EVPN Integrated Routing and Bridging (IRB) has two options:

  • Asymmetric IRB (increased ARP cache and CAM table sizes and control plane scaling issue)
  • Symmetric IRB

Symmetric IRB

  • Ingress VTEP does both L2 and L3 lookup
  • Egress VTEp does both L3 and L2 lookup
  • => Bridge - Route - Route - Bridge

L3 VNI should be configured on all VTEPS, L2 VNIs only where local ports exist

N5K1 Configuration

fabric forwarding anycast-gateway-mac 1234.1234.1234  
!  
! VLAN to VNI mappings  
vlan 10  
   vn-segment 101010  
vlan 30 
   vn-segment 303030  
!  
! VRF to VNI mapping  
vrf context CUSTOMER1  
   vni 303030  
   rd auto  
   address-family ipv4 unicast  
       route-target both auto  
     route-target both auto evpn 
! advertise to both ipv4 unicast and l2vpn evpn  
!  
interface Vlan10  
   no shutdown  
   vrf member CUSTOMER1  
   ip address 10.10.10.1/24  
   fabric forwarding mode anycast-gateway  
!  
! Shared L3 VNI  
interface Vlan30  
   no shutdown  
   vrf member CUSTOMER1  
   ip forward  
!  
interface nve1  
   no shutdown  
   host-reachability protocol bgp  
   source-interface loopback0  
   member vni 101010  
       mcast-group 228.7.7.8  
   member vni 303030 associate-vrf  
!  member vni 303030 associate-vrf <---- L3 segment_  
!  
router bgp 1  
   log-neighbor-changes  
   neighbor 1.1.1.3  
       remote-as 1  
       update-source loopback0  
       address-family l2vpn evpn  
           send-community extended  
   neighbor 1.1.1.4  
       remote-as 1  
       update-source loopback0  
       address-family l2vpn evpn  
           send-community extended  
   vrf CUSTOMER1  
       address-family ipv4 unicast  
           redistribute direct route-map PERMIT  
!  
evpn  
   vni 101010 l2  
       rd auto  
       route-target import auto  
        route-target export auto

N5K2 Configuration

fabric forwarding anycast-gateway-mac 1234.1234.1234  
!  
! VLAN to VNI mappings  
vlan 20  
   vn-segment 202020  
vlan 30  
   vn-segment 303030  
!  
! VRF to VNI mapping  
vrf context CUSTOMER1  
   vni 303030  
   rd auto  
   address-family ipv4 unicast  
       route-target both auto  
     route-target both auto evpn
! advertise to both ipv4 unicast and l2vpn evpn  
!  
interface Vlan20  
   no shutdown  
   vrf member CUSTOMER1  
   ip address 20.20.20.1/24  
   fabric forwarding mode anycast-gateway  
!  
! Shared L3 VNI  
interface Vlan30  
   no shutdown  
   vrf member CUSTOMER1  
   ip forward  
!  
interface nve1  
   no shutdown  
   host-reachability protocol bgp  
   source-interface loopback0  
   member vni 202020  
       mcast-group 228.7.7.9  
   member vni 303030 associate-vrf 
!  member vni 303030 associate-vrf <---- L3 segment 
!  
router bgp 1  
   log-neighbor-changes  
   neighbor 1.1.1.3  
       remote-as 1  
       update-source loopback0  
       address-family l2vpn evpn  
           send-community extended  
   neighbor 1.1.1.4  
       remote-as 1  
       update-source loopback0  
       address-family l2vpn evpn  
           send-community extended  
   vrf CUSTOMER1  
       address-family ipv4 unicast  
           redistribute direct route-map PERMIT  
!  
evpn  
   vni 202020 l2  
       rd auto  
       route-target import auto  
        route-target export auto

Here is a packet capture on the N5K2 switch, interface g0/2 between N5K1 and N5K2:



The route is only generated, when there is traffic going to the destination -> route to 20.20.20.9/32: