Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV2(1.1)
Configuring VXLAN
Downloads: This chapterpdf (PDF - 522.0KB) The complete bookPDF (PDF - 881.0KB) | The complete bookePub (ePub - 123.0KB) | Feedback

Configuring VXLAN

Configuring VXLAN

This chapter contains the following sections:

Information About VXLAN

Prerequisites for VXLAN

VXLAN has the following prerequisites:

  • The Cisco Nexus 1000V uplink port profiles and all interconnecting switches/routers in between the ESX hosts must have their supported MTU set to at least 50 bytes larger than the MTU of the VMs. For example, the VMs default to using a 1500 byte MTU (same as the uplinks and physical devices), so in this case they must be set to at least 1550 bytes. If this isn’t possible, then all VM’s VNICs should have their MTU lowered to be 50 bytes smaller than what the physical network supports, for example 1450 bytes. For more information, see the Cisco Nexus 1000V Port Profile Configuration Guide.
  • If the Cisco Nexus 1000V is using a port channel for its uplinks, then the load distribution algorithm should be set to use a 5-tuple hash (IP/L4/L4 Ports). The same should be used for any port channels on the physical switches. For more information, see the Cisco Nexus 1000V Interface Configuration Guide.
  • If VEMs requiring VXLAN connectivity are separated by a router:
    • Proxy ARP must be enabled on the SVIs connected to the Cisco Nexus 1000V’s VXLAN transport VLANs (the ones the “capability vxlan” port profiles are connected to).
    • Multicast routing must be enabled on the routers.
  • VXLAN makes use of MAC in IP (UDP) with a destination port of 8472. You must allow this through any firewall.
  • Your upstream switch, from the VEMs of the Cisco Nexus 1000V, needs to provide an IGMP querier function.

Default Settings for VXLAN

The following table lists the default settings for VXLAN parameters.

Table 1 Default VXLAN Parameters

Parameter

Default

VXLAN

Disabled

Configuring VXLAN

Initial Enabling of VXLANs

To enable a VXLAN, you must to perform the following two procedures when first configuring VXLAN.

Configuring vmknics for VXLAN Encapsulation

Before You Begin
  • Identify a VLAN to be used for transporting VXLAN encapsulated traffic.
  • Ensure it is configured on the uplink port profile for all VEMs on which VXLAN can be configured.
Procedure
      Command or Action Purpose
    Step 1 switch# configure terminal 

    Enters global configuration mode.

     
    Step 2 switch(config)# port-profile profilename  

    Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

    • profilename—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.
    Note   

    If a port profile is configured as an Ethernet type, it cannot be used to configure VMware virtual ports.

     
    Step 3 switch(config-port-prof)# vmware port-group name  

    Designates the port profile as a VMware port group.

    The port profile is mapped to a VMware port group of the same name unless you specify a name here. When you connect the VSM to vCenter Server, the port group is distributed to the virtual switch on the vCenter Server.

     
    Step 4 switch(config-port-prof)# switchport mode access 

    Designates the interfaces as switch access ports (the default).

     
    Step 5 switch(config-port-prof)# switchport access vlan id  

    Assigns a VLAN ID to this port profile.

     
    Step 6 switch(config-port-prof)# capability vxlan  

    Assigns the VXLAN capability to the port profile to ensure that the interfaces that inherit this port profile are used as sources for VXLAN encapsulated traffic.

     
    Step 7 switch(config-port-prof)# no shutdown  

    Administratively enables all ports in the profile.

     
    Step 8 switch(config-port-prof)# state enabled  

    Sets the operational state of a port profile.

     
    Step 9 switch(config-port-prof)# show port-profile name profilename  

    Displays the port profile configuration.

     
    Step 10 switch(config-port-prof)# copy running-config startup-config  (Optional)

    Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

     

    The following example shows how to configure a vmknic for VXLAN encapsulation.

    switch# configure terminal
    switch(config)# port-profile vmknic-pp
    switch(config-port-prof)# vmware port-group 
    switch(config-port-prof)# switchport mode access
    switch(config-port-prof)# switchport access vlan 100 
    switch(config-port-prof)# capability vxlan
    switch(config-port-prof)# no shutdown
    switch(config-port-prof)# state enabled
    switch(config-port-prof)# show port-profile vmknic-pp
    switch(config-port-prof)# copy running-config startup-config
    What to Do Next

    The vSphere administrator must create a new vmknic on each ESX/ESXi host and assign the previously created port profile to this vmknic.

