BGP EVPN Route Types 1–5: What They Are and What They Do
Why Route Types Matter
BGP EVPN is the control plane for VXLAN fabrics. Its job is to distribute reachability information — not just IP prefixes (like standard BGP), but MAC addresses, IP-to-MAC bindings, VTEP locations, and multi-homing state. Different types of information need different BGP message formats, which is why EVPN defines multiple route types.
RFC 7432 defines the core EVPN route types. RFC 8365 extends these for VXLAN overlay deployments. Understanding each route type tells you exactly what a VTEP is communicating and why — essential knowledge for troubleshooting VXLAN fabrics, reading BGP EVPN tables, and understanding what NDFC automates underneath.
Each EVPN route is carried in BGP as an MP_REACH_NLRI attribute in the l2vpn evpn address family. The route type is encoded in the NLRI itself. On Cisco NX-OS you can inspect them with:
show bgp l2vpn evpn
show bgp l2vpn evpn route-type <1-5>
show bgp l2vpn evpn summary
Route Type 1 — Ethernet Auto-Discovery (EAD)
Purpose: Multi-homing and fast convergence
Route Type 1 is generated when a host or segment is connected to multiple VTEPs simultaneously (multi-homing). It’s used to signal the existence of an Ethernet Segment (ES) — a logical group of links connecting a host or CE device to multiple PE/VTEP devices.
Two Sub-Types
Type 1 per-ES (Ethernet Segment): Advertised by each VTEP that is part of a multi-homed Ethernet Segment. It signals “I am one of the VTEPs attached to ES identifier X.” Used for:
- ES discovery between VTEPs sharing the same segment
- Aliasing — allowing remote VTEPs to load-balance traffic across all VTEPs attached to the same ES
- Mass withdrawal — when a VTEP loses connectivity to a multi-homed segment, it withdraws this route, triggering fast failover on all remote VTEPs without waiting for MAC/IP route timeouts
Type 1 per-EVI (Ethernet VPN Instance): More granular than per-ES. Advertised per-ES per-VNI. Used for split-horizon filtering in multi-homed scenarios to prevent traffic loops.
What It Contains
- Ethernet Segment Identifier (ESI): A 10-byte value uniquely identifying the Ethernet Segment
- Ethernet Tag ID: VNI or VLAN association
- MPLS/VNI label
- Route Distinguisher (RD)
When You See It
In a typical single-homed VXLAN fabric (each host connects to one leaf only), Type 1 routes are rarely seen. They appear in designs where:
- vPC pairs act as dual-homed VTEPs for the same host
- CE devices connect to multiple PE devices (service provider multi-homing)
- Anycast BGW designs in multi-site deployments
! Verify Type 1 routes
show bgp l2vpn evpn route-type 1
Route Type 2 — MAC/IP Advertisement
Purpose: Host MAC and IP address distribution — the most common route type in a VXLAN fabric
Route Type 2 is the workhorse of EVPN. Every time a VTEP learns a host’s MAC address (and optionally its IP address), it advertises a Type 2 route. Remote VTEPs receive this route and install the mapping: MAC/IP → VTEP loopback address. This is what eliminates flood-and-learn and enables ARP suppression.
Two Variants
MAC-only Type 2: Advertises just the MAC address. Used for pure Layer 2 forwarding.
MAC+IP Type 2: Advertises both the MAC address and associated IP address. This is the critical one for ARP suppression — when a remote VTEP knows both MAC and IP, it can respond to ARP requests locally without flooding.
What It Contains
- Ethernet Segment Identifier (ESI): Usually all zeros for single-homed hosts
- Ethernet Tag ID: VNI/VLAN
- MAC Address Length + MAC Address: The host’s MAC (always present)
- IP Address Length + IP Address: The host’s IP (optional — 0 if MAC-only)
- MPLS Label 1: L2 VNI (Layer 2 forwarding label)
- MPLS Label 2: L3 VNI (optional — present when IP is included, enables inter-subnet routing)
- Route Distinguisher (RD)
- Route Target (RT) Extended Community
Route Target Import/Export
Route Targets control which VTEPs install which Type 2 routes. A VTEP only installs a Type 2 route if the route’s RT matches one of its import RTs. This is how multi-tenancy is enforced — Tenant A’s VTEPs only import Tenant A’s routes.
