Cisco | VXLAN Multi Tenancy (BGP EVPN)

Kalau kita perhatikan pada Lab sebelumnya VXLAN Static Peer kita menggunakan konsept bridging (Data Plane) yg bekerja di Layer 2. Artinya VXLAN menghubungkan device dengan VNI ID yg sama (sesama vlan), Untuk bs menghubungkan VNI ID yg berbeda maka harus menggunakan VXLAN Layer 3 (Control Plane) dengan bantuan BGP EVPN.

Sekang kita konfigurasi masing-masing router yaitu IP address, router ospf

Leaf-1
Aktifkan feature-feature yg dibutuhkan untuk Nexus Switch
license grace-period
feature ospf
feature bgp
feature interface-vlan
feature nv overlay
feature nv overlay evpn
feature vn-segment-vlan-based
install feature-set fex
install feature-set fabric
feature fabric forwarding
#bootflash:nxos.7.0.3.I5.2.bin
------------------------
license grace-period
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
nv overlay evpn
=====================================

interface ethernet 1/1
des LINK TO SIPNE
no switchport
ip address 10.1.1.2/30
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
no shut
exit

int loo0
ip add 1.1.1.1/32
#ip pim sparse-mode
ip router ospf 100 area 0.0.0.0
exit
router ospf 100
router-id 1.1.1.1
exit

Konfigurasi Switch Leaf-2
feature ospf
feature bgp
feature interface-vlan
feature nv overlay
feature nv overlay evpn
feature vn-segment-vlan-based
feature fabric forwarding
boot nxos bootflash:nxos.7.0.3.I5.2.bin

interface ethernet 1/1
des LINK TO SIPNE
no switchport
ip address 10.2.2.2/30
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
no shut
exit

int loo0
ip add 2.2.2.2/32
#ip pim sparse-mode
ip router ospf 100 area 0.0.0.0
exit

router ospf 100
router-id 2.2.2.2
exit

Konfigurasi Switch SPINE
feature ospf
feature interface-vlan
feature nv overlay
nv overlay evpn
feature vn-segment-vlan-based
boot nxos bootflash:nxos.7.0.3.I5.2.bin

interface ethernet 1/1
des LINK TO SIPNE
no switchport
ip address 10.1.1.1/30
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
no shut
exit

interface ethernet 1/2
des LINK TO SPINE
no switchport
ip address 10.2.2.1/30
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
no shut
exit

int loo0
ip add 3.3.3.3/32
ip router ospf 100 area 0.0.0.0
exit
router ospf 100
router-id 3.3.3.3
exit

Konfigurasi L2VNI untuk me-mapping ID ke VNI yg akan digunakan, sekaligus assign VLAN ke ID interface

Switch Leaf-1
vlan 100
vn-segment 100100
exit
vlan 200
vn-segment 100200
exit

Next..konfig interface dan assign ke VLAN yg nantinya link ke end-point (pc-user).

interface ethernet 1/2
switchport
no shut
switchport mode access
switchport access vlan 100
exit

interface ethernet 1/3
switchport
no shut
switchport mode access
switchport access vlan 200
exit

Switch Leaf-2
vlan 100
vn-segment 100100
exit
vlan 200
vn-segment 100200
exit

Next..konfig interface dan assign ke VLAN yg nantinya link ke end-point (pc-user).

interface ethernet 1/2
switchport
no shut
switchport mode access
switchport access vlan 100
exit

interface ethernet 1/3
switchport
no shut
switchport mode access
switchport access vlan 200
exit

Nex....Konfigurasi Fabric Forwarding dan VRF di masing-masing switch Leaf.
Swith Leaf-1

fabric forwarding anycast-gateway-mac 0000.dc01.dc01
vlan 401
vn-segment 400001
vrf context Tenant-A
vni 400001
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn

interface vlan 100
no shutdown
vrf member Tenant-A
ip address 192.168.100.254/24
fabric forwarding mode anycast-gateway
exit

interface vlan 200
no shutdown
vrf member Tenant-A
ip address 192.168.200.254/24
fabric forwarding mode anycast-gateway
exit

Swith Leaf-2
fabric forwarding anycast-gateway-mac 0000.dc01.dc01
vlan 401
vn-segment 400001
vrf context Tenant-A
vni 400001
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn

interface vlan 100
no shutdown
vrf member Tenant-A
ip address 192.168.100.254/24
fabric forwarding mode anycast-gateway
exit

interface vlan 200
no shutdown
vrf member Tenant-A
ip address 192.168.200.254/24
fabric forwarding mode anycast-gateway
exit

Konfig BGP di Leaf-1 dan Leaf-2
Switch Leaf-1
router bgp 65535
router-id 1.1.1.1
neighbor 3.3.3.3
remote-as 65535
update-source loopback 0
address-family l2vpn evpn
send-community
send-community extended
vrf Tenant-A
address-family ipv4 unicast
advertise l2vpn evpn

evpn
vni 100100 l2
rd auto
route-target import auto
route-target export auto

vni 100200 l2
rd auto
route-target import auto
route-target export auto

interface nve 1
no shutdown
host-reachability protocol bgp
source-interface loopback 0
member vni 100100
suppress-arp
mcast-group 225.1.1.1
ingress-replication protocol bgp
member vni 400001 associate-vrf
member vni 100200
suppress-arp
ingress-replication protocol bgp
member vni 400001 associate-vrf
exit

Switch Leaf-2
router bgp 65535
router-id 2.2.2
neighbor 3.3.3.3
remote-as 65535
update-source loopback 0
address-family l2vpn evpn
send-community
send-community extended
vrf Tenant-A
address-family ipv4 unicast
advertise l2vpn evpn

evpn
vni 100100 l2
rd auto
route-target import auto
route-target export auto
vni 100200 l2
rd auto
route-target import auto
route-target export auto

interface nve 1
no shutdown
host-reachability protocol bgp
source-interface loopback 0
member vni 100100
suppress-arp
mcast-group 225.1.1.1
ingress-replication protocol bgp
member vni 400001 associate-vrf
member vni 100200
suppress-arp
ingress-replication protocol bgp
member vni 400001 associate-vrf
exit

Biasanya ketika input suppres-arp akan ada error karena kita diminta untuk mengkonfig TCAM terlebih dahulu.

Verifikasi TCAM :
Leaft-1 dan Leaf-2
Leaf-1# sho hardware access-list tcam region | i arp
               Ingress ARP-Ether ACL [arp-ether] size =    0

Leaf-1# sho hardware access-list tcam region | i span
                                     SPAN [span] size = 256
                     SPAN+sFlow ACL [span-sflow] size =    0

Leaf-1# sho hardware access-list tcam region | i vacl
                                IPV4 VACL [vacl] size =    0
                           IPV6 VACL [ipv6-vacl] size =    0
                             MAC VACL [mac-vacl] size =    0
                         Egress IPV4 VACL [vacl] size =    0
                    Egress IPV6 VACL [ipv6-vacl] size =    0
                      Egress MAC VACL [mac-vacl] size =    0
Leaf-1#

Lanjut Konfigurasi TCAM nya di Leaf-1 dan Leaf-2, ganti nilai TCAM nya menjadi :
Nilai Span menjadi 0
Nilai VACL menjadi 0
Nilaui ARP Ether menjadi 256

lanjut konfig merubah nilai TCAM di Leaf-1 dan Leaf-2
hardware access-list tcam region span 0
hardware access-list tcam region vacl 0
hardware access-list tcam region arp-ether 256

lalu simpan...
copy running-config startup-config

Lanjut konfigurasi di SPINE. Peran router spine disini adalah untuk menghubungkan antar leaf yaitu leaf-1 dan leaf-2
SPINE
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
nv overlay evpn

interface Ethernet1/1
description LINK TO SIPNE
no switchport
ip address 10.1.1.1/30
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
no shutdown
exit

interface Ethernet1/2
description LINK TO SPINE
no switchport
ip address 10.2.2.1/30
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
no shutdown
exit

interface loopback0
ip address 3.3.3.3/32
ip router ospf 100 area 0.0.0.0

router ospf 100
router-id 3.3.3.3
exit

router bgp 65535
router-id 3.3.3.3
neighbor 1.1.1.1
remote-as 65535
update-source loopback 0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client

neighbor 2.2.2.2
remote-as 65535
update-source loopback 0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
exit

VERIFIKASI (LEAF-1 & LEAF-2)
sh ip interface brief vrf all | i up
sh bgp l2vpn evpn summary
show nve vni interface nve1
show l2route evpn mac-ip all
sh nve interface