The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
VXLANs have the following prerequisites:
All interconnecting switches and routers between the Windows hosts must have their supported maximum transmission unit (MTU) set to at least 50 bytes larger than the MTU of the Virtual Machines (VMs). For example, the VMs default to using a 1500 byte MTU (same as the uplinks and physical devices), so you must set them to at least 1550 bytes. If this configuration is not possible, you should lower all VM vNICs MTU to 50 bytes smaller than what the physical network supports, such as 1450 bytes. For more information, see the Cisco Nexus 1000V Port Profile Configuration Guide.
All physical uplinks that are part of the NetSwitchTeam (created as part of the Nexus 1000V Logical Switch) on the host must have the same MTU set to at least 50 bytes larger than the MTU of the VMs.
If the Cisco Nexus 1000V is using a port channel for its uplinks, you should set the load distribution algorithm to a 5-tuple hash (IP/Layer 4/Layer 4 ports). Use the same setting for any port channels on the physical switches. For more information, see the Cisco Nexus 1000V Interface Configuration Guide.
VXLAN uses MAC in user datagram protocol (MAC-in-UDP) destination port 4789. You must permit this port through any intermediate firewall.
VXLAN has the following configuration guidelines and limitations:
VMs brought up behind VEMs cannot use the VTEP transport VLAN. This is because VTEP VLANs are isolated and reserved for VXLAN traffic only.
VXLAN range configuration, using the nsm vxlan range start-segmentID end-segmentID command, must be completed before any VXLAN Network Segmentation Manager configuration on the VSM can be done. This means that any VXLAN network segment pool configuration or VXLAN VM network configuration using Microsoft SCVMM cannot be done until the VXLAN range has been configured.
VXLAN network segments are created on VSMs using Microsoft SCVMM.
The following table lists the default settings for VXLAN parameters.
Parameter |
Default |
---|---|
Feature Segmentation |
Enabled |
Configuring VXLANs
Enter the show system vem feature level command to confirm that the feature level is 5.2(1)SM3(1.1) or a later release. If the feature level is not or 5.2(1)SM3(1.1) or a later release, see the Cisco Nexus 1000V Installation and Upgrade Guide.
The following table lists the initial Network Segmentation Manager (NSM) configuration tasks that are performed on the VSM.
VXLAN Configuration Tasks |
For more information... |
||
---|---|---|---|
1. Configure the VXLAN range for the network segment IDs. |
|||
2. Configure a logical network for VLAN and VXLAN. |
|||
3. Create a VXLAN network segment pool that specifies the multicast group to be used for the VXLAN multicast mode. |
|||
4. Create a VLAN network segment pool for the VXLAN transport VLAN. |
|||
5. Configure the VTEP vEthernet port profile policy. |
|||
6. (Optional) Configure the Ethernet port profile policy to be used in the network uplink.
|
|||
7. Configure the network segment for the transport VLAN. |
|||
8. Configure the network uplink which allows the VXLAN network segment pool and the VXLAN transport VLAN network segment pool. |
Note | After the configuration tasks have been completed, perform a refresh on the Network Service Switch Extension using Microsoft SCVMM. For more information, see the Cisco Nexus 1000V for Microsoft Hyper-V Installation and Upgrade Guide. |
You can configure a VXLAN range on the VSM.
This example shows how to configure a VXLAN range of 4096-1000000:
switch# configure terminal switch(config)# nsm vxlan range 4096 1000000 switch(config)# show nsm vxlan range NSM VXlan start range: 4096 NSM VXlan end range: 1000000
You can create a logical network for a VLAN and VXLAN.
This example shows how to create logical networks named VXLAN and VLAN. Use the show nsm logical network command to display the configuration details of the logical networks.
switch# configure terminal switch(config)# nsm logical network VLAN switch(config-logical-net)# description Logical network for VLAN switch(config)# nsm logical network VXLAN switch(config-logical-net)# description Logical network for VXLAN switch(config-logical-net)# exit switch(config)# show running-config nsm logical network VLAN guid caa52ba2-1e5a-4fec-bac2-a75e57c9f6c8 mode isolated nsm logical network VXLAN guid 170fee0b-c10e-465e-984c-fffed3ab87d9 mode isolated switch(config)# show nsm logical network Name: VLAN Description: GUID: caa52ba2-1e5a-4fec-bac2-a75e57c9f6c8 HNV Tenant VRF count: 0 Network segment pool count: 1 AreLogicalNetworkDefinitionsIsolated: true Publish-name: VLAN Name: VXLAN Description: GUID: 170fee0b-c10e-465e-984c-fffed3ab87d9 HNV Tenant VRF count: 0 Network segment pool count: 1 GUID: 170fee0b-c10e-465e-984c-fffed3ab87d9 AreLogicalNetworkDefinitionsIsolated: true Publish-name: VXLAN
You can create a network segment pool for a VXLAN.
This example shows how to configure a network segment pool named vxlan-pool assigned to the logical network named VXLAN. Use the show nsm network segment pool to view the configuration.
switch# configure terminal switch(config)# nsm network segment pool vxlan-pool switch(config-net-seg-pool)# member-of logical network VXLAN switch(config-net-seg-pool)# segment-type vxlan switch(config-net-seg-pool)# multicast-ip 234.1.1.2 switch(config-net-seg-pool)# exit switch(config)# show running-config nsm network segment pool vxlan-pool guid 4423bc2d-707e-449c-8ca7-edf6124233c7 segment-type vxlan member-of logical network VXLAN multicast-ip 234.1.1.2 switch(config)# show nsm network segment pool Name: vxlan-pool GUID: 4423bc2d-707e-449c-8ca7-edf6124233c7 Multicast-ip: 234.1.1.2 Logical network Name: VXLAN Logical network GUID: 170fee0b-c10e-465e-984c-fffed3ab87d9 Segment type: VXLAN Publish-name: vxlan-pool
After creating a network segment pool for the VXLAN, use the same commands to create a network segment pool for the VXLAN transport VLAN. Use the following steps to create the segment pool for the VXLAN transport VLAN.
Complete the following steps to configure a VTEP vEthernet port profile policy.
This example shows how to create a vEthernet port profile policy named vtep-policy:
switch# configure terminal switch(config)# port-profile vtep-policy switch(config-port-prof)# capability vxlan switch(config-port-prof)# no shutdown switch(config-port-prof)# state enabled switch(config-port-prof)# publish port-profile switch(config)# show running-config port-profile vtep-policy port-profile type vethernet vtep-policy capability vxlan no shutdown guid cb950b7c-7e41-4d84-a7d4-dc53cf60ce5c state enabled publish port-profile
Note | Perform this task only if a port profile policy does not exist for the network uplink. |
switch# configure terminal switch(config)# port-profile type ethernet vpc-mac switch(config-port-prof)# channel-group auto mode on mac-pinning switch(config-port-prof)# state enabled switch(config-port-prof)# no shutdown switch(config-port-prof)# exit switch(config)# show running-config port-profile vpc-mac port-profile type ethernet vpc-mac channel-group auto mode on mac-pinning no shutdown guid 371036b5-7e82-4faf-aad4-09c0d2da2c7e max-ports 512 state enabled
You can configure a VXLAN network segment pool that specifies the segment type and the multicast group.
This examples shows how to configure a network segment named vlan2165 and associate it to the network segment pool named transport-pool.
switch# configure terminal switch(config)# nsm network segment type vethernet vlan2165 switch(config-port-prof)# switchport access vlan2165 switch(config-port-prof)# member-of network segment pool transport-pool switch(config-port-prof)# publish network segment switch(config)# show running-config nsm network segment type vethernet vlan2165 guid a7146c85-94d7-4a9e-b91e-a9d5141daa4b switchport access vlan 2165 member-of Tenant VRF vlan2165 member-of network segment pool VLAN publish network segment
The network uplink is a combination of an Ethernet port profile and one or more network segment pools. When applied to the physical adapter on a server, the network uplink defines the policy and the VLANs that are allowed on the physical adapter.
Thhis examples shows how to create a new network uplink named up-pp, how to import a port profile named vpc-mac that gives the policy for the uplink, how to associate the network uplink to the transport and VXLAN network segment pool, and publish the network uplink. Use the show nsm network uplink name <name> command to view the network uplink configuration.
switch(config)# configure terminal switch(config)# nsm network uplink up-pp switch(config-uplink-net)# import port-profile UplinkNoPortChannel switch(config-uplink-net)# allow network segment pool transport-pool switch(config-uplink-net)# allow network segment pool vxlan-pool switch(config-uplink-net)# publish network uplink up-pp switch(config-uplink-net)# exit switch# show nsm network uplink name up-pp uplink network: up-pp Publish-name: up-pp import port-profile: vpc-mac network segment pool: transport-pool vxlan-pool System Uplink-Network: FALSE Switchport mode override: auto Native network segment: port-profile config: switchport mode trunk switchport trunk allowed vlan 1992,2165 switch# show running-config nsm network uplink up-pp import port-profile vpc-mac allow network segment pool transport-pool allow network segment pool vxlan-pool publish network uplink
The following table lists the configuration tasks that are performed using Microsoft SCVMM and the tasks used to verify the configurations. These tasks should be done after the Network Segmentation Manager (NSM) VXLAN configuration tasks on the VSM have been completed. For more information, see NSM VXLAN Configurations on the VSM.
VXLAN Configuration Tasks Using SCVMM |
Verification Tasks |
---|---|
Verifying the VXLAN Network Segment VSM and VTEP Configuration on the Hosts |
|
Verifying the VXLAN Network Segment VSM and VTEP Configuration on the Hosts |
|
Verifying VXLAN Bridge Domain Creation on the VM Network Connection |
|
Other Tasks |
|
— |
The following procedure describes how to create a VXLAN VTEP using Microsoft SCVMM.
The VMM administrator must create a new hostvnic (vmknic) on each Windows host and assign the previously created VXLAN transport VLAN network segment and VTEP vethernet policy port-profile to this hostvnic. IP address and netmask should be assigned to the hostvnic. This IP address will be used for VXLAN packet encapsulation. Use the vemcmd show vxlan interfaces command on the VEM to check for the VTEPs added to each host.
Step 1 | Launch the SCVMM. | ||||||||||||||
Step 2 | From the VMs and Services pane, expand the All Hosts folder, and right-click the host where you want to create the VTEP. | ||||||||||||||
Step 3 | From the drop-down list, select Properties. | ||||||||||||||
Step 4 | In the host Properties screen, select Virtual Switches. | ||||||||||||||
Step 5 | In the Virtual Switches screen, click New Virtual Network Adapter. | ||||||||||||||
Step 6 | In the New
Virtual Network Adapter screen, provide the information as described in the
following table:
| ||||||||||||||
Step 7 | Click OK. |
The following procedure describes how to configure a VM Network using Microsoft SCVMM.
Step 1 | Launch the SCVMM. | ||||||||||||||
Step 2 | From the VMs and Services pane, right-click VM Networks, and choose Create VM Network. | ||||||||||||||
Step 3 | In the Create VM
Network wizard, provide the information as described in the following table:
|
You can verify the VXLAN configuration information using the following commands on the VSM and VEM.
