Skip to content

Author: jmillermo

SSH Tunneling host to host

First I will bring up a couple simple ubuntu docker containers. I have already setup vlans 10 and 20 in my network within docker using macvlan, so here i’m just assigning them specific IP addresses to use. You’ll also have to use privileged mode on these or else you won’t be able to bring up the tunnels. You will not need to worry about this unless you are using docker containers like I am.

VXLAN Config – Adding BGP EVPN

In the last blog post I setup a basic VXLAN config just allowing 2 hosts on separate leaf switches to communicate within their common subnet. In that configuration all of the hosts were learned by the VTEPs from BUM traffic flooded using multicast. Using BGP EVPN, hosts are learned by their own leaf switch and then advertised to the BGP speaking spine switches which reflect them back down to all other leafs. As soon as a leaf switch learns of a host (most likely from that host sending a GARP or some ARP request) it will advertise that host’s information to everyone else. Even when using BGP EVPN arp requests are still sent to all VTEPs using multicast even though the VTEPs have probably already learned about the remote host via BGP. That is where arp suppression comes into play. Arp suppression allows the VTEP to respond to arp requests if the VTEP already knows the remote hosts mac address. There is a bit of upfront work to get this setup though because some switches require you carve up the TCAM to make room for ether-arp.