Implementing VXLAN

This module provides configuration information for layer 3 VXLAN on Cisco ASR 9000 Series Router. For conceptual information on VXLAN, see Implementing VXLAN chapter in the L2VPN and Ethernet Services Configuration Guide for Cisco ASR 9000 Series Routers.

Table 1. Feature History for VXLAN
Release Modification
Release 5.2.0 This feature was introduced on Cisco ASR 9000 Series Router.

Note

VXLAN is not supported on ASR 9000 16-port 100GE QSFP TR (A9K-16X100GE-TR) , ASR 9900 16-port 100GE QSFP SE (A99-16X100GE-X-SE) and ASR 9900 32-port 100GE QSFP TR (A99-32X100GE-TR) line cards.

Configuring a Layer 3 VXLAN gateway

A layer 3 VXLAN gateway provides routing between VXLAN segment and any other network segment such as VXLAN, VLAN or L3VPN. The following sections show how to configure an ASR 9000 series router as a Layer 3 VXLAN gateway between a VLAN and a VXLAN segment in different networks.

Prerequisites

The following are the prerequisites to configuring a Cisco ASR 9000 series router as a VXLAN Layer 2 gateway:

  • Configure a loopback interface. It serves as a source interface for the local VTEP.

  • Configure unicast reachability to remote VTEPs.

  • Configure Bidirectional Protocol Independent Multicast (Bidir PIM) or PIM Sparse Mode. For more information, see the Multicast Configuration Guide for Cisco ASR 9000 Series Routers.

Restrictions

Consider the following restrictions while configuring VXLAN:
  • You configure VXLAN only on Overlay Transport Virtualization (OTV) and VXLAN UDP ports.

  • The source interface can only be a loopback interface.

  • You cannot share a VNI or a multicast group or a source interface across multiple NVE interfaces.

  • The VNI range and the multicast range both can only be specified contiguously. A non-contiguous range with comma separated values is not supported.

  • The VNI to multicast group mapping can be only either 1:1 or N:1. For example,
    • The "member vni 5000 mcast-group 239.1.1.1" command configures a valid 1:1 mapping.

    • The "member vni 5000-5005 mcast-group 239.1.1.1" command configures a valid N:1 mapping.

  • When a VNI is configured as a part of a VNI range, it can be modified or deleted only as part of the same range. For example, if the "member vni 5000-5002 mcast-group 239.1.1.1" command is configured, you cannot disassociate just the VNI 5001 from the NVE interface with a "no member vni 5001" command.

  • Static MAC configuration is not supported.

  • You can configure a maximum of 128k Layer 2 and Layer 3 sub-interfaces per system. The configuration can be a combination of both Layer 2 sub-interfaces and Layer 3 sub-interfaces; or either fully Layer 2 sub-interfaces or Layer 3 sub-interfaces.

    Though the system allows you to configure more than 128k sub-interfaces per system, you cannot use this configuration for services. Though the system displays a warning message on reaching the threshold of 128k sub-interfaces, the configuration is still applied. However, you cannot use this configuration for services.

Creating and configuring the Network Virtualization Endpoint (NVE) interface

Perform this task to create an NVE interface and configure it as a VXLAN Tunnel EndPoint (VTEP) for VxLAN.

SUMMARY STEPS

  1. interface nve nve-identifier
  2. source-interface loopback loopback-interface-identifier
  3. member vni vni_number [ -end_vni_range ] mcast-group ip_address [ end_ip_address_range ]
  4. Use the commit or end command.

DETAILED STEPS


Step 1

interface nve nve-identifier

Example:

RP/0/RSP0/CPU0:router(config)# interface nve 1

Creates the NVE interface and enters the NVE interface configuration sub-mode.

Step 2

source-interface loopback loopback-interface-identifier

Example:

RP/0/RSP0/CPU0:router(config-if)# source-interface loopback 1

Sets a loopback interface as the source interface for the VTEP.

Step 3

member vni vni_number [ -end_vni_range ] mcast-group ip_address [ end_ip_address_range ]

Example:

RP/0/RSP0/CPU0:router(config-if)# member vni 1-10 mcast-group 224.2.2.2
Associates a single VxLAN or a contiguous range of VxLANs with the NVE interface using their VxLAN Network Identifiers (VNIs) and specifies a multicast address or a contiguous multicast address range associated with these VNIs.
Note 

The mapping between the VNIs and the multicast groups is either one-to-one or many-to-one.

Step 4

Use the commit or end command.

commit - Saves the configuration changes and remains within the configuration session.

end - Prompts user to take one of these actions:

  • Yes - Saves configuration changes and exits the configuration session.
  • No - Exits the configuration session without committing the configuration changes.
  • Cancel - Remains in the configuration mode, without committing the configuration changes.

Configuring the L3 bridge virtual interface

Perform this task to configure the IPv4 address for a bridge virtual interface for L3 routing.

SUMMARY STEPS

  1. interface BVI BVI-identifier
  2. ipv4 address ip-address{ /prefix | subnet mask}
  3. Use the commit or end command.

DETAILED STEPS


Step 1

interface BVI BVI-identifier

Example:

RP/0/RSP0/CPU0:router(config)# interface BVI 1
Enters the bridge virtual interface configuration mode.
Step 2

ipv4 address ip-address{ /prefix | subnet mask}

Example:

RP/0/RSP0/CPU0:router(config-if)# ipv4 address 1.1.1.1 255.0.0.0

Sets the IPv4 address for the bridge virtual interface.

Step 3

Use the commit or end command.

commit - Saves the configuration changes and remains within the configuration session.

end - Prompts user to take one of these actions:

  • Yes - Saves configuration changes and exits the configuration session.
  • No - Exits the configuration session without committing the configuration changes.
  • Cancel - Remains in the configuration mode, without committing the configuration changes.

Configuring a bridge domain

Perform this task to configure a bridge domain.

SUMMARY STEPS

  1. l2vpn
  2. bridge group bridge-group-name
  3. bridge-domain bridge-domain-name
  4. member vni vxlan-id
  5. routed interface BVI BVI-id
  6. Use the commit or end command.

DETAILED STEPS


Step 1

l2vpn

Example:

RP/0/RSP0/CPU0:router(config)# l2vpn

Enters the l2vpn configuration mode.

Step 2

bridge group bridge-group-name

Example:

RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group bgroup1

Enters the bridge group configuration mode.

Step 3

bridge-domain bridge-domain-name

Example:

RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain bdomain1
Enters the bridge domain configuration mode.
Step 4

member vni vxlan-id

Example:

RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# member vni 10
Associates a member VNI with the bridge domain.
Step 5

routed interface BVI BVI-id

Example:

RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# routed interface BVI 1
Sets the bridge virtual interface for the bridge domain.
Step 6

Use the commit or end command.

commit - Saves the configuration changes and remains within the configuration session.

end - Prompts user to take one of these actions:

  • Yes - Saves configuration changes and exits the configuration session.
  • No - Exits the configuration session without committing the configuration changes.
  • Cancel - Remains in the configuration mode, without committing the configuration changes.

Configuration Example for Implementing Layer 3 VXLAN Gateway

The following example shows layer 3 VXLAN gateway configuration on two Provider Edge (PE) routers, R1 and R2, from a sample network topology that has the core network simplified as a bundle link connection between the PE routers.

Figure 1. Network with Layer 3 VXLAN Gateways


Configuration at R1:
interface Bundle-Ether10
  ipv4 address 192.168.1.1/24
!
interface Loopback0
  ipv4 address 1.1.1.1/32
!
interface T0/2/0/1
 no shut
!
interface T0/2/0/1.100
 encapsulation dot1q 100
 ipv4 address 19.19.19.1/24
!
interface BVI1
 ipv4 address 100.1.1.1 255.255.255.0
 ipv6 address 100::1/64
!
router ospf underlay
 router-id 1.1.1.1
 area 0
  interface Bundle-Ether10
  interface Loopback0
!
Interface nve 1
  member vni 1 mcast-group 224.2.2.2 0.0.0.0
  overlay-encapsulation vxlan  
  source-interface Loopback0
!
router ospf overlay
  area 0
    interface bvi1
 interface T0/2/0/1.100
!
l2vpn
 bridge group vxlan
  bridge-domain vxlan
    routed interface BVI1
    member vni 1
  !
multicast-routing
 address-family ipv4
  interface loopback0
    enable
  interface Bundle-Ether10
     enable
!
router pim
 address-family ipv4
  rp-address 1.1.1.1 bidir
Configuration at R2:
interface Bundle-Ether10
  ipv4 address 192.168.1.2/24
!
interface Loopback0
  ipv4 address 2.2.2.2/32
!
interface T0/3/0/23
 no shut
!
interface T0/3/0/23.100
 encapsulation dot1q 100
 ipv4 address 20.20.20.1/24
!
interface BVI1
 ipv4 address 100.1.1.2 255.255.255.0
 ipv6 address 100::2/64
router ospf underlay
 router-id 2.2.2.2
 area 0
  interface Bundle-Ether10
  interface Loopback0
!
Interface nve 1
  member vni 1 mcast-group 224.2.2.2 0.0.0.0
  overlay-encapsulation vxlan
  source-interface Loopback0
!
router ospf overlay
  area 0
    interface bvi1
    interface T0/3/0/23.100
!
l2vpn
 bridge group vxlan
  bridge-domain vxlan
    routed interface BVI1
    member vni 1
  !
multicast-routing
 address-family ipv4
  interface loopback0
    enable
  interface Bundle-Ether10
     enable
!
router pim
 address-family ipv4
  rp-address 1.1.1.1 bidir