Feature History For Campus Fabric - Cisco Nexus 7000 Series Configuration Manual

Nx-os vxlan

Hide thumbs Also See for Nexus 7000 Series:

Command reference manual (1018 pages)

Reference manual (746 pages)

Configuration manual (536 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

page of 138

/ 138
Contents
Table of Contents
Bookmarks

Table of Contents

Feature History for Campus Fabric

router bgp 100

description "

router-id 12.12.12.13

vrf vrf5000

SGT Propagation, Termination, and Generation

The security group tag (SGT) allows the network to enforce the access control policy by enabling the endpoint

device to act upon the SGT to filter traffic.

At the ingress point, traffic from the source is tagged with an SGT containing the security group number of

the source entity. The SGT is propagated with the traffic across the domain. At the egress point, an egress

device uses the source SGT and the security group number of the destination entity to determine which access

policy to apply from the security group access control lists (SGACL) policy matrix.

The least significant 16 bits in the reserved field of the VXLAN header is used to carry the SGT information.

For traffic ingressing the site from internet a mechanism is needed to classify the packets as internet packets

and drive SGT based on the classification. This SGT is used in the reserved field of the VXLAN header during

VXLAN encapsulation.

For traffic egressing the site the SGT field should be used from the reserved field during VXLAN decapsulation

and policy enforcement can be done based on the sg tag. This is where M3 module acts as a PETR. This is

enabled using theip lisp sgt command.

Multicast Head-end Replication

Head-end replication for LISP multicast over a unicast core is supported on M3 modules.

Head-end replication accomplishes the need of a multicast transport for Overlay Transport Virtualization

(OTV) control plane communications. Multicast transport is used to let a single OTV update or packets to

reach all other OTV devices using a specific multicast group address across domains.

LISP Multicast configuration on an ETR or ITR is covered in the "VXLAN Encapsulation for Layer-3 LISP

Configuration" section described above.

TTL Propagation

TTL (Time-to-Live) is a setting for each DNS record that specifies how long a resolver should cache the DNS

query before the query expires and a new query needs to be made.

TTL propagation from the inner header to the outer header during VXLAN encapsulation is done based on a

CLI. On enabling this CLI, the TTL propagation will be disabled from the inner header to the outer header

during encapsulation. This is enabled using the lisp disable-ttl-propagate command.

Feature History for Campus Fabric

This table lists the release history for this feature.

Cisco Nexus 7000 Series NX-OS VXLAN Configuration Guide

address-family ipv4 unicast

redistribute lisp route-map LISP-RMAP

redistribute direct route-map LISP-RMAP

neighbor 80.1.1.2 remote-as 100

Description "BGP neigbor to the CORE Router"

address-family ipv4 unicast

address-family ipv6 unicast

Campus Fabric

Table of Contents

Feature History For Campus Fabric - Cisco Nexus 7000 Series Configuration Manual

Feature History for Campus Fabric

Related Manuals for Cisco Nexus 7000 Series

Related Content for Cisco Nexus 7000 Series

Table of Contents