Contents

• Cisco CSR 1000V VxLAN Support
• Finding Feature Information
• Introduction
• Prerequisites for Cisco CSR 1000V VxLAN Support
• Configuring the Cisco CSR 1000V as a VxLAN Layer 2 Gateway
• Configuring the VxLAN UDP Destination Port (Optional)
• Creating the Network Virtualization Endpoint (NVE) Interface
• Creating the Access Ethernet Flow Point (EFP)
• Mapping the VLAN to the Bridge Domain
• Multicast Example for Configuring the Cisco CSR 1000v as a VxLAN Layer 2 Gateway
• Unicast Example for Configuring the Cisco CSR 1000v as a VxLAN Layer 2 Gateway
• Additional References
• Feature Information for Cisco CSR 1000V VxLAN Support
• Technical Assistance

Cisco CSR 1000V VxLAN Support

---

First Published: November 21, 2012

This module contains information about VxLAN (Virtual eXtensible Local Area Network) Layer 2 gateway feature support on the Cisco CSR 1000V. VxLAN is a technology that provides a Layer 2 overlay network, allowing for network isolation. The standard 802.1q VLAN implementation limits the number of tags to 4096. However, cloud service providers may want to operate more than 4096 virtual networks. VxLAN uses a 24-bit network ID, which allows for a much larger number of individual i networks to be operated.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn . An account on Cisco.com is not required.

Introduction

This feature enables the Cisco CSR 1000V to act as a Layer 2 VxLAN gateway to provide support to bridge traffic across VxLAN segments in a hypervisor and on VLANs on physical servers. The operation of a VxLAN Layer 2 gateway is based on the data plane MAC address learning and flooding of multidestination traffic (such as unknown unicast, multicast, or broadcast frames) using IP multicast.

Acting as a VxLAN Layer 2 gateway, the Cisco CSR 1000V can send and receive packets on multiple VxLAN networks, and provide connectivity between the hosts in a VLAN network and the virtual machines operating on a VxLAN network.

The VxLAN Layer 2 gateway performs the following functions:

• Provides support to bridge traffic between a host in a VLAN domain and VMs behind a virtual switch (vSwitch) in a VxLAN domain. The VLAN and the virtual network identifier (VNI) on the VxLAN should be configured as member ports in the same bridge domain.
• Implements the Virtual Tunnel Endpoint (VTEP) function, which encapsulates the Layer 2 packet on the IP/UDP tunnel with the VxLAN header (VNI) information before sending it to a multicast group or particular virtual switch on the VxLAN domain.
• The VTEP function removes the VxLAN header, identifies the bridge domain under which the VNI is configured and then bridges the inner L2 packet to the VLAN side. The bridge function also learns the remote MAC address (the VM's MAC address behind the virtual switch).
• The Layer 2 gateway carries the inner payload of non-IP (Layer 2 traffic), IPv4, and IPv6 traffic over the VxLAN VNI member.

Prerequisites for Cisco CSR 1000V VxLAN Support

The following are the prerequisites to configuring the Cisco CSR 1000V as a VxLAN Layer 2 gateway:

1. Configure the loopback interface.
2. Configure the IP unicast reachability to remote VTEP's.
3. Configure Bidirectional Protocol Independent Multicast (PIM).

For more information, see the IP Multicast: PIM Configuration Guide, Cisco IOS XE Release 3S .

Configuring the Cisco CSR 1000V as a VxLAN Layer 2 Gateway

• Creating the Network Virtualization Endpoint (NVE) Interface
• Mapping the VLAN to the Bridge Domain
• Troubleshooting the VxLAN Gateway Configuration

Configuring the VxLAN UDP Destination Port (Optional)

The default VxLAN UDP destination is 8472. If you want to change the VxLAN UDP destination port value, you must change it before configuring the network virtualization endpoint (NVE) interface.

Procedure

	Command or Action	Purpose
Step 1	enable Example: router> enable	Enables privileged EXEC mode. Enter your password if prompted.
Step 2	configure terminal Example: router# configure terminal	Enters global configuration mode.
Step 3	vxlan udp port number Example: Router(config)# vxlan udp port 1000	Configures the VxLAN UDP destination port number. The default value is 8472.

Creating the Network Virtualization Endpoint (NVE) Interface

You create the network virtualization endpoint (NVE) interface and then assign member virtual network identifiers (VNIs) to it. The mapping between the VNI range and the multicast group range is either one-to-one or many-to-one.

Procedure

	Command or Action	Purpose
Step 1	interface nve number Example: Router(config)# interface nve 1	Creates a network virtualization endpoint (NVE) interface and enters NVE interface configuration mode.
Step 2	source-interface loopback number Example: Router(config-if)# source-interface loopback 0	Assigns the previously-created loopback interface to the NVE interface.
Step 3	member vni {number | startnumber-endnumber} multicast-group startip-address endip-address Example: Router(config-if)# member vni 7115 multicast-group 225.1.1.1 225.100.100.100	Creates a VNI member or a range of VNI members. Repeat this step for each VNI to be added to the NVE interface. The valid values for the VNI number are from 4096 to 16777215.
Step 4	no shutdown Example: Router(config-if)# no shutdown	Enables the NVE interface.

Creating the Access Ethernet Flow Point (EFP)

After the member VNI is created, you must create the access Ethernet Flow Point (EFP) for the VLAN interface.

Procedure

	Command or Action	Purpose
Step 1	interface GigabitEthernet number Example: Router(config)# interface GigabitEthernet1	Enters interface configuration mode.
Step 2	service-instance interface id ethernet Example: Router(config-if)# service-instance interface 20 ethernet	Configures an Ethernet service instance on the overlay interface being configured and enters service instance configuration mode. The service-instance identifier range is from 1 to 8000.
Step 3	encapsulation dot1q vlan-ID Example: Router(config-if-srv)# encapsulation dot1q 100	Defines the VLAN encapsulation format as IEEE 802.1Q and specifies the VLAN identifier.
Step 4	rewrite ingress tag pop 1 symmetric Example: Router(config-if-srv)# rewrite ingress tag pop 1 symmetric	Removes the VLAN tag in the Layer 2 traffic before switching to the outgoing VxLAN interface. Note    This command is required to remove the VLAN tag before sending the VLAN traffic to VxLAN and adding the VLAN tag in the reverse direction.

Mapping the VLAN to the Bridge Domain

You must map the VLAN created in the previous procedure to the bridge domain.

Procedure

	Command or Action	Purpose
Step 1	bridge-domain bridge-id Example: Router(config)# bridge-domain 10	Creates a bridge domain and enters bridge domain configuration mode.
Step 2	member interface service-instance id Example: Router(config-bdomain)# member gigabitEthernet 1 service-instance 1	Binds the bridge domain to the service instance.
Step 3	member vni vni-id Example: Router(config-bdomain)# member vni 1010	Maps the VNI to the bridge domain.

What to Do Next

The following example displays the NVE VNIs configured on the router:

Router# show nve vni
 
Interface  VNI          mcast       VNI state
nve1       1010        239.0.0.0      UP
nve2       2010        239.0.0.0      UP

The following example displays the NVE VNIs assigned to NVE interface 1:

Router(config)# show nve vni interface nve1
Interface  VNI          mcast       VNI state
nve1       1010        239.0.0.0      UP
nve1       1110        239.0.0.0      UP

The following example shows the status of NVE interface 1:

Router(config)# show nve interface nve1
Interface: nve1, State:up, encapsulation:VXLAN 
source-interface: Lo1 (primary:1.1.1.1, secondary:1.1.1.2)

The following example shows a detailed display for NVE interface 1:

Router(config)# show nve interface nve1 detail
Interface: nve1, State:up, encapsulation:VXLAN 
source-interface: Lo1 (primary:1.1.1.1, secondary:1.1.1.2)
VNI          mcast       VNI state
1010        239.0.0.0       UP
1110        239.0.0.0       UP

The following example shows the NVE peers configured on the router:

Router(config)# show nve peers
Interface Peer-IP         VNI      Up Time
nve1       1.1.1.2        1010      10h
nve2       1.1.1.3        2030      20h  

The following example shows the bridge domain configuration with the entry in bold displaying the VM’s MAC address that was learned on the VxLAN VNI:

