When EVPN is enabled on a switch (VTEP), all locally defined VNIs on that switch and other information (such as MAC addresses) pertaining to them are advertised to EVPN peers. There is no provision to only announce certain VNIs.
- In a VXLAN active-active configuration, ARPs are sometimes not suppressed even if ARP suppression is enabled. This is because the neighbor entries are not synchronized between the two switches operating in active-active mode by a control plane. This has no impact on forwarding.
- You must configure the overlay (tenants) in a specific VRF(s) and separate from the underlay, which resides in the default VRF. A layer 3 VNI mapping for the default VRF is not supported.
- On the Broadcom Trident II+, Trident 3, and Maverick-based switch, when a lookup is done after VXLAN decapsulation on the external-facing switch (exit/border leaf), the switch does not rewrite the MAC addresses or TTL; for through traffic, packets are dropped by the next hop instead of correctly routing from a VXLAN overlay network into a non-VXLAN external network (such as the Internet). This applies to all forms of VXLAN routing (centralized, asymmetric and symmetric) and affects all traffic from VXLAN overlay hosts that need to be routed after VXLAN decapsulation on an exit/border leaf, including traffic destined to external networks (through traffic) and traffic destined to the exit leaf SVI address.
To work around this issue, modify the external-facing interface for each VLAN sub-interface on the exit leaf by creating a temporary VNI and associating it with the existing VLAN ID.
For example, if the expected interface configuration is:
Code Block language text
auto swp3.2001 iface swp3.2001 vrf vrf1 address 10.0.0.2/24 # where swp3 is the external facing port and swp3.2001 is the VLAN sub-interface auto bridge iface bridge bridge-vlan-aware yes bridge ports vx-4001 bridge-vids 4001 auto vx-4001 iface vx-4001 vxlan-id 4001 <... usual vxlan config ...> bridge-access 4001 # where vnid 4001 represents the L3 VNI auto vlan4001 iface vlan4001 vlan-id 4001 vlan-raw-device bridge vrf vrf1
Modify the configuration as follows:
Code Block language text
auto swp3 iface swp3 bridge-access 2001 # associate the port (swp3) with bridge 2001 auto bridge iface bridge bridge-vlan-aware yes bridge ports swp3 vx-4001 vx-16000000 bridge-vids 2001 # where vx-4001 is the existing VNI and vx-16000000 is a new temporary VNI # this is now bridging the port (swp3), the VNI (vx-4001), # and the new temporary VNI (vx-16000000) # the bridge VLAN IDsID is now 2001 auto vlan2001 iface vlan2001 vlan-id 2001 vrf vrf1 address 10.0.0.2/24 vlan-raw-device bridge # create a VLAN 2001 with the associated VRF and IP address auto vx-16000000 iface vx-16000000 vxlan-id 16000000 bridge-access 2001 <... usual vxlan config ...> # associate the temporary VNI (vx-16000000) with bridge 2001 auto vx-4001 iface vx-4001 vxlan-id 4001 <... usual vxlan config ...> bridge-access 4001 # where vnid 4001 represents the L3 VNI auto vlan4001 iface vlan4001 vlan-id 4001 vlan-raw-device bridge vrf vrf1
If an MLAG pair is used instead of a single exit/border leaf, add the same temporary VNIs on both switches of the MLAG pair.