Sun Ethernet Fabric Operating System VXLAN Administration Guide
Part No: E60924-02
August 2015
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.
Documentation
Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Copyright © 2015, Oracle et/ou ses affiliés. Tous droits réservés.
Ce logiciel et la documentation qui l'accompagne sont protégés par les lois sur la propriété intellectuelle. Ils sont concédés sous licence et soumis à des restrictions d'utilisation et de divulgation. Sauf stipulation expresse de votre contrat de licence ou de la loi, vous ne pouvez pas copier, reproduire, traduire, diffuser, modifier, breveter, transmettre, distribuer, exposer, exécuter, publier ou afficher le logiciel, même partiellement, sous quelque forme et par quelque procédé que ce soit. Par ailleurs, il est interdit de procéder à toute ingénierie inverse du logiciel, de le désassembler ou de le décompiler, excepté à des fins d'interopérabilité avec des logiciels tiers ou tel que prescrit par la loi.
Les informations fournies dans ce document sont susceptibles de modification sans préavis. Par ailleurs, Oracle Corporation ne garantit pas qu'elles soient exemptes d'erreurs et vous invite, le cas échéant, à lui en faire part par écrit.
Si ce logiciel, ou la documentation qui l'accompagne, est concédé sous licence au Gouvernement des Etats-Unis, ou à toute entité qui délivre la licence de ce logiciel ou l'utilise pour le compte du Gouvernement des Etats-Unis, la notice suivante s'applique:
U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
Ce logiciel ou matériel a été développé pour un usage général dans le cadre d'applications de gestion des informations. Ce logiciel ou matériel n'est pas conçu ni n'est destiné à être utilisé dans des applications à risque, notamment dans des applications pouvant causer des dommages corporels. Si vous utilisez ce logiciel ou matériel dans le cadre d'applications dangereuses, il est de votre responsabilité de prendre toutes les mesures de secours, de sauvegarde, de redondance et autres mesures nécessaires à son utilisation dans des conditions optimales de sécurité. Oracle Corporation et ses affiliés déclinent toute responsabilité quant aux dommages causés par l'utilisation de ce logiciel ou matériel pour ce type d'applications.
Oracle et Java sont des marques déposées d'Oracle Corporation et/ou de ses affiliés. Tout autre nom mentionné peut correspondre à des marques appartenant à d'autres propriétaires qu'Oracle.
Intel et Intel Xeon sont des marques ou des marques déposées d'Intel Corporation. Toutes les marques SPARC sont utilisées sous licence et sont des marques ou des marques déposées de SPARC International, Inc. AMD, Opteron, le logo AMD et le logo AMD Opteron sont des marques ou des marques déposées d'Advanced Micro Devices. UNIX est une marque déposée d'The Open Group.
Ce logiciel ou matériel et la documentation qui l'accompagne peuvent fournir des informations ou des liens donnant accès à des contenus, des produits et des services émanant de tiers. Oracle Corporation et ses affiliés déclinent toute responsabilité ou garantie expresse quant aux contenus, produits ou services émanant de tiers, sauf mention contraire stipulée dans un contrat entre vous et Oracle. En aucun cas, Oracle Corporation et ses affiliés ne sauraient être tenus pour responsables des pertes subies, des coûts occasionnés ou des dommages causés par l'accès à des contenus, produits ou services tiers, ou à leur utilisation, sauf mention contraire stipulée dans un contrat entre vous et Oracle.
Accessibilité de la
documentation
Pour plus d'informations sur l'engagement d'Oracle pour l'accessibilité à la documentation, visitez le site Web Oracle Accessibility Program, à l'adresse http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Accès au support
électronique
Les clients Oracle qui ont souscrit un contrat de support ont accès au support électronique via My Oracle Support. Pour plus d'informations, visitez le site http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info ou le site http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs si vous êtes malentendant.
Static and
Ingress Replica Case Topology Example.
Configure
the VXLAN Trace Option
Configure a
Source VTEP IP Address for VXLAN
Configure
Ingress Replica (CLI)
Configure
VXLAN Multicast (CLI)
Configure
VXLAN for Static and Ingress Replica Case Topology
Configure
VXLAN Dynamic Case Topology
Ingress Replica VXLAN Configuration
Configure
Static Unicast-Based VXLAN (Script)
Configure Dynamic
Multicast-Based VXLAN (Script)
Configure
the Middle Router (Script)
Configure
Ingress Replication (Script)
● Overview – Provides information about the VXLAN feature and how to configure VXLAN
● Audience – Users implementing VXLAN protocol with other protocols in the router stack
● Required knowledge – Working knowledge of the protocol
Product Documentation Library
Documentation and resources for this product and related products are available at http://www.oracle.com/goto/es2-72_es2-64/docs.
