[Enterprise SONiC] Asymmetric EVPN IRB Follow
Tested model & firmware version:
- Switch model name:
AS7326-56X
AS7726-32X
AS5835-54X(T)
- Edgecore SONiC version:
202006.4
202012.2
202111.3
202111.8
Restriction:
- EVPN only supports ipv4 in the current version, it doesn't support ipv6.
Asymmetric EVPN IRB
Topology:
Note :
- BGP, EVPN and VxLAN related articles are available in here, Routing (BGP) , EVPN & VxLAN.
- All VNI is belong to L2 VNI.
- Since VXLAN routing traffic will be locally routed, encapsulated, and then sent out with the target subnet's VNI in asymmetric IRB, it is crucial to ensure consistency in VTEP VNI mapping and VLAN configuration settings across all endpoints. Otherwise, VXLAN routing may not be possible.
Procedure:
Step 1. Setup VLAN environment as topology. Please refer to VLAN & Inter-VLAN Routing article.
Step 2. Configure IP address on SONiC01 Ethernet48 and SONiC02 Ethernet52.
#SONiC01
admin@SONIC01:~$sudo config interface ip add Ethernet48 10.0.0.4/31
#SONiC02
admin@SONIC02:~$sudo config interface ip add Ethernet52 10.0.0.5/31
Step 3: Configure IP address to Loopback0 of both switches.
#SONiC01
admin@SONIC01:~$ sudo config interface ip add Loopback0 1.1.1.1/32
#SONiC02
admin@SONIC02:~$ sudo config interface ip add Loopback0 2.2.2.2/32
Step 4. Create VxLAN
#SONiC01
admin@SONIC01:~$sudo config vxlan add vtep 1.1.1.1 → configuring VTEP_name (vtep) and its IP address
admin@SONIC01:~$sudo config vxlan evpn_nvo add nvo vtep → create nvo_name (nvo) and bind it to VTEP_name (vtep)
admin@SONIC01:~$sudo config vxlan map add vtep 10 1000 → mapping VNI 1000 to VLAN 10
admin@SONIC01:~$sudo config vxlan map add vtep 20 2000 → mapping VNI 2000 to VLAN 20
admin@SONIC01:~$sudo config save -y
#SONiC02
admin@SONIC01:~$sudo config vxlan add vtep 2.2.2.2 → configuring VTEP_name (vtep) and its IP address
admin@SONIC01:~$sudo config vxlan evpn_nvo add nvo vtep → create nvo_name (nvo) and bind it to VTEP_name (vtep)
admin@SONIC01:~$sudo config vxlan map add vtep 10 1000 → mapping VNI 1000 to VLAN 10
admin@SONIC01:~$sudo config vxlan map add vtep 20 2000 → mapping VNI 2000 to VLAN 20
admin@SONIC01:~$sudo config save -y
Step 5. Establish BGP environment for EVPN.
#SONiC01
admin@7726:~$ vtysh → enter vtysh shell
Hello, this is FRRouting (version 7.2.1-sonic).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
sonic# configure terminal
sonic(config)#router bgp 65100 → assign BGP AS number
sonic(config-router)#neighbor 10.0.0.5 remote-as 65100 → assign Ethernet48 IP address to connect via IBGP with peering on same AS
sonic(config-router)# address-family ipv4 unicast → Enter address-family ipv4
sonic(config-router-af)# network 1.1.1.1/32 → Announce 1.1.1.1 network
sonic(config-router-af)# exit
sonic(config-router)#address-family l2vpn evpn → enter EVPN setting
sonic(config-router-af)#neighbor 10.0.0.5 activate → activate EVPN for neighbor 10.0.0.5
sonic(config-router-af)#advertise-all-vni → advertise all VNI routing
sonic(config-router-af)#exit
#SONiC02
admin@7726:~$ vtysh → enter vtysh shell
Hello, this is FRRouting (version 7.2.1-sonic).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
sonic# configure terminal
sonic(config)#router bgp 65100 → assign BGP AS number
sonic(config-router)#neighbor 10.0.0.4 remote-as 65100 → assign Ethernet52 IP address to connect via IBGP with peering on same AS
sonic(config-router)# address-family ipv4 unicast → Enter address-family ipv4
sonic(config-router-af)# network 2.2.2.2/32 → Announce 2.2.2.2 network
sonic(config-router-af)# exit
sonic(config-router)#address-family l2vpn evpn → enter EVPN setting
sonic(config-router-af)#neighbor 10.0.0.4 activate → activate EVPN for neighbor 10.0.0.4
sonic(config-router-af)#advertise-all-vni → advertise all VNI routing
sonic(config-router-af)#exit
Step 6. Check EVPN-VNI status in FRR.
