VXLAN-EVPN in MikroTik - New Feature in RouterOS

Written By Wilmer Almazan

With the release of RouterOS v7.20beta2, MikroTik has officially entered the arena of modern data center networking by supporting EVPN (Ethernet VPN) over BGP. This marks a major milestone, enabling MikroTik to deliver scalable, Layer 2 overlays using VXLAN across IP networks.

In this blog post, I’ll walk you through the full configuration of EVPN with VXLAN using MikroTik routers in a classic Spine-Leaf topology, perfect for data center or lab environments. Whether you’re a network engineer, IT student, or MikroTik enthusiast, this guide will help you understand and implement this powerful feature.

📺Watch the full tutorial on YouTube — or keep reading to follow the entire step-by-step guide below.

What Is EVPN & Why It Matters

EVPN (defined in RFC 7432) is a control plane technology that uses BGP to distribute MAC address information across the network. Combined with VXLAN, which acts as a Layer 2 tunneling mechanism over Layer 3, you get a scalable, efficient way to extend Layer 2 services across your entire infrastructure.

Benefits:

  • Reduces Layer 2 flooding (no more constant broadcasts)

  • Learns MACs via BGP = smarter, more scalable

  • Seamless support for L2/L3 hybrid services

  • Multi-tenancy via VLAN segmentation

  • VM mobility and loop prevention

Lab Topology. VXLAN-EVPN in Mikrotik Routers

Topology Breakdown: Spine-Leaf with VXLAN EVPN

This setup reflects a typical data center fabric:

NETWORK DESIGN:

3 Leafs (Leaf1–Leaf3): Host servers, handle VLANs/VXLANs

2 Spines (Spine1–Spine2): Route reflectors, form BGP core

Servers: Connected to Leafs via VLANs (VLAN 100, VLAN 101)

Transport Network: Routed /30 IP links between Leafs and Spines

PROTOCOLS:

OSPF: Provides IGP underlay

BGP: iBGP used for EVPN control plane

VXLAN: Handles L2 encapsulation across IP fabric

IP & VLAN Plan:

Loopbacks: Used for iBGP peering

VLANs:

VLAN 100: 10.100.100.0/24

VLAN 101: 10.101.101.0/24

Anycast gateways: 10.100.100.1, 10.101.101.1

VNIs:

VNI 1000100 ↔ VLAN 100

VNI 1000101 ↔ VLAN 101

Download the Configuration Files

If you'd rather dive straight into the CLI, we've prepared sample configuration files for each router in the topology. These include:

  • Underlay (OSPF + IP addressing)

  • Loopback setup

  • iBGP with EVPN address family enabled

Spine1

#IP Addresses
/ip address
add address=10.1.1.1/30 interface=ether1 network=10.1.1.0
add address=10.1.2.1/30 interface=ether2 network=10.1.2.0
add address=10.1.3.1/30 interface=ether3 network=10.1.3.0
add address=10.255.255.1 interface=lo network=10.255.255.1

# OSPF
/routing ospf instance
add disabled=no name=ospf-ipv4 router-id=10.255.255.1
/routing ospf area
add disabled=no instance=ospf-ipv4 name=area0-ipv4
/routing ospf interface-template
add area=area0-ipv4 disabled=no interfaces=ether1,ether2,ether3 type=ptp
add area=area0-ipv4 disabled=no interfaces=lo passive


#BGP
/routing bgp instance
add as=65001 disabled=no name=evpn-bgp router-id=10.255.255.1
/routing bgp connection
add afi=evpn connect=yes disabled=no instance=evpn-bgp listen=yes local.address=\
    10.255.255.1 .role=ibgp-rr name=ibgp-leaf1 remote.address=10.254.254.1/32 .as=65001 \
    routing-table=main
add afi=evpn connect=yes disabled=no instance=evpn-bgp listen=yes local.address=\
    10.255.255.1 .role=ibgp-rr name=ibgp-leaf2 remote.address=10.254.254.2/32 .as=65001 \
    routing-table=main
add afi=evpn connect=yes disabled=no instance=evpn-bgp listen=yes local.address=\
    10.255.255.1 .role=ibgp-rr name=ibgp-leaf3 remote.address=10.254.254.3/32 .as=65001 \
    routing-table=main

Spine 2

#IP Addresses
/ip address
add address=10.2.1.1/30 interface=ether1 network=10.2.1.0
add address=10.2.2.1/30 interface=ether2 network=10.2.2.0
add address=10.2.3.1/30 interface=ether3 network=10.2.3.0
add address=10.255.255.2 interface=lo network=10.255.255.2

#OSPF
/routing ospf instance
add disabled=no name=ospf-ipv4 router-id=10.255.255.2
/routing ospf area
add disabled=no instance=ospf-ipv4 name=area0-ipv4
/routing ospf interface-template
add area=area0-ipv4 disabled=no interfaces=ether1,ether2,ether3 type=ptp
add area=area0-ipv4 disabled=no interfaces=lo passive

#BGP
/routing bgp instance
add as=65001 disabled=no name=evpn-bgp router-id=10.255.255.2
/routing bgp connection
add afi=evpn connect=yes disabled=no instance=evpn-bgp listen=yes local.address=\
    10.255.255.2 .role=ibgp-rr name=ibgp-leaf1 remote.address=10.254.254.1/32 .as=65001 \
    routing-table=main
add afi=evpn connect=yes disabled=no instance=evpn-bgp listen=yes local.address=\
    10.255.255.2 .role=ibgp-rr name=ibgp-leaf2 remote.address=10.254.254.2/32 .as=65001 \
    routing-table=main
add afi=evpn connect=yes disabled=no instance=evpn-bgp listen=yes local.address=\
    10.255.255.2 .role=ibgp-rr name=ibgp-leaf3 remote.address=10.254.254.3/32 .as=65001 \
    routing-table=main

Leaf 1

#IP Addresses
/ip address
add address=10.1.1.2/30 interface=ether1 network=10.1.1.0
add address=10.2.1.2/30 interface=ether2 network=10.2.1.0
add address=10.254.254.1 interface=lo network=10.254.254.1
add address=10.100.100.200/24 interface=vlan100 network=10.100.100.0

# OSPF
/routing ospf instance
add disabled=no name=ospf-ipv4 router-id=10.254.254.1
/routing ospf area
add disabled=no instance=ospf-ipv4 name=area0-ipv4
/routing ospf interface-template
add area=area0-ipv4 disabled=no interfaces=ether1,ether2 type=ptp
add area=area0-ipv4 disabled=no interfaces=lo passive

#BRIDGE
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether3 \
    pvid=100
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether4 \
    pvid=101

#VXLAN
/interface vxlan
add bridge=bridge1 bridge-pvid=100 dont-fragment=disabled learning=no local-address=\
    10.254.254.1 mac-address=66:63:84:0A:36:B0 name=vxlan1000100 vni=1000100
add bridge=bridge1 bridge-pvid=101 dont-fragment=disabled learning=no local-address=\
    10.254.254.1 mac-address=16:2C:C5:FD:EA:0D name=vxlan1000101 vni=1000101


#BGP
/routing bgp instance
add as=65001 disabled=no name=evpn-bgp router-id=10.254.254.1
/routing bgp connection
add afi=evpn connect=yes disabled=no instance=evpn-bgp listen=yes local.address=\
    10.254.254.1 .role=ibgp name=ibgp-spine1 remote.address=10.255.255.1/32 .as=65001
add afi=evpn connect=yes disabled=no instance=evpn-bgp listen=yes local.address=\
    10.254.254.1 .role=ibgp name=ibgp-spine2 remote.address=10.255.255.2/32 .as=65001 \
    routing-table=main

#EVPN
/routing bgp evpn
add export.route-targets=65001:1000100 import.route-targets=65001:1000100 instance=\
    evpn-bgp name=evpn-1000100 vni=1000100
add export.route-targets=65001:1000101 import.route-targets=65001:1000101 instance=\
    evpn-bgp name=evpn-1000101 vni=1000101

