Configuring VXLAN


This chapter describes how to configure the Virtual Extensible Local Area Network (VXLAN).

This chapter includes the following topics:

Information About VXLAN

Prerequisites for VXLAN

Default Settings

Configuring VXLAN

Verifying VXLAN Configuration

Feature History for VXLAN

Information About VXLAN

For detailed information about VXLAN, see Chapter 1 "Overview".

Prerequisites for VXLAN

VXLAN has the following prerequisites:

The Cisco Nexus 1000V uplink port profiles and all interconnecting switches/routers in between the ESX hosts must have their supported MTU set to at least 50 bytes larger than the MTU of the VMs. For example, the VMs default to using a 1500 byte MTU (same as the uplinks and physical devices), so in this case they must be set to at least 1550 bytes. If this isn't possible, then all VM's VNICs should have their MTU lowered to be 50 bytes smaller than what the physical network supports, for example 1450 bytes. For more information, see the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1).

If the Cisco Nexus 1000V is using a port channel for its uplinks, then the load distribution algorithm should be set to use a 5-tuple hash (IP/L4/L4 Ports). The same should be used for any port channels on the physical switches. For more information, see the Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV1(5.1).

If VEMs requiring VXLAN connectivity are separated by a router

Proxy ARP must be enabled on the SVIs connected to the Cisco Nexus 1000V's VXLAN transport VLANs (the ones the "capability vxlan" port profiles are connected to).

Multicast routing must be enabled on the routers.

VXLAN makes use of MAC in IP (UDP) with a destination port of 8472. You must allow this through any firewall.

Your upstream switch, from the VEMs of the Cisco Nexus 1000V, needs to provide an IGMP querier function.

Default Settings

Table 2-1 lists the default settings for VXLAN parameters.

Table 2-1 Default VXLAN Parameters 

Parameters
Default

VXLAN

Disabled


Configuring VXLAN

This section includes the following topics:

Initial Enabling of VXLANs

Creating a VXLAN

Creating a Port Profile Configured to Use a VXLAN

Removing Ports from a VXLAN

Deleting a VXLAN

Disabling Segmentation

Initial Enabling of VXLANs

To enable a VXLAN, you must to perform the following two procedures when first configuring VXLAN.

Configuring vmknics for VXLAN Encapsulation

Enabling VXLANs

Configuring vmknics for VXLAN Encapsulation

You can configure vmknics for VXLAN encapsulation by running the following procedure.

BEFORE YOU BEGIN

Identify a VLAN to be used for transporting VXLAN encapsulated traffic.

Ensure it is configured on the uplink port profile for all VEMs on which VXLAN can be configured.

SUMMARY STEPS

1. configure terminal

2. port-profile profilename

3. vmware port-group name

4. switchport mode access

5. switchport access vlan id

6. capability vxlan

7. no shutdown

8. state enabled

9. show port-profile name profilename

10. copy running-config startup-config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

port-profile profilename

Example:

switch(config)# port-profile vmknic-pp

switch(config-port-prof)

Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

profilename—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.

Note If a port profile is configured as an Ethernet type, it cannot be used to configure VMware virtual ports.

Step 3 

vmware port-group name

Example:

switch(config-port-prof)# vmware port-group

switch(config-port-prof)#

Designates the port profile as a VMware port group.

The port profile is mapped to a VMware port group of the same name unless you specify a name here. When you connect the VSM to vCenter Server, the port group is distributed to the virtual switch on the vCenter Server.

Step 4 

switchport mode access

Example:

switch(config-port-prof)# switchport mode access

switch(config-port-prof)#

Designates the interfaces as switch access ports (the default).

Step 5 

switchport access vlan id

Example:

switch(config-port-prof)# switchport access vlan 100

switch(config-port-prof)

Assigns a VLAN ID to this port profile.

Step 6 

capability vxlan

Example:

switch(config-port-prof)# capability vxlan

switch(config-port-prof)

Assigns the VXLAN capability to the port profile to ensure that the interfaces that inherit this port profile are used as sources for VXLAN encapsulated traffic.

Step 7 

no shutdown

Example:

switch(config-port-prof)# no shutdown

switch(config-port-prof)

Administratively enables all ports in the profile.

Step 8 

state enabled

Example:

switch(config-port-prof)# state enabled

switch(config-port-prof)

Sets the operational state of a port profile.

Step 9 

show port-profile name profilename

Example:

switch# show port-profile vmknic-pp

(Optional) Displays the port profile configuration.

Step 10 

copy running-config startup-config

Example:

switch# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

What to Do Next

The vSphere administrator must create a new vmknic on each ESX/ESXi host and assign the previously created port profile to this vmknic.

Enabling VXLANs

You can enable VXLANs by performing the following procedure.

BEFORE YOU BEGIN

Enter the show system vem feature level command to confirm that the feature level is 4.2(1)SV1(5.1) or later. If the feature level is not 4.2(1)SV1(5.1) or later, see the Cisco Nexus 1000V Software Upgrade Guide, Release 4.2(1)SV1(5.1).

SUMMARY STEPS

1. configure terminal

2. feature segmentation

3. show feature | grep segmentation

4. show processes | grep seg_bd

5. copy running-config startup-config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

feature segmentation

Example:

switch(config)# feature segmentation

switch(config)

Enables the VXLAN feature.

Step 3 

show feature | grep segmentation

Example:

switch# show feature | grep segmentation

(Optional) Displays if the VXLAN feature is enabled.

Step 4 

show processes | grep seg_bd

Example:

switch# show processes | grep seg_bd

(Optional) Displays if the VXLAN process is running.

Step 5 

copy running-config startup-config

Example:

switch# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

EXAMPLES

The following example shows enabling the segmentation feature.

n1000v# configure terminal 
n1000V(config)# feature segmentation 
n1000v(config)# show feature | grep segmentation 
network-segmentation 1 disabled 
segmentation         1 enabled 
n1000v(config)# show processes | grep seg_bd 
4166    S  b7de9468            1      - seg_bd
n1000v(config)# copy running-config startup-config 

Creating a VXLAN

You can create a VXLAN by running the following procedure.

RESTRICTIONS

You are limited to creating a combination of 2048 VXLANs and VLANs.

SUMMARY STEPS

1. configure terminal

2. bridge-domain name-string

3. segment id [number]

4. group ipaddr

5. show bridge-domain name-string

6. copy running-config startup-config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

bridge domain name-string

Example:

switch(config)# bridge-domain tenant-red

switch(config-bd)#

Creates a VXLAN and associates an identifying name to it.

Step 3 

segment id [number]

Example:

switch(config-bd)# segment id 20480

switch(config-bd)#

Specifies the VXLAN Segment ID. Only one Bridge Domain can use a particular segment id value.

Valid values are 4096 to 16777215. (1 - 4095 are reserved for VLANs.)

Step 4 

group ipaddr

Example:

switch(config-bd)# group 239.1.1.1

switch(config-bd)#

Associates the multicast group for broadcasts and floods.

Note Reserved multicast addresses are not allowed.

Step 5 

show bridge-domain name-string

Example:

switch# show bridge-domain tenant-red

switch(config-bd)#

(Optional)

Step 6 

copy running-config startup-config

Example:

switch(config-bd)#

copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Creating a Port Profile Configured to Use a VXLAN

You can create a port profile that is configured to use a VXLAN.

RESTRICTIONS

Alternatively, you can associate ports with a bridge domain by modifying the configuration of an existing vEthernet port profile to use VXLANs instead of VLANs. To do so, enter the switchport access bridge-domain name command on a profile with switchport mode access configured.

SUMMARY STEPS

1. configure terminal

2. port-profile profilename

3. vmware port-group name

4. switchport mode access

5. switchport access bridge-domain name-string

6. no shutdown

7. state enabled

8. show port-profile name profilename

9. show running-config bridge-domain

10. copy running-config startup-config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

port-profile profilename

Example:

switch(config)# port-profile tenant-profile

switch(config-port-prof)

Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

profilename—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.

Note If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

Step 3 

vmware port-group name

Example:

switch(config-port-prof)# vmware port-group

switch(config-port-prof)#

Designates the port profile as a VMware port group.

The port profile is mapped to a VMware port group of the same name unless you specify a name here. When you connect the VSM to vCenter Server, the port group is distributed to the virtual switch on the vCenter Server.

Step 4 

switchport mode access

Example:

switch(config-port-prof)# switchport mode access

switch(config-port-prof)

Designates the interfaces as switch access ports (the default).

Step 5 

switchport access bridge-domain name-string

Example:

switch(config-port-prof)# switchport access bridge-domain tenant-red

switch(config-port-prof)

Assigns a VXLAN bridge domain to this port profile.

Step 6 

no shutdown

Example:

switch(config-port-prof)# no shutdown

switch(config-port-prof)#

Administratively enables all ports in the profile.

Step 7 

state enabled

Example:

switch(config-port-prof)# state enabled

switch(config-port-prof)

Sets the operational state of a port profile.

Step 8 

show port-profile name profilename

Example:

switch(config-port-prof) # show port-profile name tenant-profile

(Optional) Displays the configuration of a port profile.

Step 9 

show running-config bridge-domain

Example:

switch(config-port-prof) # show running-config bridge-domain

(Optional) Displays the segmentation configuration.

Step 10 

copy running-config startup-config

Example:

switch# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Removing Ports from a VXLAN

You can remove ports from a VXLAN by executing the following procedure.

RESTRICTIONS

Executing this procedure moves the ports to the default VLAN.

SUMMARY STEPS

1. configure terminal

2. port-profile name

3. no switchport access bridge-domain

4. show port-profile usage

5. show bridge-domain name

6. copy running-config startup-config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

port-profile name

Example:

switch(config)# port-profile tenant-profile

switch(config-port-prof)

Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.

Note If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

Step 3 

no switchport access bridge-domain

Example:

switch(config-port-prof)# no switchport access bridge-domain tenant-red

switch(config-port-prof)

Removes the VXLAN bridge domain from this port profile.

Step 4 

show port-profile usage

Example:

switch# show port-profile usage

(Optional) Displays a list of interfaces that inherited a port profile.

Step 5 

show bridge-domain

Example:

switch# show bridge-domain

(Optional) Displays all bridge domains.

Step 6 

copy running-config startup-config

Example:

switch# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Deleting a VXLAN

You can delete a VXLAN domain by executing the following procedure.

RESTRICTIONS

Deleting an existing bridge domain with ports on it moves all the ports to a down state. Traffic stops flowing.

SUMMARY STEPS

1. configure terminal

2. no bridge-domain name-string

3. show bridge-domain

4. copy running-config startup-config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

no bridge-domain name-string

Example:

switch(config)# no bridge-domain group-red

switch(config-bd)

Deletes a VXLAN.

Step 3 

show bridge-domain

Example:

switch# show bridge-domain

(Optional) Displays all bridge domains.

Step 4 

copy running-config startup-config

Example:

switch# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Disabling Segmentation

You can disable segmentation by executing the following procedure.

SUMMARY STEPS

1. configure terminal

2. show bridge-domain

3. show running-config port-profile

4. port-profile name

5. no switchport access bridge-domain name-string

6. show port-profile usage

7. show bridge-domain name

8. no feature segmentation

9. show processes | grep seg_bd

10. copy running-config startup-config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

show bridge-domain

Example:

switch(config)# show bridge-domain

switch(config)#

Displays all bridge domains.

Note You must identify all bridge domains with non-zero port counts.

Step 3 

show running-config port-profile

Example:

switch(config)# show running port-profile

Displays the running configuration for all port-profiles.

Note You must use this command to identify which port profiles have bridge domains identified in Step 2 configured.

Step 4 

port-profile name

Example:

switch(config)# port-profile tenant-profile

switch(config-port-prof)

Names the port profile and enters port profile configuration mode. If the port profile does not already exist, it is created using the following characteristics:

name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.

Note If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

Step 5 

no switchport access bridge-domain name-string

Example:

switch(config-port-prof)# no switchport access bridge-domain tenant-red

switch(config-port-prof)

Removes the VXLAN bridge domain from this port profile.

