This article describes briefly what is required to deploy overlay networks with VXLAN, but we assume a good understanding of the VXLAN fundamentals.
To achieve such VXLAN deployments, multiple options exist, from simple but manual, to fully automated service chaining (orchestration) at the cost of having to also set a Cloud Management Platform or a network virtualization controler
This article focuses on an easy option that is a good balance between simplicity of operation (automation), and simplicity of setting up (script ready to go)
2) Working towards automation: it is an evolution
This article is not providing a production-ready solution, but illustrates the EAPI’s ease of use in deployment automation.
A complex full-fledge controller/orchestrator solution might be complex to implement and maintain for some people. This script present a stepping stone towards higher efficiency. Breaking down in more manageable steps your evolution towards a fully orchestrated solution, your get the chance to benefit from incremental gains right form the beginning, and improve it over time, rather than a big bang approach. Tries and errors are often a healthy course or robust progress. Seldom people got their orchestration and Cloud up and ready at the first time.
3) Deployment methods
There is a choice of different options to deploy new VXLAN overlay networks, for tenants or internal customers.
- Static configuration with manual CLI
- Scripted configuration with EAPI: the script is dynamic or manual, implements static configurations with EAPI
- Semi-automated : some configuration defining new overlay neworks is static with manual command, control-plane (learning) is done automatically (synchronization)
- Fully automated: all the new overlay networks are provisioned by the Cloud Management Platform (orchestrator) or network virtualisation controllers
This article focuses on the 2nd option, having the benefit of:
- Requiring no external controller, orchestrator, or synchronization service
- Automation removes manual implementation on the network devices
4) Deployment elements
Basic configuration must be present for any VXLAN implementation, such as:
- Network connectivity for the underlay (IP routing ideally, for scaling)
- Loopback used for the VTEP IP address. This is called the VTI
- Interface VXLAN configured on the VTEP (that enables VXLAN)
- EAPI management configured for remote access by HTTP/HTTPS structured JSON.
These are VXLAN fundamentals, refer to VXLAN documentation for more explanations.
For any new overlay network required, the script will then configure on all the VTEPs of your choice:
- VLAN to VNI mapping
- Flood-list (HER) to all the other VTEPs
What this script does not do:
- Assign a VLAN to an access or trunk port.
- This requires someone or something to decide. It could be automated/fed from a simple excel spreadsheet, MAC address or LLDP host discovery (out of scope of this article)
5) EAPI Script
Other articles introduce EAPI, this section assume some fundamental understanding of EAPI and concentrates on the VXLAN application instead.
The largest part of the script is the disclaimer/help, then the arguments handling.
The actual VXLAN scripting is relatively small
5.1) Arguments handling
The whole point of the script is to make it user-friendly and machine-friendly, so it can be passed arguments:
‘-d’, or ‘–debug’ are used to print debug information, useful for verifications
‘-v’, or ‘–vlan’ is assigning a VLAN ID between 1 and 4094. Examples: -v 100 , or –vlan 100
‘-n’, or ‘–vni’ is mapping VNI to the VLAN specified. Examples: -n 100100, or –vni 100100
‘-u’, or ‘–unconf’ is used to remove the configuration specified. It will remove any existing VLAN, VLAN-to-VNI mapping, and flood list. Removals are part of normal operations. This is also very useful while testing the script, especially at scale, to avoid having to remove test/dummy configs on many networks nodes.
‘-i’, or ‘–ip’ is a list of IP addresses in a quoted string format. Examples: -i “184.108.40.206 220.127.116.11 18.104.22.168”, or -ip “22.214.171.124 126.96.36.199 188.8.131.52”
Examples of full command lines:
./buildVlanVni.py -v 102 -i "184.108.40.206 220.127.116.11 18.104.22.168" -n 102102 ./buildVlanVni.py -d -v 102 -i "22.214.171.124 126.96.36.199 188.8.131.52" -n 102102 -u
5.2) VXLAN configuration
Note: I am not a python expert
iplist is a list of all the IP addresses
iplist = hosts.split()
It is not necessary to set a flood list to self, so for each VTEP, a list of “other” VTEPs is built, representing all the VTEPs except self.
otherip = copy.copy(iplist) otherip.remove(ip) others = ' '.join(otherip)
In the EAPI switch.runCmds(), the following commands are sent
Create a VLAN or remove it (depending on -u/-unconfig argument, the variable “negate” has a value of ‘no’ or ” (nil))
'%s vlan %d' % ( negate, vlan ),
Enter the VXLAN configuration:
Create the VLAN-to-VNI mapping:
'%s vxlan vlan %d vni %d' % ( negate, vlan, vni ),
Create a flood-list (HER) for that VLAN/VNI towards all the “other” VTEPs
'%s vxlan vlan %d flood vtep %s' % ( negate, vlan, others ) ] )
5.3) Example of resulting configuration
./buildVlanVni.py -v 102 -i "184.108.40.206 220.127.116.11 18.104.22.168" -n 102102
Resulting configuration applied on VTEP 22.214.171.124:
config vlan 102 interface Vxlan1 vxlan vlan 102 vni 102102 vxlan vlan 102 flood vtep 126.96.36.199 188.8.131.52
Resulting configuration applied on VTEP 184.108.40.206:
config vlan 102 interface Vxlan1 vxlan vlan 102 vni 102102 vxlan vlan 102 flood vtep 220.127.116.11 18.104.22.168
Resulting configuration applied on VTEP 22.214.171.124:
config vlan 102 interface Vxlan1 vxlan vlan 102 vni 102102 vxlan vlan 102 flood vtep 126.96.36.199 188.8.131.52
The script can be downloaded at: