Multihoming in a BGP EVPN VXLAN Fabric Configuration Guide, Cisco IOS XE 26.x.x and Later

PDF

Reference configuration for DAG bridged overlay networks

Updated: April 10, 2026

Want to summarize with AI?

Log in

Overview

Provides a reference network design to support scalable EVPN multihoming and fabric core networks.

This section provides a reference network design and configuration to implement a DAG bridged overlay fabric network.

This following figure illustrates a reference network design to support scalable EVPN multihoming and fabric core with hierarchical BGP peering, control-plane peering, and selective stretching of an IP subnet between a pair of Cisco Catalyst 9000 series switches deployed in the distribution block with overlay fabric network.

Figure 1. EVPN multihoming: DAG-bridged overlay fabric network


This reference configuration shows a three-step process, from the initial network setup to the successful fabric deployment. Network administrators can follow these steps sequentially for initial deployment and to increment the overlay network configuration as the network demands increase.

Layer 2 EVPN multihoming

The base configuration to build a fabric begins with Layer 2 campus networks using EVPN multihoming technology. This section provides the step-by-step configuration on a pair of Cisco Catalyst 9000 series switches to successfully build a non-blocking all-active Layer 2 network with EVPN multihoming.

Step

ES-1 and ES-2

ES-3 and ES-4

1: Inter-ES Layer 3 EtherChannel

 
ES-1 
! 
interface Port-Channel 128 
 description CONNECTED TO ES PEER 
 no switchport 
 ip address 10.0.0.0 255.255.255.254 
 ip ospf network point-to-point 
 ip ospf multi-area 0 
 ip ospf 100 area 101 
 ip ospf 100 cost 10 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
 evpn multihoming core-tracking 
! 

ES-2 
! 
interface Port-Channel 128 
 description CONNECTED TO EVPN MH SW-2 
 no switchport 
 ip address 10.0.0.1 255.255.255.254 
 ip ospf network point-to-point 
 ip ospf multi-area 0 
 ip ospf 100 area 101 
 ip ospf 100 cost 10 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
 evpn multihoming core-tracking 
! 
ES-3 
! 
interface Port-Channel 128 
 description CONNECTED TO ES PEER 
 no switchport 
 ip address 10.0.0.2 255.255.255.254 
 ip ospf network point-to-point 
 ip ospf multi-area 0 
 ip ospf 100 area 102 
 ip ospf 100 cost 10 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
 evpn multihoming core-tracking 
! 

ES-4 
! 
interface Port-Channel 128 
 description CONNECTED TO EVPN MH SW-1 
 no switchport 
 ip address 10.0.0.3 255.255.255.254 
 ip ospf network point-to-point 
 ip ospf multi-area 0 
 ip ospf 100 area 102 
 ip ospf 100 cost 10 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
 evpn multihoming core-tracking 
!

2: IGP routing and core interface

 
ES-1 
! 
router ospf 100 
 router-id 10.200.255.101 
 max-metric router-lsa 
  include-stub summary-lsa 
    external-lsa on-startup wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
  prefix-priority low 
 area 101 stub no-summary 
 passive-interface default 
 no passive-interface Port-Channel 128 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
! 
interface Loopback 0 
 ip address 10.100.255.101 
  255.255.255.255 
 ip ospf 100 area 0 
! 
ES-2 
! 
router ospf 100 
 router-id 10.200.255.102 
 max-metric router-lsa include-stub 
   summary-lsa 
   external-lsa on-startup wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
   prefix-priority low 
 area 101 stub no-summary 
 passive-interface default 
 no passive-interface Port-Channel 128 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
! 
interface Loopback 0 
 ip address 10.100.255.102 255.255.255.255 
 ip ospf 100 area 0 
! 


