Home / Datacenter / Enabling VXLAN in Cisco Nexus 1000v

Enabling VXLAN in Cisco Nexus 1000v

Today I am going to talk about the configuration or enabling the VXLAN in Cisco Nexus 1000v router. Before we start with the configuration, first we need to understand exactly about the VXLAN.

About VXLAN
Since the VLAN ID field in a frame is only 12 bits, it limits the number of VLANS to 4,096 with some reserved. The VXLAN feature introduces a 24-bit ID field, which scales the possibilities to include a potential of 16 million different LAN segments. This is similar to the transition from IPv4 to IPv6.

With VXLAN transport, the initial Layer 2 (L2) frame is encapsulated in a Layer 3 (L3) packet. The destination then de-encapsulates the packet and sends the frame based on the destination Media Access Control (MAC) address that is contained within. 

This allows segmented traffic on a current infrastructure and allows networks to mirror L2 domains across data centers. Also, it enables enhancements such as cross data center vMotions.

Use of the VXLAN technology is practical in environments that require you to scale and provide infrastructures for customers. A good example of this is the VMware vCloud Director, where providers deploy resources for their customers. 

Fig 1.1-VXLAN
This includes computer resources from servers, networking resources that utilize VMware networking, or Cisco networking powered by the N1kV. 

A provider uses VLANs as the transport mechanism for the tenant VXLANs. Without VXLAN, tenants are given their own VLAN, which can scale up to the 4,096 limits quickly. Each tenant can now be assigned a VXLAN and can utilize the infrastructure VLANs for transport. This is scalable and still segmented.

VXLAN Modes: There are two different VXLAN modes and these modes are as below

Multicast Mode
Each VXLAN has an assigned multicast group-IP. When a VM joins the VXLAN, the Virtual Ethernet Module (VEM) sends IGMP-Join requests to the assigned group. Broadcast, multicast, and flood traffic is sent to all VTEPs; unicast traffic is sent to the destination VTEP.

Unicast Mode
For broadcast, multicast, and unknown unicast frames, each VXLAN sends traffic to the destination IP address of each VTEP that houses a VM in the same VXLAN. If more than one VTEP exists, only one of the VTEPs is chosen to receive the flood traffic, which is similar to a designated broadcast receiver on the Cisco Unified Computing System (UCS). The VEMs then use the IP address as the destination VTEP for encapsulation.

With Unicast mode, there is also a MAC Distribution feature. With this feature, the VSM learns all of the MAC addresses from all of the VEMs and maps them to the designated VTEP. Flooding and replication are eliminated because the VEM always knows the destination VTEP for the specific destination VM.

Enable the VXLAN Feature
Nexus1000v# conf t 
Enter configuration commands, one per line. End with CNTL/Z.
Nexus1000v(config)# feature segmentation

Verify that the Feature is Enabled
Nexus1000v(config)# show feature | grep segmentation
network-segmentation  1        disabled
segmentation          1         enabled

Configure the Default Mode
Nexus1000v(config)# no segment mode unicast-only
Nexus1000v# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Nexus1000v(config)# port-profile type vethernet VTEP
Nexus1000v(config-port-prof) # vmware port-group
Nexus1000v(config-port-prof) # switchport mode access
Nexus1000v(config-port-prof) # switchport access vlan 168
Nexus1000v(config-port-prof) # capability vxlan
Nexus1000v(config-port-prof) # no shutdown
Nexus1000v(config-port-prof) # state enabled

Create the Bridge Domain
Nexus1000v# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Nexus1000v(config)# bridge-domain 192.168.1.x
Nexus1000v(config-bd) # segment id 5000
Nexus1000v(config-bd) # group 239.1.1.1

Create the VXLAN Port-Profile for VMs
Nexus1000v# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Nexus1000v(config)# port-profile type vethernet vxlan-192.168.1.x
Nexus1000v(config-port-prof) # vmware port-group
Nexus1000v(config-port-prof) # switchport mode access
Nexus1000v(config-port-prof) # switchport access bridge-domain 192.168.1.x
Nexus1000v(config-port-prof) # no shutdown
Nexus1000v(config-port-prof) # state enabled

Switch to Unicast Mode
Nexus1000v# conf t
Enter configuration commands, one per line. End with CNTL/Z.
Nexus1000v(config)# bridge-domain 192.168.1.x
Nexus1000v(config-bd) # segment mode unicast-only

Verify the Unicast Bridge Domain
Nexus1000v# show bridge-domain 192.168.1.x
Bridge-domain 192.168.1.x (2 ports in all)
Segment ID: 5000 (Manual/Active)
Mode: Unicast-only (override)
MAC Distribution: Disable
Group IP: 239.1.1.1
State: UP               
Mac learning: Enabled
Veth18, Veth19