Step 6 

show port-profile usage

Example:

switch# show port-profile usage

(Optional) Displays a list of interfaces that inherited a port profile.

Step 7 

show bridge-domain

Example:

switch# show bridge-domain

(Optional) Displays all bridge domains.

Step 8 

no feature segmentation

Example:

switch(config)# no feature segmentation

switch(config)#

Removes the segmentation feature.

Step 9 

show processes | grep seg_bd

Example:

switch(config)# show processes | grep seg_bd

switch(config)#

Displays the processes to determine that the segmentation feature is not running.

Step 10 

copy running-config startup-config

Example:

switch# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Verifying VXLAN Configuration

To display VXLAN configuration information, enter one of the following commands:

Command
Purpose

show processes | grep seg_bd

Displays that the VXLAN process is running.

show bridge-domain

Displays all bridge domains.

show interface brief

Displays a short version of the interface configuration.

show interface switchport

Displays information about switchport interfaces.


EXAMPLES

This example shows how to display if the VXLAN process is running.

switch (config)# show processes | grep seg_bd 
    -     NR       -            1     - seg_bd
 
   

This example shows how to display all bridge domains.

switch (config)# show bridge-domain 
 
   
Bridge-domain tenant-red (2 port in all)
Segment ID: 5000 (manual/Active
Group IP: 239.1.1.1
    -     NR       -            1     - seg_bd
 
   

This example shows how to display a short version of the interface table.

switch(config)# show interface brief 
 
   
---------------------------------------------------------------------
Port     VRF    Status   IP Address                   Speed      MTU 
--------------------------------------------------------------- 
mgmt 0   --     up       172.23.233.117               1000       1500
 
   
-------------------------------------------------------------------
Ethernet    VLAN   Type Mode   Status  Reason         Speed    Port
Interface                                                      Ch #
---------------------------------------------------------------------
Eth3/5      1      eth  trunk  up      none           1000
 
   
---------------------------------------------------------------------
Vehternet   VLAN   Type Mode   Status  Reason         Speed
---------------------------------------------------------------------
Veth1       --     virt access up      none           auto
Veth1       --     virt access up      none           auto
Veth1       100    virt access up      none           auto
 
   
---------------------------------------------------------------------
Port     VRF    Status   IP Address                   Speed      MTU 
control0 --     up       --                           1000       1500
switch#(config)#
 
   

This example shows how to display information about switchport interfaces.

switch#(config)# show int switchport
Name: Ethernet3/5
  Switchport: Enabled
  Switchport Monitor: Not enabled
  Operational Mode: Trunk
  Access Mode VLAN: 1 (default)
  Trunking Native Mode: trunk
  Trunking VLANs Enabled: 180-181,231-233,571-574
  Administrative private-vlan primary host-association: none
  Administrative private-vlan secondary host-association: none
  Administrative private-vlan primary mapping: none
  Administrative private-vlan secondary mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk private VLANs: 
  Operational private-vlan: none
 
   
ifindex 0x1c000000 swbd 4096
Name Vethernet1
  Switchport: Enabled
  Switchport Monitor: Not enabled
  Operational Mode: access
  Access Mode VLAN: 0 (none)
  Access BD name: tenant-red
  Trunking Native ModeVLAN: 1 (default)
  Trunking VLANs Enabled: 1-3967,4048-4093
  Administrative private-vlan primary host-association: none
  Administrative private-vlan secondary host-association: none
  Administrative private-vlan primary mapping: none
  Administrative private-vlan secondary mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk private VLANs: 
  Operational private-vlan: none
 
   

For detailed information about the fields in the output from these commands, refer to the Cisco Nexus 1000V Command Reference, Release 4.2(1)SV1(5.1).

Feature History for VXLAN

Table 2-2 lists the release history for this feature. Only features that were introduced or modified in Release 4.2(1)SV1(5.1) or a later release appear in the table.

Table 2-2 Feature History for VXLAN 

Feature Name
Releases
Feature Information

VXLAN

4.2(1)SV1(5.1)

Introduced the Virtual Extensible Local Area Network (VXLAN) feature.