Vxlan Bgp-Evpn: Vinit Jain Twitter - @vinugenie
Vxlan Bgp-Evpn: Vinit Jain Twitter - @vinugenie
Vxlan Bgp-Evpn: Vinit Jain Twitter - @vinugenie
Vinit Jain
Twitter - @vinugenie
Email: [email protected]
Agenda
• VxLAN Overview
– Flood & Learn Mechanism
– Ingress Replication
• Intro to VxLan BGP EVPN
– Components / Features
– BGP EVPN Route Types and Fields
VxLAN Overview
Simple Definition
• VXLAN Overlay
- Layer 2 overlay on top of your Layer 3 underlay
• VxLAN Network Identifier
− Each VxLAN segment is identified by a unique 24-bit segment ID
− Only hosts on the same VNI are allowed to communicate with each other
• Benefits
− Overcome 4094 VLAN Scale limitation
− Better utilization of available network paths
− Multi-Tenant with virtualization
VxLAN Overview
Edge Device
Edge Device
Local LAN
Local LAN Segment
Segment IP Interface
Physical Host
Edge Device Physical Host
Local LAN
Segment
Virtual Switch
Virtual Hosts
VxLAN Overview
VTEP
VTEP
V V
Local LAN
Local LAN Segment
Segment Encapsulation
Physical Host
VTEP V Physical Host
Local LAN
Segment
Virtual Switch
Rsvd Rsvd
Outer UDP Destination Port = VXLAN (originally 8472, recently updated to 4789)
1
Outer UDP Source Port = Hash of Inner Frame Headers (optional)
The outer IP header has the source IP and destination IP of the VTEP endpoints
The outer Ethernet header has the source MAC of the source VTEP and the destination MAC of the
immediate Layer-3 next hop
VxLAN Overview
VxLAN Gateway Types
• Layer 2 Gateway
− The layer 2 gateway is required when the layer 2 traffic (IEEE 802.1q
tagged traffic) comes from VLAN into VxLAN segment (encapsulation) or
− The Ingress VxLAN packet egresses out an 802.1q tagged interface (de-
encapsulation), where the packet is bridged to a new VLAN.
• Layer 3 Gateway
− A layer 3 gateway is used when there is a VxLAN to VxLAN routing
− The ingress packet is a VxLAN packet on a routed segment but the packet
egresses out on a tagged 802.1q interface and the packet is routed to a
new VLAN
VxLAN – Flood and Learn
Overview
• Data Plane learning technique for VxLAN
• VNI’s are mapped to a multicast group on a VTEP
• Local MACs are learnt over a VLAN (VNI) on a VTEP
• Broadcast, Unknown Unicast, Multicast (BUM Traffic) is flooded to the
delivery multicast group for that VNI
• Remote VTEPs part of same multicast group learn host MAC, VNI and
source VTEP as the next-hop for the host MAC from flooded traffic
• Unicast packets to the host MAC are sent directly to source VTEP as
VxLAN encapsulated packet
Host-C
MAC-C
IP - C
VTEP-3
D-‐MAC:
IP-192.168.3.3
00:01:5E:01:01:01
Address ID VTEP
MAC-3
MAC-A 10 192.168.1.1
Outer
S-‐IP:
192.168.1.1
Outer
D-‐IP:
239.1.1.1
4
UDP
ARP
Response
from
IP
B
VXLAN
VNID:
10
Src
MAC:
MAC-‐B
Dst
MAC:
MAC-‐A
7 ARP
Request
for
IP
B
Src
MAC:
MAC-‐A
2
Dst
MAC:
VTEP 2
ARP
Response
from
IP
B
FF:FF:FF:FF:FF:FF
Mcast Group IP-192.168.2.22 Host-B
Src
MAC:
MAC-‐B
239.1.1.1 MAC-2 MAC-B
Dst
MAC:
MAC-‐A
IP - B
2
VTEP-1 VTEP-2 3
Host-A
MAC-A ARP
Request
for
IP
B
IP - A VTEP 1 5 S-‐MAC:
MAC-‐2
Src
MAC:
MAC-‐A
Dst
MAC:
FF:FF:FF:FF:FF:FF
IP-192.168.1.1 D-‐MAC:
MAC-‐1
MAC-1 6
Outer
S-‐IP:
192.168.2.2
MAC VxLAN Remote Outer
D-‐IP:
192.168.1.1
MAC VxLAN Remote
ARP
Request
for
IP
B
Address ID VTEP
Address ID VTEP
Src
MAC:
MAC-‐A
UDP
Dst
MAC:
FF:FF:FF:FF:FF:FF
MAC-B 10 192.168.2.2 MAC-A 10 192.168.1.1
VXLAN
VNID:
10
ARP
Response
from
IP
B
Src
MAC:
MAC-‐B
Dst
MAC:
MAC-‐A
VxLAN Overview
Ingress Replication
• Some customers not comfortable deploying multicast in their core
• With Ingress Replication (IR), BUM traffic ingress access side is
replicated to remote VTEP as unicast
• Static IR VETP tunnel is kept alive as long as the route to the VTEP is
available.
• Support multiple VTEPs per VNI and a VTEP in multiple VNIs
• Up to 16 static IR VTEPs recommended – on Cisco Platforms
• Multicast and IR config can co-exist on the same switch nodes but on
different VNI’s
Problem Definition
L3 Underlay
TOR 1 TOR 2
L3 Underlay
L2, L3 traffic segmented via VxLAN
Overlay Network
TOR 1 TOR 2
Anycast Gateways
Tenant 1 (VRF 1)
§ Route type 2 or MAC Advertisement route is for MAC and ARP resolution
advertisement, MAC or MAC-IP
§ Route type 5 or IP Prefix route will be used for the advertisement of prefixes,
IP only
BGP EVPN Route Fields
Leaf1#show bgp l2vpn evpn 8c60.4f93.5ffc Route Distinguisher – 8 byte
BGP routing table information for VRF default, address family L2VPN
EVPN Ethernet Segment ID – 10 byte
Route Distinguisher: 10000:1 (L2VNI 10000)
BGP routing table entry for [2]:[0]:[0]:[48]:[8c60.4f93.5ffc]:[0]: Ethernet Tag ID – 4 byte
[0.0.0.0]/216, version 8
Paths: (1 available, best #1) MAC Address Length – 1 byte
Flags: (0x00010a) on xmit-list, is not in l2rib/evpn
MAC Address – 6 byte
Advertised path-id 1
Path type: local, path is valid, is best path, no labeled nexthop IP Address Length – 1 byte
AS-Path: NONE, path locally originated
192.168.1.1 (metric 0) from 0.0.0.0 (192.168.1.1) IP Address – 0, 4, 16 byte
Origin IGP, MED not set, localpref 100, weight 32768
Received label 10000 MPLS Label 1 – 3 byte, L2VNI
Extcommunity: RT:10000:1
MPLS Label 2- 3 byte L3VNI
BGP EVPN Route Fields
Leaf2#show bgp l2vpn evpn 100.1.1.1 Route Distinguisher – 8 byte
BGP routing table information for VRF default, address family L2VPN
EVPN Ethernet Segment ID – 10 byte
Route Distinguisher: 20000:1 (L3VNI 20000)
BGP routing table entry for [2]:[0]:[0]:[48]:[8c60.4f1b.e43c]:[32]: Ethernet Tag ID – 4 byte
[100.1.1.1]/272, version 6
Paths: (1 available, best #1) MAC Address Length – 1 byte
Flags: (0x00021a) on xmit-list, is in l2rib/evpn, is not in HW,
Advertised path-id 1 MAC Address – 6 byte
Path type: internal, path is valid, is best path, no labeled
nexthop IP Address Length – 1 byte
Imported from 10000:1:[2]:[0]:[0]:[48]:
[8c60.4f1b.e43c]:[32]:[100.1.1.1]/144 (VNI 10000) IP Address – 0, 4, 16 byte
AS-Path: NONE, path sourced internal to AS
192.168.1.1 (metric 5) from 192.168.10.10 (192.168.10.10) MPLS Label 1 – 3 byte, L2VNI
Origin IGP, MED not set, localpref 100, weight 0
Received label 10000 20000 MPLS Label 2- 3 byte L3VNI
Extcommunity: RT:10000:1 RT:20000:1 ENCAP:8 Router MAC:f40f.
1b6f.926f
Originator: 192.168.1.1 Cluster list: 192.168.10.10
Q&A