ARISTA - VXLAN: Difference between revisions

From IT-Arts.net
Created page with "Category:Wiki ==Introduction== VXLAN (Virtual Extensible LAN) is a network virtualization technology that extends Layer 2 networks over a Layer 3 infrastructure. VXLAN is widely used in data center environments to enable scalable, multi-tenant networking, often in conjunction with technologies like EVPN (Ethernet VPN). This guide covers the VXLAN configuration commands for Arista EOS. ==VXLAN Overview== VXLAN encapsulates Layer 2 Ethernet frames in Layer 3 UDP pack..."
 
m Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:Wiki]]
[[Category:Wiki]]


==Introduction==
'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]'''''
VXLAN (Virtual Extensible LAN) is a network virtualization technology that extends Layer 2 networks over a Layer 3 infrastructure. VXLAN is widely used in data center environments to enable scalable, multi-tenant networking, often in conjunction with technologies like EVPN (Ethernet VPN). This guide covers the VXLAN configuration commands for Arista EOS.


==VXLAN Overview==
VXLAN encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets, providing network segmentation and scalability over a shared IP infrastructure. VXLAN uses a 24-bit VXLAN Network Identifier (VNI) to create virtual networks. It typically works with technologies like EVPN or static configurations to provide control plane functions.


==Basic VXLAN Configuration==
== VXLAN Overview ==
* '''interface Vxlan <VNI-number>''' 
  - Creates a VXLAN interface with the specified VXLAN Network Identifier (VNI).
 
* '''vxlan vlan <vlan-id> vni <vni-number>''' 
  - Maps a VLAN to a VXLAN VNI. This is necessary to associate VLANs with VXLAN networks.


* '''vxlan udp-port <port-number>''' 
VXLAN (Virtual Extensible LAN) is a network overlay protocol designed to address the limitations of VLANs. It encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets, allowing for scalable network segmentation across large data center environments. Below are advanced Arista EOS CLI commands related to VXLAN configuration and troubleshooting.
  - Configures the UDP port for VXLAN encapsulation (default is 4789).


* '''vxlan source-interface <interface-name>''' 
== VXLAN Configuration ==
  - Configures the source interface for VXLAN traffic. This interface is used for the source IP address in the VXLAN encapsulated packets.


* '''vxlan flood <enable|disable>''' 
<nowiki>
  - Enables or disables flooding of unknown unicast traffic in the VXLAN.
!-- Enable VXLAN routing globally
vtep local-ip 192.168.1.1
vtep source-interface loopback0


==VXLAN BGP EVPN Configuration==
!-- Configure VXLAN VLANs to map VNI (VXLAN Network Identifier)
For large-scale deployments, VXLAN typically works with EVPN (Ethernet VPN) as the control plane for VXLAN to handle MAC address learning, multi-tenancy, and optimal routing of VXLAN traffic.
vlan 10
  vn-segment 10010
vlan 20
  vn-segment 10020
</nowiki>


* '''router bgp <AS-number>''' 
== VXLAN Underlay Configuration ==
  - Enters BGP configuration mode to configure BGP as the control plane for VXLAN.


* '''address-family l2vpn evpn''' 
<nowiki>
  - Configures the BGP EVPN address family, which is used for VXLAN in BGP.
!-- Configure the IP addresses for VXLAN Underlay
interface Ethernet1
  ip address 10.1.1.1/30
  no shutdown


* '''neighbor <IP-address> activate''' 
interface Ethernet2
   - Activates a BGP EVPN session with the specified neighbor.
  ip address 10.1.1.2/30
   no shutdown
</nowiki>


* '''evpn extended-vni-list <VNI-list>''' 
== VXLAN EVPN (Ethernet VPN) Configuration ==
  - Configures a list of VNIs for use in the EVPN.


* '''vxlan evpn mode''' 
<nowiki>
  - Configures the device to operate in VXLAN EVPN mode, enabling EVPN as the control plane for VXLAN.
!-- Enable EVPN control plane for VXLAN
router bgp 65000
  address-family l2vpn evpn
    neighbor 10.1.1.2 remote-as 65001
    neighbor 10.1.1.2 activate
    neighbor 10.1.1.2 send-community extended
    advertise-all-vni
</nowiki>


* '''vxlan vni <VNI-number> route-target import <RT>''' 
== VXLAN Tunnel Endpoints (VTEP) ==
  - Configures the route-target (RT) import policy for the VXLAN VNI.


* '''vxlan vni <VNI-number> route-target export <RT>''' 
<nowiki>
   - Configures the route-target (RT) export policy for the VXLAN VNI.
!-- Configure a VTEP interface
interface Vxlan1
   vxlan udp-port 4789
  vxlan source-interface loopback0


* '''vxlan vni <VNI-number> rd <route-distinguisher>''' 
!-- Associate VTEP with a VLAN
  - Configures a route distinguisher (RD) for the VXLAN VNI.
vxlan vlan 10 vni 10010
vxlan vlan 20 vni 10020
</nowiki>


* '''evpn vni <VNI-number> advertise''' 
== VXLAN Bridging Configuration ==
  - Configures the device to advertise a specific VXLAN VNI in BGP EVPN.


* '''vxlan vlan <vlan-id> vni <vni-number> rd <route-distinguisher>''' 
<nowiki>
   - Maps a VLAN to a VXLAN VNI and configures a route distinguisher.
!-- Enable VXLAN bridging for Layer 2 traffic
interface Vxlan1
   bridge-group vxlan-bridge
</nowiki>


==VXLAN and Multicast==
== VXLAN Routing Configuration ==
VXLAN traffic can be forwarded using multicast for unknown unicast, broadcast, and multicast (BUM) traffic. VXLAN supports both multicast and unicast-based flooding mechanisms.


* '''vxlan multicast-group <multicast-ip>''' 
<nowiki>
   - Configures the multicast group IP address for VXLAN BUM traffic.
!-- Enable VXLAN routing to allow routing between VNIs
interface Vxlan1
  ip routing
   no shutdown
</nowiki>


* '''vxlan use-vrf <vrf-name> multicast-group <multicast-ip>''' 
== VXLAN Mapping to VLAN ==
  - Configures VXLAN to use a specific VRF for multicast forwarding.


* '''ip igmp join-group <multicast-ip>''' 
<nowiki>
  - Joins a multicast group for VXLAN flooding (used for multicast-based VXLAN configurations).
!-- Create a VLAN to VNI mapping
vlan 10
  vn-segment 10010
  exit


* '''ip pim sparse-mode''' 
vlan 20
   - Configures PIM (Protocol Independent Multicast) sparse mode to manage multicast forwarding.
  vn-segment 10020
   exit
</nowiki>


* '''vxlan flood <enable|disable>''' 
== EVPN Configuration for VXLAN ==
  - Configures whether unknown unicast traffic is flooded within the VXLAN.


==VXLAN Unicast Mode==
<nowiki>
In VXLAN Unicast mode, VXLAN traffic is forwarded using unicast to the remote VTEPs (VXLAN Tunnel Endpoints).
!-- Configure EVPN Type 5 routes for VXLAN interconnect
router bgp 65000
  address-family l2vpn evpn
    advertise-all-vni
    maximum-paths 4
    route-target import 10010:10020
    route-target export 10010:10020
</nowiki>


* '''vxlan flood <enable|disable> unicast''' 
== VXLAN Troubleshooting ==
  - Enables or disables unicast forwarding for VXLAN traffic. In this mode, VXLAN traffic uses unicast encapsulation instead of multicast for BUM traffic.


==VXLAN Interfaces==
<nowiki>
VXLAN requires the configuration of logical interfaces for communication within the VXLAN overlay network.
!-- Display VXLAN tunnel status
show vxlan tunnel


* '''interface Vxlan <VNI-number>''' 
!-- Display VNI to VLAN mapping
  - Creates a VXLAN interface associated with a specific VNI.
show vxlan vlan mapping


* '''interface Vxlan <VNI-number> ip address <IP-address> <subnet-mask>''' 
!-- Show VXLAN routing details
  - Configures an IP address on a VXLAN interface.
show ip route vxlan


* '''interface Vxlan <VNI-number> no shutdown''' 
!-- Check VXLAN VTEP neighbor status
  - Enables the VXLAN interface (brings it up).
show evpn neighbors


* '''show interface Vxlan <VNI-number>''' 
!-- Check VXLAN forwarding table
  - Displays information about the VXLAN interface, including operational status and statistics.
show vxlan fdb
</nowiki>


==VXLAN Tunnel Endpoint (VTEP) Configuration==
== VXLAN Network Functions (VNF) ==
A VTEP is responsible for VXLAN encapsulation and decapsulation at the edge of the VXLAN network. It is typically configured on devices that serve as gateways between the physical network and the VXLAN overlay.


* '''interface Ethernet <slot>/<port> vxlan encapsulation''' 
<nowiki>
  - Configures a physical interface to support VXLAN encapsulation.
!-- Configure VXLAN multicast mode for VTEP discovery
vxlan vtep multicast-group 239.1.1.1


* '''show vxlan''' 
!-- Enable VXLAN on Layer 3 interfaces
  - Displays detailed VXLAN configuration and status, including VNI mappings, VTEP interfaces, and VXLAN flood mode.
interface Vlan10
  ip address 192.168.10.1/24
  no shutdown


* '''show vxlan tunnel''' 
interface Vlan20
   - Displays the VXLAN tunnel status between VTEPs, including IP address and operational status.
   ip address 192.168.20.1/24
  no shutdown
</nowiki>


==VXLAN Monitoring and Troubleshooting==
== Advanced VXLAN Features ==
* '''show vxlan vtep''' 
  - Displays information about VXLAN Tunnel Endpoints (VTEPs) in the system.


* '''show vxlan flood''' 
<nowiki>
  - Displays the flooding behavior of VXLAN traffic (whether it is multicast or unicast).
!-- Enable VXLAN QoS (Quality of Service)
interface Vxlan1
  qos trust dscp


* '''show ip vxlan''' 
!-- Enable VXLAN IP SLA
   - Displays general VXLAN configuration information, including active VNIs and associated VLANs.
ip sla 1
   icmp-echo 192.168.2.2 source-ip 192.168.1.1
  frequency 5
  threshold 100
  timeout 5000
</nowiki>


* '''show bgp l2vpn evpn''' 
== VXLAN Security ==
  - Displays BGP EVPN routes for VXLAN. Useful for troubleshooting BGP control plane connectivity.


* '''show vxlan vni <VNI-number>''' 
<nowiki>
  - Displays the status and configuration of a specific VXLAN VNI.
!-- Enable VXLAN encryption for secure transport
vxlan encryption aes-256
  key abcdef1234567890
</nowiki>


* '''debug vxlan''' 
== VXLAN Configuration Backup ==
  - Enables debugging for VXLAN traffic, useful for troubleshooting VXLAN encapsulation and forwarding issues.


* '''debug bgp evpn''' 
<nowiki>
  - Enables debugging for BGP EVPN, which is the control plane for VXLAN.
!-- Save the VXLAN configuration to a file
copy running-config startup-config
</nowiki>


* '''clear vxlan vtep <VTEP-IP>''' 
== VXLAN Statistics ==
  - Clears VXLAN VTEP state information for a specified VTEP.


==VXLAN Use Cases==
<nowiki>
* '''VXLAN for Multi-Tenant Data Centers''' 
!-- Display VXLAN statistics for monitoring
  - VXLAN is used to create isolated Layer 2 domains over a shared Layer 3 infrastructure, which is ideal for multi-tenant data center environments.
show vxlan statistics
</nowiki>


* '''VXLAN with EVPN Control Plane''' 
== VXLAN Troubleshooting Commands ==
  - VXLAN often operates with EVPN as the control plane for MAC address learning, route advertisement, and multi-homing across VTEPs.


* '''VXLAN for Hybrid Cloud Deployments''' 
<nowiki>
  - VXLAN provides seamless Layer 2 connectivity across on-premise data centers and public cloud environments, supporting hybrid cloud use cases.
!-- Display VXLAN routing table
show ip route vxlan


==Advanced VXLAN Features==
!-- Check the VXLAN tunnel state and statistics
* '''VXLAN with Segment Routing''' 
show vxlan tunnel
  - VXLAN can be integrated with Segment Routing (SR) to provide enhanced traffic engineering and forwarding.
</nowiki>


* '''VXLAN with DCI (Data Center Interconnect)''' 
== VXLAN Multicast Mode ==
  - VXLAN is commonly used for Data Center Interconnect (DCI) to extend Layer 2 services across multiple geographically distributed data centers.


* '''VXLAN EVPN Multihoming''' 
<nowiki>
  - VXLAN with EVPN allows for multihoming configurations, where a single VXLAN network can be connected to multiple VTEPs for redundancy and load balancing.
!-- Enable VXLAN multicast mode for VTEP discovery
vxlan vtep multicast-group 239.1.1.1
</nowiki>
 
== VXLAN MTU Configuration ==
 
<nowiki>
!-- Set MTU size for VXLAN to handle larger frames
interface Ethernet1
  mtu 9216
</nowiki>

Latest revision as of 08:12, 17 January 2026


Return to Wiki Index


VXLAN Overview

VXLAN (Virtual Extensible LAN) is a network overlay protocol designed to address the limitations of VLANs. It encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets, allowing for scalable network segmentation across large data center environments. Below are advanced Arista EOS CLI commands related to VXLAN configuration and troubleshooting.

VXLAN Configuration

!-- Enable VXLAN routing globally vtep local-ip 192.168.1.1 vtep source-interface loopback0 !-- Configure VXLAN VLANs to map VNI (VXLAN Network Identifier) vlan 10 vn-segment 10010 vlan 20 vn-segment 10020

VXLAN Underlay Configuration

!-- Configure the IP addresses for VXLAN Underlay interface Ethernet1 ip address 10.1.1.1/30 no shutdown interface Ethernet2 ip address 10.1.1.2/30 no shutdown

VXLAN EVPN (Ethernet VPN) Configuration

!-- Enable EVPN control plane for VXLAN router bgp 65000 address-family l2vpn evpn neighbor 10.1.1.2 remote-as 65001 neighbor 10.1.1.2 activate neighbor 10.1.1.2 send-community extended advertise-all-vni

VXLAN Tunnel Endpoints (VTEP)

!-- Configure a VTEP interface interface Vxlan1 vxlan udp-port 4789 vxlan source-interface loopback0 !-- Associate VTEP with a VLAN vxlan vlan 10 vni 10010 vxlan vlan 20 vni 10020

VXLAN Bridging Configuration

!-- Enable VXLAN bridging for Layer 2 traffic interface Vxlan1 bridge-group vxlan-bridge

VXLAN Routing Configuration

!-- Enable VXLAN routing to allow routing between VNIs interface Vxlan1 ip routing no shutdown

VXLAN Mapping to VLAN

!-- Create a VLAN to VNI mapping vlan 10 vn-segment 10010 exit vlan 20 vn-segment 10020 exit

EVPN Configuration for VXLAN

!-- Configure EVPN Type 5 routes for VXLAN interconnect router bgp 65000 address-family l2vpn evpn advertise-all-vni maximum-paths 4 route-target import 10010:10020 route-target export 10010:10020

VXLAN Troubleshooting

!-- Display VXLAN tunnel status show vxlan tunnel !-- Display VNI to VLAN mapping show vxlan vlan mapping !-- Show VXLAN routing details show ip route vxlan !-- Check VXLAN VTEP neighbor status show evpn neighbors !-- Check VXLAN forwarding table show vxlan fdb

VXLAN Network Functions (VNF)

!-- Configure VXLAN multicast mode for VTEP discovery vxlan vtep multicast-group 239.1.1.1 !-- Enable VXLAN on Layer 3 interfaces interface Vlan10 ip address 192.168.10.1/24 no shutdown interface Vlan20 ip address 192.168.20.1/24 no shutdown

Advanced VXLAN Features

!-- Enable VXLAN QoS (Quality of Service) interface Vxlan1 qos trust dscp !-- Enable VXLAN IP SLA ip sla 1 icmp-echo 192.168.2.2 source-ip 192.168.1.1 frequency 5 threshold 100 timeout 5000

VXLAN Security

!-- Enable VXLAN encryption for secure transport vxlan encryption aes-256 key abcdef1234567890

VXLAN Configuration Backup

!-- Save the VXLAN configuration to a file copy running-config startup-config

VXLAN Statistics

!-- Display VXLAN statistics for monitoring show vxlan statistics

VXLAN Troubleshooting Commands

!-- Display VXLAN routing table show ip route vxlan !-- Check the VXLAN tunnel state and statistics show vxlan tunnel

VXLAN Multicast Mode

!-- Enable VXLAN multicast mode for VTEP discovery vxlan vtep multicast-group 239.1.1.1

VXLAN MTU Configuration

!-- Set MTU size for VXLAN to handle larger frames interface Ethernet1 mtu 9216

Retrieved from "https://it-arts.net/index.php?title=ARISTA_-_VXLAN&oldid=993"