SEFOS VXLAN Administration Guide - OracleVXLAN transports MAC frames generated by VMs in isolated Layer 2 networks over an IP network. VXLAN enables Layer 2 communication of VMs across

Sun Ethernet Fabric Operating System VXLAN Administration Guide

Part No: E60924-02

August 2015

Copyright © 2015, Oracle and/or its affiliates. All rights reserved.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.

Copyright © 2015, Oracle et/ou ses affiliés. Tous droits réservés.

Ce logiciel et la documentation qui l'accompagne sont protégés par les lois sur la propriété intellectuelle. Ils sont concédés sous licence et soumis à des restrictions d'utilisation et de divulgation. Sauf stipulation expresse de votre contrat de licence ou de la loi, vous ne pouvez pas copier, reproduire, traduire, diffuser, modifier, breveter, transmettre, distribuer, exposer, exécuter, publier ou afficher le logiciel, même partiellement, sous quelque forme et par quelque procédé que ce soit. Par ailleurs, il est interdit de procéder à toute ingénierie inverse du logiciel, de le désassembler ou de le décompiler, excepté à des fins d'interopérabilité avec des logiciels tiers ou tel que prescrit par la loi.

Les informations fournies dans ce document sont susceptibles de modification sans préavis. Par ailleurs, Oracle Corporation ne garantit pas qu'elles soient exemptes d'erreurs et vous invite, le cas échéant, à lui en faire part par écrit.

Si ce logiciel, ou la documentation qui l'accompagne, est concédé sous licence au Gouvernement des Etats-Unis, ou à toute entité qui délivre la licence de ce logiciel ou l'utilise pour le compte du Gouvernement des Etats-Unis, la notice suivante s'applique:

U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.

Ce logiciel ou matériel a été développé pour un usage général dans le cadre d'applications de gestion des informations. Ce logiciel ou matériel n'est pas conçu ni n'est destiné à être utilisé dans des applications à risque, notamment dans des applications pouvant causer des dommages corporels. Si vous utilisez ce logiciel ou matériel dans le cadre d'applications dangereuses, il est de votre responsabilité de prendre toutes les mesures de secours, de sauvegarde, de redondance et autres mesures nécessaires à son utilisation dans des conditions optimales de sécurité. Oracle Corporation et ses affiliés déclinent toute responsabilité quant aux dommages causés par l'utilisation de ce logiciel ou matériel pour ce type d'applications.

Oracle et Java sont des marques déposées d'Oracle Corporation et/ou de ses affiliés. Tout autre nom mentionné peut correspondre à des marques appartenant à d'autres propriétaires qu'Oracle.

Intel et Intel Xeon sont des marques ou des marques déposées d'Intel Corporation. Toutes les marques SPARC sont utilisées sous licence et sont des marques ou des marques déposées de SPARC International, Inc. AMD, Opteron, le logo AMD et le logo AMD Opteron sont des marques ou des marques déposées d'Advanced Micro Devices. UNIX est une marque déposée d'The Open Group.

Ce logiciel ou matériel et la documentation qui l'accompagne peuvent fournir des informations ou des liens donnant accès à des contenus, des produits et des services émanant de tiers. Oracle Corporation et ses affiliés déclinent toute responsabilité ou garantie expresse quant aux contenus, produits ou services émanant de tiers, sauf mention contraire stipulée dans un contrat entre vous et Oracle. En aucun cas, Oracle Corporation et ses affiliés ne sauraient être tenus pour responsables des pertes subies, des coûts occasionnés ou des dommages causés par l'accès à des contenus, produits ou services tiers, ou à leur utilisation, sauf mention contraire stipulée dans un contrat entre vous et Oracle.

Accessibilité de la documentation

Pour plus d'informations sur l'engagement d'Oracle pour l'accessibilité à la documentation, visitez le site Web Oracle Accessibility Program, à l'adresse http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Accès au support électronique

Les clients Oracle qui ont souscrit un contrat de support ont accès au support électronique via My Oracle Support. Pour plus d'informations, visitez le site http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info ou le site http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs si vous êtes malentendant.

http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc

http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info

http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs

http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc

../../../../../../AppData/OpusWS/BFD/site%20http:/www.oracle.com/pls/topic/lookup?ctx=acc&id=info%20

http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs

3

Contents

Using This Documentation .............................................................................................................. 5

VXLAN Overview .............................................................................................................................. 7

VXLAN Protocol Description .......................................................................................... 7

Static and Ingress Replica Case Topology Example .................................................... 7

Dynamic Case Topology ............................................................................................... 8

Configuring VXLAN .......................................................................................................................... 9

Enable VXLAN ............................................................................................................... 9

Configure a VXLAN UDP Port ....................................................................................... 9

Configure the VXLAN Trace Option ............................................................................ 10

Create a VXLAN Interface ........................................................................................... 10

Configure a Source VTEP IP Address for VXLAN ...................................................... 11

Configure VNI-VLAN Mapping ..................................................................................... 12

Configure Remote VTEP ............................................................................................. 13

Configure Unicast VXLAN ........................................................................................... 13

Configure Ingress Replica (CLI) .................................................................................. 14

Configure VXLAN Multicast (CLI) ................................................................................ 15

Configure VXLAN for Static and Ingress Replica Case Topology ............................... 16

Configure VXLAN Dynamic Case Topology ................................................................ 19

BGP Configuration ............................................................................................ 20

IGMP and PIM Configuration ............................................................................ 21

VXLAN configurations ....................................................................................... 22

Static VXLAN Configuration .............................................................................. 22

Ingress Replica VXLAN Configuration .............................................................. 22

Multicast VXLAN Configuration ......................................................................... 22

Configure Static Unicast-Based VXLAN (Script) ......................................................... 23

Configure Dynamic Multicast-Based VXLAN (Script) .................................................. 27

Configure the Middle Router (Script) ........................................................................... 32

Configure Ingress Replication (Script) ......................................................................... 34

4 Sun Ethernet Fabric Operating System VXLAN Administration Guide August 2015

5

Using This Documentation

● Overview – Provides information about the VXLAN feature and how to configure VXLAN

● Audience – Users implementing VXLAN protocol with other protocols in the router stack

● Required knowledge – Working knowledge of the protocol

Product Documentation Library

Documentation and resources for this product and related products are available at http://www.oracle.com/goto/es2-72_es2-64/docs.

Acronyms and Abbreviations

Terms Explanation

BGP Border Gateway Protocol

CLI Command-line interface

IGMP Internet Group Management Protocol

IP Internet Protocol

NVE Network virtualization edge

OSPF Open Shortest Path First

PIM Protocol Independent Multicast

SRC Show running configuration

TOR Top of rack

UDP User Datagram Protocol

VM Virtual machine (end devices in local LAN segment of VTEP)

VNI VXLAN network identifier (or VXLAN segment ID)

VTEP VXLAN tunnel end point

VXLAN Virtual extensible local area network

CLI Command Modes

http://www.oracle.com/goto/es2-72_es2-64/docs


This table lists the various command modes used in this document with their access and exit methods.

Command

Mode

Access Method Prompt Exit Method

User EXEC Initial mode for starting a

session.

SEFOS> Use the logout

command to return to

the Oracle ILOM

prompt.

Privileged EXEC From User EXEC mode, use the

enable command.

SEFOS# Use the disable


the User EXEC mode.

Global

Configuration

From Privileged EXEC mode,

use the configure

terminal command.

SEFOS(config)# Use the exit or end

command to exit to the

Privileged EXEC mode.

Interface

Configuration

From Global Configuration mode,

use the interface-type

interface-id command.

SEFOS(config-

if)# Use the exit


Global Configuration

mode, or use the end



VLAN

Configuration

From Global Configuration mode,

use the vlan vlan-id command.

SEFOS(config-

vlan)#

Use the exit


Global Configuration

mode, or use the end



Feedback

Provide feedback about this documentation at http://www.oracle.com/goto/docfeedback.

http://www.oracle.com/goto/docfeedback

VXLAN Overview 7

VXLAN Overview

VXLAN Protocol Description

VXLAN is a Layer 2 overlay scheme over a Layer 3 network, and addresses the requirements of Layer 2 and Layer 3 data center network infrastructure in the presence of VMs in a multitenant environment.

VXLAN transports MAC frames generated by VMs in isolated Layer 2 networks over an IP network.

VXLAN enables Layer 2 communication of VMs across servers in a data center and across data centers. Across datacenters, VMs that are required to be in a separate domain are grouped as a VXLAN segment identified by unique VXLAN identifier (VNI). The overlay network is formed over Layer 3 network for communication between VMs in a segment.

VXLAN gateway functionality connects VXLAN-aware network devices to VXLAN-unaware network devices. For example, to connect natively VXLAN-aware servers with VMs to VXLAN-unaware servers with virtual machines (VMs) and targets, VXLAN gateway functionality is required.

Static and Ingress Replica Case Topology Example

VMs have the following MAC addresses:

● VM1 – 00:01:02:03:04:01

● VM2 – 00:01:02:03:04:04

VTEPs are connected back-to-back (directly) in this topology, which is used for VXLAN static and ingress replica functionality verification.

A route to the physical interface of the next VTEP need not be added in a VTEP, because the interfaces are directly connected in the same network.

Static Unicast

Static Unicast VXLAN configurations on VTEP1 and VTEP2

Ingress-Replica-Unknown Unicast

Ingress replica VXLAN configurations on VTEP1 and VTEP2

Note: If the loopback IP of VTEP2 is used as remote VTEP-IP in VTEP1, then the route (static) to that loopback must be configured in VTEP1 for reachability.


Dynamic Case Topology

VMs have the following MAC addresses:

● VM1 – 00:01:02:03:04:01

● VM2 – 00:04:02:03:04:01

VTEPs are connected through an additional router in the middle. VTEP1 should have the route to VTEP2 and vice versa. The connection is achieved by performing the following steps:

1. Add static routes in VTEP1 and VTEP2.

a. Add IP route to VTEP2 in VTEP1 through the Middle-R.

b. Add IP route to VTEP1 in VTEP2 through the Middle-R.

2. Configure a routing protocol in the VTEPs. For example, iBGP, OSPF, or RIP.

In this document, iBGP routing protocol is used on all the routers to route packets between VTEP1 and VTEP2. This topology is used to verify the static and ingress replica functionality and dynamic VXLAN functionality.

1. Static (unicast) and ingress-replica (unknown-unicast)

● Routing protocol iBGP on all the three routers

● VXLAN configurations on VTEP1 and VTEP2

2. Dynamic multicast-based:

● Routing protocol iBGP on all the three routers

● VXLAN configurations on VTEP1 and VTEP2

● IGMP on three routers for joining and leaving the multicast group

● PIM protocol on middle router for forwarding the multicast packets

In real hardware boards, the ports can be extreme-ethernet (interface Ex 0/1) or XL-ethernet

(interface xl 0/1) ports. Therefore, configurations must be changed according to the ports

available in the board.

9

Configuring VXLAN

Enable VXLAN

VXLAN must be enabled for all the VXLAN-related configurations. See Static and Ingress Replica Case Topology Example for the topology for this configuration.

1. To enable VXLAN, perform the following in VTEP1.

a. Enter Global Configuration mode.

SEFOS# configure terminal

b. Enable VXLAN.

SEFOS(config)# set vxlan enable

VXLAN is enabled in VTEP1.

c. Exit Global configuration mode.

SEFOS(config)# end

2. View the status of VXLAN.

SEFOS# show running-config vxlan

…

set vxlan enable

…

Configure a VXLAN UDP Port

The following configuration sets the UDP port number for VXLAN. By default, 4789 is set as the

UDP port number. VXLAN must be configured in VTEP1 before configuring UDP. See Static and

Ingress Replica Case Topology Example for the topology for this configuration.

1. To configure the UDP ports, perform the following in VTEP1.



b. Set the VXLAN UDP port number.

SEFOS(config)# vxlan udp-port 5566

VXLAN UDP port number is set as 5566.

c. Exit Global Configuration mode.

SEFOS(config)# end


2. View the VXLAN UDP port number.

SEFOS# show vxlan udp-port

Udp Port Number: 5566

Configure the VXLAN Trace Option

The following configuration sets the VXLAN debug trace option. VXLAN must be configured in

VTEP1 before configuring UDP. See Static and Ingress Replica Case Topology Example for the

topology for this configuration.

1. In VTEP1, set the debugging trace option for VXLAN.

SEFOS# debug vxlan critical

VXLAN has the following debug trace options:

● all

● critical

● entry-exit

● failures

● memory

● mgmt

● pkt

● utilities

2. View the VXLAN debugging trace options.

SEFOS# show running-config vxlan

…

debug vxlan critical

…

Create a VXLAN Interface

1. Enter Global Configuration mode in VTEP1.


2. Create an NVE interface.

SEFOS(config)# interface nve 1

A VXLAN interface is created.

3. Exit Interface Configuration mode.

SEFOS(config-if)# no shutdown

Configuring VXLAN 11

4. Exit Global Configuration mode.

SEFOS(config)# end

Configure a Source VTEP IP Address for VXLAN

This VXLAN configuration sets the IPv4 source VTEP IP addresses for VTEP. The IP address is used as a source IP in a VXLAN packet and is configured in the following two ways:

● Physical interface IP as source VTEP IP – For example: source-interface vtep-ipv4 10.0.0.1

● Loopback interface IP as source VTEP IP – For example: source-interface loopback 0

See Static and Ingress Replica Case Topology Example for the topology for this configuration.

1. Type the following commands in VTEP1.



b. Create an NVE interface.


A VXLAN interface is created.

c. Set the source VTEP IP address in one of the following ways:

● SEFOS(config-if)# source-interface vtep-ipv4 10.0.0.1

● SEFOS(config-if)# source-interface loopback 0

d. Make the NVE interface UP.


e. Exit Global Configuration mode.

SEFOS(config)# end

2. View the VTEP source IP.

The physical interface IP is configured as source VTEP-IP:

SEFOS# show vxlan nve interface nve 1

NVE interface information

--------------------------------------

Interface: nve 1, State:UP, encapsulation:VXLAN

source-interface:10.0.0.1

The loopback interface IP is configured as source VTEP-IP:

SEFOS# show vxlan nve interface nve 1



--------------------------------------------------------


source-interface:loopback 0

Note: The physical interface or the loopback IP must be configured before configuring the source VTEP-IP.

Configure VNI-VLAN Mapping

Create this VXLAN configuration to map VLAN to VXLAN, and to clear the packets sent, received, or dropped counters. See Static and Ingress Replica Case Topology Example for the topology for this configuration.

1. Type the following commands.


SEFOS(config)# switch default

SEFOS(config)# vlan 100

SEFOS(config)# ports Ex 0/2 un Ex 0/2

SEFOS(config)# end

2. Type the following commands in VTEP1.



b. Enter VLAN mode.

SEFOS(config)# vlan 100

c. Configure the VNI-VLAN mapping.

SEFOS(config-if)# member vni 5000

d. Clear the statistics counters of VXLAN.

SEFOS(config-if)# member vni 5000 clear-counters

e. Make the NVE interface UP.


f. Exit Interface and Global Configuration mode.

SEFOS(config-if)# end

3. View the control plane statistics of packets sent, received, and dropped in VXLAN.

SEFOS# show vxlan vni 5000 statistics

VNI Statistics

------------------------------------------------------------

VNI VXLAN Pkt Sent Cnt VXLAN Pkt Received Cnt VXLAN Pkt

Dropped Cnt


5000 0 0 0

Configure Remote VTEP

Configure the IPv4 remote VTEP IP addresses in VTEP. You can configure remote VTEP before multicast or ingress replica – VNI configuration. If this is not configured, remote VTEP is learned

internally when the first VXLAN packet is received by control plane. See Static and Ingress

Replica Case Topology Example for the topology for this configuration.

Note: You must configure the source VTEP before configuring the remote VTEP IP address.

Perform initial configurations in VTEP1.

1. Enter Global Configuration mode.




3. Configure the NVE entry with the following values:

● VNI For example, 4096

● VTEP2-IP (loopback-IP or Interface-IP) as remote-VTEP-IP

● MAC address of VM2 as static-VM-MAC

SEFOS(config-if)# member vni 4096 remote-vtep-ipv4 2.2.2.2

4. Make the admin status of NVE interface UP.



Configure Unicast VXLAN

Configure the remote VTEP IP address along with the VM MAC address in VTEP.

