Multihoming in a BGP EVPN VXLAN Fabric Configuration Guide, Cisco IOS XE 26.x.x and Later

PDF

Reference configuration for DAG routed overlay networks

Updated: April 10, 2026

Want to summarize with AI?

Log in

Overview

Provides a reference network design to support scalable EVPN multihoming and fabric core network.

This section provides a reference network design and configuration to implement end-to-end Layer 2 flood-free DAG routed overlay fabric network.

This following figure illustrates a reference network design to support scalable EVPN multihoming and fabric core with hierarchical BGP peering, control-plane peering, and selective stretching of an IP subnet between a pair of Cisco Catalyst 9000 series switches deployed in the distribution block with overlay fabric network.

Figure 1. EVPN multihoming: DAG routed overlay fabric network

DAG routed overlay fabric network

This reference configuration shows a three-step process, from the initial network setup to the successful fabric deployment. Network administrators can follow these steps sequentially for initial deployment and to increment the overlay network configuration as the network demands increase.

Layer 2 EVPN multihoming

The base configuration to build a fabric begins with Layer 2 campus networks using EVPN multihoming technology. This section provides the step-by-step configuration on a pair of Cisco Catalyst 9000 series switches to successfully build a non-blocking all-active Layer 2 network with EVPN multihoming.

Step

ES-1 and ES-2

ES-3 and ES-4

1: Inter-ES Layer 3 EtherChannel

 
ES-1 
! 
interface Port-Channel 128 
 description CONNECTED TO EVPN MH SW-2 
 no switchport 
 ip address 10.0.0.0 255.255.255.254 
 ip ospf network point-to-point 
 ip ospf multi-area 0 
 ip ospf 100 area 101 
 ip ospf cost 10 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
 evpn multihoming core-tracking 
! 
ES-2 
! 
interface Port-Channel 128 
 description CONNECTED TO EVPN MH SW-2 
 no switchport 
 ip address 10.0.0.1 255.255.255.254 
 ip ospf network point-to-point 
 ip ospf multi-area 0 
 ip ospf 100 area 101 
 ip ospf cost 10 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
 evpn multihoming core-tracking 
! 


ES-3 
! 
interface Port-Channel 128 
 description CONNECTED TO EVPN MH SW-1 
 no switchport 
 ip address 10.0.0.2 255.255.255.254 
 ip ospf network point-to-point 
 ip ospf multi-area 0 
 ip ospf 100 area 102 
 ip ospf cost 10 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
 evpn multihoming core-tracking 
! 
ES-4 
! 
interface Port-Channel 128 
 description CONNECTED TO EVPN MH SW-1 
 no switchport 
 ip address 10.0.0.3 255.255.255.254 
 ip ospf network point-to-point 
 ip ospf multi-area 0 
 ip ospf 100 area 102 
 ip ospf cost 10 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
 evpn multihoming core-tracking 
!

2: IGP routing and core interface

 
ES-1 
! 
router ospf 100 
 router-id 10.200.255.101 
 max-metric router-lsa include-stub summary-lsa 
    external-lsa on-startup wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable prefix-priority 
    low 
 area 101 stub no-summary 
 passive-interface default 
 no passive-interface Port-Channel 128 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
! 
interface Loopback 0 
 ip address 10.100.255.101 255.255.255.255 
 ip ospf 100 area 0 
! 
ES-2 
! 
router ospf 100 
 router-id 10.200.255.102 
 max-metric router-lsa include-stub summary-lsa 
    external-lsa on-startup wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable prefix-priority 
   low 
 area 101 stub no-summary 
 passive-interface default 
 no passive-interface Port-Channel 128 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
! 
interface Loopback 0 
 ip address 10.100.255.102 255.255.255.255 
 ip ospf 100 area 0 
! 


ES-3 
! 
router ospf 100 
 router-id 10.200.255.103 
 max-metric router-lsa include-stub summary-lsa
    external-lsa on-startup wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable prefix-priority 
   low 
 area 102 stub no-summary 
 passive-interface default 
 no passive-interface Port-Channel 128 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
! 
interface Loopback 0 
 ip address 10.100.255.103 255.255.255.255 
 ip ospf 100 area 0 
! 
ES-4 
! 
router ospf 100 
 router-id 10.200.255.104 
 max-metric router-lsa include-stub summary-lsa
   external-lsa on-startup wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable prefix-priority 
   low 
 area 102 stub no-summary 
 passive-interface default 
 no passive-interface Port-Channel 128 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
! 
interface Loopback 0 
 ip address 10.100.255.104 255.255.255.255 
 ip ospf 100 area 0 
!

