The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Contents
This chapter contains the following sections:
Information About VXLANs
VXLANs have the following prerequisites:
VXLAN has the following configuration guidelines and limitations:
VXLAN has the following configuration guidelines and limitations for changing the VXLAN configuration:
Note | Ports become inactive if you change the mode from unicast to multicast if a multicast IP address is not configured or a segment ID is removed. |
The following table lists the default settings for VXLAN parameters.
Parameter |
Default |
---|---|
Feature Segmentation |
Disabled |
Configuring VXLANs
To enable a VXLAN, you must perform the following two procedures when you first configure a VXLAN.
Enter the show system vem feature level command to confirm that the feature level is 4.2(1)SV1(5.1) or a later release. If the feature level is not 4.2(1)SV1(5.1) or a later release, see the Cisco Nexus 1000V Installation and Upgrade Guide.
This example shows how to enable the segmentation feature:
switch# configure terminal switch(config)# feature segmentation switch(config)# show feature | grep segmentation network-segmentation 1 disabled segmentation 1 enabled switch(config)# copy running-config startup-config
This example shows how to configure a vmknic for VXLAN encapsulation:
switch# configure terminal switch(config)# port-profile type veth vmknic-pp switch(config-port-prof)# vmware port-group switch(config-port-prof)# switchport mode access switch(config-port-prof)# switchport access vlan 100 switch(config-port-prof)# capability vxlan switch(config-port-prof)# no shutdown switch(config-port-prof)# state enabled switch(config-port-prof)# show port-profile name vmknic-pp port-profile vmknic-pp type: Vethernet description: status: enabled max-ports: 32 min-ports: 1 inherit: config attributes: switchport mode access switchport access vlan 100 capability vxlan no shutdown evaluated config attributes: switchport mode access switchport access vlan 100 capability vxlan no shutdown assigned interfaces: port-group: vmknic-pp system vlans: none capability l3control: no capability iscsi-multipath: no capability vxlan: yes capability l3-vservice: no port-profile role: none port-binding: static switch(config-port-prof)# switch(config-port-prof)# copy running-config startup-config
The vSphere administrator must create a new vmknic on each ESX/ESXi host and assign the previously created port profile to this vmknic. IP address and netmask should be assigned to the vmknic. This IP address will be used for VXLAN packet encapsulation. Use the show module vteps to view the interfaces on the VSM.
You are limited to creating a maximum of 2048 VXLAN bridge domains.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal | Enters global configuration mode. | ||
Step 2 | switch(config)# bridge-domain name-string | Creates a VXLAN and associates an identifying name to it. | ||
Step 3 | switch(config-bd)# segment id [number] | Specifies the VXLAN segment ID. Only one bridge domain can use a particular segment ID value. Valid values are from 4096 to 16000000. (1 to 4095 are reserved for VLANs.) | ||
Step 4 | switch(config-bd)# group ipaddr | (Optional) Associates the multicast group for broadcasts and floods.
| ||
Step 5 | switch(config-bd)# show bridge-domain name-string | (Optional) Displays bridge domain information. | ||
Step 6 | switch(config-bd)# copy running-config startup-config | (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
This example shows how to create a VXLAN:
switch# configure terminal switch(config)# bridge-domain tenant-red switch(config-bd)# segment id 4096 switch(config-bd)# group 239.1.1.1 switch(config-bd)# show bridge-domain tenant-red Bridge-domain tenant-red (0 ports in all) Segment ID: NULL Mode: Unicast-only (default) MAC Distribution: Disable (default) Group IP: 239.1.1.1 State: UP Mac learning: Enabled switch(config-bd)# switch(config-bd)# copy running-config startup-config
You can configure a bridge domain in the bridge-domain mode or global mode.
Command or Action | Purpose | |||||
---|---|---|---|---|---|---|
Step 1 | switch# configure terminal |
Enters global configuration mode. | ||||
Step 2 | switch# bridge-domainbd-name | Creates a bridge domain. | ||||
Step 3 | switch (config-bd)# [no] segment mode unicast-only | default segment mode | Configures the segment mode as unicast only. The mode can be configured globally or for a specific bridge domain. When configured under a specific bridge domain, the mode is treated as an override to the global configuration for that specific bridge domain. Any change in the global configuration affects all the bridge domains that do not have overrides. The mode configuration on a specific bridge domain overwrites the global bridge domain. The overrides configured on the bridge domain can be removed by using the default segment mode.
| ||||
Step 4 | switch (config-bd)# [no] segment distribution mac | default segment distribution mac | Enables MAC distribution for the bridge domain.
|
This example shows how to configure a bridge domain:
Note | The ports are inactive if a segment ID is not configured for a bridge domain and if a multicast IP address is not configured when global configuration or a bridge domain override has the no segment mode unicast-only configuration. |
config terminal bridge-domain domain-660 segment mode unicast-only segment distribution mac
Alternatively, you can associate ports with a bridge domain by modifying the configuration of an existing virtual Ethernet port profile to use VXLANs instead of VLANs. To do so, enter the switchport access bridge-domain name command on a profile with switchport mode access configured.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal | Enters global configuration mode. | ||
Step 2 | switch(config)# port-profile [type {vethernet}] name | Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:
| ||
Step 3 | switch(config-port-prof)# vmware port-group [pg_name] | Designates the port profile as a VMware port group. The port profile is mapped to a VMware port group of the same name unless you specify a name here. When you connect the VSM to vCenter Server, the port group is distributed to the virtual switch on vCenter Server. | ||
Step 4 | switch(config-port-prof)# switchport mode access | Designates that the interfaces are to be used as trunking ports. A trunk port transmits untagged packets for the native VLAN and transmits encapsulated, tagged packets for all other VLANs. | ||
Step 5 | switch(config-port-prof)# switchport access bridge-domain <bridge-domain name> | Assigns a VXLAN bridge domain to this port profile. You must configure the bridge domain with its segment ID for the port to be active. You should configure a multicast IP address if you prefer multicast mode. The multicast mode is displayed in the running configuration as no segment mode unicast-only. | ||
Step 6 | switch(config-port-prof)# no shutdown | Administratively enables all ports in the profile. | ||
Step 7 | switch(config-port-prof)# state enabled | Sets the operational state of a port profile. | ||
Step 8 | switch(config-port-prof)# show port-profile [brief | expand-interface | usage] [name profile-name] | (Optional) Displays the configuration for verification. | ||
Step 9 | switch(config-port-prof)# show running-config bridge-domain | (Optional) Displays the segmentation configuration. | ||
Step 10 | switch(config-port-prof)# copy running-config startup-config | (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
This example shows how to create a port profile configured to use a VXLAN:
switch# configure terminal switch(config)# port-profile tenant-profile switch(config-port-prof)# vmware port-group switch(config-port-prof)# switchport mode access switch(config-port-prof)# switchport access bridge-domain tenant-red switch(config-port-prof)# no shutdown switch(config-port-prof)# state enabled switch(config-port-prof)# show port-profile name tenant-profile port-profile tenant-profile type: Vethernet description: status: enabled max-ports: 32 min-ports: 1 inherit: config attributes: switchport mode access switchport access bridge-domain tenant-red no shutdown evaluated config attributes: switchport mode access switchport access bridge-domain tenant-red no shutdown assigned interfaces: port-group: tenant-profile system vlans: none capability l3control: no capability iscsi-multipath: no capability vxlan: no capability l3-vservice: no port-profile role: none port-binding: static switch(config-port-prof)# switch(config-port-prof)# show running-config bridge-domain switch(config-port-prof)# copy running-config startup-config
By performing this procedure, you move the ports to the default VLAN.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal | Enters global configuration mode. | ||
Step 2 | switch(config)# port-profile [type {vethernet}] name | Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:
| ||
Step 3 | switch(config-port-prof)# no switchport access bridge-domain | Removes the VXLAN bridge domain from this port profile. | ||
Step 4 | switch(config-port-prof)# show port-profile usage | (Optional) Displays a list of interfaces that inherited a port profile. | ||
Step 5 | switch(config-port-prof)# show bridge-domain | (Optional) Displays all bridge domains. | ||
Step 6 | switch(config-port-prof)# copy running-config startup-config | (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
This example shows how to remove ports from a VXLAN:
switch# configure terminal switch(config)# port-profile tenant-profile switch(config-port-prof)# no switchport access bridge-domain tenant-red switch(config-port-prof)# show port-profile usage switch(config-port-prof)# show bridge-domain switch(config-port-prof)# copy running-config startup-config
When you delete an existing bridge domain with ports on it, all the ports are moved to a down state and traffic stops flowing.
Command or Action | Purpose | |
---|---|---|
Step 1 | switch# configure terminal | Enters global configuration mode. |
Step 2 | switch(config)# no bridge-domain group-red | Deletes a VXLAN. |
Step 3 | switch(config-bd)# show bridge-domain | (Optional) Displays all bridge domains. |
Step 4 | switch(config-bd)# copy running-config startup-config | (Optional) Copies the running configuration to the startup configuration. |
This example shows how to delete a VXLAN:
switch# configure terminal switch(config)# no bridge-domain group-red switch(config)# show bridge-domain switch(config)# copy running-config startup-config
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | switch# configure terminal | Enters global configuration mode. | ||
Step 2 | switch(config)# show bridge-domain | Displays all bridge domains.
| ||
Step 3 | switch(config)# show running port-profile | (Optional) Displays the running configuration for all port profiles.
| ||
Step 4 | switch(config)# port-profile name | Names the port profile and enters port profile configuration mode. If the port profile does not already exist, it is created using the following characteristics: name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.
| ||
Step 5 | switch(config-port-prof)# no switchport access bridge-domain name-string | Removes the VXLAN bridge domain from this port profile and moves the ports to VLAN1. | ||
Step 6 | switch(config-port-prof)# show port-profile usage | (Optional) Displays a list of interfaces that inherited a port profile. | ||
Step 7 | switch(config-port-prof)# show bridge-domain | (Optional) Displays all bridge domains. | ||
Step 8 | switch(config-port-prof)# no feature segmentation | Removes the segmentation feature. | ||
Step 9 | switch(config-port-prof)# show feature | grep segmentation | (Optional) Displays if the segmentation feature is running or not running. | ||
Step 10 | switch(config-port-prof)# copy running-config startup-config | (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
This example shows how to disable segmentation:
switch# configure terminal switch(config)# show bridge-domain Global Configuration: Mode: Unicast-only MAC Distribution: Disable Bridge-domain tenant-red (4 ports in all) Segment ID: 4096 (Manual/Active) Mode: Unicast-only MAC Distribution: Disable Group IP: NULL State: UP Mac learning: Enabled Veth1, Veth2, Veth4, Veth11 switch(config)# show running-config port-profile port-profile default max-ports 32 port-profile default port-binding static port-profile type ethernet Unused_Or_Quarantine_Uplink vmware port-group shutdown description Port-group created for Nexus1000V internal usage. Do not use. state enabled port-profile type vethernet Unused_Or_Quarantine_Veth vmware port-group shutdown description Port-group created for Nexus1000V internal usage. Do not use. state enabled port-profile type vethernet tenant-profile vmware port-group switchport mode access switchport access bridge-domain tenant-red no shutdown state enabled switch(config)# switch(config-port-prof)# show port-profile usage port-profile Unused_Or_Quarantine_Uplink port-profile Unused_Or_Quarantine_Veth port-profile tenant-profile Vethernet1 Vethernet2 Vethernet4 Vethernet11 switch(config-port-prof)# show bridge-domain Global Configuration: Mode: Unicast-only MAC Distribution: Disable Bridge-domain tenant-red (0 ports in all) Segment ID: 4096 (Manual/Active) Mode: Unicast-only MAC Distribution: Disable Group IP: NULL State: UP Mac learning: Enabled switch(config-port-prof)# switch(config-port-prof)# no feature segmentation switch(config-port-prof)# 2013 May 23 05:34:42 switch-cy %SEG_BD-2-SEG_BD_DISABLED: Feature Segmentation disabled switch(config-port-prof)# show feature | grep seg_bd - NR - 1 - seg_bd
To display the VXLAN configuration information, perform one of the following tasks:
Command |
Purpose |
---|---|
show feature | grep segmentation |
Displays if the segmentation feature is running. |
show bridge-domain |
Displays all bridge domains with the mode. |
show bridge-domain vteps |
Displays the bridge domain-to-VTEP mappings that are maintained by the VSM and are pushed to all VEMs. |
show bridge-domain mac bd-name |
Displays all the MAC addresses that are learned by the VSMs on VXLANs that are configured with the MAC distribution feature. |
show run bridge-domain |
Displays the running bridge domain. |
show bridge-domain bd-name |
Displays the specified bridge domain. |
show bridge-domain bd-name vteps |
Displays the specific bridge domain-to-VTEP mappings that are maintained by the VSM and are pushed to all VEMs. |
show interface brief |
Displays a short version of the interface configuration. |
show interface switchport |
Displays information about switchport interfaces. |
show module vteps |
Displays the IP addresses available on each module that can be used for VXLAN Tunnel Endpoints. |
Feature Name |
Releases |
Feature Information |
---|---|---|
Enhanced VXLAN |
4.2(1)SV2(2.1) |
Added the enhanced VXLAN commands. |
VXLAN |
4.2(1)SV1(5.1) |
Introduced the Virtual Extensible Local Area Network (VXLAN) feature. |