    Enabling VXLANs

    Before You Begin

    Enter the show system vem feature level command to confirm that the feature level is 4.2(1)SV1(5.1) or later. If the feature level is not 4.2(1)SV1(5.1) or later, see the Cisco Nexus 1000V Installation and Upgrade Guide.

    Procedure
        Command or Action Purpose
      Step 1 switch# configure terminal 

      Enters global configuration mode.

       
      Step 2 switch(config)# feature segmentation 

      Enables the VXLAN feature.

       
      Step 3 switch(config)# show feature | grep segmentation   (Optional)

      Displays if the VXLAN feature is enabled.

       
      Step 4 switch(config)# show processes | grep seg_bd   (Optional)

      Displays if the VXLAN process is running.

       
      Step 5 switch(config)# copy running-config startup-config  (Optional)

      Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

       

      The following example shows enabling the segmentation feature.

      switch# configure terminal 
      switch(config)# feature segmentation 
      switch(config)# show feature | grep segmentation 
      network-segmentation 1 disabled 
      segmentation         1 enabled 
      switch(config)# show processes | grep seg_bd 
      4166    S  b7de9468            1      - seg_bd
      switch(config)# copy running-config startup-config 

      Creating a VXLAN

      You are limited to creating a combination of 2048 VXLANs and VLANs.

      Procedure
          Command or Action Purpose
        Step 1 switch# configure terminal 

        Enters global configuration mode.

         
        Step 2 switch(config)# bridge domain name-string 

        Creates a VXLAN and associates an identifying name to it.

         
        Step 3 switch(config-bd)# segment id [number]  

        Specifies the VXLAN Segment ID. Only one Bridge Domain can use a particular segment id value.

        Valid values are 4096 to 16777215. (1 - 4095 are reserved for VLANs.)

         
        Step 4 switch(config-bd)# group ipaddr  

        Associates the multicast group for broadcasts and floods.

        Note   

        Reserved multicast addresses are not allowed.

         
        Step 5 switch(config-bd)# show bridge-domain name-string   (Optional)

        Displays bridge domain information.

         
        Step 6 switch(config-bd)# copy running-config startup-config  (Optional)

        Copies the running configuration to the startup configuration.

         

        The following example shows how to create a VXLAN.

        switch# configure terminal
        switch(config)# bridge-domain tenant-red
        switch(config-bd)# segment id 2048
        switch(config-bd)# group 239.1.1.1
        switch(config-bd)# show bridge-domain tenant-red
        switch(config-bd)# copy running-config startup-config

        Creating a Port Profile Configured to Use a VXLAN

        Alternatively, you can associate ports with a bridge domain by modifying the configuration of an existing vEthernet port profile to use VXLANs instead of VLANs. To do so, enter the switchport access bridge-domain name command on a profile with switchport mode access configured.

        Procedure
            Command or Action Purpose
          Step 1 switch# configure terminal 

          Enters global configuration mode.

           
          Step 2 switch(config)# port-profile [type {ethernet | vethernet}] name 

          Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

          • name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.
          • type—(Optional) The port profile type can be Ethernet or vEthernet. Once configured, the type cannot be changed. The default is the vEthernet type. Defining a port profile type as Ethernet allows the port profile to be used for physical (Ethernet) ports. In the vCenter Server, the corresponding port group can be selected and assigned to physical ports (PNICs).
            Note   

            If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

           
          Step 3 switch(config-port-prof)# vmware port-group [pg_name]  

          Designates the port profile as a VMware port group.

          The port profile is mapped to a VMware port group of the same name unless you specify a name here. When you connect the VSM to vCenter Server, the port group is distributed to the virtual switch on the vCenter Server.

           
          Step 4 switch(config-port-prof)# switchport mode access  

          Designates that the interfaces are to be used as a trunking ports.

          A trunk port transmits untagged packets for the native VLAN and transmits encapsulated, tagged packets for all other VLANs.

           
          Step 5 switch(config-port-prof)# switchport access bridge-domain  

          Assigns a VXLAN bridge domain to this port profile.

           
          Step 6 switch(config-port-prof)# no shutdown  

          Administratively enables all ports in the profile.

           
          Step 7 switch(config-port-prof)# state enabled 

          Sets the operational state of a port profile.