ES-3 
! 
router ospf 100 
 router-id 10.200.255.103 
 max-metric router-lsa include-stub 
   summary-lsa
   external-lsa on-startup wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
   prefix-priority low 
 area 102 stub no-summary 
 passive-interface default 
 no passive-interface Port-Channel 128 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
! 
interface Loopback 0 
 ip address 10.100.255.103 255.255.255.255 
 ip ospf 100 area 0 
! 
ES-4 
! 
router ospf 100 
 router-id 10.200.255.104 
 max-metric router-lsa include-stub 
  summary-lsa
   external-lsa on-startup wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
   prefix-priority low 
 area 102 stub no-summary 
 passive-interface default 
 no passive-interface Port-Channel 128 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
! 
interface Loopback 0 
 ip address 10.100.255.104 255.255.255.255 
 ip ospf 100 area 0 
!

3: iBGP routing

 
ES-1 
! 
router bgp 65101 
 template peer-policy ES-PEER-POLICY 
  send-community both 
 ! 
 template peer-session ES-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-MH-DIST-2-PEER 
  update-source Loopback0 
  fall-over host-route 
 ! 
 bgp router-id interface Loopback0 
 bgp log-neighbor-changes 
 bgp graceful-restart 
 no bgp default ipv4-unicast 
    ES-PEER-SESSION-POLICY 
 ! 
 address-family l2vpn evpn 
  bgp nexthop trigger critical-delay 0 
  neighbor 10.100.255.102 activate 
  neighbor 10.100.255.102 send-community both 
  neighbor 10.100.255.102 inherit peer-policy
    ES-PEER-POLICY 
 ! 
ES-2 
! 
router bgp 65101 
 template peer-policy ES-PEER-POLICY 
  send-community both 
 ! 
 template peer-session ES-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-MH-DIST-2-PEER 
  update-source Loopback0  
  fall-over host-route 
 ! 
 bgp router-id interface Loopback0 
 bgp log-neighbor-changes 
 bgp graceful-restart 
 no bgp default ipv4-unicast 
 neighbor 10.100.255.101 inherit peer-session
    ES-PEER-SESSION-POLICY 
 ! 
 address-family l2vpn evpn 
  bgp nexthop trigger critical-delay 0 
  neighbor 10.100.255.101 activate 
  neighbor 10.100.255.101 send-community both 
  neighbor 10.100.255.101 inherit peer-policy
    ES-PEER-POLICY 
 ! 


ES-3 
! 
router bgp 65101 
 template peer-policy ES-PEER-POLICY 
  send-community both 
 ! 
 template peer-session ES-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-MH-DIST-1-PEER 
  update-source Loopback0  
  fall-over host-route 
 ! 
 bgp router-id interface Loopback0 
 bgp log-neighbor-changes 
 bgp graceful-restart 
 no bgp default ipv4-unicast 
 neighbor 10.100.255.104 inherit peer-session
    ES-PEER-SESSION-POLICY 
 ! 
 address-family l2vpn evpn 
  bgp nexthop trigger critical-delay 0 
  neighbor 10.100.255.104 activate 
  neighbor 10.100.255.104 send-community both 
  neighbor 10.100.255.104 inherit peer-policy
    ES-PEER-POLICY 
 ! 
ES-4 
! 
router bgp 65101 
 template peer-policy ES-PEER-POLICY 
  send-community both 
 ! 
 template peer-session ES-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-MH-DIST-1-PEER 
  update-source Loopback0 
  fall-over host-route 
 ! 
 bgp router-id interface Loopback0 
 bgp log-neighbor-changes 
 bgp graceful-restart 
 no bgp default ipv4-unicast 
 neighbor 10.100.255.103 inherit peer-session
    ES-PEER-SESSION-POLICY 
 ! 
 address-family l2vpn evpn 
  bgp nexthop trigger critical-delay 0 
  neighbor 10.100.255.103 activate 
  neighbor 10.100.255.103 send-community both 
  neighbor 10.100.255.103 inherit peer-policy
    ES-PEER-POLICY 
 !

4: Global L2VPN

 
! 
l2vpn evpn 
advertise mac disable 
anycast-gateway mac auto 
multicast advertise sync-only 
multihoming aliasing disable 
multihoming peering adjacent 
replication-type ingress 
router-id Loopback 0 
! 


