OcNOS SP : Virtual Extensible LAN Guide : VxLAN - Ethernet Virtual Private Network : VxLAN Hybrid Access Port Configuration
VxLAN Hybrid Access Port Configuration
This chapter shows how to configure a hybrid access port which is a Layer 2 Port (configured switchport) that is part of both a VxLAN domain and a Layer 2 bridge with different VLANs.
Overview
A hybrid VxLAN access port is Layer 2 port that is part of regular Layer 2 bridge (RSTP/MSTP/STP) and a VxLAN bridge at the same time. A switch port cannot be a part of VxLAN domain and Layer 2 Bridge if the VxLAN port is created with “port only” mapping. The same VLAN cannot be a part of both a VxLAN domain and a Layer 2 bridge.
If a port is created with “all” VLANS, then the port should not allow VxLAN access-port configurations. If a VxLAN with a specific VLAN is mapped, then configuring VLAN “all” on the same port does not allow that specified VLAN in a Layer 2 bridge. If the VxLAN access-port configurations are removed, then the specified VLAN is added immediately in a Layer 2 bridge.
Ingress traffic with a VxLAN VLAN does not receive Layer 2 traffic or vice-versa. STP states on the Port P1 do not affect VxLAN traffic.
Topology
RTR1/VTEP1
 
#configure terminal
Enter configure mode.
(config)#interface lo
Enter interface mode for loopback.
(config-if)#ip address 10.10.10.10/32 secondary
Assign secondary IP address.
(config-if)#exit
Exit interface mode.
(config)#mac vrf vrf12345
Create mac routing/forwarding instance with vrf12345 name and enter VRF mode.
(config-vrf)#rd 1.1.1.1:1
Assign Rd value.
(config-vrf)#route-target both 10.10.10.10:10
Assign route-target both value.
(config-vrf)#exit
Exit VRF configuration mode.
(config)#bridge 32 protocol ieee vlan-bridge
Configure the ieee vlan-bridge with Id 32.
(config)#vlan 2-5 bridge 32
Configure the vlans 2-5 for the configured bridge Id 32.
(config)#interface ce25/1
Enter interface mode for ce25/1.
(config-if)#ip address 20.20.20.0/31
Assign IP address 20.20.20.0 in /31 mask.
(config-if)#exit
Exit interface mode.
(config)#interface ce25/2
Enter interface mode for ce25/2.
(config-if)#switchport
Make it L2 interface.
(config-if)#bridge-group 32
Associate the bridge-group 32 to the interface.
(config-if)#switchport mode hybrid
Configure the Hybrid mode.
(config-if)# switchport hybrid allowed vlan add 4 egress-tagged enable
Configure hybrid allowed vlan add 4 to support the created vlan in the L2 Bridge.
(config-if)#exit
Exit interface mode.
(config)#interface ce31/1
Enter interface mode for ce31/1.
(config-if)#switchport
Make it L2 interface.
(config-if)#bridge-group 32
Associate the bridge-group 32 to the interface.
(config-if)#switchport mode hybrid
Configure the Hybrid mode.
(config-if)# switchport hybrid allowed vlan add 4 egress-tagged enable
Configure hybrid allowed vlan add 4 to support the created vlan in the L2 Bridge.
(config-if)#exit
Exit interface mode.
(config)#router bgp 64512
Enter BGP router mode.
(config-router)# bgp router-id 1.1.1.1
Assign BGP router ID
(config-router)#neighbor 20.20.20.1 remote-as 64513
Specify a neighbor router with peer ip address and remote-as defined.
(config-router)#address-family ipv4 unicast
Enter into ipv4 unicast address family
(config-router-af)#network 10.10.10.10/32
Advertise loopback network into BGP for VTEP ID reachability
(config-router-af)#exit-address-family
Exit ipv4 unicast address family mode
(config-router)#address-family l2vpn evpn
Enter l2vpn address family mode.
(config-router-af)#neighbor 20.20.20.1 activate
Activate the peer into address family mode.
(config-router-af)#exit-address-family
Exit l2vpn address family mode.
(config-router)#exit
Exit BGP router mode.
(config)# hardware-profile filter vxlan enable
Enable hardware profile for vxlan
(config)#hardware-profile statistics ac-lif enable
Enable ac-lif for VxLAN access-if port counters
(config)#nvo vxlan enable
Enable Vxlan.
(config)#nvo vxlan vtep-ip-global 10.10.10.10
Configure the source Vtep-ip.
(config)#nvo vxlan id 16777215 ingress-replication inner-vid-disabled
Configure Vxlan Network identifier with/without inner-vid-disabled configure and enter Vxlan tenant mode.
(config-nvo)#vxlan host-reachability-protocol evpn-bgp vrf12345
Assign VRF for evpn-bgp to carry evpn route.
(config-nvo)#exit
Exit Vxlan tenant mode.
(config)#nvo vxlan access-if port-vlan ce31/1 3
Enable port-vlan mapping i.e. access port to outer-vlan (SVLAN) mapping.
(config-nvo-acc-if)#map vnid 16777215
Map Vxlan Identifier to access-port.
(config-nvo-acc-if)#exit
Exit Vxlan access-interface mode.
(config)#commit
Commit the candidate configuration to the running configuration
RTR2
 