3: iBGP routing

 
ES-1 
! 
router bgp 65101 
 template peer-policy ES-PEER-POLICY 
  send-community both 
 ! 
 template peer-session ES-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-MH-DIST-2-PEER 
  update-source Loopback0 
  fall-over host-route 
 ! 
 bgp router-id interface Loopback0 
 bgp log-neighbor-changes 
 bgp graceful-restart 
 no bgp default ipv4-unicast 
 neighbor 10.100.255.102 inherit peer-session
    ES-PEER-SESSION-POLICY 
 ! 
 address-family l2vpn evpn 
  bgp nexthop trigger critical-delay 0 
  neighbor 10.100.255.102 activate 
  neighbor 10.100.255.102 send-community both 
  neighbor 10.100.255.102 inherit peer-policy
    ES-PEER-POLICY 
 ! 
ES-2 
! 
router bgp 65101 
 template peer-policy ES-PEER-POLICY 
  send-community both 
 ! 
 template peer-session ES-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-MH-DIST-2-PEER 
  update-source Loopback0 
  fall-over host-route 
 ! 
 bgp router-id interface Loopback0 
 bgp log-neighbor-changes 
 bgp graceful-restart 
 no bgp default ipv4-unicast 
 neighbor 10.100.255.101 inherit peer-session
    ES-PEER-SESSION-POLICY 
 ! 
 address-family l2vpn evpn 
  bgp nexthop trigger critical-delay 0 
  neighbor 10.100.255.101 activate 
  neighbor 10.100.255.101 send-community both 
  neighbor 10.100.255.101 inherit peer-policy
    ES-PEER-POLICY 
 ! 


ES-3 
! 
router bgp 65101 
 template peer-policy ES-PEER-POLICY 
  send-community both 
 ! 
 template peer-session ES-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-MH-DIST-1-PEER 
  update-source Loopback0 
  fall-over host-route 
 ! 
 bgp router-id interface Loopback0 
 bgp log-neighbor-changes 
 bgp graceful-restart 
 no bgp default ipv4-unicast 
 neighbor 10.100.255.104 inherit peer-session
    ES-PEER-SESSION-POLICY 
 ! 
 address-family l2vpn evpn 
  bgp nexthop trigger critical-delay 0 
  neighbor 10.100.255.104 activate 
  neighbor 10.100.255.104 send-community both 
  neighbor 10.100.255.104 inherit peer-policy
    ES-PEER-POLICY 
 ! 
ES-4 
! 
router bgp 65101 
 template peer-policy ES-PEER-POLICY 
  send-community both 
 ! 
 template peer-session ES-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-MH-DIST-1-PEER 
  update-source Loopback0 
  fall-over host-route 
 ! 
 bgp router-id interface Loopback0 
 bgp log-neighbor-changes 
 bgp graceful-restart 
 no bgp default ipv4-unicast 
 neighbor 10.100.255.103 inherit peer-session
    ES-PEER-SESSION-POLICY 
 ! 
 address-family l2vpn evpn 
  bgp nexthop trigger critical-delay 0 
  neighbor 10.100.255.103 activate 
  neighbor 10.100.255.103 send-community both 
  neighbor 10.100.255.103 inherit peer-policy
    ES-PEER-POLICY 
 !

4: Global L2VPN

 
! 
l2vpn evpn 
advertise mac disable 
anycast-gateway mac auto 
multicast advertise sync-only 
multihoming aliasing disable 
multihoming peering adjacent 
replication-type ingress 
router-id Loopback 0 
! 


! 
l2vpn evpn 
advertise mac disable 
anycast-gateway mac auto 
multicast advertise sync-only 
multihoming aliasing disable 
multihoming peering adjacent 
replication-type ingress 
router-id Loopback 0 
!

5: Routed VLAN and MAC VRF

 
! 
vlan 11 
 name ROUTED_DATA_VLAN 
! 
l2vpn evpn instance 11 vlan-based 
 encapsulation vxlan 
! 
vlan configuration 11 
 member evpn-instance 11 vni 11011 
! 
 interface nve 1 
 source-interface Loopback 0 
 host-reachability protocol bgp 
 member vni 11011 ingress-replication 
! 


! 
vlan 11 
 name ROUTED_DATA_VLAN 
! 
l2vpn evpn instance 11 vlan-based 
 encapsulation vxlan 
! 
vlan configuration 11 
 member evpn-instance 11 vni 11011 
! 
 interface nve 1 
 source-interface Loopback 0 
 host-reachability protocol bgp 
 member vni 11011 ingress-replication 
!

6: DAG-routed VLAN and MAC VRF

 
! 
vlan 111 
 name DAG_ROUTED_DATA_VLAN 
! 
l2vpn evpn instance 111 vlan-based 
 encapsulation vxlan 
 route-target 1.1.1.1:111 
 no auto-route-target 
! 
vlan configuration 111 
 member evpn-instance 111 vni 11111 
! 
 interface nve 1 
 member vni 11111 ingress-replication 
! 


! 
vlan 111 
 name DAG_ROUTED_DATA_VLAN 
! 
l2vpn evpn instance 111 vlan-based 
 encapsulation vxlan 
 route-target 1.1.1.1:111 
 no auto-route-target 
! 
vlan configuration 111 
 member evpn-instance 111 vni 11111 
! 
 interface nve 1 
 member vni 11111 ingress-replication 
!

7: ES EtherChannel

 
! 
interface Port-Channel 1 
 description CONNECTED TO L2 ACCESS  
 switchport trunk allowed vlan 11,111 
 evpn ethernet-segment auto lacp 
   df-election wait-time 1 
! 


! 
interface Port-Channel 1 
 description CONNECTED TO L2 ACCESS  
 switchport trunk allowed vlan 11,111 
 evpn ethernet-segment auto lacp 
   df-election wait-time 1 
!

Underlay: fabric core and BGP peering

Enterprise campus core networks with solid underlay network foundation are the key for highly scalable, resilient BGP EVPN VXLAN fabric networks. This section is the second step to build a reliable underlay core network for fabric and hierarchical BGP peering on targeted network devices with specific roles.

Note

The table is subdivided into two fabric roles with each step either sharing common configuration or a unique per-device with a common role.

Step

ES-1, ES-2, ES-3 and ES-4

Spine-1 and Spine-2

Border-1 and Border-2

1: Global best practices

 
!  
system mtu 9100  
!  
port-channel load-balance 
   vlan-src-dst-mixed-ip-port  
ip cef load-sharing algorithm 
   include-ports  
 source destination protocol  
!  
ip tcp mss 8000  
ip tcp window-size 262144  
ip tcp path-mtu-discovery  
! 


!  
system mtu 9100  
!  
port-channel load-balance 
  vlan-src-dst-mixed-ip-port  
ip cef load-sharing algorithm 
   include-ports  
 source destination protocol  
!  
ip tcp mss 8000  
ip tcp window-size 262144  
ip tcp path-mtu-discovery  
! 


!  
system mtu 9100  
!  
port-channel load-balance 
  vlan-src-dst-mixed-ip-port  
ip cef load-sharing algorithm 
  include-ports  
 source destination protocol  
!  
ip tcp mss 8000  
ip tcp window-size 262144  
ip tcp path-mtu-discovery  
!

2: Underlay interface configuration and best practices

 
! 
interface range 
   HundredGig1/0/49-50 
 description CONNECTED TO SPINE  
 ip ospf 100 area 0 
 ip ospf network point-to-point 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
 evpn multihoming core-tracking 
! 


! 
interface range HundredGig1/0/1-4 
 description CONNECTED TO CAMPUS 
   CORE NETWORK 
 ip ospf 100 area 0 
 ip ospf network point-to-point 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
! 


! 
interface range 
   HundredGig1/0/49-50 
 description CONNECTED TO SPINE  
 ip ospf 100 area 0 
 ip ospf network point-to-point 
 carrier-delay msec 0 
 hold-queue 4094 in 
 hold-queue 4094 out 
!

3: OSPF routing configuration and best practices

 
ES-1 and ES-2 
! 
router ospf 100 
 max-metric router-lsa include-stub 
   summary-lsa external-lsa on-startup 
    wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
   prefix-priority low 
 area 101 stub no-summary 
 passive-interface default 
 no passive-interface Port-Channel 128 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
! 
 
 
ES-3 and ES-4 
! 
router ospf 100 
 max-metric router-lsa include-stub 
    summary-lsa external-lsa on-startup 
    wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
    prefix-priority low 
 area 102 stub no-summary 
 passive-interface default 
 no passive-interface Port-Channel 128 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
! 


SPINE-1 
! 
router ospf 100 
 router-id 10.200.255.3 
 max-metric router-lsa include-stub 
   summary-lsa external-lsa on-startup 
   wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
   prefix-priority low 
passive-interface default 
 no passive-interface HundredGig1/0/1 
 no passive-interface HundredGig1/0/2 
no passive-interface HundredGig1/0/3 
 no passive-interface HundredGig1/0/4 
! 
 
 
SPINE-2 
! 
router ospf 100 
 router-id 10.200.255.4 
 max-metric router-lsa include-stub 
    summary-lsa external-lsa on-startup
    wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
   prefix-priority low 
 passive-interface default 
 no passive-interface HundredGig1/0/1 
 no passive-interface HundredGig1/0/2 
no passive-interface HundredGig1/0/3 
 no passive-interface HundredGig1/0/4 
! 


BORDER-1 
! 
router ospf 100 
 router-id 10.200.255.1 
 max-metric router-lsa include-stub 
    summary-lsa external-lsa on-startup 
    wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
    prefix-priority low 
passive-interface default 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
! 
 
 
BORDER-2 
! 
router ospf 100 
 router-id 10.200.255.2 
 max-metric router-lsa include-stub 
    summary-lsa external-lsa on-startup
    wait-for-bgp  
 nsf cisco  
 fast-reroute per-prefix enable 
     prefix-priority low 
 passive-interface default 
 no passive-interface HundredGig1/0/49 
 no passive-interface HundredGig1/0/50 
!

4:BGP routing configuration and best practices

 
! 
router bgp 65101 
! 
bgp router-id interface Loopback0 
bgp log-neighbor-changes 
bgp graceful-restart 
no bgp default ipv4-unicast 
! 


! 
router bgp 65101 
! 
bgp router-id interface Loopback0 
bgp log-neighbor-changes 
bgp graceful-restart 
no bgp default ipv4-unicast 
! 


! 
router bgp 65101 
! 
bgp router-id interface Loopback0 
bgp log-neighbor-changes 
bgp graceful-restart 
no bgp default ipv4-unicast 
!

5: Peer-session and peer-policy templates and parameters for leaf switches 

! 
template peer-session 
   EVPN-SPINE-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-SPINE-PEER 
  log-neighbor-changes 
  update-source Loopback0 
  fall-over host-route 
 ! 
template peer-policy 
    EVPN-SPINE-PEER-POLICY 
  send-community both 
! 


! 
template peer-session 
   EVPN-LEAF-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-LEAF-PEER 
  log-neighbor-changes 
  update-source Loopback0 
  fall-over host-route 
! 
template peer-policy 
   EVPN-LEAF-PEER-POLICY 
  route-reflector-client 
  send-community both 
 !

6: Peer-session and policy templates and parameters for border switches 

! 
template peer-session 
   EVPN-BORDER-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-BORDER-PEER 
  log-neighbor-changes 
  update-source Loopback0 
  fall-over host-route 
 ! 
template peer-policy 
   EVPN-BORDER-PEER-POLICY 
  route-reflector-client 
  send-community both 
 ! 


! 
template peer-session 
    EVPN-SPINE-PEER-SESSION-POLICY 
  remote-as 65101 
  description EVPN-SPINE-PEER 
  log-neighbor-changes 
  update-source Loopback0 
  fall-over host-route 
 ! 
template peer-policy 
    EVPN-SPINE-PEER-POLICY 
  send-community both 
!

7: Disable intra-cluster EVPN multihome leaf reflection 

! 
no bgp client-to-client reflection 
   intra-cluster cluster-id any

8: Border-spine iBGP peering 

! 
neighbor 10.200.255.1 inherit 
   peer-session EVPN-BORDER-PEER-SESSION-POLICY 
! 
 neighbor 10.200.255.2 inherit   
   peer-session EVPN-BORDER-PEER-SESSION-POLICY 
 !


! 
neighbor 10.200.255.3 inherit 
   peer-session EVPN-SPINE-PEER-SESSION-POLICY 
! 
 neighbor 10.200.255.4 inherit 
    peer-session EVPN-SPINE-PEER-SESSION-POLICY 
!

