Skip to content


Tutorial name L2 EVPN-VXLAN with SR Linux
Lab components 3 SR Linux nodes
Resource requirements 2vCPU
6 GB
Containerlab topology file evpn01.clab.yml
Lab name evpn01
Packet captures EVPN IMET routes exchange, RT2 routes exchange with ICMP in datapath
Main ref documents RFC 7432 - BGP MPLS-Based Ethernet VPN
RFC 8365 - A Network Virtualization Overlay Solution Using Ethernet VPN (EVPN)
Nokia 7220 SR Linux Advanced Solutions Guide
Nokia 7220 SR Linux EVPN-VXLAN Guide
Version information1 containerlab:0.48.6, srlinux:23.10.1, docker-ce:23.0.3

Ethernet Virtual Private Network (EVPN) is a standard technology in multi-tenant Data Centers (DCs) and provides a control plane framework for many functions.
In this tutorial we will configure a VXLAN based Layer 2 EVPN service3 in a tiny CLOS fabric and at the same get to know SR Linux better!

The DC fabric that we will build for this tutorial consists of the two leaf switches (acting as Top-Of-Rack) and a single spine:

The two servers are connected to the leafs via an L2 interface. Service-wise the servers will appear to be on the same L2 network by means of the deployed EVPN Layer 2 service.

The tutorial will consist of the following major parts:

  • Fabric configuration - here we will configure the routing protocol in the underlay of a fabric to advertise the Virtual Tunnel Endpoints (VTEP) of the leaf switches.
  • EVPN configuration - this chapter is dedicated to the EVPN service configuration and validation.

Lab deployment#

To let you follow along the configuration steps of this tutorial we created a lab that you can deploy on any Linux VM:

The containerlab file that describes the lab topology is referenced below in full:

name: evpn01


      kind: nokia_srlinux
      type: ixrd2
      kind: nokia_srlinux
      type: ixrd2
      kind: nokia_srlinux
      type: ixrd3
      kind: linux
        - ip link set address 00:c1:ab:00:00:01 dev eth1
        - ip addr add dev eth1
      kind: linux
        - ip link set address 00:c1:ab:00:00:02 dev eth1
        - ip addr add dev eth1

    # inter-switch links
    - endpoints: ["leaf1:e1-49", "spine1:e1-1"]
    - endpoints: ["leaf2:e1-49", "spine1:e1-2"]
    # server links
    - endpoints: ["srv1:eth1", "leaf1:e1-1"]
    - endpoints: ["srv2:eth1", "leaf2:e1-1"]

Save2 the contents of this file under evpn01.clab.yml name and you are ready to deploy:

$ containerlab deploy -t evpn01.clab.yml
INFO[0000] Containerlab v0.48.6 started
INFO[0000] Parsing & checking topology file: evpn01.clab.yml 
INFO[0005] Creating lab directory: /root/srl-labs/learn-srlinux/clab-evpn01 
INFO[0005] Creating container: "srv2"
INFO[0005] Creating container: "srv1"
INFO[0005] Creating container: "spine1"
INFO[0005] Creating container: "leaf1"
INFO[0005] Creating container: "leaf2"
INFO[0006] Creating virtual wire: srv2:eth1 <--> leaf2:e1-1 
INFO[0006] Creating virtual wire: leaf2:e1-49 <--> spine1:e1-2 
INFO[0006] Creating virtual wire: leaf1:e1-49 <--> spine1:e1-1 
INFO[0006] Creating virtual wire: srv1:eth1 <--> leaf1:e1-1 
INFO[0007] Running postdeploy actions for Nokia SR Linux 'spine1' node 
INFO[0007] Running postdeploy actions for Nokia SR Linux 'leaf1' node 
INFO[0007] Running postdeploy actions for Nokia SR Linux 'leaf2' node 
INFO[0021] Adding containerlab host entries to /etc/hosts file 
| # |        Name        | Container ID |              Image              |     Kind      |  State  |  IPv4 Address  |     IPv6 Address     |
| 1 | clab-evpn01-leaf1  | 4ce85e340ec6 |   | nokia_srlinux | running | | 2001:172:20:20::6/64 |
| 2 | clab-evpn01-leaf2  | a1418eac3df2 |   | nokia_srlinux | running | | 2001:172:20:20::4/64 |
| 3 | clab-evpn01-spine1 | 9470a89b9482 |   | nokia_srlinux | running | | 2001:172:20:20::8/64 |
| 4 | clab-evpn01-srv1   | 58d90a107c94 | | linux         | running | | 2001:172:20:20::7/64 |
| 5 | clab-evpn01-srv2   | 2a63a6135a9c | | linux         | running | | 2001:172:20:20::5/64 |

A few seconds later containerlab finishes the deployment with providing a summary table that outlines connection details of the deployed nodes. In the "Name" column we have the names of the deployed containers and those names can be used to reach the nodes, for example to connect to the SSH of leaf1:

# default credentials admin:NokiaSrl1!
ssh clab-evpn01-leaf1

With the lab deployed we are ready to embark on our learn-by-doing EVPN configuration journey!


We advise the newcomers not to skip the Configuration Basics Guide as it provides just enough details to survive in the configuration waters we are about to get in.

  1. the following versions have been used to create this tutorial. The newer versions might work, but if they don't, please pin the version to the mentioned ones. 

  2. Or download it with curl -LO 

  3. Per RFC 8365 & RFC 7432