Solved

BGP EVPN for multi-tenants

  • 26 September 2018
  • 15 replies
  • 963 views

Hello,

I have been looking for some detailed documentation regarding BGP EVPN configuration for multi-tenant environment. I have found some on Cumulus website and was able to produce vxlan/vni in a single VRF but I am not able to expand the vxlan/vni network to multi-tenant successfully.

Can someone post a complete configurations for leafs and spines with BGP EVPN with multiple VRFs?

Thanks,
icon

Best answer by Eric Pulvino 26 September 2018, 17:40

You can see a multitenant EVPN symmetric configuration in the "flatfiles" directory of this repository. https://github.com/CumulusNetworks/citc-evpn-symmetric
View original

15 replies

Userlevel 5
You can see a multitenant EVPN symmetric configuration in the "flatfiles" directory of this repository. https://github.com/CumulusNetworks/citc-evpn-symmetric
Thanks Eric.

That helped, but I still have an issue where I have two L2 VNIs in a VRF and try to establish a connectivity(routing) between them. I am not fully clear on how the configs around the L3/L2 VNIs need to be structured yet..

Any inputs appreciated.

Thanks!
Userlevel 5
SVIs need to be present for the two VLANs which support the L2 VNIs. Without the SVIs present, there will be no routing between them. The SVIs don't need to exist on any switch with symmetric mode.
I actually have the SVIs on every leaf switch in the pod, and the VLANs belong to a VRF.
I can ping the SVI of the VLAN B from a host in the VLAN A and vice versa, but I can't ping a host in VLAN A from a host in VLAN B or vice versa..
Userlevel 5
Is this in VX or on Real HW?

If it's in VX I've found that I sometimes need to add a unique IP address to each SVI, not just the VRR shared gateway IP address. I have been meaning to follow-up on this issue internally.
This is in VX. I will try different IPs and see..

Thanks,
Userlevel 5
The two addresses are shown here in the example....
https://github.com/CumulusNetworks/citc-evpn-symmetric/blob/master/flatfiles/leaf01/interfaces#L142-L143
So, the gateway IP being the virtual with the mac on it, and a different IP on the physical?
Can I use the same set on all the leaf switches?
Userlevel 5
Again this does not affect HW, but in the VX world a unique IP is needed there. when testing I might use .254 as the gateway for a /24 and then use .253, .252 and walk downwards for the various switch pairs, I have not tried reusing the "unique" SVI addresses (but of course I can se why you would want to do this). Again this does not affect HW AFAIK, as traffic is handled differently.
Hmm, odd. all three VMs I am testing with went offline now since the change.
Here is what I have:

[leaf1]
interface vlan110
address 10.10.0.2/24
address-virtual 00:00:00:00:00:1a 10.10.0.1/24
vlan-id 110
vlan-raw-device bridge
vrf al

interface vlan120
address 10.20.0.2/24
address-virtual 00:00:00:00:00:1b 10.20.0.1/24
vlan-id 120
vlan-raw-device bridge
vrf fs

interface vlan130
address 10.30.0.2/24
address-virtual 00:00:00:00:00:1c 10.30.0.1/24
vlan-id 130
vlan-raw-device bridge
vrf fs

[leaf2]
interface vlan110
address 10.10.0.3/24
address-virtual 00:00:00:00:00:1a 10.10.0.1/24
vlan-id 110
vlan-raw-device bridge
vrf al

interface vlan120
address 10.20.0.3/24
address-virtual 00:00:00:00:00:1b 10.20.0.1/24
vlan-id 120
vlan-raw-device bridge
vrf fs

interface vlan130
address 10.30.0.3/24
address-virtual 00:00:00:00:00:1c 10.30.0.1/24
vlan-id 130
vlan-raw-device bridge
vrf fs

[leaf3]
interface vlan110
address 10.10.0.4/24
address-virtual 00:00:00:00:00:1a 10.10.0.1/24
vlan-id 110
vlan-raw-device bridge
vrf al

interface vlan120
address 10.20.0.4/24
address-virtual 00:00:00:00:00:1b 10.20.0.1/24
vlan-id 120
vlan-raw-device bridge
vrf fs

interface vlan130
address 10.30.0.4/24
address-virtual 00:00:00:00:00:1c 10.30.0.1/24
vlan-id 130
vlan-raw-device bridge
vrf fs
It does not seem like the suggested work around would solved the problem.
Is there anyone I can contact to get some help?
Userlevel 2
@noster It would be best to talk to the SE in your region. If you tell us where you're located, we could point a colleague your way.
Hi Attilla,

Yep, I have actually raised this to my SE earlier this morning.
Thanks! 🙂
@noster Make sure your vswitch/hypervisor is allowing MAC address changes and forged transmits to support your VRR framework.
Im having a similar issue , I think .

what I am trying to accomplish is basically VLAN 10 on leaf1 and VLAN 20 on leaf 2

the VLANs are isolated only to their own leaf.

these VLANs are also in a VRF (same VRF).

trying to basically route from VLAN 10 to VLAN 20 via VXLAN.

is this possible ? basically creating a MPLS like behavior.
been working in my lab for days on it (GNS3 VX Lab).

I cannot ping from a host on VLAN 10 to a host on VLAN 20.

followed the configuration on the GitHub , however I believe it is a little bit different scenario.

Reply