Welcome to this Cisco Support Community Ask the Expert conversation. Cisco Data Center Overlays with focus on VXLAN (Virtual Extensible Local Area Network) to Vishal Metha.
Ask questions from Tuesday October 20, to Friday October 30, 2015
In the modern data center, traditional technologies are limiting the speed, flexibility, scalability, and manageability of application deployments. There is emerging interest in the industry in overlay technologies (such as MPLS, VXLAN, LISP...) which may address some of these challenges. This session will discuss the latest trend in Overlay Technologies and compare each one of the available solutions in terms of deployment, benefits and challenges. The major emphasis in this session will be on VXLAN evolution and to elaborate on which Cisco Products support different VXLAN solutions. Various VXLAN configurations such as BGP-EVPN control plane, L2 Gateway, L3 Gateway; Bridging, Packet-Flow, Best Practices, Deployment scenarios and other advanced features will be also discussed.
Vishal and Pranav will be helping you with all your queries on all of the above.
Vishal Mehta is a Technical Marketing Engineer with Cisco's Data Center Competitive Insights Team based in San Jose, California. Previously he was working as the customer support engineer for Data Center Server Virtualization Technical Assistance Center (TAC) team for the past 4 years with a primary focus on data center technologies such as Cisco Nexus® 5000, Cisco UCS, Cisco Nexus 1000V, and Virtualization. He has CCIE® certification (# 37139) in Routing/Switching, Service Provider & Data Center. Vishal has presented at Cisco Live in Orlando 2013, Milan 2014, and San Francisco 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333).
Pranav Doshi is a Technical Marketing Engineer with Cisco’s Data Center Competitive Insights Team based in San Jose, California. Pranav has been with Cisco since 2010, starting off as a Team-Lead Technical Support Engineer in the LAN-Switching team working on Catalyst 37XX/45XX/65XX and Nexus 2K/3K/5K/6K/7K/9K platforms. After working in Cisco TAC, Pranav worked in Cisco Advanced Services as part of the Data Center Solutions Team for Cisco’s Enterprise Customers. During his stint with Cisco AS, Pranav designed data centers with Nexus Standalone deployments leveraging technologies like Fabricpath, OTV as well as ACI deployments.
Because of the volume expected during this event, Vishal or Pranav might not be able to answer every question.
**Ratings Encourage Participation! **
Please be sure to rate the Answers to Questions
Thank you for the feedback :)
Below are some good documents on Cisco Overlay Technologies:
Only book on VXLAN i know of is:
My personal recommendation would be to leverage Cisco Blogs, YouTube, Config guides, Cisco Live Sessions for VXLAN and Overlay Technologies in comparison to books. As the technology is still evolving and with different solution possibility it will be hard to find a book that can cover everything in real-time.
I am very interested in how to connect external L3 routing devices like Routers, Firewalls, a.s.o to EVPN VXLAN DCI deployments with Anycast Gateway functionality (plus actually in VPC environments)
This includes redistribution from typical IGPs to VTEPs but also connecting Firewalls with static routing and redistribution of static routes to VXLAN control plane.
There are some tough issues and design topics to solve, unfortunately I am currently not able to find documentation or best practices covering this topics...
Some of the detail questions with quite intense complexity are: (all relate to actual Anycast Gateway EVPN design)
- How are routers to be connected to VTEPs within a VPC domain?
- Are single attached (orphan) routing devices / firewalls supported - again on VPC cluster VTEPs
- Is it possible to redistribute external networks on two different VTEPs within different VPC domains in EVPN Anycast Gateway designs?
Some diagrams illustrating my questions...
1. DCI topology with route redistribution to EVPN BGP process for external routing within tenant VRF:
2. How does VTEP E (its client) know, which VTEP owns the active ASA firewall node, when there is static routing with redistribution into EVPN is in place:
Thanks in advance for any inputs on that topics!
For details on specific design questions, i would recommend to reach out to your local Cisco Representative or Network Consulting Engineer who can help you with designing network as per your needs.
I would highly recommend to see Cisco Live Sessions on VXLAN and FabricPath.
Those sessions discuss about Customers Design that we see in Production DataCenters.
You can become member of Cisco Live 365 for free and have complete access to session recordings and presentation
I have listed below the sessions from Cisco Live:
VXLAN can be implemented on all Nexus Switches (including Nexus 1000v) and its not bound to topology, the VXLAN Solution will differ on Cisco Portfolio and it doesnt rely on ACI
Spine-Leaf architecture is recommended for VXLAN but not a necessity, it also depends on what is the network topology and what you are trying to achieve with VXLAN.
ACI provides its own integrated control-plane and it is different from BGP-EVPN (VXLAN control plane) which is implemented on Nexus 9000 (in Standalone Mode), Nexus 3000, Nexus 5600/6000 and also on Nexus 7000 (with F3 line cards)
Can you provide some background on IP Multicast support within VXLAN MP-BGP EVPN overlay networks? I’m specifically referring to IP multicast for hosts within VXLAN segments and not for IP PIM configured for Broadcast, Unknown Unicast and Multicast (BUM) traffic within the underlay.
As of NX-OS 7.0(3)I1(3) when I map a VLAN Id to a VXLAN segment Id i.e., vn-segment vnid within vlan context, I receive a message “Warning: Disabling IGMP snooping for VLAN vlanid”. If I then configure ip pim sparse-mode on the L3 SVI for this VLAN I receive the message “Warning: Please ensure igmp snooping is enabled on the corresponding vlan…”
In light of the above can you answer the following questions:
Does IP multicast work between sources and receivers when both are present within the same VXLAN segment?
Does IP multicast work between sources and receivers when for example the source is present within one VXLAN segment and the receivers are present in a different VXLAN segment?
Does IP multicast work between sources and receivers when for example the source is present within a VXLAN segment and the receivers are present outside of the VXLAN overlay?
Does IP multicast work between sources and receivers when for example the receivers are present within a VXLAN segment and the source is present outside of the VXLAN overlay?
If the scenarios above are not currently supported, are you able to provide an indication of when support would be available?
And as a supplemental question to, can you provide documentation as to how we would deploy IP multicast for hosts within a VXLAN overlay today? None of the white papers, deployment guides or Cisco Live presentations I’ve seen touch on this subject.
There are several differences between VxLAN and Fabricpath for example :
1. VxLAN is Standards based Vs Fabricpath being Cisco proprietary.
2. Encapsulation method for VxLAN is per packets where as for FP it is per frame.
3. VxLAN needs Layer-3 as underlying transport medium where as FP requires Layer-1 only.
An extremely good Cisco Live Session with comparison tables between VxLAN and FP can be found here :
Hope this helps.
Please be so kind to assist me on the following questions:
1. In vPC VTEP scenario with MP-BGP EVPN VXLAN do we need to have the vPC peers to be BGP adjacent? if YES, why we need this adjacency?
2. Can you explain why we need VRF overlay VLAN and SVI for VXLAN routing?
3. Why VRF overlay SVI does NOT have an IP address assigned?
4. DCI between two DCs with a pair of vPC VTEPs in each. The DCs are interconnected through a multihop MP-eBGP.
4.1 can you propose me a documentation regarding the this design?
4.2 is the full-mesh eBGP between the four VTEPs is the proper solution?
4.3 should I distribute the MP-BGP EVPN routes into inter-DC IGP?
4.4 how I must tune the MP-BGP to use both opposite VTEPs for load balancing?
Thank you for your time in advance!