{"id":1273,"date":"2023-05-08T17:19:56","date_gmt":"2023-05-08T16:19:56","guid":{"rendered":"https:\/\/blog.thomarite.uk\/?p=1273"},"modified":"2023-05-08T17:19:56","modified_gmt":"2023-05-08T16:19:56","slug":"vxlan-bgp-evpn-multisite","status":"publish","type":"post","link":"https:\/\/blog.thomarite.uk\/index.php\/2023\/05\/08\/vxlan-bgp-evpn-multisite\/","title":{"rendered":"VXLAN BGP EVPN Multisite"},"content":{"rendered":"\n<p>This is a <a href=\"https:\/\/www.youtube.com\/watch?v=y-ZDCMwEpxw\">video<\/a> that explains high level about EVPN Multisite. There is no really config involved. The pdf for the session &#8220;BRKDCN-2913&#8221; is easy to find and download. Although this is NXOS based, Arista has similar feature called &#8220;EVPN Gateway&#8221;: \u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/www.arista.com\/en\/support\/toi\/eos-4-25-0f\/14591-evpn-l3-gateway\" target=\"_blank\">https:\/\/www.arista.com\/en\/support\/toi\/eos-4-25-0f\/14591-evpn-l3-gateway<\/a> (needs registration&#8230;.) Just one line really to add under the EVPN address family to change the next hop to the gateway&#8217;s address. The implementation looks much more simpler than NXOS&#8230;.<\/p>\n\n\n\n<p>This is a summary of the video:<\/p>\n\n\n\n<p><br>RFC9014 &#8230; DCI EVPN Overlay defines the Layer-2 extension between two domains<\/p>\n\n\n\n<p>section 3: decoupled gw. vland handoff with a WAN edge.<br>section 4: integrated gw: gw talk directly L2EVPN<br>multi-site (BESS version) draft-sharma-bess-multi-site-evpn. support extension of l2 and l3, uc and mc, vpns. BGW talk ebgp evpn AF.<br>gw mode: anycast vip (ecmp: underlay) or multipath vip (ecmp: under and overlay)<br>type5: re-originated.<br>RD: separate RD for vIP and PIP<br>RT: same for intra\/inter dc<br>Border GW = EVPN GW<\/p>\n\n\n\n<p>EVPN-IPVPN interop defines the Layer-3 extension between domains, currently lacks of EVPN to EVPN interconnects<\/p>\n\n\n\n<p>Multisite\u00a0draft combines RFC9014 and EVPN-IPVPN with EVPN to EVPN connection: <a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/draft-sharma-bess-multi-site-evpn-02\">https:\/\/datatracker.ietf.org\/doc\/html\/draft-sharma-bess-multi-site-evpn-02<\/a><\/p>\n\n\n\n<p>Use cases:<br>1- Compartmentalization:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>multiple fabrics, single DC<\/li>\n\n\n\n<li>control at BGW: allow extension l2,l3. Reduces remote VTEP count. Expands VTEP scale.<\/li>\n\n\n\n<li>BUM packet: LS replicated only in the fabric, then BGW to the BGW in the other fabric. In no multi-site, LS replicate to ALL VTEP in the fabric.<\/li>\n<\/ul>\n\n\n\n<p>2- Scale<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>control at BGW: Reduces remote VTEP count. Expands VTEP scale.<\/li>\n\n\n\n<li>scale thhrough hierarchy: multiply vtep with sites<br>up to 128 sites per multi-site domain. Up to 256 VTEP per fabric -> 32768 VTEPs<\/li>\n<\/ul>\n\n\n\n<p>3- DC interconnect (DCI)<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>IP reachability and MTU.<br>integration with legacy networks:<br>hybrid cloud connectivity: extends l3 with vrf awareness.<\/li>\n<\/ul>\n\n\n\n<p>Deeper look:<br>HW support only important in BGW. LS is not important.<br><\/p>\n\n\n\n<p>tunnels:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>stitched at BGW (no recirculation, hw rate)<\/li>\n\n\n\n<li>intra fabric tunnel goes LS to LS or LS to BFW<\/li>\n\n\n\n<li>inter fabric tunnel goes BGW to BGW<\/li>\n\n\n\n<li>only BGW IP must be unique.. Fabrics are &#8220;separated&#8221;.<\/li>\n<\/ul>\n\n\n\n<p>BGW deployment considerations:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>1) anycast bgw<\/li>\n\n\n\n<li>&#8211; up to 6 nodes. They are not interconnected, just share ASN nothing else.. In LS or SS<\/li>\n\n\n\n<li>&#8211; VIP mode: vip for tunnel stitching. foucs on scale and convergence. overlay ecpm<\/li>\n\n\n\n<li>&#8211; PIP mode: for 3rd party interop. Uses PIP for tunnel stitching. Uses under and overlay Ecmp.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>2) vpc bgw:<\/li>\n\n\n\n<li>&#8211; only 2 (because vpc, peer link). Only in LS<br>&#8211; legacy network integration, attachment of fw and adcs.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<p>NOTE: anycast and vpc must have a multi-site vip and PIP. only vpc needs an extra IP for VPC IP.<br>PIP needed for establishing BGP and for Designated Forwarding election (only one BGW forwards per vlan.<\/p>\n\n\n\n<p>CP and DP:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>As eBGP uses betweem multi-sites -&gt; ebgp changes NH =&gt; vxlan tunnel termination and re-origination + loop prevention (as-path). Full mesh ebgp evpn between sites.<\/li>\n\n\n\n<li>underlay\/overlay CP deployemnt: recommended IEI (recommended) within fabric: IGP as underlay, iBGP as overlay.<\/li>\n\n\n\n<li>full mesh ebgp evpn between site OR deploy RS (route-server) -&gt; RS is in a separate AS and only does CP = eBGP RR (RFC 7947): evpn routes reflection, NH unchanged, RT rewrite!<\/li>\n<\/ul>\n\n\n\n<p>I think this is the white paper mentioned: \u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/switches\/nexus-9000-series-switches\/white-paper-c11-739942.html\" target=\"_blank\">https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/switches\/nexus-9000-series-switches\/white-paper-c11-739942.html<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Another thing, I wish it wouldnt be that painful to simulate NXOS. It is so easy spin up a lab with cEOS&#8230;..in a standard laptop..<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is a video that explains high level about EVPN Multisite. There is no really config involved. The pdf for the session &#8220;BRKDCN-2913&#8221; is easy to find and download. Although this is NXOS based, Arista has similar feature called &#8220;EVPN Gateway&#8221;: \u00a0https:\/\/www.arista.com\/en\/support\/toi\/eos-4-25-0f\/14591-evpn-l3-gateway (needs registration&#8230;.) Just one line really to add under the EVPN address family &hellip; <a href=\"https:\/\/blog.thomarite.uk\/index.php\/2023\/05\/08\/vxlan-bgp-evpn-multisite\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;VXLAN BGP EVPN Multisite&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-1273","post","type-post","status-publish","format-standard","hentry","category-networks"],"_links":{"self":[{"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/posts\/1273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/comments?post=1273"}],"version-history":[{"count":1,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/posts\/1273\/revisions"}],"predecessor-version":[{"id":1274,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/posts\/1273\/revisions\/1274"}],"wp:attachment":[{"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/media?parent=1273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/categories?post=1273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.thomarite.uk\/index.php\/wp-json\/wp\/v2\/tags?post=1273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}