---- __VXLAN NOTES__\\ * Uses UDP-4789 * VXLAN headers add 50 bytes to the original frame * Oreilly course: [[https://github.com/vinugenie/VXLAN-EVPN-Deep-Dive-Training]] ; {{ :virtualization:vxlanday137231677595753951.pdf |}} vni (vxlan) vtep ---->{[mac][ip][mac][ip]} MAC addresses conveyed via bgp. Datacenter. At the end of the day these are knobs to avoid using L3!. * ESI—An Ethernet segment must have a unique nonzero identifier, called the Ethernet segment identifier (ESI). The ESI is encoded as a 10-octet integer. When manually configuring an ESI value, the most significant octet, known as the type byte, must be 00. When a single-homed CE device is attached to an Ethernet segment, the entire ESI value is zero. The Ethernet segment of the multihomed Device CE1 has an ESI value of 00:11:22:33:44:55:66:77:88:99 assigned. The single-homed Device CE2 has an ESI value of 0. * EVI—An EVPN instance (EVI) is an EVPN routing and forwarding instance spanning all the PE routers participating in that VPN. An EVI is configured on the PE routers on a per-customer basis. Each EVI has a unique route distinguisher and one or more route targets.An EVI is configured on Routers PE1, PE2, and PE3. * Rest of the info in: [[https://www.juniper.net/documentation/en_US/junos/topics/concept/evpn-bgp-multihoming-overview.html]] Forward **BUM traffic**: * Multicast replication (underlay): todo * Ingress Replication (aka Headend Replication): Is a unicast approach to handle multi-destination trafffic. Handling BUM traffic in a network using ingress replication involves an ingress device replicating every BUM packet and sending them as a separate unicast to the remote egress devices. Enable via ''Route Type 3 (RT3)''. See [[https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/switches/lan/catalyst9500/software/release/16-11/configuration_guide/lyr2/b_1611_lyr2_9500_cg/configuring_vxlan_evpn_ingress_replication.html.xml|LINK]] ---- __EVPN NOTES - RFC 7432__ \\ **Simplifying to the maximum, we can say that EVPN is like L3VPN but for layer 2 (mac information).** EVPN can be seen as a way to fix L2VPN problem with L3VPN techniques (proper mac learning (no bum flooding) and so on)\\ [[https://my.ipspace.net/bin/list?id=EVPN]] \\ It uses MP-BGP mechanism and defines a new sub-address family, EVPN address family, in the L2VPN address family. * [[http://bgphelp.com/2017/05/22/evpn-route-types/|Route Types]]: {{:virtualization:evpn-route-types.jpg?600|}} Summary: * RT-2 for endpoint reachability. /32-MAC addresses. * RT-3 for ‘flooding’ (replication lists) * RT-4 for multihoming (more than 1 leave for one vtep) * RT-5 for external networks (external routes and ‘unlearned’ hosts (ie those not know by the fabric but connected to the fabric)) >> Underlay/Ovelay - rule of thumb: - OSPF for underlay unless scalability requirements (ebgp with 1 asn per spine); then iBGP for overlay - If scalability important, do ebgp for the underlay (with one single asn for spines) then iBGP for overlay : spines to have allow-as === Design Goals === Aggregate on the ToRs only. Use single, not dual tor. {{:virtualization:evpnv-goals1.png?400|}} If we want to grow further (ie: we run out of ports), we use multi-planar clos topologies. Full meshed 'pods' connect to planes Use BFD and be sure is lag and lacp aware ---- === LEAF AND SPINE WITH ARISTA SWITCHES === Arista Validated Designs * [[https://www.itential.com/network-automation-use-cases/vxlan-bgp-evpn-deployments/|Itential]] is vendor agnostic * CLOUDVISION (is ~Arista's aci) * [[https://www.inetsix.net/posts/avd-with-containerlab/]] * [[https://avd.sh/en/stable/]] and [[https://avd.arista.com/4.4/roles/eos_designs/index.html]] * Arista network with Cloudvision Portal. License automation option. Operationally simple and flexible show interfaces vxlan1 show vxlan address-table show vxlan vni show bgp evpn detail # to see the evpn routes show bgp evpn route-type mac-ip/imet/ip-prefix # to see the evpn rtypes 2,3,5 Note that, in evpn-vxlan, 85% of the configuration is community settings and its route maps. Automation helps a lot here. Also [[https://lostintransit.se/2016/02/25/ccde-bgp-convergence/|MRAI]] is covenient to be 0. Some implementation are still 30 seconds (specially for Internet) but we don't want that in the DC == Models == Try: DCS 7280, 7500, and 7800 ---- === LEAF AND SPINE WITH CISCO === * [[https://www.itential.com/network-automation-use-cases/vxlan-bgp-evpn-deployments/|Itential]] is vendor agnostic * This is a guide for ACI but we don't want aci[[https://unofficialaciguide.com/2023/02/16/cisco-nexus-9364c-gx-convertible-aci-leaf-or-spine-and-discovery-tips/|External Link]] * But we should be able to use some aternative designs TODO * Automation needs to be tough in advance, [[https://netcraftsmen.com/ways-to-automate-vxlan/|External Link]] * [[https://blogs.cisco.com/developer/automatingciscoevpnfabric01|Cisco-DCNM]] * Allows interacting with the fabric with **ansible and terraform** * [[https://packetpushers.net/podcast/heavy-networking-580-multivendor-evpn-nope/|other_options]] show interface nve ! displays NVE (VXLAN tunnel) interface status show interface nve detail ! shows detailed info: packet counters, drops, state show nve vni ! shows configured VNIs, their state, and bindings show nve peers ! displays remote VTEPs (VXLAN Tunnel Endpoints) show mac address-table dynamic ! lists learned MACs, including VXLAN-related ones show ip route vrf ! checks reachability within a VXLAN-associated VRF show arp vrf ! shows ARP table entries for a specific VRF show l2route evpn mac all ! shows learned MACs via EVPN control plane show l2route evpn mac-ip all ! includes MAC and IP bindings (Type 2 routes) show bgp l2vpn evpn ! general overview of BGP EVPN routes show bgp l2vpn evpn route-type mac-ip ! EVPN Type 2: MAC + IP advertisement show bgp l2vpn evpn route-type imet ! EVPN Type 3: multicast replication group show bgp l2vpn evpn route-type prefix ! EVPN Type 5: IP prefix route info == Models == * Leaf: N9364C * Spine: N93240YC ---- Juniper: * Mist for evpn TODO * [[https://netcraftsmen.com/ways-to-automate-vxlan/|Apstra]] ---- Cumulus: * Find their automation platform and mix it with best ansible Jinja templates