VXLAN Static Ingress Replication

ReneMolenaar · April 22, 2024, 11:48am

This topic is to discuss the following lesson:

fakhrdeen96 · September 12, 2024, 10:03pm

can we create a VXLAN underlay using VLAN interfaces instead of assigning ip-address directly on the physical interface ?

lagapidis · September 14, 2024, 5:46am

Hello Fakhar

Yes, you can create a VXLAN underlay using VLAN interfaces or SVIs. It’s not mandatory to assign IP addresses directly on the physical interface. In fact, using SVIs can provide more flexibility, scalability, and ease of management. You can assign IP addresses to the SVIs and use them as your VTEP endpoints in the underlay network. This can be particularly useful in multi-tenant environments where you need to segregate traffic. Just make sure your network devices support this configuration and the VLANs are properly trunked across the necessary switches.

I hope this has been helpful!

Laz

fakhrdeen96 · September 14, 2024, 4:58pm

not work with runk port only work when make vlan a native or access , i don’t know why ? can you help me please

lagapidis · September 16, 2024, 8:29am

Hello Fakhar

The configuration requires that you configure the Eth1/1 ports of the Leaf switches as routed ports and the Eth1/2 ports (connecting the PCs) as access ports. If you configure either of those ports as trunk ports the VXLAN topology will not function. This is because you need routing capabilities between the Leaf switches, and you need the PCs to connect to access ports on particular VLANs.

I hope this has been helpful!

Laz

amp260177 · September 17, 2024, 5:05pm

Hi Rene What is the switch you use for vxlan lab and ios version?

lagapidis · September 19, 2024, 4:30am

Hello Alpesh

Rene used Cisco Nexus (NX-OS) 9000v switches on CML. The specific version is 10.3(1) and the image file is nxos64-cs.10.3.1.F.bin.

I hope this has been helpful!

Laz

kannan.rhce · October 16, 2024, 12:24pm

How do we integrate the ubuntu container in EVE-ng do we have steps for that?

lagapidis · October 18, 2024, 6:09am

Hello Kannan

We don’t have steps for this, but you can go to the following support site from EVE-NG that explains in detail how to do this.

https://www.eve-ng.net/index.php/documentation/howtos/howto-create-own-linux-host-image/

I hope this has been helpful!

Laz

Giovanni · February 2, 2025, 8:32pm

Is possible to mix vlan mapped to the same VNI?

lagapidis · February 3, 2025, 11:41am

Hello Giovanni

As with many such questions, the answer is “it depends.” It also begs the question “why would you want to do that”. So here goes with my answer.

On most network devices, it is not possible to assign multiple VLAN IDs to the same VNI on the same VTEP. Each VLAN is mapped to a unique VNI within a given VTEP, maintaining a strict one-to-one VLAN-to-VNI mapping. For Cisco Nexus devices this is indeed the case, but some other vendors may implement it slightly differently, allowing for certain exceptions.
- (Note that there are ways around this limitation, such as using QinQ, where you use a VLAN ID that is mapped to the VNI on the outer tag, and then you can use whatever you want on the inner tag.)
It is possible to assign multiple VLAN IDs to the same VNI on different VTEPS, but with some important restrictions. This setup is known as “VLAN normalization,” where different VLAN IDs on separate VTEPs are mapped to a common VNI.
For example:
- Traffic from VLAN 100 on VTEP1 enters VXLAN and is encapsulated in VNI 5000.
- When it reaches VTEP2, it is decapsulated and forwarded into VLAN 200.
  This works because VXLAN is “agnostic” to the local VLANs once the traffic is encapsulated. This means that the VNI becomes the “real” identifier of the Layer 2 domain in the overlay. And essentially, VLAN 100 on VTEP1 and VLAN 200 on VTEP2 are actually part of the same Layer 2 domain!

Because VLANs are only locally significant in such a scenario, you can indeed do this.

For more information, take a look at the VXLAN VLAN to VNI mapping NetworkLessons note.

I hope this has been helpful!

Laz

albazi.aq · February 6, 2025, 10:48pm

Greetings,
i am labbing vxlan in EVE-NG with nxos.9.3.1.bin, all my config and my show output is exactly how it shows in your vxaln with static ingress replication, but still cannot ping crosse, any idea?
thanks for your help in advance.

lagapidis · February 8, 2025, 7:00am

Hello Aqeel

In the lab, there are two ping tests that are employed, one for the underlay and one for the overlay network. Initially, the underlay network in section 2.1 is tested, and must use a source of the loopback address like so:

LEAF1# ping 2.2.2.2 source 1.1.1.1

The ping is attempted from loopback to loopback between the Leaf switches. If that is unsuccessful, you should then examine your underlay configuration.

If however this is successful, and it is the overlay ping that is failing, from S1 to S2, then you should go through all of the verification steps that appear in the lesson in section 2.2, to ensure that the show commands you see in the lesson match yours as well.

If you proceed in this way, you should be able to find the misconfiguration causing your problem. Let us know how you get along and if we can be of any further help!

I hope this has been helpful!

Laz

albazi.aq · February 9, 2025, 1:01am

Hi Laz,
thanks for the reply and I appreciate it.
it was a mistake from my side, everything looks good now.