The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This feature explains a sample Software-Defined Access (SD-Access) network topology comprising two Locator/ID Separation Protocol (LISP) control plane-Virtual eXtensible Local Area Network (VXLAN) data plane based campus fabrics connected through Multiprotocol Label Switching (MPLS) L3VPN. The focus of the feature is the role of the Cisco Nexus 7000/7700 Series border leaf switch which sends end host traffic from the fabric to an end host in a remote fabric over MPLS (through the MPLS core).
 Note |
IPv6 unicast traffic is not supported for the LISP VRF leak feature on Software-Defined Access fabrics since Cisco Catalyst 3000 Series switches do not support IPv6 traffic for extranets. |
This chapter contains the following sections:
Sample topology and traffic flow between two campus fabrics connected through MPLS L3VPN:
Fabric 1 and Fabric 2 are two campus fabrics. PxTR 1 and PxTR 2 are Cisco Nexus 7000/7700 Series switches that perform the role of border switches in Fabric 1. PxTR 2 is the fabric border switch in Fabric 2. MPLS configurations are enabled on the PxTR switches such that Fabric 1 and Fabric 2 are connected through MPLS L3VPN between PxTR 1/PxTR 2 and PxTR 3.
End hosts are attached to Cisco Catalyst switches xTR 1 and xTR 2 which perform the role of LISP xTRs. The LISP control plane extends from the xTRs to PxTR 1 and PxTR 2. Spine1 and Spine 2 are Layer-3 switches used for routing in the underlay, through an interior gateway protocol (IGP) such as Open Shortest Path First (OSPF). Spine 1 is connected to the Map-Server/Map-Resolver (MSMR).
For the overlay, VXLAN is implemented on the xTRs and the PxTRs, and they also perform the role of VXLAN Virtual Tunnel End Points (VTEPs).
The LISP (control plane) and the VXLAN (data plane) overlays begin and terminate between the xTRs and PxTRs.
PxTR1 and PxTR2 perform the provider edge (PE) function, and are connected to the provider switch P1 in the MPLS/IP core. MPLS L3VPN is implemented on the PxTRs for traffic flow across the fabrics. If Host 1 in Fabric 1 sends traffic to Host 3 in Fabric 2, then this is a sample flow:
Traffic from Host1 reaches a PxTR, the fabric border switch, since the destination end host is located in a remote site. The PxTR VXLAN decapsulates the packets and sends it towards P1 through MPLS.
Note |
The redistribute lisp route-map command ensures that the LISP map-cache routes are redistributed into Multiprotocol Border Gateway Protocol (MP-BGP). |
P1 sends the traffic through the MPLS/IP core to the Provider switch P2 which is connected to the fabric border switch of Fabric 2, PxTR 3. P2 forwards the MPLS traffic to PxTR3.
Note |
The assumption is that MPLS L3VPN is implemented on the receiving switch and the LISP control plane and VXLAN data planes are converged/updated. |
PxTR3 receives the traffic, removes the MPLS label, and does appropriate lookups as regards to the destination end host. Then, PxTR3 VXLAN encapsulates the packets towards xTR3, since Host 3 is attached to it.
xTR 3 receives the traffic, VXLAN decapsulates the packets and sends the original packets (sent by Host 1) to Host 3.
Note |
|
Configure MPLS L3VPN, BGP, LDP, LISP and VXLAN features:
PxTR 1(config)# feature-set mpls
feature-set fabric
feature bgp
feature lisp
feature mpls l3vpn
feature mpls ldp
feature nv overlay
feature vni
Step 1 Configure VXLAN related commands
Create a bridge domain and associate the corresponding Layer 3 VNI:
PxTR 1(config)# vni 6000
system bridge-domain 300
bridge-domain 300
member vni 6000
Add the Layer 3 virtual routing and forwarding (VRF) VNI to the VXLAN overlay network and enable LISP reachability:
PxTR 1(config)# interface nve1
no shutdown
host-reachability protocol lisp
source-interface loopback0
member vni 6000 associate-vrf
Step 2 Configure LISP related commands
Configure LISP parameters and route distinguisher and route target functions for the vrf6000 VRF:
PxTR 1(config)# vrf context vrf6000
vni 6000
ip lisp proxy-itr 192.0.2.1
ip lisp proxy-etr
lisp instance-id 6000
ip lisp locator-vrf fab0
ip lisp map-cache 198.51.0.0/16 map-request
lisp encapsulation vxlan
rd 6000:6000
address-family ipv4 unicast
route-target import 6000:6000
route-target export 6000:6000
The ip lisp map-cache command creates a static map-cache entry for reachability to remote Endpoint Identifiers (EIDs).
Step 3 Configure fabric facing BDI
Associate a BDI to the vrf6000 VRF:
PxTR 1(config)# interface Bdi300
no shutdown
vrf member vrf6000
no ip redirects
ip forward
Step 1 Configure MPLS commands on the WAN facing interface:
PxTR 1(config)# interface Ethernet1/35.1
mpls ip
description connect_P1_mpls
encapsulation dot1q 162
ip address 203.0.113.1/30
ip router ospf 299 area 0.0.0.0
no shutdown
After enabling the corresponding interface on P1, an MPLS link is established between PxTR 1 (the PE switch) and P1 (the Provider switch) .
PxTR 1(config)# mpls ldp configuration
router-id Lo299 force
The configurations enable the specified loopback interface’s IP address as the Label Distribution Protocol (LDP) router ID.
Step 2 Configure BGP for traffic flow between the fabric border (PE) switch PxTR 1 and the Provider switch P1:
PxTR 1(config)# router bgp 100
router-id 209.165.201.1
address-family ipv4 unicast
neighbor 209.165.200.225 remote-as 5000
update-source loopback299
ebgp-multihop 10
address-family vpnv4 unicast
send-community extended
exit
address-family ipv4 unicast
vrf vrf6000
address-family ipv4 unicast
redistribute lisp route-map LISP-RMAP
aggregate-address 198.51.0.0/16 summary-only
label-allocation-mode per-vrf
The redistribute lisp route-map command redistributes the LISP map-cache routes into MP-BGP.
Aggregate routes within the vrf6000 VRF are enabled to be distributed to the BGP neighbor.
Note |
The configurations are relevant to PxTR 1. Similarly, enable the campus fabric interconnect function on PxTR 2 and PxTR 3. |
You can verify MPLS configurations on a fabric border switch with these verification commands:
In the following example, you can verify MPLS LDP configuration:
PxTR1# show mpls ldp discovery
Local LDP Identifier:
209.165.201.1:0
Discovery Sources:
Interfaces:
Ethernet2/20.1 (ldp): xmit/recv
LDP Id: 203.0.113.1:0
In the following example, you can verify MPLS LDP neighbor configuration:
PxTR1# show mpls ldp neighbor
Peer LDP Ident: 203.0.113.1:0; Local LDP Ident 209.165.201.1:0
TCP connection: 203.0.113.1.646 - 209.165.201.1.63118
State: Oper; Msgs sent/rcvd: 69/71; Downstream
Up time: 00:53:49
LDP discovery sources:
Ethernet2/20.1, Src IP addr: 192.0.2.250
Addresses bound to peer LDP Ident:
203.0.113.1 172.16.0.1 192.0.2.250 203.0.113.10
In the following example, you can verify MPLS label switching VRF information:
PxTR1# show mpls switching vrf vrf6000
Legend:
(P)=Protected, (F)=FRR active, (*)=more labels in stack.
In-Label VRF
IPv4 Aggregate Labels
31 vrf6000
This table lists the release history for this feature.
|
Feature Name |
Release |
Feature Information |
|---|---|---|
|
Feature History for Campus Fabric Interconnect—MPLS L3VPN |
8.2(1) |
This feature was introduced. This feature explains how to enable traffic flow across two campus fabrics through MPLS L3VPN. No new commands were introduced for this feature. |
Feedback