Category: Data Center

0

Cisco NX-OS: VXLAN and External Connectivity

By default: underlay – default VRF overlay – “tenant” VRF, hosts in VXLAN are isolated Border Leafs are used to connect the internal fabric to external networks. Not necessary a box, just configuration on the Leaf. It maintains the following routing control planes: MP-BGP L2VPN EVPN – inside VXLAN fabric “tenant” VRF BGP or IGP to external routes MP-BGP to BGP/IGP...

0

Cisco NX-OS: VXLAN – vPC – Anycast

VxLAN and vPC Anycast VTEP Problem with VXLAN and vPC: in a vPC both vPC peers duplicate EVPN MAC/IP routes to spine RRs with other attributes equal, one vPC peer is always preferred for dual attached hosts (based on the normal BGP Best path selection) Result: egress traffic from vPC Member is load-balanced, but return ingress traffic is polarized Solution: Anycast VTEP...

0

Cisco NX-OS: VXLAN Symmetric Routing

EVPN Integrated Routing and Bridging (IRB) has two options: Asymmetric IRB (increased ARP cache and CAM table sizes and control plane scaling issue) Symmetric IRB Symmetric IRB Ingress VTEP does both L2 and L3 lookup Egress VTEp does both L3 and L2 lookup => Bridge – Route – Route – Bridge L3 VNI should be configured on all VTEPS, L2 VNIs...

0

Cisco NX-OS: VXLAN Asymmetric Routing

EVPN Integrated Routing and Bridging (IRB) has two options: Asymmetric IRB Symmetric IRB Assymetric IRB Ingress VTEP does both L2 and L3 lookup Egress VTEP does L2 lookup only => Bridge – Route – Bridge Pros: “easy” to configure – just copy/paste. Identical config with the only difference in SVI IP addresses. Cons: on the way back, traffic will be reversed...

0

Cisco NX-OS: VXLAN BGP EVPN control plane

Two control planes for the VXLAN technology: Multicast control plane (flood-and learn) MP-BGP EVPN control plane MP-BGP EVPN is a standard-based VXLAN control protocol, that provides remote VTEP discovery and MAC/ARP learning. Ethernet Virtual Private Network (EVPN) reduces flooding in the network and resolves scalability concerns. MP-BGP is used to exchange information between VTEPs Devices might be MP-iBGP EVPN peers or...

0

Cisco NX-OS: VXLAN Multicast Control Plane

Two control planes for the VXLAN technology: Multicast control plane (flood and learn) MP-BGP EVPN control plane Virtual Extensible Local Area Networks (VXLANs) allows to extend reachability of a VLAN within a data center over Layer 3. Every VTEP with specific VXLAN and certain VNI will join the same multicast group. To learn remote MAC addresses, the VTEP will use conversational...

0

Cisco NS-OS: Virtual eXtensible LAN (VXLAN) Overview

VXLAN is a tunneling protocol that encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets. Why VXLAN: VLAN Scalability  – expands VLAN name space VLANs use 12 bit -4096 values VXLAN uses 24 bit – 16777216 values allows layer 2 multipathing no STP uses layer 3 ECMP over CLOS fabric (like FabricPath) allows for multi-tenancy separate of customer traffic over shared...

0

Cisco NX-OS: FabricPath (FP)

FabricPath (FP) is a L2 Routing = “MAC-in-MAC” Routing. FabricPath is Cisco proprietary and works in the same way as TRILL (Transparent Interconnection of Lots of Links) that is an IETF standard. FP: to remove STP from the topology vPC: only 2 switches FP: full mesh, partial mesh, triangle, square etc Components: Classical Ethernet (CE) regular ethernet with regular flooding, regular...

4

Cisco NX-OS: vPC & Failures

vPC Orphan Ports – Traffic from remote Orphan is allowed over Peer Link and exit via local Member– Traffic from remote Member is allowed over Peer Link and exit via local Orphan-Orphans ports should be avoided at all costs because PL is a bottleneck of the system Ideal: vPC Peers only have vPC Member Ports and all downstream devices are dual...

0

Cisco NX-OS: vPC & FHRP

FHRP acts as active/active forwarding over vPC: traffic received in vPC Member Port of FHRP Standby to FHRP Virtual MAC is not forwarded over Peer Link to Active FHRP – essentially HSRP Standby acts as HSRP Active peer-gateway allows to proxy not only virtual active MAC address but also to proxy physical primary MAC address (in case destination MAC address is...