VXLAN features

Virtual Extensible LAN (VXLAN) is a network virtualization technology that extends Layer 2 segments over a Layer 3 infrastructure using MAC-in-UDP encapsulation, enabling the creation of highly scalable and flexible multitenant data center fabrics.

Starting with Cisco NX-OS Release 10.6(1s), you can configure these VXLAN features on the Cisco N9324C-SE1U, Cisco N9348Y2C6D-SE1U switches.

VXLAN BGP EVPN

VXLAN BGP EVPN is a network virtualization overlay solution that uses BGP with EVPN address family as the control plane to distribute Layer 2 and Layer 3 reachability information across a VXLAN data plane.

For information on VXLAN BGP EVPN, see Configure VXLAN BGP EVPN.

VXLAN L2VNI and L3VNI

VXLAN Layer 2 Virtual Network Identifier (L2VNI) is a VXLAN segment identifier used to create a Layer 2 broadcast domain for bridging traffic.

For information on L2VNI, see Configure VXLAN BGP EVPN.

Layer 3 Virtual Network Identifier (L3VNI) is associated with a VRF to provide Layer 3 routing services between different L2VNIs.

For information on L3VNI, see Configure New L3VNI Mode.

VXLAN BGP EVPN multi-site Anycast BGW

VXLAN BGP EVPN multi-site Anycast BGW is a high-availability architecture where multiple Border Gateway (BGW) nodes, connecting separate VXLAN EVPN sites, share a common anycast IP address to provide resilient and optimized data traffic forwarding and control plane signaling between sites.

For information on VXLAN BGP EVPN multi-site Anycast BGW, see Configure VXLAN EVPN Multi-Site.

VXLAN BGP EVPN border spine

VXLAN BGP EVPN border spine is a network device that functions as both a spine switch within a VXLAN fabric and a BGW, responsible for connecting the fabric to external networks or other data center sites.

For information on VXLAN BGP EVPN border spine, see Configure VXLAN BGP EVPN.

VXLAN standalone or vPC VTEP, vPC, and vPC fabric peering

Standalone, vPC, and vPC fabric peering are methods for establishing network connectivity and redundancy for VXLAN Tunnel Endpoints (VTEPs).

Distributed Anycast Gateway

Distributed Anycast Gateway is a VXLAN EVPN feature where the default gateway IP and MAC addresses for a subnet are identically configured on all VTEPs within that Layer 2 segment, enabling optimal east-west traffic routing.

For more information on distributed Anycast Gateway, see Distributed Anycast Gateway.

DHCP relay

DHCP relay is a feature that forwards DHCP broadcast requests from clients within a VXLAN overlay network to a DHCP server located in a different subnet, often outside the fabric, by encapsulating the requests and sending them across the Layer 3 underlay.

For more information on DHCP relay, see DHCP Relay in VXLAN BGP EVPN.

IPv4 and IPv6 unicast overlay traffic

IPv4 and IPv6 unicast overlay traffic is a transport standard of IPv4 and IPv6 unicast packets, encapsulated within a VXLAN header, across the overlay network between source and destination endpoints.

For more information on IPv4 and IPv6 unicast overlay traffic, see Configure the Underlay.

BUM traffic

Broadcast/Unknown unicast/Multicast (BUM) traffic refers to Broadcast, Unknown Unicast, and Multicast traffic within a VXLAN segment, which is typically handled by replicating the traffic and forwarding it to all relevant VTEPs, either through multicast replication in the underlay or ingress replication (head-end replication).

For more information on BUM traffic, see Configure the Underlay.

IPv4 unicast underlay (IR)

IPv4 unicast underlay (IR) is a standard IPv4 unicast routing protocol in the physical network (underlay) to provide reachability between VTEPs, where BUM traffic is handled via Ingress Replication (IR), meaning the source VTEP unicasts a copy of the packet to every other relevant VTEP.

For more information on IPv4 unicast underlay, see Configure the Underlay.

IPv4 multicast underlay with PIM ASM

IPv4 multicast underlay with Protocol Independent Multicast - Any-Source Multicast (PIM ASM) is an IPv4 multicast-enabled physical network (underlay), typically running PIM ASM, to efficiently handle BUM traffic by forwarding a single copy of a BUM packet to a multicast group that all relevant VTEPs have joined.

For more information on IPv4 multicast underlay with PIM ASM, see Multicast Routing in the VXLAN Underlay.