Acronyms and Abbreviations
Terms |
Explanation |
BGP |
Border Gateway Protocol |
CLI |
Command-line interface |
IGMP |
Internet Group Management Protocol |
IP |
Internet Protocol |
NVE |
Network virtualization edge |
OSPF |
Open Shortest Path First |
PIM |
Protocol Independent Multicast |
SRC |
Show running configuration |
TOR |
Top of rack |
UDP |
User Datagram Protocol |
VM |
Virtual machine (end devices in local LAN
segment of VTEP) |
VNI |
VXLAN
network identifier (or VXLAN segment ID) |
VTEP |
VXLAN tunnel end point |
VXLAN |
Virtual extensible local area network |
CLI Command Modes
This table lists the various command modes used in this document with their access and exit methods.
Command Mode |
Access Method |
Prompt |
Exit Method |
User EXEC |
Initial mode for starting a session. |
SEFOS> |
Use the logout command to return
to the Oracle ILOM prompt. |
Privileged EXEC |
From User EXEC mode, use the enable command. |
SEFOS# |
Use the disable command to return
to the User EXEC mode. |
Global Configuration |
From Privileged EXEC mode, use the configure terminal command. |
SEFOS(config)# |
Use the exit or end command to exit to the Privileged EXEC
mode. |
Interface Configuration |
From Global Configuration mode, use the interface-type interface-id command. |
SEFOS(config-if)# |
Use the exit command to return
to Global Configuration mode, or use the end command to return to Privileged EXEC mode. |
VLAN Configuration |
From Global Configuration mode, use the vlan vlan-id command. |
SEFOS(config-vlan)# |
Use the exit command to return
to Global Configuration mode, or use the end command to return to Privileged EXEC mode. |
Provide feedback about this documentation at http://www.oracle.com/goto/docfeedback.
VXLAN is a Layer 2 overlay scheme over a Layer 3 network, and addresses the requirements of Layer 2 and Layer 3 data center network infrastructure in the presence of VMs in a multitenant environment.
VXLAN transports MAC frames generated by VMs in isolated Layer 2 networks over an IP network.
VXLAN enables Layer 2 communication of VMs across servers in a data center and across data centers. Across datacenters, VMs that are required to be in a separate domain are grouped as a VXLAN segment identified by unique VXLAN identifier (VNI). The overlay network is formed over Layer 3 network for communication between VMs in a segment.
VXLAN gateway functionality connects VXLAN-aware network devices to VXLAN-unaware network devices. For example, to connect natively VXLAN-aware servers with VMs to VXLAN-unaware servers with virtual machines (VMs) and targets, VXLAN gateway functionality is required.
VMs have the following MAC addresses:
● VM1 – 00:01:02:03:04:01
● VM2 – 00:01:02:03:04:04
VTEPs are connected back-to-back (directly) in this topology, which is used for VXLAN static and ingress replica functionality verification.
A route to the physical interface of the next VTEP need not be added in a VTEP, because the interfaces are directly connected in the same network.
Static
Unicast
Static Unicast VXLAN configurations on VTEP1 and VTEP2
Ingress-Replica-Unknown
Unicast
Ingress replica VXLAN configurations on VTEP1 and VTEP2
Note: If the loopback IP of VTEP2 is used as remote VTEP-IP in VTEP1, then the route (static) to that loopback must be configured in VTEP1 for reachability.
VMs have the following MAC addresses:
●
VM1 – 00:01:02:03:04:01
●
VM2 – 00:04:02:03:04:01
VTEPs are connected through an additional router in the middle. VTEP1 should have the route to VTEP2 and vice versa. The connection is achieved by performing the following steps:
1.
Add static routes in VTEP1 and VTEP2.
a. Add IP route to VTEP2 in VTEP1 through the Middle-R.
b. Add IP route to VTEP1 in VTEP2 through the Middle-R.
2. Configure a routing protocol in the VTEPs. For example, iBGP, OSPF, or RIP.
In this document, iBGP routing protocol is used on all the routers to route packets between VTEP1 and VTEP2. This topology is used to verify the static and ingress replica functionality and dynamic VXLAN functionality.
1.
Static
(unicast) and ingress-replica (unknown-unicast)
● Routing protocol iBGP on all the three routers
● VXLAN configurations on VTEP1 and VTEP2
2. Dynamic multicast-based:
● Routing protocol iBGP on all the three routers
● VXLAN configurations on VTEP1 and VTEP2
● IGMP on three routers for joining and leaving the multicast group
● PIM protocol on middle router for forwarding the multicast packets
In real hardware boards, the ports can be extreme-ethernet (interface Ex 0/1) or XL-ethernet (interface xl 0/1) ports. Therefore, configurations must be changed according to the ports available in the board.
VXLAN must be enabled for all the VXLAN-related configurations. See Static and Ingress Replica Case Topology Example for the topology for this configuration.
1. To enable VXLAN, perform the following in VTEP1.
a. Enter Global Configuration mode.
SEFOS# configure terminal
b. Enable VXLAN.
SEFOS(config)# set vxlan enable
VXLAN is enabled in VTEP1.
c. Exit Global configuration mode.
SEFOS(config)# end
2. View the status of VXLAN.
SEFOS# show running-config vxlan
…
set vxlan enable
…
The following configuration sets the UDP port number for VXLAN. By default, 4789 is set as the UDP port number. VXLAN must be configured in VTEP1 before configuring UDP. See Static and Ingress Replica Case Topology Example for the topology for this configuration.
1. To configure the UDP ports, perform the following in VTEP1.
a. Enter Global Configuration mode.
SEFOS# configure terminal
b. Set
the VXLAN UDP port number.
SEFOS(config)# vxlan udp-port 5566
VXLAN UDP port number is set as 5566.
c. Exit Global Configuration mode.
SEFOS(config)# end
2. View the VXLAN UDP port number.
SEFOS# show vxlan udp-port
Udp Port Number: 5566
The following configuration sets the VXLAN debug trace option. VXLAN must be configured in VTEP1 before configuring UDP. See Static and Ingress Replica Case Topology Example for the topology for this configuration.
1. In VTEP1, set the debugging trace option for VXLAN.
SEFOS# debug vxlan critical
VXLAN has the following debug trace options:
● all
●
critical
●
entry-exit
●
failures
●
memory
●
mgmt
●
pkt
●
utilities
2. View the VXLAN debugging trace options.
SEFOS# show running-config vxlan
…
debug vxlan critical
…
1. Enter Global Configuration mode in VTEP1.
SEFOS# configure terminal
2. Create
an NVE interface.
SEFOS(config)# interface nve 1
A VXLAN interface is created.
3. Exit Interface Configuration mode.
SEFOS(config-if)# no shutdown
4. Exit Global Configuration mode.
SEFOS(config)# end
This VXLAN configuration sets the IPv4 source VTEP IP addresses for VTEP. The IP address is used as a source IP in a VXLAN packet and is configured in the following two ways:
● Physical interface IP as source VTEP IP – For example: source-interface vtep-ipv4 10.0.0.1
● Loopback interface IP as source VTEP IP – For example: source-interface loopback 0
See Static and Ingress Replica Case Topology Example for the topology for this configuration.
1. Type the following commands in VTEP1.
a. Enter Global Configuration mode.
SEFOS# configure terminal
b. Create
an NVE interface.
SEFOS(config)# interface nve 1
A VXLAN interface is created.
c.
Set the source
VTEP IP address in one of the following ways:
● SEFOS(config-if)# source-interface vtep-ipv4 10.0.0.1
● SEFOS(config-if)#
source-interface loopback 0
d. Make the NVE interface UP.
SEFOS(config-if)# no shutdown
e. Exit Global Configuration mode.
SEFOS(config)# end
2. View the VTEP source IP.
The physical interface IP is configured as source VTEP-IP:
SEFOS# show vxlan nve interface nve 1
NVE interface information
--------------------------------------
Interface: nve 1, State:UP, encapsulation:VXLAN
source-interface:10.0.0.1
The loopback interface IP is configured as source VTEP-IP:
SEFOS# show vxlan nve interface nve 1
NVE interface information
--------------------------------------------------------
Interface: nve 1, State:UP, encapsulation:VXLAN
source-interface:loopback 0
Note: The physical interface or the loopback IP must be configured before configuring the source VTEP-IP.
Create this VXLAN configuration to map VLAN to VXLAN, and to clear the packets sent, received, or dropped counters. See Static and Ingress Replica Case Topology Example for the topology for this configuration.
1. Type the following commands.
SEFOS# configure terminal
SEFOS(config)# switch default
SEFOS(config)# vlan 100
SEFOS(config)# ports Ex 0/2 un Ex 0/2
SEFOS(config)# end
2. Type the following commands in VTEP1.
a. Enter Global Configuration mode.
SEFOS# configure terminal
b. Enter VLAN mode.
SEFOS(config)# vlan 100
c. Configure the VNI-VLAN mapping.
SEFOS(config-if)# member vni 5000
d. Clear the statistics counters of VXLAN.
SEFOS(config-if)# member vni 5000 clear-counters
e. Make the NVE interface UP.
SEFOS(config-if)# no shutdown
f. Exit Interface and Global Configuration mode.
SEFOS(config-if)# end
3. View the control plane statistics of packets sent, received, and dropped in VXLAN.
SEFOS# show vxlan vni 5000 statistics
VNI Statistics
------------------------------------------------------------
VNI VXLAN Pkt Sent Cnt VXLAN Pkt Received Cnt VXLAN Pkt Dropped Cnt
5000 0 0 0
Configure the IPv4 remote VTEP IP addresses in VTEP. You can configure remote VTEP before multicast or ingress replica – VNI configuration. If this is not configured, remote VTEP is learned internally when the first VXLAN packet is received by control plane. See Static and Ingress Replica Case Topology Example for the topology for this configuration.
Note: You must configure the source VTEP before configuring the remote VTEP IP address.
Perform initial configurations in VTEP1.
