Skip to content
AsterNOS
Ask AI

EVPN Multihoming Configuration Guide

Introduction

Section titled “Introduction”

EVPN Multihoming is similar to MC-LAG and provides support for master/master redundancy. When the BGP EVPN control plane is used, a Host device is connected to two or more access switches. EVPN ESI is configured on downstream interfaces to provide all-active redundancy for load balancing and failover.

Basic Concepts

Section titled “Basic Concepts”

ESI

Section titled “ESI”

ESI, Ethernet Segment Identifier, 10 bytes. When the downlink port of two devices is configured with the same ESI, the two ports are the peers of EVPN Multihoming.

DF Election Algorithm

Section titled “DF Election Algorithm”

A Designated Forwarder selected by the switch for each ES is called the DF (Designated Forwarder). Correspondingly, devices that have not been elected as DF are called Non-DF devices. Only DF is allowed to forward flood traffic received over VXLAN overlay to the downlink port with local ESI configuration. Non-DF devices are not allowed to. DF election algorithm: The EVPN VTEP with the highest DF preference set in the same ES will become DF. The default value of the DF preference is 32767. If the preference is the same, the ES with the minimum VTEP IP address is selected as DF. The DF election is generated by the type-4 route. The DF election algorithm can solve the remote BUM traffic replication problem.

Split Horizon Algorithm

Section titled “Split Horizon Algorithm”

Split Horizon: Only BUM traffic from remote sites is allowed to be forwarded to local sites. This algorithm is used to prevent BUM traffic loops and replication of the same ESI.

EVPN Multihoming Configuration

Section titled “EVPN Multihoming Configuration”

Table 1 Overview of EVPN Multihoming Configuration Tasks

Configuration TasksDescriptionRefer to
Pre-configurationConfigure EVPNRequired-
Configure cross-device aggregation groupsRequiredConfigure cross-device aggregation groups
EVPN Multihoming Related ConfigurationEVPN Multihoming Global configurationOptionalEVPN Multihoming Global configuration
Configure ESIRequiredConfigure ESI
Configure DF preferenceOptionalConfigure DF preference

EVPN Multihoming Default Setting

Section titled “EVPN Multihoming Default Setting”

The default setting of EVPN Multihoming is shown in the table below.

Table 2 EVPN Multihoming Default Setting

ParametersDefault Value
DF preference32767
mac-holdtime18 mins
neigh-holdtime18 mins
redirect-offDisable
advertise-svi-macEnable

Configure Cross-Device Aggregation Groups

Section titled “Configure Cross-Device Aggregation Groups”

Configure cross-device aggregation groups for downlink ports.

Table 3 Configure Cross-Device Aggregation Groups

PurposeOrdersDescription
Enter global configuration viewconfigure terminal-
Enter the LAG interface configuration view and create an aggregation groupinterface link-aggregation lag-idAggregate group id, range 1-9999. The default mode is dynamic aggregation with a long timeout
Configure LACP system IDlacp system-id HH:HH:HH:HH:HH:HHIn cross-device aggregation, if the system id of two switches are different, only one member of the aggregation group can be up

EVPN Multihoming Global Configuration

Section titled “EVPN Multihoming Global Configuration”

Table 4 EVPN Multihoming Global Configuration

PurposeOrdersDescription
Enter global configuration viewconfigure terminal-
Set MAC holdtimeevpn mh mac-holdtime mac-holdtimeMAC-holdtime indicates how long it takes for the synchronized entries of the ES peer to become dynamic after the MAC entries learned on the switch ages. It can be understood as the retention time of the entries of the synchronized side. The value ranges from 0 to 86400. You are advised to set the value to 300.
Set neigh hold time.evpn mh neigh-holdtime neigh-holdtimeNeigh-holdtime indicates how long it takes for the synchronized entries of the ES peer to become dynamic after the neighbor entries learned on the switch ages. It can be understood as the retention time of the entries of the synchronized side. The value ranges from 0 to 86400. You are advised to set the value to 360.
Enable redirect-offevpn mh redirect-offThis function ensures fault convergence on the downlink
Disable svi-mac advertiseevpn mh disabl e-advertise-s vi-macRequired for Unique-ip scenarios
Configure EVPN unique-ipevpn unique-ip vlan vlan-id-

Configure ESI

Section titled “Configure ESI”

ESI supports two configuration formats.

  • Configure a unique 10-bytes ESI directly.

Table 5 Configure ESI-1

PurposeOrdersDescription
Enter global configuration viewconfigure terminal-
Enter LAG interface configuration view of the downlinkinterface link-aggregation lag-idAggregate group id, range 1-9999
Configure 10-bytes ESIevpn mh es-id 00:AA:BB:CC:DD:EE:FF:GG:HH:II-
  • Configure es-id and es-sys-mac, and form a unique 10-byte ESI with reserved bits.

Table 6 Configure ESI-2

PurposeOrdersDescription
Enter global configuration view.configure terminal-
Enter LAG interface configuration view of the downlink.interface link-aggregation lag-idAggregate group id, range 1-9999
Configure es-id.evpn mh es-id es-ides-id range 1-16777215
Set es sys mac.evpn mh es-sys-mac HH:HH:HH:HH:HH:HH-

Configure DF preference

Section titled “Configure DF preference”

Switch with large DF preference values will be elected as DF.

Table 7 Configure DF preference

PurposeOrdersDescription
Enter global configuration view.configure terminal-
Enter LAG interface configuration view of the downlinkinterface link-aggregation lag-idAggregate group id, range 1-9999
Configure DF preferenceevpn mh es-df-pref preferencePreference ranges from 1 to 65535. The default value is 32767

Display and Maintenance

Section titled “Display and Maintenance”

Table 8 EVPN Multihoming Display and Maintenance

PurposeOrdersDescription
Show ESI configurationshow evpn es {detail|json|ESI}-
Show VXLAN tunnelsshow vxlan tunnel-
Show remote MAC address entries synchronized by the VXLANshow vxlan remotemac {all|A.B.C.D}-

Typical Configuration Example

Section titled “Typical Configuration Example”

Configure EVPN Multihoming Typical Scenario

Section titled “Configure EVPN Multihoming Typical Scenario”
  1. Networking Requirements An enterprise data center has deployed a large number of servers, each dual-homed to Leaf switches. It is required to implement a VXLAN distributed gateway using the EVPN multihoming solution to ensure reliable communication among VMs..
  2. Topology

  1. Configuration Roadmap (1) Configure the switch interface IP addresses and the Loopback0 IP address. (2) Configure the Underlay BGP. (3) Configure the Overlay BGP. (4) Configure downstream cross-device link aggregation group. (5) Configure EVPN and VXLAN VNI mapping. (6) Configure EVPN Multihoming. (7) Configure Monitor-link-group. (8) (Optional) Configure Layer 3 interconnection with the access-side device using the BGP protocol.
  2. Configuration Procedure Spine1 Configure the switch interface IP addresses and the Loopback0 IP address.
interface ethernet 0/0
 description to_Leaf1
 ip address 10.93.0.1/30
!
interface ethernet 0/4
 description to_Leaf2
 ip address 10.93.0.5/30
!
interface ethernet 0/8
 description to_Leaf3
 ip address 10.93.0.9/30
!
interface ethernet 0/12
 description to_Leaf4
 ip address 10.93.0.13/30
!
interface loopback 0
 ip address 172.16.1.165/32
!

Configure the Underlay BGP.

route-map advertise_loopback permit 10
 match ip address prefix-list loopback
exit
!
ip prefix-list loopback seq 10 permit 172.16.1.0/24 ge 24
ip prefix-list loopback seq 20 permit 172.16.2.0/24 ge 24
!
router bgp 65165
 bgp router-id 172.16.1.165
 no bgp ebgp-requires-policy
 bgp bestpath as-path multipath-relax
 bgp max-med on-startup 120
 bgp graceful-restart
 neighbor PEER_to_Leaf peer-group
 neighbor PEER_to_Leaf remote-as external
 neighbor PEER_to_Leaf bfd
 neighbor 10.93.0.2 peer-group PEER_to_Leaf
 neighbor 10.93.0.6 peer-group PEER_to_Leaf
 neighbor 10.93.0.10 peer-group PEER_to_Leaf
 neighbor 10.93.0.14 peer-group PEER_to_Leaf
 !
 address-family ipv4 unicast
  redistribute connected route-map advertise_loopback
 exit-address-family
exit
!