! 
l2vpn evpn 
advertise mac disable 
anycast-gateway mac auto 
multicast advertise sync-only 
multihoming aliasing disable 
multihoming peering adjacent 
replication-type ingress 
router-id Loopback 0 
!

5: Routed VLAN and MAC VRF

 
! 
vlan 11 
 name ROUTED_DATA_VLAN 
! 
l2vpn evpn instance 11 vlan-based 
 encapsulation vxlan 
! 
vlan configuration 11 
 member evpn-instance 11 vni 11011 
! 
 interface nve 1 
 source-interface Loopback 0 
 host-reachability protocol bgp 
 member vni 11011 ingress-replication 
! 


! 
vlan 11 
 name ROUTED_DATA_VLAN 
! 
l2vpn evpn instance 11 vlan-based 
 encapsulation vxlan 
! 
vlan configuration 11 
 member evpn-instance 11 vni 11011 
! 
 interface nve 1 
 source-interface Loopback 0 
 host-reachability protocol bgp 
 member vni 11011 ingress-replication 
!

6: DAG-bridged VLAN and MAC VRF

 
! 
vlan 211 
 name DAG_BRIDGED_DATA_VLAN 
! 
l2vpn evpn instance 211 vlan-based 
 encapsulation vxlan 
 route-target 1.1.1.1:211 
 route-target import 1.1.1.2:211 
 no auto-route-target 
 replication-type static 
 advertise mac enable 
! 
vlan configuration 12 
 member evpn-instance 12 vni 11211 
! 
 interface nve 1 
 member vni 11211 mcast-group 239.1.1.1 
!  


! 
vlan 211 
 name DAG_BRIDGED_DATA_VLAN 
! 
l2vpn evpn instance 211 vlan-based 
 encapsulation vxlan 
 route-target 1.1.1.2:211 
 route-target import 1.1.1.1:211 
 no auto-route-target 
 replication-type static 
 advertise mac enable 
! 
vlan configuration 12 
 member evpn-instance 12 vni 11211 
! 
 interface nve 1 
 member vni 11211 mcast-group 239.1.1.1 
!

7: ES EtherChannel

 
! 
interface Port-Channel 1 
 description CONNECTED TO L2 ACCESS  
 switchport trunk allowed vlan 11,211 
 evpn ethernet-segment auto lacp 
   df-election wait-time 1 
! 


! 
interface Port-Channel 1 
 description CONNECTED TO L2 ACCESS  
 switchport trunk allowed vlan 11,211 
 evpn ethernet-segment auto lacp 
   df-election wait-time 1 
!

Underlay: fabric core and BGP peering

Enterprise campus core networks with solid underlay network foundation is the key for highly scalable, resilient BGP EVPN VXLAN fabric networks. This section is the second step to build a reliable underlay core network for fabric and hierarchical BGP peering on targeted network devices with specific roles.

Note

The table is subdivided into two fabric roles with each step either sharing common configuration or a unique per-device with a common role.

Step

ES-1, ES-2, ES-3 and ES-4

Spine-1 and Spine-2

Border-1 and Border-2

1: Global best practices

 
!  
system mtu 9100  
!  
port-channel load-balance 
  vlan-src-dst-mixed-ip-port  
ip cef load-sharing algorithm
   include-ports  
 source destination protocol  
!  
ip tcp mss 8000  
ip tcp window-size 262144  
ip tcp path-mtu-discovery  
!  


!  
system mtu 9100  
!  
port-channel load-balance 
  vlan-src-dst-mixed-ip-port  
ip cef load-sharing algorithm
   include-ports  
 source destination protocol  
!  
ip tcp mss 8000  
ip tcp window-size 262144  
ip tcp path-mtu-discovery  
! 


!  
system mtu 9100  
!  
port-channel load-balance
  vlan-src-dst-mixed-ip-port  
ip cef load-sharing algorithm
  include-ports  
 source destination protocol  
!  
ip tcp mss 8000  
ip tcp window-size 262144  
ip tcp path-mtu-discovery  
!

2: Underlay interface configuration and best practices

 
! 
interface range 
  HundredGig1/0/49-50 
 description CONNECTED TO SPINE  
 ip ospf 100 area 0 
 ip ospf network point-to-point 
 ip pim sparse-mode 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
 evpn multihoming core-tracking 
! 
 


! 
interface range 
  HundredGig1/0/1-4 
 description CONNECTED
  TO CAMPUS CORE NETWORK 
 ip ospf 100 area 0 
 ip ospf network point-to-point 
 ip pim sparse-mode 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
! 


! 
interface range 
  HundredGig1/0/49-50 
 description CONNECTED 
   TO SPINE  
 ip ospf 100 area 0 
 ip ospf network 
   point-to-point 
 ip pim sparse-mode 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
!

3: OSPF routing configuration and best practices

 
ES-1 and ES-2 
! 
router ospf 100 
 max-metric router-lsa 
   include-stub summary-lsa 
    external-lsa on-startup wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable
    prefix-priority low 
 area 101 stub no-summary 
 passive-interface default 
 no passive-interface 
   Port-Channel 128 
 no passive-interface 
   HundredGig1/0/49 
 no passive-interface 
   HundredGig1/0/50 

!
ES-3 and ES-4 
! 
router ospf 100 
 max-metric router-lsa include-stub
   summary-lsa external-lsa 
   on-startup wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable
   prefix-priority low 
 area 102 stub no-summary 
 passive-interface default 
 no passive-interface 
  Port-Channel 128 
 no passive-interface 
  HundredGig1/0/49 
 no passive-interface 
  HundredGig1/0/50 
!  


SPINE-1 
! 
router ospf 100 
 router-id 10.200.255.3 
 max-metric router-lsa include-stub
   summary-lsa external-lsa on-startup
   wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
  prefix-priority low 
passive-interface default 
 no passive-interface HundredGig1/0/1 
 no passive-interface HundredGig1/0/2 
no passive-interface HundredGig1/0/3 
 no passive-interface HundredGig1/0/4 
! 

SPINE-2 
! 
router ospf 100 
 router-id 10.200.255.4 
 max-metric router-lsa include-stub 
   summary-lsa external-lsa on-startup
   wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
   prefix-priority low 
 passive-interface default 
 no passive-interface HundredGig1/0/1 
 no passive-interface HundredGig1/0/2 
no passive-interface HundredGig1/0/3 
 no passive-interface HundredGig1/0/4 
!  


BORDER-1 
! 
router ospf 100 
 router-id 10.200.255.1 
 max-metric router-lsa include-stub
   summary-lsa external-lsa on-startup 
   wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
   prefix-priority low 
passive-interface default 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
! 

BORDER-2 
! 
router ospf 100 
 router-id 10.200.255.2 
 max-metric router-lsa include-stub 
  summary-lsa external-lsa on-startup 
  wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
   prefix-priority low 
 passive-interface default 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
!

4: BGP routing configuration and best practices

 
! 
router bgp 65101 
! 
bgp router-id interface 
  Loopback0 
bgp log-neighbor-changes 
bgp graceful-restart 
no bgp default ipv4-unicast 
!  


! 
router bgp 65101 
! 
bgp router-id interface 
  Loopback0 
bgp log-neighbor-changes 
bgp graceful-restart 
no bgp default ipv4-unicast 
! 


! 
router bgp 65101 
! 
bgp router-id interface 
  Loopback0 
bgp log-neighbor-changes 
bgp graceful-restart 
no bgp default ipv4-unicast 
!

5: Peer-session and peer-policy templates and parameters for leaf switches 

! 
template peer-session
  EVPN-SPINE-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-SPINE-PEER 
  log-neighbor-changes 
  update-source Loopback0 
  fall-over host-route 
 ! 
template peer-policy 
 EVPN-SPINE-PEER-POLICY 
  send-community both 
!  


