VXLAN Cisco and/or its affiliates. All rights reserved. Cisco Public

Transcription

1 VXLAN Presentation ID 1

2 Virtual Overlay Encapsulations and Forwarding Ethernet Frames are encapsulated into an IP frame format New control logic for learning and mapping VM identity (MAC address) to Host identity (IP address) Two main Hypervisor based Overlays VXLAN Virtual Extensible Local Area Newtork NVGRE, Network Virtualization Generic Router Encapsulation GENEVE Generic Network Virtualization Encapsulation ( draft ) Network Based Overlays OTV, Overlay Transport Virtualization VPLS, EVPN FabricPath VXLAN and NVGRE

3 What is a Virtual Overlay Technology? Servers perform data encapsulation and forwarding SW based virtual switches instantiate customer topologies Ethernet Frames V M 1 V M 2 Virtual Switch IP Addr IP Network IP Addr Virtual Switch V M 4 V M 5 V M 3 Hypervisor IP/UDP Packets Hypervisor V M 6

4 Technologies Intra-DC and Inter-DC Requirement Intra-DC Inter-DC Layer 2 connectivity FabricPath, VXLAN OTV, VPLS IP Mobility LISP, FP, AnyCast Gateway LISP, OTV Secure Segmentation VXLAN / Segment-ID LISP, MPLS-IP-VPNs DC-west LISP IP mobility (Inter-DC) IP Network DC-east POD POD POD POD App OS App OS App OS OTV, VPLS (Inter-DC L2-x-L3) App OS App OS App OS Fabric Path (Intra-DC L2) EF, LISP, VXLAN (Intra-DC x-l3) Fabric Path (Intra-DC L2) EF, LISP (Intra-DC mobility)

5 VXLAN Properties Presentation ID 5

6 Virtual Extensible Local Area Network (VXLAN) For Your Reference Ethernet in IP overlay network Entire L2 frame encapsulated in UDP 50 bytes of overhead ( 54 bytes if VLAN tag is used ) Include 24 bit VXLAN Identifier 16 M logical networks Mapped into local bridge domains VXLAN can cross Layer 3 Tunnel between VEMs VMs do NOT see VXLAN ID IP multicast used for L2 broadcast/multicast, unknown unicast Technology submitted to IETF for standardization With Cisco, Arista, VMware, Citrix, Red Hat and Others Outer MAC DA Outer MAC SA Outer 802.1Q Outer IP DA Outer IP SA Outer UDP VXLAN ID (24 bits) Inner MAC DA Inner MAC SA Optional Inner 802.1Q Original Ethernet Payload CRC VXLAN Encapsulation Original Ethernet Frame

7 What is a vapp? A Cloud Provider using vcloud Director offers catalogs of vapps to their Users When cloned, new vapps retain the same MAC and IP addresses Duplicate MACs within different vapps requires L2 isolation Duplicate IP addresses requires L2/L3 isolation (NAT of externally facing IP addresses) Usage of vapps causes an explosion in the need for isolated L2 segments vapp VXLAN 5500 VXLAN 5501 VXLAN 5502 VLAN 55 DB VM s App VM s Web VM s 7

8 VXLAN L2 and L3 Gateways Connecting VXLAN to the broader network L2 Gateway: VXLAN to VLAN Bridging VXLAN ORANGE Ingress VXLAN packet on Orange segment VXLAN L2 Gateway Egress interface chosen (bridge may.1q tag the packet) Destination is in another segment. Packet is routed to the new segment Ingress VXLAN packet on Orange segment L3 Gateway: VXLAN to X Routing VXLAN VXLAN ORANGE SVI VLAN VLAN 100 VLAN 200 VXLAN Router VXLAN BLUE Egress interface chosen (bridge may.1q tag the packet)

9 Data Plane Learning Dedicated Multicast Distribution Tree per VNI Web VM VTEP VTEP VTEP PIM Join for Multicast Group DB VM DB VM PIM Join for Multicast Group Web VM PIM Join for Multicast Group PIM Join for Multicast Group Multicast-enabled Transport See Slide 50 for Multicast Configuration on the spine

10 Data Plane Learning Learning on Broadcast Source - ARP Request Example ARP Req VM 1 VM 2 VM 3 VTEP MAC IP Addr VM 1 VTEP 1 ARP Req VTEP MAC IP Addr VM 1 VTEP 1 ARP Req VTEP ARP Req IP A è G ARP Req IP A è G Multicast-enabled Transport

11 Data Plane Learning Learning on Unicast Source - ARP Response Example VM 1 MAC IP Addr VM 2 VM 3 VTEP VM 2 VTEP 2 ARP Resp VTEP MAC IP Addr VM 1 VTEP 1 ARP Resp ARP Resp VTEP VTEP 2 è VTEP 1 Multicast-enabled Transport

12 VXLAN Gateway Functionality For Your Reference PLATFORM VXLAN Bridging and/or VXLAN Rou7ng) Star7ng Release PLATFORM VXLAN Bridging and/or VXLAN Rou7ng) Star7ng Release DATA CENTER ENTERPRISE Networking Nexus 1000v Yes: Both 4.2(1)SV1(5.1) (MCast 5.2(1)SV3 (BGP CP) Nexus 3100 Bridging Only 6.0(2)U3(2) ASR 1K Bridging only IOS XE 3.13S (Bridging) Nexus 5600 Yes Both 7.1(0)N1(1a) Nexus 7x00 with F3 Yes Both 7.2 Nexus 9300 (Standalone) Yes Both 7.0(3) ASR 9K Yes Both IOS XR (Bridging and Routing)

13 Multicast Enabled Underlay Underlay Nexus 1000v Nexus 3000 Nexus 5600 Nexus 7000/F3 Nexus 9000 ASR 1000 CSR 1000 ASR 9000 Multicast Mode IGMP L2/L3 PIM ASM PIM BiDir PIM ASM / PIM BiDir PIM ASM PIM BiDir PIM ASM / PIM BiDir PIM-ASM or PIM-BiDir (Different hardware has different capabilities) Spine and Aggregation Switches make good Rendezvous-Point (RP); much lile RR PIM-ASM (sparse-mode) Source-trees, build a couple of unidirectional trees from RP; (s,g) Every VTEP is Source and Destination PIM-Anycast RP vs MSDP for example PIM-BiDir No Sources tree use a bi-directional shared tree No (S,G), we have (*,G) Phanton RP (Leverages Unicast for convergence) Each VNI does not need the same a different Multicast Group 13

14 The Underlay Presentation ID 14

15 Deployment Considerations Underlay MTU and Overlays Unicast Routing Protocol and IP Addressing Multicast for BUM Traffic Replication 15

16 Building your IP Network Interface Principles Underlay Know your IP addressing and IP scale requirements Best to use single Aggregate for all Underlay Links and Loopbacks IPv4 only For each Point-2-Point (P2P) connection, minimum /31 required Loopback requires /32 Routed Ports/Interfaces Layer-3 Interfaces between Spine and Leaf (no switchport) VTEP uses Loopback as Source- Interface L1 L3 L2 16

17 Building your IP Network Routing Protocols; OSPF Underlay OSPF watch your Network type Network Type Point-2-Point (P2P) Preferred (only LSA type-1) No DR/BDR election Suits well for routed interfaces/ports (optimal from a LSA Database perspective) Full SPF calculation on Link Change Network Type Broadcast Suboptimal from a LSA Database perspective (LSA type-1 & 2) DR/BDR election Additional election and Database Overhead L1 L2 L3 17

18 Building your IP Network Routing Protocols; IS-IS Underlay IS-IS what was this CLNS? - Independent of IP (CLNS) - Well suited for routed interfaces/ports - No SPF calculation on Link change; only if Topology changes - Fast Re-convergence - Not everyone is familiar with it L1 L2 L3 18

19 What is the key point to Remember? Overlay Convergence = Underlay Convergence! 19

20 The Control Plane Evolution Presentation ID 20

21 EVPN Multi-vendor Interoperability Demonstrated MPLS SDN World Congress Hosted by EANTC EVPN Interoperability Testing Participants: Cisco, Juniper, Alcatel-Lucent, Ixia Results: All participating vendor platforms can interoperate for VXLAN Layer-2 bridging Nexus 9300 functioned as both EVPN ibgp route reflector spine and VTEP leaf Nexus 9000 and Nexus 7000 demonstrated EVPN symmetric routing White paper by EANTC: /MPLSSDN2015/EANTC-MPLSSDN2015- WhitePaper_online.pdf

22 EVPN Ethernet VPN VXLAN Evolution For Your Reference Control- Plane EVPN MP-BGP draft-ietf-l2vpn-evpn Data- Plane Multi-Protocol Label Switching (MPLS) draft-ietf-l2vpn-evpn Provider Backbone Bridges (PBB) draft-ietf-l2vpn-pbb-evpn Network Virtualization Overlay (NVO) draft-sd-l2vpn-evpn-overlay Ø EVPN over NVO Tunnels (VXLAN, NVGRE, MPLSoE) for Data Center Fabric encapsulations Ø Provides Layer-2 and Layer-3 Overlays over simple IP Networks 22

23 What is VXLAN/EVPN? Standards based Overlay (VXLAN) with Standards based Control-Plane (BGP) Layer-2 MAC and Layer-3 IP information distribution by Control-Plane (BGP) Forwarding decision based on Control-Plane (Flood Prevention Optimized ARP forwarding) Integrated Routing/Bridging (IRB) for Optimized Forwarding in the Overlay

24 VXLAN Control Plane Options PLATFORM VXLAN Bridging and/or VXLAN Rou7ng) Star7ng Release Mul7cast EVPN Support VTS support Layer 2 Gateway Layer 3 Gateway Mul7cast Groups Ingress Replica7on DATA CENTER Nexus 1000v Yes: Both 4.2(1)SV1(5.1) (MCast 5.2(1)SV3 (BGP CP) Planned for Fall Nexus 3100 Bridging Only 6.0(2)U3(2) PIM Sparse mode Nexus 5600 Yes Both 7.1(0)N1(1a) Nexus 7x00 with F3 Nexus 9300 (Standalone) Yes Both 7.2 Yes Both 7.0(3) PIM BiDir PIM Sparse and BiDir Mode PIM Sparse mode Engineer Release August 7.2 Layer 3 only Helsinki full Layer 2 VTS 2.0 Trying for support in Bronte VTS Camden 24

25 Host and Subnet Route Distribution VXLAN/EVPN Host Route Distribution decoupled from the Underlay protocol Use MultiProtocol-BGP (MP-BGP) on the Leaf nodes to distribute internal Host/Subnet Routes and external reachability information Route-Reflectors deployed for scaling purposes L1 RR RR L2 L3 RR BGP Route-Reflector ibgp Adjacency 25

26 Protocol Learning & Distribution (1) VXLAN/EVPN RR RR 1 L1 1 1 L2 Host A MAC_A / IP_A L3 Host B MAC_B / IP_B 1 VTEPs advertise Host Routes (IP+MAC) for the Host within the Control-Plane Virtual Switch Host C MAC_C / IP_C Host Y MAC_Y / IP_Y 26

27 Protocol Learning & Distribution (2) VXLAN/EVPN 3 3 MAC, IP VNI NH MAC_B, IP_B IP_L2 MAC_C, IP_C IP_L3 MAC_Y, IP_Y IP_L3 L1 2 2 RR RR 2 L2 3 MAC, IP VNI NH MAC_A, IP_A IP_L1 MAC, IP VNI NH MAC_A, IP_A IP_L1 MAC_C, IP_C IP_L3 MAC_Y, IP_Y IP_L3 Host A MAC_A / IP_A L3 MAC_B, IP_B IP_L2 Host B MAC_B / IP_B 2 3 BGP propagates routes for The Host to all other VTEPs VTEPs obtain host routes for remote hosts and install in RIB/FIB Virtual Switch NH = VTEP IP Address Host C Host Y MAC_C / IP_C MAC_Y / IP_Y 27

28 Host Moves VXLAN/EVPN 1. Host Moves to L3 2. L3 detects Host A and advertises it with Seq #1 3. L1 sees more recent route and withdraws its advertisement L1# sh bgp l2vpn evpn BGP routing table information for VRF default, address family L2VPN EVPN Route Distinguisher: :32868 (L2VNI 30001) BGP routing table entry for [2]:[0]:[0]:[48]:[ ac.0773]:[32]: [ ]/272, version 30 Paths: (1 available, best #1) Flags: (0x00030a) on xmit-list, is not in l2rib/evpn Advertised path-id 1 Path type: local, path is valid, is best path, no labeled nexthop AS-Path: NONE, path locally originated (metric 0) from ( ) Origin IGP, MED not set, localpref 100, weight Received label RR RR Extcommunity: RT:65501:30001 RT:65501:50000 MAC Mobility Sequence: 00:1 L2 RT L3 RT Like TCP S# Path-id 1 advertised to peers: L1 L3 Host A MAC_A / IP_A MAC, IP VNI (L2) VNI (L3) NH Encap Seq ac.0773, :VXLAN 1 L3 RR BGP Route-Reflector ibgp Adjacency Host A MAC_A / IP_A 28

29 Additional Functions of VXLAN/EVPN ARP Termination Security & Authentication Suppresses flooding for Unknown Unicast ARP Authenticate VTEPs through BGP peer authentication Distributed Anycast Gateway Ingress Replication Active/Active Multipathing Seamless and Optimal mobility Unicast Alternative to Multicast underlay Active/Active and Resilient Multipathing with vpc

30 ARP Suppression VXLAN/EVPN MAC, IP VNI NH MAC_B, IP_B IP_L2 MAC_C, IP_C IP_L3 MAC_Y, IP_Y ARP Request for IP_B IP_L3 Src MAC: MAC_A Dst MAC: FF:FF:FF:FF:FF:FF 1 2 L1 ARP Response for IP_B Src MAC: MAC_B Dst MAC: MAC_A RR RR MAC, IP VNI NH MAC_A, IP_A IP_L1 MAC_C, IP_C IP_L3 MAC_Y, IP_Y IP_L3 MAC, IP VNI NH L2 MAC_A, IP_A IP_L1 Host A MAC_A / IP_A L3 MAC_B, IP_B IP_L2 Host B MAC_B / IP_B 1 ARP Request sent for IP_B sent from Host A 2 L1 knows about IP_B and can respond. No need for ARP forwarding across the Network 30 Host C MAC_C / IP_C Virtual Switch Host Y MAC_Y / IP_Y

31 ARP Handling on Lookup Silent host (1) VXLAN/EVPN ARP Request for IP_B Src MAC: MAC_A Dst MAC: FF:FF:FF:FF:FF:FF 1 Missing MAC, IP B VNI NH MAC_C, IP_C IP_L3 MAC_Y, IP_Y IP_L3 L1 RR 2 RR 2 MAC, IP VNI NH MAC_A, IP_A IP_L1 MAC, IP VNI NH MAC_A, IP_A IP_L1 MAC_C, IP_C IP_L3 MAC_Y, IP_Y IP_L3 L2 ARP Request for IP_B Src MAC: MAC_A Dst MAC: FF:FF:FF:FF:FF:FF Host A MAC_A / IP_A 1 ARP Request sent for IP_B sent from Host A 2 Miss of IP_B. Forward ARP Request to all Ports except source-port (ARP snooping) L3 31 ARP Request for IP_B Src MAC: MAC_A Dst MAC: FF:FF:FF:FF:FF:FF Host C MAC_C / IP_C Virtual Switch Host Y MAC_Y / IP_Y Host B MAC_B / IP_B

32 ARP Handling on Lookup Silent host (2) VXLAN/EVPN ARP Response for IP_B Src MAC: MAC_B Dst MAC: MAC_A MAC, IP MAC, IP VNI VNI NH NH MAC_C, IP_C MAC_C, IP_C IP_L3 L3 MAC_Y, IP_Y MAC_Y, IP_Y IP_L3 L3 MAC_B, IP_B IP_L2 4 L1 RR RR 4 MAC, IP VNI NH MAC_A, IP_A IP_L1 MAC, IP VNI NH MAC_A, IP_A IP_L1 MAC_C, IP_C IP_L3 MAC_Y, IP_Y IP_L3 L2 ARP Response from IP_B Src MAC: MAC_B Dst MAC: MAC_A 3 Host A MAC_A / IP_A L3 MAC_B, IP_B IP_L2 Host B MAC_B / IP_B 3 ARP Response is sent to L2 4 L2 will populate this information in the control-plane (learn) and forward it subsequently 32 Host C MAC_C / IP_C Virtual Switch Host Y MAC_Y / IP_Y

33 Gateway Functions in VXLAN VXLAN Routing Layer-3 Boundary V X V Y L2 L2 L3 Layer-3 Boundary L3 L1 L1 Centralized Gateway Extra Bridging hop before and after Routing Centralized Gateway (Aggregation) for Routing Large amounts of state => convergence issues Scale problem for large Layer-2 domains Works with VXLAN Flood & Learn or EVPN Distributed Gateway Route or Bridge at Leaf Distributed Gateway (Anycast) for Routing Disaggregate state by scale out Optimal Scalability Requires VXLAN/EVPN! 33

34 Consistent Configuration with Distributed Gateway VXLAN/EVPN Logical Configuration only instantiated at respective Leaf (scoped) ARP & MAC state only for local hosted VLAN/VNI and SVI Flooding only to respective Leaf (where VLAN/VNI is instantiated) Host demands provisioning; two models available top-down Orchestration, push to Leaf bottom-up Orchestration, pull by Leaf L1 L3 L2 34

35 Asymmetric IRB VXLAN Routing Asymmetric Similar to Inter-VLAN routing Source and Destination VNI has to exist on Switch where routing happens Post Routing traffic shares destination VNI with Bridged traffic Not very suitable for distributed Routing From Host A via VLAN/VNI blue routed at L1 to VNI red reaching destination VLAN red From Host Y via VLAN/VNI red routed at L3 to VNI blue reaching destination VLAN blue Host A VNI L1 L3 Host Y VNI L2 35

36 Symmetric IRB VXLAN Routing Symmetric Similar to creating a Transit Segment Regardless of where Source or Destination VNI exists Post Routing traffic uses different VNI than Bridged traffic Additional VNI for Routing traffic (per VRF) From Host A via VLAN blue routed at L1 to VNI purple reaching destination VLAN red From Host Y via VLAN red routed at L3 to VNI purple reaching destination VLAN blue Used in Cisco VXLAN/EVPN Host A VNI L1 L3 Host Y VNI L2 36

37 L1# sh bgp l2vpn evpn (IPA) BGP routing table information for VRF default, address family L2VPN EVPN Route Distinguisher: :32868 (L2VNI 30001) BGP routing table entry for [2]:[0]:[0]:[48]:[ ac.0773]:[32]:[ ]/272, version 30 Paths: (1 available, best #1) Flags: (0x00030a) on xmit-list, is not in l2rib/evpn Advertised path-id 1 Path type: local, path is valid, is best path, no labeled nexthop AS-Path: NONE, path locally originated (metric 0) from ( ) Origin IGP, MED not set, localpref 100, weight Received label Extcommunity: RT:65501:30001 RT:65501:50000 MAC Mobility Sequence:00:1 Path-id 1 advertised to peers: L2 RT Like TCP S# L3 RT 37

38 MP-BGP EVPN Address-Family: What s in it? Address-family (AF) is L2VPN EVPN, comprised of: route-type 2 = MAC/48,IP/32 route-type 5 = IP Prefix Format of route-type 2: MAC / IP / L2VNI / L3VNI / NH (Host Information) Format of route-type 5: IP Prefix / L3VNI / NH (Subnet Information, classic routing) Note: No multicast routing in the overlay today; IETF has not concluded on implementation details / proposals. 38

39 MP-BGP EVPN Type 2 Routes L1# sh bgp l2vpn evpn BGP routing table information for VRF default, address family L2VPN EVPN Route Distinguisher: :32868 (L2VNI 30001) BGP routing table entry for [2]:[0]:[0]:[48]:[ ac.0773]:[32]:[ ]/272, version 30 Paths: (1 available, best #1) Flags: (0x00030a) on xmit-list, is not in l2rib/evpn Advertised path-id 1 Path type: local, path is valid, is best path, no labeled nexthop AS-Path: NONE, path locally originated (metric 0) from ( ) Origin IGP, MED not set, localpref 100, weight Received label Extcommunity: RT:65501:30001 RT:65501:50000 MAC Mobility Sequence:00:1 Path-id 1 advertised to peers: L2 RT L3 RT Like TCP S# 39

40 MP-BGP EVPN Type 5 Routes L1# sh bgp l2vpn evpn BGP routing table information for VRF default, address family L2VPN EVPN Route Distinguisher: :3 (L3VNI 50000) BGP routing table entry for [5]:[0]:[0]:[24]:[ ]:[ ]/224, version 11 Paths: (1 available, best #1) Flags: (0x00000a) on xmit-list, is not in l2rib/evpn Path type: internal, path is valid, not best reason: Weight, no labeled nexthop Imported from :3:[5]:[0]:[0]:[24]:[ ]:[ ]/120 AS-Path: NONE, path sourced internal to AS (metric 3) from ( ) Origin IGP, MED not set, localpref 100, weight 0 ENCAP:8 = VXLAN Received label Extcommunity: RT:65501:50000 ENCAP:8 Router MAC: a2.157f Originator: Cluster list: Advertised path-id 1 Path type: local, path is valid, is best path, no labeled nexthop AS-Path: NONE, path locally originated (metric 0) from ( ) Origin IGP, MED not set, localpref 100, weight Received label Extcommunity: RT:65501:50000 Path-id 1 advertised to peers:

41 VXLAN Multi-tenancy Presentation ID 41

42 Leaf Tenant Configuration: L2 VLAN(s) Configuration interface nve1 (VTEP) source-interface loopback0 host-reachability protocol bgp vlan 101 vn-segment VN leaf VN VN Ethernet VLAN 101 Ethernet VLAN 102 VN Ethernet VLAN 103 member vni mcast-group member vni mcast-group member vni mcast-group member vni mcast-group interface Ethernet1/1 switchport mode trunk switchport trunk allowed vlan spanning-tree port type edge trunk spanning-tree bpduguard enable spanning-tree rootgaurd vlan 102 vn-segment vlan 103 vn-segment vlan 104 vn-segment *vn-segment (namespace) is for Layer 2 isolation; similar to Private-VLAN(s)

43 Leaf Tenant Configuration: L2 Configuration Allows mac-address to be advertised via EVPN evpn leaf VN vni l2 rd auto vni l2 rd auto VN VN VN route-target import auto route-target import auto Ethernet VLAN 101 Ethernet VLAN 102 Ethernet VLAN 103 route-target export auto vni l2 rd auto route-target import auto route-target export auto route-target export auto vni l2 rd auto route-target import auto route-target export auto

44 leaf Ethernet VLAN 100 VXLAN VNI VN vrf: CiscoLive VN VN Leaf Tenant Configuration: Layer 3 Definitions Ethernet VLAN 101 vrf context CiscoLive vni rd auto (router-id + segment-id) address-family ipv4 unicast route-target both auto (BGPAS + segment-id) route-target both auto evpn address-family ipv6 unicast route-target both auto route-target both auto evpn vlan 2500 vn-segment interface vlan 100 no shutdown vrf member CiscoLive ip address /24 tag 5952 fabric forwarding mode anycast-gateway interface vlan 101 no shutdown vrf member CiscoLive ip address /24 tag 5952 fabric forwarding mode anycast-gateway interface vlan 2500 no shutdown mtu 9216 vrf member CiscoLive ip forward

45 VXLAN VNI Leaf Tenant Configuration: Anycast GW MAC Anycast Gateway MAC (AGM) for SVI 100 and 101 fabric forwarding anycast-gateway-mac 2020.DEAD.BEEF leaf VN vrf: CiscoLive VN VN Ethernet VLAN 100 Ethernet VLAN 101 interface vlan 100 no shutdown vrf member CiscoLive ip address /24 tag 5952 fabric forwarding mode anycast-gateway interface vlan 101 no shutdown vrf member CiscoLive ip address /24 tag 5952 fabric forwarding mode anycast-gateway

46 Leaf Tenant Configuration: BGP Configuration leaf Ethernet VLAN 100 VXLAN VNI vrf: CiscoLive VN VN Ethernet VLAN 101 route-map FABRIC-RMAP-REDIST-SUBNET permit 10 match tag 5952 interface nve1 (VTEP) source-interface loopback0 host-reachability protocol bgp member vni associate-vrf (vrf routing information to be transported) router bgp vrf CiscoLive address-family ipv4 unicast advertise l2vpn evpn redistribute direct route-map FABRIC-RMAP-REDIST- SUBNET maximum-paths ibgp 2 Direct: Subnet Advertisement /24 SVI as well as more specific /32 host routes.

47 Leaf Tenant Configuration w/ VPC leaf VXLAN VNI vpc peer-link;po10 VXLAN VNI leaf # VPC Domain Configuration vpc domain 10 peer-switch peer-keepalive destination s1 source s2 peer-gateway ip arp synchronize # VPC Peer-Link interface port-channel10 switchport Routed mode Interface trunk for routing adjacency vpc peer-link across vpc peer-link vrf: CiscoLive vrf: CiscoLive # VPC Domain Routing Adjacency interface Vlan3999 no shutdown ip address /30 ip router ospf 1 area ip ospf network point-to-point ip pim sparse-mode App-x VNI 30001

48 leaf Leaf Tenant Configuration w/ VPC VXLAN VNI VXLAN VNI leaf # VLAN to VNI mapping vlan 101 vn-segment # VTEP Loopback0 Secondary is for vpc Hosts and Orphan-ports. Same on both peers interface loopback0 ip address /32 ip address /32 secondary vrf: CiscoLive vrf: CiscoLive # VTEP configuration using Loopback0 as source. interface nve1 source-interface loopback0 host-reachability protocol bgp member vni mcast-group suppress-arp member vni associate-vrf App-x VNI 30001