Configure the Overlay BGP.

router bgp 65165
 neighbor PEER_to_Leaf_EVPN peer-group
 neighbor PEER_to_Leaf_EVPN remote-as external
 neighbor PEER_to_Leaf_EVPN ebgp-multihop 5
 neighbor PEER_to_Leaf_EVPN update-source 172.16.1.165
 neighbor 172.16.1.179 peer-group PEER_to_Leaf_EVPN
 neighbor 172.16.1.166 peer-group PEER_to_Leaf_EVPN
 neighbor 172.16.1.170 peer-group PEER_to_Leaf_EVPN
 neighbor 172.16.1.162 peer-group PEER_to_Leaf_EVPN
 !
 address-family ipv4 unicast
  no neighbor PEER_to_Leaf_EVPN activate
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor PEER_to_Leaf_EVPN activate
  advertise-all-vni
 exit-address-family
exit
!

Spine2 Configure the switch interface IP addresses and the Loopback0 IP address.

interface ethernet 0/0
 description to_Leaf1
 ip address 10.93.1.1/30
!
interface ethernet 0/4
 description to_Leaf2
 ip address 10.93.1.5/30
!
interface ethernet 0/8
 description to_Leaf3
 ip address 10.93.1.9/30
!
interface ethernet 0/12
 description to_Leaf4
 ip address 10.93.1.13/30
!
interface loopback 0
 ip address 172.16.1.167/32
!

Configure the Underlay BGP.

route-map advertise_loopback permit 10
 match ip address prefix-list loopback
exit
!
ip prefix-list loopback seq 10 permit 172.16.1.0/24 ge 24
ip prefix-list loopback seq 20 permit 172.16.2.0/24 ge 24
!
router bgp 65165
 bgp router-id 172.16.1.167
 no bgp ebgp-requires-policy
 bgp bestpath as-path multipath-relax
 bgp max-med on-startup 120
 bgp graceful-restart
 neighbor PEER_to_Leaf peer-group
 neighbor PEER_to_Leaf remote-as external
 neighbor PEER_to_Leaf bfd
 neighbor 10.93.1.2 peer-group PEER_to_Leaf
 neighbor 10.93.1.6 peer-group PEER_to_Leaf
 neighbor 10.93.1.10 peer-group PEER_to_Leaf
 neighbor 10.93.1.14 peer-group PEER_to_Leaf
 !
 address-family ipv4 unicast
  redistribute connected route-map advertise_loopback
 exit-address-family
exit
!

Configure the Overlay BGP.

router bgp 65165
 neighbor PEER_to_Leaf_EVPN peer-group
 neighbor PEER_to_Leaf_EVPN remote-as external
 neighbor PEER_to_Leaf_EVPN ebgp-multihop 5
 neighbor PEER_to_Leaf_EVPN update-source 172.16.1.167
 neighbor 172.16.1.179 peer-group PEER_to_Leaf_EVPN
 neighbor 172.16.1.166 peer-group PEER_to_Leaf_EVPN
 neighbor 172.16.1.170 peer-group PEER_to_Leaf_EVPN
 neighbor 172.16.1.162 peer-group PEER_to_Leaf_EVPN
 !
 address-family ipv4 unicast
  no neighbor PEER_to_Leaf_EVPN activate
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor PEER_to_Leaf_EVPN activate
  advertise-all-vni
 exit-address-family
exit
!

Leaf1 Configure the switch interface IP addresses and the Loopback IP address.

interface ethernet 0/48
 description to_Spine1
 ip address 10.93.0.2/30
!
interface ethernet 0/52
 description to_Spine2
 ip address 10.93.1.2/30
!
interface loopback 0
 ip address 172.16.1.179/32
!
interface loopback 1
 ip address 172.16.2.179/32
!

Configure the Underlay BGP.

route-map advertise_loopback permit 10
 match ip address prefix-list loopback
exit
!
ip prefix-list loopback seq 10 permit 172.16.1.0/24 ge 24
ip prefix-list loopback seq 20 permit 172.16.2.0/24 ge 24
!
router bgp 65100
 bgp router-id 172.16.1.179
 no bgp ebgp-requires-policy
 bgp bestpath as-path multipath-relax
 bgp max-med on-startup 120
 bgp graceful-restart
 neighbor PEER_to_Spine peer-group
 neighbor PEER_to_Spine remote-as external
 neighbor PEER_to_Spine bfd
 neighbor 10.93.0.1 peer-group PEER_to_Spine
 neighbor 10.93.1.1 peer-group PEER_to_Spine
 !
address-family ipv4 unicast
  redistribute connected route-map advertise_loopback
  neighbor PEER_to_Spine route-map advertise_loopback out
 exit-address-family
 !

Configure the Overlay BGP.

router bgp 65100
 neighbor PEER_to_Spine_EVPN peer-group
 neighbor PEER_to_Spine_EVPN remote-as external
 neighbor PEER_to_Spine_EVPN ebgp-multihop 5
 neighbor PEER_to_Spine_EVPN update-source 172.16.1.179
 neighbor 172.16.1.165 peer-group PEER_to_Spine_EVPN
 neighbor 172.16.1.167 peer-group PEER_to_Spine_EVPN
 !
 address-family ipv4 unicast
  no neighbor PEER_to_Spine_EVPN activate
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor PEER_to_Spine_EVPN activate
  advertise-all-vni
 exit-address-family
exit
!

Configure gateway and VRF instance, disable ARP flooding, and enable ARP proxy.

vlan 10
!
arp broadcast disable
vrf 10123
!
interface vlan 10
 mac-address 00:00:00:10:00:00
 vrf 10123
 ip address 10.10.0.1/24
 arp proxy mode evpn
 arp proxy extend reply
 arp proxy extend request
!

Configure downstream cross-device link aggregation group and Configure storm suppression.

interface link-aggregation 100
 lacp fast-rate
 lacp system-id 60:eb:5a:00:00:01
 commit
 lacp fallback
 commit
 switchport trunk vlan 10
!
interface ethernet 0/0
 link-aggregation-group 100
 storm-suppress broadcast packets 1000
 storm-suppress multicast packets 1000
 storm-suppress unknown-unicast packets 1000
!

Configure EVPN and VXLAN VNI mapping.

interface vxlan 0
 source 172.16.2.179
exit
!
vlan 10
 vni 100
!
vrf 10123
 vni 10000
exit-vrf
!

Configure EVPN Multihoming.

evpn mh mac-holdtime 180
evpn mh neigh-holdtime 300
evpn mh redirect-off
!
interface link-aggregation 100
 evpn mh es-id 100
 evpn mh es-sys-mac 60:eb:5a:00:00:01
!

Configure Monitor-link-group.

monitor-link-group evpn_mh_group 90
!
interface ethernet 0/48
 monitor-link evpn_mh_group uplink
!
 interface ethernet 0/52
 monitor-link evpn_mh_group uplink
!
interface ethernet 0/0
 monitor-link evpn_mh_group downlink
!

Configure Layer 3 interconnection with the access-side device using the BGP protocol.

vlan 30
!
evpn unique-ip vlan 30
!
evpn mh disable-advertise-svi-mac
!
interface link-aggregation 101
 lacp fast-rate
 lacp system-id 60:eb:5a:00:00:02
 commit
 switchport trunk vlan 30
 evpn mh es-id 101
 evpn mh es-sys-mac 60:eb:5a:00:00:02
exit
!
interface ethernet 0/4
 link-aggregation-group 101
exit
!
interface vlan 30
 mac-address 00:00:00:30:00:00
 vrf 10123
 ip address 10.30.0.1/24
 arp proxy mode evpn
!
arp static 10.30.0.2 00:00:00:30:00:01 interface vlan 30
!
mac-address static 00:00:00:30:00:01 vlan 30 vxlan vni 300 peer 172.16.2.166
!
router bgp 65100 vrf 10123
 no bgp ebgp-requires-policy
 bgp max-med on-startup 120
 neighbor PEER_to_Tor peer-group
 neighbor PEER_to_Tor remote-as external
 neighbor PEER_to_Tor bfd
 neighbor 10.30.0.3 peer-group PEER_to_Tor
 !
 address-family l2vpn evpn
  advertise ipv4 unicast
 exit-address-family
exit

Leaf2 Configure the switch interface IP addresses and the Loopback IP address.

interface ethernet 0/48
 description to_Spine1
 ip address 10.93.0.6/30
!
interface ethernet 0/52
 description to_Spine2
 ip address 10.93.1.6/30
!
interface loopback 0
 ip address 172.16.1.166/32
!
interface loopback 1
 ip address 172.16.2.166/32
!

Configure the Underlay BGP.

route-map advertise_loopback permit 10
 match ip address prefix-list loopback
exit
!
ip prefix-list loopback seq 10 permit 172.16.1.0/24 ge 24
ip prefix-list loopback seq 20 permit 172.16.2.0/24 ge 24
!
router bgp 65101
 bgp router-id 172.16.1.166
 no bgp ebgp-requires-policy
 bgp bestpath as-path multipath-relax
 bgp max-med on-startup 120
 bgp graceful-restart
 neighbor PEER_to_Spine peer-group
 neighbor PEER_to_Spine remote-as external
 neighbor PEER_to_Spine bfd
 neighbor 10.93.0.5 peer-group PEER_to_Spine
 neighbor 10.93.1.5 peer-group PEER_to_Spine
 !
address-family ipv4 unicast
  redistribute connected route-map advertise_loopback
  neighbor PEER_to_Spine route-map advertise_loopback out
 exit-address-family
 !

Configure the Overlay BGP.

router bgp 65101
 neighbor PEER_to_Spine_EVPN peer-group
 neighbor PEER_to_Spine_EVPN remote-as external
 neighbor PEER_to_Spine_EVPN ebgp-multihop 5
 neighbor PEER_to_Spine_EVPN update-source 172.16.1.166
 neighbor 172.16.1.165 peer-group PEER_to_Spine_EVPN
 neighbor 172.16.1.167 peer-group PEER_to_Spine_EVPN
 !
 address-family ipv4 unicast
  no neighbor PEER_to_Spine_EVPN activate
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor PEER_to_Spine_EVPN activate
  advertise-all-vni
 exit-address-family
exit
!

Configure gateway and VRF instance, disable ARP flooding, and enable ARP proxy.

vlan 10
!
arp broadcast disable
vrf 10123
!
interface vlan 10
 mac-address 00:00:00:10:00:00
 vrf 10123
 ip address 10.10.0.1/24
 arp proxy mode evpn
 arp proxy extend reply
 arp proxy extend request
!

Configure downstream cross-device link aggregation group and Configure storm suppression.

interface link-aggregation 100
 lacp fast-rate
 lacp system-id 60:eb:5a:00:00:01
 commit
 switchport trunk vlan 10
!
interface ethernet 0/0
 link-aggregation-group 100
 storm-suppress broadcast packets 1000
 storm-suppress multicast packets 1000
 storm-suppress unknown-unicast packets 1000
!

Configure EVPN and VXLAN VNI mapping.

interface vxlan 0
 source 172.16.2.166
exit
!
vlan 10
 vni 100
!
vrf 10123
 vni 10000
exit-vrf
!

Configure EVPN Multihoming.

evpn mh mac-holdtime 180
evpn mh neigh-holdtime 300
evpn mh redirect-off
!
interface link-aggregation 100
 evpn mh es-id 100
 evpn mh es-sys-mac 60:eb:5a:00:00:01
!

Configure Monitor-link-group.

monitor-link-group evpn_mh_group 90
!
interface ethernet 0/48
 monitor-link evpn_mh_group uplink
!
 interface ethernet 0/52
 monitor-link evpn_mh_group uplink
!
interface ethernet 0/0
 monitor-link evpn_mh_group downlink
!