Leaf 2

#IP Addresses
/ip address
add address=10.1.2.2/30 interface=ether1 network=10.1.2.0
add address=10.2.2.2/30 interface=ether2 network=10.2.2.0
add address=10.254.254.2 interface=lo network=10.254.254.2


# OSPF
/routing ospf instance
add disabled=no name=ospf-ipv4 router-id=10.254.254.2
/routing ospf area
add disabled=no instance=ospf-ipv4 name=area0-ipv4
/routing ospf interface-template
add area=area0-ipv4 disabled=no interfaces=ether1,ether2 type=ptp
add area=area0-ipv4 disabled=no interfaces=lo passive

#BRIDGE
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether3 \
    pvid=100
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether4 \
    pvid=101

#VXLAN
/interface vxlan
add bridge=bridge1 bridge-pvid=100 dont-fragment=disabled learning=no local-address=\
    10.254.254.2  name=vxlan1000100 vni=1000100
add bridge=bridge1 bridge-pvid=101 dont-fragment=disabled learning=no local-address=\
    10.254.254.2  name=vxlan1000101 vni=1000101


#BGP
/routing bgp instance
add as=65001 disabled=no name=evpn-bgp router-id=10.254.254.2
/routing bgp connection
add afi=evpn connect=yes disabled=no instance=evpn-bgp listen=yes local.address=\
    10.254.254.2 .role=ibgp name=ibgp-spine1 remote.address=10.255.255.1/32 .as=65001
add afi=evpn connect=yes disabled=no instance=evpn-bgp listen=yes local.address=\
    10.254.254.2 .role=ibgp name=ibgp-spine2 remote.address=10.255.255.2/32 .as=65001 \
    routing-table=main

#EVPN
/routing bgp evpn
add export.route-targets=65001:1000100 import.route-targets=65001:1000100 instance=\
    evpn-bgp name=evpn-1000100 vni=1000100
add export.route-targets=65001:1000101 import.route-targets=65001:1000101 instance=\
    evpn-bgp name=evpn-1000101 vni=1000101

Leaf 3

#IP Addresses
/ip address
add address=10.1.3.2/30 interface=ether1 network=10.1.3.0
add address=10.2.3.2/30 interface=ether2 network=10.2.3.0
add address=10.254.254.3 interface=lo network=10.254.254.3

# OSPF
/routing ospf instance
add disabled=no name=ospf-ipv4 router-id=10.254.254.3
/routing ospf area
add disabled=no instance=ospf-ipv4 name=area0-ipv4
/routing ospf interface-template
add area=area0-ipv4 disabled=no interfaces=ether1,ether2 type=ptp
add area=area0-ipv4 disabled=no interfaces=lo passive

#BRIDGE
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether3 \
    pvid=100
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether4 \
    pvid=101

#VXLAN
/interface vxlan
add bridge=bridge1 bridge-pvid=100 dont-fragment=disabled learning=no local-address=\
    10.254.254.3  name=vxlan1000100 vni=1000100
add bridge=bridge1 bridge-pvid=101 dont-fragment=disabled learning=no local-address=\
    10.254.254.3 name=vxlan1000101 vni=1000101


#BGP
/routing bgp instance
add as=65001 disabled=no name=evpn-bgp router-id=10.254.254.3
/routing bgp connection
add afi=evpn connect=yes disabled=no instance=evpn-bgp listen=yes local.address=\
    10.254.254.3 .role=ibgp name=ibgp-spine1 remote.address=10.255.255.1/32 .as=65001
add afi=evpn connect=yes disabled=no instance=evpn-bgp listen=yes local.address=\
    10.254.254.3 .role=ibgp name=ibgp-spine2 remote.address=10.255.255.2/32 .as=65001 \
    routing-table=main

#EVPN
/routing bgp evpn
add export.route-targets=65001:1000100 import.route-targets=65001:1000100 instance=\
    evpn-bgp name=evpn-1000100 vni=1000100
add export.route-targets=65001:1000101 import.route-targets=65001:1000101 instance=\
    evpn-bgp name=evpn-1000101 vni=1000101
Wilmer Almazan