The configuration steps for EVPN (Ethernet VPN) are described below.

The EVPN feature has the following capabilities and limitations:
  • Two modes are supported: Inline and Route Server. In Inline mode, the Edge node handles both control plane and data plane traffic. In Route Server mode, the Edge node handles control plane traffic only. This means that data flows directly between the vRouters running on the ESXi hosts and the physical gateways.
  • Multi-Protocol BGP (MP-BGP) EVPN between NSX Edge and physical routers.
  • NSX Overlay used as the overlay for MP-BGP EVPN.
  • Multi-tenancy in MP-BGP EVPN by using VRF instances.
  • Support for EVPN type-5 routes.
  • NSX-T generates unique router MAC for every NSX Edge VTEP in the EVPN domain. However, there may be other nodes in the network that are not managed by NSX-T, for example, physical routers. You must make sure that the router MACs are unique across all the VTEPs in the EVPN domain.
  • The EVPN feature supports NSX Edge to be either the ingress or the egress of the EVPN virtual tunnel endpoint. If an NSX Edge node receives EVPN type-5 prefixes from its eBGP peer that need to be redistributed to another eBGP peer, the routes will be re-advertised without any change to the nexthop.
  • In multi-path network topologies, it is recommended that ECMP is enabled for the NSX BGP EVPN control plane as well, so that all the possible paths can be advertised by the tier-0 gateway. This will avoid any potential traffic blackhole due to asymmetric data path forwarding.
  • A VRF can span multiple Edges. However, specifying a unique Route Distinguisher for each Edge or TEP (either via auto or manual configuration) is not supported. As a result, the use of ECMP on the peer router is not supported.
  • In Route Server mode, the tier-0 gateway's HA (high availability) mode must be active-active.
  • In Route Server mode, only manual Route Distinguisher and manual Route Targets are supported.
  • Recursive route resolution for gateway IP via Default Static Route is not supported.
  • In Inline Mode, BGP Graceful Restart in Helper Mode is supported but BGP Graceful Restart in Restarting Mode is not supported.
  • In Route Server Mode, for BGP Graceful Restart, neither Helper Mode nor Restarting Mode is supported.
  • No route map support for EVPN address family.

Supported Route Distinguisher Encoding Types

About the Route Distinguisher (RD) format:
  • The encoding of the Route Distinguisher is defined in RFC 4364.
  • RD type 0 has an Administrator subfield of 2 bytes and Assigned Number subfield of 4 bytes. The Administrator subfield must contain an Autonomous System number.
  • RD type 1 has an Administrator subfield of 4 bytes and Assigned Number subfield of 2 bytes. The Administrator subfield must contain an IP address.

For Inline Mode, both auto and manual RDs are supported. For Route Server mode, only manual RD is supported.

Mode Auto RD Manual RD
Inline
  • Supported.
  • Only type-1 is supported.
  • You must configure the RD Admin field. The RD Admin field must be in the format of an IP Address.
  • The RD Admin field is used to fill the Administrator subfield in the RD.
  • The 2-byte Assigned Number subfield will be allocated a random number in the range for each RD generation.
  • Generated auto RD is checked against other manually configured RDs to avoid any duplicates.
  • Supported.
  • Both type-0 and type-1 are allowed, but type-1 is recommended.
  • No RD Admin field is required to be configured.
  • Configured manual RD is checked against other auto RDs to avoid any duplicates.
Route Server
  • Not supported.
  • Supported.
  • Both type-0 and type-1 are allowed, but type-1 is recommended.
  • No RD Admin field is required to be configured.
  • Configured manual RD is checked against other auto RDs to avoid any duplicates.

Configuration Prerequisites

  • Virtual Router (vRouter) deployed on VMware ESXi hypervisor.
  • For Inline mode, the peer physical router must support EVPN type-5 routes (interface-less model). For Route Server mode, the peer physical router must support EVPN type-5 routes with the interface-ful model using SBD IRB interface as described in https://tools.ietf.org/html/draft-ietf-bess-evpn-prefix-advertisement-11.

Configuration Steps for Inline Mode

  • Create a VNI pool. See Add an EVPN/VXLAN VNI Pool.
  • Configure a VLAN Segment. See Add a Segment.
  • Configure an overlay Segment and specify one or more VLAN ranges. See Add a Segment.
  • Configure a tier-0 gateway to support EVPN. See Add a Tier-0 Gateway.
  • Under EVPN Settings, select a VNI pool and create EVPN Tunnel Endpoints.
  • Under Route Distinguisher for VRF Gateways, configure RD Admin Address for the automatic route distinguisher use case.
  • Configure one or more external interfaces on the tier-0 gateway and connect to the VLAN Segment.
  • Configure BGP neighbors with the peer physical router. Add route filter with IPv4 and L2VPN EVPN Address Families.
  • Configure Route Re-Distribution. Select EVPN TEP IP under tier-0 Subnets along with other sources.
  • Configure VRF to support EVPN. See Add a VRF Gateway.
  • Under VRF Settings, specify an EVPN Transit VNI.
  • Specify Route Distinguisher for a manual route distinguisher.
  • Specify Import/Export Route Targets for manual route targets.
  • Add service interface on VRF for each edge node and connect to the Overlay Segment. Specify an Access VLAN ID for each service interface.
  • Configure per VRF BGP neighbors with the peer vRouter. The routes learned over the VRF BGP sessions are redistributed by the NSX Edge to the peer physical router over the MP-BGP EVPN session.

Configuration Steps for Route Server Mode

Infrastructure-related configuration:

  • Create a VNI pool. See Add an EVPN/VXLAN VNI Pool.
  • Configure an EVPN tenant. See Configure an EVPN Tenant. For each VLAN-VNI mapping specified in the EVPN tenant, a VRF segment for the VNI will be created automatically.
  • Configure a VLAN Segment. See Add a Segment. The ARP ND Binding Limit Timeout value in the IP discovery profile assigned to this segment must be set to a value greater than the ARP timeout value on the vRouter.

NSX Edge-related configuration:

  • Configure a tier-0 gateway to support EVPN. Under EVPN Settings, set EVPN mode to Route Server and select a EVPN tenant. See Add a Tier-0 Gateway.
  • Configure one or more external interfaces on the tier-0 gateway and connect to the VLAN Segment.
  • Create EVPN Tunnel Endpoints under EVPN settings of the tier-0 gateway.
  • Configure BGP neighbors with the peer physical router. Add route filter with IPv4 and L2VPN EVPN Address Families.
  • Configure Route Re-Distribution. Select EVPN TEP IP under Tier-0 Subnets along with other sources.
  • Configure VRF to support EVPN. See Add a VRF Gateway.
  • Under VRF Settings/L3 VNI Settings, specify Route Distinguisher and Route Targets.
  • Under VRF Settings/L2 VNI Settings, click Set to add an L2 VNI. Select an L2 VNI from the dropdown list. Specify a Route Distinguisher and Route Targets.
  • Add a service interface on VRF for each edge node and connect to the VRF Segment with the same L2 VNI as the VRF.
  • For each VRF configure BGP neighbors with the peer vRouter. The routes learned over the VRF BGP sessions are redistributed by the NSX Edge to the peer physical router over the MP-BGP EVPN session.

vRouter-related configuration:

  • Deploy a vRouter VM on vSphere.
  • Create a vRouter overlay segment (VR segment). Attach vRouter to the VR segment.
  • Configure the VR segment. Under Advanced Settings, select an EVPN tenant. The VR segment and EVPN tenant must be in the same overlay transport zone.
  • Edit the auto-discovered segment port on the VR segment that is connected to the vRouter. Enter the list of VLANs into the EVPN VLANs field and click Save. The segment ports will be auto-generated for every VLAN specified under the corresponding VRF segments. The VLANs must belong to the list or ranges of VLANs that are specified in the VLAN-VNI mapping of the specified EVPN tenant.