9: Leaf iBGP peering

 
! 
neighbor 10.200.255.3 
   inherit peer-session 
   EVPN-SPINE-PEER-SESSION-POLICY 
! 
 neighbor 10.200.255.4 
   inherit peer-session 
   EVPN-SPINE-PEER-SESSION-POLICY 
! 


! 
neighbor 10.200.255.101 
    inherit peer-session 
    EVPN-LEAF-PEER-SESSION-POLICY 
 neighbor 10.200.255.101 
    cluster-id 1.1.1.1 
! 
 neighbor 10.200.255.102 
    inherit peer-session 
    EVPN-LEAF-PEER-SESSION-POLICY 
 neighbor 10.200.255.102 
    cluster-id 1.1.1.1 
 ! 
neighbor 10.200.255.103 
    inherit peer-session 
    EVPN-LEAF-PEER-SESSION-POLICY 
 neighbor 10.200.255.101 
    cluster-id 1.1.1.2 
! 
 neighbor 10.200.255.104 
    inherit peer-session 
    EVPN-LEAF-PEER-SESSION-POLICY 
 neighbor 10.200.255.102 
    cluster-id 1.1.1.2 
 !

10: Activate leaf and border iBGP peering under L2VPN EVPN address family 

! 
address-family l2vpn evpn 
  bgp nexthop trigger critical-delay 0 
  neighbor 10.200.255.3 activate 
  neighbor 10.200.255.3 
    send-community both 
  neighbor 10.200.255.3 
    inherit peer-policy 
    EVPN-SPINE-PEER-POLICY 
  neighbor 10.200.255.4 activate 
  neighbor 10.200.255.4 
    send-community both 
  neighbor 10.200.255.4 inherit 
    peer-policy EVPN-SPINE-PEER-POLICY 
! 


! 
address-family l2vpn evpn 
  bgp nexthop trigger 
     critical-delay 0 
  neighbor 10.200.255.1 activate 
  neighbor 10.200.255.1 
     send-community both 
  neighbor 10.200.255.1 
     inherit peer-policy 
     EVPN-BORDER-PEER-POLICY 
  neighbor 10.200.255.2 activate 
  neighbor 10.200.255.2 
     send-community both 
  neighbor 10.200.255.2 inherit 
     peer-policy 
     EVPN-BORDER-PEER-POLICY 
! 
  neighbor 10.200.255.101 activate 
  neighbor 10.200.255.101 
     send-community both 
  neighbor 10.200.255.101 
     inherit peer-policy 
     EVPN-LEAF-PEER-POLICY 
  neighbor 10.200.255.102 activate 
  neighbor 10.200.255.102 
     send-community both 
  neighbor 10.200.255.102 inherit 
     peer-policy EVPN-LEAF-PEER-POLICY 
! 
  neighbor 10.200.255.103 activate 
  neighbor 10.200.255.103 
     send-community both 
  neighbor 10.200.255.103 
     inherit peer-policy 
     EVPN-LEAF-PEER-POLICY 
  neighbor 10.200.255.104 activate 
  neighbor 10.200.255.104 
     send-community both 
  neighbor 10.200.255.104 inherit 
     peer-policy EVPN-LEAF-PEER-POLICY 
! 


! 
address-family l2vpn evpn 
  bgp nexthop trigger 
     critical-delay 0 
  neighbor 10.200.255.3 activate 
  neighbor 10.200.255.3 
    send-community both 
  neighbor 10.200.255.3 
     inherit peer-policy 
     EVPN-SPINE-PEER-POLICY 
  neighbor 10.200.255.4 activate 
  neighbor 10.200.255.4 
     send-community both 
  neighbor 10.200.255.4 
     inherit peer-policy 
     EVPN-SPINE-PEER-POLICY 
!

Overlay: DAG routed networks

The overlay network configuration is the final step to enable a fabric in the enterprise campus. This section provides step-by-step configuration procedures on VTEPs involved in a DAG routed overlay network that exchanges IP prefixes between external and internal network domains.

Step

ES-1, ES-2, ES-3 and ES-4

Border-1 and Border-2

1: IP VRF configuration

 
ES-1 
! 
vrf definition green 
 rd 10.200.255.101:101 
 address-family ipv4 unicast 
 route-target 65101:101 
 route-target 65101:101 stitching 
! 
ES-2 
! 
vrf definition green 
 rd 10.200.255.102:101 
 address-family ipv4 unicast 
 route-target 65101:101 
 route-target 65101:101 stitching 
! 
ES-3 
! 
vrf definition green 
 rd 10.200.255.103:101 
 address-family ipv4 unicast 
 route-target 65101:101 
 route-target 65101:101 stitching 
! 
ES-4 
! 
vrf definition green 
 rd 10.200.255.104:101 
 address-family ipv4 unicast 
 route-target 65101:101 
 route-target 65101:101 stitching 
! 


