EVPN with DCNM

After working with ACI for some time I did not have access to a full ACI lab, besides devnet sandbox or dcloud. I wanted to better understand the workings of the fabric. Unlike ACI, building a fabric using DCNM or manually provides the workings of an EVPN fabric, but security needs to be stitched manually. ACI provides this inherently a whitelist model (implicit deny).

The following lab uses Cisco Nexus 9000v, Windows 10 (EVE) and FortiGates in Active/Active mode. Using the following lab I am able to configure a fully functional lab, some things are not configurable due to 9000v limitations.

Using DCNM it helps build the topology while being able to review configurations for deeper study. Attached to the lab are the configs.

LAB:

Requirements:

(4) Nexus 9000v 9.3(4)

(1) DCNM 11.3.1 (runs directly on ESXi)

(2) Fortigate 6.4.0 (KVM)

(2) Windows 10 (VM's in EVE)

Below are routes from the lab, showing layer 3 and layer 2 services. In this lab I could not add additional leafs without exhausting EVE, but still able to test and view routes and BGP EVPN output and better understand the flow.

Attached are lab configs for all 9K's and Fortigates

Next steps, a bit of automation, more learning......... TO BE CONTINUED