NX-OS to NVUE EVPN Configuration
Cumulus Linux version 4.4 introduces a new CLI called NVUE; a complete object model for Cumulus Linux. NVUE makes translating configurations from one vendor to another much more reliable the first time you use Cumulus Linux and across Cumulus Linux versions.
This KB article describes how to take a basic NX-OS configuration for EVPN and translate it to NVUE. The example confiuration derives from this Cisco Configuration Example.
| NX-OS Command | NVUE Command | Comments |
|---|---|---|
nv overlay evpn | none | Cumulus Linux does not require features to be explicitly enabled. |
feature ospf | none | |
feature bgp | none | |
feature pim | none | |
feature interface-vlan | none | |
feature vn-segment-vlan-based | none | |
feature lacp | none | |
feature vpc | none | |
feature nv overlay | none | |
fabric forwarding anycast-gateway-mac 0001.0001.0001 | nv set system global anycast-mac 44:38:39:BE:EF:AA | |
ip pim rp-address 192.168.9.9 group-list 224.0.0.0/4 | none | NVIDIA recommends you use Head End Replication for EVPN, removing the need for PIM. Scale-out deployments support PIM Replication. |
ip pim ssm range 232.0.0.0/8 | none | |
vlan 1,10,20,30,40 | nv set bridge domain br_default vlan 30,40 | Ethernet Bridging |
vlan 10 | none | The layer 3 VNI does not require a unique VLAN interface. |
name L3-VNI-VLAN-10 | none | |
vn-segment 10000010 | none | |
vlan 30 | nv set bridge domain br_default vlan 30 vni 10000030 | |
vn-segment 10000030 | none | A single command with NVUE defines the vn-segment and vlan. |
vlan 40 | nv set bridge domain br_default vlan 40 vni 10000040 | |
vn-segment 10000040 | none | |
vpc domain 2 | nv set mlag backup 10.197.204.103 | Cumulus Linux Multi-Chassis Link Aggregation - MLAG uses remote and local peering to ensure uptime. |
peer-keepalive destination 10.197.204.103 | nv set mlag peer-ip linklocal | You can determine the local peer IP automatically with link-local addresses. |
interface Vlan10 | none | The layer 3 VNI does not require a unique VLAN interface. |
no shutdown | none | |
vrf member EVPN-L3-VNI-VLAN-10 | none | |
ip forward | none | |
interface Vlan30 | ||
no shutdown | none | Interfaces are no shut by default. |
vrf member EVPN-L3-VNI-VLAN-10 | nv set interface vlan30 ip vrf EVPN-L3-VNI-VLAN-10 | |
ip address 172.16.30.1/24 | nv set interface vlan30 ip address 172.16.30.1/24 | |
fabric forwarding mode anycast-gateway | none | You do not speceify an explicit command for this setting in NVUE. |
interface Vlan40 | ||
no shutdown | none | |
vrf member EVPN-L3-VNI-VLAN-10 | nv set interface vlan40 ip vrf EVPN-L3-VNI-VLAN-10 | |
ip address 172.16.40.1/24 | nv set interface vlan40 ip address 172.16.40.1/24 | |
fabric forwarding mode anycast-gateway | none | |
interface port-channel2 | nv set interface bond2 bond member swp1 | This example uses swp1 instead of NX-OS port e1/13. |
switchport mode trunk | nv set interface bond2 bridge domain br_default vlan all | br_default is the name of the default bridge. |
vpc 2 | nv set interface bond2 bond mlag id 2 | |
interface port-channel34 | nv set interface peerlink bond member swp49 | This example uses swp49 instead of NX-OS port e1/1. |
switchport mode trunk | none | The peerlink is a trunk port by default. |
spanning-tree port type network | none | Enabled by default. |
vpc peer-link | none | You do this with the name peerlink. |
interface nve1 | none | NVUE does not have an explicit interface. |
no shutdown | none | |
source-interface loopback2 | nv set nve vxlan source address 192.168.33.33 | You configure NVUE interface settings globally with nv set nve vxlan commands. |
host-reachability protocol bgp | none | |
member vni 10000010 associate-vrf | nv set vrf EVPN-L3-VNI-VLAN-10 evpn vni 10000010 | |
member vni 10000030 | none | You only need to associate the VRF VNI. |
suppress-arp | nv set nve vxlan arp-nd-suppress on | |
mcast-group 239.1.1.10 | none | NVIDIA recommends you use Head end Replication. |
member vni 10000040 | none | |
suppress-arp | none | |
mcast-group 239.1.1.20 | none | |
interface Ethernet1/1 | none | |
switchport mode trunk | none | You defined the interface when you created the bond earlier. |
channel-group 34 mode active | none | |
interface Ethernet1/2 | none | |
no switchport | none | Interfaces are layer 3 by default. |
ip address 192.168.39.3/24 | none | NVIDIA recommends BGP Unnumbered for the underlay, removing the need for an IP address. |
ip router ospf UNDERLAY area 0.0.0.0 | none | NVIDIA recommends BGP Unnumbered. |
ip pim sparse-mode | none | NVIDIA recommends Head End Replication. |
no shutdown | none | |
interface Ethernet1/13 | none | This example uses port swp1 instead of e1/13. |
switchport mode trunk | none | Port configuration is part of the bond definition. |
channel-group 2 mode active | none | |
interface loopback2 | nv set interface lo ip address 192.168.33.33/32 | Cumulus Linux uses a single loopback lo. |
ip address 192.168.33.33/32 | none | Defined with the creation of the loopback interface. |
ip address 192.168.33.34/32 secondary | nv set nve vxlan mlag shared-address 192.168.33.34 | |
ip router ospf UNDERLAY area 0.0.0.0 | none | NVIDIA recommends using BGP for both the underlay and overlay. |
router bgp 65000 | nv set router bgp autonomous-system 65000 | |
address-family ipv4 unicast | none | |
address-family l2vpn evpn | none | |
neighbor 192.168.9.9 remote-as 100 | nv set vrf default router bgp neighbor swp51 remote-as external | This command uses eBGP unnumbered instead of IP based peering. |
remote-as 65000 | none | This command combines with the peer command above. |
update-source loopback2 | none | BGP unnumbered uses the interface instead of a loopback source. |
address-family ipv4 unicast | none | |
address-family l2vpn evpn | nv set vrf default router bgp neighbor swp51 address-family l2vpn-evpn enable on | |
send-community extended | none | Enabled by default. |
vrf EVPN-L3-VNI-VLAN-10 | none | You manage this through an earlier nv set vrf command. |
address-family ipv4 unicast | none | |
advertise l2vpn evpn | none | |
evpn | none | |
vni 10000030 l2 | none | |
rd auto | none | |
route-target import auto | none | |
route-target export auto | none | |
vni 10000040 l2 | none | |
rd auto | none | |
route-target import auto | none | |
route-target export auto | none |
Complete NVUE Configuration
nv set system global anycast-mac 44:38:39:BE:EF:AA
nv set bridge domain br_default vlan 30,40
nv set bridge domain br_default vlan 30 vni 10000030
nv set bridge domain br_default vlan 40 vni 10000040
nv set mlag backup 10.197.204.103
nv set mlag peer-ip linklocal
nv set interface vlan30 ip vrf EVPN-L3-VNI-VLAN-10
nv set interface vlan30 ip address 172.16.30.1/24
nv set interface vlan40 ip vrf EVPN-L3-VNI-VLAN-10
nv set interface vlan40 ip address 172.16.40.1/24
nv set interface bond2 bond member swp1
nv set interface bond2 bridge domain br_default vlan all
nv set interface bond2 bond mlag id 2
nv set interface peerlink bond member swp49
nv set nve vxlan source address 192.168.33.33
nv set vrf EVPN-L3-VNI-VLAN-10 evpn vni 10000010
nv set nve vxlan arp-nd-suppress on
nv set interface lo ip address 192.168.33.33/32
nv set nve vxlan mlag shared-address 192.168.33.34
nv set router bgp autonomous-system 65000
nv set vrf default router bgp neighbor swp51 remote-as external
nv set vrf default router bgp neighbor swp51 address-family l2vpn-evpn enable on