¶ Part 2: Create the tunnel; Check MAC Address-Table
• Part1: Underlay --> You Are Here --> Part3: MP-BGP
- CiscoLive: Introduction to VXLAN The Future Path of Your Data Center
https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2024/pdf/BRKDCN-1621.pdf - cisco: Troubleshooting BGP EVPN VXLAN (Ch. from EVPN Catalyst config guide)
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9400/software/release/17-5/configuration_guide/vxlan/b_175_bgp_evpn_vxlan_9400_cg/troubleshooting_bgp_evpn_vxlan.html - LATEST: https://lostintransit.se/2024/01/03/evpn-deepdive-route-types-2-and-3/
¶ Create User-Access-Ports, Add Clients PCs
User-Access-Ports will generate traffic that will be transported in the overlay
On leaf 1 : also create Client ports in VLAN 10
no cdp run
interface range gi 1/0/10 - 20
switchport mode access
switchport access vlan 10
On leaf 2 : also create Client ports in VLAN 20
no cdp run
interface range gi 1/0/10 - 20
switchport mode access
switchport access vlan 20
Connect PCs
- Connect pc-A to port 10 of Leaf-1 and give pc-A the IP 10.1.30.10/24
- Connect pc-B to port 10 of Leaf-2 and give pc-B the IP 10.1.30.20/24
¶ CHEAT (temporarily) with a Cable
Temporarily cheat with a cable, instead of a VXLAN-tunnel.
Connect one cable between Leaf-1 port 20 and Leaf-2 port 20
Assuming pc-A has MAC address 00:60:8c:11:11:11 and pc-B has MAC-address 00:60:8c:22:22:22, the verify with the show mac address-table command
Leaf-1
show mac address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 54bf.6411.1111 DYNAMIC Fa0/10 <---- pc-A
10 54bf.6422.2222 DYNAMIC Fa0/20 <---- Cable, pc-B
Total Mac Addresses for this criterion: 2
Leaf-2
show mac address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 54bf.6411.1111 DYNAMIC Fa0/10 <---- Cable, pc-A
10 54bf.6422.2222 DYNAMIC Fa0/20 <---- pc-B
Total Mac Addresses for this criterion: 2
WE HAVE NOW CREATED A LAYER-2 "TUNNEL", BY USING A CABLE
Please, check for yourself and note that pc-A can ping pc-B
(Double-check that they are in the same IP-subnet 10.1.30.0/24)
¶ Remove CHEAT
Remove the cable between Leaf-1 and Leaf-2
¶ Back to business
This is what we have, leaf-1,VLAN-10 has no connection to leaf-2,VLAN-20
This is what we want, a L2 VXLAN tunnel between spine1-vlan10 and spine2-vlan20
Terminology
-
VXLAN (Virtual Extensible LAN) - The technology that provides the same Ethernet Layer 2 network services as VLAN does today, but with greater extensibility and flexibility.
-
VTEP (Virtual Tunnel Endpoint) - This is the device that does the encapsulation and de-encapsulation.
-
EVI (EVPN instance): A logical switch within the EVPN domain which spans and interconnects multiple VTEPs to provide tenant Layer 2 and Layer 3 connectivity.
-
VNI (Vxlan Network Identifier) - 24 bit segment ID that defines the broadcast domain. Interchangeable with "VXLAN Segment ID".
-
NVE (Network Virtual Interface) - Logical interface where the encapsulation and de-encapsulation occur.
¶ Paste code into leafs
Paste code into leafs to create EVPN, EVI, VNI and map VLANs in the VTEPs
¶ Leaf-1
Leaf-01 (Base EVPN Config)
show run | sec l2vpn
l2vpn evpn
replication-type static
! OLD: flooding-suppression address-resolution disable
! ^^^ Disables ARP caching so ARP is always sent up to the CGW
router-id Loopback1
l2vpn evpn instance 30 vlan-based
encapsulation vxlan
!OLD: replication-type ingress
replication-type static
! multicast advertise enable <--- depricated, kanske
Leaf-01#
show run | sec vlan config
vlan configuration 10
member evpn-instance 30 vni 12300
Leaf-01#
show run int nve 1
interface nve1
no ip address
source-interface Loopback1
host-reachability protocol bgp
! OLD: "member vni 12300 ingress-replication", changed to
member vni 12300 mcast-group 239.30.30.30
ip bgp-community new-format
! ^^^ Required to see community in aa:nn format
¶ Leaf-2
Leaf-02 (Base EVPN Config)
show run | sec l2vpn
l2vpn evpn
replication-type static
! OLD: flooding-suppression address-resolution disable
! ^^^ Disables ARP caching so ARP is always sent up to the CGW
router-id Loopback2
l2vpn evpn instance 30 vlan-based
encapsulation vxlan
!OLD: replication-type ingress
replication-type static
! multicast advertise enable FINNS EJ, BORTTAGET
exit
Leaf-02
show run | sec vlan config
vlan configuration 20
member evpn-instance 30 vni 12300
exit
Leaf-02
show run int nve 1
interface nve1
no ip address
source-interface Loopback2
host-reachability protocol bgp
! OLD: "member vni 12300 ingress-replication", changed to
member vni 12300 mcast-group 239.30.30.30
ip bgp-community new-format
! ^^^ Required to see community in aa:nn format
*Sep 23 09:06:00.592: %LINK-3-UPDOWN: Interface nve1, changed state to down
*Sep 23 09:06:00.649: %LINK-3-UPDOWN: Interface nve1, changed state to up
*Sep 23 09:06:01.578: %LINEPROTO-5-UPDOWN: Line protocol on Interface nve1, > changed state to up
*Sep 23 09:06:01.629: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
¶ 
Test PC connectivity and fail
We have a very nice VXLAN "tunnel", but it has no idea where MAC-addresses.
It's the same thing as a L2-switch with empty MAC-address table and no flooding of unknowns.
Result:
Leaf-2#show mac address-table dynamic
Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 20 a4bb.6da2.e2a6 DYNAMIC Gi1/0/10 Total Mac Addresses for this criterion: 1
Leaf-2#show ip interf bri | incl up
Vlan1 unassigned YES unset up up GigabitEthernet1/0/3 10.0.3.2 YES manual up up GigabitEthernet1/0/4 10.0.4.2 YES manual up up GigabitEthernet1/0/10 unassigned YES unset up up Ap1/0/1 unassigned YES unset up up nve1 unassigned YES unset up up Loopback2 10.2.2.2 YES manual up up Tunnel0 10.0.4.2 YES unset up up Tunnel1 10.2.2.2 YES unset up up Leaf-2#
C:\pc-B> ping 10.1.30.10
Pinging 10.1.30.10 with 32 bytes of data:
Request timed out.
Request timed out.
Obviously we have no connectivity since MPBGP EVPN is not running 
¶ Again, verify Multicast
Please check if the multicast group 239.30.30.30 is present
Leaf-2#show ip mroute
IP Multicast Routing Table
< - - output omitted for clarity - - >(*, 239.30.30.30), 00:07:10/stopped, RP 10.3.3.3, flags: SJCx
Incoming interface: GigabitEthernet1/0/4, RPF nbr 10.0.4.3
Outgoing interface list:
Tunnel1, Forward/Sparse-Dense, 00:07:04/00:01:55
(*, 224.0.1.40), 00:21:08/00:02:54, RP 10.3.3.3, flags: SJCL
Incoming interface: GigabitEthernet1/0/4, RPF nbr 10.0.4.3
Outgoing interface list:
Loopback2, Forward/Sparse, 00:21:06/00:02:54
Please continue with next part
• Part1: Underlay --> You Are Here --> Part3: MP-BGP