VCS to EVPN Hitless Migration enables support for migrating from only using VCS as
the control plane to only using EVPN as a control plane in a hitless manner concerning L2
reachability information.
On the multi-homing Provider Edges (PEs), you must configure the Ethernet Segment (ES) to
the Customer Edge (CE). In addition, the configuration needed for asymmetric Integrated
Routing and Bridging (IRB) or symmetric IRB must be configured on the local and remote
PEs.Figure 1. Asymmetric IRB with IPv4
Configuring the Example Topology
In the example, CE1 is a multi-homed CE in
VLAN20 with CE2 as a remote
CE in VLAN30, and an asymmetric IRB configured for inter-VLAN
traffic.
The Ethernet segment to the multi-homed CE is configured on the port channel interface
Port-Channel 100. SVI 20 and
SVI 30 along with VARP IP are configured for
inter-subnet routing. PE1 has a VARP MAC configured
globally. The configuration on PE2 is similar to the
previous configuration. On PE3, configure SVI
20 and SVI 30 with the VARP IP and
VARP MAC.
Configure the Ethernet segment to the multi-homed CE1 on the
port channel interface Port-Channel 100. Configure
SVI 20 with the VARP IP and VARP MAC. Also,
configure the IP VRF for symmetric IRB. PE2 has a similar
configuration. On PE3, IP VRF and SVI
30 are configured for symmetric IRB.
Configuring the VXLAN
A network with two VRFs, red and blue
has VLANs 10 and 20 in
red and VLANs 30 and
40 in blue. The spines
act as a route reflectors. Multicast groups encapsulate traffic arriving in a VRF
and deliver it to VTEPs with VRF provisioned.
switch(config)# interface loopback 0
switch(config-if-Lo0)# ip address 10.0.0.20/32
!
switch(config)# vlan 10
switch(config)# vlan 20
switch(config)# vlan 30
switch(config)# vlan 40
!
switch(config)# interface ethernet 2/1
switch(config-if-Et2/1)# switchport access vlan 10
!
switch(config)# interface ethernet 2/2
switch(config-if-Et2/2)# switchport access vlan 20
!
switch(config-if-Et2/2)# interface ethernet 2/3
qzd496.01:05:52(config-if-Et2/3)# switchport access vlan 30
!
switch(config)# interface ethernet 2/4
switch(config-if-Et2/4)# switchport access vlan 40
!
switch(config)# interface vlan 10
switch(config-if-Vl10)# vrf red
switch(config-if-Vl10)# ip address virtual 192.168.1.1/24
switch(config-if-Vl10)# ip igmp
switch(config-if-Vl10)# pim ipv4 local-interface loopback 0
!
switch(config)# interface vlan 20
switch(config-if-Vl20)# vrf red
switch(config-if-Vl20)# ip address virtual 192.168.2.1/24
switch(config-if-Vl20)# ip igmp
!
switch(config)# interface vlan 30
switch(config-if-Vl30)# vrf blue
switch(config-if-Vl30)# ip address virtual 192.168.1.1/24
switch(config-if-Vl30)# ip igmp
!
switch(config)# interface vlan 40
switch(config-if-Vl40)# vrf blue
switch(config-if-Vl40)# ip address virtual 192.168.1.2/24
switch(config-if-Vl40)# ip igmp
!
switch(config)# interface vxlan 1
switch(config-if-Vx1)# vxlan source-interface loopback 0
switch(config-if-Vx1)# vxlan vlan 10 vni 10
switch(config-if-Vx1)# vxlan vlan 20 vni 20
switch(config-if-Vx1)# vxlan vlan 30 vni 30
switch(config-if-Vx1)# vxlan vlan 40 vni 40
switch(config-if-Vx1)# vxlan vrf red vni 100
switch(config-if-Vx1)# vxlan vrf blue vni 200
switch(config-if-Vx1)# vxlan vlan 10 flood group 225.1.1.2
switch(config-if-Vx1)# vxlan vlan 20 flood group 225.1.1.3
switch(config-if-Vx1)# vxlan vlan 30 flood group 226.1.1.2
switch(config-if-Vx1)# vxlan vlan 40 flood group 226.1.1.3
switch(config-if-Vx1)# vxlan vrf red multicast group 225.1.1.1
switch(config-if-Vx1)# vxlan vrf blue multicast group 226.1.1.1
!
Displaying ECPN VXLAN Information
The following examples are based on the sample topology and configuration in the previous
sections.
On the remote VTEP, to display the EVPN routes to the multi-homed CE
(20.0.20.2):
switch# show bgp evpn route-type mac-ip 20.0.20.2
BGP routing table information for VRF default
Router identifier 0.0.3.1, local AS number 302
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head,
e - ECMP S - Stale, c - Contributing to ECMP, b - backup
% - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
Network Next Hop Metric LocPref Weight Path
* > RD: 10.255.0.0:20 mac-ip 0000.0101.0000 20.0.20.2
10.255.0.0 - 100 0 303 300 i
* > RD: 10.255.0.1:20 mac-ip 0000.0101.0000 20.0.20.2
10.255.0.1 - 100 0 303 301 i
As shown above, there are two EVPN MAC-IP routes for the multi-homed CE.
