Ethernet VPN（EVPN）は、Network Virtualization Overlay（NVO; ネットワーク仮想化オーバーレイ）用の標準ベースの BGP 分散型コントロールプレーンであり、IP または IP/MPLS アンダーレイネットワーク上でレイヤー 2（ブリッジング）およびレイヤー 3（ルーティング）接続を提供します。

Virtual Extensible LAN（VxLAN）は、共有される共通の物理インフラストラクチャにおいて、柔軟で大規模なマルチテナント環境をサポートするためのソリューションです。物理データセンター ネットワークでの転送プロトコルは IP と UDP です。

Generic Routing Encapsulation（GRE）は、仮想ポイントツーポイント プライベート接続を提供し、パケットをカプセル化して IP ベースのネットワーク経由で転送します。

このソリューションは、L3 IP ネットワークを介して L2 ブロードキャストドメインを拡張する機能をお客様に提供します。GRE トンネルは、VXLAN パケットを転送できる分離 L3 ネットワークサブネットの接続を容易にします。

次に、トポロジの例を示します。

次の設定は、概要 に示すトポロジをサポートします。

interface GigabitEthernet1/7
 switchport access vlan 21
 switchport mode access
!
interface Vlan21
 ip address 21.21.21.1 255.255.255.0

l2vpn evpn
 replication-type ingress
!
l2vpn evpn instance 21 vlan-based
 encapsulation vxlan
 replication-type ingress
 default-gateway advertise enable
!

bridge-domain 21 
 member Vlan21 service-instance 21
 member evpn-instance 21 vni 30000
!
!
interface Loopback0
 ip address 100.100.100.1 255.255.255.255
!
interface Tunnel100
 ip address 102.102.102.1 255.255.255.252
 ip pim sparse-mode
 mpls ip
 tunnel source 192.168.5.100
 tunnel destination 192.168.5.200
!
interface GigabitEthernet0/0/0
 ip address 192.168.5.100 255.255.255.0
!
interface FastEthernet0/0/1
 switchport access vlan 21
 switchport mode access
!
interface FastEthernet0/0/2
!
!
interface Vlan21
 no ip address
 service instance 21 ethernet
  encapsulation dot1q 21
 !

!
interface nve1
 no ip address
 source-interface Loopback0
 host-reachability protocol bgp
 member vni 30000 ingress-replication
!
router ospf 1
 router-id 100.100.100.1
 network 100.100.100.1 0.0.0.0 area 0
 network 102.102.102.0 0.0.0.3 area 0
!
router bgp 1
 bgp router-id 100.100.100.1
 bgp log-neighbor-changes
 neighbor 102.102.102.2 remote-as 1
 !
 address-family ipv4
  redistribute connected
  neighbor 102.102.102.2 activate
  neighbor 102.102.102.2 send-community both
 exit-address-family
 !
 address-family vpnv4
  import l2vpn evpn
  neighbor 102.102.102.2 activate
  neighbor 102.102.102.2 send-community extended
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor 102.102.102.2 activate
  neighbor 102.102.102.2 send-community both
 exit-address-family
!
ip pim rp-address 100.100.100.2

l2vpn evpn
 replication-type ingress
!
l2vpn evpn instance 21 vlan-based
 encapsulation vxlan
 replication-type ingress
 default-gateway advertise enable
!
!

bridge-domain 21 
 member Vlan21 service-instance 21
 member evpn-instance 21 vni 30000
!
!
interface Loopback0
 ip address 100.100.100.2 255.255.255.255
!
interface Tunnel100
 ip address 102.102.102.2 255.255.255.252
 ip pim sparse-mode
 mpls ip
 tunnel source 192.168.5.200
 tunnel destination 192.168.5.100
!
interface GigabitEthernet0/0/0
 ip address 192.168.5.200 255.255.255.0
 negotiation auto
!
interface GigabitEthernet0/1/0
 switchport access vlan 21
 switchport mode access
!
!
interface Vlan21
 no ip address
 service instance 21 ethernet
  encapsulation dot1q 21
 !

!
interface nve1
 no ip address
 source-interface Loopback0
 host-reachability protocol bgp
 member vni 30000 ingress-replication
!         
router ospf 1
 router-id 100.100.100.2
 network 100.100.100.2 0.0.0.0 area 0
 network 102.102.102.0 0.0.0.3 area 0
!
router bgp 1
 bgp router-id 100.100.100.2
 bgp log-neighbor-changes
 neighbor 102.102.102.1 remote-as 1
 !
 address-family ipv4
  redistribute connected
  neighbor 102.102.102.1 activate
  neighbor 102.102.102.1 send-community both
 exit-address-family
 !
 address-family vpnv4
  import l2vpn evpn
  neighbor 102.102.102.1 activate
  neighbor 102.102.102.1 send-community extended
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor 102.102.102.1 activate
  neighbor 102.102.102.1 send-community both
 exit-address-family
!
ip forward-protocol nd
ip pim rp-address 100.100.100.2

interface GigabitEthernet1/7
 switchport access vlan 21
 switchport mode access
!
interface Vlan21
 ip address 21.21.21.2 255.255.255.0

次の手順で、ルータ 1 を設定します。

1. EVPN および EVPN インスタンスを作成します。

   l2vpn evpn
   replication-type ingress
   !
   l2vpn evpn instance 21 vlan-based
   encapsulation vxlan
   replication-type ingress
   default-gateway advertise enable
   

2. VLAN 21 にポートを追加します。

   interface FastEthernet0/0/1
   switchport access vlan 21
   switchport mode access
   

3. VLAN 21 で BDI 21 を設定します。

   interface Vlan21
   no ip address
   service instance 21 ethernet
     encapsulation dot1q 21
   

4. ループバック インターフェイスに IP を割り当てます。

   interface Loopback0
   ip address 100.100.100.1 255.255.255.255
   

5. WAN インターフェイスに IP を設定します。

   interface GigabitEthernet0/0/0
   ip address 192.168.5.100 255.255.255.0
   

6. WAN インターフェイス IP を使用して GRE トンネルを設定します。

   interface Tunnel100
   ip address 102.102.102.1 255.255.255.252
   ip pim sparse-mode
   mpls ip
   tunnel source 192.168.5.100
   tunnel destination 192.168.5.200
   

7. VXLAN を設定します。

   interface nve1
   no ip address
   source-interface Loopback0
   host-reachability protocol bgp
   member vni 30000 ingress-replication 
   

8. BDI（ブリッジ ドメイン インターフェイス）に EVPN および VxLAN インスタンスを適用します。

   bridge-domain 21 
    member Vlan21 service-instance 21
   member evpn-instance 21 vni 30000
   

9. OSPF と BGP をオーバーレイプロトコルとして設定します。

   router ospf 1
   router-id 100.100.100.1
   network 100.100.100.1 0.0.0.0 area 0
   network 102.102.102.0 0.0.0.3 area 0
   !
   router bgp 1
   bgp router-id 100.100.100.1
   bgp log-neighbor-changes
   neighbor 102.102.102.2 remote-as 1
   !
   address-family ipv4
     redistribute connected
     neighbor 102.102.102.2 activate
     neighbor 102.102.102.2 send-community both
   exit-address-family
   !
   address-family vpnv4
     import l2vpn evpn
     neighbor 102.102.102.2 activate
     neighbor 102.102.102.2 send-community extended
   exit-address-family
   !
   address-family l2vpn evpn
     neighbor 102.102.102.2 activate
     neighbor 102.102.102.2 send-community both
   exit-address-family
   

同様の手順を実行し、適切な IP アドレスを使用してルータ 2 を設定します。その後、到達可能性を実現するために両方のホストに IP アドレスを設定します。

次の show コマンドは、セットアップをトラブルシュートするために役立ちます。

Router1#show l2vpn evpn peers vxlan

Interface VNI      Peer-IP                                 Num routes eVNI     UP time
--------- -------- --------------------------------------- ---------- -------- --------
nve1      30000    100.100.100.2                           1          30000    00:00:18


