Fabulous series, concise and to the point. Exactly the right style of presentation, no fluff to wade through and all concepts explained to just the right level of detail with minimum repetition. I'll be referring back to this series a lot in future!
Really enjoy how you go through all the configuration for both switches with explanations for the commands. Makes it easy to follow along while configuring it yourself.
Watched all 6 videos, very good work. Have made notes for each video. Can see the hardwork to put these videos together that explain VXLAN un best possible way.
I agree with Dan Le words: the BEST explanation I see so far about VXLAN. Also generally the best technical video explanation I had the luck to watch. Thanks a Lot!!!!
Thanks very much. You broke down the technology I have been fighting with myself to understand. You walked me over the water to cross the pond of VXLAN :-)
Your explanation is crisp and superb. I am learning VxLAN first time and it seems closely related to traditional L2, L3 VLAN with several new added feature such as Anycast and improved MAC/ARP learning. Thanks for your video
It is very helpful and simply described for beginners with VXLAN. I work since two weeks on VXLAN, I thought it was complicated, but with your videos, all will be clear for me in the evening when I watched the VXLAN series videos. Thank you very much !!!!!!!!!!!!! ;)
Pretty good series and a kick start for anyone who is new into VXLANs. Two things worth mentioning. First if you are running a VPC between your Nexus switches you need to add a secondary IP address to your loopback0 interface, the IP is the same for both devices and will be shared if they need to communicate to other nve peers. Your VPC will fail due to consistency reasons otherwise. Second and not so important, show nve peers will have empty output until there is bidirectional traffic.
Absolutely loved this series, we will likely be deploying vxlan in the data center this year and the way you've demonstrated it and explained it answered a few questions I had about it. Whilst the configuration is slightly complex using evpn, it's significantly less complex than our current data center network design. VXLAN actually seems to simplify things a lot. Would love to see more videos around services connected to your VTEPs like firewalls, load balancers, edge routers etc for external connectivity.
Thanks Jarryd, There's not much that's special with external devices like firewalls, etc. They are just connected like any other host. Is there something specific that you were thinking of?
@@NetworkDirection I'm currently about to go through a DC refresh, multi site, multihomed to two different transit providers, two pairs of load balancers and two pairs of firewalls and one pair of VPN concentrators, some vendors Suggest you connect services to the spine, others suggest you connect them to a single 'services vtep' others suggest uplinking them to two services VTEPs for redundancy etc, every vendor seems to do something different. I guess I was after a real world example, my thought process was uplink them to two VTEPs for the resiliency and treat them like any other host, which I assume is what your recommendation would be too. Further to that, we're a multi site design and we want to avoid a super spine layer for now, but is the best practice to link sites via a pair of "border leafs"? Because another vendor other than Cisco recommends doing DCI's on the spine.
Very good content, it's clear and well explained even for a non-native English speakers. I also loved the introduction video (I'll probably re-watch arrested development tonight ;-) ). Thanks for your great work.
You're very welcome. There wasn't enough intro information on this when I was looking, which is why I created this series. It's good to hear that it's helping.
Thank you for explaining how Cisco does VXLAN. I had just about understood VMware NSX so this was really useful. Lots of new terms to use and I'll need to read more to get it straight in my head.
I am looking at video minute 9:38 and Now I got lost, why do you use vlan 101 If it´s not in your layout? Where this VLAN 101 comes from and what for used? As far as I see, there is only vlan 1000, vlan 900 and Vlan 1001. Please explain me the reason for using vlan 101?
Fantastic series, I've learned both the leaf/spine concept which several other videos failed in doing, and VxLAN! The first 4 videos were excellently paced and pedagogical, but the last 2 kind of sped up and got too much in too short time with less room left for explanation. Kind of almost threw me off there but I managed to understand most of it. If you ever redo the recordings, please revise/extend the last 2 :)
I absolutely agree with this entire post. What I had to do was slow down the recording to 75%. It was a little inconvenient, but it allowed me to keep up.
not so fantastic as it lacks precise explanation. If you understood it clearly, please explain why there are VNIs 5000 and 5005 in parallel to L3VNI 900001?
@@atexnik Initially its very difficult to understand but its like VLAN and SVI concept... Here 5000 and 5005 are L2 VNI and to make them communicate we need a L3 VNI which is 900001.. Similarly for Tenant-2 we don't need a L3VI which is 900002 just L2VNI 6000 should be sufficient.. Correct me if I am wrong.
A very well explained and precise video series on VxLan. It will be great if another video of multi-site (inter data center) can be added so it will provide more insight for data centers migration.
Thanks for your explanations, examples and quick replies on comments. I would also like to put another request in for EVPN from you. Another request would be for how this underlay/overlay environment compares to Cisco ACI. I saw some of those queries in some of the others videos in this series. Thanks for series! Well done!
Thanks for the great tutorial on VXLAN. I have a question about the network diagram. In the beginning, the host on vlan 1001 has an ip of 192.168.10.20/24. At 11:23, the host IP change to 192.168.0.20/24. Is that a typo? I am trying to following along your tutorial from GNS3.
Perfect series. Thanks a lot!. I know there is lot of information specially in this video. I need to see this particular part atleast 3 times more to absorb it properly :)
Thanks for the video. Did we really need to add VLAN 1000/VNI 5000 to Switch02 (since there are no servers on that VLAN on that switch) or VLAN 1001/VNI 5005 to Switch01? My understanding is that when we're using "Symmetric IRBs" (that is, using a L3 VNI to route between the L2 VNIs), then we don't need to have all the L2 VNIs on all the VTEPs and that resolves scaling issues.
Your explanation is very fantastic, easy to understand. May i have question to you that why you need anycast "fabric forwarding anycast-gateway-mac" while in the NVE you have set ingress-replication protocol bgp ? I hope i could have advise from you. thanks
ingress replication is how the VTEPs handle BUM traffic. The anycast gateway is so clients can use the local switch as their default gateway, regardless where in the fabric they are.
Great series, i am sure you heard this before. My questions is, why there are no more content? we need ACI content, overlay security architecture examples and many more
Within L3VNI 90001 (separated VRF for this L3VNI): Would you please elaborate the steps involved with Hosts in VNI-L2-Domain-5000 to communicate with Hosts in VNI-L2-Domain-5005? How they use the Distributed AnyCast Gateways and L3VNI? Also, steps involve when Host in L3VNI 9001 to communicate with Host in L3VNI 900002? Thanks, Dan
The L3VNI uses a VRF. This makes it a tenant boundary, like VRF's in an MPLS L3VPN. Hosts in one L3VNI will not be able to communicate with a host in another L3VNI, unless you enable route leaking (route-target import/export) or use an external router. Hosts within the same L3VNI, but in different L2VNI's are separated in the same way that VLANs separate hosts. Each L2VNI can have a subnet, and they are in the same routing table. This means that the switch can perform the routing natively. An L2VNI will have an IP address that's the same on each switch in the fabric. The host uses this IP as the default gateway. As all switches have the same IP, they become anycast gateways, as any of them can respond to first-hop requests. Does that help?
L3VNI: If I have multiple VRFs/VIN-Domains within the VxLAN fabric, I need to perform L3VNI's route leaking (route-target import/export) - correct? (I think I got this part right n from your reply). But to communicate with External networks: the L3VNI of one VRF/VNI-Domain needs to exchange EBGP with external routers - correct? (I also think I got this part right from your reply) L2VNI: So the Distributed AnyCast Gateway is the L2VNI-IP-Address for each L2VNI-bridge-domain (similar as a SVI for a VLAN) - correct? L2VNI: Hosts within the same L3VNI, but in different L2VNI's are separated in the same way that VLANs separate hosts: The VxLAN perform ROUTING between L2VNI's using the "Distributed AnyCast Gateway IP addresses of each L2VNI-bridge-domain (similar as ROUTING between SVIs for different VLANs) - correct? L2VNI: Can I have different subnets in a L2VNI? Thanks, Dan
Yes, different L3VNI's are separate routing tables, so you need route leaking or an external router to communicate between them. To access an external network, you need to peer with an external router too. This might be with BGP, or an IGP with route redistribution. Yes, the Anycast Gateway is much like an SVI for a VLAN. The difference is that the same IP is used on all switches. Yes, VXLAN (L2VNI) is like enhanced VLANs. BGP can route between L2VNI's. If you are not using BGP/Control plane learning (that is, if you're using flood and learn), then you need an external router to handle routing. You could, in the same way that you could have different subnets in a VLAN. It's not recommended though.
Fantastic, I have only had one doubt, Supress ARP is configured in order not to flood the local switch, but if the consumption of said traffic is only local, is suppress ARP necessary? Is Supress ARP a necessity when we talk about CP ??
