The EVPN introduced the concept of Integrated Routing and Bridging based on EVPN to address inter-subnet communication between VMs which are belong to different VxLAN segments. It is also called inter-VxLAN routing with 2 options; Symmetric IRB and Asymmetric IRB. In the asymmetric IRB we only have the concept of L2VNI. We also have another option which is called Symmetric IRB and it introduces us with the concept of L3VNI. This L3VNI will allow us to create and dedicate VRF for a specific tenant for the routing purpose.
Let’s see how is Symmetric IRB is working with the topology.
Each VTEP learns through the data plane and registers its local end-points with their respective MAC and IP address information. Every VTEP distributes this information through the MP-BGP EVPN control plane.
We can assume following entries will be installed for VTEP-1 as an example. Other VTEPs will have similar entries of course. (note that these are not actual outputs but summary of what is included in the outputs)
VTEP-1
VM1, IP: 10.100.1.1, MAC: MAC-VM1, Vlan:100, L2VNI:298100, L3 VNI: 300000 Next Hop: Local
VM3, IP: 10.100.1.3, MAC: MAC-VM3, Vlan:100, L2VNI:298100, L3 VNI: 300000 Next Hop: 192.1.1.2
VM2, IP: 10.200.1.1, MAC: MAC-VM2, Vlan:100, L2VNI:298200, L3 VNI: 300000 Next Hop: Local
VM5, IP: 10.200.1.2, MAC: MAC-VM5, Vlan:200, L2VNI:298200, L3 VNI: 300000 Next Hop: 192.1.1.3
Note that VTEP-1 doesn’t have entries for VM4, VM6 and VM7. This is because we don’t need to configure all VNIs on all VTEPs with the symmetric IRB option. In this example we can assume that, VTEP-1 has only 2 L2 VNI which have locally attached hosts. But have the L3VNI option which is assumed 300000 in this example. This L3 VNI will be dedicated for routing purposes within a tenant VRF. Each VRF instance is mapped to a unique L3 VNI in the network.
We will have following L2 and L3 VNI networks;
VTEPs are configured for only their locally attached VLANs eg L2 VNIs and same L3 VNIs
For the symmetrical IRB model the type-2 routes are advertised with two labels and two Route targets. One of the RTs is belong to MAC-VRF and the other RT is belong to IP-VRF. MAC-VRF may or may not be configured on the remote VTEP but for sure, IP VRF with L3 VNI must be configured. AS an example, you can see which VRFs should be configured for VTEP-1 and VTP-2 as an example below.
VTEP-1 has only 2 VNIs configured, it will have 2 SVI for these 2 VNI and this SVI will mapped to Layer 3 VRF. Similar configuration also should be done on VTEP-2 and on others. Note that, MAC-VRFs have different RT configured but IP VRFs have same RT configuration. For the optimization of course different RT values for export and import can be used, in the example I used same value for both export and import to have simple example.
Here is the control and data plane explanation of reachability between VM-1 to VM4.
Type: MP_Reach_NLRI AFI:25 SAFI:70 Next Hop: 192.1.1.2 Route Type: Type 2 host advertisement route MAC Address: MAC-VM4 IP: 10.30.1.1 (optional) Route Distinguisher:[RD value] L2VNI: 298300 MAC-VRF Label: 298300 MAC VRF Route Target:3:3 IP-VRF Label: 300000 IP VRF Route Target: 100:100 Router-MAC Address: MAC address of Local VTEP ip (MAC-VTEP2)
After receiving the EVPN update VTEP-1 will take following action;
- Doesn’t import Type 2 route into the MAC-VRF because RTs are note matching.
- Import Type 2 route into IP-VRF because it has same VRF with same RT configured
IP Address: 10.30.1.1 MAC Address MAC-VM4 Next Hop: 192.1.1.2 Router MAC: MAC VTEP2
Step by step Symmetric communication between VM1 and VM4 as an example;
- VM1 sends packet to VM4. Layer 2 destination mac address is VTEP-1 which is the gateway of VM1. VTEP-1 decapsulates the packet and performs the routing.
2. VTEP-1 routes packet to L3VNI.
3. Because of following entry VTEP-1 encapsulates packet into VxLAN by changing inner layer 2 destination mac address with the mac address of VTEP-2
IP Address: 10.30.1.1 MAC Address MAC-VM4 Next Hop: 192.1.1.2 Router MAC: MAC VTEP2
4. VTEP-2 receives the encapsulated VxLAN packet, it strips of the VxLAN header and does a MAC lookup identifying the destined MAC as being its own. Accordingly, it performs an L3 lookup.
5. VTEP 2 routes the receiving packet from the L3 VNI to the destined L2 VNI 298300
