Configuring VXLAN
This chapter describes how to configure the Virtual Extensible Local Area Network (VXLAN).
This chapter includes the following topics:
•Verifying VXLAN Configuration
Information About VXLAN
For detailed information about VXLAN, see Chapter 1 "Overview".
Prerequisites for VXLAN
VXLAN has the following prerequisites:
•The Cisco Nexus 1000V uplink port profiles and all interconnecting switches/routers in between the ESX hosts must have their supported MTU set to at least 50 bytes larger than the MTU of the VMs. For example, the VMs default to using a 1500 byte MTU (same as the uplinks and physical devices), so in this case they must be set to at least 1550 bytes. If this isn't possible, then all VM's VNICs should have their MTU lowered to be 50 bytes smaller than what the physical network supports, for example 1450 bytes. For more information, see the Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1)SV1(5.1).
•If the Cisco Nexus 1000V is using a port channel for its uplinks, then the load distribution algorithm should be set to use a 5-tuple hash (IP/L4/L4 Ports). The same should be used for any port channels on the physical switches. For more information, see the Cisco Nexus 1000V Interface Configuration Guide, Release 4.2(1)SV1(5.1).
•If VEMs requiring VXLAN connectivity are separated by a router
–Proxy ARP must be enabled on the SVIs connected to the Cisco Nexus 1000V's VXLAN transport VLANs (the ones the "capability vxlan" port profiles are connected to).
–Multicast routing must be enabled on the routers.
•VXLAN makes use of MAC in IP (UDP) with a destination port of 8472. You must allow this through any firewall.
•Your upstream switch, from the VEMs of the Cisco Nexus 1000V, needs to provide an IGMP querier function.
Default Settings
Table 2-1 lists the default settings for VXLAN parameters.
|
|
---|---|
VXLAN |
Disabled |
Configuring VXLAN
This section includes the following topics:
•Creating a Port Profile Configured to Use a VXLAN
Initial Enabling of VXLANs
To enable a VXLAN, you must to perform the following two procedures when first configuring VXLAN.
•Configuring vmknics for VXLAN Encapsulation
Configuring vmknics for VXLAN Encapsulation
You can configure vmknics for VXLAN encapsulation by running the following procedure.
BEFORE YOU BEGIN
•Identify a VLAN to be used for transporting VXLAN encapsulated traffic.
•Ensure it is configured on the uplink port profile for all VEMs on which VXLAN can be configured.
SUMMARY STEPS
1. configure terminal
2. port-profile profilename
3. vmware port-group name
4. switchport mode access
5. switchport access vlan id
6. capability vxlan
7. no shutdown
8. state enabled
9. show port-profile name profilename
10. copy running-config startup-config
DETAILED STEPS
What to Do Next
•The vSphere administrator must create a new vmknic on each ESX/ESXi host and assign the previously created port profile to this vmknic.
Enabling VXLANs
You can enable VXLANs by performing the following procedure.
BEFORE YOU BEGIN
•Enter the show system vem feature level command to confirm that the feature level is 4.2(1)SV1(5.1) or later. If the feature level is not 4.2(1)SV1(5.1) or later, see the Cisco Nexus 1000V Software Upgrade Guide, Release 4.2(1)SV1(5.1).
SUMMARY STEPS
1. configure terminal
2. feature segmentation
3. show feature | grep segmentation
4. show processes | grep seg_bd
5. copy running-config startup-config
DETAILED STEPS
EXAMPLES
The following example shows enabling the segmentation feature.
n1000v# configure terminal
n1000V(config)# feature segmentation
n1000v(config)# show feature | grep segmentation
network-segmentation 1 disabled
segmentation 1 enabled
n1000v(config)# show processes | grep seg_bd
4166 S b7de9468 1 - seg_bd
n1000v(config)# copy running-config startup-config
Creating a VXLAN
You can create a VXLAN by running the following procedure.
RESTRICTIONS
•You are limited to creating a combination of 2048 VXLANs and VLANs.
SUMMARY STEPS
1. configure terminal
2. bridge-domain name-string
3. segment id [number]
4. group ipaddr
5. show bridge-domain name-string
6. copy running-config startup-config
DETAILED STEPS
Creating a Port Profile Configured to Use a VXLAN
You can create a port profile that is configured to use a VXLAN.
RESTRICTIONS
•Alternatively, you can associate ports with a bridge domain by modifying the configuration of an existing vEthernet port profile to use VXLANs instead of VLANs. To do so, enter the switchport access bridge-domain name command on a profile with switchport mode access configured.
SUMMARY STEPS
1. configure terminal
2. port-profile profilename
3. vmware port-group name
4. switchport mode access
5. switchport access bridge-domain name-string
6. no shutdown
7. state enabled
8. show port-profile name profilename
9. show running-config bridge-domain
10. copy running-config startup-config
DETAILED STEPS
Removing Ports from a VXLAN
You can remove ports from a VXLAN by executing the following procedure.
RESTRICTIONS
•Executing this procedure moves the ports to the default VLAN.
SUMMARY STEPS
1. configure terminal
2. port-profile name
3. no switchport access bridge-domain
4. show port-profile usage
5. show bridge-domain name
6. copy running-config startup-config
DETAILED STEPS
Deleting a VXLAN
You can delete a VXLAN domain by executing the following procedure.
RESTRICTIONS
•Deleting an existing bridge domain with ports on it moves all the ports to a down state. Traffic stops flowing.
SUMMARY STEPS
1. configure terminal
2. no bridge-domain name-string
3. show bridge-domain
4. copy running-config startup-config
DETAILED STEPS
Disabling Segmentation
You can disable segmentation by executing the following procedure.
SUMMARY STEPS
1. configure terminal
2. show bridge-domain
3. show running-config port-profile
4. port-profile name
5. no switchport access bridge-domain name-string
6. show port-profile usage
7. show bridge-domain name
8. no feature segmentation
9. show processes | grep seg_bd
10. copy running-config startup-config
DETAILED STEPS
|
|
|
---|---|---|
Step 1 |
configure terminal
Example: switch# configure terminal switch(config)# |
Enters global configuration mode. |
Step 2 |
show bridge-domain
Example: switch(config)# show bridge-domain switch(config)# |
Displays all bridge domains. Note |
Step 3 |
show running-config port-profile
Example: switch(config)# show running port-profile |
Displays the running configuration for all port-profiles. Note |
Step 4 |
port-profile name
Example: switch(config)# port-profile tenant-profile switch(config-port-prof) |
Names the port profile and enters port profile configuration mode. If the port profile does not already exist, it is created using the following characteristics: • Note |
Step 5 |
no switchport access bridge-domain name-string
Example: switch(config-port-prof)# no switchport access bridge-domain tenant-red switch(config-port-prof) |
Removes the VXLAN bridge domain from this port profile. |
Step 6 |
show port-profile usage
Example: switch# show port-profile usage |
(Optional) Displays a list of interfaces that inherited a port profile. |
Step 7 |
show bridge-domain
Example: switch# show bridge-domain |
(Optional) Displays all bridge domains. |
Step 8 |
no feature segmentation
Example: switch(config)# no feature segmentation switch(config)# |
Removes the segmentation feature. |
Step 9 |
show processes | grep seg_bd
Example: switch(config)# show processes | grep seg_bd switch(config)# |
Displays the processes to determine that the segmentation feature is not running. |
Step 10 |
copy running-config startup-config
Example: switch# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
Verifying VXLAN Configuration
To display VXLAN configuration information, enter one of the following commands:
EXAMPLES
This example shows how to display if the VXLAN process is running.
switch (config)# show processes | grep seg_bd
- NR - 1 - seg_bd
This example shows how to display all bridge domains.
switch (config)# show bridge-domain
Bridge-domain tenant-red (2 port in all)
Segment ID: 5000 (manual/Active
Group IP: 239.1.1.1
- NR - 1 - seg_bd
This example shows how to display a short version of the interface table.
switch(config)# show interface brief
---------------------------------------------------------------------
Port VRF Status IP Address Speed MTU
--------------------------------------------------------------- mgmt 0 -- up 172.23.233.117 1000 1500
-------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
---------------------------------------------------------------------
Eth3/5 1 eth trunk up none 1000
---------------------------------------------------------------------
Vehternet VLAN Type Mode Status Reason Speed
---------------------------------------------------------------------
Veth1 -- virt access up none auto
Veth1 -- virt access up none auto
Veth1 100 virt access up none auto
---------------------------------------------------------------------
Port VRF Status IP Address Speed MTU
control0 -- up -- 1000 1500
switch#(config)#
This example shows how to display information about switchport interfaces.
switch#(config)# show int switchport
Name: Ethernet3/5
Switchport: Enabled
Switchport Monitor: Not enabled
Operational Mode: Trunk
Access Mode VLAN: 1 (default)
Trunking Native Mode: trunk
Trunking VLANs Enabled: 180-181,231-233,571-574
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs:
Operational private-vlan: none
ifindex 0x1c000000 swbd 4096
Name Vethernet1
Switchport: Enabled
Switchport Monitor: Not enabled
Operational Mode: access
Access Mode VLAN: 0 (none)
Access BD name: tenant-red
Trunking Native ModeVLAN: 1 (default)
Trunking VLANs Enabled: 1-3967,4048-4093
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs:
Operational private-vlan: none
For detailed information about the fields in the output from these commands, refer to the Cisco Nexus 1000V Command Reference, Release 4.2(1)SV1(5.1).
Feature History for VXLAN
Table 2-2 lists the release history for this feature. Only features that were introduced or modified in Release 4.2(1)SV1(5.1) or a later release appear in the table.
|
|
|
---|---|---|
VXLAN |
4.2(1)SV1(5.1) |
Introduced the Virtual Extensible Local Area Network (VXLAN) feature. |