Re: VXLAN with distributed anycast gateway

waqas gondal · ‎06-13-2025

Hello!

I need to setup a VXLAN config with 4 VTEPs. There are 2 sites, with 2 VTEPs at each.

These will be Nexus 9k version 10.x in VPC pair at each site.

There is no spine in this design, just the 4 VTEPs. I figured the distributed anycast gateway would be the best option here.

The VTEPs will also be routing in and out of the fabric using eigrp.

Has anyone done this type of config before? Any advice would be greatly appreciated.

Cheers,

Waqas

MHM Cisco World · ‎06-21-2025

Why vxlan? You can simply Interconnect both site and run hsrp in four Nexus

The interconnect use for l2 bridge traffic and each site will have it active hsrp nexus.

MHM

waqas gondal · ‎06-21-2025

The link between sites is layer 2 and we want to avoid the potential of spanning tree issues. We had vxlan working in this setup before without the evpn and distributed anycast gateway. That design is no longer supported.

waqas gondal · ‎06-21-2025

Here is a sample config I have put together for all 4 VTEPs. Is there a benefit to using layer 3 VNI if we are already routing in the underlay?

feature bgp
feature pim
feature fabric forwarding
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay

nv overlay evpn

ip pim rp-address 10.x.x.x group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
ip pim anycast-rp 10.x.x.x <secondary loopback IP SRY>
ip pim anycast-rp 10.x.x.x <secondary loopback IP TRL>

interface loopback0
ip address 10.x.x.x/32
ip address 10.x.x.x/32 secondary (must be the same on both switches in vpc)
ip pim sparse-mode

int Ethernet1/x <If ports are routed>
ip pim sparse-mode

router bgp (ibgp)
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
retain route-target all
advertise-pip
template peer LEAF
remote-as (ibgp)
update-source loopback0
address-family ipv4 unicast
send-community extended
route-reflector-client
soft-reconfiguration inbound
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 10.x.x.x
inherit peer LEAF
neighbor 10.x.x.x
inherit peer LEAF
neighbor 10.x.x.x
inherit peer LEAF

interface nve1
no shutdown
host-reachability protocol bgp
advertise virtual-rmac
source-interface loopback0

vlan 10
vn-segment 100010

interface nve1
member vni 100010
suppress-arp
mcast-group 224.1.1.192

evpn
vni 100010 l2
rd auto
route-target import auto
route-target export auto

fabric forwarding anycast-gateway-mac aaaa.bbbb.cccc

interface Vlan10
no shutdown
ip address 10.x.x.x/24
fabric forwarding mode anycast-gateway

Pavel Tarakanov · ‎06-21-2025

Interface VLAN should be in non-default VRF, so you need create VRF and put VLAN to this VRF.

As you create VRF, it's better to map it to L3VNI, so fabric will be able to route traffic between VLANs inside one VRF.

For such a small setup I'd recommend to move from multicast to ingress replication, as it will allow to not use PIM.

Highly recommend to move from BGP ipv4 unicast family to any other IGP (OSPF, IS-IS), as you need it only for propagate information about Loopbacks readability.

You can find detailed information about VXLAN implementation by link below:

https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/104x/configuration/vxlan/cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-release-104x.html

waqas gondal · ‎06-22-2025

Thanks, this is helpful