Command |
Purpose |
---|---|
VSM | |
show nsm network segment brief |
Displays tabular information of all network segments on the VSM. |
show nsm network segment name VXLAN-network_segment_name |
Displays all information about the network segment. |
show interface virtual |
Displays the virtual interface attached to the VSM. |
show running-config interface vethethernet 1 |
Displays virtual interface configuration. |
VEM | |
vemcmd show vxlan interfaces |
Displays VXLAN interfaces on the VEM. |
This example shows how to verify the configuration on the VSM.
switch# show interface virtual ------------------------------------------------------------------------------- Port Adapter Owner Mod Host ------------------------------------------------------------------------------- Veth4 vtep103-01 3 SRV-103 Veth5 vtep106-01 4 SRV-106 switch# show running-config interface vethernet 4 interface Vethernet4 inherit port-profile dynpp_7a3451dc-47d3-4c7e-9af4-120224c2c9a1_f25f369d-2a33-44f2-b4a9-d4c19c073446 description vtep103-01 dvport uuid "E48E9E3A-2C69-4C5B-83AD-0EFAEECF9DF7" switch# show running-config port-profile dynpp_7a3451dc-47d3-4c7e-9af4-120224c2c9a1_f25f369d-2a33-44f2-b4a9-d4c19c073446 port-profile type vethernet dynpp_7a3451dc-47d3-4c7e-9af4-120224c2c9a1_f25f369d-2a33-44f2-b4a9-d4c19c073446 inherit port-profile vtep-policy switchport mode access switchport access vlan 2165 guid 7027300b-c746-4c2e-83f6-7e782f33726d description NSM created profile. Do not modify or delete this profile. state enabled interface Vethernet4 inherit port-profile dynpp_7a3451dc-47d3-4c7e-9af4-120224c2c9a1_f25f369d-2a33-44f2-b4a9-d4c19c073446 interface Vethernet5 inherit port-profile dynpp_7a3451dc-47d3-4c7e-9af4-120224c2c9a1_f25f369d-2a33-44f2-b4a9-d4c19c073446 switch# show running-config interface vethernet 4 expand-port-profile interface Vethernet4 description vtep103-01 switchport access vlan 2165 capability vxlan dvport uuid "E48E9E3A-2C69-4C5B-83AD-0EFAEECF9DF7" no shutdown
This example shows how to verify the configuration on the VEM.
PS C:\Program Files (x86)\Cisco\Nexus1000V> .\VemCmd.exe show vxlan interfaces LTL IP Seconds since Last IGMP Query Received (* Interface on which IGMP Joins are sent) ------------------------------------------ 51 194.1.1.162 2 *
The following procedure describes how to connect a VM to the VM network with the vEthernet port profile policy using Microsoft SCVMM.
Step 1 | Launch the SCVMM. | ||||||||||
Step 2 | From the VMs and Services pane, right-click the VM that you previously created. This is the VM where the network adapter needs to be mapped to the VM network. | ||||||||||
Step 3 | From the drop-down list, select Properties. | ||||||||||
Step 4 | In the host Properties screen, select Hardware Configuration. | ||||||||||
Step 5 | In the Hardware Configuration screen, click the network adapter to be mapped to the VXLAN. | ||||||||||
Step 6 | In the Network
Adapter screen, do the following:
| ||||||||||
Step 7 | Click OK. |
You can verify the creation of the VXLAN bridge domain when the VM is connected to the VXLAN VM network on Microsoft SCVMM.
Command |
Purpose |
---|---|
show bridge-domain brief |
Displays a tabular list of information about the bridge domain. |
show bridge-domain summary |
Displays how many bridge domains exist. |
show bridge-domain VXLAN-bridge-domain-name |
Display information about the bridge domain. |
show running-config interface vEthernet-name |
Displays the interface configuration. |
show running-config port-profile dynamic-pp-name |
Displays the port profile configuration. |
This example shows how to verify the bridge domain configuration.
switch# show bridge-domain brief switch# show bridge-domain brief Bridge-domain Status Ports --------------------------------- vxlan_95037 active Veth1, Veth2, Veth6, Veth7 switch# show bridge-domain summary Number of existing bridge-domains: 19 switch# show bridge-domain vxlan_652577 Bridge-domain vxlan_652577 (1 ports in all) Segment ID: 652577 (Manual/Active) Group IP: 230.1.2.1 State: UP Mac learning: Enabled Veth3 switch# show running-config interface vethernet 37 interface Vethernet37 inherit port-profile dynpp_667de954-fcf1-4c94-b769- 7f8009822efc_c9438a49-dd40-4fae-8747-3268330831d0 description VM, Network Adapter dvport uuid "08cebaf0-63d8-44b7-8ed3-fd475bf8956e--55f222fd-e0dd-4609-962b-167daac6b1a3" switch# show running-config port-profile dynpp port-profile dynpp _667de954-fcf1-4c94-b769- 7f8009822efc_c9438a49-dd40-4fae-8747-3268330831d0 port-profile type vethernet dynpp_667de954-fcf1-4c94-b769-7f8009822efc_c9438a49-dd40-4fae-8747-3268330831d0 inherit port-profile veth-nopolicy switchport mode access switchport access bridge-domain "vxlan_652577" guid 6f1bf769-2efc-4946-b06b-655ec6548b87 description NSM created profile. Do not modify or delete this profile. state enabled interface Vethernet3 inherit port-profile dynpp_667de954-fcf1-4c94-b769-7f8009822efc_c9438a49-dd40-4fae-8747-3268330831d0
The following procedure describes how to create an IP Pool for a VXLAN network segment using Microsoft SCVMM.
Step 1 | Launch the SCVMM. | ||||||||||||||
Step 2 | From the VMs and Services pane, select VM Networks, and right-click the VXLAN VM network where you want to create the IP pool. | ||||||||||||||
Step 3 | From the drop-down list, select Create IP Pool. | ||||||||||||||
Step 4 | In the Create
Static IP Address Pool wizard, provide the information as described in the
following table:
|
You can display the IP pool configuration information.
Command |
Purpose |
---|---|
show network segment name VXLAN-network-segment |
Displays information about the network segment. |
show nsm ip pool template |
Displays the IP pool template used. |
This example shows how to configure a VXLAN network segment named vxlan-1_c9438a49-dd40-4fae-8747-3268330831d0 and the IP pool template named vxlan-1-ippool.
switch# show nsm network segment name vxlan-1_c9438a49-dd40-4fae-8747-3268330831d0 Name: vxlan-1_c9438a49-dd40-4fae-8747-3268330831d0 Tenant VRF Name: vxlan-1_5e452062-d006-45b4-91fd-d74941f63adc Tenant VRF GUID: 5e452062-d006-45b4-91fd-d74941f63adc Type: Vethernet GUID: c9438a49-dd40-4fae-8747-3268330831d0 DHCP: Disabled Address family: IPv4 Network segment pool: Donald-VX1 Network segment pool guid: 7b64bad5-8426-46d2-b933-b5347f57d35f Intra Port Communication: Enabled Isolation type: vxlan Segment ID: 652577 Vlan: 0 System Network Segment: FALSE ip pool template: vxlan-1-ippool ip pool template GUID: 7e00b2af-567b-41e6-acad-2cc720d4973d ipsubnet: 170.1.0.0/16 ipsubnet GUID: 99530281-5973-49ae-b422-be762c7bf426 Publish-name: vxlan-1 switch# show nsm ip pool template Name: vxlan-1-ippool Description: Address family: IPv4 IP-address-range: 170.1.0.1-170.1.255.254 Network: 170.1.0.0/16 Subnet mask: 255.255.0.0 Default router: Netbios: Disabled Reserved-ip-list: Netbios-name-server-list: DNS-server-list: DNS-suffix-list:
You can delete a VXLAN VM network.
Note | You can only delete a VM network if there are no network adapters mapped to it. |
Feature Name |
Releases |
Feature Information |
---|---|---|
VXLAN Configuration |
5.2(1)SM3(1.1) |
Feature introduced. |