1. Enter Global Configuration mode.
SEFOS# configure terminal
2. Create an NVE interface.
SEFOS(config)# interface nve 1
3. Configure the NVE entry with the following values:
● VNI For example, 4096
● VTEP2-IP (loopback-IP or Interface-IP) as remote-VTEP-IP
● MAC address of VM2 as static-VM-MAC
SEFOS(config-if)# member vni 4096 remote-vtep-ipv4 2.2.2.2
4. Make the admin status of NVE interface UP.
SEFOS(config-if)# no shutdown
SEFOS(config-if)# end
Configure the remote VTEP IP address along with the VM MAC address in VTEP.
Note: You must configure the source VTEP before configuring the Remote VTEP IP address.
1. Enter Global Configuration mode.
SEFOS# configure terminal
2. Create an NVE interface.
SEFOS(config)# interface nve 1
3. Configure NVE entry with the following values:
● VNI — For example: 4096
● VTEP2-IP (loopback-IP or Interface-IP) as remote-VTEP-IP
● MAC address of VM2 as static-VM-MAC
SEFOS(config-if)# member vni 4096 static-vm-mac 00:01:02:03:04:01 remote-vtep-ipv4 2.2.2.2
4. Make the admin status of NVE interface UP.
SEFOS(config-if)# no shutdown
SEFOS(config-if)# end
5. View the VXLAN peers configured in VTEP1 using the following command.
SEFOS# show vxlan nve peers
VTEP Peers information
----------------------------------------------------------------
Interface Peer-IP VNI VM-MAC MAC-Type
nve 1 2.2.2.2 4096 00:01:02:03:04:01 Static
Configure the replication VTEP IP addresses in VTEP. See Static and Ingress Replica Case Topology Example for the topology for this configuration.
Note: You must configure the source VTEP before configuring the ingress replica remote VTEP IP.
1. Enter Global Configuration mode.
SEFOS# configure terminal
2. Create an NVE interface.
SEFOS(config)# interface nve 1
3. Configure NVE entry with the following values:
● VNI — For example: 4096
● VTEP2-IP (loopback-IP or Interface-IP) as remote-VTEP-IP in ingress replica
SEFOS(config-if)# member vni 4096 ingress-replication ipv4 2.2.2.2 3.3.3.3
Note: For dynamic remote VTEP learning, the following remote VTEP configuration is not required.
SEFOS(config-if)# member vni 4096 remote-vtep-ipv4 2.2.2.2.
4. Make the admin status of NVE interface UP.
SEFOS(config-if)# no shutdown
SEFOS(config-if)# end
5. View the ingress replica VXLAN peers configured in VTEP1.
SEFOS# sh vxlan nve
interfaces nve 1 detail
NVE interface information
--------------------------------------------------------------------
Interface: nve 1, State:UP, encapsulation:VXLAN
source-interface:loopback 0
VNI Ingress-Replica-VTEP-List
-------------------------------------------
4096 2.2.2.2, 3.3.3.3
Configure the multicast group IP Address in VTEP. See Dynamic Case Topology for the topology of this configuration.
Note: You must configure the source VTEP before configuring the multicast group IP.
1. Enter Global Configuration mode.
SEFOS# configure terminal
2. Create an NVE interface.
SEFOS(config)# interface nve 1
3. Configure multicast entry with the following values:
● VNI —For example: 4096
● Multicast group IP to be joined — For example: 224.0.11.11
SEFOS(config-if)# member vni 4096 multicast-group-ipv4 224.0.11.11
Note: For dynamic remote VTEP learning, the following remote VTEP configuration is not required.
SEFOS(config-if)# member vni 4096 remote-vtep-ipv4 2.2.2.2
4. Make the admin status of the NVE interface UP.
SEFOS(config-if)# no shutdown
SEFOS(config-if)# end
5. View the VXLAN multicast group configured in VTEP1.
SEFOS# show vxlan nve interfaces nve 1 detail
NVE interface information
----------------------------------------------------------------
Interface: nve e1, State:DOWN, encapsulation:VXLAN
source-interface:1.1.1.1
VNI Mcast VNI-State
4096 224.0.11.11 DOWN
1. Perform
initial configurations on VTEP1.
a. Configure loopback 0 with an IP address.
For example: 1.1.1.1
b. Configure VLAN-1000 and make it active.
This action connects to the other VTEP.
c. Configure the extreme-ethernet interface.
For example: Ex 0/1 as a member port of VLAN-1000.
d. Configure
the IP address to VLAN-1000.
For example: IP - 15.0.0.1 mask - 255.255.255.0
e. Configure VLAN-1000 and make it active.
This action connects to the host or VM.
f. Configure the extreme-ethernet interface.
For example: extreme-ethernet 0/2 as a member port of VLAN-100.
g. Add a static route to the remote-VTEP (for example: 2.2.2.2).
2. Perform initial configurations on VTEP2.
a. Configure loopback 0 with an IP address.
For example: 1.1.1.1
b. Configure VLAN-1000 and make it active.