#SONiC01
sonic# show evpn vni
VNI Type VxLAN IF # MACs # ARPs # Remote VTEPs Tenant VRF
1000 L2 vtep-10 1 2 1 default
2000 L2 vtep-20 1 2 1 default
sonic# show evpn vni detail
VNI: 1000
Type: L2
Tenant VRF: default
VxLAN interface: vtep-10
VxLAN ifIndex: 67
SVI interface: Vlan10
SVI ifIndex: 9
Local VTEP IP: 1.1.1.1
Mcast group: 0.0.0.0
Remote VTEPs for this VNI:
2.2.2.2 flood: HER
Number of MACs (local and remote) known for this VNI: 1
Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 2
Advertise-gw-macip: No
Advertise-svi-macip: No
VNI: 2000
Type: L2
Tenant VRF: default
VxLAN interface: vtep-20
VxLAN ifIndex: 68
SVI interface: Vlan20
SVI ifIndex: 10
Local VTEP IP: 1.1.1.1
Mcast group: 0.0.0.0
Remote VTEPs for this VNI:
2.2.2.2 flood: HER
Number of MACs (local and remote) known for this VNI: 1
Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 2
Advertise-gw-macip: No
Advertise-svi-macip: No
#SONiC02
sonic# show evpn vni
VNI Type VxLAN IF # MACs # ARPs # Remote VTEPs Tenant VRF
1000 L2 vtep-10 1 2 1 default
2000 L2 vtep-20 1 2 1 default
sonic# show evpn vni detail
VNI: 1000
Type: L2
Tenant VRF: default
VxLAN interface: vtep-10
VxLAN ifIndex: 67
SVI interface: Vlan10
SVI ifIndex: 65
Local VTEP IP: 2.2.2.2
Mcast group: 0.0.0.0
Remote VTEPs for this VNI:
1.1.1.1 flood: HER
Number of MACs (local and remote) known for this VNI: 1
Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 2
Advertise-gw-macip: No
Advertise-svi-macip: No
VNI: 2000
Type: L2
Tenant VRF: default
VxLAN interface: vtep-20
VxLAN ifIndex: 68
SVI interface: Vlan20
SVI ifIndex: 66
Local VTEP IP: 2.2.2.2
Mcast group: 0.0.0.0
Remote VTEPs for this VNI:
1.1.1.1 flood: HER
Number of MACs (local and remote) known for this VNI: 1
Number of ARPs (IPv4 and IPv6, local and remote) known for this VNI: 2
Advertise-gw-macip: No
Advertise-svi-macip: No
Step 7. Check BGP EVPN status.
#SONiC01
sonic# show bgp l2vpn evpn
BGP table version is 3, local router ID is 192.168.2.253
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[EthTag]:[ESI]:[IPlen]:[VTEP-IP]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 192.168.2.253:2
*> [2]:[0]:[48]:[b8:6a:97:19:ba:12]
1.1.1.1 32768 i
ET:8 RT:65100:1000
*> [2]:[0]:[48]:[b8:6a:97:19:ba:12]:[32]:[192.168.1.1]
1.1.1.1 32768 i
ET:8 RT:65100:1000
*> [3]:[0]:[32]:[1.1.1.1]
1.1.1.1 32768 i
ET:8 RT:65100:1000
Route Distinguisher: 192.168.2.253:3
*> [3]:[0]:[32]:[1.1.1.1]
1.1.1.1 32768 i
ET:8 RT:65100:2000
Route Distinguisher: 192.168.2.254:2
*>i[3]:[0]:[32]:[2.2.2.2]
2.2.2.2 100 0 i
RT:65100:1000 ET:8
Route Distinguisher: 192.168.2.254:3
*>i[2]:[0]:[48]:[80:a2:35:5a:22:50]
2.2.2.2 100 0 i
RT:65100:2000 ET:8
*>i[2]:[0]:[48]:[80:a2:35:5a:22:50]:[32]:[192.168.2.1]
2.2.2.2 100 0 i
RT:65100:2000 ET:8
*>i[3]:[0]:[32]:[2.2.2.2]
2.2.2.2 100 0 i
RT:65100:2000 ET:8
Displayed 8 out of 8 total prefixes
sonic# show bgp l2vpn evpn
BGP table version is 9, local router ID is 192.168.2.254
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[EthTag]:[ESI]:[IPlen]:[VTEP-IP]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 192.168.2.253:2
*>i[2]:[0]:[48]:[b8:6a:97:19:ba:12]
1.1.1.1 100 0 i
RT:65100:1000 ET:8
*>i[2]:[0]:[48]:[b8:6a:97:19:ba:12]:[32]:[192.168.1.1]
1.1.1.1 100 0 i
RT:65100:1000 ET:8
*>i[3]:[0]:[32]:[1.1.1.1]
1.1.1.1 100 0 i
RT:65100:1000 ET:8
Route Distinguisher: 192.168.2.253:3
*>i[3]:[0]:[32]:[1.1.1.1]
1.1.1.1 100 0 i
RT:65100:2000 ET:8
Route Distinguisher: 192.168.2.254:2
*> [3]:[0]:[32]:[2.2.2.2]
2.2.2.2 32768 i
ET:8 RT:65100:1000
Route Distinguisher: 192.168.2.254:3
*> [2]:[0]:[48]:[80:a2:35:5a:22:50]
2.2.2.2 32768 i
ET:8 RT:65100:2000
*> [2]:[0]:[48]:[80:a2:35:5a:22:50]:[32]:[192.168.2.1]
2.2.2.2 32768 i
ET:8 RT:65100:2000
*> [3]:[0]:[32]:[2.2.2.2]
2.2.2.2 32768 i
ET:8 RT:65100:2000
Displayed 8 out of 8 total prefixes
Step 8. Check VNI MAC learning.
#SONiC01
sonic# show evpn mac vni all
VNI 1000 #MACs (local and remote) 1
Flags: N=sync-neighs, I=local-inactive, P=peer-active, X=peer-proxy
MAC Type Flags Intf/Remote ES/VTEP VLAN Seq #'s
b8:6a:97:19:ba:12 local Ethernet52 10 0/0
VNI 2000 #MACs (local and remote) 1
Flags: N=sync-neighs, I=local-inactive, P=peer-active, X=peer-proxy
MAC Type Flags Intf/Remote ES/VTEP VLAN Seq #'s
80:a2:35:5a:22:50 remote 2.2.2.2 0/0
#SONiC02
sonic# show evpn mac vni all
VNI 1000 #MACs (local and remote) 1
Flags: N=sync-neighs, I=local-inactive, P=peer-active, X=peer-proxy
MAC Type Flags Intf/Remote ES/VTEP VLAN Seq #'s
b8:6a:97:19:ba:12 remote 1.1.1.1 0/0
VNI 2000 #MACs (local and remote) 1
Flags: N=sync-neighs, I=local-inactive, P=peer-active, X=peer-proxy
MAC Type Flags Intf/Remote ES/VTEP VLAN Seq #'s
80:a2:35:5a:22:50 local Ethernet56 20 0/0
Step 9. Check ARP learning table. Hosts ARP shall be learnt by both switches.
#SONiC01
sonic# show evpn arp-cache vni all
VNI 1000 #ARP (IPv4 and IPv6, local and remote) 2
Flags: I=local-inactive, P=peer-active, X=peer-proxy
Neighbor Type Flags State MAC Remote ES/VTEP Seq #'s
192.168.1.253 local inactive 68:21:5f:29:c0:d2 0/0
192.168.1.1 local active b8:6a:97:19:ba:12 0/0
VNI 2000 #ARP (IPv4 and IPv6, local and remote) 2
Flags: I=local-inactive, P=peer-active, X=peer-proxy
Neighbor Type Flags State MAC Remote ES/VTEP Seq #'s
192.168.2.254 local inactive 68:21:5f:29:c0:d2 0/0
192.168.2.1 remote active 80:a2:35:5a:22:50 2.2.2.2 0/0
#SONiC02
sonic# show evpn arp-cache vni all
VNI 1000 #ARP (IPv4 and IPv6, local and remote) 2
Flags: I=local-inactive, P=peer-active, X=peer-proxy
Neighbor Type Flags State MAC Remote ES/VTEP Seq #'s
192.168.1.254 local inactive 00:a0:c9:00:00:00 0/0
192.168.1.1 remote active b8:6a:97:19:ba:12 1.1.1.1 0/0
VNI 2000 #ARP (IPv4 and IPv6, local and remote) 2
Flags: I=local-inactive, P=peer-active, X=peer-proxy
Neighbor Type Flags State MAC Remote ES/VTEP Seq #'s
192.168.2.253 local inactive 00:a0:c9:00:00:00 0/0
192.168.2.1 local active 80:a2:35:5a:22:50 0/0
Comments
0 comments
Please sign in to leave a comment.