Router# show bridge-domain 1000
Bridge-domain 1000 (3 ports in all)
State: UP                    Mac learning: Enabled
Aging-Timer: 300 second(s)
    GigabitEthernet1 service instance 1000
    GigabitEthernet3 service instance 1000
    vni 7639335
   MAC address    Policy  Tag      Age  Pseudoport
   FFFF.FFFF.FFFF flood   static   0    OLIST_PTR:0xe9c2b410
   0050.56A4.ECD2 forward dynamic  297  nve1.VNI7639335 VxLAN [src:10.0.0.1  dst:10.0.0.2]
   0050.56A4.257A forward dynamic  297  GigabitEthernet3.EFP1000

Multicast Example for Configuring the Cisco CSR 1000v as a VxLAN Layer 2 Gateway

In this example, multicast data packets are transported securely between source and destination routers, via Virtual Tunnel Endpoints VTEP1 and VTEP2.

• Creating the Network Virtualization Endpoint (NVE) Interface

• Creating the Access Ethernet Flow Point (EFP)

• Mapping the VLAN to the Bridge Domain are shown.

VTEP1:

ip multicast-routing distributed
ip pim rp-address 10.1.1.1
interface loopback 1
    ip address 10.1.1.1 255.255.255.255
    ip pim sparse-dense mode
interface NVE 1
    no shutdown
    source interface loopback 1
    member VNI 5010 multicast-group 225.1.1.1 
interface GigabitEthernet 3
    ip address 11.1.1.1 255.255.255.0
    ip pim sparse-dense-mode
interface GiagabitEthernet 1
    service instance 1 ethernet
       encapsulation dot1q 100
bridge-domain 10
    member VNI 5010
    member GiagabitEthernet 1 service-instance 1

VTEP2:

ip multicast-routing distributed
ip pim rp-address 10.1.1.1
interface loopback 1
    ip address 12.1.1.1 255.255.255.255
    ip pim sparse-dense mode
interface NVE 1
    no shutdown
    source interface loopback 1
    member VNI 5010 multicast-group 225.1.1.1 
interface GigabitEthernet 3
    ip address 15.1.1.1 255.255.255.0
    ip pim sparse-dense-mode
interface GiagabitEthernet 1
    service instance 1 ethernet
    encapsulation dot1q 100
bridge-domain 10
    member VNI 5010
    member GiagabitEthernet 1 service-instance 1

Unicast Example for Configuring the Cisco CSR 1000v as a VxLAN Layer 2 Gateway

In this example, unicast data packets are transported securely between source and destination routers, via Virtual Tunnel Endpoints. This example is similar to the multicast example, except that it uses the unicast command member VNI 5010 instead of the multicast command member VNI 5010 multicast-group 225.1.1.1.

VTEP1:

interface loopback 1
    ip address 10.1.1.1 255.255.255.255
interface NVE 1
    no shutdown
    source interface loopback 1
    member VNI 5010
        ingress-replication 12.1.1.1
interface GigabitEthernet 3
    ip address 11.1.1.1 255.255.255.0
interface GigabitEthernet 1
    service instance 1 ethernet
        encapsulation dot1q 100
bridge-domain 10
    member VNI 5010
    member GigabitEthernet 1 service-instance 1

VTEP2:

interface loopback 1
    ip address 12.1.1.1 255.255.255.255
interface NVE 1
    no shutdown
    source interface loopback 1
    member VNI 5010
        ingress-replication 10.1.1.1
interface GigabitEthernet 3
    ip address 15.1.1.1 255.255.255.0
interface GigabitEthernet 1
    service instance 1 ethernet
        encapsulation dot1q 100
bridge-domain 10
    member VNI 5010
    member GiagabitEthernet 1 service-instance 1

Additional References

Related Documents

Related Topic	Document Title
Cisco CSR 1000V installation and software configuration	Cisco CSR 1000V Series Cloud Services Router Software Configuration Guide

Feature Information for Cisco CSR 1000V VxLAN Support

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn . An account on Cisco.com is not required.

Table 1 Feature Information for CSR VxLAN Support

Feature Name	Releases	Feature Configuration Information
CSR VxLAN Support	Cisco IOS XE Release 3.11S	This feature was introduced on the Cisco CSR 1000V.

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

Copyright © 2017–2018, Cisco Systems, Inc. All rights reserved.