This action connects to the other VTEP.
c. Configure the extreme-ethernet interface.
For example: Ex 0/1 as a member port of VLAN-1000.
d. Configure
the IP address to VLAN-1000.
For example: IP - 15.0.0.2 mask - 255.255.255.0
e. Configure VLAN-100 and make it active.
This action connects to the host or VM.
f. Configure the extreme-ethernet interface.
For
example: Ex 0/2 as a member port of VLAN-100
g. Add a static route to the remote-VTEP (for example: 1.1.1.1).
3. Perform VXLAN configurations for static and ingress replica in VTEP1.
a. Enter Global Configuration mode.
SEFOS# configure terminal
b. Enable the VXLAN feature.
SEFOS(config)# set vxlan enable
c. Create an NVE interface.
SEFOS(config)# interface nve 1
d. Configure the source-VTEP IP.
For example, with loopback 0
SEFOS(config-if)# source-interface loopback 0
e. Make the admin status of NVE interface UP.
SEFOS(config-if)# no shutdown
SEFOS(config-if)# end
f. Make the NVE interface a member port of VLAN-100 by configuring VLAN-VNI mapping.
SEFOS# configure terminal
SEFOS# vlan 100
SEFOS(config-if)# member vni 4096
SEFOS(config-if)# end
4. Perform VXLAN configurations for static and ingress replica in VTEP2.
a. Enter Global Configuration mode.
SEFOS# configure terminal
b. Enable the VXLAN feature.
SEFOS(config)# set vxlan enable
c. Create an NVE interface.
SEFOS(config)# interface nve 1
d. Configure the source-VTEP IP.
For example, with loopback 0.
SEFOS(config-if)# source-interface loopback 0
e. Make the admin status of NVE interface UP.
SEFOS(config-if)# no shutdown
SEFOS(config-if)# end
f. Make the NVE interface a member port of VLAN-100 by configuring VLAN-VNI mapping.
SEFOS# configure terminal
SEFOS# vlan 100
SEFOS(config-if)# member vni 4096
SEFOS(config-if)# end
5. Perform static VXLAN configuration in VTEP1.
a. Enter Global Configuration mode.
SEFOS# configure terminal
b. Create an NVE interface.
SEFOS(config)# interface nve 1
c. Configure NVE entry with the following values:
● VNI — For example: 4096
● VTEP2-IP (loopback-IP or Interface-IP) as remote-VTEP-IP
● MAC address of VM2 as static-VM-MAC
SEFOS(config-if)# member vni 4096 static-vm-mac 00:01:02:03:04:04 remote-vtep-ipv4 2.2.2.2
d. Exit global configuration mode.
SEFOS(config-if)# end
6. Perform static VXLAN configuration in VTEP2.
a. Enter Global Configuration mode.
SEFOS# configure terminal
b. Create an NVE interface.
SEFOS(config)# interface nve 1
c. Configure the NVE entry with the following values:
● VNI — For example: 4096
● VTEP1-IP (loopback-IP or Interface-IP) as remote-VTEP-IP
● MAC address of VM1 as static-VM-MAC
SEFOS(config-if)# member vni 4096 static-vm-mac 00:04:02:03:04:01 remote-vtep-ipv4 1.1.1.1
d. Exit Global Configuration mode.
SEFOS(config-if)# end
7. Perform ingress replica VXLAN configuration in VTEP1.
a. Enter Global Configuration mode.
SEFOS# configure terminal
b. Create an NVE interface.
SEFOS(config)# interface nve 1
c. Configure the NVE entry with the following values:
● VNI — For example: 4096
● VTEP2-IP(loopback-IP or Interface-IP) as remote-VTEP-IP in ingress replica
Note: For dynamic remote VTEP learning, the following remote VTEP configuration is not required.
SEFOS(config-if)# member vni 4096 remote-vtep-ipv4 2.2.2.2.
d. Exit Global Configuration mode.
SEFOS(config-if)# end
8. Perform ingress replica VXLAN configuration in VTEP2.
a. Enter Global Configuration mode.
SEFOS# configure terminal
b. Create an NVE interface.
SEFOS(config)# interface nve 1
c. Configure the NVE entry with the following values:
● VNI — For example: 4096
● VTEP2-IP(loopback-IP or Interface-IP) as remote-VTEP-IP in ingress replica
SEFOS(config-if)# member vni 4096 ingress-replication ipv4 1.1.1.1
Note: For dynamic remote VTEP learning, the following remote VTEP configuration is not required:
SEFOS(config-if)# member vni 4096 remote-vtep-ipv4 1.1.1.1
d. Exit Global Configuration mode.
SEFOS(config-if)# end
1.
Perform initial configurations on VTEP1.
a. Configure loopback 0 with an IP address.
For example: 1.1.1.1
b. Configure VLAN-1000 and make it active.
This action connects to the other VTEP.
c. Configure the extreme-ethernet interface.
For example: Ex 0/1 as a member port of VLAN-1000
d. Configure
IP address to VLAN-1000.
