VXLAN and BGP EVPN Configuration Guide for Dell EMC SmartFabric OS10 Release 10.5.2

PDF

Enable overlay routing between virtual networks

The previous sections describe how a VTEP switches traffic between hosts in the same L2 tenant segment on a virtual network, and transports traffic over an IP underlay fabric. This section describes how a VTEP enables hosts in different L2 segments belonging to the same tenant VRF to communicate with each other.

NOTE: On the S4248-ON switch, IPv6 overlay routing between virtual networks is not supported with static VXLAN. IPv6 overlay routing is, however, supported with BGP EVPN asymmetric IRB.

Each tenant is assigned a VRF and each virtual-network interface is assigned an IP subnet in the tenant VRF. The VTEP acts as the L3 gateway that routes traffic from one tenant subnet to another in the overlay before encapsulating it in the VXLAN header and transporting it over the IP underlay fabric.

To enable host traffic routing between virtual networks, configure an interface for each virtual network and associate it to a tenant VRF. Assign a unique IP address in the IP subnet range associated with the virtual network to each virtual-network interface on each VTEP.

To enable efficient traffic forwarding on a VTEP, OS10 supports distributed and centralized gateway routing. A distributed gateway means that multiple VTEPs act as the gateway router for a tenant subnet. The VTEP nearest to a host acts as its gateway router. To support seamless migration of hosts and virtual machines on different VTEPs, configure a common virtual IP address, known as an anycast IP address, on all VTEPs for each virtual network. Use this anycast IP address as the gateway IP address on VMs.

To support multiple tenants when each tenant has its own L2 segments, configure a different IP VRF for each tenant. All tenants share the same VXLAN underlay IP fabric in the default VRF.

  1. Create a non-default VRF instance for overlay routing in Configuration mode. For multi-tenancy, create a VRF instance for each tenant.
    ip vrf tenant-vrf-name
    exit
  2. Configure the anycast gateway MAC address all VTEPs use in all VXLAN virtual networks in Configuration mode.

    When a VM sends an Address Resolution Protocol (ARP) request for the anycast gateway IP address in a VXLAN virtual network, the nearest VTEP responds with the configured anycast MAC address. Configure the same MAC address on all VTEPs so that the anycast gateway MAC address remains the same if a VM migrates to a different VTEP. Because the configured MAC address is automatically used for all VXLAN virtual networks, configure it in global Configuration mode.

    ip virtual-router mac-address mac-address
    Example:
    OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01
  3. Configure a virtual-network interface, assign it to the tenant VRF, and configure an IP address.

    The interface IP address must be unique on each VTEP, including VTEPs in VLT pairs. You can configure an IPv6 address on the virtual-network interface. Different virtual-network interfaces you configure on the same VTEP must have virtual-network IP addresses in different subnets. If you do not assign the virtual-network interface to a tenant VRF, it is assigned to the default VRF.

    interface virtual-network vn-id
    ip vrf forwarding tenant-vrf-name
    ip address ip-address/mask
    no shutdown
    exit
  4. Configure an anycast gateway IPv4 or IPv6 address for each virtual network in INTERFACE-VIRTUAL-NETWORK mode. This anycast IP address must be in the same subnet as the IP address of the virtual-network interface in Step 3.

    Configure the same IPv4 or IPv6 address as the anycast IP address on all VTEPs in a virtual network. All hosts use the anycast gateway IP address as the default gateway IP address in the subnet that connects to the virtual-network interface configured in Step 3. Configure the anycast gateway IP address on all downstream VMs. Using the same anycast gateway IP address allows host VMs to move from one VTEP to another VTEP in a VXLAN. Dell EMC recommends using an anycast gateway in both VLT and non-VLT VXLAN configurations.

    interface virtual-network vn-id
    ip virtual-router address ip-address
Configuration notes for virtual-network routing:
  • VXLAN overlay routing includes routing tenant traffic on the ingress VTEP and bridging the traffic on the egress VTEP. The ingress VTEP learns ARP entries and associates all destination IP addresses of tenant VMs with the corresponding VM MAC addresses in the overlay. On the ingress VTEP, configure a virtual network for each destination IP subnet even if there are no locally attached hosts for an IP subnet.
  • Routing protocols, such as Open Shortest Path First (OSPF) and BGP, are not supported on the virtual-network interface in the overlay network. However, static routes that point to a virtual-network interface or to a next-hop IP address that belongs to a virtual-network subnet are supported.
  • When you add a static route in the overlay, any next-hop IP address that belongs to a virtual-network subnet must be the only next-hop for that route and cannot be one of multiple ECMP next-hops. For example, if you enter the following configuration commands one after the other, where 10.250.0.0/16 is a virtual-network subnet, only the first next-hop is active on the switch.
    OS10(config)# ip route 0.0.0.0/0  10.250.0.101
    OS10(config)# ip route 0.0.0.0/0  10.250.0.102
    If the next-hop is a pair of dual-homed VTEPs in a VLT domain, a workaround is to configure the same anycast gateway IP address on both VTEPs and use this address as the next-hop IP address.
  • VLT peer routing is not supported in a virtual network. A packet destined to the virtual-network peer MAC address L2 switches instead of IP routes. To achieve active-active peer routing in a virtual network, configure the same virtual anycast gateway IP and MAC addresses on both VTEP VLT peers and use the anycast IP as the default gateway on the VMs.
  • Virtual Router Redundancy Protocol (VRRP) is not supported on a virtual-network interface. Configure the virtual anycast gateway IP address to share a single gateway IP address on both VTEP VLT peers and use the anycast IP as default gateway on the VMs.
  • Internet Group Management Protocol (IGMP) and Protocol-Independent Multicast (PIM) are not supported on a virtual-network interface.
  • IP routing of incoming VXLAN encapsulated traffic in the overlay after VXLAN termination is not supported.

The following tables show how to use anycast gateway IP and MAC addresses in a data center with three virtual networks and multiple VTEPs:

  • Globally configure an anycast MAC address for all VTEPs in all virtual networks. For example, if you use three VTEP switches in three virtual networks:
    Table 1. MAC address for all VTEPsMAC address for all VTEPs
    Virtual network VTEP Anycast gateway MAC address
    VNID 11

    VTEP 1

    VTEP 2

    VTEP 3

    00.11.22.33.44.55

    00.11.22.33.44.55

    00.11.22.33.44.55

    VNID 12

    VTEP 1

    VTEP 2

    VTEP 3

    00.11.22.33.44.55

    00.11.22.33.44.55

    00.11.22.33.44.55

    VNID 13

    VTEP 1

    VTEP 2

    VTEP 3

    00.11.22.33.44.55

    00.11.22.33.44.55

    00.11.22.33.44.55

  • Configure a unique IP address on the virtual-network interface on each VTEP across all virtual networks. Configure the same anycast gateway IP address on all VTEPs in a virtual-network subnet. For example:
    Table 2. IP address on the virtual-network interface on each VTEPIP address on the virtual-network interface on each VTEP
    Virtual network VTEP Virtual-network IP address Anycast gateway IP address

    VNID 11

    VTEP 1

    VTEP 2

    VTEP 3

    10.10.1.201

    10.10.1.202

    10.10.1.203

    10.10.1.254

    10.10.1.254

    10.10.1.254

    VNID 12

    VTEP 1

    VTEP 2

    VTEP 3

    10.20.1.201

    10.20.1.202

    10.20.1.203

    10.20.1.254

    10.20.1.254

    10.20.1.254

    VNID 13

    VTEP 1

    VTEP 2

    VTEP 3

    10.30.1.201

    10.30.1.202

    10.30.1.203

    10.30.1.254

    10.30.1.254

    10.30.1.254


Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\