07:40 - vlan101 / interface vlan101 -- what exactly do these do? "vlan101" is configured with L3VNI 900001 and "interface vlan101" is configured with VRF-Tenant1. But then the VRF config already mentions 900001. What is the significance of this number 101? Is it carried on the wire anywhere?
It's been a while since I made this, but I'm pretty sure that was the anycast gateway for the tenant This becomes the default gateway for devices in this tenancy (VRF)
Thanks a lot for sharing, very clear and useful for those who have learned VxLAN with another vendor. Do you have any example of interop Cisco-Juniper?
Thank you for sharing, enjoyed a learned a lot in a more simplified context. Wondering if you are having a written blog about this or some other relevant VXLAN and ACI somewhere? if yes please share a link to it.
the best explanation and demonstration about VXLAN on TH-cam. I am learning VXLAN from SD-Access perspective. So, the control plane is LISP in case of SD-Access instead of BGP(Of course there are other differences as well from the Data Center, including the physical topology), which I am not concerned right now. I want to know the data plane flow compared with dot1q and MPLS encapsulations. I wish I can share some images. So, I want to know if my summary below is accurate: VRF maps to L3 VNI VLAN maps to L2 VNI Also, why do you create VLANs 101 and 102 which are not in your topology or design? Thank you,
I recommend: networkdirection.net/VxLAN+EVPN+Configuration The book (affiliate): click.linksynergy.com/link?id=RL4E*8CmbSY&offerid=145238.2463561&type=2&murl=http%3A%2F%2Fwww.ciscopress.com%2Ftitle%2F9781587144677
Great videos to watch!!! Can you please share the differences for configuring this in juniper boxes like QFX10k or ACX7k. Also if possible please make a video on that. Just out of box if you could please make a video series on evpn-mpls would love to view it.
Gday mate great series - no longer have access to Cisco kit just Cumulus - How does anycast play with next hop devices like Firewalls? Guessing via an exit leaf should be all sweet - looking forward to more - JB.Sydney
Yeah, a border leaf is exactly right. It goes a bit beyond what we've covered in this series though. Basically, anycast gateway is used as a first hop for hosts connected to the fabric. The switches will then need a route to the next hop. You can put this straight into BGP, or redistribute it in through some other means
Excellent video, it helped me a lot, thank you a lot, this was extrmely easy to understand this time if I compare this to the training I was provided in my job haha. BTW at the end for tenant 2 I have the feeling you forgot to add the VRF for tenant 2 under BGP process. Maybe I missed I dont know but looks like working at the end :)
I think he just messed up a lot in this config. It doesn't match the diagram. I also don't understand why there are VNI 5000/5005 in addition to L3VNI 900001?
Hello, Thank you very much for your videos. however I am a little lost concerning the configuration which does not correspond to the proposed diagram. Where is the svi 101 on the shema? the VNI 5000 and VNI 5005 must be created on the 2 switches? Why create interface 1001 on the 2 switches when on the shema it is only on the right switch? why create the 1000 interface on the 2 switches while on the shema it is only on the left switch? you type the swichtport access vlan 1000 command on the 2 switches then on the shema the vlan 1000 is only on the left switch ds the et1 / 1. (not present on the right switch) on the site, I cannot click on the configuration of the right switch thank you for your reply
Love your videos. Concise and to the point. However, in regards to a special circumstance where I dont necessarily think I need a Tenant because I will be leaking routes between the tenant vrf and default. Is there a way to configure this without the tenant so I can simplify my design and not have to route leak?
You have to be careful with mixing tenant traffic in the underlay (global routing table). If you're doing it to access a shared service, such as the internet, then consider adding a firewall to a border leaf. The firewall can have an interface (or subinterface) in each tenancy, and a shared 'outside' interface connected to the internet. This way, you still secure the boundary where your traffic mixes.
I would consider using a different VRF for the underlay routing, and connecting your firewall to a leaf. The firewall can aggregate the traffic from the overlay to the other parts of the network (internet, WAN, etc) in global.
I would consider using a different VRF for the underlay routing, and connecting your firewall to a leaf. The firewall can aggregate the traffic from the overlay to the other parts of the network (internet, WAN, etc) in global.
I would consider using a different VRF for the underlay routing, and connecting your firewall to a leaf. The firewall can aggregate the traffic from the overlay to the other parts of the network (internet, WAN, etc) in global.
Very well explained. Would request if you can share the configs shown here as well, This will help to lab it and do it self. Even suggest the iOS version being used here. Having the command shown here will be helpful to match and correct wherever required.
Great Series, many thanks to share! I have a doubt, can I do VxLAN with bgp evpn on cisco nx77k and nx22k fex? nx77k on the spine and nx22k leaf. The big question would be if the FEX do point-to-point l3 and bgp links?
Hi! Thanks for this informative series. I have a question - let's assume on your network example that we do not have a e1/1 and e1/2 pointing toward a server but we have only e1/1 pointing to a standard, L2 ethernet switch capable of doing vlans. How should configuration of e1/1 look then to transport vlan 1000 between two Nexus N9K e1/1 further to switches capable of doing simple L2 vlan? Thanks in advance.
Fabulous series, concise and to the point. Exactly the right style of presentation, no fluff to wade through and all concepts explained to just the right level of detail with minimum repetition. I'll be referring back to this series a lot in future!
Wow. After Part 6 I now know why people goes ACI to overcome this configuration efford. Thanks for this deep look inside.
Really enjoy how you go through all the configuration for both switches with explanations for the commands. Makes it easy to follow along while configuring it yourself.
I was looking for tutorial to understand VxLAN and this is the best video series I found so far to understand VxLAN with lab.
Glad to hear that!
Outstanding series on VXLAN. The depth, width and clarity of topics is outstanding....
Thanks Nischal!
Watched all 6 videos, very good work. Have made notes for each video. Can see the hardwork to put these videos together that explain VXLAN un best possible way.
Glad you like them!
BEST explanation I see so far about VXLAN. Very good Technique. you are talented
Thanks!
I agree with Dan Le words: the BEST explanation I see so far about VXLAN. Also generally the best technical video explanation I had the luck to watch. Thanks a Lot!!!!
You're most welcome :)
Thanks for the great feedback, this is really encouraging
I bookmarked these videos as a reference guide. Indeed it's an excellent video series on evpn
Thanks Karthikeyan! It's good to hear you say that!
We implemented ACI about 2 years ago but having a review on the capabilities is very enlightening. Who possibly thinks up this stuff? Genius
.
Thanks very much. You broke down the technology I have been fighting with myself to understand. You walked me over the water to cross the pond of VXLAN :-)
You're very welcome
Your explanation is crisp and superb. I am learning VxLAN first time and it seems closely related to traditional L2, L3 VLAN with several new added feature such as Anycast and improved MAC/ARP learning. Thanks for your video
It is very helpful and simply described for beginners with VXLAN. I work since two weeks on VXLAN, I thought it was complicated, but with your videos, all will be clear for me in the evening when I watched the VXLAN series videos. Thank you very much !!!!!!!!!!!!! ;)
Pretty good series and a kick start for anyone who is new into VXLANs. Two things worth mentioning. First if you are running a VPC between your Nexus switches you need to add a secondary IP address to your loopback0 interface, the IP is the same for both devices and will be shared if they need to communicate to other nve peers. Your VPC will fail due to consistency reasons otherwise. Second and not so important, show nve peers will have empty output until there is bidirectional traffic.
That's a good point Krasimir. vPC does add a whole new spin on it
Great Educational Videos on VXLAN . Clear & Well explained . Thank you.
Brilliant...I have to say, very nicely put together and crisply explained....Thank you so very much
Thanks!
PERFECT , NEVER SEEN ANYONE DESCRIBED VXLAN BETTER THAN IN THIS SERIES A+++
And A+++ to you for watching!
Superb series. Simple but great tutorial. Thank you so much.
Glad to hear this has been helpful :)
Absolutely loved this series, we will likely be deploying vxlan in the data center this year and the way you've demonstrated it and explained it answered a few questions I had about it. Whilst the configuration is slightly complex using evpn, it's significantly less complex than our current data center network design. VXLAN actually seems to simplify things a lot.
Would love to see more videos around services connected to your VTEPs like firewalls, load balancers, edge routers etc for external connectivity.
Thanks Jarryd,
There's not much that's special with external devices like firewalls, etc. They are just connected like any other host.
Is there something specific that you were thinking of?
@@NetworkDirection I'm currently about to go through a DC refresh, multi site, multihomed to two different transit providers, two pairs of load balancers and two pairs of firewalls and one pair of VPN concentrators, some vendors Suggest you connect services to the spine, others suggest you connect them to a single 'services vtep' others suggest uplinking them to two services VTEPs for redundancy etc, every vendor seems to do something different. I guess I was after a real world example, my thought process was uplink them to two VTEPs for the resiliency and treat them like any other host, which I assume is what your recommendation would be too.
Further to that, we're a multi site design and we want to avoid a super spine layer for now, but is the best practice to link sites via a pair of "border leafs"? Because another vendor other than Cisco recommends doing DCI's on the spine.
thank you for these series. I understood finally, the diff. between the terminology and more important, the diff between DP learning and CP learning!
Really good to hear that this is helping you!
Excellent video series on VXLAN It just simply hit all the necessary keys to understanding and implementing VXLAN Thank You!!!!.
Excellent Video and really simplified explanations !!!!
So good to hear that you like it!
Part6 took most of the time to understand. Hope there can be more easier way.
Very good content, it's clear and well explained even for a non-native English speakers. I also loved the introduction video (I'll probably re-watch arrested development tonight ;-) ). Thanks for your great work.
I don't think everyone gets the Arrested Development reference 😀
This series has me wanting to throw together a lab! Great content and even better teaching! You just got a new subscriber.
Great series of videos covering VXLan. Thanks for taking the time to educate us lessor mortals :-)
You're very welcome. There wasn't enough intro information on this when I was looking, which is why I created this series.
It's good to hear that it's helping.
I am very new to vxlan, this videos helped me a lot in understanding the vxlan basics including the leaf and spine switches and vni id's.
great series, well explained. best video I've seen on VXLAN, I understand much better after watching this series
That’s good to hear Philip!
Thank you for explaining how Cisco does VXLAN. I had just about understood VMware NSX so this was really useful.
Lots of new terms to use and I'll need to read more to get it straight in my head.
You have done an excellent work in educating this complex bit.
Excellent video for vxlan evpn
Thank you!
I am looking at video minute 9:38 and Now I got lost, why do you use vlan 101 If it´s not in your layout? Where this VLAN 101 comes from and what for used? As far as I see, there is only vlan 1000, vlan 900 and Vlan 1001. Please explain me the reason for using vlan 101?
I'm confused by this as well, he seems to be skipping this exact question in the comment section as well.
solid description on the VXLAN technology. Many thanks...
Thank you very much for creating this. It gives a quick and wonderful summary.
Very nice series, Thank you for this. along with the theory comes a practical example and just what I needed!
Thank you! Glad you like it
really clear and categorized route map and explanations
Glad it was helpful!
Fantastic series, I've learned both the leaf/spine concept which several other videos failed in doing, and VxLAN! The first 4 videos were excellently paced and pedagogical, but the last 2 kind of sped up and got too much in too short time with less room left for explanation. Kind of almost threw me off there but I managed to understand most of it. If you ever redo the recordings, please revise/extend the last 2 :)
I absolutely agree with this entire post. What I had to do was slow down the recording to 75%. It was a little inconvenient, but it allowed me to keep up.
I agree. the last 2 really condensed a lot into a little space.
not so fantastic as it lacks precise explanation. If you understood it clearly, please explain why there are VNIs 5000 and 5005 in parallel to L3VNI 900001?
@@atexnik Initially its very difficult to understand but its like VLAN and SVI concept... Here 5000 and 5005 are L2 VNI and to make them communicate we need a L3 VNI which is 900001.. Similarly for Tenant-2 we don't need a L3VI which is 900002 just L2VNI 6000 should be sufficient.. Correct me if I am wrong.
Many Many thanks for making again complex topic into very simple and it cleared my basic concepts which I was struggling hard.... !!!
You make it look easy. Thanks for the well done tutorial.
A very well explained and precise video series on VxLan.
It will be great if another video of multi-site (inter data center) can be added so it will provide more insight for data centers migration.
It's a good idea. I haven't used multi-site yet, so I'll need a bit more research
Thank you very much for this series. This has helped me a lot.
You're welcome!
VERY HELPFUL THANKS NETWORK DIRECTION!
You're very welcome, glad you like it
Excellent series, great explanation
Thank you!
Thanks for your explanations, examples and quick replies on comments. I would also like to put another request in for EVPN from you. Another request would be for how this underlay/overlay environment compares to Cisco ACI. I saw some of those queries in some of the others videos in this series. Thanks for series! Well done!
Well explained in simple and direct way .... Thank you
Thanks. I hope it provides some practical use to you
This Videos Series are great!! Thanks a lot for the effort on uploading such a neat work. Outstanding.
You're welcome John! Thanks for the comment.
Nicely explained. Can I please request for an additional video explaining how an external network can connect to your lab topology.
Thanks for the suggestion, I'll think about that one
Great to begin Vxlan world. Thank you boss :)
Loved it! Thank you.
You're welcome!
Well done! Very informative and professional!
Thank you, and thanks for watching!
Very good information this series was. I enjoyed it and learned a lot. Thanks!
Thanks Isaiah, it's good to hear that you enjoyed the whole series
Thanks for the great tutorial on VXLAN. I have a question about the network diagram. In the beginning, the host on vlan 1001 has an ip of 192.168.10.20/24. At 11:23, the host IP change to 192.168.0.20/24. Is that a typo? I am trying to following along your tutorial from GNS3.
I noticed the same. Maybe the author can follow up to clarify for us.
yeah, that would be a typo
Amazing work my friend !!! Keep them going!!
just a perfect series , great job !!
Thanks!
Perfect series. Thanks a lot!. I know there is lot of information specially in this video. I need to see this particular part atleast 3 times more to absorb it properly :)
This series was perfect. Good explanation! Congrats!
Glad you liked it!
Very very helpfull and really nicely explained... gj man, respect!
Thanks Garan! Thanks for watching our videos! Have a great day 😀
Really enjoyed this.....gonna watch all 6 again to get this down....
Nice to hear that you enjoyed it! Watch it as many times as you need 😀
Man that was excellent I’m ready to fire up my EVE-NG LAB
Thanks for the video. Did we really need to add VLAN 1000/VNI 5000 to Switch02 (since there are no servers on that VLAN on that switch) or VLAN 1001/VNI 5005 to Switch01? My understanding is that when we're using "Symmetric IRBs" (that is, using a L3 VNI to route between the L2 VNIs), then we don't need to have all the L2 VNIs on all the VTEPs and that resolves scaling issues.
That's a good question. In the real world, yes that's right. You wouldn't need to put the VLAN/VNI on all switches. It's shown here for the example
Your explanation is very fantastic, easy to understand. May i have question to you that why you need anycast "fabric forwarding anycast-gateway-mac" while in the NVE you have set ingress-replication protocol bgp ? I hope i could have advise from you. thanks
ingress replication is how the VTEPs handle BUM traffic. The anycast gateway is so clients can use the local switch as their default gateway, regardless where in the fabric they are.
@@NetworkDirection Thank you for your reply, i use your topology and config in my lab. is it possible the BGP between VTEP use different AS ?
Great series, i am sure you heard this before. My questions is, why there are no more content? we need ACI content, overlay security architecture examples and many more
Nicely explained, Will be great if you can do a video on Multicast + BGP (Control Plane Learning)
Thanks, I'll keep that in mind
Thank you for VxLAN explanation
Hello,
I really liked the way you explain the VxLAN technology, simillarly can you make videos on EvPN as well.
Thanks Suprit,
EVPN is something I need to dig into. It's on my list
Really nice video help a lot to understand in short time...
That’s good to hear, thanks for the feedback
Within L3VNI 90001 (separated VRF for this L3VNI): Would you please elaborate the steps involved with Hosts in VNI-L2-Domain-5000 to communicate with Hosts in VNI-L2-Domain-5005? How they use the Distributed AnyCast Gateways and L3VNI?
Also, steps involve when Host in L3VNI 9001 to communicate with Host in L3VNI 900002?
Thanks, Dan
The L3VNI uses a VRF. This makes it a tenant boundary, like VRF's in an MPLS L3VPN. Hosts in one L3VNI will not be able to communicate with a host in another L3VNI, unless you enable route leaking (route-target import/export) or use an external router.
Hosts within the same L3VNI, but in different L2VNI's are separated in the same way that VLANs separate hosts. Each L2VNI can have a subnet, and they are in the same routing table. This means that the switch can perform the routing natively.
An L2VNI will have an IP address that's the same on each switch in the fabric. The host uses this IP as the default gateway. As all switches have the same IP, they become anycast gateways, as any of them can respond to first-hop requests.
Does that help?
L3VNI: If I have multiple VRFs/VIN-Domains within the VxLAN fabric, I need to perform L3VNI's route leaking (route-target import/export) - correct? (I think I got this part right n from your reply). But to communicate with External networks: the L3VNI of one VRF/VNI-Domain needs to exchange EBGP with external routers - correct? (I also think I got this part right from your reply)
L2VNI: So the Distributed AnyCast Gateway is the L2VNI-IP-Address for each L2VNI-bridge-domain (similar as a SVI for a VLAN) - correct?
L2VNI: Hosts within the same L3VNI, but in different L2VNI's are separated in the same way that VLANs separate hosts: The VxLAN perform ROUTING between L2VNI's using the "Distributed AnyCast Gateway IP addresses of each L2VNI-bridge-domain (similar as ROUTING between SVIs for different VLANs) - correct?
L2VNI: Can I have different subnets in a L2VNI?
Thanks,
Dan
Yes, different L3VNI's are separate routing tables, so you need route leaking or an external router to communicate between them. To access an external network, you need to peer with an external router too. This might be with BGP, or an IGP with route redistribution.
Yes, the Anycast Gateway is much like an SVI for a VLAN. The difference is that the same IP is used on all switches.
Yes, VXLAN (L2VNI) is like enhanced VLANs. BGP can route between L2VNI's. If you are not using BGP/Control plane learning (that is, if you're using flood and learn), then you need an external router to handle routing.
You could, in the same way that you could have different subnets in a VLAN. It's not recommended though.
great series!
Glad you like it!
Thank you for the series !!
Very good video, i enjoyed watching and learnt a lot, thank you.
Greatttt you are a Saviour...
I LOVED IT
Thanks!
Fantastic, I have only had one doubt, Supress ARP is configured in order not to flood the local switch, but if the consumption of said traffic is only local, is suppress ARP necessary? Is Supress ARP a necessity when we talk about CP ??
07:40 - vlan101 / interface vlan101 -- what exactly do these do? "vlan101" is configured with L3VNI 900001 and "interface vlan101" is configured with VRF-Tenant1. But then the VRF config already mentions 900001. What is the significance of this number 101? Is it carried on the wire anywhere?
It's been a while since I made this, but I'm pretty sure that was the anycast gateway for the tenant
This becomes the default gateway for devices in this tenancy (VRF)
Thanks a lot for sharing, very clear and useful for those who have learned VxLAN with another vendor. Do you have any example of interop Cisco-Juniper?
Thank you for sharing, enjoyed a learned a lot in a more simplified context. Wondering if you are having a written blog about this or some other relevant VXLAN and ACI somewhere? if yes please share a link to it.
the best explanation and demonstration about VXLAN on TH-cam.
I am learning VXLAN from SD-Access perspective. So, the control plane is LISP in case of SD-Access instead of BGP(Of course there are other differences as well from the Data Center, including the physical topology), which I am not concerned right now. I want to know the data plane flow compared with dot1q and MPLS encapsulations. I wish I can share some images.
So, I want to know if my summary below is accurate:
VRF maps to L3 VNI
VLAN maps to L2 VNI
Also, why do you create VLANs 101 and 102 which are not in your topology or design?
Thank you,
I recommend: networkdirection.net/VxLAN+EVPN+Configuration
The book (affiliate): click.linksynergy.com/link?id=RL4E*8CmbSY&offerid=145238.2463561&type=2&murl=http%3A%2F%2Fwww.ciscopress.com%2Ftitle%2F9781587144677
Great videos to watch!!!
Can you please share the differences for configuring this in juniper boxes like QFX10k or ACX7k.
Also if possible please make a video on that.
Just out of box if you could please make a video series on evpn-mpls would love to view it.
Your a hero my dude keep the vids up learnt alot.
Gday mate great series - no longer have access to Cisco kit just Cumulus - How does anycast play with next hop devices like Firewalls? Guessing via an exit leaf should be all sweet - looking forward to more - JB.Sydney
Yeah, a border leaf is exactly right. It goes a bit beyond what we've covered in this series though.
Basically, anycast gateway is used as a first hop for hosts connected to the fabric. The switches will then need a route to the next hop. You can put this straight into BGP, or redistribute it in through some other means
Love this small series you got something focus on multicast by any chance !!
Multicast is a good idea. It's already on my list of possible series to make. I just need more time in my day!
Thanks for the training, its really worth it.
Excellent video, it helped me a lot, thank you a lot, this was extrmely easy to understand this time if I compare this to the training I was provided in my job haha. BTW at the end for tenant 2 I have the feeling you forgot to add the VRF for tenant 2 under BGP process. Maybe I missed I dont know but looks like working at the end :)
Nicely spotted, I think you're right!
thank you very much for you effort here.
i'm very confused with vlan 101 & 102 form where we got them and what are their benefit ?
Hi! Thanks for GREAT series! I have a question: why you've created vlans 101 amd 102 - but they are NOT used elsewhere in config?
I think he just messed up a lot in this config. It doesn't match the diagram. I also don't understand why there are VNI 5000/5005 in addition to L3VNI 900001?
Hello,
Thank you very much for your videos.
however I am a little lost concerning the configuration which does not correspond to the proposed diagram.
Where is the svi 101 on the shema?
the VNI 5000 and VNI 5005 must be created on the 2 switches?
Why create interface 1001 on the 2 switches when on the shema it is only on the right switch?
why create the 1000 interface on the 2 switches while on the shema it is only on the left switch?
you type the swichtport access vlan 1000 command on the 2 switches then on the shema the vlan 1000 is only on the left switch ds the et1 / 1. (not present on the right switch)
on the site, I cannot click on the configuration of the right switch
thank you for your reply
you rock!!!!! thanks for your excellent presentation.
You're welcome Carlos, I'm glad the video made sense 🙂
Love your videos. Concise and to the point. However, in regards to a special circumstance where I dont necessarily think I need a Tenant because I will be leaking routes between the tenant vrf and default. Is there a way to configure this without the tenant so I can simplify my design and not have to route leak?
To be honest, I've not considered it. One of the main reasons for this is multi-tenant support.
I guess you could try just creating a single tenant.
Very good video. best one around!
What is the best way to allow L3 traffic in and out from the global routing table to the tenate VRF?
You have to be careful with mixing tenant traffic in the underlay (global routing table).
If you're doing it to access a shared service, such as the internet, then consider adding a firewall to a border leaf. The firewall can have an interface (or subinterface) in each tenancy, and a shared 'outside' interface connected to the internet.
This way, you still secure the boundary where your traffic mixes.
@@NetworkDirection what if its just a single enterprise network thats already behind a FW? is route- leaking from global the only way to do this?
I would consider using a different VRF for the underlay routing, and connecting your firewall to a leaf.
The firewall can aggregate the traffic from the overlay to the other parts of the network (internet, WAN, etc) in global.
I would consider using a different VRF for the underlay routing, and connecting your firewall to a leaf.
The firewall can aggregate the traffic from the overlay to the other parts of the network (internet, WAN, etc) in global.
I would consider using a different VRF for the underlay routing, and connecting your firewall to a leaf.
The firewall can aggregate the traffic from the overlay to the other parts of the network (internet, WAN, etc) in global.
Great stuff! well done!
Very well explained.
Would request if you can share the configs shown here as well, This will help to lab it and do it self. Even suggest the iOS version being used here.
Having the command shown here will be helpful to match and correct wherever required.
Thanks So much.. I iwll try this lab on a 9000v (nxosv-final.7.0.3.I7.5) on GNS VM
You are a Star
Let me know how you go! I haven’t tried it in 9000v yet
Great Series, many thanks to share!
I have a doubt, can I do VxLAN with bgp evpn on cisco nx77k and nx22k fex?
nx77k on the spine and nx22k leaf.
The big question would be if the FEX do point-to-point l3 and bgp links?
I'm not 100% sure.
I think you can use the FEX ports to connect devices like servers, but they can't be VTEPs
@@NetworkDirection thanks!
Hi! Thanks for this informative series. I have a question - let's assume on your network example that we do not have a e1/1 and e1/2 pointing toward a server but we have only e1/1 pointing to a standard, L2 ethernet switch capable of doing vlans. How should configuration of e1/1 look then to transport vlan 1000 between two Nexus N9K e1/1 further to switches capable of doing simple L2 vlan? Thanks in advance.
Good videos. But does this configuration work between two Catalyst 9500 as well? With differenct commandos of course.
I haven’t had an opportunity to try, but yes.
What you’re looking for is called the ‘campus fabric’
Catalyst 9500 that is use LISP plus vxlan encapsulation
great series
I would like to "LIKE (thumbs up)" this video 1 billion times but unfortunately vicious youtube doesnot allow that
Thanks! 😅
You nailed it mate!!!
Thanks a lot for Such Nice Explaination.
😀