Configuring Unicast Fabric VRFs with Anycast Gateway


The following commands are used for the configuration of VRF instances and of the associated VRF gateway (vrf-gw and vrf-gw2) IP addresses:


CLI (network-admin@switch) > vrf-create

 

name name-string

Specify a name for the VRF.

vnet vnet-name

Specify the name of the vNET to assign the VRF. If you only have a global vNET configured, omit this parameter.

scope local|cluster|fabric

Specify the scope for the VRF.

vrf-gw ip-address

Specify the gateway IP address.

vrf-gw2 ip-address

Specify the second gateway IP address.

vrf-gw-ipv6 ip-address

Specify the IPv6 gateway address.

vrf-gw2-ipv6 ip-address

Specify the second IPv6 gateway address.

enable|disable

Specify to enable or disable VRF routing.

description description-string

Specify a VRF description. The maximum number of allowed characters is 59.


CLI (network-admin@switch) > vrf-delete


name name-string

Specify VRF name that you want to delete.

vnet vnet-name

Specify the name of the vNET assigned to the VRF.


CLI (network-admin@switch) > vrf-modify

 

name name-string

Specify a name for the VRF.

vnet vnet-name

Specify the name of the vNET to assign the VRF.

scope local|cluster|fabric

Specify the scope for the VRF.

vrf-gw ip-address

Specify the gateway IP address.

vrf-gw2 ip-address

Specify the second gateway IP address.

vrf-gw-ipv6 ip-address

Specify the IPv6 gateway address.

vrf-gw2-ipv6 ip-address

Specify the second IPv6 gateway address.

enable|disable

Specify to enable or disable VRF routing.

description description-string

Specify a VRF description. The maximum number of allowed characters is 59.


CLI (network-admin@switch) > vrf-show

 

name name-string

Displays the name of the VRF.

vnet vnet-name

Displays the name of the vNET assigned the VRF.

scope local|cluster|fabric

Displays the scope of the VRF.

vrf-gw ip-address

Displays the gateway IP address.

vrf-gw2 ip-address

Displays the second gateway IP address.

vrf-gw-ipv6 ip-address

Displays the IPv6 gateway address.

vrf-gw2-ipv6 ip-address

Displays the second IPv6 gateway address.

enable|disable

Displays the status of VRF routing as enable or disable.

description description-string

Displays the VRF description.


The following commands are used for the configuration of subnet objects for the associated anycast gateway addresses and the associated VNIs:


CLI (network-admin@switch) > subnet-create


name name-string

Specify the name of the subnet.

description description-string

Specify the subnet description. The maximum number of allowed characters is 59.

scope local|cluster|fabric

Specify the scope for the VRF.

vnet vnet-name

Specify the name of the vNET to assign the VRF.

vxlan vxlan-id

Specify the VXLAN ID to assign to the subnet.

vrf vrf name

Specify the VRF to which the subnet belongs to.

network ip-address

Specify the IPv4 network IP address.

netmask netmask

Specify the netmask for the IPv4 address.

anycast-gw-ip ip-address

Specify the anycast gateway IPv4 address for the subnet.

network6 ip-address

Specify the IPv6 subnet network address.

netmask6 netmask

Specify the IPv6 subnet netmask address.

anycast-gw-ip6 ip-address

Specify the anycast gateway IPv6 address for the subnet.

packet-relay enable|disable|none

Enable or disable the packet relay.

forward-proto dhcp

Specify the protocol type to forward the packets.

forward-ip ip-address

Specify the forwarding IPv4 address.

forward-ip2 ip-address

Specify the second forwarding IPv4 address.

forward-ip6 ip-address

Specify the forwarding IPv6 address.

forward-ip6-2 ip-address

Specify the second forwarding IPv6 address.

flood enable|disable|none

Specify the flooding state of BUM traffic

enable|disable

Specify to enable/disable subnet routing.


CLI (network-admin@switch) > subnet-delete

 

name name-string

Specify the name of the subnet.

vnet vnet-name

Specify the name of the vNET to assign the VRF.

vrf name-string

Specify the VRF to assign the subnet.


CLI (network-admin@switch) > subnet-modify

 

name name-string

Specify the name of the subnet.

description description-string

Specify the subnet description. The maximum number of allowed characters is 59.

vnet vnet-name

Specify the name of the vNET to assign the VRF.

