Allowing external access into the VXLAN enabled network by connecting to a Leaf switch that is VRF aware for the routing. We'll use BGP to form the peering. In the core, we'll be using OSPF, so we'll redistribute OSPF to BGP and BGP to OSPF to enable the reachability. This can be used to allow internet users to access to the DC Servers.
N9K-3
interface Ethernet1/6
no switchport
vrf member C1_IRB
ip address 10.3.100.3/24
no shutdown
!
router bgp 1
vrf C1_IRB
address-family ipv4 unicast
network 10.1.10.0/24
network 10.1.20.0/24
neighbor 10.3.100.10
remote-as 65100
address-family ipv4 unicast
IOS
router bgp 65100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.3.100.3 remote-as 1
!
address-family ipv4
redistribute ospf 1
neighbor 10.3.100.3 activate
!
router ospf 1
redistribute bgp 65100 subnets
network 10.1.100.0 0.0.0.255 area 0
N9K-3# show bgp vrf C1_IRB ipv4 unicast
BGP routing table information for VRF C1_IRB, address family IPv4 Unicast
BGP table version is 69, Local Router ID is 10.1.10.254
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - b
est2
Network Next Hop Metric LocPrf Weight Path
* i10.1.10.0/24 10.0.0.2 100 0 i
*>l 0.0.0.0 100 32768 i
*>i10.1.10.4/32 10.0.0.2 100 0 i
*>i10.1.10.11/32 10.0.0.2 100 0 i
* i10.1.20.0/24 10.0.0.2 100 0 i
*>l 0.0.0.0 100 32768 i
*>i10.1.20.5/32 10.0.0.2 100 0 i
*>i10.1.20.12/32 10.0.0.2 100 0 i
*>i10.1.20.21/32 10.0.0.2 100 0 i
*>e10.1.100.0/24 10.3.100.10 0 0 65100 ?
IOS#sh ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 13 subnets, 2 masks
B 10.1.10.0/24 [20/0] via 10.3.100.3, 17:23:31
B 10.1.10.4/32 [20/0] via 10.3.100.3, 04:09:21
B 10.1.10.11/32 [20/0] via 10.3.100.3, 02:35:53
B 10.1.20.0/24 [20/0] via 10.3.100.3, 17:23:33
B 10.1.20.5/32 [20/0] via 10.3.100.3, 02:34:59
B 10.1.20.12/32 [20/0] via 10.3.100.3, 02:34:46
B 10.1.20.21/32 [20/0] via 10.3.100.3, 02:34:42
User#ping 10.1.20.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.20.21, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 59/67/75 ms
N9K-3# show bgp l2vpn evpn
Route Distinguisher: 10.0.0.3:3 (L3VNI 11000)
*>i[2]:[0]:[0]:[48]:[0050.7966.6804]:[32]:[10.1.10.4]/272
10.0.0.2 100 0 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6805]:[32]:[10.1.20.5]/272
10.0.0.2 100 0 i
*>i[2]:[0]:[0]:[48]:[0050.7966.680b]:[32]:[10.1.10.11]/272
10.0.0.2 100 0 i
*>i[2]:[0]:[0]:[48]:[0050.7966.680c]:[32]:[10.1.20.12]/272
10.0.0.2 100 0 i
*>i[2]:[0]:[0]:[48]:[5000.000e.0000]:[32]:[10.1.20.21]/272
10.0.0.2 100 0 i
N9K-3
interface Ethernet1/6
no switchport
vrf member C1_IRB
ip address 10.3.100.3/24
no shutdown
!
router bgp 1
vrf C1_IRB
address-family ipv4 unicast
network 10.1.10.0/24
network 10.1.20.0/24
neighbor 10.3.100.10
remote-as 65100
address-family ipv4 unicast
IOS
router bgp 65100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.3.100.3 remote-as 1
!
address-family ipv4
redistribute ospf 1
neighbor 10.3.100.3 activate
!
router ospf 1
redistribute bgp 65100 subnets
network 10.1.100.0 0.0.0.255 area 0
N9K-3# show bgp vrf C1_IRB ipv4 unicast
BGP routing table information for VRF C1_IRB, address family IPv4 Unicast
BGP table version is 69, Local Router ID is 10.1.10.254
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - b
est2
Network Next Hop Metric LocPrf Weight Path
* i10.1.10.0/24 10.0.0.2 100 0 i
*>l 0.0.0.0 100 32768 i
*>i10.1.10.4/32 10.0.0.2 100 0 i
*>i10.1.10.11/32 10.0.0.2 100 0 i
* i10.1.20.0/24 10.0.0.2 100 0 i
*>l 0.0.0.0 100 32768 i
*>i10.1.20.5/32 10.0.0.2 100 0 i
*>i10.1.20.12/32 10.0.0.2 100 0 i
*>i10.1.20.21/32 10.0.0.2 100 0 i
*>e10.1.100.0/24 10.3.100.10 0 0 65100 ?
IOS#sh ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 13 subnets, 2 masks
B 10.1.10.0/24 [20/0] via 10.3.100.3, 17:23:31
B 10.1.10.4/32 [20/0] via 10.3.100.3, 04:09:21
B 10.1.10.11/32 [20/0] via 10.3.100.3, 02:35:53
B 10.1.20.0/24 [20/0] via 10.3.100.3, 17:23:33
B 10.1.20.5/32 [20/0] via 10.3.100.3, 02:34:59
B 10.1.20.12/32 [20/0] via 10.3.100.3, 02:34:46
B 10.1.20.21/32 [20/0] via 10.3.100.3, 02:34:42
User#ping 10.1.20.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.20.21, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 59/67/75 ms
N9K-3# show bgp l2vpn evpn
Route Distinguisher: 10.0.0.3:3 (L3VNI 11000)
*>i[2]:[0]:[0]:[48]:[0050.7966.6804]:[32]:[10.1.10.4]/272
10.0.0.2 100 0 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6805]:[32]:[10.1.20.5]/272
10.0.0.2 100 0 i
*>i[2]:[0]:[0]:[48]:[0050.7966.680b]:[32]:[10.1.10.11]/272
10.0.0.2 100 0 i
*>i[2]:[0]:[0]:[48]:[0050.7966.680c]:[32]:[10.1.20.12]/272
10.0.0.2 100 0 i
*>i[2]:[0]:[0]:[48]:[5000.000e.0000]:[32]:[10.1.20.21]/272
10.0.0.2 100 0 i
