Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2603
Views
15
Helpful
3
Replies

configuring bgp evpn with Cisco CSR

Go to solution
sachin30720041
Level 1
Level 1

‎09-19-2021 03:54 PM

Hello All,

 

I am new to the BGP EVPN configuration on the cisco CSR.

I have 4 routers.

 

R1------R2

 |             |

R3          R4

 

R1 and R2 have a BGP EVPN session between them.

lo0 of R1=11.11.11.11

lo0 of R2=22.22.22.22

gig3 of R1 is connected with gig0/0 of r3.

gig3 of R2 is connected with gig0/0 of r4.

R1:-

-------------------

router bgp 100

 bgp router-id 11.11.11.11

 bgp log-neighbor-changes

 no bgp default ipv4-unicast

 neighbor 22.22.22.22 remote-as 200

 neighbor 22.22.22.22 ebgp-multihop 255

 neighbor 22.22.22.22 update-source Loopback0

 !

 address-family ipv4

 exit-address-family

 !

 address-family l2vpn evpn

  neighbor 22.22.22.22 activate

  neighbor 22.22.22.22 send-community both

 exit-address-family

 !

 address-family ipv4 vrf vrf1

  advertise l2vpn evpn

  redistribute connected

 exit-address-family

 

interface GigabitEthernet3

 vrf forwarding vrf1

 ip address 100.10.10.1 255.255.255.0

end

 

R2:-

--------

router bgp 200

 bgp router-id 22.22.22.22

 bgp log-neighbor-changes

 no bgp default ipv4-unicast

 neighbor 11.11.11.11 remote-as 100

 neighbor 11.11.11.11 ebgp-multihop 255

 neighbor 11.11.11.11 update-source Loopback0

 !

 address-family ipv4

 exit-address-family

 !

 address-family l2vpn evpn

  neighbor 11.11.11.11 activate

  neighbor 11.11.11.11 send-community both

 exit-address-family

 !

 address-family ipv4 vrf vrf2

  advertise l2vpn evpn

  redistribute connected

 exit-address-family

 

interface GigabitEthernet3

 vrf forwarding vrf1

 ip address 100.10.10.1 255.255.255.0

end

 

Bgp evpn session is up. But I am not able to ping between R3 and R4.

I am not seeing 'MAC/IP advertisement route' route type on the CSRs.

r1#show bgp l2vpn evpn 

BGP table version is 8, local router ID is 11.11.11.11

Route Distinguisher: 1:1 (default for vrf vrf1)

 *>   [5][1:1][0][24][100.10.10.0]/17

                      0.0.0.0                  0         32768 ?

Route Distinguisher: 2:2

 *>   [5][2:2][0][27][10.1.1.0]/17

                      22.22.22.22                            0 200 ?

 

Are there any good resources/tutorials to learn BGP EVPN configuration on the CSR routers?

 

 

Labels:
2 Accepted Solutions

Accepted Solutions

Go to solution
Harold Ritter
Level 12
Level 12

‎09-19-2021 08:59 PM

Hi @sachin30720041 ,

 

You can use the following guide.

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l2_vpns/configuration/xe-16-8/mp-l2-vpns-xe-16-8-book/evpn-single-homing.html

 

Bottom line is that you need to configure the customer facing interface something like this.

 

l2vpn evpn instance 10 vlan-based 
!
bridge-domain 10 
 member GigabitEthernet3 service-instance 10  
 member evpn-instance 10 
!
interface GigabitEthernet3
 service instance 10 ethernet 
  encapsulation dot1q 10
 !

And if you want to configure and IP address and VRF interface you need to use a bridge-domain interface (BDI).

interface BDI10
vrf forwarding vrf1
ip address 100.10.10.1 255.255.255.0
encapsulation dot1Q 10

Regards,
Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

0 Helpful

Go to solution
Harold Ritter
Level 12
Level 12
In response to sachin30720041

‎10-15-2021 04:46 PM

Hi @sachin30720041 ,

 

The issue is due to a limitation on the CSR1000v. It does not work when you configure a subinterface with dot1q encapsulation. This is why the ping doesn't work from one CE to the other. I would suggest applying the following configuration on the two CEs.

 

CE1:

 

no interface gi1.10

interface gi1

service instance 10 ethernet
encapsulation dot1q 10

!

bridge-domain 10
member GigabitEthernet1 service-instance 10

!

interface BDI10
ip address 100.10.10.10 255.255.255.0
encapsulation dot1Q 10

no shutdown

 

CE2:

 

no interface gi1.10

interface gi1

service instance 10 ethernet
encapsulation dot1q 10

!

bridge-domain 10
member GigabitEthernet1 service-instance 10

!

interface BDI10
ip address 100.10.10.20 255.255.255.0
encapsulation dot1Q 10

no shutdown

 

 

This should fix the issue.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Harold Ritter
Level 12
Level 12

‎09-19-2021 08:59 PM

Hi @sachin30720041 ,

 

You can use the following guide.

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l2_vpns/configuration/xe-16-8/mp-l2-vpns-xe-16-8-book/evpn-single-homing.html

 

Bottom line is that you need to configure the customer facing interface something like this.

 

l2vpn evpn instance 10 vlan-based 
!
bridge-domain 10 
 member GigabitEthernet3 service-instance 10  
 member evpn-instance 10 
!
interface GigabitEthernet3
 service instance 10 ethernet 
  encapsulation dot1q 10
 !

And if you want to configure and IP address and VRF interface you need to use a bridge-domain interface (BDI).

interface BDI10
vrf forwarding vrf1
ip address 100.10.10.1 255.255.255.0
encapsulation dot1Q 10

Regards,
Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Go to solution
sachin30720041
Level 1
Level 1
In response to Harold Ritter

‎10-15-2021 03:53 PM

Hi Harold, 

 

r1-----r2----r3----r4

R1's loopback:- 11.11.11.11

R2's loopback:-22.22.22.22

R2's Gi3 is connected with R1's gi1

R3's gi3 is connected with R4's gi1

 

I followed the tutorial you mentioned in the previous post. but ping between R1 and R4 is not working. I am using CSR1000V routers.

Config on R2:-

router bgp 1
bgp log-neighbor-changes
neighbor 22.22.22.22 remote-as 2
neighbor 22.22.22.22 ebgp-multihop 255
neighbor 22.22.22.22 update-source Loopback0
!
address-family ipv4
neighbor 22.22.22.22 activate
exit-address-family
!
address-family l2vpn evpn
neighbor 22.22.22.22 activate
neighbor 22.22.22.22 send-community extended
exit-address-family

 

bridge-domain 10
mac aging-time 30
member GigabitEthernet3 service-instance 10
member evpn-instance 10

 

l2vpn evpn
replication-type ingress
mpls label mode per-ce
router-id Loopback0


l2vpn evpn instance 10 vlan-based

rd 1:1
route-target export 1:1
route-target import 1:1
route-target import 2:2
no auto-route-target

 

interface GigabitEthernet3
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10

 

R3:-

router bgp 2
bgp log-neighbor-changes
neighbor 11.11.11.11 remote-as 1
neighbor 11.11.11.11 ebgp-multihop 255
neighbor 11.11.11.11 update-source Loopback0
!
address-family ipv4
neighbor 11.11.11.11 activate
exit-address-family
!
address-family l2vpn evpn
neighbor 11.11.11.11 activate
neighbor 11.11.11.11 send-community extended
exit-address-family

 

l2vpn evpn
replication-type ingress
mpls label mode per-ce
router-id Loopback0


l2vpn evpn instance 10 vlan-based
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 1:1
no auto-route-target

 

bridge-domain 10
mac aging-time 30
member GigabitEthernet3 service-instance 10
member evpn-instance 10

 

interface GigabitEthernet3
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10

 

R1:-

interface GigabitEthernet1.10
encapsulation dot1Q 10
ip address 100.10.10.10 255.255.255.0
end

 

R4:-

interface GigabitEthernet1.10
encapsulation dot1Q 10
ip address 100.10.10.20 255.255.255.0

 

 

Thanks,

Sachin

 

 

 

 

Go to solution
Harold Ritter
Level 12
Level 12
In response to sachin30720041

‎10-15-2021 04:46 PM

Hi @sachin30720041 ,

 

The issue is due to a limitation on the CSR1000v. It does not work when you configure a subinterface with dot1q encapsulation. This is why the ping doesn't work from one CE to the other. I would suggest applying the following configuration on the two CEs.

 

CE1:

 

no interface gi1.10

interface gi1

service instance 10 ethernet
encapsulation dot1q 10

!

bridge-domain 10
member GigabitEthernet1 service-instance 10

!

interface BDI10
ip address 100.10.10.10 255.255.255.0
encapsulation dot1Q 10

no shutdown

 

CE2:

 

no interface gi1.10

interface gi1

service instance 10 ethernet
encapsulation dot1q 10

!

bridge-domain 10
member GigabitEthernet1 service-instance 10

!

interface BDI10
ip address 100.10.10.20 255.255.255.0
encapsulation dot1Q 10

no shutdown

 

 

This should fix the issue.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful
Customers Also Viewed These Support Documents