EVPN L2 VxLAN

Example model & SONiC version:

  • Aurora 610
  • Netberg SONiC: SONiC.202111-nba610-support, SONiC.master.0-20220721

Configuring EVPN

Limitations:

  • EVPN supports only IPv4 VTEP addresses.
  • Intel Tofino 1 doesn’t support P2MP tunnel based L2 forwarding
EVPN VxLAN on SONiC by Netberg
Figure 1. Network topology

Pre-configuration:

Procedure :

  1. Establish BGP Session between Ethernet53 and announce the network.

    Aurora nba610-1:

    admin@nba610-1:~$ vtysh
    
    Hello, this is FRRouting (version 7.5.1-sonic).
    Copyright 1996-2005 Kunihiro Ishiguro, et al.
    
    nba610-1# configure terminal
    nba610-1(config)# router bgp 65100
    nba610-1(config-router)# bgp router-id 10.10.10.1
    nba610-1(config-router)# neighbor 10.0.1.0 remote-as 65100
    nba610-1(config-router)# address-family ipv4
    nba610-1(config-router-af)# network 10.10.10.1/32
    nba610-1(config-router-af)# end
    nba610-1# write
    nba610-1# exit

    Aurora nba610-2:

    admin@nba610-2:~$ vtysh
    
    Hello, this is FRRouting (version 7.5.1-sonic).
    Copyright 1996-2005 Kunihiro Ishiguro, et al.
    
    nba610-2# configure terminal
    nba610-2(config)# router bgp 65100
    nba610-2(config-router)# bgp router-id 10.10.10.101
     nba610-2(config-router)# neighbor 10.0.1.1 remote-as 65100
    nba610-2(config-router)# address-family ipv4
    nba610-2(config-router-af)# network 10.10.10.101/32
    nba610-2(config-router-af)# end
    nba610-2# write
    nba610-2# exit
  2. Create VxLANs

    Aurora nba610-1:

    admin@nba610-1:~$ sudo config vxlan add vtep 10.10.10.1   --> config vxlan add <vtepname> <src_ipv4>
    admin@nba610-1:~$ sudo config vxlan evpn_nvo add nvo vtep --> config vxlan evpn_nvo add <nvoname> <vtepname>
    admin@nba610-1:~$ sudo config vxlan map add vtep 100 1000 --> config vxlan map add <vtepname> <vlanid> <vnid>

    Aurora nba610-2:

    admin@nba610-2:~$ sudo config vxlan add vtep 10.10.10.101
    admin@nba610-2:~$ sudo config vxlan evpn_nvo add nvo vtep
    admin@nba610-2:~$ sudo config vxlan map add vtep 100 1000
    • VNI (VxLAN Network Identifier) – uniquely identifies the VxLAN.
    • VTEP (Virtual Tunnel End Point) – the entity that performs the encapsulation and decapsulation of packets.
    • One switch can have only one VTEP with a unique identifier, such as the Loopback0 IP address.
    • NVO (Network Virtualization Overlay) – only one NVO is allowed on one device.

    We created VTEP named “vtep”, NVO named “nvo”, and VN Identifier (VNID) 1000.

  3. Announce L2VPN EVPN routes.

    Aurora nba610-1:

    admin@nba610-1:~$ vtysh
    
    Hello, this is FRRouting (version 7.5.1-sonic).
    Copyright 1996-2005 Kunihiro Ishiguro, et al.
    
    nba610-1# configure terminal
    nba610-1(config)# router bgp 65100
    nba610-1(config-router)# address-family l2vpn evpn
    nba610-1(config-router-af)# neighbor 10.0.1.0 activate
    nba610-1(config-router-af)# advertise-all-vni
    nba610-1(config-router-af)# end
    nba610-1# write
    nba610-1# exit

    Aurora nba610-2:

    admin@nba610-2:~$ vtysh
    
    Hello, this is FRRouting (version 7.5.1-sonic).
    Copyright 1996-2005 Kunihiro Ishiguro, et al.
    
