Configuring Seamless Integration of EVPN with L3VPN SRv6

This chapter contains the following sections:

About Seamless Integration of EVPN with L3VPN SRv6 Handoff

Data Center (DC) deployments have adopted VXLAN EVPN for its benefits such as EVPN control-plane learning, multitenancy, seamless mobility, redundancy, and easier POD additions. Similarly, the CORE is either an IP-based L3VPN SRv6 network or transitioning from the IPv6-based L3VPN underlay to a more sophisticated solution like IPv6 Segment Routing (SRv6) for IPv6. SRv6 is adopted for its benefits such as:

  • Simpler traffic engineering (TE) methods

  • Easier configuration

  • SDN adoption

With two different technologies, one within the data center (DC) and one in the Core, there is traffic handoff from VXLAN to an SRv6 core that becomes a necessity at the DCI nodes, which sit at the edge of the DC domain and interface with the Core edge router.

Traffic Handoff Process between EVPN-VXLAN and L3VPN SRv6

For traffic ingressing the EVPN-VxLAN fabric, the BGP EVPN routes get imported into a local VRF which contains the RD of the VRF. The bestpath is calculated and installed in the VRF's RIB, then inserted into the L3VPN SRv6 table. Along with the bestpath, the VRF's RD and per-VRF SRv6 SID are included. The L3VPN SRv6 route target is sent with the route, which is advertised to the L3VPN SRv6 peer.

For traffic egressing the EVPN VxLAN fabric, the BGP L3VPN SRv6 routes get imported into a local VRF which contains the RD of the VRF. The bestpath is calculated and installed in the VRF's RIB, then inserted into the EVPN table. Along with the bestpath, the VRF's RD and VNI are included. The EVPN-VXLAN route target is sent with the route, which is advertised to the EVPN-VxLAN peer.

The following figure illustrates the handoff between BGP EVPN VXLAN and L3VPN SRv6:

Figure 1. BGP EVPN VXLAN to L3VPN SRv6 Handoff

Guidelines and Limitations for EVPN to L3VPN SRv6 Handoff

General Guidelines and Limitations

  • The same RD import is supported for L3VPN SRV6 fabrics.

  • The same RD import is not supported for EVPN VXLAN fabrics.

  • On a handoff device, do not use the same RD import on the EVPN VXLAN side.

Platform and Release Support

  • Beginning with Cisco NX-OS Release 9.3(3), support is added for the following switches:

    • Cisco Nexus C93600CD-GX

    • Cisco Nexus C9364C-GX

    • Cisco Nexus C9316D-GX

  • Beginning with Cisco NX-OS Release 10.2(1q)F, SRv6 DCI handoff is supported on Cisco Nexus 9332D-GX2B platform switches.

  • Beginning with Cisco NX-OS Release 10.2(3)F, EVPN to L3VPN SRv6 Handoff is supported on Cisco Nexus 9300-GX2 platform switches.

Import L3VPN SRv6 Routes into EVPN VXLAN

Before you begin

Make sure you have a fully configured L3VPN SRv6 fabric. For more information, see "Configuring Layer 3 VPN over SRv6" in the Cisco Nexus 9000 Series NX-OS SRv6 Configuration Guide.

The process of handing off routes from the L3VPN SRv6 domain to the EVPN VXLAN fabric requires configuring the import condition for L3VPN SRv6 routes. Routes can be either IPv4 or IPv6. This task configures unidirectional route advertisement into the EVPN VXLAN fabric. For bidirectional advertisement, you must explicitly configure the import condition for the L3VPN SRv6 domain.

Procedure

SUMMARY STEPS

  1. config terminal
  2. router bgp as-number
  3. neighbor bgp ipv6-address remote-as as-number
  4. address family vpnv4 unicast or address family vpnv6 unicast
  5. import l2vpn evpn route-map name [reoriginate]

DETAILED STEPS

Step 1

config terminal

Example:

switch-1# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch-1(config)#

Enter configuration mode.

Step 2

router bgp as-number

Example:

switch-1(config)# router bgp 100
switch-1(config-router)#

Enter BGP router configuration mode.

Step 3

neighbor bgp ipv6-address remote-as as-number

Example:

switch-1(config-router)# neighbor fc:1234::1 remote-as 200
switch-1(config-router-neighbor)#

Enter BGP router configuration mode.

Step 4

address family vpnv4 unicast or address family vpnv6 unicast

Example:

switch-1(config-router-neighbor)# address-family vpnv4 unicast 
switch-1(config-router-neighbor-af)#

Example:

switch-1(config-router-neighbor)# address-family vpnv6 unicast 
switch-1(config-router-neighbor-af)#

Configure the IPv4 or IPv6 address family for unicast traffic that the EVPN VXLAN will handoff to L3VPN SRv6.

Step 5

import l2vpn evpn route-map name [reoriginate]

Example:

switch-1(config-router-neighbor-af)# import l2vpn evpn route-map test reoriginate 
switch-1(config-router-neighbor-af)#

Configure the IPv4 or IPv6 address family for unicast traffic that EVPN VXLAN will handoff to L3VPN SRv6. This command enables routes learned from L3VPN SRv6 domain to be advertised to the EVPN VXLAN domain. Using the optional reoriginate keyword advertises only domain-specific RTs.

What to do next

For bidirectional route advertisement, configure importing EVPN VXLAN routes into the L3VPN SRv6 domain.

Importing EVPN VXLAN Routes into L3VPN SRv6

Before you begin

Make sure you have a fully configured L3VPN SRv6 fabric. For more information, see "Configuring Layer 3 VPN over SRv6" in the Cisco Nexus 9000 Series NX-OS SRv6 Configuration Guide.

The process of handing off routes from the EVPN VXLAN fabric to the L3VPN SRv6 domain requires configuring the import condition for EVPN VXLAN routes. Routes can be either IPv4 or IPv6. This task configures unidirectional route advertisement into the L3VPN SRv6 fabric. For bidirectional advertisement, you must explicitly configure the import condition for the EVPN VXLAN domain.

Procedure

SUMMARY STEPS

  1. config terminal
  2. router bgp as-number
  3. neighbor ipv6-address remote-as as-number
  4. address-family l2vpn evpn
  5. import vpn unicast route-map name [reoriginate]

DETAILED STEPS

Step 1

config terminal

Example:

switch-1# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch-1(config)#

Enter configuration mode.

Step 2

router bgp as-number

Example:

switch-1(config)# router bgp 200
switch-1(config-router)#

Enter BGP router configuration mode.

Step 3

neighbor ipv6-address remote-as as-number

Example:

switch-1(config-router)# neighbor fc:1234::1 remote-as 100
switch-1(config-router-neighbor)#

Enter BGP router configuration mode.

Step 4

address-family l2vpn evpn

Example:

switch(config-router-neighbor)# address-family l2vpn evpn
switch(config-router-neighbor-af)#

Configure the address family for unicast traffic that EVPN VXLAN will handoff to L3VPN SRv6.

Step 5

import vpn unicast route-map name [reoriginate]

Example:

switch-1(config-router-neighbor-af)# import vpn unicast route-map test reoriginate 
switch-1(config-router-neighbor-af)#

Configure the IPv4 or IPv6 address family for unicast traffic that EVPN VXLAN will handoff to L3VPN SRv6. This command enables routes learned from the EVPN VXLAN domain to be advertised to the L3VPN SRv6 domain. Using the optional reoriginate keyword advertises only domain-specific RTs.

What to do next

For bidirectional route advertisement, configure importing L3VPN SRv6 routes into the EVPN VXLAN fabric.

Example Configuration for VXLAN EVPN to L3VPN SRv6 Handoff

This example provides the configuration steps to enable VXLAN EVPN to L3VPN handoff using SRv6, including VRF setup, interface configuration, and BGP peering. 
feature vn-segment-vlan-based
feature nv overlay 
feature interface-vlan
nv overlay evpn
feature srv6

vrf context customer1
vni 10000
rd auto
address-family ipv4 unicast
route-target both 1:1
route-target both auto evpn
address-family ipv6 unicast
route-target both 1:1
route-target both auto evpn

segment-routing
srv6
encapsulation
source-address loopback1
locators
locator DCI_1
prefix café:1234::/64

interface loopback0
ip address 10.1.1.0/32

interface loopback1
ip address 10.1.1.1/32
ipv6 address fc:4567::1/128

interface nve1
source-interface loopback0
member vni 10000 associate-vrf
host-reachability protocol bgp  

vlan 100
vn-segment 10000

interface vlan 100
ip forward
ipv6 address use-link-local-only
vrf member customer1

router bgp 65000
segment-routing srv6
locator DCI_1
neighbor 10.2.2.2 remote-as 200
remote-as 75000
address-family l2vpn evpn
import vpn route-map | reoriginate
neighbor fc:1234::1 remote-as 100
remote-as 65000
address-family vpnv4 unicast
import l2vpn evpn route-map | reoriginate
address-family vpnv6 unicast
import l2vpn evpn route-map | reoriginate

vrf customer
segment-routing srv6
alloc-mode per-vrf
address-family ipv4 unicast
address-family ipv6 unicast

Note

In the vni number command, do not use the L3 keyword during configuration of VNI under VRF, as the new L3 VNI configuration is not supported on VLAN-BD for VNIs which are dynamically allocated.