Note: You must configure the source VTEP before configuring the Remote VTEP IP address.





3. Configure NVE entry with the following values:

● VNI — For example: 4096




SEFOS(config-if)# member vni 4096 static-vm-mac 00:01:02:03:04:01

remote-vtep-ipv4 2.2.2.2




5. View the VXLAN peers configured in VTEP1 using the following command.

SEFOS# show vxlan nve peers

VTEP Peers information

----------------------------------------------------------------

Interface Peer-IP VNI VM-MAC MAC-Type

nve 1 2.2.2.2 4096 00:01:02:03:04:01 Static

Configure Ingress Replica (CLI)

Configure the replication VTEP IP addresses in VTEP. See Static and Ingress Replica Case Topology Example for the topology for this configuration.

Note: You must configure the source VTEP before configuring the ingress replica remote VTEP IP.





3. Configure NVE entry with the following values:


● VTEP2-IP (loopback-IP or Interface-IP) as remote-VTEP-IP in ingress replica

SEFOS(config-if)# member vni 4096 ingress-replication ipv4 2.2.2.2

3.3.3.3

Note: For dynamic remote VTEP learning, the following remote VTEP configuration is not required.

SEFOS(config-if)# member vni 4096 remote-vtep-ipv4 2.2.2.2.




5. View the ingress replica VXLAN peers configured in VTEP1.

SEFOS# sh vxlan nve interfaces nve 1 detail



--------------------------------------------------------------------


source-interface:loopback 0

VNI Ingress-Replica-VTEP-List

-------------------------------------------

4096 2.2.2.2, 3.3.3.3

Configure VXLAN Multicast (CLI)

Configure the multicast group IP Address in VTEP. See Dynamic Case Topology for the topology of this configuration.

Note: You must configure the source VTEP before configuring the multicast group IP.





3. Configure multicast entry with the following values:

● VNI —For example: 4096

● Multicast group IP to be joined — For example: 224.0.11.11

SEFOS(config-if)# member vni 4096 multicast-group-ipv4 224.0.11.11



4. Make the admin status of the NVE interface UP.



5. View the VXLAN multicast group configured in VTEP1.

SEFOS# show vxlan nve interfaces nve 1 detail


----------------------------------------------------------------

Interface: nve e1, State:DOWN, encapsulation:VXLAN

source-interface:1.1.1.1

VNI Mcast VNI-State

4096 224.0.11.11 DOWN


Configure VXLAN for Static and Ingress Replica Case Topology

1. Perform initial configurations on VTEP1.

a. Configure loopback 0 with an IP address.

For example: 1.1.1.1

b. Configure VLAN-1000 and make it active.

This action connects to the other VTEP.

c. Configure the extreme-ethernet interface.

For example: Ex 0/1 as a member port of VLAN-1000.

d. Configure the IP address to VLAN-1000.

For example: IP - 15.0.0.1 mask - 255.255.255.0

e. Configure VLAN-1000 and make it active.

This action connects to the host or VM.

f. Configure the extreme-ethernet interface.

For example: extreme-ethernet 0/2 as a member port of VLAN-100.

g. Add a static route to the remote-VTEP (for example: 2.2.2.2).







For example: Ex 0/1 as a member port of VLAN-1000.

d. Configure the IP address to VLAN-1000.





For example: Ex 0/2 as a member port of VLAN-100


3. Perform VXLAN configurations for static and ingress replica in VTEP1.




b. Enable the VXLAN feature.


c. Create an NVE interface.


d. Configure the source-VTEP IP.

For example, with loopback 0

SEFOS(config-if)# source-interface loopback 0

e. Make the admin status of NVE interface UP.



f. Make the NVE interface a member port of VLAN-100 by configuring VLAN-VNI

mapping.


SEFOS# vlan 100



4. Perform VXLAN configurations for static and ingress replica in VTEP2.



b. Enable the VXLAN feature.


c. Create an NVE interface.


d. Configure the source-VTEP IP.