BORDER-1 
! 
vrf definition green 
 rd 10.200.255.1:101 
 address-family ipv4 unicast 
 route-target 65101:101 
 route-target 65101:101 stitching 
! 
BORDER-2 
! 
vrf definition green 
 rd 10.200.255.2:101 
 address-family ipv4 unicast 
 route-target 65101:101 
 route-target 65101:101 stitching 
!

2: IP VRF core VLAN configuration

 
! 
vlan 101 
  name VRF_GREEN_CORE_VLAN 
! 
vlan configuration 101 
 member vni 10011 
! 
interface vlan 101 
 description CORE VLAN 
    – VRF GREEN 
 vrf forwarding green 
 ip unnumbered Loopback0 
 no autostate 
 ! 


! 
vlan 101 
  name VRF_GREEN_CORE_VLAN 
! 
vlan configuration 101 
 member vni 10011 
! 
interface vlan 101 
 description CORE VLAN 
   – VRF GREEN 
 vrf forwarding green 
 ip unnumbered Loopback0 
 no autostate 
 !

3: IP VRF L3VNI to NVE interface binding

 
! 
interface nve 1 
 member vni 10011 vrf green 
! 


! 
interface nve 1 
 member vni 10011 vrf green 
!

4: Network edge to access or external domain. 

ES-1 and ES-2 
! 
interface Vlan 11 
 description ROUTED DATA VLAN 
    – VRF GREEN 
 vrf forwarding green 
 ip address 10.11.1.254 
     255.255.255.0 
! 
interface Vlan 111 
 description DAG ROUTED DATA 
      VLAN – VRF GREEN 
 vrf forwarding green 
 ip address 10.111.1.254 
     255.255.255.0 
! 
 
ES-3 and ES-4 
! 
interface Vlan 21 
 description ROUTED DATA 
     VLAN – VRF GREEN 
 vrf forwarding green 
 ip address 10.21.1.254 
     255.255.255.0 
! 
interface Vlan 111 
 description DAG ROUTED 
     DATA VLAN – VRF GREEN 
 vrf forwarding green 
 ip address 10.111.1.254 
     255.255.255.0 
! 


BORDER-1 
! 
interface Vlan 2001 
 description FIREWALL 
     HANDOFF – VRF GREEN 
 vrf forwarding green 
 ip address 21.1.1.0 
     255.255.255.254 
! 
BORDER-2 
! 
interface Vlan 2002 
 description FIREWALL 
     HANDOFF – VRF GREEN 
 vrf forwarding green 
 ip address 21.1.1.2 
     255.255.255.254 
!

5: Route-map policy

 
! 
route-map SPINE-ROUTE-POLICY-OUT 
   permit 10 
 description ROUTED OVERLAY 
    NETWORK POLICY 
 match evpn route-type 5 
! 
route-map SPINE-ROUTE-POLICY-OUT 
    permit 20 
 description DAG ROUTED 
    OVERLAY NETWORK POLICY 
 match evpn route-type 2-mac-ip 
!

6: Apply spine policy to BGP template

 
! 
router bgp 65101 
! 
template peer-policy 
   EVPN-SPINE-PEER-POLICY 
 route-map SPINE-ROUTE-POLICY-OUT out 
!

7: IP routing

 
! 
router bgp 65101 
! 
address-family ipv4 vrf green 
 advertise l2vpn evpn 
 redistribute connected 
 maximum-paths ibgp 2 
! 


BORDER-1 
! 
router bgp 65101 
! 
address-family ipv4 vrf green 
 advertise l2vpn evpn 
 neighbor 21.1.1.1 remote-as 65001 
 neighbor 21.1.1.1 activate 
 maximum-paths ibgp 2 
! 
BORDER-2 
! 
router bgp 65101 
! 
address-family ipv4 vrf green 
 advertise l2vpn evpn 
 neighbor 21.1.1.3 remote-as 65001 
 neighbor 21.1.1.3 activate 
 maximum-paths ibgp 2 
!