Professional Documents
Culture Documents
Tecdcn 2002
Tecdcn 2002
Tecdcn 2002
Infrastructure
TECDCN-2002
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Who We Are?
Azeem Suleman
Principal Engineer TME
@azeem_suleman
Matthias Wessendorf
Technical Marketing
Engineer
@matteq4er
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Agenda
• Introduction
• VXLAN Fabrics Fundamentals (NX-OS)
• NX-OS Programmability
• DCNM
• Application Centric Infrastructure (ACI)
• ACI Programmability
• Network Assurance & Insights
• Conclusion
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
• 08:30 – 10:30 (2 hours)
• 10:30 – 10:45 (Break)
• 10:45 – 12:45 (2 hours)
Coffee and Lunch • 12:45 – 14:30 (Lunch)
Breaks • 14:30 – 16:30 (2 hours)
• 16:30 – 16:45 (Break)
• 16:45 – 18:45 (2 hours)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Thomas Scheibe
Product Management
Introduction
How to Build the Network for the Cloud?
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Increasing Demand on Networks
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Network Perspective
Connectivity, Infrastructure
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Network Perspective Application Perspective
Connectivity, Infrastructure Endpoints, Compute & Storage Tiers
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Network Perspective Application Perspective
Connectivity, Infrastructure Endpoints, Compute & Storage Tiers
Security Perspective
Zero Trust
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Network Perspective Application Perspective
Connectivity, Infrastructure Endpoints, Compute & Storage Tiers
Automation
Security Perspective
Zero Trust
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Workload Context is Key
Application Intent
Deployment Lifecycle
Application
Security
Analytics
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Abstraction Layer – Group Based Policy
Profile
EPG EPG EPG
Consumer/ Consumer/
Provider Contracts Provider Contracts
EPG (End Point Group) = Security Zone, App Tier, Physical Location, ..
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Zero Trust
Segment based on Identity
3. Mapping of domains/
tenants
Container
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Zero Trust
Segment based on Identity
3. Mapping of domains/
tenants
Container
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Zero Trust
Segment based on Identity
3. Mapping of domains/
tenants
Public & Private cloud Bare metal Virtual Container Fabrics Traditional network
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Network Stack
Assurance
and Insights
Day 2
Management
and Automation ACI NX-OS DCNM Day 1
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Assurance and Insights
Assure intent
“Ensure the business needs
are consistently maintained”
2 Troubleshoot intelligently
“Highlight the needle in the
haystack”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Open Networking: Native API Integration
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Open Networking: Native API Integration
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Dev to Ops: ACI CNI bridges the Gap
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Road to 400G+ 400G is deployed
Optics
ASIC Technology
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Pluggable Multispeed Interfaces
SFP QSFP
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
QSFP DD – Avoiding the Sins of the Past
QSFP DD
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
QSFP DD – Avoiding the Sins of the Past
Lessons from the Past
1G → 10/25G or 40G → 100G transitions resulted in same high volume form factor being adopted. Why?
QSFP DD
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
QSFP DD – Avoiding the Sins of the Past
Lessons from the Past
1G → 10/25G or 40G → 100G transitions resulted in same high volume form factor being adopted. Why?
1G to 10/25G XEN
XFP
Journey PAK
X2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
QSFP DD – Avoiding the Sins of the Past
Lessons from the Past
1G → 10/25G or 40G → 100G transitions resulted in same high volume form factor being adopted. Why?
1G to 10/25G XEN
40G to 100G to
XFP CFP4 400G CFP
Journey PAK
Journey
X2 CPAK
CFP2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
QSFP DD – Avoiding the Sins of the Past
Lessons from the Past
1G → 10/25G or 40G → 100G transitions resulted in same high volume form factor being adopted. Why?
1G to 10/25G XEN
40G to 100G to
XFP CFP4 400G CFP
Journey PAK
Journey
X2 CPAK
CFP2
o System & network requirements do not change. Same port density per RU to maintain proven fabric designs
o Limited impact on system ecosystem – strong leverage
o Multi-speed switch port options – slower optics in higher speed ports
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Network Stack API
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Evolving Network Designs Routed Fabric
Traditional 3 Tier
VXLAN Bridging / Routing
DC Network Design
• VXLAN Flood & Learn
• VXLAN EVPN
• Separate Management Tools
(e.g. Nexus Fabric Manager)
DC Core
DC
PODs VXLAN Routing / Segmentation
APIC
• VXLAN Routing
• Policy Controller (APIC)
VPC in Access • Consistent policy across physical
Routed Aggregation & Core and virtual network
• Multi-hypervisor (VMware, MSFT,
OVS)
• Endpoint agnostic (bare metal, VM,
container)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Brenden Buresh
VXLAN Fabrics Principal Architect
Fundamentals
(NX-OS)
VXLAN Introduction
Data Center “Fabric” Journey (Standalone)
Layer-2
Spanning-Tree
Baremet al Hypervisor Hypervisor Hypervisor Baremet al Hypervisor Baremet al Baremet al Hypervisor Hypervisor
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Data Center “Fabric” Journey (Standalone)
Layer-2
Spanning-Tree
Baremet al Hypervisor Hypervisor Hypervisor Baremet al Hypervisor Baremet al Baremet al Hypervisor Hypervisor
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Data Center “Fabric” Journey (Standalone)
Layer-2
Spanning-Tree
Baremet al Hypervisor Hypervisor Hypervisor Baremet al Hypervisor Baremet al Baremet al Hypervisor Hypervisor
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Data Center “Fabric” Journey (Standalone)
Layer-2
Spanning-Tree
Baremet al Hypervisor Hypervisor Hypervisor Baremet al Hypervisor Baremet al Baremet al Hypervisor Hypervisor
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Data Center “Fabric” Journey (Standalone)
Layer-2
Spanning-Tree
Baremet al Hypervisor Hypervisor Hypervisor Baremet al Hypervisor Baremet al Baremet al Hypervisor Hypervisor
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Data Center “Fabric” Journey (Standalone)
Layer-2
Spanning-Tree
Baremet al Hypervisor Hypervisor Hypervisor Baremet al Hypervisor Baremet al Baremet al Hypervisor Hypervisor
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Overlay Based Data Center: Edge Devices
Overlay Overlay
VTEP VTEP VTEP VTEP - - - -
• Router/Switch End-Points
• Virtual End-Points only
• Protocols for Resiliency/Loops
• Single Admin Domain
• Traditional VPNs
• VXLAN, NVGRE, STT
• VXLAN, OTV, VPLS, LISP, FP
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Overlay Based Data Center: Edge Devices
Overlay Overlay
VTEP VTEP VTEP VTEP - - - -
Hybrid Overlays
VTEP VTEP VTEP VTEP
Baremetal Baremetal Baremetal Baremetal Hypervisor Hypervisor Hypervisor Hypervisor
• Router/Switch End-Points
Overlay • Virtual End-Points only
• Protocols for Resiliency/Loops
• Single Admin Domain
• Traditional VPNs
• VXLAN, NVGRE, STT
•
- - VTEP VTEP
VXLAN, OTV, VPLS, LISP, FP
VTEP VTEP
Hypervisor Hypervisor Baremetal Baremetal
Overlay Services
• Layer-2 Underlay Transport
Tunnel Encapsulation
• Layer-3 Network
• Layer-2 and Layer-3
Data-Plane
Control-Plane
• Overlay Layer-2/Layer-3 Unicast Traffic
• Peer-Discovery
• Overlay Broadcast, Unknown Unicast,
• Route Learning and Distribution
• Local Learning
Multicast traffic (BUM traffic) forwarding
• Ingress Replication (Unicast)
• Remote Learning
• Multicast
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Overlay Taxonomy - Underlay
Underlay
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Overlay Taxonomy - Underlay
Underlay
Edge Device Leaf Leaf Leaf Leaf Leaf Leaf Leaf
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Overlay Taxonomy - Underlay
Underlay
Edge Device Leaf Leaf Leaf Leaf Leaf Leaf Leaf
LAN
Segment
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Overlay Taxonomy - Underlay
Underlay
Edge Device Leaf Leaf Leaf Leaf Leaf Leaf Leaf
LAN
Segment
Virtual
Server Physical
Server
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Overlay Taxonomy - Underlay
Layer-3
Interface Spine Spine Spine Spine
Peering
Underlay
Edge Device Leaf Leaf Leaf Leaf Leaf Leaf Leaf
LAN
Segment
Virtual
Server Physical
Server
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Overlay Taxonomy - Overlay
Overlay
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
LAN
Segment
Virtual
Server Physical
Server VTEP: VXLAN Tunnel End-Point
VNI/VNID: VXLAN Network Identifier
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Overlay Taxonomy - Overlay
Tunnel Encapsulation
Spine
(VNI Namespace)
Spine Spine Spine
Overlay
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
LAN
Segment
Virtual
Server Physical
Server VTEP: VXLAN Tunnel End-Point
VNI/VNID: VXLAN Network Identifier
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Introducing VXLAN
Data-Plane
Outer MAC Outer IP UDP VXLAN Inner MAC Inner IP Payload CRC
(VXLAN)
14-byte + 20-byte +8-byte + 8-byte* = 50 Bytes
of total overhead UDP Src Port
Hash of L2/L3/L4
headers of
original Frame
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
VXLAN Frame Format – MAC in IP Encapsulation
(4 Bytes Optional)
Src. MAC Address Next-Hop MAC Address 48
8 Bytes
Destination Port 4789 (UDP) 16
14 Bytes
VLAN Type 0x8100 16 UDP Length 16
VLAN ID Tag 16 Checksum 0x0000 16
Ether Type 0x0800 16
Outer
Outer IP UDP VXLAN Inner MAC Payload CRC
MAC
8 Bytes
Reserved 24
Header Checksum Various 16
VNI 16M Possible Segments 24
Source IP Src, VTEP IP 32
Reserved 8
Destination IP Dest. VTEP IP 32
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
No Path Diversity
Spine
• Equal Cost Multi-Pathing (ECMP)
uses Header information to form
Path Diversity
Leaf
• Some Tunnel Protocol provide no Leaf
Baremetal
AS#65500 diversity in IP or Protocol Header Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Introducing VXLAN – Entropy
Spine
• VXLAN provides variable UDP
Source Port in Outer Header
• Hash of the inner Layer-2/Layer-
VTEP VTEP
Baremetal
AS#65500 3/Layer-4 Headers of the original Baremetal
Ethernet Frame.
• Enables entropy for ECMP Load
Spine
balancing in the Network
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Introducing VXLAN – Entropy
Spine
VTEP VTEP
AS#65500
Entropy Spine
happens here
Outer MAC Outer IP UDP VXLAN Inner MAC Inner IP Payload CRC
Data-Plane (VXLAN)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
A Scale Out Architecture
• Spines
• Wide vs. Big
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
• Uplinks
• Symmetric to all Spines or Pods
More Leaf – More Ports – More Capacity
• SAYG: Scale as You Grow
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Folded Clos Topology – Device Roles
• Spine
• Interconnecting Leafs and Border
Leafs Spine Spine Spine Spine
• Leaf (VTEP)
• Virtual Machines
• Physical Machines
•
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
FEXes
• 3rd Party Switches
• UCS FIs
• Blade Switches WAN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Folded Clos Topology – Device Roles
• Spine
• Interconnecting Leafs and Border
Leafs Spine Spine Spine Spine
• Leaf (VTEP)
• Virtual Machines
• Physical Machines
•
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
FEXes
• 3rd Party Switches
• UCS FIs
• Blade Switches WAN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Folded Clos Topology – Device Roles
• Spine
• Interconnecting Leafs and Border
Leafs Spine Spine Spine Spine
• Leaf (VTEP)
• Virtual Machines
• Physical Machines
•
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
FEXes
• 3rd Party Switches
• UCS FIs
• Blade Switches WAN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Folded Clos Topology – Device Roles
• Spine
• Interconnecting Leafs and Border
Leafs Spine Spine Spine Spine
• Leaf (VTEP)
• Virtual Machines
• Physical Machines
•
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
FEXes
• 3rd Party Switches
• UCS FIs
• Blade Switches WAN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Folded Clos Topology – Device Roles
• External Connectivity
• Leaf (VTEP)
• Virtual Machines
• Physical Machines Leaf Leaf Leaf Leaf Leaf Leaf Leaf
• FEXes
• 3rd Party Switches
• UCS FIs
• Blade Switches
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Folded Clos Topology – Device Roles
• External Connectivity
• Leaf (VTEP)
• Virtual Machines
• Physical Machines Leaf Leaf Leaf Leaf Leaf Leaf Leaf
• FEXes
• 3rd Party Switches
• UCS FIs
• Blade Switches
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Folded Clos Topology – Device Roles
• External Connectivity
• Leaf (VTEP)
• Virtual Machines
• Physical Machines Leaf Leaf Leaf Leaf Leaf Leaf Leaf
• FEXes
• 3rd Party Switches
• UCS FIs
• Blade Switches
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
The Super-Spine
POD 1
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
The Super-Spine
Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf
POD 1 POD 2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
The Super-Spine
SuperSpine
SuperSpine SuperSpine
Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf
POD 1 POD 2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
The Super-Spine
SuperSpine
• Scale Out
SuperSpine SuperSpine
POD 1 POD 2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
VXLAN Gateway Types
Egress packet is IEEE 802.1q
Ingress VXLAN packet tagged interface. packet is
on RED segment VTEP BRIDGED to new VLAN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
VXLAN Gateway Types
Egress packet is IEEE 802.1q
Ingress VXLAN packet tagged interface. packet is
on RED segment VTEP BRIDGED to new VLAN
• VXLAN-to-VLAN Routing
• (Layer-3 Gateway)
VXLAN Router
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
VXLAN Gateway Types
Egress packet is IEEE 802.1q
Ingress VXLAN packet tagged interface. packet is
on RED segment VTEP BRIDGED to new VLAN
• VXLAN-to-VLAN Routing
• (Layer-3 Gateway)
VXLAN Router
• VXLAN-to-VXLAN Routing
• (Layer-3 Gateway)
VXLAN Router
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
EVPN Deep Dive
What is VXLAN and EVPN ?
• VXLAN
• Standards based Encapsulation
• RFC 7348
• Uses UDP-Encapsulation
• Transport Independent
• Layer-3 Transport (Underlay)
• Flexible Namespace
• 24-bit field (VNID) provides ~16M
unique identifier
• Allows Segmentation
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
What is VXLAN and EVPN ?
• EVPN
• VXLAN
• Standards based Control-Plane
• Standards based Encapsulation
• RFC 7432
• RFC 7348
• Uses Multiprotocol BGP
• Uses UDP-Encapsulation
• Uses Various Data-Planes
• Transport Independent
• VXLAN (EVPN-Overlay), MPLS,
• Layer-3 Transport (Underlay)
Provider Backbone (PBB)
• Flexible Namespace
• Many Use-Cases Covered
• 24-bit field (VNID) provides ~16M
• Bridging, MAC Mobility, First-Hop
unique identifier
& Prefix Routing, Multi-Tenancy
• Allows Segmentation
(VPN)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Introducing Ethernet VPN (EVPN)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Introducing Ethernet VPN (EVPN)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
VXLAN and EVPN Related RFCs & Drafts (IETF)
ID Title Category
RFC 7348 Virtual Extensible Local Area Network Data Plane
draft-ietf-bess-l2vpn-evpn-prefix-
IP Prefix Advertisement in E-VPN Control Plane
advertisement
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
EVPN Layer-2 Services (1)
• Per EVI BGP Route Distinguisher / Router Target per EVI / VNI
• BGP Route-Target constrain mechanism to limit propagation (import/export)
VID = VLAN ID
VNI = VXLAN Network Identifier
EVI = EVPN Virtual Instance TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
EVPN Layer-2 Services (1a)
(draft-ietf-bess-evpn-overlay – Section 5.1.2)
• VLAN-based
VID
10 VNI EVI
VID = VLAN ID
VNI = VXLAN Network Identifier
EVI = EVPN Virtual Instance © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN Layer-2 Services (1a)
(draft-ietf-bess-evpn-overlay – Section 5.1.2)
• VLAN-based
VID
10 VNI EVI
VID = VLAN ID
VNI = VXLAN Network Identifier
EVI = EVPN Virtual Instance © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN Layer-2 Services (1b)
(draft-ietf-bess-evpn-overlay – Section 6.1)
• VLAN-based
[2]:[0]:[0]:[48]:[0050.569f.d495]:[32]:[192.168.22.33]
VID
10 VNI EVI
VID = VLAN ID
VNI = VXLAN Network Identifier
EVI = EVPN Virtual Instance © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN Layer-2 Services (1b)
(draft-ietf-bess-evpn-overlay – Section 6.1)
• VLAN-based
[2]:[0]:[0]:[48]:[0050.569f.d495]:[32]:[192.168.22.33]
VID
10 VNI EVI
VID = VLAN ID
VNI = VXLAN Network Identifier
EVI = EVPN Virtual Instance © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN Layer-2 Services (1c)
(RFC 7432 – Section 6.3)
• VLAN-based • VLAN-aware
[2]:[0]:[0]:[48]:[0050.569f.d495]:[32]:[192.168.22.33]
VID
10
VID
VNI EVI VNI EVI
VID
10 20
VID
30
[2]:[0]:[20]:[48]:[0050.569f.d495]:[32]:[192.168.22.33]
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
EVPN IP-VRF Services (2)
• Route-Type 2
• Containing Router MAC or MAC/IP
• Interface-Less
VTEP VTEP
[5]:[0]:[0]:[24]:[192.168.22.0]:[0.0.0.0]
BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN)
Router MAC:0200.0ade.de22
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN IP-VRF Services (2a)
(draft-ietf-bess-evpn-prefix-advertisement – Section 5.4.1)
• Interface-Less
VTEP VTEP
[5]:[0]:[0]:[24]:[192.168.22.0]:[0.0.0.0]
BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN)
Router MAC:0200.0ade.de22
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN IP-VRF Services (2b)
(draft-ietf-bess-evpn-prefix-advertisement – Section 5.4.2)
[5]:[0]:[0]:[24]:[192.168.22.0]:[0.0.0.0] [5]:[0]:[0]:[24]:[192.168.22.0]:[0.0.0.0]
BGP 10.22.22.34 (Next-Hop) BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN) Update Encap:8 (VXLAN)
Router MAC:0200.0ade.de22 Router MAC:0200.0ade.de22
[2]:[0]:[0]:[48]:[0200.0ade.de22]:[32]:[10.22.22.34]
BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN)
Router MAC:0200.0ade.de22
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN IP-VRF Services (2b)
(draft-ietf-bess-evpn-prefix-advertisement – Section 5.4.2)
[5]:[0]:[0]:[24]:[192.168.22.0]:[0.0.0.0] [5]:[0]:[0]:[24]:[192.168.22.0]:[0.0.0.0]
BGP 10.22.22.34 (Next-Hop) BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN) Update Encap:8 (VXLAN)
Router MAC:0200.0ade.de22 Router MAC:0200.0ade.de22
[2]:[0]:[0]:[48]:[0200.0ade.de22]:[32]:[10.22.22.34]
BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN)
Router MAC:0200.0ade.de22
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN IP-VRF Services (2c)
(draft-ietf-bess-evpn-prefix-advertisement – Section 5.4.3)
• Interface-Less • Interface-Full
(Unnumbered Core-facing IRB)
[5]:[0]:[0]:[24]:[192.168.22.0]:[0.0.0.0] [5]:[0]:[0]:[24]:[192.168.22.0]:[0.0.0.0]
BGP 10.22.22.34 (Next-Hop) BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN) Update Encap:8 (VXLAN)
Router MAC:0200.0ade.de22 Router MAC:0200.0ade.de22
[2]:[0]:[0]:[48]:[0200.0ade.de22]:[0]:[0.0.0.0]
BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN)
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN IP-VRF Services (2c)
(draft-ietf-bess-evpn-prefix-advertisement – Section 5.4.3)
• Interface-Less • Interface-Full
(Unnumbered Core-facing IRB)
[5]:[0]:[0]:[24]:[192.168.22.0]:[0.0.0.0] [5]:[0]:[0]:[24]:[192.168.22.0]:[0.0.0.0]
BGP 10.22.22.34 (Next-Hop) BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN) Update Encap:8 (VXLAN)
Router MAC:0200.0ade.de22 Router MAC:0200.0ade.de22
[2]:[0]:[0]:[48]:[0200.0ade.de22]:[0]:[0.0.0.0]
BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN)
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN IRB Services (3)
V1 V2 V1 V2
MA MA
MAC IP IP MAC MAC IP IP MAC
C C
Bridge Bridge
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
EVPN IRB Services (3b)
(draft-ietf-bess-evpn-inter-subnet-forwarding – Section 4 and 5)
V1 V2 V1 V2
MA MA MA MA
IP IP IP IP
C C C C
Bridge -> Route -> Route -> Bridge Bridge -> Route -> Bridge
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
EVPN IRB Services (3b)
(draft-ietf-bess-evpn-inter-subnet-forwarding – Section 4 and 5)
MA MA MA MA
IP IP IP IP
C C C C
Bridge -> Route -> Route -> Bridge Bridge -> Route -> Bridge
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
EVPN IRB Services (3c)
(draft-ietf-bess-evpn-inter-subnet-forwarding – Section 5.1)
• Symmetric IRB
VNI 50000 (L3VNI)
V1 V2
MA MA
IP IP
C C
192.168.22.33 192.168.33.44
[5]:[0]:[0]:[24]:[192.168.22.0]:[0.0.0.0]
BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN)
Router MAC:0200.0ade.de22
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN IRB Services (3c)
(draft-ietf-bess-evpn-inter-subnet-forwarding – Section 5.1)
• Symmetric IRB
VNI 50000 (L3VNI)
V1 V2
MA MA
IP IP
C C
192.168.22.33 192.168.33.44
[5]:[0]:[0]:[24]:[192.168.22.0]:[0.0.0.0]
BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN)
Router MAC:0200.0ade.de22
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN IRB Services (3d)
(draft-ietf-bess-evpn-inter-subnet-forwarding – Section 4.1)
MA MA MA MA
IP IP IP IP
C C C C
[2]:[0]:[0]:[48]:[0200.0ade.de22]:[32]:[10.22.22.34]
BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN)
Router MAC:0200.0ade.de22
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN IRB Services (3d)
(draft-ietf-bess-evpn-inter-subnet-forwarding – Section 4.1)
MA MA MA MA
IP IP IP IP
C C C C
[2]:[0]:[0]:[48]:[0200.0ade.de22]:[32]:[10.22.22.34]
BGP 10.22.22.34 (Next-Hop)
Update Encap:8 (VXLAN)
Router MAC:0200.0ade.de22
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN IRB Services (3e)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Conclusions - Cisco’s EVPN Implementation
• VLAN-based • VLAN-aware
• VLAN to VNI to EVI • Multiple VLAN to VNI to EVI
• More granular control (route-target) • No true MAC separation (potential)
• Interface-Full
• Interface-Less
• Additional overhead (2 routes and additional
• Follows classic routing lookup)
• No need for MAC routes in routing
• Asymmetric IRB
• Symmetric IRB • Extensive usage of Adjacency Tables
• More Centralized Gateway-like
• Adjacency Tables are preserved
• “Consistent” configuration necessary if Distributed
• Configuration is flexible Gateway is required
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Conclusions - Cisco’s EVPN Implementation
• VLAN-based • VLAN-aware
• VLAN to VNI to EVI • Multiple VLAN to VNI to EVI
• More granular control (route-target) • No true MAC separation (potential)
• Interface-Full
• Interface-Less
• Additional overhead (2 routes and additional
• Follows classic routing lookup)
• No need for MAC routes in routing
• Asymmetric IRB
• Symmetric IRB • Extensive usage of Adjacency Tables
• More Centralized Gateway-like
• Adjacency Tables are preserved
• “Consistent” configuration necessary if Distributed
• Configuration is flexible Gateway is required
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
EVPN Operations
EVPN - Host and Subnet Route Distribution
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
EVPN Control Plane - Host and Subnet Routes
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Host Advertisements
Overlay
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
*L2VNI: VNI for all Bridging operation (”VLAN-VNI”) TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Host Advertisements
Overlay
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
*L2VNI: VNI for all Bridging operation (”VLAN-VNI”) TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Host Advertisements
Overlay
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
*L2VNI: VNI for all Bridging operation (”VLAN-VNI”) TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Host Advertisements
Type
Type MAC // Length
MAC Length L2VNI // RT
L2VNI RT IP / Length L3VNI / RT Next-Hop Seq.
22 0000.3001.1101 // 48
0000.3001.1101 48 3001, 65500:3001
3001, 65500:3001 10.200.200.101
Spine Spine Spine Spine
22 0000.3001.1102 // 48
0000.3001.1102 48 3001, 65500:3001
3001, 65500:3001 10.200.200.104
*L2VNI: VNI for all Bridging operation (”VLAN-VNI”) TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Ethernet Tag
Ethernet Identifier
V2# show bgp l2vpn evpn 0000.3001.1101 (Ethtag)
Segment
Identifier (ESI) MAC Address MAC
Route Type: Length Address
BGP routing table information
MAC/IP for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.10.10.101:32777
BGP routing table entry for [2]:[0]:[0]:[48]:[0000.3001.1101]:[0]:[0.0.0.0]/216,
version 4
Paths: (1 available, best #1)
Flags: (0x000202) on xmit-list, is not in l2rib/evpn, is locked
Advertised path-id 1
Next-Hop
IP Address
Path type: internal, path
L2VNIis valid, is best path, no labeled nexthop
AS-Path: NONE, path(MPLS
sourced internal to AS
Label1)
10.200.200.101 (metric 3) fromL2VNI
10.10.10.201 (10.10.10.201)
Encap:8
Route Target
Origin IGP, MED not set, localpref 100, weight 0
VXLAN
Received label 3001
Extcommunity: RT:65500:3001 ENCAP:8
Originator: 10.10.10.101 Cluster list: 10.10.10.201
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Host Advertisements
Overlay
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
Overlay
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
Overlay
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
2 0000.3001.1101 / 48
Spine Spine
3001, 65500:3001
Spine Spine
192.168.10.101 /32 • Host MAC+IP
10.200.200.101(Route Type 2)
5000, 65500:5000
• MAC and IP
2 0000.3001.1102 / 48 3001, 65500:3001 192.168.10.102 /32 5000, 65500:5000 10.200.200.104
• MPLS Label1 (L2VNI)
2 0000.3002.2101 / 48
Overlay 3002, 65500:3002 192.168.20.101 /32 • Route
5000, 65500:5000 Target for MAC-VRF
10.200.200.107
Advertised path-id 1
Next-Hop L3VNI
IP Address
Path type: internal,L2VNI
path is (MPLS
valid, is best path, no labeled nexthop
Label2)
AS-Path: NONE, path
(MPLSsourced
Label1) internal to AS
10.200.200.101 (metric 3) from 10.10.10.201 (10.10.10.201)
Encap:8
Origin IGP, MED not set, localpref 100, weight 0 VXLAN
Received label 3001 5000
Extcommunity: RT:65500:3001 RT:65500:5000 ENCAP:8 Router MAC:0200.0ade.de01
Originator: 10.10.10.101 Cluster list: 10.10.10.201
L2VNI L3VNI
Route Target Router MAC
Route Target
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Subnet Route Advertisements
Overlay
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
Subnet A
192.168.10.0/24
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Subnet Route Advertisements
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Subnet Route Advertisements
Overlay
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
Subnet A Subnet A
192.168.10.0/24 192.168.10.0/24
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Subnet Route Advertisements
Type IP // Length
IP Length L3VNI // RT
L3VNI RT Next-Hop Seq.
55 192.168.10.0 /24
192.168.10.0
Spine
/24
Spine
5000, 65500:5000
5000, 65500:5000
Spine Spine
10.200.200.101 • IP Prefix Learning
55 192.168.10.0 /24
192.168.10.0 /24 5000, 65500:5000
5000, 65500:5000 10.200.200.104
• via BGP with VRF-Lite
• via LISP on Nexus 7000/7700
5 192.168.20.0 /24
Overlay 5000, 65500:5000 10.200.200.107 • via other routing protocol (static
or dynamic)
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Ethernet Tag
Ethernet Identifier
Segment
V2# show bgp l2vpn evpn 192.168.10.0 (Ethtag)
Identifier (ESI) IP Address
Route Type: IP Address
Length family
BGP routing table information
IP Prefix for VRF default, address L2VPN EVPN
Route Distinguisher: 10.10.10.101:3
BGP routing table entry for [5]:[0]:[0]:[24]:[192.168.10.101]/224,
version 4
Paths: (1 available, best #1)
Flags: (0x000202) on xmit-list, is not in l2rib/evpn, is locked
Advertised path-id 1
Next-Hop
IP Address
Path type: internal, path
L3VNIis valid, is best path, no labeled nexthop
AS-Path: NONE, path(MPLS
sourced internal to AS
Label)
10.200.200.101 (metric 3) fromL3VNI
10.10.10.201 (10.10.10.201)
Encap:8
Origin IGP, MED not set, localpref 100, weight 0 Router MAC
Route Target VXLAN
Received label 5000
Extcommunity: RT:65500:5000 ENCAP:8 Router MAC:0200.0ade.de01
Originator: 10.10.10.101 Cluster list: 10.10.10.201
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
VXLAN and BGP EVPN – Putting it Together
Outer MAC Outer IP UDP VXLAN Inner MAC Inner IP Payload CRC
Data-Plane (VXLAN)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
VXLAN and BGP EVPN – Putting it Together
Outer MAC Outer IP UDP VXLAN Inner MAC Inner IP Payload CRC
Data-Plane (VXLAN)
Bridging
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
VXLAN and BGP EVPN – Putting it Together
Outer MAC Outer IP UDP VXLAN Inner MAC Inner IP Payload CRC
Data-Plane (VXLAN)
Routing
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Routing and the Router MAC – Ethernet
Switch Switch
SVI10 SVI20
192.168.10.1 192.168.20.1
Host A Host C
MAC: 0000.3001.1101 MAC: 0000.3002.2101
IP: 192.168.10.101 IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Routing and the Router MAC – Ethernet
Switch Switch
SVI10 SVI20
192.168.10.1 192.168.20.1
Host A Host C
MAC: 0000.3001.1101 MAC: 0000.3002.2101
IP: 192.168.10.101 IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Routing and the Router MAC – Ethernet
Switch Switch
SVI10 SVI20
192.168.10.1 192.168.20.1
Host A Host C
MAC: 0000.3001.1101 MAC: 0000.3002.2101
IP: 192.168.10.101 IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Routing and the Router MAC – Ethernet
Router MAC
Switch Switch
SVI10 SVI20
192.168.10.1 192.168.20.1
Host A Host C
MAC: 0000.3001.1101 MAC: 0000.3002.2101
IP: 192.168.10.101 IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Routing and the Router MAC – VXLAN
SVI10 SVI20
192.168.10.1 VTEP
VXLAN VTEP 192.168.20.1
Host A Host C
MAC: 0000.3001.1101 MAC: 0000.3002.2101
IP: 192.168.10.101 IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Routing and the Router MAC – VXLAN
SVI10 SVI20
192.168.10.1 VTEP
VXLAN VTEP 192.168.20.1
Host A Host C
MAC: 0000.3001.1101 MAC: 0000.3002.2101
IP: 192.168.10.101 IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Routing and the Router MAC – VXLAN
SVI10 SVI20
192.168.10.1 VTEP
VXLAN VTEP 192.168.20.1
Host A Host C
MAC: 0000.3001.1101 MAC: 0000.3002.2101
IP: 192.168.10.101 IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Routing and the Router MAC – VXLAN
Router MAC
SVI10 SVI20
192.168.10.1 VTEP
VXLAN VTEP 192.168.20.1
Host A Host C
MAC: 0000.3001.1101 MAC: 0000.3002.2101
IP: 192.168.10.101 IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Packet Walk – ARP Request
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Packet Walk – ARP Request
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
ARP Request for 192.168.10.102 Spine
SMAC: DMAC:
0000.3001.1101 FFFF.FFFF.FFFF
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Packet Walk – ARP Request
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
ARP Request for 192.168.10.102 Spine
SMAC: DMAC: SIP DIP VXLAN SMAC DMAC ARP Request for
0000.3001.1101 FFFF.FFFF.FFFF 192.168.10.102
10.200.200.101 239.0.0.1 30001 0000.3001.1101 FFFF.FFFF.FFFF
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Packet Walk – ARP Request
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
ARP Request for 192.168.10.102 Spine
SMAC: DMAC: SIP DIP VXLAN SMAC DMAC ARP Request for
0000.3001.1101 FFFF.FFFF.FFFF 192.168.10.102
10.200.200.101 239.0.0.1 30001 0000.3001.1101 FFFF.FFFF.FFFF
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
SMAC: DMAC:
Host C
0000.3001.1101 FFFF.FFFF.FFFF MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Packet Walk – ARP Response
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Packet Walk – ARP Response
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
SMAC: DMAC:
Host C
0000.3001.1102 0000.3001.1101 MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Packet Walk – ARP Response
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
SMAC: DMAC:
Host C
0000.3001.1102 0000.3001.1101 MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Packet Walk – ARP Response
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
ARP Response for 192.168.10.102 Spine
SMAC: DMAC:
0000.3001.1102 0000.3001.1101
SIP DIP VXLAN SMAC DMAC ARP Response for
192.168.10.102
10.200.200.103 10.200.200.101 30001 0000.3001.1102 0000.3001.1101
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
SMAC: DMAC:
Host C
0000.3001.1102 0000.3001.1101 MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Packet Walk – Bridging
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Packet Walk – Bridging
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
SMAC DMAC SIP DIP
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Packet Walk – Bridging
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
SMAC DMAC SIP DIP
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Packet Walk – Bridging
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
SMAC DMAC SIP DIP
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Packet Walk – Routing
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Packet Walk – Routing
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
SMAC DMAC SIP DIP Spine
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Packet Walk – Routing
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
SMAC DMAC SIP DIP Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Packet Walk – Routing
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
SMAC DMAC SIP DIP Spine
TOR3 TOR4
SMAC DMAC SIP DIP
VLAN 101 (Green)
Leaf Leaf
2020.0000.AAAA 0000.3002.2101 192.168.10.101 192.168.20.101
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Packet Walk – Routing (Silent Host)
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Packet Walk – Routing (Silent Host)
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Packet Walk – Routing (Silent Host)
10.200.200.101
TOR1
10.200.200.102 50001 0200.0ade.de01 0200.0ade.de07
TOR2
192.168.10.101 192.168.20.101
Payload
Host
Leaf Leaf
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Packet Walk – Routing (Silent Host)
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Packet Walk – Routing (Silent Host)
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Packet Walk – Routing (Silent Host)
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
ARP Request for 192.168.20.101
Host SMAC: DMAC:
AGM FFFF.FFFF.FFFF
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Packet Walk – Routing (Silent Host)
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Packet Walk – Routing (Silent Host)
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
MAC: 0000.3002.2101
IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Packet Walk – Routing (Silent Host)
Host A
MAC: 0000.3001.1101
IP: 192.168.10.101
Spine
TOR3 TOR4
VLAN 101 (Green)
Leaf Leaf
Host
Host B
MAC: 0000.3001.1102
VXLAN EVPN
Host C
ARP Response for 192.168.20.101MAC: 0000.3002.2101
IP: 192.168.20.101
SMAC: DMAC:
0000.3002.2102 AGM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
VXLAN Design
Considerations
Underlay Design
Review
MTU and Overlays
• Avoid Fragmentation
• Adjust the Transport Network with
appropriate MTU
*Cisco Nexus 5600 only supports a MTU of 9192 Byte for Layer-3 Traffic
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
MTU and Overlays
• Avoid Fragmentation
• Adjust the Transport Network with
appropriate MTU
*Cisco Nexus 5600 only supports a MTU of 9192 Byte for Layer-3 Traffic
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Interface Principles
(/32)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
IP Addressing Principles
Routing
Identifier Rendezvous
Point
• Prepare a IP Addressing Plan p2p* Links / IP
Unnumbered
• Separate Interface functions Spine Spine Spine Spine
through IP Addressing
(Aggregates)
• Unicast Routing – Routing Protocol
Peering (p2p*) Leaf Leaf Leaf Leaf Leaf Leaf Leaf
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Unicast Routing – BGP
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Unicast Routing – eBGP Two-AS Model
All-Spine AS#65500
Spine Spine Spine Spine
• eBGP Two-AS, yes it works!
• eBGP peering for Underlay
• Spine is not a Route-Reflector
(eBGP) – Retain Route-Targets
Leaf Leaf Leaf Leaf Leaf Leaf Leaf • Disable BGP AS-Path check
• Next-Hop needs to be Unchanged
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Unicast Routing – eBGP Multi-AS Model
• Underlay is Reachability!
• Advertise your Loopbacks
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Unicast Routing – eBGP Multi-AS Model
• Underlay is Reachability!
• Advertise your Loopbacks
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Unicast Routing – eBGP Model
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Unicast Routing – eBGP Model
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Multicast Enabled Underlay – PIM ASM
• Platform Support
• Nexus 9000 / Nexus 7000 (F3/M3)
• ASR 1000 / ASR 9000
Underlay
• RP Redundancy Leaf Leaf Leaf Leaf Leaf Leaf Leaf
• Source-Trees (Unidirectional)
• 1 Source Tree per VTEP per
Multicast Group
Hypervisor Baremetal Hypervisor Hypervisor Baremetal Hypervisor Baremetal Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Underlay – PIM ASM with PIM Anycast-RP
RP RP
Spine Spine Spine Spine
S,G
Underlay
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Underlay – PIM ASM with PIM Anycast-RP
RP RP
Spine Spine Spine Spine
S,G Underlay
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Underlay – PIM ASM with PIM Anycast-RP
RP RP
Spine Spine Spine Spine
S,G
Underlay
Leaf Leaf Leaf Leaf Leaf Leaf Leaf
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Underlay – PIM ASM with PIM Anycast-RP
RP RP
Spine Spine Spine Spine
Underlay
S,G
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Underlay – PIM ASM with PIM Anycast-RP
RP RP
Spine Spine Spine Spine
Underlay S,G
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Why Do I Need Multicast Again?
Destination Group
239.1.1.1
Spine (0100.5E01.0101)
Spine Spine Spine
3
MAC VNI VTEP MAC VNI VTEP
0000.3001.1101 30001 E1/12
Overlay
3 0000.3002.2101 30002 E1/4
2
SMAC: MAC_LEAF1
VTEP VTEP VTEP VTEP
ARP Request for 192.168.10.102 VTEP VTEP VTEP
DMAC: 0100.5E01.0101
Underlay
Src MAC: 0000.3001.1101
Dst MAC: FFFF.FFFF.FFFF SIP: IP_LEAF1
DIP: 239.1.1.1 ARP Request for 192.168.10.102
1 4 Src MAC: 0000.3001.1101
UDP Dst MAC: FFFF.FFFF.FFFF
ARP Request
Baremetal Baremetal 0000.3001.1102
0000.3001.110 30001
30001 E1/8
E1/8 Baremetal
SMAC: 0000.3001.1101 2
Host A DMAC: FFFF.FFFF.FFFF Host B 0000.3001.1101 30001 LEAF1 Host C
MAC: 0000.3001.1101 MAC: 0000.3001.1102 MAC: 0000.3002.2101
IP: 192.168.10.101 IP: 192.168.10.102 IP: 192.168.20.101
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Things to Remember
Multicast Enabled Underlay
Keep in Mind
Overlay Convergence = Underlay Convergence!
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Underlay – Ingress Replication
• A Packet Multiplication
• EVPN assists no Peer, VNI Topology
Spine Spine Spine Spine
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Overlay Design
Review
Overlay
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
EVPN MP-BGP Primer (1)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
EVPN MP-BGP Primer (2)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
EVPN MP-BGP Primer (2)
▪ Host A
▪ MAC_A / IP_A
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
EVPN MP-BGP Primer (2)
▪ BGP Advertisement
▪ VPN-EVPN: RD:[MAC_A][IP_A]
▪ BGP Next-Hop: V1
▪ Virtual Routing and Forwarding (VRF) ▪ Route Target: 65500:50000
▪ Label: 50000
Layer-3 segmentation for tenants’ routing space RR RR
▪ Host A
▪ MAC_A / IP_A
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
EVPN MP-BGP Primer (2)
▪ BGP Advertisement
▪ VPN-EVPN: RD:[MAC_A][IP_A]
▪ BGP Next-Hop: V1
▪ Virtual Routing and Forwarding (VRF) ▪ Route Target: 65500:50000
▪ Label: 50000
Layer-3 segmentation for tenants’ routing space RR RR
▪ Host A
▪ MAC_A / IP_A
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Overlay
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
1
Define VTEP Interface (VXLAN Tunnel End-Point)
# Spine (S1)
# Leaf (V1)
interface nve1
RR RR RR RR
source-interface loopback0
host-reachability protocol bgp
iBGP
V1 V2
V3
*Simplified BGP configuration; would have 4 BGP peers (RR)
IGP not shown
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
1
Define VTEP Interface (VXLAN Tunnel End-Point)
# Features & Globals Enables VTEP support (only required on Leaf or Border)
feature bgp
feature nv overlay
nv overlay evpn
# Spine (S1)
# Leaf (V1)
interface nve1
RR RR RR RR
source-interface loopback0
host-reachability protocol bgp
iBGP
V1 V2
V3
*Simplified BGP configuration; would have 4 BGP peers (RR)
IGP not shown
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
1
Define VTEP Interface (VXLAN Tunnel End-Point)
# Features & Globals Enables VTEP support (only required on Leaf or Border)
feature bgp
feature nv overlay
nv overlay evpn
Enables EVPN Control-Plane in BGP
# Spine (S1)
# Leaf (V1)
interface nve1
RR RR RR RR
source-interface loopback0
host-reachability protocol bgp
iBGP
V1 V2
V3
*Simplified BGP configuration; would have 4 BGP peers (RR)
IGP not shown
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
1
Define VTEP Interface (VXLAN Tunnel End-Point)
# Features & Globals Enables VTEP support (only required on Leaf or Border)
feature bgp
feature nv overlay
nv overlay evpn
Enables EVPN Control-Plane in BGP
# Spine (S1)
iBGP
V1 V2
V3
*Simplified BGP configuration; would have 4 BGP peers (RR)
IGP not shown
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
1
Define VTEP Interface (VXLAN Tunnel End-Point)
# Features & Globals Enables VTEP support (only required on Leaf or Border)
feature bgp
feature nv overlay
nv overlay evpn
Enables EVPN Control-Plane in BGP
# Spine (S1)
iBGP
V1 V2
V3
*Simplified BGP configuration; would have 4 BGP peers (RR)
IGP not shown
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
1
Define VTEP Interface (VXLAN Tunnel End-Point)
# Features & Globals Enables VTEP support (only required on Leaf or Border)
feature bgp
feature nv overlay
nv overlay evpn
Enables EVPN Control-Plane in BGP
# Spine (S1)
iBGP
V2
Enable BGP for Host reachabilityV
1
V3
*Simplified BGP configuration; would have 4 BGP peers (RR)
IGP not shown
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Overlay
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
2
Building the Overlay Control-Plane
# Features & Globals
feature bgp
feature nv overlay
nv overlay evpn
# Spine (S1)
router bgp 65500
router-id 10.10.10.S1
address-family ipv4 unicast
RR RR RR RR
neighbor 10.10.10.0/24 remote-as 65500
update-source loopback0
address-family l2vpn evpn
send-community both iBGP
route-reflector-client V1 V2
# Leaf (V1)
router bgp 65500
router-id 10.10.10.V1
address-family ipv4 unicast
neighbor 10.10.10.S1 remote-as 65500 V3
update-source loopback0 *Simplified BGP configuration; would have 4 BGP peers (RR)
address-family l2vpn evpn IGP not shown
send-community both
*
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
2
Building the Overlay Control-Plane
# Features & Globals
feature bgp
feature nv overlay
nv overlay evpn
route-reflector-client V1 V2
# Leaf (V1)
router bgp 65500
router-id 10.10.10.V1
address-family ipv4 unicast
neighbor 10.10.10.S1 remote-as 65500 V3
update-source loopback0 *Simplified BGP configuration; would have 4 BGP peers (RR)
address-family l2vpn evpn IGP not shown
send-community both
*
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
2
Building the Overlay Control-Plane
# Features & Globals
feature bgp
feature nv overlay
nv overlay evpn
route-reflector-client V1 V2
# Leaf (V1)
router bgp 65500
router-id 10.10.10.V1
address-family ipv4 unicast
neighbor 10.10.10.S1 remote-as 65500 V3
update-source loopback0 *Simplified BGP configuration; would have 4 BGP peers (RR)
address-family l2vpn evpn IGP not shown
send-community both
*
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
2
Building the Overlay Control-Plane
# Features & Globals
feature bgp
feature nv overlay
nv overlay evpn
route-reflector-client V1 V2
# Leaf (V1)
router bgp 65500
router-id 10.10.10.V1 Send Extended BGP Community
address-family ipv4 unicast to distribute EVPN route attributes V3
neighbor 10.10.10.S1 remote-as 65500
update-source loopback0 *Simplified BGP configuration; would have 4 BGP peers (RR)
address-family l2vpn evpn IGP not shown
send-community both
*
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
Overlay
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Logical Construct of Multi-Tenant VXLAN EVPN
Tenant A (VRF A)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Logical Construct of Multi-Tenant VXLAN EVPN
Tenant A (VRF A)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Logical Construct of Multi-Tenant VXLAN EVPN
Tenant A (VRF A)
SVI SVI SVI
A B N
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Logical Construct of Multi-Tenant VXLAN EVPN
Tenant A (VRF A)
SVI SVI SVI
A B N
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Logical Construct of Multi-Tenant VXLAN EVPN
Tenant A (VRF A)
SVI SVI SVI
A B N
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Logical Construct of Multi-Tenant VXLAN EVPN
Tenant A (VRF A)
SVI SVI SVI SVI
A B N X
• One VLAN maps to one Layer-2 VNI per Layer-2 segment • 1 Layer-3 VNI per Tenant
• A Tenant can have multiple VLANs, therefore multiple (VRF) for routing
Layer-2 VNIs • VNI X’ is used for routed
• Traffic within one Layer-2 VNI is bridged packets
• Traffic between Layer-2 VNI’s is routed
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
3
Define VLAN-VXLAN Mapping
Example VLAN Based CLI
# Features
• CLI offers a simplified method of mapping feature vn-segment-vlan-based
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
3
Define VLAN-VXLAN Mapping
Example VLAN Based CLI
# Features
• CLI offers a simplified method of mapping feature vn-segment-vlan-based
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
3
Define VLAN-VXLAN Mapping
Example VLAN Based CLI
# Features
• CLI offers a simplified method of mapping feature vn-segment-vlan-based
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
3
Define VLAN-VXLAN Mapping
Example VLAN Based CLI
# Features
• CLI offers a simplified method of mapping feature vn-segment-vlan-based
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
3
Port-Local VXLAN-VXLAN Mapping
vlan 3100
vn-segment 31000
▪ Available on N9K from 7.0(3)l1(2) Release vlan 3101
vn-segment 31001
▪ Allows to map the same 802.1Q VLAN tag to vlan 3102
different VNIs on different interfaces of the same leaf vn-segment 31002
node vlan 3103
vn-segment 31003
▪ Current limit is 100 PV mappings per interface, and !
total 1K L2 VNIs per leaf interface Ethernet1/7
switchport mode trunk
VXLAN switchport vlan mapping enable
Underlay
switchport vlan mapping 3000 3100
switchport vlan mapping 3001 3101
switchport trunk allowed vlan 3100,3101
!
interface Ethernet1/8
switchport mode trunk
switchport vlan mapping enable
switchport vlan mapping 3000 3102
switchport vlan mapping 3001 3103
switchport trunk allowed vlan 3102-3103
3001
3000
3001 3000
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
3
Define VLAN-VXLAN Mapping
Example BD Based CLI
Bridge-
Domain
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
3
Define VLAN-VXLAN Mapping
Example BD Based CLI
Bridge-
Domain
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Overlay
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Gateway Functions in VXLAN
VXLAN Routing
VY
VX
V2 V2
V3 V3
V1 V1
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Gateway Functions in VXLAN
VXLAN Routing
Layer-3 Boundary
VY
VX
V2 V2
V3 V3
V1 V1
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Gateway Functions in VXLAN
VXLAN Routing
Layer-3 Boundary
VY
VX
V2 V2
V3 Layer-3 Boundary V3
V1 V1
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Centralized Gateway (FHRP) *
VXLAN Routing
• Inter-VXLAN Routing at V2
Core/Aggregation Layer
• vPC provides MAC state V3
synchronization and HSRP peering
• Redundant VTEPs share Anycast VTEP IP address
in the Underlay V1
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
Distributed IP Anycast Gateway*
VXLAN/EVPN
Host Y
VNI 30001
*Requires EVPN Control-Plane.
Host A
VNI 30000
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Different Integrated Route/Bridge (IRB) Modes
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Routing in VXLAN
Host Y
VLAN VNI 30001
Host A
VNI 30000
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Routing in VXLAN
Host Y
VLAN VNI 30001
Host A
VNI 30000
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Asymmetric IRB
▪ Asymmetric
• Similar to Inter-VLAN routing
• Source and Destination VNIs have to exist
on leaf nodes where routing happens V2
• Post Routing traffic shares destination VNI
with Bridged traffic V3
• Not very suitable for distributed Routing
From Host A via VLAN/VNI “blue” routed
at V1 to VNI “red” reaching destination V1
VLAN “red”
From Host Y via VLAN/VNI “red” routed at Host Y
VLAN 55
V3 to VNI “blue reaching destination VLAN Host A
“blue” VLAN 43
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Asymmetric IRB
▪ Asymmetric
• Similar to Inter-VLAN routing
• Source and Destination VNIs have to exist
on leaf nodes where routing happens V2
• Post Routing traffic shares destination VNI
with Bridged traffic V3
• Not very suitable for distributed Routing
From Host A via VLAN/VNI “blue” routed
at V1 to VNI “red” reaching destination V1
VLAN “red”
From Host Y via VLAN/VNI “red” routed at Host Y
VLAN 55
V3 to VNI “blue reaching destination VLAN Host A
“blue” VLAN 43
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Asymmetric IRB
▪ Asymmetric
• Similar to Inter-VLAN routing
• Source and Destination VNIs have to exist
on leaf nodes where routing happens V2
• Post Routing traffic shares destination VNI
with Bridged traffic V3
• Not very suitable for distributed Routing
From Host A via VLAN/VNI “blue” routed
at V1 to VNI “red” reaching destination V1
VLAN “red”
From Host Y via VLAN/VNI “red” routed at Host Y
VLAN 55
V3 to VNI “blue reaching destination VLAN Host A
“blue” VLAN 43
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Symmetric IRB
▪ Symmetric
• Similar to creating a Transit Segment
• Regardless of where Source or Destination
VNIs exist V2
• Post Routing traffic uses different VNI than
Bridged traffic V3
• Additional VNI for Routing traffic (per VRF)
From Host A via VLAN “blue” routed at V1
to VNI “purple” reaching destination VLAN V1
“red”
From Host Y via VLAN “red” routed at V3 to Host Y
VLAN 55
VNI “purple” reaching destination VLAN Host A
“blue” VLAN 43
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Symmetric IRB
▪ Symmetric
• Similar to creating a Transit Segment
• Regardless of where Source or Destination
VNIs exist V2
• Post Routing traffic uses different VNI than
Bridged traffic V3
• Additional VNI for Routing traffic (per VRF)
From Host A via VLAN “blue” routed at V1
to VNI “purple” reaching destination VLAN V1
“red”
From Host Y via VLAN “red” routed at V3 to Host Y
VLAN 55
VNI “purple” reaching destination VLAN Host A
“blue” VLAN 43
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Symmetric IRB
▪ Symmetric
• Similar to creating a Transit Segment
• Regardless of where Source or Destination
VNIs exist V2
• Post Routing traffic uses different VNI than
Bridged traffic V3
• Additional VNI for Routing traffic (per VRF)
From Host A via VLAN “blue” routed at V1
to VNI “purple” reaching destination VLAN V1
“red”
From Host Y via VLAN “red” routed at V3 to Host Y
VLAN 55
VNI “purple” reaching destination VLAN Host A
“blue” VLAN 43
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Host Subnet Redistribution
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Host Subnet Redistribution
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Asymmetric vs. Symmetric IRB
VXLAN Routing Block Diagram
V1 V3 V1 V3
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Asymmetric vs. Symmetric IRB
VXLAN Routing Block Diagram
Layer-2 VNI
V1 V3 V1 V3
Layer-2 VNI
Layer-2 VNI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Asymmetric vs. Symmetric IRB
VXLAN Routing Block Diagram
V1 V3 V1 V3
Layer-2 VNI
Layer-2 VNI
Layer-2 VNI
Layer-2 VNI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
4
Routing in VXLAN – VRF Routing Instance
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
4
Routing in VXLAN – VRF Routing Instance
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
4
Routing in VXLAN – VRF Routing Instance
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
4
Routing in VXLAN – VRF Routing Instance
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
4
Routing in VXLAN – VRF Routing Instance
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
4
Enable Distributed IP Anycast Gateway*
Configuration Example for “BLUE” (V1 & V3) Configuration Example for “RED” (V1-3)
# Features # Features
feature interface-vlan feature interface-vlan
# Anycast Gateway MAC, inherited by any interface # Anycast Gateway MAC, inherited by any interface
(SVI) using “fabric forwarding” (SVI) using “fabric forwarding”
fabric forwarding anycast-gateway-mac fabric forwarding anycast-gateway-mac
0002.0002.0002 0002.0002.0002
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
4
Routing in VXLAN – Advertise Local IP Subnets
ethernet ethernet
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
4
Routing in VXLAN – Advertise Local IP Subnets
ethernet ethernet
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Overlay
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
5
VXLAN HW Gateway Redundancy (vPC)
Southbound Connectivity
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
5
VXLAN HW Gateway Redundancy (vPC)
Southbound Connectivity
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
5
VXLAN HW Gateway Redundancy (vPC)
Southbound Connectivity
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
5
VXLAN HW Gateway Redundancy (vPC)
Do Not Forget!
# VPC Peer-Link
interface port-channelXX V5
switchport mode trunk
vpc peer-link
V4
# VPC Domain Routing Adjacency*
interface Vlan3999
no shutdown
ip address 10.254.254.1/30
interface loopback0
ip router ospf 1 area 0.0.0.0 ip address 10.10.10.4/32
ip ospf network point-to-point ip address 10.10.10.99/32 secondary
ip pim sparse-mode Host D
VNI 30000
*Best practice on Border Leaf nodes is to enable peering also for each defined VRF (on dedicated SVI interfaces)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
5
VXLAN HW Gateway Redundancy (vPC)
Do Not Forget!
# VPC Peer-Link
interface port-channelXX V5
switchport mode trunk
vpc peer-link
V4
# VPC Domain Routing Adjacency*
interface Vlan3999
no shutdown
ip address 10.254.254.1/30
interface loopback0
ip router ospf 1 area 0.0.0.0 ip address 10.10.10.4/32
ip ospf network point-to-point ip address 10.10.10.99/32 secondary
ip pim sparse-mode Host D
VNI 30000
*Best practice on Border Leaf nodes is to enable peering also for each defined VRF (on dedicated SVI interfaces)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
5
VXLAN HW Gateway Redundancy (vPC)
Do Not Forget!
# VPC Peer-Link
interface port-channelXX V5
switchport mode trunk
vpc peer-link
V4
# VPC Domain Routing Adjacency*
Routed Interface (SVI) for routing
interface Vlan3999 adjacency across VPC Peer-Link
no shutdown
ip address 10.254.254.1/30
interface loopback0
ip router ospf 1 area 0.0.0.0 ip address 10.10.10.4/32
ip ospf network point-to-point ip address 10.10.10.99/32 secondary
ip pim sparse-mode Host D
VNI 30000
*Best practice on Border Leaf nodes is to enable peering also for each defined VRF (on dedicated SVI interfaces)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
Overlay
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
6
VXLAN/EVPN Fabric External Routing
WAN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
6
VXLAN/EVPN Fabric External Routing
VBL
VRF VRF VRF V2
A B C
V3
V1
WAN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
6
VXLAN/EVPN Fabric External Routing
V3
V1
WAN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
6
VXLAN/EVPN Fabric External Routing
V3
Interface-Type Options:
• Physical Routed Ports V1
• Sub-Interfaces
• VLAN SVIs over Trunk Ports
WAN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
6
VXLAN/EVPN Fabric External Routing
V3
Interface-Type Options:
• Physical Routed Ports V1
• Sub-Interfaces
• VLAN SVIs over Trunk Ports Peering Interface can
be in Global or Tenant VRF
WAN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
6
VXLAN/EVPN Fabric External Routing (eBGP)
VXLAN Fabric Side Configuration
# Sub-Interface Configuration
interface Ethernet1/1
no switchport
interface Ethernet1/1.10
mtu 9216
VBL
VRF VRF VRF V2
encapsulation dot1q 10 A B C
vrf member VRF-A
ip address 10.254.254.1/30 V3
# eBGP Configuration
router bgp 65500
…
vrf VRF-A
V1
address-family ipv4 unicast
advertise l2vpn evpn
aggregate-address 10.0.0.0/8 summary-only
neighbor 10.254.254.2 remote-as 65599
update-source Ethernet1/1.10
address-family ipv4 unicast
WAN
Ensure that non-necessary routes are not advertised
towards the External Network
AS# 65599
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
6
VXLAN/EVPN Fabric External Routing (eBGP)
VXLAN Fabric Side Configuration
# Sub-Interface Configuration
interface Ethernet1/1
no switchport
interface Ethernet1/1.10
mtu 9216
VBL
VRF VRF VRF V2
encapsulation dot1q 10 A B C
vrf member VRF-A
ip address 10.254.254.1/30 V3
# eBGP Configuration
router bgp 65500
…
vrf VRF-A
Advertise external learned routes V1
address-family ipv4 unicast into EVPN (Route-Type 5)
advertise l2vpn evpn
aggregate-address 10.0.0.0/8 summary-only
neighbor 10.254.254.2 remote-as 65599
update-source Ethernet1/1.10
address-family ipv4 unicast
WAN
Ensure that non-necessary routes are not advertised
towards the External Network
AS# 65599
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
6
VXLAN/EVPN Fabric External Routing (eBGP)
VXLAN Fabric Side Configuration
# Sub-Interface Configuration
interface Ethernet1/1
no switchport
interface Ethernet1/1.10
mtu 9216
VBL
VRF VRF VRF V2
encapsulation dot1q 10 A B C
vrf member VRF-A
ip address 10.254.254.1/30 V3
# eBGP Configuration
router bgp 65500
…
vrf VRF-A
Advertise external learned routes V1
address-family ipv4 unicast into EVPN (Route-Type 5)
advertise l2vpn evpn
aggregate-address 10.0.0.0/8 summary-only
neighbor 10.254.254.2 remote-as 65599
update-source Ethernet1/1.10
address-family ipv4 unicast
WAN
Advertise an aggregate of the internal prefixes
Ensure that non-necessary routes are not advertised
towards the External Network
AS# 65599
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
6
VXLAN/EVPN Fabric External Routing (eBGP)
VBL
VRF VRF VRF V2
WAN Router Side Configuration A B C
# Interface Configuration
interface Ethernet1/1
V3
vrf member VRF-A
ip address 10.254.254.2/30
# eBGP Configuration V1
router bgp 65599
…
vrf VRF-A
address-family ipv4 unicast
neighbor 10.254.254.1 remote-as 65500
update-source Ethernet1/1
address-family ipv4 unicast WAN
AS# 65599
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
6
VXLAN/EVPN Fabric External Routing (OSPF)
VXLAN Fabric Side Configuration
# Sub-Interface Configuration
interface Ethernet1/1
no switchport
interface Ethernet1/1.10 VBL
VRF VRF VRF V2
mtu 9216
encapsulation dot1q 10 A B C
vrf member VRF-A
ip address 10.254.254.1/30 V3
ip router ospf 1 area 0.0.0.0
ip ospf network point-to-point
# BGP Configuration V1
router bgp 65500
…
address-family l2vpn evpn
retain route-target all
vrf VRF-A
address-family ipv4 unicast
advertise l2vpn evpn
redistribute bgp 100 route-map OSPF-BGP* WAN
Ensure that non-necessary routes are not advertised
towards the External Network
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
6
VXLAN/EVPN Fabric External Routing (OSPF)
VXLAN Fabric Side Configuration
# Sub-Interface Configuration
interface Ethernet1/1
no switchport
interface Ethernet1/1.10 VBL
VRF VRF VRF V2
mtu 9216
encapsulation dot1q 10 A B C
vrf member VRF-A
ip address 10.254.254.1/30 V3
ip router ospf 1 area 0.0.0.0
ip ospf network point-to-point
# BGP Configuration V1
router bgp 65500
…
address-family l2vpn evpn
retain route-target all Advertise external learned routes
vrf VRF-A
address-family ipv4 unicast into EVPN (Route-Type 5)
advertise l2vpn evpn
redistribute bgp 100 route-map OSPF-BGP* WAN
Ensure that non-necessary routes are not advertised
towards the External Network
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
6
VXLAN/EVPN Fabric External Routing (OSPF)
VXLAN Fabric Side Configuration
# Sub-Interface Configuration
interface Ethernet1/1
no switchport
interface Ethernet1/1.10 VBL
VRF VRF VRF V2
mtu 9216
encapsulation dot1q 10 A B C
vrf member VRF-A
ip address 10.254.254.1/30 V3
ip router ospf 1 area 0.0.0.0
ip ospf network point-to-point
# BGP Configuration V1
router bgp 65500
…
address-family l2vpn evpn
retain route-target all Advertise external learned routes
vrf VRF-A
address-family ipv4 unicast into EVPN (Route-Type 5)
advertise l2vpn evpn
redistribute bgp 100 route-map OSPF-BGP* WAN
Ensure that non-necessary routes are not advertised
towards the External Network Redistribute internal prefixes with route-map
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Migrating to
VXLAN EVPN
Converting from vPC
VXLAN Design Considerations
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
VXLAN Design Considerations
VXLAN Mode:
• Flood-and-Learn
• With EVPN control Plane
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
VXLAN Design Considerations
VXLAN Mode:
• Flood-and-Learn
• With EVPN control Plane
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
VXLAN Design Considerations
VXLAN Mode:
• Flood-and-Learn
• With EVPN control Plane
Deployment Scenarios:
• Brown field vs green field
• Investment protection
• Multi-vendor environment?
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
VXLAN Design Considerations
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
VXLAN EVPN Loop Avoidance Considerations
Layer 2
Domain
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 135
VXLAN EVPN Loop Avoidance – Option 1
Single logical
connection to the
external L2 domain
Layer 2
Domain
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 136
VXLAN EVPN Loop Avoidance – Option 2
Single logical
connection to the
external L2 domain
Layer 2
Domain
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 137
Starting Point – Brownfield Network (vPC Based)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
And What About FabricPath?
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
Deployment
Building Small Initial VXLAN EVPN POD
The end goal is to migrate endpoints and network services to the ACI fabric
WAN - Core
WAN - Core
L2
L2 Trunk
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
Endpoints Integration
Mapping VLANs to L2 VNIs
WAN - Core
App1 Web App1 Web App2 Web Greenfield VXLAN EVPN Fabric
App2 Web 10.20.20.11
10.10.10.10 10.10.10.11 10.20.20.10
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 142
Endpoints Integration
Use Case 1: VLAN == VNI
L2
App1 Web App1 Web
Broadcast
10.10.10.10 10.10.10.11 Domain
L2
App1 Web App1 Web Broadcast
10.20.20.10 10.20.20.11 Domain
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 143
Endpoints Integration
Use Case 1: VLAN == VNI
VLAN 10
Map VLAN10/L2 VNI1
VLAN 10 VLAN 20 VLAN 20
Web1
App1 Web App1 Web
10.10.10.10 10.10.10.11
Web2
App1 Web App1 Web
10.20.20.10 10.20.20.11
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 144
Endpoints Migration
1 - Single VCenter Server Scenario
WAN - Core
Greenfield VXLAN EVPN Fabric
L3
L2
Compute
Clusters
100.1.1.3
VM VM
100.1.1.99
VM
100.1.1.7
VM VM
Compute
ClusterBD
VM VM
Existing
VM
VM
App New Compute
Mgmt Cluster Clusters
DVS
vCenter Managed
DVS
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 145
Endpoints Migration
1 - Single VCenter Server Scenario
1.1 Connect the new ESXi hosts to the vCenter managed DVS
WAN - Core
L3
L2
100.1.1.3
VM VM
100.1.1.99
VM
100.1.1.7
VM VM
BD
VM VM
Existing
VM
VM
App
DVS
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 146
Endpoints Migration
1 - Single VCenter Server Scenario
VM VM
100.1.1.3
VM VM
100.1.1.99 100.1.1.7
VM VM
BD
VM VM
Existing
VM
App
DVS
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 147
Endpoints Migration
2 – Multiple VCenter Servers Scenario
WAN - Core
Greenfield VXLAN EVPN Fabric
L3
L2
Compute
Clusters
100.1.1.3
VM VM
100.1.1.99
VM
100.1.1.7
VM VM
Compute
ClusterBD Mgmt Cluster
VM VM
Existing vCenter2
VM
VM
App New Compute
Mgmt Cluster Clusters
DVS
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 148
Endpoints Migration
2 – Multiple VCenter Servers Scenario
L3
L2
100.1.1.3
VM VM
100.1.1.99
VM
100.1.1.7
VM VM
BD
VM VM
Existing
VM
VM
App
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 149
Endpoints Migration
2 – Multiple VCenter Servers Scenario
VM VM
100.1.1.3
VM VM
100.1.1.99
VM
100.1.1.7
VM VM VM
BD
VM VM
Existing
VM
VM
App
HSRP
Default GW
▪ L2 path between the two networks leveraged by migrated hosts to reach the default gateway
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 151
Default Gateway Considerations
HSRP
Default GW
▪ L2 path between the two networks leveraged by migrated hosts to reach the default gateway
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 151
Migrate Default Gateway to the VXLAN Fabric
WAN - Core
Greenfield VXLAN EVPN Fabric
Anycast Default
Gateway
L3 L3
L2 L2
VLAN 10 VLAN 20
10.10.10.11 10.20.20.11
10.10.10.10 10.20.20.10
Any IP - Anywhere
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 152
Migration
Routing Between Brownfield and Greenfield
L3 Routing
HSRP
Default GW
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 153
Migration
Routing Between Brownfield and Greenfield
WAN - Core
Greenfield VXLAN EVPN Fabric
Default Gateway for L3 Links
VLAN 30
L3
L2
L3
L2
VLAN 30
10.10.10.11
VLAN 30 NOT carried
on the vPC connection
10.30.30.10
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 154
Moving L4-L7 Services
Migrating Network Services
Example of Firewall Services Migration
Starting point:
Active/Standby FW nodes
(routed mode*) connected to
the Aggregation layer
switches
WAN - Core Greenfield VXLAN EVPN Fabric
Active Standby
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 156
Migrating Network Services
Move the Standby Node to the VXLAN Fabric
FW Keepalives and
state synchronization
Standby
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 157
Migrating Network Services
Disconnect the Active Node from the Brownfield Network
Active
FW activated on the
VXLAN fabric
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 158
Migrating Network Services
Both Firewall Nodes Connected to the VXLAN Fabric
WAN - Core
Greenfield VXLAN EVPN Fabric
Standby Active
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 159
Interconnecting
Multiple Sites
VXLAN and DCI
Overlays Evolve and Spread
DC Local Overlay
SS SS SS SS
S S S S S S S S
L L L L .... L L L L L .... L
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 162
Overlays Evolve and Spread
DC Local Overlay
End-to-End Overlay
SS SS SS SS
S S S S S S S S
L L L L .... L L L L L .... L
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 162
Overlays Evolve and Spread
DC Local Overlay
End-to-End Overlay
SS SS SS SS
S S S S S S S S
L L L L .... L L L L L .... L
Single Logical Data Center
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 162
Changing the Paradigm with Overlays
DC Local Overlay
SS SS SS SS
S S S S S S S S
L L L L .... L L L L L .... L
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 163
Changing the Paradigm with Overlays
DC Local Overlay
Multi-Site Overlay
SS SS SS SS
S S S S S S S S
L L L L .... L L L L L .... L
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 163
Changing the Paradigm with Overlays
DC Local Overlay
Multi-Site Overlay
SS SS SS SS
S S S S S S S S
L L L L .... L L L L L .... L
Multiple Logical Data Center
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 163
VXLAN Evolves as the Control Plane Evolves!
Early Years
Yet Another Encapsulation
▪ Flood & Learn (Multicast-based)
▪ Data-Plane only
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 164
VXLAN Evolves as the Control Plane Evolves!
Early Years
Yet Another Encapsulation
▪ Flood & Learn (Multicast-based)
▪ Data-Plane only Yesterday
VXLAN for the Data Center – Intra-DC
▪ Control-Plane
▪ Active VTEP Discovery
▪ Multicast and Unicast
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 164
VXLAN Evolves as the Control Plane Evolves!
Early Years
Yet Another Encapsulation
▪ Flood & Learn (Multicast-based)
▪ Data-Plane only Yesterday
VXLAN for the Data Center – Intra-DC
▪ Control-Plane
▪ Active VTEP Discovery
Today
▪ Multicast and Unicast
VXLAN for DCI – Inter-DC
▪ DCI Ready
▪ ARP/ND caching/suppress
▪ Multi-Homing
▪ Failure Domain Isolation
▪ Loop Protection
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 164
Inter-X Connectivity
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 165
Inter-X Connectivity
VXLAN Multi-Pod
EVPN Control-
Fabric #1 BGP EVPN EVPN Control-
Fabric #2
Plane Domain 1 Plane Domain 2
Overlay Overlay
VTE VTE VTE VTE VTE VTE VTE VTE
P P P P P P P P
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 165
Inter-X Connectivity
EVPN Control-
Fabric #1 BGP EVPN EVPN Control-
Fabric #2 EVPNFabric
Control-Plane
#1 EVPNFabric
Control-Plane
#2
Plane Domain 1 Plane Domain 2 Domain 1 Domain 2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 165
Inter-X Connectivity
▪ Single Fabric with End-to- ▪ Multiple Fabrics – Normalized ▪ Multiple Fabrics with
End Encapsulation through Ethernet Integrated DCI (DCI2)
▪ Build Hierarchy in the ▪ Multiple Fabrics Interconnect ▪ Integrated DCI – Scaling
Underlay – Flatten it in the using DCI (Layer 2 and Layer 3) within and between
Overlay Fabrics
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 165
VXLAN EVPN – Multi-Pod
Underlay Extension
VTEP VTEP VTEP VTEP
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Pod 1 Pod n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 166
Multi-Pod Characteristics – ”The Single”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 167
Multi-Pod Characteristics – ”The Single”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 167
Multi-Pod End-to-End Encapsulation
Underlay Extension
VTEP VTEP VTEP VTEP
VTEP VTEP
10.1.1.1
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
10.2.2.7
VTEP
Pod 1 Pod n
Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 168
Multi-Pod End-to-End Encapsulation
Underlay Extension
VTEP VTEP VTEP VTEP
VTEP VTEP
10.1.1.1
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
10.2.2.7
VTEP
Unicast
Pod 1 Pod n
Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 168
Multi-Pod End-to-End Encapsulation
Underlay Extension
VTEP VTEP VTEP VTEP
VTEP VTEP
10.1.1.1
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
10.2.2.7
VTEP
Unicast
Pod 1 Pod n
Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 168
Multi-Pod End-to-End Encapsulation
Underlay Extension
VTEP VTEP VTEP VTEP
VTEP VTEP
10.1.1.1
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
10.2.2.7
VTEP
Unicast
Pod 1 Pod n
Baremetal Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 168
Multi-Pod VXLAN Tunnel Adjacencies
Underlay Extension
VTEP VTEP VTEP VTEP
Pod 1 Pod n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 169
Multi-Pod VXLAN Tunnel Adjacencies
Underlay Extension
VTEP VTEP VTEP VTEP
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 169
Multi-Pod Underlay Extension
Underlay Extension
VTEP VTEP VTEP VTEP
VTEP VTEP
10.1.1.1
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
10.2.2.7
VTEP
Pod 1 Pod 2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 170
Multi-Pod Underlay Extension
POD1 Underlay Routing Table POD2 Underlay Routing Table
VTEP VTEP
10.1.1.1
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
10.2.2.7
VTEP
Pod 1 Pod 2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 170
Multi-Pod BUM Replication
Underlay Extension
VTEP VTEP VTEP VTEP
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Pod 1 Pod 2
Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 171
Multi-Pod BUM Replication
Underlay Extension
VTEP VTEP VTEP VTEP
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
BUM
Pod 1 Pod 2
Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 171
Multi-Pod BUM Replication
Underlay Extension
VTEP VTEP VTEP VTEP
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
BUM
Pod 1 Pod 2
Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 171
Multi-Pod BUM Replication
Underlay Extension
VTEP VTEP VTEP VTEP
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
BUM
Pod 1 Pod 2
Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 171
Multi-Pod BUM Replication
Underlay Extension
VTEP VTEP VTEP VTEP
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
BUM
Pod 1 Pod 2
Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 171
Multi-Pod Challenges – ”The Single”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
Multi-Pod Challenges – ”The Single”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
Multi-Pod Challenges – ”The Single”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
Multi-Pod Challenges – ”The Single”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
Multi-Pod Challenges – ”The Single”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
VXLAN Multi-Site
Functional Components https://tools.ietf.org/html/draft-sharma-multi-site-evpn
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Site 1 Site n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 173
VXLAN Multi-Site
Functional Components https://tools.ietf.org/html/draft-sharma-multi-site-evpn
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Site-Internal Fabric
Site 1 (Common VXLAN and Site n
BGP-EVPN Functions)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 173
VXLAN Multi-Site
Functional Components https://tools.ietf.org/html/draft-sharma-multi-site-evpn
Site-External DCI
(IP Routing and Increased
MTU Support)
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Site-Internal Fabric
Site 1 (Common VXLAN and Site n
BGP-EVPN Functions)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 173
VXLAN Multi-Site
Functional Components https://tools.ietf.org/html/draft-sharma-multi-site-evpn
Site-External DCI
(IP Routing and Increased
Border Gateways MTU Support)
(Key Functional Components of
VXLAN Multi-Site Architecture)
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Site-Internal Fabric
Site 1 (Common VXLAN and Site n
BGP-EVPN Functions)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 173
VXLAN Multi-Site Characteristics
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 174
VXLAN Multi-Site Characteristics
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 174
VXLAN Multi-Site
Main Use Cases
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 175
VXLAN Multi-Site
Main Use Cases
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 175
VXLAN Multi-Site
Main Use Cases
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 175
VXLAN Multi-Site
Main Use Cases
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 175
VXLAN Multi-Site
Underlay Isolation
VTEP VTEP
10.1.1.1
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
10.2.2.7
VTEP
Site 1 Site n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 176
VXLAN Multi-Site
Underlay Isolation
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 176
VXLAN Multi-Site Inter-Site Network
Underlay Isolation Routing Table
Border Site1: Border Site2:
10.1.1.101 10.2.2.101
10.1.1.102 10.2.2.102
10.1.1.111 10.2.2.222
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 176
VXLAN Multi-Site
Introducing the Border Gateway
Overlay Multi-Site
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Site 1 Site n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 177
VXLAN Multi-Site
Introducing the Border Gateway
Overlay Multi-Site
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Site 1 Site n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 177
VXLAN Multi-Site
Introducing the Border Gateway
Overlay Multi-Site
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Site 1 Site n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 177
VXLAN Multi-Site
Introducing the Border Gateway
Overlay Multi-Site
Any VTEP
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Site 1 Site n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 177
Multi-Site – VXLAN Tunnel Adjacencies
Overlay Multi-Site
Site 1 Site n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 178
Multi-Site – VXLAN Tunnel Adjacencies
Overlay Multi-Site
Layer-3
Network
BGW BGW BGW BGW BGW BGW BGW BGW BGW BGW
Site 1 Site 2 Site n
Spine Spine Spine Spine Spine Spine
Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 179
Border Gateway Between Spine and Super-Spine
Super-Spine Super-Spine
BGW BGW BGW BGW BGW BGW BGW BGW BGW BGW
Site 1 Site 2 Site n
Spine Spine Spine Spine Spine Spine
Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 180
Border Gateway on Spine
Super-Spine Super-Spine
BGW BGW BGW BGW BGW BGW BGW BGW BGW BGW
Spine Spine Spine Spine Spine Spine Spine Spine Spine Spine
Site 1 Site 2 Site n
Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 181
Border Gateway Back-to-Back
Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf Leaf
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 182
VXLAN Multi-Site
Border Gateways Deployment Considerations
▪ Border Gateways used for two main functions: Anycast Border Gateways
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 183
VXLAN Multi-Site
Anycast Border Gateway (1)
Anycast Border Gateway
▪ Up to 4 Border Gateways
Multi-Site VIP
10.1.1.111 ▪ Border Gateway Support
Site 1
• Layer-2 VNI: 30010
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 185
VXLAN Multi-Site
Anycast Border Gateway (3)
External
Connectivity Anycast Border Gateway
Point-to-Point L3 Links
(Physical/Sub-Interfaces) ▪ Single-Homed End-Points only connected with
L3 links
• Services Appliance (i.e. Firewall, ADC etc.)
BGW BGW BGW BGW
VTEP
PIP-BGW1
VTEP
PIP-BGW2
VTEP
PIP-BGW3
VTEP
PIP-BGW4
• External routers
10.1.1.101 10.1.1.102 10.1.1.103 10.1.1.104
• No SVI support on BGW nodes
.1 .1
▪ Advertised and Reachable through Individual
Point-to-Point L3 Links
Primary IP Address (PIP)
Point-to-Point L3 Links
(Physical/Sub-Interfaces)
ADC ADC
• Intra-Site: Leaf nodes use PIP to reach the device
ADC ADC
connected to Border Gateways
0000.3010.1101 0000.3010.1102
192.168.10.101 192.168.10.102 • Inter-Site: Remote Border Gateways use PIP to
reach the device connected to Border Gateways
VTEP
Site 1
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 186
Anycast BGW vs. VPC Border Gateway
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 187
VXLAN Multi-Site
VPC Border Gateway and Transit Traffic
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 188
VXLAN Multi-Site
VPC Border Gateway and Locally Attached End-Points
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 189
VXLAN Multi-Site
VPC Border Gateway and Designated BUM Forwarder
Site 1
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 190
VXLAN Multi-Site
BUM Traffic Forwarding
Overlay Multi-Site
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Site 1 Site n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 191
VXLAN Multi-Site
BUM Traffic Forwarding
Overlay Multi-Site
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
BUM
Site 1 Site n
Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 191
VXLAN Multi-Site
BUM Traffic Forwarding
Overlay Multi-Site
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
BUM
Site 1 Site n
Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 191
VXLAN Multi-Site
BUM Traffic Forwarding
Overlay Multi-Site
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
BUM
Site 1 Site n
Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 191
VXLAN Multi-Site
BUM Replication Modes (Multicast Intra-Site)
Overlay Multi-Site
Ingress Replication
Multicast Multicast
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Site 1 Site n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 192
VXLAN Multi-Site
BUM Replication Modes (Ingress Replication Only)
Overlay Multi-Site
Ingress Replication
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Site 1 Site n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 193
VXLAN Multi-Site
BUM Replication Modes (Mixed Mode Intra-Site)
Overlay Multi-Site
Ingress Replication
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Site 1 Site n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 194
VXLAN Multi-Site
BUM Traffic Policing
Overlay Multi-Site
Storm Control
VTEP VTEP Broadcast 0-100% VTEP VTEP
BGW BGW
Unknown Unicast 0-100% BGW BGW
Multicast 0-100%
Spine Overlay Site 1
Spine Spine Spine Spine Overlay Site n
Spine Spine Spine
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
BUM
Site 1 Site n
Baremetal
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 195
VXLAN Multi-Site
Connectivity to the External Layer 3 Domain
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 196
VXLAN Multi-Site
Border Gateways and VRF-Lite to External Routers
External
VRF-AVRF-B VRF-C ▪ Separate IPv4/IPv6 routing peering for
Connectivity each VRF established with the
Site-External
Site 1
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 197
VXLAN Multi-Site
Border Gateways and VRF-Lite to External Routers
Dedicated physical
interfaces / sub-
interfaces for each VRF External
VRF-AVRF-B VRF-C ▪ Separate IPv4/IPv6 routing peering for
Connectivity each VRF established with the
Site-External
Site 1
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 197
VXLAN Multi-Site
Border Gateways and VRF-Lite to External Routers
Site 1
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 197
VXLAN Multi-Site
Border Gateway and Shared Border (aka ‘GOLF’)
Overlay
▪ Same spine uplinks used for all
VXLAN encapsulated traffic (North-
South and East-West)
BGW BGW BGW BGW ▪ Required because of the use of DCI link
VTEP VTEP VTEP VTEP
tracking
Site-Internal
Overlay
▪ Same spine uplinks used for all
VXLAN encapsulated traffic (North-
South and East-West)
BGW BGW BGW BGW ▪ Required because of the use of DCI link
VTEP VTEP VTEP VTEP
tracking
Site-Internal
Overlay
▪ Same spine uplinks used for all
VXLAN encapsulated traffic (North-
South and East-West)
BGW BGW BGW BGW ▪ Required because of the use of DCI link
VTEP VTEP VTEP VTEP
tracking
Site-Internal
Overlay
▪ Same spine uplinks used for all
VXLAN encapsulated traffic (North-
South and East-West)
BGW BGW BGW BGW ▪ Required because of the use of DCI link
VTEP VTEP VTEP VTEP
tracking
Site-Internal
Overlay
▪ Same spine uplinks used for all
VXLAN encapsulated traffic (North-
South and East-West)
BGW BGW BGW BGW
VXLAN Data Plane
▪ Required because of the use of DCI link
VTEP VTEP VTEP VTEP
between BGW and WAN tracking
Edge Router
Site-Internal
BGW
BGW BGW
BGW BGW
BGW BGW
BGW
BGW BGW
L2
L2
L2
L2
Legacy
infrastructure offers
only L2 services
L3 VTEP VTEP VTEP VTEP VTEP VTEP VTEP
L2
Pair of Pseudo-BGWs
Pair of Pseudo-BGWs (EX/FX Switches)
(EX/FX Switches) BGW BGW
▪ A pair of Pseudo-BGWs inserted in each legacy site to extend Layer-2 and Layer-
3 connectivity between sites
• Replacement of traditional DCI technologies (EoMPLS, VPLS, OTV, …)
▪ Slowly phase out the legacy networks and replace them with VXLAN EVPN fabrics
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 201
VXLAN Multi-Site and Legacy Site Integration
Starting from Legacy Networks Only (2)
Convert the nodes to
Convert the nodes to full BGWs functions
full BGWs functions
VTEP VTEP VTEP VTEP
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 202
VXLAN Multi-Site and Legacy Site Integration
Starting from Legacy Networks Only (3)
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
▪ Decommission the legacy networks and leave only the VXLAN EVPN
fabrics in place
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 203
VXLAN EVPN – Multi-Site
Multi-Site Core
• Border Gateway (BGW) to Border Gateway (BGW)
reachability required
• Reachability Back-to-Back (full-mesh) or via Layer-3
transport network
• Any Routing Protocol for BG reachability No Underlay Extension
• IPv4 Unicast Transport
VTEP
(Ingress
VTEP
Replication) VTEP VTEP
• BGP full-mesh or Route-Server (eBGP ”Route Reflector”)
for Overlay Control-Plane
VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP VTEP
Site 1 Site n
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 204
VXLAN EVPN – Multi-Site
Multi-Site Core
• Border Gateway (BGW) to Border Gateway (BGW)
reachability required
• Reachability Back-to-Back (full-mesh) or via Layer-3
transport network
• Any Routing Protocol for BG reachability No Underlay Extension
• IPv4 Unicast Transport
VTEP
(Ingress
VTEP
Replication) VTEP VTEP
• BGP full-mesh or Route-Server (eBGP ”Route Reflector”)
for Overlay Control-Plane Multi-Site Border Gateway (BGW):
• Seamless insertion into existing VXLAN EVPN Fabrics
Spine Spine Spine Spine
(Border Gateways require Nexus 9x00-EX/-FX)Spine Spine Spine Spine
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 204
Multi-Site Advantages – ”The Multiple”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 205
Multi-Site Advantages – ”The Multiple”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 205
Multi-Site Advantages – ”The Multiple”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 205
Multi-Site Advantages – ”The Multiple”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 205
Multi-Site Advantages – ”The Multiple”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 205
Inter-X Connectivity
Broadcast Suppression/Limit
no yes yes
(DCI)
Layer-2 Loop Prevention Loop mitigation (Edge Protection) VPC at Border Loop mitigation (At DCI)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 206
Virtual Peer Link
(vPC) Update
Traditional vPC Recap
vPC Domain
Peer Keepalive
vPC
Server Server
Server
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 208
vPC for VXLAN and VXLAN EVPN
Spine Spine
Server Server
Server
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 209
vPC for VXLAN and VXLAN EVPN
Spine Spine
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 209
vPC for VXLAN and VXLAN EVPN
Spine Spine
vPC1 vPC2
Server Server
Server
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 210
vPC for VXLAN EVPN
Spine Spine
vPC1 vPC2
Subnet X Subnet Y
192.168.11.0/24 192.168.12.0/24
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 211
vPC for VXLAN EVPN (advertise-pip)
Spine Spine
Subnet X Subnet Y
192.168.11.0/24 192.168.12.0/24
Server Server
Server
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 212
vPC for VXLAN EVPN (advertise-pip)
Spine Spine
Subnet X Subnet Y
192.168.11.0/24 192.168.12.0/24
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 212
vPC without Peer-Link for (vPC2) VXLAN EVPN
Spine Spine
vPC1 vPC2
Orphan Port Orphan Port
Peer Keepalive
vPC
Server Server
Server
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 213
vPC without Peer-Link for (vPC2) VXLAN EVPN
Spine Spine
vPC1 vPC2
Orphan Port Orphan Port
Peer Keepalive
vPC
Server Server
Server
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 213
vPC without Peer-Link for (vPC2) VXLAN EVPN
Spine Spine
Virtual Peer Link over Fabric (Layer-3)
Virtual Peer Link
• Uses Spines for Redundancy, Resiliency
and Performance
• Doesn’t use VTEP IP address (loopback)
vPC1 vPC2
Orphan Port Orphan Port
Peer Keepalive
vPC
Server Server
Server
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 213
vPC without Peer-Link for (vPC2) VXLAN EVPN
Spine Spine
Virtual Peer Link over Fabric (Layer-3)
Virtual Peer Link
• Uses Spines for Redundancy, Resiliency
and Performance
• Doesn’t use VTEP IP address (loopback)
vPC1 vPC2
Orphan Port Orphan Port
Peer Keepalive
vPC
Server
Peer Keepalive remains Server
• Out-of-Band (mgmt0 or dedicated link)*
• In-Band (dedicated Loopback)
Server
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 213
vPC without Peer-Link for (vPC2) VXLAN EVPN
Spine Spine
vPC1 vPC2
Peer Keepalive
vPC
Server Server
Server
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 214
vPC without Peer-Link for (vPC2) VXLAN EVPN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 215
VXLAN Tenant
Routed Multicast
(TRM)
Same Subnet Forwarding no IGMP Snooping
Traditional Forwarding in VXLAN Overlays
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100
R Spine
TOR3 TOR4
Leaf Leaf
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 217
Same Subnet Forwarding no IGMP Snooping
Traditional Forwarding in VXLAN Overlays
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100
R Spine
TOR3 TOR4
Leaf Leaf
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 217
Same Subnet Forwarding no IGMP Snooping
Traditional Forwarding in VXLAN Overlays
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100
R Spine
TOR3 TOR4
Leaf Leaf
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 217
Same Subnet Forwarding no IGMP Snooping
Traditional Forwarding in VXLAN Overlays
R Spine
TOR3 TOR4
Leaf Leaf
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 217
Same Subnet Forwarding with IGMP Snooping
Traditional Forwarding in VXLAN Overlays
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100
R Spine
RCVR-11
Leaf Leaf
10.10.10.11
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 218
Same Subnet Forwarding with IGMP Snooping
Traditional Forwarding in VXLAN Overlays
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100
R Spine
RCVR-11
Leaf Leaf
10.10.10.11
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 218
Same Subnet Forwarding with IGMP Snooping
Traditional Forwarding in VXLAN Overlays
RCVR-11
Leaf Leaf
10.10.10.11
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 218
Different Subnet Forwarding – Router on-a-Stick
Traditional Forwarding in VXLAN Overlays
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10 10.10.10.254
10.10.10.100 10.20.20.254
Spine
Spine
R
TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
10.20.20.21
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 219
Different Subnet Forwarding – Router on-a-Stick
Traditional Forwarding in VXLAN Overlays
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10 10.10.10.254
10.10.10.100 10.20.20.254
Spine
Spine
R
TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
10.20.20.21
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 219
Different Subnet Forwarding – Router on-a-Stick
Traditional Forwarding in VXLAN Overlays
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10 10.10.10.254
10.10.10.100 10.20.20.254
Spine
Spine
R
TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
10.20.20.21
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 220
Different Subnet Forwarding – Router on-a-Stick
Traditional Forwarding in VXLAN Overlays
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10 10.10.10.254
10.10.10.100 10.20.20.254
Spine
Spine
R
TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
10.20.20.21
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 221
Different Subnet Forwarding – Router on-a-Stick
Traditional Forwarding in VXLAN Overlays
Spine
Spine
R
TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
10.20.20.21
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 221
Functional Components
Tenant Routed Multicast (TRM)
Spine Spine
Site-External DCI
(IP Routing and Increased
MTU Support)
VXLAN EVPN
DR DR DR DR
Spine Spine
Site-External DCI
(IP Routing and Increased
Underlay:
MTU Support)
• PIM-based Underlay Transport (PIM ASM)
• Separate Multicast Groups from Layer-2 VNI
VXLAN EVPN
• Leveraging same redundant Underlay Rendezvous-
Point (i.e. PIM Anycast-RP)
• Single Packet in Core
VTEP VTEP VTEP VTEP
DR DR DR DR
Spine Spine
Site-External DCI
(IP Routing and Increased
Underlay:
MTU Support)
• PIM-based Underlay Transport (PIM ASM)
• Separate Multicast Groups from Layer-2 VNI
VXLAN EVPN
• Leveraging same redundant Underlay Rendezvous-
Point (i.e. PIM Anycast-RP)
• Single Packet in Core
Overlay:
VTEP VTEP VTEP VTEP
• BGP-based Control-Plane using ngMVPN (Next-
DR DR DR DR
Generation Multicast VPN)
• Using existing BGP Route-Reflector
• Rendezvous-Point-less
• Efficient Single Copy in Multicast Underlay
• Always-Route approach (per-VLAN config)
Baremetal Baremetal Baremetal • Distributed Anycast Designated Router (DR)
Baremetal Baremetal
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100
R Spine
RCVR-11
Leaf Leaf
10.10.10.11
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 223
Same Subnet Forwarding w/IGMP Snooping
TRM Forwarding (Layer-2 Only Mode)
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100
R Spine
RCVR-11
Leaf Leaf
10.10.10.11
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 223
Same Subnet Forwarding w/IGMP Snooping
TRM Forwarding (Layer-2 Only Mode)
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100
R Spine
RCVR-11
Leaf Leaf
10.10.10.11
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 223
Same Subnet Forwarding w/IGMP Snooping
TRM Forwarding (Layer-2 Only Mode)
R Spine
RCVR-11
Leaf Leaf
10.10.10.11
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 223
Different Subnet Forwarding
TRM Forwarding (Layer-3 Mode)
TOR1 TOR2
Leaf Leaf
Spine
TOR3 TOR4
Leaf Leaf
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 224
Different Subnet Forwarding
TRM Forwarding (Layer-3 Mode)
TOR1 TOR2
Leaf Leaf
Spine
TOR3 TOR4
Leaf Leaf
VXLAN EVPN
VLAN 101 (Green) VLAN 101 (Green)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 224
Different and Same Subnet Forwarding
TRM Forwarding (Layer-3 Mode)
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100
R
Spine
RCVR
RCVR-20 Spine
10.20.20.20 R
R TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
RCVR
10.20.20.21
RCVR-10
10.10.10.10
VXLAN EVPN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 225
Different and Same Subnet Forwarding
TRM Forwarding (Layer-3 Mode)
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100
R
Spine
RCVR
RCVR-20 Spine
10.20.20.20 R
R TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
RCVR
10.20.20.21
RCVR-10
10.10.10.10
VXLAN EVPN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 225
Different and Same Subnet Forwarding
TRM Forwarding (Layer-3 Mode)
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100
R
Spine
L3VNI 50001
RCVR
RCVR-20 Spine
10.20.20.20 R
R TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
RCVR
10.20.20.21
RCVR-10
10.10.10.10
VXLAN EVPN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 225
Different and Same Subnet Forwarding
TRM Forwarding (Layer-3 Mode)
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100
R
Spine
L3VNI 50001
RCVR
RCVR-20 Spine
10.20.20.20 R
R TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
RCVR
10.20.20.21
RCVR-10
10.10.10.10
VXLAN EVPN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 225
Different and Same Subnet Forwarding
TRM Forwarding (Layer-3 Mode)
R
Spine
L3VNI 50001
RCVR
RCVR-20 Spine
10.20.20.20 R
R TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
RCVR
10.20.20.21
RCVR-10
10.10.10.10
VXLAN EVPN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 225
Local and Remote Forwarding
TRM Forwarding (Layer-3 Mode)
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100
R
Spine
L3VNI 50001
RCVR
RCVR-20 Spine
10.20.20.20 R
R TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
RCVR
10.20.20.21
RCVR-10
10.10.10.10
VXLAN EVPN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 226
Local and Remote Forwarding
TRM Forwarding (Layer-3 Mode)
S
SRC
TOR1 TOR2
SRC-10 Leaf Leaf
224.10.10.10
10.10.10.100 TTL Decrement
RCVR-20 Spine
10.20.20.20 R
R TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
RCVR
10.20.20.21
RCVR-10
10.10.10.10
VXLAN EVPN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 226
Local and Remote Forwarding
TRM Forwarding (Layer-3 Mode)
RCVR-20 Spine
10.20.20.20 R
R TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
RCVR
10.20.20.21
RCVR-10
10.10.10.10
VXLAN EVPN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 226
Local and Remote Forwarding
TRM Forwarding (Layer-3 Mode)
RCVR-20 Spine
10.20.20.20 R
R TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
RCVR
10.20.20.21
RCVR-10
10.10.10.10
VXLAN EVPN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 226
Local and Remote Forwarding
TRM Forwarding (Layer-3 Mode)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 226
Overlay Rendezvous Point
TRM Forwarding (Layer-3 Mode)
• RP-less
S
• Distributed Anycast RP (NGMVPN-based)
SRC
TOR1 • ShortestTOR2
Path Tress (SPT only)
SRC-10
224.10.10.10
Leaf
• Requires per-Tenant
Leaf
Loopback, Multicast
10.10.10.100 TTL Decrement enabled
• External RP
R TTL Decrement Spine
RCVR-20
10.20.20.20
Spine
• Requires External PIM-based RP
R
R TOR3 TOR4 RCVR
RCVR-21
Leaf Leaf
RCVR
10.20.20.21
RCVR-10
10.10.10.10
VXLAN EVPN
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 227
Matthias Wessendorf
NX-OS Technical Marketing Engineer
Programmability
Extensibility: Guest
Shell and Docker
Securely Run Custom On-Box Linux Apps
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Securely Run Custom On-Box Linux Apps
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Securely Run Custom On-Box Linux Apps
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Securely Run Custom On-Box Linux Apps
Open-Source
Apps
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Securely Run Custom On-Box Linux Apps
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Securely Run Custom On-Box Linux Apps
$ dohost
NX-OS Guest Shell: Secure Linux Container 64
JSON Bit
CLI
Open-Source Your Custom Apps
Apps (C, Python, Go…)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Securely Run Custom On-Box Linux Apps
$ dohost
NX-OS Guest Shell: Secure Linux Container 64
JSON Bit
CLI
Open-Source Your Custom Apps
bootflash: Apps (C, Python, Go…)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Securely Run Custom On-Box Linux Apps
$ dohost
NX-OS Guest Shell: Secure Linux Container 64
JSON Bit
CLI
Open-Source Your Custom Apps
bootflash: Apps (C, Python, Go…)
Network
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Linux → NX-OS Network Synchronization
interface Ethernet1/49
mtu 9216
ip address 10.0.1.2/30
no shutdown
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 231
Linux → NX-OS Network Synchronization
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 231
Linux → NX-OS Network Synchronization
switch# sh vrf
VRF-Name VRF-ID State
default 1 Up --
management 2 Up --
vpn1 3 Up --
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 231
Linux → NX-OS Network Synchronization
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 231
Richly Populated Repositories for 3rd Party Apps
switch# guestshell
[guestshell@guestshell ~]$ cd /etc/yum.repos.d/
[guestshell@guestshell yum.repos.d]$ ls -l
total 15
-rw-r--r-- 1 root root 1664 Nov 3 19:25 CentOS-Base.repo
-rw-r--r-- 1 root root 1309 Nov 3 19:25 CentOS-CR.repo
-rw-r--r-- 1 root root 649 Nov 3 19:25 CentOS-Debuginfo.repo
-rw-r--r-- 1 root root 1331 Nov 3 19:25 CentOS-Sources.repo
[guestshell@guestshell yum.repos.d]$
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 232
The Guest Shell is Secure
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 233
The Guest Shell is Secure
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 233
The Guest Shell is Secure
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 233
The Guest Shell is Secure
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 233
The Guest Shell is Secure
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 233
The Guest Shell is Secure
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 233
Linux Apps Can Interact with the External World
Nexus 9K
Your Custom Applications Existing 3rd Party Linux
(Python, C++ etc.) Applications
NX-OS CLI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 234
Docker Engine
Startimg NX-OS 9.2(1) – July 2018
Nexus 9K
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 235
Docker Engine
Startimg NX-OS 9.2(1) – July 2018
Nexus 9K
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 235
Docker Engine
Startimg NX-OS 9.2(1) – July 2018
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 235
Standardization, Flexibility, and Efficiency
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 236
What Apps are Interesting to Host on N9K?
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 237
What Apps are Interesting to Host on N9K?
• Monitoring agents
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 237
What Apps are Interesting to Host on N9K?
• Monitoring agents
• Open-source agents: OpenTSDB,
Ganglia, Nagios, etc.
Monitor both standard Linux
components (CPU, memory,
interface counters), and NX-OS
(routes, buffers,...)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 237
What Apps are Interesting to Host on N9K?
• Monitoring agents
• Open-source agents: OpenTSDB,
Ganglia, Nagios, etc.
Monitor both standard Linux
components (CPU, memory,
interface counters), and NX-OS
(routes, buffers,...)
• Custom agents: ECMP load
balancing, PTP accuracy…
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 237
What Apps are Interesting to Host on N9K?
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 237
What Apps are Interesting to Host on N9K?
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 237
What Apps are Interesting to Host on N9K?
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 237
What Apps are Interesting to Host on N9K?
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 237
What Apps are Interesting to Host on N9K?
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 237
Automation
Management Server
NX-SDK APIs
NX-OS Infra
(CLI Mgr, Syslog Mgr, ...) CLI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 239
Telnet
or
Management Server SSH
NX-SDK APIs
NX-OS Infra
(CLI Mgr, Syslog Mgr, ...) CLI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 239
Telnet NX-API
or CLI
SSH Client
Management Server
NX-OS Infra
(CLI Mgr, Syslog Mgr, ...) CLI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 239
Telnet NX-API NX-API
or CLI REST
SSH Client Client
Management Server
NX-OS Infra
(CLI Mgr, Syslog Mgr, ...) CLI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 239
Telnet NX-API NX-API
SNMP
or CLI REST
Client
Client
SSH Client
Management Server
SNMP
NX-SDK APIs NGINX Server Agent
NX-OS Infra
(CLI Mgr, Syslog Mgr, ...) CLI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 239
Telnet NX-API NX-API
SNMP NETCONF / RESTCONF / gRPC
or CLI REST
Client
Client YANG Clients
SSH Client
Management Server
NX-OS Infra
(CLI Mgr, Syslog Mgr, ...) CLI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 239
NX-API
Management
Server
Nexus 9K
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 241
{
"jsonrpc": "2.0",
"method": "cli",
CLI "params": {
"cmd": "show version",
Request "version": 1
Management },
Server }
"id": 1
Nexus 9K
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 241
{
"jsonrpc": "2.0",
"method": "cli",
CLI "params": {
"cmd": "show version",
Request "version": 1
Management },
Server }
"id": 1
{
"jsonrpc": "2.0",
"result": {
"body": {
"bios_cmpl_time": "03/02/2017",
JSON "bootflash_size": 7906304,
"kickstart_ver_str": "7.0(3)I7(3)",
Response "chassis_id": "Nexus 9508",
... Nexus 9K
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 241
Ansible
Writing Your Own Automation Can be
Challenging
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 243
Writing Your Own Automation Can be
Challenging
• NX-API brings a modern transport, and a structured output. But...
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 243
Writing Your Own Automation Can be
Challenging
• NX-API brings a modern transport, and a structured output. But...
• Need to have development skills and allocate time to write, maintain and test the
code.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 243
Writing Your Own Automation Can be
Challenging
• NX-API brings a modern transport, and a structured output. But...
• Need to have development skills and allocate time to write, maintain and test the
code.
• Need to deal with authentication and transport.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 243
Writing Your Own Automation Can be
Challenging
• NX-API brings a modern transport, and a structured output. But...
• Need to have development skills and allocate time to write, maintain and test the
code.
• Need to deal with authentication and transport.
• Ideally, be able to group switches by category.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 243
Writing Your Own Automation Can be
Challenging
• NX-API brings a modern transport, and a structured output. But...
• Need to have development skills and allocate time to write, maintain and test the
code.
• Need to deal with authentication and transport.
• Ideally, be able to group switches by category.
• Not much leverage of existing, tested apps besides the low-level API.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 243
Writing Your Own Automation Can be
Challenging
• NX-API brings a modern transport, and a structured output. But...
• Need to have development skills and allocate time to write, maintain and test the
code.
• Need to deal with authentication and transport.
• Ideally, be able to group switches by category.
• Not much leverage of existing, tested apps besides the low-level API.
• Not straightforward to re-use existing CLI (Jinja2) templates.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 243
Writing Your Own Automation Can be
Challenging
• NX-API brings a modern transport, and a structured output. But...
• Need to have development skills and allocate time to write, maintain and test the
code.
• Need to deal with authentication and transport.
• Ideally, be able to group switches by category.
• Not much leverage of existing, tested apps besides the low-level API.
• Not straightforward to re-use existing CLI (Jinja2) templates.
• Not idempotent by default, need to implement idempotency yourself.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 243
Writing Your Own Automation Can be
Challenging
• NX-API brings a modern transport, and a structured output. But...
• Need to have development skills and allocate time to write, maintain and test the
code.
• Need to deal with authentication and transport.
• Ideally, be able to group switches by category.
• Not much leverage of existing, tested apps besides the low-level API.
• Not straightforward to re-use existing CLI (Jinja2) templates.
• Not idempotent by default, need to implement idempotency yourself.
• No parallelization by default, need to implement threading yourself.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 243
Writing Your Own Automation Can be
Challenging
• NX-API brings a modern transport, and a structured output. But...
• Need to have development skills and allocate time to write, maintain and test the
code.
• Need to deal with authentication and transport.
• Ideally, be able to group switches by category.
• Not much leverage of existing, tested apps besides the low-level API.
• Not straightforward to re-use existing CLI (Jinja2) templates.
• Not idempotent by default, need to implement idempotency yourself.
• No parallelization by default, need to implement threading yourself.
• So let’s leverage existing tools on top of NX-API!
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 243
Ansible Overview
Management Server
Ansible Controller
Inventory Modules
Playbooks Config
Configure
Targets
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 244
Ansible Overview
Ansible Controller
Inventory Modules
Playbooks Config
Configure
Targets
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 244
Ansible Overview
Inventory Modules
Playbooks Config
Configure
Targets
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 244
Ansible Overview
Playbooks Config
Configure
Targets
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 244
Ansible Overview
Playbooks Config
Configure
Targets
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 244
Ansible Overview
Configure
Targets
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 244
Ansible Overview
Configure
Targets
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 244
Ansible Overview
Configure
• Variables
Targets
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 244
Ansible Overview
Configure
• Variables
• Conditionals
Targets
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 244
Ansible Overview
Configure
• Variables
• Conditionals
• Events
Targets
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 244
Ansible Overview
Configure
• Variables • Loops
• Conditionals
• Events
Targets
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 244
Management NX-API NX-API NETCONF / RESTCONF / gRPC
SSH SNMP
Server CLI REST YANG
NX-OS Infra
(CLI Mgr, Syslog Mgr, ...) CLI
Inventory
SSH
Playbook Config Python
NX-API
NETCONF
Modules
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 246
Ansible Architecture • Inventory: target
systems for
automation.
Targets
Inventory
SSH
Playbook Config Python
NX-API
NETCONF
Modules
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 246
Ansible Architecture • Inventory: target
systems for
automation.
Targets • Playbook: a series
of plays
Inventory (automation tasks).
SSH
Playbook Config Python
NX-API
NETCONF
Modules
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 246
Ansible Architecture • Inventory: target
systems for
automation.
Targets • Playbook: a series
of plays
Inventory (automation tasks).
• Modules:
accomplish specific
tasks in Ansible
(e.g. install
SSH packages,
Playbook Config Python configure NX-OS,
NX-API etc.)
NETCONF
Modules
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 246
Ansible Architecture • Inventory: target
systems for
automation.
Targets • Playbook: a series
of plays
Inventory (automation tasks).
• Modules:
accomplish specific
tasks in Ansible
(e.g. install
SSH packages,
Playbook Config Python configure NX-OS,
NX-API etc.)
• Ansible Config:
NETCONF determines how
your Ansible setup
behaves (how many
Modules concurrent
connections, etc.)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 246
Ansible Playbook = Sequence of Tasks to Execute
Example: Deploy NTP on all the Servers
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ansible Playbook = Sequence of Tasks to Execute
Example: Deploy NTP on all the Servers
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ansible Playbook = Sequence of Tasks to Execute
Example: Deploy NTP on all the Servers
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ansible Playbook = Sequence of Tasks to Execute
Example: Deploy NTP on all the Servers
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ansible Playbook = Sequence of Tasks to Execute
Example: Deploy NTP on all the Servers
Ansible module that will do the actual work Blue: Ansible keyword or module
White: a value that you define
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ansible Inventory
[nxos_spines]
9364-1
9364-2
[older_routers]
router-A
router-B
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 248
Ansible Inventory
[nxos_spines]
9364-1
9364-2
[older_routers]
router-A
router-B
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 248
Ansible Inventory
[nxos_spines]
9364-1
9364-2 Best practice: use Ansible Vault for
password encryption.
[older_routers]
router-A
router-B
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 248
VXLAN BGP EVPN Automation
[devops@server ~]$ cat vxlan.yml
---
- name: Create L2VNI
hosts: nxos_vteps
tasks:
- name: Create VLAN and map to to VNI
nxos_vlan:
vlan_id: 2200
mapped_vni: 20200
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 250
What’s the Cleanest Way to Handle This Error?
[devops@server ~]$ cat vxlan.yml Config prior to the playbook
... execution:
tasks:
- name: Create VLAN and map to to VNI interface nve1
nxos_vlan: no shutdown
vlan_id: 2200 host-reachability protocol bgp
mapped_vni: 20200 member vni 20200
admin_state: up suppress-arp
ingress-replication protocol bgp
- name: Add L2VNI to Overlay
nxos_vxlan_vtep_vni:
interface: nve1
vni: 20200
multicast_group: 239.239.239.100
suppress_arp: true
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 251
Checkpoint and
Rollback!
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 252
[devops@server ~]$ cat rollback.yml
Checkpoint and ...
tasks:
Rollback! - name: Create checkpoint
nxos_rollback:
checkpoint_file: backup.cfg
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 252
[devops@server ~]$ cat rollback.yml
Checkpoint and ...
tasks:
Rollback! - name: Create checkpoint
nxos_rollback:
checkpoint_file: backup.cfg
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 252
[devops@server ~]$ cat rollback.yml
Checkpoint and ...
tasks:
Rollback! - name: Create checkpoint
nxos_rollback:
checkpoint_file: backup.cfg
TECDCN-2002 TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 253
[devops@server ~]$ ansible-playbook rollback.yml
TASK [Create checkpoint]
*************************************************************************************************
changed: [93180-FX-2]
TECDCN-2002 TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 254
[devops@server ~]$ ansible-playbook rollback.yml
TASK [Create checkpoint]
*************************************************************************************************
changed: [93180-FX-2]
PLAY RECAP
*************************************************************************************************
93180-FX-2 : ok=5 changed=3 unreachable=0 failed=1
[devops@server ~]$ TECDCN-2002 TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 255
NX-OS Ansible Modules
Over 70 NX-OS Modules in Ansible 2.7
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 256
NX-OS Ansible Modules
Over 70 NX-OS Modules in Ansible 2.7
• AAA
• ACL
• BGP
• Checkpoint / Rollback
• CLI
Note: can be used with
Jinja2 templates
• HSRP / VRRP
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 256
NX-OS Ansible Modules
Over 70 NX-OS Modules in Ansible 2.7
• AAA • Interfaces
• ACL • NTP
• BGP • NX-API
• CLI • OSPF
Note: can be used with
• PIM
Jinja2 templates
• HSRP / VRRP • Port-Channel / vPC
• Patching
• IGMP / IGMP Snooping
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 256
NX-OS Ansible Modules
Over 70 NX-OS Modules in Ansible 2.7
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 256
NX-OS Ansible Modules
Over 70 NX-OS Modules in Ansible 2.7
<get-config>
<source>
<running/>
</source>
<filter>
<network-instances xmlns="http://openconfig.net/yang/network-instance">
<network-instance/>
</network-instances>
</filter>
</get-config>
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 259
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="2">
<data>
<network-instances xmlns="http://openconfig.net/yang/network-instance">
<network-instance>
<config>
<description/>
<enabled>true</enabled>
<name>default</name>
<type>L3VRF</type>
</config>
<name>default</name>
</network-instance>
<network-instance>
<config>
<description/>
<enabled>true</enabled>
<name>Testing1</name>
<type>L3VRF</type>
</config>
... TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 260
Telnet NX-API NX-API
SNMP
or CLI REST
Client
Client YDK
SSH Client
Management Server
NX-OS Infra
(CLI Mgr, Syslog Mgr, ...) CLI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 261
Prototyping and
Validating with
N9Kv
Nexus 9000v (N9Kv)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 263
Nexus 9000v (N9Kv)
• N9Kv is:
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 263
Nexus 9000v (N9Kv)
• N9Kv is:
• A simulation platform that runs N9K NX-OS as a virtual machine.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 263
Nexus 9000v (N9Kv)
• N9Kv is:
• A simulation platform that runs N9K NX-OS as a virtual machine.
• Abstracting N9K hardware: supervisor, one line card, interfaces.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 263
Nexus 9000v (N9Kv)
• N9Kv is:
• A simulation platform that runs N9K NX-OS as a virtual machine.
• Abstracting N9K hardware: supervisor, one line card, interfaces.
• Using a software data-plane.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 263
Nexus 9000v (N9Kv)
• N9Kv is:
• A simulation platform that runs N9K NX-OS as a virtual machine.
• Abstracting N9K hardware: supervisor, one line card, interfaces.
• Using a software data-plane.
• Supported in VIRL.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 263
Nexus 9000v (N9Kv)
• N9Kv is:
• A simulation platform that runs N9K NX-OS as a virtual machine.
• Abstracting N9K hardware: supervisor, one line card, interfaces.
• Using a software data-plane.
• Supported in VIRL.
• N9Kv is not:
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 263
Nexus 9000v (N9Kv)
• N9Kv is:
• A simulation platform that runs N9K NX-OS as a virtual machine.
• Abstracting N9K hardware: supervisor, one line card, interfaces.
• Using a software data-plane.
• Supported in VIRL.
• N9Kv is not:
• A replacement for N9K physical platform.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 263
Nexus 9000v (N9Kv)
• N9Kv is:
• A simulation platform that runs N9K NX-OS as a virtual machine.
• Abstracting N9K hardware: supervisor, one line card, interfaces.
• Using a software data-plane.
• Supported in VIRL.
• N9Kv is not:
• A replacement for N9K physical platform.
• Designed to be used as a switch in a production data center.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 263
Nexus 9000v (N9Kv)
• N9Kv is:
• A simulation platform that runs N9K NX-OS as a virtual machine.
• Abstracting N9K hardware: supervisor, one line card, interfaces.
• Using a software data-plane.
• Supported in VIRL.
• N9Kv is not:
• A replacement for N9K physical platform.
• Designed to be used as a switch in a production data center.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
NX-OSv Is Great for Prototyping and Testing
• DevOps
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
NX-OSv Is Great for Prototyping and Testing
• DevOps
• Rapid prototyping of 3rd party tools & applications
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
NX-OSv Is Great for Prototyping and Testing
• DevOps
• Rapid prototyping of 3rd party tools & applications
• Rapid development & testing of platform-independent features
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
NX-OSv Is Great for Prototyping and Testing
• DevOps
• Rapid prototyping of 3rd party tools & applications
• Rapid development & testing of platform-independent features
• Configuration policy impact analysis
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
NX-OSv Is Great for Prototyping and Testing
• DevOps
• Rapid prototyping of 3rd party tools & applications
• Rapid development & testing of platform-independent features
• Configuration policy impact analysis
• Validate network configuration prior to deployment in the actual network
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
NX-OSv Is Great for Prototyping and Testing
• DevOps
• Rapid prototyping of 3rd party tools & applications
• Rapid development & testing of platform-independent features
• Configuration policy impact analysis
• Validate network configuration prior to deployment in the actual network
• Analyze control plane behavior
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
NX-OSv Is Great for Prototyping and Testing
• DevOps
• Rapid prototyping of 3rd party tools & applications
• Rapid development & testing of platform-independent features
• Configuration policy impact analysis
• Validate network configuration prior to deployment in the actual network
• Analyze control plane behavior
• Lab as a Service
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
NX-OSv Is Great for Prototyping and Testing
• DevOps
• Rapid prototyping of 3rd party tools & applications
• Rapid development & testing of platform-independent features
• Configuration policy impact analysis
• Validate network configuration prior to deployment in the actual network
• Analyze control plane behavior
• Lab as a Service
• No physical test beds required
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
NX-OSv Is Great for Prototyping and Testing
• DevOps
• Rapid prototyping of 3rd party tools & applications
• Rapid development & testing of platform-independent features
• Configuration policy impact analysis
• Validate network configuration prior to deployment in the actual network
• Analyze control plane behavior
• Lab as a Service
• No physical test beds required
• Learning Tool
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
Matthias Wessendorf
Data Center Technical Marketing Engineer
Network Manager
(DCNM)
DCNM Overview &
Functions
Data Center Network Manager (DCNM)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 267
Data Center Network Manager (DCNM)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 267
Data Center Network Manager (DCNM)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 268
Network Architecture Deployment Models ~
DCNM Modes
Fabric / Overlay Models
VXLAN + BGP-EVPN
• L2 over L3 overlay
• BGP-EVPN control plane
• VXLAN data plane
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 268
Network Architecture Deployment Models ~
DCNM Modes
Fabric / Overlay Models Traditional Models
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 268
Network Architecture Deployment Models ~
DCNM Modes
Fabric / Overlay Models Traditional Models
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 268
Network Architecture Deployment Models ~
DCNM Modes
Fabric / Overlay Models Traditional Models
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 268
Introducing LAN fabric in DCNM 11 for Nexus
3k/9k
4
Deploy
Centralized config push Define
Define Intent based on best practices
1 • Underlay
• Interfaces
• Overlay
3
Preview
Side-by-side diff Save
Generates configuration based on intent
2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 269
DCNM for New or
Existing Fabrics
Classic LAN and External Fabric - Nexus 2k-9k
* roadmap TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 271
Leveraging DCNM for New and Existing Fabrics
Bootstrap Devices
Discover Existing
[POAP]
Fabrics / Networks
STP/VPC
Fabric Builder
Create New VXLAN
DFA / FabricPath
Fabrics
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 272
VXLAN Fabric Builder Auto-Deployment
Managed-
Turn-Key VTEP Simplified
Fabric
Deployment Deployment
Operations
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 273
VXLAN Fabric Builder Auto-Deployment
VXLAN Fabric
Auto-Deployment
Managed-
Turn-Key VTEP Simplified
Fabric
Deployment Deployment
Operations
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 273
Day 1+ Operations
Manage, Monitor, Visualize, Search
Challenge: Manage & Grow Underlay with minimal overhead & keep consistent intent
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 274
Day 1+ Operations
Manage, Monitor, Visualize, Search
Challenge: Manage & Grow Underlay with minimal overhead & keep consistent intent
Deployed Fabric Manage Monitor / Visualize /
Search / Update
Underlay:
• SDN Networks [VTEPs]
• Image Update [ISSU]
• View Fabric Topology
• Monitor Health, Events,
Performance
[cpu/mem/iface/syslog]
• Add Devices/Expand
Cisco Advantage:
• Turnkey Management
• Integrated Views
• Comprehensive Fabric Views
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 274
Day 1+ Operations
Overlay Visibility, Growth
Challenge: Manage / Monitor SDN Overlay’s across a large fabric
Overlay Tasks: Monitor / Visualize / Search
• Visualize Overlays [VXLAN, VLAN, etc..]
• Add, Manage SDN Networks
• Shows VM Networking Path [vCenter]
• Find, Track VMs, Workloads [EPL]
• Find VN’s and VNI’s [VXLAN]
• View VXLAN E2E Connectivity [OAM]
• Identify Errors
• Validate Compliance
Cisco Advantage:
• Seamless Overlay/Underlay Correlation
• Easy to find workloads, VN’s, VNI’s on vast
fabric
• Easy to See Host-Network chain
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 275
Day 1+ Operations
Overlay Visibility, Growth
Challenge: Manage / Monitor SDN Overlay’s across a large fabric
Overlay Tasks: Monitor / Visualize / Search
• Visualize Overlays [VXLAN, VLAN, etc..]
• Add, Manage SDN Networks
• Shows VM Networking Path [vCenter]
• Find, Track VMs, Workloads [EPL]
• Find VN’s and VNI’s [VXLAN]
• View VXLAN E2E Connectivity [OAM]
• Identify Errors
• Validate Compliance
Cisco Advantage:
• Seamless Overlay/Underlay Correlation
• Easy to find workloads, VN’s, VNI’s on vast
fabric
• Easy to See Host-Network chain
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 275
Day 1+ Operations
Verify Compliance
Challenge: Ensure Deployment [Underlay, Overlay, Access] is Correct
Compliance Tasks: Detect and Fix
• Monitor Fabric
• Compare device configuration
against Fabric policy
• Remediate [revert or change Policy]
On-Demand
remediation
Cisco Advantage:
• Constant Monitoring
• Compliance engine brings fabric back to
intended configuration
• No un-anticipated behavior
Compliance engine remediates to intended configuration
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 276
Getting Started
with DCNM
VXLAN User Experience with DCNM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 278
VXLAN User Experience with DCNM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 278
VXLAN User Experience with DCNM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 278
VXLAN User Experience with DCNM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 278
VXLAN User Experience with DCNM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 278
VXLAN User Experience with DCNM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 278
VXLAN User Experience with DCNM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 278
Discovering the Data Center
• DCNM Data Sources Include: SAN, LAN, VMware, & Storage Arrays
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 280
VXLAN Underlay Bring-Up – DCNM Starting Point
Use Virtual
Appliance (VA)
-VA Includes Fabric
Infrastructure
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 280
VXLAN Underlay Bring-Up – DCNM Starting Point
Configure DCNM
Use Virtual Fabric
Appliance (VA) Management
(OVA / ISO Setup)
-VA Includes Fabric
Infrastructure -Management IP
-Fabric Management
subnet
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 280
VXLAN Underlay Bring-Up – DCNM Starting Point
Configure DCNM
Use Virtual Use Fabric Builder
Fabric
[regular POAP for
Appliance (VA) Management
(OVA / ISO Setup)
‘classic’ mode]
-VA Includes Fabric
--Generate POAP
Infrastructure -Management IP
definitions
-Fabric Management
subnet
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 280
VXLAN Underlay Bring-Up – DCNM Starting Point
Configure DCNM
Use Virtual Use Fabric Builder
Fabric
[regular POAP for
Appliance (VA) Management
(OVA / ISO Setup)
‘classic’ mode]
-VA Includes Fabric
--Generate POAP
Infrastructure -Management IP
definitions
-Fabric Management
subnet
Deploy Fabric
-Switch VTEP
Configures
Automatically during
POAP
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 280
VXLAN Underlay Bring-Up – DCNM Starting Point
Configure DCNM
Use Virtual Use Fabric Builder
Fabric
[regular POAP for
Appliance (VA) Management
(OVA / ISO Setup)
‘classic’ mode]
-VA Includes Fabric
--Generate POAP
Infrastructure -Management IP
definitions
-Fabric Management
subnet
Deploy Fabric
-Switch VTEP
Fabric
Configures
Automatically during
Underlay
POAP Installed
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 280
VXLAN Fabric Builder…
NEW in
DCNM 11
Auto-VPC
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 281
VXLAN Fabric Compliance
1 3 Deploy Changes
Out-of-Sync
Detected
2 Preview Compliance
Remediation
4 Fabric Repaired!
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 282
LAN Fabric Brownfield Deployment
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 284
Let’s Focus on
New VXLAN
Functions
Top Down Deployment
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 286
Adding A New VXLAN Fabric
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 287
Creating A New Network
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 288
Deploying The Network
1) Select Network
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 289
Deploying The Network – Selecting Switches
In Progress Deployed
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 290
Controls
Deploy Details
Show / Troubleshoot Deployment
Preview
Add Switches to
Fabric
Refresh
Auto-Refresh
on/off
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 291
External Fabric Connectivity Provisioning
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 292
VXLAN Multi-Site Deployment
Fabric 1 Fabric 2
VNI 34112
VNI 26214
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 293
VXLAN Multi-Site Deployment
Fabric 1 Fabric 2
Border Leaf
B Extensions B
VNI 34112
VNI 26214
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 293
VXLAN Multi-Site Deployment
Fabric 1 Fabric 2
Border Leaf
B Extensions B
VNI 34112 VNI 34112
VNI 26214 VNI 26214
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 293
EVPN Multi-Site Deployment
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 294
Troubleshoot VXLAN Using OAM
Show Fabric
Reachability
Helps Troubleshoot
Problems
Switch to Switch or
Host to Host
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 295
L4-L7 Service Attachment Use-cases
Intra-tenant/Inter-tenant One-armed/Two-armed
enable/attach
service policy
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 297
Topology – Redirected Flow
• The redirected flow section is added to the switch info overlay screen when user double-clicks the icon of the
switch, which has service configured network attached, on the topology.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 298
VXLAN / Fabric Recap...
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 299
Cool Features for
LAN Fabrics
(Let’s Explore)
Features in DCNM
Top-Down Provisioning
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 301
Topology Views
Real-Time
Search
Detected VTEP
Health Score
(color)
Link Pop-Up Pop-Up Switch
Dashboard
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 302
Topology Views- VMM Integration
Display connected
Physical Hosts
Display DVS/Vswitch
Display VMs
Filter by VMM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 303
Topology Views- VMM Integration
Display connected
Physical Hosts
Display DVS/Vswitch
Display VMs
Filter by VMM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 303
Topology Views- VMM Integration
Display Connectivity
Details
Display connected
Physical Hosts
Display DVS/Vswitch
Display VMs
Filter by VMM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 303
Topology Views- VMM Integration
Display Connectivity
Details
Display connected
Physical Hosts
Display Port-Group
Display DVS/Vswitch
Details
Display VMs
Filter by VMM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 303
Topology Views- Kubernetes Integration
(Preview)
Container option
added
Pod List
available
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 304
Endpoint Locator (EPL)
Number of Active
Network New – Recent
Notifications
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 305
Switch Dashboard Interfaces
Interface Page Programmable Show Commands
Interface History
Policy
Add I/F Edit shut / no shut Show
History
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 306
Template Library
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 307
Resource Manager
Networks and
VRFs
Resource Manager
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 308
Resource Manager
MSD FABRIC
Devices
Networks and
VRFs
Deployment
Type
Serial
Number
Resource Manager
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 308
Built-In REST API-Docs Using Swagger
https://<dcnm-server-IP>/api-docs
DCNM GUI uses
REST API
Inspect with
Browser Tools
[e.g. . Google
Developer Tools]
Automate
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 310
Azeem Suleman
Principal Engineer
Application Centric
Infrastructure (ACI)
ACI: An Innovative Approach to Policy Based
Segmentation
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 312
ACI: An Innovative Approach to Policy Based
Segmentation
APPLICATION
NETWORK PROFILE
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 312
ACI: An Innovative Approach to Policy Based
Segmentation
APPLICATION
NETWORK PROFILE
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 312
ACI: An Innovative Approach to Policy Based
Segmentation
INTERNET
WEB APP DB
APPLICATION
NETWORK PROFILE
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 312
ACI: An Innovative Approach to Policy Based
Segmentation
INTERNET
F/W WEB ADC APP DB
ADC
APPLICATION
NETWORK PROFILE
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 312
Application Policy Infrastructure Controller (APIC)
Root
Policy Virtual
Infra Fabric
Universe Network
Applications
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 313
Application Policy Infrastructure Controller (APIC)
Root
Policy Virtual
Infra Fabric
Universe Network
Applications
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 313
Application Policy Infrastructure Controller (APIC)
Root
Policy Virtual
Infra Fabric
Universe Network
Applications
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 313
Application Policy Infrastructure Controller (APIC)
Root
Policy Virtual
Infra Fabric
Universe Network
Applications
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 313
Application Policy Infrastructure Controller (APIC)
Root
Policy Virtual
Infra Fabric
Universe Network
Applications
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 313
ACI: The Elements
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 314
ACI: The Elements
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 314
ACI: The Elements
Virtual
SPINES Modular Fixed Nexus vPod
9300 (vSpine)
Nexus 9500 (9332C, 9364C)
(w/9700 LCs)
LEAVES Virtual
Virtual/Container networking integration Fixed Nexus 9300 vPod
included (except vPod mode) (100M/1/10/25/40/50/100/400G) (vLeaf)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 314
ACI: The Elements
Virtual
SPINES Modular Fixed Nexus vPod
9300 (vSpine)
Nexus 9500 (9332C, 9364C)
(w/9700 LCs)
LEAVES Virtual
Virtual/Container networking integration Fixed Nexus 9300 vPod
included (except vPod mode) (100M/1/10/25/40/50/100/400G) (vLeaf)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 314
The DC network before
Classic modular switching
Supervisors (1 or 2)
Up to 18 RUs Scale-up
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 315
The DC network before
Classic modular switching
Supervisors (1 or 2)
Up to 18 RUs Scale-up
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 315
The DC network before
Classic modular switching
Supervisors (1 or 2)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 315
The DC network before The DC network NOW
Classic modular switching ACI
Supervisors (1 or 2)
APICs
(1,3 or more)
Fabric Modules (3- 5)
Up to 18 RUs Scale-up
SPINE
(2 to 6)
Linecards (Copper, Fiber,1/10G)
Zero-touch VXLAN
No STP
LEAVES
(1 to 200 or more*)
Single VXLAN Network**
Evolution from Nexus 5000 and Nexus 7000
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 315
The DC network before The DC network NOW
Classic modular switching ACI
Supervisors (1 or 2)
APICs
(1,3 or more)
Fabric Modules (3- 5)
Up to 18 RUs Scale-up
SPINE
(2 to 6)
Linecards (Copper, Fiber,1/10G)
Zero-touch VXLAN
No STP
LEAVES
(1 to 200 or more*)
Scale as you need
Single VXLAN Network**
Evolution from Nexus 5000 and Nexus 7000
Single chassis (e.g. Nexus 7000) * > 200 Leaves with MultiPod/Multi-Site
** Other topologies available (e.g. 3-tier, etc.)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 315
Cisco, as Open as
You Want it to Be
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 316
ACI: How difficult is it to bring it up?
Let’s start with a single site
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 317
ACI: How difficult is it to bring it up?
Let’s start with a single site
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 317
ACI: How difficult is it to bring it up?
Let’s start with a single site
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 317
ACI: How difficult is it to bring it up?
Let’s start with a single site
LLDP
Exchange
Spine Layer Nexus 9000
1 Connect all leaves to spines
Connect APIC(s) to any leaf or leaves
Certificate
2
Validation
Console into to each of the APICs
DME Start
Follow the initial configuration wizard
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 317
ACI: How difficult is it to bring it up?
Let’s start with a single site
LLDP
Exchange
Spine Layer Nexus 9000
1 Connect all leaves to spines
Connect APIC(s) to any leaf or leaves
Certificate
2
Validation
Console into to each of the APICs
DME Start
Follow the initial configuration wizard
• Spine – OOB, Inband management and 1 console per Sup for 95xx
• Leaf – OOB, Inband management and 1 console
• APIC – CIMC and dual home connection, standby APIC (if possible)
• Fabric Name, Fabric ID, Infra TEP Pool /22, Infra VLAN(3967), BD Multicast Range, NTP, AAA
• Export backups / snapshots periodically
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 317
ACI: How difficult is it to bring it up?
What tasks & configuration did ACI just saved me from doing manually on every switch
BEFORE NOW
Tenant A Tenant B
A Tenant is a container for all
network, security,
troubleshooting and L4 – 7
service policies.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 320
Where VRF is defined
Tenant A Tenant B
VRF 1 VRF 1 VRFs (contexts) are defined
within a tenant to allow
isolated and potentially
overlapping IP address
space.
VRF 2 VRF 2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 321
What is Bridge Domain (BD)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 322
Bridge Domain
Forwarding L2 unknown unicast based on spine-proxy mapping database
or flood and learn over VXLAN
THIS doesn’t turn on or off the mapping database for MAC addresses.
MAC addresses are always learned in the mapping database
This option is only relevant if you do hardware-proxy forwarding and if “Unicast routing” is
enabled. ARP packets are flooded in the BD
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 323
Bridge Domain Recommendations
Enforce
Subnet
L2 Unknown ARP Unicast Subnet
Scenario Check for
Unicast Flooding Routing Configured
IP
Learning
IP Routed Traffic. No FW + LB, No Floating IP Hardware Proxy Disabled Enabled Yes (if Yes
required. No Silent Hosts required)
IP Routed Traffic. No FW + LB. Silent Hosts. Hardware Proxy Disabled Enabled Yes Yes
Non IP, switched traffic. Silent Hosts. Flood N/A Disabled No N/A
Hosts with IP address may float between Hardware Proxy Enabled Enabled Yes Yes
MAC. FW + LB. NIC Teaming
Migration – Extending L2 from ACI with L3 Hardware Proxy Enabled Enabled If required If required
GW still on legacy network
Summary
Forward to Forward to Flood within
local port remote leaf BD Spine Proxy
L2 or L3 ?
L2
Test Production
2.2.2.0 IP Change 1.1.1.0
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 326
ACI: What changes?
Easy as 1-2-3-4-5
BEFORE NOW
1
Physical Networks/VRFs Create Tenants
We would purchase separate networks and assign You can ”partition” your ACI Fabric & have up to 3000 Tenants even
different IP subnets to each (Prod, Test, etc.) using the same IP subnets with no conflict
Test Production
2.2.2.0 IP Change 1.1.1.0
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 326
What is End Point Group (EPG)
Tenant A Tenant B
EPGs exist within a single
VRF 1 VRF 1 bridge domain only – they do
Bridge Domain 1 EPG Bridge Domain 1 EPG not span bridge domains.
Bridge Domain 2 EPG Bridge Domain 2 EPG
EPGs defines the policy
enforcement entities/classes.
VRF 2 VRF 2
Class-based policies are
Bridge Domain 3 EPG EPG Bridge Domain 3 EPG EPG
applied between EPGs
Bridge Domain 4 EPG Bridge Domain 4 EPG
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 327
Application Policy Logical Construct
Tenant
VRF 1 VRF 2
Network
Bridge Domain 172 Bridge Domain 10 Bridge Domain 100
Subnet 172.1.1.0/24
Subnet 10.1.1.0/24 Subnet 10.1.1.0/24
Subnet 172.1.2.0/24 Subnet 10.1.2.0/24
… …
Subnet 172.20.1.0/24
EPG web
EPG WEB EPG DB Policy “HTTP”
App
Policy “HTTP”
EPG db
Policy “SQL”
EPG APP Policy “SQL”
EPG app
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 328
Application Policy Logical Construct
Mapping the Configuration to the Packet
Coke-Tenant
• ACI Fabric leverages VXLAN Encapsulation to build VRF 1
network overlay
Bridge Domain 1 EPG
• VXLAN Source Group is used as a tag/label to identify the
specific end point for each application function (EPG) Bridge Domain 2 EPG
VXLAN Header:
Flags Flags/DRE Source Class ID == EPG VNID == BD/VRF M/LB/SP
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 329
End Point Group (EPG) Definition
• An Endpoint group (EPG) is a set of devices (end points) that share the same policy
requirements.
• Classification can be based on:
• VLAN Application
Profile
• VxLAN
• MAC Address
• IP Address EPG EPG
• VM Properties etc.
EP EP EP EP
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 330
End Points (EPs)
• EPs are devices which attach to the network either virtually or physically, e.g.:
• Virtual Machine
• Physical Server (running Bare Metal or Hypervisor)
• External Layer 2 / 3 device
• Firewall / Load balancer etc.