           
          Step 8 switch(config-port-prof)# show port-profile [brief | expand-interface | usage] [name profile-name]  (Optional)

          Displays the configuration for verification.

           
          Step 9 switch(config-port-prof)# show running-config bridge-domain   (Optional)

          Displays the segmentation configuration.

           
          Step 10 switch(config-port-prof)# copy running-config startup-config  (Optional)

          Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

           

          Creating a port profile configured to use a VXLAN .

          switch# configure terminal
          switch(config)# port-profile tenant-profile 
          switch(config-port-prof)# vmware port-group 
          switch(config-port-prof)# switchport mode access
          switch(config-port-prof)# switchport access bridge-domain tenant-red
          switch(config-port-prof)# no shutdown 
          switch(config-port-prof)# state enabled 
          switch(config-port-prof)# show port-profile name tenant-profile
          switch(config-port-prof)# show running-config bridge-domain
          switch(config-port-prof)# copy running-config startup-config

          Removing Ports from a VXLAN

          Executing this procedure moves the ports to the default VLAN.

          Procedure
              Command or Action Purpose
            Step 1 switch# configure terminal 

            Enters global configuration mode.

             
            Step 2 switch(config)# port-profile [type {ethernet | vethernet}] name 

            Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

            • name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.
            • type—(Optional) The port profile type can be Ethernet or vEthernet. Once configured, the type cannot be changed. The default is the vEthernet type. Defining a port profile type as Ethernet allows the port profile to be used for physical (Ethernet) ports. In the vCenter Server, the corresponding port group can be selected and assigned to physical ports (PNICs).
              Note   

              If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

             
            Step 3 switch(config-port-prof)# no switchport access bridge-domain  

            Removes the VXLAN bridge domain from this port profile.

             
            Step 4 switch(config-port-prof)# show port-profile usage  (Optional)

            Displays a list of interfaces that inherited a port profile.

             
            Step 5 switch(config-port-prof)# show bridge-domain   (Optional)

            Displays all bridge domains.

             
            Step 6 switch(config-port-prof)# copy running-config startup-config  (Optional)

            Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

             

            This example shows how to remove ports from a VXLAN.

            switch# configure terminal
            switch(config)# port-profile tenant-profile 
            switch(config-port-prof)# no switchport access bridge-domain tenant-red 
            switch(config-port-prof)# show port-profile usage
            switch(config-port-prof)# show bridge-domain 
            switch(config-port-prof)# copy running-config startup-config

            Deleting a VXLAN

            Deleting an existing bridge domain with ports on it moves all the ports to a down state. Traffic stops flowing.

            Procedure
                Command or Action Purpose
              Step 1 switch# configure terminal 

              Enters global configuration mode.

               
              Step 2 switch(config)# no bridge-domain group-red 

              Deletes a VXLAN.

               
              Step 3 switch(config-bd)# show bridge-domain  (Optional)

              Displays all bridge domains.

               
              Step 4 switch(config-bd)# copy running-config startup-config  (Optional)

              Copies the running configuration to the startup configuration.

               

              This example shows how to delete a VXLAN.

              switch# configure terminal
              switch(config)# no bridge-domain
              switch(config)# show bridge-domain
              switch(config)# copy running-config startup-config

              Disabling Segmentation

              Procedure
                  Command or Action Purpose
                Step 1 switch# configure terminal 

                Enters global configuration mode.

                 
                Step 2 switch(config)# show bridge-domain 

                Displays all bridge domains.

                Note   

                You must identify all bridge domains with non-zero port counts.

                 
                Step 3 switch(config)# show running port-profile  (Optional)

                Displays the running configuration for all port-profiles.

                Note   

                You must use this command to identify which port profiles have bridge domains identified in Step 2 configured.

                 
                Step 4 switch(config)# port-profile name 

                Names the port profile and enters port profile configuration mode. If the port profile does not already exist, it is created using the following characteristics:

                name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.

                Note   

                If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

                 
                Step 5 switch(config-port-prof)# no switchport access bridge-domain name-string  

                Removes the VXLAN bridge domain from this port profile.

                 
                Step 6 switch(config-port-prof)# show port-profile usage  (Optional)

                Displays a list of interfaces that inherited a port profile.

                 
                Step 7 switch(config-port-prof)# show bridge-domain   (Optional)

                Displays all bridge domains.

                 
                Step 8 switch(config-port-prof)# no feature segmentation  

                Removes the segmentation feature.

                 
                Step 9 switch(config-port-prof)# show processes | grep seg_bd   (Optional)

                Displays the processes to determine that the segmentation feature is not running.

                 
                Step 10 switch(config-port-prof)# copy running-config startup-config  (Optional)

                Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

                 

                The following example shows how to disable segmentation.

                switch# configure terminal
                switch(config)# show bridge-domain
                switch(config)# show running port-profile
                switch(config)# port-profile tenant-profile
                switch(config-port-prof)# no switchport access bridge-domain tenant-red  
                switch(config-port-prof)# show port-profile usage 
                switch(config-port-prof)# show bridge-domain   
                switch(config-port-prof)# no feature segmentation  
                switch(config-port-prof)# show processes | grep seg_bd 
                switch(config-port-prof)# copy running-config startup-config

                Verifying the VXLAN Configuration

                To display the VXLAN configuration information, enter one of the following commands:

                Command

                Purpose

                show processes | grep seg_bd

                Displays that the VXLAN process is running.

                show bridge-domain

                Displays all bridge domains.

                show interface brief

                Displays a short version of the interface configuration.

                show interface switchport

                Displays information about switchport interfaces.

                Example for show processes | grep seg_bd

                switch(config)# show processes | grep seg_bd 
                    -     NR       -            1     - seg_bd

                Example for show bridge-domain

                switch(config)# show bridge-domain 
                Bridge-domain tenant-red (2 port in all)
                Segment ID: 5000 (manual/Active
                Group IP: 239.1.1.1
                    -     NR       -            1     - seg_bd

                Example for show interface brief

                switch(config)# show interface brief 
                
                ---------------------------------------------------------------------
                Port     VRF    Status   IP Address                   Speed      MTU 
                ---------------------------------------------------------------
                mgmt 0   --     up       172.23.233.117               1000       1500
                
                -------------------------------------------------------------------
                Ethernet    VLAN   Type Mode   Status  Reason         Speed    Port
                Interface                                                      Ch #
                ---------------------------------------------------------------------
                Eth3/5      1      eth  trunk  up      none           1000
                
                ---------------------------------------------------------------------
                Vehternet   VLAN   Type Mode   Status  Reason         Speed
                ---------------------------------------------------------------------
                Veth1       --     virt access up      none           auto
                Veth1       --     virt access up      none           auto
                Veth1       100    virt access up      none           auto
                
                ---------------------------------------------------------------------
                Port     VRF    Status   IP Address                   Speed      MTU 
                control0 --     up       --                           1000       1500
                switch#(config)#
                

                Example for show interface switchport

                switch(config)# show interface switchport
                Name: Ethernet3/5
                  Switchport: Enabled
                  Switchport Monitor: Not enabled
                  Operational Mode: Trunk
                  Access Mode VLAN: 1 (default)
                  Trunking Native Mode: trunk
                  Trunking VLANs Enabled: 180-181,231-233,571-574
                  Administrative private-vlan primary host-association: none
                  Administrative private-vlan secondary host-association: none
                  Administrative private-vlan primary mapping: none
                  Administrative private-vlan secondary mapping: none
                  Administrative private-vlan trunk native VLAN: none
                  Administrative private-vlan trunk encapsulation: dot1q
                  Administrative private-vlan trunk normal VLANs: none
                  Administrative private-vlan trunk private VLANs: 
                  Operational private-vlan: none
                
                ifindex 0x1c000000 swbd 4096
                Name Vethernet1
                  Switchport: Enabled
                  Switchport Monitor: Not enabled
                  Operational Mode: access
                  Access Mode VLAN: 0 (none)
                  Access BD name: tenant-red
                  Trunking Native ModeVLAN: 1 (default)
                  Trunking VLANs Enabled: 1-3967,4048-4093
                  Administrative private-vlan primary host-association: none
                  Administrative private-vlan secondary host-association: none
                  Administrative private-vlan primary mapping: none
                  Administrative private-vlan secondary mapping: none
                  Administrative private-vlan trunk native VLAN: none
                  Administrative private-vlan trunk encapsulation: dot1q
                  Administrative private-vlan trunk normal VLANs: none
                  Administrative private-vlan trunk private VLANs: 
                  Operational private-vlan: none
                

                Feature History for VXLAN

                Feature Name

                Releases

                Feature Information

                VXLAN

                4.2(1)SV1(5.1)

                Introduced the Virtual Extensible Local Area Network (VXLAN) feature.