    nba610-2# configure terminal
    nba610-2(config)# router bgp 65100
    nba610-2(config-router)# address-family l2vpn evpn
    nba610-2(config-router-af)# neighbor 10.0.1.1 activate
    nba610-2(config-router-af)# advertise-all-vni
    nba610-2(config-router-af)# end
    nba610-2# write
    nba610-2# exit

Result

Check vxlan interface configuration

Aurora nba610-1:

admin@nba610-1:~$ show vxlan interface
VTEP Information:

VTEP Name : vtep, SIP  : 10.10.10.1
NVO Name  : nvo,  VTEP : vtep
Source interface  : Loopback0

Aurora nba610-2:

admin@nba610-2:~$ show vxlan interface
VTEP Information:

VTEP Name : vtep, SIP  : 10.10.10.101
NVO Name  : nvo,  VTEP : vtep
Source interface  : Loopback0

Check VxLAN and VLAN mapping.

Aurora nba610-1:

admin@nba610-1:~$ show vxlan vlanvnimap
+---------+-------+
| VLAN    |   VNI |
+=========+=======+
| Vlan100 |  1000 |
+---------+-------+
Total count : 1

Aurora nba610-2:

admin@nba610-2:~$ show vxlan vlanvnimap
+---------+-------+
| VLAN    |   VNI |
+=========+=======+
| Vlan100 |  1000 |
+---------+-------+
Total count : 1

Check the status for Vxlan tunneling.

Aurora nba610-1:

admin@nba610-1:~$ show vxlan tunnel
vxlan tunnel name    source ip    destination ip    tunnel map name    tunnel map mapping(vni -> vlan)
-------------------  -----------  ----------------  -----------------  ---------------------------------
vtep                 10.10.10.1                     map_1000_Vlan100   1000 -> Vlan100
admin@nba610-1:~$ show vxlan remotevtep
+------------+--------------+-------------------+--------------+
| SIP        | DIP          | Creation Source   | OperStatus   |
+============+==============+===================+==============+
| 10.10.10.1 | 10.10.10.101 | EVPN              | oper_up    |
+------------+--------------+-------------------+--------------+
Total count : 1

Aurora nba610-2:

admin@nba610-2:~$ show vxlan tunnel
vxlan tunnel name    source ip    destination ip    tunnel map name    tunnel map mapping(vni -> vlan)
-------------------  -----------  ----------------  -----------------  ---------------------------------
vtep                 10.10.10.101                   map_1000_Vlan100   1000 -> Vlan100
admin@nba610-2:~$ show vxlan remotevtep
+--------------+------------+-------------------+--------------+
| SIP          | DIP        | Creation Source   | OperStatus   |
+==============+============+===================+==============+
| 10.10.10.101 | 10.10.10.1 | EVPN              | oper_up    |
+--------------+------------+-------------------+--------------+
Total count : 1

Check learned MACs:

admin@nba610-1:~$ show mac
  No.    Vlan  MacAddress         Port        Type
-----  ------  -----------------  ----------  -------
    1      100 B4:96:91:B3:C7:C8  Ethernet77  Dynamic
Total number of entries 1
admin@nba610-1:~$ show vxlan remotemac all
+--------+-------------------+--------------+-------+---------+
| VLAN   | MAC               | RemoteVTEP   |   VNI | Type    |
+========+===================+==============+=======+=========+
| Vlan100 | b4:96:91:b3:c7:c9 | 10.10.10.101 |  1000 | dynamic |
+--------+-------------------+--------------+-------+---------+
Total count : 1
admin@nba610-2:~$ show mac
  No.    Vlan  MacAddress         Port        Type
-----  ------  -----------------  ----------  -------
    1      100 B4:96:91:B3:C7:C9  Ethernet77  Dynamic
Total number of entries 1
admin@nba610-2:~$ show vxlan remotemac all
+--------+-------------------+--------------+-------+---------+
| VLAN   | MAC               | RemoteVTEP   |   VNI | Type    |
+========+===================+==============+=======+=========+
| Vlan100 | b4:96:91:b3:c7:c8 | 10.10.10.1   |  1000 | dynamic |
+--------+-------------------+--------------+-------+---------+
Total count : 1

FRR status

BGP session:

nba610-1# show bgp ipv4 summary

IPv4 Unicast Summary (VRF default):
BGP router identifier 10.10.10.1, local AS number 65100 vrf-id 0
BGP table version 4
RIB entries 3, using 552 bytes of memory
Peers 1, using 723 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
10.0.1.0        4      65100        95        97        0    0    0 01:20:35            1        1 N/A

Total number of neighbors 1
nba610-2# show bgp ipv4 summary

IPv4 Unicast Summary:
BGP router identifier 10.10.10.101, local AS number 65100 vrf-id 0
BGP table version 6
RIB entries 3, using 576 bytes of memory
Peers 1, using 21 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
10.0.1.1        4      65100       108       101        0    0    0 01:20:22            1        1

Total number of neighbors 1

EVPN BGP session

nba610-1# show bgp l2vpn evpn summary
BGP router identifier 10.10.10.1, local AS number 65100 vrf-id 0
BGP table version 0
RIB entries 3, using 552 bytes of memory
Peers 1, using 723 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
10.0.1.0        4      65100        96        98        0    0    0 01:21:30            3        3 N/A

Total number of neighbors 1
nba610-2# show bgp l2vpn evpn summary
BGP router identifier 10.10.10.101, local AS number 65100 vrf-id 0
BGP table version 0
RIB entries 5, using 960 bytes of memory
Peers 1, using 21 KiB of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt
10.0.1.1        4      65100       109       102        0    0    0 01:21:43            3        3

Total number of neighbors 1

Underlay routing

nba610-1# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

K>* 0.0.0.0/0 [0/202] via 192.168.0.1, eth0, 02:45:35
C>* 10.0.1.0/31 is directly connected, Ethernet53, 02:06:30
C>* 10.10.10.1/32 is directly connected, Loopback0, 02:03:30
B>* 10.10.10.101/32 [200/0] via 10.0.1.0, Ethernet53, weight 1, 01:23:05
C>* 192.168.0.0/24 is directly connected, eth0, 02:45:36
nba610-2# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

K>* 0.0.0.0/0 [0/202] via 192.168.0.1, eth0, 02:08:30
C>* 10.0.1.0/31 is directly connected, Ethernet53, 02:06:24
B>* 10.10.10.1/32 [200/0] via 10.0.1.1, Ethernet53, weight 1, 01:22:59
C>* 10.10.10.101/32 is directly connected, Loopback0, 02:08:13
C>* 192.168.0.0/24 is directly connected, eth0, 02:08:31

VxLAN VNI

nba610-1# show evpn vni detail
VNI: 1000
 Type: L2
 Tenant VRF: default
 VxLAN interface: vtep-100
 VxLAN ifIndex: 135
 Local VTEP IP: 10.10.10.1
 Mcast group: 0.0.0.0
 Remote VTEPs for this VNI:
  10.10.10.101 flood: HER
 Number of MACs (local and remote) known for this VNI: 2
 Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 2
 Advertise-gw-macip: No
nba610-2# show evpn vni detail
VNI: 1000
 Type: L2
 Tenant VRF: default
 VxLAN interface: vtep-100
 VxLAN ifIndex: 13
 Local VTEP IP: 10.10.10.101
 Mcast group: 0.0.0.0
 Remote VTEPs for this VNI:
  10.10.10.1 flood: HER
 Number of MACs (local and remote) known for this VNI: 3
 Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 3
 Advertise-gw-macip: No

EVPN MAC learning

nba610-1# show evpn mac vni all
VNI 1000 #MACs (local and remote) 2
Flags: N=sync-neighs, I=local-inactive, P=peer-active, X=peer-proxy
MAC               Type   Flags Intf/Remote ES/VTEP            VLAN  Seq #'s
b4:96:91:b3:c7:c9 remote       10.10.10.101                         0/0
b4:96:91:b3:c7:c8 local        Ethernet77                     30    0/0
70:b3:d5:cc:fe:5c local        Vlan100                        30    0/0
nba610-2# show evpn mac vni all
VNI 1000 #MACs (local and remote) 3
Flags: N=sync-neighs, I=local-inactive, P=peer-active, X=peer-proxy
MAC               Type   Flags Intf/Remote ES/VTEP            VLAN  Seq #'s
b4:96:91:b3:c7:c9 local        Ethernet77                     30    0/0
b4:96:91:b3:c7:c8 remote       10.10.10.1                           0/0
70:b3:d5:cc:fe:58 local        Vlan100                        30    0/0