For example: IP - 15.0.0.1 mask - 255.255.255.0
e. Configure VLAN-1000 and make it active.
This action connects to the host or VM.
f. Configure the extreme-ethernet interface.
For example: Ex 0/2 as a member port of VLAN-100
g. Add a static route to the remote-VTEP (for example: 2.2.2.2).
2. Perform initial configurations on VTEP2.
a. Configure loopback 0 with an IP address.
For example: 2.2.2.2
b. Configure VLAN-2000 and make it active.
This action connects to the other VTEP.
c. Configure the extreme-ethernet interface.
For example: Ex 0/1 as a member port of VLAN-2000
d. Configure
IP address to VLAN-2000.
For example: IP - 16.0.0.1 mask - 255.255.255.0
e. Configure VLAN-100 and make it active.
This action connects to the host or VM.
f. Configure the extreme-ethernet interface.
For
example: Ex 0/2 as a member port of VLAN-100
3. Perform middle
router configurations.
a. Configure VLAN-1000 and make it active.
This action connects to VTEP1.
b. Configure the extreme-ethernet interface.
For example: Ex 0/1 as a member port of VLAN-1000
c. Configure
IP address to VLAN-1000.
For example: IP - 15.0.0.2 mask - 255.255.255.0
d. Configure VLAN-2000 and make it active.
This action connects to the host or VM.
e. Configure the extreme-ethernet interface.
For
example: Ex 0/2 as a member port of VLAN-2000
f. Configure
IP address to VLAN-2000.
For example: IP - 16.0.0.2 mask - 255.255.255.0
1. Perform BGP configurations on VTEP1.
You need to configure a routing protocol in the three routers to learn the routes between VTEPs. In this document, iBGP routing protocol with AS number 100 is used on all the routers to route packets between VTEP1 and VTEP2.
a. Configure BGP AS number.
For example: 100
b. Configure the middle router as the BGP neighbor.
2. Perform BGP configurations on VTEP2.
a. Configure the BGP AS number.
For example: 100
b. Configure the middle router as the BGP neighbor.
3. Perform middle router configurations.
a. Configure the BGP AS number.
For example: 100
b. Configure the two VTEPs as BGP neighbors.
Enable the IGMP protocol globally in VTEP routers and on interfaces connected to the PIM router, which is responsible for routing the multicast packets to destination VTEP. Through this interface, VTEPs joins the particular multicast group.
Configure the PIM multicast protocol in core routers. For example, in this case the middle router. Enable PIM globally and on interfaces through which VTEPs join the IGMP multicast group. You can configure PIM in three modes, sparse mode, dense mode, and bi-directional mode.
VXLAN is tested with sparse mode on boards and mentioned as PIM sparse mode configurations in this document.
1. Perform IGMP configurations on VTEP1.
a. Enable IGMP globally.
b. Enable IGMP on the interface that is connected to the middle router (PIM - enabled router).
2. Perform IGMP configurations on VTEP2.
a. Enable IGMP globally.
b. Enable IGMP on the interface that is connected to the middle router (PIM - enabled router).
3. Perform IGMP configurations on the middle router.
a. Enable IGMP globally.
b. Enable IGMP on interfaces through which VTEPs join the IGMP group.
4. Perform PIM configurations.
a. Enable PIM globally and configure the PIM component.
b. Enable PIM and configure PIM component on interfaces through which VTEPs join the IGMP group.
c. Configure PIM sparse mode.
d. Configure multicast group IDs range and rp-candidate.
For
example: rp-candidate rp-address 224.0.11.11 255.255.255.255
15.0.0.2
e. Configure the rp-candidate hold time.
For example: 200
For configuration steps, see Step 3 and Step 4 in Configure VXLAN for Static and Ingress Replica Case Topology.
For configuration steps, see Step 1, Step 2, Step 3, Step 4, Step 7, and Step 8 in Configure VXLAN for Static and Ingress Replica Case Topology.
For configuration steps, see Step 1, Step 2, Step 3, Step 4, Step 7, and Step 8 in Configure VXLAN for Static and Ingress Replica Case Topology.
See Configure VXLAN for Static and Ingress Replica Case Topology.
1. Perform multicast VXLAN configuration in VTEP1.
a. Enter Global Configuration mode.
SEFOS# configure terminal
b. Create an NVE interface.
SEFOS(config)# interface nve 1
c. Configure the multicast entry with the following values:
● VNI —For example: 4096
● Multicast group IP to be joined —For example: 224.0.11.11
SEFOS(config-if)# member vni 4096 multicast-group-ipv4 224.0.11.11
Note: For dynamic remote VTEP learning, the following remote VTEP configuration is not required.
SEFOS(config-if)# member vni 4096 remote-vtep-ipv4 2.2.2.2
d. Exit Global Configuration mode.
SEFOS(config-if)# end
2. Perform multicast VXLAN configuration in VTEP2.
a. Enter Global Configuration mode.
SEFOS# configure terminal
b. Create an NVE interface.
