Contents

Cisco CSR 1000V VxLAN Support

First Published: November 21, 2012

This module contains information about VxLAN (Virtual eXtensible Local Area Network) Layer 2 gateway feature support on the Cisco CSR 1000V. VxLAN is a technology that provides a Layer 2 overlay network, allowing for network isolation. The standard 802.1q VLAN implementation limits the number of tags to 4096. However, cloud service providers may want to operate more than 4096 virtual networks. VxLAN uses a 24-bit network ID, which allows for a much larger number of individual i networks to be operated.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn . An account on Cisco.com is not required.

Introduction

This feature enables the Cisco CSR 1000V to act as a Layer 2 VxLAN gateway to provide support to bridge traffic across VxLAN segments in a hypervisor and on VLANs on physical servers. The operation of a VxLAN Layer 2 gateway is based on the data plane MAC address learning and flooding of multidestination traffic (such as unknown unicast, multicast, or broadcast frames) using IP multicast.

Acting as a VxLAN Layer 2 gateway, the Cisco CSR 1000V can send and receive packets on multiple VxLAN networks, and provide connectivity between the hosts in a VLAN network and the virtual machines operating on a VxLAN network.

The VxLAN Layer 2 gateway performs the following functions:

  • Provides support to bridge traffic between a host in a VLAN domain and VMs behind a virtual switch (vSwitch) in a VxLAN domain. The VLAN and the virtual network identifier (VNI) on the VxLAN should be configured as member ports in the same bridge domain.
  • Implements the Virtual Tunnel Endpoint (VTEP) function, which encapsulates the Layer 2 packet on the IP/UDP tunnel with the VxLAN header (VNI) information before sending it to a multicast group or particular virtual switch on the VxLAN domain.
  • The VTEP function removes the VxLAN header, identifies the bridge domain under which the VNI is configured and then bridges the inner L2 packet to the VLAN side. The bridge function also learns the remote MAC address (the VM's MAC address behind the virtual switch).
  • The Layer 2 gateway carries the inner payload of non-IP (Layer 2 traffic), IPv4, and IPv6 traffic over the VxLAN VNI member.

Prerequisites for Cisco CSR 1000V VxLAN Support

The following are the prerequisites to configuring the Cisco CSR 1000V as a VxLAN Layer 2 gateway:

  1. Configure the loopback interface.
  2. Configure the IP unicast reachability to remote VTEP's.
  3. Configure Bidirectional Protocol Independent Multicast (PIM).

For more information, see the IP Multicast: PIM Configuration Guide, Cisco IOS XE Release 3S .

Configuring the Cisco CSR 1000V as a VxLAN Layer 2 Gateway

Configuring the VxLAN UDP Destination Port (Optional)

The default VxLAN UDP destination is 8472. If you want to change the VxLAN UDP destination port value, you must change it before configuring the network virtualization endpoint (NVE) interface.

Procedure
     Command or ActionPurpose
    Step 1enable


    Example:
    router> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2configure terminal


    Example:
    router# configure terminal
     

    Enters global configuration mode.

     
    Step 3vxlan udp port number


    Example:
    Router(config)# vxlan udp port 1000
     

    Configures the VxLAN UDP destination port number. The default value is 8472.

     

    Creating the Network Virtualization Endpoint (NVE) Interface

    You create the network virtualization endpoint (NVE) interface and then assign member virtual network identifiers (VNIs) to it. The mapping between the VNI range and the multicast group range is either one-to-one or many-to-one.

    Procedure
       Command or ActionPurpose
      Step 1interface nve number


      Example:
      Router(config)# interface nve 1
       

      Creates a network virtualization endpoint (NVE) interface and enters NVE interface configuration mode.

       
      Step 2source-interface loopback number


      Example:
      Router(config-if)# source-interface loopback 0
       

      Assigns the previously-created loopback interface to the NVE interface.

       
      Step 3member vni {number | startnumber-endnumber} multicast-group startip-address endip-address

      Example:
      Router(config-if)# member vni 7115 multicast-group 225.1.1.1 225.100.100.100
       

      Creates a VNI member or a range of VNI members. Repeat this step for each VNI to be added to the NVE interface. The valid values for the VNI number are from 4096 to 16777215.

       
      Step 4no shutdown


      Example:
      Router(config-if)# no shutdown
       

      Enables the NVE interface.

       

      Creating the Access Ethernet Flow Point (EFP)

      After the member VNI is created, you must create the access Ethernet Flow Point (EFP) for the VLAN interface.

      Procedure
         Command or ActionPurpose
        Step 1interface GigabitEthernet number


        Example:
        Router(config)# interface GigabitEthernet1
         

        Enters interface configuration mode.

         
        Step 2 service-instance interface id ethernet

        Example:
        Router(config-if)# service-instance interface 20 ethernet
         

        Configures an Ethernet service instance on the overlay interface being configured and enters service instance configuration mode.

        • The service-instance identifier range is from 1 to 8000.
         
        Step 3 encapsulation dot1q vlan-ID

        Example:
        Router(config-if-srv)# encapsulation dot1q 100
         

        Defines the VLAN encapsulation format as IEEE 802.1Q and specifies the VLAN identifier.

         
        Step 4 rewrite ingress tag pop 1 symmetric

        Example:
        Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
         

        Removes the VLAN tag in the Layer 2 traffic before switching to the outgoing VxLAN interface.

        Note    This command is required to remove the VLAN tag before sending the VLAN traffic to VxLAN and adding the VLAN tag in the reverse direction.
         

        Mapping the VLAN to the Bridge Domain

        You must map the VLAN created in the previous procedure to the bridge domain.

        Procedure
           Command or ActionPurpose
          Step 1bridge-domain bridge-id


          Example:
          Router(config)# bridge-domain 10
           

          Creates a bridge domain and enters bridge domain configuration mode.

           
          Step 2member interface service-instance id


          Example:
          Router(config-bdomain)# member gigabitEthernet 1 service-instance 1
           

          Binds the bridge domain to the service instance.

           
          Step 3member vni vni-id


          Example:
          Router(config-bdomain)# member vni 1010
           

          Maps the VNI to the bridge domain.

           
          What to Do Next

          The following example displays the NVE VNIs configured on the router:

          Router# show nve vni
           
          Interface  VNI          mcast       VNI state
          nve1       1010        239.0.0.0      UP
          nve2       2010        239.0.0.0      UP
          

          The following example displays the NVE VNIs assigned to NVE interface 1:

          Router(config)# show nve vni interface nve1
          Interface  VNI          mcast       VNI state
          nve1       1010        239.0.0.0      UP
          nve1       1110        239.0.0.0      UP
          

          The following example shows the status of NVE interface 1:

          Router(config)# show nve interface nve1
          Interface: nve1, State:up, encapsulation:VXLAN 
          source-interface: Lo1 (primary:1.1.1.1, secondary:1.1.1.2)
          

          The following example shows a detailed display for NVE interface 1:

          Router(config)# show nve interface nve1 detail
          Interface: nve1, State:up, encapsulation:VXLAN 
          source-interface: Lo1 (primary:1.1.1.1, secondary:1.1.1.2)
          VNI          mcast       VNI state
          1010        239.0.0.0       UP
          1110        239.0.0.0       UP
          

          The following example shows the NVE peers configured on the router:

          Router(config)# show nve peers
          Interface Peer-IP         VNI      Up Time
          nve1       1.1.1.2        1010      10h
          nve2       1.1.1.3        2030      20h  
          

          The following example shows the bridge domain configuration with the entry in bold displaying the VM’s MAC address that was learned on the VxLAN VNI:

          Router# show bridge-domain 1000
          Bridge-domain 1000 (3 ports in all)
          State: UP                    Mac learning: Enabled
          Aging-Timer: 300 second(s)
              GigabitEthernet1 service instance 1000
              GigabitEthernet3 service instance 1000
              vni 7639335
             MAC address    Policy  Tag      Age  Pseudoport
             FFFF.FFFF.FFFF flood   static   0    OLIST_PTR:0xe9c2b410
             0050.56A4.ECD2 forward dynamic  297  nve1.VNI7639335 VxLAN [src:10.0.0.1  dst:10.0.0.2]
             0050.56A4.257A forward dynamic  297  GigabitEthernet3.EFP1000
          

          Multicast Example for Configuring the Cisco CSR 1000v as a VxLAN Layer 2 Gateway

          In this example, multicast data packets are transported securely between source and destination routers, via Virtual Tunnel Endpoints VTEP1 and VTEP2.

          VTEP1:

          ip multicast-routing distributed
          ip pim rp-address 10.1.1.1
          interface loopback 1
              ip address 10.1.1.1 255.255.255.255
              ip pim sparse-dense mode
          interface NVE 1
              no shutdown
              source interface loopback 1
              member VNI 5010 multicast-group 225.1.1.1 
          interface GigabitEthernet 3
              ip address 11.1.1.1 255.255.255.0
              ip pim sparse-dense-mode
          interface GiagabitEthernet 1
              service instance 1 ethernet
                 encapsulation dot1q 100
          bridge-domain 10
              member VNI 5010
              member GiagabitEthernet 1 service-instance 1
          

          VTEP2:

          ip multicast-routing distributed
          ip pim rp-address 10.1.1.1
          interface loopback 1
              ip address 12.1.1.1 255.255.255.255
              ip pim sparse-dense mode
          interface NVE 1
              no shutdown
              source interface loopback 1
              member VNI 5010 multicast-group 225.1.1.1 
          interface GigabitEthernet 3
              ip address 15.1.1.1 255.255.255.0
              ip pim sparse-dense-mode
          interface GiagabitEthernet 1
              service instance 1 ethernet
              encapsulation dot1q 100
          bridge-domain 10
              member VNI 5010
              member GiagabitEthernet 1 service-instance 1
          

          Unicast Example for Configuring the Cisco CSR 1000v as a VxLAN Layer 2 Gateway

          In this example, unicast data packets are transported securely between source and destination routers, via Virtual Tunnel Endpoints. This example is similar to the multicast example, except that it uses the unicast command member VNI 5010 instead of the multicast command member VNI 5010 multicast-group 225.1.1.1.

          VTEP1:

          interface loopback 1
              ip address 10.1.1.1 255.255.255.255
          interface NVE 1
              no shutdown
              source interface loopback 1
              member VNI 5010
                  ingress-replication 12.1.1.1
          interface GigabitEthernet 3
              ip address 11.1.1.1 255.255.255.0
          interface GigabitEthernet 1
              service instance 1 ethernet
                  encapsulation dot1q 100
          bridge-domain 10
              member VNI 5010
              member GigabitEthernet 1 service-instance 1
          

          VTEP2:

          interface loopback 1
              ip address 12.1.1.1 255.255.255.255
          interface NVE 1
              no shutdown
              source interface loopback 1
              member VNI 5010
                  ingress-replication 10.1.1.1
          interface GigabitEthernet 3
              ip address 15.1.1.1 255.255.255.0
          interface GigabitEthernet 1
              service instance 1 ethernet
                  encapsulation dot1q 100
          bridge-domain 10
              member VNI 5010
              member GiagabitEthernet 1 service-instance 1
          

          Additional References

          Related Documents

          Related Topic

          Document Title

          Cisco CSR 1000V installation and software configuration

          Cisco CSR 1000V Series Cloud Services Router Software Configuration Guide

          Feature Information for Cisco CSR 1000V VxLAN Support

          The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

          Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn . An account on Cisco.com is not required.

          Table 1 Feature Information for CSR VxLAN Support

          Feature Name

          Releases

          Feature Configuration Information

          CSR VxLAN Support

          Cisco IOS XE Release 3.11S

          This feature was introduced on the Cisco CSR 1000V.

          Technical Assistance

          Description

          Link

          The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

          To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

          Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

          http:/​/​www.cisco.com/​cisco/​web/​support/​index.html