Configure Layer 3 interconnection with the access-side device using the BGP protocol.

vlan 30
!
evpn unique-ip vlan 30
!
evpn mh disable-advertise-svi-mac
!
interface link-aggregation 101
 lacp fast-rate
 lacp system-id 60:eb:5a:00:00:02
 commit
 switchport trunk vlan 30
 evpn mh es-id 101
 evpn mh es-sys-mac 60:eb:5a:00:00:02
exit
!
interface ethernet 0/4
 link-aggregation-group 101
exit
!
interface vlan 30
 mac-address 00:00:00:30:00:01
 vrf 10123
 ip address 10.30.0.2/24
 arp proxy mode evpn
!
arp static 10.30.0.1 00:00:00:30:00:00 interface vlan 30
!
mac-address static 00:00:00:30:00:00 vlan 30 vxlan vni 300 peer 172.16.2.179
!
router bgp 101 vrf 10123
 no bgp ebgp-requires-policy
 bgp max-med on-startup 120
 neighbor PEER_to_Tor peer-group
 neighbor PEER_to_Tor remote-as external
 neighbor PEER_to_Tor bfd
 neighbor 10.30.0.3 peer-group PEER_to_Tor
 !
 address-family l2vpn evpn
  advertise ipv4 unicast
 exit-address-family
exit

Leaf3 Configure the switch interface IP addresses and the Loopback IP address.

interface ethernet 0/48
 description to_Spine1
 ip address 10.93.0.10/30
!
interface ethernet 0/52
 description to_Spine2
 ip address 10.93.1.10/30
!
interface loopback 0
 ip address 172.16.1.170/32
!
interface loopback 1
 ip address 172.16.2.170/32
!

Configure the Underlay BGP.

route-map advertise_loopback permit 10
 match ip address prefix-list loopback
exit
!
ip prefix-list loopback seq 10 permit 172.16.1.0/24 ge 24
ip prefix-list loopback seq 20 permit 172.16.2.0/24 ge 24
!
router bgp 65102
 bgp router-id 172.16.1.170
 no bgp ebgp-requires-policy
 bgp bestpath as-path multipath-relax
 bgp max-med on-startup 120
 bgp graceful-restart
 neighbor PEER_to_Spine peer-group
 neighbor PEER_to_Spine remote-as external
 neighbor PEER_to_Spine bfd
 neighbor 10.93.0.9 peer-group PEER_to_Spine
 neighbor 10.93.1.9 peer-group PEER_to_Spine
 !
address-family ipv4 unicast
  redistribute connected route-map advertise_loopback
  neighbor PEER_to_Spine route-map advertise_loopback out
 exit-address-family
 !

Configure the Overlay BGP.

router bgp 65102
 neighbor PEER_to_Spine_EVPN peer-group
 neighbor PEER_to_Spine_EVPN remote-as external
 neighbor PEER_to_Spine_EVPN ebgp-multihop 5
 neighbor PEER_to_Spine_EVPN update-source 172.16.1.170
 neighbor 172.16.1.165 peer-group PEER_to_Spine_EVPN
 neighbor 172.16.1.167 peer-group PEER_to_Spine_EVPN
 !
 address-family ipv4 unicast
  no neighbor PEER_to_Spine_EVPN activate
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor PEER_to_Spine_EVPN activate
  advertise-all-vni
 exit-address-family
exit
!

Configure gateway and VRF instance, disable ARP flooding, and enable ARP proxy.

vlan 10
!
arp broadcast disable
vrf 10123
!
interface vlan 10
 mac-address 00:00:00:10:00:00
 vrf 10123
 ip address 10.10.0.1/24
 arp proxy mode evpn
 arp proxy extend reply
 arp proxy extend request
!

Configure downstream cross-device link aggregation group and Configure storm suppression.

interface link-aggregation 102
 lacp fast-rate
 lacp system-id 60:eb:5a:00:00:03
 commit
 lacp fallback
 commit
 switchport trunk vlan 10
!
interface ethernet 0/0
 link-aggregation-group 102
 storm-suppress broadcast packets 1000
 storm-suppress multicast packets 1000
 storm-suppress unknown-unicast packets 1000
!

Configure EVPN and VXLAN VNI mapping.

interface vxlan 0
 source 172.16.2.170
exit
!
vlan 10
 vni 100
!
vrf 10123
 vni 10000
exit-vrf
!

Configure EVPN Multihoming.

evpn mh mac-holdtime 180
evpn mh neigh-holdtime 300
evpn mh redirect-off
!
interface link-aggregation 102
 evpn mh es-id 102
 evpn mh es-sys-mac 60:eb:5a:00:00:03
!

Configure Monitor-link-group.

monitor-link-group evpn_mh_group 90
!
interface ethernet 0/48
 monitor-link evpn_mh_group uplink
!
 interface ethernet 0/52
 monitor-link evpn_mh_group uplink
!
interface ethernet 0/0
 monitor-link evpn_mh_group downlink
!
interface link-aggregation 103
 lacp fast-rate
 lacp system-id 60:eb:5a:00:00:04
 commit
 switchport trunk vlan 10
 evpn mh es-id 103
 evpn mh es-sys-mac 60:eb:5a:00:00:04
exit
!
interface ethernet 0/4
 link-aggregation-group 103
exit

Leaf4 Configure the switch interface IP addresses and the Loopback IP address.

interface ethernet 0/48
 description to_Spine1
 ip address 10.93.0.14/30
!
interface ethernet 0/52
 description to_Spine2
 ip address 10.93.1.14/30
!
interface loopback 0
 ip address 172.16.1.162/32
!
interface loopback 1
 ip address 172.16.2.162/32
!

Configure the Underlay BGP.

route-map advertise_loopback permit 10
 match ip address prefix-list loopback
exit
!
ip prefix-list loopback seq 10 permit 172.16.1.0/24 ge 24
ip prefix-list loopback seq 20 permit 172.16.2.0/24 ge 24
!
router bgp 65103
 bgp router-id 172.16.1.162
 no bgp ebgp-requires-policy
 bgp bestpath as-path multipath-relax
 bgp max-med on-startup 120
 bgp graceful-restart
 neighbor PEER_to_Spine peer-group
 neighbor PEER_to_Spine remote-as external
 neighbor PEER_to_Spine bfd
 neighbor 10.93.0.13 peer-group PEER_to_Spine
 neighbor 10.93.1.13 peer-group PEER_to_Spine
 !
address-family ipv4 unicast
  redistribute connected route-map advertise_loopback
  neighbor PEER_to_Spine route-map advertise_loopback out
 exit-address-family
 !

Configure the Overlay BGP.

router bgp 65103
 neighbor PEER_to_Spine_EVPN peer-group
 neighbor PEER_to_Spine_EVPN remote-as external
 neighbor PEER_to_Spine_EVPN ebgp-multihop 5
 neighbor PEER_to_Spine_EVPN update-source 172.16.1.162
 neighbor 172.16.1.165 peer-group PEER_to_Spine_EVPN
 neighbor 172.16.1.167 peer-group PEER_to_Spine_EVPN
 !
 address-family ipv4 unicast
  no neighbor PEER_to_Spine_EVPN activate
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor PEER_to_Spine_EVPN activate
  advertise-all-vni
 exit-address-family
exit
!

Configure gateway and VRF instance, disable ARP flooding, and enable ARP proxy.

vlan 10
!
arp broadcast disable
vrf 10123
!
interface vlan 10
 mac-address 00:00:00:10:00:00
 vrf 10123
 ip address 10.10.0.1/24
 arp proxy mode evpn
 arp proxy extend reply
 arp proxy extend request
!

Configure downstream cross-device link aggregation group and Configure storm suppression.

interface link-aggregation 102
 lacp fast-rate
 lacp system-id 60:eb:5a:00:00:03
 commit
 switchport trunk vlan 10
!
interface ethernet 0/0
 link-aggregation-group 102
 storm-suppress broadcast packets 1000
 storm-suppress multicast packets 1000
 storm-suppress unknown-unicast packets 1000
!

Configure EVPN and VXLAN VNI mapping.

interface vxlan 0
 source 172.16.2.162
exit
!
vlan 10
 vni 100
!
vrf 10123
 vni 10000
exit-vrf
!

Configure EVPN Multihoming.

evpn mh mac-holdtime 180
evpn mh neigh-holdtime 300
evpn mh redirect-off
!
interface link-aggregation 102
 evpn mh es-id 102
 evpn mh es-sys-mac 60:eb:5a:00:00:03
!

