Overview
This blog is a continuation of ‘Cisco VxLAN EVPN Route Leaking – 1’ – https://deliabtech.com/data-center/cisco-vxlan-evpn-route-leaking-1/ . The focus is on configuring route leaking through the use of Nexus Dashboard Fabric Controller (NDFC).
Topology
- NDFC eases the route leaking configuration on all leaf switches where the vrf requiring route leaking presents
- NDFC eases managing the configuration and identifying the leaf switches where the the vrf presents. Configuration done on the vrf and NDFC push the configuration to the switches based on the vrf attachment
- Traffic doesn’t cross the BL unnecessarily
Goal – Green vrf imports Blue & Orange vrfs and Blue & Orange vrfs import Green vrf
Assumptions
- The information in this document was created from the devices in a CML lab environment
- VxLAN EVPN fabric already configured with VRFs – Green (for shared services), Blue & Orange
- All hosts are working within their VRF
- The topology is built on CML
- CML version used for the lab – Version: 2.6.0+build.5
- NDFC version used for the lab – 12.1.3b
- In a live network environment , ensure that you understand the potential impact of any command
Configuration
1. log to NDFC
- navigate to LAN -> Fabrics
- Double click the fabric name – VxLAN-EVPN-Brownfield
2. Under Fabric Overview – VxLAN-EVPN-Brownfield page navigate to VRFs
Select vrf Blue -> Actions -> Edit
3. Under the Route Target tab input the route target of Green vrf and click ‘Save’
Repeat step 2 & 3 for Orange vrf with Green vrf route target and Green vrf with Blue & Orange route targets
4. Under Fabric Overview – VxLAN-EVPN-Brownfield page navigate to Actions -> Recalculate and Deploy
5. Review the configuration and click ‘Deploy All’
6. Confirm deployment is successful
Verification
Verify configuration
Confirm all switches have the intended configuration.
### BL-1, BL-2, L-1, L-2, L3 and L-4
vrf context blue
vni 30000
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
route-target import 65125:30002
route-target import 65125:30002 evpn
address-family ipv6 unicast
route-target both auto
route-target both auto evpn
route-target import 65125:30002
route-target import 65125:30002 evpn
vrf context green
vni 30002
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
route-target import 65125:30000
route-target import 65125:30000 evpn
route-target import 65125:30001
route-target import 65125:30001 evpn
address-family ipv6 unicast
route-target both auto
route-target both auto evpn
route-target import 65125:30000
route-target import 65125:30000 evpn
route-target import 65125:30001
route-target import 65125:30001 evpn
vrf context orange
vni 30001
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
route-target import 65125:30002
route-target import 65125:30002 evpn
address-family ipv6 unicast
route-target both auto
route-target both auto evpn
route-target import 65125:30002
route-target import 65125:30002 evpnVerify Reachability
### Host in Blue vrf (10.10.40.10) can ping host in Green vrf (10.10.20.10 & 10.10.30.10) but not 10.10.50.10 (host in Orange vrf)
cisco@S-3:~$ ping 10.10.20.10
PING 10.10.20.10 (10.10.20.10): 56 data bytes
64 bytes from 10.10.20.10: seq=0 ttl=63 time=11.394 ms
64 bytes from 10.10.20.10: seq=1 ttl=63 time=11.179 ms
64 bytes from 10.10.20.10: seq=2 ttl=63 time=49.660 ms
64 bytes from 10.10.20.10: seq=3 ttl=63 time=13.370 ms
^C
--- 10.10.20.10 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 11.179/21.400/49.660 ms
cisco@S-3:~$ ping 10.10.30.10
PING 10.10.30.10 (10.10.30.10): 56 data bytes
64 bytes from 10.10.30.10: seq=0 ttl=62 time=32.910 ms
64 bytes from 10.10.30.10: seq=1 ttl=62 time=61.656 ms
64 bytes from 10.10.30.10: seq=2 ttl=62 time=119.807 ms
64 bytes from 10.10.30.10: seq=3 ttl=62 time=32.202 ms
^C
--- 10.10.30.10 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 32.202/61.643/119.807 ms
cisco@S-3:~$ ping 10.10.50.10
PING 10.10.50.10 (10.10.50.10): 56 data bytes
^C
--- 10.10.50.10 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
### Host in Orange vrf (10.10.50.10) can ping host in Green vrf (10.10.20.10 & 10.10.30.10) but not 10.10.40.10 (host in Blue vrf)
cisco@S-4:~$ ping 10.10.20.10
PING 10.10.20.10 (10.10.20.10): 56 data bytes
64 bytes from 10.10.20.10: seq=0 ttl=62 time=43.396 ms
64 bytes from 10.10.20.10: seq=1 ttl=62 time=25.526 ms
64 bytes from 10.10.20.10: seq=2 ttl=62 time=32.482 ms
64 bytes from 10.10.20.10: seq=3 ttl=62 time=43.172 ms
^C
--- 10.10.20.10 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 25.526/36.144/43.396 ms
cisco@S-4:~$ ping 10.10.30.10
PING 10.10.30.10 (10.10.30.10): 56 data bytes
64 bytes from 10.10.30.10: seq=0 ttl=63 time=22.119 ms
64 bytes from 10.10.30.10: seq=1 ttl=63 time=12.706 ms
64 bytes from 10.10.30.10: seq=2 ttl=63 time=35.146 ms
64 bytes from 10.10.30.10: seq=3 ttl=63 time=13.180 ms
^C
--- 10.10.30.10 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 12.706/20.787/35.146 ms
cisco@S-4:~$ ping 10.10.40.10
PING 10.10.40.10 (10.10.40.10): 56 data bytes
^C
--- 10.10.40.10 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss### Host in Green vrf (10.10.30.10) can ping host in both Blue vrf (10.10.40.10) and Orange vrf (10.10.50.10)
cisco@S-2:~$ ping 10.10.40.10
PING 10.10.40.10 (10.10.40.10): 56 data bytes
64 bytes from 10.10.40.10: seq=0 ttl=62 time=37.432 ms
64 bytes from 10.10.40.10: seq=1 ttl=62 time=29.712 ms
64 bytes from 10.10.40.10: seq=2 ttl=62 time=36.582 ms
64 bytes from 10.10.40.10: seq=3 ttl=62 time=44.589 ms
^C
--- 10.10.40.10 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 29.712/37.078/44.589 ms
cisco@S-2:~$ ping 10.10.50.10
PING 10.10.50.10 (10.10.50.10): 56 data bytes
64 bytes from 10.10.50.10: seq=0 ttl=63 time=11.987 ms
64 bytes from 10.10.50.10: seq=1 ttl=63 time=13.386 ms
64 bytes from 10.10.50.10: seq=2 ttl=63 time=19.004 ms
64 bytes from 10.10.50.10: seq=3 ttl=63 time=20.352 ms
^C
--- 10.10.50.10 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 11.987/16.182/20.352 ms