The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Before you configure the VRF Route Sharing functionality to enable the traffic between the ACI and the public cloud, ensure that:
You configure VRF1 and VRF2 on the vPC pair of ACI.
VRF3 are VRF4 on the Cisco Catalyst 8000V instance which peers with VGW have two RTs for each VRF.
The Cisco Catalyst 8000V instance imports EVPN routes of VRF1&2 from ACI into VRF3&4.
The IP BGP on the Cisco Catalyst 8000V side redistributes the routes to the gateway in the public cloud.
The next-hop of routes from ACI are the spine of the border leaf of the ACI.
There are no overlaps of prefix across the Route Sharing VRF.
Advertise the L3 VPN routing and to forward the VRF prefixes to the EVPN neighbours. Run the advertise l2vpn evpn command and export stitching RTs to push the native routes towards the EVPN.
The VRF Sharing functionality supports up to 32 common VRFs, and 1000 customer VRF combination.
This functionality does not support RT filters.
VRF Route Sharing is supported only for IPv4 addresses and not IPv6 addresses.
Consider this sample topology which explains the VRF Route Sharing functionality in a hybrid cloud. In this sample topology, assume the Cisco Catalyst 8000V instance is deployed on the VM of the public cloud. Site A is an ACI deployment site, while Site B is the public cloud.
Leaf 1 and Leaf 2 form the Virtual Port Channel (vPC) pair for ACI. Both vPCs have different Route Distinguishers (RD). VRF1 and VRF2 are configured on the vPC pair for ACI. For example:
VRF1 – RT:RT-EVPN-1, prefix:192.168.1.1
VRF2 – RT:RT-EVPN-2, prefix:192.168.2.2
VRF3 and VRF4 are configured on the Cisco Catalyst 8000V instance. These two VRFs connect to the Voice Gateway (VGW). Each VRF uses a different Route Target (RT). For example:
VRF3 – RT for EVPN: RT-EVPN-3, RT for IP BGP: RT-3, prefix:192.168.3.3
VRF4 – RT for EVPN: RT-EVPN-4, RT for IP BGP: RT-4, prefix:192.168.4.4
In this topology, assume the BGP-EVPN fabric is present between the ACI and the Cisco Catalyst 8000V instance in the public cloud. The IP BGP protocol is used between the Cisco Catalyst 8000V instance and a cloud service provider, such as Microsoft Azure. The BGP-EVPN fabric redistributes the stitching routes between the EVPN and the IP BGP.
To enable the traffic flow between the ACI Site and the Public Cloud, both ACI and the Cisco Catalyst 8000V instance need to support VRF Route Sharing.
The Cisco Catalyst 8000V instance must be able to import the EVPN routes of VRF1 and VRF2 from ACI into VRF3 and VRF4. The IP BGP on the Cisco Catalyst 8000V side then redistributes the routes to the VGW in the public cloud.
 Note |
When the VTEP (VxLAN Tunnel Endpoint) IP and the RMAC (Route MAC addrress) are the same for two leafs, and the VNIC alone differs, theCisco Catalyst 8000V instance can forward the traffic across the tunnel. |
Using the same sample topology, here are the use cases for configuring VRF Route Sharing in a Cisco Catalyst 8000V instance:
When VRF1 and VRF2 can talk to VRF3, but VRF3 and VRF4 cannot talk to each other.
vrf definition VRF3
rd 300:1
address-family ipv4
route-target export RT-EVPN-3 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
vrf definition VRF4
rd 400:1
address-family ipv4When VRF1 and VRF2 can talk to VRF3&4, but VRF3 and VRF4 cannot talk to each other.
vrf definition VRF3
rd 300:1
address-family ipv4
route-target export RT-EVPN-3 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
vrf definition VRF4
rd 400:1
address-family ipv4
route-target export RT-EVPN-4 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitchingWhen VRF1 and VRF2 can talk to VRF3, but VRF3 and VRF4 can talk to each other.
vrf definition VRF3
rd 300:1
address-family ipv4
route-target export RT-EVPN-3 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
route-target export RT-3
route-target import RT-4
vrf definition VRF4
rd 400:1
address-family ipv4
route-target import RT-3
route-target export RT-4When VRF1 and VRF2 can talk to VRF3&4, but VRF3 and VRF4 can talk to each other.
vrf definition VRF3
rd 300:1
address-family ipv4
route-target export RT-EVPN-3 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
route-target export RT-3
route-target import RT-4
vrf definition VRF4
rd 400:1
address-family ipv4
route-target export RT-EVPN-4 stitching
route-target import RT-EVPN-1 stitching
route-target import RT-EVPN-2 stitching
route-target import RT-3
route-target export RT-4For this use case, the Cisco Catalyst 8000V instance must configure EVPN on both VRF3 and VRF4.
Although IP BGP imports all the routes from VRF3 and VRF4, BGP does not advertise the imported routes of the VRF to the EVPN peer.
Note |
Use the Stitching keyword in the configuration only when the sharing happens across the EVPN. |
Perform this configuration to set up VRF Route Sharing in a hybrid cloud.
|
Step 1 |
Run the vrf definition command to define the VRFs. |
|
Step 2 |
Create each VRF instance with a unique route distinguisher (RD). For each VRF, specify route-targets for both import and export using the route-target import and route-target export commands. Example:In this sample solution, VRF 1 and VRF 2 (on-premise) can talk to VRF 3 and VRF 4 (in the public cloud). However, VRF3 and VRF4 cannot talk to each other. |
|
Step 3 |
Assign interfaces to the VRFs. This configuration sets up each interface to use the correct VRF, configures the IP settings, and activates the interface. |
|
Step 4 |
Configure BGP on the router. Redistribute routes using this configuration. |
Run the commands in this task to check if the VRF Route Sharing feature is enabled.
|
Step 1 |
show ip bgp l2vpn evpn summary . Provides the BGP summary information for the VRF default address family (L2VPN EVPN). Example: |
|
Step 2 |
show ip route vrf vrf3 bgp | in binding . Displays IP routing tables for the VRF. If a binding label appears in the output, the configuration is successful and BGP uses the binding label as the next hop. Example: |
Feedback