The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to configure the Virtual Extensible Local Area Network (VXLAN).
This chapter includes the following topics:
•Verifying VXLAN Configuration
For detailed information about VXLAN, see Chapter 1 "Overview".
VXLAN has the following prerequisites:
•The Cisco Nexus 1000V uplink port profiles and all interconnecting switches/routers in between the ESX hosts must have their supported MTU set to at least 50 bytes larger than the MTU of the VMs. For example, the VMs default to using a 1500 byte MTU (same as the uplinks and physical devices), so in this case they must be set to at least 1550 bytes. If this isn't possible, then all VM's VNICs should have their MTU lowered to be 50 bytes smaller than what the physical network supports, for example 1450 bytes. For more information, see the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1).
•If the Cisco Nexus 1000V is using a port channel for its uplinks, then the load distribution algorithm should be set to use a 5-tuple hash (IP/L4/L4 Ports). The same should be used for any port channels on the physical switches. For more information, see the Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV1(5.1).
•If VEMs requiring VXLAN connectivity are separated by a router
–Proxy ARP must be enabled on the SVIs connected to the Cisco Nexus 1000V's VXLAN transport VLANs (the ones the "capability vxlan" port profiles are connected to).
–Multicast routing must be enabled on the routers.
•VXLAN makes use of MAC in IP (UDP) with a destination port of 8472. You must allow this through any firewall.
•Your upstream switch, from the VEMs of the Cisco Nexus 1000V, needs to provide an IGMP querier function.
Table 2-1 lists the default settings for VXLAN parameters.
|
|
---|---|
VXLAN |
Disabled |
This section includes the following topics:
•Creating a Port Profile Configured to Use a VXLAN
To enable a VXLAN, you must to perform the following two procedures when first configuring VXLAN.
•Configuring vmknics for VXLAN Encapsulation
You can configure vmknics for VXLAN encapsulation by running the following procedure.
•Identify a VLAN to be used for transporting VXLAN encapsulated traffic.
•Ensure it is configured on the uplink port profile for all VEMs on which VXLAN can be configured.
1. configure terminal
2. port-profile profilename
3. vmware port-group name
4. switchport mode access
5. switchport access vlan id
6. capability vxlan
7. no shutdown
8. state enabled
9. show port-profile name profilename
10. copy running-config startup-config
•The vSphere administrator must create a new vmknic on each ESX/ESXi host and assign the previously created port profile to this vmknic.
You can enable VXLANs by performing the following procedure.
•Enter the show system vem feature level command to confirm that the feature level is 4.2(1)SV1(5.1) or later. If the feature level is not 4.2(1)SV1(5.1) or later, see the Cisco Nexus 1000V Software Upgrade Guide, Release 4.2(1)SV1(5.1).
1. configure terminal
2. feature segmentation
3. show feature | grep segmentation
4. show processes | grep seg_bd
5. copy running-config startup-config
The following example shows enabling the segmentation feature.
n1000v# configure terminal
n1000V(config)# feature segmentation
n1000v(config)# show feature | grep segmentation
network-segmentation 1 disabled
segmentation 1 enabled
n1000v(config)# show processes | grep seg_bd
4166 S b7de9468 1 - seg_bd
n1000v(config)# copy running-config startup-config
You can create a VXLAN by running the following procedure.
•You are limited to creating a combination of 2048 VXLANs and VLANs.
1. configure terminal
2. bridge-domain name-string
3. segment id [number]
4. group ipaddr
5. show bridge-domain name-string
6. copy running-config startup-config
You can create a port profile that is configured to use a VXLAN.
•Alternatively, you can associate ports with a bridge domain by modifying the configuration of an existing vEthernet port profile to use VXLANs instead of VLANs. To do so, enter the switchport access bridge-domain name command on a profile with switchport mode access configured.
1. configure terminal
2. port-profile profilename
3. vmware port-group name
4. switchport mode access
5. switchport access bridge-domain name-string
6. no shutdown
7. state enabled
8. show port-profile name profilename
9. show running-config bridge-domain
10. copy running-config startup-config
You can remove ports from a VXLAN by executing the following procedure.
•Executing this procedure moves the ports to the default VLAN.
1. configure terminal
2. port-profile name
3. no switchport access bridge-domain
4. show port-profile usage
5. show bridge-domain name
6. copy running-config startup-config
You can delete a VXLAN domain by executing the following procedure.
•Deleting an existing bridge domain with ports on it moves all the ports to a down state. Traffic stops flowing.
1. configure terminal
2. no bridge-domain name-string
3. show bridge-domain
4. copy running-config startup-config
You can disable segmentation by executing the following procedure.
1. configure terminal
2. show bridge-domain
3. show running-config port-profile
4. port-profile name
5. no switchport access bridge-domain name-string
6. show port-profile usage
7. show bridge-domain name
8. no feature segmentation
9. show processes | grep seg_bd
10. copy running-config startup-config
|
|
|
---|---|---|
Step 1 |
configure terminal
Example: switch# configure terminal switch(config)# |
Enters global configuration mode. |
Step 2 |
show bridge-domain
Example: switch(config)# show bridge-domain switch(config)# |
Displays all bridge domains. Note You must identify all bridge domains with non-zero port counts. |
Step 3 |
show running-config port-profile
Example: switch(config)# show running port-profile |
Displays the running configuration for all port-profiles. Note You must use this command to identify which port profiles have bridge domains identified in Step 2 configured. |
Step 4 |
port-profile name
Example: switch(config)# port-profile tenant-profile switch(config-port-prof) |
Names the port profile and enters port profile configuration mode. If the port profile does not already exist, it is created using the following characteristics: •name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V. Note If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports. |
Step 5 |
no switchport access bridge-domain name-string
Example: switch(config-port-prof)# no switchport access bridge-domain tenant-red switch(config-port-prof) |
Removes the VXLAN bridge domain from this port profile. |
Step 6 |
show port-profile usage
Example: switch# show port-profile usage |
(Optional) Displays a list of interfaces that inherited a port profile. |
Step 7 |
show bridge-domain
Example: switch# show bridge-domain |
(Optional) Displays all bridge domains. |
Step 8 |
no feature segmentation
Example: switch(config)# no feature segmentation switch(config)# |
Removes the segmentation feature. |
Step 9 |
show processes | grep seg_bd
Example: switch(config)# show processes | grep seg_bd switch(config)# |
Displays the processes to determine that the segmentation feature is not running. |
Step 10 |
copy running-config startup-config
Example: switch# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
To display VXLAN configuration information, enter one of the following commands:
This example shows how to display if the VXLAN process is running.
switch (config)# show processes | grep seg_bd
- NR - 1 - seg_bd
This example shows how to display all bridge domains.
switch (config)# show bridge-domain
Bridge-domain tenant-red (2 port in all)
Segment ID: 5000 (manual/Active
Group IP: 239.1.1.1
- NR - 1 - seg_bd
This example shows how to display a short version of the interface table.
switch(config)# show interface brief
---------------------------------------------------------------------
Port VRF Status IP Address Speed MTU
--------------------------------------------------------------- mgmt 0 -- up 172.23.233.117 1000 1500
-------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
---------------------------------------------------------------------
Eth3/5 1 eth trunk up none 1000
---------------------------------------------------------------------
Vehternet VLAN Type Mode Status Reason Speed
---------------------------------------------------------------------
Veth1 -- virt access up none auto
Veth1 -- virt access up none auto
Veth1 100 virt access up none auto
---------------------------------------------------------------------
Port VRF Status IP Address Speed MTU
control0 -- up -- 1000 1500
switch#(config)#
This example shows how to display information about switchport interfaces.
switch#(config)# show int switchport
Name: Ethernet3/5
Switchport: Enabled
Switchport Monitor: Not enabled
Operational Mode: Trunk
Access Mode VLAN: 1 (default)
Trunking Native Mode: trunk
Trunking VLANs Enabled: 180-181,231-233,571-574
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs:
Operational private-vlan: none
ifindex 0x1c000000 swbd 4096
Name Vethernet1
Switchport: Enabled
Switchport Monitor: Not enabled
Operational Mode: access
Access Mode VLAN: 0 (none)
Access BD name: tenant-red
Trunking Native ModeVLAN: 1 (default)
Trunking VLANs Enabled: 1-3967,4048-4093
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs:
Operational private-vlan: none
For detailed information about the fields in the output from these commands, refer to the Cisco Nexus 1000V Command Reference, Release 4.2(1)SV1(5.1).
Table 2-2 lists the release history for this feature. Only features that were introduced or modified in Release 4.2(1)SV1(5.1) or a later release appear in the table.
|
|
|
---|---|---|
VXLAN |
4.2(1)SV1(5.1) |
Introduced the Virtual Extensible Local Area Network (VXLAN) feature. |