Setting up EVPN-based VXLAN on ArubaOS-CX

ArubaOS-CX OVA supports EVPN-based VXLAN as well. Let’s build the topology below in EVE-NG.

Configure ports and vlan.

*** CX1 ***
vlan 10
interface 1/1/1
    no shutdown
    ip address 10.0.0.1/30
interface 1/1/6
    no shutdown
    no routing
    vlan access 10
ip route 0.0.0.0/0 10.0.0.2

*** CX2 ***
vlan 10
interface 1/1/1
    no shutdown
    ip address 20.0.0.1/30
interface 1/1/6
    no shutdown
    no routing
    vlan access 10
ip route 0.0.0.0/0 20.0.0.2

*** CX3 ***
vlan 10
interface 1/1/1
    no shutdown
    ip address 30.0.0.1/30
interface 1/1/6
    no shutdown
    no routing
    vlan access 10
ip route 0.0.0.0/0 30.0.0.2

*** Router ***
interface 1/1/1
    no shutdown
    ip address 10.0.0.2/30
interface 1/1/2
    no shutdown
    ip address 20.0.0.2/30
interface 1/1/3
    no shutdown
    ip address 30.0.0.2/30

Once basic IP connectivity is confirmed, proceed to setup BGP control plane for EVPN. We use the ‘Router’ CX as route reflector to avoid full mesh BGP peering.

Router BGP configuration

router bgp 65000
    bgp router-id 1.1.1.1
    neighbor 10.0.0.1 remote-as 65000
    neighbor 10.0.0.1 update-source 10.0.0.2
    neighbor 20.0.0.1 remote-as 65000
    neighbor 20.0.0.1 update-source 20.0.0.2
    neighbor 30.0.0.1 remote-as 65000
    neighbor 30.0.0.1 update-source 30.0.0.2
    address-family l2vpn evpn
        neighbor 10.0.0.1 activate
        neighbor 10.0.0.1 route-reflector-client
        neighbor 10.0.0.1 send-community extended
        neighbor 20.0.0.1 activate
        neighbor 20.0.0.1 route-reflector-client
        neighbor 20.0.0.1 send-community extended
        neighbor 30.0.0.1 activate
        neighbor 30.0.0.1 route-reflector-client
        neighbor 30.0.0.1 send-community extended

CX1 BGP configuration

router bgp 65000
    bgp router-id 10.0.0.1
    neighbor 10.0.0.2 remote-as 65000
    address-family l2vpn evpn
        neighbor 10.0.0.2 activate
        neighbor 10.0.0.2 send-community extended

CX2 BGP configuration

router bgp 65000
    bgp router-id 20.0.0.1
    neighbor 20.0.0.2 remote-as 65000
    address-family l2vpn evpn
        neighbor 20.0.0.2 activate
        neighbor 20.0.0.2 send-community extended

CX3 BGP configuration

router bgp 65000
    bgp router-id 30.0.0.1
    neighbor 30.0.0.2 remote-as 65000
    address-family l2vpn evpn
        neighbor 30.0.0.2 activate
        neighbor 30.0.0.2 send-community extended

Let’s check BGP status.

Router# show bgp l2vpn evpn summary
VRF : default
BGP Summary
-----------
 Local AS               : 65000        BGP Router Identifier  : 1.1.1.1
 Peers                  : 3            Log Neighbor Changes   : No
 Cfg. Hold Time         : 180          Cfg. Keep Alive        : 60

 Neighbor        Remote-AS MsgRcvd MsgSent   Up/Down Time State        AdminStatus
 10.0.0.1        65000       11      12      00h:05m:37s  Established   Up
 20.0.0.1        65000       11      12      00h:05m:37s  Established   Up
 30.0.0.1        65000       9       13      00h:04m:25s  Established   Up

==============================================================================

CX1# show bgp l2vpn evpn summary
VRF : default
BGP Summary
-----------
 Local AS               : 65000        BGP Router Identifier  : 10.0.0.1
 Peers                  : 1            Log Neighbor Changes   : No
 Cfg. Hold Time         : 180          Cfg. Keep Alive        : 60

 Neighbor        Remote-AS MsgRcvd MsgSent   Up/Down Time State        AdminStatus
 10.0.0.2        65000       18      16      00h:06m:15s  Established   Up

You need to make sure that the State is Established on both ends. If it’s other than that, BGP peering is not complete.

If BGP state is ok on both ends then proceed to configure EVPN/VXLAN. The configurations on each switch are identical except source ip configuration.

CX1 EVPN/VXLAN configuration

evpn
    vlan 10
        rd auto
        route-target export auto
        route-target import auto
interface vxlan 1
    source ip 10.0.0.1
    no shutdown
    vni 10
        vlan 10

CX2 EVPN/VXLAN configuration

evpn
    vlan 10
        rd auto
        route-target export auto
        route-target import auto
interface vxlan 1
    source ip 20.0.0.1
    no shutdown
    vni 10
        vlan 10

CX3 EVPN/VXLAN configuration

evpn
    vlan 10
        rd auto
        route-target export auto
        route-target import auto
interface vxlan 1
    source ip 30.0.0.1
    no shutdown
    vni 10
        vlan 10

Once done, VPCs should be able to ping each other… let’s try.

VPCS> ping 192.168.10.2

84 bytes from 192.168.10.2 icmp_seq=1 ttl=64 time=3.133 ms
84 bytes from 192.168.10.2 icmp_seq=2 ttl=64 time=4.880 ms
^C
VPCS> ping 192.168.10.3

84 bytes from 192.168.10.3 icmp_seq=1 ttl=64 time=3.882 ms
84 bytes from 192.168.10.3 icmp_seq=2 ttl=64 time=4.362 ms
^C

Success! Check mac address table then you should see ‘evpn’ as Type.

CX1# show mac-address-table
MAC age-time            : 300 seconds
Number of MAC addresses : 3

MAC Address          VLAN     Type                      Port
--------------------------------------------------------------
00:50:79:66:68:06    10       evpn       vxlan1(30.0.0.1)
00:50:79:66:68:04    10       dynamic                   1/1/6
00:50:79:66:68:05    10       evpn       vxlan1(20.0.0.1)

You configured EVPN-based VXLAN successfully.

memorandum of network tech

I hope you find it useful.

Setting up EVPN-based VXLAN on ArubaOS-CX

Share this: