Wired Intelligent Edge (Campus Switching and Routing)

Frequent Contributor I

Campus VXLAN and EVPN Resilient Gateway Design

I'm investigating using VXLAN with EVPN in the campus to provide network segmentation, and not quite figured out the resilient gateway options, and I am new to VXLAN and EVPN with OS-CX.


The campus is a 3 tier design with 8325 VSX Pair at the distribution layer and 8400 single Cores, and dual active/active firewall within separate DCs as the Egress/Access point to the campus. Currently using a number of VRFs but what to provide support for VXLAN for tunnelling to different sites and different technology silos (Cloud, DC etc). Its a full BGP network to the distribution layer. 

I understand 

 - 8325 Supports VXLAN and EVPN

 - 8400 Supports VXLAN

 - OS-CX 10.5 adds Distributed Layer 3 gateways.


I am not clear on how to build a resilient handoff from the VXLAN tunnels to the firewall, the gateway would need to be present on both gateways/border leafs within each DC, having tried in the LAB, its the hand-off I cant master. 


My current thinking is these border leafs would act as the route-reflectors for the EVPN, and with each pod of leaf switches having EVPN peerings.


I understand L3 Distributed Gateways allows in or local rack routing for more optimal traffic paths, which is different from what am I looking for?


I have a Lab which I proved L2 EVPN connectivity, just not figured out the dual-site EVPN handoff to the firewall. 


Has anybody built or can help point me in the different of examples?






MVP Guru

Re: Campus VXLAN and EVPN Resilient Gateway Design

Could you please fist go to these resources:



And you will find a lot that will answer part of your question.

Then please go back to the thread for updated questions you may have.


Search Airheads
Showing results for 
Search instead for 
Did you mean: