In this part we are going to look at the EVPN overlay setup of the topology. This allows the sharing of the layer 2 information learnt at each leaf switch. For this, we will use BGP.
Lets remind ourselves of the topology:
The BGP setup will have the spines as Route Reflectors to the topology so that we achieve a level of redundancy and all peerings will be iBGP within each DC. Two address families will be used for the exchange of NLRI, a standard IPv4 Unicast peering and then L2VPN EVPN.
First, we need to set the overlay to EVPN on all switches in the topology:
nv overlay evpnDC1 BGP Configuration
The BGP configuration for the cores is:
route-map RMAP-REDIST-DIRECT permit 10
router bgp 100
log-neighbor-changes
address-family ipv4 unicast
redistribute direct route-map RMAP-REDIST-DIRECT
template peer SPINE
remote-as 100
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
rewrite-evpn-rt-asn
address-family ipv4 unicast
send-community
send-community extended
template peer DC2-CORE
remote-as 200
update-source loopback0
ebgp-multihop 5
peer-type fabric-external
address-family l2vpn evpn
send-community
send-community extended
rewrite-evpn-rt-asn
address-family ipv4 unicast
send-community
send-community extended
neighbor 10.0.0.5
inherit peer SPINE
neighbor 10.0.0.6
inherit peer SPINE
neighbor 10.0.0.3
inherit peer DC2-CORE
neighbor 10.0.0.4
inherit peer DC2-CORE
neighbor x.x.x.x <------ Replace with DCI Peer IP
remote-as 200
update-source Ethernet1/1
address-family ipv4 unicast
neighbor x.x.x.x <------ Replace with loopback0 of other local Core switch
remote-as 100
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
address-family ipv4 unicast
send-community
send-community extendedThis configuration basically peers with both Spine switches in the local DC using loopbacks and uses address-families for ipv4 and l2vpn evpn. There is also a standalone ipv4 unicast peering via the DCI interface to get the connectivity to the other DC, then there are peerings to both Core switches in the opposite DC using loopbacks and using address-families for ipv4 and l2vpn evpn. Finally, there is a peering between the local Core switches for resiliency.
The BGP configuration for the spines is:
router bgp 100
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
template peer CORE
remote-as 100
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
address-family ipv4 unicast
send-community
send-community extended
route-reflector-client
template peer LEAF
remote-as 100
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
address-family ipv4 unicast
send-community
send-community extended
route-reflector-client
neighbor 10.0.0.1
inherit peer CORE
neighbor 10.0.0.2
inherit peer CORE
neighbor 10.0.0.9
inherit peer LEAF
neighbor 10.0.0.11
inherit peer LEAFThis configuration basically peers with both Core and Leaf switches in the local DC using loopbacks and uses address-families for ipv4 and l2vpn evpn, these are set at RR clients as the Spines act as BGP Route Reflectors.
And the configuration for the leaves:
router bgp 100
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
template peer SPINE
remote-as 100
update-source loopback0
address-family ipv4 unicast
send-community
send-community extended
address-family l2vpn evpn
send-community
send-community extended
neighbor 10.0.0.5
inherit peer SPINE
neighbor 10.0.0.6
inherit peer SPINEThis basic configuration gets the Leaves connected to the Spines using both address-families.
DC2 BGP Configuration
The BGP configuration for the cores is:
route-map RMAP-REDIST-DIRECT permit 10
router bgp 200
log-neighbor-changes
address-family ipv4 unicast
redistribute direct route-map RMAP-REDIST-DIRECT
template peer SPINE
remote-as 200
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
rewrite-evpn-rt-asn
address-family ipv4 unicast
send-community
send-community extended
template peer DC1-CORE
remote-as 100
update-source loopback0
ebgp-multihop 5
peer-type fabric-external
address-family l2vpn evpn
send-community
send-community extended
rewrite-evpn-rt-asn
address-family ipv4 unicast
send-community
send-community extended
neighbor 10.0.0.7
inherit peer SPINE
neighbor 10.0.0.8
inherit peer SPINE
neighbor 10.0.0.1
inherit peer DC1-CORE
neighbor 10.0.0.2
inherit peer DC1-CORE
neighbor x.x.x.x <------ Replace with DCI Peer IP
remote-as 100
update-source Ethernet1/1
address-family ipv4 unicast
neighbor x.x.x.x <------ Replace with loopback0 of other local Core switch
remote-as 200
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
address-family ipv4 unicast
send-community
send-community extendedThe BGP configuration for the spines is:
router bgp 200
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
template peer CORE
remote-as 200
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
address-family ipv4 unicast
send-community
send-community extended
route-reflector-client
template peer LEAF
remote-as 200
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
address-family ipv4 unicast
send-community
send-community extended
route-reflector-client
neighbor 10.0.0.3
inherit peer CORE
neighbor 10.0.0.4
inherit peer CORE
neighbor 10.0.0.10
inherit peer LEAF
neighbor 10.0.0.12
inherit peer LEAFAnd the configuration for the leaves:
router bgp 200
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
template peer SPINE
remote-as 200
update-source loopback0
address-family ipv4 unicast
send-community
send-community extended
address-family l2vpn evpn
send-community
send-community extended
neighbor 10.0.0.7
inherit peer SPINE
neighbor 10.0.0.8
inherit peer SPINEVerification
Now we can do some verification that everything is configured correctly. All peerings should be UP when the following commands are used:
show bgp ipv4 unicast summary
show bgp l2vpn evpn summary We should also be able to see a lot of routes on the Leaf switches in the IPv4 unicast RIB:
DC1-LEAF1# show bgp ipv4 unicast
BGP routing table information for VRF default, address family IPv4 Unicast
BGP table version is 82, Local Router ID is 10.0.0.9
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2
Network Next Hop Metric LocPrf Weight Path
*>i10.0.0.1/32 10.0.0.1 0 100 0 ?
* i 10.0.0.1 0 100 0 ?
*>i10.0.0.2/32 10.0.0.2 0 100 0 ?
* i 10.0.0.2 0 100 0 ?
*>i10.0.0.3/32 10.64.0.2 0 100 0 200 ?
* i 10.64.0.2 0 100 0 200 ?
*>i10.0.0.4/32 10.64.0.2 100 0 200 ?
* i 10.64.0.2 100 0 200 ?
*>i10.64.0.0/24 10.0.0.1 0 100 0 ?
* i 10.0.0.1 0 100 0 ?
*>i10.64.1.0/24 10.0.0.2 0 100 0 ?
* i 10.0.0.2 0 100 0 ?
*>i10.65.0.0/24 10.0.0.1 0 100 0 ?
* i 10.0.0.1 0 100 0 ?
*>i10.65.1.0/24 10.0.0.2 0 100 0 ?
* i 10.0.0.2 0 100 0 ?
*>i10.65.2.0/24 10.0.0.1 0 100 0 ?
* i 10.0.0.1 0 100 0 ?
*>i10.65.3.0/24 10.0.0.2 0 100 0 ?
* i 10.0.0.2 0 100 0 ?
*>i10.65.10.0/24 10.0.0.1 0 100 0 ?
* i 10.0.0.1 0 100 0 ?
*>i10.66.0.0/24 10.64.0.2 0 100 0 200 ?
* i 10.64.0.2 0 100 0 200 ?
*>i10.66.1.0/24 10.64.0.2 100 0 200 ?
* i 10.64.0.2 100 0 200 ?
*>i10.66.2.0/24 10.64.0.2 0 100 0 200 ?
* i 10.64.0.2 0 100 0 200 ?
*>i10.66.3.0/24 10.64.0.2 100 0 200 ?
* i 10.64.0.2 100 0 200 ?
*>i10.66.10.0/24 10.64.0.2 0 100 0 200 ?
* i 10.64.0.2 0 100 0 200 ?
*>i10.111.111.1/32 10.0.0.1 0 100 0 ?
* i 10.0.0.1 0 100 0 ?
*>i10.111.111.2/32 10.0.0.2 0 100 0 ?
* i 10.0.0.2 0 100 0 ?
*>i10.222.222.1/32 10.64.0.2 0 100 0 200 ?
* i 10.64.0.2 0 100 0 200 ?
*>i10.222.222.2/32 10.64.0.2 100 0 200 ?
* i 10.64.0.2 100 0 200 ?So we now have the underlay and overlay configured, we can move onto the VNI configuration in the next part.
0 Comments