- Implementing VXLAN
- Configuring a Layer 3 VXLAN gateway
- Prerequisites
- Restrictions
- Creating and configuring the Network Virtualization Endpoint (NVE) interface
- Configuring the L3 bridge virtual interface
- Configuring a bridge domain
- Configuration Example for Implementing Layer 3 VXLAN Gateway
This module provides configuration information for layer 3 VXLAN on CiscoASR9000 Series Router. For conceptual information on VXLAN, see Implementing VXLAN chapter in the L2VPN and Ethernet Services Configuration Guide for Cisco ASR 9000 Series Routers.
| Release | Modification |
|---|---|
| Release 5.2.0 | This feature was introduced on CiscoASR9000 Series Router. |
Configuring a Layer 3 VXLAN gateway
A layer 3 VXLAN gateway provides routing between VXLAN segment and any other network segment such as VXLAN, VLAN or L3VPN. The following sections show how to configure an ASR 9000 series router as a Layer 3 VXLAN gateway between a VLAN and a VXLAN segment in different networks.
Prerequisites
The following are the prerequisites to configuring a Cisco ASR 9000 series router as a VXLAN Layer 2 gateway:
-
Configure a loopback interface. It serves as a source interface for the local VTEP.
-
Configure unicast reachability to remote VTEPs.
-
Configure Bidirectional Protocol Independent Multicast (Bidir PIM) or PIM Sparse Mode. For more information, see the Multicast Configuration Guide for Cisco ASR 9000 Series Routers.
Restrictions
-
You configure VXLAN only on Overlay Transport Virtualization (OTV) and VXLAN UDP ports.
-
The source interface can only be a loopback interface.
-
You cannot share a VNI or a multicast group or a source interface across multiple NVE interfaces.
-
The VNI range and the multicast range both can only be specified contiguously. A non-contiguous range with comma separated values is not supported.
-
The VNI to multicast group mapping can be only either 1:1 or N:1. For example, -
The "member vni 5000 mcast-group 239.1.1.1" command configures a valid 1:1 mapping.
-
The "member vni 5000-5005 mcast-group 239.1.1.1" command configures a valid N:1 mapping.
-
-
When a VNI is configured as a part of a VNI range, it can be modified or deleted only as part of the same range. For example, if the "member vni 5000-5002 mcast-group 239.1.1.1" command is configured, you cannot disassociate just the VNI 5001 from the NVE interface with a "no member vni 5001" command.
-
Static MAC configuration is not supported.
-
You can configure a maximum of 128k Layer 2 and Layer 3 sub-interfaces per system. The configuration can be a combination of both Layer 2 sub-interfaces and Layer 3 sub-interfaces; or either fully Layer 2 sub-interfaces or Layer 3 sub-interfaces.
Though the system allows you to configure more than 128k sub-interfaces per system, you cannot use this configuration for services. Though the system displays a warning message on reaching the threshold of 128k sub-interfaces, the configuration is still applied. However, you cannot use this configuration for services.
Creating and configuring the Network Virtualization Endpoint (NVE) interface
Perform this task to create an NVE interface and configure it as a VXLAN Tunnel EndPoint (VTEP) for VxLAN.
SUMMARY STEPS
- interface nve nve-identifier
- source-interface loopback loopback-interface-identifier
- member vni vni_number [ -end_vni_range ] mcast-group ip_address [ end_ip_address_range ]
- Use the commit or end command.
DETAILED STEPS
| Step1 | interface nve nve-identifier Example:Creates the NVE interface and enters the NVE interface configuration sub-mode. | ||
| Step2 | source-interface loopback loopback-interface-identifier Example:Sets a loopback interface as the source interface for the VTEP. | ||
| Step3 | member vni vni_number [ -end_vni_range ] mcast-group ip_address [ end_ip_address_range ] Example:
| ||
| Step4 | Use the commit or end command. commit - Saves the configuration changes and remains within the configuration session. end - Prompts user to take one of these actions:
|
Configuring the L3 bridge virtual interface
Perform this task to configure the IPv4 address for a bridge virtual interface for L3 routing.
SUMMARY STEPS
- interface BVI BVI-identifier
- ipv4 address ip-address{ /prefix | subnet mask}
- Use the commit or end command.
DETAILED STEPS
| Step1 | interface BVI BVI-identifier Example: |
| Step2 | ipv4 address ip-address{ /prefix | subnet mask} Example:Sets the IPv4 address for the bridge virtual interface. |
| Step3 | Use the commit or end command. commit - Saves the configuration changes and remains within the configuration session. end - Prompts user to take one of these actions:
|
Configuring a bridge domain
Perform this task to configure a bridge domain.
SUMMARY STEPS
- l2vpn
- bridge group bridge-group-name
- bridge-domain bridge-domain-name
- member vni vxlan-id
- routed interface BVI BVI-id
- Use the commit or end command.
DETAILED STEPS
| Step1 | l2vpn Example:Enters the l2vpn configuration mode. |
| Step2 | bridge group bridge-group-name Example:Enters the bridge group configuration mode. |
| Step3 | bridge-domain bridge-domain-name Example: |
| Step4 | member vni vxlan-id Example: |
| Step5 | routed interface BVI BVI-id Example: |
| Step6 | Use the commit or end command. commit - Saves the configuration changes and remains within the configuration session. end - Prompts user to take one of these actions:
|
Configuration Example for Implementing Layer 3 VXLAN Gateway
The following example shows layer 3 VXLAN gateway configuration on two Provider Edge (PE) routers, R1 and R2, from a sample network topology that has the core network simplified as a bundle link connection between the PE routers.
![MPLS Layer 3 VPN Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 24.1.1 - Implementing VXLAN [Cisco ASR 9000 Series Aggregation Services Routers] (1)](https://i0.wp.com/www.cisco.com/c/dam/en/us/td/i/300001-400000/360001-370000/363001-364000/363702.eps/_jcr_content/renditions/363702.jpg "MPLS Layer 3 VPN Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 24.1.1 - Implementing VXLAN [Cisco ASR 9000 Series Aggregation Services Routers] (1)")
interface Bundle-Ether10 ipv4 address 192.168.1.1/24!interface Loopback0 ipv4 address 1.1.1.1/32!interface T0/2/0/1 no shut!interface T0/2/0/1.100 encapsulation dot1q 100 ipv4 address 19.19.19.1/24!interface BVI1 ipv4 address 100.1.1.1 255.255.255.0 ipv6 address 100::1/64!router ospf underlay router-id 1.1.1.1 area 0 interface Bundle-Ether10 interface Loopback0!Interface nve 1 member vni 1 mcast-group 224.2.2.2 0.0.0.0 overlay-encapsulation vxlan source-interface Loopback0!router ospf overlay area 0 interface bvi1 interface T0/2/0/1.100!l2vpn bridge group vxlan bridge-domain vxlan routed interface BVI1 member vni 1 !multicast-routing address-family ipv4 interface loopback0 enable interface Bundle-Ether10 enable!router pim address-family ipv4 rp-address 1.1.1.1 bidirinterface Bundle-Ether10 ipv4 address 192.168.1.2/24!interface Loopback0 ipv4 address 2.2.2.2/32!interface T0/3/0/23 no shut!interface T0/3/0/23.100 encapsulation dot1q 100 ipv4 address 20.20.20.1/24!interface BVI1 ipv4 address 100.1.1.2 255.255.255.0 ipv6 address 100::2/64router ospf underlay router-id 2.2.2.2 area 0 interface Bundle-Ether10 interface Loopback0!Interface nve 1 member vni 1 mcast-group 224.2.2.2 0.0.0.0 overlay-encapsulation vxlan source-interface Loopback0!router ospf overlay area 0 interface bvi1 interface T0/3/0/23.100!l2vpn bridge group vxlan bridge-domain vxlan routed interface BVI1 member vni 1 !multicast-routing address-family ipv4 interface loopback0 enable interface Bundle-Ether10 enable!router pim address-family ipv4 rp-address 1.1.1.1 bidir![MPLS Layer 3 VPN Configuration Guide for Cisco ASR 9000 Series Routers, IOS XR Release 24.1.1 - Implementing
VXLAN [Cisco ASR 9000 Series Aggregation Services Routers] (2024)](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII=)