Wired Intelligent Edge

 View Only
last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

AOS-CX DCN-Multicast VXLAN with Dual stack (IPv4/IPv6)

This thread has been viewed 86 times

  • 1.  AOS-CX DCN-Multicast VXLAN with Dual stack (IPv4/IPv6)

    EMPLOYEE
    Posted Oct 02, 2023 02:54 PM

    Introduction

    The use of IPv6 is increasing and adoption is primarily driven by IPv4 exhaustion.

    We can see other trends due to the exhaustion of IPv4 including but not limited to:

    ·         IPv4 not being able to meet demand for 5G and IOT

    ·         Mobile market driving newer standards development bias for IPv6 through IETF and 3GPP

    ·         Charging by cloud providers for use of IPv4 traffic

    ·         ISP limiting allocation of IPv4 space

    ·         OS vendors enforcing IPv6 support for application development

    ·         Legislation and initiatives linked below, driven globally focusing on IPv6 such as, but not limited to:

    o    Federal Government initiatives USA

    o    Cyberspace  Administration China

    o    Initiatives to speed up IPv6 India

    o    European Union (general adoption)

    The above is causing a ripple effect in Enterprise networks and support for IPv6 becomes a real requirement.

    AOS-CX with dual stack (IPv4/IPv6) in the Data Center

    AOS-CX supports dual stack in Enterprise data centers (and Campus), three general architectural approaches are shown below:

    1.     Non VXLAN with native IPv4/IPv6 support

    Non VXLAN with native dual stack IPv4/IPv6 support

    IPv4 and IPv6 protocols on the same network in non VXLAN Network. The fabric is formed from independent "ships in the night" IPv4 /IPv6 network across the Enterprise.

    2. EVPN-VXLAN fabric with IPv4 underlay, and a dual stack IPv6/IPv4 support in the overlay.

    EVPN-VXLAN fabric with IPv4 underlay with dual stack overlay

    1.       3. EVPN-VXLAN fabric with IPv6 underlay, and dual stack IPv6/IPv4 support in the overlay

    EVPN-VXLAN fabric with IPv6 underlay dual stack

    All three architectures support the use of IPv6 and IPv4 in the form of dual stack natively, or in the overlay, as IPv4 will still have significant presence in Enterprise networks for numerous reasons beyond the scope of this article, for further details see IPv6 Deployment RFC 9386.

    Here we will focus on the 2nd use case where we use IPv4 as the undelay technology.

    AOS-CX switches support EVPN-VXLAN IPv4 underlay (10.3) and inclusion of multicast dual stack in the overlay (10.12) and is supported in Aruba CX platforms: - 10000, 9300, 8400, 8360, 8325, 8100, 6400 and 6300.

    The use of EVPN-VXLAN with IPv4 in the underlay provides a simple, robust, and scalable infrastructure.

    In this use case shown below we will focus on an Enterprise customer whose requirements are as follows:

    ·         EVPN-VXLAN in the Datacenter.

    ·         Use IPv4 in the underlay.

    ·         Support for dual stack overlay.

    ·         Use of unicast and multicast in the overlay.

    EVPN-VXLAN IPV4 Underlay with dual stack overlay use case

    The topology above satisfies the above requirements using:

    ·         Distributed Layer 3 Gateways (Symmetric Integrated Routing and Bridging) across the VSX pairs.

    ·         IPv4 in the underlay with OSPF as the IGP routing to provide loopback connectivity/reachability.

    ·         iBGP is used for control plane signalling.

    ·         IPv4 and IPv6 dual stack hosts are spread across racks in different VLANS. Here we show a subset of VLANs 10,11 and 12

    ·         The setup provides for Layer 2 VNIs for intra VLAN communication, and Layer 3 VNIs for inter VLAN communication.

    ·         Multicast sources and receivers are spread across different racks which can be typical in the Data Center requiring the use of layer 2 VNI and layer 3 VNI.

    ·         MLD and IGMP is used to limit layer 2 multicast.

    ·         PIM-Sparse Mode is required for layer 3 multicast routing across subnets.

    The following configuration provide configuration snippets only for brevity and are relevant to the requirements above, configurations for a single spine and one VSX leaf pair are provided.

    Spine1 configuration

    Configuration comments

    hostname Spine_1

    [ Spine 1 IPv4 underlay configuration]

    !

    interface 1/1/51

        description Spine Leaf VSX VTEP1 Pri

        no shutdown

        mtu 9198

        routing

        ip mtu 9198

        ip address 172.16.3.30/31

        ip ospf 1 area 0.0.0.0

        ip ospf network point-to-point

    interface 1/1/52

        description Spine Leaf VSX VTEP1 Sec

        no shutdown

        mtu 9198

        routing

        ip mtu 9198

        ip address 172.16.3.40/31

        ip ospf 1 area 0.0.0.0

        ip ospf network point-to-point

    !

    interface loopback 0

        ip address 192.168.0.1

        ip ospf 1 area 0.0.0.0

    !

    [ Other interfaces omitted to VSX VTEP 2 and VTEP 3]

    [Spine 1 to VSX VTEP 1 compute pair]

    router ospf 1

        router-id 192.168.0.1

        area 0.0.0.0

    router bgp 65001

        bgp router-id 192.168.0.1

        maximum-paths 8

        bgp log-neighbor-changes

        bgp deterministic-med

        bgp always-compare-med

        bgp bestpath as-path multipath-relax

        neighbor leaf peer-group

        neighbor leaf remote-as 65001

        neighbor leaf description leaf rr clients

        neighbor leaf fall-over

        neighbor leaf update-source loopback 0

        neighbor 192.168.0.160 peer-group leaf

        neighbor 192.168.0.170 peer-group leaf

        neighbor 192.168.0.180 peer-group leaf

        address-family l2vpn evpn

            neighbor leaf route-reflector-client

            neighbor leaf send-community extended

        neighbor 192.168.0.160 activate

        neighbor 192.168.0.170 activate

        neighbor 192.168.0.180 activate

      exit-address-family

    !

    [32-bit ID Provided in dotted decimal]

    [BGP Spine connections to all VSX VTEPS]

    VSX VTEP 1 Primary

    VSX VTEP 1 Secondary

    [full configurations not shown for brevity]

    [full configurations not shown for brevity]

    !

    vlan 10

        ip igmp snooping enable

        ipv6 mld snooping enable

    vlan 11

        ip igmp snooping enable

        ipv6 mld snooping enable

    [Overlay IGMP/MLD activated in VLAN context as well as VLAN interface later in configuration to reduce Layer 2 multicast required receivers only]

    virtual-mac c0:ff:ee:19:00:02

    Every distributed L3 gateway VTEP needs to have a unique virtual-mac. A VSX logical VTEP is considered 1 VTEP therefore this VSX pair should share the same virtual-mac]

    evpn

        redistribute local-svi

        vlan 10

            rd auto

            route-target export auto

            route-target import auto

            redistribute host-route

        vlan 11

      rd auto

            route-target export auto

            route-target import auto

            redistribute host-route

    !

    vlan 10

        ipv6 mld snooping enable

        ip igmp snooping enable

    vlan 11

        ip igmp snooping enable

        ipv6 mld snooping enable

    [Overlay IGMP/MLD activated in VLAN context as well as VLAN interface later in configuration to reduce Layer 2 multicast required receivers only]

    virtual-mac c0:ff:ee:19:00:02

    [Every distributed L3 gateway VTEP needs to have a unique virtual-mac. A VSX logical VTEP is considered 1 VTEP therefore this VSX pair should share the same virtual-mac]

    evpn

        redistribute local-svi

        vlan 10

            rd auto

            route-target export auto

            route-target import auto

            redistribute host-route

         vlan 11

    rd auto

            route-target export auto

            route-target import auto

            redistribute host-route

    [configuration on interfaces omitted for brevity]

    interface lag 10 multi-chassis

        description lag to hypervisor pod A

        no shutdown

        no routing

        vlan trunk native 1

        vlan trunk allowed 10

    !

    interface 1/1/4

        description to hypervisor pod A

        no shutdown

        mtu 9198

        lag 10

    !

    interface 1/1/51

        description to Spine 1

        no shutdown

        mtu 9198

        routing

        ip mtu 9198

        ip address 172.16.3.31/31

        ip ospf 1 area 0.0.0.0

        ip ospf network point-to-point

    interface 1/1/52

        description to Spine 2

        no shutdown

        mtu 9198

        routing

        ip mtu 9198

        ip address 172.16.3.51/31

        ip ospf 1 area 0.0.0.0

        ip ospf network point-to-point

    interface loopback 0

        ip address 192.168.0.161/128   

        ip ospf 1 area 0.0.0.0

    [VSX use unique Loopback 0 for EVPN control plane]

    interface loopback 1

        ip address 192.168.0.160/128   

        ip ospf 1 area 0.0.0.0

    [VSX data plane tunnel uses shared anycast Loopback 1]

    [configuration on interfaces omitted for brevity]

    interface lag 10 multi-chassis

        description lag to hypervisor pod A

        no shutdown

        no routing

        vlan trunk native 1

        vlan trunk allowed 10

    !

    interface 1/1/4

        description to hypervisor pod A

        no shutdown

        mtu 9198

        lag 10

    !

    interface 1/1/51

        description to Spine 1

        no shutdown

        mtu 9198

        routing

        ip mtu 9198

        ip address 172.16.3.41/31

        ip ospf 1 area 0.0.0.0

        ip ospf network point-to-point

    interface 1/1/52

        description to Spine 2

        no shutdown

        mtu 9198

        routing

        ip mtu 9198

        ip address 172.16.3.61/31

        ip ospf 1 area 0.0.0.0

        ip ospf network point-to-point

    interface loopback 0

        ip address 192.168.0.162/128   

        ip ospf 1 area 0.0.0.0

    [VSX use unique Loopback 0 for EVPN control plane]

    interface loopback 1

        ip address 192.168.0.160/128   

        ip ospf 1 area 0.0.0.0

    [VSX data plane tunnel uses shared anycast Loopback 1]

    [Dual stack overlay]

    interface loopback 70

       vrf attach green

       ip address 70.70.70.70/32

       ipv6 address 2001:db8:70:70::70/128

       ip pim-sparse enable   

       ipv6 pim6-sparse enable

    [RP/BSR candidate on Primary VSX peer]

    interface vlan10

       vrf attach green

       ip address 10.10.10.1/24

       active-gateway ip mac 12:00:00:00:19:69

       active-gateway ip 10.10.10.1

       ipv6 address link-local fe80:10:10::1/64

       active-gateway ipv6 mac 12:00:00:00:19:69

       active-gateway ipv6 fe80:10:10::1

       no ipv6 nd suppress-ra rdnss

       ipv6 nd ra dns server 2001:db8:15:15::72

       ip igmp enable  

       ipv6 mld enable

       ip pim-sparse enable

       ipv6 pim6-sparse enable

     interface vlan11

       vrf attach green

       ip address 10.11.11.1/24

       active-gateway ip mac 12:00:00:00:19:69

       active-gateway ip 10.11.11.1

       ipv6 address link-local fe80:11::11:1/64

       active-gateway ipv6 mac 12:00:00:00:19:69

       active-gateway ipv6 fe80:11:11::1

       no ipv6 nd suppress-ra rdnss

       ipv6 nd ra dns server 2001:db8:15:15::72

       ip igmp enable  

       ipv6 mld enable

       ip pim-sparse enable

       ipv6 pim6-sparse enable

    [Dual stack overlay]

    interface loopback 75

       vrf attach green

       ip address 70.70.70.75/32

       ipv6 address 2001:db8:70:70::75/128

       ip pim-sparse enable   

       ipv6 pim6-sparse enable

    [RP/BSR candidate on Secondary VSX peer]

    interface vlan10

       vrf attach green

       ip address 10.10.10.1/24

       active-gateway ip mac 12:00:00:00:19:69

       active-gateway ip 10.10.10.1

       ipv6 address link-local fe80:10:10::1/64

       active-gateway ipv6 mac 12:00:00:00:19:69

       active-gateway ipv6 fe80:10:10::1

       no ipv6 nd suppress-ra rdnss

       ipv6 nd ra dns server 2001:db8:15:15::72

       ip igmp enable  

       ipv6 mld enable

       ip pim-sparse enable

       ipv6 pim6-sparse enable

    interface vlan11

    vrf attach green

       ip address 10.11.11.1/24

       active-gateway ip mac 12:00:00:00:19:69

       active-gateway ip 10.11.11.1

       ipv6 address link-local fe80:11::11:1/64

       active-gateway ipv6 mac 12:00:00:00:19:69

       active-gateway ipv6 fe80:11:11::1

       no ipv6 nd suppress-ra rdnss

       ipv6 nd ra dns server 2001:db8:15:15::72

       ip igmp enable  

       ipv6 mld enable

       ip pim-sparse enable

       ipv6 pim6-sparse enable

    interface vxlan 1

    [VNI VLAN mapping and L3 VNI using v4 undelay]

    source ip 192.168.0.160

        no shutdown

        vni 10

            vlan 10

        vni 11

            vlan 11

        vni 5001

            vrf green

            routing

    !

    router ospf 1

        router-id 192.168.0.161

        area 0.0.0.0

    router bgp 65001

        bgp router-id 192.168.0.161

        neighbor spine-rr peer-group

        neighbor spine-rr remote-as 65001

        neighbor spine-rr update-source loopback 0

        neighbor 192.168.0.1 peer-group spine-rr

        neighbor 192.168.0.2 peer-group spine-rr

       address-family l2vpn evpn

            neighbor spine-rr send-community extended

            neighbor 192.168.0.1 activate

            neighbor 192.168.0.2 activate

        exit-address-family

    interface vxlan 1

    [VNI VLAN mapping and L3 VNI using v4 undelay]

    source ip 192.168.0.160

        no shutdown

        vni 10

            vlan 10

        vni 11

            vlan 11

        vni 5001

            vrf green

            routing

    !

    router ospf 1

        router-id 192.168.0.162

        area 0.0.0.0

    router bgp 65001

        bgp router-id 192.168.0.162

        neighbor spine-rr peer-group

        neighbor spine-rr remote-as 65001

        neighbor spine-rr update-source loopback 0

        neighbor 192.168.0.1 peer-group spine-rr

        neighbor 192.168.0.1 peer-group spine-rr

        address-family l2vpn evpn

            neighbor spine-rr send-community extended

            neighbor 192.168.0.1 activate

            neighbor 192.168.0.2 activate

        exit-address-family

     [Dual stack overlay routing]

     vrf green

            address-family ipv4 unicast

                redistribute connected

                redistribute local loopback

            exit-address-family

            address-family ipv6 unicast

                redistribute connected

                redistribute local loopback

            exit-address-family

    [Dual stack overlay routing]

    vrf green

            address-family ipv4 unicast

                redistribute connected

                redistribute local loopback

            exit-address-family

            address-family ipv6 unicast

                redistribute connected

                redistribute local loopback

            exit-address-family

    [Dual Stack PIM routing]

    router pim vrf green

         enable

        rp-candidate source-ip-interface loopback70  rp-candidate group-prefix 224.0.0.0/4

        rp-candidate priority 100

        bsr-candidate source-ip-interface loopback70

        bsr-candidate priority 100

    router pim6 vrf green

        enable

        rp-candidate source-ip-interface loopback70 group-prefix ff00::/8

        rp-candidate priority 100

        bsr-candidate source-ip-interface loopback70

        bsr-candidate priority 100

    [RP uses 0 as highest priority and 255 as lowest priority, default 192 raise priority to 100 on VSX primary

    BSR uses 0 as lowest priority and 255 highest priority, default 0, raise priority to 100 on VSX primary]

     [Dual Stack PIM routing]

    router pim vrf green

         enable

       rp-candidate source-ip-interface loopback75 rp-candidate group-prefix 224.0.0.0/4

        bsr-candidate source-ip-interface loopback75

    router pim6 vrf green

        enable

        rp-candidate source-ip-interface loopback75 group-prefix ff00::/8

        bsr-candidate source-ip-interface loopback75

    Useful Resources

    Further information on IPv4 underlay and multicast overlays can be found at the following link:

    Multicast over VXLAN part 1 of 2



    ------------------------------
    Kamal Takodra
    If my post was useful accept solution and/or give kudos
    ------------------------------