EVPN Integrated Routing and Bridging (IRB) has two options:

  • Asymmetric IRB
  • Symmetric IRB

Assymetric IRB

  • Ingress VTEP does both L2 and L3 lookup
  • Egress VTEP does L2 lookup only
  • => Bridge - Route - Bridge

Pros: “easy” to configure - just copy/paste. Identical config with the only difference in SVI IP addresses.

Cons: on the way back, traffic will be reversed => all VXLANs need to be configured on all VTEPs => increased ARP cache and CAM table sizes and control plane scaling issue => not very efficient.

N5K1 Configuration

ip pim rp-address 1.1.1.3 group-list 224.0.0.0/4 bidir

vlan 10,20  
vlan 10  
    vn-segment 101010  
vlan 20  
    vn-segment 202020

interface Vlan10  
    no shutdown  
_**    ip address 10.10.10.1/24**_

interface Vlan20  
    no shutdown  
_**    ip address 20.20.20.2/24**_

interface nve1  
    no shutdown  
    host-reachability protocol bgp  
    source-interface loopback0  
    member vni 101010  
        mcast-group 228.7.7.8  
    member vni 202020  
        mcast-group 228.7.7.9

interface Ethernet1/4  
    switchport mode trunk  
_**    switchport trunk allowed vlan 10**_

router bgp 1  
    log-neighbor-changes  
    neighbor 1.1.1.3  
        remote-as 1  
        update-source loopback0  
        address-family l2vpn evpn  
            send-community extended  
    neighbor 1.1.1.4  
        remote-as 1  
        update-source loopback0  
      address-family l2vpn evpn  
      send-community extended

evpn  
    vni 101010 l2  
        rd auto  
        route-target import auto  
        route-target export auto  
    vni 202020 l2  
        rd auto  
        route-target import auto  
        route-target export auto

**N5K2 **Configuration

ip pim rp-address 1.1.1.3 group-list 224.0.0.0/4 bidir

vlan 10,20  
vlan 10  
    vn-segment 101010  
vlan 20  
    vn-segment 202020

interface Vlan10  
    no shutdown  
_**    ip address 10.10.10.2/24**_

interface Vlan20  
    no shutdown  
_**    ip address 20.20.20.1/24**_

interface nve1  
    no shutdown  
    host-reachability protocol bgp  
    source-interface loopback0  
    member vni 101010  
        mcast-group 228.7.7.8  
    member vni 202020  
        mcast-group 228.7.7.9

interface Ethernet1/4  
    switchport mode trunk  
_**    switchport trunk allowed vlan 20**_

router bgp 1  
    log-neighbor-changes  
    neighbor 1.1.1.3  
        remote-as 1  
        update-source loopback0  
        address-family l2vpn evpn  
            send-community extended  
    neighbor 1.1.1.4  
        remote-as 1  
        update-source loopback0  
        address-family l2vpn evpn  
            send-community extended

evpn  
    vni 101010 l2  
        rd auto  
        route-target import auto  
        route-target export auto  
    vni 202020 l2  
        rd auto  
        route-target import auto  
        route-target export auto


Here is a packet capture on the N5K2 switch, interface g0/2 between N5K1 and N5K2.

  • Incoming Echo request from N5K1 is in VNI 202020
    From R8 to R9 (red): R8 -> 10.10.10.1 (N5K1 SVI10) -> 20.20.20.2(N5K1 SVI20)-> 20.20.20.1 (N5K2 SVI20) -> R9
  • Outgoing Echo reply to N5K1 is in VNI 101010
    From R9 to R8 (orange): R9 ->20.20.20.1(N5K2 SVI20)->10.10.10.2(N5K2 SVI10)->10.10.10.2(N5K1 SVI10)->R8