Router1#show nve peers
'M' - MAC entry download flag  'A' - Adjacency download flag
'4' - IPv4 flag  '6' - IPv6 flag

Interface  VNI      Type Peer-IP          RMAC/Num_RTs   eVNI     state flags UP time
nve1       30000    L2CP 100.100.100.2    1              30000      UP   N/A  00:00:40


Router1#show l2vpn evpn mac
MAC Address    EVI   BD    ESI                      Ether Tag  Next Hop(s)
-------------- ----- ----- ------------------------ ---------- ---------------
0000.24aa.c926 21    21    0000.0000.0000.0000.0000 0          Vl21:21
0000.24aa.c927 21    21    0000.0000.0000.0000.0000 0          100.100.100.2

Router1#show bgp l2vpn evpn all
BGP table version is 7, local router ID is 100.100.100.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100.100.100.1:21
 *>   [2][100.100.100.1:21][0][48][000024AAC926][0][*]/20
                      0.0.0.0                            32768 ?
 *>i  [2][100.100.100.1:21][0][48][000024AAC927][0][*]/20
                      100.100.100.2            0    100      0 ?
Route Distinguisher: 100.100.100.2:21
 *>i  [2][100.100.100.2:21][0][48][000024AAC927][0][*]/20
                      100.100.100.2            0    100      0 ?
Route Distinguisher: 100.100.100.1:21
 *>   [3][100.100.100.1:21][0][32][100.100.100.1]/17
                      0.0.0.0                            32768 ?
 *>i  [3][100.100.100.1:21][0][32][100.100.100.2]/17
                      100.100.100.2            0    100      0 ?
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100.100.100.2:21
 *>i  [3][100.100.100.2:21][0][32][100.100.100.2]/17
                      100.100.100.2            0    100      0 ?
Router1#

Router2#show l2vpn evpn peers vxlan

Interface VNI      Peer-IP                                 Num routes eVNI     UP time
--------- -------- --------------------------------------- ---------- -------- --------
nve1      30000    100.100.100.1                           1          30000    00:00:17

Router2#show nve peers
'M' - MAC entry download flag  'A' - Adjacency download flag
'4' - IPv4 flag  '6' - IPv6 flag

Interface  VNI      Type Peer-IP          RMAC/Num_RTs   eVNI     state flags UP time
nve1       30000    L2CP 100.100.100.1    1              30000      UP   N/A  00:00:22


Router2#show l2vpn evpn mac
MAC Address    EVI   BD    ESI                      Ether Tag  Next Hop(s)
-------------- ----- ----- ------------------------ ---------- ---------------
0000.24aa.c926 21    21    0000.0000.0000.0000.0000 0          100.100.100.1
0000.24aa.c927 21    21    0000.0000.0000.0000.0000 0          Vl21:21

Router2#show bgp l2vpn evpn all
BGP table version is 23, local router ID is 100.100.100.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100.100.100.1:21
 *>i  [2][100.100.100.1:21][0][48][000024AAC926][0][*]/20
                      100.100.100.1            0    100      0 ?
Route Distinguisher: 100.100.100.2:21
 *>i  [2][100.100.100.2:21][0][48][000024AAC926][0][*]/20
                      100.100.100.1            0    100      0 ?
 *>   [2][100.100.100.2:21][0][48][000024AAC927][0][*]/20
                      0.0.0.0                            32768 ?
Route Distinguisher: 100.100.100.1:21
 *>i  [3][100.100.100.1:21][0][32][100.100.100.1]/17
                      100.100.100.1            0    100      0 ?
Route Distinguisher: 100.100.100.2:21
 *>i  [3][100.100.100.2:21][0][32][100.100.100.1]/17
                      100.100.100.1            0    100      0 ?
 *>   [3][100.100.100.2:21][0][32][100.100.100.2]/17
                      0.0.0.0                            32768 ?
Router2#

以下は、追加の情報源です。

• VXLAN の設定

• GRE トンネルを設定する