Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated config examples for symmetric mode

...

  • When EVPN is enabled on a switch (VTEP), all locally defined VNIs on that switch and other information (such as MAC addresses) pertaining to them are advertised to EVPN peers. There is no provision to only announce certain VNIs.

  • In a VXLAN active-active configuration, ARPs are sometimes not suppressed even if ARP suppression is enabled. This is because the neighbor entries are not synchronized  between the two switches operating in active-active mode by a control plane. This has no impact on forwarding.
  • You must configure the overlay (tenants) in a specific VRF(s) and separate from the underlay, which resides in the default VRF. A layer 3 VNI mapping for the default VRF is not supported.
  • On the Broadcom Trident II+, Trident 3, and Maverick-based switch, when a lookup is done after VXLAN decapsulation on the external-facing switch (exit/border leaf), the switch does not rewrite the MAC addresses or TTL; for through traffic, packets are dropped by the next hop instead of correctly routing from a VXLAN overlay network into a non-VXLAN external network (such as the Internet). This applies to all forms of VXLAN routing (centralized, asymmetric and symmetric) and affects all traffic from VXLAN overlay hosts that need to be routed after VXLAN decapsulation on an exit/border leaf, including traffic destined to external networks (through traffic) and traffic destined to the exit leaf SVI address.

    To work around this issue, modify the external-facing interface for each VLAN sub-interface on the exit leaf by creating a temporary VNI and associating it with the existing VLAN ID.

    For example, if the expected interface configuration is:

    Code Block
    languagetext
    auto swp3.2001
    iface swp3.2001
        vrf vrf1
        address 10.0.0.2/24
    # where swp3 is the external facing port and swp3.2001 is the VLAN sub-interface
    
    auto bridge
    iface bridge
        bridge-vlan-aware yes
        bridge ports vx-4001
        bridge-vids 4001
    
    auto vx-4001
    iface vx-4001
        vxlan-id 4001
        <... usual vxlan config ...>
        bridge-access 4001
    # where vnid 4001 represents the L3 VNI
    
    auto vlan4001
    iface vlan4001
        vlan-id 4001
        vlan-raw-device bridge
        vrf vrf1

    Modify the configuration as follows:

    Code Block
    languagetext
    auto swp3
    iface swp3
        bridge-access 2001
    # associate the port (swp3) with bridge 2001
    
    auto bridge
    iface bridge
        bridge-vlan-aware yes
        bridge ports swp3 vx-4001 vx-16000000
        bridge-vids 2001
    # where vx-4001 is the existing VNI and vx-16000000 is a new temporary VNI
    # this is now bridging the port (swp3), the VNI (vx-4001),
    # and the new temporary VNI (vx-16000000)
    # the bridge VLAN IDsID is now 2001
    
    auto vlan2001
    iface vlan2001
        vlan-id 2001
        vrf vrf1
        address 10.0.0.2/24
        vlan-raw-device bridge
    # create a VLAN 2001 with the associated VRF and IP address
    
    auto vx-16000000
    iface vx-16000000
        vxlan-id 16000000
        bridge-access 2001
        <... usual vxlan config ...>
    # associate the temporary VNI (vx-16000000) with bridge 2001
    
    auto vx-4001
    iface vx-4001
        vxlan-id 4001
        <... usual vxlan config ...>
        bridge-access 4001
    # where vnid 4001 represents the L3 VNI
    
    auto vlan4001
    iface vlan4001
        vlan-id 4001
        vlan-raw-device bridge
        vrf vrf1

    If an MLAG pair is used instead of a single exit/border leaf, add the same temporary VNIs on both switches of the MLAG pair.

...