Type 2 EVPN routes

nba610-1# show bgp l2vpn evpn route type macip
BGP table version is 9, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[EthTag]:[ESI]:[IPlen]:[VTEP-IP]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]

   Network          Next Hop            Metric LocPrf Weight Path
                    Extended Community
Route Distinguisher: 10.10.10.1:6
*> [2]:[0]:[48]:[b4:96:91:b3:c7:c8]
                    10.10.10.1                         32768 i
                    ET:8 RT:65100:3000
*> [2]:[0]:[48]:[b4:96:91:b3:c7:c8]:[128]:[fe80::b696:91ff:feb3:c7c8]
                    10.10.10.1                         32768 i
                    ET:8 RT:65100:3000
Route Distinguisher: 10.10.10.101:2
*>i[2]:[0]:[48]:[b4:96:91:b3:c7:c9]
                    10.10.10.101                  100      0 i
                    RT:65100:3000 ET:8
*>i[2]:[0]:[48]:[b4:96:91:b3:c7:c9]:[128]:[fe80::b696:91ff:feb3:c7c9]
                    10.10.10.101                  100      0 i
                    RT:65100:3000 ET:8

Displayed 4 prefixes (4 paths) (of requested type)
nba610-2# show bgp l2vpn evpn route type macip
BGP table version is 9, local router ID is 10.10.10.101
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[ESI]:[EthTag]:[IPlen]:[VTEP-IP]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]

   Network          Next Hop            Metric LocPrf Weight Path
                    Extended Community
Route Distinguisher: 10.10.10.1:6
*>i[2]:[0]:[48]:[b4:96:91:b3:c7:c8]
                    10.10.10.1                    100      0 i
                    RT:65100:3000 ET:8
*>i[2]:[0]:[48]:[b4:96:91:b3:c7:c8]:[128]:[fe80::b696:91ff:feb3:c7c8]
                    10.10.10.1                    100      0 i
                    RT:65100:3000 ET:8
Route Distinguisher: 10.10.10.101:2
*> [2]:[0]:[48]:[b4:96:91:b3:c7:c9]
                    10.10.10.101                       32768 i
                    ET:8 RT:65100:3000
*> [2]:[0]:[48]:[b4:96:91:b3:c7:c9]:[128]:[fe80::b696:91ff:feb3:c7c9]
                    10.10.10.101                       32768 i
                    ET:8 RT:65100:3000

Displayed 4 prefixes (4 paths) (of requested type)

Type 3 EVPN routes

nba610-1# show bgp l2vpn evpn route type multicast
BGP table version is 9, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[EthTag]:[ESI]:[IPlen]:[VTEP-IP]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]

   Network          Next Hop            Metric LocPrf Weight Path
                    Extended Community
Route Distinguisher: 10.10.10.1:6
*> [3]:[0]:[32]:[10.10.10.1]
                    10.10.10.1                         32768 i
                    ET:8 RT:65100:3000
Route Distinguisher: 10.10.10.101:2
*>i[3]:[0]:[32]:[10.10.10.101]
                    10.10.10.101                  100      0 i
                    RT:65100:3000 ET:8

Displayed 2 prefixes (2 paths) (of requested type)
nba610-2# show bgp l2vpn evpn route type multicast
BGP table version is 9, local router ID is 10.10.10.101
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[ESI]:[EthTag]:[IPlen]:[VTEP-IP]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]

   Network          Next Hop            Metric LocPrf Weight Path
                    Extended Community
Route Distinguisher: 10.10.10.1:6
*>i[3]:[0]:[32]:[10.10.10.1]
                    10.10.10.1                    100      0 i
                    RT:65100:3000 ET:8
Route Distinguisher: 10.10.10.101:2
*> [3]:[0]:[32]:[10.10.10.101]
                    10.10.10.101                       32768 i
                    ET:8 RT:65100:3000

Displayed 2 prefixes (2 paths) (of requested type)