Complete Cisco Nexus VXLAN EVPN Configuration Guide – Part 2
This is Part 2 of the Cisco Nexus VXLAN series. In Part 1, the network used multicast flood-and-learn VXLAN architecture. This guide upgrades the deployment to a modern VXLAN EVPN fabric using BGP EVPN as the control plane.
Modern data centers no longer depend heavily on multicast flooding for MAC learning. Instead, they use BGP EVPN advertisements for scalable control-plane learning.
Related Article
Table of Contents
- 1. Introduction to VXLAN EVPN
- 2. Flood-and-Learn vs EVPN
- 3. EVPN Mathematics and Scaling
- 4. Task 1 – Nexus Initialization
- 5. Task 2 – IP Address Configuration
- 6. Task 3 – OSPF Underlay
- 7. Task 4 – Enabling VXLAN EVPN Features
- 8. Task 5 – VRF and L3VNI Configuration
- 9. Task 6 – SVI Configuration
- 10. Task 7 – Route Distinguisher and Route Targets
- 11. Task 8 – BGP EVPN Configuration
- 12. Task 9 – NVE Interface Configuration
- 13. Task 10 – VLAN to VNI Mapping
- 14. Task 11 – Anycast Gateway Configuration
- 15. Task 12 – Ingress Replication
- 16. Task 13 – EVPN VNI Configuration
- 17. Task 14 – Access Port Configuration
- 18. Task 15 – Host Configuration
- 19. Task 16 – Verification and Testing
- 20. Traditional Networks vs EVPN Fabrics
- 21. Why Modern Data Centers Use EVPN
- 22. Troubleshooting Commands
1. Introduction to VXLAN EVPN
VXLAN EVPN combines:
- VXLAN data-plane encapsulation
- BGP EVPN control-plane learning
Traditional VXLAN used multicast flood-and-learn behavior.
Modern EVPN uses:
BGP to distribute MAC and IP information.
This significantly reduces unnecessary flooding.
2. Flood-and-Learn vs EVPN
| Flood-and-Learn VXLAN | VXLAN EVPN |
|---|---|
| Uses multicast heavily | Uses BGP control plane |
| Data-plane MAC learning | Control-plane MAC learning |
| More flooding | Minimal flooding |
| Less scalable | Cloud-scale architecture |
| Harder troubleshooting | Better visibility |
3. EVPN Mathematics and Scaling
Traditional VLAN Scaling
\\[ 2^{12} = 4096 \\]
Usable VLANs:
\\[ 4096 - 2 = 4094 \\]
VXLAN VNI Scaling
VXLAN uses 24-bit VNIs:
\\[ 2^{24} = 16,777,216 \\]
Flood Reduction Formula
Traditional flooding:
\\[ Traffic \\propto Hosts \\]
EVPN advertisements:
\\[ Traffic \\propto Changes \\]
This drastically reduces unnecessary traffic.
4. Task 1 – Nexus Initialization
switch setup
Enter the password for admin: Cisco123
Confirm the password: Cisco123
The initial setup process configures the admin account and prepares the Nexus switches for VXLAN EVPN deployment.
5. Task 2 – IP Address Configuration
R1 Configuration
hostname R1
interface e0/0
ip address 10.10.10.1 255.255.255.0
duplex full
no shutdown
interface e0/1
ip address 10.20.20.1 255.255.255.0
duplex full
no shutdown
interface loopback0
ip address 1.1.1.1 255.255.255.255
NX-01
hostname NX-01
interface loopback0
ip address 192.168.1.1/32
interface ethernet1/1
no switchport
ip address 10.10.10.11/24
no shutdown
NX-02
hostname NX-02
interface loopback0
ip address 192.168.1.2/32
interface ethernet1/1
no switchport
ip address 10.20.20.22/24
no shutdown
Loopback interfaces are extremely important because they provide stable VTEP addresses for the VXLAN tunnels.
6. Task 3 – OSPF Underlay
The underlay network provides IP connectivity between the VTEPs.
R1 OSPF
router ospf 1
router-id 1.1.1.1
network 10.0.0.0 0.255.255.255 area 0
network 1.0.0.0 0.255.255.255 area 0
NX-01
feature ospf
router ospf 1
router-id 11.11.11.11
interface loopback0
ip router ospf 1 area 0
interface ethernet1/1
ip router ospf 1 area 0
NX-02
feature ospf
router ospf 1
router-id 22.22.22.22
interface loopback0
ip router ospf 1 area 0
interface ethernet1/1
ip router ospf 1 area 0
OSPF Cost Formula
\\[ Cost = \\frac{Reference\\ Bandwidth}{Interface\\ Bandwidth} \\]
7. Task 4 – Enabling VXLAN EVPN Features
Several Nexus features must be enabled before EVPN can operate.
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
nv overlay evpn
Feature Explanation
| Feature | Purpose |
|---|---|
| feature bgp | Enables BGP routing process |
| feature interface-vlan | Allows SVI interfaces |
| feature vn-segment-vlan-based | Enables VLAN to VNI mapping |
| feature nv overlay | Enables VXLAN overlay functionality |
| nv overlay evpn | Activates EVPN control-plane |
8. Task 5 – VRF and L3VNI Configuration
The VRF separates routing tables for tenant isolation.
Configuration
vrf context NEXUS
vlan 101
vn-segment 100101
Why L3VNI Exists
L2VNI handles Layer 2 extension.
L3VNI handles inter-VXLAN routing.
9. Task 6 – SVI Configuration
interface vlan101
vrf member NEXUS
ip forward
no shutdown
The SVI becomes the routed gateway for the VRF.
