN configurations using simplified CLIs on Catalyst 9000 Series Switches.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
Components Used
The information in this document is based on these software and hardware versions:
- Catalyst 9300
- Catalyst 9400
- Catalyst 9500
- Catalyst 9600
- Cisco IOS® XE 17.13.1 and later versions
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Background Information
Today to configure BGP EVPN, CLIs are spread across multiple components with some redundancy, causing increased complexity and operational overhead.
In most cases, the EVI and VNI are assigned to a VLAN through a simple VLAN ID to EVI or VNI direct mapping approach. Auto-creating the EVI and VNI using the VLAN ID significantly simplifies the provisioning process.
EVPN L2 Service Profile
Using a pre-defined EVPN profile to auto create the EVIs and VNIs.
- When configuring the ‘member evpn-instance’ under vlan configuration without explicitly specify the EVI ID, the EVI ID and VNI is auto generated using the profile specified, if profile is not specified, the default profile is used.
vlan configuration <id-range>
member evpn-instance [profile-name]
EVPN profiles represent a common set of characteristics shared by a group of VLANs.
- These common characteristics could be sharing the same replication type, EVI, VNI, route-target mappings, and so on.
- Once a VLAN is associated with an EVPN profile, the corresponding EVPN settings are auto-derived from the profile, and the EVI and VNI are auto-generated through the same mapping functionality.
EVPN Default and Named Profile
EVPN profiles simplify the provisioning process by auto-creating EVPN instances and VXLAN L2 VNIs from the default or a pre-defined named profile.
- The default L2 service profile does not require manual configuration. This profile is auto-created when referenced by a VLAN member evpn-instance.
- Named L2 service profiles define explicit configurations and must be configured before being referenced by a VLAN member evpn-instance.
- A new CLI mode ‘l2vpn evpn profile {default|<name>}’ is introduced to create the EVPN profile.
l2vpn evpn profile {default|<name>}
evi-base <id>
l2vni-base <id>
replication-type {ingress|static {[ipv4_mcast_addr|ipv4_mcast_prefix] [ipv6_mcast_addr|ipv6_mcast_prefix]}}
encapsulation {mpls|vxlan}
default-gateway advertise {enable|disable}
multicast advertise {enable|disable}
ip local-learning {enable|disable}
flooding-suppression address-resolution {enable|disable}
re-originate route-type5
local-routing {enable|disable}
member evpn-instance [profile-name]
Key
|
Value
|
Default Value
|
Comments
|
[no] replication-type
|
{ingress | static {[ipv4_mcast_addr | ipv4_mcast_prefix] [ipv6_mcast_addr | ipv6_mcast_prefix]}}
|
ingress
|
If there is l2 service created using the profile, change replication-type configuration under ‘l2vpn evpn instance <evi>’ mode is not allowed.
If prefix IPv4 and IPv6 address are specified, the number of the address pool MUST be equal
|
[no] encapsulation
|
{vxlan | mpls }
|
vxlan
|
If there is l2 service created using the profile, change encapsulation configuration under ‘l2vpn evpn instance <evi>’ mode is not allowed
|
[no] evi-base
|
[0-65535]
|
0
|
evi = vid + evi-base, If there is l2 service created using the profile, change evi-base is not allowed
|
[no] l2vni-base
|
[4096-16777215]
|
20000
|
l2vni = vid + l2vni-base, If there is l2 service created using the profile, change l2vni-base is not allowed
|
[no] default-gateway advertise
|
{enable | disable}
|
undefined
|
Default-gateway has global configuration which is disabled. By default, the global configuration takes effects
|
[no] ip local-learning
|
{enable | disable}
|
undefined
|
IP local-learning has global configuration which is enabled. By default, the global configuration takes effects
|
[no] flooding-suppression address-resolution
|
{enable | disable}
|
undefined
|
Flooding-suppression address-resolution has global configuration which is enabled. By default, the global configuration takes effects
|
[no] multicast advertise
|
{enable | disable}
|
undefined
|
Multicast advertise global configuration is disabled. By default, the global configuration takes effects
|
[no] re-originate route-type5
|
N/A
|
undefined
|
By default, set as undefined, which is equivalent to disable.
|
[no] local-routing
|
{enable | disable}
|
undefined
|
By default, set as undefined, which is equivalent to disable, used for the CGW + L3VNI use case on cat9k platform.
|
Configure
Mandatory NVE Interface
The auto created VNIs are hardcoded to be created under interface nve1, in other words, when using the simplified CLI, the interface nve1 has to be configured, and the ‘host-reachability protocol bgp’ has to be configured under interface nve1 as well.
interface nve1
source-interface Loopback0
host-reachability protocol bgp
Default Profile
Simplifed CLI
|
Legacy CLI
|
vlan configuration 10-14
member evpn-instance
!
interface nve1
source-interface Loopback0
host-reachability protocol bgp
!
router bgp 65001
…
|
l2vpn evpn instance 10 vlan-based
encapsulation vxlan
!
l2vpn evpn instance 11 vlan-based
encapsulation vxlan
!
l2vpn evpn instance 12 vlan-based
encapsulation vxlan
!
l2vpn evpn instance 13 vlan-based
encapsulation vxlan
!
l2vpn evpn instance 14 vlan-based
encapsulation vxlan
!
vlan configuration 10
member evpn-instance 10 vni 20010
!
vlan configuration 11
member evpn-instance 11 vni 20011
!
vlan configuration 12
member evpn-instance 12 vni 20012
!
vlan configuration 13
member evpn-instance 13 vni 20013
!
vlan configuration 14
member evpn-instance 14 vni 20014
!
interface nve1
source-interface Loopback0
host-reachability protocol bgp
member vni 20010 ingress-replication
member vni 20011 ingress-replication
member vni 20012 ingress-replication
member vni 20013 ingress-replication
member vni 20014 ingress-replication
!
router bgp 65001
…
|
Named Profile
Simplified CLI
|
Legacy CLI
|
l2vpn evpn profile GROUP1
evi-base 100
l2vni-base 30000
multicast advertise enable
!
l2vpn evpn profile GROUP2
evi-base 200
l2vni-base 40000
replication-type static 239.0.0.10
multicast advertise enable
!
vlan configuration 11-12
member evpn-instance profile GROUP1
!
vlan configuration 13-14
member evpn-instance profile GROUP2
!
interface nve1
source-interface Loopback0
host-reachability protocol bgp
!
router bgp 65001
…
|
l2vpn evpn instance 111 vlan-based
encapsulation vxlan
multicast advertise enable
!
l2vpn evpn instance 112 vlan-based
encapsulation vxlan
multicast advertise enable
!
l2vpn evpn instance 213 vlan-based
encapsulation vxlan
multicast advertise enable
!
l2vpn evpn instance 214 vlan-based
encapsulation vxlan
multicast advertise enable
!
vlan configuration 11
member evpn-instance 111 vni 30011
!
vlan configuration 12
member evpn-instance 112 vni 30012
!
vlan configuration 13
member evpn-instance 213 vni 40013
!
vlan configuration 14
member evpn-instance 214 vni 40014
!
interface nve1
source-interface Loopback0
host-reachability protocol bgp
member vni 30011 ingress-replication
member vni 30012 ingress-replication
member vni 30013 mcast-group 239.0.0.10
member vni 30014 mcast-group 239.0.0.10
!
router bgp 65001
…
|
Verify
EVPN Profile
Use show l2vpn evpn profile to verify the profile creation, configurations and VLANs using the profile.
leaf1#show l2vpn evpn profile default detail
EVPN Profile (VLAN Based): default (auto)
evpn id base: 0
l2 vni base: 20000
Encapsulation: vxlan
Replication Type: Ingress
IP Local Learn: Not set
Flooding Suppression Address Resolution: Not set
Adv. default-gateway: Not set
Adv. Multicast: Not set
RT5 Re-originate Flag: Disabled
Local Routing: Not set
vlan(s):
101-102,111-114,131-132
Auto L2VNI
Use show derived-config interface nve1 to verify auto created L2VNIs.
leaf1#show derived-config int nve1 <-- Display the resulting derived config
Building configuration...
