EVPN Hybrid IRB Mode

EVPN hybrid IRB modes

An EVPN hybrid IRB mode is a VXLAN EVPN feature that

  • enables VTEPs operating in symmetric IRB mode to interoperate with asymmetric IRB VTEPs in the same network fabric

  • supports both intra-subnet bridging and inter-subnet routing across VTEPs using integrated routing and bridging (IRB) functionality,

  • allows hybrid IRB VTEPs to maintain scalable symmetric operations with other symmetric or hybrid VTEPs while also interoperating with asymmetric VTEPs.

EVPN hybrid IRB models

EVPN VXLAN networks provide integrated routing and bridging using two main models:

  • Asymmetric IRB: Acts as a Layer-2 VPN overlay. Inter-subnet routing occurs only at the ingress VTEP, which handles both routing and bridging. All Layer-2 VPNs must exist on all VTEPs involved in inter-subnet routing for a given IP VRF, and ARP/ND information is populated everywhere.

  • Symmetric IRB: Functions as both Layer-2 and Layer-3 VPN overlay. Inter-subnet routing is distributed, so both ingress and egress VTEPs perform routing and bridging. Only local Layer-2 VPNs are needed on each VTEP, and ARP/ND consumption is local to endpoints.

Inter-subnet routing between symmetric and asymmetric IRB VTEPs was previously not possible; hybrid IRB mode introduces interoperability so these models can coexist within the same fabric.

EVPN hybrid IRB control plane and provisioning

Comparison of EVPN IRB modes

IRB Mode Routing Location Bridging Location Interoperability
Asymmetric IRB Ingress VTEP only Both ingress and egress Cannot route with symmetric VTEPs without hybrid mode
Symmetric IRB Both ingress and egress VTEPs Both ingress and egress Works with other symmetric/hybrid VTEPs
Hybrid IRB Symmetric routing between hybrid VTEPs; interoperates with asymmetric Both ingress and egress Enables symmetric/asymmetric routing together

Example

A data center fabric includes both legacy asymmetric IRB VTEPs and newer symmetric IRB VTEPs. By enabling hybrid IRB mode, network operators allow these different VTEP types to route and bridge traffic together, supporting mixed deployments as the network transitions to fully symmetric IRB.

Analogy

Hybrid IRB mode is like a translator allowing two people who speak different dialects—the asymmetric and symmetric IRB models—to communicate within the same team (network fabric), facilitating collaboration and smooth operation despite their differences.

Supported features and limitations of EVPN hybrid IRB mode

EVPN hybrid IRB mode offers a set of advanced networking features for overlay deployments, along with specific operational guidelines and limitations.

Supported features

  • Hybrid mode can be enabled per Layer 3 interface.

  • Supports both IPv4 and IPv6 overlay endpoints.

  • Host mobility is fully supported.

  • Both ingress replication and multicast underlay are supported.

  • Multicast and ingress replication underlay can coexist across different VLANs.

  • Supports distributed Anycast Gateway.

  • Supports virtual Port Channel (vPC).

Guidelines and limitations

  • Hybrid mode is not supported on DCI Border Gateway devices.

  • In distributed Anycast Gateway mode, asymmetric IRB must also be provisioned with the same anycast gateway MAC and IP address.

Supported platforms

Supported platforms include Cisco Nexus 9300-EX, FX, FX2, FX3, GX switches, and certain 9500 Series switches (with some features requiring specific NX-OS releases or line cards).

Configure EVPN hybrid IRB mode

Enable seamless interoperability between symmetric and asymmetric IRB VTEPs within the same fabric by configuring hybrid IRB mode on a Cisco NX-OS device.

Before you begin

  • Administrator access to the NX-OS device.

Procedure

Step 1

Define the VLAN and associate it with a VNI:

switch# configure terminal
switch(config)# vlan 201
switch(config-vlan)# vn-segment 20001
switch(config-vlan)# exit
switch(config)#

Step 2

Create the VLAN interface and assign VRF and IP address:

switch(config)# interface vlan201
switch(config-if)# no shutdown
switch(config-if)# vrf member vrf_30001
switch(config-if)# ip address 10.1.1.1/16

Step 3

Enable hybrid IRB mode for the SVI:

switch(config-if)# fabric forwarding mode anycast-gateway hybrid
switch(config-if)# exit
switch(config)#

Step 4

Save your configuration.

Example:

switch# copy running-config startup-config

Step 5

Verify the configured VNIs and the Hybrid IRB Mode

Example:

switch# show nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP
SU - Suppress Unknown Unicast
Xconn - Crossconnect
MS-IR - Multisite Ingress Replication
HYB - Hybrid IRB Mode
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1 5001 234.1.1.1 Up CP L2 [1001]
nve1 5002 234.1.1.1 Up CP L2 [1002]
nve1 5010 225.1.1.1 Up CP L2 [3003] HYB
nve1 6010 n/a Up CP L3 [vni_6010]
nve1 10001 n/a Up CP L3 [vni_10001]
nve1 30001 234.1.1.1 Up CP L2 [3001] HYB
nve1 30002 234.1.1.1 Up CP L2 [3002] HYB

The device operates in hybrid IRB mode, allowing inter-subnet communication with both symmetric and asymmetric IRB VTEPs.