- Introduction
- Get Started
- play_arrow Apstra GUI
- play_arrow Blueprints and Dashboard
- play_arrow Analytics (Blueprints)
- Analytics Introduction
- play_arrow Dashboards
- play_arrow Anomalies
- play_arrow Widgets
- play_arrow Probes
- play_arrow Predefined Reports (Tech Preview)
- play_arrow Root Causes
- play_arrow Staged (Datacenter Blueprints)
- Blueprint-Wide Search
- play_arrow Physical
- play_arrow Build
- play_arrow Selection
- play_arrow Topology
- play_arrow Nodes
- Nodes (Datacenter)
- Unassign Device (Datacenter)
- Update Deploy Mode (Datacenter)
- Generic Systems vs. External Generic Systems
- Create Generic System
- Create External Generic System
- Create Access Switch
- Update Node Tag (Datacenter)
- Update Port Channel ID Range
- Update Hostname (Datacenter)
- Edit Generic System Name
- Edit Device Properties (Datacenter)
- View Node's Static Routes
- Delete Node
- play_arrow Links
- Links (Datacenter)
- Add Links to Leaf
- Add Links to Spine
- Add Links to Generic System
- Add Links to External Generic System
- Add Leaf Peer Links
- Add Link per Superspine (5-Stage)
- Form LAG
- Create Link in LAG
- Break LAG
- Update LAG Mode
- Update Link Tag (Datacenter)
- Update Link Speed
- Update Link Speed per Superspine (5-Stage)
- Mixed Link Speeds between Leaf and Spine
- Update Link Properties
- Delete Link (Datacenter)
- Export Cabling Map (Datacenter)
- Import Cabling Map (Datacenter)
- Edit Cabling Map (Datacenter)
- Fetch LLDP Data (Datacenter)
- play_arrow Interfaces
- play_arrow Racks
- play_arrow Pods
- play_arrow Planes
-
- play_arrow Virtual
- play_arrow Virtual Networks
- play_arrow Routing Zones
- Static Routes (Virtual)
- Protocol Sessions (Virtual)
- play_arrow Virtual Infrastructure
- play_arrow Statistics
-
- play_arrow Policies
- play_arrow Endpoints
- Security Policies
- Interface Policies
- Routing Policies
- Routing Zone (VRF) Constraints
- play_arrow Routing Zone Policy (4.2.0)
-
- play_arrow Data Center Interconnect (DCI)
- play_arrow Catalog
- play_arrow Logical Devices
- play_arrow Interface Maps
- play_arrow Property Sets
- play_arrow Configlets
- play_arrow AAA Servers
- play_arrow Tags
-
- play_arrow Tasks
- play_arrow Connectivity Templates
- Connectivity Templates Introduction
- play_arrow Primitives
- Primitive: Virtual Network (Single)
- Primitive: Virtual Network (Multiple)
- Primitive: IP Link
- Primitive: Static Route
- Primitive: Custom Static Route
- Primitive: BGP Peering (IP Endpoint)
- Primitive: BGP Peering (Generic System)
- Primitive: Dynamic BGP Peering
- Primitive: Routing Policy
- Primitive: Routing Zone Constraint
- User-defined
- Pre-defined
- Create Connectivity Template for Multiple VNs on Same Interface (Example)
- Create Connectivity Template for Layer 2 Connected External Router (Example)
- Update Connectivity Template Assignments
- Edit Connectivity Template
- Delete Connectivity Template
- play_arrow Fabric Settings (4.2.1)
- play_arrow Fabric Policy (4.2.1)
- play_arrow Severity Preferences (4.2.1)
-
- play_arrow Fabric Settings (4.2.0)
- play_arrow Fabric Policy (4.2.0)
- play_arrow Virtual Network Policy (4.2.0)
- play_arrow Anti-Affinity Policy (4.2.0)
- play_arrow Validation Policy (4.2.0)
-
- BGP Route Tagging
- play_arrow Staged (Freeform Blueprints)
- Freeform Introduction
- play_arrow Blueprints
- play_arrow Physical
- play_arrow Selection
- play_arrow Topology
- play_arrow Systems
- Systems Introduction (Freeform)
- Create Internal System (Freeform)
- Create External System (Freeform)
- Update Config Template Assignment (Freeform)
- Update System Name (Freeform)
- Update Hostname (Freeform)
- Update Device Profile Assignment (Freeform)
- Update System ID Assignment (Freeform)
- Update Deploy Mode (Freeform)
- Update System Tag Assignment (Freeform)
- Delete System (Freeform)
- Device Context (Freeform)
- play_arrow Links
-
- play_arrow Resource Management
- Resource Management Introduction (Freeform)
- play_arrow Blueprint Resources
- play_arrow Allocation Groups
- play_arrow Local Pools
- play_arrow Catalog
- play_arrow Config Templates
- play_arrow Device Profiles
- play_arrow Property Sets
- play_arrow Tags
-
- play_arrow Tasks
- play_arrow Uncommitted (Blueprints)
- play_arrow Active (Datacenter Blueprints)
- play_arrow Time Voyager (Blueprints)
- play_arrow Devices
- Device Configuration Lifecycle
- play_arrow Managed Devices
- play_arrow System Agents
- play_arrow Pristine Config
- play_arrow Telemetry
- play_arrow Apstra ZTP
- Apstra ZTP Introduction
- Create User Profile for Communicating with ZTP Server
- Download and Deploy Apstra ZTP Server VM
- Configure Static Management IP Address for Apstra ZTP Server
- Replace SSL Certificate for Apstra ZTP Server GUI
- Configure Credentials for Apstra ZTP Server GUI
- Create Vendor-specific Custom Configuration
- Configure Apstra Server Connection Details
- Configure DHCP Server for Apstra ZTP
- ztp.json Keys
- Configure ztp.json with Configurator
- Configure ztp.json with CLI
- Onboard Devices with Apstra ZTP
- Check ZTP Status of Devices and Services
- Reset Apstra ZTP GUI Admin Password
- play_arrow Device Profiles
- play_arrow Design
- play_arrow Logical Devices
- play_arrow Interface Maps
- play_arrow Rack Types
- play_arrow Templates
- play_arrow Config Templates
- play_arrow Configlets (Datacenter)
- play_arrow Property Sets (Datacenter)
- play_arrow TCP/UDP Ports
- play_arrow Tags
-
- play_arrow Resources
- play_arrow Analytics
- play_arrow Apstra Flow
- Apstra Flow Introduction
- System Requirements
- play_arrow Dashboards
- play_arrow Supported Flow Records
- play_arrow Flow Enrichment
- play_arrow Monitor Flow Data
- play_arrow Configuration Reference
- play_arrow API
- play_arrow Additional Documentation
- play_arrow Knowledge Base
-
- play_arrow External Systems (RBAC Providers)
- play_arrow Providers
- play_arrow Provider Role Mapping
-
- play_arrow Platform
- play_arrow User / Role Management
- play_arrow Security
- Syslog Configuration (Platform)
- Receivers (Platform)
- Global Statistics (Platform)
- Event Log (Audit Log)
- play_arrow Apstra VM Clusters
- play_arrow Developers
- play_arrow Technical Support
- Check Apstra Versions and Patent Numbers
-
- Favorites & User
- play_arrow Apstra Server Management
- Apstra Server Introduction
- Monitor Apstra Server via CLI
- Restart Apstra Server
- Reset Apstra Server VM Password
- Reinstall Apstra Server
- Apstra Database Overview
- Back up Apstra Database
- Restore Apstra Database
- Reset Apstra Database
- Migrate Apstra Database
- Replace SSL Certificate on Apstra Server with Signed One
- Replace SSL Certificate on Apstra Server with Self-Signed One
- Change Apstra Server Hostname
- Apstra CLI Utility
- play_arrow Guides
Apstra EVPN Support Addendum
When deploying EVPN on Apstra-supported devices and NOSs, be aware of several caveats and limitations. Even though EVPN is a standard, vendors implement protocols in very different manners. Also, different ASICs support varying feature sets that impact EVPN BGP VXLAN implementations (Routing In and Out of Tunnels (RIOT) for example). The following sections describe supported EVPN deployment implementations.
Qualified Vendor and NOS
Apstra software supports EVPN on the following hardware. For recommended NOS versions, see Qualified Device and NOS.
Hardware ASIC Support
Apstra supports EVPN on the following hardware ASICs:
Arista DCS 7280SE with Arad chipset
Cisco Cloudscale
Mellanox Spectrum A1
Trident Trident2 (see below)
Trident Trident2+ (see below)
Trident Trident3 (see below)
Trident Tomahawk (see below)
Juniper Q5
| ASIC | Example Switches | Notes |
|---|---|---|
| Arista Trident2 | Arista DCS-7050 | Can use as Spine, Leaf, or Border Leaf. Must set up EOS Recirculation interface(s) to use as a Layer3 Leaf (see Arista VXLAN documentation for more information). |
| Arista Trident3 | DCS-7050CX3 | Can use as Spine, Leaf, or Border Leaf. |
| Arista XP80 | Arista DCS-7160 | Ca use as Spine, Leaf, or Border Leaf. |
| Arista Jericho | DCS-7280R | Can use as Spine, Leaf, or Border Leaf. |
| Cisco Cloudscale | Cisco 93180YC-EX | Can use as Spine, Leaf, or Border Leaf |
| Cisco Trident2 with ALE | Cisco 9396PX, 9372PX, 9332PQ, 9504 | Can use as Spine, Leaf, or Border Leaf (see TCAM Carving in NXOS section). |
| Cisco Trident2+ | Cisco 3132Q-V | Can't use as Border Leaf |
| Juniper Q5 | Juniper QFX10002 | Can use as Spine, Leaf, or Border Leaf |
| Juniper Trident2 | Juniper QFX5100 | Can use as Spine or Layer2 Leaf |
| Juniper Trident2+ | Juniper QFX5110 | Can use as Spine, Leaf, or Border Leaf |
| Juniper Trident3 | Juniper QFX5120 | Can use as Spine, Leaf, or Border Leaf |
For recommended NOS versions, refer to Qualified Devices and NOS <device_support>.
Limitations
EVPN Layer2 Limitations
- VLAN (Rack-local) Virtual networks must be in the default routing zone.
- VxLAN (Inter-rack) Virtual networks can't be part of the default routing zone.
EVPN Layer3 Limitations
- Generic systems with BGP peering to non-default routing zones must connect to leaf devices.
- Generic systems with BGP peering only to the default routing zone can connect to leaf devices, spine devices or superspine devices.
- Multi-zone security segmentations only support up to 16 routing zones (VRFs) on Arista (HW Limitation)
- Inter routing zone (VRF) routing must be handled on a generic system (EVPN type 5 route leaking)
- All BGP sessions and loopback addresses are part of the default routing zone.
TCAM Carving in NX-OS
To successfully deploy EVPN on Cisco Nexus devices other then Cisco Cloudscale, you must first configure Cisco NXOS TCAM carving. These other devices may include Cisco NXOSv, or Cisco Nexus "Trident2" devices such as 9396PX, 9372PX, 9332PQ, or 9504. On Cisco NXOS the ARP Suppression feature is used in order to minimize ARP flooding.
For details, see Juniper Support Knowledge Base article KB36733
Before installing the device agent, we recommend that you apply TCAM Carving during device management setup or during Cisco Power-on Auto Provisioning (POAP). TCAM Carving requires a device reboot.
Alternatively, you can apply TCAM Carving with configlets when you deploy the blueprint. You must manually reboot devices.
Use show hardware access-list tcam region to show and verify
TCAM allocation on Cisco NX-OS.
Cisco NXOSv TCAM Carving
hardware access-list tcam region vacl 0 hardware access-list tcam region racl 0 hardware access-list tcam region arp-ether 256
no hardware access-list tcam region arp-ether 256 no hardware access-list tcam region racl 0 no hardware access-list tcam region vacl 0
Cisco Trident2 TCAM Carving
hardware access-list tcam region l3qos 0 hardware access-list tcam region arp-ether 256 double-wide
no hardware access-list tcam region l3qos 0 no hardware access-list tcam region arp-ether 256 double-wide
Arista EOS VxLAN Routing
- Recirculation Interface for Arista Trident2 Devices
- VxLAN Routing System Profile for Arista Jericho Devices
- VxLAN Routing Profile for Arista Arad Devices
Recirculation Interface for Arista Trident2 Devices
VxLAN Routing for Trident2 devices (for example, 7050QX-32) is supported but requires assigning EOS recirculation interfaces to unused physical interfaces on the device. You can use configlets to deploy this to all devices that require this configuration.
interface Recirc-Channel501 switchport recirculation features vxlan interface Ethernet35 traffic-loopback source system device mac channel-group recirculation 501 interface Ethernet36 traffic-loopback source system device mac channel-group recirculation 501
interface Ethernet35 no traffic-loopback source system device mac no channel-group recirculation 501 interface Ethernet36 no traffic-loopback source system device mac no channel-group recirculation 501 no interface Recirc-Channel501
VxLAN Routing System Profile for Arista Jericho Devices
We recommend when using VxLAN Routing for Jericho devices (for example, 7280SR-48C6) that you assign EOS VxLAN Routing System Profile on the device.
Before installing the device agent, we recommend that you apply the Arista TCAM system profile during the device management setup or during Arista Zero-Touch Provisioning (ZTP). TCAM system profile requires a device reboot.
Alternatively, you can use configlets to deploy this to all devices requiring this configuration and manually reboot the devices.
hardware tcam system profile vxlan-routing
hardware tcam no system profile vxlan-routing
VxLAN Routing Profile for Arista Arad Devices
We recommend when using VxLAN Routing for Arista Arad devices (for example, on 7280SE platform) that you assign EOS VxLAN Routing Profile on the device.
Before installing the device agent, we recommend that you apply the Arista TCAM system profile during the device management setup or during Arista Zero-Touch Provisioning (ZTP). TCAM system profile requires a device reboot.
Alternatively, you can use configlets to deploy this to all devices requiring this configuration and manually reboot the devices.
hardware tcam profile vxlan-routing
Graph Node VTEP Types
Unicast VTEPs
Unicast VTEPs do not apply to Arista.
Cisco Unicast VTEPs - Vendor Definition: Anycast VTEP
Apstra IP Allocation
Unique per leaf in MLAG pair
Not allocated to singleton switches
MLAG Configuration
interface loopback1 IP address 10.0.0.1/32 IP address 10.0.0.3/32 secondary interface nve1 source-interface loopback1
interface loopback1 IP address 10.0.0.2/32 IP address 10.0.0.3/32 secondary interface nve1 source-interface loopback1
Single Switch Configuration
interface loopback1 IP address 10.0.0.1/32 interface nve1 source-interface loopback1
Logical VTEPs
Arista Logical VTEPs
Apstra IP Allocation
Logical VTEP configured as primary IP on loopback1 interface for both MLAG and singleton switches
All top of rack nodes share same logical VTEP IP:
- MLAG leaf devices share same logical VTEP IP
- Singleton leaf device gets its own VTEP IP
MLAG Configuration
interface loopback1 IP address: 10.0.0.1/32 IP address: 10.0.0.4/32 secondary interface vxlan1 vxlan source-interface loopback1
interface loopback1 IP address: 10.0.0.1/32 IP address: 10.0.0.4/32 secondary interface vxlan1 vxlan source-interface loopback1
Single Switch Configuration
interface loopback1 IP address: 10.0.0.5/32 IP address 10.0.0.4/32 secondary interface vxlan1 vxlan source-interface loopback1
Anycast VTEP
Anycast VTEPs do not apply to Cisco.
Arista Anycast VTEPs
Apstra IP Allocation
One anycast VTEP for entire blueprint, shared between all Arista leaf devices
Configured as secondary IP on loopback1 interface
MLAG Configuration
interface loopback1 IP address 10.0.0.1/32 IP address 10.0.0.5/32 secondary interface vxlan1 vxlan source-interface loopback1
interface loopback1 IP address 10.0.0.1/32 IP address 10.0.0.5/32 secondary interface vxlan1 vxlan source-interface loopback1
Single Switch Configuration
interface loopback1 IP address 10.0.0.5/32 IP address 10.0.0.4/32 secondary interface vxlan1 vxlan source-interface loopback1
