Configuring EVPN
Configuring BGP-EVPN and VCS on CVX
Configuring BGP-EVPN
Configuring VNI Bundle
A VNI-aware-bundle represents a MAC-VRF that contains Layer 2 route entries from all VXLAN Network Identifiers (VNI) available across multiple DCs. Use the vni-aware-bundle command available on CVX to create a MAC-VRF.
Example
cvx(config)# router bgp 100
cvx(config-router-bgp)# vni-aware-bundle bundle1
cvx(config-macvrf-bundle1)# Configuring RD and RT in VNI Bundle
Use the rd (Router-BGP VRF and VNI Configuration Modes) command to add a Route Distinguisher (RD) for uniquely identifying Layer 2 routes for the VNI bundle. Use the route-target command to configure a well-known extended community that is attached to the routes exported by BGP-EVPN; and to import routes with the specified well-known extended community into the MAC-VRF that corresponds to the VNI bundle.
Example
cvx(config)# router bgp 100
cvx(config-router-bgp)# vni-aware-bundle bundle1
cvx(config-macvrf-bundle1)# rd 530:12
cvx(config-macvrf-bundle1)# route-target both 530:12Enabling Redistribution of Bridging Information
After the VNI aware bundle is created, use the redistribute service vxlan command to redistribute the Layer 2 bridging information received from VCS.
Example
cvx(config)# router bgp 100
cvx(config-router-bgp)# vni-aware-bundle bundle1
cvx(config-macvrf-bundle1)# redistribute service vxlanDisabling Next-Hop Resolution in BGP-EVPN
When BGP-EVPN module receives a route from its BGP peer, it generally tries to resolve the next-hop indicated in the route. However in the DCI topology, the routes coming from a CVX in another DC contains next-hops (VTEP addresses) that may not be reachable from the CVX receiving the route. Use the next-hop resolution disabled command to disable the next-hop resolution on routes received from BGP-EVPN peers.
Example
cvx(config)# router bgp 100
cvx(config-router-bgp)# address-family evpn
cvx(config-router-bgp-af)# next-hop resolution disabledConfiguring VCS
Enabling Redistribution of BGP-EVPN Routes
Use the redistribute bgp evpn vxlan command to redistribute BGP-EVPN routes to VCS, which, in turn advertises them to all VTEPs within the DC.
Example
cvx(config)# cvx
cvx(config-cvx)# no shutdown
cvx(config-cvx)# service vxlan
cvx(config-cvx-vxlan)# no shutdown
cvx(config-cvx-vxlan)# redistribute bgp evpn vxlanEVPN MPLS Virtual Private Wire Service (VPWS)
Traffic to / from a given Attachment Circuit (AC) without any MAC lookup / learning can be forwarded using EVPN MPLS VPWS, which uses BGP for signalling. Port based and VLAN based services are supported.
Configuring EVPN MPLS VPWS
Configure the patch panel to specify the connection of the ACs to the VPWS service instances, and then the VPWS service instance, which is part of BGP. Finally, configure the individual participating ACs.
Patch Panel Configuration
patch panel
patch port
connector 1 interface Ethernet2
connector 2 pseudowire bgp vpws evi-1 pseudowire pw1patch panel
patch subintf
connector 1 interface Ethernet3.1
connector 2 pseudowire bgp vpws evi-1 pseudowire pw2VPWS Service Instance Configuration
router bgp 1
neighbor 10.0.0.1 remote-as 1
neighbor 10.0.0.1 send-community extended
neighbor 10.0.0.1 maximum-routes 12000
!
vpws evi-1
rd 10.2.2.2:2
route-target import export evpn 0.0.0.0:1
mpls control-word
!
pseudowire pw1
evpn vpws id local 2001 remote 1001
!
pseudowire pw2
evpn vpws id local 2002 remote 1002
!
address-family evpn
neighbor default encapsulation mpls next-hop-self source-interface Loopback0
neighbor 10.0.0.1 activate
Attachment Circuit Configuration (double-tagged L3 subinterfaces)
interface Ethernet2
no switchportinterface Ethernet3
no switchport
interface Ethernet3.1
encapsulation dot1q vlan 1interface Ethernet3
no switchport
interface Ethernet3.1
encapsulation vlan
client dot1q 11 network clientFlexible Encapsulation EVPN MPLS VPWS
- Remove incoming encapsulation tag(s) and forward
- Preserve incoming encapsulation tag(s) and forward
- Replace one or two tags when forwarding in encapsulation and decapsulation directions
Thetable below explains the encapsulation and decapsulation behaviors for the various FlexEncap options. Applying a Flexible Encapsulation with a network specification to a subinterface creates a bidirectional mapping table that is applied to the sub-interface. The mapping embodied in this table is applied from client to network in the encap direction, and network to client in the decap direction.
