I am not talking about rich features because we have seen hell lot of articles on the VXLAN EVPN topic!!
I want to talk about challenges, based on my work experience with ACI and VXLAN EPVN and provided the information
We have seen MP-BGP l2vpn address families but this address family little crazy with excellent features
Agile implementation – NO
Simple explanation:
In legacy model if we want create vlan and inter vlan routing , it’s so easy that can be done with few commands and boom you are ready!!
In VXLAN world, number of steps increases (from 5 to 50 ?). Here is my simple calculation. Just to configure VLAN/VXLAN and enable inter VLAN/VXLAN routing…
First you have to focus on two things “UNDERLAY and OVERLAY” setup
- Create VLAN and map to VNID
- if you decided to use VPC(little tricky)
- Configure VXLAN tunnel interface (nve) , associate l2vni and enable bgp for host reachability
- EVPN stuff configuration in MP-BGP
- Same configuration will be applied on all leafs (off course, it depends), but in virtualization world we require VM mobility obviously, will end up with configuring on all leafs.
- On top of that you have to ensure all features are enabled on switch to support VXLAN EVPN
Hold on!! so far we have configured VLAN/VXLAN bridging. Need to enable inter VLAN/VXLAN routing 🙂
- Create a separate VLAN and map to VNID (if you are using multiple tenants, again you to follow all the steps 🙂 )
- SVI for l3vni and associate with vrf
- Associate with nve
- Enable evpn in mp-bgp
Ohh!!! I am done with VLNA/VXLAN creation and inter vlan routing
Complex: Partially YES
Obviously, by looking at above do you think its easy to troubleshoot
Missing important item , as all we know that VXLAN EVPN technology is very good at handling BUM traffic… yes, to handle this traffic need to configure Multicast( Sometimes troubleshooting multicast is Nightmare)
Cost effective: NO
- Again hardware based solution ?? yes, we need to go for switches which supports this technology(cisco/Arista) Training to Operations team and so on…!!!
- More Time consumption for break fix
Trouble shoot: Difficult
Off course, type of issue but remember need to keep eye on all these areas.
Underlay, overlay and multicast.
Verify BGP process, l2vpn,nve peers and so on.. if look at the below route table for one IP, you have to study so much of stuff to understand why the IP/MAC is not reachable.
Source : Above pic is from cisco
Off course, Cisco has couple of tools for automation NFM,DCNM and OAM(feature on switch) but not sure how it’s really useful in day-to-day operations.
My suggestion, Look at any SDN products(ACI/NSX/Nuage…) which can do this stuff for you without much manual intervention and ZERO touch provision… because world is moving towards SD**
In my next article, will come up with how to build nexus 9k virtual lab on Vmware ( you can build VXLAN EVPN on virtual switches on your own)
I wrote this article my keeping operations team in mind as well!!
Looking for more comments/inputs that can help others !!!
