EVPN VSX support

NOTE: VSX is not supported on the 6300 switch series.

VSX is a virtualization technology that presents the VSX pair as a single device to the layer 2 clients and as independent devices at layer 3. The VSX pair provides an MCLAG link towards the clients. The clients see the VSX-pair as a single switch, providing a redundant L2 connection to the clients. VSX acts in active-active mode which also provides load-balancing to the connected clients.

EVPN is supported with VSX in this release. The two VSX pairs act as independent BGP routing entities to the other VTEPs or spines for control packets. However, in the datapath, both of them act as a single logical VTEP. This is achieved by using different IP addresses for establishing the BGP session and using a common IP as next-hop to represent the VTEP.

Logical VTEP

Figure 6: EVPN VSX support: Logical VTEP
EVPN VSX support topology diagram for Logical IP

Both the VSX pairs are configured with a common Logical VTEP. The configuration has to be done on a loopback interface on both the VSX pairs. The underlay routing protocol (OSPF or even BGP) distributes this logical VTEP to all other VTEPs.

The Overlay routes are redistributed with the next-hop as the Logical VTEP. The Overlay packets reaching the Ingress VTEP get VXLAN encapsulated with the destination as the next-hop IP (common Logical VTEP if the destination is the VSX pair) and sent to one of the Spines.

The Spine does ECMP on the VXLAN packet and sends it to either Leaf1 or Leaf1’ since both VSX switches have connectivity to the common Logical VTEP.

Configuration recommendations for EVPN VSX support

  • Split recovery is enabled by default. While using EVPN and VSX together, this mode must be kept disabled to ensure that traffic always flows through primary when ISL and Keepalive are both down.

  • All the single homed hosts must be connected to the primary VSX Node. This is to ensure that traffic to single homed hosts are not affected when ISL/Secondary goes down.

  • The same Route Distinguisher (RD) must be configured in both the VSX peers. The RD must be unique across all the leafs except between VSX Peers.

  • Even in case of EBGP peering, both the VSX peers must be in the same AS.

  • The same VTEP IP must be configured on both the VSX peers.

  • The BGP source IP must be configured in both the VSX peers and it must be different from the logical VTEP. This is to ensure that logical VTEP is not used as the source IP for the BGP session establishment with the spine.

  • Routing session between VSX peers is recommended in case of upstream connectivity failure.

NOTE:

VSX active-sync is not supported for the VXLAN interface. Ensure that the configurations are in sync between the VSX switches.

Overlay VLANs must be allowed on the ISL for MAC/ARP sync so both devices can forward traffic.

For more details on VSX configurations, see the Virtual Switching Extension (VSX) Guide.