Migration Configuration

This chapter contains the following sections:

Configuring the BGP Route Reflector on a Spine
Updating SVI Configuration on Border Leaf Nodes
Configuring Border Leafs for DFA
Adding a Host-Facing Tenant Interface (VLAN)
Adding a Tenant (VRF) Instance on a Leaf
Removing HSRP Configuration on all Border Leafs

Configuring the BGP Route Reflector on a Spine

You can add the Cisco Dynamic Fabric Automation (DFA)-specific Border Gateway Protocol (BGP) configuration on the spine and identify the BGP route reflector.

Note the following requirements on spine switches:

If you use a Cisco Nexus 6000 or 7000 Series switch as a spine switch, do the following. FabricPath non-tranit mode is supported on Cisco Nexus 7000 Series Switches.
- For a transit mode switch, you must enter the fabricpath mode transit command.
  
  Note
  For the fabricpath mode transit command to take effect, the system must be reloaded.

Note

Spines in the Cisco DFA fabric might or might not be BGP route-reflector nodes. If you must configure the spine switch as a BGP route-reflector, use the configuration in the following procedure.

Before You Begin

You must upgrade the spine switch software.

	Command or Action	Purpose
Step 1	switch #configure terminal	Enters global configuration mode.
Step 2	switch (config) # feature bgp	Enables the Border Gateway Protocol (BGP). You must enable the BGP feature before you can configure BGP.
Step 3	switch (config) # router bgp bgp-as	Configures a BGP process for an interface. The `as-number` is the number of an autonomous system that identifies the router to other BGP routers and tags that the routing information passed along. The AS number can be a 16-bit integer or a 32-bit integer in the form of a higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
Step 4	switch (config-router) # address-family ipv4 unicast	Enters address family mode and configures submode commands for the BGP.
Step 5	switch (config-router) # maximum-paths ibgp [maximum parallel paths]	Controls the maximum number of parallel routes that the BGP can support.
Step 6	switch (config-router-af) # additional-paths send	Sends additional paths to and from the BGP peers.
Step 7	switch (config-router-af) # additional-paths selection route-map All-paths	Specifies the route map for the additional paths selection.
Step 8	switch (config-router) # address-family ipv6 unicast	Enter address family mode and configures submode commands for the BGP.
Step 9	switch (config-router) # maximum-paths [ibgp]	Controls the maximum number of parallel routes that the BGP can support.
Step 10	switch (config-router-af) # additional-paths send	Sends additional paths to and from the BGP peers.
Step 11	switch (config-router-af) # additional-paths selection route-map	Specifies the route map for the additional paths selection.
Step 12	switch (config-router) # address-family vpnv4 unicast	Enters address family mode and configures submode commands for the BGP.
Step 13	switch (config-router-af) # additional-paths send	Sends additional paths to and from the BGP peers.
Step 14	switch (config-router-af) # additional-paths receive	Receives additional paths to and from the BGP peers.
Step 15	switch (config-router-af) # additional-paths selection route-map	Specifies the route map for the additional paths selection.
Step 16	switch (config-router) # address-family vpnv6 unicast	Enters address family mode and configures submode commands for the BGP.
Step 17	switch (config-router-af) # additional-paths send	Sends additional paths to and from the BGP peers.
Step 18	switch (config-router-af) # additional-paths receive	Receives additional paths to and from the BGP peers
Step 19	switch (config-router-af) # additional-paths selection route-map	Specifies the route map for the additional paths selection.
Step 20	switch (config-router) # neighbor {bgp-client-subnet/mask} [remote-as {as-num [,as-num]}	Configures a BGP neighbor (router, vrf) and enters neighbor configuration mode.
Step 21	switch (config-router-neighbor) # address-family ipv4 unicast	Enters address family mode or a virtual routing and forwarding (VRF) address-family mode to configure submode commands for the BGP.
Step 22	switch (config-router-neighbor-af) # send-community	Sends a BGP community attribute to a peer.
Step 23	switch (config-router-neighbor-af) # send-community [extended]	Sends extended BGP community attribute to a peer.
Step 24	switch (config-router-neighbor-af) #route-reflector-client	Configures the router as a BGP route reflector and configures the specified neighbor as its client.
Step 25	switch (config-router-neighbor) # address-family ipv6 unicast	Enters address family mode configure submode commands for the BGP.
Step 26	switch (config-router-neighbor-af) # send-community [extended]	Sends a BGP community attribute to a peer.
Step 27	switch (config-router-neighbor-af) #route-reflector-client	Configures the router as a BGP route reflector and configures the specified neighbor as its client.
Step 28	switch (config-router-neighbor) # address-family vpnv4 unicast	Enters address family mode configure submode commands for the BGP.
Step 29	switch (config-router-neighbor-af) # send-community [extended]	Sends a BGP community attribute to a peer.
Step 30	switch (config-router-neighbor-af) # route-reflector-client	Configures the router as a BGP route reflector and configures the specified neighbor as its client.
Step 31	switch (config-router-neighbor-af) # capability additional-paths receive	Configures BGP to advertise the capability of sending and receiving additional paths to and from the BGP peers.
Step 32	switch (config-router-neighbor) #address-family-vpnv6 unicast	Enters address family mode configure submode commands for the BGP.
Step 33	switch (config-router-neighbor-af) # send-community [extended]	Sends a BGP community attribute to a peer.
Step 34	switch (config-router-neighbor-af) # route-reflector-client	Configures the router as a BGP route reflector and configures the specified neighbor as its client.