VXLAN uplinks

VXLAN uplinks are physical or port-channel Layer 3 interfaces on a VTEP (typically a leaf switch) that connect to the underlay network (typically spine switches) and carry the encapsulated VXLAN traffic.

VXLAN counters

VXLAN counters is a statistical counters maintained by a network device to track the volume of VXLAN traffic, including encapsulated and decapsulated packets and bytes, used for monitoring, performance analysis, and troubleshooting.

Underlay ECMP and Overlay ECMP (L3)

Underlay ECMP refers to the use of multiple equal-cost paths in the physical network to load-balance traffic between VTEPs, while Overlay ECMP is a BGP EVPN feature that enables load-balancing of traffic across multiple remote VTEPs that are advertising reachability to the same destination prefix.

For more information on Underlay ECMP and Overlay ECMP, see Configure the Underlay.

VXLAN NGOAM

VXLAN NGOAM refers to a suite of tools and protocols designed for proactive monitoring and troubleshooting of VXLAN overlay networks, such as traceroute and ping for overlay paths.

For more information on VXLAN NGOAM, see VXLAN OAM or VXLAN NGOAM.

Multicast underlay BUD node

Multicast underlay Bridge and Drop (BUD) node is a device in a multicast underlay that is not a VTEP for a given VNI but is on the multicast tree path, which forwards the VXLAN multicast traffic without decapsulating it.

For more information on Multicast underlay BUD node, see Configure Bud Node.

DSVNI

VXLAN EVPN with downstream VNI provides the following solutions:

  • Enables asymmetric VNI communication across nodes in a VXLAN EVPN network

  • Provides customers access to a common shared service outside of their domain (tenant VRF)

  • Supports communication between isolated VXLAN EVPN sites that have different sets of VNIs

For more information on DSVNI and route leak, see Configure VXLAN BGP EVPN.

IGMP snooping

Internet Group Management Protocol (IGMP) snooping is a feature applied within a VXLAN overlay that allows a VTEP to monitor IGMP messages from hosts, learn which hosts are interested in specific multicast groups, and prune multicast traffic to only forward it to VTEPs with interested receivers.

For more information on IGMP snooping, see Optimized Layer 2 Overlay Multicast.

ARP suppression

Address Resolution Protocol (ARP) suppression is an efficiency feature in VXLAN EVPN where a VTEP intercepts ARP requests and, if it already knows the MAC-to-IP binding from the BGP control plane, responds directly to the host, thereby suppressing (preventing) the ARP request from being flooded across the entire VXLAN segment.

For more information on ARP suppression, see Configure VXLAN BGP EVPN.

TRMv4 L3 mode

Tenant Routed Multicast for IPv4 (TRMv4) L3 mode is a mode of TRM for IPv4 that enables efficient and scalable multicast forwarding across different subnets (VNIs) within a VXLAN EVPN fabric using a Layer 3 overlay.

For more information on TRMv4 L3 mode, see Configure Tenant Routed Multicast.

BGW advertisement

The advertise-pip is a BGP EVPN command used on Border Gateways (BGWs) in a multi-site deployment to advertise the BGW's Primary IP (PIP) as the next-hop for routes learned from other sites, ensuring symmetric traffic flows for stateful services.

For more information on advertise-pip , see Configure vPC Multi-Homing.

BGW advertise using PIP towards fabric and DCI

BGW advertise using PIP towards fabric and Data Center Interconnect (DCI) is a specific BGW behavior in a multi-site architecture where the PIP is advertised as the next-hop for external routes both internally towards the local fabric and externally towards the DCI.

For more information on fabric-advertise-pip l3 , see the Advertise Using PIP Towards Fabric section

VXLAN feature guidelines

This section outlines feature support, guidelines, and limitations for VXLAN functionalities on Cisco N9324C-SE1U, Cisco N9348Y2C6D-SE1U switches.

Table 1. Supported features and releases with limitations

Features

Note

Release

VXLAN BGP EVPN

10.6(1s)

VXLAN L2VNI and L3VNI

VLAN based L3VNI configuration is deprecated. Only vni vnid l3 command is supported.

For information on L3VNI, see Configure New L3VNI Mode.

