Cisco Nexus 7000 Series Configuration Manual page 28

Nx-os vxlan

Hide thumbs Also See for Nexus 7000 Series:

Command reference manual (1018 pages)

Reference manual (746 pages)

Configuration manual (536 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

page of 138

/ 138
Contents
Table of Contents
Bookmarks

Table of Contents

Guidelines and Limitations for VXLAN

• For multicast, the VPC node that receives the (S, G) join from the RP (rendezvous point) becomes the

DF (designated forwarder). On the DF node, encap routes are installed for multicast.

Decap routes are installed based on the election of a decapper from between the VPC primary node and

the VPC secondary node. The winner of the decap election is the node with the least cost to the RP or

the source. However, if the cost to the RP is the same for both nodes, the VPC primary node is elected.

The winner of the decap election has the decap mroute installed. The other node does not have a decap

route installed.

• On a VPC device, BUM traffic (broadcast, unknown-unicast, and multicast traffic) from hosts is replicated

on the vPC peer-link. A copy is made of every native packet and each native packet is sent across the

vPC peer-link to service orphan-ports connected to the peer VPC switch.

To prevent traffic loops in VXLAN networks, native packets ingressing the vPC peer-link cannot be

sent to an uplink. However, if the peer switch is the encapper, the copied packet traverses the vPC

peer-link and is sent to the uplink.

In a VXLAN vPC deployment with peer switch, encapsulation profile, and bridge domain configurations,

the vPC secondary peer switch does not generate or process BPDUs for bridge domains.

• When vPC peer-link is shut, the loopback primary address is used as the source IP address for

encapsulation by both vPC switches.

Note

• When vPC peer-link is no-shut, the NVE loopback secondary address is used.

• For VPC, the loopback interface has 2 IP addresses: the primary IP address and the secondary IP address.

The primary IP address is unique and is used by Layer 3 protocols.

The secondary IP address on loopback is necessary because the interface NVE uses it for the VTEP IP

address. The secondary IP address must be same on both vPC peers.

• The VPC peer-gateway feature must be enabled on both peers.

As a best practice, use peer-switch, peer gateway, ip arp sync, ipv6 nd sync configurations for improved

convergence in VPC topologies.

The following is an example (best practice) of a VPC configuration:

switch# sh ru vpc

version 6.1(2)I3(1)

feature vpc

vpc domain 2

peer-switch

peer-keepalive destination 172.29.206.65 source 172.29.206.64

peer-gateway

ipv6 nd synchronize

Cisco Nexus 7000 Series NX-OS VXLAN Configuration Guide

◦ Using different primary IP addresses.

◦ Consistent NVE interface to VNI mapping.

◦ Consistent VNI to group mapping.

Orphans connected to the VPC secondary will experience loss of traffic for the period

that the vPC peer-link is shut. This is similar to Layer 2 orphans in a VPC secondary of

a traditional VPC setup.

Configuring VXLAN Flood and Learn

Table of Contents

Cisco Nexus 7000 Series Configuration Manual page 28

Related Manuals for Cisco Nexus 7000 Series

Related Products for Cisco Nexus 7000 Series

Table of Contents