Cisco NX-OS: VXLAN Asymmetric Routing

EVPN Integrated Routing and Bridging (IRB) has two options:

  • Asymmetric IRB
  • Symmetric IRB

Assymetric IRB

  • Ingress VTEP does both L2 and L3 lookup
  • Egress VTEP does L2 lookup only
  • => Bridge – Route – Bridge

Pros: “easy” to configure – just copy/paste. Identical config with the only difference in SVI IP addresses.

Cons: on the way back, traffic will be reversed => all VXLANs need to be configured on all VTEPs => increased ARP cache and CAM table sizes and control plane scaling issue => not very efficient.

N5K1 Configuration

ip pim rp-address 1.1.1.3 group-list 224.0.0.0/4 bidir

vlan 10,20
vlan 10
    vn-segment 101010
vlan 20
    vn-segment 202020

interface Vlan10
    no shutdown
    ip address 10.10.10.1/24

interface Vlan20
    no shutdown
    ip address 20.20.20.2/24

interface nve1
    no shutdown
    host-reachability protocol bgp
    source-interface loopback0
    member vni 101010
        mcast-group 228.7.7.8
    member vni 202020
        mcast-group 228.7.7.9

interface Ethernet1/4
    switchport mode trunk
    switchport trunk allowed vlan 10

router bgp 1
    log-neighbor-changes
    neighbor 1.1.1.3
        remote-as 1
        update-source loopback0
        address-family l2vpn evpn
            send-community extended
    neighbor 1.1.1.4
        remote-as 1
        update-source loopback0
      address-family l2vpn evpn
      send-community extended

evpn
    vni 101010 l2
        rd auto
        route-target import auto
        route-target export auto
    vni 202020 l2
        rd auto
        route-target import auto
        route-target export auto

N5K2 Configuration

ip pim rp-address 1.1.1.3 group-list 224.0.0.0/4 bidir

vlan 10,20
vlan 10
    vn-segment 101010
vlan 20
    vn-segment 202020

interface Vlan10
    no shutdown
    ip address 10.10.10.2/24

interface Vlan20
    no shutdown
    ip address 20.20.20.1/24

interface nve1
    no shutdown
    host-reachability protocol bgp
    source-interface loopback0
    member vni 101010
        mcast-group 228.7.7.8
    member vni 202020
        mcast-group 228.7.7.9

interface Ethernet1/4
    switchport mode trunk
    switchport trunk allowed vlan 20

router bgp 1
    log-neighbor-changes
    neighbor 1.1.1.3
        remote-as 1
        update-source loopback0
        address-family l2vpn evpn
            send-community extended
    neighbor 1.1.1.4
        remote-as 1
        update-source loopback0
        address-family l2vpn evpn
            send-community extended

evpn
    vni 101010 l2
        rd auto
        route-target import auto
        route-target export auto
    vni 202020 l2
        rd auto
        route-target import auto
        route-target export auto

Here is a packet capture on the N5K2 switch, interface g0/2 between N5K1 and N5K2.

  • Incoming Echo request from N5K1 is in VNI 202020
    From R8 to R9 (red): R8 -> 10.10.10.1 (N5K1 SVI10) -> 20.20.20.2(N5K1 SVI20)-> 20.20.20.1 (N5K2 SVI20) -> R9
  • Outgoing Echo reply to N5K1 is in VNI 101010
    From R9 to R8 (orange): R9 ->20.20.20.1(N5K2 SVI20)->10.10.10.2(N5K2 SVI10)->10.10.10.2(N5K1 SVI10)->R8 
Share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *