The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
You can add the Cisco Dynamic Fabric Automation (DFA)-specific Border Gateway Protocol (BGP) configuration on the spine and identify the BGP route reflector.
Note | Spines in the Cisco DFA fabric might or might not be BGP route-reflector nodes. If you must configure the spine switch as a BGP route-reflector, use the configuration in the following procedure. |
You must upgrade the spine switch software.
This example shows how to configure the BGP route reflector on the spine switch.
switch # configure terminal switch (config) # feature bgp switch (config) # router bgp 100 switch (config-router) # router-id 1.1.1.4 switch (config-router) # address-family ipv4 unicast switch (config-router-af) # redistribute hmm route-map AM <---AM is the route-map name that permits all IPv4 routes excluding VLAN-x backbone prefix switch (config-router-af) # maximum-paths ibgp 2 switch (config-router-af) # additional-paths send switch (config-router-af) # additional-paths selection route-map ALL-PATHS switch (config-router) # address-family ipv6 unicast switch (config-router-af) # redistribute hmm route-map host-v6 <---host-v6 is the route-map name that permits all IPv6 routes switch (config-router-af) # maximum-paths ibgp 2 switch (config-router-af) # additional-paths send switch (config-router-af) # additional-paths selection route-map ALL-PATHS switch (config-router) # address-family vpnv4 unicast switch (config-router-af) # additional-paths send switch (config-router-af) # additional-paths receive switch (config-router-af) # additional-paths selection route-map ALL-PATHS switch (config-router) # address-family vpnv6 unicast switch (config-router-af) # additional-paths send switch (config-router-af) # additional-paths receive switch (config-router-af) # additional-paths selection route-map ALL-PATHS switch (config-router) # neighbor 1.1.1.0/24 remote-as 100 <---Route-Reflector Spine IP=1.1.1.1 switch (config-router-neighbor) # address-family ipv4 unicast switch (config-router-neighbor-af) # send-community switch (config-router-neighbor-af) # send-community extended switch (config-router-neighbor-af) # route-reflector-client switch (config-router-neighbor) # address-family ipv6 unicast switch (config-router-neighbor-af) # send-community extended switch (config-router-neighbor-af) # route-reflector-client switch (config-router-neighbor) # address-family vpnv4 unicast switch (config-router-neighbor-af) # send-community extended switch (config-router-neighbor-af) # route-reflector-client switch (config-router-neighbor) # address-family vpnv6 unicast switch (config-router-neighbor-af) # send-community extended switch (config-router-neighbor-af) # route-reflector-client
You can enable anycast forwarding mode on switched virtual interfaces (SVIs) without a VN-segment on border leaf devices and nondefault VRF VLANs and you can enable the Hot Standby Routing Protocol (HSRP) virtual IP addresses on the border leaf.
You must upgrade the border leaf software.
This example shows how to configure the SVI interfaces for default/nondefault VRF instances, as well as associated HSRP and dummy HSRP groups with anycast gateway MAC addresses.
switch (config) # feature hsrp switch (config) # interface vlan20 switch (config-if) # no shutdown switch (config-if) # no ip redirects switch (config-if) # ip address 20.1.1.104/24 switch (config-if) # ipv6 address 20:1::104/64 switch (config-if) # ip router ospf 1 area 0.0.0. switch (config-if) # fabric forwarding mode anycast gateway <---must be added to configure vlan-20 in Cisco DFA mode switch (config-if) # hsrp version 2 switch (config-if) # hrsp 20 ip4 switch (config-if-hsrp) # preempt switch (config-if-hsrp) # priority 110 switch (config-if-hsrp) # ip 20.1.1.100 switch (config-if) # hsrp 20 ipv6 switch (config-if-hsrp) # preempt switch (config-if-hsrp) # priority 110 switch (config-if-hsrp) # ip 20:1::100 switch (config-if) # hsrp 50 ipv4 <---dummy HSRP group (ipv4 or ipv6) switch (config-if-hsrp) # mac-address DEAD.0000.DEAF <---anycast gateway MAC switch (config-if-hsrp) # preempt switch (config-if-hsrp) # priority 110 switch (config-if-hsrp) # ip 20.1.1.200 <---functionally unused IP
You can configure an upgraded border leaf.
You must upgrade the border leaf software.
This example shows how to configure the core for a border leaf.
switch # configure terminal switch (config)# install feature-set fabricpath switch (config)# install feature-set fabric switch (config)# feature-set fabricpath switch (config)# feature fabric forwarding switch (config)# feature bgp switch (config)# feature isis switch (config)# feature interface-vlan switch (config)# feature vn-segment-vlan-based switch (config)# system fabric dynamic-vlans 20-21, 201-202, 1001-1010 switch (config)# system fabric core-vlans 1001-1010 switch (config)# fabric forwarding identifier 100 switch (config)# fabric forwarding anycast-gateway-mac.DEAD.0000.DEAF switch (config)# fabric forwarding switch-role border-leaf switch (config)# fabricpath domain default switch (config)# vlan 1001-1010 switch (config-vlan)# mode fabricpath switch (config) # interface Vlan10 switch (config-if) # no shutdown switch (config-if) # ip address 1.1.1.4/24 switch (config-if) # fabric forwarding control-segment switch (config) # route-map ALL-PATHS permit 10 switch (config-route-map) # set path-selection all advertise switch (config-s)# ip access-list HOSTS switch (config-s-acl)# 10 permit ip any any switch (config-s)# ipv6 access-list hosts-v6 switch (config-s-acl)# 10 permit ipv6 any any switch (config) # route-map AM deny 10 switch (config-route-map) # match interface Vlan10 switch (config) # route-map AM permit 20 switch (config-route-map) # match ip address HOSTS switch (config) # route-map hosts-v6 permit 20 switch (config-route-map) # match ipv6 address hosts-v6 switch (config) # router bgp 100 switch (config-router) # address-family ipv4 unicast switch (config-router-af) # redistribute hmm route-map AM switch (config-router-af) # maximum-paths ibgp 2 switch (config-router-af) # additional-paths receive switch (config-router-af) # additional-paths selection route-map ALL PATHS switch (config-router) # address-family ipv6 unicast switch (config-router-af) # redistribute hmm route-map hosts-v6 switch (config-router-af) # maximum-paths ibgp 2 switch (config-router-af) # additional-paths receive switch (config-router-af) # addtional-path seelction route-map ALL PATHS switch (config-router) # address-family vpnv4 unicast switch (config-router-af) # additional-paths receive switch (config-router) # address-family vpnv6 unicast switch (config-router-af) # additional-paths receive switch (config-router) # neighbor 1.1.1.1 remote-as 100 switch (config-router-neighbor) # address-family ipv4 unicast switch (config-router-neighbor-af) # send-community both
You can add a host-facing tenant interface (VLAN) to allocate a new VLAN ID and an unused VNI and tie them together, create the corresponding Layer-3 interface and put it into the VRF, and configure the appropriate fabric forwarding mode.
The following adds a host-facing tenant interface (VLAN).
switch # configure terminal //Enter configuration commands, one per line. End with CNTL/Z. switch (config)# vlan 20 switch (config-vlan)# mode fabricpath switch (config-vlan)# vn-segment 20 switch (config-vlan)# interface vlan 20 switch (config-if) # vrf member VRF2 //Warning: Deleted all L3 config on interface Vlan20 switch (config-if) # ip address 1.1.1.4/24 switch (config-if) # [ip pim sparse-mode] switch (config-if) # no shutdown switch (config-if) # fabric forwarding mode anycast-gateway switch (config-if) # exit
To add a tenant instance, perform the following:
Configure a profile named vrf-tenant-profile
Allocate a VLAN
Create a VRF instance
Configure the route distinguisher and route targets
Tie the VNI/segment ID to the VRF instance
Create a Layer-3 VLAN and configure it with the same IP address/mask as the fabric control VLAN interface to map the BGP endpoint and the VRF BD VLAN
This example shows how to configure the profile name and add the tenant VRF profile and associated parameters:
switch # configure profile vrf-tenant-profile //Enter config profile mode, name = vrf-tenant-profile //Enter configuration commands, one per line. End with CNTL/Z. switch (config-profile)# configure terminal //Exit configure profile mode. switch (config)# apply profile vrf-tenant-profile switch (config)# vlan 20 switch (config-profile-vlan)# mode fabricpath switch (config-profile-vlan)# vn-segment 5000 switch (config-profile-vlan)# vrf context vrf2 switch (config-profile-vrf) # rd auto switch (config-profile-vrf) # address-family ipv4 unicast switch (config-profile-vrf-af-ipv4) # route-target import 7000:1 switch (config-profile-vrf-af-ipv4) # route-target export 7000:1 switch (config-profile-vrf-af-ipv4) # vni 7000 switch (config-profile-vrf-af-ipv4) # interface vlan 20 switch (config-profile-if-verify) # vrf member VRF2 switch (config-profile-if-verify) # ip address 1.1.1.4/24 switch (config-profile-if-verify) # no shutdown switch (config-profile-if-verify) # router bgp 100 switch (config-profile-router) # vrf VRF2 switch (config-profile-router-vrf) # address-family ipv4 multicast switch (config-profile-router-vrf-af) # address-family ipv4 unicast switch (config-profile-router-vrf-af) # redistribute hmm route-map AM
Note | HSRP/VRRP is required for VLANs where hosts are connected behind a Cisco Nexus 5000 Series switch in the topology for those VLANs. |
You can remove the HSRP configuration on border leafs after you migrate all of the switches.
Command or Action | Purpose | |
---|---|---|
Step 1 | switch # show running-config interface type-number |
Displays the interface for the VLAN. |
Step 2 | switch (config) # interface vlan vlan-id |
Creates a VLAN interface and enters interface configuration mode. The vlan-id range is from 1 to 4094. |
Step 3 | switch (config-if-hsrp) # no hsrp group-number |
Disables HSRP. |
Step 4 | switch (config-if-hsrp) # show running-config interface type-number |
Displays an interface type and number. |
switch # show running-config interface vlan20 !Command: show running-config interface Vlan20 !Time: Tue Jun 9 17:56:19 2015 version 7.2(0)N1(1) interface Vlan20 no shutdown no ip redirects ip address 20.1.1.100 ipv6 address 20:1::100/64 ip router ospf 1 area 0.0.0.0 fabric forwarding mode anycast-gateway hsrp version 2 hsrp 20 preempt priority 110 ip 20.1.1.100 hsrp 20 ipv6 preempt priority 110 ip 20:1::10 hsrp 50 mac-address DEAD.0000.DEAF preempt priority 110 ip 20.1.1.200 switch # configure terminal switch (config) # interface vlan 20 switch (config-if) # no hsrp 50 switch (config-if) # show running-config interface vlan 20 !Command: show running-config interface Vlan20 !Time: Tue Jun 9 17:58:21 2015 version 7.2(0)N1(1) interface Vlan20 no shutdown no ip redirects ip address 20.1.1.100 ipv6 address 20:1::100/64 ip router ospf 1 area 0.0.0.0 fabric forwarding mode anycast-gateway hsrp version 2 hsrp 20 preempt priority 110 ip 20.1.1.100 hsrp 20 ipv6 preempt priority 110 ip 20:1::10 switch (config-if) # interface vlan 20 switch (config-if) # no hsrp 20 ipv4 switch (config-if) # show running-config interface vlan 20 !Command: show running-config interface Vlan20 !Time: Tue Jun 9 17:59:01 2015 version 7.2(0)N1(1) interface Vlan20 no shutdown no ip redirects ip address 20.1.1.100 ipv6 address 20:1::100/64 ip router ospf 1 area 0.0.0.0 fabric forwarding mode anycast-gateway hsrp version 2 hsrp 20 ipv6 preempt priority 110 ip 20:1::10 switch (config-if) # interface vlan 20 switch (config-if) # no hsrp 20 ipv6 switch (config-if) # show running-config interface vlan 20 !Command: show running-config interface Vlan20 !Time: Tue Jun 9 17:59:27 2015 version 7.2(0)N1(1) interface Vlan20 no shutdown no ip redirects ip address 20.1.1.100 ipv6 address 20:1::100/64 ip router ospf 1 area 0.0.0.0 fabric forwarding mode anycast-gateway hsrp version 2 switch (config-if) # interface vlan 20 switch (config-if) # no hsrp version 2