For part 2, I will be setting up a L3 VNI to allow PC2 (Vlan 100) to communicate with PC3 (Vlan 200) within site 1. Using the same diagram as part 1 below:
First, I’ll create the L3 VNI (1000), VRF for Tenant1, Vl1000 SVI, and then map it to the NVE interface on both leaf nodes 9K-1 and 2
9K-2(config)# vlan 1000 9K-2(config-vlan)# vn-segment 1000 9K-2(config-vlan)# exit ! 9K-2(config)# vrf context TENANT1 9K-2(config-vrf)# vni 1000 9K-2(config-vrf)# rd auto 9K-2(config-vrf)# add ipv4 unicast 9K-2(config-vrf-af-ipv4)# route-target both auto evpn 9K-2(config-vrf-af-ipv4)# exit ! 9K-2(config-vrf)# feature interface-vlan 9K-2(config)# int vlan1000 9K-2(config-if)# vrf memeber TENANT1 Warning: Deleted all L3 config on interface Vlan1000 9K-2(config-if)# ip forward 9K-2(config-if)# no shut ! 9K-2(config-if)# int nve1 9K-2(config-if-nve)# member vni 1000 associate-vrf 9K-2(config-if-nve-vni)# end
Same thing on 9K-3 as well.
Next, we’ll add VNI 200 (Vlan 200), add VNI 200 to the EVPN config, enable anycast gateway, create the Vl100 and 200 SVIs, and then add VNI 200 to the NVE
Same thing on both 9K-2 and 3
9K-2(config)# vlan 200 9K-2(config-vlan)# vn-segment 200 9K-2(config-vlan)# exit ! 9K-2(config)# evpn 9K-2(config-evpn)# vni 200 l2 9K-2(config-evpn-evi)# rd auto 9K-2(config-evpn-evi)# route-target both auto 9K-2(config-evpn-evi)# exit ! 9K-2(config-evpn)# fabric forwarding anycast-gateway-mac 0001.2345.6789 ! 9K-2(config)# int vlan 100 9K-2(config-if)# vrf mem TENANT1 Warning: Deleted all L3 config on interface Vlan100 9K-2(config-if)# ip add 192.168.100.1/24 9K-2(config-if)# fabric forwarding mode anycast-gateway 9K-2(config-if)# no shut ! 9K-2(config-if)# int vlan 200 9K-2(config-if)# vrf mem TENANT1 Warning: Deleted all L3 config on interface Vlan200 9K-2(config-if)# ip add 192.168.200.1/24 9K-2(config-if)# fabric forwarding mode anycast-gateway 9K-2(config-if)# no shut ! 9K-2(config-if)# int nve1 9K-2(config-if-nve)# member vni 200 9K-2(config-if-nve-vni)# mcast 239.1.1.1 9K-2(config-if-nve-vni)# suppress-arp 9K-2(config-if-nve-vni)# end
I went ahead and tossed PC3 on 9K-3 into vlan 200 and reconfigured it for address 192.168.200.13. Now to ping between the PCs
PC-2> ping 192.168.200.13 84 bytes from 192.168.200.13 icmp_seq=1 ttl=62 time=196.568 ms 84 bytes from 192.168.200.13 icmp_seq=2 ttl=62 time=60.620 ms 84 bytes from 192.168.200.13 icmp_seq=3 ttl=62 time=195.987 ms ! PC-3> ping 192.168.100.12 84 bytes from 192.168.100.12 icmp_seq=1 ttl=62 time=159.898 ms 84 bytes from 192.168.100.12 icmp_seq=2 ttl=62 time=289.842 ms
It works. Below is the BGP table for VNI 1000 showing that 9K-2 has learned of PC3 via BGP
9K-2# sh bgp l2 ev vni 1000
.......
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.1.255.2:3 (L3VNI 1000)
*>i[2]:[0]:[0]:[48]:[0050.7966.6802]:[32]:[192.168.200.13]/272
10.1.254.3 100 0 i
It should now be showing up in the Tenant1 vrf routing table on 9K-2
9K-2# show ip route bgp vrf TENANT1
.....
192.168.200.13/32, ubest/mbest: 1/0
*via 10.1.254.3%default, [200/0], 00:04:08, bgp-100, internal, tag 100 (evpn
) segid: 1000 tunnelid: 0xa01fe03 encap: VXLAN
That’s all for enabling a L3 VNI for site 1
[…] Recap Part 1 – Setup simple L2 VXLAN within a single site Part 2 – Setup L3 VNI within a single site Part 3 – Setup multisite between 2 sites using a […]