Now that the basics are out of the way, what are we going to build? Our manager has asked us to configure a spine and leaf fabric in the data center for a new service that is being deployed. The Logical connectivity of the fabric is:
This is going to be hands-on keyboard configuring. Now, I can hear people saying, “Mike, this is 2024; why are we not automating this?” Surprisingly, that is a simple answer. I firmly believe that you must fully understand how to configure something and how it works before you can even attempt to automate it. This series is about hands-on keyboards and the steps when configuring each part of an EVPN overlay on the Cisco Nexus 9300v platform.
If there is interest once this whole series is complete, I will re-do this series using either Python or Ansible. With that, here are the requirements that we were given.
Requirements
Several requirements will map to the features we need to enable. These requirements are as follows:
- Three tenants will be in this pod
- Use OSPF as the underlay
- Use iBGP for VTEP learning
- Use multicast for BUM traffic
You are looking at these requirements a little perplexed because they are so high-level and unlike anything your boss gave you. Maybe you are being tested! With that, this is the plan of attack you devised for the overlay.
Underlay Network
- Interfaces
- Links between devices must be /31’s and come from the subnet 10.0.0.0/24
- Loopback Addresses for the Router-ID should be /32’s and come from the subnet 10.1.0.0/24
- The interface name should be Loopback10
- BGP Peering Loopback Addresses should be /32’s and come from the subnet 10.10.10.0/24
- The interface name should be Loopback20
- IGP – OSPF
- Enable OSPF
- Process – UNDERLAY
- All addressed interfaces on the device should added to the routing protocol
- All links must be configured as point-to-point links
- All links must have authentication enabled with the following parameters
- Use Message Digest
- Password: P@55w0rd
- Use Message Digest
- Configure a router-id under the OSPF process from the address that is assigned to Loopback10
- Enable OSPF
- BGP
- Enable BGP and nv overlay edge
- Configure BGP
- ASN – 64512
- Peer with loopback20 addresses (10.10.10.x)
- Configure a router-id with the address that is assigned to loopback 10
- Spine switches are going to be route reflectors
- Authenticate peers with password **P@55w0rd!**
- Configure the spines to send communities and extended communities
- Configure neighbors in address family l2vpn evpn
- Configure the Spine with templates for ease of BGP configuration
- Multicast
- Enable PIM
- Using ip address 100.100.100.100 assigned to loopback 100
- Configure interface loopback0
- Configure with IP address 100.100.100.100/32
- Add to OSPF Process
- Configure PIM
- Configure Spine devices as Rendezvous points
- Using ip address 100.100.100.100 assigned to loopback0
- Only listen for groups belonging to 225.0.0.0/8
- Configure anycast RP on the spine switches
- Configure two entries with the RP being 100.100.100.100 and the IP of loopback 10
- This is from Spine-01 and Spine-02
- Configure two entries with the RP being 100.100.100.100 and the IP of loopback 10
- Configure PIM Sparse-Mode on all interfaces on both spines and leafs
- Enable PIM
VXLAN / EVPN Network
Features to enable
- feature fabric forwarding
- feature interface-vlan
- feature vn-segment-vlan-based
- feature nv overlay
Tenant Information
| Tenant | Layer 2 VLAN | Layer 3 VNI VLAN | Layer 2 VXLAN ID | Layer 3 VXLAN ID | Subnet Address | Multicast Address |
| Tenant_Red | 100 | 200 | 21000 | 32000 | 172.16.24.0/24 | 225.1.0.100 |
| Tenant_Blue | 150 | 250 | 21500 | 32500 | 172.18.24.0/24 | 225.1.0.150 |
| Tenant_Green | 350 | 450 | 23500 | 34500 | 172.18.26.0/24 | 225.1.1.150 |
VRF
- Configure VRFs for each tenant
- Set VNI to L3 VNI
- Set RD to Auto
- Under address family ipv4 unicast
- Set route-targets to auto for ipv4 and evpn
VLAN
- Configure VLANS with appropriate vn-segments
- VLAN 100 VXLAN21000
- VLAN 200 VXLAN32000
- VLAN 150 VXLAN21500
- VLAN 250 VXLAN32500
- VLAN 350 VXLAN23500
- VLAN 450 VXLAN34500
Layer 2 VNI Interface VLANs
- Add to appropriate VRF
- Configure fabric forwarding anycast gateway with MAC 0000.dead.beef
Layer 3 VNI Interface VLANs
- Configure L3 VXLAN interfaces
- Assign appropriate VRF to VLAN
- Configure IP forward
Network Virtualization Edge (NVE) Interface
- Configure BGP as the host reachability protocol
- The source interface should be loopback 1
- Create L2 member VNIs
- Suppress ARP
- configure multicast groups for each tenant
- Configure L3 member VNIs
As we complete parts of the lab, below are links to each of the individual configuration posts:
| Topic | Post |
| Configuring OSPF | EVPN Lab – OSPF Configuration |
| Configuring Multicast | EVPN Lab – Multicast Configuration |
| Configuring BGP | EVPN Lab – BGP Configuration |
| Configuring VXLAN and EVPN | EVPN Lab – VXLAN and EVPN Configuration |
We have our blueprint for building this network. We have added it to GitHub and will check the configs as we write them after verification. To follow along, you can visit this project GitHub here. I am merely using GitHub for version control and tracking each module.
When given requirements to build out parts of the network, do you have standards to follow? Are you given a list of requirements like this, or is it a combination of both? Let me know in the comments or on my socials. Next, we will set up OSPF in the underlay! Let’s get building!