Skip to content
Skip to search
Skip to footer

Cisco Nexus Dashboard Orchestrator Deployment Guide, Release 4.2(x)

Configuring Infra: General Settings

Updated: November 11, 2023

Want to summarize with AI?

Overview

sd Configuring Infra: General Settings

This section describes how to configure general settings for your NDFC sites that are on board and managed by Cisco Nexus Dashboard Orchestrator.

Procedure

	1.	Log in to your Cisco Nexus Dashboard and open the Cisco Nexus Dashboard Orchestrator service.
	2.	In the left navigation menu, choose Configure > Site to Site Connectivity.
	3.	In the main pane, choose the Configure button.
	4.	Choose the left tab, which is for General Settings.
	5.	Provide Control Plane Configuration. Select the Control Plane Configuration tab. Choose BGP Peering Type. `full-mesh`—All border gateway switches in each site establishes peer connectivity with remote sites' border gateway switches. `route-server`—The route-server option allows you to specify one or more control-plane nodes to which each site establishes MP-BGP EVPN sessions. The route-server nodes perform a function similar to traditional BGP route-reflectors, but for External Border Gateway Protocol (and not Internal Border Gateway Protocol) sessions. The use of route-server nodes avoids creating MP-BGP EVPN full mesh adjacencies between all the VXLAN EVPN sites that are managed by NDO. If you set the BGP Peering Type to `route-server`, click +Add Route Server to add one or more route servers. In the Add Route Server window that opens: From the Site drop-down, select the site that you want to connect to the route server. The ASN field will be autopopulated with the site's ASN. From the Core Router Device drop-down, select the route server to which you want to connect. From the Interface drop-down, select the interface on the core router device. You can add up to 4 route servers. If you add multiple route servers, every site establishes MP-BGP EVPN adjacencies to every route server. Leave the Keepalive Interval (Seconds), Hold Interval (Seconds), Stale Interval (Seconds), Graceful Restart, Maximum AS Limit, and BGP TTL Between Peers fields at default values as they are relevant for Cisco ACI fabrics only.
	6.	Provide the On Premises IPsec Devices information. If your intersite connectivity between on-premises and cloud sites is using private connection and you will not enable IPsec, you can skip this step. For connectivity over public Internet, IPsec is always enabled and you must provide the information in this step. When you configure intersite underlay connectivity between on-premises and cloud sites as described in later sections, you must select an on-premises IPN device which establishes connectivity to the cloud CSRs. These IPN devices must first be defined here before they are available in the on-premises site configuration screen. Select the On Premises IPsec Devices tab. Click +Add On-Premises IPsec Device. Choose whether the device is Unmanaged or Managed and provide the device information. This defines whether the device is directly managed by NDFC: For Unmanaged IPN devices, simply provide the Name and the IP Address of the device. The IP address that you provide will be used as the tunnel peer address from the cloud CSRs, not the IPN device's management IP address. For Managed IPN devices, choose the NDFC Site that contains the device and then the Device from that site. Then choose the Interface on the device that is facing the Internet and provide the Next Hop IP address, which is the IP address of the gateway that is connecting to the Internet. Click the check mark icon to save the device information. Repeat this step for any additional IPN devices that you want to add.
	7.	Provide the IPsec Tunnel Subnet Pools information. There are two kinds of subnet pools that you can provide here: External Subnet Pool—Used for connectivity between cloud site CSRs and other sites (cloud or on-premises). These are large global subnet pools that are managed by Cisco Nexus Dashboard Orchestrator. The Orchestrator creates smaller subnets from these Pools and allocates them to sites to be used for intersite IPsec tunnels and external connectivity IPsec tunnels. You must provide at least one external subnet pool if you want to enable external connectivity from one or more of your cloud sites. Site-Specific Subnet Pool—Used for connectivity between cloud site CSRs and external devices. These subnets can be defined when the external connectivity IPsec tunnels must be in a specific range. For example, where a specific subnet is already being used to allocate IP addresses to the external router and you want to continue using those subnets for IPsec tunnels for NDO and cloud sites. These subnets are not managed by the Orchestrator and each subnet is assigned to a site in its entirety to be used locally for external connectivity IPsec tunnels. If you do not provide any named subnet pools but still configure connectivity between the cloud site's CSRs and external devices, the external subnet pool will be used for IP allocation. . Note The minimum mask length for both subnet pools is `/24`. To add one or more External Subnet Pools: Select the IPsec Tunnel Subnet Pools tab. In the External Subnet Pool area, click +Add IP Address to add one or more external subnet pools. This subnet will be used to address the IPsec tunnel interfaces and loopbacks of the Cloud Routers that are used for on-premises connectivity, which you previously configured in the Cloud Network Controller for intersite connectivity in earlier Cisco Nexus Dashboard Orchestrator releases. The subnets must not overlap with other on-premises TEP Pools, should not begin with `0.x.x.x` or `0.0.x.x`, and should have a network mask between `/16` and `/24`, for example `30.29.0.0/16`. Click the check mark icon to save the subnet information. Repeat these substeps for any additional subnet pools that you want to add. To add one or more Site-Specific Subnet Pools: Select the IPsec Tunnel Subnet Pools tab. In the Site-Specific Subnet Pools area, click +Add IP Address to add one or more external subnet pools. The Add Named Subnet Pool dialogue opens. Provide the subnet Name. You can use the subnet pool's name to choose the pool from which to allocate the IP addresses later on. Click +Add IP Address to add one or more subnet pools. The subnets must have a network mask between `/16` and `/24` and not begin with `0.x.x.x` or `0.0.x.x`, for example `30.29.0.0/16`. Click the check mark icon to save the subnet information. Repeat the steps if you want to add multiple subnets to the same named subnet pool. Click Save to save the named subnet pool. Repeat these substeps for any additional named subnet pools that you want to add.
	8.	Configure NDFC Settings. Select the NDFC Settings tab. Provide the L2 VXLAN VNI Range. Provide the L3 VXLAN VNI Range. Provide the Multi-Site Routing Loopback IP Range. This field is used to autopopulate the Multi-Site TEP field for each fabric, which is described in Configuring Infra: NDFC Site-Specific Settings. For sites that were previously part of a Multi-Site Domain (MSD) in NDFC, this field will be prepopulated with the previously defined value. Provide the Anycast Gateway MAC.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.