I'm investigating using VXLAN with EVPN in the campus to provide network segmentation, and not quite figured out the resilient gateway options, and I am new to VXLAN and EVPN with OS-CX.
The campus is a 3 tier design with 8325 VSX Pair at the distribution layer and 8400 single Cores, and dual active/active firewall within separate DCs as the Egress/Access point to the campus. Currently using a number of VRFs but what to provide support for VXLAN for tunnelling to different sites and different technology silos (Cloud, DC etc). Its a full BGP network to the distribution layer.
I understand
- 8325 Supports VXLAN and EVPN
- 8400 Supports VXLAN
- OS-CX 10.5 adds Distributed Layer 3 gateways.
I am not clear on how to build a resilient handoff from the VXLAN tunnels to the firewall, the gateway would need to be present on both gateways/border leafs within each DC, having tried in the LAB, its the hand-off I cant master.
My current thinking is these border leafs would act as the route-reflectors for the EVPN, and with each pod of leaf switches having EVPN peerings.
I understand L3 Distributed Gateways allows in or local rack routing for more optimal traffic paths, which is different from what am I looking for?
I have a Lab which I proved L2 EVPN connectivity, just not figured out the dual-site EVPN handoff to the firewall.
Has anybody built or can help point me in the different of examples?
Thanks