EVPN Integrated Routing and Bridging (IRB) has two options:
- Asymmetric IRB
- Symmetric IRB
Assymetric IRB
- Ingress VTEP does both L2 and L3 lookup
- Egress VTEP does L2 lookup only
- => Bridge - Route - Bridge
Pros: “easy” to configure - just copy/paste. Identical config with the only difference in SVI IP addresses.
Cons: on the way back, traffic will be reversed => all VXLANs need to be configured on all VTEPs => increased ARP cache and CAM table sizes and control plane scaling issue => not very efficient.
N5K1 Configuration
ip pim rp-address 1.1.1.3 group-list 224.0.0.0/4 bidir
vlan 10,20
vlan 10
vn-segment 101010
vlan 20
vn-segment 202020
interface Vlan10
no shutdown
_** ip address 10.10.10.1/24**_
interface Vlan20
no shutdown
_** ip address 20.20.20.2/24**_
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 101010
mcast-group 228.7.7.8
member vni 202020
mcast-group 228.7.7.9
interface Ethernet1/4
switchport mode trunk
_** switchport trunk allowed vlan 10**_
router bgp 1
log-neighbor-changes
neighbor 1.1.1.3
remote-as 1
update-source loopback0
address-family l2vpn evpn
send-community extended
neighbor 1.1.1.4
remote-as 1
update-source loopback0
address-family l2vpn evpn
send-community extended
evpn
vni 101010 l2
rd auto
route-target import auto
route-target export auto
vni 202020 l2
rd auto
route-target import auto
route-target export auto
**N5K2 **Configuration
ip pim rp-address 1.1.1.3 group-list 224.0.0.0/4 bidir
vlan 10,20
vlan 10
vn-segment 101010
vlan 20
vn-segment 202020
interface Vlan10
no shutdown
_** ip address 10.10.10.2/24**_
interface Vlan20
no shutdown
_** ip address 20.20.20.1/24**_
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 101010
mcast-group 228.7.7.8
member vni 202020
mcast-group 228.7.7.9
interface Ethernet1/4
switchport mode trunk
_** switchport trunk allowed vlan 20**_
router bgp 1
log-neighbor-changes
neighbor 1.1.1.3
remote-as 1
update-source loopback0
address-family l2vpn evpn
send-community extended
neighbor 1.1.1.4
remote-as 1
update-source loopback0
address-family l2vpn evpn
send-community extended
evpn
vni 101010 l2
rd auto
route-target import auto
route-target export auto
vni 202020 l2
rd auto
route-target import auto
route-target export auto
Here is a packet capture on the N5K2 switch, interface g0/2 between N5K1 and N5K2.
- Incoming Echo request from N5K1 is in VNI 202020
From R8 to R9 (red): R8 -> 10.10.10.1 (N5K1 SVI10) -> 20.20.20.2(N5K1 SVI20)-> 20.20.20.1 (N5K2 SVI20) -> R9 - Outgoing Echo reply to N5K1 is in VNI 101010
From R9 to R8 (orange): R9 ->20.20.20.1(N5K2 SVI20)->10.10.10.2(N5K2 SVI10)->10.10.10.2(N5K1 SVI10)->R8