IPv6 Across a VXLAN EVPN Fabric

Overview of IPv6 Across a VXLAN EVPN Fabric

This section provides an example configuration that enables IPv6 in the overlay of a VXLAN EVPN fabric.

The VXLAN encapsulation mechanism encapsulates the IPv6 packets in the overlay as IPv4 UDP packets and uses IPv4 routing to transport the VXLAN encapsulated traffic.

To enable IPv6 across a VXLAN EVPN fabric, the IPv6 address family is included in VRF, BGP, and EVPN. IPv6 routes are initiated in the tenant VRF IPv6 unicast address-family on a VTEP and are advertised in the VXLAN fabric through the L2VPN EVPN address family as EVPN route-type 2 or 5.


Note


These routes are advertised as EVPN routes on the SPINE.


Configuring IPv6 Across a VXLAN EVPN Fabric Example

Topology for the example:




Note


In the example:

  • Configuration for hosts in VLAN 10 is mapped to vn-segment 10010.

  • VRF RED is the VRF associated with this VLAN.

  • 20010 is the L3 VNI for VRF RED.

  • VLAN 100 is mapped to L3 VNI 20010.


  • Configure the Layer 2 VLAN.

    
    vlan 10
      name RED
      vn-segment 10010
    
  • Configure the VLAN for L3 VNI .

    
    vlan 100
     name RED_L3_VNI_VLAN
     vn-segment 20010 
    
  • Define the anycast gateway MAC.

    
    fabric forwarding anycast-gateway-mac 0000.2222.3333
    
  • Define the NVE interface.

    
    interface nve1
      no shutdown
      source-interface loopback1
      host-reachability protocol bgp             
      member vni 10000 associate-vrf
      mcast-group 224.1.1.1
      member vni 10001 associate-vrf
      mcast-group 224.1.1.1
      member vni20000
      suppress-arp
      mcast-group 225.1.1.1
      member vni 20001
      suppress-arp
      mcast-group 225.1.1.1 
     
    
    
    evpn
      vni 10010 l2
        
    rd auto
        route-target import auto
        route-target export auto
    
  • Add configuration the to SVI definition on VLAN 10 and on L3 VNI VLAN 100.

    
    interface Vlan10
      description RED
      no shutdown
      vrf member RED
      no ip redirects
      ip address 10.1.1.1/24
      ipv6 address 2001::1/64
      fabric forwarding mode anycast-gateway
    

    Note


    IPv6 ND suppression is not supported on Cisco Nexus 9000 Series switches.


  • Configure SVI definition for VLAN 100.

    
    interface Vlan100
     description RED_L3_VNI_VLAN
     no shutdown
     vrf member RED
     ip forward
     ipv6 address use-link-local-only
    

    Note


    The IPv6 address use-link-local-only serves the same purpose as IP FORWARD for IPv4. It enables the switch to perform an IP based lookup even when the interface VLAN has no IP address defined under it.


  • Add configuration to the VRF definition.

    
    vrf context RED
      vni 20010
        
      rd auto
      address-family ipv4 unicast
        route-target both auto
        route-target both auto evpn
      address-family ipv6 unicast
        route-target both auto
        route-target both auto evpn
    
    
    evpn
      vni 10010 l2
    
    
    rd auto
        route-target import auto
        route-target export auto 
    
    
  • Add configuration to the VRF definition under BGP.

    
    router bgp 65000
      vrf RED
        address-family ipv4 unicast
          advertise l2vpn evpn
       address-family ipv6 unicast
          advertise l2vpn evpn
    

Note


If VTEPs are configured to operate as VPC peers, the following configuration is a best practice that should be included under the VPC domain on both switches.


vpc domain 1
   ipv6 nd synchronize

Show Command Examples

The following are examples of verifying IPv6 advertisement over VXLAN EVPN:

  • Display ND information for the connected server.

    
    9396-B_VTEP# show ipv6 neighbor vrf RED
    
    Flags: # - Adjacencies Throttled for Glean
           G - Adjacencies of vPC peer with G/W bit
           R - Adjacencies learnt remotely
    
    IPv6 Adjacency Table for VRF RED
    Total number of entries: 2
    Address         Age       MAC Address     Pref Source     Interface
    2001::64        00:00:26  7c69.f614.2bc1  50   icmpv6     Vlan10
    fe80::7e69:f6ff:fe14:2bc1
                    00:01:13  7c69.f614.2bc1  50   icmpv6     Vlan10
    
    
  • Check the L2ROUTE and ensure the MAC-IP was learned.

    
    9396-B_VTEP# show l2route evpn mac-ip evi 10 host-ip 2001::64
    Mac Address    Prod Host IP                                 Next Hop (s)
    -------------- ---- --------------------------------------- ---------------
    7c69.f614.2bc1 HMM  2001::64                                N/A
    

    Note


    MAC-IP table is populated only when the end server sends a neighbor solicitation message (ARP in case of IPv4).


  • Verify the route is present locally in the BGP table.

    
    9396-B_VTEP# show bgp l2vpn evpn 2001::64
    BGP routing table information for VRF default, address family L2VPN EVPN
    Route Distinguisher: 198.19.0.15:34180    (L2VNI 10010)
    BGP routing table entry for [2]:[0]:[0]:[48]:[7c69.f614.2bc1]:[128]:[2001::64]/368, version 678
    Paths: (1 available, best #1)
    Flags: (0x00010a) on xmit-list, is not in l2rib/evpn
    
      Advertised path-id 1
      Path type: local, path is valid, is best path, no labeled nexthop
      AS-Path: NONE, path locally originated
        198.19.0.15 (metric 0) from 0.0.0.0 (198.19.0.15)
          Origin IGP, MED not set, localpref 100, weight 32768
          Received label 10010 20010
          Extcommunity:  RT:64567:10010 RT:64567:20010
    
        Path-id 1 advertised to peers:
        198.19.0.3
        198.19.0.4
    
  • Verify the route is present in the remote VTEP 9396-A-VTEP BGP table.

    
    9396-A-VTEP# show bgp l2vpn evpn 2001::64
    BGP routing table information for VRF default, address family L2VPN EVPN
    Route Distinguisher: 198.19.0.14:34180    (L2VNI 10010)
    BGP routing table entry for [2]:[0]:[0]:[48]:[7c69.f614.2bc1]:[128]:[2001::64]/368, version 305
    Paths: (1 available, best #1)
    Flags: (0x00021a) on xmit-list, is in l2rib/evpn, is not in HW,
    
      Advertised path-id 1
      Path type: internal, path is valid, is best path, no labeled nexthop
                 Imported from 198.19.0.15:34180:[2]:[0]:[0]:[48]:[7c69.f614.2bc1]:[128]:[2001::64]/240
      AS-Path: NONE, path sourced internal to AS
        198.19.0.15 (metric 81) from 198.19.0.3 (198.19.0.3)
          Origin IGP, MED not set, localpref 100, weight 0
          Received label 10010 20010
          Extcommunity:  RT:64567:10010 RT:64567:20010 ENCAP:8 Router MAC:5087.89a1.a52f
          Originator: 198.19.0.15 Cluster list: 198.19.0.3
    
  • Check the L2ROUTE and ensure that the MAC-IP was learned on the remote VTEP - 9396-A-VTEP.

    
    rswV1leaf14# show l2route evpn mac-ip evi 1413 host-ip 2001::64
    Mac Address    Prod Host IP                                 Next Hop (s)
    -------------- ---- --------------------------------------- --------------
    7c69.f614.2bc1 BGP  2001::64                                198.19.0.15