VXLAN EVPN Multi-Site – Part 5 – Anycast Gateways

Published by Nick Carlton on

In this part we are going to look at the anycast gateway setup of the topology. This will help get the servers off their local network.

Lets remind ourselves of the topology:

Image

Anycast gateways will be configured on each of the leaves using a virtual mac address so that mobility can be achieved without having to re-arp for the gateway MAC address. The same IP and MAC will be configured on each leaf.

Anycast basically means that everything has the same IP address and the closest instance of that IP address will be used when its requested. This is how services like Cloudflare work so you are routed to the closest node into their network.

Virtual Anycast MAC address

This anycast mac address should be configured on each leaf:

fabric forwarding anycast-gateway-mac aaaa.bbbb.cccc

We will see this Mac address in the ARP table of the clients as the Gateway.

VRF Configuration

We need a tenant VRF to hold the routes in to keep them away from the underlay network in the global routing table. This needs to be created on the Core and Leaf switches only:

vrf context overlay-900101
  vni 900101
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn

SVI Configuration

Now, we can configure the SVI interfaces with the anycast IP addresses. In this topology we have vlan 1000 and 1001. They need to be members of the VRF too. This configuration is for all leaves:

interface Vlan1000
  no shutdown
  vrf member overlay-900101
  ip address 10.10.1.254/24
  fabric forwarding mode anycast-gateway

interface Vlan1001
  no shutdown
  vrf member overlay-900101
  ip address 10.20.1.254/24
  fabric forwarding mode anycast-gateway

Verification

Now, we can verify the configuration by trying to ping the local anycast gateway from a server:

VPCS> ping 10.10.1.254

84 bytes from 10.10.1.254 icmp_seq=1 ttl=255 time=2.421 ms
84 bytes from 10.10.1.254 icmp_seq=2 ttl=255 time=1.491 ms
84 bytes from 10.10.1.254 icmp_seq=3 ttl=255 time=2.066 ms
84 bytes from 10.10.1.254 icmp_seq=4 ttl=255 time=1.755 ms
84 bytes from 10.10.1.254 icmp_seq=5 ttl=255 time=1.948 ms

VPCS> arp  

aa:aa:bb:bb:cc:cc  10.10.1.254 expires in 70 seconds

We can see the pings are successful and also we can see the virtual mac address of the gateway too from the local arp table.

In the next part, we will move onto the L3VNI section. Just having anycast gateways doest't give us layer 3 connectivity between vlan 1000 and vlan 1001, we need some other things layered on top.

Categories: CiscoExpert TutorialVXLAN Multi-Site

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Cisco

VXLAN EVPN Leaf and Spine – YouTube Video

Here is a YouTube video I created showing the process of setting up the same Fabric as the guide I created on here: This video goes through all the parts I explained on here but Read more…

Cisco

VXLAN EVPN Multi-Site – Part 9 – External Access outside Fabric

In the last part, we got route leaking in tenant VRFs working, in this part, we will look at giving the VRFs a way out of the Fabric! We have added some new devices to Read more…

Cisco

VXLAN EVPN Multi-Site – Part 8 – L3VNI Configuration – Multi Tenant Leaking

In the last part, we got a multiple tenant VRFs working, in this part, we will look at joining the tenants up via route leaking. Lets remind ourselves of the topology: So, currently we have Read more…