For example, with loopback 0.

SEFOS(config-if)# source-interface loopback 0

e. Make the admin status of NVE interface UP.



f. Make the NVE interface a member port of VLAN-100 by configuring VLAN-VNI

mapping.


SEFOS# vlan 100




5. Perform static VXLAN configuration in VTEP1.





c. Configure NVE entry with the following values:






d. Exit global configuration mode.


6. Perform static VXLAN configuration in VTEP2.





c. Configure the NVE entry with the following values:






d. Exit Global Configuration mode.


7. Perform ingress replica VXLAN configuration in VTEP1.







● VTEP2-IP(loopback-IP or Interface-IP) as remote-VTEP-IP in ingress replica


SEFOS(config-if)# member vni 4096 remote-vtep-ipv4 2.2.2.2.




8. Perform ingress replica VXLAN configuration in VTEP2.







● VTEP2-IP(loopback-IP or Interface-IP) as remote-VTEP-IP in ingress replica

SEFOS(config-if)# member vni 4096 ingress-replication ipv4 1.1.1.1

Note: For dynamic remote VTEP learning, the following remote VTEP configuration is not required:




Configure VXLAN Dynamic Case Topology








d. Configure IP address to VLAN-1000.















d. Configure IP address to VLAN-2000.






3. Perform middle router configurations.

a. Configure VLAN-1000 and make it active.

This action connects to VTEP1.

b. Configure the extreme-ethernet interface.


c. Configure IP address to VLAN-1000.


d. Configure VLAN-2000 and make it active.


e. Configure the extreme-ethernet interface.


f. Configure IP address to VLAN-2000.


BGP Configuration

1. Perform BGP configurations on VTEP1.

You need to configure a routing protocol in the three routers to learn the routes between VTEPs. In

this document, iBGP routing protocol with AS number 100 is used on all the routers to route

packets between VTEP1 and VTEP2.

a. Configure BGP AS number.

For example: 100

b. Configure the middle router as the BGP neighbor.

2. Perform BGP configurations on VTEP2.

a. Configure the BGP AS number.


For example: 100

b. Configure the middle router as the BGP neighbor.

3. Perform middle router configurations.

a. Configure the BGP AS number.

For example: 100

b. Configure the two VTEPs as BGP neighbors.

IGMP and PIM Configuration

Enable the IGMP protocol globally in VTEP routers and on interfaces connected to the PIM router, which is responsible for routing the multicast packets to destination VTEP. Through this interface, VTEPs joins the particular multicast group.

Configure the PIM multicast protocol in core routers. For example, in this case the middle router. Enable PIM globally and on interfaces through which VTEPs join the IGMP multicast group. You can configure PIM in three modes, sparse mode, dense mode, and bi-directional mode.

VXLAN is tested with sparse mode on boards and mentioned as PIM sparse mode configurations in this document.

1. Perform IGMP configurations on VTEP1.

a. Enable IGMP globally.

b. Enable IGMP on the interface that is connected to the middle router (PIM - enabled

router).

2. Perform IGMP configurations on VTEP2.


b. Enable IGMP on the interface that is connected to the middle router (PIM - enabled

router).

3. Perform IGMP configurations on the middle router.


b. Enable IGMP on interfaces through which VTEPs join the IGMP group.

4. Perform PIM configurations.

a. Enable PIM globally and configure the PIM component.

b. Enable PIM and configure PIM component on interfaces through which VTEPs join

the IGMP group.

c. Configure PIM sparse mode.

d. Configure multicast group IDs range and rp-candidate.

For example: rp-candidate rp-address 224.0.11.11 255.255.255.255

15.0.0.2

e. Configure the rp-candidate hold time.

For example: 200


VXLAN Configurations

For configuration steps, see Step 3 and Step 4 in Configure VXLAN for Static and

Ingress Replica Case Topology.

Static VXLAN Configuration

For configuration steps, see Step 1, Step 2, Step 3, Step 4, Step 7, and Step 8 in

Configure VXLAN for Static and Ingress Replica Case Topology.

Ingress Replica VXLAN Configuration

For configuration steps, see Step 1, Step 2, Step 3, Step 4, Step 7, and Step 8 in

Configure VXLAN for Static and Ingress Replica Case Topology.

Multicast VXLAN Configuration

See Configure VXLAN for Static and Ingress Replica Case Topology.

1. Perform multicast VXLAN configuration in VTEP1.





c. Configure the multicast entry with the following values:

● VNI —For example: 4096

● Multicast group IP to be joined —For example: 224.0.11.11






2. Perform multicast VXLAN configuration in VTEP2.





c. Configure the multicast entry with the following values:

● VNI — for example: 4096


● Multicast group IP to be joined — for example: 224.0.11.11


Note: For dynamic remote VTEP learning, the following remote VTEP configuration is not required:




Configure Static Unicast-Based VXLAN (Script)

1. Configure static VXLAN on VTEP1.

configure terminal

set gvrp disable

set gmrp disable

interface vlan 1

sh

no ip addr

end

configure terminal

vlan 1

no ports

end

configure terminal

interface loopback 0

ip address 1.1.1.1 255.255.255.255

no shu

end

configure terminal

vlan 1000

ports Ex 0/1 untagged Ex 0/1


vlan active

end

configure terminal

interface Ex 0/1

sh

switchport pvid 1000

no sh

end

configure terminal

interface vlan 1000

ip addr 15.0.0.1 255.255.255.0

no sh

end

configure terminal

vlan 100

port add Ex 0/2 un Ex 0/2

exit

interface Ex 0/2

switchport pvid 100

no shu

exit

configure terminal

ip route 1.1.1.1 255.255.255.255 15.0.0.2

end

configure terminal

set vxlan enable

end

configure terminal


interface nve 1

source-interface loopback 0

no sh

end

configure terminal

interface nve 1

member vni 4096 static-vm-mac 00:04:02:03:04:01 remote-vtep-ipv4

2.2.2.2

end

configure terminal

vlan 100

mem vni 4096

end

2. Configure static VXLAN on VTEP2.

configure terminal

set gvrp disable

set gmrp disable

interface vlan 1

sh

no ip addr

end

configure terminal

vlan 1

no ports

end

configure terminal


ip address 2.2.2.2 255.255.255.255

no shu

end


configure terminal

vlan 1000


vlan active

end

configure terminal

interface Ex 0/1

sh


no sh

end

configure terminal

interface vlan 1000

ip addr 15.0.0.2 255.255.255.0

no sh

end

configure terminal

vlan 100


exit

interface Ex 0/2

switchport pvid 100

no shu

exit

configure terminal

ip route 2.2.2.2 255.255.255.255 15.0.0.1

end

configure terminal


set vxlan enable

end

configure terminal

interface nve 1


no sh

end

configure terminal

interface nve 1

member vni 4096 static-vm-mac 00:01:02:03:04:01 remote-vtep-ipv4

1.1.1.1

end

configure terminal

vlan 100

mem vni 4096

end

Configure Dynamic Multicast-Based VXLAN (Script)

1. Configure dynamic VXLAN on VTEP1.

configure terminal

set gvrp disable

set gmrp disable

set ip igmp enable

interface vlan 1

sh

no ip addr

end


configure terminal

vlan 1

no ports

end

configure terminal


ip address 1.1.1.1 255.255.255.255

no shu

end

configure terminal

vlan 1000


vlan active

end

configure terminal

interface Ex 0/1

sh


no sh

end

configure terminal

interface vlan 1000

set ip igmp enable

ip addr 15.0.0.1 255.255.255.0

no sh

end

configure terminal

vlan 100



exit

interface Ex 0/2

switchport pvid 100

no shu

exit

configure terminal

router bgp 100

redistribute connected

neighbor 15.0.0.2 remote-as 100

neighbor 15.0.0.2 update-source 15.0.0.1

end

configure terminal

set vxlan enable

end

configure terminal

interface nve 1


no sh

end

configure terminal

interface nve 1

member vni 4096 multicast-group-ipv4 224.0.11.11

end

configure terminal

vlan 100

mem vni 4096

end

2. Configure dynamic VXLAN on VTEP2.

configure terminal


set gvrp disable

set gmrp disable

set ip igmp enable

interface vlan 1

sh

no ip addr

end

configure terminal

vlan 1

no ports

end

configure terminal


ip address 2.2.2.2 255.255.255.255

no shu

end

configure terminal

vlan 2000


vlan active

end

configure terminal

interface Ex 0/1

sh


no sh

end

configure terminal

interface vlan 2000

set ip igmp enable


ip addr 16.0.0.1 255.255.255.0

no sh

end

configure terminal

vlan 100


exit

interface Ex 0/2

switchport pvid 100

no shu

exit

configure terminal

router bgp 100




end

configure terminal

set vxlan enable

end

configure terminal

interface nve 1


no sh

end

configure terminal

interface nve 1

member vni 4096 multicast-group-ipv4 224.0.11.11

end


configure terminal

vlan 100

mem vni 4096

end

Configure the Middle Router (Script)

Configure the middle router.

configure terminal

set gvrp disable

set gmrp disable

set ip igmp enable

sh span

interface vlan 1

sh

no ip addr

end

configure terminal

vlan 1

no ports

end

configure terminal

set ip pim enable

ip pim component 1

rp-candidate holdtime 90

end

configure terminal

vlan 1000



vlan active

exit

vlan 2000


vlan active

exit

end

configure terminal

interface Ex 0/1

sh

speed 10000

switchport accep untagg

switchport mode access


no sh

end

configure terminal

interface Ex 0/2

sh

speed 10000

switchport accep untagg

switchport mode access


no sh

end

configure terminal

interface vlan 2000

set ip igmp enable

ip addr 16..0.0.2 255.255.255.0

no sh

ip pim component 1


exit

interface vlan 1000

set ip igmp enable

ip addr 15.0.0.2 255.255.255.0

no sh

ip pim component 1

ip pim bsr-candidate 40

exit


ip addr 1.1.200.200 255.255.255.255

no sh

end

configure terminal

ip pim component 1

set mode sparse

rp-candidate rp-address 224.0.11.11 255.255.255.255 15.0.0.2

rp-candidate holdtim 200

end

configure terminal

router bgp 100






end

Configure Ingress Replication (Script)

1. Configure ingress replication on VTEP1.

configure terminal


set gvrp disable

set gmrp disableinterface vlan 1

sh

no ip addr

end

configure terminal

vlan 1

no ports

end

configure terminal


ip address 1.1.1.1 255.255.255.255

no shu

end

configure terminal

vlan 1000


vlan active

end

configure terminal

interface Ex 0/1

sh


no sh

end

configure terminal

interface vlan 1000ip addr 15.0.0.1 255.255.255.0

no sh

end


configure terminal

vlan 100


exit

interface Ex 0/2

switchport pvid 100

no shu

exit

configure terminal

ip route 1.1.1.1 255.255.255.255 15.0.0.2

end

configure terminal

set vxlan enable

end

configure terminal

interface nve 1


no sh

end

configure terminal

interface nve 1

member vni 4096 ingress-replication ipv4 2.2.2.2

end

configure terminal

vlan 100

mem vni 4096

end

2. Configure ingress replication on VTEP2.

configure terminal


set gvrp disable

set gmrp disableinterface vlan 1

sh

no ip addr

end

configure terminal

vlan 1

no ports

end

configure terminal


ip address 2.2.2.2 255.255.255.255

no shu

end

configure terminal

vlan 1000


vlan active

end

configure terminal

interface Ex 0/1

sh


no sh

end

configure terminal

interface vlan 1000ip addr 15.0.0.2 255.255.255.0

no sh

end


configure terminal

vlan 100


exit

interface Ex 0/2

switchport pvid 100

no shu

exit

configure terminal

ip route 2.2.2.2 255.255.255.255 15.0.0.1

end

configure terminal

set vxlan enable

end

configure terminal

interface nve 1


no sh

end

configure terminal

interface nve 1

member vni 4096 ingress-replication ipv4 1.1.1.1

end

configure terminal

vlan 100

mem vni 4096

end

Documents

SEFOS VXLAN Administration Guide - OracleVXLAN transports MAC frames generated by VMs in isolated Layer 2 networks over an IP network. VXLAN enables Layer 2 communication of VMs across