10.6(1s)

VXLAN BGP EVPN Multi-Site Anycast Border Gateway

10.6(1s)

VXLAN BGP EVPN Border Spine

10.6(1s)

Standalone, vPC, and vPC fabric peering

Supported as leaf or border leaf

10.6(1s)

Distributed Anycast Gateway

This feature is supported with fabric forwarding anycast-mode command. This configuration is supported with the following combination of configuration

  • On VXLAN-VLAN only

  • With SVI configured or up on such VXLAN-VLAN

  • With global Fabric Anycast MAC configuration in system

10.6(1s)

DHCP Relay

10.6(1s)

IPv4 and IPv6 unicast overlay traffic

10.6(1s)

BUM traffic

  • IPv4 unicast underlay (IR)

  • IPv4 multicast underlay with PIM ASM

 Fabric and DCI

10.6(1s)

VXLAN uplinks

  • Only Ethernet and Port-channel routed interfaces are supported as uplinks

  • SVI or L3-subinterfaces as uplinks are not supported

10.6(1s)

VXLAN counters

  • VXLAN peer-based total packet/byte counters are supported

  • VNI based total packet and byte counters are supported

  • Peer counters or per-peer-per-vni counters are not supported

10.6(1s)

Underlay ECMP and Overlay ECMP (L3)

10.6(1s)

VXLAN NGOAM

VTEP and Host reachability are supported.

10.6(1s)

Multicast underlay BUD node

-

10.6(1s)

DSVNI

-

10.6(1s)

IGMP snooping

Not supported for Anycast BGW

10.6(1s)

ARP Suppression

10.6(1s)

TRMv4 L3 Mode

  • IPv4 unicast underlay (IR)

  • IPv4 multicast underlay with PIM ASM

  • Fabric: Only multicast underlay is supported

  • DCI: IR and multicast underlay are supported

10.6(1s)

advertise-pip

For more information on advertise-pip command, see Configure vPC Multi-Homing.

10.6(1s)

BGW advertise using PIP towards fabric and DCI

fabric-advertise-pip l3 command. For more information on advertise PIP, see the Advertise Using PIP Towards Fabric section

dci-advertise-pip

10.6(1s)

VXLAN unsupported features

These VXLAN functionalities are not supported on Cisco N9324C-SE1U, Cisco N9348Y2C6D-SE1U switches.

  • Core fabric and underlay design features: VXLAN flood and learn, VXLAN static tunnels, RFC 5549 underlay, VXLAN IPv6 underlay, IPv6 unicast or IR underlay (fabric), and IPv6 Multicast underlay and Multicast underlay with PIM BIDIR (fabric).

  • Overlay routing and multi-homing features: ESI-RX or VXLAN ESI multi-homing, Proportional ECMP (Mixed path), and VXLAN Traffic Engineering (TE)

  • Multi-Site and DCI features: vPC multi-site BGW, IPv6 IR underlay (DCI), EVPN multi-site storm control, CloudSec, and VXLAN to SR/MPLS handoff.

  • Advanced multicast handling features: Multicast Listener Discovery (MLD) snooping, Neighbor Discovery (ND) suppression, and TRMv6, TRM L2 mode and TRM mixed mode, and TRM data MDT.

  • Security features: First-Hop Security (FHS), ACL on VXLAN, Security Group ACL (SGACL), and Null route or Static remote MAC

  • Overlay services & integrations features: VNF (gateway IP), VXLAN Policy-Based Routing (PBR), VXLAN Quality of Service (QoS) policy, and VXLAN distributed NAT support.

  • Access and host connectivity features: VXLAN access features: A general category for features applied at the host-facing edge of the fabric such as Private VLAN (PVLAN), 802.1x, Multitag, Cross Connect, Port security, Port VLAN translation, QinVNI, Selective QinVNI, and Layer 2 Protocol Tunneling (L2PT), and Fabric Extender (FEX)

  • Operations, Administration, & Maintenance (OAM) features: Separate counters for broadcast, multicast, and unicast traffic and Southbound loop detection

Support and unsupported features of TRMv4

  • Beginning with Cisco NX-OS Release 10.6(1s), Cisco N9324C-SE1U, Cisco N9348Y2C6D-SE1U switches supports TRMv4 on vPC leaf, vPC fabric peering leaf, Anycast BGW, and standalone leaf.

  • Beginning with Cisco NX-OS Release 10.6(1s), Cisco N9324C-SE1U, Cisco N9348Y2C6D-SE1U switches supports TRMv4 L3 on vPC leaf, vPC fabric peering leaf, Anycast BGW, and standalone leaf.

    Supported features are:

    • TRMv4,

    • Ingress Replication between DCI peers across the core,

    • Multicast underlay for fabric peers, and

    • VLAN based L3VNI configuration is deprecated. Only vni vnid l3 command is supported.

    Unsupported features are:

    • TRMv6 and

    • Data MDT.