Equal-Cost Multipath (ECMP) is fundamental to data center fabric design — it maximizes link utilization and builds in redundancy without complex failover logic. In an EVPN-VXLAN overlay, ECMP works at both the underlay (between leaf and spine switches) and the overlay (across multiple hypervisors hosting the same service).
This two-part series covers overlay ECMP using EVPN with VXLAN encapsulation in OcNOS. Part 1 establishes the topology and configuration for distributing traffic across multiple hypervisors. Part 2 extends this to advanced multi-hypervisor scenarios.
Data Center Clos Topology
How Overlay ECMP Works
In a standard EVPN-VXLAN fabric, each hypervisor advertises its locally hosted VMs via BGP EVPN. When multiple hypervisors host VMs with identical IP addresses (a common pattern for web-tier microservices with anycast VIPs), the leaf switches receive multiple EVPN route type-5 (IP prefix) advertisements for the same IP prefix — each from a different VTEP.
OcNOS installs all equal-cost VTEP routes as ECMP next-hops in the forwarding table. Ingress traffic is hashed across all VTEPs using a 5-tuple hash (source IP, destination IP, source port, destination port, protocol), distributing load without requiring a load balancer in the data path.
Underlay Configuration: BGP EVPN Spine
! OcNOS -- Spine-1: BGP Route Reflector for EVPN
!
router bgp 65000
bgp router-id 10.0.0.10
bgp cluster-id 10.0.0.10
!
! Reflect EVPN routes to all leaf peers
neighbor LEAF-PEERS peer-group
neighbor LEAF-PEERS remote-as 65000
neighbor LEAF-PEERS update-source lo
neighbor LEAF-PEERS route-reflector-client
!
neighbor 10.1.1.1 peer-group LEAF-PEERS ! Leaf-1
neighbor 10.1.1.2 peer-group LEAF-PEERS ! Leaf-2
neighbor 10.1.1.3 peer-group LEAF-PEERS ! Leaf-3
!
address-family l2vpn evpn
neighbor LEAF-PEERS activate
neighbor LEAF-PEERS route-reflector-client
exit-address-familyOverlay Configuration: EVPN-VXLAN on Leaf (OcNOS)
! OcNOS -- Leaf-1: EVPN-VXLAN with overlay ECMP
!
! Step 1: Configure VXLAN interface
interface vxlan1
vxlan local-tunnelip 10.1.1.1 ! VTEP IP (loopback)
vxlan vlan 100 vni 10100 ! VLAN 100 -> VNI 10100
!
! Step 2: BGP EVPN -- advertise and receive routes
router bgp 65000
bgp router-id 10.1.1.1
neighbor 10.0.0.10 remote-as 65000 ! Spine-1 (RR)
neighbor 10.0.0.10 update-source lo
neighbor 10.0.0.11 remote-as 65000 ! Spine-2 (RR)
neighbor 10.0.0.11 update-source lo
!
address-family l2vpn evpn
neighbor 10.0.0.10 activate
neighbor 10.0.0.11 activate
advertise-all-vni ! Auto-advertise all local VNIs
exit-address-family
!
! Step 3: Enable ECMP for VXLAN (allow multiple next-hops per prefix)
router bgp 65000
maximum-paths 8 ! Allow up to 8 ECMP paths
!
address-family l2vpn evpn
maximum-paths 8
exit-address-family
!
! Verify ECMP next-hops for IP-X (web service VIP):
show bgp l2vpn evpn route type prefix
! Expected: IP-X with next-hops pointing to VTEP 10.1.1.1, 10.1.1.2, 10.1.1.3
!
show vxlan fdb
show evpn vni detailVerifying ECMP Load Distribution
! OcNOS -- Verify overlay ECMP is active
!
! Check ECMP paths installed in FIB:
show ip route 192.168.100.10 ! IP-X address
! Expected output:
! B>* 192.168.100.10/32 [200/0] via 10.1.1.1 (vxlan), weight 1
! via 10.1.1.2 (vxlan), weight 1
! via 10.1.1.3 (vxlan), weight 1
!
! Check VXLAN tunnel statistics per VTEP:
show vxlan tunnel statistics
!
! Verify BGP EVPN route count:
show bgp l2vpn evpn summaryContinue with Part 2: Advanced multi-hypervisor ECMP scenarios, where we increase VM density per hypervisor and explore how OcNOS handles subnet advertisement changes.
IP Infusion Engineering Team