More of Go I have already migrated some scripts from python to go, mostly with API. Decided to check how to SSH into network devices and run some commands. Of course, I used the well-known cisco always-on sandbox. note: using some code as a core and as an example (link in the comments Everything is pretty straightforward here: var ( User string = "developer" Password string = "C1sco12345" hosts = []string{"sandbox-iosxe-latest-1....
By default: underlay - default VRF overlay - “tenant” VRF, hosts in VXLAN are isolated Border Leafs are used to connect the internal fabric to external networks. Not necessary a box, just configuration on the Leaf. It maintains the following routing control planes: MP-BGP L2VPN EVPN - inside VXLAN fabric “tenant” VRF BGP or IGP to external routes MP-BGP to BGP/IGP redistribution Main consideration: Border Leaf maintains all /32 host routes for all VRFs, but we need...
VxLAN and vPC Anycast VTEP Problem with VXLAN and vPC: in a vPC both vPC peers duplicate EVPN MAC/IP routes to spine RRs with other attributes equal, one vPC peer is always preferred for dual attached hosts (based on the normal BGP Best path selection) Result: egress traffic from vPC Member is load-balanced, but return ingress traffic is polarized Solution: Anycast VTEP address - Loopback 0 ip address secondary, the same on both vPC peers:...
EVPN Integrated Routing and Bridging (IRB) has two options: Asymmetric IRB (increased ARP cache and CAM table sizes and control plane scaling issue) Symmetric IRB Symmetric IRB Ingress VTEP does both L2 and L3 lookup Egress VTEp does both L3 and L2 lookup => Bridge - Route - Route - Bridge L3 VNI should be configured on all VTEPS, L2 VNIs only where local ports exist N5K1 Configuration fabric forwarding anycast-gateway-mac 1234....
Today I’ve received a badge from Cisco. I made the finalist for the IT Blog Awards 2019 by Cisco in the Best Newcomer category! Discover all the awesome podcasts and resources. There are a lot of great blogs out there. To vote click here. Best Analysis - Does this blog provide insightful discussions? Houman Asefi How Does Internet Work mrnCCIEW Network Defense Blog The WLAN vMiss Wireless Nerd Best Cert Study Journey - Provides useful insights into the need-to-knows throughout a certification study journey....
EVPN Integrated Routing and Bridging (IRB) has two options: Asymmetric IRB Symmetric IRB Assymetric IRB Ingress VTEP does both L2 and L3 lookup Egress VTEP does L2 lookup only => Bridge - Route - Bridge Pros: “easy” to configure - just copy/paste. Identical config with the only difference in SVI IP addresses. Cons: on the way back, traffic will be reversed => all VXLANs need to be configured on all VTEPs => increased ARP cache and CAM table sizes and control plane scaling issue => not very efficient....
Two control planes for the VXLAN technology: Multicast control plane (flood-and learn) MP-BGP EVPN control plane MP-BGP EVPN is a standard-based VXLAN control protocol, that provides remote VTEP discovery and MAC/ARP learning. Ethernet Virtual Private Network (EVPN) reduces flooding in the network and resolves scalability concerns. MP-BGP is used to exchange information between VTEPs Devices might be MP-iBGP EVPN peers or route reflectors, or MP External BGP (MP-eBGP) EVPN peers....
Two control planes for the VXLAN technology: Multicast control plane (flood and learn) MP-BGP EVPN control plane Virtual Extensible Local Area Networks (VXLANs) allows to extend reachability of a VLAN within a data center over Layer 3. Every VTEP with specific VXLAN and certain VNI will join the same multicast group. To learn remote MAC addresses, the VTEP will use conversational MAC address learning technique: learn only actively speaking MAC addresses....
VXLAN is a tunneling protocol that encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets. Why VXLAN: VLAN Scalability - expands VLAN name space VLANs use 12 bit -4096 values VXLAN uses 24 bit - 16777216 values allows layer 2 multipathing no STP uses layer 3 ECMP over CLOS fabric (like FabricPath) allows for multi-tenancy separate of customer traffic over shared underlay fabric allows for overlapping layer 2 and layer 3 addresses (VLANs and IP are locally significant - could be VLAN 10 in one DC and VLAN20 in another DC, as long as the same subnet and VXLAN) CE - only one port is active vPC - can not scale out, only 2 distribution switches FabricPath - L2 only and there is no active control plane (legacy now, because of VXLAN) VXLAN - optimize the control plane (don’t send broadcast everywhere, not learning every possible MAC addresses) VXLAN Terminology Underlay Network - provides transport for VXLAN OSPF/EIGRP/IS-IS router fabric Overlay Network - uses the service provided by VXLAN VXLAN - Virtual eXtensivle LAN VNI / VNID - VXLAN Network Identifier (replaces the VLAN ID) VTEP - VXLAN Tunnel End Point box that performs VXLAN encap/decap hardware or software (Nexus 5600, N7K-M3, Nexus 1000v) VXLAN Segment - the resulting L2 overlay network VXLAN Gateway - device that forwars traffic between VXLANs NVE - Network Virtualization Edge logical representation of the VTEP NVE is the tunnel interface VXLAN Encapsulation VXLAN over UDP over IP Basic VXLAN Workflow Receive ARP from local host Find the remote VTEP multicast flood and learn ingress replication MP-BGP L2VPN EVPN Unicast encap frame to the VTEP throw away the VLAN replace it with the VNID
FabricPath (FP) is a L2 Routing = “MAC-in-MAC” Routing. FabricPath is Cisco proprietary and works in the same way as TRILL (Transparent Interconnection of Lots of Links) that is an IETF standard. FP: to remove STP from the topology vPC: only 2 switches FP: full mesh, partial mesh, triangle, square etc Components: Classical Ethernet (CE) regular ethernet with regular flooding, regular STP Leaf Switch connects CE domain to FP domain Spine Switch FP bacbone switch with all ports in the FP domain only FP Core Ports links on Leaf up to Spine or Spine to Spine ie the switchport mode fabricpath links CE Edge Ports links on Leaf connecting to regular CE domain ie NOT the switchport mode fabricpath links FabricPath Control Plane IS-IS for L2 Routing Goal is to compute SPT (Shortest Path Tree) between all FabricPath nodes Why IS-IS?...