SEFOS(config)# interface nve 1
c. Configure the multicast entry with the following values:
● VNI — for example: 4096
● Multicast group IP to be joined — for example: 224.0.11.11
SEFOS(config-if)# member vni 4096 multicast-group-ipv4 224.0.11.11
Note: For dynamic remote VTEP learning, the following remote VTEP configuration is not required:
SEFOS(config-if)# member vni 4096 remote-vtep-ipv4 1.1.1.1
d. Exit Global Configuration mode.
SEFOS(config-if)# end
1. Configure static VXLAN on VTEP1.
configure
terminal
set
gvrp disable
set
gmrp disable
interface
vlan 1
sh
no
ip addr
end
configure
terminal
vlan
1
no
ports
end
configure
terminal
interface
loopback 0
ip
address 1.1.1.1 255.255.255.255
no
shu
end
configure
terminal
vlan
1000
ports
Ex 0/1 untagged Ex 0/1
vlan
active
end
configure
terminal
interface
Ex 0/1
sh
switchport
pvid 1000
no
sh
end
configure
terminal
interface
vlan 1000
ip
addr 15.0.0.1 255.255.255.0
no
sh
end
configure
terminal
vlan
100
port
add Ex 0/2 un Ex 0/2
exit
interface
Ex 0/2
switchport
pvid 100
no
shu
exit
configure
terminal
ip
route 1.1.1.1 255.255.255.255 15.0.0.2
end
configure
terminal
set
vxlan enable
end
configure
terminal
interface
nve 1
source-interface
loopback 0
no
sh
end
configure
terminal
interface
nve 1
member
vni 4096 static-vm-mac 00:04:02:03:04:01 remote-vtep-ipv4 2.2.2.2
end
configure
terminal
vlan
100
mem
vni 4096
end
2. Configure static VXLAN on VTEP2.
configure
terminal
set
gvrp disable
set
gmrp disable
interface
vlan 1
sh
no
ip addr
end
configure
terminal
vlan
1
no
ports
end
configure
terminal
interface
loopback 0
ip
address 2.2.2.2 255.255.255.255
no
shu
end
configure
terminal
vlan
1000
ports
Ex 0/1 untagged Ex 0/1
vlan
active
end
configure
terminal
interface
Ex 0/1
sh
switchport
pvid 1000
no
sh
end
configure
terminal
interface
vlan 1000
ip
addr 15.0.0.2 255.255.255.0
no
sh
end
configure
terminal
vlan
100
port
add Ex 0/2 un Ex 0/2
exit
interface
Ex 0/2
switchport
pvid 100
no
shu
exit
configure
terminal
ip
route 2.2.2.2 255.255.255.255 15.0.0.1
end
configure
terminal
set
vxlan enable
end
configure
terminal
interface
nve 1
source-interface
loopback 0
no
sh
end
configure
terminal
interface
nve 1
member
vni 4096 static-vm-mac 00:01:02:03:04:01 remote-vtep-ipv4 1.1.1.1
end
configure
terminal
vlan
100
mem
vni 4096
end
1. Configure dynamic VXLAN on VTEP1.
configure
terminal
set
gvrp disable
set
gmrp disable
set
ip igmp enable
interface
vlan 1
sh
no
ip addr
end
configure
terminal
vlan
1
no
ports
end
configure
terminal
interface
loopback 0
ip
address 1.1.1.1 255.255.255.255
no
shu
end
configure
terminal
vlan
1000
ports
Ex 0/1 untagged Ex 0/1
vlan
active
end
configure
terminal
interface
Ex 0/1
sh
switchport
pvid 1000
no
sh
end
configure
terminal
interface
vlan 1000
set
ip igmp enable
ip
addr 15.0.0.1 255.255.255.0
no
sh
end
configure
terminal
vlan
100
port
add Ex 0/2 un Ex 0/2
exit
interface
Ex 0/2
switchport
pvid 100
no
shu
exit
configure
terminal
router
bgp 100
redistribute
connected
neighbor
15.0.0.2 remote-as 100
neighbor
15.0.0.2 update-source 15.0.0.1
end
configure
terminal
set
vxlan enable
end
configure
terminal
interface
nve 1
source-interface
loopback 0
no
sh
end
configure
terminal
interface
nve 1
member
vni 4096 multicast-group-ipv4 224.0.11.11
end
configure
terminal
vlan
100
mem
vni 4096
end
2. Configure dynamic VXLAN on VTEP2.
configure
terminal
set
gvrp disable
set
gmrp disable
set
ip igmp enable
interface
vlan 1
sh
no
ip addr
end
configure
terminal
vlan
1
no
ports
end
configure
terminal
interface
loopback 0
ip
address 2.2.2.2 255.255.255.255
no
shu
end
configure
terminal
vlan
2000
ports
Ex 0/1 untagged Ex 0/1
vlan
active
end
configure
terminal
interface
Ex 0/1
sh
switchport
pvid 2000
no
sh
end
