Hi,

I'm hoping somebody can explain some workings of EVPN to me please?

In my lab, I have the firewall that connects to leaf switch (LS1) via vlan2. This vlan is mapped to VNI 30002 and is routed up to the Spine switches (SP1 and SP2). On SP1, I have connect PC8, also on vlan 2 which is also mapped to VNI30002. Both the firewall and PC8 are on the same /24 subnet and can ping each other. So far so good. On SP1 and SP2, I have assigned vlan 2 an IP address and set it as an anycast gateway address within that /24. PC8 can ping this default gateway and the arp entry resolves to the anycast gateway mac. The issue is that the firewall cannot ping this anycast gateway address for vlan 2 and i am not sure why this is. I was thinking Vlan2 could act as the default gateway for the firewall on SP1 despite it sitting on LS1 and from here i could break out to external connectivity.

i am pretty sure the solution is to move the firewall to connect to SP1 or the gateway down to LS1 but it would be useful to understand why this doesn't work. Drawing parallels to a legacy network, i would expect the layer 2 to switch up to the spine switches where the traffic would 'breakout' via the SVI and route on but this doesn't seem to be the case. This has been set up on GNS3 with Nexus 9000v. Config attched for LS1 and SP1. There is a bit more going in on the config so please excuse the mess.