ARISTA - VXLAN: Difference between revisions

From IT-Arts.net
← Older edit
No edit summary
m Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
[[Category:Wiki]]
[[Category:Wiki]]


==VXLAN Overview==
'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]'''''
VXLAN encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets, providing network segmentation and scalability over a shared IP infrastructure. VXLAN uses a 24-bit VXLAN Network Identifier (VNI) to create virtual networks. It typically works with technologies like EVPN or static configurations to provide control plane functions.


==Basic VXLAN Configuration==
* '''interface Vxlan <VNI-number>''' 
  - Creates a VXLAN interface with the specified VXLAN Network Identifier (VNI).
 
* '''vxlan vlan <vlan-id> vni <vni-number>''' 
  - Maps a VLAN to a VXLAN VNI. This is necessary to associate VLANs with VXLAN networks.


* '''vxlan udp-port <port-number>''' 
== VXLAN Overview ==
  - Configures the UDP port for VXLAN encapsulation (default is 4789).


* '''vxlan source-interface <interface-name>''' 
VXLAN (Virtual Extensible LAN) is a network overlay protocol designed to address the limitations of VLANs. It encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets, allowing for scalable network segmentation across large data center environments. Below are advanced Arista EOS CLI commands related to VXLAN configuration and troubleshooting.
  - Configures the source interface for VXLAN traffic. This interface is used for the source IP address in the VXLAN encapsulated packets.


* '''vxlan flood <enable|disable>''' 
== VXLAN Configuration ==
  - Enables or disables flooding of unknown unicast traffic in the VXLAN.


==VXLAN BGP EVPN Configuration==
<nowiki>
For large-scale deployments, VXLAN typically works with EVPN (Ethernet VPN) as the control plane for VXLAN to handle MAC address learning, multi-tenancy, and optimal routing of VXLAN traffic.
!-- Enable VXLAN routing globally
vtep local-ip 192.168.1.1
vtep source-interface loopback0


* '''router bgp <AS-number>''' 
!-- Configure VXLAN VLANs to map VNI (VXLAN Network Identifier)
   - Enters BGP configuration mode to configure BGP as the control plane for VXLAN.
vlan 10
  vn-segment 10010
vlan 20
   vn-segment 10020
</nowiki>


* '''address-family l2vpn evpn''' 
== VXLAN Underlay Configuration ==
  - Configures the BGP EVPN address family, which is used for VXLAN in BGP.


* '''neighbor <IP-address> activate''' 
<nowiki>
  - Activates a BGP EVPN session with the specified neighbor.
!-- Configure the IP addresses for VXLAN Underlay
interface Ethernet1
  ip address 10.1.1.1/30
  no shutdown


* '''evpn extended-vni-list <VNI-list>''' 
interface Ethernet2
   - Configures a list of VNIs for use in the EVPN.
   ip address 10.1.1.2/30
  no shutdown
</nowiki>


* '''vxlan evpn mode''' 
== VXLAN EVPN (Ethernet VPN) Configuration ==
  - Configures the device to operate in VXLAN EVPN mode, enabling EVPN as the control plane for VXLAN.


* '''vxlan vni <VNI-number> route-target import <RT>''' 
<nowiki>
   - Configures the route-target (RT) import policy for the VXLAN VNI.
!-- Enable EVPN control plane for VXLAN
router bgp 65000
   address-family l2vpn evpn
    neighbor 10.1.1.2 remote-as 65001
    neighbor 10.1.1.2 activate
    neighbor 10.1.1.2 send-community extended
    advertise-all-vni
</nowiki>


* '''vxlan vni <VNI-number> route-target export <RT>''' 
== VXLAN Tunnel Endpoints (VTEP) ==
  - Configures the route-target (RT) export policy for the VXLAN VNI.


