VXLAN EVPN Multi-Site – Part 5 – Anycast Gateways

Published by Nick Carlton on

In this part we are going to look at the anycast gateway setup of the topology. This will help get the servers off their local network.

Lets remind ourselves of the topology:

Image

Anycast gateways will be configured on each of the leaves using a virtual mac address so that mobility can be achieved without having to re-arp for the gateway MAC address. The same IP and MAC will be configured on each leaf.

Anycast basically means that everything has the same IP address and the closest instance of that IP address will be used when its requested. This is how services like Cloudflare work so you are routed to the closest node into their network.

Virtual Anycast MAC address

This anycast mac address should be configured on each leaf:

fabric forwarding anycast-gateway-mac aaaa.bbbb.cccc

We will see this Mac address in the ARP table of the clients as the Gateway.

VRF Configuration

We need a tenant VRF to hold the routes in to keep them away from the underlay network in the global routing table. This needs to be created on the Core and Leaf switches only:

vrf context overlay-900101
  vni 900101
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn

SVI Configuration

Now, we can configure the SVI interfaces with the anycast IP addresses. In this topology we have vlan 1000 and 1001. They need to be members of the VRF too. This configuration is for all leaves:

interface Vlan1000
  no shutdown
  vrf member overlay-900101
  ip address 10.10.1.254/24
  fabric forwarding mode anycast-gateway

interface Vlan1001
  no shutdown
  vrf member overlay-900101
  ip address 10.20.1.254/24
  fabric forwarding mode anycast-gateway

Verification

Now, we can verify the configuration by trying to ping the local anycast gateway from a server:

VPCS> ping 10.10.1.254

84 bytes from 10.10.1.254 icmp_seq=1 ttl=255 time=2.421 ms
84 bytes from 10.10.1.254 icmp_seq=2 ttl=255 time=1.491 ms
84 bytes from 10.10.1.254 icmp_seq=3 ttl=255 time=2.066 ms
84 bytes from 10.10.1.254 icmp_seq=4 ttl=255 time=1.755 ms
84 bytes from 10.10.1.254 icmp_seq=5 ttl=255 time=1.948 ms

VPCS> arp  

aa:aa:bb:bb:cc:cc  10.10.1.254 expires in 70 seconds

We can see the pings are successful and also we can see the virtual mac address of the gateway too from the local arp table.

In the next part, we will move onto the L3VNI section. Just having anycast gateways doest't give us layer 3 connectivity between vlan 1000 and vlan 1001, we need some other things layered on top.

Categories: CiscoExpert TutorialVXLAN Multi-Site

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Cisco

Cisco & FreeRadius – EAP-TLS Wired 802.1x

In this guide, we are going to look at the setup of a cisco network using 802.1x wired authentication. This lab consists of the following: lab-dc01 - Windows Server 2019 AD-DS Server with AD-CS Roles Read more…

Cisco

VXLAN EVPN Multi-Site – YouTube Playlist

Here is a YouTube playlist I created showing the process of setting up the same Multi-Site Fabric as the guide I created on here: These videos go through all the parts I explained on here Read more…

Cisco

VXLAN EVPN Leaf and Spine – YouTube Video

Here is a YouTube video I created showing the process of setting up the same Fabric as the guide I created on here: This video goes through all the parts I explained on here but Read more…