Layer 3 forwarding

EVPN uses EVPN gateways to provide Layer 3 forwarding services for hosts in VXLANs.

Integrated Routing and Bridging (IRB)

Integrated Routing and Bridging (IRB) is a solution which provides the routing operation to occur on the nearest VTEP for end hosts. The two forwarding models for IRB functionality are Asymmetric IRB and Symmetric IRB.

In the Asymmetric IRB model, the inter-subnet routing functionality is performed by the ingress VTEP, with the packet after the routing action being VXLAN bridged to the destination VTEP. The egress VTEP then only needs to remove the VXLAN header and forward the packet onto the local Layer 2 domain based on the VNI to VLAN mapping. In the return path, the routing functionality is reversed with the destination VTEP now performing the ingress routing and VXLAN bridging operation.
NOTE:

The current release supports Asymmetric Integrated Routing and Bridging (IRB) only.

Anycast gateway

To support inter-subnet forwarding on a VTEP, the VTEP acts as an IP Default Gateway from the perspective of the attached Tenant Systems, where the default gateway MAC and IP addresses are configured on each IRB interface associated with its subnet. All the VTEPs for a given tenant subnet use the same Anycast Default Gateway IP and MAC addresses. On each VTEP, the default Gateway IP and MAC addresses are configured on the IRB interfaces connecting to the Tenant Systems. Another option is to configure the same IP but different MACs across the VTEPs.

Anycast gateway configuration is done using the active-gateway command under an IRB interface. An example is as follows: 

switch(config)# interface vlan 10
switch(config-if-vlan)# active-gateway ip 10.1.1.1 mac 00:00:02:02:02:02

Active-gateway configuration recommendations for an EVPN environment

  • The active gateway virtual IP configured must not be the same as the physical IP address of the interface.

  • Same active gateway virtual IP and physical IP must not be configured for an EVPN environment else it can lead to flooding of data traffic.

  • Physical IP addresses configured on the IRB interface on VSX-primary and VSX-secondary must be different.

EVPN provides the following EVPN gateway placement designs:

  • Centralized EVPN gateway deployment—Uses one VTEP to provide Layer 3 forwarding for VXLANs. Typically, the gateway-collocated VTEP connects to other VTEPs and the external network.

  • Distributed EVPN gateway deployment—Deploys one EVPN gateway on each VTEP to provide Layer 3 forwarding for VXLANs at their respective sites. This design distributes the Layer 3 traffic load across VTEPs.

In either design, the gateways use virtual Layer 3 interfaces as gateway interfaces for VXLANs.
NOTE:

The current release only supports Centralized EVPN gateway deployment.