Fabulous series, concise and to the point. Exactly the right style of presentation, no fluff to wade through and all concepts explained to just the right level of detail with minimum repetition. I'll be referring back to this series a lot in future!
Really enjoy how you go through all the configuration for both switches with explanations for the commands. Makes it easy to follow along while configuring it yourself.
Pretty good series and a kick start for anyone who is new into VXLANs. Two things worth mentioning. First if you are running a VPC between your Nexus switches you need to add a secondary IP address to your loopback0 interface, the IP is the same for both devices and will be shared if they need to communicate to other nve peers. Your VPC will fail due to consistency reasons otherwise. Second and not so important, show nve peers will have empty output until there is bidirectional traffic.
Your explanation is crisp and superb. I am learning VxLAN first time and it seems closely related to traditional L2, L3 VLAN with several new added feature such as Anycast and improved MAC/ARP learning. Thanks for your video
I agree with Dan Le words: the BEST explanation I see so far about VXLAN. Also generally the best technical video explanation I had the luck to watch. Thanks a Lot!!!!
Watched all 6 videos, very good work. Have made notes for each video. Can see the hardwork to put these videos together that explain VXLAN un best possible way.
Fantastic series, I've learned both the leaf/spine concept which several other videos failed in doing, and VxLAN! The first 4 videos were excellently paced and pedagogical, but the last 2 kind of sped up and got too much in too short time with less room left for explanation. Kind of almost threw me off there but I managed to understand most of it. If you ever redo the recordings, please revise/extend the last 2 :)
I absolutely agree with this entire post. What I had to do was slow down the recording to 75%. It was a little inconvenient, but it allowed me to keep up.
not so fantastic as it lacks precise explanation. If you understood it clearly, please explain why there are VNIs 5000 and 5005 in parallel to L3VNI 900001?
@@atexnik Initially its very difficult to understand but its like VLAN and SVI concept... Here 5000 and 5005 are L2 VNI and to make them communicate we need a L3 VNI which is 900001.. Similarly for Tenant-2 we don't need a L3VI which is 900002 just L2VNI 6000 should be sufficient.. Correct me if I am wrong.
It is very helpful and simply described for beginners with VXLAN. I work since two weeks on VXLAN, I thought it was complicated, but with your videos, all will be clear for me in the evening when I watched the VXLAN series videos. Thank you very much !!!!!!!!!!!!! ;)
Thanks very much. You broke down the technology I have been fighting with myself to understand. You walked me over the water to cross the pond of VXLAN :-)
Very good content, it's clear and well explained even for a non-native English speakers. I also loved the introduction video (I'll probably re-watch arrested development tonight ;-) ). Thanks for your great work.
Absolutely loved this series, we will likely be deploying vxlan in the data center this year and the way you've demonstrated it and explained it answered a few questions I had about it. Whilst the configuration is slightly complex using evpn, it's significantly less complex than our current data center network design. VXLAN actually seems to simplify things a lot. Would love to see more videos around services connected to your VTEPs like firewalls, load balancers, edge routers etc for external connectivity.
Thanks Jarryd, There's not much that's special with external devices like firewalls, etc. They are just connected like any other host. Is there something specific that you were thinking of?
@@NetworkDirection I'm currently about to go through a DC refresh, multi site, multihomed to two different transit providers, two pairs of load balancers and two pairs of firewalls and one pair of VPN concentrators, some vendors Suggest you connect services to the spine, others suggest you connect them to a single 'services vtep' others suggest uplinking them to two services VTEPs for redundancy etc, every vendor seems to do something different. I guess I was after a real world example, my thought process was uplink them to two VTEPs for the resiliency and treat them like any other host, which I assume is what your recommendation would be too. Further to that, we're a multi site design and we want to avoid a super spine layer for now, but is the best practice to link sites via a pair of "border leafs"? Because another vendor other than Cisco recommends doing DCI's on the spine.
Thank you for explaining how Cisco does VXLAN. I had just about understood VMware NSX so this was really useful. Lots of new terms to use and I'll need to read more to get it straight in my head.
You're very welcome. There wasn't enough intro information on this when I was looking, which is why I created this series. It's good to hear that it's helping.
A very well explained and precise video series on VxLan. It will be great if another video of multi-site (inter data center) can be added so it will provide more insight for data centers migration.
I am looking at video minute 9:38 and Now I got lost, why do you use vlan 101 If it´s not in your layout? Where this VLAN 101 comes from and what for used? As far as I see, there is only vlan 1000, vlan 900 and Vlan 1001. Please explain me the reason for using vlan 101?
Thanks for your explanations, examples and quick replies on comments. I would also like to put another request in for EVPN from you. Another request would be for how this underlay/overlay environment compares to Cisco ACI. I saw some of those queries in some of the others videos in this series. Thanks for series! Well done!
Thanks for the video. Did we really need to add VLAN 1000/VNI 5000 to Switch02 (since there are no servers on that VLAN on that switch) or VLAN 1001/VNI 5005 to Switch01? My understanding is that when we're using "Symmetric IRBs" (that is, using a L3 VNI to route between the L2 VNIs), then we don't need to have all the L2 VNIs on all the VTEPs and that resolves scaling issues.
Perfect series. Thanks a lot!. I know there is lot of information specially in this video. I need to see this particular part atleast 3 times more to absorb it properly :)
Thanks for the great tutorial on VXLAN. I have a question about the network diagram. In the beginning, the host on vlan 1001 has an ip of 192.168.10.20/24. At 11:23, the host IP change to 192.168.0.20/24. Is that a typo? I am trying to following along your tutorial from GNS3.
Your explanation is very fantastic, easy to understand. May i have question to you that why you need anycast "fabric forwarding anycast-gateway-mac" while in the NVE you have set ingress-replication protocol bgp ? I hope i could have advise from you. thanks
ingress replication is how the VTEPs handle BUM traffic. The anycast gateway is so clients can use the local switch as their default gateway, regardless where in the fabric they are.
Great series, i am sure you heard this before. My questions is, why there are no more content? we need ACI content, overlay security architecture examples and many more
Within L3VNI 90001 (separated VRF for this L3VNI): Would you please elaborate the steps involved with Hosts in VNI-L2-Domain-5000 to communicate with Hosts in VNI-L2-Domain-5005? How they use the Distributed AnyCast Gateways and L3VNI? Also, steps involve when Host in L3VNI 9001 to communicate with Host in L3VNI 900002? Thanks, Dan
The L3VNI uses a VRF. This makes it a tenant boundary, like VRF's in an MPLS L3VPN. Hosts in one L3VNI will not be able to communicate with a host in another L3VNI, unless you enable route leaking (route-target import/export) or use an external router. Hosts within the same L3VNI, but in different L2VNI's are separated in the same way that VLANs separate hosts. Each L2VNI can have a subnet, and they are in the same routing table. This means that the switch can perform the routing natively. An L2VNI will have an IP address that's the same on each switch in the fabric. The host uses this IP as the default gateway. As all switches have the same IP, they become anycast gateways, as any of them can respond to first-hop requests. Does that help?
L3VNI: If I have multiple VRFs/VIN-Domains within the VxLAN fabric, I need to perform L3VNI's route leaking (route-target import/export) - correct? (I think I got this part right n from your reply). But to communicate with External networks: the L3VNI of one VRF/VNI-Domain needs to exchange EBGP with external routers - correct? (I also think I got this part right from your reply) L2VNI: So the Distributed AnyCast Gateway is the L2VNI-IP-Address for each L2VNI-bridge-domain (similar as a SVI for a VLAN) - correct? L2VNI: Hosts within the same L3VNI, but in different L2VNI's are separated in the same way that VLANs separate hosts: The VxLAN perform ROUTING between L2VNI's using the "Distributed AnyCast Gateway IP addresses of each L2VNI-bridge-domain (similar as ROUTING between SVIs for different VLANs) - correct? L2VNI: Can I have different subnets in a L2VNI? Thanks, Dan
Yes, different L3VNI's are separate routing tables, so you need route leaking or an external router to communicate between them. To access an external network, you need to peer with an external router too. This might be with BGP, or an IGP with route redistribution. Yes, the Anycast Gateway is much like an SVI for a VLAN. The difference is that the same IP is used on all switches. Yes, VXLAN (L2VNI) is like enhanced VLANs. BGP can route between L2VNI's. If you are not using BGP/Control plane learning (that is, if you're using flood and learn), then you need an external router to handle routing. You could, in the same way that you could have different subnets in a VLAN. It's not recommended though.
Excellent video, it helped me a lot, thank you a lot, this was extrmely easy to understand this time if I compare this to the training I was provided in my job haha. BTW at the end for tenant 2 I have the feeling you forgot to add the VRF for tenant 2 under BGP process. Maybe I missed I dont know but looks like working at the end :)
Fantastic, I have only had one doubt, Supress ARP is configured in order not to flood the local switch, but if the consumption of said traffic is only local, is suppress ARP necessary? Is Supress ARP a necessity when we talk about CP ??
Thanks a lot for sharing, very clear and useful for those who have learned VxLAN with another vendor. Do you have any example of interop Cisco-Juniper?
the best explanation and demonstration about VXLAN on RUclips. I am learning VXLAN from SD-Access perspective. So, the control plane is LISP in case of SD-Access instead of BGP(Of course there are other differences as well from the Data Center, including the physical topology), which I am not concerned right now. I want to know the data plane flow compared with dot1q and MPLS encapsulations. I wish I can share some images. So, I want to know if my summary below is accurate: VRF maps to L3 VNI VLAN maps to L2 VNI Also, why do you create VLANs 101 and 102 which are not in your topology or design? Thank you,
I think he just messed up a lot in this config. It doesn't match the diagram. I also don't understand why there are VNI 5000/5005 in addition to L3VNI 900001?
Gday mate great series - no longer have access to Cisco kit just Cumulus - How does anycast play with next hop devices like Firewalls? Guessing via an exit leaf should be all sweet - looking forward to more - JB.Sydney
Yeah, a border leaf is exactly right. It goes a bit beyond what we've covered in this series though. Basically, anycast gateway is used as a first hop for hosts connected to the fabric. The switches will then need a route to the next hop. You can put this straight into BGP, or redistribute it in through some other means
Hi! Thanks for this informative series. I have a question - let's assume on your network example that we do not have a e1/1 and e1/2 pointing toward a server but we have only e1/1 pointing to a standard, L2 ethernet switch capable of doing vlans. How should configuration of e1/1 look then to transport vlan 1000 between two Nexus N9K e1/1 further to switches capable of doing simple L2 vlan? Thanks in advance.
Great videos to watch!!! Can you please share the differences for configuring this in juniper boxes like QFX10k or ACX7k. Also if possible please make a video on that. Just out of box if you could please make a video series on evpn-mpls would love to view it.
Thanks for this video series, it was very helpful in understanding VxLAN. Unrelated question...how did you get your putty output to show different colors rather than just one?
You have to be careful with mixing tenant traffic in the underlay (global routing table). If you're doing it to access a shared service, such as the internet, then consider adding a firewall to a border leaf. The firewall can have an interface (or subinterface) in each tenancy, and a shared 'outside' interface connected to the internet. This way, you still secure the boundary where your traffic mixes.
I would consider using a different VRF for the underlay routing, and connecting your firewall to a leaf. The firewall can aggregate the traffic from the overlay to the other parts of the network (internet, WAN, etc) in global.
I would consider using a different VRF for the underlay routing, and connecting your firewall to a leaf. The firewall can aggregate the traffic from the overlay to the other parts of the network (internet, WAN, etc) in global.
I would consider using a different VRF for the underlay routing, and connecting your firewall to a leaf. The firewall can aggregate the traffic from the overlay to the other parts of the network (internet, WAN, etc) in global.
Hi, It was a great explanation and good content. I watched the whole series. I'm a newbie here and one question that came to me is, if we are mapping one VLAN per VNI as recommended then doesn't the number of VNIs limited to the number of VLANs? Could you give a small example if it's not the case
Thanks for watching the series! The VLAN mapping is per switch, so for example, you might have VLAN 10 mapped to VNI 90010 on one switch, and VLAN 10 mapped to VNI 53010 on another switch. If you have a massive fabric (like AWS, Azure, GCP, etc) you can have unique VNI's across the globe. However, the VLANs only need to remain unique to the local switch or fabric.
Very well explained. Would request if you can share the configs shown here as well, This will help to lab it and do it self. Even suggest the iOS version being used here. Having the command shown here will be helpful to match and correct wherever required.
I recommend: networkdirection.net/VxLAN+EVPN+Configuration The book (affiliate): click.linksynergy.com/link?id=RL4E*8CmbSY&offerid=145238.2463561&type=2&murl=http%3A%2F%2Fwww.ciscopress.com%2Ftitle%2F9781587144677
Fabulous series, concise and to the point. Exactly the right style of presentation, no fluff to wade through and all concepts explained to just the right level of detail with minimum repetition. I'll be referring back to this series a lot in future!
Wow. After Part 6 I now know why people goes ACI to overcome this configuration efford. Thanks for this deep look inside.
Really enjoy how you go through all the configuration for both switches with explanations for the commands. Makes it easy to follow along while configuring it yourself.
We implemented ACI about 2 years ago but having a review on the capabilities is very enlightening. Who possibly thinks up this stuff? Genius
.
Thank you very much for creating this. It gives a quick and wonderful summary.
Pretty good series and a kick start for anyone who is new into VXLANs. Two things worth mentioning. First if you are running a VPC between your Nexus switches you need to add a secondary IP address to your loopback0 interface, the IP is the same for both devices and will be shared if they need to communicate to other nve peers. Your VPC will fail due to consistency reasons otherwise. Second and not so important, show nve peers will have empty output until there is bidirectional traffic.
That's a good point Krasimir. vPC does add a whole new spin on it
Outstanding series on VXLAN. The depth, width and clarity of topics is outstanding....
Thanks Nischal!
I was looking for tutorial to understand VxLAN and this is the best video series I found so far to understand VxLAN with lab.
Glad to hear that!
Your explanation is crisp and superb. I am learning VxLAN first time and it seems closely related to traditional L2, L3 VLAN with several new added feature such as Anycast and improved MAC/ARP learning. Thanks for your video
I agree with Dan Le words: the BEST explanation I see so far about VXLAN. Also generally the best technical video explanation I had the luck to watch. Thanks a Lot!!!!
You're most welcome :)
Thanks for the great feedback, this is really encouraging
Watched all 6 videos, very good work. Have made notes for each video. Can see the hardwork to put these videos together that explain VXLAN un best possible way.
Glad you like them!
I bookmarked these videos as a reference guide. Indeed it's an excellent video series on evpn
Thanks Karthikeyan! It's good to hear you say that!
Fantastic series, I've learned both the leaf/spine concept which several other videos failed in doing, and VxLAN! The first 4 videos were excellently paced and pedagogical, but the last 2 kind of sped up and got too much in too short time with less room left for explanation. Kind of almost threw me off there but I managed to understand most of it. If you ever redo the recordings, please revise/extend the last 2 :)
I absolutely agree with this entire post. What I had to do was slow down the recording to 75%. It was a little inconvenient, but it allowed me to keep up.
I agree. the last 2 really condensed a lot into a little space.
not so fantastic as it lacks precise explanation. If you understood it clearly, please explain why there are VNIs 5000 and 5005 in parallel to L3VNI 900001?
@@atexnik Initially its very difficult to understand but its like VLAN and SVI concept... Here 5000 and 5005 are L2 VNI and to make them communicate we need a L3 VNI which is 900001.. Similarly for Tenant-2 we don't need a L3VI which is 900002 just L2VNI 6000 should be sufficient.. Correct me if I am wrong.
It is very helpful and simply described for beginners with VXLAN. I work since two weeks on VXLAN, I thought it was complicated, but with your videos, all will be clear for me in the evening when I watched the VXLAN series videos. Thank you very much !!!!!!!!!!!!! ;)
PERFECT , NEVER SEEN ANYONE DESCRIBED VXLAN BETTER THAN IN THIS SERIES A+++
And A+++ to you for watching!
thank you for these series. I understood finally, the diff. between the terminology and more important, the diff between DP learning and CP learning!
Really good to hear that this is helping you!
Excellent video series on VXLAN It just simply hit all the necessary keys to understanding and implementing VXLAN Thank You!!!!.
Great Educational Videos on VXLAN . Clear & Well explained . Thank you.
BEST explanation I see so far about VXLAN. Very good Technique. you are talented
Thanks!
Thanks very much. You broke down the technology I have been fighting with myself to understand. You walked me over the water to cross the pond of VXLAN :-)
You're very welcome
This series has me wanting to throw together a lab! Great content and even better teaching! You just got a new subscriber.
Very good content, it's clear and well explained even for a non-native English speakers. I also loved the introduction video (I'll probably re-watch arrested development tonight ;-) ). Thanks for your great work.
I don't think everyone gets the Arrested Development reference 😀
Many Many thanks for making again complex topic into very simple and it cleared my basic concepts which I was struggling hard.... !!!
Absolutely loved this series, we will likely be deploying vxlan in the data center this year and the way you've demonstrated it and explained it answered a few questions I had about it. Whilst the configuration is slightly complex using evpn, it's significantly less complex than our current data center network design. VXLAN actually seems to simplify things a lot.
Would love to see more videos around services connected to your VTEPs like firewalls, load balancers, edge routers etc for external connectivity.
Thanks Jarryd,
There's not much that's special with external devices like firewalls, etc. They are just connected like any other host.
Is there something specific that you were thinking of?
@@NetworkDirection I'm currently about to go through a DC refresh, multi site, multihomed to two different transit providers, two pairs of load balancers and two pairs of firewalls and one pair of VPN concentrators, some vendors Suggest you connect services to the spine, others suggest you connect them to a single 'services vtep' others suggest uplinking them to two services VTEPs for redundancy etc, every vendor seems to do something different. I guess I was after a real world example, my thought process was uplink them to two VTEPs for the resiliency and treat them like any other host, which I assume is what your recommendation would be too.
Further to that, we're a multi site design and we want to avoid a super spine layer for now, but is the best practice to link sites via a pair of "border leafs"? Because another vendor other than Cisco recommends doing DCI's on the spine.
Brilliant...I have to say, very nicely put together and crisply explained....Thank you so very much
Thanks!
Part6 took most of the time to understand. Hope there can be more easier way.
Thank you for explaining how Cisco does VXLAN. I had just about understood VMware NSX so this was really useful.
Lots of new terms to use and I'll need to read more to get it straight in my head.
You have done an excellent work in educating this complex bit.
I am very new to vxlan, this videos helped me a lot in understanding the vxlan basics including the leaf and spine switches and vni id's.
Superb series. Simple but great tutorial. Thank you so much.
Glad to hear this has been helpful :)
great series, well explained. best video I've seen on VXLAN, I understand much better after watching this series
That’s good to hear Philip!
Great series of videos covering VXLan. Thanks for taking the time to educate us lessor mortals :-)
You're very welcome. There wasn't enough intro information on this when I was looking, which is why I created this series.
It's good to hear that it's helping.
Excellent Video and really simplified explanations !!!!
So good to hear that you like it!
Very nice series, Thank you for this. along with the theory comes a practical example and just what I needed!
Thank you! Glad you like it
solid description on the VXLAN technology. Many thanks...
really clear and categorized route map and explanations
Glad it was helpful!
You make it look easy. Thanks for the well done tutorial.
A very well explained and precise video series on VxLan.
It will be great if another video of multi-site (inter data center) can be added so it will provide more insight for data centers migration.
It's a good idea. I haven't used multi-site yet, so I'll need a bit more research
Amazing work my friend !!! Keep them going!!
I am looking at video minute 9:38 and Now I got lost, why do you use vlan 101 If it´s not in your layout? Where this VLAN 101 comes from and what for used? As far as I see, there is only vlan 1000, vlan 900 and Vlan 1001. Please explain me the reason for using vlan 101?
I'm confused by this as well, he seems to be skipping this exact question in the comment section as well.
Thank you very much for this series. This has helped me a lot.
You're welcome!
Thanks for your explanations, examples and quick replies on comments. I would also like to put another request in for EVPN from you. Another request would be for how this underlay/overlay environment compares to Cisco ACI. I saw some of those queries in some of the others videos in this series. Thanks for series! Well done!
Excellent series, great explanation
Thank you!
This Videos Series are great!! Thanks a lot for the effort on uploading such a neat work. Outstanding.
You're welcome John! Thanks for the comment.
Excellent video for vxlan evpn
Thank you!
Well explained in simple and direct way .... Thank you
Thanks. I hope it provides some practical use to you
VERY HELPFUL THANKS NETWORK DIRECTION!
You're very welcome, glad you like it
Thanks for the video. Did we really need to add VLAN 1000/VNI 5000 to Switch02 (since there are no servers on that VLAN on that switch) or VLAN 1001/VNI 5005 to Switch01? My understanding is that when we're using "Symmetric IRBs" (that is, using a L3 VNI to route between the L2 VNIs), then we don't need to have all the L2 VNIs on all the VTEPs and that resolves scaling issues.
That's a good question. In the real world, yes that's right. You wouldn't need to put the VLAN/VNI on all switches. It's shown here for the example
Great to begin Vxlan world. Thank you boss :)
Well done! Very informative and professional!
Thank you, and thanks for watching!
Man that was excellent I’m ready to fire up my EVE-NG LAB
just a perfect series , great job !!
Thanks!
Perfect series. Thanks a lot!. I know there is lot of information specially in this video. I need to see this particular part atleast 3 times more to absorb it properly :)
Very good information this series was. I enjoyed it and learned a lot. Thanks!
Thanks Isaiah, it's good to hear that you enjoyed the whole series
Thanks for the great tutorial on VXLAN. I have a question about the network diagram. In the beginning, the host on vlan 1001 has an ip of 192.168.10.20/24. At 11:23, the host IP change to 192.168.0.20/24. Is that a typo? I am trying to following along your tutorial from GNS3.
I noticed the same. Maybe the author can follow up to clarify for us.
yeah, that would be a typo
Loved it! Thank you.
You're welcome!
Your explanation is very fantastic, easy to understand. May i have question to you that why you need anycast "fabric forwarding anycast-gateway-mac" while in the NVE you have set ingress-replication protocol bgp ? I hope i could have advise from you. thanks
ingress replication is how the VTEPs handle BUM traffic. The anycast gateway is so clients can use the local switch as their default gateway, regardless where in the fabric they are.
@@NetworkDirection Thank you for your reply, i use your topology and config in my lab. is it possible the BGP between VTEP use different AS ?
Very very helpfull and really nicely explained... gj man, respect!
Thanks Garan! Thanks for watching our videos! Have a great day 😀
Greatttt you are a Saviour...
This series was perfect. Good explanation! Congrats!
Glad you liked it!
Hello,
I really liked the way you explain the VxLAN technology, simillarly can you make videos on EvPN as well.
Thanks Suprit,
EVPN is something I need to dig into. It's on my list
Thank you for the series !!
Great series, i am sure you heard this before. My questions is, why there are no more content? we need ACI content, overlay security architecture examples and many more
great series!
Glad you like it!
Really enjoyed this.....gonna watch all 6 again to get this down....
Nice to hear that you enjoyed it! Watch it as many times as you need 😀
Thank you for VxLAN explanation
Within L3VNI 90001 (separated VRF for this L3VNI): Would you please elaborate the steps involved with Hosts in VNI-L2-Domain-5000 to communicate with Hosts in VNI-L2-Domain-5005? How they use the Distributed AnyCast Gateways and L3VNI?
Also, steps involve when Host in L3VNI 9001 to communicate with Host in L3VNI 900002?
Thanks, Dan
The L3VNI uses a VRF. This makes it a tenant boundary, like VRF's in an MPLS L3VPN. Hosts in one L3VNI will not be able to communicate with a host in another L3VNI, unless you enable route leaking (route-target import/export) or use an external router.
Hosts within the same L3VNI, but in different L2VNI's are separated in the same way that VLANs separate hosts. Each L2VNI can have a subnet, and they are in the same routing table. This means that the switch can perform the routing natively.
An L2VNI will have an IP address that's the same on each switch in the fabric. The host uses this IP as the default gateway. As all switches have the same IP, they become anycast gateways, as any of them can respond to first-hop requests.
Does that help?
L3VNI: If I have multiple VRFs/VIN-Domains within the VxLAN fabric, I need to perform L3VNI's route leaking (route-target import/export) - correct? (I think I got this part right n from your reply). But to communicate with External networks: the L3VNI of one VRF/VNI-Domain needs to exchange EBGP with external routers - correct? (I also think I got this part right from your reply)
L2VNI: So the Distributed AnyCast Gateway is the L2VNI-IP-Address for each L2VNI-bridge-domain (similar as a SVI for a VLAN) - correct?
L2VNI: Hosts within the same L3VNI, but in different L2VNI's are separated in the same way that VLANs separate hosts: The VxLAN perform ROUTING between L2VNI's using the "Distributed AnyCast Gateway IP addresses of each L2VNI-bridge-domain (similar as ROUTING between SVIs for different VLANs) - correct?
L2VNI: Can I have different subnets in a L2VNI?
Thanks,
Dan
Yes, different L3VNI's are separate routing tables, so you need route leaking or an external router to communicate between them. To access an external network, you need to peer with an external router too. This might be with BGP, or an IGP with route redistribution.
Yes, the Anycast Gateway is much like an SVI for a VLAN. The difference is that the same IP is used on all switches.
Yes, VXLAN (L2VNI) is like enhanced VLANs. BGP can route between L2VNI's. If you are not using BGP/Control plane learning (that is, if you're using flood and learn), then you need an external router to handle routing.
You could, in the same way that you could have different subnets in a VLAN. It's not recommended though.
Excellent video, it helped me a lot, thank you a lot, this was extrmely easy to understand this time if I compare this to the training I was provided in my job haha. BTW at the end for tenant 2 I have the feeling you forgot to add the VRF for tenant 2 under BGP process. Maybe I missed I dont know but looks like working at the end :)
Nicely spotted, I think you're right!
Nicely explained. Can I please request for an additional video explaining how an external network can connect to your lab topology.
Thanks for the suggestion, I'll think about that one
Fantastic, I have only had one doubt, Supress ARP is configured in order not to flood the local switch, but if the consumption of said traffic is only local, is suppress ARP necessary? Is Supress ARP a necessity when we talk about CP ??
I LOVED IT
Thanks!
great series
Thanks a lot for sharing, very clear and useful for those who have learned VxLAN with another vendor. Do you have any example of interop Cisco-Juniper?
the best explanation and demonstration about VXLAN on RUclips.
I am learning VXLAN from SD-Access perspective. So, the control plane is LISP in case of SD-Access instead of BGP(Of course there are other differences as well from the Data Center, including the physical topology), which I am not concerned right now. I want to know the data plane flow compared with dot1q and MPLS encapsulations. I wish I can share some images.
So, I want to know if my summary below is accurate:
VRF maps to L3 VNI
VLAN maps to L2 VNI
Also, why do you create VLANs 101 and 102 which are not in your topology or design?
Thank you,
Nicely explained, Will be great if you can do a video on Multicast + BGP (Control Plane Learning)
Thanks, I'll keep that in mind
Hi! Thanks for GREAT series! I have a question: why you've created vlans 101 amd 102 - but they are NOT used elsewhere in config?
I think he just messed up a lot in this config. It doesn't match the diagram. I also don't understand why there are VNI 5000/5005 in addition to L3VNI 900001?
Very good video, i enjoyed watching and learnt a lot, thank you.
Really nice video help a lot to understand in short time...
That’s good to hear, thanks for the feedback
Love this small series you got something focus on multicast by any chance !!
Multicast is a good idea. It's already on my list of possible series to make. I just need more time in my day!
Gday mate great series - no longer have access to Cisco kit just Cumulus - How does anycast play with next hop devices like Firewalls? Guessing via an exit leaf should be all sweet - looking forward to more - JB.Sydney
Yeah, a border leaf is exactly right. It goes a bit beyond what we've covered in this series though.
Basically, anycast gateway is used as a first hop for hosts connected to the fabric. The switches will then need a route to the next hop. You can put this straight into BGP, or redistribute it in through some other means
Your a hero my dude keep the vids up learnt alot.
Great stuff! well done!
Hi! Thanks for this informative series. I have a question - let's assume on your network example that we do not have a e1/1 and e1/2 pointing toward a server but we have only e1/1 pointing to a standard, L2 ethernet switch capable of doing vlans. How should configuration of e1/1 look then to transport vlan 1000 between two Nexus N9K e1/1 further to switches capable of doing simple L2 vlan? Thanks in advance.
Thanks So much.. I iwll try this lab on a 9000v (nxosv-final.7.0.3.I7.5) on GNS VM
You are a Star
Let me know how you go! I haven’t tried it in 9000v yet
Thanks for the training, its really worth it.
Great videos to watch!!!
Can you please share the differences for configuring this in juniper boxes like QFX10k or ACX7k.
Also if possible please make a video on that.
Just out of box if you could please make a video series on evpn-mpls would love to view it.
Thanks for this video series, it was very helpful in understanding VxLAN. Unrelated question...how did you get your putty output to show different colors rather than just one?
Thanks Rob,
I get asked this question a lot, so I created a video showing how it's done:
ruclips.net/video/fRxXiAVadA0/видео.html
you rock!!!!! thanks for your excellent presentation.
You're welcome Carlos, I'm glad the video made sense 🙂
You nailed it mate!!!
Awesome!!!
Very good video. best one around!
What is the best way to allow L3 traffic in and out from the global routing table to the tenate VRF?
You have to be careful with mixing tenant traffic in the underlay (global routing table).
If you're doing it to access a shared service, such as the internet, then consider adding a firewall to a border leaf. The firewall can have an interface (or subinterface) in each tenancy, and a shared 'outside' interface connected to the internet.
This way, you still secure the boundary where your traffic mixes.
@@NetworkDirection what if its just a single enterprise network thats already behind a FW? is route- leaking from global the only way to do this?
I would consider using a different VRF for the underlay routing, and connecting your firewall to a leaf.
The firewall can aggregate the traffic from the overlay to the other parts of the network (internet, WAN, etc) in global.
I would consider using a different VRF for the underlay routing, and connecting your firewall to a leaf.
The firewall can aggregate the traffic from the overlay to the other parts of the network (internet, WAN, etc) in global.
I would consider using a different VRF for the underlay routing, and connecting your firewall to a leaf.
The firewall can aggregate the traffic from the overlay to the other parts of the network (internet, WAN, etc) in global.
Thanks a lot for Such Nice Explaination.
😀
Good videos. But does this configuration work between two Catalyst 9500 as well? With differenct commandos of course.
I haven’t had an opportunity to try, but yes.
What you’re looking for is called the ‘campus fabric’
Catalyst 9500 that is use LISP plus vxlan encapsulation
Thank you, very educating.
you're welcome!
Hi, It was a great explanation and good content. I watched the whole series. I'm a newbie here and one question that came to me is, if we are mapping one VLAN per VNI as recommended then doesn't the number of VNIs limited to the number of VLANs? Could you give a small example if it's not the case
Thanks for watching the series!
The VLAN mapping is per switch, so for example, you might have VLAN 10 mapped to VNI 90010 on one switch, and VLAN 10 mapped to VNI 53010 on another switch.
If you have a massive fabric (like AWS, Azure, GCP, etc) you can have unique VNI's across the globe. However, the VLANs only need to remain unique to the local switch or fabric.
Very well explained.
Would request if you can share the configs shown here as well, This will help to lab it and do it self. Even suggest the iOS version being used here.
Having the command shown here will be helpful to match and correct wherever required.
very very nice
Thank you
I recommend: networkdirection.net/VxLAN+EVPN+Configuration
The book (affiliate): click.linksynergy.com/link?id=RL4E*8CmbSY&offerid=145238.2463561&type=2&murl=http%3A%2F%2Fwww.ciscopress.com%2Ftitle%2F9781587144677
Very nice! I would also like to see a configuration of VXLAN on Nx7k, using BDI.
Thanks bro!
No problem!