VXLAN Configuration

Configuring the VTI

Configuring the VTI enables VXLAN bridging and is a requirement for VXLAN Routing. The following sections describe the steps required to enabling VXLAN bridging by bringing up the VXLAN line protocol. VXLAN Routing Configurationdescribes the additional steps required to enable VXLAN routing.

Instantiating the VTI and VXLAN Configuration Mode

The interface vxlan command places the switch in VXLAN-interface configuration mode for modifying the specified VXLAN tunnel interface (VTI). The command also instantiates the interface if it was not previously created.

VXLAN interface configuration mode is not a group change mode; running-config is changed immediately after commands are executed. The exit command does not affect the configuration.

Example

These commands create VXLAN tunnel interface 1, place the switch in VXLAN-interface configuration mode, and display parameters of the new VTI.

switch(config)#interface vxlan 1
switch(config-if-Vx1)#show active
interface Vxlan1
 vxlan udp-port 4789
switch(config-if-Vx1)#

Assigning an IP address to the VTEP

The vxlan source-interface command specifies the loopback interface from which the VTEP derives the source address (IP) that it uses when exchanging VXLAN frames. This address is used by UDP headers to specify source and destination addresses of hosts that send or receive VXLAN encapsulated packets.

There is no default source interface assignment. A valid VXLAN configuration requires the assignment of a loopback interface to the VTEP and the assignment of a valid IP address to the specified interface.

Example

These commands configure VTI 1 to use IP address 10.25.25.3 (loopback interface 15) as the source interface in the encapsulation fields of outbound VXLAN frames.

switch(config)#interface loopback 15
switch(config-if-Lo15)#ip address 10.25.25.3/24
switch(config-if-Lo15)#exit
switch(config)#interface vxlan 1
switch(config-if-Vx1)#vxlan source-interface loopback 15
switch(config-if-Vx1)#show active
interface Vxlan1
 vxlan source-interface Loopback15
 vxlan udp-port 4789
switch(config-if-Vx1)#

Assigning a UDP Port to the VTEP

Packets bridged to the VTI from a VLAN are encapsulated with a VXLAN header, then sent through a pre-configured UDP port. Packets that arrive through this port are assumed to be VXLAN encapsulated and sent to the bridging domain of the recipient VLAN as determined by the VNI in the VXLAN header and the VNI-VLAN map.

The vxlan udp-port command associates a UDP port with the configuration mode VXLAN interface (VTI). By default, UDP port 4789 is associated with the VTI.
Note: UDP port 4789 is reserved by convention for VXLAN usage. Under most typical applications, this parameter should be set to the default value.

Examples

  • This command associates UDP port 5500 with VXLAN interface 1.
    switch(config)#interface vxlan 1
    switch(config-if-Vx1)#vxlan udp-port 5500
    switch(config-if-Vx1)#show active
    interface Vxlan1
     vxlan udp-port 5500
    switch(config-if-Vx1)#
  • This command resets the VXLAN interface 1 UDP port association of 4789.
    switch(config-if-Vx1)#no vxlan udp-port
    switch(config-if-Vx1)#show active
    interface Vxlan1
     vxlan udp-port 4789
    switch(config-if-Vx1)#

Assigning a VNI to a VLAN

When a VLAN bridges a packet to the VTI, the packet is encapsulated with a VXLAN header that includes the VNI associated with the VLAN. Packets that arrive on the VTI’s UDP socket are bridged to the VLAN that is associated with the VNI specified by the VXLAN header that encapsulates the packet.

The VTI requires a one-to-one correspondence between specified VLANs and VNI values. Commands that assign a new VNI to a previously configured VLAN replace existing VLAN assignment statements in running-config. Commands that attempt to assign a VNI value to a second VLAN generate a CLI error.

The vxlan vlan vni command associates a VLAN ID with a virtual network identifier (VNI).

Example

These commands associate VLAN 100 to VNI 100 and VLAN 200 to VNI 10.10.200.

switch(config)#interface vxlan 1
switch(config-if-Vx1)#vxlan vlan 100 vni 100
switch(config-if-Vx1)#vxlan vlan 200 vni 10.10.200
switch(config-if-Vx1)#show active
interface Vxlan1
 vxlan udp-port 4789
 vxlan vlan 200 vni 658120
 vxlan vlan 100 vni 100
switch(config-if-Vx1)#vxlan vni notation dotted
switch(config-if-Vx1)#show active
interface Vxlan1
 vxlan udp-port 4789
 vxlan vlan 100 vni 0.0.100
 vxlan vlan 200 vni 10.10.200
switch(config-if-Vx1)#

Verifying the VXLAN Configuration

The show interface vxlan 1 displays the configuration and connection status of the VXLAN

Example

This command indicates that the VXLAN line protocol status is up.

switch(config-if-Vx1)#show interface vxlan 1
Vxlan1 is up, line protocol is up (connected)
Hardware is Vxlan
Source interface is Loopback15 and is active with 10.25.25.3
Static vlan to vni mapping is
[100, 0.0.100][200, 10.10.200]
switch(config-if-Vx1)#

Head End Replication Configuration

Head-end replication is a data distribution method that supports broadcast, unknown unicast traffic over VXLANs by replicating BUM data locally for transmission to the set of remote VTEPs specified by a flood list. This data flooding facilitates remote MAC address learning through the forwarding of data with unknown MAC addresses.

Each vxlan flood vtep statement in running-config associates a set of VTEP addresses to an access VNI. A default flood list is also configurable that applies to all VNIs for which a flood list is not configured.

The VTEP flood list is created and modified through the vxlan flood vtep command.

Examples
  • These commands create a default VXLAN head-end replication flood list.
    switch(config)#interface vxlan 1
    switch(config-if-Vx1)#vxlan flood vtep 10.1.1.1 10.1.1.2
    switch(config-if-Vx1)#show active
     interface Vxlan1
     vxlan flood vtep 10.1.1.1 10.1.1.2
     vxlan udp-port 4789
    switch(config-if-Vx1)#
  • These commands create VXLAN head-end replication flood lists for the VNIs accessed through VLANs 101 and 102.
    switch(config-if-Vx1)#vxlan vlan 101-102 flood vtep 11.1.1.1 11.1.1.2 11.1.1.3
    switch(config-if-Vx1)#show active
     interface Vxlan1
     vxlan flood vtep 10.1.1.1 10.1.1.2
     vxlan vlan 101 flood vtep 11.1.1.1 11.1.1.2 11.1.1.3
     vxlan vlan 102 flood vtep 11.1.1.1 11.1.1.2 11.1.1.3
     vxlan udp-port 4789
    switch(config-if-Vx1)#

VXLAN Routing Configuration

Implementing VXLAN Routing

VXLAN routing is enabled by creating a VLAN interface (SVI) on a VLAN that is associated to a VNI. In the figure below, VXLAN routing is enabled on Switch A by configuring a VLAN interface with an IP address of 10.10.10.1. Packets from Devices A-1 and B-2 that have destinations other than 10.10.10.0/28 are VXLAN-bridged to the default gateway (10.10.10.1), then routed from Switch A.

Figure 1. Implementing VXLAN Routing

Example

These commands configure Switch A to perform VXLAN routing. The example includes OSPF routing that is used for underlay routing.

switch-A(config)#route-map vxlanvlan permit 10
switch-A(config-route-map-vxlanvlan)#match interface loopb5
switch-A(config-route-map-vxlanvlan)#exit
switch-A(config)#route-map vxlanvlan permit 20
switch-A(config-route-map-vxlanvlan)#match interface vlan 100
switch-A(config-route-map-vxlanvlan)#exit
switch-A(config)#router ospf 1
switch-A(config-router-ospf)#redistribute connected route-map vxlanvlan
switch-A(config-router-ospf)#exit
switch-A(config)#interface loopback 5
switch-A(config-if-Lo5)#ip address 10.25.25.3/24
switch-A(config-if-Lo5)#exit
switch-A(config)#interface vxlan 1
switch-A(config-if-Vx1)#vxlan source-interface loopback 5
switch-A(config-if-Vx1)#vxlan vlan 100 vni 10000
switch-A(config)#interface vlan 100
switch-A(config-if-Vl100)#ip address 10.10.10.1/28
switch-A(config-if-Vl100)#exit

Configuring Direct VXLAN Routing

Figure Implementing VXLAN Routing , VXLAN routing is enabled on Switch A only; Switch B supports VXLAN bridging. Traffic from Switch B devices to the external routes must go through the core route twice: once as they are bridged to is VXLAN gateway and once when routed to its next hop device.

Direct VXLAN routing with VXLAN enabled addresses this issue by configuring each VTEP with all VLANs. This allows packets to be VXLAN-bridged to a local VTEP and routed to remote VTEPs. Indirect routing scales well but is complex to engineer efficiently, and naked routing provides the same scalability to indirect routing. Direct routing leads to the most efficient traffic flows, with the number of virtual subnets or virtual machines increasing at scale, and is thereby optimal from a data plane viewpoint.

The following sections describe conventions required to implement Direct VXLAN Routing, then presents a direct VXLAN routing implementation.

Configuring VARP addresses

For direct routing, an anycast IP address is used as the gateway address on the SVI for a VLAN on all hardware VTEPs associated with that VLAN.

Examples

  • These commands configure an IP virtual-router and virtual MAC address.
    switch(config)#interface Vlan2417
    switch(config-if-Vl2417)#ip address 1.0.4.50/24
    switch(config-if-Vl2417)#ip virtual-router address 1.0.4.1
    switch(config-if-Vl2417)#ip virtual-router mac-address 00:00:11:11:22:22
    switch(config)#
  • These commands configure an IP virtual address (instead of IP virtual-router address) for the VLAN SVI, and a secondary address on the loopback interface for the virtual VTEP IP. The virtual VTEP IP is the logical VTEP hosting the virtual MAC address.
    switch(config)#interface Vlan2417
    switch(config-if-Vl2417)#ip address virtual 1.0.4.1/24
    switch(config-if-Vl2417)#exit
    switch(config)#interface Loopback0
    switch(config-if-Lo0)#ip address 1.0.1.1/32
    switch(config-if-Lo0)#ip address 1.0.1.2/32 secondary
    switch(config-if-Lo0)#ip virtual-router mac-address 00:00:11:11:22:22
    switch(config)#

Virtual IP and MAC Addresses

Virtual-router IP addresses can be configured on VLAN interfaces in addition to a primary address. All VTEPs in a direct VXLAN network can be configured with the same virtual router address. This allows devices to use a common IP address as their VXLAN gateway.

The ip address virtual command configures a specified address as the primary IPv4 address and as a virtual IP address for the configuration mode VLAN interface. This results in the virtual MAC address (ip virtual-router mac-address) assignment to the VLAN interface. In large VXLAN networks, using distinct primary IP addresses for each VTEP limits the number addresses on its subnet for connected hosts. Defining a common virtual IP address for all VTEPs and using that their primary addresses conserves subnet addresses

Example

These commands specify a virtual router address of 00:00:00:00:00:48 for the switch and, for VLAN 100, a primary address of 10.10.10.10/28 and a virtual IP address of 10.10.10.10.

switch(config)#ip virtual-router mac-address 00:00:00:00:00:48
switch(config)#interface vlan 100
switch(config-if-Vl100)#ip address virtual 10.10.10.10/28
switch(config-if-Vl100)#show active
 interface Vlan100
 ip address virtual 10.10.10.10/28
switch(config-if-Vl100)#

Virtual VTEP Configuration

A virtual VTEP address is specified by configuring a secondary address on the loopback interface designated as the VXLAN’s source interface. All VTEPs in the direct routing topology share the same virtual VTEP address.

You must also configure the secondary VTEP IP on the flood-list of the downstream VXLAN VTEPS as shown below.

Example

These commands specify a primary (10.1.1.1) and virtual VTEP address (10.2.2.2).

switch1
switch(config)#interface loopback 5
switch(config-if-Lo5)#ip address 10.1.1.1/24
switch(config-if-Lo5)#ip address 10.2.2.2/24 secondary
switch(config-if-Lo5)#show active
 interface Loopback5
 ip address 10.1.1.1/24
 ip address 10.2.2.2/24 secondary
switch(config-if-Lo5)#exit
switch(config)#interface vxlan 1
switch(config-if-Vx1)#vxlan source-interface loopback 5
switch(config-if-Vx1)#show active
 interface Vxlan1
 vxlan source-interface Loopback5
 vxlan udp-port 4789
 vxlan vlan 100 vni 10000
switch(config-if-Vx1)#

switch2
switch(config)#interface vxlan1
switch(config-if-Vx1)#vxlan flood vtep 10.1.1.1
switch(config-if-Vx1)#vxlan flood vtep 10.2.2.2

Direct VXLAN Topology

The following figure displays a direct VXLAN topology, where each VTEP is configured with the same set of VNIs, VLAN interfaces, and virtual VTEP address.

Figure 2. Direct VXLAN Routing

Example

These commands configure VXLAN parameters for Switch-A.

switch-A(config)#route-map vxlanvlan permit 10
switch-A(config-route-map-vxlanvlan)#match interface loopb5
switch-A(config-route-map-vxlanvlan)#exit
switch-A(config)#route-map vxlanvlan permit 20
switch-A(config-route-map-vxlanvlan)#match interface vlan 100
switch-A(config-route-map-vxlanvlan)#exit
switch-A(config)#router ospf 1
switch-A(config-router-ospf)#redistribute connected route-map vxlanvlan
switch-A(config-router-ospf)#exit
switch-A(config)#ip virtual-router mac-address 00:00:00:00:00:48
switch-A(config)#interface loopback 5
switch-A(config-if-Lo5)#ip address 10.1.1.3/24
switch-A(config-if-Lo5)#ip address 10.1.1.10/24 secondary
switch-A(config-if-Lo5)#exit
switch-A(config)#interface vxlan 1
switch-A(config-if-Vx1)#vxlan source-interface loopback 5
switch-A(config-if-Vx1)#vxlan vlan 100 vni 10000
switch-A(config)#interface vlan 100
switch-A(config-if-Vl100)#ip address virtual 10.10.10.10/28
switch-A(config-if-Vl100)#exit 

Configuring VXLAN VTEP Counters

The switch platforms which use this feature are:

  • DCS-7050X
  • DCS-7250X
  • DCS-7300X

The VXLAN VTEP counters feature enables a device to count VXLAN packets received and sent by the device on a per VTEP basis. Specifically, it enables the device to count bytes and packets that are getting encapsulated and decapsulated as they are passing through.

The counters are logically split up in the two VXLAN directions. Encapsulated on the device and directed to the core, “encap” counters count packets coming from the edge. Decapsulated on the device and heading towards the edge, “decap” counters count packets coming from the core.

To be able to count VXLAN packets the device has to support VXLAN and have a VXLAN interface correctly configured.

Examples
  • This command configures the enabling of VXLAN VTEP counters for encap.
    switch(config)#hardware counter feature vtep encap
    switch(config)#
  • This command configures the disabling of VXLAN VTEP counters for encap.
    switch(config)#no hardware counter feature vtep encap
    switch(config)#
  • This commands configures the enabling of VXLAN VTEP counters for decap.
    switch(config)#hardware counter feature vtep decap
    switch(config)#
  • This commands configures the disabling of VXLAN VTEP counters for decap.
    switch(config)#no hardware counter feature vtep decap
    switch(config)#

VXLAN Auto Flood-List Construction

With the introduction of wireless access points (APs), VXLAN flood-lists learned from the data-plane is added to or removed from the flood-lists created in the control-plane. When a VXLAN packet is received on a new VNI from a VTEP, it is added to the dynamic flood-list for that VNI and the flood-list is merged with flood-lists from other sources. When all MACs behind a remote VTEP have been removed through aging, for example, the remote VTEP is removed from all dynamic VXLAN flood-lists.

To restrict VTEPs from being added to dynamic flood-lists, when VXLAN traffic is received from untrusted sources, use the vxlan learn-restrict command. MAC learning is disabled from the specified IP ranges. The learning restrictions is placed on all platforms including APs.

VXLAN Configuration for Learning Data-plane Flood-lists

The following example is applicable to all platforms.

These commands enable VXLAN flood-lists learning from data-plane.

switch(config)#interface Vxlan1
switch(config-if-Vx1)#vxlan flood vtep learned data-plane

The following example restricts learning from VTEPs not in a prefix range.

switch(config-if-Vx1)#vxlan learn-restrict vtep <prefixes>

The following example restricts learning to VTEPs with IP in range.

switch(config-if-Vx1)#vxlan learn-restrict vtep 1.1.1.1/24

The following command shows the VXLAN flood-lists programmed in hardware.

switch(config)#switch(config)#show vxlan flood vtep

The following command shows the dynamic VXLAN flood-lists.

switch(config)#switch(config)#show l2Rib input vxlan-dynamic

The following command shows the VXLAN flood-lists sent to platform.

switch(config)#switch(config)#show l2Rib output floodset

The following command shows the VXLAN learning restrictions for all VLANs.

switch(config)#switch(config)#show vxlan learn-restrict vtep

The following command shows the VXLAN learning counters for all VLANs.

switch(config)#switch(config)#show vxlan counters learn-restrict all

Configuring VXLAN Routing with Overlay VRFs

The switch platforms which use this feature are:

  • DCS-7050X
  • DCS-7250X
  • DCS-7300X

VXLAN SVIs configured in non-default VRFs are supported with VXLAN routing using overlay VRFs. Overlay SVIs are configured in non-default VRFs but underlay SVIs, which provide IP connectivity between VTEPs, must remain in the default VRF. VXLAN routing is deployable by allowing users to configure separate overlay routing domains using VRFs per tenant, thereby allowing support for overlapping IP addresses in the overlay. This provides separation between overlay and underlay traffic, including simpler and cleaner protocol configuration, without using complicated route-maps to control distribution of prefixes to peers in the overlay VRFs and underlay SVIs. IPv4 based VXLAN routing is currently supported.

Configuring VXLAN over MLAG

VTI configuration must be identical on each MLAG peer for them to act as a single VTEP.

The following VTI elements must be configured identically on both MLAG peers:

VLAN-VNI Mappings

Configure identical VLAN to VNI mappings on both MLAG peers using the vxlan vlan vni command.

Example

These commands associate VLAN 100 to VNI 100 and VLAN 200 to VNI 10.10.200.

switch(config)#interface vxlan 1
switch(config-if-Vx1)#vxlan vlan 100 vni 100
switch(config-if-Vx1)#vxlan vlan 200 vni 10.10.200
switch(config-if-Vx1)#

VTEP IP Address of the Source Loopback Interface

Configure the same VTEP IP address for the source loopback interface on both MLAG peers using the vxlan source-interface command.

Example

These commands configure a primary VTEP address.

switch(config)#interface loopback 5
switch(config-if-Lo5)#ip address 10.1.1.1/24
switch(config-if-Lo5)#exit
switch(config)#interface vxlan 1
switch(config-if-Vx1)#vxlan source-interface loopback 5
switch(config-if-Vx1)#

Flood VTEP List

Configure the same VTEP flood list on both MLAG peers using the vxlan flood vtep command.

Example

These commands create a default VXLAN head-end replication flood list.

switch(config)#interface vxlan 1
switch(config-if-Vx1)#vxlan flood vtep 10.1.1.1 10.1.1.2
switch(config-if-Vx1)#

OSPF Configuration

If OSPF is in use, configure the OSPF router ID using the router-id (OSPFv2) command to prevent the switch from using the common VTEP IP address as the router ID.

Example

These commands assign 10.0.0.1 as the OSPFv2 router ID.

switch(config)#router ospf 100
switch(config-router-ospf)#router-id 10.0.0.1
switch(config-router-ospf)#

Configuring VXLAN Control Service

The VXLAN Control Service (VCS) provides a mechanism by which hardware VTEPs share states between each other in order to establish VXLAN tunnels, without the need for a multicast control plane. This feature enables the use of a VCS client.

Examples
  • These commands connect a switch to the VCS running on CVX. The server host IP address is the management IP address of the CVX controller or the IP address that CVX is listening on for client connections.
    switch(config)#management cvx
    switch(config-mgmt-cvx)#server host 172.27.6.248
    switch(config-mgmt-cvx)#no shutdown
    switch(config-mgmt-cvx)#
    
  • These commands configure the VXLAN interface, except for the multicast group configuration, in order to learn from the controller.
    switch(config)#interface vxlan 1
    switch(config-if-Vx1)#vxlan controller-client
    switch(config-if-Vx1)#
    

Configuring VXLAN Multicast Decapsulation

The switch platforms which use this feature are:

  • DCS-7050X
  • DCS-7250X
  • DCS-7300X

VXLAN multicast decapsulation enables VTEPs that support Head End Replication (HER). Multicast encapsulated Broadcast/Unknown/Multicast (BUM) packets terminate VTEPs from remote VTEPs that do not support HER.

Examples
  • These commands enable VXLAN multicast decapsulation.
    switch(config)#interface vxlan 1
    switch(config-config-if-Vx1)#vxlan multicast-group decap 230.1.1.1
    switch(config-config-if-Vx1)#
  • These commands disable VXLAN multicast decapsulation.
    switch(config)#interface vxlan 1
    switch(config-config-if-Vx1)#no vxlan multicast-group decap 230.1.1.1
    switch(config-config-if-Vx1)#

VXLAN Rules Support for Mirror ACLs Configuration

The switch platforms which use this feature are:

  • DCS-7150S

VXLAN rules support for mirror ACLs configuration permit VXLAN deep inspection rules to be specified in the mirroring ACLs when the switch is operating in normal mode.

Examples

The following are examples of VXLAN rules specified in mirroring ACLs.

  • These commands permit all VXLAN traffic (udp protocol and destination port 4789).
    switch(config)#ip access-list miracl
    switch(config-acl-miracl)#permit vxlan any any
    switch(config-acl-miracl)#
    
  • These commands permit VXLAN traffic with vni 1001 only.
    switch(config)#ip access-list miracl
    switch(config-acl-miracl)#permit vxlan any any vni 1001 0x000000
    switch(config-acl-miracl)#
    
  • These commands deny VXLAN traffic with vni 0x1000 through 0x100f.
    switch(config)#ip access-list miracl
    switch(config-acl-miracl)#permit vxlan any any vni 0x1000 0x100f
    switch(config-acl-miracl)#
    

Configuring EVPN VXLAN

Supported Configurations

EOS Release 4.23.1

  1. Static EVPN VXLAN Config.
  2. VXLAN Bridging Config.
  3. Introduces the ip virtual-router router-mac command.

EOS Release 4.23.2

  1. IPv6 overlay.
  2. VARP and Virtual VTEP with VxLAN routing.
  3. EVPN VXLAN (Single Active - No Multihoming support).
  4. VXLAN with MLAG.

EOS Release 4.24.1

Overlay Multicast using VXLAN underlay multicast tree.

EOS Release 4.24.2F

EVPN VXLAN All Active Multihoming.

Static EVPN VxLAN Configuration

switch(config)#service routing protocols model multi-agent
switch(config)#interface Loopback0
switch(config-if-Lo0)#ip address 172.16.1.1/32
!
switch(config)#interface Vxlan1
switch(config-if-Vx1)#vxlan source-interface Loopback0
switch(config-if-Vx1)#vxlan udp-port 4789
switch(config-if-Vx1)#vxlan vrf test vni 12345
!
switch(config)#ip routing vrf test
switch(config)#Ipv6 unicast-routing vrf test
!
switch(config)#ip route vrf test 192.168.1.0/24 vtep 10.1.1.2 vni 20000 router-mac-address 00:00:78:01:00:00
switch(config)#ipv6 route vrf test 1:0:5::0/64 vtep 10.1.1.2 vni 30000 router-mac-address 00:00:80:01:00:00

VxLAN Bridging and Routing Configuration

switch(config)#interface Loopback0
switch(config-if-Lo0)#ip address 172.16.1.1/32
!
switch(config)#ip virtual-router mac-address 00:02:03:04:05:06
!

switch(config)#ip routing
!
switch(config)#interface Vxlan1
switch(config-if-Vx1)#vxlan source-interface Loopback0
switch(config-if-Vx1)#vxlan udp-port 65330
switch(config-if-Vx1)#vxlan vlan 300 vni 945438
switch(config-if-Vx1)#vxlan vlan 200 vni 654677
switch(config-if-Vx1)#vxlan flood vtep 172.16.1.2 172.16.1.3 172.16.1.1

EVPN VxLAN All Active Multihoming

Multi-homing is activated in an EVPN environment by assigning an ethernet segment identifier to the participating Ethernet or Port-Channel interfaces.

switch(config)#interface Ethernet1
switch(config-if-Et1)#evpn ethernet-segment
switch(config-evpn-es)#identifier 00aa:bbbb:cccc:dddd:eeee
switch(config-evpn-es)#route-target import 12:23:34:45:56:67

The optional designated-forwarder election hold-time command can configure a wait time before selecting the designated forwarder and allow potential forwarders a chance to advertise their EVPN ethernet segment (type 4) routes. The default hold time is three (3) seconds, as specified in section 8.5 of RFC7432 [1].

The route target configured here is the ES import route target described in section 7.6 of RFC7432 [1]. It can be set to any MAC address, but for each Ethernet segment every participating interface in the network must use the same ES import route target. A suggested value is the MAC address of the CE connected to the multi-homing PEs via this interface.

VARP and Virtual VTEP with VXLAN Routing

interface Loopback0
 ip address 172.16.1.1/32
 ip address 20.0.0.1/32 secondary
!
ip virtual-router mac-address 00:02:03:04:05:06
!
ip routing
!
interface Vlan200
 ipv6 address 2000:0:0:41::2/64
 ip address virtual 1.0.7.1/24
 ipv6 virtual-router address 2000:0:0:41::1
!
interface Vxlan1
 vxlan source-interface Loopback0
 vxlan udp-port 65330
 vxlan vlan 300 vni 945438
 vxlan vlan 200 vni 654677
 vxlan flood vtep 172.16.1.2 172.16.1.3 172.16.1.1 20.0.0.1

Overlay Multicast using VxLAN Underlay Multicast Tree

To inject a source route, configure the ip multicast source route export command on the incoming interface.

switch(config)#interface Vlan10
switch(config-Vl10)#ip pim sparse-mode
switch(config-Vl10)#ip multicast source route export

To redistribute the source routes in the MRIB via BGP while running multi-agent protocol model, configure the redistribute attached-host command for the IPv4 multicast address-family. Activate the neighbor to establish a BGP connection.

switch(config-router-bgp)#address-family ipv4 multicast
switch(config-router-bgp-af)#neighbor 3.0.0.2 activate
switch(config-router-bgp-af)#redistribute attached-host

To redistribute the source routes in the URIB via BGP while running ribd protocol model, configure the redistribute attached-host command under the router bgp mode.

switch(config-router-bgp)#redistribute attached-host

This following is a sample configuration for a VTEP for the setup above using multi-agent protocol model.

switch(config)#service routing protocol model multi-agent

switch(config)#ip pim rp-address 15.15.15.15 225.1.1.1/32

switch(config)#interface Loopback0
switch(config-if-Lo0)#ip address 1.1.1.1/32

switch(config)#interface vxlan1
switch(config-if-Vx1)#vxlan source-interface Loopback0
switch(config-if-Vx1)#vxlan vlan10 vni 10000

! Interface to the underlay
switch(config)#interface Ethernet1
switch(config-if-Et1)#ip address 3.0.0.1/24
switch(config-if-Et1)#ip pim sparse-mode

switch(config)#interface vlan10
switch(config-if-Vl10)#ip address 10.1.1.1/24
switch(config-if-Vl10)#ip pim sparse-mode
switch(config-if-Vl10)#ip multicast source route export

switch(config)#router bgp 10
switch(config-router-bgp)#router-id 0.0.0.2

switch(config-router-bgp)#address-family ipv4 multicast
switch(config-router-bgp-af)#neighbor 3.0.0.2 activate
switch(config-router-bgp-af)#redistribute attached-host

This following is a sample configuration for a VTEP for the setup above using the ribd protocol model.

switch(config)#service routing protocol model ribd

switch(config)#ip pim rp-address 15.15.15.15 225.1.1.1/32

switch(config)#interface Loopback0
switch(config-if-Lo0)#ip address 1.1.1.1/32

switch(config)#interface vxlan1
switch(config-if-Vx1)#vxlan source-interface Loopback0
switch(config-if-Vx1)#vxlan vlan10 vni 10000

! Interface to the underlay
switch(config)#interface Ethernet1
switch(config-if-Et1)#ip address 3.0.0.1/24

switch(config-if-Et1)#ip pim sparse-mode

switch(config)#interface vlan10
switch(config-if-Vl1)#ip address 10.1.1.1/24
switch(config-if-Vl1)#ip pim sparse-mode
switch(config-if-Vl1)#ip multicast source route export

switch(config)#router bgp 10
switch(config-router-bgp)#router-id 0.0.0.2
switch(config-router-bgp)#redistribute attached-host

Displaying VXLAN Configuration

The following section describes the commands that control the display format of VNIs and the commands that list VXLAN configuration and transmission information.

Configuring VNI Display Format

The vxlan vni notation dotted command configures the switch to display VNIs in dotted decimal notation. VNI values range from 1 to 16777215 in decimal notation and from 0.0.1 to 255.255.255 in dotted decimal notation.

The command affects the VNI number display in all show commands, including show running-config. Commands that include VNI as a parameter may use decimal or dotted decimal notion regardless of the setting of this command. By default, show commands display VNI number in decimal notation.

Examples

  • These commands configure the switch to display vni numbers in dotted decimal notation, then displays a configuration that includes a VNI setting.
    switch(config)#vxlan vni notation dotted
    switch(config)#interface vxlan 1
    switch(config-if-Vx1)#show active
    interface Vxlan1
     vxlan udp-port 4789
     vxlan vlan 333 vni 3.4.5
    switch(config-if-Vx1)#
  • These commands configure the switch to display vni numbers in decimal notation, then displays a configuration that includes a VNI setting.
    switch(config)#no vxlan vni notation dotted
    switch(config)#interface vxlan 1
    switch(config-if-Vx1)#show active
    interface Vxlan1
     vxlan udp-port 4789
     vxlan vlan 333 vni 197637
    switch(config-if-Vx1)#

MAC Address Table

The MAC address table indicates a MAC address from a device on a remote host by indicating Vx interface as the port that corresponds to the address.

Example

The show mac address-table command displays a MAC address table that includes entries of devices from remote hosts by specifying Vx1 as the corresponding port.

switch> show mac address-table
Mac Address Table
------------------------------------------------------------------

VlanMac Address TypePortsMoves Last Move
--------------- -------------- ---------
 10050.5682.6725DYNAMIC Et16 1 0:02:01 ago
 10050.568e.58e9DYNAMIC Et23 2 0:08:53 ago
 10050.56a0.474aDYNAMIC Et16 1 0:18:04 ago
510000.0051.0004DYNAMIC Et51 12 days, 1:02:44 ago
510000.0051.0005DYNAMIC Et51 12 days, 1:02:44 ago
510000.0051.0101DYNAMIC Vx11 12 days, 0:17:30 ago
510000.0051.0102DYNAMIC Vx11 12 days, 0:17:30 ago
610000.0061.0005DYNAMIC Et51 12 days, 1:02:44 ago
Total Mac Addresses for this criterion: 8

Multicast Mac Address Table
------------------------------------------------------------------

VlanMac Address TypePorts
--------------- ---------
Total Mac Addresses for this criterion: 0
switch>

VXLAN MAC Address Table

VXLAN MAC address table entries correlate MAC addresses accessible through remote VTEPs with the local VLAN and the IP address of the VTEP through which the addressed device is accessed. The VTI uses this table when constructing the VXLAN encapsulation to specify the destination IP address of the recipient VTEP and the VNI segment through which the device’s remote VLAN is accessed.

The show vxlan address-table command displays the VXLAN MAC address table.

Example

This command displays the VXLAN address table.

switch> show vxlan address-table
Vxlan Mac Address Table
----------------------------------------------------------------------

VlanMac Address Type PrtVtep Moves Last Move
--------------- ---- ------- ----- ---------
510000.0051.0101DYNAMICVx110.25.2.12 1 4 days, 0:37:14 ago
510000.0051.0102DYNAMICVx110.25.2.12 1 4 days, 0:37:14 ago
510000.0051.0103DYNAMICVx110.25.2.12 1 4 days, 0:37:14 ago
510000.0051.0104DYNAMICVx110.25.2.12 1 4 days, 0:37:14 ago
510000.0051.0105DYNAMICVx110.25.2.12 1 4 days, 0:37:14 ago
610000.0061.0103DYNAMICVx110.25.2.12 1 4 days, 0:37:14 ago
610000.0061.0104DYNAMICVx110.25.2.12 1 4 days, 0:37:14 ago
610000.0061.0105DYNAMICVx110.25.2.12 1 4 days, 0:37:14 ago
switch>

VXLAN MAC Address Table

The show vxlan vtep command displays information about remote VTEPs that the configured VTI has discovered and with whom it has exchanged packets.

Example

These commands display the VTEPs that have exchanged data with the configured VTI.

switch>show vxlan vtep
Remote vteps for Vxlan1:
10.52.2.12
Total number of remote vteps:1
switch>

VXLAN Counters

The clear vxlan counters command resets the VXLAN counters. The show vxlan counters command displays the VXLAN counters.

Example

This command displays the VXLAN counters

switch>show vxlan counters software
encap_bytes:3452284
encap_pkts:27841
encap_read_err:1
encap_discard_runt:0
encap_discard_vlan_range:0
encap_discard_vlan_map:0
encap_send_err:0
encap_timeout:1427
decap_bytes_total:382412426
decap_pkts_total:2259858
decap_bytes:0
decap_pkts:0
decap_runt:0
decap_pkt_filter:45128
decap_bytes_filter:5908326
decap_discard_vxhdr:0
decap_discard_vlan_map:2214730
decap_timeout:0
decap_sock_err:1
switch>

Displaying VXLAN Bridging and Routing Support

All show commands applicable to prior VXLAN implementations on R2 series are also available on R3 series for VXLAN debugging.

The show interfaces vxlan command displays operational status and configuration information of the specified VXLAN.

switch(config)#show interfaces vxlan 1
Vxlan1 is up, line protocol is up (connected)
Hardware is Vxlan
Source interface is Loopback0 and is active with 172.16.1.1
Replication/Flood Mode is headend with Flood List Source: CLI
Remote MAC learning via Datapath
VNI mapping to VLANs
Static VLAN to VNI mapping is
[100, 100]
Note: All Dynamic VLANs used by VCS are internal VLANs.
Use 'show vxlan vni' for details.
Static VRF to VNI mapping is not configured
Headend replication flood vtep list is:
 100 172.16.1.2 10.1.1.1
MLAG Shared Router MAC is 0000.0000.0000
VTEP address mask is Non

The show arp command displays all ARP tables on the configured VXLAN.

switch(config)#show arp interface vxlan 1
Address Age (sec)Hardware Addr Interface
192.168.10.1-0000.abab.ababVlan100, Vxlan1

The show arp interface summary command displays a summary of all ARP tables on the configured VXLAN.

switch(config)#show arp interface vxlan 1 summary
Total: 1
Static: 1
Dynamic: 0
Not learned: 0

The show vxlan counters software command displays the VXLAN software counters.

switch(config)#show vxlan counters software
Rx bytes for encapsulation :0
Rx pkts for encapsulation:0
Rx high priority bytes for encapsulation :0
Rx high priority pkts for encapsulation:0
Rx low priority bytes for encapsulation:0
Rx low priority pkts for encapsulation :0
…..

switch(config)#show vxlan vni
VNI to VLAN Mapping for Vxlan1
VNI VLAN Source Interface 802.1Q Tag
--------- ---------- ------------ ----------------- ----------
100 100static Ethernet2/1 untagged
Vxlan1100

Note: * indicates a Dynamic VLAN

The show vxlan vtep command displays information about remote VTEPs that the configured VTI has discovered and with whom it has exchanged packets.

switch(config)#show vxlan vtep
Remote VTEPS for Vxlan1:
10.1.1.1
Total number of remote VTEPS:1

switch(config)#show platform fap vxlan vtep encapsulation
Tunnel Type: R(Vxlan-Routing), B(Vxlan-Bridging)
D - ECMP is divergent across switching chips
 ------------------------------------------------------------------------------------------------------------
| VTEP Table |
|------------------------------------------------------------------------------------------------------------|
|FEC|EEDB|
|------------------------------------------------------------------------------------------------------------|
|Destination| Ecmp|Fec|Tunnel|Tunnel|Arp|SIP|TTL| Cmd | Destination| VID | MAC / CPU Code|
| |Index|Index| Index| Type |Index|Idx| | || | |
|------------------------------------------------------------------------------------------------------------|
| 10.1.1.1|-|353900| 16382| B|65536|0| 64|ROUTE| Et1/1|1006 | 00:00:aa:aa:aa:aa |
| 10.1.1.1|-|353901| 16383| R|65536|0| 64|ROUTE| Et1/1|1006 | 00:00:aa:aa:aa:aa |

switch(config)#show cpu counters queue | grep Vxlan
CoppSystemVxlanEncap0000
CoppSystemVxlanVtepLearn0000
CoppSystemVxlanEncap0000
CoppSystemVxlanVtepLearn0000

switch(config)#show platform fap vxlan mapping vni
VNI| VSI
-------------+------
 100 |100

switch#show platform pkt | egrep -i "vxlan|vni"
rxpacllog 0 rxracllog 0 rxvteplearn 0 rxvxlan_encap 0
rx_vxlanbfd 0 rxcfm 0
rxvteprestore_drop 0 rxvxlan_encap_drop 0 rxmpc_nodev 0 rx_vxlanbfderr 0 rx_nonvxlan_arp_drop 0
fab.rxvxlan_decaperr 0 rx_macsecproxyerr 0 rx_macsecproxy_prune 0
CpuCodeVxlanVtepLearn:0
CpuCodeVxlanEncapRequired:0
CpuCodeVxlanArp:0
CpuCodeVxlanUnknownVtepArp: 0
 vxlan :sys_port -1 traffic_class 0 fdma - fapid 0 sflow_cookie 0 mark4 0000 mark6 0000 D
vxlan vni hashtable:
h: 201, i: 0, vni: 100, vlanid: 100
vxlan enabled vlans: 100,

use the

switch#show cpu counters vxlan l2 ecmp
VTEP Group Member VTEP IP ECMPECMPMemberNext Level
ID 	SizeFEC IDFEC IDFEC ID
-------------------------------------------------------------------------
1	172.16.1.22 1	 91752353907
10.1.1.1 	 91753353908