Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
930
Views
0
Helpful
1
Replies

Playing with CSR1000 in the lab; Looking for a sample config showing VXLAN and EVPN using BGP as control plane

Q5
Level 1
Level 1

ā€Ž11-16-2018 10:55 PM - edited ā€Ž03-01-2019 03:12 PM

Assume I have 
(two lan interfaces)R1----R2---R3((two lan interfaces)

R1 has two LAN interfaces each one connected to a vlan (vlan 100 and vlan 200)

R3 has two LAN interfaces each one connected to a vlan (vlan 100 and vlan 200)

The target is to bridge the two vlans 100 and 200,across R1,R2,R3

Here is a similar config but using muticast for host reachability and only one vlan 

https://www.packet-forwarding.net/?s=BGP+EVPN

 

If this would be in the Data Center I know that I have to associate the vlans to their VNIs and then associate the VNIs to the the NVE
Since vlans can't be defined on the CSR I guess I have to create a bridge but I can't figure out how to associate that with the NVE. I am getting an error like below

bridge-domain 3 
 member vni 6000
 member GigabitEthernet4 service-instance 3
 member GigabitEthernet5 service-instance 3
interface GigabitEthernet4
 no ip address
 negotiation auto
 no mop enabled
 no mop sysid
 cdp enable
 service instance 3 ethernet
 encapsulation dot1q 100
 rewrite ingress tag pop 1 symmetric
 !
!
interface GigabitEthernet5
 no ip address
 negotiation auto
 no mop enabled
 no mop sysid
 cdp enable
 service instance 3 ethernet
 encapsulation dot1q 200
 rewrite ingress tag pop 1 symmetric
interface nve1
 no ip address
 source-interface Loopback0
 host-reachability protocol bgp
 no mop enabled
 no mop sysid

CSR3(config)#int nve 1

CSR3(config-if)#member vni 6000 
%Host-reachability protocol bgp is already enabled for the NVE interface,so not allowed to configure L2DP VNIs





This seems to be a SP topic and I am out of my domain here
 


 

 

 

 

Labels:
0 Helpful
1 Reply 1

Elvin Arias Soto
Cisco Employee
Cisco Employee

ā€Ž12-03-2018 03:47 PM

Hi Q5,

 

Probably would be better to try to go through the VXLAN theory and then optimizations that can be implemented like BGP-EVP SAFI.

 

For that, you can refer to Cisco online documentation on this, https://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/white-paper-c11-729383.html.

 

This is on Nexus, but is a paper that explains the pieces. As per CSR1000v, this virtual platform supports the functionality of being a VXLAN Termination Endpoint (VTEP), meaning, that this device can sit on the edge and is capable of (ā€œunderstandā€) encapsulate/decapsulate VXLAN.

 

Another useful documentation is found in https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/vxlan/m_csr-vxlan-support-book.html, which indicates that CSR1000v supports L2 gateway functionality.

 

So, CSR1000v only supports L2 gateway and EVPN RR. If you want to see a reference configuration for L3 gateway + BGP, visit https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cether/configuration/xe-16/ce-xe-16-book/evpn-vxlan-l3.html.

 

###

 

I will create a VXLAN network based on topology file posted named ā€œSAMPLE TOPOLOGYā€. Configurations are attached for your reference, both topology and configurations are inside a file named "VXLAN-EX.zip". As per observations of the scenario:

 

1. Two VTEPs named VTEP1 and VTEP2 respectively these will be the devices encapsulating the Ethernet frames in to VXLAN.

2. Multicast flood and learn is used in the network.

3. Basic connectivity inside each VNID (L2VNID) is reached since bridge-domain MACs are populated for each VTEP.

4. NVE interface multicast groups are seen end-to-end for S,G = Loopback of VTEP, GROUP FOR VNID.

 

### Verifications: We will perform verifications from VTEP1 mostly, but same applies on VTEP2.

 

1. L2 bridge-domain + corresponding VNID:

 

 

VTEP1#show bridge-domain 
Bridge-domain 46 (2 ports in all)
State: UP                    Mac learning: Enabled
Aging-Timer: 300 second(s)
    GigabitEthernet3 service instance 46
    vni 40046
   AED MAC address    Policy  Tag       Age  Pseudoport
   0   FA16.3EB5.DC1F forward dynamic   299  GigabitEthernet3.EFP46
   0   FA16.3EB4.8CC3 forward dynamic   298  nve999.VNI40046, VxLAN 
                                             src: 1.1.1.1 dst: 3.3.3.3

Bridge-domain 57 (2 ports in all)
State: UP                    Mac learning: Enabled
Aging-Timer: 300 second(s)
    GigabitEthernet4 service instance 57
    vni 40057
   AED MAC address    Policy  Tag       Age  Pseudoport
   0   FA16.3EA5.6E0A forward dynamic   297  GigabitEthernet4.EFP57
   0   FA16.3EDF.8BB7 forward dynamic   298  nve999.VNI40057, VxLAN 
                                             src: 1.1.1.1 dst: 3.3.3.3

2. NVE peers:

 

VTEP1#show nve peers 
Interface  VNI      Type Peer-IP          Router-RMAC    eVNI     state flags UP time
nve999     40057    L2DP 3.3.3.3         
nve999     40046    L2DP 3.3.3.3   

VTEP1#show nve vni summary 

L3CP VNI number: Total 0 Up 0 Down 0
L2DP VNI number: Total 2 Up 2 Down 0

Interface  Total      Up         AdminDown  BdAdminDow Down       Mode      
nve999     2          2          0          0          0          DP

3. Multicast S,G for each VNID.

 

 

 

VTEP1#show ip mroute 239.0.0.46
IP Multicast Routing Table

(*, 239.0.0.46), 00:20:05/stopped, RP 2.2.2.2, flags: SJCFx
  Incoming interface: GigabitEthernet2.12, RPF nbr 12.0.0.2
  Outgoing interface list:
    Tunnel1, Forward/Sparse-Dense, 00:20:05/00:00:56

(3.3.3.3, 239.0.0.46), 00:16:43/00:02:30, flags: JTx
  Incoming interface: GigabitEthernet2.12, RPF nbr 12.0.0.2
  Outgoing interface list:
    Tunnel1, Forward/Sparse-Dense, 00:16:43/00:01:16

(1.1.1.1, 239.0.0.46), 00:17:30/00:02:08, flags: FTx
  Incoming interface: Loopback0, RPF nbr 0.0.0.0
  Outgoing interface list:
    GigabitEthernet2.12, Forward/Sparse, 00:17:30/00:02:46

VTEP1#show ip mroute 239.0.0.57 
IP Multicast Routing Table

(*, 239.0.0.57), 00:20:11/stopped, RP 2.2.2.2, flags: SJCFx
  Incoming interface: GigabitEthernet2.12, RPF nbr 12.0.0.2
  Outgoing interface list:
    Tunnel1, Forward/Sparse-Dense, 00:20:11/00:00:50

(1.1.1.1, 239.0.0.57), 00:13:18/00:02:24, flags: FTx
  Incoming interface: Loopback0, RPF nbr 0.0.0.0
  Outgoing interface list:
    GigabitEthernet2.12, Forward/Sparse, 00:13:18/00:02:58

(3.3.3.3, 239.0.0.57), 00:16:55/00:02:01, flags: JTx
  Incoming interface: GigabitEthernet2.12, RPF nbr 12.0.0.2
  Outgoing interface list:
    Tunnel1, Forward/Sparse-Dense, 00:16:55/00:01:04

4. EIGRP adjacencies on HOSTs on VLANs 46 and 57:

 

 

VLAN46-R4#show ip eigrp neighbors 
EIGRP-IPv4 Neighbors for AS(46)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   46.0.0.6                Gi2.46                   13 00:07:37    4   150  0  4

VLAN57-R5#show ip eigrp neighbors 
EIGRP-IPv4 Neighbors for AS(57)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   57.0.0.7                Gi2.57                   12 00:07:35    4   100  0  4

###

 

If you find documentation with L3 gateway on CSR1000v, I would be glad to review it and post a sample scenario. Hopefully with this is easier for you.

 

Regards,

 

Elvin

VXLAN-EX.zip
0 Helpful
Customers Also Viewed These Support Documents