Derived configuration : 721 bytes
!
interface nve1
source-interface Loopback2
host-reachability protocol bgp
member vni 20101 ingress-replication
member vni 20102 ingress-replication
member vni 20105 mcast-group 239.2.1.105
member vni 20106 mcast-group 239.2.1.106
member vni 20111 ingress-replication
member vni 20112 ingress-replication
member vni 20113 ingress-replication
member vni 20114 ingress-replication
member vni 20121 mcast-group 239.2.1.121
member vni 20122 mcast-group 239.2.1.122
member vni 20123 mcast-group 239.2.1.123
member vni 20124 mcast-group 239.2.1.124
member vni 20131 ingress-replication
member vni 20132 ingress-replication
Note: This config is shown using "derived config" and does not appear in a standard "show run"
Auto EVI
Use show l2vpn evpn evi to verify the auto created EVI and corresponding profile.
leaf1#show l2vpn evpn evi 101 detail
EVPN instance: 101 (VLAN Based)
Profile: default
RD: 1.1.1.2:32868 (auto)
Import-RTs: 1:20101
Export-RTs: 1:20101
Per-EVI Label: none
State: Established
Replication Type: Ingress (profile)
Encapsulation: vxlan (profile)
IP Local Learn: Enabled (global)
Adv. Def. Gateway: Disabled (global)
Re-originate RT5: Disabled (profile)
Adv. Multicast: Enabled (global)
AR Flood Suppress: Enabled (global)
Vlan: 101
Protected: False
Ethernet-Tag: 0
State: Established
Flood Suppress: Attached
Core If:
Access If:
NVE If:
RMAC: 0000.0000.0000
Core Vlan: 0
L2 VNI: 20101
L3 VNI: 0
VTEP IP: UNKNOWN
Pseudoports:
none
Additional CLI Simplification Example
L3 VRF simplification
A similar approach is used for the L3VNI and Core-VLAN for the VRF. See Use VNID to Auto Provision L3VNI, Core-SVI, Core-vlan on Catalyst 9000 Switches for the VRF simplification.
Also refer to this example:
Simpified CLI
|
Legacy CLI
|
vrf definition red
rd auto
vnid 30010 evpn-instance
address-family ipv4
exit-address-family
!
vrf definition green
vnid 30011 evpn-instance vni auto
address-family ipv4
exit-address-family
!
vrf definition blue
vnid 30012 evpn-instance vni auto core-vlan 300
address-family ipv4
exit-address-family
!
interface nve1
source-interface Loopback0
host-reachability protocol bgp
!
router bgp 65001
…
|
vrf definition red
rd 1.1.1.1:3
address-family ipv4
route-target export 65001:30010
route-target import 65001:30010
route-target export 65001:30010 stitching
route-target import 65001:30010 stitching
exit-address-family
!
vrf definition green
rd 1.1.1.1:4
address-family ipv4
route-target export 65001:30011
route-target import 65001:30011
route-target export 65001:30011 stitching
route-target import 65001:30011 stitching
exit-address-family
!
vrf definition blue
rd 1.1.1.1:5
address-family ipv4
route-target export 65001:30012
route-target import 65001:30012
route-target export 65001:30012 stitching
route-target import 65001:30012 stitching
exit-address-family
!
…
vlan configuration 201
member vni 30012
!
interface Vlan300
vrf forwarding blue
ip unnumbered loopback0
!
…
interface nve1
source-interface Loopback0
host-reachability protocol bgp
member vni 30011 vrf green
member vni 30012 vrf blue
!
router bgp 65001
…
|
Related Information