Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV2(2.1)
Installing and Configuring VXLAN Gateway
Downloads: This chapterpdf (PDF - 1.7MB) The complete bookPDF (PDF - 2.73MB) | The complete bookePub (ePub - 311.0KB) | Feedback

Installing and Configuring VXLAN Gateway

Installing and Configuring VXLAN Gateway

This chapter contains the following sections:

Information About the VXLAN Gateway Deployment

The VXLAN gateway has the following deployment requirements:

  • The VXLAN gateway is deployed only on the Cisco Cloud Services platform Release 4.2(1)SP1(6.1) or later releases.
  • You must connect the Cloud Services Platform appliance to a switch that supports Link Aggregation Control Protocol (LACP) based or statically configured port channels and VLAN-based trunk interfaces.
  • Ensure that you install or upgrade the Virtual Supervisor Module (VSM) to the current release of Cisco Nexus 1000V software. When you upgrade from an older version of the VSM, use the show system vem feature level command to check if you have the current version of the Cisco Nexus 1000V software.
  • You must have an advanced mode license to set up the VSM .
  • vCPU or Memory requirements—You will need three vCPUs, 2-GB RAM, and 3-GB virtual disk space for each VXLAN gateway Virtual Service Blade (VSB).

This figure shows the VXLAN gateway deployment.

Figure 1. VXLAN Gateway Deployment



Guidelines and Limitations

VXLAN gateways have the following configuration guidelines and limitations:

  • You must configure the VSM to use the Layer 3 control. We strongly recommend that the VSM Layer 3 control is through mgmt 0. For more information about Layer 3 control, see the Cisco Nexus 1000V Installation and Upgrade Guide and Cisco Nexus 1000V System Management Configuration Guide.
  • You must configure the uplink for the gateway module as a LACP or a static port channel. The VXLAN gateway does not function if gateways are configured in the MAC-pinning mode.
  • A single VSM can manage a maximum of four VXLAN gateway high availability (HA) clusters.
  • You must configure the underlying Cloud Services Platform with an uplink type that is flexible (type 5). VXLAN gateways use two physical interfaces. You must set the interfaces in the passthrough mode. In addition, you must set at least one physical or a port channel interface must be set up to carry management traffic.
  • Ensure you do not configure PVLAN on the VLANs used for VXLAN-VLAN mappings.

The following illustration displays the maximum allowed VXLAN gateway deployment managed by a single VSM. It displays four Cloud Services Platform devices and each Cloud Services Platform device hosting two VXLAN gateway modules. Four HA clusters of gateway modules are setup with each cluster consisting of an active/standby pair of modules.

Figure 2. VXLAN Gateway HA Pairs



Configuring VSMs

Before installing the VXLAN gateway module on the Cloud Services Platform, you must create two port profiles on the VSM, one for the uplinks on the gateway and one for the VTEP interface.


Note


You can configure the VXLAN gateway across multiple devices. This chapter explains the commands that you can execute on different devices using the following the prompts:
  • VSM— Virtual Supervisor Module
  • CSP— Cloud Services Platform
  • GW— VXLAN gateway VSB

To create a suitable port-profile that can be applied to the uplink of a VXLAN gateway service module, use the procedure below:

Before You Begin
  • Ensure that the VSM is configured in the Advanced mode by entering the svs switch edition advanced configuration command to enable Advanced mode.
  • Ensure LACP is configured by entering the feature lacp configuration command on the VSM.
  • Offload the LACP operation by entering the lacp offload configuration command on the VSM..
  • Ensure that the VXLAN feature is enabled on the VSM by entering the feature segmentation configuration command to enable VXLANs on the VSM.
  • Ensure that the VXLAN gateway is enabled on the VSM by entering the feature vxlan-gateway configuration command.
  • Ensure that the interfaces of the upstream switch are configured with matching port channel and VLAN trunk configuration.
Procedure
     Command or ActionPurpose
    Step 1vsm# configure terminal  

    Enters global configuration mode.

     
    Step 2 vsm(config)# port profile type ethernet <name> 

    Creates a port profile of type ethernet for the VXLAN gateway uplink.

    Note   

    You must provide a port-profile name when prompted while executing the setup script described under Setup Script to Configure the VXLAN Gateway..

     
    Step 3vsm(config-port-prof)# switchport mode trunk 

    Designates that the interfaces are to be used as trunking ports. A trunk port transmits untagged packets for the native VLAN and transmits encapsulated, tagged packets for all other VLANs.

     
    Step 4 vsm(config-port-prof)# switchport trunk allowed vlan <vlan list> 

    Specifies the list of VLANs allowed on the gateways uplink. This list should consist of all the mapped VLANs and the VLAN for the VTEP virtual interface.

     
    Step 5vsm(config-port-prof)# mtu <mtu size in bytes> 

    Designates the MTU size. For VXLAN traffic to be functional, you must set the MTU size as 1550. If you do not set the MTU size, the default of 1500 is used. The size must be an even number between 1500 and 9000. The MTU configured on an interface takes precedence over the MTU configured on a port profile.

     
    Step 6vsm(config-port-prof)# service instance <1-4096>  (Optional)

    Defines a place holder for mappings. The range is from 1 to 4096.

    Note   

    You do not need to execute the service instance and the encapsulation command at this stage to bring up the gateway. They are optional and you can add the mappings later once the port-profiles are configured.

     
    Step 7vsm(config-port-prof-srv)# encapsulation dot1q <vlan id> bridge-domain <bd-name>  (Optional)

    Maps a VLAN to a VXLAN. The VXLAN is specified through the bridge-domain name.

    The bridge-domain name and VLAN-ID you provide are not created during the port-profile configuration. The bridge-domain name and the VLAN ID you provide should be in an active state or the mapping is held in pending state until you create the bridge-domain name and VLAN ID.

     
    Step 8vsm(config-port-prof-srv)# exit
     
    (Optional)

    Exits from the service instance mode.

     
    Step 9vsm(config-port-prof)# channel-group auto mode active 

    Configures port channel mode as LACP.

     
    Step 10vsm(config-port-prof)# no shutdown 

    Administratively enables all ports in the profile.

     
    Step 11vsm(config-port-prof)# state enabled 

    Enables the port profile and applies its configuration to the assigned ports.

     

    This example displays how to configure and display the gateway mappings:

    vsm(config)# port-profile type ethernet gw-uplink
    vsm(config)# switchport mode trunk
    vsm(config)# switchport trunk allowed vlan 1545
    vsm(config)# mtu 1550
    vsm(config-port-prof)# service instance 1
    vsm(config-port-prof-srv)# encapsulation dot1q 753 bridge-domain bd-753
    vsm(config-port-prof-srv)# exit
    vsm(config-port-prof)# channel-group auto mode active
    vsm(config-port-prof)# no shutdown
    vsm(config-port-prof)# state enabled
    
    

    Configuring VXLAN Termination/VTEP on the VXLAN Gateway

    To create a suitable port-profile that can be applied to the VTEP virtual interface, use the procedure below:

    Procedure
       Command or ActionPurpose
      Step 1vsm# configure terminal  

      Enters global configuration mode.

       
      Step 2 vsm(config) # port-profile type vethernet <port-profile name>  

      Configures a port profile for the VTEP on the VXLAN gateway.

      Note   

      You must provide a port-profile name when prompted while executing the setup script described under Setup Script to Configure the VXLAN Gateway..

       
      Step 3vsm(config-port-prof) # switchport mode access  

      Designates that the interfaces are to be used as a trunking ports. A trunk port transmits untagged packets for the native VLAN and transmits encapsulated, tagged packets for all other VLANs.

       
      Step 4vsm(config-port-prof) # switchport access vlan <vlan-id-access>  

      Assigns an access VLAN ID to this port profile. The VLAN ID provided must be added to the allowed VLAN set of the uplink port profile. This VLAN should not be mapped to any VXLAN.

      Note   

      If you do not specify a VLAN ID, VLAN 1 is used automatically.

       
      Step 5vsm(config-port-prof ) # capability vxlan  

      Configures the capability VXLAN feature on the specified virtual ethernet port and enables encapsulation and decapsulation of VXLAN packets.

       
      Step 6 vsm(config-port-prof) # transport ip address <IP address> <network mask> gateway < IP address>  

      Configures VXLAN termination or a VTEP on the VXLAN gateway.

      Creating VTEP port-profile is similar to the steps described under Configuring vmknics for VXLAN Encapsulation except the vmware port-group command which is not supported on the VXLAN Gateway.

       
      Step 7vsm(config-port-prof)# no shutdown  

      Administratively enables all ports in the profile.

       
      Step 8vsm(config-port-prof)# state enabled  

      Enables the port profile and applies its configuration to the assigned ports.

       

      This example displays how to configure VXLAN termination or VTEP on the VXLAN gateway:

      vsm# configure terminal
      vsm(config)# port-profile type vethernet gw-vtep
      vsm(config-port-prof)# switchport mode access
      vsm(config-port-prof)# switchport access vlan 760
      vsm(config-port-prof)# capability vxlan
      vsm(config-port-prof)# transport ip address 192.168.1.253 255.255.255.0 gateway 192.168.1.1
      vsm(config-port-prof)# no shutdown
      vsm(config-port-prof)# state enabled 

      Installing a VXLAN Gateway as a Virtual Service Blade

      You can install a VXLAN Gateway as a VSB on all Cisco Cloud Services Platforms. To do this, log into the Cloud Services Platform and follow the procedure below:

      Procedure
         Command or ActionPurpose
        Step 1CSP# copy scp:// <server where the VXGW image is located> < source path > < iso image of vxlan gw > < bootflash:repository >
         

        Copies the VXLAN gateway image to bootflash/repository on the CCPA Manager.

         
        Step 2CSP# configure terminal  

        Enters global configuration mode.

         
        Step 3CSP(config) # virtual-service-blade <name of the VXLAN GW VSB> 

        Creates a VXLAN gateway VSB.

         
        Step 4CSP(config-vsb-config) # virtual-service-blade-type new <iso image of the vxlan gw> 

        Deploys the downloaded VXLAN gateway. The image is always populated from the bootflash or repository and there is no need to specify the path.

         
        Step 5CSP(config-vsb-config) # interface gw-uplink1 uplink <Physical-Interface Cloud Services Platform> 

        Assigns a physical interface on the Cloud Services Platform to the gateway-uplink. GigabitEthernet3 through GigabitEthernet6 are available in the flexible mode physical interfaces. You must configure the port channels using LACP on the upstream switches.

         
        Step 6CSP(config-vsb-config) # interface gw-uplink1 mode passthrough 

        Configures the gateway uplink as passthrough. The corresponding GigabitEthernet interface cannot be shared with other VSBs on the Cloud Services Platform.

         
        Step 7CSP(config-vsb-config) # interface gw-uplink2 uplink <Physical-Interface Cloud Services Platform> 

        Assigns a physical interface on the Cloud Services Platform to the gateway-uplink. GigabitEthernet3 through GigabitEthernet6 are available in the flexible mode physical interfaces. You must configure the port channels using LACP on the upstream switches.

         
        Step 8CSP(config-vsb-config) # interface gw-uplink2 mode passthrough 

        Configures the gateway uplink as passthrough. The corresponding GigabitEthernet interface cannot be shared with other VSBs on the Cloud Services Platform.

         
        Step 9CSP(config-vsb-config) # interface management vlan <vlan id> 

        Allows the specified VLAN ID on the management uplink. The VLAN range is from 1 to 4096.

         
        Step 10CSP(config-vsb-config) # interface management uplink <interface> 

        The interface can either be a physical interface of the Cloud Services Platform or a port channel interface previously created on the Cloud Services Platform.

         
        Step 11Use one of the following commands to deploy a gateway:
        • CSP(config-vsb-config) # enable
        • CSP(config-vsb-config) # enable primary
        • CSP(config-vsb-config) # enable secondary
         

        Use the enable command to install two VSBs, one on the primary Cloud Services Platform and another on the secondary cloud services platform.

        Use the enable primary command to deploy the gateway in standalone mode on the primary Cloud Services Platform.

        Use the enable secondary command to deploy the gateway in standalone mode on the secondary Cloud Services Platform.

        Initiates a setup script to configure the VXLAN gateway, IP address, subnet mask, gateway, hostname, and password for the VXLAN gateway VSB. You are also required to specify the details of the VSMs domain ID, IP address, primary and secondary MAC addresses on the control interface. For more information, see Setup Script to Configure the VXLAN Gateway.

         

        This example shows how to bring up a gateway as a VSB on a VSA pair:

        CSP(config)# virtual-service-blade VXLAN-GW
        CSP(config-vsb-config)# virtual-service-blade-type new vxgw.4.2.1.SV2.2.0.264.iso
        CSP(config-vsb-config)# interface gw-uplink1 uplink GigabitEthernet3
        CSP(config-vsb-config)# interface gw-uplink2 uplink GigabitEthernet4
        CSP(config-vsb-config)# interface gw-uplink1  mode passthrough 
        CSP(config-vsb-config)# interface gw-uplink2  mode passthrough 
        CSP(config-vsb-config)# interface management uplink GigabitEthernet1
        CSP(config-vsb-config)# interface management vlan 751
        CSP(config-vsb-config)# enable
        
        

        Setup Script to Configure the VXLAN Gateway

        After you enter enable while installing a VXLAN gateway as a VSB, the setup script to configure the VXLAN gateway is executed. This section describes the setup script to configure the following parameters on the VXLAN gateway:

        • IP address, network mask, and default gateway for both the primary and secondary VXLAN Gateway Management interface
        • VSM details—Domain ID, IP address, primary MAC address, and secondary MAC address of the VSM control interface
        • Port profiles used for the VXLAN gateway uplink and VTEP
        Procedure
          Step 1   On the command prompt, enter the VSB image and press Enter.

          Enter VSB image:x.x.x.x.x.x.x.iso: [vxgw.4.2.1.SV2.1.0.246.iso] 

          Step 2   Enter the VSM domain ID. The range is from 1 to 4095.
          Enter domain [1-4095]:405
          Note   

          You can get the domain ID by entering the show svs domain command on the VSM.

          Step 3   Enter the management IP version.
          Management IP version [V4]:v4
          Step 4   Configure the management IP address to interface mgmt 0 on the VXLAN gateway deployed on the Primary Cloud Services Platform.
          Enter management IP address of service module on primary: 192.168.1.104
          Note   

          If you are deploying the gateway in the standalone mode on the secondary Cloud Services Platform, enter the IP address, network mask, and the default gateway address for the primary as 0.0.0.0.

          Step 5   Enter the management subnet mask.
          Enter management subnet mask of service module on primary: 255.255.255.0
          Step 6   Enter the management default gateway.
          Enter default gateway IP address of service module on primary: 192.168.1.1
          Step 7   Configure the management IP address to interface mgmt 0 on the VXLAN gateway deployed on the secondary Cloud Services Platform.
          Enter management IP address of service module on secondary: 192.168.1.105
          Note   

          If you are deploying the gateway in the standalone mode on the primary Cloud Services Platform, enter the IP address, network mask, and the default gateway address for the secondary as 0.0.0.0.

          Note   

          In a HA deployment, we recommend that the IP address you provide is in the same subnet as the one provided in Step 5.

          Step 8   Enter the management subnet mask.
          Enter management subnet mask of service module on secondary: 255.255.255.0
          Step 9   Enter the management interface default gateway.
          Enter default gateway IP address of service module on secondary: 192.168.1.1
          Step 10   Enter the VXLAN Gateway hostname.
          Enter hostname: VXLAN-GW-DOCS
          Step 11   Enter the login credentials.
          Enter the password for admin:Sfish123
          Step 12   Enter the IP address of the VSM.
          VSM L3 Ctrl IPv4 address:192.168.1.210
          
          Step 13   Configure the MAC address of the control interface on the primary VSM.
          VSM Primary MAC address: 0050.56b5.07d0
          Note   

          You can get the MAC address using the show interface control 0 command on the primary VSM.

          Step 14   Enter the MAC address of the secondary VSM.
          VSM Standby MAC address: 0050.56b5.07d3
          Note   

          You can get the MAC address by entering the show vms internal info command on the secondary VSM.

          Step 15   Enter the uplink trunk port profile configured on the VSM.
          Enter VSM uplink port-profile name: gw-uplink 
          Note   

          Enter the dedicated uplink trunk port-profile for the VXLAN gateway pair created on the VSM.

          Step 16   Enter the VTEP profile name.
          Enter VTEP port-profile name: gw-vtep 
          Note   

          Enter the same VTEP port-profile name created on the VSM.


          This example shows how to bring up the VXLAN gateway:

          CSP(config-vsb-config)# enable 
          Enter vsb image: [vxgw.4.2.1.SV2.2.0.264.iso] 
          Enter the VSM domain id[1-4095]: 405
          Enter Management IP version [V4]: [V4] 
          Enter Management IP address of service module on primary: 192.168.1.104
          Enter Management subnet mask of service module on primary: 255.255.255.0
          Enter default gateway IP address of service module on primary: 192.168.1.1
          Enter management IP address of service module on secondary: 192.168.1.105
          Enter management subnet mask of service module on secondary: 255.255.255.0
          Enter default gateway IP address of service module on secondary: 192.168.1.1
          Enter HostName: VXLAN-GW-DOCS
          Enter the password for 'admin': Sfish123
          VSM L3 Ctrl IPv4 address : 192.168.1.210
          VSM Primary MAC Address: 0050.56b5.07d0
          VSM Standby MAC Address: 0050.56b5.07d3
          Enter VSM uplink port-profile name: gw-uplink
          Enter VTEP port-profile name: gw-vtep
          Note: VSB installation is in progress, please use show virtual-service-blade commands to check the installation status.
          CSP(config-vsb-config)# 

          Modifying the Initial Setup Script Parameters

          After executing the setup script for the first time, if you need to modify any of the setup parameters, use the following commands on the VSM:


          Note


          If an HA pair is installed, ensure that you apply the same changes individually on both the gateway modules.



          Note


          Ensure the port profile that you update is first saved on the VSM.


          Procedure
             Command or ActionPurpose
            Step 1vsm(config)# service <module> update port-profile type ethernet name <VXLAN Gateway Uplink port-profile name> 

            Modifies the VXLAN gateway uplink port-profile from the VSM.

             
            Step 2vsm(config)# service <module> update port-profile type vethernet name <VXLAN Gateway VTEP port-profile name> 

            Modifies the VXLAN gateway VTEP port profile from the VSM.

             

            Configuring High Availability

            The operation of high availability (HA) involves the following terminology:

            • Cluster—A cluster is a pair of gateway modules that operate together as a single high available module. Each cluster is distinguished by a unique cluster ID. A gateway module that is deployed in a standalone mode of operation is assigned a dummy cluster ID of 0.
            • HA role—The gateway modules that make up an HA cluster are assigned separate roles. One is designated as primary and the other as secondary. This role decides which of the two modules goes to active state first and which stays in a standby state. These states persist until the active fails. In the event of any failure in the active gateway module, the standby gateway detects the failure and moves to active state. This way one of the two modules is always providing active service.
            • HA state— At any given time, only one gateway module from a given cluster is actively performing the gateway function. The other stays in the standby state pending the failure of the active module. A gateway module can be in the active or standby state. In addition, there is a transient initial state called the Init state. In this state, a gateway is either waiting to be assigned a role or negotiating its state with its peer.

            After a gateway module is installed and brought up, the VSM assigns a role to the gateway module and can result in one of the following transitions:

            • Unconfigured-Init to Standalone-Active
            • Unconfigured-Init to Primary-Active
            • Unconfigured-Init to Secondary-Standby
            • Standalone-Active to Primary-Active
            • Standalone-Active to Secondary-Active

            For all other combinations, we recommend that you first fall back to the Unconfigured-Init mode using the no service VXLAN Gateway module command and then proceed to the desired role or states.


            Note


            Roles must be preassigned to module numbers in the VSM. When a VXLAN gateway is attached to the VSM on that module, it inherits the role and state that are assigned by the VSM.


            You can create a service module in a standalone mode.

            Procedure
               Command or ActionPurpose
              Step 1 vsm(config)# service mod role standalone  

              Configures the service module as standalone active.

               
              Step 2vsm(config)# show module service-module 

              Displays the service module number, cluster ID, role, HA mode and status.

               

              This example shows how to display the cluster ID mapping and the details about active, standby, and standalone service modules:

              vsm(config)# show module service-module
              Mod  Cluster-id  Role            HA Mode       Status
              ---  ----------  -----------     ----------    -------
              36        0      Standalone      Standalone    Active
              

              You can create a service module as a high availability (HA) pair, use the following procedure:

              Procedure
                 Command or ActionPurpose
                Step 1 vsm(config)# service modNo1 role primary ha-cluster clusterNo 

                Configures the service module in HA and adds a primary service module to a cluster.

                 
                Step 2 vsm(config)# service modNo2 role secondary ha-cluster clusterNo 

                Configures another service module as secondary in the same cluster.

                 
                Step 3vsm(config)# show module service-module 

                Displays the service module number, cluster ID, role, HA mode, and status.

                 

                This example shows how to display the cluster ID mapping and the details about active, standby, and standalone service modules:

                vsm(config)# show module service-module
                Mod  Cluster-id  Role        HA Mode    Status
                --- ---------- ----------- ---------- -------
                9    1        Primary          HA       Active
                10   1        Secondary        HA       Standby
                

                To switch over between the active and standby VXLAN gateway, enter the following command on the VSM:

                vsm# service ha-cluster <1-8> switchover

                Verifying the VXLAN Gateway Installation and Configuration

                To display the VXLAN gateway (GW) installation and configuration information, perform one of the following tasks on the VSM:

                Command Purpose

                show running-config port-profile gw-uplink

                Displays the configuration of the port profile assigned to the VXLAN gateway uplinks.

                show running-config port-profile gw-vtep

                Displays the configuration of the port profile assigned to the VXLAN VTEP.

                show module

                Displays the VXLAN gateway service modules.

                show module service-module

                Verifies the role of the VXLAN gateway module and displays the cluster ID mapping and the details about active, standby, and standalone service modules.

                show vxlan gateway interface

                Displays if the VTEPs are configured properly.

                show interface vethernet 6

                Displays if both the VTEP Virtual Ethernet Interfaces are in up state.

                show port-channel summary

                Displays if the port channels are up for gateway service modules.

                show bridge-domain mappings

                Displays VLAN-VXLAN mappings configured in VSM on the Ethernet uplink port-profile of a service module/VXLAN gateway or the vEthernet access port-profile for the VXLAN trunk feature.

                show switch edition

                Displays if the VSM is in Advanced mode.

                show feature

                Displays if the VXLAN gateway is enabled on the VSM.

                show virtual-service-blade summary
                Note   

                This command needs to be executed from the Cloud Services Platform.

                Displays the status of the VXLAN gateway VSB as it transitions from the VSB DEPLOY IN PROGRESS to VSB POWERED ON.

                show virtual-service-blade

                Note   

                This command needs to be executed from the Cloud Services Platform.

                Displays the VXLAN gateway configuration.

                This example displays the status of the VXLAN gateway VSB:

                CSP# show virtual-service-blade summary
                
                -------------------------------------------------------------------------------
                Name                HA-Role     HA-Status   Status                   Location
                -------------------------------------------------------------------------------
                VXLAN-GW            PRIMARY     ACTIVE      VSB POWERED ON           PRIMARY
                VXLAN-GW            SECONDARY   ACTIVE      VSB POWERED ON           SECONDARY
                 
                

                This example displays the VXLAN gateway configuration:

                CSP# show virtual-service-blade
                virtual-service-blade VXLAN-GW
                  Description:  
                  Slot id:        1
                  Host Name:      VXLAN-GW-DOCS
                  Management IP:  192.168.1.104
                  VSB Type Name :  vx-gw-1.5
                  Configured vCPU:           3
                  Operational vCPU:           3
                  Configured Ramsize:        2048
                  Operational Ramsize:        2048
                  Disksize:       3
                  Heartbeat:      154764
                
                  Legends:   P -  Passthrough
                  --------------------------------------------------------------------------
                   Interface           Type         MAC     VLAN    State   Uplink-Int
                                                                  Pri  Sec Oper  Adm
                  --------------------------------------------------------------------------
                  VsbEthernet1/1  gw-uplink1 0002.3d71.a303        up   up Gi3(P) Gi3(P)
                  VsbEthernet1/2  management 0002.3d71.a302  751   up   up Gi1    Gi1   
                  VsbEthernet1/3  gw-uplink2 0002.3d71.a304        up   up Gi4(P) Gi4(P)
                        internal          NA        NA       NA    up   up              
                  HA Role: Primary  
                    HA Status: ACTIVE
                    Status:       VSB POWERED ON
                    Location:     PRIMARY
                    SW version:   
                  HA Role: Secondary  
                    HA Status: ACTIVE
                    Status:       VSB POWERED ON
                    Location:     SECONDARY
                    SW version:   
                  VSB Info:  
                    Domain ID : 405
                
                

                This example displays the port-profile configuration assigned to the VXLAN Gateway uplinks:

                vsm# show running-config port-profile gw-uplink
                
                port-profile type ethernet gw-uplink
                  switchport mode trunk
                  switchport trunk allowed vlan 1,81,751-760
                  mtu 1550
                  channel-group auto mode active
                  no shutdown
                  state enabled
                
                

                This example displays the port-profile configuration assigned to the VXLAN VTEP:

                vsm# show running-config port-profile gw-vtep
                
                port-profile type vethernet gw-vtep
                  switchport mode access
                  switchport access vlan 760
                  capability vxlan
                  transport ip address 192.168.1.253 255.255.255.0 gateway 192.168.1.1
                  no shutdown
                  state enabled
                 
                

                This example shows how to display the VXLAN gateway service modules as soon as they are online:

                vsm# show module
                Mod  Ports  Module-Type                       Model               Status
                ---  -----  --------------------------------  ------------------  ------------
                1    0      Virtual Supervisor Module         Nexus1000V          ha-standby
                2    0      Virtual Supervisor Module         Nexus1000V          active *
                3    332    Virtual Ethernet Module           NA                  ok
                4    332    Virtual Ethernet Module           NA                  ok
                5    332    Virtual Ethernet Module           NA                  ok
                6    332    Virtual Ethernet Module           NA                  ok
                7    332    Virtual Ethernet Module           NA                  ok
                8    332    Virtual Ethernet Module           NA                  ok
                9    4      Virtual Service Module            VXLAN Gateway       ok
                10   4      Virtual Service Module            VXLAN Gateway       ok
                
                Mod  Sw                  Hw      
                ---  ------------------  ------------------------------------------------  
                1    4.2(1)SV2(2.0.284)  0.0                                              
                2    4.2(1)SV2(2.0.284)  0.0                                              
                3    4.2(1)SV2(2.1)      VMware ESXi 5.0.0 Releasebuild-623860 (3.0)      
                4    4.2(1)SV2(2.1)      VMware ESXi 5.0.0 Releasebuild-469512 (3.0)      
                5    4.2(1)SV2(2.1)      VMware ESXi 5.0.0 Releasebuild-469512 (3.0)      
                6    4.2(1)SV2(2.1)      VMware ESXi 5.0.0 Releasebuild-469512 (3.0)      
                7    4.2(1)SV2(2.1)      VMware ESXi 5.0.0 Releasebuild-469512 (3.0)      
                8    4.2(1)SV2(2.1)      VMware ESXi 5.0.0 Releasebuild-469512 (3.0)      
                9    4.2(1)SV2(2.1)      Linux 2.6.27.10                                  
                10   4.2(1)SV2(2.1)      Linux 2.6.27.10                                  
                
                Mod  Server-IP        Server-UUID                           Server-Name
                ---  ---------------  ------------------------------------  --------------------
                1    10.193.81.210    NA                                    NA
                2    10.193.81.210    NA                                    NA
                3    10.193.81.201    3f6ebef1-90f3-11e0-a977-e8b7487bbf50  10.193.81.201
                4    10.193.81.202    56ae0e11-98a8-11e0-b2a9-e8b7487c00e4  10.193.81.202
                5    10.193.81.203    1abbf23b-9c26-11e0-ab53-e8b7487c26be  10.193.81.203
                6    10.193.81.204    64faccd8-9c11-11e0-ba93-e8b7487c24ea  10.193.81.204
                7    10.193.81.205    1abbf245-9c26-11e0-ab53-e8b7487c2712  10.193.81.205
                8    10.193.81.169    0ea13991-e32f-11e0-bd1d-ccef48b424a0  10.193.81.169
                9    192.168.1.104    56fa6753-4dc5-4a7d-ad07-cc817114f838  VXLAN-GW-DOCS
                10   192.168.1.105    4cbd05df-b3e5-468a-9497-89aa3fae8153  VXLAN-GW-DOCS
                
                * this terminal session 
                

                This example shows how to display the cluster ID mapping and the details about active, standby, and standalone service modules:

                vsm# show module service-module
                Mod  Cluster-id  Role        HA Mode    Status
                --- ---------- ----------- ---------- -------
                9    1        Primary          HA       Active
                10   1        Secondary        HA       Standby
                

                This example shows how to find the module for virtual Ethernet interface binding:

                vsm(config-if)# show vxlan gateway interface
                -----------------------------------------------------------------
                Port 	IPAddress 	Netmask 	Gateway Mod Status Role
                -----------------------------------------------------------------
                Veth6 	192.168.1.253  255.255.255.0	192.168.1.1 9 	up Active
                Veth22 	192.168.1.253  255.255.255.0	192.168.1.1 10  up Standby 
                

                This example displays if both the VTEP veths are in up state:

                vsm# show interface vethernet 6
                Vethernet6 is up
                  Port description is VXLANGW VTEP, Network Adapter 1
                  Hardware: Virtual, address: 0002.3d71.a303 (bia 0002.3d71.a303)
                  Owner is VM "VXLANGW VTEP", adapter is Network Adapter 1
                  Active on module 9
                  Port-Profile is gw-vtep
                  Port mode is access
                  5 minute input rate 8 bits/second, 0 packets/second
                  5 minute output rate 0 bits/second, 0 packets/second
                  Rx
                    6 Input Packets 6 Unicast Packets
                    0 Multicast Packets 588 Broadcast Packets
                    468 Bytes
                  Tx
                    34321 Output Packets 34321 Unicast Packets
                    33609 Multicast Packets 24 Broadcast Packets 33633 Flood Packets
                    2193700 Bytes
                    0 Input Packet Drops 0 Output Packet Drops
                
                vsm# show interface vethernet 22
                Vethernet22 is up
                  Port description is VXLANGW VTEP, Network Adapter 1
                  Hardware: Virtual, address: 0002.3d71.a383 (bia 0002.3d71.a383)
                  Owner is VM "VXLANGW VTEP", adapter is Network Adapter 1
                  Active on module 10
                  Port-Profile is gw-vtep
                  Port mode is access
                  5 minute input rate 8 bits/second, 0 packets/second
                  5 minute output rate 0 bits/second, 0 packets/second
                  Rx
                    6 Input Packets 6 Unicast Packets
                    0 Multicast Packets 25 Broadcast Packets
                    468 Bytes
                  Tx
                    33742 Output Packets 33742 Unicast Packets
                    33609 Multicast Packets 133 Broadcast Packets 33742 Flood Packets
                    2158956 Bytes
                    0 Input Packet Drops 0 Output Packet Drops
                
                

                This example displays if port-channels are up for gateway service modules:

                vsm# show port-channel summary 
                Flags:  D - Down        P - Up in port-channel (members)
                        I - Individual  H - Hot-standby (LACP only)
                        s - Suspended   r - Module-removed
                        S - Switched    R - Routed
                        U - Up (port-channel)
                --------------------------------------------------------------------------------
                Group Port-       Type     Protocol  Member Ports
                      Channel
                --------------------------------------------------------------------------------
                1     Po1(SU)     Eth      NONE      Eth3/3(P)    Eth3/4(P)    Eth3/5(P)
                                                     Eth3/6(P)    
                2     Po2(SU)     Eth      NONE      Eth4/3(P)    Eth4/4(P)    Eth4/5(P)
                                                     Eth4/6(P)    
                3     Po3(SU)     Eth      NONE      Eth5/3(P)    Eth5/4(P)    Eth5/5(P)
                                                     Eth5/6(P)    
                4     Po4(SU)     Eth      NONE      Eth6/3(P)    Eth6/4(P)    Eth6/5(P)
                                                     Eth6/6(P)    
                5     Po5(SU)     Eth      NONE      Eth7/3(P)    Eth7/4(P)    Eth7/5(P)
                                                     Eth7/6(P)    
                6     Po6(SU)     Eth      NONE      Eth8/4(P)    
                7     Po7(SU)     Eth      LACP      Eth9/1(P)    Eth9/3(P)    
                8     Po8(SU)     Eth      LACP      Eth10/1(P)   Eth10/3(P)   
                
                

                This example shows VXLAN gateway mappings:

                vsm# show bridge-domain mappings
                -------------------------------------------------------------------------------
                Interface       Module  Serv Inst  Vlan  BD-Name 
                -------------------------------------------------------------------------------
                port-channel7   9       753        753   bd-753
                port-channel8   10      753        753   bd-753
                
                

                Note


                The value in the Interface column varies based on the VXLAN gateway or the VXLAN trunk feature. Vethernet<number> in the Interface column indicates mapping for the VXLAN trunk feature; port-channel<number> in the Interface column indicates mapping configured on the VXLAN gateway.


                This example shows how to find the IP address for module binding:

                vsm(config-if)# show service-module mgmt-int
                	--------------------------------------------------------------------------------
                Mod Interface-Name IP-address Speed MTU
                --------------------------------------------------------------------------------
                4 Mgmt0 10.10.10.2             0     0
                5 Mgmt0 10.10.10.3             0     0
                Remember the management IP address user installs gateway with 
                (in this example 10.10.10.2, which occupies module slot 4)

                This example shows how to display if the VSM is in Advanced mode:

                vsm# show switch edition
                Switch Edition: Advanced
                
                Advanced Features
                Feature Name    Feature State
                -----------------------------
                vxlan-gateway   enabled
                
                Licenses Available: 1020
                Licenses In Use: 4
                License Expiry Date: 13 Jun 2013
                
                
                

                This example shows if the VXLAN gateway is enabled on the VSM:

                vsm# show feature
                Feature Name          Instance  State
                --------------------  --------  --------
                cts                   1         enabled
                dhcp-snooping         1         enabled
                http-server           1         enabled
                lacp                  1         enabled
                netflow               1         disabled
                network-segmentation  1         enabled
                port-profile-roles    1         disabled
                private-vlan          1         enabled
                segmentation          1         enabled
                sshServer             1         enabled
                tacacs                1         disabled
                telnetServer          1         disabled
                vtracker              1         enabled
                vxlan-gateway         1         enabled

                Perform one of the following tasks on the VXLAN gateway. If your VSM is on Layer 3 through management and your gateway is also on the same management subnet, use the attach module < service module number> command to acces the gateway CLI. If your VSM is on Layer 3 through control, you can access the gateway CLI from any machine on that control subnet. For this example, we are using the VSM which is on L3 control.

                Command Purpose

                show redundancy config

                Displays the high availability status.

