The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes EVPN simplification CLI for BGP VRF Auto RD and Auto RT in EVPN on Catalyst 9000 series switches.
Cisco recommends that you have knowledge of these topics:
The information in this document is based on these software and hardware versions:
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Layer 3 EVPN deployments involve VRF configurations with many configuration options, including but not limited to, route distinguisher (RD) and route-targets (RT).
The auto RD would consist of the BGP router-id plus an internal generated unique number, for example, if the BGP router-id is 192.168.1.1, the auto RD would be like "192.168.1.1:1".
The ability to simplify the configuration is highly desirable (if not necessary) for the deployment to be feasible, and has already been widely adopted for the BGP EVPN fabric. This feature is desirable for EVPN, as it helps avoid the writing and maintenance of extensive and complex configurations in Spine-Leaf topologies where many VRFs are configured in a particular leaf.
Note: This feature introduces new CLIs.
VRF |
Virtual Routing Forwarding |
Defines a layer 3 routing domain that be separated from other VRF and global IPv4/IPv6 routing domain |
AF |
Address Family |
Defines which type prefixes and routing info BGP handles |
AS |
Autonomous System |
A set of Internet routable IP prefixes that belong to a network or a collection of networks that are all managed, controlled and supervised by a single entity or organization |
RD |
Route Distinguisher |
Allow BGP to differentiate one prefix from another in different VRFs |
RT |
Route Target |
Route targets are used to constrain routing updates. Determines what prefixes are allowed to be imported by the device |
EVPN |
Ethernet Virtual Private Network |
Extension that allows BGP to transport Layer 2 MAC and Layer 3 IP information is EVPN and uses Multi-Protocol Border Gateway Protocol (MP-BGP) as the protocol to distribute reachability information that pertains to the VXLAN overlay network. |
VXLAN |
Virtual Extensible LAN (Local Area Network) |
VXLAN is designed to overcome the inherent limitations of VLANs and STP. It is a proposed IETF standard [RFC 7348] to provide the same Ethernet Layer 2 network services as VLANs do, but with greater flexibility. Functionally, it is a MAC-in- UDP encapsulation protocol that runs as a virtual overlay on a Layer 3 underlay network. |
Leaf-01#sh run | include vrf rd-auto
vrf rd-auto <-- Enable Auto RD for all the VRFs
Leaf-01#sh run | section vrf definition blue
vrf definition blue
vnid 123 evpn-instance <-- Enable Auto RT
!
address-family ipv4 <-- address-family needs to be specified
route-target 100:123 <-- Optionally can have static route-target as required
exit-address-family
!
Leaf-01#sh run | section vrf definition green
vrf definition green
rd-auto <-- Enable Auto RD for this VRF green
vnid 35 evpn-instance <-- Enable Auto RT
!
address-family ipv4 <-- address-family needs to be specified
exit-address-family
!
address-family ipv6
exit-address-family
Note: It is possible to have static and auto RD for different VRFs, but static RD must NOT have the same actual RD as the Auto RD if the Auto RD is assigned first.
Tip: Currently delete the static RD would delete the configuration of the route-targets being configured in the VRFs, as well as the BGP IPv4 and/or IPv6 VRF address-families (and the associated configuration underneath). Therefore deleting an auto RD would have similar behavior. It is recommended not to trigger the deletion of the RD unless absolutely necessary. A change of RD (that is, a delete of the existing RD, either static or auto, and then an add of a new RD, either static or auto, is costly and requires time of delay for the command to go through)
vrf rd-auto
vrf definition green <-- This VRF green uses auto RD
vnid 35 evpn-instance
!
address-family ipv6
exit-address-family
vrf definition red <-- This VRF red uses static RD
rd-auto disable
rd 100:1
!
address-family ipv4
route-target export 100:1
route-target import 100:1
route-target export 100:1 stitching
route-target import 100:1 stitching
exit-address-family
(This config example is a recap of the existing feature)
Leaf-01#show run | sec r bgp router bgp 65000 <-- Required for Auto RT bgp router-id 192.168.1.1 <-- Required for Auto RD bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 192.168.1.2 remote-as 65000 neighbor 192.168.1.2 update-source Loopback0 neighbor 192.168.1.3 remote-as 65001 neighbor 192.168.1.3 update-source Loopback0 ! address-family ipv4 vrf green
advertise l2vpn evpn
redistributed connected
exit-address-family
!
address-family ipv6 vrf green
advertise l2vpn evpn
redistribute connected
exit-address-family
Note: The configuration for the other Spine Route Reflector is the same, so are not repeated in this section
Note: Other EVPN leafs can use static RD or RT configuration. As long as the RT matches, the EVPN prefixes are able to import/export to each other.
Verify the Leaf, to have auto RD
VTEP1#show vrf blue Name Default RD Protocols Interfaces blue 192.168.1.1:1(auto) ipv4 Vl34 Lo101 Et1/1 Vl4 Vl15
VTEP1#show vrf green Name Default RD Protocols Interfaces green 192.168.1.1:2(auto) ipv6 Lo102 Et1/2 Vl5 Vl13
VTEP1#show vrf detail blue VRF blue (VRF Id = 2); default RD 192.168.1.1:1(auto); default VPNID New CLI format, supports multiple address-families vnid: 123 evpn-instance vni 35000 core-vlan 34 Flags: 0x180C Interfaces: Vl34 Lo101 Et1/1 Vl4 Vl15 Address family ipv4 unicast (Table ID = 0x2): Flags: 0x0 Export VPN route-target communities RT:100:123 RT:65000:123 (auto) Import VPN route-target communities RT:100:123 RT:65000:123 (auto) Export VPN route-target stitching communities RT:65000:123 (auto) Import VPN route-target stitching communities RT:65000:123 (auto) No import route-map No global export route-map No export route-map VRF label distribution protocol: not configured VRF label allocation mode: per-prefix Address family ipv6 unicast not active Address family ipv4 multicast not active Address family ipv6 multicast not active
VTEP1#show vrf detail green VRF green (VRF Id = 4); default RD 192.168.1.1:2(auto); default VPNID New CLI format, supports multiple address-families vnid: 35 evpn-instance Flags: 0x380C Interfaces: Lo102 Et1/2 Vl5 Vl13 Address family ipv4 unicast not active Address family ipv6 unicast (Table ID = 0x1E000002): Flags: 0x0 Export VPN route-target communities RT:65000:35 (auto) Import VPN route-target communities RT:65000:35 (auto) Export VPN route-target stitching communities RT:65000:35 (auto) Import VPN route-target stitching communities RT:65000:35 (auto) No import route-map No global export route-map No export route-map VRF label distribution protocol: not configured VRF label allocation mode: per-prefix Address family ipv4 multicast not active Address family ipv6 multicast not active
If there is an issue with VRF auto RD auto RT you can use debugs to see more about the problem
Enable relevant debugs
Leaf-01#debug ip bgp autordrt
Leaf-01#debug vrf create
Leaf-01#debug vrf delete
Display debug information
VTEP1#show debug VRF Manager: VRF creation debugging is on VRF deletion debugging is on Packet Infra debugs: Ip Address Port ------------------------------------------------------|---------- IP routing: BGP auto rd rt debugging is on
Observe the debugs produced at each configuration step
Leaf-01(config)#vrf definition test *Jun 26 08:19:44.173: LID: Get id @0x7F4414FE4A18 - current A [1..2705] (checking enabled) *Jun 26 08:19:44.173: LID: AVAIL (verified) - id A *Jun 26 08:19:44.173: vrfmgr: VRF test: Created vrf_rec with vrfid 0xA *Jun 26 08:19:44.173: BGP: VRF config event of rd-auto change for vrf test *Jun 26 08:19:44.173: BGP-VPN: bgp vpn global rd-auto for vrf test assigns rd of 192.168.1.1:6 *Jun 26 08:19:44.173: BGP: VRF config event of vnid change for vrf test Leaf-01(config-vrf)#vnid 246 evpn-instance % vnid 246 evpn-instance auto (vni 0 core-vlan 0) is configured in "vrf test" *Jun 26 08:20:03.466: BGP: VRF config event of vnid change for vrf test Leaf-01(config-vrf)#address-family ipv4 *Jun 26 08:20:12.276: vrfmgr: VRF test ipv4 unicast: Received topology create notification *Jun 26 08:20:12.276: vrfmgr: VRF test ipv4 multicast: Received topology create notification *Jun 26 08:20:12.276: vrfmgr: VRF test ipv4 unicast: Created vrf_sub_rec with vrfid 0xA, tableid 0xA *Jun 26 08:20:12.276: BGP: VRF config event of vnid change for vrf test *Jun 26 08:20:12.276: BGP: afi 0 vrf test vnid 246 RT assign *Jun 26 08:20:12.276: BGP: vrf assign auto import stitching rt for VRF test *Jun 26 08:20:12.276: BGP: vrf assign auto export stitching rt for VRF test Leaf-01(config-vrf-af)#address-family ipv6 *Jun 26 08:20:20.949: vrfmgr: VRF test ipv6 unicast: Received topology create notification *Jun 26 08:20:20.949: vrfmgr: VRF test ipv6 multicast: Received topology create notification *Jun 26 08:20:20.949: vrfmgr: VRF test ipv6 unicast: Created vrf_sub_rec with vrfid 0xA, tableid 0x1E000004 *Jun 26 08:20:20.949: BGP: VRF config event of vnid change for vrf test *Jun 26 08:20:20.949: BGP: afi 0 vrf test vnid 246 RT assign *Jun 26 08:20:20.949: BGP: vrf assign auto import stitching rt for VRF test *Jun 26 08:20:20.949: BGP: vrf assign auto export stitching rt for VRF test *Jun 26 08:20:20.949: BGP: afi 1 vrf test vnid 246 RT assign *Jun 26 08:20:20.949: BGP: vrf assign auto import stitching rt for VRF test *Jun 26 08:20:20.949: BGP: vrf assign auto export stitching rt for VRF test Leaf-01(config-vrf-af)#do sh vrf detail test VRF test (VRF Id = 10); default RD 192.168.1.1:6(auto); default VPNID <-- VRF ID = 10 (hex 0xA) | auto RD assigned matches debug "assigns rd of 192.168.1.1:6" New CLI format, supports multiple address-families vnid: 246 evpn-instance Flags: 0x180C No interfaces Address family ipv4 unicast (Table ID = 0xA): Flags: 0x0 Export VPN route-target communities RT:65000:246 (auto) Import VPN route-target communities RT:65000:246 (auto) Export VPN route-target stitching communities RT:65000:246 (auto) Import VPN route-target stitching communities RT:65000:246 (auto) No import route-map No global export route-map No export route-map VRF label distribution protocol: not configured VRF label allocation mode: per-prefix Address family ipv6 unicast (Table ID = 0x1E000004): <-- ID matches debug "Created vrf_sub_rec with vrfid 0xA, tableid 0x1E000004" Flags: 0x0 Export VPN route-target communities RT:65000:246 (auto) Import VPN route-target communities RT:65000:246 (auto) Export VPN route-target stitching communities RT:65000:246 (auto) Import VPN route-target stitching communities RT:65000:246 (auto) No import route-map No global export route-map No export route-map VRF label distribution protocol: not configured VRF label allocation mode: per-prefix Address family ipv4 multicast not active Address family ipv6 multicast not active Leaf-01(config-vrf-af)#do sh run vrf test Building configuration... Current configuration : 145 bytes vrf definition test vnid 246 evpn-instance ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family
By default, Nexus assigns vni-based route-targets (ASN:VNI), while Catalyst assigns evi-based route-targets (ASN:EVI).
When route-target are mismatched you can observe symptoms such as these:
There are a couple options to fix this interop issue
Apply these cli (for option 2) under the l2vpn evpn section
address-family l2vpn evpn
rewrite-evpn-rt-asn <---
Revision | Publish Date | Comments |
---|---|---|
1.0 |
18-Aug-2023 |
Initial Release |