cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1570
Views
0
Helpful
7
Replies

VxLAN MULTISITE requirements

vivarock12
Level 1
Level 1

what are the requirements of VxLAN MULTISE?

from what my investigation i discover that physical interface is needed for the for port that will conect to the other site but is that really necesary or can it be a subinterface?

and is there any other thing that i need to know?

 

thanks for the help by the way.

7 Replies 7

Francesco Molino
VIP Alumni
VIP Alumni

Hi
Unfortunately it's not yet supported and don't know if it's going to be soon.
Here the documentation:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/vxlan/configuration/guide/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x_chapter_0101.html

For VXLAN BGP EVPN, it says: SVI and subinterfaces as uplinks are not supported.

 

Don't know if you already did that but nothing very special to do, just follow the documentation guide and it's straight forward.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

ok thanks for the confirmation.

 

one question is there any problem conecting the Multisite via a VPN Site-to-Site from site-1 to site-2 or there the need to change the MTU for that link?

 

from what i understand theres no special requeriment but can you confirm this?

Hi @vivarock12,

"The only specific requirements for the Layer 3 cloud are that it provide IP connectivity between the virtual IP and PIP addresses of the BGWs and accommodate the MTU for the VXLAN-encapsulated traffic across the cloud. The Layer 3 cloud can be any routed service, such as a flat Layer 3 routed network, a Multiprotocol Label Switching (MPLS) Layer 3 VPN (L3VPN), or other provider services. Whenever a VPN-like service is provided in the Layer 3 cloud, note that the physical interfaces on the BGW site must remain in the default VRF instance. Multiprotocol-BGP (MP-BGP) peering with VPN address families is supported only as part of the default VRF instance."

 

from

VXLAN EVPN Multi-Site Design and Deployment White Paper

 

Your site-to-site VPN would need to accommodate for the extra overhead of MTU. Once done, in theory it should work if you are using a single BGW (Border Gateway) per Site with a single connection to communicate the two Sites.

On the other hand, if you are using 2x BGWs per Site, you would need two site-to-site VPNs to have a "BGW back-to-back model" as depicted in the same White Paper.

Screen Shot 2020-02-25 at 3.05.58 PM.png

 

If you have more than two sites, it will not scale smoothly.

 

I'm not a big fan of the VPN site-to-site idea, but in pure theory it should work.

I'd suggest to go thru that White Paper (if not done yet) as it contains valuable information and describes some failure scenarios.

 

Best Regards.

Hello @Hector Gustavo Serrano Gutierrez ,

In my desing i have 2 sites

in site1 i have 2 BL-BGW in site2 i have 1 BL-BGW

so i will have from the S2 BL-BGW one conection to each BL-BGW on S1:

ASA_DCI.PNG

one where i will use to ASA with VPN Site-to-Site, but between the conection needs to be MTU1550?

 

RT_DCI.PNG

Case 2 i will use to Router that will use an L3 link between them.

 

So like i told you B_Leaf_L2 and B_Leaf_L3 and Site 1 will have a DCI conection to the B_Leaf on site 2.

 

so is the mtu consideration needed on the links from the B_LEAF_Nexus and on the DCI-LINK too?

Saludos

It's more 1554 as mtu value and yes you should support it.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Can i use the same interface for the multisite and create a subinterface.

 

the idea is that i have one fisical interface and create a sub interface for the same inteface and uset for a OSPF?

!
interface Ethernet1/8
description DCI
no switchport
ip address 172.16.121.1/30
ip ospf cost 10
ip router ospf DCI area 0.0.0.0
evpn multisite dci-tracking
no shutdown
!
interface ethernet 1/8.10
encapsulation dot1Q 33
vrf member OUTSIDE_TENANT
ip address 172.16.2.17/30
ip ospf cost 100
ip router ospf OSPF_OUTSIDE area 0.0.0.0
no shutdown
!

something like this? i know that i not the best idea but the client is only having 1 DarckFiber link per site and wants to connect the principal office an use the same Fiber link for the OSPF conection to that site.

and DWDM is not and optionether?

It could work but never tried. What I usually do is use the DCI link (darkfiber) in a pure L2 link with vlans trunked and then loop a cable between 2 ports (1 side as a vlan access and the other side as L3 interface). with that solution I achieve what you're trying to do.
Anyways, you can try with your solution.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: