Cisco VTS 2.6.1 Day Zero Configuration Examples
The following sections provide details about the different VTS deployment scenarios and the respective Day Zero configuration.
Note: For details about platforms that are supported in each role, see the Supported Platforms section in Cisco VTS Installation Guide.
● VTS Day Zero Configuration for Various Roles and Platforms
● Day Zero Configuration Changes Required on IOS XRv
● Underlay Day Zero Routing to Advertise for VTF and IOSXRv n/w to all Devices in Data Center Topology
● VTF - Day Zero Configuration on Non-VTEP Devices
● IOS XRv Day Zero Configuration for High Availability
● Ethernet Segment Identifier (ESI) Day Zero Configuration on TORs
● VTS Day Zero Configuration for TCAM to support security group feature
The following sections provide examples of day zero configurations required on different platforms, based on their role.
Note: You need to replace the variables (IP addresses, passwords, and so on) in the examples below with values from your own system.
● Day Zero Configuration—IOS XRv
● Day Zero Configuration—Cisco Nexus 9300 or Cisco Nexus 9500 as ToR
● Day Zero Configuration—Cisco Nexus 7000/7700 as ToR
● Day Zero Configuration—Cisco Nexus 5600 as ToR
● Day Zero Configuration—Cisco Nexus 9300 or Cisco Nexus 9500 as DC Gateway
● Day Zero Configuration—Cisco Nexus 7000/7700 as DC Gateway
● Day Zero Configuration—Cisco Nexus 5600 as DC Gateway
● Day Zero Configuration—Cisco Nexus 9300 or Cisco Nexus 9500 or Cisco Nexus 5600 or Cisco Nexus 7000 as Spine
● Day Zero Configuration—Cisco ASR 9000 as DCI—VRF Peering Mode
● Day Zero Configuration—Cisco Nexus 7000 as DCI—VRF Peering Mode
● Day Zero Configuration—Cisco ASR 9000 as Integrated DCI (DCI and DC Gateway)
● Day Zero Configuration—Cisco Nexus 7000 as Integrated DCI (DCI and DC Gateway)
● VTF-L2 connected TOR Interface Configuration
● In a datacenter, on the DCI the fabric facing loopback should be unique. This is because we construct the route distinguisher with fabric facing loopback and L3VNI (fabric-facing-loopback:L3VNI).
● When using SVI uplinks with VXLAN enabled on Cisco Nexus 9200 Series switches and Cisco Nexus 9300-EX switches, use the system nve infra-vlans command to specify the VLANs that are used for uplink SVI. Failing to specify the VLANs results in traffic loss.
Day Zero Configuration—IOS XRv
hostname xrvr01
logging buffered 5242880
logging buffered critical
logging facility syslog
service timestamps log datetime
telnet vrf default ipv4 server max-servers 10
line console
exec-timeout 0 0
!
line default
exec-timeout 0 0
!
control-plane
management-plane
out-of-band
interface MgmtEth0/0/CPU0/0
allow all peer
address ipv4 169.254.10.0/30
!
!
!
!
!
!
interface Loopback0
ipv4 address 20.1.0.4 255.255.255.255
!
interface MgmtEth0/0/CPU0/0
ipv4 address 169.254.10.2 255.255.255.0
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.29.128.12 255.255.255.0
!
interface GigabitEthernet0/0/0/1
ipv4 address 172.20.111.28 255.255.255.0
!
interface GigabitEthernet0/0/0/2
shutdown
!
router static
maximum path ipv4 30000
address-family ipv4 unicast
0.0.0.0/0 10.29.128.1
!
!
router ospf 100
area 0.0.0.0
default-cost 10
interface Loopback0
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
!
!
platform mode production accept-eula
end
Day Zero Configuration—Cisco Nexus 9300 or Cisco Nexus 9500 as ToR
hostname ToR1
vdc ToR1 id 1
feature telnet
feature nxapi
feature bash-shell
cfs eth distribute
nv overlay evpn
feature ospf
feature bgp
feature pim
feature isis
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature dhcp
feature vpc
feature lldp
feature vtp
feature scp
feature nv overlay
username admin password cisco123 role network-admin
ip pim rp-address 2.2.2.2 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
route-map vts-subnet-policy permit
vrf context management
ip route 0.0.0.0/0 172.29.128.1
vpc domain 50
peer-keepalive destination 172.29.128.8
peer-gateway
ip arp synchronize
ipv6 nd synchronize
interface Ethernet1/1
Description ***Interface connected to Compute1 eth1***
switchport mode trunk
switchport trunk allowed vlan none
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
interface Ethernet1/2
Description ***Interface connected to Controller1 eth1 for dhcp***
switchport mode trunk
switchport trunk allowed vlan none
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
interface Ethernet1/3
Description ***Interface connected to Compute1 eth2 for vPC link***
switchport mode trunk
switchport trunk allowed vlan none
speed 1000
channel-group 100
no shutdown
interface Ethernet1/4
Description ***Interface connected to ToR2 eth1/4 for vPC peer link***
switchport mode trunk
channel-group 20
no shutdown
interface Ethernet1/47
Description ***Interface connected to ios-XRV1***
switchport mode access
switchport access vlan 800
no shutdown
interface Ethernet1/48
Description ***Interface connected to ios-XRV2***
switchport mode access
switchport access vlan 800
no shutdown
interface Vlan800
no shutdown
ip address 88.88.88.1/24
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
interface port-channel20
Description ***Port channel link connected to ToR2 vPC peer link***
switchport mode trunk
spanning-tree port type network
speed 1000
vpc peer-link
interface port-channel00
Description ***Port channel link connected to compute1 link***
switchport mode trunk
switchport trunk allowed vlan none
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
vpc 50
interface Ethernet2/1
Description ***Interface connected to Spine eth2/1***
no switchport
ip address 11.1.1.2/24
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface mgmt0
vrf member management
ip address 172.29.128.7/26
interface loopback0
ip address 2.2.2.2/32
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
line console
line vty
boot nxos bootflash:/n9000-dk9.7.0.3.I1.1.bin
router ospf 100
router-id 2.2.2.2
area 0.0.0.0 default-cost 10
If you do not intend to configure a route reflector in your network, you must add the BGP ASN manually.
router bgp 1
router-id 1.0.0.1
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 1.0.0.2 remote-as 1
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community both
If you intend to relay DHCP requests to a central DHCP server:
feature dhcp
service dhcp
ip dhcp relay
ip dhcp relay information option
ip dhcp relay sub-option type cisco
ip dhcp relay information option vpn
ipv6 dhcp relay
ipv6 dhcp relay option vpn
ipv6 dhcp relay option type cisco
FEX configuration:
install feature-set fex
feature-set fex
fex 101
pinning max-links 1
description "FEX101"
interface port-channel100
switchport mode fex-fabric
fex associate 101
interface Ethernet1/1-4
channel-group 100
In case you want to connect the server in a VPC mode with the FEX port, Server VPC mode is supported.
Server VPC config:
TOR1
vpc domain 50
role priority 100
system-priority 100
peer-keepalive destination 172.29.128.57 source 172.29.128.56
peer-gateway
ipv6 nd synchronize
interface port-channel50
switchport mode trunk
switchport trunk allowed vlan none
spanning-tree port type network
vpc peer-link
interface port-channel21
switchport mode trunk
switchport trunk allowed vlan none
vpc 21
interface Ethernet101/1/48
switchport mode trunk
switchport trunk allowed vlan none
channel-group 21 mode active
TOR2
vpc domain 50
role priority 100
system-priority 100
peer-keepalive destination 172.29.128.56 source 172.29.128.57
peer-gateway
ipv6 nd synchronize
interface port-channel50
switchport mode trunk
switchport trunk allowed vlan none
spanning-tree port type network
vpc peer-link
interface port-channel21
switchport mode trunk
switchport trunk allowed vlan none
vpc 21
interface Ethernet101/1/48
switchport mode trunk
switchport trunk allowed vlan none
channel-group 21 mode active
Day Zero Configuration—Cisco Nexus 7000/7700 as ToR
Leaf VDC node: feature-set fabricpath feature telnet feature fabric forwarding feature vni username admin password 5 $5$Br/hUENC$QtUVSkr.nYdICxAR4yYdvd234FGHg6xnbS0DTuEfZU5 role vdc-admin snmp-server user admin vdc-admin auth md5 0x2f35355ead2c11a03e1df61b17fcbbfc priv 0x2f35355ead2c11a03e1df61b17fcbbfc localizedk ip pim rp-address 20.1.0.24 group-list 224.0.0.0/4 ##If you intend to manage the device using secure protocols, then you must enable HTTPS in the device using nxapi https port 443 interface mgmt0 interface Vlan1 interface port-channel100 description ***EtherChannel for connection to Compute 34*** interface Ethernet1/36 interface Ethernet1/37 description ***connection to Compute 34 eth2*** interface Ethernet1/38 description ***connection to Compute 34 eth3*** interface Ethernet1/40 description ***connection to Compute 38 eth1*** interface loopback0 ip router ospf 200 area 0.0.0.0 line console
If you do not intend to configure a route reflector in your network, you must add the BGP ASN manually: router bgp 100 router-id 20.1.0.121 address-family ipv4 unicast address-family ipv6 unicast address-family l2vpn evpn neighbor 20.1.0.23 remote-as 100 update-source loopback0 address-family l2vpn evpn send-community both
If you intend to relay DHCP requests to a central DHCP server: feature dhcp service dhcp ip dhcp relay ip dhcp relay information option ip dhcp relay sub-option type cisco ip dhcp relay information option vpn ipv6 dhcp relay ipv6 dhcp relay option vpn ipv6 dhcp relay option type cisco ipv6 dhcp relay source-interface Ethernet1/36
Fex configuration:
feature-set fex
fex 121 pinning max-links 1 debounce time 0 description FEX 121
interface port-channel121 description ***Port-Channel for connection to FEX 121*** switchport switchport mode fex-fabric fex associate 121 interface port-channel1212 description ***FEX Port-Channel for connection to Compute 37***
interface Ethernet1/39 switchport switchport mode fex-fabric fex associate 121 channel-group 121
interface Ethernet121/1/2 description ***FEX port connection to Compute 37 eth1*** channel-group 1212 mode active no shutdown
|
Day Zero Configuration—Cisco Nexus 5600 as ToR
hostname ToR2
install feature-set fabric
feature-set fabric
cfs eth distribute
feature fabric forwarding
nv overlay evpn
feature ospf
feature bgp
feature pim
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature nv overlay
feature nxapi
feature vn-segment-vlan-based
hardware ethernet store-and-fwd-switching
configure profile vrf-tenant-profile
configure terminal
fabric forwarding switch-role leaf
username admin password cisco123 role network-admin
ip pim rp-address 1.1.1.1 group-list 239.0.0.0/24 bidir
ip pim ssm range 232.0.0.0/8
vrf context management
ip route 0.0.0.0/0 172.29.128.1
vpc domain 50
peer-keepalive destination 172.29.128.7
peer-gateway
ip arp synchronize
ipv6 nd synchronize
interface Vlan10
no shutdown
ip address 1.0.1.1/24
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
vpc nve peer-link-vlan 10
interface Ethernet1/1
Description ***Interface connected to Compute2 eth1***
switchport mode trunk
switchport trunk allowed vlan none
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
interface Ethernet1/3
Description ***Interface connected to Compute1 eth3 for vPC link***
switchport mode trunk
switchport trunk allowed vlan none
speed 1000
channel-group 100
no shutdown
spanning-tree port type edge trunk
switchport trunk allowed vlan except 10
interface Ethernet1/4
Description ***Interface connected to ToR2 eth1/4 for vPC peer link***
switchport mode trunk
channel-group 20
no shutdown
interface port-channel20
Description ***Port channel link connected to ToR1 vPC peer link***
switchport mode trunk
spanning-tree port type network
speed 1000
vpc peer-link
interface port-channel00
Description ***Port channel link connected to compute2 link***
switchport mode trunk
switchport trunk allowed vlan none
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
vpc 50
interface Ethernet2/1
Description ***Interface connected to Spine eth2/1***
no switchport
ip address 12.1.1.2/24
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface mgmt0
vrf member management
ip address 172.29.128.8/26
interface loopback0
ip address 3.3.3.3/32
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
line console
line vty
boot nxos bootflash:/n9000-dk9.7.0.3.I1.1.bin
router ospf 100
router-id 3.3.3.3
area 0.0.0.0 default-cost 10
If you do not intend to configure a route reflector in your network, you must add the BGP ASN manually.
router bgp 1
router-id 1.0.0.1
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 1.0.0.2 remote-as 1
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community both
If you intend to setup two 5600s in a VPC pair, as a prerequisite VPC should be configured.
interface Vlan1001
no shutdown
ip address 1.0.1.1/24
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
vpc nve peer-link-vlan 1001
NVE config:
interface nve1
no shutdown
source-interface loopback0
host-reachability protocol bgp
dot1q auto-config:
platform fabric database dot1q disable
If you intend to relay DHCP requests to a central DHCP server:
feature dhcp
ip dhcp relay
ip dhcp relay information option
ip dhcp relay sub-option type cisco
ip dhcp relay information option vpn
ipv6 dhcp relay
ipv6 dhcp relay option vpn
ipv6 dhcp relay option type cisco
FEX configuration:
feature fex
fex 101
pinning max-links 1
description "FEX0101"
fex 102
pinning max-links 1
description "FEX0102"
interface port-channel101
fex associate 101
interface port-channel102
fex associate 102
interface Ethernet1/1-2
channel-group 102
interface Ethernet2/1
channel-group 101
VPC modes:
FEX VPC:
feature vpc
vpc domain 100
role priority 2000
system-priority 4000
peer-keepalive destination 172.29.128.55 source 172.29.128.54
delay restore 150
ipv6 nd synchronize
interface port-channel30
switchport mode trunk
switchport trunk allowed vlan none
spanning-tree port type network
flowcontrol send on
vpc peer-link
interface port-channel101
switchport mode fex-fabric
fex associate 101
vpc 100
interface port-channel102
switchport mode fex-fabric
fex associate 102
vpc 102
interface Ethernet101/1/1
switchport mode trunk
switchport trunk allowed vlan none
interface Ethernet101/1/2
switchport mode trunk
switchport trunk allowed vlan none
interface Ethernet101/1/3
switchport mode trunk
switchport trunk allowed vlan none
Enhanced VPC:
interface port-channel20
switchport mode trunk
switchport trunk allowed vlan none
interface Ethernet102/1/23
switchport mode trunk
switchport trunk allowed vlan none
speed 1000
channel-group 20 mode active
interface Ethernet101/1/48
switchport mode trunk
channel-group 20 mode active
Day Zero Configuration—Cisco Nexus 9300 or Cisco Nexus 9500 as DC Gateway
hostname ToR3
vdc ToR1 id 1
feature telnet
feature nxapi
feature bash-shell
cfs eth distribute
nv overlay evpn
feature ospf
feature bgp
feature pim
feature isis
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature dhcp
feature vpc
feature lldp
feature vtp
feature scp
feature nv overlay
username admin password cisco123 role network-admin
no password strength-check
ip domain-lookup
spanning-tree mode mst
snmp-server user admin network-admin auth md5 cisco123 priv cisco123 localizedkey
ip pim rp-address 2.2.2.2 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
vrf context management
ip route 0.0.0.0/0 172.29.128.1
interface Ethernet1/1
Description ***Interface connected to Compute3 eth1***
switchport mode trunk
switchport trunk allowed vlan none
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
interface Ethernet1/2
Description ***Interface connected to DCI G0/0/1/19***
no switchport
ip address 10.5.55.1/24
ipv6 address 2001:2002:1:1::3/64
no shutdown
interface Ethernet2/1
Description ***Interface connected to Spine eth2/1***
no switchport
ip address 13.1.1.2/24
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface mgmt0
vrf member management
ip address 172.29.128.9/26
interface loopback0
ip address 4.4.4.4/32
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
line console
line vty
boot nxos bootflash:/n9000-dk9.7.0.3.I1.1.bin
router ospf 100
router-id 4.4.4.4
area 0.0.0.0 default-cost 10
Day Zero Configuration—Cisco Nexus 7000/7700 as DC Gateway
Border Leaf VDC node:
feature-set fabricpath feature-set fabric hostname N7K-BorderLeaf-VDC
feature telnet cfs eth distribute feature fabric forwarding nv overlay evpn feature fabricpath-vpn feature ospf feature bgp feature ospfv3 feature pim feature fabric multicast feature interface-vlan feature lacp feature lldp feature nv overlay feature nxapi
feature vni
username admin password 5 $5$d03SuJcC$yFCGPGz9PZAzBMp.GksV8ldiwZLfHpQ.gZKEQKIMks8 role vdc-admin no password strength-check ip domain-lookup snmp-server user admin vdc-admin auth md5 0xe274ded350c828fb42e72afcf04d5944 priv 0xe274ded350c828fb42e72afcf04d5944 localize dkey rmon event 1 log description FATAL(1) owner PMON@FATAL rmon event 2 log description CRITICAL(2) owner PMON@CRITICAL rmon event 3 log description ERROR(3) owner PMON@ERROR rmon event 4 log description WARNING(4) owner PMON@WARNING rmon event 5 log description INFORMATION(5) owner PMON@INFO
ip pim rp-address 20.1.0.24 group-list 224.0.0.0/4 ip pim ssm range 232.0.0.0/8 vlan 1
vrf context management ip route 0.0.0.0/0 172.23.209.1 ##If you intend to manage the device using secure protocols, then you must enable HTTPS in the device using nxapi https port 443
interface mgmt0 vrf member management ip address 171.32.29.225/26
interface Vlan1
interface Ethernet1/1 description *** Connected to Compute 12 Eth1 *** no shutdown
interface Ethernet1/2 description *** Connected to Spine E1/47 *** ip address 19.1.1.2/24 ipv6 address 2016:19:1:1::2/64 ip router ospf 200 area 0.0.0.0 ipv6 router ospfv3 200 area 0.0.0.0 ip pim sparse-mode no shutdown
interface Ethernet1/3 description *** Connected to DCI GigabitEthernet0/0/0/16 for VRF-Peering Mode*** ip address 10.5.57.1/24 ipv6 address 2016:10:5:57::1/64 ip router ospf 200 area 0.0.0.0 no shutdown
interface Ethernet1/4 description *** Connected to Compute 13 Eth1 *** no shutdown
interface loopback0 ip address 20.1.0.225/32 ip router ospf 200 area 0.0.0.0 ip pim sparse-mode line console exec-timeout 0 line vty router ospf 200 router-id 20.1.0.225 area 0.0.0.0 default-cost 10 router ospfv3 200 router-id 20.1.0.225 fabricpath domain default evpn no system default switchport shutdown lldp holdtime 255
|
Day Zero Configuration—Cisco Nexus 5600 as DC Gateway
hostname ToR2
install feature-set fabric
feature-set fabric
cfs eth distribute
feature fabric forwarding
nv overlay evpn
feature ospf
feature bgp
feature pim
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature nv overlay
feature nxapi
feature vn-segment-vlan-based
hardware ethernet store-and-fwd-switching
configure profile vrf-tenant-profile
configure terminal
fabric forwarding switch-role leaf
username admin password cisco123 role network-admin
ip pim rp-address 10.10.10.250 group-list 239.0.0.0/24 bidir
ip pim ssm range 232.0.0.0/8
vrf context management
ip route 0.0.0.0/0 172.29.128.1
vpc domain 50
peer-keepalive destination 172.29.128.7
peer-gateway
ip arp synchronize
ipv6 nd synchronize
interface Vlan10
no shutdown
ip address 1.0.1.1/24
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
vpc nve peer-link-vlan 10
interface Ethernet1/1
Description ***Interface connected to Compute2 eth1***
switchport mode trunk
switchport trunk allowed vlan none
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
interface Ethernet1/3
Description ***Interface connected to Compute1 eth3 for vPC link***
switchport mode trunk
switchport trunk allowed vlan none
speed 1000
channel-group 100
no shutdown
interface Ethernet1/4
Description ***Interface connected to ToR2 eth1/4 for vPC peer link***
switchport mode trunk
channel-group 20
no shutdown
interface port-channel20
Description ***port channel link connected to ToR1 vPC peer link***
switchport mode trunk
spanning-tree port type network
speed 1000
vpc peer-link
interface Ethernet1/5
Description ***Interface connected to DCI G0/0/1/19***
no switchport
ip address 10.5.55.1/24
ipv6 address 2001:2002:1:1::3/64
no shutdown
interface Ethernet2/1
Description ***Interface connected to Spine eth2/1***
no switchport
ip address 12.1.1.2/24
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface mgmt0
vrf member management
ip address 172.29.128.8/26
interface loopback0
ip address 3.3.3.3/32
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
line console
line vty
boot nxos bootflash:/n9000-dk9.7.0.3.I1.1.bin
router ospf 100
router-id 3.3.3.3
area 0.0.0.0 default-cost 10
BGP:
router bgp 65000
router-id 10.10.10.211
address-family ipv4 unicast
neighbor 10.10.10.1 remote-as 65000
update-source loopback0
address-family l2vpn evpn
send-community both
neighbor 10.10.10.2 remote-as 65000
update-source loopback0
address-family l2vpn evpn
send-community both
neighbor 10.10.254.72 remote-as 100 <-- vrf peering to Edge Router
update-source loopback0
disable-connected-check
address-family ipv4 unicast
evpn
NVE interface:
interface nve1
no shutdown
source-interface loopback0
host-reachability protocol bgp
Day Zero Configuration—Cisco Nexus 9300 or Cisco Nexus 9500 or Cisco Nexus 5600 or Cisco Nexus 7000 as Spine
hostname SolTB1-Spine1
vdc SolTB1-Spine1 id 1
allocate interface Ethernet1/1-48
allocate interface Ethernet2/1-12
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 512
limit-resource u4route-mem minimum 248 maximum 248
limit-resource u6route-mem minimum 96 maximum 96
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
feature telnet
feature nxapi
feature bash-shell
cfs eth distribute
nv overlay evpn
feature ospf
feature bgp
feature pim
feature isis
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature vpc
feature vtp
feature lldp
feature nv overlay
username admin password cisco123 role network-admin
no password strength-check
ip domain-lookup
snmp-server user admin network-admin auth md5 cisco123 priv cisco123 localizedkey
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
ip pim rp-address 2.2.2.2 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
##If you intend to manage (Nexus 7000) the device using secure protocols, then you must enable HTTPS in the device using
nxapi https port 443
vlan 1
vrf context management
ip route 0.0.0.0/0 172.20.98.193
interface Ethernet1/1
Description ***Interface connected to XRVR1 G0/0/0/0***
no switchport
ip address 10.6.45.1/24
no shutdown
interface Ethernet1/2
Description ***Interface connected to XRVR2 G0/0/0/0***
no switchport
ip address 10.6.46.1/24
no shutdown
interface Ethernet2/1
Description ***Interface connected to ToR1 eth2/1***
no switchport
ip address 11.1.1.1/24
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface Ethernet2/2
Description ***Interface connected to ToR2 eth2/1***
no switchport
ip address 12.1.1.1/24
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface Ethernet2/3
Description ***Interface connected to ToR3 DC GW eth2/1***
no switchport
ip address 13.1.1.1/24
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface mgmt0
vrf member management
ip address 172.20.98.206/26
interface loopback0
ip address 5.5.5.5/32
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
line console
line vty
boot nxos bootflash:/n9000-dk9.6.1.2.I3.1.bin
router ospf 100
router-id 5.5.5.5
area 0.0.0.0 default-cost 10
Day Zero Configuration—Cisco ASR 9000 as DCI—VRF Peering Mode
service unsupported-transceiver
hostname asr9k1
telnet ipv4 server max-servers 5
username admin
password cisco123
group root-system
group cisco-support
interface MgmtEth0/0/CPU0/0
ipv4 address 172.29.128.10 255.255.255.0
interface GigabitEthernet0/0/1/19
description to peer node DC GW ToR3 eth1/2
ipv4 address 10.5.55.2 255.255.255.0
ipv6 address 2001:2002:1:1::2/64
interface loopback0
ipv4 address 6.6.6.6/32
router static
address-family ipv4 unicast
0.0.0.0/0 172.29.128.1
rd-set auto
end-set
route-policy vts-route-policy
pass
end-policy
lldp
##If you intend to manage the device using secured ports/protocols (SSH), make sure the SSH is enabled (pre-req: k9sec package) in the device and also configure the below commands as well
ssh server v2
ssh server vrf default
ssh timeout 60
Day Zero Configuration—Cisco Nexus 7000 as DCI—VRF Peering Mode
hostname dci-tb19
no system admin-vdc
install feature-set fabricpath
install feature-set fabric
vdc dci-tb19 id 1
limit-resource module-type f3
allow feature-set fabricpath
allow feature-set fabric
cpu-share 5
allocate interface Ethernet3/1-12
feature-set fabricpath
feature-set fabric
feature telnet
feature scp-server
cfs eth distribute
feature fabric forwarding
nv overlay evpn
feature ospf
featur bgp
feature pim
feature fabric multicast
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature vtp
feature nv overlay
feature nxapi
feature vni
ip pim rp-address 11.1.1.1 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
bridge-domain 1001-2000
vrf context management
ip route 0.0.0.0/0 172.20.100.1
hardware forwarding unicast trace
encapsulation vni dynamic dot1q 2-3967
##If you intend to manage the device using secure protocols, then you must enable HTTPS in the device using
nxapi https port 443
line default exec-timeout 0 0
line console exec-timeout 0 0
interface mgmt0
vrf member management
ip address 172.20.100.199/24
interface Vlan1
interface Ethernet3/3
description to peer node DC GW ToR3 eth1/2
no switchport
ip address 10.5.55.2 255.255.255.0
ipv6 address 2001:2002:1:1::2/64
no shutdown
interface loopback0
ip address 12.1.1.1/32
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
line console
line vty
boot kickstart bootflash:/n7000-s2-kickstart.7.3.0.D1.0.64.gbin sup-1
boot system bootflash:/n7000-s2-dk9.7.3.0.D1.0.64.gbin sup-1
router ospf 100
router-id 12.1.1.1
area 0.0.0.0 default-cost 10
fabricpath domain default
no system default switchport shutdown
no system auto-upgrade epld
Day Zero Configuration—Cisco ASR 9000 as Integrated DCI (DCI and DC Gateway)
service unsupported-transceiver
hostname asr9k1
telnet ipv4 server max-servers 5
username admin
password cisco123
group root-system
group cisco-support
interface MgmtEth0/0/CPU0/0
ipv4 address 172.29.128.10 255.255.255.0
interface GigabitEthernet0/0/1/19
description Interface connected to Spine
ipv4 address 20.0.1.3/24
no shutdown
interface loopback0
ipv4 address 6.6.6.6/32
router ospf 100
router-id 6.6.6.6
address-family ipv4 unicast
area 0
interface loopback0
interface GigabitEthernet0/0/1/19
router static
address-family ipv4 unicast
0.0.0.0/0 172.29.128.1
rd-set auto
end-set
lldp
##If you intend to manage the device using secured ports/protocols (SSH), make sure the SSH is enabled (pre-req: k9sec package) in the device and also configure the below commands as well
ssh server v2
ssh server vrf default
ssh timeout 60
line default exec-timeout 0 0
line console exec-timeout 0 0
Day Zero Configuration—Cisco Nexus 7000 as Integrated DCI (DCI and DC Gateway)
hostname dci-tb19
no system admin-vdc
install feature-set fabricpath
install feature-set fabric
vdc dci-tb19 id 1
limit-resource module-type f3
allow feature-set fabricpath
allow feature-set fabric
cpu-share 5
allocate interface Ethernet3/1-12
feature-set fabricpath
feature-set fabric
feature telnet
feature scp-server
cfs eth distribute
feature fabric forwarding
nv overlay evpn
feature ospf
feature bgp
feature pim
feature fabric multicast
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature vtp
feature nv overlay
feature nxapi
feature vni
ip pim rp-address 11.1.1.1 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
bridge-domain 1001-2000
vrf context vrf-tenant-profile
vrf context management
ip route 0.0.0.0/0 172.20.100.1
hardware forwarding unicast trace
encapsulation vni dynamic dot1q 2-3967
##If you intend to manage the device using secure protocols, then you must enable HTTPS in the device using
nxapi https port 443
interface mgmt0
vrf member management
ip address 172.20.100.199/24
interface Vlan1
interface Ethernet3/3
Description ***Interface connected to Spine***
no switchport
ip address 20.0.1.3/24
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface loopback0
ip address 12.1.1.1/32
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
line console
line vty
boot kickstart bootflash:/n7000-s2-kickstart.7.3.0.D1.0.64.gbin sup-1
boot system bootflash:/n7000-s2-dk9.7.3.0.D1.0.64.gbin sup-1
router ospf 100
router-id 12.1.1.1
area 0.0.0.0 default-cost 10
fabricpath domain default
no system default switchport shutdown
no system auto-upgrade epld
Basic IGP Neighbor-ship for BGP EVPN Advertisement
interface GigabitEthernet0/0/0/0
ipv4 address 10.29.128.12 255.255.255.0
interface Loopback0
ipv4 address 20.1.0.4 255.255.255.255
!
router ospf 100
router-id 20.1.0.4
address-family ipv4 unicast
area 0.0.0.0
default-cost 10
interface Loopback0
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
!
Corresponding Day 0 Configuration on Leaf/Spine
router ospf 100
router-id 4.4.4.4
area 0.0.0.0 default-cost 10
interface loopback0
ip address 4.4.4.4/32
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
vlan 800
no shutdown
interface Vlan800
no shutdown
ip address 10.29.128.1/24
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
interface ethernet 1/1 This is the interface where the IOS XRv connects to leaf or spine
no shutdown
switchport mode access
switchport access vlan800
The VTF IP address needs to be routed via the underlay network so that the VTF endpoint is advertised to all
the physical Leaf and Spine in the Data Center network.
Table 1) OSPF as Underlay Routing Protocol
Sample OSPF Configuration on Leaf 1 |
|
SVI for VTF n/w | interface Vlan800 no shutdown ip address 10.29.128.1/24 ip router ospf 100 area 0.0.0.0 |
OSPF Configuration | router ospf 100 router-id 4.4.4.4 area 0.0.0.0 default-cost 10 interface Vlan800 ip router ospf 100 area 0.0.0.0 |
Interface Configuration | interface ethernet 1/1 switchport access vlan 800 |
Sample OSPF Configuration on Leaf 2 |
|
SVI for VTF n/w | vlan 800 interface Vlan800 no shutdown ip address 20.29.128.1/24 ip router ospf 100 area 0.0.0.0 |
OSPF Configuration | router ospf 100 router-id 5.5.5.5 area 0.0.0.0 default-cost 10 interface Vlan800 ip router ospf 100 area 0.0.0.0 |
Interface Configuration | interface ethernet 1/1 switchport access vlan 800 |
Verification of Routes | OSPF Process ID 100 VRF default, Routing Table (D) denotes route is directly attached (R) denotes route is in RIB 4.4.4.4/32 (intra)(D) area 0.0.0.0 via 4.4.4.4/Lo0* , cost 1 distance 110 7.7.7.7/32 (intra)(R) area 0.0.0.0 via 21.0.0.3/Eth1/13 , cost 5 distance 110 8.8.8.8/32 (intra)(R) area 0.0.0.0 via 5.1.1.10/Eth1/7 , cost 41 distance 110 9.9.9.9/32 (intra)(R) area 0.0.0.0 via 21.0.0.3/Eth1/13 , cost 9 distance 110 10.6.45.0/24 (intra)(D) area 0.0.0.0 via 10.6.45.0/Eth1/15* , cost 40 distance 110 10.29.128.0/24 (intra)(D) area 0.0.0.0 via 10.29.128.0/Vlan800* , cost 40 distance 110
OSPF Process ID 200 VRF default, Routing Table (D) denotes route is directly attached (R) denotes route is in RIB 5.5.5.5/32 (intra)(D) area 0.0.0.0 via 5.5.5.5/Lo1* , cost 1 distance 110 |
BGP helps scale routes through the data center. For an extensive large data center, BGP provides better scalable control plane to route tenant VM based traffic. BGP protocol can also be used to scale and route VTF underlay network.
Note# **For N9K Platform C9372PX day0 TCAM config needs to change as below otherwise the non VXLAN traffic will be dropped
hardware access-list tcam region arp-ether 256 double-wide
interface Vlan900 no shutdown no ip redirects ip address 30.30.30.1/24 no ipv6 redirects ip pim sparse-mode
interface Ethernet1/40 switchport switchport mode trunk switchport trunk native vlan 900 switchport trunk allowed vlan 900 no shutdown
|
system bridge-domain 222 bridge-domain 222
interface Bdi222
interface Ethernet1/14
|
Table 2) BGP as Protocol for Routing VTF n/w Advertisements
Sample BGP Configuration |
|
Note: Use this as the Day0 BGP configuration if Route Reflectors are in your system. | interface Vlan800 no shutdown ip address 10.29.128.1/24
router bgp 23 router-id 4.4.4.4 address-family ipv4 unicast network 10.29.128.56/32 network 10.29.128.57/32 nexthop route-map vts-subnet-policy address-family l2vpn evpn retain route-target all |
vlan 1,800
interface Vlan800
no shutdown
ip address 10.29.128.1/24
interface Ethernet1/10 This is the interface from the compute to VTF.
switchport mode trunk
switchport trunk allowed vlan 800
vrf VTS-MGMT
address-family ipv4 unicast
!
!
interface Loopback0
ipv4 address 8.8.8.8 255.255.255.255
no shut
!
interface GigabitEthernet0/0/0/1
no ipv4 address 60.60.60.4 255.255.255.0
vrf VTS-MGMT
ipv4 address 60.60.60.4 255.255.255.0
!
router static
maximum path ipv4 30000
address-family ipv4 unicast
0.0.0.0/0 60.60.60.1
!
vrf VTS-MGMT
address-family ipv4 unicast
0.0.0.0/0 60.60.60.1
!
!
!
router ospf 100
router-id 8.8.8.8
address-family ipv4 unicast
area 0.0.0.0
default-cost 10
interface Loopback0
!
interface GigabitEthernet0/0/0/0
!
!
!
vrf VTS-MGMT
address-family ipv4 unicast
!
!
interface Loopback0
ipv4 address 52.52.52.52 255.255.255.255
no shut
!
interface GigabitEthernet0/0/0/1
no ipv4 address 70.70.70.4 255.255.255.0
vrf VTS-MGMT
ipv4 address 70.70.70.4 255.255.255.0
!
router static
maximum path ipv4 30000
address-family ipv4 unicast
0.0.0.0/0 70.70.70.1
!
vrf VTS-MGMT
address-family ipv4 unicast
0.0.0.0/0 70.70.70.1
!
!
!
router ospf 100
router-id 52.52.52.52
address-family ipv4 unicast
area 0.0.0.0
default-cost 10
interface Loopback0
!
interface GigabitEthernet0/0/0/0
!
!
!
For Convergence please enable spanning tree port type edge trunk on the interfaces of both TORs which forms Static Multi-homing group.
interface port-channel10description *** TOR Port-Channel for Connection to X Compute Node ***Spanning-tree port type edge trunk
interface Ethernet1/8 description *** Port Channel Connection to Compute X VNIC2 *** spanning-tree port type edge trunk channel-group 10 mode active no shutdown
interface port-channel1211 description *** FEX Port-Channel for Connection to Y Compute Node **** spanning-tree port type edge trunk
interface Ethernet122/1/2 channel-group 1211 mode active no shutdown
|
interface port-channel10description *** TOR Port-Channel for Connection to X Compute Node ***Spanning-tree port type edge trunk
interface Ethernet1/16 description *** VPC Connection to Compute X VNIC3 *** spanning-tree port type edge trunk channel-group 10 mode active no shutdown
interface port-channel1211 description *** FEX Port-Channel for Connection to X Compute Node **** spanning-tree port type edge trunk
interface Ethernet121/1/2 channel-group 1211 mode active no shutdown
|
SVI IP address should be same in both TORs. Apply the same configuration on both the TORs which formed ESI.
If you have another ESI Connection from different compute shared with the same TORs, then please create another ip sla config with other VTF IP.
When using SVI uplinks with VXLAN enabled on Cisco Nexus 9200 Series switches and Cisco Nexus 9300-EX switches, use #system nve infra-vlans <vlan> command, to specify the VLANs that are used for uplink SVI. Failing to specify the VLANs results in traffic loss
Note: ** For vHost, we don’t support switchport mode trunk. Please replace with switchport access vlan underlay config.
Ex:
#switchport mode trunk
#switchport trunk allowed vlan 100
Replace with
#switchport access vlan 100 (Port channel and on physical interface)
evpn esi multihoming
feature sla sender track 2 ip sla 2 reachability route-map redist-static permit 299
ip route 32.32.32.75/32 Vlan100 track 2 // This IP 32.32.32.75 is vtf IP, which you want to install on the compute router ospf UNDERLAY redistribute static route-map redist-static
ip sla 2 icmp-echo 32.32.32.75 source-ip 32.32.32.1 threshold 100 timeout 500 frequency 1
ip sla schedule 2 life forever start-time now
interface Vlan100 no shutdown no ip redirects ip address 32.32.32.1/24 ip router ospf 200 area 0.0.0.0 ip pim sparse-mode
interface port-channel10 switchport switchport mode trunk switchport trunk allowed vlan 100 ethernet-segment 45 system-mac aabb.ccdd.eeff spanning-tree port type edge trunk spanning-tree bpduguard enable spanning-tree bpdufilter enable no shutdown
interface Ethernet1/2 switchport mode trunk
interface Ethernet2/2 description "CONNECTED WITH SPINE" // Every TOR has different IP connected to the Spine evpn multihoming core-tracking <<<Just add this under the Interface connected with Spine>>> ip address 10.10.10.10/24 ip router ospf 100 area 0.0.0.0 ip pim sparse-mode no shutdown
|
SVI IP address should be same in both TORs. Apply the same configuration on both the TORs which formed VPC
If you have another VPC Connection from different compute shared with the same TORs, then please create another ip sla config with other VTF IP.
When using SVI uplinks with VXLAN enabled on Cisco Nexus 9200 Series switches and Cisco Nexus 9300-EX switches, use #system nve infra-vlans <vlan> command, to specify the VLANs that are used for uplink SVI. Failing to specify the VLANs results in traffic loss
Note: ** For vHost, we don’t support switchport mode trunk. Please replace with switchport access vlan underlay config.
Ex:
#switchport mode trunk
#switchport trunk allowed vlan 100
Replace with
#switchport access vlan 100 (Port channel and on physical interface)
vpc domain 50 peer-keepalive destination 172.29.128.8 peer-gateway ip arp synchronize ipv6 nd synchronize
feature sla sender track 2 ip sla 2 reachability route-map redist-static permit 299
ip route 32.32.32.75/32 Vlan100 track 2 // This is the VTF IP which you want to install on Compute router ospf UNDERLAY redistribute static route-map redist-static
ip sla 2 icmp-echo 32.32.32.75 source-ip 32.32.32.1 threshold 100 timeout 500 frequency 1
ip sla schedule 2 life forever start-time now
interface Vlan100 no shutdown no ip redirects ip address 32.32.32.1/24 ip router ospf 200 area 0.0.0.0 ip pim sparse-mode
interface port-channel10 switchport switchport mode trunk switchport trunk allowed vlan 100 spanning-tree port type edge trunk spanning-tree bpduguard enable spanning-tree bpdufilter enable vpc 50 interface port-channel20 Description ***Port channel link connected to ToR2 vPC peer link*** switchport mode trunk spanning-tree port type network speed 1000 vpc peer-link
interface Ethernet1/4 Description ***Interface connected to ToR2 eth1/4 for vPC peer link*** switchport mode trunk channel-group 20 no shutdown
interface Ethernet1/2 switchport mode trunk
|
SVI IP address should be same in both TORs. Apply the same configuration on both the TORs which formed SMH
If you have another SMH Connection from different compute shared with the same TORs, then please create another ip sla config with other VTF IP.
When using SVI uplinks with VXLAN enabled on Cisco Nexus 9200 Series switches and Cisco Nexus 9300-EX switches, use #system nve infra-vlans <vlan> command, to specify the VLANs that are used for uplink SVI. Failing to specify the VLANs results in traffic loss
Note: ** For vHost, we don’t support switchport mode trunk. Please replace with switchport access vlan underlay config.
Ex:
#switchport mode trunk
#switchport trunk allowed vlan 100
Replace with
#switchport access vlan 100 (Port channel and on physical interface)
feature sla sender track 2 ip sla 2 reachability route-map redist-static permit 299
ip route 32.32.32.75/32 Vlan100 track 2 // This is the VTF IP which you want to install on compute router ospf UNDERLAY redistribute static route-map redist-static
ip sla 2 icmp-echo 32.32.32.75 source-ip 32.32.32.1 threshold 100 timeout 500 frequency 1
ip sla schedule 2 life forever start-time now
interface Vlan100 no shutdown no ip redirects ip address 32.32.32.1/24 ip router ospf 200 area 0.0.0.0 ip pim sparse-mode
interface port-channel10 switchport switchport mode trunk switchport trunk allowed vlan 100 no shutdown
interface Ethernet1/8 switchport mode trunk
|
When using SVI uplinks with VXLAN enabled on Cisco Nexus 9200 Series switches and Cisco Nexus 9300-EX switches, use # system nve infra-vlans <vlan> command, to specify the VLANs that are used for uplink SVI. Failing to specify the VLANs results in traffic loss
Note: ** For vHost, we don’t support switchport mode trunk. Please replace with switchport access vlan underlay config.
Ex:
#switchport mode trunk
#switchport trunk allowed vlan 100
Replace with
#switchport access vlan 100 (Port channel and on physical interface)
interface Vlan100 ipv6 router ospfv3 200 area 0.0.0.0
interface Ethernet1/38
|
When using SVI uplinks with VXLAN enabled on Cisco Nexus 9200 Series switches and Cisco Nexus 9300-EX switches, use #system nve infra-vlans <vlan> command, to specify the VLANs that are used for uplink SVI. Failing to specify the VLANs results in traffic loss
Note: ** For vHost, we don’t support switchport mode trunk. Please replace with switchport access vlan underlay config.
Ex:
#switchport mode trunk
#switchport trunk allowed vlan 100
Replace with
#switchport access vlan 100 (Port channel and on physical interface)
interface Vlan100 ipv6 router ospfv3 200 area 0.0.0.0
interface port-channel10 switchport switchport mode trunk switchport trunk allowed vlan 100 no shutdown
interface Ethernet1/8 switchport mode trunk
interface Ethernet1/9 switchport mode trunk
|
Note: You have to disable VPC (no feature vpc) before enabling ESI feature. Different ESI groups/domains must have different ES-id or system MAC. In other words, duplicate ES-id and system MAC are not allowed among ESI groups. This needs to be guaranteed by providing the correct Day Zero configurations for ESI on Cisco Nexus 9000 switches.
Day Zero Configuration on TOR1
evpn esi multihoming <<<<To enable ESI>>>>>>>>
hardware access-list tcam region vpc-convergence 256
hardware access-list tcam region arp-ether 256
interface nve1
no shutdown
source-interface loopback0
host-reachability protocol bgp
interface port-channel30
switchport mode trunk
switchport trunk allowed vlan none
ethernet-segment 45
system-mac aabb.ccdd.eeff
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
interface Ethernet1/1
description "Compute 1 is connected with ETH1"
switchport mode trunk
switchport trunk allowed vlan none
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
channel-group 30 mode active
interface Ethernet2/2
Description " Connected with Spine"
no switchport
evpn multihoming core-tracking <<<Just add this under the Interface connected with Spine>>>
ip address 16.1.1.2/24
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
no shutdown
Day Zero Configuration on TOR2
evpn esi multihoming <<<<To enable ESI>>>>>>
interface port-channel30
switchport
switchport mode trunk
switchport trunk allowed vlan none
ethernet-segment 45
system-mac aabb.ccdd.eeff
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
interface nve1
no shutdown
source-interface loopback0
host-reachability protocol bgp
interface Ethernet1/21
description "Compute 1 second connection for ESI with Eth2"
switchport
switchport mode trunk
switchport trunk allowed vlan none
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
channel-group 30 mode active
interface Ethernet2/2
description "CONNECTED WITH SPINE"
evpn multihoming core-tracking <<<Just add this under the Interface connected with Spine>>>
ip address 17.1.1.2/24
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
no shutdown
After your BGP sessions are established, use the below command to see if ESI is up.