This example shows how to configure the BGP route reflector on the spine switch.

switch # configure terminal
switch (config) # feature bgp
switch (config) # router bgp 100
switch (config-router) # router-id 1.1.1.4
switch (config-router) # address-family ipv4 unicast
switch (config-router-af) # redistribute hmm route-map AM <---AM is the route-map name that permits all IPv4 routes excluding VLAN-x backbone prefix
switch (config-router-af) # maximum-paths ibgp 2
switch (config-router-af) # additional-paths send
switch (config-router-af) # additional-paths selection route-map ALL-PATHS
switch (config-router) # address-family ipv6 unicast
switch (config-router-af) # redistribute hmm route-map host-v6 <---host-v6 is the route-map name that
permits all IPv6 routes 
switch (config-router-af) # maximum-paths ibgp 2
switch (config-router-af) # additional-paths send
switch (config-router-af) # additional-paths selection route-map ALL-PATHS
switch (config-router) # address-family vpnv4 unicast
switch (config-router-af) # additional-paths send		
switch (config-router-af) # additional-paths receive
switch (config-router-af) # additional-paths selection route-map ALL-PATHS
switch (config-router) # address-family vpnv6 unicast
switch (config-router-af) # additional-paths send
switch (config-router-af) # additional-paths receive
switch (config-router-af) # additional-paths selection route-map ALL-PATHS
switch (config-router) # neighbor 1.1.1.0/24 remote-as 100 <---Route-Reflector Spine IP=1.1.1.1
switch (config-router-neighbor) # address-family ipv4 unicast
switch (config-router-neighbor-af) # send-community
switch (config-router-neighbor-af) # send-community extended
switch (config-router-neighbor-af) # route-reflector-client
switch (config-router-neighbor) # address-family ipv6 unicast
switch (config-router-neighbor-af) # send-community extended
switch (config-router-neighbor-af) # route-reflector-client
switch (config-router-neighbor) # address-family vpnv4 unicast
switch (config-router-neighbor-af) # send-community extended
switch (config-router-neighbor-af) # route-reflector-client
switch (config-router-neighbor) # address-family vpnv6 unicast
switch (config-router-neighbor-af) # send-community extended
switch (config-router-neighbor-af) # route-reflector-client

Updating SVI Configuration on Border Leaf Nodes

You can enable anycast forwarding mode on switched virtual interfaces (SVIs) without a VN-segment on border leaf devices and nondefault VRF VLANs and you can enable the Hot Standby Routing Protocol (HSRP) virtual IP addresses on the border leaf.

Before You Begin

You must upgrade the border leaf software.