! Auto-derived route targets on NX-OS
evpn
vni 10010 l2
rd auto
route-target import auto
route-target export auto
Reading a Type 2 Route
show bgp l2vpn evpn route-type 2 0 aabb.cc00.0100 10.1.1.10
BGP routing table entry for [2]:[0]:[48]:[aabb.cc00.0100]:[32]:[10.1.1.10]/272
Route Distinguisher: 10.0.0.1:10010
BGP routing table version is 42
Local BP Identifier is 10.0.0.1
Path type: internal, path is valid, is best path
AS-Path: NONE, path sourced internal to AS
10.0.0.1 (metric 0) from 10.0.0.101 (10.0.0.101)
Origin IGP, MED not set, localpref 100, weight 0
Received label 10010 50000
Extcommunity: RT:65000:10010 RT:65000:50000 ENCAP:8
The two labels 10010 50000 are the L2 VNI and L3 VNI respectively. ENCAP:8 indicates VXLAN encapsulation.
Route Type 3 — Inclusive Multicast Ethernet Tag (IMET)
Purpose: BUM (Broadcast, Unknown Unicast, Multicast) traffic replication
Route Type 3 is how VTEPs discover each other and set up BUM traffic replication without configuring multicast. When a VTEP wants to participate in a VNI’s BUM traffic, it advertises a Type 3 route for that VNI. Remote VTEPs receive this route and add the advertising VTEP to their ingress replication list — the list of VTEPs to which BUM traffic for that VNI should be sent.
This is what enables ingress replication mode — the alternative to multicast for BUM traffic. Instead of sending one multicast packet that replicates at the network level, the ingress VTEP sends individual unicast VXLAN packets to each VTEP on its replication list.
What It Contains
- Ethernet Tag ID: VNI/VLAN
- IP Address Length + Originating Router’s IP Address: The advertising VTEP’s loopback — other VTEPs use this as the destination for ingress-replicated BUM traffic
- PMSI Tunnel Attribute: Specifies the BUM replication method (ingress replication, multicast group, etc.)
- Route Distinguisher (RD)
- Route Target (RT)
Ingress Replication vs Multicast
Route Type 3 carries a PMSI (Provider Multicast Service Interface) Tunnel Attribute that indicates the replication method:
| PMSI Tunnel Type | Meaning |
|---|---|
| Type 6 (Ingress Replication) | VTEPs unicast BUM traffic to each peer VTEP |
| Type 3 (PIM-SSM Tree) | Multicast used for BUM replication |
| Type 7 (mLDP P2MP LSP) | MPLS multicast (not common in DC) |
Cisco’s recommended approach for most data center deployments is ingress replication (Type 6), which eliminates the multicast requirement in the underlay. Multicast is used when BUM traffic volume is very high and the overhead of sending multiple unicast copies becomes a concern.
! Configure ingress replication on NVE interface
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 10010
ingress-replication protocol bgp
Reading a Type 3 Route
show bgp l2vpn evpn route-type 3
Network Next Hop Metric LocPref Weight Path
[3]:[0]:[32]:[10.0.0.2] 0
10.0.0.2 0 100 0 i
[3]:[0]:[32]:[10.0.0.3]
10.0.0.3 0 100 0 i
Each entry represents a remote VTEP participating in this VNI. These are the addresses the local VTEP will unicast BUM traffic to.
Route Type 4 — Ethernet Segment Route
Purpose: Designated Forwarder (DF) election for multi-homed segments
Route Type 4 is closely related to Type 1 and is used exclusively in multi-homing scenarios. When multiple VTEPs share the same Ethernet Segment (e.g., a vPC pair connected to the same host), one VTEP must be elected as the Designated Forwarder (DF) for BUM traffic on that segment. Having multiple VTEPs flood BUM traffic into the same segment would create duplicate frames.
Route Type 4 carries Ethernet Segment information and is used by VTEPs sharing the same ES to discover each other and perform DF election. The DF election is based on a hash of the Ethernet Segment Identifier and VNI, ensuring deterministic and load-balanced assignment.
What It Contains
- Ethernet Segment Identifier (ESI): The 10-byte ES identifier
- IP Address of Originating Router: Used to identify the advertising VTEP
- Route Distinguisher (RD)
Practical Relevance
Route Type 4 is primarily relevant in:
- vPC VTEP designs where two leaf switches act as a vPC pair and both connect to the same host
- Anycast BGW configurations in VXLAN multi-site deployments
- ESI-LAG configurations where a CE device is multi-homed to two or more PE/VTEP devices
In a standard single-homed fabric with each host connecting to exactly one leaf, Type 4 routes are generally not present.
! Verify DF election status
show nve ethernet-segment
show bgp l2vpn evpn route-type 4
Route Type 5 — IP Prefix Route
Purpose: External routing — advertising IP prefixes into and out of the EVPN fabric
Route Type 5 is defined in RFC 8365 and is the mechanism for advertising IP prefix routes (rather than host /32 or /128 routes) within the EVPN fabric. It’s the bridge between the EVPN overlay and the external routing world.