show nve etherenet-segment detail
ESI: 03.<aa:bb:cc:dd:ee:ff><00:00:2d>,
Parent interface: port-channel30,
ES State: Up
Port-channel state: Up
NVE Interface: nve1
NVE State: Up
Host Learning Mode: Control-Plane
Active Vlans: --
DF Vlans: --
Active VNIs: --
Number of ES members: 2
My ordinal: 1
DF timer start time: 00:00:00
Config State: config-applied
DF List: 9.1.1.1 10.1.1.1
ES route added to L2RIB: True
EAD routes added to L2RIB: True
In case of Cisco Nexus 9000 series devices. (93XX, 95XX, 9XXX) and Nexus 5000 (56XX):
interface Ethernet1/2 description ***Interface connected to Compute1 Eth1 link running VTF-L2*** switchport mode trunk switchport trunk native vlan 100 switchport trunk allowed vlan 100
|
In case of Cisco Nexus 7000 series devices(7000/7700):
system bridge-domain 100 vni 9999 bridge-domain 100 member vni 9999 ! interface Ethernet1/42 description ***Interface connected to Compute1 Eth1 link running VTF-L2*** no shutdown service instance 100 vni no shutdown encapsulation untagged dot1q 100 vni 9999 ! interface Bdi100 no shutdown ip address 75.76.1.1/30 ip router ospf 100 area 0.0.0.0 ip pim sparse-mode
Here, vlan 100 and bdi 100 are underlay vlan and bdi interfaces on respective TOR/device.
|
The following 2 tcam regions are required to use VTS security group feature for baremetal and SRIOV ports.
hardware access-list tcam region vacl xxx
hardware access-list tcam region ipv6-vacl xxx
Sample TCAM region allocation for Nexus9000 93180YC-EX
NAT ACL[nat] size = 0 Ingress PACL [ing-ifacl] size = 0 VACL [vacl] size = 256 Ingress RACL [ing-racl] size = 1024 Ingress RBACL [ing-rbacl] size = 0 Ingress L2 QOS [ing-l2-qos] size = 256 Ingress L3/VLAN QOS [ing-l3-vlan-qos] size = 512 Ingress SUP [ing-sup] size = 512 Ingress L2 SPAN filter [ing-l2-span-filter] size = 256 Ingress L3 SPAN filter [ing-l3-span-filter] size = 256 Ingress FSTAT [ing-fstat] size = 0 span [span] size = 0 Egress RACL [egr-racl] size = 1024 Egress SUP [egr-sup] size = 256 Ingress Redirect [ing-redirect] size = 0 Egress L2 QOS [egr-l2-qos] size = 0 Egress L3/VLAN QOS [egr-l3-vlan-qos] size = 0 Ingress NBM [ing-nbm] size = 0
|
Sample TCAM region allocation for Nexus9000 C9372TX
IPV4 PACL [ifacl] size = 256 IPV6 PACL [ipv6-ifacl] size = 0 MAC PACL [mac-ifacl] size = 0 IPV4 Port QoS [qos] size = 0 IPV6 Port QoS [ipv6-qos] size = 0 MAC Port QoS [mac-qos] size = 0 FEX IPV4 PACL [fex-ifacl] size = 0 FEX IPV6 PACL [fex-ipv6-ifacl] size = 0 FEX MAC PACL [fex-mac-ifacl] size = 0 FEX IPV4 Port QoS [fex-qos] size = 0 FEX IPV6 Port QoS [fex-ipv6-qos] size = 0 FEX MAC Port QoS [fex-mac-qos] size = 0 IPV4 VACL [vacl] size = 256 IPV6 VACL [ipv6-vacl] size = 256 MAC VACL [mac-vacl] size = 0 IPV4 VLAN QoS [vqos] size = 0 IPV6 VLAN QoS [ipv6-vqos] size = 0 MAC VLAN QoS [mac-vqos] size = 0 IPV4 RACL [racl] size = 0 IPV6 RACL [ipv6-racl] size = 0 IPV4 Port QoS Lite [qos-lite] size = 0 FEX IPV4 Port QoS Lite [fex-qos-lite] size = 0 IPV4 VLAN QoS Lite [vqos-lite] size = 0 IPV4 L3 QoS Lite [l3qos-lite] size = 0 Egress IPV4 QoS [e-qos] size = 0 Egress IPV6 QoS [e-ipv6-qos] size = 0 Egress MAC QoS [e-mac-qos] size = 0 Egress IPV4 VACL [vacl] size = 256 Egress IPV6 VACL [ipv6-vacl] size = 256 Egress MAC VACL [mac-vacl] size = 0 Egress IPV4 RACL [e-racl] size = 0 Egress IPV6 RACL [e-ipv6-racl] size = 0 Egress IPV4 QoS Lite [e-qos-lite] size = 0 IPV4 L3 QoS [l3qos] size = 0 IPV6 L3 QoS [ipv6-l3qos] size = 0 MAC L3 QoS [mac-l3qos] size = 0 Ingress System size = 256 Egress System size = 256 SPAN [span] size = 0 Ingress COPP [copp] size = 256 Ingress Flow Counters [flow] size = 0 Egress Flow Counters [e-flow] size = 0 Ingress SVI Counters [svi] size = 0 Redirect [redirect] size = 256 NS IPV4 Port QoS [ns-qos] size = 0 NS IPV6 Port QoS [ns-ipv6-qos] size = 0 NS MAC Port QoS [ns-mac-qos] size = 0 NS IPV4 VLAN QoS [ns-vqos] size = 0 NS IPV6 VLAN QoS [ns-ipv6-vqos] size = 0 NS MAC VLAN QoS [ns-mac-vqos] size = 0 NS IPV4 L3 QoS [ns-l3qos] size = 0 NS IPV6 L3 QoS [ns-ipv6-l3qos] size = 0 NS MAC L3 QoS [ns-mac-l3qos] size = 0 VPC Convergence/ES-Multi Home [vpc-convergence] size = 0 IPSG SMAC-IP bind table [ipsg] size = 0 Ingress ARP-Ether ACL [arp-ether] size = 0 ranger+ IPV4 QoS Lite [rp-qos-lite] size = 0 ranger+ IPV4 QoS [rp-qos] size = 256 ranger+ IPV6 QoS [rp-ipv6-qos] size = 256 ranger+ MAC QoS [rp-mac-qos] size = 256 NAT ACL[nat] size = 0 Mpls ACL size = 0 MOD RSVD size = 0 sFlow ACL [sflow] size = 0 mcast bidir ACL [mcast_bidir] size = 0 Openflow size = 0 Openflow Lite [openflow-lite] size = 0 Ingress FCoE Counters [fcoe-ingress] size = 0 Egress FCoE Counters [fcoe-egress] size = 0 Redirect-Tunnel [redirect-tunnel] size = 0 SPAN+sFlow ACL [span-sflow] size = 0 Openflow IPv6 [openflow-ipv6] size = 0 mcast performance ACL [mcast-performance] size = 0 Mpls Double Width ACL size = 0 N9K ARP ACL [n9k-arp-acl] size = 0 N3K V6 Span size = 0 N3K V6 L2 Span size = 0
|