Specify one or more of the following options:

network ip-address

Specify the IPv4 network IP address.

netmask netmask

Specify the netmask for the IPv4 address.

anycast-gw-ip ip-address

Specify the anycast gateway IPv4 address for the subnet.

network6 ip-address

Specify the IPv6 subnet network address.

netmask6 netmask

Specify the IPv6 subnet netmask address.

anycast-gw-ip6 ip-address

Specify the anycast gateway IPv6 address for the subnet.

packet-relay enable|disable|none

Enable or disable the packet relay.

forward-proto dhcp

Specify the protocol type to forward the packets.

forward-ip ip-address

Specify the forwarding IPv4 address.

forward-ip2 ip-address

Specify the second forwarding IPv4 address.

forward-ip6 ip-address

Specify the forwarding IPv6 address.

forward-ip6-2 ip-address

Specify the second forwarding IPv6 address.

enable|disable

Specify to enable/disable subnet routing.


CLI (network-admin@switch) > subnet-show

 

name name-string

Displays the name of the subnet.

description description-string

Displays the subnet description.

scope local|cluster|fabric

Displays the scope for the VRF.

vnet vnet-name

Displays the name of the vNET to assign the VRF.

vlan vlan-id

Displays the VLAN ID to assign to the subnet.

vxlan vxlan-id

Displays the VXLAN ID to assign to the subnet.

vrf name-string

Displays the VRF to assign the subnet.

network ip-address

Displays the network IPv4 address.

netmask netmask

Displays the netmask for the IPv4 address.

anycast-gw-ip ip-address

Displays the anycast gateway IPv4 address.

network6 ip-address

Displays the IPv6 subnet network address.

netmask6 netmask

Displays the IPv6 subnet netmask address.

anycast-gw-ip6 ip-address

Displays the anycast gateway IPv6 address for the subnet.

linklocal ip-address

Displays the IPv6 Link Local address.

packet-relay enable|disable|none

Displays the packet relay mode.

forward-proto dhcp

Displays the protocol type forwarding the packets.

forward-ip ip-address

Displays the forwarding IPv4 address.

forward-ip2 ip-address

Displays the second forwarding IPv4 address.

forward-ip6 ip-address

Displays the forwarding IPv6 address.

forward-ip6-2 ip-address

Displays the second forwarding IPv6 address.

state init|ok|vxlan not found|vxlan deactivated|not-in-hw|vrouter interface exists

Displays the subnet state.

hw-state|no-hw-state

Displays if there is a hardware state present.

enable|disable

Displays the state of the subnet routing.

format fields-to-display

Display output using a specific parameter. Use all to display all possible output.

parsable-delim character

Display output formatted for machine parsing using a specified delimiter.

sort-asc

Display output in ascending order.

sort-desc

Display output in descending order.

show dups

Display duplicate entries in the output.

layout vertical|horizontal

Format the output in a vertical or horizontal layout.

show-interval seconds-interval

Repeat the show command at a specified interval.

show-headers|
no-show-headers

Display column headers or not.

limit-output number

Limit the display output to a specific number of entries.

count-output

Display the number of entries in the output. This is useful with vRouter show commands.

count-only

Displays the number of entries only.

unscaled

Display full values in the output instead of scaled approximate values.

raw-int-values

Display integer values instead of mapped values


The following commands allow you to modify and display anycast gateway information on the fabric:


CLI (network-admin@switch) > fabric-anycast-mac-show


format fields-to-display

Display output using a specific parameter. Use all to display all possible output.

parsable-delim character

Display output formatted for machine parsing using a specified delimiter.

sort-asc

Display output in ascending order.

sort-desc

Display output in descending order.

show dups

Display duplicate entries in the output.

layout vertical|horizontal

Format the output in a vertical or horizontal layout.

show-interval seconds-interval

Repeat the show command at a specified interval.

show-headers|
no-show-headers

Display column headers or not.

limit-output number

Limit the display output to a specific number of entries.

count-output

Display the number of entries in the output. This is useful with vRouter show commands.

count-only

Displays the number of entries only.

unscaled

Display full values in the output instead of scaled approximate values.

raw-int-values

Display integer values instead of mapped values


CLI (network-admin@switch) > fabric-anycast-mac-modify


mac mac-address

Modify the MAC address for anycast. The default MAC address is 64:0e:94:40:00:02.


For example, the following vrf-create command can be used to create VRF-1:


CLI (network-admin@switch) > vrf-create name VRF-1 scope fabric


The vrf-create command can be issued to configure for instance 1000 VRFs on a single node, as shown in this output:


CLI (network-admin@switch) > vrf-show count-output


name    vnet scope  anycast-mac       vrf-gw vrf-gw2 active hw-router-mac     hw-vrid

------- ---- ------ ----------------- ------ ------- ------ ----------------- -------

VRF-1   0:0  fabric 64:0e:94:40:00:02  ::     ::      no    00:00:00:00:00:00 -1       

VRF_2   0:0  fabric 64:0e:94:40:00:02  ::     ::      yes   66:0e:94:1b:59:47  1

VRF_3   0:0  fabric 64:0e:94:40:00:02  ::     ::      yes   66:0e:94:1b:6c:91  2

VRF_4   0:0  fabric 64:0e:94:40:00:02  ::     ::      yes   66:0e:94:1b:76:3d  3

VRF_5   0:0  fabric 64:0e:94:40:00:02  ::     ::      yes   66:0e:94:1b:7f:e2  4

VRF_6   0:0  fabric 64:0e:94:40:00:02  ::     ::      yes   66:0e:94:1b:89:87  5

...

VRF_999 0:0  fabric 64:0e:94:40:00:02  ::     ::      yes   66:0e:94:1b:aa:8a   999


Count: 999


 

Note: The newer ASICs can support an even higher count. The maximum number is ASIC limited.


The following commands can be used to create two subnet objects associated with VRF-1 for East-West traffic segmentation:


CLI (network-admin@switch) > vlan-create id 12 vxlan 500012 scope fabric ports none

 

CLI (network-admin@switch) > vlan-create id 13 vxlan 500013 scope fabric ports none

 

CLI (network-admin@switch) > subnet-create name subnet-vxlan-500012 scope fabric vxlan 500012 network 172.10.2.0/24 anycast-gw-ip 172.10.2.1 vrf VRF-1

 

CLI (network-admin@switch) > subnet-create name subnet-vxlan-500013 scope fabric vxlan 500013 network 172.10.3.0/24 anycast-gw-ip 172.10.3.1 vrf VRF-1


Note: Starting from NetVisor OS release 6.0.0, the VNI assignment in vlan-create can be automated with the auto-vxlan keyword.


Finally, the following commands can be used to create two smaller subnets (/29) to provide North-South reach-ability in and out of VRF-1 to/from VRF gateways 172.10.0.2 and 172.10.1.2:


CLI (network-admin@switch) > vlan-create id 10 vxlan 500010 scope fabric ports none


CLI (network-admin@switch) > vlan-create id 11 vxlan 500011 scope fabric ports none


CLI (network-admin@switch) > subnet-create name subnet-vxlan-500010 scope fabric vxlan 500010 network 172.10.0.0/29 anycast-gw-ip 172.10.0.1 vrf VRF-1


CLI (network-admin@switch) > subnet-create name subnet-vxlan-500011 scope fabric vxlan 500011 network 172.10.1.0/29 anycast-gw-ip 172.10.1.1 vrf VRF-1


Note: The scope of the VRF and subnet objects typically would be fabric; however, to cater to specific needs and designs it is also possible to configure local VRFs and subnets in certain cases.


The next step is to configure the VRF gateways for VRF-1:


CLI (network-admin@switch) > switch <switch_list> vrf-modify name VRF-1 vrf-gw 172.10.0.2 vrf-gw2 172.10.1.2



Figure 8-15:  Fabric VRFs with Border Leaves Connecting External Network


In this example it is assumed that the connectivity is implemented with static routing on the DC gateways (for example, third-party devices). To provide inbound reach-ability for VRF-1, the DC gateways must be provisioned with static routes for the VRF subnets receiving traffic from external networks, using the adjacent anycast gateway addresses as next-hop:


DC-Gateway-1# ip route vrf VRF-1 172.10.2.0/23 172.10.0.1

DC-Gateway-1# ip route vrf VRF-1 172.10.2.0/23 172.10.1.1

DC-Gateway-2# ip route vrf VRF-1 172.10.2.0/23 172.10.0.1

DC-Gateway-2# ip route vrf VRF-1 172.10.2.0/23 172.10.1.1


In addition, you can also leverage the vrf-route-add command to add static routes to specific VRF-enabled networks when required:


CLI (network-admin@switch) > vrf-route-add

vrf-route-add                            add vrf route

    one of the following vrf selectors:

       vrf-name name-string                vrf name

       vrf-vnet vnet name                  VNET for the VRF

    the following route arguments:

       network ip-address                  IP address

       netmask netmask                     netmask

       gateway-ip ip-address               gateway IP address


vrf-route-remove and vrf-route-show commands are also available.


north
    keyboard_arrow_up
    keyboard_arrow_down
    description
    print
    feedback
    support
    business
    rss_feed
    south