Primary Use Cases
External prefix advertisement into the fabric: When external networks (internet, WAN, other data centers) need to be reachable from within the VXLAN fabric, border leaf switches advertise these external prefixes as Type 5 routes. Internal VTEPs install these routes pointing to the border leaf’s L3 VNI, allowing tenant traffic to be routed to the border leaf and then out to the external network.
Subnet advertisement across fabric: When a subnet is locally attached to a leaf, that leaf can advertise the subnet itself as a Type 5 route in addition to the individual /32 Type 2 host routes. Remote VTEPs can install the Type 5 aggregate route and use it for routing to that subnet without needing individual host routes.
Multi-site and DCI routing: In VXLAN multi-site deployments, Border Gateway (BGW) devices re-originate Type 2 (host) routes as Type 5 (prefix) routes at site boundaries. This reduces the BGP table size at remote sites — instead of seeing individual host routes for every endpoint at a remote site, border devices see aggregated prefix routes.
What It Contains
- Ethernet Tag ID: Usually 0 in VXLAN deployments
- IP Prefix Length + IP Prefix: The actual IP prefix being advertised
- GW IP Address: The next-hop gateway IP for this prefix (used in some DCI scenarios)
- MPLS Label / VNI: The L3 VNI for the VRF this prefix belongs to
- Route Distinguisher (RD)
- Route Target (RT)
Reading a Type 5 Route
show bgp l2vpn evpn route-type 5
Network Next Hop Metric LocPref Weight Path
[5]:[0]:[24]:[192.168.100.0]
10.0.0.5 0 100 0 i
[5]:[0]:[0]:[0.0.0.0]
10.0.0.5 0 100 0 i
The second entry [5]:[0]:[0]:[0.0.0.0] is a default route being advertised into the VRF — commonly used when traffic should exit the fabric toward a border leaf or firewall.
Type 5 Configuration on NX-OS Border Leaf
! Redistribute external BGP routes into EVPN as Type 5
router bgp 65000
vrf TENANT-A
address-family ipv4 unicast
advertise l2vpn evpn ! Advertise routes learned in VRF as Type 5
redistribute static route-map EXTERNAL-ROUTES
redistribute bgp route-map UPSTREAM-ROUTES
How the Route Types Work Together
Here’s the complete picture of how all five route types interact in a running VXLAN EVPN fabric:
| Route Type | Plane | When Generated | Used For |
|---|---|---|---|
| Type 1 | Control | Multi-homed host connects | ES discovery, aliasing, fast failover |
| Type 2 | Control | Any host connects/moves | MAC/IP distribution, ARP suppression |
| Type 3 | Control | VTEP joins a VNI | BUM replication list building |
| Type 4 | Control | Multi-homed VTEPs negotiate | DF election for BUM on shared segments |
| Type 5 | Control | External routes imported | External prefix distribution, DCI |
A day in the life of a new host:
- Host A connects to Leaf 1 and sends its first frame
- Leaf 1 learns Host A’s MAC → generates Type 2 (MAC-only) advertisement
- If ARP reply observed, Leaf 1 updates with Host A’s IP → generates Type 2 (MAC+IP) advertisement
- Remote VTEPs (Leaf 2, Leaf 3) receive Type 2 and install:
Host A MAC/IP → Leaf 1 VTEP - Remote VTEPs can now answer ARP requests for Host A locally (ARP suppression)
- Type 3 routes (already present) ensure BUM traffic reaches all VTEPs in the VNI
- Host A’s subnet is advertised externally via border leaf as Type 5
- If Host A is on a vPC pair, Type 1 and Type 4 handle multi-homing and DF election
Troubleshooting with Route Types on Cisco NX-OS
# Show all EVPN routes
show bgp l2vpn evpn
# Filter by route type
show bgp l2vpn evpn route-type 2 0 <mac-address> <ip-address>
show bgp l2vpn evpn route-type 3
show bgp l2vpn evpn route-type 5
# Check what a specific VTEP is advertising
show bgp l2vpn evpn neighbors <vtep-ip> routes
# Verify VTEP NVE state
show nve peers
show nve vni
show nve interface nve1 detail
# Check EVPN MAC table
show l2route evpn mac all
show l2route evpn mac-ip all
# Verify ARP suppression table
show ip arp suppression-cache detail
Understanding which route type is missing or misbehaving is the fastest path to diagnosing VXLAN EVPN issues. Type 2 missing → MAC/IP not being advertised, check NVE config and BGP adjacency. Type 3 missing → VTEP not joining the VNI’s replication list, check member VNI config. Type 5 missing → external routes not being redistributed, check route-map and BGP VRF config.