! 
template peer-session 
 EVPN-LEAF-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-LEAF-PEER 
  log-neighbor-changes 
  update-source Loopback0 
  fall-over host-route 
! 
template peer-policy 
 EVPN-LEAF-PEER-POLICY 
  route-reflector-client 
  send-community both 
 !

6: Peer-session and policy templates and parameters for border switches 

! 
template peer-session 
 EVPN-BORDER-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-BORDER-PEER 
  log-neighbor-changes 
  update-source Loopback0 
  fall-over host-route 
 ! 
template peer-policy 
 EVPN-BORDER-PEER-POLICY 
  route-reflector-client 
  send-community both 
 ! 


! 
template peer-session 
 EVPN-SPINE-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-SPINE-PEER 
  log-neighbor-changes 
  update-source Loopback0 
  fall-over host-route 
 ! 
template peer-policy 
 EVPN-SPINE-PEER-POLICY 
  send-community both 
!

7: Disable intra-cluster EVPN multihome leaf reflection 

! 
no bgp client-to-client reflection 
 intra-cluster cluster-id any 
! 
!

8: Border-spine iBGP peering 

! 
neighbor 10.200.255.1 inherit
 peer-session 
 EVPN-BORDER-PEER-SESSION-POLICY 
! 
 neighbor 10.200.255.2 
  inherit peer-session 
  EVPN-BORDER-PEER-SESSION-POLICY 
 ! 


! 
neighbor 10.200.255.3 
 inherit peer-session 
 EVPN-SPINE-PEER-SESSION-POLICY 
! 
 neighbor 10.200.255.4 
  inherit peer-session 
  EVPN-SPINE-PEER-SESSION-POLICY 
!

9: Leaf iBGP peering

 
! 
neighbor 10.200.255.3 
  inherit peer-session 
  EVPN-SPINE-PEER-SESSION-POLICY 
! 
 neighbor 10.200.255.4 
  inherit peer-session 
  EVPN-SPINE-PEER-SESSION-POLICY 
! 


! 
neighbor 10.200.255.101 
  inherit peer-session 
  EVPN-LEAF-PEER-SESSION-POLICY 
 neighbor 10.200.255.101 
  cluster-id 1.1.1.1 
! 
 neighbor 10.200.255.102 
  inherit peer-session 
  EVPN-LEAF-PEER-SESSION-POLICY 
 neighbor 10.200.255.102 
  cluster-id 1.1.1.1 
 ! 
neighbor 10.200.255.103 
  inherit peer-session 
  EVPN-LEAF-PEER-SESSION-POLICY 
 neighbor 10.200.255.101 
  cluster-id 1.1.1.2 
! 
 neighbor 10.200.255.104 
  inherit peer-session 
  EVPN-LEAF-PEER-SESSION-POLICY 
 neighbor 10.200.255.102 
  cluster-id 1.1.1.2 
 !

10: Activate leaf and border iBGP peering under L2VPN EVPN address family 

! 
address-family l2vpn evpn 
  bgp nexthop trigger 
   critical-delay 0 
  neighbor 10.200.255.3 
   activate 
  neighbor 10.200.255.3 
   send-community both 
  neighbor 10.200.255.3 
   inherit peer-policy 
   EVPN-SPINE-PEER-POLICY 
  neighbor 10.200.255.4 
   activate 
  neighbor 10.200.255.4 
   send-community both 
  neighbor 10.200.255.4 
   inherit peer-policy 
   EVPN-SPINE-PEER-POLICY 
!  


! 
address-family l2vpn evpn 
  bgp nexthop trigger 
   critical-delay 0 
  neighbor 10.200.255.1 
   activate 
  neighbor 10.200.255.1 
   send-community both 
  neighbor 10.200.255.1 
   inherit peer-policy 
   EVPN-BORDER-PEER-POLICY 
  neighbor 10.200.255.2 
   activate 
  neighbor 10.200.255.2 
   send-community both 
  neighbor 10.200.255.2 
   inherit peer-policy 
   EVPN-BORDER-PEER-POLICY 
! 

  neighbor 10.200.255.101 
   activate 
  neighbor 10.200.255.101 
   send-community both 
  neighbor 10.200.255.101 
   inherit peer-policy 
   EVPN-LEAF-PEER-POLICY 
  neighbor 10.200.255.102 
   activate 
  neighbor 10.200.255.102 
   send-community both 
  neighbor 10.200.255.102 
   inherit peer-policy 
   EVPN-LEAF-PEER-POLICY 
! 
  neighbor 10.200.255.103 
   activate 
  neighbor 10.200.255.103 
   send-community both 
  neighbor 10.200.255.103 
   inherit peer-policy 
   EVPN-LEAF-PEER-POLICY 
  neighbor 10.200.255.104 
   activate 
  neighbor 10.200.255.104 
   send-community both 
  neighbor 10.200.255.104 
   inherit peer-policy 
   EVPN-LEAF-PEER-POLICY 
!  


! 
address-family l2vpn evpn 
  bgp nexthop trigger 
   critical-delay 0 
  neighbor 10.200.255.3 
   activate 
  neighbor 10.200.255.3 
   send-community both 
  neighbor 10.200.255.3 
   inherit peer-policy 
   EVPN-SPINE-PEER-POLICY 
  neighbor 10.200.255.4 
   activate 
  neighbor 10.200.255.4 
   send-community both 
  neighbor 10.200.255.4 
   inherit peer-policy 
   EVPN-SPINE-PEER-POLICY 
!

Overlay: DAG bridged networks

The overlay network configuration is the final step to enable a fabric in the enterprise campus. This section provides step-by-step configuration procedures to be implemented on VTEPs involved in DAG bridged overlay network that exchanges IP prefixes between external and internal network domains.

Note

The table is divided between two fabric roles with each step either sharing a common configuration or a unique per-device configuration with a common role.

Step

ES-1, ES-2, ES-3 and ES-4

Border-1 and Border-2

1: IP VRF configuration

 
ES-1 
! 
vrf definition green 
 rd 10.200.255.101:101 
 address-family ipv4 unicast 
 route-target 65101:101 
 route-target 65101:101 stitching 
! 
ES-2 
! 
vrf definition green 
 rd 10.200.255.102:101 
 address-family ipv4 unicast 
 route-target 65101:101 
 route-target 65101:101 stitching 
! 
ES-3 
! 
vrf definition green 
 rd 10.200.255.103:101 
 address-family ipv4 unicast 
 route-target 65101:101 
 route-target 65101:101 stitching 
! 
ES-4 
! 
vrf definition green 
 rd 10.200.255.104:101 
 address-family ipv4 unicast 
 route-target 65101:101 
 route-target 65101:101 stitching 
!  


BORDER-1 
! 
vrf definition green 
 rd 10.200.255.1:101 
 address-family ipv4 unicast 
 route-target 65101:101 
 route-target 65101:101 stitching 
! 
BORDER-2 
! 
vrf definition green 
 rd 10.200.255.2:101 
 address-family ipv4 unicast 
 route-target 65101:101 
 route-target 65101:101 stitching 
!

2: IP VRF core VLAN configuration

 
! 
vlan 101 
  name VRF_GREEN_CORE_VLAN 
! 
vlan configuration 101 
 member vni 10011 
! 
interface vlan 101 
 description CORE VLAN – 
  VRF GREEN 
 vrf forwarding green 
 ip unnumbered Loopback0 
 no autostate 
 !  


! 
vlan 101 
  name VRF_GREEN_CORE_VLAN 
! 
vlan configuration 101 
 member vni 10011 
! 
interface vlan 101 
 description CORE VLAN – VRF 
  GREEN 
 vrf forwarding green 
 ip unnumbered Loopback0 
 no autostate 
 
 !