| Example | Behavior |
| client dot1q 10 |
From Client: match VLAN ID 10, consume and forward To Client: add VLAN ID 10 before transmit |
| client dot1q 10 inner 20 |
From Client: match VLAN IDs 10, 20 consume and forward To Client: add VLAN ID 10, 20 before transmit |
| client dot1q 10 network client |
From Client: match VLAN ID 10 and retain it. From Network: match vlan=10, retain. |
| client dot1q outer 10 inner 20 network client |
From Client: match VLAN IDs 10, 20 and retain both. From Network: match vlan=10,20, retain both. |
| client dot1q 10 network dot1q 100 | |
| client dot1q 10 network dot1q 100 |
From Client: match VLAN ID 10, consume. Before forwarding, write vlan=100. From Network: match vlan=100, consume. Before transmit, write vlan=10. |
| client dot1q outer 10 inner 20 network dot1q outer 100 inner 200 |
From Client: match VLAN IDs 10, 20, and consume them. Before forwarding, write vlan=100,200. From Network: match vlan=100, 200, consume. Before transmit, write vlan=10, 20. |
- Packets received on Ethernet3/1 with outermost 802.1q VLAN tag of 1000 get mapped to sub-interface Ethernet3/1.1000.
- The tag of 1000 is preserved and forwarded to pseudowire PW1.
- Packets terminating on PW1 get forwarded to Et3/1.1000 and get transmitted out with VLAN tag of 1000.
interface Ethernet3/1.1000
encapsulation vlan
client dot1q 1000 network client
patch panel
patch patch-1
connector 1 interface Ethernet3/1.1000
connector 2 pseudowire ldp PW1Displaying EVPN MPLS VPWS Configuration
switch(config-if-Et3/1.1003)# show interfaces encapsulation vlan
Interface Status Client Encapsulation Network Encapsulation
------------------------- ------------ ---------------------------------------------------
Ethernet3/1.1000 active dot1q outer 1000
Ethernet3/1.1001 active dot1q outer 1001 client
Ethernet3/1.1002 active dot1q outer 1002 inner 102
Ethernet3/1.1003 active dot1q outer 1003 inner 103 client
Ethernet3/1.1004 active dot1q outer 1004 dot1q 2004
Ethernet3/1.1005 active dot1q outer 1005 inner 104 dot1q outer 2005 inner 204switch(config-if-Et3/1.1003)# show patch panel PP_1000
Patch Connector Status
------- ------------------------------------- ------
PP_1000 1: Ethernet3/1.1000 Up
2: BGP VPWS VPWS_1 Pseudowire PW_1000
tg481.12:19:52(s2)(config-if-Et3/1.1003)#show patch panel PP_1000 detail
PW Fault Legend:
ET-IN - Ethernet receive fault
ET-OUT - Ethernet transmit fault
TUN-IN - Tunnel receive fault
TUN-OUT - Tunnel transmit fault
NF - Pseudowire not forwarding (other reason)
Patch: PP_1000, Status: Up
Connector 1: Ethernet3/1.1000
Status: Up
Connector 2: BGP VPWS VPWS_1 Pseudowire PW_1000
Status: Up
Local MPLS label: 135363
MTU: 1600, Control word: Y
Neighbor 103.37.123.72, MPLS label: 136350
Tunnel type: SR-TE Policy, Tunnel index: 132
MTU: 1600, Control word: Y
EVPN VPWS type: VLAN-basedTag Matching Semantics
The matching rules are applied on a 'longest matching tag sequence' basis when rules are configured for multiple subinterfaces of a parent port. Considering the following rules on the same parent, the receive (encap) and transmit (decap) rule application is shown in the following tables.
interface Ethernet 10.1
encapsulation vlan
client dot1q 11 network clientinterface Ethernet 10.2
encapsulation vlan
client dot1q 11 inner 20 network clientThe receive (encap) matching behavior is as follows.
| Received Packet | Matching Rule |
| outer=11, inner=20 | Rule #2 |
| single tag with 11 | Rule #1 |
| double tag with 11, not 20 | Rule #1 |
The transmit (decap) matching behavior is as follows.
| Forwarded Packet | Matching Rule |
| outer=11, inner=20 | Rule #2 |
| single tag with 11 | Rule #1 |
| double tag with 11, not 20 | Rule #1 |