Simplified Networking
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto

​Nexus 9000v - VXLAN - External Routing

Allowing external access into the VXLAN enabled network by connecting to a Leaf switch that is VRF aware for the routing. We'll use BGP to form the peering. In the core, we'll be using OSPF, so we'll redistribute OSPF to BGP and BGP to OSPF to enable the reachability. This can be used to allow internet users to access to the DC Servers. 



N9K-3
interface Ethernet1/6
  no switchport
  vrf member C1_IRB
  ip address 10.3.100.3/24
  no shutdown
!
router bgp 1
  vrf C1_IRB
    address-family ipv4 unicast
      network 10.1.10.0/24
      network 10.1.20.0/24
    neighbor 10.3.100.10
      remote-as 65100
      address-family ipv4 unicast



IOS
router bgp 65100
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 10.3.100.3 remote-as 1
 !
 address-family ipv4
  redistribute ospf 1
  neighbor 10.3.100.3 activate
!
router ospf 1
 redistribute bgp 65100 subnets
 network 10.1.100.0 0.0.0.255 area 0



N9K-3# show bgp vrf C1_IRB ipv4 unicast 
BGP routing table information for VRF C1_IRB, address family IPv4 Unicast
BGP table version is 69, Local Router ID is 10.1.10.254
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - b
est2

   Network            Next Hop            Metric     LocPrf     Weight Path
* i10.1.10.0/24       10.0.0.2                          100          0 i
*>l                   0.0.0.0                           100      32768 i
*>i10.1.10.4/32       10.0.0.2                          100          0 i
*>i10.1.10.11/32      10.0.0.2                          100          0 i
* i10.1.20.0/24       10.0.0.2                          100          0 i
*>l                   0.0.0.0                           100      32768 i
*>i10.1.20.5/32       10.0.0.2                          100          0 i
*>i10.1.20.12/32      10.0.0.2                          100          0 i
*>i10.1.20.21/32      10.0.0.2                          100          0 i
*>e10.1.100.0/24      10.3.100.10              0                     0 65100 ?



IOS#sh ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 13 subnets, 2 masks
B        10.1.10.0/24 [20/0] via 10.3.100.3, 17:23:31
B        10.1.10.4/32 [20/0] via 10.3.100.3, 04:09:21
B        10.1.10.11/32 [20/0] via 10.3.100.3, 02:35:53
B        10.1.20.0/24 [20/0] via 10.3.100.3, 17:23:33
B        10.1.20.5/32 [20/0] via 10.3.100.3, 02:34:59
B        10.1.20.12/32 [20/0] via 10.3.100.3, 02:34:46
B        10.1.20.21/32 [20/0] via 10.3.100.3, 02:34:42



User#ping 10.1.20.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.20.21, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 59/67/75 ms



N9K-3# show bgp l2vpn evpn 
Route Distinguisher: 10.0.0.3:3    (L3VNI 11000)
*>i[2]:[0]:[0]:[48]:[0050.7966.6804]:[32]:[10.1.10.4]/272
                      10.0.0.2                          100          0 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6805]:[32]:[10.1.20.5]/272
                      10.0.0.2                          100          0 i
*>i[2]:[0]:[0]:[48]:[0050.7966.680b]:[32]:[10.1.10.11]/272
                      10.0.0.2                          100          0 i
*>i[2]:[0]:[0]:[48]:[0050.7966.680c]:[32]:[10.1.20.12]/272
                      10.0.0.2                          100          0 i
*>i[2]:[0]:[0]:[48]:[5000.000e.0000]:[32]:[10.1.20.21]/272
                      10.0.0.2                          100          0 i

Powered by Create your own unique website with customizable templates.
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto