This guide provides step-by-step instructions to configure Asymmetric IRB EVPN in SONiC, covering VLAN setup, IP address configuration, VxLAN creation, and BGP establishment for EVPN.
Asymmetric IRB EVPN
In the asymmetric IRB model, routing and bridging occur at the VXLAN tunnel ingress, with the packet after the routing action being VXLAN bridged to the destination VTEP.
The egress VTEP removes the VXLAN header and forwards the packet onto the L2 domain based on the VNI to VLAN mapping.
The ingress VTEP is configured with all destination virtual networks, and has the ARP entries and MAC addresses for all destination hosts in its hardware tables.
Testbed & SONiC Version
- GNS3
- SONiC ( 202305 )
Topology
Steps to Configure Asymmetric IRB EVPN
- Setup VLAN Environment
- Configure IP addresses
- Create VxLAN
- Establish BGP environment for EVPN
Configurations on SONiC-1:
Step 1. Setup VLAN environment as per topology.
admin@sonic:~$ sudo config vlan add 10
admin@sonic:~$ sudo config vlan add 20
admin@sonic:~$ sudo config vlan member add -u 10 Ethernet4
Step 2. Configure IP addresses.
admin@sonic:~$ sudo config interface ip add Ethernet0 192.168.11.1/24
admin@sonic:~$ sudo config interface ip add Loopback10 1.1.1.1/32
admin@sonic:~$ sudo config interface ip add Vlan10 192.168.10.254/24
admin@sonic:~$ sudo config interface ip add Vlan20 192.168.12.253/24
Below is the status of the VLAN table.
Step 3. Create VxLAN.
admin@sonic:~$ sudo config vxlan add vtep 1.1.1.1
admin@sonic:~$ sudo config vxlan evpn_nvo add nvo vtep
admin@sonic:~$ sudo config vxlan map add vtep 10 1000
admin@sonic:~$ sudo config vxlan map add vtep 20 2000
admin@sonic:~$ sudo config save -y
The figure below depicts that VxLAN tunnel is successfully created.
Step 4. Establish a BGP environment for EVPN.
sonic# configure terminal
sonic(config)#router bgp 65000
sonic(config-router)#neighbor 192.168.11.2 remote-as 65000
sonic(config-router)# address-family ipv4 unicast
sonic(config-router-af)# network 1.1.1.1/32
sonic(config-router-af)# exit
sonic(config-router)#address-family l2vpn evpn
sonic(config-router-af)#neighbor 192.168.11.2 activate
sonic(config-router-af)#advertise-all-vni
sonic(config-router-af)#exit
Configurations on SONiC-2:
Step 1. Setup VLAN environment as per topology.
admin@sonic:~$ sudo config vlan add 10
admin@sonic:~$ sudo config vlan add 20
admin@sonic:~$ sudo config vlan member add -u 10 Ethernet4
Step 2. Configure IP addresses.
admin@sonic:~$ sudo config interface ip add Ethernet0 192.168.11.2/24
admin@sonic:~$ sudo config interface ip add Loopback10 2.2.2.2/32
admin@sonic:~$ sudo config interface ip add Vlan10 192.168.10.253/24
admin@sonic:~$ sudo config interface ip add Vlan20 192.168.12.254/24
Step 3. Create VxLAN.
admin@sonic:~$ sudo config vxlan add vtep 2.2.2.2
admin@sonic:~$ sudo config vxlan evpn_nvo add nvo vtep
admin@sonic:~$ sudo config vxlan map add vtep 10 1000
admin@sonic:~$ sudo config vxlan map add vtep 20 2000
admin@sonic:~$ sudo config save -y
Step 4. Establish a BGP environment for EVPN.
sonic# configure terminal
sonic(config)#router bgp 65000
sonic(config-router)#neighbor 192.168.11.1 remote-as 65000
sonic(config-router)# address-family ipv4 unicast
sonic(config-router-af)# network 2..2.2/32
sonic(config-router-af)# exit
sonic(config-router)#address-family l2vpn evpn
sonic(config-router-af)#neighbor 192.168.11.1 activate
sonic(config-router-af)#advertise-all-vni
sonic(config-router-af)#exit
Results of SONiC-1
The figure below shows that the remote VTEP (DIP) is learned through EVPN.
The result below shows that the MAC address of the destination host is learned, which is the main functionality of Asymmetric IRB L2VPN EVPN.
Below is the status of EVPN Route Types.
The figure below shows that Asymmetric IRB is an L2VPN EVPN because all the VNIs are L2, and no L3 VNI is used.
When the ping request is generated from Host A, it successfully receives a reply from Host B.
For better understanding, packets are captured with Wireshark. The figure below shows that when Host A sends the traffic to Host B then VTEP1 tunnels the traffic in the VNI 2000 to VTEP2.
The figure below shows that when Host B sends the reply to Host A then VTEP2 tunnels the traffic in the VNI 1000 to VTEP1.
Drawback
All the VLANs and VNIs must be configured on all VTEPs even if the VTEPs do not have clients on all VLANs. This will increase the ARP cache, and CAM table size which will result in the control plane scaling issue.
References
About Hardware Nation:
Hardware Nation is a professional services company that accelerates network transformation through a disaggregated, open approach, enabling freedom of choice, flexibility, and cost efficiency. Our seasoned experts have worked on projects for some of the world’s leading organizations, leveraging a hybrid cloud-first and AI-enabled approach. We help our customers navigate the ecosystem, drawing on decades of experience. Our deployments are powered by leading white box and OEM network, compute, and storage vendors. Our expertise encompasses a wide range of industries and use cases, including enterprise, cloud, data center, AI, 5G/ISP infrastructure, and edge IT.
Humza Atlaf
Network Engineer
Humza is a network engineer at Hardware Nation Labs, where his passion for Open Networking drives his work. With a blend of deep expertise and innovative approaches, he designs robust, scalable networks of the future. His practical experience includes configuring and deploying a range of protocols such as LACP, VLANs, MPLS, and VRRP. At his previous role, he was part of a SONiC testing team, further honing his skills in network setup and troubleshooting. Humza is also adept at network analysis with tools like Wireshark, enhancing his ability to manage complex network environments.
Alex Cronin
Co-Founder and Solutions Architect
Alex Cronin is a seasoned Solutions Architect with over 15 years of experience in networking and disaggregated infrastructure. His career is defined by aligning enterprise technology with business needs across diverse market segments, from emerging startups to Fortune 500 companies. He has worked on digital infrastructure projects covering network design and software solutions for data center operators, service providers, and enterprises. He is continuously collaborating with Hardware Nation Labs R&D to explore and pioneer the latest advancements in open networking and is assessing the applicability of AI/ML technology across enterprise, data center, and service provider infrastructures.
