VXLAN BGP-EVPN Multitenancy
VXLAN BGP-EVPN Multitenancy
Bridge Domain is said to be a broadcast domain that represents the scope of L2 network. In VXLAN network the Bridge domain extends up to 16 Million, segments of VNI. So with respect to VLAN, there are two types of encapsulation exits to allow mapping from VLAN to VNI and vice versa. This mapping is always configured on edge device or VTEP.
In VXLAN, the bridge domain consists of three components:
- The classical ethernet domain with the VLAN namespace
- VXLAN domain with the VNI name space
- Network switch with hardware/software bridge domain resource.
VLAN in VXLAN:
Most Servers send ethernet traffic which is encapsulated in certain VLAN. In ethernet segment VLAN must be spread across networks switch inorder to send the VLAN traffic from one switch to another with a limitation of 4K VLAN boundary.
With VXLAN, the VLAN became the Local identifier and VXLAN VNI becomes the Global identifier. All ends points that needs to communicate to each other must be in same Layer 2 VNI.
On a given edge device, 1:1 mapping between VLAN and VXLAN must be done.
In this way, the VLAN is the local identifier, and the VNI becomes the global identifier. The VLAN is now significant to that edge device only. In this way, different VLANs on different edge devices can map to the same VNI
Per-port VLAN uses the VLAN ID arriving on the wire that is stored in the dot1q header. The edge device immediately maps this wire VLAN to an encapsulation independent identifier without creating this VLAN on the switch and maps the wire VLAN to a VNI.
In the below figure the same VLAN 10 on two different ports (Ethernet 1/1 and Ethernet 1/2) maps to VNIs 20001 and 20002 respectively.
Sample Layer 2 VNI Configuration with per-Port VLAN Significance
To advertise the L2VNI in the BGP-based EVPN address family, configuration of the MAC-based EVPN instance is done. In order to uniquely identify the EVPN instance (EVI) within MP-BGP, the instance consists of a VNI (L2VNI) and a Route Distinguisher. In order to support MP-BGP route policies, appropriate Route Targets are defined to ensure that prefixes for the instances are being imported. The values chosen for the EVI are unique for the given instance because they are unique to the L2VNI.
Sample Configuration to Advertise Layer 2 VNI Routes into BGP EVPN
With the Cisco implementation of BGP-EVPN, the Route Distinguisher (RD) and route target (RT) values are derived automatically. The RD is generated from the router ID and the internal Layer 2 instance ID. The RT is derived from the autonomous system number (ASN) of BGP and the Layer 2 VNI (L2VNI). Note
that if eBGP is employed for the underlay, the RTs need to be manually configured because the ASN may be different for different edge devices.
Layer 2 Multitenancy: Mode of Operation
Layer 2 multitenancy in VXLAN allows two modes of operation
- VLAN-oriented mode
- Bridge domain (BD)-oriented mode
Layer 3 Multitenancy: Mode of Operation
Layer 3 VNI (L3VNI) is used as the identifier for the VRF in the routing context.
The VRF configuration in VXLAN-based Layer 3 consists of the name of the VRF and the respective VNI (L3VNI). All traffic routed within the VRF in a BGP EVPN VXLAN network is encapsulated with the L3VNI. L3VNI classify the VRF uniquely across the VXLAN-based network and its name assigned to the VRF is locally significant.
Each VRF has its unique Route Distinguisher (RD) through which a prefix can be uniquely identified. In addition to the Route Distinguisher, the VRF also contains Route Targets (RTs).
Basic VRF Configuration in a VXLAN BGP EVPN Network
VRF construct consists of a Route Distinguisher which is automatically derived from the BGP router ID and the internal VRF identifier (decimal number). The Route Targets are also automatically derived in the same manner. Using the BGP ASN together with the L3VNI enables the RT value to be unique for a given VRF. However, the RT value remains the same across all the edge devices in the same VRF.
The value of the L2VNI and L3VNI cannot overlap when the Layer 2 or Layer 3 instance is being configured. This same restriction also applies to the RT configuration.
To make the L3VNI associated with the VRF fully active, the following must be present:
- The L3VNI needs to be associated with the VTEP (NVE) interface.
- A core-facing VLAN or bridge domain must be associated with the L3VNI.
- A corresponding Layer 3 interface (SVI or BDI) must be created.
- This L3 interface must be associated with the VRF.
Sample BGP EVPN-Related VRF Configuration for Layer 3 Multitenancy
VRF-Related VLAN and Bridge Domain Configuration for Layer 3 Multitenancy .
VLAN Oriented Command Line Interface
Bridge-Domain Oriented Command Line Interface