ACI Endpoint
Traditional Endpoint
- MAC or MAC/IP → IPv4 is /32
L2 – MAC Table L3 – ARP Table Route
- MAC Address - IP / MAC - VLAN / VxLAN → EPG (pcTag)
- VLAN - Interface
- Interface - Interface - VRF
- VRF - Flags → Local, vPC, static, etc.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 331
Endpoint Classification
Web App DB
Classification:
Classification: Classification: Classification:
L3_Out : Network/Mask
• EPG Classification on L3 Outside • EPG Classification on an access/server port is based on different attributes
is based on IP address • Port + VLAN, Port + VXLAN, Network/Mask
Network/Mask
• IP/MAC, VM Attributes for AVS attached VM’s
• IP & MAC Host Address
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 332
Understanding Networks and Groups
Abstractions
Legend
Tenant Child/Parent Object
(fvTenant) Relationship (Pointer)
Application Bridge
Outside VRF Contract
Profile Domain Filter
Network (fvAp) (fvBD)
(fvCtx) (vzBrCP)
Subnet
(fvSubnet)
Subject
Endpoint
Group
(fvAEPg)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 333
By default …
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 334
By default …
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 335
Intra EPG default can be changed
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 336
Every EPG belongs to a VRF and
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 337
Application Network Profile
A group of EPGs related to each other to represent an application
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 338
Application Network Profile
A group of EPGs related to each other to represent an application
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 338
Application Network Profile
A group of EPGs related to each other to represent an application
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 338
Application Network Profile
A group of EPGs related to each other to represent an application
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 338
Application Network Profile
A group of EPGs related to each other to represent an application
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 338
ACI: What changes?
Easy as 1-2-3-4-5
BEFORE
Unclear network connectivity
Show VLAN would show all and every VLAN per-Switch
without understanding how they connect between each
other
Switch 1 Switch 5
Switch 2 Switch 6
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI: What changes?
Easy as 1-2-3-4-5
BEFORE NOW
Unclear network connectivity 2
Create Application Profiles
Show VLAN would show all and every VLAN per-Switch An Application Profile is a graphical representation of our network
without understanding how they connect between each configuration. Think of it as a “folder of VLANs” at the Fabric level.
other A Tenant may have multiple Application Profiles
Switch 1 Switch 5
Switch 2 Switch 6
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
ACI: What changes?
Easy as 1-2-3-4-5
BEFORE
Create VLANs per Switch
Add VLANs per Switch, name each of them and then configure
trunks to extend connectivity. Additionally configure HSRP/VRRP
for Gateways at the distribution/core layer
Collapsed HSRP/VRRP
Core
Gateways
802.1q
Access Layer
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 340
ACI: What changes?
Easy as 1-2-3-4-5
BEFORE NOW
Create VLANs per Switch 3
Create End Point Groups (EPGs)
Add VLANs per Switch, name each of them and then configure We will create an EPG and name it just as we would with a VLAN. You
trunks to extend connectivity. Additionally configure HSRP/VRRP may also add one Bridge Domain per EPG with an IP address (just like
for Gateways at the distribution/core layer an SVI) in case you want ACI Anycast Gateway functionality
Access Layer
EPG EPG
Netweaver HANA
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 340
Contracts
• Contracts can be defined between EPGs or between L3out External EPGs and regular
EPGs
Contract - MyContract
Subject
Web-Prod Filters DB-Prod
QoS
Service
Graph
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 341
EPGs Provide and/or Consume Contracts
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 342
EPGs Provide and/or Consume Contracts
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 342
Contract Scope Defines Where They Will Be
Applied
• Contract “scope” limits the type of relations between
EPGs.
• Application Profile:
• Contract is applied between EPGs if they are of the
same AP
• VRF:
• Contract applied between EPGs if they are part of the
same VRF.
• Tenant:
• Contract applied if EPGs are in the same tenant, even
if different VRF
• Global:
• Contract can be exported, and is applied even if EPGs
may be part of different tenants
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 343
Contract Filters Define L2-4 Traffic
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 344
Contract Filters Define L2-4 Traffic
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 344
Contract Filters Define L2-4 Traffic
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 344
Contract Filters Define L2-4 Traffic
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 344
Contract Filters Define L2-4 Traffic (contd.)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 345
Contract Filters Define L2-4 Traffic (contd.)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 345
Contract Filters Define L2-4 Traffic (contd.)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 345
Configure Contracts for all EPG in a VRF (vzAny)
EPG2
• With cross-VRF contracts, vzAny can be a
consumer, not provider
Tenant Shared Tenant Shared
Tenant ONE Tenant ONE
Services Services
EPG1
EPG1 VRF1 VRF Services
VRF1 VRF Services
EPG shared
EPG shared
vzAny service
vzAny service EPG2
EPG2
NOT “SUPPORTED”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 346
ACI: What changes?
Easy as 1-2-3-4-5
BEFORE
802.1q
Access Layer
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 347
ACI: What changes?
Easy as 1-2-3-4-5
BEFORE NOW
4
Create Contracts
Create ACLs per Switch/Port We will create a Contract to specify how 2 EPGs may talk between
Specify the type of traffic you want each switch to allow each other. This contract will be pushed to the whole fabric (physical,
virtual, etc.) consistently. NO complex IP + Ports to specify like ACLs
BD 1.1.1.1 BD 2.2.2.1
EPG EPG
Netweaver HANA
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 347
ACI: What changes?
Easy as 1-2-3-4-5
BEFORE NOW
4
Create Contracts
Create ACLs per Switch/Port We will create a Contract to specify how 2 EPGs may talk between
Specify the type of traffic you want each switch to allow each other. This contract will be pushed to the whole fabric (physical,
virtual, etc.) consistently. NO complex IP + Ports to specify like ACLs
BD 1.1.1.1 BD 2.2.2.1
EPG EPG
Netweaver HANA
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 347
Types of Fabric Routes
MP-BGP
overlay-1
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 348
Types of Fabric Routes
MP-BGP
overlay-1
E1 E2
BD-B1 BD-B2
subnet subnet
int-S1 int-S2
• Internal Routes: Subnets defined under BD are internal routes and create static pervasive routes
within the fabric.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 348
Types of Fabric Routes
MP-BGP
overlay-1
L3Out-1 L3Out-2
E1 E2 ext
ext
1 BD-B1 BD-B2 2
subnet subnet subnet subnet
ext-S1 int-S1 int-S2 ext-S2
• Internal Routes: Subnets defined under BD are internal routes and create static pervasive routes
within the fabric.
• External Routes: Routes learned via a routing protocol or static routes configured under an L3Out.
These routes are redistributed into MP-BGP and advertise to all leafs that contain the VRF
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 348
Types of Fabric Routes Ensure BGP RR
is configured to
enable MP-BGP
MP-BGP
overlay-1
L3Out-1 L3Out-2
E1 E2 ext
ext
1 BD-B1 BD-B2 2
subnet subnet subnet subnet
ext-S1 int-S1 int-S2 ext-S2
• Internal Routes: Subnets defined under BD are internal routes and create static pervasive routes
within the fabric.
• External Routes: Routes learned via a routing protocol or static routes configured under an L3Out.
These routes are redistributed into MP-BGP and advertise to all leafs that contain the VRF
• Transit Routes – Routes advertised between L3Outs.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 348
Types of Fabric Routes – Internal Routes
MP-BGP
overlay-1
L3Out-1 L3Out-2
E1 E2 ext
ext
1 BD-B1 BD-B2 2
subnet subnet subnet subnet
ext-S1 int-S1 int-S2 ext-S2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 349
Types of Fabric Routes – Internal Routes
MP-BGP
overlay-1
L3Out-1 L3Out-2
1
E1 E2 ext
ext
1 BD-B1 BD-B2 2
subnet subnet subnet subnet
ext-S1 int-S1 int-S2 ext-S2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 349
Types of Fabric Routes – Internal Routes
MP-BGP
overlay-1
L3Out-1 L3Out-2
1
E1 E2 ext
ext
1 BD-B1 BD-B2 2 2
subnet subnet subnet C1 subnet
ext-S1 int-S1 int-S2 ext-S2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 349
Types of Fabric Routes – Internal Routes
Subnet: int-S2 3
Scope: MP-BGP
❑ Private to VRF overlay-1
❑ Advertise Externally
❑ Share Between VRFs
L3Out-1 L3Out-2
1
E1 E2 ext
ext
1 BD-B1 BD-B2 2 2
subnet subnet subnet C1 subnet
ext-S1 int-S1 int-S2 ext-S2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 349
Types of Fabric Routes – Internal Routes
Subnet: int-S2 3 Subnet int-S2 installed on border leaf
Scope: when creating contract
MP-BGP between EPG
❑ Private to VRF E2 and external overlay-1
EPG ext2
❑ Advertise Externally
❑ Share Between VRFs
L3Out-1 L3Out-2
1
E1 E2 ext
ext
1 BD-B1 BD-B2 2 2
subnet subnet subnet C1 subnet
ext-S1 int-S1 int-S2 ext-S2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 349
Types of Fabric Routes – External Routes
MP-BGP
overlay-1
L3Out-1 L3Out-2
ext ext
1 2
subnet subnet
ext-S1 ext-S2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 350
Types of Fabric Routes – External Routes
MP-BGP
overlay-1
ext-S1
L3Out-1 L3Out-2
ext ext
1 2
subnet subnet
ext-S1 ext-S2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 350
Types of Fabric Routes – External Routes
ext-S1
ospf, eigrp, static route RD: L1:V1
redistributed into bgp and RT: ASN:V1 MP-BGP
exported into mp-bgp
overlay-1
ext-S1
L3Out-1 L3Out-2
ext ext
1 2
subnet subnet
ext-S1 ext-S2
• External Routes from ospf, eigrp, or static are redistributed on the border leaf into the local bgp
process.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 350
Types of Fabric Routes – External Routes
ext-S1
ospf, eigrp, static route RD: L1:V1
redistributed into bgp and RT: ASN:V1 MP-BGP
exported into mp-bgp
overlay-1
ext-S1
L3Out-1 L3Out-2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 350
Types of Fabric Routes – External Routes
ext-S1
ospf, eigrp, static route RD: L1:V1
redistributed into bgp and RT: ASN:V1 MP-BGP
exported into mp-bgp
overlay-1
ext-S1
L3Out-1 L3Out-2
MP-BGP
overlay-1
ext-S1
ext-S1
L3Out-1 L3Out-2
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 351
L3 External Subnet Review
• Export Route Control - filter Transit Routes advertised out of the fabric.
• Aggregate Export - allows prefixes to be aggregated together in export direction (0/0 or ::/0 only)
• Aggregate Import - allows prefixes to be aggregated together in import direction (0/0 or ::/0 only)
• Aggregate Shared Route - allows prefixes to be aggregated together for shared route control
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 352
ACI: What changes?
Easy as 1-2-3-4-5
BEFORE
Configure IP Routing
Configure the routing protocol you may need on each
switch/router to learn routes coming from the outside
OSPF Router
802.1q
Access Layer
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 353
ACI: What changes?
Easy as 1-2-3-4-5
BEFORE NOW
5
Configure IP Routing Create L3 Out
Configure the routing protocol you may need on each Specify on which leaf and port of the fabric you want to enable external
switch/router to learn routes coming from the outside routing. Those routes will be imported inside the ACI Fabric with BGP (auto-
configured) and Spines will serve as Route Reflectors. L3 Outs need a
contract to communicate to EPGs and BDs need to be associated to L3 Outs
OSPF Router
BD 1.1.1.1 Router
EPG
Netweaver
Internet
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 353
ACI: What changes?
Easy as 1-2-3-4-5
BEFORE NOW
5
Configure IP Routing Create L3 Out
Configure the routing protocol you may need on each Specify on which leaf and port of the fabric you want to enable external
switch/router to learn routes coming from the outside routing. Those routes will be imported inside the ACI Fabric with BGP (auto-
configured) and Spines will serve as Route Reflectors. L3 Outs need a
contract to communicate to EPGs and BDs need to be associated to L3 Outs
OSPF Router
BD 1.1.1.1 Router
EPG
Netweaver
Internet
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 353
Global Settings
Best Practices Summary
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 354
ACI Fabric Endpoint Learning Evolution
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 355
Forwarding Flow
Drop and ARP
Forward to Does spine knows glean
remote leaf Dest IP in coop ? For destination
No
Yes IP
Summary Forward to
Yes
Does spine knows
No
Drop
Flooded frame remote leaf DMAC in coop ?
reached re mote
leaf
Forward to
Flood within Border Leaf
Forward to Forward to Forward to Forward to Drop
Spine Proxy Spine Proxy Per routing-
local port remote leaf BD (GIPo) local port remote leaf
table
Yes No
Hardware Does Leaf know
Flood
Proxy Dst IP as
L3OUT Routes?
L2 or L3 ?
L2 L3
(DMAC != ACI MAC) (DMAC == ACI_MAC)
MAP EP to EPG
VLAN/VXLAN=EPG IP Based EPG MAC Based EPG VM Attributed based EPG AD / DNS based EPG
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 357
ACI: How do I start?
Easy as 1-2-3-4-5
5) Once all servers are migrated
Your new ACI Fabric to the ACI Fabric, you may
remove your old gear
Internet/WAN
Contract
Nexus 9000
Spine Layer
VXLAN
Nexus 9000
Anycast GW Leaf Layer
APIC Cluster
EPG 1
EPG 2
1 1.1.1.0/24 2.2.2.0/24
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 358
ACI: How do I start?
Easy as 1-2-3-4-5
Your new ACI Fabric
Nexus 9000
Spine Layer
VXLAN
Nexus 9000
Anycast GW Leaf Layer
APIC Cluster
EPG 1
EPG 2
1 1.1.1.0/24 2.2.2.0/24
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 358
ACI Software Release Guidelines
Long Lived Releases
4 Direct Upgrade From One Long Lived To Next Long Lived Release Will Be Supported
5 Long Lived Releases Are Recommended For Networks That Will Not be Upgraded Frequently
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 359
ACI Software Release Cadence
Q3CY Q4CY Q1CY Q2CY Q3CY Q4CY Q1CY Q2CY Q3CY Q4CY
Q2CY
18 18 19 19 19 19 20 20 20 20
18
ACI ACI
ACI ACI ACI ACI ACI ACI
4.2(2) 4.2(3)
3.2(2) 4.0(2) 4.1(2) 4.2(4) 5.0(2) 5.1(2)
ACI
3.2(9)
3 Divide the switches into multiple maintenance groups, and upgrade by group
5 Mixed OS operation - Can have two different releases in the fabric at any given time
5 Compatibility check feature in APIC verifies upgrade path between current and new version
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 361
ACI Anywhere
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 362
Cisco ACI Multi-Site Orchestrator
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 363
ACI Anywhere – Accelerate Multicloud
“Evolving our multicloud journey by extending ACI everywhere”
ACI Multi-POD
Multiple Networks
(Pods) in a single
Availability Zone
(Fabric)
ACI 2.0
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 364
ACI Anywhere – Accelerate Multicloud
“Evolving our multicloud journey by extending ACI everywhere”
ACI Multi-POD
Multiple Networks
(Pods) in a single
Availability Zone
(Fabric) ACI 3.0
ACI 2.0
ACI Multi-Site
Multiple Availability
Zones (Fabrics) in a
Single Region ’and’
Multi-Region Policy
Management
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 364
ACI Anywhere – Accelerate Multicloud
“Evolving our multicloud journey by extending ACI everywhere”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 364
ACI Anywhere – Accelerate Multicloud
“Evolving our multicloud journey by extending ACI everywhere”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 364
ACI Anywhere – Accelerate Multicloud
“Evolving our multicloud journey by extending ACI everywhere”
NEW !
ACI Multi-POD ACI Remote-Leaf Cloud ACI
Multiple Networks Physical Remote Leaf ACI Extensions to
(Pods) in a single extends an Availability AWS and Azure
Availability Zone Zone (Fabric) to Public Cloud
(Fabric) ACI 3.0 remote locations ACI 4.0
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 364
ACI Multi-Site
Multi-Site Orchestrator Site N
(MSO)
3 VM Cluster
VM VM VM VM VM VM VM
Any Routed IP Network
Site1 Site 2
VM VM VM VM VM VM VM VM VM VM VM VM VM VM
No Multicast <= 1s RTT Required (MSO → APIC) Single central management (MSO)
Phased Changes (Zones) Up to 12 Sites, distributed gateway Automated L2 DCI VXLAN extension
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 365
ACI Multi-Site
Software and Hardware Requirements
• Support all ACI leaf switches (1st Gen, EX, FX, FX2) Any Routed Network
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 366
ACI Anywhere Shipping
IP / WAN
VM VM VM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 367
ACI Anywhere Shipping
IP / WAN
MACSEC MACSEC
Today
VM VM VM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 367
ACI Anywhere Shipping
IP / WAN
CloudSec
MACSEC MACSEC
Today
VM VM VM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 367
ACI Anywhere Shipping
IP / WAN
CloudSec
MACSEC MACSEC
Today Future
VM VM VM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 367
ACI Remote Leaf Remote Location A
RL
VM VM VM VM VM VM VM
Any Routed IP Network
Satellite DC
Remote Location B
RL
Pod 1 VM
VM VM VM VM VM VM VM
Brownfield
Remote Location C
RL
VM VM VM VM VM VM VM
Telco/Co-lo
VM VM VM VM VM VM VM
Zero Touch Auto <= 300 ms RTT Required Single central management
Discovery of Remote Leaf Up to 20 Remote Locations Automated L2 VXLAN extension
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 368
ACI Remote Leaf Requirements
Hardware & Software
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 369
ACI Anywhere: ACI Virtual Edge
Decoupled From Hypervisor Kernel APIs
Multi-Site Orchestrator
Data Center 1
Data Center 2
(ACI Site 1) IPN
IP Network
(ACI Site 2)
WAN
Local Router
VM
ACI Virtual Edge VM
Nexus 9000
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 370
ACI Anywhere: ACI Virtual Pod
Extend ACI To Bare-metal Clouds, Remote Data Centers, and Legacy Infrastructure
Multi-Site Orchestrator
Data Center 1
Data Center 2
(ACI Site 1) IPN
IP Network
(ACI Site 2)
WAN
Local Router
Pod 1 Pod 2
VM
ACI Virtual Edge VM
Nexus 9000
VM VM VM VM VM VM VM
VM VM VM VM VM VM VM (Remote Leaf Network)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 372
Challenges in building a Multi Cloud environment
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 373
Traditional Data Center AWS Azure
Firewall Security Groups ASG
Access Control Lists (ACLs) Security Network ACLs (NACL) NSG
Administrators Identity & Access Management (IAM) Active Directory
Router / Host Routers (CSR1kv) Virtual Private Cloud (VPC) Virtual Network
Switch Networking Gateways (VGW,IGW, TGW) Gateways
Load Balancer Elastic Load Balancing (ELB) ALB
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 374
ACI Anywhere: Public Cloud Extensions
Seamlessly Connect Multiple Data Centers
Multi-Site Orchestrator
Data Center 1
Infra VPC
(ACI Site 1) IPN
IP Network
Nexus 9000
(DC Network) VXLAN User VPC User VPC
L2 Extension
WAN
Local Router
VM
ACI Virtual Edge VM
Nexus 9000
VM VM VM VM VM VM VM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 375
ACI Anywhere: Public Cloud Extensions
Seamlessly Connect Multiple Data Centers
Multi-Site Orchestrator
Data Center 1
Infra VPC
(ACI Site 1) IPN
IP Network
Nexus 9000
(DC Network) VXLAN User VPC User VPC
L2 Extension
WAN
Local Router
VM EPG
Web ACI Virtual
Contract
APPEdge
EPG
Contract VMEPG
DB
SG
Web
SG Rule
SG
APP
SG Rule
SG
DB
Nexus 9000
VM VM VM VM VM VM VM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 375
ACI Anywhere: Public Cloud Extensions
Seamlessly Connect Multiple Data Centers
Multi-Site Orchestrator
Data Center 1
Infra VPC
(ACI Site 1) IPN
IP Network
Nexus 9000
(DC Network) VXLAN User VPC User VPC
L2 Extension
WAN
Local Router
VM EPG
Web ACI Virtual
Contract
APPEdge
EPG
Contract VMEPG
DB
SG
Web
SG Rule
SG
APP
SG Rule
SG
DB
Nexus 9000
VM VM VM VM VM VM VM
Data Center 1
Infra VPC
(ACI Site 1) IPN
IP Network
Nexus 9000
(DC Network) VXLAN User VPC User VPC
L2 Extension
WAN
Local Router
VM EPG
Web ACI Virtual
Contract
APPEdge
EPG
Contract VMEPG
DB
SG
Web
SG Rule
SG
APP
SG Rule
SG
DB
Nexus 9000
VM VM VM VM VM VM VM
Data Center 1
Infra VPC
(ACI Site 1) IPN
IP Network
Nexus 9000
(DC Network) VXLAN User VPC User VPC
Encrypted L2 Extension
Encrypted
WAN
Local Router
VM EPG
Web ACI Virtual
Contract
APPEdge
EPG
Contract VMEPG
DB
SG
Web
SG Rule
SG
APP
SG Rule
SG
DB
Nexus 9000
VM VM VM VM VM VM VM
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 376
Cloud ACI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 376
Cloud ACI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 376
Cloud ACI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 376
Cloud ACI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 376
Cloud ACI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 376
Cloud ACI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 376
Cloud ACI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 376
Virtual Private Network (VPN)
Multisite Orchestrator
VGW
CSR1000V
Customer
Premise AWS
AWS Instances
Internet
Router Internet
Gateway
VM VM VM AWS Instances
User VPC-2
AWS Region
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 377
Virtual Private Network (VPN)
Multisite Orchestrator
Customer
Premise AWS
AWS Instances
Internet
Router Internet
Gateway
VM VM VM AWS Instances
User VPC-2
AWS Region
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 377
Virtual Private Network (VPN)
Multisite Orchestrator
VM VM VM AWS Instances
User VPC-2
AWS Region
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 377
Virtual Private Network (VPN)
Multisite Orchestrator
VM VM VM AWS Instances
User VPC-2
AWS Region
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 377
Virtual Private Network (VPN)
Multisite Orchestrator
VM VM VM AWS Instances
User VPC-2
AWS Region
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 377
Direct Connect (DX)
Multisite Orchestrator
On-Premise
Site A Public Cloud Site B
User VPC-1
VXLAN VGW
BGP-EVPN
Direct Connect (DX) / BGP Underlay CSR1000V AWS Instances
Border Amazon
ACI Leaf DGW/
VGW Infra VPC
VM VM VM
• BGP-EVPN and VXLAN over Direct Connect ACI fabric to User VPC-2
CSR 1000v
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 378
Direct Connect (DX)
Multisite Orchestrator
On-Premise
Site A Public Cloud Site B
User VPC-1
VXLAN VGW
BGP-EVPN
Direct Connect (DX) / BGP Underlay CSR1000V AWS Instances
Border Amazon
ACI Leaf DGW/
VGW Infra VPC
VM VM VM
• BGP-EVPN and VXLAN over Direct Connect ACI fabric to User VPC-2
CSR 1000v
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 378
Policy Mapping - AWS For your info
& reference
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 379
Policy Mapping - Azure For your info
& reference
Network Adapter
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 380
Cloud Hierarchy For your info
& reference
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 381
Virtual Networking Comparison For your info
& reference
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 382
Use case #1: Hybrid-Cloud Deployment
Multi-Site Orchestrator
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 383
Use case #2: Cloud First with Multiple Regions
Cloud APIC
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 384
Use case #3: Multi-Cloud
Multi-Site Orchestrator
https://apic/doc/html/
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 387
Visore – Web Based MO Query and Browser Tool
https://<IP>/visore.html
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 388
Network Monitoring and Troubleshooting Tools
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 389
Capacity Dashboard
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 390
Configuration Rollback
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 391
Endpoint Tracker
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 392
Traffic Map - Visualization
Help visualize and quickly spot high traffic density and underutilized
nodes in the Cisco ACI™ fabric.
A grid is presented with a list of node IDs or vPC pairs on each axis.
Traffic flow between a given pair of nodes or between a vPC pair is
presented using color-coded cells on the heat map.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 393
What is Ftriage
ACI Debugging
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 394
Usability Enhancements 4.1
Unified Reskin
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 395
Usability Enhancements 4.1
Alert List
• User can mark any tab as their favorite tab and they will be navigated to that tab every
time the policy load
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 397
First Time Setup Wizard
4.2
Configuration
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 398
Topology Improvements
4.2
Operations
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 399
Topology Improvements
4.2
Operations
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 399
Topology Improvements
4.2
Operations
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 399
ACI 4.2: Usability Enhancements 4.2
Simplify L3Out in 3 Steps
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ACI App Center Apps
Programmable Infrastructure: Open API’s for Value Added Applications
https://aciappcenter.cisco.com/
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 401
Matthias Wessendorf
ACI Technical Marketing Engineer
Programmability
The APIC REST API is the Core of ACI
Programmability
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 403
The APIC REST API is the Core of ACI
Programmability
REST API
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 403
The APIC REST API is the Core of ACI
Programmability
GUI
REST API
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 403
The APIC REST API is the Core of ACI
Programmability
GUI CLI
REST API
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 403
The APIC REST API is the Core of ACI
Programmability
REST API
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 403
ACI Object Model
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 404
ACI Object Model
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 404
ACI Object Model
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 404
ACI Object Model
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 404
ACI Object Model
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 404
How to Identify Objects
Distinguished Name
fvAp fvAEPg
vzBrCP vzSubj
fabricTopology fabricPod
fabricNode
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 405
How to Identify Objects
Distinguished Name
fvAp fvAEPg
vzBrCP vzSubj
fabricTopology fabricPod
fabricNode
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 405
How to Identify Objects
Distinguished Name
fvAp fvAEPg
vzBrCP vzSubj
fabricTopology fabricPod
fabricNode
EPG in tenant “Cisco” under application “DNS” Interface Eth1/4 on leaf 102 in pod 1
uni/tn-Cisco/ap-DNS/epg1 topology/pod-1/paths-102/pathep-[eth1/4]
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 405
The REST API Exposes the Object Model
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 406
The REST API Exposes the Object Model
http(s)://
http or
https
protocol
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 406
The REST API Exposes the Object Model
http(s):// host:port
http or
APIC host
https
and port
protocol
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 406
The REST API Exposes the Object Model
http or
APIC host API
https
and port Operator
protocol
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 406
The REST API Exposes the Object Model
http or Specify
APIC host API
https Managed
and port Operator
protocol Object or Class
Operator
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 406
The REST API Exposes the Object Model
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 406
The REST API Exposes the Object Model
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 406
The REST API Exposes the Object Model
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 406
The REST API Exposes the Object Model
http://apic/api/mo/uni/tn-Cisco/ap-Software/epg-Download.xml
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 406
The REST API Exposes the Object Model
http://apic/api/mo/uni/tn-Cisco/ap-Software/epg-Download.xml
http://apic/api/class/l1PhysIf.xml?query-target-filter=eq(l1PhysIf.speed,"10G")
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 406
ACI Python SDK
ACI Python SDK, AKA Cobra
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 408
ACI Python SDK, AKA Cobra
• Cobra is a native Python API library that abstracts the APIC REST API
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 408
ACI Python SDK, AKA Cobra
• Cobra is a native Python API library that abstracts the APIC REST API
• Supports lookups, creations, modifications, deletions
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 408
ACI Python SDK, AKA Cobra
• Cobra is a native Python API library that abstracts the APIC REST API
• Supports lookups, creations, modifications, deletions
• Objects in Cobra are a 1:1 representation of objects in the ACI object model
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 408
ACI Python SDK, AKA Cobra
• Cobra is a native Python API library that abstracts the APIC REST API
• Supports lookups, creations, modifications, deletions
• Objects in Cobra are a 1:1 representation of objects in the ACI object model
• All data has client side consistency checks performed
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 408
ACI Python SDK, AKA Cobra
• Cobra is a native Python API library that abstracts the APIC REST API
• Supports lookups, creations, modifications, deletions
• Objects in Cobra are a 1:1 representation of objects in the ACI object model
• All data has client side consistency checks performed
• Packaged as .egg, install with easy_install
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 408
ACI Python SDK, AKA Cobra
• Cobra is a native Python API library that abstracts the APIC REST API
• Supports lookups, creations, modifications, deletions
• Objects in Cobra are a 1:1 representation of objects in the ACI object model
• All data has client side consistency checks performed
• Packaged as .egg, install with easy_install
from cobra.model.fv import Tenant
from cobra.model.pol import Uni
from cobra.mit.request import ConfigRequest
uniMo = Uni('')
t = Tenant(uniMo, 'Tenant1') # We create a tenant as a child of the universe
c = ConfigRequest() # Create a ConfigRequest to contain our new object
c.addMo(t) # Add our tenant to the ConfigRequest
moDir.commit(c) # Commit our configuration request
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 408
Simple 3-Tier App with Cobra
uniMo = Uni('')
t = Tenant(uniMo, 'Tenant1')
ap = Ap(t, 'Exchange')
epg1 = AEPg(ap, 'OWA')
epg2 = AEPg(ap, 'FrontEnd')
epg3 = AEPg(ap, 'MailBox')
ep = RsPathAtt(epg1, tDn =‘topology/pod-1/paths-17/paths-[eth1/1]’,
mode=‘regular’, encap =‘vlan-10’)
c = ConfigRequest()
c.addMo(t)
moDir.commit(c)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 409
Simple 3-Tier App with Cobra
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 409
Ansible for ACI
Ansible for ACI
REST API
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 411
Ansible for ACI
REST API
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 411
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 412
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
You can create
arbitrarily
complex/rich items.
This example shows
how to use a single
play to create
provider or consumer
ACI contracts. No
need to create two
plays (one for
consumer contracts,
one for provider)!
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 414
Query ACI
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Terraform
What is Terraform?
Infrastructure Configuration
Provisioning Tools Management Tools
Ansible
Terraform
Puppet
CloudFormation
Chef
Heat
Salt Stack
ARM templates
CF Engine
…
…
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 417
Terraform introduction
• Terraform is an open-source Infrastructure Provisioning Tool from Hashicorp
• Ansible, Puppet, SaltStack, Chef are Configuration Management Tools
• It is common to combine Terraform and Ansible (or Chef, Puppet, etc.)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 418
Terraform introduction
• While Ansible can provision servers and Terraform can configure resources, key differences are:
1. Terraform keeps state locally
• it knows what is configured vs desired end-state.
2. Terraform defaults to an immutable infrastructure paradigm
• Terraform driven changes often result in a completely new server being deployed
• The existing one is simply destroyed and replaced with a new instance
• Hence the infrastructure is said to be immutable
• Terraform knows what’s actually deployed and compares with your declarative instructions
• Terraform can rectify config drift and re-apply well-known configurations
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 419
Terraform or Ansible?
• Both Ansible and Terraform can coexist
• It’s not an either/or story
• You can use Terraform to spin up VMs from a template then use Ansible once the VM is up for
example
• Likewise with EC2 instances, containers, etc.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 420
Terraform concepts
• Terraform has 3 important building blocks:
• Providers
• Resources
• Read-write resources
• Read-only resources (called data)
• Variables
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 421
Infrastructure as Code with ACI
• ACI stores all configuration as a graph database linking objects together (object model)
• ACI object model is a distributed tree structure that is fully accessible through a REST API
• Every node is a managed object (MO) of a specific class, containing attributes and a
distinguished name (Dn – its unique address in the tree)
API
Root
Tenant
Policy
VRF Universe Fabric Hypervisors
10.10.0.1/24 Virtual
BD Tenants VLANs Network
Nodes
EPG EPG
Applications
VLAN 1001 VLAN 1002
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 422
ACI Provider Resources
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 423
ACI Provider Resources
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 424
ACI Provider Resources
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 425
Connecting to ACI
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 426
Creating a tenant, VRF, BD, EPG
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Manage Relation Source Objects
• ACI leverages objects to build relations to other nodes in different part of the tree
• These objects are represented as arguments under the target Terraform resource
• Example with EPG that can have relation to VMM domain (fvRsDomAtt), Bridge-
Domain (fvBD) and Contract consumer/provider (vzBrCP)
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 428
Manage Relation Source Objects
• ACI leverages objects to build relations to other nodes in different part of the tree
• These objects are represented as arguments under the target Terraform resource
• Example with EPG that can have relation to VMM domain (fvRsDomAtt), Bridge-
Domain (fvBD) and Contract consumer/provider (vzBrCP)
“uni/vmmp-VMware/dom-VDS01”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 428
Manage Relation Source Objects
• ACI leverages objects to build relations to other nodes in different part of the tree
• These objects are represented as arguments under the target Terraform resource
• Example with EPG that can have relation to VMM domain (fvRsDomAtt), Bridge-
Domain (fvBD) and Contract consumer/provider (vzBrCP)
“uni/vmmp-VMware/dom-VDS01”
“Web”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 428
Manage Relation Source Objects
• ACI leverages objects to build relations to other nodes in different part of the tree
• These objects are represented as arguments under the target Terraform resource
• Example with EPG that can have relation to VMM domain (fvRsDomAtt), Bridge-
Domain (fvBD) and Contract consumer/provider (vzBrCP)
“uni/vmmp-VMware/dom-VDS01”
“bd1”
“Web”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 428
ACI example
resource "aci_application_epg" "epg2" {
application_profile_dn = "${aci_application_profile.app1.id}"
name = "epg2"
relation_fv_rs_bd = "${aci_bridge_domain.bd1.name}"
relation_fv_rs_dom_att = ["${data.aci_vmm_domain.vds.id}"]
resource "aci_tenant" "demo" { relation_fv_rs_prov = ["${aci_contract.contract_epg1_epg2.name}"]
name = "${var.tenantName}" }
description = "created by terraform"
} resource "aci_contract" "contract_epg1_epg2" {
tenant_dn = "${aci_tenant.demo.id}"
resource "aci_vrf" "vrf1" { name = "Web"
tenant_dn = "${aci_tenant.demo.id}" }
name = "vrf1"
} resource "aci_contract_subject" "Web_subject1" {
contract_dn = "${aci_contract.contract_epg1_epg2.id}"
resource "aci_bridge_domain" "bd1" { name = "Subject"
tenant_dn = "${aci_tenant.demo.id}" relation_vz_rs_subj_filt_att = ["${aci_filter.allow_https.name}","${aci_filter.allow_icmp.name}"]
relation_fv_rs_ctx = "${aci_vrf.vrf1.name}" }
name = "bd1"
} resource "aci_filter" "allow_https" {
tenant_dn = "${aci_tenant.demo.id}"
resource "aci_subnet" "bd1_subnet" { name = "allow_https"
bridge_domain_dn = "${aci_bridge_domain.bd1.id}" }
name = "Subnet" resource "aci_filter" "allow_icmp" {
ip = "${var.bd_subnet}" tenant_dn = "${aci_tenant.demo.id}"
} name = "allow_icmp"
}
resource "aci_application_profile" "app1" {
tenant_dn = "${aci_tenant.demo.id}" resource "aci_filter_entry" "https" {
name = "app1" name = "https"
} filter_dn = "${aci_filter.allow_https.id}"
ether_t = "ip"
data "aci_vmm_domain" "vds" { prot = "tcp"
provider_profile_dn = "${var.provider_profile_dn}" d_from_port = "https"
name = "GFAB1" d_to_port = "https"
} stateful = "yes"
}
resource "aci_application_epg" "epg1" {
application_profile_dn = "${aci_application_profile.app1.id}" resource "aci_filter_entry" "icmp" {
name = "epg1" name = "icmp"
relation_fv_rs_bd = "${aci_bridge_domain.bd1.name}" filter_dn = "${aci_filter.allow_icmp.id}"
relation_fv_rs_dom_att = ["${data.aci_vmm_domain.vds.id}"] ether_t = "ip"
relation_fv_rs_cons = ["${aci_contract.contract_epg1_epg2.name}"] prot = "icmp"
} stateful = "yes"
}
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 429
Azeem Suleman
Principal Engineer
Network Assurance &
Insights
Managing the Complete Lifecycle
0 1 2
Infrastructure Discover, Assure,
planning, delivery configure monitor and
and installation and secure troubleshoot
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 431
What’s happening on Day 2 and
what needs to change?
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 432
Customer Challenges
Today’s tools do not address modern network needs
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 433
Assure intent
“Ensure the business needs
are consistently maintained”
Cisco Data Center
Network Assurance
and Insights Suite Guarantee Reliability
“Solve problems before they
Transform day 2 networking impact business”
operations from reactive to
proactive
Troubleshoot intelligently
“Highlight the needle in the
haystack”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 434
Day 2 Product Overview
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 435
Network Assurance: How It Works
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 436
User Interface: Centered Around “Smart Events”
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 437
User Interface: Centered Around “Smart Events”
Change
Management
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 437
User Interface: Centered Around “Smart Events”
Incidence and
Change
Problem
Management
Management
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 437
User Interface: Centered Around “Smart Events”
Incidence and
Change Compliance and
Problem
Management Visualization
Management
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 437
Network Insights: How it Works
Extensions to Fabric Controller
App Store
DCNM APIC
Platform
App Hosting Framework App Hosting Framework
App Store App Store
Data collection and ingestion Data correlation and analysis Data visualization and action
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 438
Network Insights Resources
Understand What’s Running In Your Network
Network
Event Analytics
Insights
Resources
Flow Analytics
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 439
Network Insights Resources
Understand What’s Running In Your Network
Resource
Event Analytics Dashboard Analytics
Data Collection
Anomaly
Detection
Remediation
Event Analytics Dashboard Displays Faults, Events, And Audit Logs In A Time Series Fashion.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 440
Network Insights Resources
Understand What’s Running In Your Network
Packet Drops
Latency
Flow Analytics Dashboard Displays Key Indicators Of Infrastructure Data Plane Health.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 441
Network Insights Advisor
Before Network Insights Advisor After Network Insights Advisor
Time to resolve issue in Hours
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 442
Network Insights Advisor
Before Network Insights Advisor After Network Insights Advisor
Time to resolve issue in Hours
Notice/Anomaly Detection 4
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 442
Network Insights Advisor
Before Network Insights Advisor After Network Insights Advisor
Time to resolve issue in Hours
Notice/Anomaly Detection 4
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 442
Network Insights Advisor
Before Network Insights Advisor After Network Insights Advisor
Time to resolve issue in Hours
Notice/Anomaly Detection 4
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 442
Network Insights Advisor
Before Network Insights Advisor After Network Insights Advisor
Time to resolve issue in Hours
Notice/Anomaly Detection 4
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 442
Network Insights Advisor
Before Network Insights Advisor After Network Insights Advisor
Time to resolve issue in Hours
Notice/Anomaly Detection 4
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 442
Network Insights Advisor
Before Network Insights Advisor After Network Insights Advisor
Time to resolve issue in Hours
Notice/Anomaly Detection 4
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 442
Network Insights Advisor
Before Network Insights Advisor After Network Insights Advisor
Time to resolve issue in Hours
Notice/Anomaly Detection 4
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 442
Network Insights Advisor
Before Network Insights Advisor After Network Insights Advisor
Time to resolve issue in Hours
Notice/Anomaly Detection 4
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 442
Network Insights Advisor
Before Network Insights Advisor After Network Insights Advisor
Time to resolve issue in Hours
Notice/Anomaly Detection 4
Success NIA immediately flags anomalies NIA helps prevent Significant OPEX, CAPEX and
metrics and optimizes your network downtimes/outages time savings
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 442
Network Insights Advisor
Before Network Insights Advisor After Network Insights Advisor
Time to resolve issue in Hours
Notice/Anomaly Detection 4
Success NIA immediately flags anomalies NIA helps prevent Significant OPEX, CAPEX and
metrics and optimizes your network downtimes/outages time savings
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 442
Network Insights Advisor
Anomalies
• Compliance, Consistency, unplanned
events
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 443
Network Insights Resources For your info
& reference
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 444
Network Insights Resources For your info
& reference
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 444
Network Insights Resources For your info
& reference
System
• Resource Utilization (fabric wide)
• Trend Monitoring
(rising/falling)
• Fabric Capacity
• Environmental
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 444
Network Insights Resources For your info
& reference
System
• Resource Utilization (fabric wide)
• Trend Monitoring
(rising/falling)
• Fabric Capacity
• Environmental
Operations
• Statistics
• Flow Analytics
• Event Analytics
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 444
Network Insights Advisor For your info
& reference
Notify About Anomalies
Weekly
Sync
NIA
Insight
DB Fabric
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Insights Advisor For your info
& reference
Notify About Anomalies
Weekly
Sync
NIA
Insight
DB Fabric
Monitor 1
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Insights Advisor For your info
& reference
Notify About Anomalies
Weekly
Sync
NIA
2 Detect
Insight
DB Fabric
Monitor 1
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Insights Advisor For your info
& reference
Notify About Anomalies
Known Anomalies
Weekly
Sync Recommend:
Upgrade S/W to NXOS
7.0(3)I7(3) in SAL1820SDRE
NIA
2 Detect
Insight
DB Fabric
Monitor 1
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Insights Advisor For your info
& reference
Notify About Anomalies
Known Anomalies
Weekly
Sync Recommend:
Upgrade S/W to NXOS
7.0(3)I7(3) in SAL1820SDRE
NIA
2 Detect
Insight
DB Fabric
Monitor 1
4 Implement
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Insights Advisor For your info
& reference
Notify About Anomalies
Known Anomalies
Weekly
Sync Recommend:
Upgrade S/W to NXOS
7.0(3)I7(3) in SAL1820SDRE
NIA
2 Detect
Insight
DB Fabric
Monitor 1
4 Implement
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Insights Advisor For your info
& reference
Notify About Anomalies
Known Anomalies
Weekly
Sync Recommend:
Upgrade S/W to NXOS
7.0(3)I7(3) in SAL1820SDRE
NIA
2 Detect
Insight
DB Fabric
Monitor 1
4 Implement
Detect
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Insights Advisor For your info
& reference
Notify About Anomalies
Known Anomalies
Weekly
Sync Recommend:
Upgrade S/W to NXOS
7.0(3)I7(3) in SAL1820SDRE
NIA
2 Detect
Insight
DB Fabric
Monitor 1
4 Implement
Detect Alert
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Insights Advisor For your info
& reference
Notify About Anomalies
Known Anomalies
Weekly
Sync Recommend:
Upgrade S/W to NXOS
7.0(3)I7(3) in SAL1820SDRE
NIA
2 Detect
Insight
DB Fabric
Monitor 1
4 Implement
s
p
NIA
Push
Insight
Notification
DB Fabric
p PSIRT
s S/W
Notify
NIA
p
Push s
Insight
Notification
DB Fabric
p PSIRT
s S/W
Notify
NIA
p
Push s
Insight
Notification
DB Fabric
Monitor 1
p PSIRT
s S/W
Notify
NIA
p
Push s
Insight
Notification
DB Fabric
Monitor 1
p PSIRT
2 Identify Switches
s S/W p p p
Notify
Detected:
PSIRT: SAL1820SDRE
3 Alert / Inform
NIA
p
Push s
Insight
Notification
DB Fabric
Monitor 1
p PSIRT
2 Identify Switches
s S/W p p p
Notify
Detected:
PSIRT: SAL1820SDRE
3 Alert / Inform
Recommend:
Upgrade S/W to NXOS
7.0(3)I7(3) in SAL1820SDRE
NIA
p
Push s
Insight
Notification
DB Fabric
Monitor 1
4 Implement
p PSIRT
2 Identify Switches
s S/W p p p
Notify
Detected:
PSIRT: SAL1820SDRE
3 Alert / Inform
Recommend:
Upgrade S/W to NXOS
7.0(3)I7(3) in SAL1820SDRE
NIA
p
Push s
Insight
Notification
DB Fabric
Monitor 1
4 Implement
p PSIRT
2 Identify Switches
s S/W p p p
Notify
Detect
Detect Alert Remediate
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Insights Advisor For your info
& reference
Notify Me About New Releases
Notifications
Detected:
PSIRT: SAL1820SDRE
3 Alert / Inform
Recommend:
Upgrade S/W to NXOS
7.0(3)I7(3) in SAL1820SDRE
NIA
p
Push s
Insight
Notification
DB Fabric
Monitor 1
4 Implement
p PSIRT
2 Identify Switches
s S/W p p p
Notify
Detect Alert
Detect Alert Remediate
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Insights Advisor For your info
& reference
Notify Me About New Releases
Notifications
Detected:
PSIRT: SAL1820SDRE
3 Alert / Inform
Recommend:
Upgrade S/W to NXOS
7.0(3)I7(3) in SAL1820SDRE
NIA
p
Push s
Insight
Notification
DB Fabric
Monitor 1
4 Implement
p PSIRT
2 Identify Switches
s S/W p p p
Notify
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 447
Let’s start the Day
with few scenario’s
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 448
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 449
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 449
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 449
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 450
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 450
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 450
My Database is
slow!
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 451
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 452
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 453
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 453
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 453
I can’t reach my
Website!
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 454
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 455
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 455
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 455
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 455
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 456
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 456
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 456
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 456
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 456
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 456
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 456
I need to do
Capacity Planning
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 457
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 458
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 459
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 459
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 459
Was my Change
successful?
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 460
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 461
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 462
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 462
Key Takeaways
• Day-2 Operations is a critical!!
• Network Assurance and
Insights capabilities are going
beyond element managers!
• Telemetry is the enabler!
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 463
Conclusions
Network Stack API
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 465
Complete your
online session
survey • Please complete your session survey
after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events
Mobile App or by logging in to the Content
Catalog on ciscolive.com/emea.
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 466
Continue your education
Demos in the
Walk-In Labs
Cisco Showcase
TECDCN-2002 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 467
Thank you