Cisco EVN (Easy Virtual Network)

ReneMolenaar · December 27, 2016, 5:47pm

This topic is to discuss the following lesson:

singhronie · March 13, 2015, 9:17am

Hi Rene,

You have uploaded Frame-Relay tutorial under EVN. Please re-upload the correct one.

Best Regards,
Ronnie

ReneMolenaar · March 14, 2015, 4:44pm

Hi Ronie,

You beat me to it…I published the post so I could link to it from the VRF lite post. Anyway I wrote it now and it’s online…hope you like it!

Rene

email · March 23, 2015, 12:12pm

Hi Rene,

Really good explanation. VRF lite as DMVPN is new in CCNP route, so it’s good to learn about it. Thanks for your work.

However, are you going to update your CCNP books? Because I’d like to buy them, thanks to your straightforward explanation.

Regards,

Daniel B.

ReneMolenaar · March 27, 2015, 5:32pm

Hi Daniel,

Glad to hear you like it. The books are up-to-date btw, all 3 of them.

Rene

johnfrades · August 9, 2015, 4:32pm

awesome i never thought i would understand EVN this easily…

i have one question Rene, on ISP1, when you show the route of RED and BLUE, it doesnt know the OSPF route to GREEN, but when you show the route of GREEN, it knows the route to RED and BLUE?
they all have the same config, you just route replicate from GREEN to BLUE and RED, then route replicate from BLUE and RED to GREEN. you still not use the redistribution but GREEN knows the OSPF route? whilst the BLUE and RED didnt know, thats why you ran the Redistribution process, so Red and BLUE now knows the ospf route to Green.

johnfrades · August 9, 2015, 4:44pm

ohh now i understand why is that. sorry for this post, i just observed the ip routes of different vrfs and now i understand.

thanks for this awesome lesson!

marty.stoyanoff · September 6, 2015, 2:34pm

Thank you Rene.
Also you can try from one of the ISP routers to run “show ip ospf route”. It gives you the best route to a destination, next hop, outgoing subinterface, how many time SPF was executed, etc…

Best, MS

ReneMolenaar · September 6, 2015, 4:47pm

Hi Marty,

That’s a very useful command indeed.

Rene

joe1664 · December 6, 2015, 10:31pm

Simply Awesome! Your lessons are articulate and useful. Thank You Rene.

siva.vadakandara · January 13, 2016, 3:04am

Rene: This is an excellent post. Pretty clear and straightforward. Thanks for the knowledge.

On a side note, i think we can avoid configuring OSPF instance 3 in VRF Green, if we would like to redistribute “connected” subnets into RED and BLUE while replicating routes. I mean as below

router ospf 1 vrf RED
redistribute vrf SHARED_INFRA connected.

I tried and this works. Let me know if this is not valid of applying ? Thanks again.

ReneMolenaar · January 13, 2016, 2:48pm

Hi Siva,

That sounds like a valid solution yes.

Rene

nandakm · June 1, 2016, 6:53am

Rene, great tutorial ! Is there a way i could find the configs text for all the routers ?

ReneMolenaar · June 1, 2016, 10:47am

For sure, I just added the configs.

chihchengk · October 20, 2016, 10:38pm

Hi Rene,

ISP1#show ip routes vrf Blue
....
L   +    192.168.2.254 is directly connected, GigabitEthernet2

why it shows 192.168.2.254 (in vrf RED)? Is it from vrf GREEN route-replicate?

ReneMolenaar · October 30, 2016, 11:45am

Hi Collin,

That’s right, it’s a little side effect of replicating everything. All routes are replicated from blue/red to green and vice versa.

To solve this, it’s better to use a route-map to define what should/shouldn’t be replicated:

ISP1(config-vrf-af)#route-replicate from vrf Green unicast all route-map RED_PREFIXES

Rene

stanislav.pilat · January 15, 2017, 2:38pm

Hello,
really nice explanation. Thanks for it.

I have one question about config:
Lets say i dont want to use EVN to configure trunk between ISP1 and ISP2. How does the router know it shloud use VRF Blue with tag 10 and not 20?
Is there another command to use?

Thanks you

ReneMolenaar · January 17, 2017, 2:21pm

EVN only knows what tags to use since we configured the tags on the VRFs.

Also, it basically only does this for us:

interface GigabitEthernet3.10
 description Subinterface for VNET Blue
 encapsulation dot1Q 10
 vrf forwarding Blue
 ip address 192.168.56.5 255.255.255.0

The sub-interface above was created by EVN. If you don’t want to use EVN, you could configure sub-interfaces like this yourself.

stanislav.pilat · January 17, 2017, 2:36pm

OK, thanks… now it is clear for me because we configure VRF and tag under interface configuration That is i was confused about.

don.p.maker · May 5, 2017, 1:42am

I can’t seem to get an ospf neighborship across the evn trunk. I’ve looked over my config 3 or 4 times and cannot figure out why.

Blue1#sh run
Building configuration...

Current configuration : 1229 bytes
!
! Last configuration change at 01:20:27 UTC Fri May 5 2017
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname Blue1
!
boot-start-marker
boot-end-marker
!
!
no logging console
!
no aaa new-model
!
!
!
!         
!
!
!
!
!



!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9J8YYZOLADL
!
spanning-tree extend system-id
!
!
redundancy
!
!
!
!         
!
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
! 
! 
! 
! 
! 
! 
!
!         
interface GigabitEthernet1
 ip address 192.168.1.1 255.255.255.0
 negotiation auto
!
interface GigabitEthernet2
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet3
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet4
 no ip address
 shutdown
 negotiation auto
!
router ospf 1
 network 192.168.1.0 0.0.0.255 area 0
!
!         
virtual-service csr_mgmt
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
 !
 !
 !
 !
!
!
!
!
alias exec srs sh run | s router
!         
line con 0
 stopbits 1
line vty 0
 login
line vty 1
 login
 length 0
line vty 2 4
 login
!
!
end

Blue1#              



Red1#sh run
Building configuration...

Current configuration : 1228 bytes
!
! Last configuration change at 01:23:05 UTC Fri May 5 2017
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname Red1
!
boot-start-marker
boot-end-marker
!
!
no logging console
!
no aaa new-model
!
!
!
!         
!
!
!
!
!



!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 97QJRXFRQP2
!
spanning-tree extend system-id
!
!
redundancy
!
!
!
!         
!
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
! 
! 
! 
! 
! 
! 
!
!         
interface GigabitEthernet1
 ip address 192.168.2.2 255.255.255.0
 negotiation auto
!
interface GigabitEthernet2
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet3
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet4
 no ip address
 shutdown
 negotiation auto
!
router ospf 2
 network 192.168.2.0 0.0.0.255 area 0
!
!         
virtual-service csr_mgmt
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
 !
 !
 !
 !
!
!
!
!
alias exec srs sh run | s router
!         
line con 0
 stopbits 1
line vty 0
 login
line vty 1
 login
 length 0
line vty 2 4
 login
!
!
end

Red1#     



ISP1#sh run
Building configuration...

Current configuration : 1676 bytes
!
! Last configuration change at 01:32:03 UTC Fri May 5 2017
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname ISP1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Blue
 vnet tag 10
 !
 address-family ipv4
 exit-address-family
!
vrf definition Red
 vnet tag 20
 !
 address-family ipv4
 exit-address-family
!
no logging console
!
no aaa new-model
!
!
!
!
!
!
!
!
!



!
!
!         
!
!
!
!
!
!
!
subscriber templating
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!         
!
!
license udi pid CSR1000V sn 9DJH6OB907Y
!
spanning-tree extend system-id
!
!
redundancy
!
!
!
!
!
!
! 
!
!
!
!
!
!
!
!         
!
!
!
!
! 
! 
! 
! 
! 
! 
!
!
interface GigabitEthernet1
 vrf forwarding Blue
 ip address 192.168.1.254 255.255.255.0
 negotiation auto
!
interface GigabitEthernet2
 vrf forwarding Red
 ip address 192.168.2.254 255.255.255.0
 negotiation auto
!
interface GigabitEthernet3
 vnet trunk
 ip address 192.168.56.5 255.255.255.0
 negotiation auto
!
interface GigabitEthernet4
 no ip address
 shutdown
 negotiation auto
!
router ospf 1 vrf Blue
 network 192.168.1.0 0.0.0.255 area 0
 network 192.168.56.0 0.0.0.255 area 0
!
router ospf 2 vrf Red
 network 192.168.2.0 0.0.0.255 area 0
 network 192.168.56.0 0.0.0.255 area 0
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
 !
 !
 !
 !
!
!
!
!
alias exec dc3 show derived-config | b GigabitEthernet3
alias exec srs sh run | s router
!
line con 0
 stopbits 1
line vty 0
 login    
line vty 1
 login
 length 0
line vty 2 4
 login
!
!
end

ISP1#          

ISP2#sh run
Building configuration...

Current configuration : 1657 bytes
!
! Last configuration change at 01:39:55 UTC Fri May 5 2017
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname ISP2
!
boot-start-marker
boot-end-marker
!
!
vrf definition Blue
 vnet tag 10
 !
 address-family ipv4
 exit-address-family
!
vrf definition Red
 vnet tag 20
 !
 address-family ipv4
 exit-address-family
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!



!
!
!
!         
!
!
!
!
!
!
subscriber templating
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!         
!
license udi pid CSR1000V sn 98KHYWG4AV9
!
spanning-tree extend system-id
!
!
redundancy
!
!
!
!
!
!
! 
!
!
!
!
!
!
!
!
!         
!
!
!
! 
! 
! 
! 
! 
! 
!
!
interface GigabitEthernet1
 vrf forwarding Blue
 ip address 192.168.3.254 255.255.255.0
 negotiation auto
!
interface GigabitEthernet2
 vrf forwarding Red
 ip address 192.168.4.254 255.255.255.0
 negotiation auto
!
interface GigabitEthernet3
 vnet trunk
 ip address 192.168.56.6 255.255.255.0
 negotiation auto
!
interface GigabitEthernet4
 no ip address
 shutdown
 negotiation auto
!
router ospf 1 vrf Blue
 network 192.168.3.0 0.0.0.255 area 0
 network 192.168.56.0 0.0.0.255 area 0
!
router ospf 2 vrf Red
 network 192.168.4.0 0.0.0.255 area 0
 network 192.168.56.0 0.0.0.255 area 0
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
 !
 !
 !
 !
!
!
!
!
alias exec dc3 show derived-config | b GigabitEthernet3
alias exec srs sh run | s router
!
line con 0
 stopbits 1
line vty 0
 login
line vty 1
 login
 length 0
line vty 2 4
 login
!
!
end

ISP2#   

Blue2#sh run
Building configuration...

Current configuration : 1229 bytes
!
! Last configuration change at 01:23:16 UTC Fri May 5 2017
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname Blue2
!
boot-start-marker
boot-end-marker
!
!
no logging console
!
no aaa new-model
!
!
!
!         
!
!
!
!
!



!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 91RY9ZNDXH1
!
spanning-tree extend system-id
!
!
redundancy
!
!
!
!         
!
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
! 
! 
! 
! 
! 
! 
!
!         
interface GigabitEthernet1
 ip address 192.168.3.3 255.255.255.0
 negotiation auto
!
interface GigabitEthernet2
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet3
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet4
 no ip address
 shutdown
 negotiation auto
!
router ospf 1
 network 192.168.3.0 0.0.0.255 area 0
!
!         
virtual-service csr_mgmt
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
 !
 !
 !
 !
!
!
!
!
alias exec srs sh run | s router
!         
line con 0
 stopbits 1
line vty 0
 login
line vty 1
 login
 length 0
line vty 2 4
 login
!
!
end

Blue2#          


Red2#sh run
Building configuration...

Current configuration : 1228 bytes
!
! Last configuration change at 01:23:20 UTC Fri May 5 2017
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname Red2
!
boot-start-marker
boot-end-marker
!
!
no logging console
!
no aaa new-model
!
!
!
!         
!
!
!
!
!



!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9XQ8OPC55ZT
!
spanning-tree extend system-id
!
!
redundancy
!
!
!
!         
!
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
! 
! 
! 
! 
! 
! 
!
!         
interface GigabitEthernet1
 ip address 192.168.4.4 255.255.255.0
 negotiation auto
!
interface GigabitEthernet2
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet3
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet4
 no ip address
 shutdown
 negotiation auto
!
router ospf 2
 network 192.168.4.0 0.0.0.255 area 0
!
!         
virtual-service csr_mgmt
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
 !
 !
 !
 !
!
!
!
!
alias exec srs sh run | s router
!         
line con 0
 stopbits 1
line vty 0
 login
line vty 1
 login
 length 0
line vty 2 4
 login
!
!
end

Red2#