EVPN

EVPN (Ethernet VPN) provides a control-plane solution for VXLAN overlay networks on NX-OS, enabling scalable Layer 2 and Layer 3 connectivity across data center fabrics through BGP-based MAC and IP route advertisement. It manages per-VNI configuration including route distinguisher assignment, route target import/export policies for both auto-derived and explicitly defined targets, and table map filtering for route policy control. EVPN also supports multisite border gateway configuration for interconnecting multiple VXLAN EVPN fabrics, including site ID assignment, PIP advertisement, delay-restore timers, DF election timers, and per-site split-horizon control. EVPN is essential for modern VXLAN fabric deployments, enabling distributed anycast gateway, ARP suppression, and seamless workload mobility across leaf switches.

Diagram

Classes

configuration (nxos.devices)

Name	Type	Constraint	Mandatory	Default Value
evpn	Class	`[evpn]`	No

evpn (nxos.devices.configuration)

Name	Type	Constraint	Mandatory	Default Value
multisite_border_gateway	Class	`[multisite_border_gateway]`	No
vnis	List	`[vnis]`	No

multisite_border_gateway (nxos.devices.configuration.evpn)

Name	Type	Constraint	Mandatory
site_id	Integer	min: `1`, max: `281474976710655`	Yes
dci_advertise_pip	Boolean	`true`, `false`	No
delay_restore_time	Integer	min: `30`, max: `1000`	No
df_election_time	Number	min: `1`, max: `1000`	No
fabric_advertise_pip	Boolean	`true`, `false`	No
split_horizon_per_site	Boolean	`true`, `false`	No

vnis (nxos.devices.configuration.evpn)

Name	Type	Constraint	Mandatory
vni	Integer	min: `1`, max: `16777215`	Yes
rd	String		No
route_target_both_auto	Boolean	`true`, `false`	No
route_target_imports	List	String	No
route_target_exports	List	String	No
table_map	String		No
table_map_filter	Boolean	`true`, `false`	No

Examples

Example 1: L2 VNI with auto route targets for VXLAN bridging

nxos:
  devices:
    - name: LEAF1
      configuration:
        evpn:
          vnis:
            - vni: 10101
              rd: 10.1.100.3:10101
              route_target_both_auto: true
            - vni: 10102
              rd: 10.1.100.3:10102
              route_target_both_auto: true

Example 2: L2 and L3 VNIs with explicit route targets for multi-tenant fabric

nxos:
  devices:
    - name: LEAF1
      configuration:
        evpn:
          vnis:
            # L2 VNIs for bridged traffic
            - vni: 10101
              rd: 10.1.100.3:10101
              route_target_imports:
                - "65000:10101"
              route_target_exports:
                - "65000:10101"
            - vni: 10102
              rd: 10.1.100.3:10102
              route_target_imports:
                - "65000:10102"
              route_target_exports:
                - "65000:10102"
            # L3 VNIs for routed traffic per VRF
            - vni: 11010
              rd: 10.1.100.3:11010
              route_target_imports:
                - "65000:11010"
              route_target_exports:
                - "65000:11010"
            - vni: 11020
              rd: 10.1.100.3:11020
              route_target_imports:
                - "65000:11020"
              route_target_exports:
                - "65000:11020"

Example 3: EVPN VNIs with shared route targets for cross-leaf L2 stretching and table map filtering

nxos:
  devices:
    - name: LEAF2
      configuration:
        evpn:
          vnis:
            - vni: 10101
              rd: 10.1.100.4:10101
              route_target_both_auto: true
              table_map: EVPN-TABLE-MAP
              table_map_filter: true
            - vni: 10102
              rd: 10.1.100.4:10102
              route_target_both_auto: true
            - vni: 11010
              rd: 10.1.100.4:11010
              route_target_both_auto: true
            - vni: 11020
              rd: 10.1.100.4:11020
              route_target_both_auto: true

Example 4: EVPN multisite border gateway for DCI with PIP advertisement and split-horizon

nxos:
  devices:
    - name: BORDER-GW1
      configuration:
        evpn:
          multisite_border_gateway:
            site_id: 1
            dci_advertise_pip: true
            delay_restore_time: 300
            df_election_time: "2.0"
            fabric_advertise_pip: true
            split_horizon_per_site: true
          vnis:
            - vni: 10101
              rd: 10.1.100.5:10101
              route_target_both_auto: true
            - vni: 11010
              rd: 10.1.100.5:11010
              route_target_both_auto: true

EVPN (Ethernet VPN) provides a control-plane solution for VXLAN overlay networks on NX-OS, enabling scalable Layer 2 and Layer 3 connectivity across data center fabrics through BGP-based MAC and IP route advertisement. It manages per-VNI configuration including route distinguisher assignment, route target import/export policies for both auto-derived and explicitly defined targets, and table map filtering for route policy control. EVPN is essential for modern VXLAN fabric deployments, enabling distributed anycast gateway, ARP suppression, and seamless workload mobility across leaf switches.