3: IP VRF L3VNI to NVE interface binding

 
! 
interface nve 1 
 member vni 10011 vrf green 
! 


! 
interface nve 1 
 member vni 10011 vrf green 
!

4: Network edge to access or external domain. 

ES-1 and ES-2 
! 
interface Vlan 11 
 description ROUTED DATA VLAN – 
  VRF GREEN 
 vrf forwarding green 
 ip address 10.11.1.254 255.255.255.0 
! 
interface Vlan 211 
 description DAG BRIDGED DATA VLAN – 
  VRF GREEN 
 vrf forwarding green 
 ip address 10.211.1.254 255.255.255.0 
! 
ES-3 and ES-4 
! 
interface Vlan 21 
 description ROUTED DATA VLAN – 
  VRF GREEN 
 vrf forwarding green 
 ip address 10.21.1.254 255.255.255.0 
! 
interface Vlan 211 
 description DAG BRIDGED DATA VLAN – 
  VRF GREEN 
 vrf forwarding green 
 ip address 10.211.1.254 255.255.255.0 
!  


BORDER-1 
! 
interface Vlan 2001 
 description FIREWALL HANDOFF – 
  VRF GREEN 
 vrf forwarding green 
 ip address 21.1.1.0 255.255.255.254 
! 
BORDER-2 
! 
interface Vlan 2002 
 description FIREWALL HANDOFF – 
  VRF GREEN 
 vrf forwarding green 
 ip address 21.1.1.2 255.255.255.254 
!

5: IP extended community matching DAG-bridge MAC VRF route target

 
ES-1 and ES-2 
! 
ip extcommunity-list expanded 
  DAG-BRIDGED-OVERLAY-EXTCOMM 
  permit 1.1.1.1:211 
! 
ES-3 and ES-4 
! 
ip extcommunity-list expanded 
  DAG-BRIDGED-OVERLAY-EXTCOMM 
  permit 1.1.1.2:211 
!

6: Route map policy

 
! 
route-map SPINE-ROUTE-POLICY-OUT 
  permit 10 
 description ROUTED OVERLAY 
  NETWORK POLICY 
 match evpn route-type 5 
! 
route-map SPINE-ROUTE-POLICY-OUT 
  permit 30 
 description DAG BRIDGED OVERLAY 
  NETWORK POLICY 
 match extcommunity 
  DAG-BRIDGED-OVERLAY-EXTCOMM 
 match evpn route-type 1 
 match evpn route-type 2 
!

7: Apply spine policy to BGP template

 
! 
router bgp 65101 
! 
template peer-policy 
  EVPN-SPINE-PEER-POLICY 
 route-map 
  SPINE-ROUTE-POLICY-OUT out 
! 


BORDER-1 
! 
router bgp 65101 
! 
address-family ipv4 vrf green 
 advertise l2vpn evpn 
 neighbor 21.1.1.1 remote-as 65001 
 neighbor 21.1.1.1 activate 
 maximum-paths ibgp 2 
! 
BORDER-2 
! 
router bgp 65101 
! 
address-family ipv4 vrf green 
 advertise l2vpn evpn 
 neighbor 21.1.1.3 remote-as 65001 
 neighbor 21.1.1.3 activate 
 maximum-paths ibgp 2 
!

8: IP VRF routing

 
! 
router bgp 65101 
! 
address-family ipv4 vrf green 
 advertise l2vpn evpn 
 redistribute connected 
 maximum-paths ibgp 2 
! 
BORDER-1 
! 
router bgp 65101 
! 
address-family ipv4 vrf green 
 advertise l2vpn evpn 
 neighbor 21.1.1.1 remote-as 65001 
 neighbor 21.1.1.1 activate 
 maximum-paths ibgp 2 
! 
BORDER-2 
! 
router bgp 65101 
! 
address-family ipv4 vrf green 
 advertise l2vpn evpn 
 neighbor 21.1.1.3 remote-as 65001 
 neighbor 21.1.1.3 activate 
 maximum-paths ibgp 2 
!