* '''vxlan vni <VNI-number> rd <route-distinguisher>''' 
<nowiki>
   - Configures a route distinguisher (RD) for the VXLAN VNI.
!-- Configure a VTEP interface
interface Vxlan1
  vxlan udp-port 4789
   vxlan source-interface loopback0


* '''evpn vni <VNI-number> advertise''' 
!-- Associate VTEP with a VLAN
  - Configures the device to advertise a specific VXLAN VNI in BGP EVPN.
vxlan vlan 10 vni 10010
vxlan vlan 20 vni 10020
</nowiki>


* '''vxlan vlan <vlan-id> vni <vni-number> rd <route-distinguisher>''' 
== VXLAN Bridging Configuration ==
  - Maps a VLAN to a VXLAN VNI and configures a route distinguisher.


==VXLAN and Multicast==
<nowiki>
VXLAN traffic can be forwarded using multicast for unknown unicast, broadcast, and multicast (BUM) traffic. VXLAN supports both multicast and unicast-based flooding mechanisms.
!-- Enable VXLAN bridging for Layer 2 traffic
interface Vxlan1
  bridge-group vxlan-bridge
</nowiki>


* '''vxlan multicast-group <multicast-ip>''' 
== VXLAN Routing Configuration ==
  - Configures the multicast group IP address for VXLAN BUM traffic.


* '''vxlan use-vrf <vrf-name> multicast-group <multicast-ip>''' 
<nowiki>
   - Configures VXLAN to use a specific VRF for multicast forwarding.
!-- Enable VXLAN routing to allow routing between VNIs
interface Vxlan1
  ip routing
   no shutdown
</nowiki>


* '''ip igmp join-group <multicast-ip>''' 
== VXLAN Mapping to VLAN ==
  - Joins a multicast group for VXLAN flooding (used for multicast-based VXLAN configurations).


* '''ip pim sparse-mode''' 
<nowiki>
   - Configures PIM (Protocol Independent Multicast) sparse mode to manage multicast forwarding.
!-- Create a VLAN to VNI mapping
vlan 10
   vn-segment 10010
  exit


* '''vxlan flood <enable|disable>''' 
vlan 20
   - Configures whether unknown unicast traffic is flooded within the VXLAN.
   vn-segment 10020
  exit
</nowiki>


==VXLAN Unicast Mode==
== EVPN Configuration for VXLAN ==
In VXLAN Unicast mode, VXLAN traffic is forwarded using unicast to the remote VTEPs (VXLAN Tunnel Endpoints).


* '''vxlan flood <enable|disable> unicast''' 
<nowiki>
  - Enables or disables unicast forwarding for VXLAN traffic. In this mode, VXLAN traffic uses unicast encapsulation instead of multicast for BUM traffic.
!-- Configure EVPN Type 5 routes for VXLAN interconnect
router bgp 65000
  address-family l2vpn evpn
    advertise-all-vni
    maximum-paths 4
    route-target import 10010:10020
    route-target export 10010:10020
</nowiki>


==VXLAN Interfaces==
== VXLAN Troubleshooting ==
VXLAN requires the configuration of logical interfaces for communication within the VXLAN overlay network.


* '''interface Vxlan <VNI-number>''' 
<nowiki>
  - Creates a VXLAN interface associated with a specific VNI.
!-- Display VXLAN tunnel status
show vxlan tunnel


* '''interface Vxlan <VNI-number> ip address <IP-address> <subnet-mask>''' 
!-- Display VNI to VLAN mapping
  - Configures an IP address on a VXLAN interface.
show vxlan vlan mapping


* '''interface Vxlan <VNI-number> no shutdown''' 
!-- Show VXLAN routing details
  - Enables the VXLAN interface (brings it up).
show ip route vxlan


* '''show interface Vxlan <VNI-number>''' 
!-- Check VXLAN VTEP neighbor status
  - Displays information about the VXLAN interface, including operational status and statistics.
show evpn neighbors


==VXLAN Tunnel Endpoint (VTEP) Configuration==
!-- Check VXLAN forwarding table
A VTEP is responsible for VXLAN encapsulation and decapsulation at the edge of the VXLAN network. It is typically configured on devices that serve as gateways between the physical network and the VXLAN overlay.
show vxlan fdb
</nowiki>


* '''interface Ethernet <slot>/<port> vxlan encapsulation''' 
== VXLAN Network Functions (VNF) ==
  - Configures a physical interface to support VXLAN encapsulation.


* '''show vxlan''' 
<nowiki>
  - Displays detailed VXLAN configuration and status, including VNI mappings, VTEP interfaces, and VXLAN flood mode.
!-- Configure VXLAN multicast mode for VTEP discovery
vxlan vtep multicast-group 239.1.1.1


* '''show vxlan tunnel''' 
!-- Enable VXLAN on Layer 3 interfaces
   - Displays the VXLAN tunnel status between VTEPs, including IP address and operational status.
interface Vlan10
   ip address 192.168.10.1/24
  no shutdown


==VXLAN Monitoring and Troubleshooting==
interface Vlan20
* '''show vxlan vtep''' 
  ip address 192.168.20.1/24
   - Displays information about VXLAN Tunnel Endpoints (VTEPs) in the system.
   no shutdown
</nowiki>


* '''show vxlan flood''' 
== Advanced VXLAN Features ==
  - Displays the flooding behavior of VXLAN traffic (whether it is multicast or unicast).


* '''show ip vxlan''' 
<nowiki>
  - Displays general VXLAN configuration information, including active VNIs and associated VLANs.
!-- Enable VXLAN QoS (Quality of Service)
interface Vxlan1
  qos trust dscp


* '''show bgp l2vpn evpn''' 
!-- Enable VXLAN IP SLA
   - Displays BGP EVPN routes for VXLAN. Useful for troubleshooting BGP control plane connectivity.
ip sla 1
   icmp-echo 192.168.2.2 source-ip 192.168.1.1
  frequency 5
  threshold 100
  timeout 5000
</nowiki>


* '''show vxlan vni <VNI-number>''' 
== VXLAN Security ==
  - Displays the status and configuration of a specific VXLAN VNI.


* '''debug vxlan''' 
<nowiki>
  - Enables debugging for VXLAN traffic, useful for troubleshooting VXLAN encapsulation and forwarding issues.
!-- Enable VXLAN encryption for secure transport
vxlan encryption aes-256
  key abcdef1234567890
</nowiki>


* '''debug bgp evpn''' 
== VXLAN Configuration Backup ==
  - Enables debugging for BGP EVPN, which is the control plane for VXLAN.


* '''clear vxlan vtep <VTEP-IP>''' 
<nowiki>
  - Clears VXLAN VTEP state information for a specified VTEP.
!-- Save the VXLAN configuration to a file
copy running-config startup-config
</nowiki>


==VXLAN Use Cases==
== VXLAN Statistics ==
* '''VXLAN for Multi-Tenant Data Centers''' 
  - VXLAN is used to create isolated Layer 2 domains over a shared Layer 3 infrastructure, which is ideal for multi-tenant data center environments.


* '''VXLAN with EVPN Control Plane''' 
<nowiki>
  - VXLAN often operates with EVPN as the control plane for MAC address learning, route advertisement, and multi-homing across VTEPs.
!-- Display VXLAN statistics for monitoring
show vxlan statistics
</nowiki>


* '''VXLAN for Hybrid Cloud Deployments''' 
== VXLAN Troubleshooting Commands ==
  - VXLAN provides seamless Layer 2 connectivity across on-premise data centers and public cloud environments, supporting hybrid cloud use cases.


==Advanced VXLAN Features==
<nowiki>
* '''VXLAN with Segment Routing''' 
!-- Display VXLAN routing table
  - VXLAN can be integrated with Segment Routing (SR) to provide enhanced traffic engineering and forwarding.
show ip route vxlan


* '''VXLAN with DCI (Data Center Interconnect)''' 
!-- Check the VXLAN tunnel state and statistics
  - VXLAN is commonly used for Data Center Interconnect (DCI) to extend Layer 2 services across multiple geographically distributed data centers.
show vxlan tunnel
</nowiki>


* '''VXLAN EVPN Multihoming''' 
== VXLAN Multicast Mode ==
  - VXLAN with EVPN allows for multihoming configurations, where a single VXLAN network can be connected to multiple VTEPs for redundancy and load balancing.
 
<nowiki>
!-- Enable VXLAN multicast mode for VTEP discovery
vxlan vtep multicast-group 239.1.1.1
</nowiki>
 
== VXLAN MTU Configuration ==
 
<nowiki>
!-- Set MTU size for VXLAN to handle larger frames
interface Ethernet1
  mtu 9216
</nowiki>

Latest revision as of 08:12, 17 January 2026


Return to Wiki Index


VXLAN Overview

VXLAN (Virtual Extensible LAN) is a network overlay protocol designed to address the limitations of VLANs. It encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets, allowing for scalable network segmentation across large data center environments. Below are advanced Arista EOS CLI commands related to VXLAN configuration and troubleshooting.

VXLAN Configuration

!-- Enable VXLAN routing globally vtep local-ip 192.168.1.1 vtep source-interface loopback0 !-- Configure VXLAN VLANs to map VNI (VXLAN Network Identifier) vlan 10 vn-segment 10010 vlan 20 vn-segment 10020

VXLAN Underlay Configuration

!-- Configure the IP addresses for VXLAN Underlay interface Ethernet1 ip address 10.1.1.1/30 no shutdown interface Ethernet2 ip address 10.1.1.2/30 no shutdown

VXLAN EVPN (Ethernet VPN) Configuration

!-- Enable EVPN control plane for VXLAN router bgp 65000 address-family l2vpn evpn neighbor 10.1.1.2 remote-as 65001 neighbor 10.1.1.2 activate neighbor 10.1.1.2 send-community extended advertise-all-vni

VXLAN Tunnel Endpoints (VTEP)

!-- Configure a VTEP interface interface Vxlan1 vxlan udp-port 4789 vxlan source-interface loopback0 !-- Associate VTEP with a VLAN vxlan vlan 10 vni 10010 vxlan vlan 20 vni 10020

VXLAN Bridging Configuration

!-- Enable VXLAN bridging for Layer 2 traffic interface Vxlan1 bridge-group vxlan-bridge

VXLAN Routing Configuration

!-- Enable VXLAN routing to allow routing between VNIs interface Vxlan1 ip routing no shutdown

VXLAN Mapping to VLAN

!-- Create a VLAN to VNI mapping vlan 10 vn-segment 10010 exit vlan 20 vn-segment 10020 exit

EVPN Configuration for VXLAN

!-- Configure EVPN Type 5 routes for VXLAN interconnect router bgp 65000 address-family l2vpn evpn advertise-all-vni maximum-paths 4 route-target import 10010:10020 route-target export 10010:10020

VXLAN Troubleshooting

!-- Display VXLAN tunnel status show vxlan tunnel !-- Display VNI to VLAN mapping show vxlan vlan mapping !-- Show VXLAN routing details show ip route vxlan !-- Check VXLAN VTEP neighbor status show evpn neighbors !-- Check VXLAN forwarding table show vxlan fdb

VXLAN Network Functions (VNF)

!-- Configure VXLAN multicast mode for VTEP discovery vxlan vtep multicast-group 239.1.1.1 !-- Enable VXLAN on Layer 3 interfaces interface Vlan10 ip address 192.168.10.1/24 no shutdown interface Vlan20 ip address 192.168.20.1/24 no shutdown

Advanced VXLAN Features

!-- Enable VXLAN QoS (Quality of Service) interface Vxlan1 qos trust dscp !-- Enable VXLAN IP SLA ip sla 1 icmp-echo 192.168.2.2 source-ip 192.168.1.1 frequency 5 threshold 100 timeout 5000

VXLAN Security

!-- Enable VXLAN encryption for secure transport vxlan encryption aes-256 key abcdef1234567890

VXLAN Configuration Backup

!-- Save the VXLAN configuration to a file copy running-config startup-config

VXLAN Statistics

!-- Display VXLAN statistics for monitoring show vxlan statistics

VXLAN Troubleshooting Commands

!-- Display VXLAN routing table show ip route vxlan !-- Check the VXLAN tunnel state and statistics show vxlan tunnel

VXLAN Multicast Mode

!-- Enable VXLAN multicast mode for VTEP discovery vxlan vtep multicast-group 239.1.1.1

VXLAN MTU Configuration

!-- Set MTU size for VXLAN to handle larger frames interface Ethernet1 mtu 9216

Retrieved from "https://it-arts.net/index.php?title=ARISTA_-_VXLAN&oldid=993"