Sharing session of cisco BRKDCN 1.6.4.5.pdf

Rahul Parameswaran, Technical Marketing Engineer
BRKDCN-1645
Introduction to VXLAN
The future path of your
datacenter

Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
Find this session in the Cisco Events Mobile App
Click “Join the Discussion”
Install Webex Teams or go directly to the team space
Enter messages/questions in the team space
How
1
2
3
4
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco WebexTeams
BRKDCN-1645 3

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
•Prerequisites
•Good understanding of Unicast Routing Protocols –OSPF/ISIS
•Knowledge of Multi protocol BGP (MP-BGP)
•Basics of Multicast forwarding and PIM
•Use Cisco WebEx Teams for Questions
•Watch out for the hidden slides ☺
4
A few things..
BRKDCN-1645

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
•A short overview on Data Center Evolution
•Introduction to Overlays and VXLAN
•Understanding how MP-BGP is used as a control plane
•Packet Walk with VXLAN
•Design options and additional use cases
5
Session Objective
BRKDCN-1645

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
▪Data Center evolution
▪Overlay Taxonomy
▪VXLAN with MP-BGP EVPN Control Plane
▪Packet Walk
▪VXLAN Design Options
▪Use cases
6BRKDCN-1645

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Data Center “Fabric” Journey
7BRKDCN-1645Layer-2
Layer-2 Layer-2
Layer-2 Layer-2
Layer-2 Layer-2
Hypervisor HypervisorHypervisor HypervisorBaremetal Baremetal BaremetalBaremetal Hypervisor Hypervisor
Spanning-Tree
Layer-3
Layer-2
HSRP HSRP SpineSpine Spine Spine
VTEP VTEP VTEP
HypervisorHypervisor Hypervisor BaremetalBaremetal BaremetalBaremetalHypervisor Hypervisor Hypervisor
VPC
VTEP VTEP
VPC
VTEP VTEPLayer 3
Layer 2
ACI

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why VXLAN Overlay
8BRKDCN-1645
Customer Needs VXLAN Delivered
Anyworkload anywhere –VLANs limited
by L3 boundaries
Any Workload anywhere-acrossLayer
3 boundaries
VM Mobility Seamless VM Mobility
Scale above4k Segments (VLAN
limitation)
Scale up to 16M segments
Efficient use of bandwidth
Leverages ECMP for optimal path usage
over the transport network
Secure Multi-tenancy Traffic & Address Isolation

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Overlay Taxonomy
9BRKDCN-1645
Overlay Control Plane
Encapsulation
Identifier = VN Identifier (VNID)
NVE = Network Virtualisation Edge
VTEP = VXLAN Tunnel End-Point
Underlay Control Plane
Underlay Network
Hosts
(end-points,
physical or
virtual)
Edge Devices (NVE)
Edge Device (NVE)
VTEPs

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Packet
10BRKDCN-1645
•VXLAN is point to multi-point tunneling mechanism to extend Layer 2 networks over an IP network
•VXLAN uses MAC in UDP encapsulation (UDP destination port 4789)
Outer
MAC
DA
Outer
MAC
SA
Outer
802.1Q
Outer
IP DA
Outer
IP SA
Outer
UDP
VXLAN
ID
(24 bits)
Inner
MAC
DA
Inner
MAC
SA
Optiona
l Inner
802.1Q
Original
Ethernet
Payload
CRC
VXLAN Encapsulation Original Ethernet Frame
CRC
DATA
PLANE
Host
1
Host
2
Host
3
Switch 1
Host
4
Host
5
Host
6
Switch 2
IP Network
Ethernet Frames
IP/UDP Packets
NETWORKOVERLAY
Host
7
Host
8
Host
9
Switch 3
VXLAN Tunnel

Lets Build a
VXLAN Fabric

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Fabric –Creating the underlay network
12BRKDCN-1645
IP routed Network
•Support any routing protocols ---OSFP, IS-IS, BGP, etc.
•Flexible topologies
•Recommend a network with redundant paths using ECMP for load sharing
•All proven best practices for IP routing network apply
Leaf
Spine
router ospf1
interface Ethernet1/50
mtu9216
ipaddress 192.168.1.10/31
iprouter ospf1 area 0.0.0.0
ippimrp-address 10.237.1.1 group -list
224.0.0.0/4
interface Ethernet1/49
ipaddress 192.168.1.0/31
mtu9216
ippimsparse-mode
ippimrp-address 10.237.1.1 group -list 224.0.0.0/4
ippimanycast-rp10.237.1.1 10.255.255.101
ippimanycast-rp10.237.1.1 10.255.255.102
AnyCast RP

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Two Modes of VXLAN
13BRKDCN-1645
Flood-and-Learn VXLAN:
•No control plane
•Data driven flood and learning
→Ethernet inthe overlay network
•Limited scale
•Limited workload mobility
•Centralized Gateway
•Security Risk
VXLAN EVPN:
•EVPN as control plane
•VTEPs exchange L2/L3 host and
subnet reachability through EVPN
control plane
→Routing protocol for both L2 and L3
forwarding
•Increased scale and stability
•Optimized workload mobility
•Distributed Anycast Gateway
•Increased Security

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN BUM Traffic Handling
14BRKDCN-1645
BUM Traffic transport mechanisms
•Multicast replication
Requests the underlay network to run IP multicast
•Ingress unicast replication
One unicast replica per remote VTEP
Increase traffic load throughout the network
•BUM Traffic ---Multi-destination traffic
•Broadcast
•Unknown Layer-2 Unicast
•Multicast

VXLAN with BGP
EVPN Control
Plane

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN Primer ---MP-BGP Review
16BRKDCN-1645
Virtual Routing and Forwarding (VRF)
Layer-3 segmentation for tenants’ routing
space
Route Distinguisher (RD):
8-byte field, VRF parameters; unique value to
make VPN IP routes unique: RD + VPN IP prefix
Selective distribute VPN routes:
Route Target (RT): 8-byte field, VRF parameter,
unique value to define the import/export rules
for VPNv4 routes
VPN Address-Family:
Distribute the MP-BGP VPN routes
Blue VPN
BGPadvertisement:
VPN-IPv4Addr= RD:16.1/16
BGPNext-Hop = PE1
Route Target = 100:1
P
PE1
eBGP:
16.1/16
IP Subnet
P
CE1
PE2
eBGP:
16.1/16
IP Subnet
ipvrfblue-vpn
RD 1:100
route-target export 1:100
route-target import 1:100
VRFparameters:
Name = blue-vpn
RD = 1:100
Import Route-Target = 100:1
Export Route-Target = 100:1

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is VXLAN/EVPN?
17BRKDCN-1645
•Standards based Overlay (VXLAN) with Standards based Control-Plane (BGP)
•Layer-2 MAC and Layer-3 IP information distribution by Control-Plane (BGP)
•Forwarding decision based on Control-Plane (minimizes flooding)
•Integrated Routing/Bridging (IRB) for Optimized Forwarding in the Overlay
Control-
Plane
EVPN MP-BGP -RFC 7432
Data-
Plane
Multi-Protocol Label Switching (MPLS)
draft-ietf-l2vpn-evpn
Provider Backbone Bridges
(PBB)
draft-ietf-l2vpn-pbb-evpn
Network Virtualization Overlay (NVO)
draft-sd-l2vpn-evpn-overlay
➢EVPN over NVO Tunnels (VXLAN, NVGRE, MPLSoE) for Data Center Fabric encapsulations
➢Provides Layer-2 and Layer-3 Overlays over simple IP Networks

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Layer 2 Multi-tenancy
18BRKDCN-1645
Switch level multi-tenancy
•VLAN to Segment ID mapping
(4K vlansper switch)
•With VLAN we can achieve
per port significance

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Layer 3 Multi-tenancy
19BRKDCN-1645
Leaf
VTEPVTEPVTEPVTEP
Spine
VRF VRF VRF
Tenants or VRF for L3 logical separation

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN based VXLAN Fabric
20BRKDCN-1645
RR
RP
EVPN Route Reflector
Rendezvous Point (Underlay)
Leaf
VTEPVTEPVTEPVTEP
Spine
VTEP
Service Leaf Border Leaf
VXLAN/EVPN Fabric
RR RRRPRP
MP-iBGPSessions
Compute Leaf
! spine bgpconfig
router bgp65001
router-id 10.1.0.5
neighbor 10.1.0.1
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
! leaf bgpconfig
router bgp65001
router-id 10.1.0.4
neighbor 10.1.0.5
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
vrfVRF-RED
address-family ipv4 unicast
advertise l2vpn evpn
address-family ipv6 unicast
advertise l2vpn evpn
vrfVRF-BLUE
address-family ipv4 unicast
advertise l2vpn evpn
address-family ipv6 unicast
advertise l2vpn evpn
VRF VRF

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
▪Use MP-BGP with EVPN Address Family on leaf nodes to distribute
internal host MAC/IP addresses, subnet routes and external reachability
information
▪MP-BGP enhancements to carry up to 100s of thousands of routes with
reduced convergence time
BGP Update
•Host-MAC
•Host-IP
•Internal IP Subnet
•External Prefixes
MP-BGP for VXLAN EVPN Control Plane
EVPN Control Plane –Reachability Distribution
21BRKDCN-1645
•EVPN Control Plane --Host and Subnet Route Distribution
Leaf VTEPVTEPVTEPVTEP
Spine

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configuration Snippet
22BRKDCN-1645
Leaf VTEPVTEPVTEPVTEP
Spine
Host 1
H-MAC-1
H-IP-1
VLAN 10
VXLAN 5010
Host 2
H-MAC-2
H-IP-2
VLAN 20
VXLAN 5020
Vlan10
vn-segment 5010
Vlan20
vn-segment 5020
Vlan1000
!Layer 3 VNI
vn-segment 9999
Vlan2000
!Layer 3 VNI
vn-segment 9998
interface Vlan10
no shutdown
vrfmember VRF-RED
ipaddress 192.168.10.254/24 tag 12345
ipv6 address 2001::1/64 tag 12345
fabric forwarding mode anycast -gateway
interface Vlan20
no shutdown
vrfmember VRF-BLUE
ipaddress 192.168.20.254/24 tag 12345
ipv6 address 2002::1/64 tag 12345
fabric forwarding mode anycast -gateway
interface nve1
source-interface loopback0
host-reachability protocol bgp
member vni5010
mcast-group 239.1.1.1
member vni5020
mcast-group 239.1.1.1
member vni9999 associate-vrf
member vni9998 associate-vrf
Host 3
H-MAC-3
H-IP-3
VLAN 10
VXLAN 5010
VRF VRF
vrfcontext VRF-RED
vni9999
rdauto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
evpn
vni5010 l2
rdauto
route-target both auto
vrfcontext VRF-BLUE
vni9998
rdauto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
evpn
vni5020 l2
rdauto
route-target both auto
Layer 3 VNI
Layer 2 VNI
Layer 3 VNI
Map L2VNI to
NVE
Associate L3VNI
to NVE

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Distributed AnycastGateway in MP-BGP EVPN
23BRKDCN-1645
Host 1
MAC1
IP 1
VLAN A
VXLAN A
VTEP
VTEP
VTEPVTEP
SVI
GW IP
GW MAC
# VLAN to VNI mapping
vlan20
vn-segment 5020
# Anycast Gateway MAC, identically configured on all VTEPs
fabric forwarding anycast -gateway-mac 0002.0002.0002
# Distributed IP Anycast Gateway (SVI)
# Gateway IP address needs to be identically configured on all
VTEPs
interface vlan20
no shutdown
vrf member VRF-BLUE
ip address 192.168.20.254/24
ipv6 address 2002::1/64
fabric forwarding mode anycast -gateway
SVI
GW IP
GW MAC
SVI
GW IP
GW MAC
SVI
GW IP
GW MAC
Host 2
MAC2
IP 2
VLAN A
VXLAN A
Host 3
MAC3
IP 3
VLAN A
VXLAN A
Host 4
MAC4
IP 4
VLAN A
VXLAN A
The same anycast gateway virtual
IP address and MAC address are
configured on all VTEPs in the VNI.

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VTEP-2
End System B
MAC-B
IP-B
Multicast Group
239.1.1.1
VTEP 1
IP-1
MAC-1
VTEP 2
IP-2
MAC-2
VTEP 3IP
-
3
MAC
-
3
VTEP-1
End System A
MAC-A
IP-A
VTEP
-
3
End System End System
VXLAN VNID: 5010
Outer S-IP: IP-1
Outer D-IP: 239.1.1.1
S-MAC: MAC-1
D-MAC:
01:00:5E:01:01:01
ARP Request for IP B
SrcMAC: MAC-A
DstMAC:
FF:FF:FF:FF:FF:FF
UDP
2
2
ARP Request for IP B
SrcMAC: MAC-A
DstMAC: FF:FF:FF:FF:FF:FF
3
3
ARP Request for IP B
SrcMAC: MAC-A
DstMAC: FF:FF:FF:FF:FF:FF
ARP Response from IP
B
SrcMAC: MAC-B
DstMAC: MAC-A
4
VXLAN VNID: 5010
Outer S-IP: IP-2
Outer D-IP: IP-1
S-MAC: MAC-2
D-MAC: MAC-1
ARP Response
from IP B
SrcMAC: MAC-B
DstMAC: MAC-
A
UDP
5
6
ARP Response from IP
B
SrcMAC: MAC-B
DstMAC: MAC-A
7
ARP Request for IP B
SrcMAC: MAC-A
DstMAC: FF:FF:FF:FF:FF:FF
1
2
BGP EVPN Type-2 MAC
update
Advertises MAC-A with
NH:IP-1 (VTEP-1) L2VNI
Overlay Forwarding Table
Host1 <MAC-A> , VTEP 1, L2-VNI
Overlay Forwarding Table
Host1 <MAC-A> , VTEP 1, L2-VNI
EVPN Peer and Endpoint(Host) Discovery
Triggered by Host Communication across the same VLAN/VNI (L2)

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN Peer and Endpoint(Host) Discovery
25BRKDCN-1645
Triggered by Host Communication between VLAN/VNI (L3)
VTEP-2
End System B
MAC-B
IP-B
Multicast Group
239.1.1.1
VTEP 1
IP-1
MAC-1
VTEP 2
IP-2
MAC-2
VTEP 3IP
-
3
MAC
-
3
VTEP-1
End System A
MAC-A
IP-A
VTEP
-
3
End System End System
ARP Response from
VTEP1
SrcMAC: GW-MAC
DstMAC: MAC-A
2
ARP Request for anycast
GW at VTEP1
SrcMAC: MAC-A
DstMAC: FF:FF:FF:FF:FF:FF
SrcIP : IP-A
1
2
BGP EVPN Type-2 MAC +Host IP update
Advertises MAC-A, IP-A with NH:IP-1
(VTEP-1) Router MAC:MAC-1 L2VNI, L3VNI
Overlay Forwarding Table
Host1 <IP-A> , VTEP 1, L3-VNI
Overlay Forwarding Table
Host1 <IP-A> , VTEP 1, L3-VNI

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Packet Walk
26BRKDCN-1645
Communication between hosts in same VLAN/VNI
Underlay
Router-1
Host-A
Host-B
MAC-A
IP-A:
192.168.10.1
0
Vlan10
VNI 5010
MAC-B
IP-B:
192.168.10.20
Vlan10
VNI 5010
MAC-1
IP-1:
165.123.1.1
MAC-4
IP-4:
140.123.1.1
MAC-2
IP-2:
165.123.1.2
MAC-3
IP-3:
140.123.1.2
VXLAN VNID: 5010 (L2 VNI)
Outer S-IP: IP-1
Outer D-IP: IP-4
Outer S-MAC: MAC-1
Outer D-MAC: MAC-2
S-IP: IP-A
D-IP: IP-B
S-MAC: MAC-A
D-MAC: MAC-B
UDP
UDP
VXLAN VNID: 5010
Outer S-IP: IP-1
Outer D-IP: IP-4
Outer S-MAC: MAC-3
Outer D-MAC: MAC-4
S-IP: IP-A
D-IP: IP-B
S-MAC: MAC-A
D-MAC: MAC-B
IP Network
VXLAN VNID 5010
Underlay
Router-2
VTEP-1
VTEP-2
S-IP: IP-A
D-IP: IP-B
S-MAC: MAC-A
D-MAC: MAC-B
1
2
S-IP: IP-A
D-IP: IP-B
S-MAC: MAC-A
D-MAC: MAC-B
5
3
Routed Based on
Outer IP header
4

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Packet Walk
27BRKDCN-1645
Communication between hosts in different VLAN/VNI
Underlay
Router-
1
Host-A
Host-B
MAC-A
IP-A:
192.168.10.10
Vlan10,
VNI 5010
MAC-B
IP-B:
192.168.20.10
Vlan20,
VNI 5020
MAC-1
IP-1:
165.123.1.1
MAC-4
IP-4:
140.123.1.1
MAC-2
IP-2:
165.123.1.2
MAC-3
IP-3:
140.123.1.2
VXLAN VNID: 9999 (L3
VNI)
Outer S-IP: IP-1
Outer D-IP: IP-4
Outer S-MAC: MAC-1
Outer D-MAC: MAC-2
S-IP: IP-A
D-IP: IP-B
S-MAC: MAC-1
D-MAC: MAC-4
UDP
UDP
VXLAN VNID: 9999
Outer S-IP: IP-1
Outer D-IP: IP-4
Outer S-MAC: MAC-3
Outer D-MAC: MAC-4
S-IP: IP-A
D-IP: IP-B
S-MAC: MAC-1
D-MAC: MAC-4
IP Network
VXLAN L3 VNID 9999 (Tenant VRF A)
Underlay
Router-
2
VTEP-1
(L3 GW)
VTEP-2
(L3 GW)
S-MAC: MAC-A
D-MAC: GW-MAC
S-IP: IP-A
D-IP: IP-B 1
2
S-IP: IP-A
D-IP: IP-B
S-MAC: MAC-4
D-MAC: MAC-B
5
3
Routed Based on
Outer IP header
4

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
1. Host 1 attaches to VTEP-1
VXLAN BGP Control Plane
Leaf
Spine
NLRI:
•Host H-MAC-1, H-IP-1
•NVE VTEP-1
•VNI 5000
Ext. Community:
•Encapsulation: VXLAN
•Cost
•Sequence number :0
Host 1
H-MAC-1
H-IP-1
VLAN 10
VXLAN 5000
EVPN Control Plane ---VM Mobility
28BRKDCN-1645
VTEP-4VTEP-3VTEP-2VTEP-1
MAC IP VNI Next-Hop Encap Seq#
H-MAC-
1
H-IP-1 5000 VTEP-1 VXLAN 0
2. VTEP-1 detects Host1 and advertises H1 with seq#0
3. Other VTEPs learn about the host route of Host 1

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
1. Host 1 moves to VTEP-3 from VTEP-1
VXLAN BGP Control Plane
Leaf
Spine
Host 1
H-MAC-1
H-IP-1
VLAN 10
VXLAN 5000
EVPN Control Plane ---VM Mobility
29BRKDCN-1645
VTEP-4VTEP-3VTEP-2VTEP-1
MAC IP VNI Next-Hop Encap Seq#
H-MAC-
1
H-IP-1 5000 VTEP-3 VXLAN 1
2. VTEP-3 detects Host 1, sends MP-BGP update for Host 1 with its own VTEP address and a new seq#1
3. Other VTEPs learn about the new route of Host 1 fromVTEP 3 with a higher sequence number and prefer
that update
NLRI:
•Host H-MAC-1, H-IP-1
•NVE VTEP-3
•VNI 5000
Ext. Community:
•Encapsulation: VXLAN
•Cost
•Sequence number: 1

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN Control Plane ---ARP Suppression
30BRKDCN-1645
Minimize flood-&-learn behavior for host learning
Leaf
Spine
Host 1
H-MAC1
H-IP 1
VLAN 10
VXLAN 5000
Host 2
H-MAC-2
H-IP-2
VLAN 10
VXLAN 5000
Host-1 sends ARP
Request for H-IP-2
1
VTEP
1
VTEP
2
VTEP
3
VTEP
4
MAC IP VNI Next-
Hop
Encap Seq
H-MAC-
2
H-IP-2 5000 VTEP-3 VXLAN 0
VTEP-1 receives and intercepts the ARP
Request. Checks in its own host table.
•If it has an match for H-IP-2, it’ll send ARP
response on behave of Host-2
•If it doesn’t have a match for H-IP-2, it’ll
forward the ARP request to remote VTEPs
via multicast encapor head-end replication
2

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Functions of VXLAN/EVPN
31BRKDCN-1645
Host/Network
Reachability
Advertisement
Distributed
AnycastGateway
Advertise host/network reachability information
through control protocol (MP-BGP)
Authenticate VTEPs through BGP peer
authentication
Seamless and Optimal vm-mobility
ARP Suppression
Early ARP termination
Localize ARP learning process
Minimize network flooding
VTEP Security &
Authentication

Design Options
and Use case

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Fabric Design with MP-iBGP EVPN
33BRKDCN-1645
Leaf
VTEPVTEPVTEPVTEP
VTEP VTEP
Spine
RRRR
VXLAN Overlay
MP-iBGP EVPN
MP-iBGP Sessions
•VTEP Functions are on leaf layer
•Spine nodes are iBGProute reflector
•Spine nodes don’t need to be VTEP
VTEPVTEPVTEPVTEP

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Fabric Design with MP-eBGP EVPN
34BRKDCN-1645
•VTEP Functions are on leaf layer
•Spine nodes are MP-eBGPPeers to VTEP leafs
•Spine nodes don’t need to be VTEP
•VTEP leafs can be in the same or different BGP AS’s
Leaf
VTEPVTEPVTEPVTEP
VTEP VTEP
Spine
MP-eBGP Sessions
AS 65001 AS 65002 AS 65003 AS 65004 AS 65005 AS 65006
AS 65000

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Fabric -External Routing
35BRKDCN-1645
Leaf
VTEPVTEPVTEPVTEP
VTEP VTEP
Spine
Global Default VRF
Or User Space VRFs
Border Leaf
VXLAN Overlay
EVPN MP-BGP
IP Routing
Routing
Protocol
of
Choice
VXLAN Overlay
EVPN VRF/VRFs Space

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Fabric –Service Insertion
36BRKDCN-1645
Transparent Firewall : Inspect and then bridge Traffic between “dirty” VLAN and “clean” VLANFirewall as a default gateway : Centralized Gateway-Firewall bottleneck
Tenant Edge Firewall: Traffic between Tenants/VRFs routed via the firewall

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Fabric –Service Insertion
37BRKDCN-1645
VXLAN EVPN
VTEP VTEP VTEP VTEP
Border Border
•Load Balancer Integration
•Load Balancer peer with
fabric using EBGP
•Injects VIP via RHI
Advertise VIP
x.x.x.x/32
Outside
Client

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Fabric –Selective Traffic Redirection
38BRKDCN-1645
Host A (VLAN 10)
192.168.10.101
Host B (VLAN 20)
192.168.20.101
VXLAN EVPN
VTEP VTEP VTEP VTEP
Border Border
Firewall
•Leverages Policy Based
Redirect
•Inter VLAN traffic bypass
default routing lookup
and redirected
•Service Redirection to
Load Balancers, Firewalls
etc.
Redirect HTTP only

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Fabric –Centralized Route Leaking
39BRKDCN-1645
Extranet Support
External
Network
Baremetal
Host A
192.168.10.101
Baremetal
Host B
192.168.20.102
Baremetal
Host C
192.168.30.103
VXLAN EVPN
VTEP VTEP VTEP VTEP
Border Border
VRF
Tenant1
VRF
Tenant2
•Use Cases –Shared Services,
External Connectivity
•VRF to VRF or VRF to Default
•Centralize Location for leaking
routes

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Fabric –Private VLAN over VXLAN
40BRKDCN-1645
Private VLAN with VXLAN
•Extending Private VLAN over VXLAN
•Sub-VLAN Segmentation
•Availability of 2
nd
VLAN Modes
•Community VLAN across VXLAN
•Promiscuous VLAN across VXLAN
•Isolate VLAN localized but extended
across VXLAN
Spine Spine
VTEP VTEP VTEP VTEP
ServerServer Server Server
L2VNI 30200
Community
VLAN 200
Community
VLAN 201
Isolate
L2VNI 30201
Isolate

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Fabric –VXLAN Pseudo wire(Xconnect)
41BRKDCN-1645
Spine Spine
VTEP VTEP VTEP VTEP
Switch 1 Switch 2
VXLAN
Pseudo-Wire
Slow Protocols
VXLAN Pseudo-Wire
•Cross-Connect (X-Connect) concept
•Point-2-Point
•Enables Protocol Tunneling for
•STP, CDP, LLDP, PAGP, LACP, BFD

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enhanced dual-homing solution
without wasting physical ports
Preserve traditional vPCcharacteristics
Peerlink-Less VPC
42BRKDCN-1645

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Fabric –Tenant Routed Multicast
43BRKDCN-1645
Spine Spine
VXLAN EVPN
VTEP VTEP VTEP VTEP
DR DRDR
Baremetal
SRC-10
239.10.10.10
10.10.10.100
Baremetal
RCVR-20
10.20.20.20
Baremetal
RCVR-30
10.30.30.30
Baremetal
RCVR-11
10.10.10.11
Baremetal
RCVR-10
10.10.10.10
Baremetal
SRC-99
239.10.10.99
10.30.30.199
Baremetal
RCVR-40
10.40.40.40
DR
VRF
Tenant1

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Site 1
Fault
Containment
Convergence
independent of
Network Size
Separate Admin
Domains
Single Box
Site 2
Scale through Hierarchical Forwarding
Site 1 VXLAN Tunnel Site 2 VXLAN TunnelOverlay Multi-Site
VXLAN EVPN Multi-Site
44BRKDCN-1645
Border
Gateways
Border
Gateways

Summary

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Summary
•VXLAN enables scalable Data Center fabrics
•BGP EVPN with VXLAN provides a robust control plane enabling multi-tenancy, VM
mobility , optimizing traffic forwarding
•Seamless integration with service nodes such as Firewalls and Load balancers and
ability to provide shared services
•Fabric can cater to multicast traffic in the overlay
•VXLAN as a DCI with Multi-Site
46BRKDCN-1645

#CLEMEA
BRKDCN-1645
Introduction
VXLAN
14:30
BRKDCN-1687
Introduction
DCNM
15:45
Tuesday
Tuesday
BRKDCN-2939
Easy NXOS Fabric
(VXLAN)
17:00
Tuesday
11:00
Wednesday
BRKDCN-2035
VXLAN
Multi-Site
Fabric Technology
08:30
Thursday
11:15
Thursday
09:00
Friday
BRKDCN-3378
Building
VXLAN Datacenters
09:30
TuesdayKeynote
Keynote
17:00
Thursday
Cisco Live
Celebration
18:30
BRKDCN-3346
End to End QoS
11:30
Friday
14:45
Wednesday
BRKDCN-2218
Mid-Size DC
Design
BRKDCN-2304
VXLAN
L4/L7 Services
BRKDCN-2025
Automation of
NXOS Fabrics
BRKDCN-2458
NXOS Operations
& practices
11:00
Tuesday
08:30
Wednesday
BRKDCN-2249
VXLAN VPC
16:45
BRKDCN-3001
Micro-Segmentation
in the DC
Wednesday
14:45BRKDCN-2712
Insights
w/Analytics
NXOS

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Building your VTEP
(VXLAN Tunnel End-Point)
48BRKDCN-1645
# Features & Globals
feature bgp
feature nvoverlay
nvoverlay evpn
# Spine (S
1
)
# Leaf (V
1
)
interface nve1
source-interface loopback0
host-reachability protocol bgp
*Simplified BGP configuration; would have 4 BGP peers (RR)
IGP not shownV
2
V
1
V
3
iBGP
RR RR RR RR
Enables VTEP (only required on Leaf or Border)
Enables EVPN Control-Plane in BGP
Configure the VTEP interface
Enable BGP for Host reachability
Use a Loopback for Source Interface
FYI

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Building your EVPN MP-BGP Control-Plane
49BRKDCN-1645
# Features & Globals
feature bgp
feature nvoverlay
nvoverlay evpn
# Spine (S
1
)
router bgp65500
router-id 10.10.10.1
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 10.10.10.0/24 remote -as 65500
update-source loopback0
address-family l2vpn evpn
send-community both
route-reflector-client
# Leaf (V
1
)
router bgp65500
router-id 10.10.10.10
address-family ipv4 unicast
neighbor 10.10.10.1 remote -as 65500
update-source loopback0
address-family l2vpn evpn
send-community both
*V
2
V
1
V
3
iBGP
RR RR RR RR
Enables EVPN Control-Plane in BGP
Activate L2VPN EVPN under each BGP neighbor
Send Extended BGP Community
to distribute EVPN route attributes
FYI

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Extend your VLAN to VXLAN
•VLAN to VNI configuration on a per-Switch
based
•VLAN becomes “Switch Local Identifier”
•VNI becomes “Network Global Identifier”
•4k VLAN limitation per-Switch does still
apply
•4k Network limitation has been removed
•VLAN can be port-significant. The same vlan
on different ports can be mapping to
different VNIs.
# Features
feature vn-segment-vlan-based
# VLAN to VNI mapping (MT -Lite)
Vlan10
vn-segment 5010
# Activate Layer-2 VNI for EVPN
evpn
vni5010 l2
rdauto
route-target import auto
route-target export auto
# Activate Layer-2 VNI on VTEP
interface nve1
source-interface loopback0
host-reachability protocol bgp
member vni5010
mcast-group 239.239.239.100
suppress-arpVLAN
VLAN VNI
Multi-Tenancy Lite (MT-Lite)
ethernet vxlan
VLAN to Layer-2 VNI mapping
Enables EVPN Control-
Plane for Layer-2
Services
Enables Layer-2 VNI
on VTEP and suppress
ARP
Alternative is to use
“ingress-replication
protocol bgp”
FYI
BRKDCN-1645 50

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Distributed AnycastGateway for Extended VLANs
51BRKDCN-1645
•All VTEPs in a VXLAN are the distributed anycastgateway for its IP subnet.
•All VTEPs in a VXLAN need to be configured with an identical anycastgateway virtual MAC
address
•All VTEPs in a VXLAN need to be configured with an identical anycastgateway virtual IP address# VLAN to VNI mapping
vlan200
vn-segment 5200
# AnycastGateway MAC, identically configured on all
VTEPs
fabric forwarding anycast-gateway-mac 0002.0002.0002
# Distributed IP AnycastGateway (SVI)
# Gateway IP address needs to be identically
configured on all VTEPs
interface vlan200
no shutdown
vrfmember VRF-A
ipaddress 20.0.0.1/24
fabric forwarding mode anycast-gateway
One gateway virtual MAC per VTEP
One gateway virtual IP per VLAN/VXLAN
FYI

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Routing in VXLAN –Define the Resources
52BRKDCN-1645
Configuration Example for VRF-A
# Define VLAN for VRF routing instance
Vlan 999
vn-segment 9999
# Define SVI for VRF routing instance
interface Vlan999
no shutdown
mtu9216
vrfmember VRF-A
ipforward
# VRF configuration for “customer” VRF
vrfcontext VRF-A
vni9999
rdauto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
VLAN to Layer-3 VNI mapping
VLAN to Layer-3 VNI mapping
-ipforward required for prefix-
based routing
VRF context definition
-VNI
-Route-Distinguisher
-Route-Targets
-IPv4 and/or IPv6
FYI
VTE
P
VTE
P
VTE
P
VTE
P
Layer-3 VNI
(VNI 9999 / VLAN 999)
Layer-2 VNI
(Network VNI)
Layer-2 VNI
(Network VNI)
1:1 mapping between L3 VNI
and tenant VRF

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VTE
P
VTE
P
VTE
P
VTE
P
Layer-3 VNI
(VNI 9999 / VLAN 999)
Layer-2 VNI
(Network VNI)
Layer-2 VNI
(Network VNI)
1:1 mapping between L3 VNI
and tenant VRF
Routing in VXLAN –Configure the Routing
53BRKDCN-1645
Configuration Example for VRF-A
# Activate Layer-3 VNI on VTEP
interface nve1
source-interface loopback0
host-reachability protocol bgp
member vni5010
mcast-group 239.239.239.100
suppress-arp
member vni9999 associate-vrf
# Route-Map for Redistribute Subnet
route-map REDIST-SUBNET permit 10
match tag 12345
# Control-Plane configuration for VRF (Tenant)
router bgp65500
…
vrfVRF-A
address-family ipv4 unicast
advertise l2vpn evpn
redistribute direct route -map REDIST-SUBNET
maximum-paths ibgp2
Enables Layer-3 VNI on VTEP
and associate it to VRF
VRF/Tenant definition
within Overlay Control-Plane
FYI

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Hardware Gateway Redundancy
(vPC)
54BRKDCN-1645
•Redundant connectivity for classic
Ethernet hosts
•Extend the IP Interface (Loopback)
configuration for the vPCVTEP
•Secondary IP address (anycast) is used as
the anycastVTEP address
•Both vPCVTEP switches need to have the
identical secondary IP address configured
under the loopback interface
Host D
VNI 30000
V
4
V
5
FYI

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Hardware Gateway Redundancy
(vPC)
55BRKDCN-1645
vPCVTEP Configuration Example
Host D
VNI 30000
V
4
V
5
# VLAN to VNI mapping (MT -Lite)
vlan55
vn-segment 30000
# VTEP IP Interface; Source/Destination for all
VXLAN Encapsulated Traffic.
▪Primary IP address is used for Orphan Hosts
▪Secondary IP is for vPCHosts (same IP on both
vPCPeers)
interface loopback0
ipaddress 10.10.10.5/32
ipaddress 10.10.10.99/32 secondary
# VTEP configuration using Loopback as source.
interface nve1
source-interface loopback0
host-reachability protocol bgp
member vni5010
mcast-group 239.239.239.100
suppress-arp
member vni9999 associate-vrf
interface loopback0
ipaddress 10.10.10.5/32
ipaddress 10.10.10.99/32 secondary
interface loopback0
ipaddress 10.10.10.4/32
ipaddress 10.10.10.99/32 secondary
Add Secondary IP to VTEP
Loopback.
VXLAN automatically picks up
the secondary IP address as
the VTEP address
FYI

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Hardware Gateway Redundancy
(vPC)
56BRKDCN-1645
vPCVTEP Configuration Example
Host D
VNI 30000
V
4
V
5
# VPC Domain Configuration
vpcdomain 99
peer-switch
peer-keepalivedestination V4-mgmtsource v5-mgmt
peer-gateway
iparpsynchronize
# VPC Peer-Link
interface port-channelXX
switchportmode trunk
vpcpeer-link
# VPC Domain Routing Adjacency
interface Vlan3999
no shutdown
ipaddress 10.254.254.1/30
iprouter ospf1 area 0.0.0.0
ipospfnetwork point-to-point
ippimsparse-mode
interface loopback0
ipaddress 10.10.10.5/32
ipaddress 10.10.10.99/32 secondary
interface loopback0
ipaddress 10.10.10.4/32
ipaddress 10.10.10.99/32 secondary
Routed Interface (SVI) for routing
adjacency across VPC Peer-Link
peer-gateway needs to be
enabled so that vPCVTEP
switches can forward traffic
for each other’s router MAC
address
FYI

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
eBGPEVPN Configuration (1)
57BRKDCN-1645
Next-hop Unchange
•BGP next-hop is used as the tunnel tail
end address. It shall be the advertising
VTEP’s address.
•Ensure the next-hop in the BGP route
isn’t changed during the route
distribution
•eBGPchanges next-hop by default.
Need to change the policy to next-hop
unchanged
eBGPconfiguration on a spine switch
route-mappermit-allpermit 10
route-mapnh-unchangepermit 10
setipnext-hop unchanged
router bgp65000
router-id 10.1.1.1
address-family ipv4 unicast
address-family l2vpn evpn
nexthoproute-map nh-unchange
retain route-target all
neighbor 192.167.11.2 remote -as 65001
address-family ipv4 unicast
address-family l2vpn evpn
send-community extended
route-map permit-all out
Set next-hop policy not to change
the next-hop attribute
FYI

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
eBGP EVPN Configuration(2)
58BRKDCN-1645
Manually configure import/export route-target
vrfcontext evpn-tenant-1
vni 9999
rd auto
address-family ipv4 unicast
route-target import 100:9999
route-target import 100:9999 evpn
route-targetexport 100:9999
route-targetexport 100:9999 evpn
evpn
vni5010 l2
rdauto
route-target import 100:5010
route-targetexport 100:5010
Manually configure route-target for
L2 VNI under EVPN
Manually configure route-target for
VRF
•With eBPG, VTEPs will have different
route-targets if using auto RT
generation
•Need to manually configure RTs on
eBGPpeers so that they have the same
RTs
FYI

Complete your
online session
survey
•Please complete your session survey
after each session. Your feedback
is very important.
•Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live t-shirt.
•All surveys can be taken in the Cisco Events
Mobile App or by logging in to the Content
Catalogonciscolive.com/emea.
Cisco Live sessions will be available for viewing on
demand after the event at ciscolive.com.
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCN-1645 59

Thank you Thank you

Sharing session of cisco BRKDCN 1.6.4.5.pdf

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Sharing session of cisco BRKDCN 1.6.4.5.pdf

About This Presentation

Slide Content

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58

Slide 59

Slide 60

Slide 61

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint

VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf

Fertility awareness methods for women in the society

Chapter 5 Arithmetic Functions Computer Organisation and Architecture

syakira bhasa inggris (1) (1).pptx.......