configure
terminal
interface
vlan 2000
set
ip igmp enable
ip
addr 16.0.0.1 255.255.255.0
no
sh
end
configure
terminal
vlan
100
port
add Ex 0/2 un Ex 0/2
exit
interface
Ex 0/2
switchport
pvid 100
no
shu
exit
configure
terminal
router
bgp 100
redistribute
connected
neighbor
16.0.0.2 remote-as 100
neighbor
16.0.0.2 update-source 16.0.0.1
end
configure
terminal
set
vxlan enable
end
configure
terminal
interface
nve 1
source-interface
loopback 0
no
sh
end
configure
terminal
interface
nve 1
member
vni 4096 multicast-group-ipv4 224.0.11.11
end
configure
terminal
vlan
100
mem
vni 4096
end
· Configure the middle router.
configure
terminal
set
gvrp disable
set
gmrp disable
set
ip igmp enable
sh
span
interface
vlan 1
sh
no
ip addr
end
configure
terminal
vlan
1
no
ports
end
configure
terminal
set
ip pim enable
ip
pim component 1
rp-candidate
holdtime 90
end
configure
terminal
vlan
1000
ports
Ex 0/1 untagged Ex 0/1
vlan
active
exit
vlan
2000
ports
Ex 0/2 untagged Ex 0/2
vlan
active
exit
end
configure
terminal
interface
Ex 0/1
sh
speed
10000
switchport
accep untagg
switchport
mode access
switchport
pvid 1000
no
sh
end
configure
terminal
interface
Ex 0/2
sh
speed
10000
switchport
accep untagg
switchport
mode access
switchport
pvid 2000
no
sh
end
configure
terminal
interface
vlan 2000
set
ip igmp enable
ip
addr 16..0.0.2 255.255.255.0
no
sh
ip
pim component 1
exit
interface
vlan 1000
set
ip igmp enable
ip
addr 15.0.0.2 255.255.255.0
no
sh
ip
pim component 1
ip
pim bsr-candidate 40
exit
interface
loopback 0
ip
addr 1.1.200.200 255.255.255.255
no
sh
end
configure
terminal
ip
pim component 1
set
mode sparse
rp-candidate
rp-address 224.0.11.11 255.255.255.255 15.0.0.2
rp-candidate
holdtim 200
end
configure
terminal
router
bgp 100
redistribute
connected
neighbor
16.0.0.1 remote-as 100
neighbor
16.0.0.1 update-source 16.0.0.2
neighbor
15.0.0.1 remote-as 100
neighbor
15.0.0.1 update-source 15.0.0.2
end
1. Configure ingress replication on VTEP1.
configure
terminal
set
gvrp disable
set gmrp disableinterface vlan 1
sh
no
ip addr
end
configure
terminal
vlan
1
no
ports
end
configure
terminal
interface
loopback 0
ip
address 1.1.1.1 255.255.255.255
no
shu
end
configure
terminal
vlan
1000
ports
Ex 0/1 untagged Ex 0/1
vlan
active
end
configure
terminal
interface
Ex 0/1
sh
switchport
pvid 1000
no
sh
end
configure
terminal
interface vlan 1000ip addr 15.0.0.1 255.255.255.0
no
sh
end
configure
terminal
vlan
100
port
add Ex 0/2 un Ex 0/2
exit
interface
Ex 0/2
switchport
pvid 100
no
shu
exit
configure
terminal
ip
route 1.1.1.1 255.255.255.255 15.0.0.2
end
configure
terminal
set
vxlan enable
end
configure
terminal
interface
nve 1
source-interface
loopback 0
no
sh
end
configure
terminal
interface
nve 1
member
vni 4096 ingress-replication ipv4 2.2.2.2
end
configure
terminal
vlan
100
mem
vni 4096
end
2. Configure ingress replication on VTEP2.
configure
terminal
set
gvrp disable
set gmrp disableinterface vlan 1
sh
no
ip addr
end
configure
terminal
vlan
1
no
ports
end
configure
terminal
interface
loopback 0
ip
address 2.2.2.2 255.255.255.255
no
shu
end
configure
terminal
vlan
1000
ports
Ex 0/1 untagged Ex 0/1
vlan
active
end
configure
terminal
interface
Ex 0/1
sh
switchport
pvid 1000
no
sh
end
configure
terminal
interface
vlan 1000ip addr 15.0.0.2 255.255.255.0
no
sh
end
configure
terminal
vlan
100
port
add Ex 0/2 un Ex 0/2
exit
interface
Ex 0/2
switchport
pvid 100
no
shu
exit
configure
terminal
ip
route 2.2.2.2 255.255.255.255 15.0.0.1
end
configure
terminal
set
vxlan enable
end
configure
terminal
interface
nve 1
source-interface
loopback 0
no
sh
end
configure
terminal
interface
nve 1
member
vni 4096 ingress-replication ipv4 1.1.1.1
end
configure
terminal
vlan
100
mem
vni 4096
end