Configure Monitor-link-group.

monitor-link-group evpn_mh_group 90
!
interface ethernet 0/48
 monitor-link evpn_mh_group uplink
!
 interface ethernet 0/52
 monitor-link evpn_mh_group uplink
!
interface ethernet 0/0
 monitor-link evpn_mh_group downlink
!
interface link-aggregation 103
 lacp fast-rate
 lacp system-id 60:eb:5a:00:00:04
 commit
 switchport trunk vlan 10
 evpn mh es-id 103
 evpn mh es-sys-mac 60:eb:5a:00:00:04
exit
!
interface ethernet 0/4
 link-aggregation-group 103
exit
  1. Verify the configuration.

(1) Check the underlay BGP neighbors.(Leaf1)

evpn-mh-leaf1# show ip bgp summary
IPv4 Unicast Summary (VRF default):
BGP router identifier 172.16.1.179, local AS number 65100 vrf-id 0
BGP table version 61822
RIB entries 291, using 52 KiB of memory
Peers 2, using 1447 KiB of memory
Peer groups 2, using 128 bytes of memory
Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
10.93.0.1       4      65165      3053      3302        0    0    0 17:57:16         142      146    N/A
10.93.1.1       4      65165      3405      3343        0    0    0 17:57:16         143      146    N/A
Total number of neighbors 2

(2) Check the Overlay BGP neighbors.(Leaf1)

evpn-mh-leaf1# show bgp l2vpn evpn summary
BGP router identifier 172.16.1.179, local AS number 65100 vrf-id 0
BGP table version 0
RIB entries 65, using 12 KiB of memory
Peers 2, using 1447 KiB of memory
Peer groups 2, using 128 bytes of memory
Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
172.16.1.165    4      65165     39398     47671        0    0    0 18:00:42         913     3916   N/A
172.16.1.167    4      65165     39316     48288        0    0    0 20:24:05         918     3916   N/A
Total number of neighbors 2

(3) Check the link aggregation group.(Leaf1)

evpnmh-leaf-1# show link-aggregation summary
Flags: A - active, I - inactive, Up - up, Dw - Down, N/A - not available,
       S - selected, D - deselected, \* - not synced
  No.  Team Dev         Protocol         Ports            Description
-----  ---------------  ---------------  ---------------  -------------
 0100  lag 100          LACP(A)(Up)      0/0      (S)    N/A
 0101  lag 101          LACP(A)(Up)      0/4      (S)    N/A

(4) Check the VXLAN Tunnels

evpnmh-leaf-1# show vxlan tunnel
+--------------+-------+--------+-------+
| RemoteVTEP   |   VNI | VLAN   | VRF   |
+==============+=======+========+=======+


| 172.16.2.166 |   100 | 10     |       |
+--------------+-------+--------+-------+


| 172.16.2.166 | 10000 |        | 10123 |
+--------------+-------+--------+-------+


| 172.16.2.162 |   100 | 10     |       |
+--------------+-------+--------+-------+


| 172.16.2.162 | 10000 |        | 10123 |
+--------------+-------+--------+-------+


| 172.16.2.170 |   100 | 10     |       |
+--------------+-------+--------+-------+


| 172.16.2.170 | 10000 |        | 10123 |
+--------------+-------+--------+-------+

(5) Check EVPN ES.

evpnmh-leaf-1# show evpn es
Type: B bypass, L local, R remote, N non-DF
ESI                            Type ES-IF                                  VTEPs
03:60:eb:5a:00:00:01:00:00:64  LRN  link-aggregation 100       172.16.2.166
03:60:eb:5a:00:00:02:00:00:65  LRN  link-aggregation 101       172.16.2.166
03:60:eb:5a:00:00:03:00:00:c8  R    -                     172.16.2.162,172.16.2.170
03:60:eb:5a:00:00:04:00:00:c9  R    -                     172.16.2.162,172.16.2.170

(6) Check the BGP neighbor status established with the access-side device.

evpnmh-leaf-1# show ip bgp vrf 10123 summary
IPv4 Unicast Summary (VRF vrf 10123):
BGP router identifier 10.200.0.1, local AS number 65100 vrf-id 211
BGP table version 671
RIB entries 51, using 9384 bytes of memory
Peers 1, using 723 KiB of memory
Peer groups 1, using 64 bytes of memory
Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
10.30.0.3       4      65236      1872      1770        0    0    0 01:10:59              25       27    N/A
Total number of neighbors 1

(7) VMs under each Leaf can ping each other successfully.