                This example displays the high availability status:

                gw# show redundancy config 
                
                HA Manager Node Information:
                
                    Cluster Node Count: 2
                
                    Local Node:
                      state          : Active
                      HA mode        : High Availability
                      uuid           : 56fa6753-4dc5-4a7d-ad07-cc817114f838
                      cluster_id     : 1
                      node_priority  : 2
                      node_type      : VXLAN Gateway
                      ipaddr [mgmt]  : 192.168.1.104
                
                    Peer Node 1:
                      state          : Standby
                      uuid           : 4cbd05df-b3e5-468a-9497-89aa3fae8153
                      node_type      : VXLAN Gateway
                      ipaddr [mgmt]  : 192.168.1.105
                
                

                Managing the VXLAN to VLAN Mappings on the VXLAN Gateway

                The VLAN to VXLAN mappings that are configured on a gateway module can be managed by editing the port profile applied on the gateway uplink modules. To add or remove a mapping, follow the procedure below:

                Procedure
                   Command or ActionPurpose
                  Step 1 vsm(config)# port-profile port-profile-name  

                  Specifies the name of the port-profile applied to gw-uplink1 and gw-uplink2 in Installing a VXLAN Gateway as a Virtual Service Blade.

                   
                  Step 2 vsm(config-port-prof)# service instance 1 to 4096  

                  Defines a place holder for mappings. The range is from 1 to 4096.

                  Note   

                  Port profiles that contain the service instance keyword cannot be used for a non-VXLAN gateway module.

                   
                  Step 3 vsm(config-port-prof-srv)# encapsulation dot1q 1-4094 bridge-domain name  

                  Adds a new mapping.

                   
                  Step 4 vsm(config-port-prof-srv)# no encapsulation dot1q 1-4094 bridge-domain name  

                  Deletes an existing mapping.

                   

                  This example shows how to configure VXLAN to VLAN mappings on the VXLAN gateway:

                  vsm(config)# show run port-profile Uplink-All-VXGW
                  port-profile type ethernet Uplink-All-VXGW
                    vmware port-group
                    switchport mode trunk
                    switchport trunk allowed vlan 1545-1575,1577-1605
                    mtu 1550
                    service instance 2
                      encapsulation dot1q 1557 bridge-domain vxlan6002
                      encapsulation dot1q 1555 bridge-domain vxlan6000
                      encapsulation dot1q 1558 bridge-domain vxlan6003
                      encapsulation dot1q 1559 bridge-domain vxlan6004
                       channel-group auto mode active
                    no shutdown
                    state enabled
                  vsm(config)# show port-profile usage
                  port-profile Uplink-All-VXGW
                   port-channel1
                   port-channel5
                   Ethernet7/1
                   Ethernet7/3
                  
                  vsm(config)# show run interface ethernet 7/1 expand-port-profile
                  interface Ethernet7/1
                    switchport mode trunk
                    switchport trunk allowed vlan 1545-1575,1577-1605
                    mtu 1550
                    channel-group auto mode active
                    service instance 2
                      no shutdown
                      encapsulation dot1q 1557 bridge-domain vxlan6002
                      encapsulation dot1q 1555 bridge-domain vxlan6000
                      encapsulation dot1q 1558 bridge-domain vxlan6003
                      no shutdown

                  Deleting the VXLAN Gateway

                  To delete the VXLAN gateway from the Cloud Services Platform, use the following procedure:

                  Procedure
                     Command or ActionPurpose
                    Step 1configure terminal
                     

                    Enters the global configuration mode on the Cloud Services Platform.

                     
                    Step 2 csp(config)# virtual-service-blade <vsb name> 

                    Enters into the virtual-service-blade sub-command.

                     
                    Step 3 csp(config-vsb-config)# shutdown 

                    Shuts down the virtual-service-blade.

                     
                    Step 4 csp(config)# no virtual-service-blade <vsb name> 

                    Deletes the virtual-service-blade from the Cloud Services Platform.

                     

                    To delete the VXLAN gateway from the VSM, use the following procedure:


                    Note


                    You need to remove the associated VEM and port-channel information associated with the VXLAN gateway VSB.


                    Procedure
                       Command or ActionPurpose
                      Step 1configure terminal
                       

                      Enters the global configuration mode on the Cloud Services Platform.

                       
                      Step 2 vsm(config)# no vem <vem number associated with the primary vxlan-gw VSB> 

                      Deletes the unused VEM associated with the deleted primary VXLAN gateway.

                       
                      Step 3 vsm(config)# no vem <vem number associated with the secondary vxlan-gw VSB> 

                      Deletes the unused VEM associated with the deleted secondary VXLAN gateway.

                       
                      Step 4 vsm(config)# no interface port-channel <po number associated with the primary vxlan-gw VSB> 

                      Deletes the unused port-channel interface associated with the deleted primary VXLAN gateway VEM.

                       
                      Step 5 vsm(config)# no interface port-channel <po number associated with the secondary vxlan-gw VSB> 

                      Deletes the unused port-channel interface associated with the deleted secondary VXLAN gateway VEM.

                       

                      Feature History for VXLAN Gateways

                      Feature Name

                      Releases

                      Feature Information

                      VXLAN Gateway

                      4.2(1)SV2(2.1)

                      Introduced the Virtual Extensible Local Area Network (VXLAN) gateway feature.