ARISTA - VXLAN: Difference between revisions

From IT-Arts.net
← Older editNewer edit →
No edit summary
No edit summary
Line 1: Line 1:
[[Category:Wiki]]
[[Category:Wiki]]


==VXLAN Overview==
== VXLAN Overview ==
VXLAN encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets, providing network segmentation and scalability over a shared IP infrastructure. VXLAN uses a 24-bit VXLAN Network Identifier (VNI) to create virtual networks. It typically works with technologies like EVPN or static configurations to provide control plane functions.


==Basic VXLAN Configuration==
VXLAN (Virtual Extensible LAN) is a network overlay protocol designed to address the limitations of VLANs. It encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets, allowing for scalable network segmentation across large data center environments. Below are advanced Arista EOS CLI commands related to VXLAN configuration and troubleshooting.
* '''interface Vxlan <VNI-number>''' 
  - Creates a VXLAN interface with the specified VXLAN Network Identifier (VNI).
 
* '''vxlan vlan <vlan-id> vni <vni-number>''' 
  - Maps a VLAN to a VXLAN VNI. This is necessary to associate VLANs with VXLAN networks.


* '''vxlan udp-port <port-number>''' 
== VXLAN Configuration ==
  - Configures the UDP port for VXLAN encapsulation (default is 4789).


* '''vxlan source-interface <interface-name>''' 
<nowiki>
  - Configures the source interface for VXLAN traffic. This interface is used for the source IP address in the VXLAN encapsulated packets.
!-- Enable VXLAN routing globally
vtep local-ip 192.168.1.1
vtep source-interface loopback0


* '''vxlan flood <enable|disable>''' 
!-- Configure VXLAN VLANs to map VNI (VXLAN Network Identifier)
   - Enables or disables flooding of unknown unicast traffic in the VXLAN.
vlan 10
  vn-segment 10010
vlan 20
   vn-segment 10020
</nowiki>


==VXLAN BGP EVPN Configuration==
== VXLAN Underlay Configuration ==
For large-scale deployments, VXLAN typically works with EVPN (Ethernet VPN) as the control plane for VXLAN to handle MAC address learning, multi-tenancy, and optimal routing of VXLAN traffic.


* '''router bgp <AS-number>''' 
<nowiki>
  - Enters BGP configuration mode to configure BGP as the control plane for VXLAN.
!-- Configure the IP addresses for VXLAN Underlay
interface Ethernet1
  ip address 10.1.1.1/30
  no shutdown


* '''address-family l2vpn evpn''' 
interface Ethernet2
   - Configures the BGP EVPN address family, which is used for VXLAN in BGP.
   ip address 10.1.1.2/30
  no shutdown
</nowiki>


* '''neighbor <IP-address> activate''' 
== VXLAN EVPN (Ethernet VPN) Configuration ==
  - Activates a BGP EVPN session with the specified neighbor.


* '''evpn extended-vni-list <VNI-list>''' 
<nowiki>
  - Configures a list of VNIs for use in the EVPN.
!-- Enable EVPN control plane for VXLAN
router bgp 65000
  address-family l2vpn evpn
    neighbor 10.1.1.2 remote-as 65001
    neighbor 10.1.1.2 activate
    neighbor 10.1.1.2 send-community extended
    advertise-all-vni
</nowiki>


* '''vxlan evpn mode''' 
== VXLAN Tunnel Endpoints (VTEP) ==
  - Configures the device to operate in VXLAN EVPN mode, enabling EVPN as the control plane for VXLAN.


* '''vxlan vni <VNI-number> route-target import <RT>''' 
<nowiki>
   - Configures the route-target (RT) import policy for the VXLAN VNI.
!-- Configure a VTEP interface
interface Vxlan1
   vxlan udp-port 4789
  vxlan source-interface loopback0


* '''vxlan vni <VNI-number> route-target export <RT>''' 
!-- Associate VTEP with a VLAN
  - Configures the route-target (RT) export policy for the VXLAN VNI.
vxlan vlan 10 vni 10010
vxlan vlan 20 vni 10020
</nowiki>


* '''vxlan vni <VNI-number> rd <route-distinguisher>''' 
== VXLAN Bridging Configuration ==
  - Configures a route distinguisher (RD) for the VXLAN VNI.


* '''evpn vni <VNI-number> advertise''' 
<nowiki>
   - Configures the device to advertise a specific VXLAN VNI in BGP EVPN.
!-- Enable VXLAN bridging for Layer 2 traffic
interface Vxlan1
   bridge-group vxlan-bridge
</nowiki>


* '''vxlan vlan <vlan-id> vni <vni-number> rd <route-distinguisher>''' 
== VXLAN Routing Configuration ==
  - Maps a VLAN to a VXLAN VNI and configures a route distinguisher.


==VXLAN and Multicast==
<nowiki>
VXLAN traffic can be forwarded using multicast for unknown unicast, broadcast, and multicast (BUM) traffic. VXLAN supports both multicast and unicast-based flooding mechanisms.
!-- Enable VXLAN routing to allow routing between VNIs
interface Vxlan1
  ip routing
  no shutdown
</nowiki>


* '''vxlan multicast-group <multicast-ip>''' 
== VXLAN Mapping to VLAN ==
  - Configures the multicast group IP address for VXLAN BUM traffic.


* '''vxlan use-vrf <vrf-name> multicast-group <multicast-ip>''' 
<nowiki>
   - Configures VXLAN to use a specific VRF for multicast forwarding.
!-- Create a VLAN to VNI mapping
vlan 10
   vn-segment 10010
  exit


* '''ip igmp join-group <multicast-ip>''' 
vlan 20
  - Joins a multicast group for VXLAN flooding (used for multicast-based VXLAN configurations).
  vn-segment 10020
  exit
</nowiki>


* '''ip pim sparse-mode''' 
== EVPN Configuration for VXLAN ==
  - Configures PIM (Protocol Independent Multicast) sparse mode to manage multicast forwarding.


* '''vxlan flood <enable|disable>''' 
<nowiki>
   - Configures whether unknown unicast traffic is flooded within the VXLAN.
!-- Configure EVPN Type 5 routes for VXLAN interconnect
router bgp 65000
   address-family l2vpn evpn
    advertise-all-vni
    maximum-paths 4
    route-target import 10010:10020
    route-target export 10010:10020
</nowiki>


==VXLAN Unicast Mode==
== VXLAN Troubleshooting ==
In VXLAN Unicast mode, VXLAN traffic is forwarded using unicast to the remote VTEPs (VXLAN Tunnel Endpoints).


* '''vxlan flood <enable|disable> unicast''' 
<nowiki>
  - Enables or disables unicast forwarding for VXLAN traffic. In this mode, VXLAN traffic uses unicast encapsulation instead of multicast for BUM traffic.
!-- Display VXLAN tunnel status
show vxlan tunnel


==VXLAN Interfaces==
!-- Display VNI to VLAN mapping
VXLAN requires the configuration of logical interfaces for communication within the VXLAN overlay network.
show vxlan vlan mapping


* '''interface Vxlan <VNI-number>''' 
!-- Show VXLAN routing details
  - Creates a VXLAN interface associated with a specific VNI.
show ip route vxlan


* '''interface Vxlan <VNI-number> ip address <IP-address> <subnet-mask>''' 
!-- Check VXLAN VTEP neighbor status
  - Configures an IP address on a VXLAN interface.
show evpn neighbors


* '''interface Vxlan <VNI-number> no shutdown''' 
!-- Check VXLAN forwarding table
  - Enables the VXLAN interface (brings it up).
show vxlan fdb
</nowiki>


* '''show interface Vxlan <VNI-number>''' 
== VXLAN Network Functions (VNF) ==
  - Displays information about the VXLAN interface, including operational status and statistics.


==VXLAN Tunnel Endpoint (VTEP) Configuration==
<nowiki>
A VTEP is responsible for VXLAN encapsulation and decapsulation at the edge of the VXLAN network. It is typically configured on devices that serve as gateways between the physical network and the VXLAN overlay.
!-- Configure VXLAN multicast mode for VTEP discovery
vxlan vtep multicast-group 239.1.1.1


* '''interface Ethernet <slot>/<port> vxlan encapsulation''' 
!-- Enable VXLAN on Layer 3 interfaces
   - Configures a physical interface to support VXLAN encapsulation.
interface Vlan10
  ip address 192.168.10.1/24
   no shutdown


* '''show vxlan''' 
interface Vlan20
   - Displays detailed VXLAN configuration and status, including VNI mappings, VTEP interfaces, and VXLAN flood mode.
   ip address 192.168.20.1/24
  no shutdown
</nowiki>


* '''show vxlan tunnel''' 
== Advanced VXLAN Features ==
  - Displays the VXLAN tunnel status between VTEPs, including IP address and operational status.


==VXLAN Monitoring and Troubleshooting==
<nowiki>
* '''show vxlan vtep''' 
!-- Enable VXLAN QoS (Quality of Service)
  - Displays information about VXLAN Tunnel Endpoints (VTEPs) in the system.
interface Vxlan1
  qos trust dscp


* '''show vxlan flood''' 
!-- Enable VXLAN IP SLA
   - Displays the flooding behavior of VXLAN traffic (whether it is multicast or unicast).
ip sla 1
   icmp-echo 192.168.2.2 source-ip 192.168.1.1
  frequency 5
  threshold 100
  timeout 5000
</nowiki>


* '''show ip vxlan''' 
== VXLAN Security ==
  - Displays general VXLAN configuration information, including active VNIs and associated VLANs.


* '''show bgp l2vpn evpn''' 
<nowiki>
  - Displays BGP EVPN routes for VXLAN. Useful for troubleshooting BGP control plane connectivity.
!-- Enable VXLAN encryption for secure transport
vxlan encryption aes-256
  key abcdef1234567890
</nowiki>


* '''show vxlan vni <VNI-number>''' 
== VXLAN Configuration Backup ==
  - Displays the status and configuration of a specific VXLAN VNI.


* '''debug vxlan''' 
<nowiki>
  - Enables debugging for VXLAN traffic, useful for troubleshooting VXLAN encapsulation and forwarding issues.
!-- Save the VXLAN configuration to a file
copy running-config startup-config
</nowiki>


* '''debug bgp evpn''' 
== VXLAN Statistics ==
  - Enables debugging for BGP EVPN, which is the control plane for VXLAN.


* '''clear vxlan vtep <VTEP-IP>''' 
<nowiki>
  - Clears VXLAN VTEP state information for a specified VTEP.
!-- Display VXLAN statistics for monitoring
show vxlan statistics
</nowiki>


==VXLAN Use Cases==
== VXLAN Troubleshooting Commands ==
* '''VXLAN for Multi-Tenant Data Centers''' 
  - VXLAN is used to create isolated Layer 2 domains over a shared Layer 3 infrastructure, which is ideal for multi-tenant data center environments.


* '''VXLAN with EVPN Control Plane''' 
<nowiki>
  - VXLAN often operates with EVPN as the control plane for MAC address learning, route advertisement, and multi-homing across VTEPs.
!-- Display VXLAN routing table
show ip route vxlan


* '''VXLAN for Hybrid Cloud Deployments''' 
!-- Check the VXLAN tunnel state and statistics
  - VXLAN provides seamless Layer 2 connectivity across on-premise data centers and public cloud environments, supporting hybrid cloud use cases.
show vxlan tunnel
</nowiki>


==Advanced VXLAN Features==
== VXLAN Multicast Mode ==
* '''VXLAN with Segment Routing''' 
  - VXLAN can be integrated with Segment Routing (SR) to provide enhanced traffic engineering and forwarding.


* '''VXLAN with DCI (Data Center Interconnect)''' 
<nowiki>
  - VXLAN is commonly used for Data Center Interconnect (DCI) to extend Layer 2 services across multiple geographically distributed data centers.
!-- Enable VXLAN multicast mode for VTEP discovery
vxlan vtep multicast-group 239.1.1.1
</nowiki>


* '''VXLAN EVPN Multihoming''' 
== VXLAN MTU Configuration ==
  - VXLAN with EVPN allows for multihoming configurations, where a single VXLAN network can be connected to multiple VTEPs for redundancy and load balancing.
 
<nowiki>
!-- Set MTU size for VXLAN to handle larger frames
interface Ethernet1
  mtu 9216
</nowiki>

Revision as of 16:23, 13 December 2025


VXLAN Overview

VXLAN (Virtual Extensible LAN) is a network overlay protocol designed to address the limitations of VLANs. It encapsulates Layer 2 Ethernet frames in Layer 3 UDP packets, allowing for scalable network segmentation across large data center environments. Below are advanced Arista EOS CLI commands related to VXLAN configuration and troubleshooting.

VXLAN Configuration

!-- Enable VXLAN routing globally vtep local-ip 192.168.1.1 vtep source-interface loopback0 !-- Configure VXLAN VLANs to map VNI (VXLAN Network Identifier) vlan 10 vn-segment 10010 vlan 20 vn-segment 10020

VXLAN Underlay Configuration

!-- Configure the IP addresses for VXLAN Underlay interface Ethernet1 ip address 10.1.1.1/30 no shutdown interface Ethernet2 ip address 10.1.1.2/30 no shutdown

VXLAN EVPN (Ethernet VPN) Configuration

!-- Enable EVPN control plane for VXLAN router bgp 65000 address-family l2vpn evpn neighbor 10.1.1.2 remote-as 65001 neighbor 10.1.1.2 activate neighbor 10.1.1.2 send-community extended advertise-all-vni

VXLAN Tunnel Endpoints (VTEP)

!-- Configure a VTEP interface interface Vxlan1 vxlan udp-port 4789 vxlan source-interface loopback0 !-- Associate VTEP with a VLAN vxlan vlan 10 vni 10010 vxlan vlan 20 vni 10020

VXLAN Bridging Configuration

!-- Enable VXLAN bridging for Layer 2 traffic interface Vxlan1 bridge-group vxlan-bridge

VXLAN Routing Configuration

!-- Enable VXLAN routing to allow routing between VNIs interface Vxlan1 ip routing no shutdown

VXLAN Mapping to VLAN

!-- Create a VLAN to VNI mapping vlan 10 vn-segment 10010 exit vlan 20 vn-segment 10020 exit

EVPN Configuration for VXLAN

!-- Configure EVPN Type 5 routes for VXLAN interconnect router bgp 65000 address-family l2vpn evpn advertise-all-vni maximum-paths 4 route-target import 10010:10020 route-target export 10010:10020

VXLAN Troubleshooting

!-- Display VXLAN tunnel status show vxlan tunnel !-- Display VNI to VLAN mapping show vxlan vlan mapping !-- Show VXLAN routing details show ip route vxlan !-- Check VXLAN VTEP neighbor status show evpn neighbors !-- Check VXLAN forwarding table show vxlan fdb

VXLAN Network Functions (VNF)

!-- Configure VXLAN multicast mode for VTEP discovery vxlan vtep multicast-group 239.1.1.1 !-- Enable VXLAN on Layer 3 interfaces interface Vlan10 ip address 192.168.10.1/24 no shutdown interface Vlan20 ip address 192.168.20.1/24 no shutdown

Advanced VXLAN Features

!-- Enable VXLAN QoS (Quality of Service) interface Vxlan1 qos trust dscp !-- Enable VXLAN IP SLA ip sla 1 icmp-echo 192.168.2.2 source-ip 192.168.1.1 frequency 5 threshold 100 timeout 5000

VXLAN Security

!-- Enable VXLAN encryption for secure transport vxlan encryption aes-256 key abcdef1234567890

VXLAN Configuration Backup

!-- Save the VXLAN configuration to a file copy running-config startup-config

VXLAN Statistics

!-- Display VXLAN statistics for monitoring show vxlan statistics

VXLAN Troubleshooting Commands

!-- Display VXLAN routing table show ip route vxlan !-- Check the VXLAN tunnel state and statistics show vxlan tunnel

VXLAN Multicast Mode

!-- Enable VXLAN multicast mode for VTEP discovery vxlan vtep multicast-group 239.1.1.1

VXLAN MTU Configuration

!-- Set MTU size for VXLAN to handle larger frames interface Ethernet1 mtu 9216

Retrieved from "https://it-arts.net/index.php?title=ARISTA_-_VXLAN&oldid=467"