On the remote PE, to display the installed routes to the multi-homed
CE:
switch# show ip route vrf red 20.0.20.2/32
VRF: red
Codes: C - connected, S - static, K - kernel,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type2, B - BGP, B I - iBGP, B E - eBGP,
R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
NG - Nexthop Group Static Route, V - VXLAN Control Service,
DH - DHCP client installed default route, M - Martian,
DP - Dynamic Policy Route, L - VRF Leaked
B E 20.0.20.2/32 [200/0] via VTEP 10.255.0.0 VNI 20000 router-mac 00:00:78:01:00:00
via VTEP 10.255.0.1 VNI 20000 router-mac 00:00:78:04:00:00
Two routes to the multi-homed CE install from the two EVPN MAC-IP routes and form the L3
ECMP.
On the remote PE, to check the details of the two routes in BGP
RIB:
switch# show ip bgp 20.0.20.2/32 vrf red
BGP routing table information for VRF red
Router identifier 10.255.0.2, local AS number 302
BGP routing table entry for 20.0.20.2/32
Paths: 2 available
303 300
10.255.0.0 from 10.0.2.1 (0.0.1.1), imported EVPN route, RD 10.255.0.0:20
Origin IGP, metric 0, localpref 100, IGP metric 0, weight 0, received 00:14:43 ago,
valid, external, ECMP head, ECMP, best, ECMP contributor
Extended Community: Route-Target-AS:64500:10020 Route-Target-AS:64500:20000
TunnelEncap:tunnelTypeVXLAN EvpnMacMobility:1 EvpnRouterMac:00:00:78:01:00:00
Remote VNI: 20000
Rx SAFI: Unicast
303 301
10.255.0.1 from 10.0.2.1 (0.0.1.1), imported EVPN route, RD 10.255.0.1:20
Origin IGP, metric 0, localpref 100, IGP metric 0, weight 0, received 00:14:43 ago,
valid, external, ECMP, ECMP contributor
Extended Community: Route-Target-AS:64500:10020 Route-Target-AS:64500:20000
TunnelEncap:tunnelTypeVXLAN EvpnMacMobility:1 EvpnRouterMac:00:00:78:04:00:00
EvpnNdFlags:pflag
Remote VNI: 20000
Rx SAFI: Unicast
The second route has EvpnNdFlags:pflag and indicates
a proxy MAC-IP route.
This command shows information about the SBD instance created when configuring an
evpn multicast for an IP
VRF:
switch# show bgp evpn instance sbd red
EVPN instance: SBD red
Route distinguisher: 100:1
Service interface: VLAN-based
Local IP address: 10.0.0.20
Encapsulation type: VXLAN
vtep2#show bgp evpn instance sbd blue
EVPN instance: SBD red
Route distinguisher: 200:1
Service interface: VLAN-based
Local IP address: 10.0.0.20
Encapsulation type: VXLAN
The OISM supported capability is set in IMET routes for the SBD when evpn
multicast is configured for a VRF. The IGMP proxy flag is not set in IMET
routes for VLANs in the VRF unlessredistribute igmp is configured in
a
VLAN:
switch# show bgp evpn route-type imet next-hop 10.0.0.10 detail
BGP routing table information for VRF default
Router identifier 0.0.0.1, local AS number 300
BGP routing table entry for imet 10.0.0.10, Route Distinguisher: 10:1
Paths: 1 available
Local
10.0.0.10 from 10.0.0.1 (0.0.1.1)
Origin IGP, metric -, localpref 100, weight 0, valid, internal, best
Extended Community: Route-Target-AS:10:1 TunnelEncap:tunnelTypeVXLAN
VNI: 10
PMSI Tunnel: PIM-SSM Tree, MPLS Label: 10, Leaf Information Required: false,
Tunnel ID: 10.0.0.10, 225.1.1.2
BGP routing table information for VRF default
Router identifier 0.0.0.1, local AS number 300
BGP routing table entry for imet 10.0.0.10, Route Distinguisher: 100:1
Paths: 1 available
Local
10.0.0.10 from 10.0.0.1 (0.0.1.1)
Origin IGP, metric -, localpref 100, weight 0, valid, internal, best
Extended Community: Route-Target-AS:100:1 TunnelEncap:tunnelTypeVXLAN Multicast
Flags: IGMP proxy, OISM-supported, SBD
VNI: 100
PMSI Tunnel: Ingress Replication, MPLS Label: 100, Leaf Information Required: false,
Tunnel ID: 10.0.0.10
This command shows information about the single SMET route for the group with the RD of
VRF
red:
switch# show bgp evpn route-type smet multicast 228.1.1.1
BGP routing table information for VRF default
Router identifier 0.0.1.1, local AS number 300
Route status codes: s - suppressed, * - valid, > - active, E - ECMP head, e - ECMP
S - Stale, c - Contributing to ECMP, b - backup
% - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
Network Next Hop Metric LocPref Weight Path
* > RD: 100:1 smet (S, G): (*, 228.1.1.1) originating IP: 10.0.0.10
10.0.0.10 - 100 0 i
* > RD: 100:1 smet (S, G): (*, 228.1.1.1) originating IP: 10.0.0.20
- - - 0 i
* > RD: 100:1 smet (S, G): (*, 228.1.1.1) originating IP: 10.0.0.30
10.0.0.30 - 100 0 i
* > RD: 200:1 smet (S, G): (*, 228.1.1.1) originating IP: 10.0.0.20
- - - 0 i
* > RD: 200:1 smet (S, G): (*, 228.1.1.1) originating IP: 10.0.0.40
10.0.0.40 - 100 0 i
This command shows information about the SPMSI route for the
group:
switch# show bgp evpn route-type spmsi
BGP routing table information for VRF defaultRouter identifier 0.0.0.1, local AS number 300
Route status codes: s - suppressed, * - valid, > - active, E - ECMP head, e - ECMP
S - Stale, c - Contributing to ECMP, b - backup
% - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
Network Next Hop Metric LocPref Weight Path
* > RD: 10:1 spmsi (S, G): (*, *) originating IP: 10.0.0.10
10.0.0.10 - 100 0 i
* > RD: 10:1 spmsi (S, G): (*, *) originating IP: 10.0.0.20
- - - 0 i
* > RD: 20:1 spmsi (S, G): (*, *) originating IP: 10.0.0.20
- - - 0 i
* > RD: 30:1 spmsi (S, G): (*, *) originating IP: 10.0.0.20
- - - 0 i
* > RD: 40:1 spmsi (S, G): (*, *) originating IP: 10.0.0.20
- - - 0 i
* > RD: 10:1 spmsi (S, G): (*, *) originating IP: 10.0.0.30
10.0.0.30 - 100 0 i
* > RD: 20:1 spmsi (S, G): (*, *) originating IP: 10.0.0.30
10.0.0.30 - 100 0 i
* > RD: 30:1 spmsi (S, G): (*, *) originating IP: 10.0.0.30
10.0.0.30 - 100 0 i
* > RD: 40:1 spmsi (S, G): (*, *) originating IP: 10.0.0.30
10.0.0.30 - 100 0 i
* > RD: 30:1 spmsi (S, G): (*, *) originating IP: 10.0.0.40
10.0.0.40 - 100 0 i
* > RD: 100:1 spmsi (S, G): (*, *) originating IP: 10.0.0.10
10.0.0.10 - 100 0 i
* > RD: 100:1 spmsi (S, G): (*, *) originating IP: 10.0.0.20
- - - 0 i
* > RD: 200:1 spmsi (S, G): (*, *) originating IP: 10.0.0.20
- - - 0 i
* > RD: 100:1 spmsi (S, G): (*, *) originating IP: 10.0.0.30
10.0.0.30 - 100 0 i
* > RD: 200:1 spmsi (S, G): (*, *) originating IP: 10.0.0.30
10.0.0.30 - 100 0 i
* > RD: 200:1 spmsi (S, G): (*, *) originating IP: 10.0.0.40
10.0.0.40 - 100 0 i
Configuration Considerations
The EVPN VXLAN all-active multi-homing integrated routing and bridging feature has the
following limitations:
L2 loop-free protocols, such as Spanning Tree Protocol (STP) are not supported
between PE-CE with EVPN VXLAN All-Active Multi-homing. The topology must be
loop-free. STP must be disabled for the Multihomed VLANs on PEs and
CEs.
A limit of two multi-homing destinations are installed at one time for any
particular MAC address. Any other valid destinations are ignored in the context
of switching unicast traffic, until one of the active destinations is removed.
The multi-homing PEs operate normally regardless of the number of PEs on the
ethernet segment; this limitation only affects the selection of a destination
for unicast traffic.
VXLAN GPE is not supported, so packets cannot be flagged as having been
broadcast. As a result, unicast packets that are known at the sender and unknown
at the receiver are dropped if the receiving PE is not a designated forwarder.
Similarly, unicast packets that are unknown at the sender and known at the
receiver are duplicated at the receiving CE. This state automatically resolves
itself as the BGP network distributes the appropriate type 1 auto-discovery and
type 2 MAC/IP advertisement EVPN routes.
Fast mass withdrawal is not supported, so there may be a delay if an interface
harboring a large number of MAC addresses goes down.