10. Task 7 – Route Distinguisher and Route Targets
vrf context NEXUS
vni 100101
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
Why RD and RT Matter
| Attribute | Purpose |
|---|---|
| RD | Makes routes unique |
| RT | Controls route import/export |
Route Scaling Mathematics
Without RDs:
\\[ Duplicate\\ Prefixes = Routing\\ Conflict \\]
With RDs:
\\[ Unique\\ RD + Prefix = Unique\\ VPN\\ Route \\]
11. Task 8 – BGP EVPN Configuration
NX-01
router bgp 100
router-id 11.11.11.11
neighbor 192.168.1.2
remote-as 100
update-source loopback0
address-family l2vpn evpn
send-community extended
vrf NEXUS
address-family ipv4 unicast
NX-02
router bgp 100
router-id 22.22.22.22
neighbor 192.168.1.1
remote-as 100
update-source loopback0
address-family l2vpn evpn
send-community extended
vrf NEXUS
address-family ipv4 unicast
Why Extended Communities Are Required
EVPN relies heavily on route-target information stored inside BGP extended communities.
12. Task 9 – NVE Interface Configuration
interface nve1
no shutdown
source-interface loopback0
host-reachability protocol bgp
member vni 100101 associate-vrf
The NVE interface acts as the VXLAN tunnel endpoint.
13. Task 10 – VLAN to VNI Mapping
vlan 11
vn-segment 10011
vlan 22
vn-segment 10022
Mapping Logic
| VLAN | VNI |
|---|---|
| 11 | 10011 |
| 22 | 10022 |
14. Task 11 – Anycast Gateway Configuration
Anycast Gateway allows hosts to use the same default gateway regardless of physical location.
fabric forwarding anycast-gateway-mac 0001.1111.1111
interface vlan11
vrf member NEXUS
ip address 10.11.11.254/24
no shutdown
fabric forwarding mode anycast-gateway
interface vlan22
vrf member NEXUS
ip address 10.22.22.254/24
no shutdown
fabric forwarding mode anycast-gateway
Why Anycast Gateway Matters
Without Anycast Gateway:
- Hosts may require trombone routing
- Mobility becomes difficult
- Traffic paths become inefficient
Anycast Mathematical Advantage
Traditional centralized gateway:
\\[ Latency = Access + Core + Distribution \\]
Distributed Anycast Gateway:
\\[ Latency = Local\\ Leaf\\ Gateway \\]
15. Task 12 – Ingress Replication
interface nve1
member vni 10011
ingress-replication protocol bgp
member vni 10022
ingress-replication protocol bgp
Why Ingress Replication Replaced Multicast
Modern EVPN environments avoid multicast dependency.
Ingress replication uses BGP learned peer lists instead.
16. Task 13 – EVPN VNI Configuration
evpn
vni 10011 l2
rd auto
route-target both auto
vni 10022 l2
rd auto
route-target both auto
The EVPN stanza defines Layer 2 EVPN services for each VNI.
17. Task 14 – Access Port Configuration
interface ethernet1/2
switchport mode access
switchport access vlan 11
interface ethernet1/3
switchport mode access
switchport access vlan 22
These ports connect directly to host devices.
18. Task 15 – Host Configuration
SW1
ip routing
interface e0/0
no switchport
ip address 10.11.11.1 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.11.11.254
SW2
ip routing
interface e0/0
no switchport
ip address 10.22.22.2 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.22.22.254
SW3
ip routing
interface e0/0
no switchport
ip address 10.11.11.3 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.11.11.254
SW4
ip routing
interface e0/0
no switchport
ip address 10.22.22.4 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.22.22.254
19. Task 16 – Verification and Testing
Ping Tests
ping 10.11.11.3
ping 10.22.22.2
ping 10.22.22.4
MAC Verification Commands
show l2route evpn mac all
show l2route evpn mac-ip all
Sample Output
Topology Mac Address Prod Flags Seq No Next-Hops
----------- -------------- ------ ------------- ---------- ----------------
10011 000c.29aa.bbcc BGP -- 0 192.168.1.2
20. Traditional Networks vs EVPN Fabrics
| Traditional Data Center | VXLAN EVPN Fabric |
|---|---|
| Spanning Tree | ECMP Layer 3 Fabric |
| Centralized Gateway | Distributed Anycast Gateway |
| Large Failure Domains | Isolated Segments |
| Manual MAC Learning | BGP EVPN Learning |
| Limited Scale | Cloud-Scale Design |
21. Why Modern Data Centers Use EVPN
- Supports massive cloud-scale deployments
- Reduces flooding
- Improves convergence speed
- Enables workload mobility
- Supports automation platforms
- Improves multi-tenancy
- Works efficiently with Kubernetes and virtualization
VXLAN EVPN has become the standard architecture for modern enterprise and cloud data centers because it combines scalable overlays with efficient BGP-based control-plane learning.
22. Troubleshooting Commands
| Command | Purpose |
|---|---|
| show nve peers | Verify VXLAN peers |
| show nve vni | Verify VNI status |
| show bgp l2vpn evpn summary | Verify EVPN neighbors |
| show l2route evpn mac all | Verify MAC advertisements |
| show l2route evpn mac-ip all | Verify IP-to-MAC bindings |
| show ip route vrf NEXUS | Verify VRF routing table |
Final Thoughts
This lab demonstrates a complete migration from traditional multicast flood-and-learn VXLAN architecture to a modern BGP EVPN fabric.
Understanding these concepts is critical for engineers working with:
- Cisco Nexus switches
- Modern data centers
- Private cloud deployments
- Kubernetes networking
- VMware NSX integrations
- Multi-tenant environments
- Cloud-scale networking
Modern VXLAN EVPN architectures provide significantly better scalability, visibility, operational efficiency, and convergence compared to traditional Layer 2 designs.
No comments:
Post a Comment