L3VPN with EVPN

L3VPN с EVPN (Ethernet VPN) и VXLAN для modern datacenter overlay networks с multi-tenancy.

Сценарий

Datacenter Fabric: Spine-leaf с VXLAN overlay
Multi-Tenant: Изоляция через VRF + VNI
BGP EVPN: Distributed control plane

Topology

     Spine-1          Spine-2
        │     BGP EVPN    │
     ┌──┴────────┬────────┴──┐
     │           │           │
   Leaf-1      Leaf-2      Leaf-3
   (VTEP)      (VTEP)      (VTEP)
     │           │           │
  Tenant-A   Tenant-B   Tenant-C

VyOS Leaf (VTEP) Configuration

# Loopback (VTEP source)
set interfaces loopback lo address '10.255.1.1/32'

# VXLAN Interface (VNI 2000)
set interfaces vxlan vxlan2000 source-address '10.255.1.1'
set interfaces vxlan vxlan2000 vni '2000'
set interfaces vxlan vxlan2000 parameters nolearning

# Bridge
set interfaces bridge br2000 member interface vxlan2000

# VRF для Tenant
set vrf name TENANT-A table '2000'
set interfaces bridge br2000 vrf 'TENANT-A'

# BGP EVPN
set protocols bgp system-as '65001'
set protocols bgp address-family l2vpn-evpn advertise-all-vni
set protocols bgp address-family l2vpn-evpn vni 2000
set protocols bgp neighbor 10.255.0.1 remote-as '65000'
set protocols bgp neighbor 10.255.0.1 address-family l2vpn-evpn activate

Spine Configuration

Spine роутеры работают как BGP Route Reflectors для EVPN routes.

set protocols bgp neighbor 10.255.1.0/24 address-family l2vpn-evpn route-reflector-client

Ссылки

Проверено OpenNix LLC · Обновлено 18, апреля 2026

L3VPN Hub-and-Spoke Zone-Based Firewall