#configure terminal
Enter configure mode.
(config)#bridge 32 protocol ieee vlan-bridge
Configure the ieee vlan-bridge with Id 32.
(config)#vlan 2-5 bridge 32
Configure the vlans 2-5 for the configured bridge Id 32.
(config)#interface xe17
Enter interface mode for xe17.
(config-if)#ip address 20.20.20.1/31
Assign IP address 20.20.20.1 in /31 mask.
(config-if)#exit
Exit interface mode.
(config)#interface xe18
Enter interface mode for xe18.
(config-if)#switchport
Make it L2 interface .
(config-if)#bridge-group 32
Associate the bridge-group 32 to the interface.
(config-if)#switchport mode hybrid
Configure the Hybrid mode.
(config-if)#switchport hybrid allowed vlan add 4 egress-tagged enable
Configure hybrid allowed vlan add 4 to support the created vlan in the L2 Bridge.
(config-if)#exit
Exit interface mode.
(config)#interface xe33
Enter interface mode for xe33.
(config-if)#ip address 30.30.30.0/31
Assign IP address 30.30.30.0 in /31 mask.
(config-if)#exit
Exit interface mode.
(config)#interface xe34
Enter interface mode for xe34.
(config-if)#switchport
Make it L2 interface.
(config-if)#bridge-group 32
Associate the bridge-group 32 to the interface.
(config-if)#switchport mode hybrid
Configure the Hybrid mode.
(config-if)#switchport hybrid allowed vlan add 4 egress-tagged enable
Configure hybrid allowed vlan add 4 to support the created vlan in the L2 Bridge.
(config-if)#exit
Exit interface mode.
(config)#router bgp 64513
Enter BGP router mode.
(config-router)# bgp router-id 2.2.2.2
Assign BGP router ID
(config-router)#neighbor 20.20.20.0 remote-as 64512
Specify a neighbor router with peer ip address and remote-as defined.
(config-router)#neighbor 30.30.30.1 remote-as 64514
Specify a neighbor router with peer ip address and remote-as defined.
(config-router)#address-family l2vpn evpn
Enter l2vpn address family mode.
(config-router-af)#neighbor 20.20.20.0 activate
Activate the peer into address family mode.
(config-router-af)#neighbor 30.30.30.1 activate
Activate the peer into address family mode.
(config-router-af)#exit-address-family
Exit l2vpn address family mode.
(config-router)#exit
Exit BGP router mode.
(config)#commit
Commit the candidate configuration to the running configuration
RTR3/VTEP2
 
#configure terminal
Enter configure mode.
(config)#interface lo
Enter interface mode for loopback.
(config-if)#ip address 40.40.40.40/32 secondary
Assign secondary IP address.
(config-if)#exit
Exit interface mode.
(config)#mac vrf vrf12345
Create mac routing/forwarding instance with vrf12345 name and enter VRF mode.
(config-vrf)#rd 2.2.2.2:2
Assign Rd value.
(config-vrf)#route-target both 10.10.10.10:10
Assign route-target both value.
(config-vrf)#exit
Exit VRF configuration mode.
(config)#bridge 32 protocol ieee vlan-bridge
Configure the ieee vlan-bridge with Id 32.
(config)#vlan 2-5 bridge 32
Configure the vlans 2-5 for the configured bridge Id 32.
(config)#interface xe 49/1
Enter interface mode for xe49/1.
(config-if)#ip address 30.30.30.1/31
Assign Ip address 30.30.30.1 in /31 mask.
(config-if)#exit
Exit interface mode.
(config)#interface xe49/2
Enter interface mode for xe49/2.
(config-if)#switchport
Make it L2 interface .
(config-if)#bridge-group 32
Associate the bridge-group 32 to the interface.
(config-if)#switchport mode hybrid
Configure the Hybrid mode.
(config-if)#switchport hybrid allowed vlan add 4 egress-tagged enable
Configure hybrid allowed vlan add 4 to support the created vlan in the L2 Bridge.
(config-if)#exit
Exit interface mode.
(config)#interface xe1
Enter interface mode for xe1.
(config-if)#switchport
Make it L2 interface .
(config-if)#bridge-group 32
Associate the bridge-group 32 to the interface.
(config-if)#switchport mode hybrid
Configure the Hybrid mode.
(config-if)#switchport hybrid allowed vlan add 4 egress-tagged enable
Configure hybrid allowed vlan add 4 to support the created vlan in the L2 Bridge.
(config-if)#exit
Exit interface mode.
(config)#router bgp 64514
Enter BGP router mode.
(config-router)# bgp router-id 3.3.3.3
Assign BGP router ID
(config-router)#neighbor 30.30.30.0 remote-as 64513
Specify a neighbor router with peer IP address and remote-as defined.
(config-router)#address-family ipv4 unicast
Enter into ipv4 unicast address family
(config-router-af)#network 40.40.40.40/32
Advertise loopback network into BGP for VTEP ID reachability
(config-router-af)#exit-address-family
Exit ipv4 unicast address family mode
(config-router)#address-family l2vpn evpn
Enter l2vpn address family mode.
(config-router-af)#neighbor 30.30.30.0 activate
Activate the peer into address family mode.
(config-router-af)#exit-address-family
Exit l2vpn address family mode.
(config-router)#exit
Exit BGP router mode.
(config)# hardware-profile filter vxlan enable
Enable hardware profile for vxlan
(config)#hardware-profile statistics ac-lif enable
Enable ac-lif for VxLAN access-if port counters
(config)#nvo vxlan enable
Enable Vxlan.
(config)#nvo vxlan vtep-ip-global 40.40.40.40
Configure the source Vtep-ip.
(config)#nvo vxlan id 16777215 ingress-replication inner-vid-disabled
Configure Vxlan Network identifier with/without inner-vid-disabled configure and enter Vxlan tenant mode.
(config-nvo)#vxlan host-reachability-protocol evpn-bgp vrf12345
Assign VRF for evpn-bgp to carry evpn route.
(config-nvo)#exit
Exit Vxlan tenant mode.
(config)#nvo vxlan access-if port-vlan xe1 3
Enable port-vlan mapping i.e. access port to outer-vlan (SVLAN) mapping.
(config-nvo-acc-if)#map vnid 16777215
Map Vxlan Identifier to access-port.
(config-nvo-acc-if)#exit
Exit Vxlan access-interface mode.
(config)#commit
Commit the candidate configuration to the running configuration
Validation
VTEP1
#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 10.10.10.10
!
nvo vxlan id 16777215 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf12345
!
nvo vxlan access-if port-vlan ce31/1 3
map vnid 16777215
!
 
VTEP1#show nvo vxlan
VxLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
 
VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
_______________________________________________________________________________________________________________________________
16777215 ---- L2 NW ---- ------ ---- ---- 10.10.10.10 40.40.40.40
16777215 ---- -- AC ce31/1 --- Single Homed Port --- 3 ---- ---- ----
Total number of entries are 2
 
 
VTEP1#show nvo vxlan vnid 16777215
VxLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
 
VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
_______________________________________________________________________________________________________________________________
16777215 ---- L2 NW ---- ------ ---- ---- 10.10.10.10 40.40.40.40
16777215 ---- -- AC ce31/1 --- Single Homed Port --- 3 ---- ---- ----
Total number of entries are 2!
 
VTEP1#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
 
IP Route Table for VRF "default"
C 10.10.10.10/32 is directly connected, lo, 01:15:55
C 20.20.20.0/31 is directly connected, xe10/1, 01:07:53
B 40.40.40.40/32 [20/0] via 20.20.20.1, xe10/1, 00:42:54
C 127.0.0.0/8 is directly connected, lo, 1d05h02m
 
Gateway of last resort is not set
 
 
VTEP1#show nvo vxlan tunnel
VxLAN Network tunnel Entries
Source Destination Status Up/Down Update
================================================================================
33.33.33.0 34.34.34.0 Installed 00:26:27 00:26:27
Total number of entries are 1
 
 
VTEP1#show bgp l2vpn evpn summary
BGP router identifier 10.10.10.2, local AS number 64512
BGP table version is 10
2 BGP AS-PATH entries
0 BGP community entries
 
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
20.20.20.1 4 64513 108 109 10 0 0 00:48:14 3 0 2 1 0 0
 
Total number of neighbors 1
 
Total number of Established sessions 1
 
VTEP1#show bgp l2vpn evpn
BGP table version is 4, local router ID is 10.10.10.10
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
 
[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]
1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route
 
Network Next Hop Metric LocPrf Weight Path Peer Encap
 
RD[1.1.1.1:1] VRF[vrf12345]:
* [2]:[0]:[16777215]:[48,0000.0744.4433]:[0]:[16777215]
40.40.40.40 0 100 0 64513 64514 i 20.20.20.1 VxLAN
*> [2]:[0]:[16777215]:[48,0000.2222.2222]:[0]:[16777215]
10.10.10.10 0 100 32768 i ---------- VxLAN
*> [3]:[16777215]:[32,10.10.10.10]
10.10.10.10 0 100 32768 i ---------- VxLAN
* [3]:[16777215]:[32,40.40.40.40]
40.40.40.40 0 100 0 64513 64514 i 20.20.20.1 VxLAN
 
RD[2.2.2.2:2]
*> [2]:[0]:[16777215]:[48,0000.0744.4433]:[0]:[16777215]
40.40.40.40 0 100 0 64513 64514 i 20.20.20.1 VxLAN
*> [3]:[16777215]:[32,40.40.40.40]
40.40.40.40 0 100 0 64513 64514 i 20.20.20.1 VxLAN
 
Total number of prefixes 6
 
VTEP1#show nvo vxlan mac-table
=====================================================================================================================================================
VxLAN MAC Entries
=====================================================================================================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI Type Status AccessPortDesc
_____________________________________________________________________________________________________________________________________________________
 
16777215 ce31/1 3 ---- 0000.2222.2222 10.10.10.10 Dynamic Local ------- -------
16777215 ---- ---- ---- 0000.0744.4433 40.40.40.40 Dynamic Remote ------- -------
 
Total number of entries are : 2
 
VTEP1#show nvo vxlan arp-cache
VxLAN ARP-CACHE Information
===========================
VNID Ip-Addr Mac-Addr Type Age-Out Retries-Left
____________________________________________________________________________
Total number of entries are 0
 
#show vlan brief
Bridge VLAN ID Name State H/W Status Member ports
(u)-Untagged, (t)-Tagged
======= ======= ================ ======= ========== ==========================
32 1 default ACTIVE Success ce25/2(u) ce31/1(u)
32 2 VLAN0002 ACTIVE Success
32 3 VLAN0003 ACTIVE Success
32 4 VLAN0004 ACTIVE Success ce25/2(t) ce31/1(t)
32 5 VLAN0005 ACTIVE Success
 
RTR2
RTR2#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
 
IP Route Table for VRF "default"
B 10.10.10.10/32 [20/0] via 20.20.20.0, xe17, 00:29:48
C 20.20.20.0/31 is directly connected, xe17, 02:33:29
C 30.30.30.0/31 is directly connected, xe33, 02:31:56
B 40.40.40.40/32 [20/0] via 30.30.30.1, xe33, 02:23:26
C 127.0.0.0/8 is directly connected, lo, 21:17:41
 
Gateway of last resort is not set
 
 
RTR2#show bgp l2vpn evpn summary
BGP router identifier 11.11.11.1, local AS number 64513
BGP table version is 10
2 BGP AS-PATH entries
0 BGP community entries
 
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
20.20.20.0 4 64512 111 112 10 0 0 00:49:36 3 0 2 1 0 0
30.30.30.1 4 64514 101 103 10 0 0 00:45:10 3 0 2 1 0 0
 
Total number of neighbors 2
 
Total number of Established sessions 2
 
VTEP2
VTEP2#show running-config nvo vxlan
!
nvo vxlan enable
!
nvo vxlan vtep-ip-global 40.40.40.40
!
nvo vxlan id 16777215 ingress-replication inner-vid-disabled
vxlan host-reachability-protocol evpn-bgp vrf12345
!
nvo vxlan access-if port-vlan xe1 3
map vnid 16777215
!
 
VTEP2#show nvo vxlan
VxLAN Information
=================
Codes: NW - Network Port
AC - Access Port
(u) - Untagged
 
VNID VNI-Name VNI-Type Type Interface ESI VLAN DF-Status Src-Addr Dst-Addr
_______________________________________________________________________________________________________________________________
16777215 ---- L2 NW ---- ------ ---- ---- 40.40.40.40 10.10.10.10
16777215 ---- -- AC xe1 --- Single Homed Port --- 3 ---- ---- ----
Total number of entries are 2
 
VTEP2#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
 
IP Route Table for VRF "default"
B 10.10.10.10/32 [20/0] via 30.30.30.0, xe11/1, 00:27:32
C 30.30.30.0/31 is directly connected, xe11/1, 00:30:00
C 40.40.40.40/32 is directly connected, lo, 00:31:00
C 127.0.0.0/8 is directly connected, lo, 06:25:00
 
Gateway of last resort is not set
 
 
VTEP2#show nvo vxlan tunnel
VxLAN Network tunnel Entries
Source Destination Status Up/Down Update
====================================================================================
40.40.40.40 10.10.10.10 Installed 00:14:40 00:14:40
Total number of entries are 1
 
 
VTEP2#show bgp l2vpn evpn summary
BGP router identifier 33.33.33.33, local AS number 64514
BGP table version is 8
2 BGP AS-PATH entries
0 BGP community entries
 
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd AD MACIP MCAST ESI PREFIX-ROUTE
30.30.30.0 4 64513 267 270 8 0 0 02:09:07 2 0 1 1 0 0
 
Total number of neighbors 1
 
Total number of Established sessions 1
 
 
VTEP2#show bgp l2vpn evpn
BGP table version is 8, local router ID is 40.40.40.40
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
 
[EVPN route type]:[ESI]:[VNID]:[relevent route informantion]
1 - Ethernet Auto-discovery Route
2 - MAC/IP Route
3 - Inclusive Multicast Route
4 - Ethernet Segment Route
5 - Prefix Route
 
Network Next Hop Metric LocPrf Weight Path Peer Encap
 
RD[1.1.1.1:1]
*> [2]:[0]:[16777215]:[48,0000.2222.2222]:[0]:[16777215]
10.10.10.10 0 100 0 64513 64512 i 30.30.30.0 VxLAN
*> [3]:[16777215]:[32,10.10.10.10]
10.10.10.10 0 100 0 64513 64512 i 30.30.30.0 VxLAN
 
RD[2.2.2.2:2] VRF[vrf12345]:
*> [2]:[0]:[16777215]:[48,0000.0744.4433]:[0]:[16777215]
40.40.40.40 0 100 32768 i ---------- VxLAN
* [2]:[0]:[16777215]:[48,0000.2222.2222]:[0]:[16777215]
10.10.10.10 0 100 0 64513 64512 i 30.30.30.0 VxLAN
* [3]:[16777215]:[32,10.10.10.10]
10.10.10.10 0 100 0 64513 64512 i 30.30.30.0 VxLAN
*> [3]:[16777215]:[32,40.40.40.40]
40.40.40.40 0 100 32768 i ---------- VxLAN
 
Total number of prefixes 6
 
 
VTEP2#show nvo vxlan mac-table
=====================================================================================================================================================
VxLAN MAC Entries
=====================================================================================================================================================
VNID Interface VlanId Inner-VlanId Mac-Addr VTEP-Ip/ESI Type Status AccessPortDesc
_____________________________________________________________________________________________________________________________________________________
 
16777215 ---- ---- ---- 0000.2222.2222 10.10.10.10 Dynamic Remote ------- -------
16777215 xe1 3 ---- 0000.0744.4433 40.40.40.40 Dynamic Local ------- -------
 
Total number of entries are : 2
 
 
VTEP2#show vlan brief
Bridge VLAN ID Name State H/W Status Member ports
(u)-Untagged, (t)-Tagged
======= ======= ================ ======= ========== ==========================
32 1 default ACTIVE Success xe1(u) xe49/2(u)
32 2 VLAN0002 ACTIVE Success
32 3 VLAN0003 ACTIVE Success
32 4 VLAN0004 ACTIVE Success xe1(t) xe49/2(t)
32 5 VLAN0005 ACTIVE Success
 
VTEP2#