	Command or Action	Purpose
Step 1	switch # configure terminal	Enters global configuration mode.
Step 2	switch (config) # feature hsrp	Enters HSRP configuration mode and enables HSRP.
Step 3	switch (config) # interface vlan vlan-id	Creates a VLAN interface and enters interface configuration mode. The `vlan-id` range is from 1 to 4094.
Step 4	switch (config-if) # no shutdown	Disables the shutdown function on an instance of the BGP.
Step 5	switch (config-if) # no ip redirects	Disables IP redirects.
Step 6	switch (config-if) # ip address ip-address-mask	Specifies a primary IP address for an interface.
Step 7	switch (config-if) # ipv6 address {addr \| [eui64] [route-preference preference ] [secondary] [tag tag-id] \| use-link-local-only }	Configures an IPv6 address on an interface. The `addr` format is A:B::C:D/length. The length range is 1 to 128. The eui64 command configures the Extended Unique Identifier (EUI64) for the low-order 64 bits of the address. The route-preference command sets the route preference for local or direct routes. The`preference` range is from 0 to 255. The secondary command creates a secondary IPv6 address. The tagtag command configures a route tag value for local or direct routes. The use-link-local-only command specifies IPv6 on the interface using only a single link-local.
Step 8	switch (config-if) # ip router ospf area instance-tag area area-id [secondaries none]	Specifies the Open Shortest Path First (OSPF) instance and area for an interface. The `instance-tag` is locally assigned and can be any word or positive integer; can be a maximum of 20 alphanumeric characters.
Step 9	switch (config-if) # fabric forwarding anycast-gateway-mac mac-address	Specifics the MAC address of the server-facing ports across all leaf nodes. The anycast gateway MAC address is used per interface; it is replicated across all the switch virtual interfaces (SVI) that are supporting proxy gateway or anycast gateway mode.
Step 10	switch (config-if) # hrsp version 2	Configures the Hot Standby Redundancy Protocol (HSRP) version 2.
Step 11	switch (config-if-hsrp) # hsrp group-number [ip4 \| ipv6]	Enters HSRP configuration mode and creates the number of HSRP groups that can be configured on a Gigabit Ethernet port, including the main interfaces and subinterfaces. The `group-number` range is from 1 to 255. The default value is 0.
Step 12	switch (config-if-hsrp) # preempt [delay {minimum min-delay \| reload rel-delay \| sync \| sync-delay}]	Configures a preemption delay. If you opt to specify a delay minimum, this specifies the minimum number of seconds that preemption is delayed to allow routing tables to be updated before a router becomes active. If you opt to specify a delay reload , this specifies the time delay after the router has reloaded. This period applies only to the first interface-up event after the router had reloaded. The default value is 0. If you opt to specify a delay sync, this specifies the maximum number of seconds to allow IP redundancy clients to prevent preemption. When this period expires, preemption occurs regardless of the state of the IP redundancy clients. The default value is 0.
Step 13	switch (config-if-hsrp) # priority level [forwarding-threshold lower lower-value upper upper-value]	Sets the priority level within an HSRP group. The `level` range of values is from 1 to 255. If this router is the owner of the IP addresses, then the value is automatically set to 255. The default is 100. If you specify a forwarding-threshold, you set the threshold used by a vPC to determine when to fail over to the vPC trunk. The `lower-value` range is from 1 to 255. The default is 1. The `upper-value` range is from 1 to 255. The default is 255.
Step 14	switch (config-if-hsrp) # ip [autoconfig \| ip-address [secondary]]	Assigns a virtual address to an HSRP group.
Step 15	switch (config-if-) # hsrp group-number [ip4 \| ipv6]	Enters HSRP configuration mode and creates the number of HSRP groups that can be configured on a Gigabit Ethernet port, including the main interfaces and subinterfaces. The `group-number` range is from 1 to 255. The default value is 0.
Step 16	switch (config-if-hsrp) # mac-address mac-address	Configures a static MAC address for a Layer 3 interface.
Step 17	switch (config-if-hsrp) # preempt [delay {minimum min-delay \| reload rel-delay \| sync \| sync-delay}]	Configures a preemption delay. If you opt to specify a delay minimum, this specifies the minimum number of seconds that preemption is delayed to allow routing tables to be updated before a router becomes active. If you opt to specify a delay reload , this specifies the time delay after the router has reloaded. This period applies only to the first interface-up event after the router had reloaded. The default value is 0. If you opt to specify a delay sync, this specifies the maximum number of seconds to allow IP redundancy clients to prevent preemption. When this period expires, preemption occurs regardless of the state of the IP redundancy clients. The default value is 0.
Step 18	switch (config-if-hsrp) # priority level [forwarding-threshold lower lower-value upper upper-value]	Sets the priority level within an HSRP group. The `level` range of values is from 1 to 255. If this router is the owner of the IP addresses, then the value is automatically set to 255. The default is 100. If you specify a forwarding-threshold, you set the threshold used by a vPC to determine when to fail over to the vPC trunk. The `lower-value` range is from 1 to 255. The default is 1. The `upper-value` range is from 1 to 255. The default is 255.
Step 19	switch (config-if-hsrp) # ip [autoconfig \| ip-address [secondary]]	Assigns a virtual address to an HSRP group. If you use the autoconfig command, it generates a link-local address from the link-local prefix and a modified EUI-64 format Interface Identifier, where the EUI-64 Interface Identifier is created from the relevant HSRP virtual MAC address. The `ip-address` is the Virtual IP address for the virtual router (HSRP group). The IP address must be in the same subnet as the interface IP address. You must configure the virtual IP address for at least one of the routers in the HSRP group. Other routers in the group will pick up this address. The IP address can be an IPv4 address. The secondary command indicates that the IP4 address is a secondary HSRP virtual address.
Step 20	switch (config-if) # hsrp group-number [ip4 \| ipv6]	Enters HSRP configuration mode and creates the number of HSRP groups that can be configured on a Gigabit Ethernet port, including the main interfaces and subinterfaces. The `group-number` range is from 1 to 255. The default value is 0.
Step 21	switch (config-if-hsrp) # mac-address mac-address	Configures a static MAC address for a Layer 3 interface.
Step 22	switch (config-if-hsrp) # preempt [delay {minimum min-delay \| reload rel-delay \| sync\|sync-delay}]	Configures a preemption delay. If you opt to specify a delay minimum, this specifies the minimum number of seconds that preemption is delayed to allow routing tables to be updated before a router becomes active. If you opt to specify a delay reload , this specifies the time delay after the router has reloaded. This period applies only to the first interface-up event after the router had reloaded. The default value is 0. If you opt to specify a delay sync, this specifies the maximum number of seconds to allow IP redundancy clients to prevent preemption. When this period expires, preemption occurs regardless of the state of the IP redundancy clients. The default value is 0.
Step 23	switch (config-if-hsrp) # priority level [forwarding-threshold lower lower-value upper upper-value]	Sets the priority level within an HSRP group. The `level` range of values is from 1 to 255. If this router is the owner of the IP addresses, then the value is automatically set to 255. The default is 100. If you specify a forwarding-threshold, you set the threshold used by a vPC to determine when to fail over to the vPC trunk. The `lower-value` range is from 1 to 255. The default is 1. The `upper-value` range is from 1 to 255. The default is 255.
Step 24	switch (config-if-hsrp) # ip [autoconfig \| ip-address [secondary]]	Assigns a virtual address to an HSRP group. If you use the autoconfig command, it generates a link-local address from the link-local prefix and a modified EUI-64 format Interface Identifier, where the EUI-64 Interface Identifier is created from the relevant HSRP virtual MAC address. The `ip-address` is the Virtual IP address for the virtual router (HSRP group). The IP address must be in the same subnet as the interface IP address. You must configure the virtual IP address for at least one of the routers in the HSRP group. Other routers in the group will pick up this address. The IP address can be an IPv4 address. The secondary command indicates that the IP4 address is a secondary HSRP virtual address.

This example shows how to configure the SVI interfaces for default/nondefault VRF instances, as well as associated HSRP and dummy HSRP groups with anycast gateway MAC addresses.

switch (config) # feature hsrp
switch (config) # interface vlan20
switch (config-if) #	no shutdown
switch (config-if) # 	no ip redirects
switch (config-if) #	ip address 20.1.1.104/24
switch (config-if) #	ipv6 address 20:1::104/64
switch (config-if) #	ip router ospf 1 area 0.0.0.
switch (config-if) #	fabric forwarding mode anycast gateway <---must be added to configure vlan-20 in Cisco DFA mode
switch (config-if) #	hsrp version 2
switch (config-if) #	hrsp 20 ip4
switch (config-if-hsrp) # preempt
switch (config-if-hsrp) # priority 110
switch (config-if-hsrp) # ip 20.1.1.100
switch (config-if) # hsrp 20 ipv6
switch (config-if-hsrp) # preempt
switch (config-if-hsrp) # priority 110
switch (config-if-hsrp) # ip 20:1::100
switch (config-if) # hsrp 50 ipv4 <---dummy HSRP group (ipv4 or ipv6)
switch (config-if-hsrp) # mac-address DEAD.0000.DEAF <---anycast gateway MAC
switch (config-if-hsrp) # preempt
switch (config-if-hsrp) # priority 110
switch (config-if-hsrp) # ip 20.1.1.200 <---functionally unused IP

Configuring Border Leafs for DFA

You can configure an upgraded border leaf.

Before You Begin

You must upgrade the border leaf software.

	Command or Action	Purpose
Step 1	switch # configure terminal	Enters global configuration mode.
Step 2	switch (config) # install feature-set fabricpath	Installs the FabricPath feature set on the switch.
Step 3	switch (config) # install feature-set fabric	Installs the fabric feature on the switch.
Step 4	switch (config) # feature-set fabricpath	Enables a FabricPath feature set.
Step 5	switch (config) # feature-set fabric	Enables the fabric feature on the switch.
Step 6	switch (config) # feature fabric forwarding	Enables fabric network services on a device and enables the Host Mobility Manager and release-specific HMM configuration commands..
Step 7	switch (config) # feature bgp	Enables the Border Gateway Protocol (BGP). You must enable the BGP feature before you can configure BGP.
Step 8	switch (config) # feature isis	Enables the intermediate-system-to-intermediate-system (ISIS) for FabricPath core.
Step 9	switch (config) # feature vn-segment-vlan-based	Enables the VLAN-based virtual network (VN) segment feature on a switch. You can use this feature only if the FabricPath feature set is enabled on the switch..
Step 10	switch (config) # system fabric dynamic-vlans vlan-range	This allocation is mandatory to include for tenant VRFs core VLAN range as well as the entire server facing VLANs range. The range has to be continuous. Control segment VLAN is not a part of this dynamic range.
Step 11	switch (config ) # system fabric core-vlans vlan-id -or-range	Defines a range of VLANs out of the dynamic range, to be used for tenant core SVI. The VLAN range is reserved to be in use for Tenant VRF core VLANs.
Step 12	switch (config) # fabric forwarding identifier id	Specifies a unique fabric ID. The `id` range is from 1 to 65535.
Step 13	switch (config) # fabric forwarding anycast-gateway-mac mac-address	Specifies the MAC address of the server-facing ports across all leaf nodes. The anycast gateway MAC address is used per interface, so it is replicated across all the switch virtual interfaces (SVIs) that are supporting proxy gateway or anycast gateway.
Step 14	switch (config) # fabric forwarding switch-role [border] {leaf \| spine}	Defines the switch role. The Leaf adds tenant (vrf) functionality; the border leaf adds the ability to connect with routers.
Step 15	switch (config) # fabricpath domain default	Enters global FabricPath Layer 2 ISIS configuration mode.
Step 16	switch (config) # vlan fabric-control-vlan-id	Specifies the VLAN IDs of the allowed FabricPath VLANs in the anycast bundle. You can specify a`vland-id` in a range from 1 to 4094.
Step 17	switch (config-vlan) # mode fabricpath	Enables the VLAN as a FabricPath VLAN and enters FabricPath mode.
Step 18	switch (config) # interface vlan vlan-id	Creates the corresponding Layer 3 VLAN interface and enters interface configuration mode. The `vlan-id` range is from 2 to 4094.
Step 19	switch (config-if) # no shutdown	Disables the shutdown function on an instance of the BGP.
Step 20	switch (config-if) # ip address ip-address-mask	Configures the IP address to be used as BGP endpoints.
Step 21	switch (config-if) # fabric forwarding control-segment	Specifies this interface to be the DFA control segment. Only one interface can be this type.
Step 22	switch (config) # route-map map-tag	Enters route map configuration mode and specifies a route map by identifying the route map name (map-tag). The Maximum size is 63 characters. This name should be the same as the name that you use to configure the BGP additional paths.
Step 23	switch (config-route-map) # set path-selection all advertise	Sets the path selection criteria for BGP.
Step 24	switch (config-s) # ip access-list access-list-name	Defines an IP4 access list access control list (ACL) in order to enable filtering for packets.
Step 25	switch (config-s-acl) # permit ip source destination	Creates an access control list (ACL) rule that permits traffic that matches its conditions. The source destination identifies the source network address and the destination network address.
Step 26	switch (config) # ipv6 access-list access-list-name	Creates an IPv6 access control list (ACL) or enters IP access list configuration mode for a specific ACL.
Step 27	switch (config-acl) # sequence-number permit protocol	Configures a permit rule in an IPv6 ACL.
Step 28	switch (config) # route-map map-tag [deny \| permit] [sequence-number]	Predefines a route map for redistribution of HMM host routes. The name should be the same as name that you used when you entered the BGP redistribute-hmm route map command. Use thepermit command to specify that the route or packet is not distributed if the match criteria are met for the route map. Use the permit command to specify that the route or packet is distributed if the match criteria for this route are met. The `sequence-number` indicates the position a new route map has in the list of map routes already configured with same name. The no form of this command deletes the position of the route map. The range is 0 to 65535.
Step 29	switch (config-route-map) # match interface {interface-type number [,interface-type number...]}	Matches an interface in a route map. Use the match interface command to provide a list of interfaces to match a route against. The route next-hop addresses that are reached by one of these interfaces result in a match for the route map.
Step 30	switch (config) # route-map map-tag [deny \| permit] [sequence-number]	Specifies a route map by identifying the route map name (map-tag). The maximum size is 63 characters. Use thepermit command to specify that the route or packet is not distributed if the match criteria are met for the route map. Use the permit command to specify that the route or packet is distributed if the match criteria for this route are met. The `sequence-number` indicates the position a new route map has in the list of map routes already configured with same name. The no form of this command deletes the position of the route map. The range is 0 to 65535.
Step 31	switch (config-route-map) # match ip address {prefix-listprefix-list name [prefix-list name...]}	Distributes routes that have a destination IPv6 network number address that is permitted by a standard access list, an expanded list, or a prefix list. The `prefix-list name` can be any alphanumeric string up to 63 characters. The ellipsis indicates that multiple values can be entered, up to 32 prefix lists.
Step 32	switch (config-route-map) # match interface {interface-type number [,interface-type number...]}	Matches an interface in a route map. Use the match interface command to provide a list of interfaces to match a route against. The route next-hop addresses that are reached by one of these interfaces result in a match for the route map.
Step 33	switch (config-route-map) # match ip address prefix-list name [prefix-list name..] access-list-name	Distributes routes that have a destination IPv6 network number address that is permitted by a standard access list, an expanded list, or a prefix list. The `prefix-list name` can be any alphanumeric string up to 63 characters. The ellipsis indicates that multiple values can be entered, up to 32 prefix lists.
Step 34	Device (config) # router bgp as-number	Configures a BGP process for an interface. The `as-number` is the number of an autonomous system that identifies the router to other BGP routers and tags that the routing information passed along. The AS number can be a 16-bit integer or a 32-bit integer in the form of a higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
Step 35	Device (config-router) # address-family ipv4 unicast	Enters address family mode or a virtual routing and forwarding (VRF) address-family mode and configures submode commands for the BGP.
Step 36	Device (config-router-af) # redistribute hmm route-map map-name	Enables redistribution of IPv4 and IPv6 Host Mobility Manager (HMM) routes through specific route maps.
Step 37	switch (config-router-af) # maximum-paths [ibgp] number-paths	Controls the maximum number of parallel routes that the BGP can support.
Step 38	switch (config-router-af) # additional-paths receive	Receives additional paths to and from the BGP peers.
Step 39	switch (config-router) # address-family ipv6 unicast	Enters address family mode or a virtual routing and forwarding (VRF) address-family mode and configure submode commands for the BGP.
Step 40	switch (config-router-af) # redistribute hmm route-map map-name	Redistributes IPv4 and IPv6 Host Mobility Manager (HMM) routes through specific route maps.
Step 41	switch (config-router-af) # maximum-path [ibgp] number-paths	Controls the maximum number of parallel routes that the BGP can support.
Step 42	switch (config-router-af) # additional-paths-receive	Receives additional paths to and from the BGP peers.
Step 43	switch (config) # address-family vpnv4 unicast	Enters address family mode or a virtual routing and forwarding (VRF) address-family mode and configure submode commands for the BGP.
Step 44	switch (config-router-af) # additional-paths receive	Receives additional paths to and from the BGP peers.
Step 45	switch (config-router) # address-family vpnv6 unicast	Enters address family mode or a virtual routing and forwarding (VRF) address-family mode and configure submode commands for the BGP.
Step 46	switch (config-router-af) # additional-paths receive	Receives additional paths to and from the BGP peers.
Step 47	switch (config-router) # neighbor {ip-addr \|ip-prefixlentgth} [remote-as {as-num [,as-num] \|route-map map name}	Configures a BGP neighbor (router, VRF) and enters neighbor configuration mode.
Step 48	switch (config-router-neighbor) # address-family ipv4 unicast	Enters address family mode or a virtual routing and forwarding (VRF) address-family mode to configure submode commands for the BGP.
Step 49	switch (config-router-neighbor-af) # send community text	Sends a message to the active user session. The text string can be up to 80 alphanumeric characters and is case-sensitive.

This example shows how to configure the core for a border leaf.

switch # configure terminal
switch (config)# install feature-set fabricpath
switch (config)# install feature-set fabric
switch (config)# feature-set fabricpath
switch (config)# feature fabric forwarding
switch (config)# feature bgp
switch (config)# feature isis
switch (config)# feature interface-vlan
switch (config)# feature vn-segment-vlan-based

switch (config)# system fabric dynamic-vlans 20-21, 201-202, 1001-1010
switch (config)# system fabric core-vlans 1001-1010
switch (config)# fabric forwarding identifier 100
switch (config)# fabric forwarding anycast-gateway-mac.DEAD.0000.DEAF
switch (config)# fabric forwarding switch-role border-leaf
switch (config)# fabricpath domain default

switch (config)# vlan 1001-1010
switch (config-vlan)# mode fabricpath

switch (config) # interface Vlan10
switch (config-if) # no shutdown
switch (config-if) # ip address 1.1.1.4/24
switch (config-if) # fabric forwarding control-segment

switch (config) # route-map ALL-PATHS permit 10 
switch (config-route-map) # set path-selection all advertise

switch (config-s)# ip access-list HOSTS
switch (config-s-acl)# 10 permit ip any any
switch (config-s)# ipv6 access-list hosts-v6
switch (config-s-acl)# 10 permit ipv6 any any

switch (config) # route-map AM deny 10
switch (config-route-map) # match interface Vlan10
switch (config) # route-map AM permit 20
switch (config-route-map) # match ip address HOSTS
switch (config) # route-map hosts-v6 permit 20
switch (config-route-map) # match ipv6 address hosts-v6

switch (config) # router bgp 100
switch (config-router) # address-family ipv4 unicast
switch (config-router-af) # redistribute hmm route-map AM
switch (config-router-af) # maximum-paths ibgp 2
switch (config-router-af) # additional-paths receive
switch (config-router-af) # additional-paths selection route-map ALL PATHS
switch (config-router) # address-family ipv6 unicast
switch (config-router-af) # redistribute hmm route-map hosts-v6
switch (config-router-af) # maximum-paths ibgp 2
switch (config-router-af) # additional-paths receive
switch (config-router-af) # addtional-path seelction route-map ALL PATHS
switch (config-router) # address-family vpnv4 unicast
switch (config-router-af) # additional-paths receive
switch (config-router) # address-family vpnv6 unicast
switch (config-router-af) # additional-paths receive
switch (config-router) # neighbor 1.1.1.1 remote-as 100
switch (config-router-neighbor) # address-family ipv4 unicast
switch (config-router-neighbor-af) # send-community both

Adding a Host-Facing Tenant Interface (VLAN)

You can add a host-facing tenant interface (VLAN) to allocate a new VLAN ID and an unused VNI and tie them together, create the corresponding Layer-3 interface and put it into the VRF, and configure the appropriate fabric forwarding mode.

	Command or Action	Purpose
Step 1	switch # configure terminal	Enters global configuration mode.
Step 2	switch (config) # vlan {vlan-id \| vlan-range}	Specifies the VLAN IDs of the allowed FabrichPath VLANs in the anycast bundle. The `vlan-id` range is from 2 to 4094.
Step 3	switch (config-vlan) # mode fabricpath	Enables the VLAN as a FabricPath VLAN.
Step 4	switch (config-vlan) # vn-segment vni	Configures the virtual network (VN) segment id of the VLAN.
Step 5	switch (config-profile-vrf) # interface vlanvlan-id	Specifies an interface type and number. The `vlan-id` range is from 2 to 4094.
Step 6	switch (config-if) # vrf member name	Creates a VPN routing and forwarding instance (VRF) or enters VRF configuration mode to configure submode commands for the Intermediate System-to-Intermediate System (IS-IS) Intradomain Routing Protocol.
Step 7	switch (config-if) # ip address ip-address-mask	Specifies a primary IP address for an interface.
Step 8	switch (config-if) # [ip pim sparse-mode]	Enables IPv4 Protocol Independent Multicast (PIM) sparse mode on an interface.
Step 9	switch (config-if) # fabric forwarding mode anycast-gateway	Enables the TF mode in DFA.
Step 10	switch (config-if) # no shutdown	Disables the shutdown function on a BGP instance.

The following adds a host-facing tenant interface (VLAN).

switch # configure terminal
//Enter configuration commands, one per line. End with CNTL/Z.
switch (config)# vlan 20
switch (config-vlan)# mode fabricpath
switch (config-vlan)# vn-segment 20
switch (config-vlan)# interface vlan 20
switch (config-if) # vrf member VRF2
//Warning: Deleted all L3 config on interface Vlan20
switch (config-if) # ip address 1.1.1.4/24
switch (config-if) # [ip pim sparse-mode]
switch (config-if) # no shutdown
switch (config-if) # fabric forwarding mode anycast-gateway
switch (config-if) # exit

Adding a Tenant (VRF) Instance on a Leaf

To add a tenant instance, perform the following:

Configure a profile named vrf-tenant-profile
Allocate a VLAN
Create a VRF instance
Configure the route distinguisher and route targets
Tie the VNI/segment ID to the VRF instance
Create a Layer-3 VLAN and configure it with the same IP address/mask as the fabric control VLAN interface to map the BGP endpoint and the VRF BD VLAN

Command or Action

Purpose

Step 1

switch # configure terminal

Enters global configuration mode.

Step 2

switch # configure profile vrf-tenant-profile

Configures a profile and enters configuration profile mode to configure profile parameters.

Step 3

switch (config-profile) # apply profile vrf-tenant-profile

Applies the VRF tenant profile configuration profile to configure hosts.

Step 4

switch (config-profile) # vlan {vlan-id | vlan-range}

Specifies the VLAN IDs of the allowed FabricPath VLANs in the anycast bundle. The vlan-id range is from 1 to 4094.

Step 5

switch (config-profile-vlan) # mode fabricpath

Enables the VLAN as a FabricPath VLAN.

Step 6

switch (config-profile-vlan) # vn-segment segment-id

Configures the virtual network (VN) segment ID of the VLAN. The segment-id range is from 4096 to 16773119.

Step 7

switch (config-profile) # vrf context name

Creates a virtual routing and forwarding (VRF) instances and enters VRF configuration mode. The name of the VRF can be any case-sensitive, alphanumeric string up to 32 characters.

Step 8

switch (config-profile-vrf) # rd route-distinguisher

Creates routing and forwarding tables.

Step 9

switch (config-profile-vrf) # address-family-ipv4 unicast

Enters address family mode or a virtual routing and forwarding (VRF) address-family mode and configures submode commands for the BGP.

Step 10

switch (config-profile-vrf-af) # route-target import route-target-ext-community

Imports routing information from the target virtual private network (VPN) extended community.

Step 11

switch (config-profile-vrf-af) # route-target export route-target-ext-community

Exports routing information from the target virtual private network (VPN) extended community.

Step 12

switch (config-profile-vrf) # vni [vni-id | [-vni-id]]

Configures the virtual network identifier (VNI).

Note

You can specify a single ID or a range. For example, 4099, 5000-5005.

Step 13

switch (config-profile-vrf) # interface vlanvlan-id

Specifies an interface type and number. The vlan-id range is from 1 to 4094.

Step 14

switch (config-profile-if-vrf) # vrf member name

Creates a VPN routing and forwarding instance (VRF) or enters VRF configuration mode to configure submode commands for the Intermediate System-to-Intermediate System (IS-IS) Intradomain Routing Protocol. The name can be any case-sensitive, alphanumeric string up to 32 characters.

Step 15

switch (config-profile-if-vrf) # ip address ip-address-mask

Specifies a primary IP address for an interface

Step 16

switch (config-profile-if-vrf) # no shutdown

Disables the shutdown function on a BGP instance.

Step 17

switch (config-profile-if) # router bgp as-number

Configures a BGP process for an interface. The as-number is the number of an autonomous system that identifies the router to other BGP routers and tags that the routing information passed along. The AS number can be a 16-bit integer or a 32-bit integer in the form of a higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.

Step 18

switch (config-profile-if) # vrf name

Creates a VPN routing and forwarding (VRF) instance or enters VRF configuration mode to configure submode commands for the Intermediate System-to-Intermediate System (IS-IS) Intradomain Routing Protocol. The name can be any case-sensitive, alphanumeric string up to 32 characters.

Step 19

switch (config-profile-if-vrf) # address-family ipv4 multicast

Enters address family mode or a virtual routing and forwarding (VRF) address-family mode and configures submode commands for BGP.

Step 20

switch (config-profile-if-vrf-af) # redistribute hmm route-map map-name

Redistributes IPv4 Host Mobility Manager (HMM) routes through specific route maps.

This example shows how to configure the profile name and add the tenant VRF profile and associated parameters:

switch # configure profile vrf-tenant-profile
//Enter config profile mode, name = vrf-tenant-profile
//Enter configuration commands, one per line. End with CNTL/Z.
switch (config-profile)# configure terminal
//Exit configure profile mode.
switch (config)# apply profile vrf-tenant-profile
switch (config)# vlan 20
switch (config-profile-vlan)# mode fabricpath
switch (config-profile-vlan)# vn-segment 5000
switch (config-profile-vlan)# vrf context vrf2
switch (config-profile-vrf) # rd auto
switch (config-profile-vrf) #	address-family ipv4 unicast
switch (config-profile-vrf-af-ipv4) # route-target import 7000:1
switch (config-profile-vrf-af-ipv4) # route-target export 7000:1
switch (config-profile-vrf-af-ipv4) # vni 7000
switch (config-profile-vrf-af-ipv4) # interface vlan 20
switch (config-profile-if-verify) # vrf member VRF2
switch (config-profile-if-verify) # ip address 1.1.1.4/24
switch (config-profile-if-verify) # no shutdown
switch (config-profile-if-verify) # router bgp 100
switch (config-profile-router) # vrf VRF2
switch (config-profile-router-vrf) # address-family ipv4 multicast	
switch (config-profile-router-vrf-af) # address-family ipv4 unicast
switch (config-profile-router-vrf-af) # redistribute hmm route-map AM

Removing HSRP Configuration on all Border Leafs

During the migration, some hosts start learning the anycast gateway MAC address and will start using it. HSRP is required until the last leaf pair is upgraded to the DFA configuration.

Note

HSRP/VRRP is required for VLANs where hosts are connected behind a Cisco Nexus 5000 Series switch in the topology for those VLANs.

You can remove the HSRP configuration on border leafs after you migrate all of the switches.

	Command or Action	Purpose
Step 1	switch # show running-config interface type-number	Displays the interface for the VLAN.
Step 2	switch (config) # interface vlan vlan-id	Creates a VLAN interface and enters interface configuration mode. The `vlan-id` range is from 1 to 4094.
Step 3	switch (config-if-hsrp) # no hsrp group-number	Disables HSRP.
Step 4	switch (config-if-hsrp) # show running-config interface type-number	Displays an interface type and number.

This example shows how to disable the HSRP configuration on a border leaf:


switch # show running-config interface vlan20 

!Command: show running-config interface Vlan20
!Time: Tue Jun 9 17:56:19 2015

version 7.2(0)N1(1)

interface Vlan20
  no shutdown
  no ip redirects
  ip address 20.1.1.100
  ipv6 address 20:1::100/64
  ip router ospf 1 area 0.0.0.0
  fabric forwarding mode anycast-gateway
  hsrp version 2
  hsrp 20
    preempt
    priority 110
    ip 20.1.1.100
  hsrp 20 ipv6
    preempt
    priority 110
    ip 20:1::10
  hsrp 50
    mac-address DEAD.0000.DEAF
    preempt
    priority 110
    ip 20.1.1.200

switch # configure terminal
switch (config) # interface vlan 20
switch (config-if) # no hsrp 50
switch (config-if) # show running-config interface vlan 20

!Command: show running-config interface Vlan20
!Time: Tue Jun  9 17:58:21 2015

version 7.2(0)N1(1)

interface Vlan20
  no shutdown
  no ip redirects
  ip address 20.1.1.100
  ipv6 address 20:1::100/64
  ip router ospf 1 area 0.0.0.0
  fabric forwarding mode anycast-gateway
  hsrp version 2
  hsrp 20
    preempt
    priority 110
    ip 20.1.1.100
  hsrp 20 ipv6
    preempt
    priority 110
    ip 20:1::10

switch (config-if) # interface vlan 20
switch (config-if) # no hsrp 20 ipv4
switch (config-if) # show running-config interface vlan 20

!Command: show running-config interface Vlan20
!Time: Tue Jun  9 17:59:01 2015

version 7.2(0)N1(1)

interface Vlan20
  no shutdown
  no ip redirects
  ip address 20.1.1.100
  ipv6 address 20:1::100/64
  ip router ospf 1 area 0.0.0.0
  fabric forwarding mode anycast-gateway
  hsrp version 2
  hsrp 20 ipv6
    preempt
    priority 110
    ip 20:1::10

switch (config-if) # interface vlan 20
switch (config-if) # no hsrp 20 ipv6
switch (config-if) # show running-config interface vlan 20

!Command: show running-config interface Vlan20
!Time: Tue Jun  9 17:59:27 2015

version 7.2(0)N1(1)

interface Vlan20
  no shutdown
  no ip redirects
  ip address 20.1.1.100
  ipv6 address 20:1::100/64
  ip router ospf 1 area 0.0.0.0
  fabric forwarding mode anycast-gateway
  hsrp version 2

switch (config-if) # interface vlan 20
switch (config-if) # no hsrp version 2

Cisco Dynamic Fabric Automation Migration Guide

Bias-Free Language

Book Title

Cisco Dynamic Fabric Automation Migration Guide

Chapter Title