VXLAN EVPN eBGP

Version:

Diagram

Classes

global (vxlan)

Name	Type	Constraint	Mandatory	Default Value
ebgp	Class	`[ebgp]`	No

ebgp (vxlan.global)

Name	Type	Constraint	Mandatory	Default Value
spine_bgp_asn	String	Regex: `^(?:\d{1,10}\|\d{1,5}\.\d{1,5})$`	Yes
super_spine_bgp_asn	String	Regex: `^(?:\d{1,10}\|\d{1,5}\.\d{1,5})$`	No
bgp_asn_mode	Choice	`Multi-AS`, `Same-Tier-AS`	No	`Multi-AS`
leaf_bgp_asn	String	Regex: `^(?:\d{1,10}\|\d{1,5}\.\d{1,5})$`	No
border_bgp_asn	String	Regex: `^(?:\d{1,10}\|\d{1,5}\.\d{1,5})$`	No
leaf_same_bgp_asn	Boolean	`true`, `false`	No	`false`
anycast_gateway_mac	Any	String[Regex: `^[a-f0-9]{1}\.[a-f0-9]{1}\.[a-f0-9]{1}$`] or String[Regex: `^[a-f0-9]{4}\.[a-f0-9]{4}\.[a-f0-9]{4}$`] or String[Regex: `^[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}$`] or String[Regex: `^[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}$`]	No	`20:20:00:00:00:aa`
overlay_mode	Choice	`cli`, `config-profile`	No	`cli`
layer2_vni_range	Class	`[layer2_vni_range]`	No
layer3_vni_range	Class	`[layer3_vni_range]`	No
layer2_vlan_range	Class	`[layer2_vlan_range]`	No
layer3_vlan_range	Class	`[layer3_vlan_range]`	No
enable_mvpn_vri_id_range	Boolean	`true`, `false`	No	`true`
enable_l3_vni_no_vlan	Boolean	`true`, `false`	No	`false`
multisite_site_id	Integer	min: `1`, max: `281474976710655`	No
vpc	Class	`[vpc]`	No
ptp	Class	`[ptp]`	No
snmp_server_host_trap	Boolean	`true`, `false`	No	`true`
enable_nxapi_http	Boolean	`true`, `false`	No	`false`
nxapi_http_port	Integer		No	`80`
enable_nxapi_https	Boolean	`true`, `false`	No	`true`
nxapi_https_port	Integer		No	`443`
auth_proto	Choice	`MD5`, `SHA`, `MD5_DES`, `MD5_AES`, `SHA_DES`, `SHA_AES`	No	`MD5`
dns_servers	List	`[dns_servers]`	No
ntp_servers	List	`[ntp_servers]`	No
syslog_servers	List	`[syslog_servers]`	No
netflow	Class	`[netflow]`	No
bootstrap	Class	`[bootstrap]`	No

layer2_vni_range (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `1`, max: `16777214`	Yes	`30000`
to	Integer	min: `1`, max: `16777214`	No	`49000`

layer2_vlan_range (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: `2`, max: `4094`	Yes	`2300`
to	Integer	min: `2`, max: `4094`	No	`2999`

vpc (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
peer_link_vlan	Integer	min: `2`, max: `3967`	No	`3600`
peer_keep_alive	Choice	`loopback`, `management`	No	`management`
auto_recovery_time	Integer	min: `240`, max: `3600`	No	`360`
delay_restore_time	Integer	min: `1`, max: `3600`	No	`150`
peer_link_port_channel_id	Integer	min: `1`, max: `4096`	No	`500`
ipv6_nd_sync	Boolean	`true`, `false`	No	`true`
advertise_pip	Boolean	`true`, `false`	No	`false`
advertise_pip_border_only	Boolean	`true`, `false`	No	`true`
advertise_pip_border_gateway	Boolean	`true`, `false`	No	`false`
domain_id_range	String		No	`1-1000`
fabric_vpc_qos	Boolean	`true`, `false`	No	`false`
fabric_vpc_qos_policy_name	String		No	`spine_qos_for_fabric_vpc_peering`

ptp (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
enable	Boolean	`true`, `false`	No	`false`
domain_id	Integer	min: `0`, max: `127`	No	0
lb_id	Integer	min: `0`, max: `1023`	No	0
vlan_id	Integer	min: `2`, max: `3967`	No

dns_servers (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
vrf	String		Yes

ntp_servers (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
vrf	String		Yes

syslog_servers (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory
ip_address	IP		Yes
vrf	String		Yes
severity	Integer	min: `0`, max: `7`	Yes

netflow (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
enable	Boolean	`true`, `false`	No	`false`
exporter	List	`[exporter]`	No
record	List	`[record]`	No
monitor	List	`[monitor]`	No

bootstrap (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
enable_bootstrap	Boolean	`true`, `false`	No	`false`
enable_local_dhcp_server	Boolean	`true`, `false`	No	`false`
dhcp_version	Choice	`DHCPv4`, `DHCPv6`	No
dhcp_v4	Class	`[dhcp_v4]`	No
dhcp_v6	Class	`[dhcp_v6]`	No
enable_cdp_mgmt	Boolean	`true`, `false`	No	`false`

exporter (vxlan.global.ebgp.netflow)

Name	Type	Constraint	Mandatory
name	String		Yes
ip_address	IP		Yes
vrf	String		No
source_interface	String	Regex: `(?i)^(?:e\|eth(?:ernet)?)\d(?:\/\d+){1,2}(\.\d{1,4})?$`	Yes
udp_port	Integer	min: `1`, max: `65535`	Yes

record (vxlan.global.ebgp.netflow)

Name	Type	Constraint	Mandatory
name	String		Yes
template	Choice	`netflow_ipv4_record`, `netflow_l2_record`	Yes
layer2	Boolean	`true`, `false`	No

monitor (vxlan.global.ebgp.netflow)

Name	Type	Mandatory
name	String	Yes
record	String	Yes
exporter1	String	Yes
exporter2	String	No

dhcp_v4 (vxlan.global.ebgp.bootstrap)

Name	Type	Constraint	Mandatory
scope_start_address	IP		Yes
scope_end_address	IP		Yes
switch_mgmt_default_gw	IP		Yes
mgmt_prefix	Integer	min: `8`, max: `30`	Yes
multi_subnet_scope	String		No
domain_name	String		No

dhcp_v6 (vxlan.global.ebgp.bootstrap)

Name	Type	Constraint	Mandatory
scope_start_address	IP		Yes
scope_end_address	IP		Yes
switch_mgmt_default_gw	IP		Yes
mgmt_prefix	Integer	min: `64`, max: `126`	Yes
multi_subnet_scope	String		No
domain_name	String		No

eBGP

For detailed information about eBGP fabric creation and deployment, refer to the Cisco NDFC BGP Fabric Documentation.

Basic eBGP Fabric Configuration

vxlan:
  fabric:
    name: ebgp-fabric
    type: eBGP_VXLAN
  global:
    ebgp:
        spine_bgp_asn: "65000.3"
        super_spine_bgp_asn: "65000.1"
        bgp_asn_mode: Multi-AS
        leaf_same_bgp_asn: true
        anycast_gateway_mac: 20:20:00:00:00:aa
        layer2_vni_range:
            from: 30000
            to: 49000
        layer3_vni_range:
            from: 50000
            to: 59000
        layer2_vlan_range:
            from: 2300
            to: 2999
        layer3_vlan_range:
            from: 2000
            to: 2299
        vpc:
            peer_link_vlan: 3600
            peer_keep_alive: management
            auto_recovery_time: 360
            delay_restore_time: 150
            peer_link_port_channel_id: 500
            ipv6_nd_sync: false
            advertise_pip: true
            advertise_pip_border_only: false
            domain_id_range: 1-100
            advertise_pip_border_gateway: true
        snmp_server_host_trap: true
        auth_proto: MD5
        dns_servers:
            - ip_address: 10.200.253.13
            vrf: management
        ntp_servers:
            - ip_address: 10.200.253.13
            vrf: management
        syslog_servers:
            - ip_address: 10.200.253.19
            vrf: management
            severity: 4

Required Policies

eBGP underlay deployment requires specific policies to be configured for proper underlay and overlay operation.

1. Leaf BGP AS Policies

Each leaf switch must have a leaf_bgp_asn policy to specify its BGP AS number:

---
vxlan:
  policy:
    policies:
      - name: bgp_as_policy_leaf
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.4"
      - name: bgp_as_policy_BL
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.5"
      - name: bgp_as_policy_BGW
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.22"

2. Spine Switch Overlay Policies

For spine switches, use the custom ebgp_overlay_spine_all_neighbor_custom policy:

NDFC overrides description fields during deployment for the standard ebgp_overlay_spine_all_neighbor as these overlay policies are part of core system overlay policies, which interferes with VXLAN as Code tracking using the policy description. Therefore, a custom version with a different template name is required.

Important: You must manually duplicate the following templates in NDFC:

ebgp_overlay_spine_all_neighbor → ebgp_overlay_spine_all_neighbor_custom
ebgp_overlay_leaf_all_neighbor → ebgp_overlay_leaf_all_neighbor_custom

This step is required before using these templates. For template management instructions, refer to the Cisco NDFC Templates Documentation.

The LEAF_IP_LIST has the loopback0 addresses of leaf switches, and LEAF_ASNS has their ASN numbers. For instance, the leaf with loopback0 IP 10.12.0.249 has the ASN number “65000.22.”

policies:
  - name: ebgp_overlay_spine_all_neighbor_custom
    template_name: ebgp_overlay_spine_all_neighbor_custom
    template_vars:
      LEAF_IP_LIST: "10.12.0.249,10.12.0.199,10.12.0.198,10.12.0.254,10.12.0.253"
      INTF_NAME: "Loopback0"
      LEAF_ASNS: "65000.22,65000.4,65000.4,65000.5,65000.5"

3. Leaf Switch Overlay Policies

For leaf switches, use the custom ebgp_overlay_leaf_all_neighbor_custom policy:

policies:
  - name: ebgp_overlay_leaf_all_neighbor_custom
    template_name: ebgp_overlay_leaf_all_neighbor_custom
    template_vars:
      SPINE_IP_LIST: "10.12.0.229,10.12.0.239"
      INTF_NAME: "Loopback0"

Complete Policy Example

Here’s a complete example showing all required policies with proper priority settings:

---
vxlan:
  policy:
    policies:
      # Leaf BGP AS Policies
      - name: bgp_as_policy_leaf
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.4"
      - name: bgp_as_policy_BL
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.5"
      - name: bgp_as_policy_BGW
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.22"

      # Spine Overlay Policy
      - name: ebgp_overlay_spine_all_neighbor_custom
        template_name: ebgp_overlay_spine_all_neighbor_custom
        template_vars:
          LEAF_IP_LIST: "10.12.0.249,10.12.0.199,10.12.0.198,10.12.0.254,10.12.0.253"
          INTF_NAME: "Loopback0"
          LEAF_ASNS: "65000.22,65000.4,65000.4,65000.5,65000.5"

      # Leaf Overlay Policy
      - name: ebgp_overlay_leaf_all_neighbor_custom
        template_name: ebgp_overlay_leaf_all_neighbor_custom
        template_vars:
          SPINE_IP_LIST: "10.12.0.229,10.12.0.239"
          INTF_NAME: "Loopback0"

    groups:
      - name: leaf_group
        policies:
          - name: bgp_as_policy_leaf
          - name: ebgp_overlay_leaf_all_neighbor_custom
      - name: leaf_border_group
        policies:
          - name: bgp_as_policy_BGW
          - name: ebgp_overlay_leaf_all_neighbor_custom
      - name: leaf_border_leaf
        policies:
          - name: bgp_as_policy_BL
          - name: ebgp_overlay_leaf_all_neighbor_custom
      - name: spine_group
        policies:
          - name: ebgp_overlay_spine_all_neighbor_custom

    switches:
      - name: S1-S1
        groups:
          - spine_group
      - name: S1-S2
        groups:
          - spine_group
      - name: S1-L1
        groups:
          - leaf_group
      - name: S1-L2
        groups:
          - leaf_group
      - name: S1-BL1
        groups:
          - leaf_border_leaf
      - name: S1-BL2
        groups:
          - leaf_border_leaf
      - name: S1-BGW1
        groups:
          - leaf_border_group