Asymmetric EVPN IRB

Example model & SONiC version:

  • Aurora 610, Aurora 615, Aurora 715
  • Netberg SONiC: SONiC.202111-nba610-support, SONiC.master.0-20220721, SONiC.202012-nb-inno3

Asymmetric IRB feature list

  • Ingress VTEP needs MAC DA of the destination system.
  • Egress VTEP only bridges after decapsulation.
  • No L3 VNI concept, however VRFs can be created for each tenant. Can be in default VRF as well.
  • Asymmetric IRB can work with centralized routing.

Mac/route table usage

  • MAC Table – all end hosts
  • Neighbor Table – all end hosts
  • Route Table – all end hosts
  • VNIs – all VNIs in fabric

Scenarios for using Asymmetric IRB:

  • Suitable for centralized gateway deployment model
  • Networks that have legacy switches without L3 VXLAN support and must use centralized gateways
  • Small and medium scale data center deployments

Limitations:

  • EVPN supports only IPv4 VTEP addresses.
EVPN asymmetric IRB on SONiC by Netberg
Figure 1. Asymmetric EVPN IRB topology

Pre-configuration:

Procedure :

  1. Create VxLANs

    Aurora nba610-1:

    admin@nba610-1:~$ sudo config vxlan add vtep 10.10.10.1   --> config vxlan add <vtepname> <src_ipv4>
    admin@nba610-1:~$ sudo config vxlan evpn_nvo add nvo vtep --> config vxlan evpn_nvo add <nvoname> <vtepname>
    admin@nba610-1:~$ sudo config vxlan map add vtep 100 100 --> config vxlan map add <vtepname> <vlanid> <vnid>
    admin@nba610-1:~$ sudo config vxlan map add vtep 200 200

    Aurora nba610-2:

    admin@nba610-2:~$ sudo config vxlan add vtep 10.10.10.101
    admin@nba610-2:~$ sudo config vxlan evpn_nvo add nvo vtep
    admin@nba610-2:~$ sudo config vxlan map add vtep 100 100
    admin@nba610-2:~$ sudo config vxlan map add vtep 200 200
    • VNI (VxLAN Network Identifier) – uniquely identifies the VxLAN.
    • VTEP (Virtual Tunnel End Point) – the entity that performs the encapsulation and decapsulation of packets.
    • One switch can have only one VTEP with a unique identifier, such as the Loopback0 IP address.
    • NVO (Network Virtualization Overlay) – only one NVO is allowed on one device.
  2. Announce EVPN routes.

    Aurora nba610-1:

    admin@nba610-1:~$ vtysh
    
    Hello, this is FRRouting (version 7.5.1-sonic).
    Copyright 1996-2005 Kunihiro Ishiguro, et al.
    
    nba610-1# configure terminal
    nba610-1(config)# router bgp 65100
    nba610-1(config-router)# neighbor 10.0.1.0 remote-as 65100
    nba610-1(config-router)# neighbor 10.0.1.0 description nba610-2
    nba610-1(config-router)# address-family ipv4 unicast
    nba610-1(config-router-af)# network 10.10.10.1/32
    nba610-1(config-router-af)# exit
    nba610-1(config-router)# address-family l2vpn evpn
    nba610-1(config-router-af)# neighbor 10.0.1.0 activate
    nba610-1(config-router-af)# advertise-all-vni
    nba610-1(config-router-af)# end
    nba610-1# write
    nba610-1# exit

    Aurora nba610-2:

    admin@nba610-2:~$ vtysh
    
    Hello, this is FRRouting (version 7.5.1-sonic).
    Copyright 1996-2005 Kunihiro Ishiguro, et al.
    
    nba610-2# configure terminal
    nba610-2(config)# router bgp 65100
    nba610-2(config-router)# neighbor 10.0.1.1 remote-as 65100
    nba610-2(config-router)# neighbor 10.0.1.1 description nba610-1
    nba610-2(config-router)# address-family ipv4 unicast
    nba610-2(config-router-af)# network 10.10.10.101/32
    nba610-2(config-router-af)# exit
    nba610-2(config-router)# address-family l2vpn evpn
    nba610-2(config-router-af)# neighbor 10.0.1.1 activate
    nba610-2(config-router-af)# advertise-all-vni
    nba610-2(config-router-af)# end
    nba610-2# write
    nba610-2# exit

Result

Check EVPN-VNI status.

Aurora nba610-1:

nba610-1# show evpn vni
VNI        Type VxLAN IF              # MACs   # ARPs   # Remote VTEPs  Tenant VRF
100        L2   vtep-100              1        2        1               default
200        L2   vtep-200              1        2        1               default
nba610-1# show evpn vni detail
VNI: 100
 Type: L2
 Tenant VRF: default
 VxLAN interface: vtep-100
 VxLAN ifIndex: 68
 Local VTEP IP: 10.10.10.1
 Mcast group: 0.0.0.0
 Remote VTEPs for this VNI:
  10.10.10.101 flood: HER
 Number of MACs (local and remote) known for this VNI: 1
 Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 2
 Advertise-gw-macip: No

VNI: 200
 Type: L2
 Tenant VRF: default
 VxLAN interface: vtep-200
 VxLAN ifIndex: 69
 Local VTEP IP: 10.10.10.1
 Mcast group: 0.0.0.0
 Remote VTEPs for this VNI:
  10.10.10.101 flood: HER
 Number of MACs (local and remote) known for this VNI: 1
 Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 2
 Advertise-gw-macip: No

Aurora nba610-2:

nba610-2# show evpn vni
VNI        Type VxLAN IF              # MACs   # ARPs   # Remote VTEPs  Tenant VRF
200        L2   vtep-200              0        0        1               default
100        L2   vtep-100              0        0        1               default
nba610-2# show evpn vni detail
VNI: 200
 Type: L2
 Tenant VRF: default
 VxLAN interface: vtep-200
 VxLAN ifIndex: 72
 Local VTEP IP: 10.10.10.101
 Mcast group: 0.0.0.0
 Remote VTEPs for this VNI:
  10.10.10.1 flood: HER
 Number of MACs (local and remote) known for this VNI: 0
 Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 0
 Advertise-gw-macip: No
 Advertise-svi-macip: No

VNI: 100
 Type: L2
 Tenant VRF: default
 VxLAN interface: vtep-100
 VxLAN ifIndex: 71
 Local VTEP IP: 10.10.10.101
 Mcast group: 0.0.0.0
 Remote VTEPs for this VNI:
  10.10.10.1 flood: HER
 Number of MACs (local and remote) known for this VNI: 0
 Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 0
 Advertise-gw-macip: No
 Advertise-svi-macip: No

Check BGP EVPN status.

Aurora nba610-1:

admin@nba610-1:~$ show vxlan vlanvnimap
+---------+-------+
| VLAN    |   VNI |
+=========+=======+
| Vlan100 |  1000 |
+---------+-------+
Total count : 1

Aurora nba610-2:

admin@nba610-2:~$ show vxlan vlanvnimap
+---------+-------+
| VLAN    |   VNI |
+=========+=======+
| Vlan100 |  1000 |
+---------+-------+
Total count : 1