Two control planes for the VXLAN technology:
- Multicast control plane (flood and learn)
- MP-BGP EVPN control plane
Virtual Extensible Local Area Networks (VXLANs) allows to extend reachability of a VLAN within a data center over Layer 3.
Every VTEP with specific VXLAN and certain VNI will join the same multicast group. To learn remote MAC addresses, the VTEP will use conversational MAC address learning technique: learn only actively speaking MAC addresses.
note: Always Read Guidelines and Limitation for specific hardware
Cisco Nexus 5600 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x
- Set switching mode to store-and-forwarding
- IP unicast reachability between VTEPs
- PIM BIDIR reachability between VTEPs
- Enable features “vn-segment-vlan-based” and “nv overlay”
Store-and-forwarding
conf t
hardware ethernet store-and-fwd-switching
copy run start
reboot
IP unicast reachability between VTEPs
EIGRP as an example. The goal is just connectivity between Loopback interfaces:
feature eigrp
!
router eigrp 100
address-family ipv4 unicast
autonomous-system 100
router-id 1.1.1.1
interface Ethernet1/1
no switchport
ip address 172.16.12.1/30
ip router eigrp 100
no shutdown
interface Ethernet1/2
no switchport
ip address 172.16.13.1/24
ip router eigrp 100
no shutdown
interface loopback0
ip address 1.1.1.1/32
ip router eigrp 100
PIM BIDIR reachability between VTEPs
Configure PIM first, check that is working and than enable BIDIR. Configure PIM with rp-address 1.1.1.3 (NXOS3) on all Nexus devices:
conf t
feature pim
ip pim rp-address 1.1.1.3 group-list 224.0.0.0/4
interface loopback0
ip pim sparse-mode
interface Ethernet1/1
ip pim sparse-mode
interface Ethernet1/2
ip pim sparse-mode
How to check multicast receiving:
On one Leaf Nexus Loopback interface configure join-group:
NXOS1:
interface loopback0
ip igmp join-group 227.7.7.7
Check (*, 227.7.7.7 ) in the RP pim routes => receiver is ok:
How to check multicast sending:
On the second Leaf Nexus run “ping multicast 227.7.7.7 interface e1/1”
NXOS2# ping multicast 227.7.7.7 interface e1/1
PING 227.7.7.7 (227.7.7.7): 56 data bytes
64 bytes from 172.16.12.1: icmp\_seq=0 ttl=254 time=6.742 ms
64 bytes from 172.16.12.1: icmp\_seq=1 ttl=254 time=10.17 ms
64 bytes from 172.16.12.1: icmp\_seq=2 ttl=254 time=13.882 ms
64 bytes from 172.16.12.1: icmp\_seq=3 ttl=254 time=11.793 ms
64 bytes from 172.16.12.1: icmp\_seq=4 ttl=254 time=8.43 ms
--- 227.7.7.7 ping multicast statistics ---
5 packets transmitted,
From member 172.16.12.1: 5 packets received, 0.00% packet loss
--- in total, 1 group member responded ---
Check on the RP pim routes. There should be 2 entries: (*, 227.7.7.7 ) and for Leaf NXOS2 (172.16.12.2/32, 227.7.7.7/32) - (S,G) - sender is ok:
To enable bidirectional (PIM BIDIR) - configure switches with the following command (just add bidir):
ip pim rp-address 1.1.1.3 group-list 224.0.0.0/4 bidir
Do the same test with join-group 228.8.8.8 and on the rp there should be just one route with (*,G) => bidirectional is ok:
Why BIDIR? It will be used for BUM traffic (Broadcast, Unknown-Unicast and Multicast traffic) - like ARP
Enable features:
conf t
feature vn-segment-vlan-based
feature nv overlay
Mapping VLAN to VXLAN
conf t
vlan 10
vn-segment 101010
Create Network Virtualization Edge (VNE) interface
conf t
interface nve1
source-interface loopback0
member vni 101010
mcast-group 228.7.7.7
There is communication between SW5 and SW6 over VXLAN:
SW5#ping 10.10.10.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 14/15/16 ms
A Classic Remote VTEP Discovery from here:
- End station sends Address Resolution Protocol (ARP) packet for remote end station.
- Packet reaches to VTEP-A and since VTEP-A does not know about the VTEP-B, it encapsulates the packet inside VXLAN header. It puts the multicast IP address as the destination IP address. Since the same multicast address is used by all VTEPs, all joins the same multicast group.
- This packet reaches to all VTEP and is decapsulated, in this way remote VTEP learns about the other VTEP. Since the decapsulated VTEP has the VNID, it is forwarded in the VLAN that has the same VNID configured.
- Now, remote end sends the ARP reply packet and it reaches to VTEP-B, since now VTEP-B knows about VTEP-A it again encapsulates the orginal frame but now the destination IP address is of VTEP-B and it is the unicast IP address.
- ARP reply reaches to VTEP-A and now VTEP-A gets to know about VTEP-B it forms the neighbor relationship with VTEP-B.
BUM traffic
Verifications
show mac address-table
show nve peer
show nve vni