Posted on October 10, 2014 1:18 pm
 |  Asked by Victor
 |  6491 views
RESOLVED
-1
0
Print Friendly, PDF & Email

Hi,

 

I was able to setup Vxlan between Host1 and Host2 which are in Vlan 600 subnet 172.16.1.0/24. Host1 and Host2 are able to reach each other via Vxlan. However, I want to know how do I setup the routing to external hosts outside the 172.16.1.0/24 subnet? Below are the configs for both VTEPS. VTEP1 switch has a network 160.144.1.1/24 that Host2 is trying to reach. Thank you

VTEP1 (Switch1):
spanning-tree mode mstp
 !
 no aaa root
 !
 vlan 492,600
 !
 interface Port-Channel2000
 no switchport
 ip address 188.188.26.1/24
 !
 interface Ethernet1
 no switchport
 ip address 188.188.11.2/24
 !
 interface Ethernet2
 no switchport
 ip address 188.188.13.2/24
 !
 interface Ethernet3
 no switchport
 channel-group 2000 mode active
 !
 interface Ethernet4
 no switchport
 channel-group 2000 mode active
 !
 interface Ethernet5
 switchport access vlan 600
 !
 interface Ethernet6
 !
 interface Ethernet7
 !
 interface Loopback0
 ip address 11.0.0.1/24
 !
 interface Management1
 !
 interface Vlan492
 no autostate
 ip address 160.144.1.1/24
 !
 interface Vxlan1
 vxlan source-interface Loopback0
 vxlan vlan 600 flood vtep 14.0.0.1
 vxlan udp-port 4789
 vxlan vlan 600 vni 100600
 !
 ip routing
 !
 router bgp 65534
 bgp log-neighbor-changes
 maximum-paths 16 ecmp 16
 neighbor 188.188.11.1 remote-as 64512
 neighbor 188.188.11.1 maximum-routes 12000
 neighbor 188.188.13.1 remote-as 64512
 neighbor 188.188.13.1 maximum-routes 12000
 neighbor 188.188.26.1 next-hop-self
 neighbor 188.188.26.1 maximum-routes 12000
 neighbor 188.188.26.2 remote-as 65534
 neighbor 188.188.26.2 maximum-routes 12000
 network 11.0.0.0/24
 network 100.100.100.0/24

 

VTEP2 (Switch2):
spanning-tree mode mstp
 !
 no aaa root
 !
 vlan 600
 !
 interface Ethernet1
 no switchport
 ip address 188.188.16.2/24
 !
 interface Ethernet2
 no switchport
 ip address 188.188.18.2/24
 !
 interface Ethernet3
 no switchport
 !
 interface Ethernet4
 no switchport
 !
 interface Ethernet5
 switchport access vlan 600
 !
 interface Ethernet6
 !
 interface Loopback0
 ip address 14.0.0.1/24
 !
 interface Management1
 !
 interface Vxlan1
 vxlan source-interface Loopback0
 vxlan vlan 600 flood vtep 11.0.0.1
 vxlan udp-port 4789
 vxlan vlan 600 vni 100600
 !
 ip routing
 !
 router bgp 65535
 bgp log-neighbor-changes
 maximum-paths 16 ecmp 16
 neighbor 188.188.16.1 remote-as 64512
 neighbor 188.188.16.1 maximum-routes 12000
 neighbor 188.188.18.1 remote-as 64512
 neighbor 188.188.18.1 maximum-routes 12000
 network 14.0.0.0/24

 

0
Posted by Alexis Dacquay
Answered on October 14, 2014 4:14 pm

Hello Victor,

Consider the routing requirement for a standard Layer2 domain: the hosts would need a default gateway (DGW). When destining traffic to remote subnets, the hosts would send traffic to their DGW. The DGW would process packets for routing (inter-SVI, or outbound routing).

This is exactly the same for VNIs.
You need to think about your L2/L3 design, in particular where you want to operate routing: on the top of the rack, on dedicated units, on your existing WAN edge, etc. Each option has got its own advantages in term of scaling and flexibility.

Once you have chosen your default gateway:

  • if the device understands VXLAN, and can terminate VXLAN to retrieve the original L2 traffic, then you could run VXLAN + routing. Routing in this case can be extended to ”VXLAN routing”, since it involves not only routing IP packets, but also decapsulating VXLAN, routing, then re-encapsulating in VXLAN…. A bit like inter-SVI (that’s just routing), but inter-VNI in this case (that’s VXLAN-routing).
  • if the device you want to route has no VXLAN capability, then you must ensure that traffic from the VNI reaches it as Layer2 only, by being decapsulated before end by a VTEP.

In your config examples, if you want to route on the VTEP, and depending on the platform (some might not yet do VXLAN routing at the same time as VXLAN bridging, although it should come shortly for all), then you could simply configure the SVI 600 for the VLAN 600.
Example:

!

interface Vlan600
  ip address 160.160.160.1/24

!

You would probably want to additionally configure vARP or VRRP

Regards,
Alexis

Post your Answer

You must be logged in to post an answer.