• Tag : VXLAN

 
 

Migrating from legacy DC design to EVPN VXLAN Fabric

Introduction This document is intended to provide a reference of steps and sequence followed for:  (1) migrating a legacy 3-tier L2 network to EVPN based VXLAN environment using Leaf & Spine design (2) migrating an L2 Leaf & Spine network with VXLAN using CVX as the control plane to EVPN based control plane (3) migrating an L2 Leaf & Spine network with VXLAN using static VXLAN as the control plane to EVPN based control plane. Scope The key objective of this report is to migrate a Layer 2 datacenter to EVPN based VXLAN using Leaf & Spine (L3LS) solution for...
Continue reading →

EVPN Internetworking with IPVPN

Description This feature adds control-plane support for inter-subnet forwarding between EVPN and IPVPN networks. It also introduces a new BGP path-attribute, D-PATH, that may be used for loop prevention when internetworking between EVPN and IPVPN domains. The supported transport type for IPVPN networks is MPLS, while EVPN networks may use MPLS or VXLAN. The following diagram shows an example topology where a DC EVPN-VXLAN cloud is connected to an MPLS-VPN cloud via border leaf nodes peering with both EVPN and IPVPN. The MPLS-VPN cloud is then connected to a DC EVPN-MPLS cloud, where the border leaf nodes peer with both...
Continue reading →

EVPN VxLAN control plane support for OpenStack

Description This feature enables support for an EVPN VxLAN control plane in conjunction with Arista’s OpenStack ML2 plugin for automated network provisioning. When utilizing this feature: VCS (Vxlan Controller Service) on CVX (CloudVision eXchange) will be responsible for dynamically provisioning VLAN to VNI mappings on switches based on OpenStack configuration The OpenStack service on CVX will be responsible for dynamically provisioning VLANs and allowing them on applicable trunk switchports on switches EVPN will be responsible for distributing and configuring flood lists based on  EVPN type 3 IMET routes and host reachability based on type 2 MAC-IP routes This feature is...
Continue reading →

VCS to EVPN hitless migration

Description This feature enables support for migrating from only using VCS as the control plane to only using EVPN as a control plane in a hitless manner with respect to L2 reachability information. Platform compatibility Platform Independent (Subject to any and all platform compatibility limitations of both VCS and EVPN) Configuration Assume that initially only VCS is configured as the control plane.  The step-by-step migration process is as follows: Check VCS L2 reachability information in L2Rib: Use the following show commands to verify that L2 reachability information is in L2Rib’s input and output: show l2Rib input vxlan-control-service show l2rib input...
Continue reading →

EVPN VxLAN IPV6 Overlay

Description Starting with EOS release 4.22.0F, the EVPN VXLAN L3 Gateway using EVPN IRB supports routing traffic from one IPV6 host to another IPV6 host on a stretched VXLAN VLAN. This TOI explains the EOS configuration and show commands. Platform Compatibility Platform supporting ND Proxy and ND Suppression DCS-7280R/7280R2 DCS-7050CX3-32S-F DCS-7050SX3-48YC12-F (Starting in 4.22.1F) DCS-7050SX3-48YC8 (Starting in 4.22.1F) DCS-7050/7050X/7050X2 (Starting in 4.22.1F) DCS-7260X/7260X3 (Starting in 4.22.1F) DCS-7060X/7060X2 (Starting in 4.21.1F) DCS-7250 (Starting in 4.22.1F) DCS-7300/DCS-7320 (Starting in 4.22.1F) Platform not supporting ND Proxy, No ND Suppression  DCS-7020R DCS-7160 DCS-7500R/7500R2/7500E Configuration Enable IPv6 Routing Enable global IPv6 unicast routing and IPv6...
Continue reading →

Problem with EVPN type-5 packet forwarding on vEOS

Hello, I am testing a solution based on VXLAN EVPN, with Type-5 routes, with vEOS 4.23.0.1, but I am having some issues in packet forwarding. The routes are correctly propagated, but when I try to ping from a device connected to one node, on a device connected to another node, the ping does not work. I also tried a ping, with a forced source IP, from the vEOS machine itself, but it has problems too. LEAF-2 LEAF-2#sh ip route vrf gold VRF: gold Codes: C – connected, S – static, K – kernel, O – OSPF, IA – OSPF inter...
Continue reading →

EVPN VxLAN IPV6 Overlay TOI

Description Starting with EOS release 4.22.0F, the EVPN VXLAN L3 Gateway using EVPN IRB supports routing traffic from IPV6 host to another IPV6 host on a stretched Vxlan VLAN. This TOI explains the EOS configuration and show commands. Platform Compatibility Platform supporting ND Proxy and ND Suppression DCS-7280R/7280R2 DCS-7050CX3-32S-F DCS-7050SX3-48YC12-F ( Starting in 4.22.1F ) DCS-7050SX3-48YC8 ( Starting in 4.22.1F ) DCS-7050/7050X/7050X2 ( Starting in 4.22.1F ) DCS-7260X/7260X3 ( Starting in 4.22.1F ) DCS-7060X/7060X2 ( Starting in 4.21.1F ) DCS-7250 ( Starting in 4.22.1F ) DCS-7300/DCS-7320 ( Starting in 4.22.1F ) Platform not supporting ND Proxy, No ND Suppression  DCS-7020R...
Continue reading →

VXLAN Auto Flood-List Construction

Description VXLAN flood-lists are typically configured via CLI or learned via control plane sources such as EVPN. The introduction of wireless access points (APs) into the VXLAN data-plane and the desire to minimize AP configuration led to the introduction of a new feature to learn VXLAN flood-lists via the data-plane. When a VXLAN packet is received from a remote VTEP on a new VNI, that remote VTEP is added to the flood-list for that VNI. When all of the MACs behind a remote VTEP have aged out or been removed, that remote VTEP is no longer considered active and it...
Continue reading →

EVPN Control Plane Support for MSS

Description This feature enables support for Macro Segmentation Service (MSS) to insert security devices into the traffic path for VXLAN networks using an EVPN control plane. With this feature enabled, CVX will continue to monitor the network via NetDB state and will initiate intercept and offload rules. With this feature enabled, MAC and IP reachability information will be learned and distributed in user configured L2 domains via EVPN.   CVX will continue to use the Vxlan Controller Service to discover network state and distribute MAC reachability information in service L2 domains (MSS L2 only.) Platform Compatibility Platform Independent (Subject to...
Continue reading →

EVPN – MLAG single homed hosts

Description As described in the Multi-VTEP MLAG TOI, singly connected hosts can lead to suboptimal peer-link utilisation. By adding a local VTEP to each MLAG peer, the control plane is able to advertise singly connected hosts as being directly behind a specific local VTEP / MLAG peer. The multi-VTEP MLAG feature has been extended to add EVPN control plane support. VXLAN bridging (EVPN Type-2 and Type-3 routes) and routing (EVPN Type-5 routes and IRB) are supported by this feature. When multi-VTEP MLAG mode is enabled, outgoing EVPN route advertisements will contain a nexthop and router MAC extended community as summarized...
Continue reading →

attached-host routes and MLAG

I have been experimenting in our test environment with attached-host routes on a vxlan network. We have are using asymmetric IRB across our vxlan infrastructure as it is (for the moment at least) simple enough for this not to cause us an issue. We want to use attached-host to ensure that the correct pair of leaf switches are used for routing “southbound” traffic. In the production environment there will be 5 pairs of leaf switches which will be routing traffic for the edge vlan. Behind this vlan are ~50 nodes that are connected with MLAG to the pairs of (7060CX)...
Continue reading →

SSU support for L2 EVPN with VXLAN

Description Smart System Upgrade (SSU) aims to minimize traffic loss during a software upgrade. The Smart System Upgrade (SSU) process includes the core functionality of Accelerated Software Upgrade, plus additional optimizations that permit a hitless restart of several features. SSU leverages protocols capable of graceful restart to minimize traffic loss during upgrade. For protocols not capable of graceful restart, SSU generates control plane messages and buffers them in hardware to be slowly released when the control plane is offline. Additionally, under SSU, the forwarding ASIC does not get reset and ports do not flap. Starting EOS 4.22.1F SSU is now...
Continue reading →

EVPN mutlihoming w/ ESI

I stumbled upon this archived [post](https://www.reddit.com/r/Arista/comments/azubnz/mlag_or_esi/) while researching EVPN support specifically on the EVPN multihoming side using common ESIs to extend beyond 2 switches in a LAG. Also this is the only post I’ve found mentioning EVPN Multihoming – https://eos.arista.com/arista-layer-2-vtep-evpn-vxlan-route-type-1-support/ but is limited to using mlag only. Does anyone have any information on when there will be support for the EVPN ESI LAGs?

VxLAN VTEP and VNI Counters

Description The VxLAN VTEP and VNI counters feature allows the device to count VxLAN packets received and sent by the device on a per VTEP and per VNI basis. Specifically, it enables the device to count bytes and packets that are encapsulated and decapsulated as they are passing through. The counters are logically split up in the two VxLAN directions:  “encap” counters count packets coming from the edge, encapsulated on the device and directed to the core, while “decap” counters count packets coming from the core, decapsulated on the device and heading towards the edge. To be able to count...
Continue reading →

“ip address virtual” support for PIM and IGMP

Description 4.22.1F introduces support for ip address virtual for PIM and IGMP in MLAG and Vxlan. On a VLAN, the same IP address can be configured using ip address virtual on both mlag devices as well as on different VTEPs. Control packets are source NATed by the kernel to a chosen IP address. The source NATing fails for PIM and IGMP. To overcome this, users can configure pim ipv4 local-interface and borrow the IP address to be used on the VLAN.  PIM and IGMP bypass the source NATing in the kernel. The interface configuration pim ipv4 local-interface allows PIM and...
Continue reading →

VXLAN VTEP to VTEP Bridging

Description The “vxlan bridging vtep-to-vtep” feature allows VXLAN encapsulated packets ingressed at an Arista switch from a remote VTEP to be bridged and tunnelled back to the same or another remote VTEP. In a traditional VXLAN deployment, all VTEPs are connected to each other in a full mesh topology. So, whenever our switch receives a VXLAN packet from a remote VTEP that needs to be bridged, we never send that packet back through a VXLAN tunnel to another remote VTEP. This is done to prevent loops in general VXLAN networks where all remote VTEPs are reachable from one another. In...
Continue reading →

Does 7050SX support L3 vxlan evpn?

I am not able to import evpn from bgp vrf configuration on 7050SX, but able to do same on 7280R2. 7050SX-2(config-router-bgp-vrf-backup-tenant)#route-target import ? ASN(asplain):nn or ASN(asdot):nn or IP-address:nn Route Target Do you mind confirm that whether 7050SX support l3 evpn? Thank you!

EVPN VXLAN All-Active Multihoming

Description Ethernet VPN (EVPN) networks normally require some measure of redundancy to reduce or eliminate the impact of outages and maintenance. RFC7432 [1] describes four types of route to be exchanged through EVPN, with a built-in multihoming mechanism for redundancy. Prior to EOS 4.22.0F, MLAG is available as a redundancy option for EVPN with VXLAN, but not multihoming. EVPN multihoming is a multi-vendor standards-based redundancy solution that does not require a dedicated peer link and allows for more flexible configurations than MLAG, supporting peering on a per interface level rather than a per device level. It also supports a mass...
Continue reading →

EVPN VxLAN IPV6 Overlay

Description Starting with EOS release 4.22.0F, the EVPN VXLAN L3 Gateway using EVPN IRB supports routing traffic from IPV6 host to another IPV6 host on a stretched Vxlan VLAN. This TOI explains the EOS configuration and show commands. Platform compatibility Platform Supporting ND Proxy and ND Suppression DCS-7280R/7280R2 DCS-7050CX3-32S-F DCS-7050SX3-48YC12-F ( Starting in 4.22.1F ) DCS-7050SX3-48YC8 ( Starting in 4.22.1F ) DCS-7050/7050X/7050X2 ( Starting in 4.22.1F ) DCS-7260X/7260X3 ( Starting in 4.22.1F ) DCS-7060X/7060X2 ( Starting in 4.21.1F ) DCS-7250 ( Starting in 4.22.1F ) DCS-7300/DCS-7320 ( Starting in 4.22.1F ) Platform Compatibility (No ND Proxy, No ND Suppression) DCS-7020R...
Continue reading →

VxLAN troubleshooting guide

VxLAN Basic Troubleshooting Guide I. Objective Provide basic/generic troubleshooting steps to customers in case any VxLAN issue is encountered in their network. II. Introduction: Troubleshooting VxLAN involves few steps as mentioned in the upcoming sections of this document. The below referred topology includes VxLAN configurations with server 1,2,3 as the host devices which obtain connectivity over a vxlan tunnel. Troubleshooting steps are bifurcated into routing and bridging to include multiple scenarios possible.   III. Topology   IV. Generic Configurations to be checked A. On the VTEPS check for the following configurations: #show run sec vxlan interface Vxlan1 vxlan source-interface Loopback1...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: