Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1412
Views
0
Helpful
6
Replies

NDFC EPL Configuration

Go to solution
nkhawaja1
Level 1
Level 1

‎09-22-2023 05:35 PM

Hi Team,

Trying to configuration EPL in my lab using CML. I have a basic 1Spine - 2 LEAF topology. 

NDFC virtual appliance is running on ESXi with MGMT and DATA interfaces. 

DATA interface can ping its default GW.

When I enable EPL, it picks the Service IP, but then gives error "Failed to Ping Switches". I am suspecting it is because it is a Cisco Modelling LAB environment. The Switches are unable to reach the NDFC. 

Has anyone deployed and testing this way? Do I need NDFC connected to the LEAF data interfaces?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nkhawaja1
Level 1
Level 1

‎09-29-2023 02:52 PM

Thank you for your reply, i still havent gotten it worked yet. when you say ping ND Data IP Source x.x.x.x, is that the x.x.x.x loopback0 interface? so ND DATA IP need to reach the loopback of SPINE that is used for BGP?

View solution in original post

0 Helpful
6 Replies 6

Go to solution
ADP89
Cisco Employee
Cisco Employee

‎09-27-2023 04:59 AM

Hello,

NDFC EPL can work with CML, there are no limitations there. The important thing is to have non-asymmetric connectivity between the ND data interface/subnet to the Spines control-plane VRF.

How you can get this done it really depends on your environment. I have attached the diagram on how I make it work in my lab.
Key points:
1) Networks X.X.X.X, Y.Y.Y.Y, Z.Z.Z.Z are all routed by the external core device.(This is a real device in my lab)
2) CML has an additional vNIC paired to br1 that allows me to import into the topologies the direct connectivity to Z.Z.Z.Z. This means that I can have a virtual devices attached to that network
3) The core device must have a route (static dynamic) to the VXLAN EVPN control plane subnet via the Z.Z.Z.Z device that you have running into your virtual topology. For this device you could have multiple options:
3a) It could be one of the Levesf Eth interface used as routed interface. Assign to it a Z.Z.Z.Z ip in the default VRF and make sure that you redistribute a default route in the underlay.
3b) The device could be an edge router managed by an External Fabric. With this you can attach the Z.Z.Z.Z network to a routed port and then link it to the VXLAN EVPN fabric default VRF via an IFC. With the recent releases of NDFC you can easily extend the also the default VRF over an IFC between VXLAN EVPN and External fabrics. This is maybe more complex but I find it also more elegant.

HTH,

ADP

 

 

Preview file
73 KB
0 Helpful

Go to solution
nkhawaja1
Level 1
Level 1

‎09-27-2023 12:01 PM

thank you for the suggestion. I will look into that. I think now my topology is very similiar to yours, except I have my control plane on the z.z.z.z network as well. so from br1 i should be able to reach the default gateway. for some reason i can only ping the br1 IP but not the GW IP, security policies on vswitch allows promiscous, mac and forged, I also need a route from ND DATA to z.z.z.z. From CML i can ping both Z.Z.Z.Z Gw and Leaf IP on control plane.

 

0 Helpful

Go to solution
ADP89
Cisco Employee
Cisco Employee
In response to nkhawaja1

‎09-28-2023 12:02 AM

Hello,

Nexus Dashboard uses the data interface gateway for the default route. So unless z.z.z.z is directly connected to the management or you have set a static route on the management interface, you should be good.

When you say "I have my control plane on the z.z.z.z network as well." I believe you mean that you have z.z.z.z network attached to the default VRF. Do a "show ip route vrf default" on the route-reflectors and ensure that they have a route towards ND DATA IP. If not you probably need to redistribute a default static route from the leaf attached to z.z.z.z.
To validate this manually you should be able to run a ping from the spine towards ND data IP "ping n.d.i.p source x.x.x.x "

 

0 Helpful

Go to solution
nkhawaja1
Level 1
Level 1

‎09-29-2023 02:52 PM

Thank you for your reply, i still havent gotten it worked yet. when you say ping ND Data IP Source x.x.x.x, is that the x.x.x.x loopback0 interface? so ND DATA IP need to reach the loopback of SPINE that is used for BGP?

0 Helpful

Go to solution
ADP89
Cisco Employee
Cisco Employee

‎09-30-2023 02:59 AM

That is correct, as the EPL will establish an eBGP EVPN session between ND and the spines in order to learn about endpoints in the fabric.

Send me the topology diagram with routing info if you need additional help.

ADP

 

0 Helpful

Go to solution
nkhawaja1
Level 1
Level 1
In response to ADP89

‎10-02-2023 07:58 PM

Here is the diagram based on yours. Its working when i enabled communication between loopback of Spine to the Nexus Dashboard Data interface. thank you for all your help. good adviseND Diagram-Page-1.drawio.png

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card